give the hash of the received key to boot_retrieve_public_key_hash

This enables a key revoking/invalidation scheme as mentioned in #221
Signed-off-by: Oliver Mueller <olstyle@gmx.de>

Author: Oliver Mueller

boot/bootutil/include/bootutil/sign_key.h

@@ -51,13 +51,15 @@ extern struct bootutil_key bootutil_keys[];
  * Retrieve the hash of the corresponding public key for image authentication.
  *
  * @param[in]      image_index      Index of the image to be authenticated.
+ * @param[in]      actual_key_hash  hash of the key to test
  * @param[out]     public_key_hash  Buffer to store the key-hash in.
  * @param[in,out]  key_hash_size    As input the size of the buffer. As output
  *                                  the actual key-hash length.
  *
  * @return                          0 on success; nonzero on failure.
  */
 int boot_retrieve_public_key_hash(uint8_t image_index,
+                                  const uint8_t *actual_key_hash,
                                   uint8_t *public_key_hash,
                                   size_t *key_hash_size);
 #endif /* !MCUBOOT_HW_KEY */

boot/bootutil/src/image_validate.c

@@ -245,7 +245,7 @@ bootutil_find_key(uint8_t image_index, uint8_t *key, uint16_t key_len)
     bootutil_sha_finish(&sha_ctx, hash);
     bootutil_sha_drop(&sha_ctx);
 
-    rc = boot_retrieve_public_key_hash(image_index, key_hash, &key_hash_size);
+    rc = boot_retrieve_public_key_hash(image_index, hash, key_hash, &key_hash_size);
     if (rc) {
         return -1;
     }