From 4af78f06a3f8a8f29ec2281e860d05e303f8f80d Mon Sep 17 00:00:00 2001
From: Pavol Rusnak <stick@gk2.sk>
Date: Tue, 13 Mar 2018 15:33:44 +0100
Subject: [PATCH] bootloader: refactor signatures_ok return value

---
 bootloader/bootloader.c |  9 ++++++---
 bootloader/signatures.c | 26 +++++++++++++-------------
 bootloader/signatures.h |  3 +++
 3 files changed, 22 insertions(+), 16 deletions(-)

diff --git a/bootloader/bootloader.c b/bootloader/bootloader.c
index 2cf8988aeb..9d86b5e112 100644
--- a/bootloader/bootloader.c
+++ b/bootloader/bootloader.c
@@ -76,8 +76,10 @@ void show_unofficial_warning(const uint8_t *hash)
 	// everything is OK, user pressed 2x Continue -> continue program
 }
 
-void __attribute__((noreturn)) load_app(void)
+void __attribute__((noreturn)) load_app(int signed_firmware)
 {
+	(void)signed_firmware;
+
 	// zero out SRAM
 	memset_reg(_ram_start, _ram_end, 0);
 
@@ -146,13 +148,14 @@ int main(void)
 		oledRefresh();
 
 		uint8_t hash[32];
-		if (!signatures_ok(hash)) {
+		int signed_firmware = signatures_ok(hash);
+		if (SIG_OK != signed_firmware) {
 			show_unofficial_warning(hash);
 		}
 
 		delay(100000);
 
-		load_app();
+		load_app(signed_firmware);
 	}
 #endif
 
diff --git a/bootloader/signatures.c b/bootloader/signatures.c
index c49901e671..e178ecec7a 100644
--- a/bootloader/signatures.c
+++ b/bootloader/signatures.c
@@ -51,23 +51,23 @@ int signatures_ok(uint8_t *store_hash)
 		memcpy(store_hash, hash, 32);
 	}
 
-	if (sigindex1 < 1 || sigindex1 > PUBKEYS) return 0; // invalid index
-	if (sigindex2 < 1 || sigindex2 > PUBKEYS) return 0; // invalid index
-	if (sigindex3 < 1 || sigindex3 > PUBKEYS) return 0; // invalid index
+	if (sigindex1 < 1 || sigindex1 > PUBKEYS) return SIG_FAIL; // invalid index
+	if (sigindex2 < 1 || sigindex2 > PUBKEYS) return SIG_FAIL; // invalid index
+	if (sigindex3 < 1 || sigindex3 > PUBKEYS) return SIG_FAIL; // invalid index
 
-	if (sigindex1 == sigindex2) return 0; // duplicate use
-	if (sigindex1 == sigindex3) return 0; // duplicate use
-	if (sigindex2 == sigindex3) return 0; // duplicate use
+	if (sigindex1 == sigindex2) return SIG_FAIL; // duplicate use
+	if (sigindex1 == sigindex3) return SIG_FAIL; // duplicate use
+	if (sigindex2 == sigindex3) return SIG_FAIL; // duplicate use
 
-	if (ecdsa_verify_digest(&secp256k1, pubkey[sigindex1 - 1], (const uint8_t *)FLASH_META_SIG1, hash) != 0) { // failure
-		return 0;
+	if (0 != ecdsa_verify_digest(&secp256k1, pubkey[sigindex1 - 1], (const uint8_t *)FLASH_META_SIG1, hash)) { // failure
+		return SIG_FAIL;
 	}
-	if (ecdsa_verify_digest(&secp256k1, pubkey[sigindex2 - 1], (const uint8_t *)FLASH_META_SIG2, hash) != 0) { // failure
-		return 0;
+	if (0 != ecdsa_verify_digest(&secp256k1, pubkey[sigindex2 - 1], (const uint8_t *)FLASH_META_SIG2, hash)) { // failure
+		return SIG_FAIL;
 	}
-	if (ecdsa_verify_digest(&secp256k1, pubkey[sigindex3 - 1], (const uint8_t *)FLASH_META_SIG3, hash) != 0) { // failture
-		return 0;
+	if (0 != ecdsa_verify_digest(&secp256k1, pubkey[sigindex3 - 1], (const uint8_t *)FLASH_META_SIG3, hash)) { // failture
+		return SIG_FAIL;
 	}
 
-	return 1;
+	return SIG_OK;
 }
diff --git a/bootloader/signatures.h b/bootloader/signatures.h
index 60037d69a5..01b5f308c1 100644
--- a/bootloader/signatures.h
+++ b/bootloader/signatures.h
@@ -20,6 +20,9 @@
 #ifndef __SIGNATURES_H__
 #define __SIGNATURES_H__
 
+#define SIG_OK      0x5A3CA5C3
+#define SIG_FAIL    0x00000000
+
 int signatures_ok(uint8_t *store_hash);
 
 #endif