1
0
mirror of https://github.com/RIOT-OS/RIOT.git synced 2025-01-15 23:32:59 +01:00
RIOT/sys/riotboot/flashwrite_verify_sha256.c
Kaspar Schleiser 0f5a2b4795 sys/riotboot: add initial image digest verification
Co-authored-by: Alexandre Abadie <alexandre.abadie@inria.fr>
2019-07-10 13:15:02 +02:00

58 lines
1.5 KiB
C

/*
* Copyright (C) 2019 Inria
* 2019 Freie Universität Berlin
* 2019 Kaspar Schleiser <kaspar@schleiser.de>
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @ingroup sys_riotboot_flashwrite
* @{
*
* @file
* @brief Firmware update sha256 verification helper functions
*
* @author Kaspar Schleiser <kaspar@schleiser.de>
*
* @}
*/
#include <stdint.h>
#include <string.h>
#include "hashes/sha256.h"
#include "log.h"
#include "riotboot/slot.h"
int riotboot_flashwrite_verify_sha256(const uint8_t *sha256_digest, size_t img_len, int target_slot)
{
char digest[SHA256_DIGEST_LENGTH];
sha256_context_t sha256;
if (img_len < 4) {
LOG_INFO("riotboot: verify_sha256(): image too small\n");
return -1;
}
uint8_t *img_start = (uint8_t *)riotboot_slot_get_hdr(target_slot);
LOG_INFO("riotboot: verifying digest at %p (img at: %p size: %u)\n", sha256_digest, img_start, img_len);
sha256_init(&sha256);
/* add RIOTBOOT_MAGIC since it isn't written into flash until
* riotboot_flashwrite_finish()" */
sha256_update(&sha256, "RIOT", 4);
/* account for injected RIOTBOOT_MAGIC by skipping RIOTBOOT_MAGIC_LEN */
sha256_update(&sha256, img_start + 4, img_len - 4);
sha256_final(&sha256, digest);
return memcmp(sha256_digest, digest, SHA256_DIGEST_LENGTH) != 0;
}