arduino/esp8266
1
0
Fork 0
mirror of https://github.com/esp8266/Arduino.git synced 2025-07-27 18:02:17 +03:00
Code Activity

Updater signature validation - format incompatible w/RFC8017 (#6250)

Browse Source 
* Add hash OID to signature verification (#6201)

* Add legacy signing option

* Describe and use the legacy option of signing.py
This commit is contained in:
Chris van Marle
2019-07-04 12:17:30 +02:00
committed by david gauchard
parent 7036297920
commit 6272b49406
6 changed files with 60 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
libraries/ESP8266WiFi/src/BearSSLHelpers.cpp
View File

@ -848,6 +848,10 @@ const void *HashSHA256::hash() {
return (const void*) _sha256;
}
const unsigned char *HashSHA256::oid() {
return BR_HASH_OID_SHA256;
}
// SHA256 verifier
uint32_t SigningVerifier::length()
{
@ -869,7 +873,7 @@ bool SigningVerifier::verify(UpdaterHashClass *hash, const void *signature, uint
bool ret;
unsigned char vrf[hash->len()];
br_rsa_pkcs1_vrfy vrfy = br_rsa_pkcs1_vrfy_get_default();
ret = vrfy((const unsigned char *)signature, signatureLen, NULL, sizeof(vrf), _pubKey->getRSA(), vrf);
ret = vrfy((const unsigned char *)signature, signatureLen, hash->oid(), sizeof(vrf), _pubKey->getRSA(), vrf);
if (!ret || memcmp(vrf, hash->hash(), sizeof(vrf)) ) {
return false;
} else {
@ -896,4 +900,4 @@ make_stack_thunk(br_ssl_engine_sendrec_buf);
#endif
};
};

1
libraries/ESP8266WiFi/src/BearSSLHelpers.h
View File

@ -146,6 +146,7 @@ class HashSHA256 : public UpdaterHashClass {
virtual void end() override;
virtual int len() override;
virtual const void *hash() override;
virtual const unsigned char *oid() override;
private:
br_sha256_context _cc;
unsigned char _sha256[32];