From 63bc16d375461af744f36c8cf83df21d03267671 Mon Sep 17 00:00:00 2001
From: Pavol Rusnak <stick@gk2.sk>
Date: Wed, 10 Feb 2016 13:53:08 +0100
Subject: [PATCH] signatures_ok function in bootloader exports firmware hash if
 needed

---
 bootloader/bootloader.c |  2 +-
 bootloader/signatures.c | 16 ++++++++++++----
 bootloader/signatures.h |  2 +-
 bootloader/usb.c        |  2 +-
 4 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/bootloader/bootloader.c b/bootloader/bootloader.c
index 065b83a097..10613943f3 100644
--- a/bootloader/bootloader.c
+++ b/bootloader/bootloader.c
@@ -128,7 +128,7 @@ int main(void)
 		oledDrawBitmap(40, 0, &bmp_logo64_empty);
 		oledRefresh();
 
-		if (!signatures_ok()) {
+		if (!signatures_ok(NULL)) {
 			show_unofficial_warning();
 		}
 
diff --git a/bootloader/signatures.c b/bootloader/signatures.c
index 85e921666f..a4bca418ba 100644
--- a/bootloader/signatures.c
+++ b/bootloader/signatures.c
@@ -18,10 +18,12 @@
  */
 
 #include <stdint.h>
+#include <string.h>
 
 #include "signatures.h"
 #include "ecdsa.h"
 #include "secp256k1.h"
+#include "sha2.h"
 #include "bootloader.h"
 
 #define PUBKEYS 5
@@ -36,7 +38,7 @@ static const uint8_t *pubkey[PUBKEYS] = {
 
 #define SIGNATURES 3
 
-int signatures_ok(void)
+int signatures_ok(uint8_t *store_hash)
 {
 	uint32_t codelen = *((uint32_t *)FLASH_META_CODELEN);
 	uint8_t sigindex1, sigindex2, sigindex3;
@@ -53,13 +55,19 @@ int signatures_ok(void)
 	if (sigindex1 == sigindex3) return 0; // duplicate use
 	if (sigindex2 == sigindex3) return 0; // duplicate use
 
-	if (ecdsa_verify(&secp256k1, pubkey[sigindex1 - 1], (uint8_t *)FLASH_META_SIG1, (uint8_t *)FLASH_APP_START, codelen) != 0) { // failure
+	uint8_t hash[32];
+	sha256_Raw((uint8_t *)FLASH_APP_START, codelen, hash);
+	if (store_hash) {
+		memcpy(store_hash, hash, 32);
+	}
+
+	if (ecdsa_verify_digest(&secp256k1, pubkey[sigindex1 - 1], (uint8_t *)FLASH_META_SIG1, hash) != 0) { // failure
 		return 0;
 	}
-	if (ecdsa_verify(&secp256k1, pubkey[sigindex2 - 1], (uint8_t *)FLASH_META_SIG2, (uint8_t *)FLASH_APP_START, codelen) != 0) { // failure
+	if (ecdsa_verify_digest(&secp256k1, pubkey[sigindex2 - 1], (uint8_t *)FLASH_META_SIG2, hash) != 0) { // failure
 		return 0;
 	}
-	if (ecdsa_verify(&secp256k1, pubkey[sigindex3 - 1], (uint8_t *)FLASH_META_SIG3, (uint8_t *)FLASH_APP_START, codelen) != 0) { // failture
+	if (ecdsa_verify_digest(&secp256k1, pubkey[sigindex3 - 1], (uint8_t *)FLASH_META_SIG3, hash) != 0) { // failture
 		return 0;
 	}
 
diff --git a/bootloader/signatures.h b/bootloader/signatures.h
index e081be3520..019609346d 100644
--- a/bootloader/signatures.h
+++ b/bootloader/signatures.h
@@ -20,6 +20,6 @@
 #ifndef __SIGNATURES_H__
 #define __SIGNATURES_H__
 
-int signatures_ok(void);
+int signatures_ok(uint8_t *store_hash);
 
 #endif
diff --git a/bootloader/usb.c b/bootloader/usb.c
index 94c93fcc2e..9363a3d6c8 100644
--- a/bootloader/usb.c
+++ b/bootloader/usb.c
@@ -444,7 +444,7 @@ static void hid_rx_callback(usbd_device *dev, uint8_t ep)
 		layoutProgress("INSTALLING ... Please wait", 1000);
 		uint8_t flags = *((uint8_t *)FLASH_META_FLAGS);
 		// check if to restore old storage area but only if signatures are ok
-		if ((flags & 0x01) && signatures_ok()) {
+		if ((flags & 0x01) && signatures_ok(NULL)) {
 			// copy new stuff
 			memcpy(meta_backup, (void *)FLASH_META_START, FLASH_META_DESC_LEN);
 			// replace "TRZR" in header with 0000 when hash not confirmed