Simulated product dispenser

Dependencies:   HTS221

Fork of mbed-cloud-workshop-connect-HTS221 by Jim Carver

Embed: (wiki syntax)

« Back to documentation index

arm_uc_mmInsertManifest.c File Reference

arm_uc_mmInsertManifest.c File Reference

Inserts a manifest into a slot specified by the manifest. More...

Go to the source code of this file.

Functions

static arm_uc_error_t validateResourceType (arm_uc_buffer_t *buffer)
 Validate that the resource contained in this signed container is a manifest.
static arm_uc_error_t validateManifestVersion (arm_uc_buffer_t *buffer)
 Validate that this manifest is a supported version.
static arm_uc_error_t validateManifestSize (arm_uc_buffer_t *buffer)
 Validate the manifest size.
static arm_uc_error_t validateCryptoMode (arm_uc_buffer_t *buffer, arm_uc_mm_crypto_flags_t *flags)
 Validate the crypto mode.
static arm_uc_error_t state_verifyHash (struct arm_uc_mmInsertContext_t *ctx, uint32_t *event)
 Verify the manifest hash.
static arm_uc_error_t state_verifySignatureLoopStart (struct arm_uc_mmInsertContext_t *ctx, uint32_t *event)
 Start the signature verification loop.
static arm_uc_error_t state_verifySignatureStart (struct arm_uc_mmInsertContext_t *ctx, uint32_t *event)
 Begin verifying the signature.
static arm_uc_error_t state_verifySignature (struct arm_uc_mmInsertContext_t *ctx, uint32_t *event)
 Wait for signature validation to complete.
static arm_uc_error_t state_verifyParameters (struct arm_uc_mmInsertContext_t *ctx, uint32_t *event)
 Validates remaining parsable parameters.
static arm_uc_error_t state_verifyTimestampStart (struct arm_uc_mmInsertContext_t *ctx, uint32_t *event)
 Initiate timestamp verification.
static arm_uc_error_t state_verifyTimestamp (struct arm_uc_mmInsertContext_t *ctx, uint32_t *event)
 Waits for the active timestamp to be loaded.
static arm_uc_error_t state_verifyApplication (struct arm_uc_mmInsertContext_t *ctx, uint32_t *event)
 Calls out to a handler provided by the application.
static arm_uc_error_t state_verifyDone (struct arm_uc_mmInsertContext_t *ctx, uint32_t *event)
 Verification has failed.
static arm_uc_error_t state_alertHub (struct arm_uc_mmInsertContext_t *ctx, uint32_t *event)
 Alert the hub that insert has finished processing the manifest.
arm_uc_error_t ARM_UC_mmInsertFSM (uint32_t event)
 DOT Teardown DOT: }.

Detailed Description

Inserts a manifest into a slot specified by the manifest.

This API is used by the manifest manager to validate and store a manifest.

The workflow for inserting a manifest is: 1. Check the version of the manifest 2. Validate the cryptographic mode 3. Verify the hash of the manifest. 4. Verify each signature of the manifest. 5. Validate the applicability of the manifest (GUID matching) 6. Validate the storage identifier TBD: Store the manifest in the KCM

NOTE: There is a security vs. energy tradeoff in this code. To optimize for energy, the cheapest fields should be checked first, that means checking applicability before hash or signature. However, to optimize for security, we must prioritize safety over energy. Since parsers are notorious sources of bugs, we must make every effort to protect the parser from insecure content. This means accessing the absolute minimum of fields prior to verifyinng the signature.

The current version of this code optimizes for security. Once the parser has been more thoroughly validated, we can consider exposing it to more unvalidated data as an energy saving measure.

inline_dotgraph_1.dot

Definition in file arm_uc_mmInsertManifest.c.


Function Documentation

arm_uc_error_t ARM_UC_mmInsertFSM ( uint32_t  event )

DOT Teardown DOT: }.

Definition at line 584 of file arm_uc_mmInsertManifest.c.

static arm_uc_error_t state_alertHub ( struct arm_uc_mmInsertContext_t *  ctx,
uint32_t *  event 
) [static]

Alert the hub that insert has finished processing the manifest.

Queues a callback to the hub, that reports completion.

DOT States: DOT: AlertHub DOT: AlertHub -> Idle

Definition at line 574 of file arm_uc_mmInsertManifest.c.

static arm_uc_error_t state_verifyApplication ( struct arm_uc_mmInsertContext_t *  ctx,
uint32_t *  event 
) [static]

Calls out to a handler provided by the application.

Currently unimplemented.

DOT States: DOT: VerifyApplication DOT: VerifyApplication -> VerifyDone DOT: VerifyApplication -> VerifyFail [label="[App denied]"]

Definition at line 530 of file arm_uc_mmInsertManifest.c.

static arm_uc_error_t state_verifyDone ( struct arm_uc_mmInsertContext_t *  ctx,
uint32_t *  event 
) [static]

Verification has failed.

This state will never be entered. This is for documentation purposes only. The state machine exits when an error is detected, so this state cannot be entered. The hub will be notified via the state machine's error handler.

DOT States: DOT: VerifyFail DOT: VerifyFail -> IdleVerification has completed successfully.

This is a placeholder state that may be useful if more operations must be performed after verification, for example, storage of the manifest.

DOT States: DOT: VerifyDone DOT: VerifyDone -> AlertHub

Definition at line 558 of file arm_uc_mmInsertManifest.c.

static arm_uc_error_t state_verifyHash ( struct arm_uc_mmInsertContext_t *  ctx,
uint32_t *  event 
) [static]

Verify the manifest hash.

Manifest hash verification happens in a single state. This is because hash verification is currently considered to be a blocking operation. If an asynchronous hash accelerator is used, this will need to be modified to use two states to handle hash initiation and waiting for completion.

DOT States: DOT: VerifyHash DOT: VerifyHash -> VerifySignatureLoopStart DOT: VerifyHash -> VerifyFail [label="[Hash invalid]"]

Definition at line 327 of file arm_uc_mmInsertManifest.c.

static arm_uc_error_t state_verifyParameters ( struct arm_uc_mmInsertContext_t *  ctx,
uint32_t *  event 
) [static]

Validates remaining parsable parameters.

This currently means only the firmware applicability, as identified by UUID. Several additiional parameters could be validated:

* Storage identifier * Payload type identifier * URI validation in payload reference * Valid size of payload hash * nonce size, non-zero * Valid From, Valid To * timestamp * Encryption info

DOT States: DOT: VerifyParameters DOT: VerifyParameters -> VerifyApplication DOT: VerifyParameters -> VerifyFail [label="[Parameters invalid]"]

Definition at line 462 of file arm_uc_mmInsertManifest.c.

static arm_uc_error_t state_verifySignature ( struct arm_uc_mmInsertContext_t *  ctx,
uint32_t *  event 
) [static]

Wait for signature validation to complete.

Calls the `ARM_UC_mmValidateSignature` state machine and collects exit status. When signature validation is complete, the return value will be `MFST_ERR_NONE`.

DOT States: DOT: VerifySignature DOT: VerifySignature -> VerifyFail [label="[Signature invalid]"] DOT: VerifySignature -> VerifySignatureStart

Definition at line 421 of file arm_uc_mmInsertManifest.c.

static arm_uc_error_t state_verifySignatureLoopStart ( struct arm_uc_mmInsertContext_t *  ctx,
uint32_t *  event 
) [static]

Start the signature verification loop.

This state provides initialization for the signature verification loop. The outer loop is tracked by `loopCounters[0]` and represents the signature index.

DOT States: DOT: VerifySignatureLoopStart DOT: VerifySignatureLoopStart -> VerifySignatureStart

Definition at line 359 of file arm_uc_mmInsertManifest.c.

static arm_uc_error_t state_verifySignatureStart ( struct arm_uc_mmInsertContext_t *  ctx,
uint32_t *  event 
) [static]

Begin verifying the signature.

This calls the ARM_UC_mmValidateSignature setup function, but does not start the signature verification state machine. `ARM_UC_mmValidateSignature` attempts to read a signature at the index specified by the outer loop counter (`loopCounters[0]`). If it fails, it assumes that all signatures have been processed. If at least one signature has been processed, then continue with validation, but a minimum of one signature is required for validation.

DOT States: DOT: VerifySignatureStart DOT: VerifySignatureStart -> VerifySignature DOT: VerifySignatureStart -> VerifyParameters [label="[No More Signatures]"]

Definition at line 379 of file arm_uc_mmInsertManifest.c.

static arm_uc_error_t state_verifyTimestamp ( struct arm_uc_mmInsertContext_t *  ctx,
uint32_t *  event 
) [static]

Waits for the active timestamp to be loaded.

Once the active timestamp has been loaded, this validates the inserted manifest timestamp.

DOT States: DOT: VerifyTimestamp DOT: VerifyTimestamp -> VerifyApplication DOT: VerifyTimestamp -> VerifyFail [label="[Timestamp too old]"]

Definition at line 497 of file arm_uc_mmInsertManifest.c.

static arm_uc_error_t state_verifyTimestampStart ( struct arm_uc_mmInsertContext_t *  ctx,
uint32_t *  event 
) [static]

Initiate timestamp verification.

This starts the process of loading the active timestamp. This may be a non-blocking operation.

DOT States: DOT: VerifyTimestampStart DOT: VerifyTimestampStart -> VerifyTimestamp

Definition at line 478 of file arm_uc_mmInsertManifest.c.

static arm_uc_error_t validateCryptoMode ( arm_uc_buffer_t *  buffer,
arm_uc_mm_crypto_flags_t flags 
) [static]

Validate the crypto mode.

The manifest must contain a cryptographic mode identifier. Only a small number of modes are supported. If the manifest is to be processed, then one of these modes must be supported.

While the manifest format supports OID cryptographic mode identifiers, these are not currently supported in the update client.

Definition at line 198 of file arm_uc_mmInsertManifest.c.

static arm_uc_error_t validateManifestSize ( arm_uc_buffer_t *  buffer ) [static]

Validate the manifest size.

Definition at line 170 of file arm_uc_mmInsertManifest.c.

static arm_uc_error_t validateManifestVersion ( arm_uc_buffer_t *  buffer ) [static]

Validate that this manifest is a supported version.

Definition at line 153 of file arm_uc_mmInsertManifest.c.

static arm_uc_error_t validateResourceType ( arm_uc_buffer_t *  buffer ) [static]

Validate that the resource contained in this signed container is a manifest.

Definition at line 130 of file arm_uc_mmInsertManifest.c.