trezor-firmware/core/tools/keyctl-proxy

#!/usr/bin/env python3
import sys
import traceback

import click
import Pyro4
from trezorlib import cosi
from trezorlib.client import get_default_client
from trezorlib.tools import parse_path
from trezorlib._internal.firmware_headers import (
    parse_image,
    VendorHeader,
    BootloaderImage,
    FirmwareImage,
)

from typing import Tuple

Pyro4.config.SERIALIZER = "marshal"

PORT = 5001
indexmap = {
    "bootloader": BootloaderImage,
    "vendorheader": VendorHeader,
    "firmware": FirmwareImage,
}

PATH = "10018h/{}h"

TREZOR = None


def make_commit(image_type, digest, public_keys):
    path = PATH.format(image_type.BIP32_INDEX)
    address_n = parse_path(path)

    # device information - show only first time
    click.echo(
        "\nUsing device {} ".format(click.style(TREZOR.features.label, bold=True)) +
        "at path {}".format(TREZOR.transport.get_path())
    )

    while True:
        # signing information - repeat every time
        click.echo("Commiting to {} hash:".format(click.style(image_type.NAME, bold=True)))
        for partid in range(4):
            digest_part = digest[partid * 8 : (partid + 1) * 8]
            color = "red" if partid % 2 else "cyan"
            digest_str = click.style(digest_part.hex().upper(), fg=color)
            click.echo("\t" + digest_str)
        click.echo("Using path: {}".format(click.style(path, bold=True)))

        try:
            commit = cosi.commit(TREZOR, address_n, digest)
            if public_keys is not None and commit.pubkey not in public_keys:
                click.echo("\n\nPublic key {} is unknown.".format(commit.pubkey.hex()))
                if click.confirm("Retry with a different passphrase?", default=True):
                    TREZOR.init_device()
                    continue

            return commit.pubkey, commit.commitment
        except Exception as e:
            click.echo(e)
            traceback.print_exc()
            click.echo("Trying again ...\n\n")


@Pyro4.expose
class KeyctlProxy:
    def __init__(
        self, daemon, image_type, digest: bytes, commit: Tuple[bytes, bytes]
    ) -> None:
        self.daemon = daemon
        self.name = image_type.NAME
        self.address_n = parse_path(PATH.format(image_type.BIP32_INDEX))
        self.digest = digest
        self.commit = commit
        self.signature = None
        self.global_params = None

    def _check_name_digest(self, name, digest):
        if name != self.name or digest != self.digest:
            click.echo("ERROR! Remote wants to sign {} with digest {}".format(name, digest.hex()))
            click.echo("Expected: {} with digest {}".format(self.name, self.digest.hex()))
            raise ValueError("Unexpected index/digest")

    def get_commit(self, name, digest):
        self._check_name_digest(name, digest)
        click.echo("Sending commitment!")
        return self.commit

    def _make_signature(self, global_R, global_pk):
        while True:
            try:
                click.echo("\n\n\nSigning...")
                signature = cosi.sign(
                    TREZOR, self.address_n, self.digest, global_R, global_pk
                )
                return signature.signature
            except Exception as e:
                click.echo(e)
                traceback.print_exc()
                click.echo("Trying again ...")


    def get_signature(self, name, digest, global_R, global_pk):
        self._check_name_digest(name, digest)
        global_params = global_R, global_pk
        if global_params != self.global_params:
            self.signature = self._make_signature(global_R, global_pk)
            self.global_params = global_params
        click.echo("Sending signature!")
        return self.signature

    @Pyro4.oneway
    def finish(self):
        click.echo("Done! \\(^o^)/")
        self.daemon.shutdown()


@click.command()
@click.option(
    "-l", "--listen", "ipaddr", default="0.0.0.0", help="Bind to particular ip address"
)
@click.option("-t", "--image-type", type=click.Choice(indexmap.keys()))
@click.option("-d", "--digest")
@click.argument("fw_file", type=click.File("rb"), required=False)
def cli(ipaddr, fw_file, image_type, digest):
    """Participate in signing of firmware.

    Specify either fw_file to auto-detect type and digest, or use -t and -d to specify
    the type and digest manually.
    """
    global TREZOR

    public_keys = None
    if fw_file:
        if image_type or digest:
            raise click.ClickException("Do not specify fw_file together with -t/-d")

        image_type = parse_image(fw_file.read())
        digest = image_type.digest()
        public_keys = image_type.public_keys

        click.echo(image_type.format())

    if not fw_file and (not image_type or not digest):
        raise click.ClickException("Please specify either fw_file or -t and -d")

    try:
        TREZOR = get_default_client()
        TREZOR.ui.always_prompt = True
    except Exception as e:
        raise click.ClickException("Please connect a Trezor and retry.") from e

    pubkey, R = make_commit(image_type, digest, public_keys)

    daemon = Pyro4.Daemon(host=ipaddr, port=PORT)
    proxy = KeyctlProxy(daemon, image_type, digest, (pubkey, R))
    uri = daemon.register(proxy, "keyctl")
    click.echo("keyctl-proxy running at URI: {}".format(uri))
    click.echo("Press Ctrl+C to abort.")
    daemon.requestLoop()


if __name__ == "__main__":
    cli()
tools: drop combine_sign; rework keyctl into 3 tools 2018-01-29 14:02:32 +00:00			`#!/usr/bin/env python3`
			`import sys`
tools: fix keyctl-proxy 2019-02-21 15:18:49 +00:00			`import traceback`

core/tools: update keyctl-proxy to work with headertool 2020-01-03 13:19:02 +00:00			`import click`
tools: drop combine_sign; rework keyctl into 3 tools 2018-01-29 14:02:32 +00:00			`import Pyro4`
core/tools: update keyctl-proxy to work with headertool 2020-01-03 13:19:02 +00:00			`from trezorlib import cosi`
			`from trezorlib.client import get_default_client`
			`from trezorlib.tools import parse_path`
			`from trezorlib._internal.firmware_headers import (`
			`parse_image,`
			`VendorHeader,`
			`BootloaderImage,`
			`FirmwareImage,`
			`)`

			`from typing import Tuple`
tools: drop combine_sign; rework keyctl into 3 tools 2018-01-29 14:02:32 +00:00
core/keyctl: get rid of serpent conversions 2019-12-20 14:00:32 +00:00			`Pyro4.config.SERIALIZER = "marshal"`

tools: drop combine_sign; rework keyctl into 3 tools 2018-01-29 14:02:32 +00:00			`PORT = 5001`
core/tools: update keyctl-proxy to work with headertool 2020-01-03 13:19:02 +00:00			`indexmap = {`
			`"bootloader": BootloaderImage,`
			`"vendorheader": VendorHeader,`
			`"firmware": FirmwareImage,`
			`}`
tools: drop combine_sign; rework keyctl into 3 tools 2018-01-29 14:02:32 +00:00
core/tools: update keyctl-proxy to work with headertool 2020-01-03 13:19:02 +00:00			`PATH = "10018h/{}h"`
tools: run black and flake8 on tools/ 2018-07-31 09:35:09 +00:00
core/tools: retain client handle, only ask for passphrase once 2020-01-06 15:30:55 +00:00			`TREZOR = None`
tools: drop combine_sign; rework keyctl into 3 tools 2018-01-29 14:02:32 +00:00
core/tools: retain client handle, only ask for passphrase once 2020-01-06 15:30:55 +00:00
fix(core): rename fw_or_type to image_type in keyctl-proxy to avoid confusion part 2 somehow I did miss 3 more occurences 2021-07-18 21:11:09 +00:00			`def make_commit(image_type, digest, public_keys):`
			`path = PATH.format(image_type.BIP32_INDEX)`
core/tools: update keyctl-proxy to work with headertool 2020-01-03 13:19:02 +00:00			`address_n = parse_path(path)`
core/tools: retain client handle, only ask for passphrase once 2020-01-06 15:30:55 +00:00
			`# device information - show only first time`
			`click.echo(`
fix(core): don't use format strings in keyctl-proxy 2021-07-14 15:22:36 +00:00			`"\nUsing device {} ".format(click.style(TREZOR.features.label, bold=True)) +`
			`"at path {}".format(TREZOR.transport.get_path())`
core/tools: retain client handle, only ask for passphrase once 2020-01-06 15:30:55 +00:00			`)`

core/tools: update keyctl-proxy to work with headertool 2020-01-03 13:19:02 +00:00			`while True:`
core/tools: retain client handle, only ask for passphrase once 2020-01-06 15:30:55 +00:00			`# signing information - repeat every time`
fix(core): rename fw_or_type to image_type in keyctl-proxy to avoid confusion part 2 somehow I did miss 3 more occurences 2021-07-18 21:11:09 +00:00			`click.echo("Commiting to {} hash:".format(click.style(image_type.NAME, bold=True)))`
core/tools: retain client handle, only ask for passphrase once 2020-01-06 15:30:55 +00:00			`for partid in range(4):`
			`digest_part = digest[partid * 8 : (partid + 1) * 8]`
tools/keyctl-proxy: blue is not readable on my display :) 2020-01-22 16:05:41 +00:00			`color = "red" if partid % 2 else "cyan"`
core/tools: retain client handle, only ask for passphrase once 2020-01-06 15:30:55 +00:00			`digest_str = click.style(digest_part.hex().upper(), fg=color)`
			`click.echo("\t" + digest_str)`
fix(core): don't use format strings in keyctl-proxy 2021-07-14 15:22:36 +00:00			`click.echo("Using path: {}".format(click.style(path, bold=True)))`
core/tools: retain client handle, only ask for passphrase once 2020-01-06 15:30:55 +00:00
core/tools: update keyctl-proxy to work with headertool 2020-01-03 13:19:02 +00:00			`try:`
core/tools: retain client handle, only ask for passphrase once 2020-01-06 15:30:55 +00:00			`commit = cosi.commit(TREZOR, address_n, digest)`
			`if public_keys is not None and commit.pubkey not in public_keys:`
fix(core): don't use format strings in keyctl-proxy 2021-07-14 15:22:36 +00:00			`click.echo("\n\nPublic key {} is unknown.".format(commit.pubkey.hex()))`
core/tools: retain client handle, only ask for passphrase once 2020-01-06 15:30:55 +00:00			`if click.confirm("Retry with a different passphrase?", default=True):`
			`TREZOR.init_device()`
			`continue`

core/tools: update keyctl-proxy to work with headertool 2020-01-03 13:19:02 +00:00			`return commit.pubkey, commit.commitment`
			`except Exception as e:`
core/tools: make keyctl-proxy output nicer 2020-01-06 15:03:56 +00:00			`click.echo(e)`
core/tools: update keyctl-proxy to work with headertool 2020-01-03 13:19:02 +00:00			`traceback.print_exc()`
core/tools: retain client handle, only ask for passphrase once 2020-01-06 15:30:55 +00:00			`click.echo("Trying again ...\n\n")`
tools: drop combine_sign; rework keyctl into 3 tools 2018-01-29 14:02:32 +00:00

			`@Pyro4.expose`
core/tools: update keyctl-proxy to work with headertool 2020-01-03 13:19:02 +00:00			`class KeyctlProxy:`
core/tools: cleanly shut down keyctl-proxy after signing 2020-01-06 15:05:43 +00:00			`def __init__(`
			`self, daemon, image_type, digest: bytes, commit: Tuple[bytes, bytes]`
			`) -> None:`
			`self.daemon = daemon`
core/tools: update keyctl-proxy to work with headertool 2020-01-03 13:19:02 +00:00			`self.name = image_type.NAME`
			`self.address_n = parse_path(PATH.format(image_type.BIP32_INDEX))`
			`self.digest = digest`
			`self.commit = commit`
core/tools: make keyctl remote signing more resilient 2020-01-06 17:18:22 +00:00			`self.signature = None`
			`self.global_params = None`
core/tools: update keyctl-proxy to work with headertool 2020-01-03 13:19:02 +00:00
			`def _check_name_digest(self, name, digest):`
			`if name != self.name or digest != self.digest:`
fix(core): don't use format strings in keyctl-proxy 2021-07-14 15:22:36 +00:00			`click.echo("ERROR! Remote wants to sign {} with digest {}".format(name, digest.hex()))`
			`click.echo("Expected: {} with digest {}".format(self.name, self.digest.hex()))`
core/tools: update keyctl-proxy to work with headertool 2020-01-03 13:19:02 +00:00			`raise ValueError("Unexpected index/digest")`

			`def get_commit(self, name, digest):`
			`self._check_name_digest(name, digest)`
core/tools: make keyctl-proxy output nicer 2020-01-06 15:03:56 +00:00			`click.echo("Sending commitment!")`
core/tools: update keyctl-proxy to work with headertool 2020-01-03 13:19:02 +00:00			`return self.commit`

core/tools: make keyctl remote signing more resilient 2020-01-06 17:18:22 +00:00			`def _make_signature(self, global_R, global_pk):`
core/tools: update keyctl-proxy to work with headertool 2020-01-03 13:19:02 +00:00			`while True:`
tools: loop on error in keyctl-proxy 2018-01-29 14:28:17 +00:00			`try:`
core/tools: make keyctl-proxy output nicer 2020-01-06 15:03:56 +00:00			`click.echo("\n\n\nSigning...")`
core/tools: retain client handle, only ask for passphrase once 2020-01-06 15:30:55 +00:00			`signature = cosi.sign(`
core/tools: make keyctl remote signing more resilient 2020-01-06 17:18:22 +00:00			`TREZOR, self.address_n, self.digest, global_R, global_pk`
core/tools: retain client handle, only ask for passphrase once 2020-01-06 15:30:55 +00:00			`)`
core/tools: update keyctl-proxy to work with headertool 2020-01-03 13:19:02 +00:00			`return signature.signature`
tools: loop on error in keyctl-proxy 2018-01-29 14:28:17 +00:00			`except Exception as e:`
core/tools: make keyctl-proxy output nicer 2020-01-06 15:03:56 +00:00			`click.echo(e)`
tools: fix keyctl-proxy 2019-02-21 15:18:49 +00:00			`traceback.print_exc()`
core/tools: make keyctl-proxy output nicer 2020-01-06 15:03:56 +00:00			`click.echo("Trying again ...")`
tools: drop combine_sign; rework keyctl into 3 tools 2018-01-29 14:02:32 +00:00
core/tools: make keyctl remote signing more resilient 2020-01-06 17:18:22 +00:00
			`def get_signature(self, name, digest, global_R, global_pk):`
			`self._check_name_digest(name, digest)`
			`global_params = global_R, global_pk`
			`if global_params != self.global_params:`
			`self.signature = self._make_signature(global_R, global_pk)`
			`self.global_params = global_params`
			`click.echo("Sending signature!")`
			`return self.signature`

core/tools: cleanly shut down keyctl-proxy after signing 2020-01-06 15:05:43 +00:00			`@Pyro4.oneway`
			`def finish(self):`
			`click.echo("Done! \\(^o^)/")`
			`self.daemon.shutdown()`

tools: drop combine_sign; rework keyctl into 3 tools 2018-01-29 14:02:32 +00:00
core/tools: update keyctl-proxy to work with headertool 2020-01-03 13:19:02 +00:00			`@click.command()`
			`@click.option(`
			`"-l", "--listen", "ipaddr", default="0.0.0.0", help="Bind to particular ip address"`
			`)`
fix(core): rename fw_or_type to image_type in keyctl-proxy to avoid confusion 2021-07-14 15:27:31 +00:00			`@click.option("-t", "--image-type", type=click.Choice(indexmap.keys()))`
core/tools: update keyctl-proxy to work with headertool 2020-01-03 13:19:02 +00:00			`@click.option("-d", "--digest")`
			`@click.argument("fw_file", type=click.File("rb"), required=False)`
fix(core): rename fw_or_type to image_type in keyctl-proxy to avoid confusion 2021-07-14 15:27:31 +00:00			`def cli(ipaddr, fw_file, image_type, digest):`
core/tools: update keyctl-proxy to work with headertool 2020-01-03 13:19:02 +00:00			`"""Participate in signing of firmware.`

			`Specify either fw_file to auto-detect type and digest, or use -t and -d to specify`
			`the type and digest manually.`
			`"""`
core/tools: retain client handle, only ask for passphrase once 2020-01-06 15:30:55 +00:00			`global TREZOR`

core/tools: update keyctl-proxy to work with headertool 2020-01-03 13:19:02 +00:00			`public_keys = None`
			`if fw_file:`
fix(core): rename fw_or_type to image_type in keyctl-proxy to avoid confusion 2021-07-14 15:27:31 +00:00			`if image_type or digest:`
core/tools: update keyctl-proxy to work with headertool 2020-01-03 13:19:02 +00:00			`raise click.ClickException("Do not specify fw_file together with -t/-d")`

fix(core): rename fw_or_type to image_type in keyctl-proxy to avoid confusion 2021-07-14 15:27:31 +00:00			`image_type = parse_image(fw_file.read())`
			`digest = image_type.digest()`
			`public_keys = image_type.public_keys`
core/tools: update keyctl-proxy to work with headertool 2020-01-03 13:19:02 +00:00
fix(core): rename fw_or_type to image_type in keyctl-proxy to avoid confusion 2021-07-14 15:27:31 +00:00			`click.echo(image_type.format())`
core/tools: update keyctl-proxy to work with headertool 2020-01-03 13:19:02 +00:00
fix(core): rename fw_or_type to image_type in keyctl-proxy to avoid confusion 2021-07-14 15:27:31 +00:00			`if not fw_file and (not image_type or not digest):`
docs(core): fix typo in keyctl-proxy help 2021-07-14 15:22:54 +00:00			`raise click.ClickException("Please specify either fw_file or -t and -d")`
core/tools: update keyctl-proxy to work with headertool 2020-01-03 13:19:02 +00:00
core/tools: retain client handle, only ask for passphrase once 2020-01-06 15:30:55 +00:00			`try:`
			`TREZOR = get_default_client()`
			`TREZOR.ui.always_prompt = True`
			`except Exception as e:`
			`raise click.ClickException("Please connect a Trezor and retry.") from e`

fix(core): rename fw_or_type to image_type in keyctl-proxy to avoid confusion 2021-07-14 15:27:31 +00:00			`pubkey, R = make_commit(image_type, digest, public_keys)`
core/tools: update keyctl-proxy to work with headertool 2020-01-03 13:19:02 +00:00
tools: drop netifaces requirement from keyctl-proxy 2018-01-29 14:49:55 +00:00			`daemon = Pyro4.Daemon(host=ipaddr, port=PORT)`
fix(core): rename fw_or_type to image_type in keyctl-proxy to avoid confusion 2021-07-14 15:27:31 +00:00			`proxy = KeyctlProxy(daemon, image_type, digest, (pubkey, R))`
tools: run black and flake8 on tools/ 2018-07-31 09:35:09 +00:00			`uri = daemon.register(proxy, "keyctl")`
fix(core): don't use format strings in keyctl-proxy 2021-07-14 15:22:36 +00:00			`click.echo("keyctl-proxy running at URI: {}".format(uri))`
core/tools: update keyctl-proxy to work with headertool 2020-01-03 13:19:02 +00:00			`click.echo("Press Ctrl+C to abort.")`
tools: drop combine_sign; rework keyctl into 3 tools 2018-01-29 14:02:32 +00:00			`daemon.requestLoop()`
core/tools: update keyctl-proxy to work with headertool 2020-01-03 13:19:02 +00:00

			`if __name__ == "__main__":`
			`cli()`