mirror of
https://github.com/RIOT-OS/RIOT.git
synced 2024-12-29 04:50:03 +01:00
518 lines
15 KiB
C
518 lines
15 KiB
C
/*
|
|
* Copyright (C) 2019 Koen Zandberg
|
|
*
|
|
* This file is subject to the terms and conditions of the GNU Lesser
|
|
* General Public License v2.1. See the file LICENSE in the top level
|
|
* directory for more details.
|
|
*/
|
|
/**
|
|
* @ingroup sys_suit_v4
|
|
* @{
|
|
*
|
|
* @file
|
|
* @brief SUIT v4
|
|
*
|
|
* @author Koen Zandberg <koen@bergzand.net>
|
|
*
|
|
* @}
|
|
*/
|
|
|
|
#include <inttypes.h>
|
|
|
|
#include "suit/coap.h"
|
|
#include "suit/conditions.h"
|
|
#include "suit/v4/suit.h"
|
|
#include "suit/v4/handlers.h"
|
|
#include "suit/v4/policy.h"
|
|
#include "suit/v4/suit.h"
|
|
#include "riotboot/hdr.h"
|
|
#include "riotboot/slot.h"
|
|
#include <nanocbor/nanocbor.h>
|
|
|
|
#include "log.h"
|
|
|
|
#define HELLO_HANDLER_MAX_STRLEN 32
|
|
|
|
static int _handle_command_sequence(suit_v4_manifest_t *manifest, nanocbor_value_t *it,
|
|
suit_manifest_handler_t handler);
|
|
static int _common_handler(suit_v4_manifest_t *manifest, int key, nanocbor_value_t *it);
|
|
static int _common_sequence_handler(suit_v4_manifest_t *manifest, int key, nanocbor_value_t *it);
|
|
|
|
static int _validate_uuid(suit_v4_manifest_t *manifest, nanocbor_value_t *it, uuid_t *uuid)
|
|
{
|
|
(void)manifest;
|
|
const uint8_t *uuid_manifest_ptr;
|
|
size_t len = sizeof(uuid_t);
|
|
char uuid_str[UUID_STR_LEN + 1];
|
|
char uuid_str2[UUID_STR_LEN + 1];
|
|
if (nanocbor_get_bstr(it, &uuid_manifest_ptr, &len) < 0) {
|
|
return SUIT_ERR_INVALID_MANIFEST;
|
|
}
|
|
|
|
uuid_to_string((uuid_t *)uuid_manifest_ptr, uuid_str);
|
|
uuid_to_string(uuid, uuid_str2);
|
|
LOG_INFO("Comparing %s to %s from manifest\n", uuid_str2, uuid_str);
|
|
return uuid_equal(uuid, (uuid_t *)uuid_manifest_ptr) ? 0 : -1;
|
|
}
|
|
|
|
static int _cond_vendor_handler(suit_v4_manifest_t *manifest, int key, nanocbor_value_t *it)
|
|
{
|
|
(void)key;
|
|
LOG_INFO("validating vendor ID\n");
|
|
int rc = _validate_uuid(manifest, it, suit_get_vendor_id());
|
|
if (rc == SUIT_OK) {
|
|
LOG_INFO("validating vendor ID: OK\n");
|
|
manifest->validated |= SUIT_VALIDATED_VENDOR;
|
|
}
|
|
return rc;
|
|
}
|
|
|
|
static int _cond_class_handler(suit_v4_manifest_t *manifest, int key, nanocbor_value_t *it)
|
|
{
|
|
(void)key;
|
|
LOG_INFO("validating class id\n");
|
|
int rc = _validate_uuid(manifest, it, suit_get_class_id());
|
|
if (rc == SUIT_OK) {
|
|
LOG_INFO("validating class id: OK\n");
|
|
manifest->validated |= SUIT_VALIDATED_CLASS;
|
|
}
|
|
return rc;
|
|
}
|
|
|
|
static int _cond_comp_offset(suit_v4_manifest_t *manifest, int key, nanocbor_value_t *it)
|
|
{
|
|
(void)manifest;
|
|
(void)key;
|
|
uint32_t offset;
|
|
nanocbor_get_uint32(it, &offset);
|
|
uint32_t other_offset = (uint32_t)riotboot_slot_get_hdr(riotboot_slot_other()) \
|
|
- CPU_FLASH_BASE;
|
|
LOG_INFO("Comparing manifest offset %u with other slot offset %u\n",
|
|
(unsigned)offset, (unsigned)other_offset);
|
|
return other_offset == offset ? 0 : -1;
|
|
}
|
|
|
|
static int _dtv_set_comp_idx(suit_v4_manifest_t *manifest, int key, nanocbor_value_t *it)
|
|
{
|
|
(void)key;
|
|
if (nanocbor_get_type(it) == NANOCBOR_TYPE_FLOAT) {
|
|
LOG_DEBUG("_dtv_set_comp_idx() ignoring boolean and floats\n)");
|
|
nanocbor_skip(it);
|
|
}
|
|
else if (nanocbor_get_int32(it, &manifest->component_current) < 0) {
|
|
return SUIT_ERR_INVALID_MANIFEST;
|
|
}
|
|
LOG_DEBUG("Setting component index to %d\n", (int)manifest->component_current);
|
|
return 0;
|
|
}
|
|
|
|
static int _dtv_run_seq_cond(suit_v4_manifest_t *manifest, int key, nanocbor_value_t *it)
|
|
{
|
|
(void)key;
|
|
LOG_DEBUG("Starting conditional sequence handler\n");
|
|
_handle_command_sequence(manifest, it, _common_sequence_handler);
|
|
return 0;
|
|
}
|
|
|
|
static int _param_get_uri_list(suit_v4_manifest_t *manifest, nanocbor_value_t *it)
|
|
{
|
|
LOG_DEBUG("got url list\n");
|
|
manifest->components[manifest->component_current].url = *it;
|
|
return 0;
|
|
}
|
|
static int _param_get_digest(suit_v4_manifest_t *manifest, nanocbor_value_t *it)
|
|
{
|
|
LOG_DEBUG("got digest\n");
|
|
manifest->components[manifest->component_current].digest = *it;
|
|
return 0;
|
|
}
|
|
|
|
static int _param_get_img_size(suit_v4_manifest_t *manifest, nanocbor_value_t *it)
|
|
{
|
|
int res = nanocbor_get_uint32(it, &manifest->components[0].size);
|
|
if (res < 0) {
|
|
LOG_DEBUG("error getting image size\n");
|
|
return res;
|
|
}
|
|
return res;
|
|
}
|
|
|
|
static int _dtv_set_param(suit_v4_manifest_t *manifest, int key, nanocbor_value_t *it)
|
|
{
|
|
(void)key;
|
|
/* `it` points to the entry of the map containing the type and value */
|
|
nanocbor_value_t map;
|
|
|
|
nanocbor_enter_map(it, &map);
|
|
|
|
while (!nanocbor_at_end(&map)) {
|
|
/* map points to the key of the param */
|
|
int32_t param_key;
|
|
nanocbor_get_int32(&map, ¶m_key);
|
|
LOG_DEBUG("Setting component index to %" PRIi32 "\n", manifest->component_current);
|
|
LOG_DEBUG("param_key=%" PRIi32 "\n", param_key);
|
|
int res;
|
|
switch (param_key) {
|
|
case 6: /* SUIT URI LIST */
|
|
res = _param_get_uri_list(manifest, &map);
|
|
break;
|
|
case 11: /* SUIT DIGEST */
|
|
res = _param_get_digest(manifest, &map);
|
|
break;
|
|
case 12: /* SUIT IMAGE SIZE */
|
|
res = _param_get_img_size(manifest, &map);
|
|
break;
|
|
default:
|
|
res = -1;
|
|
}
|
|
|
|
nanocbor_skip(&map);
|
|
|
|
if (res) {
|
|
return res;
|
|
}
|
|
}
|
|
return SUIT_OK;
|
|
}
|
|
|
|
static int _dtv_fetch(suit_v4_manifest_t *manifest, int key, nanocbor_value_t *_it)
|
|
{
|
|
(void)key; (void)_it; (void)manifest;
|
|
LOG_DEBUG("_dtv_fetch() key=%i\n", key);
|
|
|
|
const uint8_t *url;
|
|
size_t url_len;
|
|
|
|
/* TODO: there must be a simpler way */
|
|
{
|
|
/* the url list is a binary sequence containing a cbor array of
|
|
* (priority, url) tuples (represented as array with length two)
|
|
* */
|
|
|
|
nanocbor_value_t it;
|
|
|
|
/* open sequence with cbor parser */
|
|
int err = suit_cbor_subparse(&manifest->components[0].url, &it);
|
|
if (err < 0) {
|
|
LOG_DEBUG("subparse failed\n)");
|
|
return err;
|
|
}
|
|
|
|
nanocbor_value_t url_it;
|
|
/* enter container, confirm it is an array, too */
|
|
if (nanocbor_enter_array(&it, &url_it) < 0) {
|
|
LOG_DEBUG("url list no array\n)");
|
|
return SUIT_ERR_INVALID_MANIFEST;
|
|
}
|
|
|
|
nanocbor_value_t url_value_it;
|
|
if (nanocbor_enter_array(&url_it, &url_value_it) < 0) {
|
|
LOG_DEBUG("url entry no array\n)");
|
|
return SUIT_ERR_INVALID_MANIFEST;
|
|
}
|
|
|
|
/* expect two entries: priority as int, url as byte string. bail out if not. */
|
|
uint32_t prio;
|
|
/* check that first array entry is an int (the priority of the url) */
|
|
if (nanocbor_get_uint32(&url_value_it, &prio) < 0) {
|
|
LOG_DEBUG("expected URL priority (int), got %d\n",
|
|
nanocbor_get_type(&url_value_it));
|
|
return -1;
|
|
}
|
|
LOG_DEBUG("URL priority %"PRIu32"\n", prio);
|
|
|
|
int res = nanocbor_get_tstr(&url_value_it, &url, &url_len);
|
|
if (res < 0) {
|
|
LOG_DEBUG("error parsing URL\n)");
|
|
return SUIT_ERR_INVALID_MANIFEST;
|
|
}
|
|
if (url_len >= manifest->urlbuf_len) {
|
|
LOG_INFO("url too large: %u>%u\n)", (unsigned)url_len,
|
|
(unsigned)manifest->urlbuf_len);
|
|
return SUIT_ERR_UNSUPPORTED;
|
|
}
|
|
memcpy(manifest->urlbuf, url, url_len);
|
|
manifest->urlbuf[url_len] = '\0';
|
|
|
|
nanocbor_leave_container(&url_it, &url_value_it);
|
|
nanocbor_leave_container(&it, &url_it);
|
|
}
|
|
|
|
LOG_DEBUG("_dtv_fetch() fetching \"%s\" (url_len=%u)\n", manifest->urlbuf,
|
|
(unsigned)url_len);
|
|
|
|
int target_slot = riotboot_slot_other();
|
|
riotboot_flashwrite_init(manifest->writer, target_slot);
|
|
int res = suit_coap_get_blockwise_url(manifest->urlbuf, COAP_BLOCKSIZE_64,
|
|
suit_flashwrite_helper, manifest);
|
|
|
|
if (res) {
|
|
LOG_INFO("image download failed\n)");
|
|
return res;
|
|
}
|
|
|
|
const uint8_t *digest;
|
|
size_t digest_len;
|
|
|
|
res = nanocbor_get_bstr(&manifest->components[0].digest, &digest, &digest_len);
|
|
if (res < 0) {
|
|
return SUIT_ERR_INVALID_MANIFEST;
|
|
}
|
|
|
|
/* "digest" points to a 36 byte string that includes the digest type.
|
|
* riotboot_flashwrite_verify_sha256() is only interested in the 32b digest,
|
|
* so shift the pointer accordingly.
|
|
*/
|
|
res = riotboot_flashwrite_verify_sha256(digest + 4, manifest->components[0].size,
|
|
target_slot);
|
|
if (res) {
|
|
LOG_INFO("image verification failed\n");
|
|
return res;
|
|
}
|
|
|
|
manifest->state |= SUIT_MANIFEST_HAVE_IMAGE;
|
|
|
|
return SUIT_OK;
|
|
}
|
|
|
|
static int _version_handler(suit_v4_manifest_t *manifest, int key,
|
|
nanocbor_value_t *it)
|
|
{
|
|
(void)manifest;
|
|
(void)key;
|
|
/* Validate manifest version */
|
|
int32_t version = -1;
|
|
if (nanocbor_get_int32(it, &version) >= 0) {
|
|
if (version == SUIT_VERSION) {
|
|
manifest->validated |= SUIT_VALIDATED_VERSION;
|
|
LOG_INFO("suit: validated manifest version\n)");
|
|
return 0;
|
|
}
|
|
else {
|
|
return -1;
|
|
}
|
|
}
|
|
return -1;
|
|
}
|
|
|
|
static int _seq_no_handler(suit_v4_manifest_t *manifest, int key, nanocbor_value_t *it)
|
|
{
|
|
(void)key;
|
|
|
|
int32_t seq_nr;
|
|
|
|
if (nanocbor_get_int32(it, &seq_nr) < 0) {
|
|
LOG_INFO("Unable to get sequence number\n");
|
|
return SUIT_ERR_INVALID_MANIFEST;
|
|
}
|
|
const riotboot_hdr_t *hdr = riotboot_slot_get_hdr(riotboot_slot_current());
|
|
if (seq_nr <= (int32_t)hdr->version) {
|
|
LOG_INFO("%"PRId32" <= %"PRId32"\n", seq_nr, hdr->version);
|
|
LOG_INFO("seq_nr <= running image\n)");
|
|
return -1;
|
|
}
|
|
|
|
hdr = riotboot_slot_get_hdr(riotboot_slot_other());
|
|
if (riotboot_hdr_validate(hdr) == 0) {
|
|
if (seq_nr<= (int32_t)hdr->version) {
|
|
LOG_INFO("%"PRIu32" <= %"PRIu32"\n", seq_nr, hdr->version);
|
|
LOG_INFO("seq_nr <= other image\n)");
|
|
return -1;
|
|
}
|
|
}
|
|
LOG_INFO("suit: validated sequence number\n)");
|
|
manifest->validated |= SUIT_VALIDATED_SEQ_NR;
|
|
return 0;
|
|
|
|
}
|
|
|
|
static int _dependencies_handler(suit_v4_manifest_t *manifest, int key,
|
|
nanocbor_value_t *it)
|
|
{
|
|
(void)manifest;
|
|
(void)key;
|
|
(void)it;
|
|
/* No dependency support */
|
|
return 0;
|
|
}
|
|
|
|
static int _component_handler(suit_v4_manifest_t *manifest, int key,
|
|
nanocbor_value_t *it)
|
|
{
|
|
(void)manifest;
|
|
(void)key;
|
|
|
|
nanocbor_value_t arr;
|
|
|
|
LOG_DEBUG("storing components\n)");
|
|
if (nanocbor_enter_array(it, &arr) < 0) {
|
|
LOG_DEBUG("components field not an array\n");
|
|
return -1;
|
|
}
|
|
unsigned n = 0;
|
|
while (!nanocbor_at_end(&arr)) {
|
|
nanocbor_value_t map;
|
|
if (n < SUIT_V4_COMPONENT_MAX) {
|
|
manifest->components_len += 1;
|
|
}
|
|
else {
|
|
LOG_DEBUG("too many components\n)");
|
|
return SUIT_ERR_INVALID_MANIFEST;
|
|
}
|
|
|
|
if (nanocbor_enter_map(&arr, &map) < 0) {
|
|
LOG_DEBUG("suit _v4_parse(): manifest not a map!\n");
|
|
return SUIT_ERR_INVALID_MANIFEST;
|
|
}
|
|
|
|
suit_v4_component_t *current = &manifest->components[n];
|
|
|
|
while (!nanocbor_at_end(&map)) {
|
|
|
|
/* handle key, value */
|
|
int32_t integer_key;
|
|
if (nanocbor_get_int32(&map, &integer_key) < 0) {
|
|
return SUIT_ERR_INVALID_MANIFEST;
|
|
}
|
|
|
|
switch (integer_key) {
|
|
case SUIT_COMPONENT_IDENTIFIER:
|
|
current->identifier = map;
|
|
break;
|
|
case SUIT_COMPONENT_SIZE:
|
|
LOG_DEBUG("skipping SUIT_COMPONENT_SIZE");
|
|
break;
|
|
case SUIT_COMPONENT_DIGEST:
|
|
current->digest = map;
|
|
break;
|
|
default:
|
|
LOG_DEBUG("ignoring unexpected component data (nr. %" PRIi32 ")\n",
|
|
integer_key);
|
|
}
|
|
nanocbor_skip(&map);
|
|
|
|
LOG_DEBUG("component %u parsed\n", n);
|
|
}
|
|
nanocbor_leave_container(&arr, &map);
|
|
n++;
|
|
}
|
|
|
|
manifest->state |= SUIT_MANIFEST_HAVE_COMPONENTS;
|
|
|
|
nanocbor_leave_container(it, &arr);
|
|
|
|
LOG_DEBUG("storing components done\n)");
|
|
|
|
return 0;
|
|
}
|
|
|
|
/* begin{code-style-ignore} */
|
|
static const suit_manifest_handler_t global_handlers[] = {
|
|
[ 0] = NULL,
|
|
[ 1] = _version_handler,
|
|
[ 2] = _seq_no_handler,
|
|
[ 3] = _dependencies_handler,
|
|
[ 4] = _component_handler,
|
|
[ 5] = NULL,
|
|
[ 6] = _common_handler,
|
|
[ 9] = _common_handler,
|
|
};
|
|
/* end{code-style-ignore} */
|
|
|
|
static const unsigned global_handlers_len = ARRAY_SIZE(global_handlers);
|
|
|
|
/* begin{code-style-ignore} */
|
|
static const suit_manifest_handler_t _sequence_handlers[] = {
|
|
[ 0] = NULL,
|
|
[ 1] = _cond_vendor_handler,
|
|
[ 2] = _cond_class_handler,
|
|
[10] = _cond_comp_offset,
|
|
/* Directives */
|
|
[11] = _dtv_set_comp_idx,
|
|
/* [12] = _dtv_set_man_idx, */
|
|
/* [13] = _dtv_run_seq, */
|
|
[14] = _dtv_run_seq_cond,
|
|
[16] = _dtv_set_param,
|
|
[20] = _dtv_fetch,
|
|
/* [22] = _dtv_run, */
|
|
};
|
|
/* end{code-style-ignore} */
|
|
|
|
static const unsigned _sequence_handlers_len = ARRAY_SIZE(_sequence_handlers);
|
|
|
|
static suit_manifest_handler_t _suit_manifest_get_handler(int key,
|
|
const suit_manifest_handler_t *handlers,
|
|
size_t len)
|
|
{
|
|
if (key < 0 || (size_t)key >= len) {
|
|
return NULL;
|
|
}
|
|
return handlers[key];
|
|
}
|
|
|
|
suit_manifest_handler_t suit_manifest_get_manifest_handler(int key)
|
|
{
|
|
return _suit_manifest_get_handler(key, global_handlers,
|
|
global_handlers_len);
|
|
}
|
|
|
|
static int _common_sequence_handler(suit_v4_manifest_t *manifest, int key,
|
|
nanocbor_value_t *it)
|
|
{
|
|
|
|
suit_manifest_handler_t handler = _suit_manifest_get_handler(key,
|
|
_sequence_handlers,
|
|
_sequence_handlers_len);
|
|
LOG_DEBUG("Handling handler with key %d at %p\n", key, handler);
|
|
if (handler) {
|
|
return handler(manifest, key, it);
|
|
}
|
|
else {
|
|
LOG_DEBUG("Sequence handler not implemented, ID: %d\n", key);
|
|
return -1;
|
|
}
|
|
}
|
|
|
|
static int _common_handler(suit_v4_manifest_t *manifest, int key, nanocbor_value_t *it)
|
|
{
|
|
(void)key;
|
|
return _handle_command_sequence(manifest, it, _common_sequence_handler);
|
|
}
|
|
|
|
int _handle_command_sequence(suit_v4_manifest_t *manifest, nanocbor_value_t *bseq,
|
|
suit_manifest_handler_t handler)
|
|
{
|
|
|
|
LOG_DEBUG("Handling command sequence\n");
|
|
nanocbor_value_t it, arr;
|
|
|
|
int err = suit_cbor_subparse(bseq, &it);
|
|
if (err < 0) {
|
|
return err;
|
|
}
|
|
|
|
if (nanocbor_enter_array(&it, &arr) < 0) {
|
|
return SUIT_ERR_INVALID_MANIFEST;
|
|
}
|
|
|
|
while (!nanocbor_at_end(&arr)) {
|
|
nanocbor_value_t map;
|
|
if (nanocbor_enter_map(&arr, &map) < 0) {
|
|
return SUIT_ERR_INVALID_MANIFEST;
|
|
}
|
|
int32_t integer_key;
|
|
if (nanocbor_get_int32(&map, &integer_key) < 0) {
|
|
return SUIT_ERR_INVALID_MANIFEST;
|
|
}
|
|
int res = handler(manifest, integer_key, &map);
|
|
if (res < 0) {
|
|
LOG_DEBUG("Sequence handler error\n");
|
|
return res;
|
|
}
|
|
nanocbor_leave_container(&arr, &map);
|
|
}
|
|
nanocbor_leave_container(&it, &arr);
|
|
|
|
return 0;
|
|
}
|