aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoakim Bech <joakim.bech@linaro.org>2016-07-20 22:57:36 +0200
committerJoakim Bech <joakim.bech@linaro.org>2016-08-23 23:40:10 +0200
commit6b80ce36422b6eebe9b67bb7bbc483a3d740776a (patch)
tree8a8463ddedba31b1016dc9d046636853988b8ca6
parent6a3661342a1b929349ab0f9a4def7becb7cf354f (diff)
downloadtinycrypt-6b80ce36422b6eebe9b67bb7bbc483a3d740776a.tar.gz
Compute the correct hash for init_data
Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
-rw-r--r--source/main.c38
1 files changed, 37 insertions, 1 deletions
diff --git a/source/main.c b/source/main.c
index 0c939f5..a6db27e 100644
--- a/source/main.c
+++ b/source/main.c
@@ -10,6 +10,7 @@
#include <ecc.h>
#include <ecc_dsa.h>
#include <ecc_dh.h>
+#include <sha256.h>
#include <utils.h>
/* Nordic imports */
@@ -327,6 +328,21 @@ static void test_nordic_key(void)
return;
}
+uint32_t hash_data(const uint8_t *d, uint8_t *digest, uint32_t size)
+{
+ struct tc_sha256_state_struct s;
+ memset(&s, 0, sizeof(struct tc_sha256_state_struct));
+ if (tc_sha256_init(&s) != TC_SUCCESS)
+ return 1;
+
+ if (tc_sha256_update(&s, d, size) != TC_SUCCESS)
+ return 1;
+
+ if (tc_sha256_final(digest, &s) != TC_SUCCESS)
+ return 1;
+
+ return 0;
+}
/** @brief The size that must be reserved for the MBR when a softdevice is written to flash.
This is the offset where the first byte of the softdevice hex file is written.*/
@@ -378,6 +394,11 @@ uint32_t dfu_init_prevalidate(uint8_t *p_init_data, uint32_t init_data_len)
nrf_sec_data_t init_data;
nrf_sec_ecc_signature_t signature;
+ EccPoint pub;
+ uint8_t digest[NUM_ECC_BYTES];
+ uint32_t r[NUM_ECC_DIGITS];
+ uint32_t s[NUM_ECC_DIGITS];
+
// In order to support encryption then any init packet decryption function / library
// should be called from here or implemented at this location.
@@ -418,6 +439,11 @@ uint32_t dfu_init_prevalidate(uint8_t *p_init_data, uint32_t init_data_len)
// address + 0x0100.
/** [DFU init application version] */
+ /*
+ * Ignore this check for now, since we're not running on the device with
+ * the correct address
+ */
+#if 0
// First check to verify the image to be transfered matches the device type.
// If no Device type is present in DFU_DEVICE_INFO then any image will be accepted.
if ((DFU_DEVICE_INFO->device_type != DFU_DEVICE_TYPE_EMPTY) &&
@@ -433,6 +459,7 @@ uint32_t dfu_init_prevalidate(uint8_t *p_init_data, uint32_t init_data_len)
{
return NRF_ERROR_INVALID_DATA;
}
+#endif
// Third check: Check the array of supported SoftDevices by this application.
// If the installed SoftDevice does not match any SoftDevice in the list then an
@@ -464,7 +491,16 @@ uint32_t dfu_init_prevalidate(uint8_t *p_init_data, uint32_t init_data_len)
signature.p_s = &m_extended_packet[DFU_INIT_PACKET_POS_EXT_INIT_SIGNATURE_S];
signature.s_len = DFU_SIGNATURE_S_LENGTH;
- /* err_code = nrf_sec_svc_verify(&init_data, &Q ,&signature, NRF_SEC_NIST256_SHA256); */
+#if 0 /* The nordic way of verify the init packet signature */
+ err_code = nrf_sec_svc_verify(&init_data, &Q ,&signature, NRF_SEC_NIST256_SHA256);
+#endif
+ ecc_bytes2native(pub.x, Q.p_x);
+ ecc_bytes2native(pub.y, Q.p_y);
+ ecc_bytes2native(r, signature.p_r);
+ ecc_bytes2native(s, signature.p_s);
+
+ hash_data(init_data.p_data, digest, init_data.length);
+
return err_code;
}