RIOT-OS/RIOT
RIOT-OS/RIOT
1
0
Fork 0
mirror of https://github.com/RIOT-OS/RIOT.git synced 2024-12-29 04:50:03 +01:00
Code Releases Activity

sys/riotboot: add initial image digest verification

Browse Source 
Co-authored-by: Alexandre Abadie <alexandre.abadie@inria.fr>
This commit is contained in:
Kaspar Schleiser 2019-04-05 14:19:17 +02:00
parent f92297b994
commit 0f5a2b4795
2 changed files with 71 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
sys/include/riotboot/flashwrite.h
View File

@ -169,6 +169,20 @@ static inline int riotboot_flashwrite_finish(riotboot_flashwrite_t *state)
*/ */
size_t riotboot_flashwrite_slotsize(const riotboot_flashwrite_t *state); size_t riotboot_flashwrite_slotsize(const riotboot_flashwrite_t *state);
/**
* @brief Verify the digest of an image
*
* @param[in] sha256_digest content of the image digest
* @param[in] img_size the size of the image
* @param[in] target_slot the image slot number
*
* @returns -1 when image is too small
* @returns 0 if the digest is valid
* @returns 1 if the digest is invalid
*/
int riotboot_flashwrite_verify_sha256(const uint8_t *sha256_digest,
size_t img_size, int target_slot);
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif

57
sys/riotboot/flashwrite_verify_sha256.c Normal file
View File

@ -0,0 +1,57 @@
/*
* Copyright (C) 2019 Inria
* 2019 Freie Universität Berlin
* 2019 Kaspar Schleiser <kaspar@schleiser.de>
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @ingroup sys_riotboot_flashwrite
* @{
*
* @file
* @brief Firmware update sha256 verification helper functions
*
* @author Kaspar Schleiser <kaspar@schleiser.de>
*
* @}
*/
#include <stdint.h>
#include <string.h>
#include "hashes/sha256.h"
#include "log.h"
#include "riotboot/slot.h"
int riotboot_flashwrite_verify_sha256(const uint8_t *sha256_digest, size_t img_len, int target_slot)
{
char digest[SHA256_DIGEST_LENGTH];
sha256_context_t sha256;
if (img_len < 4) {
LOG_INFO("riotboot: verify_sha256(): image too small\n");
return -1;
}
uint8_t *img_start = (uint8_t *)riotboot_slot_get_hdr(target_slot);
LOG_INFO("riotboot: verifying digest at %p (img at: %p size: %u)\n", sha256_digest, img_start, img_len);
sha256_init(&sha256);
/* add RIOTBOOT_MAGIC since it isn't written into flash until
* riotboot_flashwrite_finish()" */
sha256_update(&sha256, "RIOT", 4);
/* account for injected RIOTBOOT_MAGIC by skipping RIOTBOOT_MAGIC_LEN */
sha256_update(&sha256, img_start + 4, img_len - 4);
sha256_final(&sha256, digest);
return memcmp(sha256_digest, digest, SHA256_DIGEST_LENGTH) != 0;
}