signatures_ok function in bootloader exports firmware hash if needed

2024-11-22 15:38:11 +00:00 · 2016-02-10 13:53:08 +01:00 · 2016-02-10 13:53:08 +01:00 · 63bc16d375
commit 63bc16d375
parent 0eab05cd53
4 changed files with 15 additions and 7 deletions
--- a/bootloader/bootloader.c
+++ b/bootloader/bootloader.c
@ -128,7 +128,7 @@ int main(void)
 		oledDrawBitmap(40, 0, &bmp_logo64_empty);
 		oledRefresh();

-		if (!signatures_ok()) {
+		if (!signatures_ok(NULL)) {
 			show_unofficial_warning();
 		}

--- a/bootloader/signatures.c
+++ b/bootloader/signatures.c
@ -18,10 +18,12 @@
 */

 #include <stdint.h>
+#include <string.h>

 #include "signatures.h"
 #include "ecdsa.h"
 #include "secp256k1.h"
+#include "sha2.h"
 #include "bootloader.h"

 #define PUBKEYS 5
@ -36,7 +38,7 @@ static const uint8_t *pubkey[PUBKEYS] = {

 #define SIGNATURES 3

-int signatures_ok(void)
+int signatures_ok(uint8_t *store_hash)
 {
 	uint32_t codelen = *((uint32_t *)FLASH_META_CODELEN);
 	uint8_t sigindex1, sigindex2, sigindex3;
@ -53,13 +55,19 @@ int signatures_ok(void)
 	if (sigindex1 == sigindex3) return 0; // duplicate use
 	if (sigindex2 == sigindex3) return 0; // duplicate use

-	if (ecdsa_verify(&secp256k1, pubkey[sigindex1 - 1], (uint8_t *)FLASH_META_SIG1, (uint8_t *)FLASH_APP_START, codelen) != 0) { // failure
+	uint8_t hash[32];
+	sha256_Raw((uint8_t *)FLASH_APP_START, codelen, hash);
+	if (store_hash) {
+		memcpy(store_hash, hash, 32);
+	}
+
+	if (ecdsa_verify_digest(&secp256k1, pubkey[sigindex1 - 1], (uint8_t *)FLASH_META_SIG1, hash) != 0) { // failure
 		return 0;
 	}
-	if (ecdsa_verify(&secp256k1, pubkey[sigindex2 - 1], (uint8_t *)FLASH_META_SIG2, (uint8_t *)FLASH_APP_START, codelen) != 0) { // failure
+	if (ecdsa_verify_digest(&secp256k1, pubkey[sigindex2 - 1], (uint8_t *)FLASH_META_SIG2, hash) != 0) { // failure
 		return 0;
 	}
-	if (ecdsa_verify(&secp256k1, pubkey[sigindex3 - 1], (uint8_t *)FLASH_META_SIG3, (uint8_t *)FLASH_APP_START, codelen) != 0) { // failture
+	if (ecdsa_verify_digest(&secp256k1, pubkey[sigindex3 - 1], (uint8_t *)FLASH_META_SIG3, hash) != 0) { // failture
 		return 0;
 	}

--- a/bootloader/signatures.h
+++ b/bootloader/signatures.h
@ -20,6 +20,6 @@
 #ifndef __SIGNATURES_H__
 #define __SIGNATURES_H__

-int signatures_ok(void);
+int signatures_ok(uint8_t *store_hash);

 #endif
--- a/bootloader/usb.c
+++ b/bootloader/usb.c
@ -444,7 +444,7 @@ static void hid_rx_callback(usbd_device *dev, uint8_t ep)
 		layoutProgress("INSTALLING ... Please wait", 1000);
 		uint8_t flags = *((uint8_t *)FLASH_META_FLAGS);
 		// check if to restore old storage area but only if signatures are ok
-		if ((flags & 0x01) && signatures_ok()) {
+		if ((flags & 0x01) && signatures_ok(NULL)) {
 			// copy new stuff
 			memcpy(meta_backup, (void *)FLASH_META_START, FLASH_META_DESC_LEN);
 			// replace "TRZR" in header with 0000 when hash not confirmed