arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-01-13 17:00:59 +00:00
Code Issues Releases Wiki Activity

trezorhal: introduce vendor_keys_hash, use it in compare_to_current_vendor_header

Browse Source
This commit is contained in:
Pavol Rusnak 2017-12-13 22:50:48 +01:00
parent 70ac202d7a
commit 45c290d24c
No known key found for this signature in database
GPG Key ID: 91F3B339B9A02A3D
3 changed files with 22 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
embed/bootloader/messages.c
View File

@ -327,27 +327,10 @@ secbool compare_to_current_vendor_header(const vendor_header * const new_vhdr)
if (sectrue != load_vendor_header_keys((const uint8_t *)FIRMWARE_START, &current_vhdr)) {
return secfalse;
}
// check whether current and new vendor header have the same key set
if (new_vhdr->vsig_m != current_vhdr.vsig_m) {
return secfalse;
}
if (new_vhdr->vsig_n != current_vhdr.vsig_n) {
return secfalse;
}
for (int i = 0; i < MAX_VENDOR_PUBLIC_KEYS; i++) {
if (new_vhdr->vpub[i] != 0 && current_vhdr.vpub[i] != 0) {
if (0 != memcmp(new_vhdr->vpub[i], current_vhdr.vpub[i], 32)) {
return secfalse;
}
}
if (new_vhdr->vpub[i] == 0 && current_vhdr.vpub[i] != 0) {
return secfalse;
}
if (new_vhdr->vpub[i] != 0 && current_vhdr.vpub[i] == 0) {
return secfalse;
}
}
return sectrue;
uint8_t hash1[32], hash2[32];
vendor_keys_hash(new_vhdr, hash1);
vendor_keys_hash(&current_vhdr, hash2);
return sectrue * (0 == memcmp(hash1, hash2, 32));
}
int process_msg_FirmwareUpload(uint8_t iface_num, uint32_t msg_size, uint8_t *buf)

16
embed/trezorhal/image.c
View File

@ -130,6 +130,22 @@ secbool load_vendor_header(const uint8_t * const data, uint8_t key_m, uint8_t ke
return sectrue * (0 == ed25519_sign_open(hash, BLAKE2S_DIGEST_LENGTH, pub, *(const ed25519_signature *)vhdr->sig));
}
void vendor_keys_hash(const vendor_header * const vhdr, uint8_t *hash)
{
BLAKE2S_CTX ctx;
blake2s_Init(&ctx, BLAKE2S_DIGEST_LENGTH);
blake2s_Update(&ctx, &(vhdr->vsig_m), sizeof(vhdr->vsig_m));
blake2s_Update(&ctx, &(vhdr->vsig_n), sizeof(vhdr->vsig_n));
for (int i = 0; i < MAX_VENDOR_PUBLIC_KEYS; i++) {
if (vhdr->vpub[i] != 0) {
blake2s_Update(&ctx, vhdr->vpub[i], 32);
} else {
blake2s_Update(&ctx, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 32);
}
}
blake2s_Final(&ctx, hash, BLAKE2S_DIGEST_LENGTH);
}
secbool check_single_hash(const uint8_t * const hash, const uint8_t * const data, int len)
{
uint8_t h[BLAKE2S_DIGEST_LENGTH];

2
embed/trezorhal/image.h
View File

@ -55,6 +55,8 @@ secbool load_image_header(const uint8_t * const data, const uint32_t magic, cons
secbool load_vendor_header(const uint8_t * const data, uint8_t key_m, uint8_t key_n, const uint8_t * const *keys, vendor_header * const vhdr);
void vendor_keys_hash(const vendor_header * const vhdr, uint8_t *hash);
secbool check_single_hash(const uint8_t * const hash, const uint8_t * const data, int len);
secbool check_image_contents(const image_header * const hdr, uint32_t firstskip, const uint8_t *sectors, int blocks);