feat(legacy): filled production keys, 2 out of 3 signatures

legacy/bootloader/usb.c

@@ -186,7 +186,7 @@ static int should_keep_storage(int old_was_signed,
 
   const image_header *new_hdr = (const image_header *)FW_HEADER;
   // new header must be signed by v3 signmessage/verifymessage scheme
-  if (SIG_OK != signatures_ok(new_hdr, NULL, true)) return SIG_FAIL;
+  if (SIG_OK != signatures_ok(new_hdr, NULL, sectrue)) return SIG_FAIL;
   // if the new header hashes don't match flash contents, erase storage
   if (SIG_OK != check_firmware_hashes(new_hdr)) return SIG_FAIL;
 
@@ -401,7 +401,7 @@ static void rx_callback(usbd_device *dev, uint8_t ep) {
       flash_state = STATE_CHECK;
       const image_header *hdr = (const image_header *)FW_HEADER;
       // allow only v3 signmessage/verifymessage signature for new FW
-      if (SIG_OK != signatures_ok(hdr, NULL, true)) {
+      if (SIG_OK != signatures_ok(hdr, NULL, sectrue)) {
         send_msg_buttonrequest_firmwarecheck(dev);
         return;
       }
@@ -417,7 +417,7 @@ static void rx_callback(usbd_device *dev, uint8_t ep) {
     bool hash_check_ok;
     // show fingerprint of unsigned firmware
     // allow only v3 signmessage/verifymessage signatures
-    if (SIG_OK != signatures_ok(hdr, NULL, true)) {
+    if (SIG_OK != signatures_ok(hdr, NULL, sectrue)) {
       if (msg_id != 0x001B) {  // ButtonAck message (id 27)
         return;
       }

legacy/debug_signing/README.md

@@ -8,12 +8,12 @@
 1. **FW header hash is different from whole FW hash in the one output by cibuild**
 1. Run the emulator or device (make sure not to confuse which are you using for signing)
 1. Run `firmware_hash_sign_trezor.py ../firmware/trezor.bin ../firmware/trezor.bin.signed`
-1. Accept 3 signature requests on signing device
-1. This will show you a list of 3 signatures for 3 keys
+1. Accept 2 signature requests on signing device
+1. This will show you a list of 2 signatures for 3 keys
 1. It will output `../firmware.trezor.bin.signed`
 
-By default the scripts uses the `[1, 2, 3]` sigindices, you can modify `sig_indices`
-inside to have different order or different keys (1 <= index <= 5 )
+By default the scripts uses the `[1, 2]` sigindices, you can modify `sig_indices`
+inside to have different order or different keys (1 <= index <= 3 )
 
 Update FW on T1 either via `trezorctl device firmware-update` or
 `make flash_firmware_jlink`.

legacy/debug_signing/fill_t1_fw_signatures.py

@@ -45,9 +45,9 @@ class Signatures:
         Patch signatures from signature_pairs.
         Requires filling signature_pairs beforehand.
         """
-        assert len(self.signature_pairs) == 3
+        assert len(self.signature_pairs) <= 3
 
-        for i in range(3):
+        for i in range(len(self.signature_pairs)):
             sigindex_ofs = self.sigindex_offsets[i]
             sig_ofs = self.sig_offsets[i]
             (sigindex, sig) = self.signature_pairs[i]

legacy/debug_signing/firmware_hash_sign_trezor.py

@@ -16,8 +16,8 @@ except IndexError:
     out_fw_fname = in_fw_fname + ".signed"
 
 # These 3 keys will be used in this order to sign the FW
-# each index can be >= 1 and <= 5
-sig_indices = [1, 2, 3]
+# each index can be >= 1 and <= 3
+sig_indices = [1, 2]
 
 print(f"Input trezor.bin file: {in_fw_fname}")
 print(f"Output signed trezor.bin file: {out_fw_fname}")

legacy/debug_signing/sign_firmware_v2_signature.py

@@ -10,9 +10,9 @@ import ecdsa
 from fill_t1_fw_signatures import Signatures
 
 secret_keys_hex = [
-    "ba7994923c91771ad77c483f7d2b41f5506b82aa900e6f12edeae96c5c9f8f66",
-    "81a825d359da7ec9534e6cf7dd190bdbad62e134265764a5ec3e63317b060a51",
-    "37107a021e50ca3571102691606083f6a8d9cd600e35cd2c8e8f7b87796a045b",
+    "4444444444444444444444444444444444444444444444444444444444444444",
+    "4545454545454545454545454545454545454545454545454545454545454545",
+    "bfc4bca9c9c228a16639d3503d999a733a439210b64cebe757a4fd03ca46a5c8",
     "5518381d95e93e8eb68a294354989906e3828f36b4556a2ad85d8333294eb1b7",
     "1d1d34168760dec092c9ff89377d8659076d2dfd95e0281719c15f90d067e211",
 ]
@@ -46,9 +46,9 @@ print(f"Output signed trezor.bin file: {out_fw_fname}")
 
 # Should be these public keys
 assert public_keys_hex == [
-    "0391cdaf3cac08c2712ee1e88cd6d346eb2c798fdaf95c0eb6efeea0d7014dac87",
-    "02186ff4e2b08bc5ae0e21a508f1ced48ff451eab7d794deb0b7cbe8efd729aba7",
-    "0324009f0b398ca1c335fb17a1021c3f7fb0831ddb28348a4f058b149ea4c589a0",
+    "032c0b7cf95324a07d05398b240174dc0c2be444d96b159aa6c7f7b1e668680991",
+    "02edabbd16b41c8371b92ef2f04c1185b4f03b6dcd52ba9b78d9d7c89c8f221145",
+    "03665f660a5052be7a95546a02179058d93d3e08a779734914594346075bb0afd4",
     "0366635d999417b65566866c65630d977a7ae723fe5f6c4cd17fa00f088ba184c1",
     "03f36c7d0fb615ada43d7188580f15ebda22d6f6b9b1a92bff16c6937799dcbc66",
 ]

legacy/firmware/fsm_msg_common.h

@@ -24,8 +24,8 @@ bool get_features(Features *resp) {
 #else
   const image_header *hdr =
       (const image_header *)FLASH_PTR(FLASH_FWHEADER_START);
-  // only v3 signatures count as signed
-  if (SIG_OK == signatures_ok(hdr, NULL, true)) {
+  // allow both v2 and v3 signatures
+  if (SIG_OK == signatures_match(hdr, NULL)) {
     strlcpy(resp->fw_vendor, "SatoshiLabs", sizeof(resp->fw_vendor));
   } else {
     strlcpy(resp->fw_vendor, "UNSAFE, DO NOT USE!", sizeof(resp->fw_vendor));

legacy/fw_signatures.c

@@ -23,6 +23,7 @@
 #include "fw_signatures.h"
 #include "memory.h"
 #include "memzero.h"
+#include "secbool.h"
 #include "secp256k1.h"
 #include "sha2.h"
 
@@ -40,9 +41,10 @@ const uint32_t FIRMWARE_MAGIC_NEW = 0x465a5254;  // TRZF
  *
  * Latest scheme v3 ref: https://github.com/trezor/trezor-firmware/issues/2513
  */
-#define PUBKEYS 5
+#define PUBKEYS_V3 3
+#define PUBKEYS_V2 5
 
-#if DEBUG_T1_SIGNATURES
+#if DEBUG_T1_SIGNATURES || BOOTLOADER_QA
 
 // Make build explode if combining debug sigs with production
 #if PRODUCTION
@@ -54,24 +56,18 @@ const uint32_t FIRMWARE_MAGIC_NEW = 0x465a5254;  // TRZF
 // "table table table table table table table table table table table advance"
 // the "SignMessage"-style public keys, third signing scheme
 // See legacy/debug_signing/README.md
-static const uint8_t * const pubkey_v3[PUBKEYS] = {
+static const uint8_t * const pubkey_v3[PUBKEYS_V3] = {
         (const uint8_t *)"\x03\x73\x08\xe1\x40\x77\x16\x1c\x36\x5d\xea\x0f\x5c\x80\xaa\x6c\x5d\xba\x34\x71\x9e\x82\x5b\xd2\x3a\xe5\xf7\xe7\xd2\x98\x8a\xdb\x0f",
         (const uint8_t *)"\x03\x9c\x1b\x24\x60\xe3\x43\x71\x2e\x98\x2e\x07\x32\xe7\xed\x17\xf6\x0d\xe4\xc9\x33\x06\x5b\x71\x70\xd9\x9c\x6e\x7f\xe7\xcc\x7f\x4b",
         (const uint8_t *)"\x03\x15\x2b\x37\xfd\xf1\x26\x11\x12\x74\xc8\x94\xc3\x48\xdc\xc9\x75\xb5\x7c\x11\x5e\xe2\x4c\xeb\x19\xb5\x19\x0a\xc7\xf7\xb6\x51\x73",
-        (const uint8_t *)"\x02\x83\x91\x8a\xbf\x1b\x6e\x1d\x2a\x1d\x08\xea\x29\xc9\xd2\xae\x2e\x97\xe3\xc0\x1f\x4e\xa8\x59\x2b\x08\x8d\x28\x03\x5b\x44\x4e\xd0",
-        (const uint8_t *)"\x03\xc6\x83\x63\x85\x07\x8a\x18\xe8\x1d\x74\x77\x68\x1e\x0d\x30\x86\x66\xf3\x99\x59\x4b\xe9\xe8\xab\xcb\x45\x58\xa6\xe2\x47\x32\xfc"
 };
 
 // the "new", or second signing scheme keys
 
-#if BOOTLOADER_QA
 /*
- Previously used for QA bootloader upgrade tests
-
  Debug private keys for v2 (previously called "new") scheme
  corresponding to pubkeys below as python hexstring array:
 
-
  ['4444444444444444444444444444444444444444444444444444444444444444',
   '4545454545454545454545454545454545454545454545454545454545454545',
   'bfc4bca9c9c228a16639d3503d999a733a439210b64cebe757a4fd03ca46a5c8',
@@ -79,50 +75,27 @@ static const uint8_t * const pubkey_v3[PUBKEYS] = {
   '1d1d34168760dec092c9ff89377d8659076d2dfd95e0281719c15f90d067e211']
  */
 
-static const uint8_t * const pubkey_v2[PUBKEYS] = {
+static const uint8_t * const pubkey_v2[PUBKEYS_V2] = {
     (const uint8_t *)"\x03\x2c\x0b\x7c\xf9\x53\x24\xa0\x7d\x05\x39\x8b\x24\x01\x74\xdc\x0c\x2b\xe4\x44\xd9\x6b\x15\x9a\xa6\xc7\xf7\xb1\xe6\x68\x68\x09\x91",
     (const uint8_t *)"\x02\xed\xab\xbd\x16\xb4\x1c\x83\x71\xb9\x2e\xf2\xf0\x4c\x11\x85\xb4\xf0\x3b\x6d\xcd\x52\xba\x9b\x78\xd9\xd7\xc8\x9c\x8f\x22\x11\x45",
     (const uint8_t *)"\x03\x66\x5f\x66\x0a\x50\x52\xbe\x7a\x95\x54\x6a\x02\x17\x90\x58\xd9\x3d\x3e\x08\xa7\x79\x73\x49\x14\x59\x43\x46\x07\x5b\xb0\xaf\xd4",
     (const uint8_t *)"\x03\x66\x63\x5d\x99\x94\x17\xb6\x55\x66\x86\x6c\x65\x63\x0d\x97\x7a\x7a\xe7\x23\xfe\x5f\x6c\x4c\xd1\x7f\xa0\x0f\x08\x8b\xa1\x84\xc1",
     (const uint8_t *)"\x03\xf3\x6c\x7d\x0f\xb6\x15\xad\xa4\x3d\x71\x88\x58\x0f\x15\xeb\xda\x22\xd6\xf6\xb9\xb1\xa9\x2b\xff\x16\xc6\x93\x77\x99\xdc\xbc\x66"
     };
-#else
 
-/*
- Debug private keys for v2 (previously called "new") scheme
- corresponding to pubkeys below as python hexstring array:
-
- ['ba7994923c91771ad77c483f7d2b41f5506b82aa900e6f12edeae96c5c9f8f66',
-  '81a825d359da7ec9534e6cf7dd190bdbad62e134265764a5ec3e63317b060a51',
-  '37107a021e50ca3571102691606083f6a8d9cd600e35cd2c8e8f7b87796a045b',
-  '5518381d95e93e8eb68a294354989906e3828f36b4556a2ad85d8333294eb1b7',
-  '1d1d34168760dec092c9ff89377d8659076d2dfd95e0281719c15f90d067e211']
- */
-static const uint8_t * const pubkey_v2[PUBKEYS] = {
-        (const uint8_t *)"\x03\x91\xcd\xaf\x3c\xac\x08\xc2\x71\x2e\xe1\xe8\x8c\xd6\xd3\x46\xeb\x2c\x79\x8f\xda\xf9\x5c\x0e\xb6\xef\xee\xa0\xd7\x01\x4d\xac\x87",
-        (const uint8_t *)"\x02\x18\x6f\xf4\xe2\xb0\x8b\xc5\xae\x0e\x21\xa5\x08\xf1\xce\xd4\x8f\xf4\x51\xea\xb7\xd7\x94\xde\xb0\xb7\xcb\xe8\xef\xd7\x29\xab\xa7",
-        (const uint8_t *)"\x03\x24\x00\x9f\x0b\x39\x8c\xa1\xc3\x35\xfb\x17\xa1\x02\x1c\x3f\x7f\xb0\x83\x1d\xdb\x28\x34\x8a\x4f\x05\x8b\x14\x9e\xa4\xc5\x89\xa0",
-        (const uint8_t *)"\x03\x66\x63\x5d\x99\x94\x17\xb6\x55\x66\x86\x6c\x65\x63\x0d\x97\x7a\x7a\xe7\x23\xfe\x5f\x6c\x4c\xd1\x7f\xa0\x0f\x08\x8b\xa1\x84\xc1",
-        (const uint8_t *)"\x03\xf3\x6c\x7d\x0f\xb6\x15\xad\xa4\x3d\x71\x88\x58\x0f\x15\xeb\xda\x22\xd6\xf6\xb9\xb1\xa9\x2b\xff\x16\xc6\x93\x77\x99\xdc\xbc\x66"
-};
-#endif
-
-#else
-#error NOT IMPLEMENTED
+#else  // DEBUG_T1_SIGNATURES is now 0
 // These public keys are production keys
 // - used in production devices
 
 // the "SignMessage"-style public keys, third signing scheme
-static const uint8_t * const pubkey_v3[PUBKEYS] = {
-        (const uint8_t *)"\x02\xd5\x71\xb7\xf1\x48\xc5\xe4\x23\x2c\x38\x14\xf7\x77\xd8\xfa\xea\xf1\xa8\x42\x16\xc7\x8d\x56\x9b\x71\x04\x1f\xfc\x76\x8a\x5b\x2d",
-        (const uint8_t *)"\x03\x63\x27\x9c\x0c\x08\x66\xe5\x0c\x05\xc7\x99\xd3\x2b\xd6\xba\xb0\x18\x8b\x6d\xe0\x65\x36\xd1\x10\x9d\x2e\xd9\xce\x76\xcb\x33\x5c",
-        (const uint8_t *)"\x02\x43\xae\xdb\xb6\xf7\xe7\x1c\x56\x3f\x8e\xd2\xef\x64\xec\x99\x81\x48\x25\x19\xe7\xef\x4f\x4a\xa9\x8b\x27\x85\x4e\x8c\x49\x12\x6d",
-        (const uint8_t *)"\x02\x87\x7c\x39\xfd\x7c\x62\x23\x7e\x03\x82\x35\xe9\xc0\x75\xda\xb2\x61\x63\x0f\x78\xee\xb8\xed\xb9\x24\x87\x15\x9f\xff\xed\xfd\xf6",
-        (const uint8_t *)"\x03\x73\x84\xc5\x1a\xe8\x1a\xdd\x0a\x52\x3a\xdb\xb1\x86\xc9\x1b\x90\x6f\xfb\x64\xc2\xc7\x65\x80\x2b\xf2\x6d\xbd\x13\xbd\xf1\x2c\x31"
+static const uint8_t * const pubkey_v3[PUBKEYS_V3] = {
+        (const uint8_t *)"\x03\x23\x00\xc1\xbb\x45\x39\xfc\xbf\xca\x25\x90\xbd\xa3\xdd\x20\x93\x82\x6f\x4a\xe4\x37\xbd\xde\xcc\x1a\x2e\x72\x52\x07\x64\xff\x7a",
+        (const uint8_t *)"\x02\x33\xba\xea\xeb\xc9\x4a\x2a\x3e\x8b\x11\xf3\x9a\x71\x33\xdb\xf4\x27\xbe\x29\x2f\xcb\xce\xb8\x87\xd7\x1e\xf5\x1e\x85\x39\x5a\x19",
+        (const uint8_t *)"\x03\x57\x09\x1f\xa2\x54\xb5\x52\x33\xd0\xbb\x4c\x48\xe1\x06\xc9\x1b\x92\xfd\x07\x88\xeb\xed\x9d\x3a\x91\x67\x19\xf4\x4c\x76\xc0\x15"
 };
 
 // the "new", or second signing scheme keys
-static const uint8_t * const pubkey_v2[PUBKEYS] = {
+static const uint8_t * const pubkey_v2[PUBKEYS_V2] = {
         (const uint8_t *)"\x02\xd5\x71\xb7\xf1\x48\xc5\xe4\x23\x2c\x38\x14\xf7\x77\xd8\xfa\xea\xf1\xa8\x42\x16\xc7\x8d\x56\x9b\x71\x04\x1f\xfc\x76\x8a\x5b\x2d",
         (const uint8_t *)"\x03\x63\x27\x9c\x0c\x08\x66\xe5\x0c\x05\xc7\x99\xd3\x2b\xd6\xba\xb0\x18\x8b\x6d\xe0\x65\x36\xd1\x10\x9d\x2e\xd9\xce\x76\xcb\x33\x5c",
         (const uint8_t *)"\x02\x43\xae\xdb\xb6\xf7\xe7\x1c\x56\x3f\x8e\xd2\xef\x64\xec\x99\x81\x48\x25\x19\xe7\xef\x4f\x4a\xa9\x8b\x27\x85\x4e\x8c\x49\x12\x6d",
@@ -131,8 +104,6 @@ static const uint8_t * const pubkey_v2[PUBKEYS] = {
 };
 #endif
 
-#define SIGNATURES 3
-
 #define FLASH_META_START 0x08008000
 #define FLASH_META_CODELEN (FLASH_META_START + 0x0004)
 #define FLASH_META_SIGINDEX1 (FLASH_META_START + 0x0008)
@@ -197,28 +168,35 @@ bool firmware_present_new(void) {
 }
 
 int signatures_ok(const image_header *hdr, uint8_t store_fingerprint[32],
-                  bool use_verifymessage) {
+                  secbool use_verifymessage) {
   uint8_t hash[32] = {0};
   // which set of public keys depend on scheme
   const uint8_t *const *pubkey_ptr = NULL;
-  if (use_verifymessage) {
+  uint8_t pubkeys = 0;
+  if (use_verifymessage == sectrue) {
     pubkey_ptr = pubkey_v3;
     compute_firmware_fingerprint_for_verifymessage(hdr, hash);
+    pubkeys = PUBKEYS_V3;
   } else {
     pubkey_ptr = pubkey_v2;
     compute_firmware_fingerprint(hdr, hash);
+    pubkeys = PUBKEYS_V2;
   }
 
   if (store_fingerprint) {
     memcpy(store_fingerprint, hash, 32);
   }
 
-  if (hdr->sigindex1 < 1 || hdr->sigindex1 > PUBKEYS)
+  if (hdr->sigindex1 < 1 || hdr->sigindex1 > pubkeys)
     return SIG_FAIL;  // invalid index
-  if (hdr->sigindex2 < 1 || hdr->sigindex2 > PUBKEYS)
+  if (hdr->sigindex2 < 1 || hdr->sigindex2 > pubkeys)
     return SIG_FAIL;  // invalid index
-  if (hdr->sigindex3 < 1 || hdr->sigindex3 > PUBKEYS)
+  if (use_verifymessage != sectrue &&
+      (hdr->sigindex3 < 1 || hdr->sigindex3 > pubkeys)) {
     return SIG_FAIL;  // invalid index
+  } else if (hdr->sigindex3 != 0) {
+    return SIG_FAIL;
+  }
 
   if (hdr->sigindex1 == hdr->sigindex2) return SIG_FAIL;  // duplicate use
   if (hdr->sigindex1 == hdr->sigindex3) return SIG_FAIL;  // duplicate use
@@ -232,9 +210,16 @@ int signatures_ok(const image_header *hdr, uint8_t store_fingerprint[32],
                                hdr->sig2, hash)) {  // failure
     return SIG_FAIL;
   }
-  if (0 != ecdsa_verify_digest(&secp256k1, pubkey_ptr[hdr->sigindex3 - 1],
-                               hdr->sig3, hash)) {  // failure
+  if (use_verifymessage != sectrue &&
+      (0 != ecdsa_verify_digest(&secp256k1, pubkey_ptr[hdr->sigindex3 - 1],
+                                hdr->sig3, hash))) {  // failure
     return SIG_FAIL;
+  } else {
+    for (unsigned int i = 0; i < sizeof(hdr->sig3); i++) {
+      if (hdr->sig3[i] != 0) {
+        return SIG_FAIL;
+      }
+    }
   }
 
   return SIG_OK;
@@ -247,8 +232,8 @@ int signatures_match(const image_header *hdr, uint8_t store_fingerprint[32]) {
   // timing side channels.
   // Return only the hash for the v2 computation so that it is
   // the same shown in previous bootloader.
-  result ^= signatures_ok(hdr, store_fingerprint, false);
-  result ^= signatures_ok(hdr, NULL, true);
+  result ^= signatures_ok(hdr, store_fingerprint, secfalse);
+  result ^= signatures_ok(hdr, NULL, sectrue);
   if (result != SIG_OK) {
     return SIG_FAIL;
   }

legacy/fw_signatures.h

@@ -22,6 +22,7 @@
 
 #include <stdbool.h>
 #include <stdint.h>
+#include "secbool.h"
 
 extern const uint32_t FIRMWARE_MAGIC_NEW;  // TRZF
 
@@ -105,7 +106,7 @@ void compute_firmware_fingerprint_for_verifymessage(const image_header *hdr,
  * @return SIG_OK or SIG_FAIL
  */
 int signatures_ok(const image_header *hdr, uint8_t store_fingerprint[32],
-                  bool use_verifymessage);
+                  secbool use_verifymessage);
 
 /**
  * Check if either v2 or v3 signature of header is valid.