1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-11-22 15:38:11 +00:00

trezorhal: store image fingerprint in the image_header structure

This commit is contained in:
Pavol Rusnak 2017-12-15 19:22:59 +01:00
parent 66eef86107
commit 125ab8471c
No known key found for this signature in database
GPG Key ID: 91F3B339B9A02A3D
3 changed files with 6 additions and 4 deletions

View File

@ -59,19 +59,18 @@ secbool load_image_header(const uint8_t * const data, const uint32_t magic, cons
// check header signature
uint8_t hash[BLAKE2S_DIGEST_LENGTH];
BLAKE2S_CTX ctx;
blake2s_Init(&ctx, BLAKE2S_DIGEST_LENGTH);
blake2s_Update(&ctx, data, IMAGE_HEADER_SIZE - IMAGE_SIG_SIZE);
for (int i = 0; i < IMAGE_SIG_SIZE; i++) {
blake2s_Update(&ctx, (const uint8_t *)"\x00", 1);
}
blake2s_Final(&ctx, hash, BLAKE2S_DIGEST_LENGTH);
blake2s_Final(&ctx, hdr->fingerprint, BLAKE2S_DIGEST_LENGTH);
ed25519_public_key pub;
if (sectrue != compute_pubkey(key_m, key_n, keys, hdr->sigmask, pub)) return secfalse;
return sectrue * (0 == ed25519_sign_open(hash, BLAKE2S_DIGEST_LENGTH, pub, *(const ed25519_signature *)hdr->sig));
return sectrue * (0 == ed25519_sign_open(hdr->fingerprint, BLAKE2S_DIGEST_LENGTH, pub, *(const ed25519_signature *)hdr->sig));
}
secbool load_vendor_header(const uint8_t * const data, uint8_t key_m, uint8_t key_n, const uint8_t * const *keys, vendor_header * const vhdr)

View File

@ -31,6 +31,7 @@ typedef struct {
// uint8_t reserved[415];
uint8_t sigmask;
uint8_t sig[64];
uint8_t fingerprint[32];
} image_header;
#define MAX_VENDOR_PUBLIC_KEYS 8

View File

@ -54,7 +54,9 @@ class BinImage(object):
assert self.reserved2 == 415 * b'\x00'
self.code = data[self.hdrlen:]
assert len(self.code) == self.codelen
self.fingerprint = pyblake2.blake2s(data[:IMAGE_HEADER_SIZE - 65]).hexdigest()
h = pyblake2.blake2s(data[:IMAGE_HEADER_SIZE - 65])
h.update(b'\x00' * 65)
self.fingerprint = h.hexdigest()
def print(self):
if self.magic == b'TRZF':