feat(core): add libtropic to unix build

2024-11-14 03:30:02 +00:00 · 2024-09-11 16:14:01 +02:00 · 2024-09-11 16:14:01 +02:00 · 43beb9f238
commit 43beb9f238
parent 52437b1fc8
16 changed files with 215 additions and 3 deletions
--- a/.gitmodules
+++ b/.gitmodules
@ -27,7 +27,9 @@
 [submodule "vendor/cmsis_5"]
 	path = vendor/cmsis_5
 	url = https://github.com/ARM-software/CMSIS_5.git
-
 [submodule "vendor/stm32u5xx_hal_driver"]
 	path = vendor/stm32u5xx_hal_driver
 	url = https://github.com/trezor/stm32u5xx_hal_driver.git
+[submodule "vendor/libtropic"]
+	path = vendor/libtropic
+	url = https://github.com/tropicsquare/libtropic.git
--- a/core/SConscript.firmware
+++ b/core/SConscript.firmware
@ -760,6 +760,7 @@ if FROZEN:
        bitcoin_only=BITCOIN_ONLY,
        backlight='backlight' in FEATURES_AVAILABLE,
        optiga='optiga' in FEATURES_AVAILABLE,
+        tropic='tropic' in FEATURES_AVAILABLE,
        ui_layout=UI_LAYOUT,
        thp=THP,
        )
--- a/core/SConscript.unix
+++ b/core/SConscript.unix
@ -13,7 +13,7 @@ THP = ARGUMENTS.get('THP', '0') == '1' # Trezor-Host Protocol
 NEW_RENDERING = ARGUMENTS.get('NEW_RENDERING', '1') == '1' or TREZOR_MODEL in ('T3T1',)


-FEATURES_WANTED = ["input", "sd_card", "dma2d", "optiga", "sbu"]
+FEATURES_WANTED = ["input", "sd_card", "dma2d", "optiga", "sbu", "tropic"]
 if NEW_RENDERING:
    FEATURES_WANTED.append("new_rendering")

@ -42,6 +42,7 @@ SOURCE_MOD = [
    'vendor/micropython/extmod/vfs_posix_file.c',
 ]
 SOURCE_MOD_CRYPTO = []
+SOURCE_MOD_TROPIC = []

 PYOPT = ARGUMENTS.get('PYOPT', '1')
 FROZEN = ARGUMENTS.get('TREZOR_EMULATOR_FROZEN', 0)
@ -290,6 +291,14 @@ SOURCE_MOD += [
    'embed/extmod/modutime.c',
 ]

+SOURCE_MOD_TROPIC += [
+    'vendor/libtropic/src/libtropic.c',
+]
+
+CPPDEFINES_MOD += ['USE_TS_CRYPTO']
+
+CPPPATH_MOD += ['vendor/libtropic/src/', 'vendor/libtropic/include/', 'vendor/trezor-crypto/ed25519-donna']
+
 SOURCE_MICROPYTHON = [
    'vendor/micropython/extmod/modubinascii.c',
    'vendor/micropython/extmod/moductypes.c',
@ -496,6 +505,10 @@ if 'optiga' in FEATURES_AVAILABLE:
 else:
    OPTIGA = False

+if 'tropic' in FEATURES_AVAILABLE:
+    TROPIC = True
+else:
+    TROPIC = False

 env.Tool('micropython')

@ -805,6 +818,7 @@ if FROZEN:
        bitcoin_only=BITCOIN_ONLY,
        backlight='backlight' in FEATURES_AVAILABLE,
        optiga=OPTIGA,
+        tropic=TROPIC,
        ui_layout=UI_LAYOUT,
        thp=THP,
        )
@ -820,7 +834,7 @@ if FROZEN:
 #

 obj_program = []
-source_files = SOURCE_MOD + SOURCE_MOD_CRYPTO + SOURCE_MICROPYTHON + SOURCE_UNIX
+source_files = SOURCE_MOD + SOURCE_MOD_CRYPTO + SOURCE_MOD_TROPIC + SOURCE_MICROPYTHON + SOURCE_UNIX
 obj_program.extend(env.Object(source=SOURCE_MOD))
 obj_program.extend(env.Object(source=SOURCE_MOD_CRYPTO, CCFLAGS='$CCFLAGS -ftrivial-auto-var-init=zero'))
 if FEATURE_FLAGS["SECP256K1_ZKP"]:
--- a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-tropic.h
+++ b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-tropic.h
@ -0,0 +1,130 @@
+/*
+ * This file is part of the Trezor project, https://trezor.io/
+ *
+ * Copyright (c) SatoshiLabs
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#if USE_TROPIC
+
+// Default initial Tropic handshake keys
+#define PKEY_INDEX_BYTE   PAIRING_KEY_SLOT_INDEX_0
+#define SHiPRIV_BYTES    {0xf0,0xc4,0xaa,0x04,0x8f,0x00,0x13,0xa0,0x96,0x84,0xdf,0x05,0xe8,0xa2,0x2e,0xf7,0x21,0x38,0x98,0x28,0x2b,0xa9,0x43,0x12,0xf3,0x13,0xdf,0x2d,0xce,0x8d,0x41,0x64};
+#define SHiPUB_BYTES     {0x84,0x2f,0xe3,0x21,0xa8,0x24,0x74,0x08,0x37,0x37,0xff,0x2b,0x9b,0x88,0xa2,0xaf,0x42,0x44,0x2d,0xb0,0xd8,0xaa,0xcc,0x6d,0xc6,0x9e,0x99,0x53,0x33,0x44,0xb2,0x46};
+
+#include "libtropic.h"
+
+/// package: trezorcrypto.tropic
+
+/// class TropicError(Exception):
+///     """Error returned by the Tropic Square chip."""
+MP_DEFINE_EXCEPTION(TropicError, Exception)
+
+
+void bytes_to_chars(uint8_t const *key, char *buffer, uint16_t len)
+{
+    uint16_t offset = 0;
+    memset(buffer, 0, len);
+
+    for (size_t i = 0; i < len; i++)
+    {
+        offset += sprintf(buffer + offset, "%02X", key[i]);
+    }
+    sprintf(buffer + offset, "%c", '\0');
+}
+
+#define PING_MSG "Hello!"
+#define PING_MSG_LEN 6
+/// mock:global
+/// def ping() -> bool:
+///     """
+///     Test the session by pinging the chip.
+///     """
+STATIC mp_obj_t mod_trezorcrypto_tropic_ping() {
+    lt_handle_t handle = {0};
+    lt_ret_t ret = LT_FAIL;
+
+    ret = lt_init(&handle);
+
+    uint8_t X509_cert[LT_L2_GET_INFO_REQ_CERT_SIZE] = {0};
+
+    ret = lt_get_info_cert(&handle, X509_cert, LT_L2_GET_INFO_REQ_CERT_SIZE);
+
+    uint8_t stpub[32] = {0};
+    ret = lt_cert_verify_and_parse(X509_cert, 512, stpub);
+
+    uint8_t pkey_index  = PKEY_INDEX_BYTE;
+    uint8_t shipriv[]   = SHiPRIV_BYTES;
+    uint8_t shipub[]    = SHiPUB_BYTES;
+
+    ret = lt_handshake(&handle, stpub, pkey_index, shipriv, shipub);
+
+    uint8_t msg_out[PING_MSG_LEN] = {0};
+    uint8_t msg_in[PING_MSG_LEN]  = {0};
+    uint16_t len_ping = PING_MSG_LEN;
+
+    memcpy(msg_out, PING_MSG, PING_MSG_LEN);
+
+    ret = lt_ping(&handle, (uint8_t *)msg_out, (uint8_t *)msg_in, len_ping);
+
+    return mp_obj_new_bool(ret == LT_OK && !memcmp(msg_out, msg_in, PING_MSG_LEN));
+}
+STATIC MP_DEFINE_CONST_FUN_OBJ_0(mod_trezorcrypto_tropic_ping_obj,
+                                 mod_trezorcrypto_tropic_ping);
+
+/// mock:global
+/// def get_certificate() -> bytes:
+///     """
+///     Return the chip's certificate.
+///     """
+STATIC mp_obj_t mod_trezorcrypto_tropic_get_certificate() {
+    lt_handle_t handle = {0};
+    lt_ret_t ret = LT_FAIL;
+
+    ret = lt_init(&handle);
+
+    uint8_t X509_cert[512] = {0};
+
+    ret = lt_get_info_cert(&handle, X509_cert, 512);
+
+    if (ret != LT_OK) {
+        mp_raise_msg(&mp_type_TropicError, "Failed to read certificate.");
+    }
+
+    vstr_t vstr = {0};
+    vstr_init_len(&vstr, 1024);
+
+    bytes_to_chars(X509_cert, vstr.buf, 512);
+
+    return mp_obj_new_str_from_vstr(&mp_type_bytes, &vstr);
+}
+STATIC MP_DEFINE_CONST_FUN_OBJ_0(mod_trezorcrypto_tropic_get_certificate_obj,
+                                 mod_trezorcrypto_tropic_get_certificate);
+
+STATIC const mp_rom_map_elem_t mod_trezorcrypto_tropic_globals_table[] = {
+    {MP_ROM_QSTR(MP_QSTR___name__), MP_ROM_QSTR(MP_QSTR_tropic)},
+    {MP_ROM_QSTR(MP_QSTR_get_certificate),
+     MP_ROM_PTR(&mod_trezorcrypto_tropic_get_certificate_obj)},
+    {MP_ROM_QSTR(MP_QSTR_ping), MP_ROM_PTR(&mod_trezorcrypto_tropic_ping_obj)},
+    {MP_ROM_QSTR(MP_QSTR_TropicError), MP_ROM_PTR(&mp_type_TropicError)}};
+STATIC MP_DEFINE_CONST_DICT(mod_trezorcrypto_tropic_globals,
+                            mod_trezorcrypto_tropic_globals_table);
+
+STATIC const mp_obj_module_t mod_trezorcrypto_tropic_module = {
+    .base = {&mp_type_module},
+    .globals = (mp_obj_dict_t *)&mod_trezorcrypto_tropic_globals,
+};
+
+#endif
--- a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto.c
+++ b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto.c
@ -75,6 +75,9 @@ static void wrapped_ui_wait_callback(uint32_t current, uint32_t total) {
 #ifdef USE_OPTIGA
 #include "modtrezorcrypto-optiga.h"
 #endif
+#ifdef USE_TROPIC
+#include "modtrezorcrypto-tropic.h"
+#endif
 #if !BITCOIN_ONLY
 #include "modtrezorcrypto-cardano.h"
 #include "modtrezorcrypto-monero.h"
@ -141,6 +144,9 @@ STATIC const mp_rom_map_elem_t mp_module_trezorcrypto_globals_table[] = {
 #if USE_OPTIGA
    {MP_ROM_QSTR(MP_QSTR_optiga), MP_ROM_PTR(&mod_trezorcrypto_optiga_module)},
 #endif
+#if USE_TROPIC
+    {MP_ROM_QSTR(MP_QSTR_tropic), MP_ROM_PTR(&mod_trezorcrypto_tropic_module)},
+#endif
 };
 STATIC MP_DEFINE_CONST_DICT(mp_module_trezorcrypto_globals,
                            mp_module_trezorcrypto_globals_table);
--- a/core/embed/extmod/modtrezorutils/modtrezorutils.c
+++ b/core/embed/extmod/modtrezorutils/modtrezorutils.c
@ -420,6 +420,8 @@ STATIC mp_obj_tuple_t mod_trezorutils_version_obj = {
 /// """Whether the hardware supports haptic feedback."""
 /// USE_OPTIGA: bool
 /// """Whether the hardware supports Optiga secure element."""
+/// USE_TROPIC: bool
+/// """Whether the hardware supports Tropic Square secure element."""
 /// MODEL: str
 /// """Model name."""
 /// MODEL_FULL_NAME: str
@ -485,6 +487,11 @@ STATIC const mp_rom_map_elem_t mp_module_trezorutils_globals_table[] = {
    {MP_ROM_QSTR(MP_QSTR_USE_OPTIGA), mp_const_true},
 #else
    {MP_ROM_QSTR(MP_QSTR_USE_OPTIGA), mp_const_false},
+#endif
+#ifdef USE_TROPIC
+    {MP_ROM_QSTR(MP_QSTR_USE_TROPIC), mp_const_true},
+#else
+    {MP_ROM_QSTR(MP_QSTR_USE_TROPIC), mp_const_false},
 #endif
    {MP_ROM_QSTR(MP_QSTR_MODEL), MP_ROM_PTR(&mod_trezorutils_model_name_obj)},
    {MP_ROM_QSTR(MP_QSTR_MODEL_FULL_NAME),
--- a/core/embed/models/T3T1/boards/t3t1-unix.h
+++ b/core/embed/models/T3T1/boards/t3t1-unix.h
@ -7,6 +7,7 @@
 #define USE_RGB_COLORS 1
 #define USE_BACKLIGHT 1
 #define USE_OPTIGA 1
+#define USE_TROPIC 1

 #define MAX_DISPLAY_RESX 240
 #define MAX_DISPLAY_RESY 240
--- a/core/embed/rust/Cargo.toml
+++ b/core/embed/rust/Cargo.toml
@ -43,6 +43,7 @@ rgb_led = []
 backlight = []
 usb = []
 optiga = []
+tropic = []
 translations = ["crypto"]
 test = [
    "backlight",
--- a/core/mocks/generated/trezorcrypto/tropic.pyi
+++ b/core/mocks/generated/trezorcrypto/tropic.pyi
@ -0,0 +1,20 @@
+from typing import *
+
+
+# extmod/modtrezorcrypto/modtrezorcrypto-tropic.h
+class TropicError(Exception):
+    """Error returned by the Tropic Square chip."""
+
+
+# extmod/modtrezorcrypto/modtrezorcrypto-tropic.h
+def ping() -> bool:
+    """
+    Test the session by pinging the chip.
+    """
+
+
+# extmod/modtrezorcrypto/modtrezorcrypto-tropic.h
+def get_certificate() -> bytes:
+    """
+    Return the chip's certificate.
+    """
--- a/core/mocks/generated/trezorutils.pyi
+++ b/core/mocks/generated/trezorutils.pyi
@ -130,6 +130,8 @@ USE_HAPTIC: bool
 """Whether the hardware supports haptic feedback."""
 USE_OPTIGA: bool
 """Whether the hardware supports Optiga secure element."""
+USE_TROPIC: bool
+"""Whether the hardware supports Tropic Square secure element."""
 MODEL: str
 """Model name."""
 MODEL_FULL_NAME: str
--- a/core/site_scons/models/T3T1/emulator.py
+++ b/core/site_scons/models/T3T1/emulator.py
@ -59,6 +59,26 @@ def configure(
        sources += ["embed/trezorhal/unix/optiga.c"]
        features_available.append("optiga")

+    if "tropic" in features_wanted:
+        sources += [
+            "vendor/libtropic/src/libtropic.c",
+            "vendor/libtropic/src/lt_crc16.c",
+            "vendor/libtropic/src/lt_hkdf.c",
+            "vendor/libtropic/src/lt_l1.c",
+            "vendor/libtropic/src/lt_l1_port_wrap.c",
+            "vendor/libtropic/src/lt_l2.c",
+            "vendor/libtropic/src/lt_l2_frame_check.c",
+            "vendor/libtropic/src/lt_l3.c",
+            "vendor/libtropic/src/lt_random.c",
+            "vendor/libtropic/hal/port/unix/lt_port_unix.c",
+            "vendor/libtropic/hal/crypto/trezor_crypto/lt_crypto_trezor_aesgcm.c",
+            "vendor/libtropic/hal/crypto/trezor_crypto/lt_crypto_trezor_ed25519.c",
+            "vendor/libtropic/hal/crypto/trezor_crypto/lt_crypto_trezor_sha256.c",
+            "vendor/libtropic/hal/crypto/trezor_crypto/lt_crypto_trezor_x25519.c",
+        ]
+        defines += ["USE_TREZOR_CRYPTO"]
+        features_available.append("tropic")
+
    if "input" in features_wanted:
        sources += ["embed/trezorhal/unix/touch.c"]
        features_available.append("touch")
--- a/core/site_scons/site_tools/micropython/init.py
+++ b/core/site_scons/site_tools/micropython/init.py
@ -44,6 +44,7 @@ def generate(env):
        btc_only = env["bitcoin_only"] == "1"
        backlight = env["backlight"]
        optiga = env["optiga"]
+        tropic = env["tropic"]
        layout_tt = env["ui_layout"] == "UI_LAYOUT_TT"
        layout_tr = env["ui_layout"] == "UI_LAYOUT_TR"
        layout_mercury = env["ui_layout"] == "UI_LAYOUT_MERCURY"
@ -53,6 +54,7 @@ def generate(env):
            rf"-e 's/utils\.BITCOIN_ONLY/{btc_only}/g'",
            rf"-e 's/utils\.USE_BACKLIGHT/{backlight}/g'",
            rf"-e 's/utils\.USE_OPTIGA/{optiga}/g'",
+            rf"-e 's/utils\.USE_TROPIC/{tropic}/g'",
            rf"-e 's/utils\.UI_LAYOUT == \"TT\"/{layout_tt}/g'",
            rf"-e 's/utils\.UI_LAYOUT == \"TR\"/{layout_tr}/g'",
            rf"-e 's/utils\.UI_LAYOUT == \"MERCURY\"/{layout_mercury}/g'",
--- a/core/src/trezor/crypto/init.py
+++ b/core/src/trezor/crypto/init.py
@ -22,5 +22,8 @@ if not utils.BITCOIN_ONLY:
 if utils.USE_OPTIGA:
    from trezorcrypto import optiga  # noqa: F401

+if utils.USE_TROPIC:
+    from trezorcrypto import tropic  # noqa: F401
+
 if utils.USE_THP:
    from trezorcrypto import elligator2  # noqa: F401
--- a/core/src/trezor/utils.py
+++ b/core/src/trezor/utils.py
@ -15,6 +15,7 @@ from trezorutils import (  # noqa: F401
    USE_OPTIGA,
    USE_SD_CARD,
    USE_THP,
+    USE_TROPIC,
    VERSION,
    bootloader_locked,
    check_firmware_header,
--- a/core/vendor/libtropic
+++ b/core/vendor/libtropic
@ -0,0 +1 @@
+../../vendor/libtropic/
--- a/legacy/firmware/Makefile
+++ b/legacy/firmware/Makefile
@ -164,6 +164,7 @@ CFLAGS += -I../vendor/nanopb -Iprotob -DPB_FIELD_16BIT=1 -DPB_ENCODE_ARRAYS_UNPA
 CFLAGS += -DSCM_REVISION='"$(shell git rev-parse HEAD | sed 's:\(..\):\\x\1:g')"'
 CFLAGS += -DUSE_MONERO=0
 CFLAGS += -DUSE_OPTIGA=0
+CFLAGS += -DUSE_TROPIC=0
 ifneq ($(BITCOIN_ONLY),1)
 CFLAGS += -DUSE_ETHEREUM=1
 CFLAGS += -DUSE_NEM=1