From 117d261a3882cb094db1bb8b8ac352ae2b45abba Mon Sep 17 00:00:00 2001
From: Jochen Hoenicke <hoenicke@gmail.com>
Date: Fri, 29 Apr 2016 15:32:18 +0200
Subject: [PATCH] Script to generate key and certificate

---
 firmware/u2f/genkeys.sh       | 45 ++++++++++++++++++++++++++++++++
 firmware/u2f/trezordevkey.pem |  5 ++++
 firmware/u2f/u2f_keys.h       | 48 +++++++++++++++++------------------
 vendor/trezor-common          |  2 +-
 vendor/trezor-crypto          |  2 +-
 5 files changed, 76 insertions(+), 26 deletions(-)
 create mode 100644 firmware/u2f/genkeys.sh
 create mode 100644 firmware/u2f/trezordevkey.pem

diff --git a/firmware/u2f/genkeys.sh b/firmware/u2f/genkeys.sh
new file mode 100644
index 0000000000..3bc7e5b10b
--- /dev/null
+++ b/firmware/u2f/genkeys.sh
@@ -0,0 +1,45 @@
+#!/bin/bash
+
+cat > u2f_keys.h <<EOF
+#ifndef __U2F_KEYS_H_INCLUDED__
+#define __U2F_KEYS_H_INCLUDED__
+
+#include <stdint.h>
+
+const uint8_t U2F_ATT_PRIV_KEY[] = {
+EOF
+
+if [ \! -e trezordevkey.pem ]; then
+    openssl ecparam -genkey -out trezordevkey.pem -name prime256v1
+fi
+openssl ec -in trezordevkey.pem -text  |
+    perl -e '$key = "\t"; while (<>) { 
+      if (/priv:/) { $priv = 1 }
+      elsif (/pub:/) { $priv = 0 }
+      elsif ($priv) {
+        while ($_ =~ s/.*?([0-9a-f]{2})//) {
+          $key .= "0x$1,"; 
+          if ($num++ % 8 == 7) { $key .= "\n\t"; } 
+          else {$key .= " ";}
+        }
+      }
+    }
+    $key =~ s/,\s*$/\n/s;
+    print $key;' >> u2f_keys.h
+cat >> u2f_keys.h <<EOF
+};
+
+const uint8_t U2F_ATT_CERT[] = {
+EOF
+
+openssl req -new -key trezordevkey.pem -out trezordevcert.req -subj "/CN=Trezor U2F" 
+openssl x509 -req -in trezordevcert.req -signkey trezordevkey.pem -days 3650 -out trezordevcert.pem
+openssl x509 -in trezordevcert.pem -outform der | od -tx1 -w12 -Anone | perl -pe 's/ ([0-9a-f]{2})/ 0x$1,/g; $_ =~ s/^ /\t/;' >> u2f_keys.h
+
+cat >> u2f_keys.h <<EOF
+};
+
+#endif // __U2F_KEYS_H_INCLUDED__
+EOF
+
+rm trezordevcert.req trezordevcert.pem
diff --git a/firmware/u2f/trezordevkey.pem b/firmware/u2f/trezordevkey.pem
new file mode 100644
index 0000000000..da2c431958
--- /dev/null
+++ b/firmware/u2f/trezordevkey.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIHEmrCv2RNxhhq2D7x/N8SpXtc+iAAuK0CfpVuhUxQqLoAoGCCqGSM49
+AwEHoUQDQgAE2Ri9+opUrJLpDakfynqiZFTA0XM2MU3eg6VLhrXfTvBSZZodb/y3
+Rn8azduKMwgLXu2RiRP0Q6UmG8d7aGBvwQ==
+-----END EC PRIVATE KEY-----
diff --git a/firmware/u2f/u2f_keys.h b/firmware/u2f/u2f_keys.h
index 94b9302b1d..680a730e20 100644
--- a/firmware/u2f/u2f_keys.h
+++ b/firmware/u2f/u2f_keys.h
@@ -11,30 +11,30 @@ const uint8_t U2F_ATT_PRIV_KEY[] = {
 };
 
 const uint8_t U2F_ATT_CERT[] = {
-    0x30, 0x82, 0x01, 0x19, 0x30, 0x81, 0xC0, 0x02, 0x09, 0x00, 0x8B, 0x3F,
-    0xA6, 0x46, 0xDE, 0x01, 0xCB, 0xB8, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86,
-    0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11,
-    0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0A, 0x54, 0x72, 0x65, 0x7A, 0x6F,
-    0x72, 0x20, 0x55, 0x32, 0x46, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x35, 0x31,
-    0x30, 0x31, 0x31, 0x32, 0x33, 0x32, 0x33, 0x34, 0x36, 0x5A, 0x17, 0x0D,
-    0x32, 0x35, 0x31, 0x30, 0x30, 0x38, 0x32, 0x33, 0x32, 0x33, 0x34, 0x36,
-    0x5A, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03,
-    0x0C, 0x0A, 0x54, 0x72, 0x65, 0x7A, 0x6F, 0x72, 0x20, 0x55, 0x32, 0x46,
-    0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02,
-    0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03,
-    0x42, 0x00, 0x04, 0xD9, 0x18, 0xBD, 0xFA, 0x8A, 0x54, 0xAC, 0x92, 0xE9,
-    0x0D, 0xA9, 0x1F, 0xCA, 0x7A, 0xA2, 0x64, 0x54, 0xC0, 0xD1, 0x73, 0x36,
-    0x31, 0x4D, 0xDE, 0x83, 0xA5, 0x4B, 0x86, 0xB5, 0xDF, 0x4E, 0xF0, 0x52,
-    0x65, 0x9A, 0x1D, 0x6F, 0xFC, 0xB7, 0x46, 0x7F, 0x1A, 0xCD, 0xDB, 0x8A,
-    0x33, 0x08, 0x0B, 0x5E, 0xED, 0x91, 0x89, 0x13, 0xF4, 0x43, 0xA5, 0x26,
-    0x1B, 0xC7, 0x7B, 0x68, 0x60, 0x6F, 0xC1, 0x30, 0x0A, 0x06, 0x08, 0x2A,
-    0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, 0x45,
-    0x02, 0x21, 0x00, 0x89, 0x38, 0x50, 0x13, 0xBB, 0x13, 0xF1, 0xE9, 0xEF,
-    0x7A, 0x1B, 0x47, 0x59, 0x19, 0xBA, 0x18, 0x55, 0x32, 0xE6, 0x76, 0xD1,
-    0xAD, 0x69, 0x9D, 0x97, 0x07, 0x89, 0x80, 0x08, 0x4F, 0xAA, 0xE8, 0x02,
-    0x20, 0x35, 0x9A, 0x5F, 0x1D, 0xE5, 0x0A, 0x12, 0xA0, 0x9C, 0x96, 0x3D,
-    0x5A, 0x39, 0xA8, 0x83, 0x3C, 0xBA, 0x2E, 0xAD, 0xD5, 0x90, 0x23, 0x85,
-    0x81, 0x7D, 0xF0, 0xC7, 0x72, 0x8E, 0x79, 0x09, 0xD0,
+	0x30, 0x82, 0x01, 0x18, 0x30, 0x81, 0xc0, 0x02, 0x09, 0x00, 0xb1, 0xd9,
+	0x8f, 0x42, 0x64, 0x72, 0xd3, 0x2c, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86,
+	0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11,
+	0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0a, 0x54, 0x72, 0x65, 0x7a, 0x6f,
+	0x72, 0x20, 0x55, 0x32, 0x46, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30,
+	0x34, 0x32, 0x39, 0x31, 0x33, 0x33, 0x31, 0x35, 0x33, 0x5a, 0x17, 0x0d,
+	0x32, 0x36, 0x30, 0x34, 0x32, 0x37, 0x31, 0x33, 0x33, 0x31, 0x35, 0x33,
+	0x5a, 0x30, 0x15, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x03,
+	0x0c, 0x0a, 0x54, 0x72, 0x65, 0x7a, 0x6f, 0x72, 0x20, 0x55, 0x32, 0x46,
+	0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+	0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
+	0x42, 0x00, 0x04, 0xd9, 0x18, 0xbd, 0xfa, 0x8a, 0x54, 0xac, 0x92, 0xe9,
+	0x0d, 0xa9, 0x1f, 0xca, 0x7a, 0xa2, 0x64, 0x54, 0xc0, 0xd1, 0x73, 0x36,
+	0x31, 0x4d, 0xde, 0x83, 0xa5, 0x4b, 0x86, 0xb5, 0xdf, 0x4e, 0xf0, 0x52,
+	0x65, 0x9a, 0x1d, 0x6f, 0xfc, 0xb7, 0x46, 0x7f, 0x1a, 0xcd, 0xdb, 0x8a,
+	0x33, 0x08, 0x0b, 0x5e, 0xed, 0x91, 0x89, 0x13, 0xf4, 0x43, 0xa5, 0x26,
+	0x1b, 0xc7, 0x7b, 0x68, 0x60, 0x6f, 0xc1, 0x30, 0x0a, 0x06, 0x08, 0x2a,
+	0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x47, 0x00, 0x30, 0x44,
+	0x02, 0x20, 0x24, 0x1e, 0x81, 0xff, 0xd2, 0xe5, 0xe6, 0x15, 0x36, 0x94,
+	0xc3, 0x55, 0x2e, 0x8f, 0xeb, 0xd7, 0x1e, 0x89, 0x35, 0x92, 0x1c, 0xb4,
+	0x83, 0x41, 0x43, 0x71, 0x1c, 0x76, 0xea, 0xee, 0xf3, 0x95, 0x02, 0x20,
+	0x5f, 0x80, 0xeb, 0x10, 0xf2, 0x5c, 0xcc, 0x39, 0x8b, 0x3c, 0xa8, 0xa9,
+	0xad, 0xa4, 0x02, 0x7f, 0x93, 0x13, 0x20, 0x77, 0xb7, 0xab, 0xce, 0x77,
+	0x46, 0x5a, 0x27, 0xf5, 0x3d, 0x33, 0xa1, 0x1d,
 };
 
 #endif // __U2F_KEYS_H_INCLUDED__
diff --git a/vendor/trezor-common b/vendor/trezor-common
index 0567a429cf..8c6401bdef 160000
--- a/vendor/trezor-common
+++ b/vendor/trezor-common
@@ -1 +1 @@
-Subproject commit 0567a429cfc8c6fdf9e08c79270750c102fc4f70
+Subproject commit 8c6401bdef92ebef7375a0e58a06af117618519d
diff --git a/vendor/trezor-crypto b/vendor/trezor-crypto
index ed6debf8c4..406022acb4 160000
--- a/vendor/trezor-crypto
+++ b/vendor/trezor-crypto
@@ -1 +1 @@
-Subproject commit ed6debf8c4ec5ef9c7ef31a1a7eddf76aa33ccd8
+Subproject commit 406022acb4d43a48bb9d8afe392226f1fdeccec2