Commit 3afa6fbb authored by Marek Vasut's avatar Marek Vasut

mxssb: Verify the full-image checksum

This final test was missing in the tool, verification of the SHA1
digest of the whole image. Implement it.
Signed-off-by: Marek Vasut's avatarMarek Vasut <marex@denx.de>
parent b8efe5b2
......@@ -1521,8 +1521,8 @@ static int sb_verify_command(struct sb_image_ctx *ictx,
*tsize += size;
sb_aes_crypt(ictx, cctx->data, cctx->data, cctx->length);
EVP_DigestUpdate(&ictx->md_ctx, cctx->data, cctx->length);
sb_aes_crypt(ictx, cctx->data, cctx->data, cctx->length);
if (ccmd->load.crc32 != crc32(cctx->data, cctx->length)) {
fprintf(stderr,
......@@ -1693,6 +1693,45 @@ exit:
return 0;
}
static int sb_verify_image_end(struct sb_image_ctx *ictx, int fd, off_t filesz)
{
uint8_t digest[32];
ssize_t size;
off_t pos;
int ret;
fprintf(stdout, "------------- Verifying image end -------------\n");
size = read(fd, digest, sizeof(digest));
if (size != sizeof(digest)) {
fprintf(stderr, "ERR: SB key dictionary too short!\n");
return -EINVAL;
}
pos = lseek(fd, 0, SEEK_CUR);
if (pos != filesz) {
fprintf(stderr, "ERR: Trailing data past the image!\n");
return -EINVAL;
}
/* Check the image digest. */
EVP_DigestFinal(&ictx->md_ctx, ictx->digest, NULL);
/* Decrypt the image digest from the input image. */
sb_aes_reinit(ictx, 0);
sb_aes_crypt(ictx, digest, digest, sizeof(digest));
ret = memcmp(digest, ictx->digest, sizeof(digest)) ? -EINVAL : 0;
if (ret)
fprintf(stdout, "[FAIL] Full-image checksum: BAD\n");
else
fprintf(stdout, "[PASS] Full-image checksum: OK\n");
return ret;
}
char *input_filename;
static int sb_build_tree_from_img(struct sb_image_ctx *ictx)
......@@ -1731,15 +1770,16 @@ static int sb_build_tree_from_img(struct sb_image_ctx *ictx)
if (ret)
goto err_verify;
ret = sb_verify_image_end(ictx, fd, filesize);
if (ret)
goto err_verify;
ret = 0;
err_verify:
fprintf(stdout, "-------------------- Result -------------------\n");
fprintf(stdout, "Verification %s\n", ret ? "FAILED" : "PASSED");
/*
* FIXME IDEA -- check the whole-image digest
*/
/* Stop the encryption session. */
sb_aes_deinit(&ictx->cipher_ctx);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment