1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-16 03:18:09 +00:00
trezor-firmware/tools/binctl

253 lines
8.5 KiB
Plaintext
Raw Normal View History

2017-09-25 14:01:22 +00:00
#!/usr/bin/env python3
2017-08-07 09:50:12 +00:00
from __future__ import print_function
import sys
import struct
import binascii
import pyblake2
from trezorlib import ed25519raw, ed25519cosi
def format_sigmask(sigmask):
2017-09-05 21:15:47 +00:00
bits = [str(b + 1) if sigmask & (1 << b) else '.' for b in range(8)]
return '0x%02x = [%s]' % (sigmask, ' '.join(bits))
2017-04-10 17:24:21 +00:00
# bootloader/firmware headers specification: https://github.com/trezor/trezor-core/blob/master/docs/bootloader.md
2017-08-07 09:50:12 +00:00
class BinImage(object):
def __init__(self, data, magic, max_size):
header = struct.unpack('<4sIIIBBBB427sB64s', data[:512])
self.magic, \
self.hdrlen, \
self.expiry, \
self.codelen, \
self.vmajor, \
self.vminor, \
self.vpatch, \
self.vbuild, \
self.reserved, \
self.sigmask, \
self.sig = header
assert self.magic == magic
assert self.hdrlen == 512
total_len = self.hdrlen + self.codelen
assert total_len % 512 == 0
assert total_len >= 4 * 1024
assert total_len <= max_size
assert self.reserved == 427 * b'\x00'
self.code = data[self.hdrlen:]
assert len(self.code) == self.codelen
def print(self):
if self.magic == b'TRZF':
print('TREZOR Firmware Image')
total_len = self.vhdrlen + self.hdrlen + self.codelen
2017-04-10 17:24:21 +00:00
elif self.magic == b'TRZB':
print('TREZOR Bootloader Image')
total_len = self.hdrlen + self.codelen
else:
print('TREZOR Unknown Image')
print(' * magic :', self.magic.decode('ascii'))
print(' * hdrlen :', self.hdrlen)
print(' * expiry :', self.expiry)
print(' * codelen :', self.codelen)
print(' * version : %d.%d.%d.%d' % (self.vmajor, self.vminor, self.vpatch, self.vbuild))
print(' * sigmask :', format_sigmask(self.sigmask))
print(' * sig :', binascii.hexlify(self.sig).decode('ascii'))
print(' * total : %d bytes' % total_len)
print()
def serialize_header(self, sig=True):
2017-09-05 21:15:47 +00:00
header = struct.pack('<4sIIIBBBB427s',
self.magic, self.hdrlen, self.expiry, self.codelen,
self.vmajor, self.vminor, self.vpatch, self.vbuild,
self.reserved)
if sig:
header += struct.pack('<B64s', self.sigmask, self.sig)
else:
header += 65 * b'\x00'
assert len(header) == self.hdrlen
return header
def sign(self, sigmask, signature):
header = self.serialize_header(sig=False)
data = header + self.code
assert len(data) == self.hdrlen + self.codelen
self.sigmask = sigmask
self.sig = signature
def write(self, filename):
with open(filename, 'wb') as f:
f.write(self.serialize_header())
f.write(self.code)
class FirmwareImage(BinImage):
def __init__(self, data, vhdrlen):
super(FirmwareImage, self).__init__(data[vhdrlen:], magic=b'TRZF', max_size=6 * 128 * 1024)
self.vhdrlen = vhdrlen
self.vheader = data[:vhdrlen]
def write(self, filename):
with open(filename, 'wb') as f:
f.write(self.vheader)
f.write(self.serialize_header())
f.write(self.code)
2017-09-05 21:15:47 +00:00
2017-04-10 17:24:21 +00:00
class BootloaderImage(BinImage):
def __init__(self, data):
super(BootloaderImage, self).__init__(data, magic=b'TRZB', max_size=1 * 128 * 1024)
2017-08-07 09:50:12 +00:00
class VendorHeader(object):
def __init__(self, data):
2017-10-05 15:31:05 +00:00
header = struct.unpack('<4sIIBBBBB', data[:17])
self.magic, \
self.hdrlen, \
self.expiry, \
self.vmajor, \
self.vminor, \
self.vsig_m, \
2017-10-05 15:31:05 +00:00
self.vsig_n, \
self.vtrust = header
assert self.magic == b'TRZV'
assert self.vsig_m > 0 and self.vsig_m <= self.vsig_n
assert self.vsig_n > 0 and self.vsig_n <= 8
2017-10-05 15:31:05 +00:00
p = 32
self.vpub = []
for _ in range(self.vsig_n):
self.vpub.append(data[p:p + 32])
p += 32
self.vstr_len = data[p]
p += 1
self.vstr = data[p:p + self.vstr_len]
p += self.vstr_len
vstr_pad = -p & 3
p += vstr_pad
self.vimg_len = len(data) - 65 - p
self.vimg = data[p:p + self.vimg_len]
p += self.vimg_len
self.sigmask = data[p]
p += 1
2017-09-05 21:15:47 +00:00
self.sig = data[p:p + 64]
2017-10-05 15:31:05 +00:00
assert len(data) == 4 + 4 + 4 + 1 + 1 + 1 + 1 + 1 + 15 + \
32 * len(self.vpub) + \
1 + self.vstr_len + vstr_pad + \
self.vimg_len + \
1 + 64
def print(self):
print('TREZOR Vendor Header')
print(' * magic :', self.magic.decode('ascii'))
print(' * hdrlen :', self.hdrlen)
print(' * expiry :', self.expiry)
print(' * version : %d.%d' % (self.vmajor, self.vminor))
print(' * scheme : %d out of %d' % (self.vsig_m, self.vsig_n))
2017-10-05 15:31:05 +00:00
print(' * trust :', self.vtrust)
for i in range(self.vsig_n):
print(' * vpub #%d :' % (i + 1), binascii.hexlify(self.vpub[i]).decode('ascii'))
print(' * vstr :', self.vstr.decode('ascii'))
print(' * vimg : (%d bytes)' % len(self.vimg))
print(' * sigmask :', format_sigmask(self.sigmask))
print(' * sig :', binascii.hexlify(self.sig).decode('ascii'))
print()
def serialize_header(self, sig=True):
2017-10-05 15:31:05 +00:00
header = struct.pack('<4sIIBBBBB',
2017-09-05 21:15:47 +00:00
self.magic, self.hdrlen, self.expiry,
self.vmajor, self.vminor,
2017-10-05 15:31:05 +00:00
self.vsig_m, self.vsig_n, self.vtrust)
header += 15 * b'\x00'
for i in range(self.vsig_n):
header += self.vpub[i]
header += struct.pack('<B', self.vstr_len) + self.vstr
2017-09-05 21:15:47 +00:00
header += (-len(header) & 3) * b'\x00' # vstr_pad
header += self.vimg
if sig:
header += struct.pack('<B64s', self.sigmask, self.sig)
else:
header += 65 * b'\x00'
assert len(header) == self.hdrlen
return header
def sign(self, sigmask, signature):
if sigmask >= (1 << self.vsig_n):
raise Exception('signature index is higher than vsig_n (%d)' % self.vsig_n)
if bin(sigmask).count('1') != self.vsig_m:
raise Exception('invalid number of indexes (vsig_m expected %d, got %d)' % (self.vsig_m, bin(sigmask).count('1')))
# sign
self.sigmask = sigmask
self.sig = signature
def write(self, filename):
with open(filename, 'wb') as f:
f.write(self.serialize_header())
def binopen(filename):
data = open(filename, 'rb').read()
2017-08-07 09:50:12 +00:00
data = bytearray(data) # python2/3 compatibility
magic = data[:4]
2017-04-10 17:24:21 +00:00
if magic == b'TRZB':
return BootloaderImage(data)
if magic == b'TRZV':
vheader = VendorHeader(data)
if len(data) == vheader.hdrlen:
return vheader
subdata = data[vheader.hdrlen:]
if subdata[:4] == b'TRZF':
firmware = FirmwareImage(data, vheader.hdrlen)
# check signatures against signing keys in the vendor header
if firmware.sigmask > 0:
pk = [vheader.vpub[i] for i in range(8) if firmware.sigmask & (1 << i)]
global_pk = ed25519cosi.combine_keys(pk)
subdata_nosig = bytearray(subdata)
subdata_nosig[512 - 65:512] = 65 * b'\x00'
digest = pyblake2.blake2s(subdata_nosig).digest()
try:
ed25519raw.checkvalid(firmware.sig, digest, global_pk)
print('Firmware signature OK')
except:
print('Firmware signature INCORRECT')
else:
print('No firmware signature')
return firmware
if magic == b'TRZF':
return FirmwareImage(data, 0)
raise Exception('Unknown file format')
2017-09-05 21:15:47 +00:00
def main():
if len(sys.argv) < 2:
print('Usage: binctl file.bin [-s sigmask signature]')
return 1
fn = sys.argv[1]
sign = len(sys.argv) > 2 and sys.argv[2] == '-s'
b = binopen(fn)
if sign:
sigmask = 0
if ':' in sys.argv[3]:
for idx in sys.argv[3].split(':'):
sigmask |= 1 << (int(idx) - 1)
else:
sigmask = 1 << (int(sys.argv[3]) - 1)
signature = binascii.unhexlify(sys.argv[4])
b.sign(sigmask, signature)
print()
b.write(fn)
b.print()
if __name__ == '__main__':
main()