suit.h

/*
 * Copyright (C) 2019 Koen Zandberg
 *               2019 Kaspar Schleiser <kaspar@schleiser.de>
 *
 * This file is subject to the terms and conditions of the GNU Lesser
 * General Public License v2.1. See the file LICENSE in the top level
 * directory for more details.
 */
#ifndef SUIT_H
#define SUIT_H
 
#include <stddef.h>
#include <stdint.h>
 
#include "cose/sign.h"
#include "nanocbor/nanocbor.h"
#include "uuid.h"
 
#ifdef __cplusplus
extern "C" {
#endif
 
#ifndef SUIT_COSE_BUF_SIZE
#define SUIT_COSE_BUF_SIZE                  (180U)
#endif
 
#ifndef CONFIG_SUIT_COMPONENT_MAX
#define CONFIG_SUIT_COMPONENT_MAX                  (1U)
#endif
 
#ifndef CONFIG_SUIT_COMPONENT_MAX_NAME_LEN
#define CONFIG_SUIT_COMPONENT_MAX_NAME_LEN          (32U)
#endif
 
#define SUIT_VERSION                        (1)
 
#define SUIT_STATE_HAVE_COMPONENTS          (1 << 0)
 
#define SUIT_STATE_COSE_AUTHENTICATED       (1 << 1)
 
#define SUIT_STATE_FULLY_AUTHENTICATED      (1 << 2)
typedef enum {
    SUIT_OK                   =  0, 
    SUIT_ERR_INVALID_MANIFEST = -1, 
    SUIT_ERR_UNSUPPORTED      = -2, 
    SUIT_ERR_NOT_SUPPORTED    = -3, 
    SUIT_ERR_COND             = -4, 
    SUIT_ERR_SEQUENCE_NUMBER  = -5, 
    SUIT_ERR_SIGNATURE        = -6, 
    SUIT_ERR_DIGEST_MISMATCH  = -7, 
    SUIT_ERR_POLICY_FORBIDDEN = -8, 
    SUIT_ERR_NO_MEM           = -9, 
    SUIT_ERR_STORAGE          = -50, 
    SUIT_ERR_STORAGE_EXCEEDED = -51, 
    SUIT_ERR_STORAGE_UNAVAILABLE = -52, 
} suit_error_t;
 
typedef enum {
    SUIT_DIGEST_NONE    = 0,    
    SUIT_DIGEST_SHA256  = 1,    
    SUIT_DIGEST_SHA384  = 2,    
    SUIT_DIGEST_SHA512  = 3,    
} suit_digest_t;
 
typedef enum {
    SUIT_DIGEST_TYPE_RAW        = 1,    
    SUIT_DIGEST_TYPE_INSTALLED  = 2,    
    SUIT_DIGEST_TYPE_CIPHERTEXT = 3,    
    SUIT_DIGEST_TYPE_PREIMAGE   = 4     
} suit_digest_type_t;
 
enum {
    SUIT_COMPONENT_IDENTIFIER   = 1,    
    SUIT_COMPONENT_SIZE         = 2,    
    SUIT_COMPONENT_DIGEST       = 3,    
};
 
typedef enum {
    SUIT_PARAMETER_VENDOR_IDENTIFIER = 1,
    SUIT_PARAMETER_CLASS_IDENTIFIER  = 2,
    SUIT_PARAMETER_IMAGE_DIGEST      = 3,
    SUIT_PARAMETER_USE_BEFORE        = 4,
    SUIT_PARAMETER_COMPONENT_OFFSET  = 5,
    SUIT_PARAMETER_STRICT_ORDER      = 12,
    SUIT_PARAMETER_SOFT_FAILURE      = 13,
    SUIT_PARAMETER_IMAGE_SIZE        = 14,
    SUIT_PARAMETER_ENCRYPTION_INFO   = 18,
    SUIT_PARAMETER_COMPRESSION_INFO  = 19,
    SUIT_PARAMETER_UNPACK_INFO       = 20,
    SUIT_PARAMETER_URI               = 21,
    SUIT_PARAMETER_SOURCE_COMPONENT  = 22,
    SUIT_PARAMETER_RUN_ARGS          = 23,
    SUIT_PARAMETER_DEVICE_IDENTIFIER = 24,
    SUIT_PARAMETER_MINIMUM_BATTERY   = 26,
    SUIT_PARAMETER_UPDATE_PRIORITY   = 27,
    SUIT_PARAMETER_VERSION           = 28,
    SUIT_PARAMETER_WAIT_INFO         = 29,
    SUIT_PARAMETER_URI_LIST          = 30,
} suit_parameter_t;
typedef struct {
    uint16_t offset;    
} suit_param_ref_t;
 
#define SUIT_COMPONENT_STATE_FETCHED       (1 << 0) 
#define SUIT_COMPONENT_STATE_FETCH_FAILED  (1 << 1) 
#define SUIT_COMPONENT_STATE_VERIFIED      (1 << 2) 
#define SUIT_COMPONENT_STATE_INSTALLED     (1 << 3) 
#define SUIT_COMPONENT_STATE_FINALIZED     (1 << 4) 
typedef struct suit_storage suit_storage_ref_t;
 
typedef struct {
    suit_storage_ref_t *storage_backend;        
    uint16_t state;                             
    suit_param_ref_t identifier;                
    suit_param_ref_t param_vendor_id;           
    suit_param_ref_t param_class_id;            
    suit_param_ref_t param_digest;              
    suit_param_ref_t param_uri;                 
    suit_param_ref_t param_size;                
    suit_param_ref_t param_component_offset;
} suit_component_t;
 
typedef struct {
    const uint8_t *buf;             
    size_t len;                     
    const uint8_t *cose_payload;    
    size_t cose_payload_len;        
    uint32_t validated;             
    uint32_t state;                 
    suit_component_t components[CONFIG_SUIT_COMPONENT_MAX];
    unsigned components_len;        
    uint8_t component_current;      
    uint8_t validation_buf[SUIT_COSE_BUF_SIZE];
    char *urlbuf;                   
    size_t urlbuf_len;              
    uint32_t seq_number;            
} suit_manifest_t;
 
#define SUIT_MANIFEST_COMPONENT_ALL     (UINT8_MAX)
 
#define SUIT_MANIFEST_COMPONENT_NONE    (SUIT_MANIFEST_COMPONENT_ALL - 1)
 
int suit_parse(suit_manifest_t *manifest, const uint8_t *buf, size_t len);
 
int suit_policy_check(suit_manifest_t *manifest);
 
static inline void suit_component_set_flag(suit_component_t *component,
                                           uint16_t flag)
{
    component->state |= flag;
}
 
static inline bool suit_component_check_flag(suit_component_t *component,
                                             uint16_t flag)
{
    return (component->state & flag);
}
 
int suit_component_name_to_string(const suit_manifest_t *manifest,
                                  const suit_component_t *component,
                                  char separator, char *buf, size_t buf_len);
#ifdef __cplusplus
}
#endif
 
#endif /* SUIT_H */