2019-04-05 14:19:17 +02:00
|
|
|
/*
|
|
|
|
* Copyright (C) 2019 Inria
|
|
|
|
* 2019 Freie Universität Berlin
|
|
|
|
* 2019 Kaspar Schleiser <kaspar@schleiser.de>
|
|
|
|
*
|
|
|
|
* This file is subject to the terms and conditions of the GNU Lesser
|
|
|
|
* General Public License v2.1. See the file LICENSE in the top level
|
|
|
|
* directory for more details.
|
|
|
|
*/
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @ingroup sys_riotboot_flashwrite
|
|
|
|
* @{
|
|
|
|
*
|
|
|
|
* @file
|
|
|
|
* @brief Firmware update sha256 verification helper functions
|
|
|
|
*
|
|
|
|
* @author Kaspar Schleiser <kaspar@schleiser.de>
|
|
|
|
*
|
|
|
|
* @}
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <stdint.h>
|
|
|
|
#include <string.h>
|
|
|
|
|
2023-12-19 11:30:50 +01:00
|
|
|
#include "architecture.h"
|
2019-04-05 14:19:17 +02:00
|
|
|
#include "hashes/sha256.h"
|
|
|
|
#include "log.h"
|
|
|
|
#include "riotboot/slot.h"
|
|
|
|
|
2021-02-09 10:26:32 +01:00
|
|
|
int riotboot_flashwrite_verify_sha256(const uint8_t *sha256_digest,
|
|
|
|
size_t img_len, int target_slot)
|
2019-04-05 14:19:17 +02:00
|
|
|
{
|
|
|
|
char digest[SHA256_DIGEST_LENGTH];
|
|
|
|
|
|
|
|
sha256_context_t sha256;
|
|
|
|
|
|
|
|
if (img_len < 4) {
|
|
|
|
LOG_INFO("riotboot: verify_sha256(): image too small\n");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
uint8_t *img_start = (uint8_t *)riotboot_slot_get_hdr(target_slot);
|
|
|
|
|
2023-12-19 11:30:50 +01:00
|
|
|
LOG_INFO("riotboot: verifying digest at %p (img at: %p size: %" PRIuSIZE ")\n",
|
2021-02-09 10:26:32 +01:00
|
|
|
sha256_digest, img_start, img_len);
|
2019-04-05 14:19:17 +02:00
|
|
|
|
|
|
|
sha256_init(&sha256);
|
|
|
|
|
|
|
|
/* add RIOTBOOT_MAGIC since it isn't written into flash until
|
|
|
|
* riotboot_flashwrite_finish()" */
|
|
|
|
sha256_update(&sha256, "RIOT", 4);
|
|
|
|
|
|
|
|
/* account for injected RIOTBOOT_MAGIC by skipping RIOTBOOT_MAGIC_LEN */
|
|
|
|
sha256_update(&sha256, img_start + 4, img_len - 4);
|
|
|
|
|
|
|
|
sha256_final(&sha256, digest);
|
|
|
|
|
|
|
|
return memcmp(sha256_digest, digest, SHA256_DIGEST_LENGTH) != 0;
|
|
|
|
}
|