Mustahsin Chowdhury
Nordic stack and drivers for the mbed BLE API
Fork of
nRF51822
by 
Nordic Semiconductor
Diff: TARGET_MCU_NRF51822/sdk/source/libraries/bootloader_dfu/dfu_init_template.c
- Revision:
- 640:c90ae1400bf2
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/TARGET_MCU_NRF51822/sdk/source/libraries/bootloader_dfu/dfu_init_template.c Wed Sep 14 14:39:43 2016 +0100
@@ -0,0 +1,177 @@
+/*
+ * Copyright (c) Nordic Semiconductor ASA
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice, this
+ * list of conditions and the following disclaimer in the documentation and/or
+ * other materials provided with the distribution.
+ *
+ * 3. Neither the name of Nordic Semiconductor ASA nor the names of other
+ * contributors to this software may be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+/**@file
+ *
+ * @defgroup nrf_dfu_init_template Template file with an DFU init packet handling example.
+ * @{
+ *
+ * @ingroup nrf_dfu
+ *
+ * @brief This file contains a template on how to implement DFU init packet handling.
+ *
+ * @details The template shows how device type and revision can be used for a safety check of the
+ * received image. It shows how validation can be performed in two stages:
+ * - Stage 1: Pre-check of firmware image before transfer to ensure the firmware matches:
+ * - Device Type.
+ * - Device Revision.
+ * Installed SoftDevice.
+ * This template can be extended with additional checks according to needs.
+ * For example, such a check could be the origin of the image (trusted source)
+ * based on a signature scheme.
+ * - Stage 2: Post-check of the image after image transfer but before installing firmware.
+ * For example, such a check could be an integrity check in form of hashing or
+ * verification of a signature.
+ * In this template, a simple CRC check is carried out.
+ * The CRC check can be replaced with other mechanisms, like signing.
+ *
+ * @note This module does not support security features such as image signing, but the
+ * implementation allows for such extension.
+ * If the init packet is signed by a trusted source, it must be decrypted before it can be
+ * processed.
+ */
+
+#include "dfu_init.h"
+#include <stdint.h>
+#include <string.h>
+#include <dfu_types.h>
+#include "nrf_error.h"
+#include "crc16.h"
+
+#define DFU_INIT_PACKET_EXT_LENGTH_MIN 2 //< Minimum length of the extended init packet. The extended init packet may contain a CRC, a HASH, or other data. This value must be changed according to the requirements of the system. The template uses a minimum value of two in order to hold a CRC. */
+#define DFU_INIT_PACKET_EXT_LENGTH_MAX 10 //< Maximum length of the extended init packet. The extended init packet may contain a CRC, a HASH, or other data. This value must be changed according to the requirements of the system. The template uses a maximum value of 10 in order to hold a CRC and any padded data on transport layer without overflow. */
+
+static uint8_t m_extended_packet[DFU_INIT_PACKET_EXT_LENGTH_MAX]; //< Data array for storage of the extended data received. The extended data follows the normal init data of type \ref dfu_init_packet_t. Extended data can be used for a CRC, hash, signature, or other data. */
+static uint8_t m_extended_packet_length; //< Length of the extended data received with init packet. */
+
+
+uint32_t dfu_init_prevalidate(uint8_t * p_init_data, uint32_t init_data_len)
+{
+ uint32_t i = 0;
+
+ // In order to support signing or encryption then any init packet decryption function / library
+ // should be called from here or implemented at this location.
+
+ // Length check to ensure valid data are parsed.
+ if (init_data_len < sizeof(dfu_init_packet_t))
+ {
+ return NRF_ERROR_INVALID_LENGTH;
+ }
+
+ // Current template uses clear text data so they can be casted for pre-check.
+ dfu_init_packet_t * p_init_packet = (dfu_init_packet_t *)p_init_data;
+
+ m_extended_packet_length = ((uint32_t)p_init_data + init_data_len) -
+ (uint32_t)&p_init_packet->softdevice[p_init_packet->softdevice_len];
+ if (m_extended_packet_length < DFU_INIT_PACKET_EXT_LENGTH_MIN)
+ {
+ return NRF_ERROR_INVALID_LENGTH;
+ }
+
+ if (((uint32_t)p_init_data + init_data_len) <
+ (uint32_t)&p_init_packet->softdevice[p_init_packet->softdevice_len])
+ {
+ return NRF_ERROR_INVALID_LENGTH;
+ }
+
+ memcpy(m_extended_packet,
+ &p_init_packet->softdevice[p_init_packet->softdevice_len],
+ m_extended_packet_length);
+
+/** [DFU init application version] */
+ // To support application versioning, this check should be updated.
+ // This template allows for any application to be installed. However,
+ // customers can place a revision number at the bottom of the application
+ // to be verified by the bootloader. This can be done at a location
+ // relative to the application, for example the application start
+ // address + 0x0100.
+/** [DFU init application version] */
+
+ // First check to verify the image to be transfered matches the device type.
+ // If no Device type is present in DFU_DEVICE_INFO then any image will be accepted.
+ if ((DFU_DEVICE_INFO->device_type != DFU_DEVICE_TYPE_EMPTY) &&
+ (p_init_packet->device_type != DFU_DEVICE_INFO->device_type))
+ {
+ return NRF_ERROR_INVALID_DATA;
+ }
+
+ // Second check to verify the image to be transfered matches the device revision.
+ // If no Device revision is present in DFU_DEVICE_INFO then any image will be accepted.
+ if ((DFU_DEVICE_INFO->device_rev != DFU_DEVICE_REVISION_EMPTY) &&
+ (p_init_packet->device_rev != DFU_DEVICE_INFO->device_rev))
+ {
+ return NRF_ERROR_INVALID_DATA;
+ }
+
+ // Third check: Check the array of supported SoftDevices by this application.
+ // If the installed SoftDevice does not match any SoftDevice in the list then an
+ // error is returned.
+ while (i < p_init_packet->softdevice_len)
+ {
+ if (p_init_packet->softdevice[i] == DFU_SOFTDEVICE_ANY ||
+ p_init_packet->softdevice[i++] == SD_FWID_GET(MBR_SIZE))
+ {
+ return NRF_SUCCESS;
+ }
+ }
+
+ // No matching SoftDevice found - Return NRF_ERROR_INVALID_DATA.
+ return NRF_ERROR_INVALID_DATA;
+}
+
+
+uint32_t dfu_init_postvalidate(uint8_t * p_image, uint32_t image_len)
+{
+#if NEED_CRC_CHECK /* disabled for now */
+ uint16_t image_crc;
+ uint16_t received_crc;
+
+ // In order to support hashing (and signing) then the (decrypted) hash should be fetched and
+ // the corresponding hash should be calculated over the image at this location.
+ // If hashing (or signing) is added to the system then the CRC validation should be removed.
+
+ // calculate CRC from active block.
+ image_crc = crc16_compute(p_image, image_len, NULL);
+
+ // Decode the received CRC from extended data.
+ received_crc = uint16_decode((uint8_t *)&m_extended_packet[0]);
+
+ // Compare the received and calculated CRC.
+ if (image_crc != received_crc)
+ {
+ return NRF_ERROR_INVALID_DATA;
+ }
+#endif /* NEED_CRC_CHECK */
+
+ return NRF_SUCCESS;
+}
+