[util,sw] Reverse bootstrap hash word order
Update the hash word/byte order used in the bootstrap protocol to make
it consistent with the hash produced by the code signing tool.
This commits updates:
* The test boot_rom bootstrap implementation.
* The C++ spiflash utility.
* The cw310 Python spiflash utility.
Signed-off-by: Miguel Osorio <miguelosorio@google.com>
diff --git a/sw/device/boot_rom/bootstrap.c b/sw/device/boot_rom/bootstrap.c
index c61dfa1..faf3c63 100644
--- a/sw/device/boot_rom/bootstrap.c
+++ b/sw/device/boot_rom/bootstrap.c
@@ -69,7 +69,7 @@
static void compute_sha256(const dif_hmac_t *hmac, const void *data, size_t len,
dif_hmac_digest_t *digest) {
const dif_hmac_transaction_t config = {
- .digest_endianness = kDifHmacEndiannessLittle,
+ .digest_endianness = kDifHmacEndiannessBig,
.message_endianness = kDifHmacEndiannessLittle,
};
CHECK_DIF_OK(dif_hmac_mode_sha256_start(hmac, config));
@@ -93,6 +93,14 @@
digest_result = dif_hmac_finish(hmac, digest);
}
CHECK_DIF_OK(digest_result);
+
+ // Swap word order to keep hashes consistent with those generated in the
+ // MaskROM (little-endian).
+ for (size_t i = 0; i < 4; ++i) {
+ uint32_t tmp = digest->digest[i];
+ digest->digest[i] = digest->digest[7 - i];
+ digest->digest[7 - i] = tmp;
+ }
}
/**
diff --git a/sw/host/spiflash/updater.cc b/sw/host/spiflash/updater.cc
index 0d16ffd..469c10e 100644
--- a/sw/host/spiflash/updater.cc
+++ b/sw/host/spiflash/updater.cc
@@ -52,7 +52,12 @@
SHA256_update(&sha256, &f->hdr.offset, sizeof(f->hdr.offset));
SHA256_update(&sha256, f->data, f->PayloadSize());
const uint8_t *result = SHA256_final(&sha256);
+
memcpy(f->hdr.hash, result, SHA256_DIGEST_SIZE);
+
+ // Reverse the order of the bytes to make them little-endian and be consistent
+ // with the code signing tool.
+ std::reverse(f->hdr.hash, f->hdr.hash + SHA256_DIGEST_SIZE);
}
} // namespace
diff --git a/util/fpga/cw_spiflash.py b/util/fpga/cw_spiflash.py
index 032169d..b514564 100644
--- a/util/fpga/cw_spiflash.py
+++ b/util/fpga/cw_spiflash.py
@@ -83,11 +83,14 @@
padding = self.PAYLOAD_SIZE - len(self._payload)
if padding > 0:
self._payload = b''.join([self._payload, b'\xFF' * padding])
+
+ # Reverse the order of the bytes to make them little-endian and be
+ # consistent with the code signing tool.
self._digest = self.HASH_FUNCTION(b''.join([
self._frame_number,
self._flash_offset,
self._payload,
- ])).digest()
+ ])).digest()[::-1]
def __bytes__(self):
return b''.join([
@@ -109,7 +112,9 @@
@property
def expected_ack(self):
"""Expected acknowledgement value for the frame."""
- return self.HASH_FUNCTION(bytes(self)).digest()
+ # Reverse the order of the bytes to make them little-endian and be
+ # consistent with the code signing tool.
+ return self.HASH_FUNCTION(bytes(self)).digest()[::-1]
class _Bootstrap:
