Lines Matching refs:state
99 static void limitChunkSize(struct AppSecState *state)
101 if (state->haveSig && state->chunkSize > state->signedBytesIn)
102 state->chunkSize = state->signedBytesIn;
103 if (state->haveEncr && state->chunkSize > state->encryptedBytesIn)
104 state->chunkSize = state->signedBytesIn;
107 static void appSecSetCurState(struct AppSecState *state, uint32_t curState)
118 if (curState != state->curState || curState == STATE_INIT) {
121 "; new state=%" PRIu32
126 __func__, state->curState, curState,
127 state->chunkSize, chunkSize[curState],
128 state->haveBytes);
130 state->curState = curState;
131 state->chunkSize = chunkSize[curState];
135 static inline uint32_t appSecGetCurState(const struct AppSecState *state)
137 return state->curState;
143 struct AppSecState *state = heapAlloc(sizeof(struct AppSecState));
145 if (!state)
148 memset(state, 0, sizeof(struct AppSecState));
150 state->writeCbk = writeCbk;
151 state->pubKeyFindCbk = pubKeyFindCbk;
152 state->aesKeyAccessCbk = aesKeyAccessCbk;
153 appSecSetCurState(state, STATE_INIT);
155 state->needSig = 1;
157 return state;
160 void appSecDeinit(struct AppSecState *state)
162 heapFree(state);
166 static AppSecErr appSecBlockRx(struct AppSecState *state)
169 if (state->haveSig) {
172 if (state->haveBytes > state->signedBytesIn)
174 state->signedBytesIn -= state->haveBytes;
177 if (state->signedBytesOut < state->haveBytes)
178 state->haveBytes = state->signedBytesOut;
179 state->signedBytesOut -= state->haveBytes;
182 BL.blSha2processBytes(&state->sha, state->dataBytes, state->haveBytes);
186 if (state->haveEncr) {
188 uint32_t *dataP = state->dataWords;
189 uint32_t i, numBlocks = state->haveBytes / APP_DATA_CHUNK_SIZE;
192 if (state->haveBytes % APP_DATA_CHUNK_SIZE)
196 if (state->haveBytes > state->encryptedBytesIn)
198 state->encryptedBytesIn -= state->haveBytes;
202 BL.blAesCbcDecr(&state->cbc, dataP, dataP);
205 if (state->encryptedBytesOut < state->haveBytes)
206 state->haveBytes = state->encryptedBytesOut;
207 state->encryptedBytesOut -= state->haveBytes;
209 if (state->haveBytes)
210 BL.blSha2processBytes(&state->cbcSha, state->dataBytes, state->haveBytes);
213 limitChunkSize(state);
218 static AppSecErr appSecProcessIncomingHdr(struct AppSecState *state, uint32_t *needBytesOut)
226 uint8_t *hdr = state->dataBytes;
246 if (needBytes > state->haveBytes)
259 state->signedBytesIn = state->signedBytesOut = signHdr->appDataLen;
260 state->haveSig = 1;
261 BL.blSha2init(&state->sha);
262 BL.blSha2processBytes(&state->sha, state->dataBytes, needBytes);
275 ret = state->aesKeyAccessCbk(encrHdr->keyID, k);
281 BL.blAesCbcInitForDecr(&state->cbc, k, encrHdr->IV);
282 BL.blSha2init(&state->cbcSha);
283 state->encryptedBytesOut = encrHdr->dataLen;
284 state->encryptedBytesIn = ((state->encryptedBytesOut + APP_SEC_ENCR_ALIGN - 1) / APP_SEC_ENCR_ALIGN) * APP_SEC_ENCR_ALIGN;
285 state->haveEncr = 1;
287 __func__, state->encryptedBytesIn);
289 if (state->haveSig) {
290 state->signedBytesIn = state->signedBytesOut = signHdr->appDataLen - sizeof(*encrHdr);
292 if (state->signedBytesOut != (state->encryptedBytesIn + SHA2_HASH_SIZE)) {
300 if (!state->haveSig && state->needSig) {
348 memcpy(state->dataBytes, &common, sizeof(common));
349 state->haveBytes = sizeof(common);
351 //we're now in data-accepting state
352 appSecSetCurState(state, STATE_RXING_DATA);
357 static AppSecErr appSecProcessIncomingData(struct AppSecState *state)
360 if (state->haveSig && !state->signedBytesIn) {
362 appSecSetCurState(state, STATE_RXING_SIG_HASH);
365 memcpy(state->lastHash, BL.blSha2finish(&state->sha), SHA2_HASH_SIZE);
366 } else if (state->haveEncr && !state->encryptedBytesIn) {
367 if (appSecGetCurState(state) == STATE_RXING_DATA) {
369 state->encryptedBytesIn = sizeof(state->cbcSha);
370 appSecSetCurState(state, STATE_VERIFY);
375 return state->haveBytes ? state->writeCbk(state->dataBytes, state->haveBytes) : APP_SEC_NO_ERROR;
378 AppSecErr appSecDoSomeProcessing(struct AppSecState *state)
382 if (!state->doingRsa) {
387 result = BL.blRsaPubOpIterative(&state->rsa, state->rsaTmp, state->dataWords, &state->rsaState1, &state->rsaState2, &state->rsaStep);
388 if (state->rsaStep)
392 state->doingRsa = 0;
400 if (memcmp(state->lastHash, result, SHA2_HASH_SIZE))
404 BL.blSha2init(&state->sha);
405 BL.blSha2processBytes(&state->sha, state->dataBytes, APP_SIG_SIZE);
406 memcpy(state->lastHash, BL.blSha2finish(&state->sha), SHA2_HASH_SIZE);
407 appSecSetCurState(state, STATE_RXING_SIG_HASH);
412 static AppSecErr appSecProcessIncomingSigData(struct AppSecState *state)
417 if (appSecGetCurState(state) == STATE_RXING_SIG_HASH) {
418 state->haveTrustedKey = 0;
419 memcpy(state->rsaTmp, state->dataWords, APP_SIG_SIZE);
420 appSecSetCurState(state, STATE_RXING_SIG_PUBKEY);
425 state->pubKeyFindCbk(state->dataWords, &keyFound);
426 state->haveTrustedKey = keyFound;
429 state->doingRsa = 1;
430 state->rsaStep = 0;
434 static AppSecErr appSecVerifyEncryptedData(struct AppSecState *state)
436 const uint32_t *hash = BL.blSha2finish(&state->cbcSha);
437 bool verified = memcmp(hash, state->dataBytes, SHA2_BLOCK_SIZE) == 0;
446 AppSecErr appSecRxData(struct AppSecState *state, const void *dataP, uint32_t len, uint32_t *lenUnusedP)
452 if (appSecGetCurState(state) == STATE_INIT)
453 appSecSetCurState(state, STATE_RXING_HEADERS);
457 state->dataBytes[state->haveBytes++] = *data++;
458 if (state->haveBytes < state->chunkSize)
460 switch (appSecGetCurState(state)) {
464 ret = appSecProcessIncomingHdr(state, &needBytes);
467 if (needBytes > state->chunkSize) {
468 state->chunkSize = needBytes;
473 if (state->haveBytes) {
474 osLog(LOG_INFO, "%s: save converted header [%" PRIu16 " bytes] to flash\n", __func__, state->haveBytes);
475 ret = appSecProcessIncomingData(state);
476 state->haveBytes = 0;
478 limitChunkSize(state);
482 ret = appSecBlockRx(state);
486 ret = appSecProcessIncomingData(state);
487 state->haveBytes = 0;
493 ret = appSecBlockRx(state);
495 ret = appSecProcessIncomingData(state);
497 ret = appSecVerifyEncryptedData(state);
503 ret = appSecProcessIncomingSigData(state);
504 state->haveBytes = 0;
508 appSecSetCurState(state, STATE_BAD);
509 state->haveBytes = 0;
520 osLog(LOG_ERROR, "%s: failed: state=%" PRIu32 "; err=%" PRIu32 "\n",
521 __func__, appSecGetCurState(state), ret);
522 appSecSetCurState(state, STATE_BAD);
528 AppSecErr appSecRxDataOver(struct AppSecState *state)
533 if (state->haveBytes) {
535 if (state->haveSig || state->haveEncr) {
536 appSecSetCurState(state, STATE_BAD);
540 if (appSecGetCurState(state) != STATE_RXING_DATA) {
541 appSecSetCurState(state, STATE_BAD);
545 ret = appSecProcessIncomingData(state);
547 appSecSetCurState(state, STATE_BAD);
555 if (state->haveSig) {
557 if (!state->haveTrustedKey) {
558 appSecSetCurState(state, STATE_BAD);
561 appSecSetCurState(state, STATE_DONE);
568 if (!state->haveSig && !state->haveEncr && appSecGetCurState(state) == STATE_RXING_DATA)
569 appSecSetCurState(state, STATE_DONE);
571 //Check the state and return our verdict
572 if(appSecGetCurState(state) == STATE_DONE)
575 appSecSetCurState(state, STATE_BAD);
