d40c69375c
Goal is that multiple faults would be required to bypass a boot-time signature check. - Also strengthens some address range checks for safe app memory addresses - Change pre-enable logic to also check the bootloader signature before enabling SBV2 on ESP32 Add some additional checks for invalid sections: - Sections only partially in DRAM or IRAM are invalid - If a section is in D/IRAM, allow the possibility only some is in D/IRAM - Only pass sections that are entirely in the same type of RTC memory region
18 lines
704 B
C
18 lines
704 B
C
/* Copyright 2014, Kenneth MacKay. Licensed under the BSD 2-clause license.
|
|
|
|
Modifications Copyright 2020, Espressif Systems (Shanghai) PTE LTD. Licensed under the BSD
|
|
2-clause license.
|
|
*/
|
|
#pragma once
|
|
#include "uECC.h"
|
|
|
|
/* Version uECC_verify() that also copies message_hash to verified_hash
|
|
if the signature is valid, and does it in a way that is harder to attack
|
|
with fault injection.
|
|
*/
|
|
int uECC_verify_antifault(const uint8_t *public_key,
|
|
const uint8_t *message_hash,
|
|
unsigned hash_size,
|
|
const uint8_t *signature,
|
|
uECC_Curve curve,
|
|
uint8_t *verified_hash);
|