diff options
author | Joakim Bech <joakim.bech@linaro.org> | 2016-07-20 22:57:36 +0200 |
---|---|---|
committer | Joakim Bech <joakim.bech@linaro.org> | 2016-08-23 23:40:10 +0200 |
commit | 6b80ce36422b6eebe9b67bb7bbc483a3d740776a (patch) | |
tree | 8a8463ddedba31b1016dc9d046636853988b8ca6 | |
parent | 6a3661342a1b929349ab0f9a4def7becb7cf354f (diff) |
Compute the correct hash for init_data
Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
-rw-r--r-- | source/main.c | 38 |
1 files changed, 37 insertions, 1 deletions
diff --git a/source/main.c b/source/main.c index 0c939f5..a6db27e 100644 --- a/source/main.c +++ b/source/main.c @@ -10,6 +10,7 @@ #include <ecc.h> #include <ecc_dsa.h> #include <ecc_dh.h> +#include <sha256.h> #include <utils.h> /* Nordic imports */ @@ -327,6 +328,21 @@ static void test_nordic_key(void) return; } +uint32_t hash_data(const uint8_t *d, uint8_t *digest, uint32_t size) +{ + struct tc_sha256_state_struct s; + memset(&s, 0, sizeof(struct tc_sha256_state_struct)); + if (tc_sha256_init(&s) != TC_SUCCESS) + return 1; + + if (tc_sha256_update(&s, d, size) != TC_SUCCESS) + return 1; + + if (tc_sha256_final(digest, &s) != TC_SUCCESS) + return 1; + + return 0; +} /** @brief The size that must be reserved for the MBR when a softdevice is written to flash. This is the offset where the first byte of the softdevice hex file is written.*/ @@ -378,6 +394,11 @@ uint32_t dfu_init_prevalidate(uint8_t *p_init_data, uint32_t init_data_len) nrf_sec_data_t init_data; nrf_sec_ecc_signature_t signature; + EccPoint pub; + uint8_t digest[NUM_ECC_BYTES]; + uint32_t r[NUM_ECC_DIGITS]; + uint32_t s[NUM_ECC_DIGITS]; + // In order to support encryption then any init packet decryption function / library // should be called from here or implemented at this location. @@ -418,6 +439,11 @@ uint32_t dfu_init_prevalidate(uint8_t *p_init_data, uint32_t init_data_len) // address + 0x0100. /** [DFU init application version] */ + /* + * Ignore this check for now, since we're not running on the device with + * the correct address + */ +#if 0 // First check to verify the image to be transfered matches the device type. // If no Device type is present in DFU_DEVICE_INFO then any image will be accepted. if ((DFU_DEVICE_INFO->device_type != DFU_DEVICE_TYPE_EMPTY) && @@ -433,6 +459,7 @@ uint32_t dfu_init_prevalidate(uint8_t *p_init_data, uint32_t init_data_len) { return NRF_ERROR_INVALID_DATA; } +#endif // Third check: Check the array of supported SoftDevices by this application. // If the installed SoftDevice does not match any SoftDevice in the list then an @@ -464,7 +491,16 @@ uint32_t dfu_init_prevalidate(uint8_t *p_init_data, uint32_t init_data_len) signature.p_s = &m_extended_packet[DFU_INIT_PACKET_POS_EXT_INIT_SIGNATURE_S]; signature.s_len = DFU_SIGNATURE_S_LENGTH; - /* err_code = nrf_sec_svc_verify(&init_data, &Q ,&signature, NRF_SEC_NIST256_SHA256); */ +#if 0 /* The nordic way of verify the init packet signature */ + err_code = nrf_sec_svc_verify(&init_data, &Q ,&signature, NRF_SEC_NIST256_SHA256); +#endif + ecc_bytes2native(pub.x, Q.p_x); + ecc_bytes2native(pub.y, Q.p_y); + ecc_bytes2native(r, signature.p_r); + ecc_bytes2native(s, signature.p_s); + + hash_data(init_data.p_data, digest, init_data.length); + return err_code; } |