mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-12-25 07:48:10 +00:00
trezorhal: fix hash offset in check_image_contents
This commit is contained in:
parent
7c891e19e5
commit
89cc35b195
@ -183,7 +183,7 @@ int main(void)
|
||||
"invalid bootloader header");
|
||||
|
||||
ensure(
|
||||
check_image_contents(&hdr, (const uint8_t *)BOOTLOADER_START, 1),
|
||||
check_image_contents(&hdr, (const uint8_t *)BOOTLOADER_START, IMAGE_HEADER_SIZE, 1),
|
||||
"invalid bootloader hash");
|
||||
|
||||
jump_to(BOOTLOADER_START + IMAGE_HEADER_SIZE);
|
||||
|
@ -328,7 +328,7 @@ int main(void)
|
||||
"invalid firmware header");
|
||||
|
||||
ensure(
|
||||
check_image_contents(&hdr, (const uint8_t *)(FIRMWARE_START + vhdr.hdrlen), 6),
|
||||
check_image_contents(&hdr, (const uint8_t *)FIRMWARE_START, IMAGE_HEADER_SIZE + vhdr.hdrlen, 6),
|
||||
"invalid firmware hash");
|
||||
|
||||
display_vendor(vhdr.vimg, (const char *)vhdr.vstr, vhdr.vstr_len, hdr.version);
|
||||
|
@ -138,14 +138,14 @@ static bool check_hash(const uint8_t * const hash, const uint8_t * const data, i
|
||||
|
||||
#define MIN(a,b) ((a) < (b) ? (a) : (b))
|
||||
|
||||
bool check_image_contents(const image_header * const hdr, const uint8_t * const data, int maxblocks)
|
||||
bool check_image_contents(const image_header * const hdr, const uint8_t * const data, uint32_t firstskip, int maxblocks)
|
||||
{
|
||||
int remaining = hdr->codelen;
|
||||
if (!check_hash(hdr->hashes, data + IMAGE_HEADER_SIZE, MIN(remaining, IMAGE_CHUNK_SIZE - IMAGE_HEADER_SIZE))) {
|
||||
if (!check_hash(hdr->hashes, data + firstskip, MIN(remaining, IMAGE_CHUNK_SIZE - firstskip))) {
|
||||
return false;
|
||||
}
|
||||
int block = 1;
|
||||
remaining -= IMAGE_CHUNK_SIZE - IMAGE_HEADER_SIZE;
|
||||
remaining -= IMAGE_CHUNK_SIZE - firstskip;
|
||||
while (remaining > 0) {
|
||||
if (block >= maxblocks) {
|
||||
return false;
|
||||
|
@ -48,6 +48,6 @@ bool load_image_header(const uint8_t * const data, const uint32_t magic, const u
|
||||
|
||||
bool load_vendor_header(const uint8_t * const data, uint8_t key_m, uint8_t key_n, const uint8_t * const *keys, vendor_header * const vhdr);
|
||||
|
||||
bool check_image_contents(const image_header * const hdr, const uint8_t * const data, int maxblocks);
|
||||
bool check_image_contents(const image_header * const hdr, const uint8_t * const data, uint32_t firstskip, int maxblocks);
|
||||
|
||||
#endif
|
||||
|
@ -74,12 +74,16 @@ class BinImage(object):
|
||||
print()
|
||||
|
||||
def compute_hashes(self):
|
||||
if self.magic == b'TRZF':
|
||||
hdrlen = self.vhdrlen + self.hdrlen
|
||||
else:
|
||||
hdrlen = self.hdrlen
|
||||
hashes = b''
|
||||
for i in range(16):
|
||||
if i == 0:
|
||||
d = self.code[:IMAGE_CHUNK_SIZE - IMAGE_HEADER_SIZE]
|
||||
d = self.code[:IMAGE_CHUNK_SIZE - hdrlen]
|
||||
else:
|
||||
s = IMAGE_CHUNK_SIZE - IMAGE_HEADER_SIZE + (i - 1) * IMAGE_CHUNK_SIZE
|
||||
s = IMAGE_CHUNK_SIZE - hdrlen + (i - 1) * IMAGE_CHUNK_SIZE
|
||||
d = self.code[s:s + IMAGE_CHUNK_SIZE]
|
||||
if len(d) > 0:
|
||||
h = pyblake2.blake2s(d).digest()
|
||||
|
Loading…
Reference in New Issue
Block a user