2017-09-25 14:01:22 +00:00
|
|
|
#!/usr/bin/env python3
|
2017-08-07 09:50:12 +00:00
|
|
|
|
|
|
|
from __future__ import print_function
|
|
|
|
|
2017-02-09 15:26:15 +00:00
|
|
|
import sys
|
|
|
|
import struct
|
|
|
|
import binascii
|
|
|
|
|
2017-10-25 21:23:41 +00:00
|
|
|
import pyblake2
|
|
|
|
|
2017-10-03 22:39:43 +00:00
|
|
|
from trezorlib import ed25519raw, ed25519cosi
|
2017-02-09 17:14:10 +00:00
|
|
|
|
2017-10-01 14:26:51 +00:00
|
|
|
|
2017-04-06 16:57:51 +00:00
|
|
|
def format_sigmask(sigmask):
|
2017-09-05 21:15:47 +00:00
|
|
|
bits = [str(b + 1) if sigmask & (1 << b) else '.' for b in range(8)]
|
2017-04-06 16:57:51 +00:00
|
|
|
return '0x%02x = [%s]' % (sigmask, ' '.join(bits))
|
|
|
|
|
|
|
|
|
2018-01-10 19:47:07 +00:00
|
|
|
def format_vtrust(vtrust):
|
|
|
|
bits = [str(b) if vtrust & (1 << b) == 0 else '.' for b in range(16)]
|
2018-01-28 10:24:50 +00:00
|
|
|
# see docs/bootloader.md for vtrust constants
|
|
|
|
desc = ''
|
|
|
|
wait = (vtrust & 0x000F) ^ 0x000F
|
|
|
|
if wait > 0:
|
|
|
|
desc = 'WAIT_%d' % wait
|
|
|
|
if vtrust & 0x0010 == 0:
|
|
|
|
desc += ' RED'
|
|
|
|
if vtrust & 0x0020 == 0:
|
|
|
|
desc += ' CLICK'
|
|
|
|
if vtrust & 0x0040 == 0:
|
|
|
|
desc += ' STRING'
|
|
|
|
return '%d = [%s] = [%s]' % (vtrust, ' '.join(bits), desc)
|
2018-01-10 19:47:07 +00:00
|
|
|
|
|
|
|
|
2017-04-10 17:24:21 +00:00
|
|
|
# bootloader/firmware headers specification: https://github.com/trezor/trezor-core/blob/master/docs/bootloader.md
|
2017-02-09 15:26:15 +00:00
|
|
|
|
2017-10-26 01:08:18 +00:00
|
|
|
IMAGE_HEADER_SIZE = 1024
|
2017-10-26 00:09:06 +00:00
|
|
|
IMAGE_SIG_SIZE = 65
|
2017-10-26 01:08:18 +00:00
|
|
|
IMAGE_CHUNK_SIZE = 128 * 1024
|
2017-10-26 00:09:06 +00:00
|
|
|
|
2017-04-01 00:32:05 +00:00
|
|
|
|
2017-08-07 09:50:12 +00:00
|
|
|
class BinImage(object):
|
2017-04-01 00:32:05 +00:00
|
|
|
|
|
|
|
def __init__(self, data, magic, max_size):
|
2017-12-14 20:29:13 +00:00
|
|
|
header = struct.unpack('<4sIIIBBBBBBBB8s512s415sB64s', data[:IMAGE_HEADER_SIZE])
|
2017-03-30 20:58:00 +00:00
|
|
|
self.magic, \
|
|
|
|
self.hdrlen, \
|
|
|
|
self.expiry, \
|
|
|
|
self.codelen, \
|
|
|
|
self.vmajor, \
|
|
|
|
self.vminor, \
|
|
|
|
self.vpatch, \
|
|
|
|
self.vbuild, \
|
2017-12-14 20:29:13 +00:00
|
|
|
self.fix_vmajor, \
|
|
|
|
self.fix_vminor, \
|
|
|
|
self.fix_vpatch, \
|
|
|
|
self.fix_vbuild, \
|
2017-10-26 01:08:18 +00:00
|
|
|
self.reserved1, \
|
|
|
|
self.hashes, \
|
|
|
|
self.reserved2, \
|
2017-04-01 00:32:05 +00:00
|
|
|
self.sigmask, \
|
2017-03-30 20:58:00 +00:00
|
|
|
self.sig = header
|
2017-04-01 00:32:05 +00:00
|
|
|
assert self.magic == magic
|
2017-10-26 00:09:06 +00:00
|
|
|
assert self.hdrlen == IMAGE_HEADER_SIZE
|
2017-04-01 00:32:05 +00:00
|
|
|
total_len = self.hdrlen + self.codelen
|
|
|
|
assert total_len % 512 == 0
|
|
|
|
assert total_len >= 4 * 1024
|
|
|
|
assert total_len <= max_size
|
2017-12-14 20:29:13 +00:00
|
|
|
assert self.reserved1 == 8 * b'\x00'
|
2017-10-26 01:08:18 +00:00
|
|
|
assert self.reserved2 == 415 * b'\x00'
|
2017-02-17 16:11:34 +00:00
|
|
|
self.code = data[self.hdrlen:]
|
2017-02-09 15:26:15 +00:00
|
|
|
assert len(self.code) == self.codelen
|
|
|
|
|
|
|
|
def print(self):
|
2017-04-01 00:32:05 +00:00
|
|
|
if self.magic == b'TRZF':
|
|
|
|
print('TREZOR Firmware Image')
|
2017-04-06 14:58:16 +00:00
|
|
|
total_len = self.vhdrlen + self.hdrlen + self.codelen
|
2017-04-10 17:24:21 +00:00
|
|
|
elif self.magic == b'TRZB':
|
|
|
|
print('TREZOR Bootloader Image')
|
2017-04-06 14:58:16 +00:00
|
|
|
total_len = self.hdrlen + self.codelen
|
2017-04-01 00:32:05 +00:00
|
|
|
else:
|
|
|
|
print('TREZOR Unknown Image')
|
2017-10-26 01:08:18 +00:00
|
|
|
print(' * magic :', self.magic.decode())
|
2017-02-09 15:26:15 +00:00
|
|
|
print(' * hdrlen :', self.hdrlen)
|
|
|
|
print(' * expiry :', self.expiry)
|
|
|
|
print(' * codelen :', self.codelen)
|
|
|
|
print(' * version : %d.%d.%d.%d' % (self.vmajor, self.vminor, self.vpatch, self.vbuild))
|
2017-12-14 20:29:13 +00:00
|
|
|
print(' * fixver : %d.%d.%d.%d' % (self.fix_vmajor, self.fix_vminor, self.fix_vpatch, self.fix_vbuild))
|
2017-10-26 01:08:18 +00:00
|
|
|
print(' * hashes: %s' % ('OK' if self.check_hashes() else 'INCORRECT'))
|
|
|
|
for i in range(16):
|
|
|
|
print(' - %02d : %s' % (i, binascii.hexlify(self.hashes[i * 32:i * 32 + 32]).decode()))
|
2017-04-06 16:57:51 +00:00
|
|
|
print(' * sigmask :', format_sigmask(self.sigmask))
|
2017-10-26 01:08:18 +00:00
|
|
|
print(' * sig :', binascii.hexlify(self.sig).decode())
|
2017-04-06 14:58:16 +00:00
|
|
|
print(' * total : %d bytes' % total_len)
|
2018-01-08 21:40:00 +00:00
|
|
|
print(' * fngprnt :', self.fingerprint())
|
2017-04-06 14:58:16 +00:00
|
|
|
print()
|
2017-02-09 15:26:15 +00:00
|
|
|
|
2017-10-26 01:08:18 +00:00
|
|
|
def compute_hashes(self):
|
2017-10-26 16:53:20 +00:00
|
|
|
if self.magic == b'TRZF':
|
|
|
|
hdrlen = self.vhdrlen + self.hdrlen
|
|
|
|
else:
|
|
|
|
hdrlen = self.hdrlen
|
2017-10-26 01:08:18 +00:00
|
|
|
hashes = b''
|
|
|
|
for i in range(16):
|
|
|
|
if i == 0:
|
2017-10-26 16:53:20 +00:00
|
|
|
d = self.code[:IMAGE_CHUNK_SIZE - hdrlen]
|
2017-10-26 01:08:18 +00:00
|
|
|
else:
|
2017-10-26 16:53:20 +00:00
|
|
|
s = IMAGE_CHUNK_SIZE - hdrlen + (i - 1) * IMAGE_CHUNK_SIZE
|
2017-10-26 01:08:18 +00:00
|
|
|
d = self.code[s:s + IMAGE_CHUNK_SIZE]
|
|
|
|
if len(d) > 0:
|
|
|
|
h = pyblake2.blake2s(d).digest()
|
|
|
|
else:
|
|
|
|
h = 32 * b'\x00'
|
|
|
|
hashes += h
|
|
|
|
return hashes
|
|
|
|
|
|
|
|
def check_hashes(self):
|
|
|
|
return self.hashes == self.compute_hashes()
|
|
|
|
|
|
|
|
def update_hashes(self):
|
|
|
|
self.hashes = self.compute_hashes()
|
|
|
|
|
2017-03-30 20:58:00 +00:00
|
|
|
def serialize_header(self, sig=True):
|
2017-12-14 20:29:13 +00:00
|
|
|
header = struct.pack('<4sIIIBBBBBBBB8s512s415s',
|
2017-09-05 21:15:47 +00:00
|
|
|
self.magic, self.hdrlen, self.expiry, self.codelen,
|
|
|
|
self.vmajor, self.vminor, self.vpatch, self.vbuild,
|
2017-12-14 20:29:13 +00:00
|
|
|
self.fix_vmajor, self.fix_vminor, self.fix_vpatch, self.fix_vbuild,
|
2017-10-26 01:08:18 +00:00
|
|
|
self.reserved1, self.hashes, self.reserved2)
|
2017-02-09 15:26:15 +00:00
|
|
|
if sig:
|
2017-04-01 00:32:05 +00:00
|
|
|
header += struct.pack('<B64s', self.sigmask, self.sig)
|
2017-02-09 15:26:15 +00:00
|
|
|
else:
|
2017-10-26 00:09:06 +00:00
|
|
|
header += IMAGE_SIG_SIZE * b'\x00'
|
2017-02-17 16:11:34 +00:00
|
|
|
assert len(header) == self.hdrlen
|
2017-02-09 15:26:15 +00:00
|
|
|
return header
|
|
|
|
|
2018-01-08 21:40:00 +00:00
|
|
|
def fingerprint(self):
|
2018-01-30 15:38:19 +00:00
|
|
|
return pyblake2.blake2s(self.serialize_header(sig=False)).hexdigest()
|
2018-01-08 21:40:00 +00:00
|
|
|
|
2017-10-05 05:41:36 +00:00
|
|
|
def sign(self, sigmask, signature):
|
2017-03-30 20:58:00 +00:00
|
|
|
header = self.serialize_header(sig=False)
|
2017-02-09 15:26:15 +00:00
|
|
|
data = header + self.code
|
2017-02-17 16:11:34 +00:00
|
|
|
assert len(data) == self.hdrlen + self.codelen
|
2017-04-08 16:23:08 +00:00
|
|
|
self.sigmask = sigmask
|
2017-10-05 05:41:36 +00:00
|
|
|
self.sig = signature
|
2017-02-09 15:26:15 +00:00
|
|
|
|
|
|
|
def write(self, filename):
|
|
|
|
with open(filename, 'wb') as f:
|
2017-03-30 20:58:00 +00:00
|
|
|
f.write(self.serialize_header())
|
2017-02-09 15:26:15 +00:00
|
|
|
f.write(self.code)
|
|
|
|
|
|
|
|
|
2017-04-01 00:32:05 +00:00
|
|
|
class FirmwareImage(BinImage):
|
|
|
|
|
2017-04-01 13:45:50 +00:00
|
|
|
def __init__(self, data, vhdrlen):
|
2017-10-26 01:08:18 +00:00
|
|
|
super(FirmwareImage, self).__init__(data[vhdrlen:], magic=b'TRZF', max_size=6 * IMAGE_CHUNK_SIZE)
|
2017-04-06 14:58:16 +00:00
|
|
|
self.vhdrlen = vhdrlen
|
|
|
|
self.vheader = data[:vhdrlen]
|
2017-04-01 00:32:05 +00:00
|
|
|
|
2017-04-01 13:45:50 +00:00
|
|
|
def write(self, filename):
|
|
|
|
with open(filename, 'wb') as f:
|
|
|
|
f.write(self.vheader)
|
|
|
|
f.write(self.serialize_header())
|
|
|
|
f.write(self.code)
|
2017-04-01 00:32:05 +00:00
|
|
|
|
2017-09-05 21:15:47 +00:00
|
|
|
|
2017-04-10 17:24:21 +00:00
|
|
|
class BootloaderImage(BinImage):
|
2017-04-01 00:32:05 +00:00
|
|
|
|
|
|
|
def __init__(self, data):
|
2017-10-26 01:08:18 +00:00
|
|
|
super(BootloaderImage, self).__init__(data, magic=b'TRZB', max_size=1 * IMAGE_CHUNK_SIZE)
|
2017-04-01 00:32:05 +00:00
|
|
|
|
|
|
|
|
2017-08-07 09:50:12 +00:00
|
|
|
class VendorHeader(object):
|
2017-02-09 15:26:15 +00:00
|
|
|
|
|
|
|
def __init__(self, data):
|
2017-11-06 15:06:01 +00:00
|
|
|
header = struct.unpack('<4sIIBBBBH', data[:18])
|
2017-03-30 20:58:00 +00:00
|
|
|
self.magic, \
|
|
|
|
self.hdrlen, \
|
|
|
|
self.expiry, \
|
|
|
|
self.vmajor, \
|
|
|
|
self.vminor, \
|
|
|
|
self.vsig_m, \
|
2017-10-05 15:31:05 +00:00
|
|
|
self.vsig_n, \
|
|
|
|
self.vtrust = header
|
2017-04-01 13:45:50 +00:00
|
|
|
assert self.magic == b'TRZV'
|
2017-02-09 17:14:10 +00:00
|
|
|
assert self.vsig_m > 0 and self.vsig_m <= self.vsig_n
|
|
|
|
assert self.vsig_n > 0 and self.vsig_n <= 8
|
2017-10-05 15:31:05 +00:00
|
|
|
p = 32
|
2017-02-09 17:14:10 +00:00
|
|
|
self.vpub = []
|
|
|
|
for _ in range(self.vsig_n):
|
|
|
|
self.vpub.append(data[p:p + 32])
|
|
|
|
p += 32
|
|
|
|
self.vstr_len = data[p]
|
|
|
|
p += 1
|
|
|
|
self.vstr = data[p:p + self.vstr_len]
|
|
|
|
p += self.vstr_len
|
2017-04-01 13:45:50 +00:00
|
|
|
vstr_pad = -p & 3
|
|
|
|
p += vstr_pad
|
2017-10-26 00:09:06 +00:00
|
|
|
self.vimg_len = len(data) - IMAGE_SIG_SIZE - p
|
2017-02-09 17:14:10 +00:00
|
|
|
self.vimg = data[p:p + self.vimg_len]
|
|
|
|
p += self.vimg_len
|
2017-04-01 00:32:05 +00:00
|
|
|
self.sigmask = data[p]
|
2017-02-09 17:14:10 +00:00
|
|
|
p += 1
|
2017-09-05 21:15:47 +00:00
|
|
|
self.sig = data[p:p + 64]
|
2017-10-05 15:31:05 +00:00
|
|
|
assert len(data) == 4 + 4 + 4 + 1 + 1 + 1 + 1 + 1 + 15 + \
|
2017-02-09 17:14:10 +00:00
|
|
|
32 * len(self.vpub) + \
|
2017-04-01 13:45:50 +00:00
|
|
|
1 + self.vstr_len + vstr_pad + \
|
|
|
|
self.vimg_len + \
|
2017-10-26 00:09:06 +00:00
|
|
|
IMAGE_SIG_SIZE
|
2017-10-26 01:08:18 +00:00
|
|
|
assert len(data) % 512 == 0
|
2017-02-09 15:26:15 +00:00
|
|
|
|
|
|
|
def print(self):
|
2017-02-09 17:14:10 +00:00
|
|
|
print('TREZOR Vendor Header')
|
2017-10-26 01:08:18 +00:00
|
|
|
print(' * magic :', self.magic.decode())
|
2017-02-09 17:14:10 +00:00
|
|
|
print(' * hdrlen :', self.hdrlen)
|
|
|
|
print(' * expiry :', self.expiry)
|
|
|
|
print(' * version : %d.%d' % (self.vmajor, self.vminor))
|
|
|
|
print(' * scheme : %d out of %d' % (self.vsig_m, self.vsig_n))
|
2018-01-10 19:47:07 +00:00
|
|
|
print(' * trust :', format_vtrust(self.vtrust))
|
2017-02-09 17:14:10 +00:00
|
|
|
for i in range(self.vsig_n):
|
2017-10-26 01:08:18 +00:00
|
|
|
print(' * vpub #%d :' % (i + 1), binascii.hexlify(self.vpub[i]).decode())
|
|
|
|
print(' * vstr :', self.vstr.decode())
|
2017-04-02 00:25:55 +00:00
|
|
|
print(' * vimg : (%d bytes)' % len(self.vimg))
|
2017-04-06 16:57:51 +00:00
|
|
|
print(' * sigmask :', format_sigmask(self.sigmask))
|
2017-10-26 01:08:18 +00:00
|
|
|
print(' * sig :', binascii.hexlify(self.sig).decode())
|
2018-01-30 15:38:19 +00:00
|
|
|
print(' * fngprnt :', self.fingerprint())
|
2017-10-25 21:23:41 +00:00
|
|
|
print()
|
2017-02-09 17:14:10 +00:00
|
|
|
|
2017-03-30 20:58:00 +00:00
|
|
|
def serialize_header(self, sig=True):
|
2017-11-06 15:06:01 +00:00
|
|
|
header = struct.pack('<4sIIBBBBH',
|
2017-09-05 21:15:47 +00:00
|
|
|
self.magic, self.hdrlen, self.expiry,
|
|
|
|
self.vmajor, self.vminor,
|
2017-10-05 15:31:05 +00:00
|
|
|
self.vsig_m, self.vsig_n, self.vtrust)
|
2017-11-06 15:06:01 +00:00
|
|
|
header += 14 * b'\x00'
|
2017-02-09 17:14:10 +00:00
|
|
|
for i in range(self.vsig_n):
|
|
|
|
header += self.vpub[i]
|
|
|
|
header += struct.pack('<B', self.vstr_len) + self.vstr
|
2017-09-05 21:15:47 +00:00
|
|
|
header += (-len(header) & 3) * b'\x00' # vstr_pad
|
2017-04-02 00:25:55 +00:00
|
|
|
header += self.vimg
|
2017-02-09 17:14:10 +00:00
|
|
|
if sig:
|
2017-04-01 00:32:05 +00:00
|
|
|
header += struct.pack('<B64s', self.sigmask, self.sig)
|
2017-02-09 17:14:10 +00:00
|
|
|
else:
|
2017-10-26 00:09:06 +00:00
|
|
|
header += IMAGE_SIG_SIZE * b'\x00'
|
2017-02-17 16:11:34 +00:00
|
|
|
assert len(header) == self.hdrlen
|
2017-02-09 17:14:10 +00:00
|
|
|
return header
|
2017-02-09 15:26:15 +00:00
|
|
|
|
2018-01-30 15:38:19 +00:00
|
|
|
def fingerprint(self):
|
|
|
|
return pyblake2.blake2s(self.serialize_header(sig=False)).hexdigest()
|
|
|
|
|
2017-10-05 05:41:36 +00:00
|
|
|
def sign(self, sigmask, signature):
|
2018-01-26 14:23:40 +00:00
|
|
|
header = self.serialize_header(sig=False)
|
|
|
|
assert len(header) == self.hdrlen
|
2017-04-08 16:23:08 +00:00
|
|
|
self.sigmask = sigmask
|
2017-10-05 05:41:36 +00:00
|
|
|
self.sig = signature
|
2017-02-09 17:14:10 +00:00
|
|
|
|
|
|
|
def write(self, filename):
|
|
|
|
with open(filename, 'wb') as f:
|
2017-03-30 20:58:00 +00:00
|
|
|
f.write(self.serialize_header())
|
2017-02-09 15:26:15 +00:00
|
|
|
|
|
|
|
|
|
|
|
def binopen(filename):
|
|
|
|
data = open(filename, 'rb').read()
|
|
|
|
magic = data[:4]
|
2017-04-10 17:24:21 +00:00
|
|
|
if magic == b'TRZB':
|
|
|
|
return BootloaderImage(data)
|
2017-04-01 13:45:50 +00:00
|
|
|
if magic == b'TRZV':
|
|
|
|
vheader = VendorHeader(data)
|
|
|
|
if len(data) == vheader.hdrlen:
|
|
|
|
return vheader
|
|
|
|
subdata = data[vheader.hdrlen:]
|
|
|
|
if subdata[:4] == b'TRZF':
|
2017-10-25 21:23:41 +00:00
|
|
|
firmware = FirmwareImage(data, vheader.hdrlen)
|
|
|
|
# check signatures against signing keys in the vendor header
|
|
|
|
if firmware.sigmask > 0:
|
|
|
|
pk = [vheader.vpub[i] for i in range(8) if firmware.sigmask & (1 << i)]
|
|
|
|
global_pk = ed25519cosi.combine_keys(pk)
|
2017-10-26 01:08:18 +00:00
|
|
|
hdr = subdata[:IMAGE_HEADER_SIZE - IMAGE_SIG_SIZE] + IMAGE_SIG_SIZE * b'\x00'
|
|
|
|
digest = pyblake2.blake2s(hdr).digest()
|
2017-10-25 21:23:41 +00:00
|
|
|
try:
|
|
|
|
ed25519raw.checkvalid(firmware.sig, digest, global_pk)
|
|
|
|
print('Firmware signature OK')
|
|
|
|
except:
|
|
|
|
print('Firmware signature INCORRECT')
|
|
|
|
else:
|
2017-10-26 00:09:06 +00:00
|
|
|
print('No firmware signature')
|
2017-10-25 21:23:41 +00:00
|
|
|
return firmware
|
2017-02-09 15:26:15 +00:00
|
|
|
if magic == b'TRZF':
|
2017-04-01 13:45:50 +00:00
|
|
|
return FirmwareImage(data, 0)
|
2017-02-09 15:26:15 +00:00
|
|
|
raise Exception('Unknown file format')
|
|
|
|
|
2017-09-05 21:15:47 +00:00
|
|
|
|
2017-02-09 15:26:15 +00:00
|
|
|
def main():
|
|
|
|
if len(sys.argv) < 2:
|
2017-10-26 01:08:18 +00:00
|
|
|
print('Usage: binctl file.bin [-s sigmask signature] [-h]')
|
2017-02-09 15:26:15 +00:00
|
|
|
return 1
|
|
|
|
fn = sys.argv[1]
|
|
|
|
sign = len(sys.argv) > 2 and sys.argv[2] == '-s'
|
2017-10-26 01:08:18 +00:00
|
|
|
rehash = len(sys.argv) == 3 and sys.argv[2] == '-h'
|
2017-02-09 15:26:15 +00:00
|
|
|
b = binopen(fn)
|
|
|
|
if sign:
|
2017-10-01 14:26:51 +00:00
|
|
|
sigmask = 0
|
|
|
|
if ':' in sys.argv[3]:
|
|
|
|
for idx in sys.argv[3].split(':'):
|
2017-10-01 15:46:58 +00:00
|
|
|
sigmask |= 1 << (int(idx) - 1)
|
2017-10-01 14:26:51 +00:00
|
|
|
else:
|
|
|
|
sigmask = 1 << (int(sys.argv[3]) - 1)
|
2017-10-05 05:41:36 +00:00
|
|
|
signature = binascii.unhexlify(sys.argv[4])
|
|
|
|
b.sign(sigmask, signature)
|
2017-02-09 15:26:15 +00:00
|
|
|
print()
|
|
|
|
b.write(fn)
|
2017-10-26 01:08:18 +00:00
|
|
|
if rehash:
|
|
|
|
b.update_hashes()
|
|
|
|
b.write(fn)
|
2017-04-08 16:23:08 +00:00
|
|
|
b.print()
|
2017-02-09 15:26:15 +00:00
|
|
|
|
|
|
|
|
|
|
|
if __name__ == '__main__':
|
|
|
|
main()
|