commit ea3d3abe5f81d4e8b46f512aac351f5fecfc5b42
author Fabio Utzig <utzig@apache.org> Wed Sep 11 19:35:33 2019 -0300
committer Fabio Utzig <utzig@utzig.org> Tue Oct 01 18:30:05 2019 -0300
tree e18ce88c616533e0693ee3109cf584f08ac8f06a
parent e52c08edf0e6898941bd743f1c7c9b7323b2c514

sim: add protected TLVs to hash calculation

Signed-off-by: Fabio Utzig <utzig@apache.org>

sim/src/tlv.rs

diff --git a/sim/src/tlv.rs b/sim/src/tlv.rs
index c6f30dc..8d21e84 100644
--- a/sim/src/tlv.rs
+++ b/sim/src/tlv.rs
@@ -258,28 +258,28 @@
 
     /// Compute the TLV given the specified block of data.
     fn make_tlv(self: Box<Self>) -> Vec<u8> {
-        let mut result: Vec<u8> = vec![];
+        let mut protected_tlv: Vec<u8> = vec![];
 
-        let size = self.get_size();
-        result.push(0x07);
-        result.push(0x69);
-        result.write_u16::<LittleEndian>(size).unwrap();
+        if self.protect_size > 0 {
+            protected_tlv.push(0x08);
+            protected_tlv.push(0x69);
+            protected_tlv.write_u16::<LittleEndian>(self.protect_size()).unwrap();
+            for dep in &self.dependencies {
+                protected_tlv.push(TlvKinds::DEPENDENCY as u8);
+                protected_tlv.push(0);
+                protected_tlv.push(12);
+                protected_tlv.push(0);
 
-        for dep in &self.dependencies {
-            result.push(TlvKinds::DEPENDENCY as u8);
-            result.push(0);
-            result.push(12);
-            result.push(0);
-
-            // The dependency.
-            result.push(dep.id);
-            for _ in 0 .. 3 {
-                result.push(0);
+                // The dependency.
+                protected_tlv.push(dep.id);
+                for _ in 0 .. 3 {
+                    protected_tlv.push(0);
+                }
+                protected_tlv.push(dep.version.major);
+                protected_tlv.push(dep.version.minor);
+                protected_tlv.write_u16::<LittleEndian>(dep.version.revision).unwrap();
+                protected_tlv.write_u32::<LittleEndian>(dep.version.build_num).unwrap();
             }
-            result.push(dep.version.major);
-            result.push(dep.version.minor);
-            result.write_u16::<LittleEndian>(dep.version.revision).unwrap();
-            result.write_u32::<LittleEndian>(dep.version.build_num).unwrap();
         }
 
         // Ring does the signature itself, which means that it must be
@@ -290,11 +290,17 @@
         // payload, and then removed after the signature is done.  For now,
         // just make a signed payload.
         let mut sig_payload = self.payload.clone();
-        if self.protect_size > 0 {
-            assert_eq!(self.protect_size as usize + 4, result.len());
-            sig_payload.extend_from_slice(&result);
-        }
-        let sig_payload = sig_payload;
+        sig_payload.extend_from_slice(&protected_tlv);
+
+        let mut result: Vec<u8> = vec![];
+
+        // add back signed payload
+        result.extend_from_slice(&protected_tlv);
+
+        // add non-protected payload
+        result.push(0x07);
+        result.push(0x69);
+        result.write_u16::<LittleEndian>(self.get_size()).unwrap();
 
         if self.kinds.contains(&TlvKinds::SHA256) {
             let hash = digest::digest(&digest::SHA256, &sig_payload);