/* * Copyright (c) 2000 Jeroen Ruigrok van der Werven * All rights reserved. * * Copyright (c) 2014-2014 Texas Instruments Incorporated * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD: release/10.0.0/include/stdbool.h 228878 2011-12-25 20:15:41Z ed $ */ /* If this file is included in C99 mode, _Bool is a builtin, so no definition. */ /* If this is C89 mode and this file is included, _Bool is pre-defined in C89 */ /* relaxed mode by the EDG parser, so it needs to be defined in strict mode. */ /*****************************************************************************/ /* _ti_config.h */ /* */ /* Copyright (c) 2017 Texas Instruments Incorporated */ /* http://www.ti.com/ */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions */ /* are met: */ /* */ /* Redistributions of source code must retain the above copyright */ /* notice, this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in */ /* the documentation and/or other materials provided with the */ /* distribution. */ /* */ /* Neither the name of Texas Instruments Incorporated nor the names */ /* of its contributors may be used to endorse or promote products */ /* derived from this software without specific prior written */ /* permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /* */ /*****************************************************************************/ /*Unsupported pragmas are omitted */ # pragma diag_push # pragma CHECK_MISRA("-19.7") # pragma CHECK_MISRA("-19.4") # pragma CHECK_MISRA("-19.1") # pragma CHECK_MISRA("-19.15") # pragma diag_pop _Pragma("diag_push") _Pragma("CHECK_MISRA(\"-19.4\")") _Pragma("CHECK_MISRA(\"-19.1\")") _Pragma("CHECK_MISRA(\"-19.6\")") /* Hide uses of the TI proprietary macros behind other macros. Implementations that don't implement these features should leave these macros undefined. */ /* Common definitions */ /* C */ /* C89/C99 */ /* _TI_NOEXCEPT_CPP14 is defined to noexcept only when compiling for C++14. It is intended to be used for functions like abort and atexit that are supposed to be declared noexcept only in C++14 mode. */ /* Target-specific definitions */ /*****************************************************************************/ /* linkage.h */ /* */ /* Copyright (c) 1998 Texas Instruments Incorporated */ /* http://www.ti.com/ */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions */ /* are met: */ /* */ /* Redistributions of source code must retain the above copyright */ /* notice, this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in */ /* the documentation and/or other materials provided with the */ /* distribution. */ /* */ /* Neither the name of Texas Instruments Incorporated nor the names */ /* of its contributors may be used to endorse or promote products */ /* derived from this software without specific prior written */ /* permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /* */ /*****************************************************************************/ #pragma diag_push #pragma CHECK_MISRA("-19.4") /* macros required for implementation */ /* No modifiers needed to access code */ /*--------------------------------------------------------------------------*/ /* Define _DATA_ACCESS ==> how to access RTS global or static data */ /*--------------------------------------------------------------------------*/ /*--------------------------------------------------------------------------*/ /* Define _OPTIMIZE_FOR_SPACE ==> Always optimize for space. */ /*--------------------------------------------------------------------------*/ /*--------------------------------------------------------------------------*/ /* Define _IDECL ==> how inline functions are declared */ /*--------------------------------------------------------------------------*/ #pragma diag_pop _Pragma("diag_pop") _Pragma("diag_push") _Pragma("CHECK_MISRA(\"-19.4\")") _Pragma("CHECK_MISRA(\"-19.11\")") _Pragma("diag_pop") /*****************************************************************************/ /* STDINT.H */ /* */ /* Copyright (c) 2002 Texas Instruments Incorporated */ /* http://www.ti.com/ */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions */ /* are met: */ /* */ /* Redistributions of source code must retain the above copyright */ /* notice, this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in */ /* the documentation and/or other materials provided with the */ /* distribution. */ /* */ /* Neither the name of Texas Instruments Incorporated nor the names */ /* of its contributors may be used to endorse or promote products */ /* derived from this software without specific prior written */ /* permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /* */ /*****************************************************************************/ _Pragma("diag_push") _Pragma("CHECK_MISRA(\"-19.1\")") /* no code before #include */ _Pragma("CHECK_MISRA(\"-19.7\")") /* prefer functions to macros */ /*****************************************************************************/ /* _STDINT40.H */ /* */ /* Copyright (c) 2018 Texas Instruments Incorporated */ /* http://www.ti.com/ */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions */ /* are met: */ /* */ /* Redistributions of source code must retain the above copyright */ /* notice, this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in */ /* the documentation and/or other materials provided with the */ /* distribution. */ /* */ /* Neither the name of Texas Instruments Incorporated nor the names */ /* of its contributors may be used to endorse or promote products */ /* derived from this software without specific prior written */ /* permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /* */ /*****************************************************************************/ _Pragma("diag_push") _Pragma("CHECK_MISRA(\"-19.7\")") /* prefer functions to macros */ /* According to footnotes in the 1999 C standard, "C++ implementations should define these macros only when __STDC_LIMIT_MACROS is defined before is included." */ _Pragma("diag_pop") /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2001 Mike Barcroft * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ /*- * SPDX-License-Identifier: BSD-3-Clause * * Copyright (c) 1991, 1993 * The Regents of the University of California. All rights reserved. * * This code is derived from software contributed to Berkeley by * Berkeley Software Design, Inc. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * @(#)cdefs.h 8.8 (Berkeley) 1/9/95 * $FreeBSD$ */ _Pragma("diag_push") _Pragma("CHECK_MISRA(\"none\")") /* * Testing against Clang-specific extensions. */ /* * This code has been put in place to help reduce the addition of * compiler specific defines in FreeBSD code. It helps to aid in * having a compiler-agnostic source tree. */ /* * Macro to test if we're using a specific version of gcc or later. */ /* * The __CONCAT macro is used to concatenate parts of symbol names, e.g. * with "#define OLD(foo) __CONCAT(old,foo)", OLD(foo) produces oldfoo. * The __CONCAT macro is a bit tricky to use if it must work in non-ANSI * mode -- there must be no spaces between its arguments, and for nested * __CONCAT's, all the __CONCAT's must be at the left. __CONCAT can also * concatenate double-quoted strings produced by the __STRING macro, but * this only works with ANSI C. * * __XSTRING is like __STRING, but it expands any macros in its argument * first. It is only available with ANSI C. */ /* * Compiler-dependent macros to help declare dead (non-returning) and * pure (no side effects) functions, and unused variables. They are * null except for versions of gcc that are known to support the features * properly (old versions of gcc-2 supported the dead and pure features * in a different (wrong) way). If we do not provide an implementation * for a given compiler, let the compile fail if it is told to use * a feature that we cannot live without. */ /* * TI ADD - check that __GNUC__ is defined before referencing it to avoid * generating an error when __GNUC__ treated as zero warning is * promoted to an error via -pdse195 option. */ /* * Keywords added in C11. */ /* * No native support for _Atomic(). Place object in structure to prevent * most forms of direct non-atomic access. */ /* * XXX: Some compilers (Clang 3.3, GCC 4.7) falsely announce C++11 mode * without actually supporting the thread_local keyword. Don't check for * the presence of C++11 when defining _Thread_local. */ /* * Emulation of C11 _Generic(). Unlike the previously defined C11 * keywords, it is not possible to implement this using exactly the same * syntax. Therefore implement something similar under the name * __generic(). Unlike _Generic(), this macro can only distinguish * between a single type, so it requires nested invocations to * distinguish multiple cases. */ /* * C99 Static array indices in function parameter declarations. Syntax such as: * void bar(int myArray[static 10]); * is allowed in C99 but not in C++. Define __min_size appropriately so * headers using it can be compiled in either language. Use like this: * void bar(int myArray[__min_size(10)]); */ /* XXX: should use `#if __STDC_VERSION__ < 199901'. */ /* C++11 exposes a load of C99 stuff */ /* * GCC 2.95 provides `__restrict' as an extension to C90 to support the * C99-specific `restrict' type qualifier. We happen to use `__restrict' as * a way to define the `restrict' type qualifier without disturbing older * software that is unaware of C99 keywords. * The TI compiler supports __restrict in all compilation modes. */ /* * GNU C version 2.96 adds explicit branch prediction so that * the CPU back-end can hint the processor and also so that * code blocks can be reordered such that the predicted path * sees a more linear flow, thus improving cache behavior, etc. * * The following two macros provide us with a way to utilize this * compiler feature. Use __predict_true() if you expect the expression * to evaluate to true, and __predict_false() if you expect the * expression to evaluate to false. * * A few notes about usage: * * * Generally, __predict_false() error condition checks (unless * you have some _strong_ reason to do otherwise, in which case * document it), and/or __predict_true() `no-error' condition * checks, assuming you want to optimize for the no-error case. * * * Other than that, if you don't know the likelihood of a test * succeeding from empirical or other `hard' evidence, don't * make predictions. * * * These are meant to be used in places that are run `a lot'. * It is wasteful to make predictions in code that is run * seldomly (e.g. at subsystem initialization time) as the * basic block reordering that this affects can often generate * larger code. */ /* * We define this here since , , and * require it. */ /* * Given the pointer x to the member m of the struct s, return * a pointer to the containing structure. When using GCC, we first * assign pointer x to a local variable, to check that its type is * compatible with member m. */ /* * Compiler-dependent macros to declare that functions take printf-like * or scanf-like arguments. They are null except for versions of gcc * that are known to support the features properly (old versions of gcc-2 * didn't permit keeping the keywords out of the application namespace). */ /* Compiler-dependent macros that rely on FreeBSD-specific extensions. */ /* * The following definition might not work well if used in header files, * but it should be better than nothing. If you want a "do nothing" * version, then it should generate some harmless declaration, such as: * #define __IDSTRING(name,string) struct __hack */ /* * Embed the rcs id of a source file in the resulting library. Note that in * more recent ELF binutils, we use .ident allowing the ID to be stripped. * Usage: * __FBSDID("$FreeBSD$"); */ /*- * The following definitions are an extension of the behavior originally * implemented in , but with a different level of granularity. * POSIX.1 requires that the macros we test be defined before any standard * header file is included. * * Here's a quick run-down of the versions: * defined(_POSIX_SOURCE) 1003.1-1988 * _POSIX_C_SOURCE == 1 1003.1-1990 * _POSIX_C_SOURCE == 2 1003.2-1992 C Language Binding Option * _POSIX_C_SOURCE == 199309 1003.1b-1993 * _POSIX_C_SOURCE == 199506 1003.1c-1995, 1003.1i-1995, * and the omnibus ISO/IEC 9945-1: 1996 * _POSIX_C_SOURCE == 200112 1003.1-2001 * _POSIX_C_SOURCE == 200809 1003.1-2008 * * In addition, the X/Open Portability Guide, which is now the Single UNIX * Specification, defines a feature-test macro which indicates the version of * that specification, and which subsumes _POSIX_C_SOURCE. * * Our macros begin with two underscores to avoid namespace screwage. */ /* Deal with IEEE Std. 1003.1-1990, in which _POSIX_C_SOURCE == 1. */ /* Deal with IEEE Std. 1003.2-1992, in which _POSIX_C_SOURCE == 2. */ /* Deal with various X/Open Portability Guides and Single UNIX Spec. */ /* * Deal with all versions of POSIX. The ordering relative to the tests above is * important. */ /*- * Deal with _ANSI_SOURCE: * If it is defined, and no other compilation environment is explicitly * requested, then define our internal feature-test macros to zero. This * makes no difference to the preprocessor (undefined symbols in preprocessing * expressions are defined to have value zero), but makes it more convenient for * a test program to print out the values. * * If a program mistakenly defines _ANSI_SOURCE and some other macro such as * _POSIX_C_SOURCE, we will assume that it wants the broader compilation * environment (and in fact we will never get here). */ /* User override __EXT1_VISIBLE */ /* * Old versions of GCC use non-standard ARM arch symbols; acle-compat.h * translates them to __ARM_ARCH and the modern feature symbols defined by ARM. */ /* * Nullability qualifiers: currently only supported by Clang. */ /* * Type Safety Checking * * Clang provides additional attributes to enable checking type safety * properties that cannot be enforced by the C type system. */ /* * Lock annotations. * * Clang provides support for doing basic thread-safety tests at * compile-time, by marking which locks will/should be held when * entering/leaving a functions. * * Furthermore, it is also possible to annotate variables and structure * members to enforce that they are only accessed when certain locks are * held. */ /* Structure implements a lock. */ /* Function acquires an exclusive or shared lock. */ /* Function attempts to acquire an exclusive or shared lock. */ /* Function releases a lock. */ /* Function asserts that an exclusive or shared lock is held. */ /* Function requires that an exclusive or shared lock is or is not held. */ /* Function should not be analyzed. */ /* Guard variables and structure members by lock. */ _Pragma("diag_pop") /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2002 Mike Barcroft * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ /*****************************************************************************/ /* _TYPES.H */ /* */ /* Copyright (c) 2017 Texas Instruments Incorporated */ /* http://www.ti.com/ */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions */ /* are met: */ /* */ /* Redistributions of source code must retain the above copyright */ /* notice, this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in */ /* the documentation and/or other materials provided with the */ /* distribution. */ /* */ /* Neither the name of Texas Instruments Incorporated nor the names */ /* of its contributors may be used to endorse or promote products */ /* derived from this software without specific prior written */ /* permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /* */ /*****************************************************************************/ #pragma diag_push /* This file is required to use base types */ #pragma CHECK_MISRA("-6.3") /* * Basic types upon which most other types are built. */ typedef int __int16_t; typedef unsigned int __uint16_t; typedef long __int32_t; typedef unsigned long __uint32_t; /* LONGLONG */ typedef long long __int64_t; /* LONGLONG */ typedef unsigned long long __uint64_t; /* * Standard type definitions. */ typedef __uint32_t __clock_t; /* clock()... */ typedef __int32_t __critical_t; typedef double __double_t; typedef float __float_t; typedef __int32_t __intfptr_t; typedef __int64_t __intmax_t; typedef __int32_t __intptr_t; typedef __int16_t __int_fast8_t; typedef __int16_t __int_fast16_t; typedef __int32_t __int_fast32_t; typedef __int64_t __int_fast64_t; typedef __int16_t __int_least8_t; typedef __int16_t __int_least16_t; typedef __int32_t __int_least32_t; typedef __int64_t __int_least64_t; typedef long __ptrdiff_t; /* ptr1 - ptr2 */ typedef __int16_t __register_t; typedef __int32_t __segsz_t; /* segment size (in pages) */ typedef unsigned long __size_t; /* sizeof() */ typedef __int32_t __ssize_t; /* byte count or error */ typedef __uint32_t __time_t; typedef __uint32_t __uintfptr_t; typedef __uint64_t __uintmax_t; typedef __uint32_t __uintptr_t; typedef __uint16_t __uint_fast8_t; typedef __uint16_t __uint_fast16_t; typedef __uint32_t __uint_fast32_t; typedef __uint64_t __uint_fast64_t; typedef __uint16_t __uint_least8_t; typedef __uint16_t __uint_least16_t; typedef __uint32_t __uint_least32_t; typedef __uint64_t __uint_least64_t; typedef __uint16_t __u_register_t; typedef __uint32_t __vm_offset_t; typedef __uint32_t __vm_paddr_t; typedef __uint32_t __vm_size_t; typedef unsigned int ___wchar_t; /* * POSIX target specific _off_t type definition */ typedef long int _off_t; /* * Unusual type definitions. */ typedef char* __va_list; #pragma diag_pop _Pragma("diag_push") /* This file is required to use types without size and signedness */ _Pragma("CHECK_MISRA(\"-6.3\")") /* * Standard type definitions. */ typedef __int32_t __blksize_t; /* file block size */ typedef __int64_t __blkcnt_t; /* file block count */ typedef __int32_t __clockid_t; /* clock_gettime()... */ typedef __uint32_t __fflags_t; /* file flags */ typedef __uint64_t __fsblkcnt_t; typedef __uint64_t __fsfilcnt_t; typedef __uint32_t __gid_t; typedef __int64_t __id_t; /* can hold a gid_t, pid_t, or uid_t */ typedef __uint64_t __ino_t; /* inode number */ typedef long __key_t; /* IPC key (for Sys V IPC) */ typedef __int32_t __lwpid_t; /* Thread ID (a.k.a. LWP) */ typedef __uint16_t __mode_t; /* permissions */ typedef int __accmode_t; /* access permissions */ typedef int __nl_item; typedef __uint64_t __nlink_t; /* link count */ typedef _off_t __off_t; /* file offset (target-specific) */ typedef __int64_t __off64_t; /* file offset (always 64-bit) */ typedef __int32_t __pid_t; /* process [group] */ typedef __int64_t __rlim_t; /* resource limit - intentionally */ /* signed, because of legacy code */ /* that uses -1 for RLIM_INFINITY */ typedef __uint16_t __sa_family_t; typedef __uint32_t __socklen_t; typedef long __suseconds_t; /* microseconds (signed) */ typedef struct __timer *__timer_t; /* timer_gettime()... */ typedef struct __mq *__mqd_t; /* mq_open()... */ typedef __uint32_t __uid_t; typedef unsigned int __useconds_t; /* microseconds (unsigned) */ typedef int __cpuwhich_t; /* which parameter for cpuset. */ typedef int __cpulevel_t; /* level parameter for cpuset. */ typedef int __cpusetid_t; /* cpuset identifier. */ /* * Unusual type definitions. */ /* * rune_t is declared to be an ``int'' instead of the more natural * ``unsigned long'' or ``long''. Two things are happening here. It is not * unsigned so that EOF (-1) can be naturally assigned to it and used. Also, * it looks like 10646 will be a 31 bit standard. This means that if your * ints cannot hold 32 bits, you will be in trouble. The reason an int was * chosen over a long is that the is*() and to*() routines take ints (says * ANSI C), but they use __ct_rune_t instead of int. * * NOTE: rune_t is not covered by ANSI nor other standards, and should not * be instantiated outside of lib/libc/locale. Use wchar_t. wint_t and * rune_t must be the same type. Also, wint_t should be able to hold all * members of the largest character set plus one extra value (WEOF), and * must be at least 16 bits. */ typedef int __ct_rune_t; /* arg type for ctype funcs */ typedef __ct_rune_t __rune_t; /* rune_t (see above) */ typedef __ct_rune_t __wint_t; /* wint_t (see above) */ /* Clang already provides these types as built-ins, but only in C++ mode. */ typedef __uint_least16_t __char16_t; typedef __uint_least32_t __char32_t; /* In C++11, char16_t and char32_t are built-in types. */ typedef struct { long long __max_align1 __attribute__((aligned(__alignof__(long long)))); long double __max_align2 __attribute__((aligned(__alignof__(long double)))); } __max_align_t; typedef __uint64_t __dev_t; /* device number */ typedef __uint32_t __fixpt_t; /* fixed point number */ /* * mbstate_t is an opaque object to keep conversion state during multibyte * stream conversions. */ typedef int _Mbstatet; typedef _Mbstatet __mbstate_t; typedef __uintmax_t __rman_res_t; /* * When the following macro is defined, the system uses 64-bit inode numbers. * Programs can use this to avoid including , with its associated * namespace pollution. */ _Pragma("diag_pop") /*****************************************************************************/ /* _STDINT.H */ /* */ /* Copyright (c) 2019 Texas Instruments Incorporated */ /* http://www.ti.com/ */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions */ /* are met: */ /* */ /* Redistributions of source code must retain the above copyright */ /* notice, this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in */ /* the documentation and/or other materials provided with the */ /* distribution. */ /* */ /* Neither the name of Texas Instruments Incorporated nor the names */ /* of its contributors may be used to endorse or promote products */ /* derived from this software without specific prior written */ /* permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /* */ /*****************************************************************************/ /*- * SPDX-License-Identifier: BSD-2-Clause-NetBSD * * Copyright (c) 2001, 2002 Mike Barcroft * Copyright (c) 2001 The NetBSD Foundation, Inc. * All rights reserved. * * This code is derived from software contributed to The NetBSD Foundation * by Klaus Klein. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * * $FreeBSD$ */ #pragma diag_push /* 19.4 is issued for macros that are defined in terms of other macros. */ #pragma CHECK_MISRA("-19.4") #pragma CHECK_MISRA("-19.7") #pragma CHECK_MISRA("-19.13") /* * ISO/IEC 9899:1999 * 7.18.2.1 Limits of exact-width integer types */ /* Minimum values of exact-width signed integer types. */ /* Maximum values of exact-width signed integer types. */ /* Maximum values of exact-width unsigned integer types. */ /* * ISO/IEC 9899:1999 * 7.18.2.2 Limits of minimum-width integer types */ /* Minimum values of minimum-width signed integer types. */ /* Maximum values of minimum-width signed integer types. */ /* Maximum values of minimum-width unsigned integer types. */ /* * ISO/IEC 9899:1999 * 7.18.2.3 Limits of fastest minimum-width integer types */ /* Minimum values of fastest minimum-width signed integer types. */ /* Maximum values of fastest minimum-width signed integer types. */ /* Maximum values of fastest minimum-width unsigned integer types. */ /* * ISO/IEC 9899:1999 * 7.18.2.4 Limits of integer types capable of holding object pointers */ /* * ISO/IEC 9899:1999 * 7.18.2.5 Limits of greatest-width integer types */ /* * ISO/IEC 9899:1999 * 7.18.3 Limits of other integer types */ /* Limits of ptrdiff_t. */ /* Limits of sig_atomic_t. */ /* Limit of size_t. */ /* Limits of wint_t. */ #pragma diag_pop /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2011 David E. O'Brien * Copyright (c) 2001 Mike Barcroft * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ typedef __int16_t int16_t; typedef __int32_t int32_t; typedef __int64_t int64_t; typedef __uint16_t uint16_t; typedef __uint32_t uint32_t; typedef __uint64_t uint64_t; typedef __intptr_t intptr_t; typedef __uintptr_t uintptr_t; typedef __intmax_t intmax_t; typedef __uintmax_t uintmax_t; typedef __int_least8_t int_least8_t; typedef __int_least16_t int_least16_t; typedef __int_least32_t int_least32_t; typedef __int_least64_t int_least64_t; typedef __uint_least8_t uint_least8_t; typedef __uint_least16_t uint_least16_t; typedef __uint_least32_t uint_least32_t; typedef __uint_least64_t uint_least64_t; typedef __int_fast8_t int_fast8_t; typedef __int_fast16_t int_fast16_t; typedef __int_fast32_t int_fast32_t; typedef __int_fast64_t int_fast64_t; typedef __uint_fast8_t uint_fast8_t; typedef __uint_fast16_t uint_fast16_t; typedef __uint_fast32_t uint_fast32_t; typedef __uint_fast64_t uint_fast64_t; _Pragma("diag_push") _Pragma("CHECK_MISRA(\"-10.1\")") /* GNU and Darwin define this and people seem to think it's portable */ _Pragma("diag_pop") _Pragma("diag_push") _Pragma("CHECK_MISRA(\"-19.4\")") /* Limits of wchar_t. */ _Pragma("diag_pop") /* ISO/IEC 9899:2011 K.3.4.4 */ _Pragma("diag_pop") /*****************************************************************************/ /* stddef.h */ /* */ /* Copyright (c) 1993 Texas Instruments Incorporated */ /* http://www.ti.com/ */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions */ /* are met: */ /* */ /* Redistributions of source code must retain the above copyright */ /* notice, this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in */ /* the documentation and/or other materials provided with the */ /* distribution. */ /* */ /* Neither the name of Texas Instruments Incorporated nor the names */ /* of its contributors may be used to endorse or promote products */ /* derived from this software without specific prior written */ /* permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /* */ /*****************************************************************************/ _Pragma("diag_push") _Pragma("CHECK_MISRA(\"-19.7\")") /* macros required for implementation */ _Pragma("CHECK_MISRA(\"-20.1\")") /* standard headers must define standard names */ _Pragma("CHECK_MISRA(\"-20.2\")") /* standard headers must define standard names */ typedef long ptrdiff_t; typedef unsigned long size_t; typedef unsigned int wchar_t; /*----------------------------------------------------------------------------*/ /* C++11 and C11 required max_align_t to be defined. The libc++ cstddef */ /* header expects the macro __DEFINED_max_align_t to be defined if it is to */ /* use the definintion of max_align_t from stddef.h. Only define it if */ /* compiling for C11 or we're in non strict ansi mode. */ /*----------------------------------------------------------------------------*/ typedef long double max_align_t; _Pragma("diag_push") _Pragma("CHECK_MISRA(\"-19.10\")") /* need types as macro arguments */ _Pragma("diag_pop") _Pragma("diag_pop") /** * @brief Handle incomming meta data * * Function returns true, if the receive data was consumed by the module. Otherwise, the data * should be treated as firmware data. */ _Bool handle_meta_data_message(size_t message_size, uint_fast8_t* buffer); /** * @brief handles a Load Meta Data Command Message * * If the function returns false, an error was detected and type and reason will be filled with more details. */ _Bool handle_load_meta_data(size_t message_size, const uint_fast8_t* buffer, uint_fast8_t* type, uint_fast8_t* reason); /** * @brief handles a Flush Meta Data Command Message * * If the function returns false, an error was detected and crc, type, and reason will be filled with more details. */ _Bool handle_flush_meta_data(size_t message_size, const uint_fast8_t* buffer, uint32_t* crc, uint_fast8_t* type, uint_fast8_t* reason); /** * @brief check that the uploaded block is the next one, that should be uploaded */ _Bool check_uploaded_firmware_range_against_meta_data( uint32_t address, size_t length ); /** * @brief decrypt a received firmware block before flashing it to flash memory */ _Bool decrypt_firmware_block( uint16_t* buffer, uint16_t buffer_length_in_bytes, uint32_t block_address, uint32_t block_alignment ); /** * @brief returns true, if all data is uploaded and the the GCM algorithm proved, that the * uploaded content was actually signed with the secret key. */ _Bool check_security_tag(void); /** * @brief once, all meta data was correctely loaded, this function can be used to gather * the firmware version */ uint16_t meta_data_firmware_version( void ); struct block_header_meta_data { uint32_t start_address; uint32_t size; }; struct block_header_meta_data block_address_size_meta_data( size_t index ); const uint16_t* private_key( void ); void init_crc_table(void); /** * @brief calculats a 32 bit CRC of the given data with the given size, with an * initial value of crc. */ uint32_t checksum32( const char* data, size_t size, uint32_t crc ); /** * @brief checksum over an array of uint_fast8_t */ uint32_t checksum32_uint_fast8( const uint_fast8_t* data, size_t size, uint32_t crc ); /** * @brief checksum over an array of 16 bit integers (LSB and MSB) */ uint32_t checksum32_words( const uint16_t* data, size_t size, uint32_t crc ); /** * @brief add size bytes of 0xff to the given crc */ uint32_t checksum32_ff( size_t size, uint32_t crc ); /** * @brief combines both arguments to a sigle expression, that can be further expand by the * preprocessor if it is the name of a macro again. */ /** * @brief evaluates the maximum of two given expressions by using greater than (>) * * @attention both expressions a and b are evaluated up to two times */ /** * @brief evaluates the minimum of two given expressions by using less than (<) * * @attention both expressions a and b are evaluated up to two times */ /** * @brief number of elements from an array x */ /*****************************************************************************/ /* stdlib.h */ /* */ /* Copyright (c) 1993 Texas Instruments Incorporated */ /* http://www.ti.com/ */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions */ /* are met: */ /* */ /* Redistributions of source code must retain the above copyright */ /* notice, this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in */ /* the documentation and/or other materials provided with the */ /* distribution. */ /* */ /* Neither the name of Texas Instruments Incorporated nor the names */ /* of its contributors may be used to endorse or promote products */ /* derived from this software without specific prior written */ /* permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /* */ /*****************************************************************************/ /*---------------------------------------------------------------------------*/ /* Support for alloca is available in glibc stdlib.h by default. */ /* We'll do the same for clang-based compilers since LLVM supports a */ /* built-in for the alloca implementation. */ /*---------------------------------------------------------------------------*/ _Pragma("diag_push") _Pragma("CHECK_MISRA(\"-6.3\")") /* standard types required for standard headers */ _Pragma("CHECK_MISRA(\"-8.5\")") /* need to define inline function */ _Pragma("CHECK_MISRA(\"-19.1\")") /* #includes required for implementation */ _Pragma("CHECK_MISRA(\"-19.7\")") /* need function-like macros */ _Pragma("CHECK_MISRA(\"-20.1\")") /* standard headers must define standard names */ _Pragma("CHECK_MISRA(\"-20.2\")") /* standard headers must define standard names */ /*---------------------------------------------------------------------------*/ /* Attributes are only available in relaxed ANSI mode. */ /*---------------------------------------------------------------------------*/ _Pragma("diag_push") _Pragma("CHECK_MISRA(\"-5.7\")") /* keep names intact */ typedef struct { int quot, rem; } div_t; typedef struct { long quot, rem; } ldiv_t; typedef struct { long long quot, rem; } lldiv_t; _Pragma("diag_pop") /*---------------------------------------------------------------*/ /* NOTE - Normally, abs, labs, and fabs are expanded inline, so */ /* no formal definition is really required. However, ANSI */ /* requires that they exist as separate functions, so */ /* they are supplied in the library. The prototype is */ /* here mainly for documentation. */ /*---------------------------------------------------------------*/ _Pragma("diag_push") _Pragma("CHECK_MISRA(\"-16.4\")") /* false positives due to builtin declarations */ int abs(int _val); long labs(long _val); long long llabs(long long _val); _Pragma("diag_pop") int atoi(const char *_st); long atol(const char *_st); long long atoll(const char *_st); char *ltoa(long val, char * buffer, int radix); static __inline double atof(const char *_st); long strtol(const char * __restrict _st, char ** __restrict _endptr, int _base); unsigned long strtoul(const char * __restrict _st, char ** __restrict _endptr, int _base); long long strtoll(const char * __restrict _st, char ** __restrict _endptr, int _base); unsigned long long strtoull(const char * __restrict _st, char ** __restrict _endptr, int _base); float strtof(const char * __restrict _st, char ** __restrict _endptr); double strtod(const char * __restrict _st, char ** __restrict _endptr); long double strtold(const char * __restrict _st, char ** __restrict _endptr); int rand(void); void srand(unsigned _seed); void *calloc(size_t _num, size_t _size) ; void *malloc(size_t _size) ; void *realloc(void *_ptr, size_t _size); void free(void *_ptr); void *memalign(size_t _aln, size_t _size) ; void *aligned_alloc(size_t _aln, size_t _size) ; void __TI_heap_stats(void); void *__TI_heap_check(void); size_t __TI_heap_total_available(void); size_t __TI_heap_largest_available(void); __attribute__((noreturn)) void abort(void) ; typedef void (*__TI_atexit_fn)(void); int atexit(__TI_atexit_fn _func) ; typedef int (*__TI_compar_fn)(const void *_a,const void *_b); void *bsearch(const void *_key, const void *_base, size_t _nmemb, size_t _size, __TI_compar_fn compar); void qsort(void *_base, size_t _nmemb, size_t _size, __TI_compar_fn compar); __attribute__((noreturn)) void exit(int _status); __attribute__((noreturn)) void _Exit(int _status); __attribute__((noreturn)) void quick_exit(int _status); int at_quick_exit(__TI_atexit_fn _func) ; div_t div(int _numer, int _denom); ldiv_t ldiv(long _numer, long _denom); lldiv_t lldiv(long long _numer, long long _denom); char *getenv(const char *_string); int system(const char *_name); int mblen(const char *_s, size_t _n); size_t mbstowcs(wchar_t * __restrict _dest, const char * __restrict _src, size_t _n); int mbtowc(wchar_t * __restrict _dest, const char * __restrict _src, size_t _n); size_t wcstombs(char * __restrict _dest, const wchar_t * __restrict _src, size_t _n); int wctomb(char *_s, wchar_t _wc); static __inline double atof(const char *_st) { return strtod(_st, (char **)0); } /* C2000-specific additions to header implemented with #include */ /*****************************************************************************/ /* stdlibf.h */ /* far versions of stdlib.h functions */ /* */ /* Copyright (c) 1996 Texas Instruments Incorporated */ /* http://www.ti.com/ */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions */ /* are met: */ /* */ /* Redistributions of source code must retain the above copyright */ /* notice, this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in */ /* the documentation and/or other materials provided with the */ /* distribution. */ /* */ /* Neither the name of Texas Instruments Incorporated nor the names */ /* of its contributors may be used to endorse or promote products */ /* derived from this software without specific prior written */ /* permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /* */ /*****************************************************************************/ #pragma diag_push #pragma CHECK_MISRA("-6.3") long far_strtol (const char *st, char **endptr, int base); unsigned long far_strtoul(const char *st, char **endptr, int base); double far_strtod (const char *st, char **endptr); long double far_strtold (const char *st, char **endptr); long long far_strtoll(const char *st, char **endptr, int base); unsigned long long far_strtoull(const char *st, char **endptr, int base); int far_atoi(const char *st); long far_atol(const char *st); double far_atof(const char *st); long long far_atoll(const char *st); void *far_calloc (unsigned long num, unsigned long size); void *far_malloc (unsigned long size); void *far_realloc (void *ptr, unsigned long size); void far_free (void *ptr); void *far_bsearch(const void *key, const void *base, size_t nmemb, size_t size, int (*compar)(const void *a, const void *b)); void far_qsort (void *base, size_t nmemb, size_t size, int (*compar)(const void *a, const void *b)); #pragma diag_pop _Pragma("diag_push") _Pragma("CHECK_MISRA(\"-19.4\")") /* Macros needed to retarget builtins */ ldiv_t __attribute__((builtin)) __euclidean_div_i32byu32(long numerator, unsigned long denominator); _Pragma("diag_pop") _Pragma("diag_pop") _Pragma("diag_push") _Pragma("CHECK_MISRA(\"-19.15\")") /* FreeBSD library requires code outside of the include guard */ _Pragma("CHECK_MISRA(\"-19.1\")") /*----------------------------------------------------------------------------*/ /* If sys/cdefs.h is available, go ahead and include it. xlocale.h assumes */ /* this file will have already included sys/cdefs.h. */ /*----------------------------------------------------------------------------*/ /*----------------------------------------------------------------------------*/ /* Include xlocale/_stdlib.h if xlocale.h has already been included. This */ /* comes from FreeBSD's stdlib.h. */ /*----------------------------------------------------------------------------*/ /*----------------------------------------------------------------------------*/ /* The _TI_PROPRIETARY_PRAGMA macro exoands to a C99 _Pragma operator. */ /* The _Pragma statement is handled after the Pragma itself causing unexpected */ /* warnings due to the diagnostic state being popped. This is done to suppress */ /* unexpected 19.15 misra warnings. */ /*----------------------------------------------------------------------------*/ #pragma diag_pop struct gcm_context { uint_fast8_t counter[ 16 ]; uint_fast8_t counter_0[ 16 ]; uint_fast8_t crypt[ 16 ]; uint32_t h[ 16 / 4 ]; uint_fast8_t buf[ 16 ]; uint32_t yw[ 16 / 4 ]; uint32_t count_aad, count_ctr; int used_crypt; }; void gcm_init( struct gcm_context* context, const uint_fast8_t* key ); void gcm_init_16( struct gcm_context* context, const uint16_t* key ); void gcm_set_iv( struct gcm_context* context, const uint_fast8_t* iv ); void gcm_add_auth_data_block( struct gcm_context* context, const uint_fast8_t* data, size_t data_size ); void gcm_flip( struct gcm_context* context ); void gcm_decrypt_block( struct gcm_context* context, uint_fast8_t* data, size_t data_size ); _Bool gcm_check_tag( struct gcm_context* context, uint_fast8_t* tag ); /* * Functions exposed, just for testing */ void gcm_add_auth_data( struct gcm_context* context, const uint_fast8_t* data, size_t data_size ); void gcm_decrypt( struct gcm_context* context, uint_fast8_t* data, size_t data_size ); void aes_init( struct gcm_context* context, const uint_fast8_t* key ); void aes_init_16( struct gcm_context* context, const uint16_t* key ); void aes_encrypt_block( struct gcm_context* context, uint_fast8_t block[ 16 ] ); void ghash_ctmul_block(uint32_t *yw, const uint32_t* h, const uint_fast8_t *data, size_t len); struct application_status; /** * The protocol used for IPC between both bootloaders is as follows: * - CPU1 determines whether the bootloader should be started, or if the firmware should be started * by inspecting the content of CPUSYSREGS_HIBBOOTMODE * - if CPUSYSREGS_HIBBOOTMODE indicates the start of the firmware, a dedicated IPC flags is set * - if CPUSYSREGS_HIBBOOTMODE indicates the start of the bootloader, a second IPC flags is set * - CPU2 waits for one of the flags to be set without initializing any peripheral and then starts * either the firmware, or the bootloader. * - If CPU1 starts the bootloader, it determines flash status, firmware CRC and firmware version * - CPU2 also determines flash status, firmware CRC and firmware version and communicates this to CPU1 * - CPU1 waits for the results of CPU2 and merges them to be presented to the bootloader client on * the CAN bus. * - Meanwhile CPU2 waits for CPU1 to indicate the start of the bootloader dialog. * - If a client does not stop the bootloader running on CPU1, CPU1 indicates a firmware start by * writing to CPUSYSREGS_HIBBOOTMODE and resetting the device. * - If a client starts the firmware update dialog, the bootloader runs the dialog until the client * switches to bank 1. Then, CPU1 passes all required peripheral to CPU2 and sets the flag, CPU2 * was waiting for and waits for CPU2 to indicate the end of the dialog. * - If CPU1 finds the update dialog to be finished by CPU2, the device will be reset. */ inline void start_second_bootloader(void) { } static inline uint32_t local_firmware_bank(void) { return 0; } /*****************************************************************************/ /* string.h */ /* */ /* Copyright (c) 1993 Texas Instruments Incorporated */ /* http://www.ti.com/ */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions */ /* are met: */ /* */ /* Redistributions of source code must retain the above copyright */ /* notice, this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in */ /* the documentation and/or other materials provided with the */ /* distribution. */ /* */ /* Neither the name of Texas Instruments Incorporated nor the names */ /* of its contributors may be used to endorse or promote products */ /* derived from this software without specific prior written */ /* permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /* */ /*****************************************************************************/ _Pragma("diag_push") _Pragma("CHECK_MISRA(\"-6.3\")") /* standard types required for standard headers */ _Pragma("CHECK_MISRA(\"-19.1\")") /* #includes required for implementation */ _Pragma("CHECK_MISRA(\"-20.1\")") /* standard headers must define standard names */ _Pragma("CHECK_MISRA(\"-20.2\")") /* standard headers must define standard names */ _Pragma("diag_push") _Pragma("CHECK_MISRA(\"-19.4\")") /* macros required for implementation */ _Pragma("diag_pop") size_t strlen(const char *string); char *strcpy(char * __restrict dest, const char * __restrict src); char *strncpy(char * __restrict dest, const char * __restrict src, size_t n); char *strcat(char * __restrict string1, const char * __restrict string2); char *strncat(char * __restrict dest, const char * __restrict src, size_t n); char *strchr(const char *string, int c); char *strrchr(const char *string, int c); int strcmp(const char *string1, const char *string2); int strncmp(const char *string1, const char *string2, size_t n); int strcoll(const char *string1, const char *_string2); size_t strxfrm(char * __restrict to, const char * __restrict from, size_t n); char *strpbrk(const char *string, const char *chs); size_t strspn(const char *string, const char *chs); size_t strcspn(const char *string, const char *chs); char *strstr(const char *string1, const char *string2); char *strtok(char * __restrict str1, const char * __restrict str2); char *strerror(int _errno); char *strdup(const char *string); void *memmove(void *s1, const void *s2, size_t n); void *memccpy(void *dest, const void *src, int ch, size_t count); _Pragma("diag_push") _Pragma("CHECK_MISRA(\"-16.4\")") /* false positives due to builtin declarations */ void *memcpy(void * __restrict s1, const void * __restrict s2, size_t n); _Pragma("diag_pop") int memcmp(const void *cs, const void *ct, size_t n); void *memchr(const void *cs, int c, size_t n); void *memset(void *mem, int ch, size_t length); _Pragma("diag_push") /* keep macros as direct #defines and not function-like macros or function names surrounded by parentheses to support all original supported use cases including taking their address through the macros and prefixing with namespace macros */ _Pragma("CHECK_MISRA(\"-19.4\")") _Pragma("diag_pop") size_t far_strlen(const char *s); char *strcpy_nf(char *s1, const char *s2); char *strcpy_fn(char *s1, const char *s2); char *strcpy_ff(char *s1, const char *s2); char *far_strncpy(char *s1, const char *s2, size_t n); char *far_strcat(char *s1, const char *s2); char *far_strncat(char *s1, const char *s2, size_t n); char *far_strchr(const char *s, int c); char *far_strrchr(const char *s, int c); int far_strcmp(const char *s1, const char *s2); int far_strncmp(const char *s1, const char *s2, size_t n); int far_strcoll(const char *s1, const char *s2); size_t far_strxfrm(char *s1, const char *s2, size_t n); char *far_strpbrk(const char *s1, const char *s2); size_t far_strspn(const char *s1, const char *s2); size_t far_strcspn(const char *s1, const char *s2); char *far_strstr(const char *s1, const char *s2); char *far_strtok(char *s1, const char *s2); char *far_strerror(int _errno); void *far_memmove(void *s1, const void *s2, size_t n); void *__memcpy_nf (void *_s1, const void *_s2, size_t _n); void *__memcpy_fn (void *_s1, const void *_s2, size_t _n); void *__memcpy_ff (void *_s1, const void *_s2, size_t _n); int far_memcmp(const void *s1, const void *s2, size_t n); void *far_memchr(const void *s, int c, size_t n); void *far_memset(void *s, int c, size_t n); void *far_memlcpy(void *to, const void *from, unsigned long n); void *far_memlmove(void *to, const void *from, unsigned long n); /*----------------------------------------------------------------------------*/ /* If sys/cdefs.h is available, go ahead and include it. xlocale.h assumes */ /* this file will have already included sys/cdefs.h. */ /*----------------------------------------------------------------------------*/ /*----------------------------------------------------------------------------*/ /* Include xlocale/_string.h if POSIX is enabled. This will expose the */ /* xlocale string interface. */ /*----------------------------------------------------------------------------*/ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2011, 2012 The FreeBSD Foundation * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ typedef struct _xlocale *locale_t; /* * This file is included from both string.h and xlocale.h. We need to expose * the declarations unconditionally if we are included from xlocale.h, but only * if we are in POSIX2008 mode if included from string.h. */ /* * POSIX2008 functions */ int strcoll_l(const char *, const char *, locale_t); size_t strxfrm_l(char *, const char *, size_t, locale_t); /* * xlocale extensions */ char *stpcpy(char * __restrict, const char * __restrict); char *stpncpy(char * __restrict, const char * __restrict, size_t); _Pragma("diag_pop") /*****************************************************************************/ /* assert.h */ /* */ /* Copyright (c) 1993 Texas Instruments Incorporated */ /* http://www.ti.com/ */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions */ /* are met: */ /* */ /* Redistributions of source code must retain the above copyright */ /* notice, this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in */ /* the documentation and/or other materials provided with the */ /* distribution. */ /* */ /* Neither the name of Texas Instruments Incorporated nor the names */ /* of its contributors may be used to endorse or promote products */ /* derived from this software without specific prior written */ /* permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /* */ /*****************************************************************************/ _Pragma("diag_push") _Pragma("CHECK_MISRA(\"-6.3\")") /* standard types required for standard headers */ _Pragma("CHECK_MISRA(\"-19.4\")") /* macros required for implementation */ _Pragma("CHECK_MISRA(\"-19.7\")") /* macros required for implementation */ _Pragma("CHECK_MISRA(\"-19.13\")") /* # and ## required for implementation */ extern void _abort_msg(const char *msg); _Pragma("diag_pop") enum meta_data_type { mdt_iv = 0, mdt_meta_data = 1, mdt_block_headers = 2, mdt_auth_tag = 3, }; static int expected_type = -1; static uint_fast8_t initialization_vector[ 96 / 8 ]; static uint16_t remaining_data = 0; static _Bool data_flushed = 1; uint32_t calculated_crc = 0; static uint16_t meta_data_size = 0; static uint16_t meta_data_total_size = 0; static uint16_t meta_data_size_announced = 0; static uint_fast8_t meta_data[ ( 1 + 1 + 1 + 2 + 2 + 8 + 8 + 4 ) ]; static size_t block_header_size = 0; static uint_fast8_t block_headers[ 16 * 16 ]; static uint32_t block_header_current = 0; static uint32_t block_header_address = 0; static uint32_t block_header_remaining_size = 0; // Flash memory blocks can be uploaded more than once, so keep the last request static uint32_t block_header_current_last = 0; static uint32_t block_header_address_last = 0; static _Bool all_metadata_uploaded = 0; static uint_fast8_t auth_tag[ 16 ]; struct gcm_context crypto_context; const uint16_t* private_key( void ) { return (const uint16_t*)0x08000A; } static _Bool reset_state(void) { expected_type = -1; remaining_data = 0; calculated_crc = 0; data_flushed = 1; meta_data_size = 0; meta_data_total_size = 0; meta_data_size_announced = 0; block_header_size = 0; block_header_current = 0; block_header_address = 0; block_header_remaining_size = 0; block_header_current_last = 0; block_header_address_last = 0; all_metadata_uploaded = 0; gcm_init_16( &crypto_context, private_key() ); return 0; } static uint16_t name_size_from_meta_data(void) { _nassert(meta_data_size > 0); return meta_data[ 0 ]; } static uint32_t read_uint32_t( const uint_fast8_t* pos ) { return ( ( (uint32_t)pos[ 0 ] ) << 0 ) | ( ( (uint32_t)pos[ 1 ] ) << 8 ) | ( ( (uint32_t)pos[ 2 ] ) << 16 ) | ( ( (uint32_t)pos[ 3 ] ) << 24); } static uint32_t u32_from_block_header( size_t block_start, uint32_t offset ) { return read_uint32_t( &block_headers[ block_start + offset ] ); } enum block_header_offsets { bh_bank = 0, bh_address = 4, bh_size = 8 }; static void first_firmware_block(void) { for ( ; block_header_current != block_header_size && u32_from_block_header( block_header_current, bh_bank ) != local_firmware_bank(); block_header_current += 16 ) ; if ( block_header_current != block_header_size ) { block_header_address = u32_from_block_header( block_header_current, bh_address ); block_header_remaining_size = u32_from_block_header( block_header_current, bh_size ); } } static void next_firmware_block(void) { block_header_current += 16; first_firmware_block(); } static uint32_t custom_meta_data_size_from_meta_data(void) { size_t size_pos = ( 1 + 1 + 1 + 2 + 2 + 8 + 8 + 4 ) - sizeof( uint32_t ); _nassert(meta_data_size == ( 1 + 1 + 1 + 2 + 2 + 8 + 8 + 4 )); return read_uint32_t( &meta_data[ size_pos ] ); } uint16_t meta_data_firmware_version( void ) { _nassert(meta_data_size == ( 1 + 1 + 1 + 2 + 2 + 8 + 8 + 4 )); return (((uint16_t)meta_data[ 1 ]) << 8 ) | (((uint16_t)meta_data[ 2 ]) << 0 ); } struct block_header_meta_data block_address_size_meta_data( size_t index ) { if ( index < block_header_size / 16 ) { size_t block_start = index * 16; return (struct block_header_meta_data){ read_uint32_t( &block_headers[ block_start + 4 ] ), read_uint32_t( &block_headers[ block_start + 8 ] ) }; } return (struct block_header_meta_data){ 0, 0 }; } // is the next byte to be copied into the meta_data[] array? static _Bool not_name_nor_custom_data( size_t meta_data_size, size_t meta_data_total_size ) { if ( meta_data_size == 0 ) return 1; size_t name_size = name_size_from_meta_data(); // after name, before custom meta data? return meta_data_total_size > name_size && meta_data_size < ( 1 + 1 + 1 + 2 + 2 + 8 + 8 + 4 ); } _Bool handle_meta_data_message(size_t message_size, uint_fast8_t* buffer) { if ( all_metadata_uploaded ) { return 0; } if ( message_size > remaining_data ) { return reset_state(); } switch ( expected_type ) { case mdt_iv: for ( size_t i = 0; i != message_size; ++i ) { initialization_vector[ 96 / 8 - remaining_data + i ] = buffer[ i ]; } break; case mdt_meta_data: for ( size_t i = 0; i != message_size; ++i ) { // ignore name and custom meta data if ( not_name_nor_custom_data( meta_data_size, meta_data_total_size ) ) { _nassert(meta_data_size < ((sizeof(meta_data)/sizeof(0[meta_data])) / ((size_t)(!(sizeof(meta_data) % sizeof(0[meta_data])))))); meta_data[ meta_data_size ] = buffer[ i ]; ++meta_data_size; } ++meta_data_total_size; } break; case mdt_block_headers: for ( size_t i = 0; i != message_size; ++i ) { block_headers[ block_header_size - remaining_data + i ] = buffer[ i ]; } break; case mdt_auth_tag: for ( size_t i = 0; i != message_size; ++i ) { auth_tag[ 16 - remaining_data + i ] = buffer[ i ]; } break; } if ( expected_type != mdt_iv && expected_type != mdt_auth_tag ) { gcm_add_auth_data_block( &crypto_context, &buffer[ 0 ], message_size ); } calculated_crc = checksum32_uint_fast8( buffer, message_size, calculated_crc ); remaining_data -= message_size; return 1; } enum handle_load_meta_data_fail_reason { lmd_wrong_size = 1, lmd_unexpected_type, lmd_invalid_data_size, lmd_unexpected_state, lmd_last_type_not_flushed, }; _Bool handle_load_meta_data(size_t message_size, const uint_fast8_t* buffer, uint_fast8_t* type, uint_fast8_t* reason) { *reason = lmd_wrong_size; if ( message_size != 3 ) return reset_state(); *type = buffer[ 0 ]; *reason = lmd_unexpected_type; // upload_meta data, starting with the IV can be used to reset the upload process if ( *type == mdt_iv ) reset_state(); if ( *type != expected_type + 1 || *type > mdt_auth_tag ) return reset_state(); ++expected_type; *reason = lmd_unexpected_state; if ( remaining_data ) return reset_state(); remaining_data = buffer[ 1 ] | ( buffer[ 2 ] << 8 ); *reason = lmd_invalid_data_size; switch ( expected_type ) { case mdt_iv: if ( remaining_data != 96 / 8 ) return reset_state(); break; case mdt_meta_data: if ( remaining_data < ( 1 + 1 + 1 + 2 + 2 + 8 + 8 + 4 ) ) return reset_state(); meta_data_size_announced = remaining_data; break; case mdt_block_headers: if ( remaining_data % 16 != 0 || remaining_data == 0 || remaining_data / 16 > 16 ) return reset_state(); block_header_size = remaining_data; break; case mdt_auth_tag: if ( remaining_data != 16 ) return reset_state(); break; default: break; } *reason = lmd_last_type_not_flushed; if ( !data_flushed ) return reset_state(); *reason = 0; data_flushed = 0; // CRC starts over the type and length calculated_crc = checksum32_uint_fast8( &buffer[ 0 ], 3, 0 ); return 1; } enum handle_flush_meta_data_fail_reason { fmd_wrong_size = 1, fmd_wrong_type, fmd_crc_error, fmd_wrong_data_size }; _Bool handle_flush_meta_data(size_t message_size, const uint_fast8_t* buffer, uint32_t* crc, uint_fast8_t* type, uint_fast8_t* reason) { *reason = fmd_wrong_size; if ( message_size != 5 ) return reset_state(); *reason = fmd_wrong_type; *type = expected_type; if ( expected_type != buffer[ 0 ] ) return reset_state(); uint32_t expected_crc = buffer[ 1 ] | ( ((uint32_t)buffer[ 2 ]) << 8 ) | ( ((uint32_t)buffer[ 3 ]) << 16 ) | ( ((uint32_t)buffer[ 4 ]) << 24 ); *crc = calculated_crc; *reason = fmd_crc_error; if ( expected_crc != calculated_crc ) return reset_state(); *reason = fmd_wrong_data_size; switch ( expected_type ) { case mdt_iv: gcm_set_iv( &crypto_context, initialization_vector ); break; // the cast (uint16_t) is required for the code to work as expected case mdt_meta_data: if ( meta_data_size_announced < ( 1 + 1 + 1 + 2 + 2 + 8 + 8 + 4 ) + name_size_from_meta_data() || meta_data_size_announced != /*(uint16_t)*/( ( 1 + 1 + 1 + 2 + 2 + 8 + 8 + 4 ) + name_size_from_meta_data() + custom_meta_data_size_from_meta_data() ) ) { return reset_state(); } break; case mdt_block_headers: gcm_flip( &crypto_context ); break; case mdt_auth_tag: first_firmware_block(); all_metadata_uploaded = 1; break; default: break; } data_flushed = 1; return 1; } _Bool check_uploaded_firmware_range_against_meta_data( uint32_t address, size_t length ) { if ( address == block_header_address_last && length == block_header_current_last ) return 1; if ( !all_metadata_uploaded ) return reset_state(); if ( address != block_header_address ) return reset_state(); if ( length > block_header_remaining_size || length == 0 ) return reset_state(); block_header_address += length; block_header_remaining_size -= length; block_header_current_last = length; block_header_address_last = address; if ( block_header_remaining_size == 0 ) next_firmware_block(); return 1; } _Bool decrypt_firmware_block( uint16_t* packed_buffer, uint16_t buffer_length_in_bytes, uint32_t block_address, uint32_t block_alignment ) { // it's a hard requirement to align the length to 16 if ( buffer_length_in_bytes % 16 != 0 ) return 0; packed_buffer += ( block_address % block_alignment ) / 2; for ( ; buffer_length_in_bytes; buffer_length_in_bytes -= 16, packed_buffer += 16 / 2 ) { uint_fast8_t buffer[ 16 ]; for ( int i = 0; i != 16 / 2; ++i ) { buffer[ 2 * i ] = packed_buffer[ i ] & 0xff; buffer[ 2 * i + 1 ] = ( packed_buffer[ i ] & 0xff00 ) >> 8; } gcm_decrypt_block( &crypto_context, buffer, 16 ); for ( int i = 0; i != 16 / 2; ++i ) { packed_buffer[ i ] = buffer[ 2 * i ] | ( buffer[ 2 * i + 1 ] << 8 ); } } return 1; } _Bool check_security_tag(void) { return gcm_check_tag( &crypto_context, auth_tag ); }