aboutsummaryrefslogtreecommitdiff
path: root/projects/bootloader/bootloader.c
blob: 3040bd1c76914d85905a21832ad7be22e18187b7 (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128

/*
 * bootloader.c
 * ------------
 * Bootloader to either install new firmware received from the MGMT UART,
 * or jump to previously installed firmware.
 *
 * Copyright (c) 2016, NORDUnet A/S All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are
 * met:
 * - Redistributions of source code must retain the above copyright notice,
 *   this list of conditions and the following disclaimer.
 *
 * - Redistributions in binary form must reproduce the above copyright
 *   notice, this list of conditions and the following disclaimer in the
 *   documentation and/or other materials provided with the distribution.
 *
 * - Neither the name of the NORDUnet nor the names of its contributors may
 *   be used to endorse or promote products derived from this software
 *   without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
#include "stm-init.h"
#include "stm-led.h"
#include "stm-uart.h"
#include "stm-fmc.h"
#include "dfu.h"

#undef HAL_Delay

/* Linker symbols are strange in C. Make regular pointers for sanity. */
__IO uint32_t *dfu_control = &CRYPTECH_DFU_CONTROL;
__IO uint32_t *dfu_firmware = &CRYPTECH_FIRMWARE_START;
/* The first word in the firmware is an address to the stack (msp) */
__IO uint32_t *dfu_msp_ptr = &CRYPTECH_FIRMWARE_START;
/* The second word in the firmware is a pointer to the code
 * (points at the Reset_Handler from the linker script).
 */
__IO uint32_t *dfu_code_ptr = &CRYPTECH_FIRMWARE_START + 1;

typedef  void (*pFunction)(void);

/* called from Reset_Handler */
void check_early_dfu_jump(void)
{
    /* Check if we've just rebooted in order to jump to the firmware. */
    if (*dfu_control == HARDWARE_EARLY_DFU_JUMP) {
	*dfu_control = 0;
        pFunction loaded_app = (pFunction) *dfu_code_ptr;
        /* Set the stack pointer to the correct one for the firmware */
        __set_MSP(*dfu_msp_ptr);
        /* Set the Vector Table Offset Register */
        SCB->VTOR = (uint32_t) dfu_firmware;
        loaded_app();
        while (1);
    }
}

int should_dfu()
{
    int i;
    uint8_t rx = 0;

    /* While blinking the blue LED for 5 seconds, see if we receive a CR on the MGMT UART.
     * We've discussed also requiring one or both of the FPGA config jumpers installed
     * before allowing DFU of the STM32 - that check could be done here.
     */
    led_on(LED_BLUE);
    for (i = 0; i < 50; i++) {
	HAL_Delay(100);
	led_toggle(LED_BLUE);
	if (uart_recv_char2(STM_UART_MGMT, &rx, 0) == HAL_OK) {
	    if (rx == 13) return 1;
	}
    }
    return 0;
}

int
main()
{
    int status;

    stm_init();
    fmc_init();

    uart_send_string2(STM_UART_MGMT, (char *) "\r\n\r\nThis is the bootloader speaking...");

    if (should_dfu()) {
	led_off(LED_BLUE);
	if ((status = dfu_receive_firmware()) != 0) {
	    /* Upload of new firmware failed, reboot after lighting the red LED
	     * for three seconds.
	     */
	    led_off(LED_BLUE);
	    led_on(LED_RED);
	    uart_send_string2(STM_UART_MGMT, (char *) "dfu_receive_firmware failed: ");
	    uart_send_number2(STM_UART_MGMT, status, 3, 16);
	    uart_send_string2(STM_UART_MGMT, (char *) "\r\n\r\nRebooting in three seconds\r\n");
	    HAL_Delay(3000);
	    HAL_NVIC_SystemReset();
	    while (1) {};
	}
    }

    /* Set dfu_control to the magic value that will cause the us to call do_early_dfu_jump
     * after rebooting back into this main() function.
     */
    *dfu_control = HARDWARE_EARLY_DFU_JUMP;

    uart_send_string2(STM_UART_MGMT, (char *) "loading firmware\r\n\r\n");

    /* De-initialize hardware by rebooting */
    HAL_NVIC_SystemReset();
    while (1) {};
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-04 04:31:37 +0000
n class="p">; uint32_t block; int i; if (descriptor == NULL || password == NULL || salt == NULL || derived_key == NULL || derived_key_length == 0 || iterations_desired == 0) return HAL_ERROR_BAD_ARGUMENTS; assert(sizeof(statebuf) >= descriptor->hmac_state_length); assert(sizeof(result) >= descriptor->digest_length); assert(sizeof(mac) >= descriptor->digest_length); /* Output length check per RFC 2989 5.2. */ if ((uint64_t) derived_key_length > ((uint64_t) 0xFFFFFFFF) * descriptor->block_length) return HAL_ERROR_UNSUPPORTED_KEY; memset(result, 0, sizeof(result)); memset(mac, 0, sizeof(mac)); #if 1 /* HACK - find the second sha256 core, to avoid interfering with rpc. */ core = hal_core_find(descriptor->core_name, NULL); core = hal_core_find(descriptor->core_name, core); #endif /* * We probably should check here to see whether the password is * longer than the HMAC block size, and, if so, we should hash the * password here to avoid having recomputing that every time through * the loops below. There are other optimizations we'd like to * make, but this one doesn't require being able to save and restore * the hash state. */ /* * Generate output blocks until we reach the requested length. */ for (block = 1; ; block++) { /* * Initial HMAC is of the salt concatenated with the block count. * This seeds the result, and constitutes iteration one. */ if ((err = do_hmac(core, descriptor, password, password_length, salt, salt_length, block, mac, sizeof(mac))) != HAL_OK) return err; memcpy(result, mac, descriptor->digest_length); /* * Now iterate however many times the caller requested, XORing the * HMAC back into the result on each iteration. */ for (iteration = 2; iteration <= iterations_desired; iteration++) { if ((err = do_hmac(core, descriptor, password, password_length, mac, descriptor->digest_length, 0, mac, sizeof(mac))) != HAL_OK) return err; for (i = 0; i < descriptor->digest_length; i++) result[i] ^= mac[i]; } /* * Save result block, then exit or loop for another block. */ if (derived_key_length > descriptor->digest_length) { memcpy(derived_key, result, descriptor->digest_length); derived_key += descriptor->digest_length; derived_key_length -= descriptor->digest_length; } else { memcpy(derived_key, result, derived_key_length); return HAL_OK; } } } /* * Local variables: * indent-tabs-mode: nil * End: */
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-04 04:31:37 +0000