use different set of keys for boardloader/bootloader/vendorheader

7 years ago · 2bc37a10fe
parent a055f4e8fb
commit 2bc37a10fe
8 changed files with 58 additions and 59 deletions
--- a/4
+++ b/4
@ -141,8 +141,8 @@ gdb: ## start remote gdb session which connects to the openocd
 ## misc commands:

 vendorheader: ## construct default vendor header
-	./tools/build_vendorheader 'db995fe25169d141cab9bbba92baa01f9f2e1ece7df4cb2ac05190f37fcc1f9d:2152f8d19b791d24453242e15f2eab6cb7cffa7b6a5ed30097960e069881db12:22fc297792f0b6ffc0bfcfdb7edb0c0aa14e025a365ec0e342e86e3829cb74b6' 1 0.0 SatoshiLabs assets/satoshilabs_120.toif embed/firmware/vendorheader.bin
-	./tools/binctl embed/firmware/vendorheader.bin -s 1 4141414141414141414141414141414141414141414141414141414141414141
+	./tools/build_vendorheader 'e28a8970753332bd72fef413e6b0b2ef1b4aadda7aa2c141f233712a6876b351:d4eec1869fb1b8a4e817516ad5a931557cb56805c3eb16e8f3a803d647df7869:772c8a442b7db06e166cfbc1ccbcbcde6f3eba76a4e98ef3ffc519502237d6ef' 1 0.0 SatoshiLabs assets/satoshilabs_120.toif embed/firmware/vendorheader.bin
+	./tools/binctl embed/firmware/vendorheader.bin -s 1 4444444444444444444444444444444444444444444444444444444444444444

 binctl: ## print info about binary files
 	./tools/binctl $(BOOTLOADER_BUILD_DIR)/bootloader.bin
--- a/SConscript.firmware
+++ b/SConscript.firmware
@ -434,7 +434,7 @@ program_bin = env.Command(
    source=program_elf,
    action=[
        '$OBJCOPY -O binary -j .header -j .flash -j .data $SOURCE $TARGET',
-        '$BINCTL $TARGET -s 1 4141414141414141414141414141414141414141414141414141414141414141',
+        '$BINCTL $TARGET -s 1 4747474747474747474747474747474747474747474747474747474747474747',
    ], )

 program0_bin = env.Command(
--- a/assets/keys.txt
+++ b/assets/keys.txt
@ -1,14 +0,0 @@
-seckey1: 4141414141414141414141414141414141414141414141414141414141414141
-pubkey1: db995fe25169d141cab9bbba92baa01f9f2e1ece7df4cb2ac05190f37fcc1f9d
-
-seckey2: 4242424242424242424242424242424242424242424242424242424242424242
-pubkey2: 2152f8d19b791d24453242e15f2eab6cb7cffa7b6a5ed30097960e069881db12
-
-seckey3: 4343434343434343434343434343434343434343434343434343434343434343
-pubkey3: 22fc297792f0b6ffc0bfcfdb7edb0c0aa14e025a365ec0e342e86e3829cb74b6
-
-seckey4: 4444444444444444444444444444444444444444444444444444444444444444
-pubkey4: d759793bbc13a2819a827c76adb6fba8a49aee007f49f2d0992d99b825ad2c48
-
-seckey5: 4545454545454545454545454545454545454545454545454545454545454545
-pubkey5: 6355691c178a8ff91007a7478afb955ef7352c63e7b25703984cf78b26e21a56
--- a/embed/boardloader/main.c
+++ b/embed/boardloader/main.c
@ -104,6 +104,14 @@ bool copy_sdcard(void)
    return true;
 }

+const uint8_t BOARDLOADER_KEY_M = 1;
+const uint8_t BOARDLOADER_KEY_N = 3;
+static const uint8_t * const BOARDLOADER_KEYS[] = {
+    (const uint8_t *)"\xdb\x99\x5f\xe2\x51\x69\xd1\x41\xca\xb9\xbb\xba\x92\xba\xa0\x1f\x9f\x2e\x1e\xce\x7d\xf4\xcb\x2a\xc0\x51\x90\xf3\x7f\xcc\x1f\x9d",
+    (const uint8_t *)"\x21\x52\xf8\xd1\x9b\x79\x1d\x24\x45\x32\x42\xe1\x5f\x2e\xab\x6c\xb7\xcf\xfa\x7b\x6a\x5e\xd3\x00\x97\x96\x0e\x06\x98\x81\xdb\x12",
+    (const uint8_t *)"\x22\xfc\x29\x77\x92\xf0\xb6\xff\xc0\xbf\xcf\xdb\x7e\xdb\x0c\x0a\xa1\x4e\x02\x5a\x36\x5e\xc0\xe3\x42\xe8\x6e\x38\x29\xcb\x74\xb6",
+};
+
 void check_and_jump(void)
 {
    display_printf("checking bootloader\n");
@ -117,7 +125,7 @@ void check_and_jump(void)
        return;
    }

-    if (image_check_signature((const uint8_t *)BOOTLOADER_START, &hdr, NULL)) {
+    if (image_check_signature((const uint8_t *)BOOTLOADER_START, &hdr, BOARDLOADER_KEY_M, BOARDLOADER_KEY_N, BOARDLOADER_KEYS)) {
        display_printf("valid bootloader signature\n");
        display_printf("JUMP!\n");
        jump_to(BOOTLOADER_START + HEADER_SIZE);
--- a/embed/bootloader/main.c
+++ b/embed/bootloader/main.c
@ -47,6 +47,14 @@ void display_vendor(const uint8_t *vimg, const char *vstr, uint32_t vstr_len, ui
    display_refresh();
 }

+const uint8_t BOOTLOADER_KEY_M = 1;
+const uint8_t BOOTLOADER_KEY_N = 3;
+static const uint8_t * const BOOTLOADER_KEYS[] = {
+    (const uint8_t *)"\xd7\x59\x79\x3b\xbc\x13\xa2\x81\x9a\x82\x7c\x76\xad\xb6\xfb\xa8\xa4\x9a\xee\x00\x7f\x49\xf2\xd0\x99\x2d\x99\xb8\x25\xad\x2c\x48",
+    (const uint8_t *)"\x63\x55\x69\x1c\x17\x8a\x8f\xf9\x10\x07\xa7\x47\x8a\xfb\x95\x5e\xf7\x35\x2c\x63\xe7\xb2\x57\x03\x98\x4c\xf7\x8b\x26\xe2\x1a\x56",
+    (const uint8_t *)"\xee\x93\xa4\xf6\x6f\x8d\x16\xb8\x19\xbb\x9b\xeb\x9f\xfc\xcd\xfc\xdc\x14\x12\xe8\x7f\xee\x6a\x32\x4c\x2a\x99\xa1\xe0\xe6\x71\x48",
+};
+
 void check_and_jump(void)
 {
    display_printf("checking vendor header\n");
@ -59,7 +67,7 @@ void check_and_jump(void)
        return;
    }

-    if (vendor_check_signature((const uint8_t *)FIRMWARE_START, &vhdr)) {
+    if (vendor_check_signature((const uint8_t *)FIRMWARE_START, &vhdr, BOOTLOADER_KEY_M, BOOTLOADER_KEY_N, BOOTLOADER_KEYS)) {
        display_printf("valid vendor header signature\n");
    } else {
        display_printf("invalid vendor header signature\n");
@ -76,7 +84,7 @@ void check_and_jump(void)
        return;
    }

-    if (image_check_signature((const uint8_t *)(FIRMWARE_START + vhdr.hdrlen), &hdr, &vhdr)) {
+    if (image_check_signature((const uint8_t *)(FIRMWARE_START + vhdr.hdrlen), &hdr, vhdr.vsig_m, vhdr.vsig_n, vhdr.vpub)) {
        display_printf("valid firmware signature\n");

        display_vendor(vhdr.vimg, (const char *)vhdr.vstr, vhdr.vstr_len, hdr.version);
--- a/embed/trezorhal/image.c
+++ b/embed/trezorhal/image.c
@ -6,49 +6,27 @@
 #include "common.h"
 #include "image.h"

-static const uint8_t * const SATOSHILABS_PUBKEYS[] = {
-    (const uint8_t *)"\xdb\x99\x5f\xe2\x51\x69\xd1\x41\xca\xb9\xbb\xba\x92\xba\xa0\x1f\x9f\x2e\x1e\xce\x7d\xf4\xcb\x2a\xc0\x51\x90\xf3\x7f\xcc\x1f\x9d",
-    (const uint8_t *)"\x21\x52\xf8\xd1\x9b\x79\x1d\x24\x45\x32\x42\xe1\x5f\x2e\xab\x6c\xb7\xcf\xfa\x7b\x6a\x5e\xd3\x00\x97\x96\x0e\x06\x98\x81\xdb\x12",
-    (const uint8_t *)"\x22\xfc\x29\x77\x92\xf0\xb6\xff\xc0\xbf\xcf\xdb\x7e\xdb\x0c\x0a\xa1\x4e\x02\x5a\x36\x5e\xc0\xe3\x42\xe8\x6e\x38\x29\xcb\x74\xb6",
-    (const uint8_t *)"\xd7\x59\x79\x3b\xbc\x13\xa2\x81\x9a\x82\x7c\x76\xad\xb6\xfb\xa8\xa4\x9a\xee\x00\x7f\x49\xf2\xd0\x99\x2d\x99\xb8\x25\xad\x2c\x48",
-    (const uint8_t *)"\x63\x55\x69\x1c\x17\x8a\x8f\xf9\x10\x07\xa7\x47\x8a\xfb\x95\x5e\xf7\x35\x2c\x63\xe7\xb2\x57\x03\x98\x4c\xf7\x8b\x26\xe2\x1a\x56",
-};
-
-static bool compute_pubkey(const vendor_header *vhdr, uint8_t sigmask, ed25519_public_key res)
+static bool compute_pubkey(uint8_t sig_m, uint8_t sig_n, const uint8_t * const *pub, uint8_t sigmask, ed25519_public_key res)
 {
-    uint8_t vsig_m;
-    uint8_t vsig_n;
-    const uint8_t * const *vpub;
-
-    if (vhdr) {
-        vsig_m = vhdr->vsig_m;
-        vsig_n = vhdr->vsig_n;
-        vpub = vhdr->vpub;
-    } else {
-        vsig_m = 1;
-        vsig_n = 5;
-        vpub = SATOSHILABS_PUBKEYS;
-    }
-
-    if (!vsig_m || !vsig_n) return false;
-    if (vsig_m > vsig_n) return false;
+    if (!sig_m || !sig_n) return false;
+    if (sig_m > sig_n) return false;

-    // discard bits higher than vsig_n
-    sigmask &= ((1 << vsig_n) - 1);
+    // discard bits higher than sig_n
+    sigmask &= ((1 << sig_n) - 1);

-    // remove if number of set bits in sigmask is not equal to vsig_m
-    if (__builtin_popcount(sigmask) != vsig_m) return false;
+    // remove if number of set bits in sigmask is not equal to sig_m
+    if (__builtin_popcount(sigmask) != sig_m) return false;

-    ed25519_public_key keys[vsig_m];
+    ed25519_public_key keys[sig_m];
    int j = 0;
-    for (int i = 0; i < vsig_n; i++) {
+    for (int i = 0; i < sig_n; i++) {
        if ((1 << i) & sigmask) {
-            memcpy(keys[j], vpub[i], 32);
+            memcpy(keys[j], pub[i], 32);
            j++;
        }
    }

-    return 0 == ed25519_cosi_combine_publickeys(res, keys, vsig_m);
+    return 0 == ed25519_cosi_combine_publickeys(res, keys, sig_m);
 }

 bool image_parse_header(const uint8_t *data, uint32_t magic, uint32_t maxsize, image_header *hdr)
@ -83,7 +61,7 @@ bool image_parse_header(const uint8_t *data, uint32_t magic, uint32_t maxsize, i
    return true;
 }

-bool image_check_signature(const uint8_t *data, const image_header *hdr, const vendor_header *vhdr)
+bool image_check_signature(const uint8_t *data, const image_header *hdr, uint8_t key_m, uint8_t key_n, const uint8_t * const *keys)
 {
    uint8_t hash[BLAKE2S_DIGEST_LENGTH];
    BLAKE2S_CTX ctx;
@ -96,7 +74,7 @@ bool image_check_signature(const uint8_t *data, const image_header *hdr, const v
    blake2s_Final(&ctx, hash, BLAKE2S_DIGEST_LENGTH);

    ed25519_public_key pub;
-    if (!compute_pubkey(vhdr, hdr->sigmask, pub)) return false;
+    if (!compute_pubkey(key_m, key_n, keys, hdr->sigmask, pub)) return false;

    return 0 == ed25519_sign_open(hash, BLAKE2S_DIGEST_LENGTH, pub, *(const ed25519_signature *)hdr->sig);
 }
@ -149,7 +127,7 @@ bool vendor_parse_header(const uint8_t *data, vendor_header *vhdr)
    return true;
 }

-bool vendor_check_signature(const uint8_t *data, const vendor_header *vhdr)
+bool vendor_check_signature(const uint8_t *data, const vendor_header *vhdr, uint8_t key_m, uint8_t key_n, const uint8_t * const *keys)
 {
    uint8_t hash[BLAKE2S_DIGEST_LENGTH];
    BLAKE2S_CTX ctx;
@ -161,7 +139,7 @@ bool vendor_check_signature(const uint8_t *data, const vendor_header *vhdr)
    blake2s_Final(&ctx, hash, BLAKE2S_DIGEST_LENGTH);

    ed25519_public_key pub;
-    if (!compute_pubkey(NULL, vhdr->sigmask, pub)) return false;
+    if (!compute_pubkey(key_m, key_n, keys, vhdr->sigmask, pub)) return false;

    return 0 == ed25519_sign_open(hash, BLAKE2S_DIGEST_LENGTH, pub, *(const ed25519_signature *)vhdr->sig);
 }
--- a/embed/trezorhal/image.h
+++ b/embed/trezorhal/image.h
@ -34,10 +34,10 @@ typedef struct {

 bool image_parse_header(const uint8_t *data, uint32_t magic, uint32_t maxsize, image_header *hdr);

-bool image_check_signature(const uint8_t *data, const image_header *hdr, const vendor_header *vhdr);
+bool image_check_signature(const uint8_t *data, const image_header *hdr, uint8_t key_m, uint8_t key_n, const uint8_t * const *keys);

 bool vendor_parse_header(const uint8_t *data, vendor_header *vhdr);

-bool vendor_check_signature(const uint8_t *data, const vendor_header *vhdr);
+bool vendor_check_signature(const uint8_t *data, const vendor_header *vhdr, uint8_t key_m, uint8_t key_n, const uint8_t * const *keys);

 #endif
--- a/tools/genkeys.py
+++ b/tools/genkeys.py
@ -0,0 +1,19 @@
+#!/usr/bin/env python3
+
+import binascii
+import ed25519
+
+def hex_to_c(s):
+    return '"\\x' + '\\x'.join([s[i:i + 2] for i in range(0, len(s), 2)]) + '"'
+
+for c in 'ABCDEFGHI':
+    print()
+    seckey = c.encode() * 32
+    seckey_hex = binascii.hexlify(seckey).decode()
+    print('seckey', seckey_hex)
+    print('      ', hex_to_c(seckey_hex))
+    sk = ed25519.SigningKey(seckey)
+    pubkey = sk.get_verifying_key().to_bytes()
+    pubkey_hex = binascii.hexlify(pubkey).decode()
+    print('pubkey', pubkey_hex)
+    print('      ', hex_to_c(pubkey_hex))