arno
/
trezor-firmware
mirror of https://github.com/trezor/trezor-firmware.git
1
0
Fork 0
Code Issues Releases Wiki Activity

trezorhal: rework header checking to new format

Browse Source
pull/25/head
Pavol Rusnak 7 years ago
parent 9e82a4d348
commit 63636be0a3
No known key found for this signature in database
GPG Key ID: 91F3B339B9A02A3D
6 changed files with 39 additions and 65 deletions
Show Stats Download Patch File Download Diff File

36
embed/boardloader/main.c
Unescape View File

@ -13,6 +13,20 @@
#define BOOTLOADER_IMAGE_MAGIC 0x425A5254 // TRZB
#define BOOTLOADER_IMAGE_MAXSIZE (1 * 128 * 1024)
const uint8_t BOARDLOADER_KEY_M = 2;
const uint8_t BOARDLOADER_KEY_N = 3;
static const uint8_t * const BOARDLOADER_KEYS[] = {
#if PRODUCTION
(const uint8_t *)"\x0e\xb9\x85\x6b\xe9\xba\x7e\x97\x2c\x7f\x34\xea\xc1\xed\x9b\x6f\xd0\xef\xd1\x72\xec\x00\xfa\xf0\xc5\x89\x75\x9d\xa4\xdd\xfb\xa0",
(const uint8_t *)"\xac\x8a\xb4\x0b\x32\xc9\x86\x55\x79\x8f\xd5\xda\x5e\x19\x2b\xe2\x7a\x22\x30\x6e\xa0\x5c\x6d\x27\x7c\xdf\xf4\xa3\xf4\x12\x5c\xd8",
(const uint8_t *)"\xce\x0f\xcd\x12\x54\x3e\xf5\x93\x6c\xf2\x80\x49\x82\x13\x67\x07\x86\x3d\x17\x29\x5f\xac\xed\x72\xaf\x17\x1d\x6e\x65\x13\xff\x06",
#else
(const uint8_t *)"\xdb\x99\x5f\xe2\x51\x69\xd1\x41\xca\xb9\xbb\xba\x92\xba\xa0\x1f\x9f\x2e\x1e\xce\x7d\xf4\xcb\x2a\xc0\x51\x90\xf3\x7f\xcc\x1f\x9d",
(const uint8_t *)"\x21\x52\xf8\xd1\x9b\x79\x1d\x24\x45\x32\x42\xe1\x5f\x2e\xab\x6c\xb7\xcf\xfa\x7b\x6a\x5e\xd3\x00\x97\x96\x0e\x06\x98\x81\xdb\x12",
(const uint8_t *)"\x22\xfc\x29\x77\x92\xf0\xb6\xff\xc0\xbf\xcf\xdb\x7e\xdb\x0c\x0a\xa1\x4e\x02\x5a\x36\x5e\xc0\xe3\x42\xe8\x6e\x38\x29\xcb\x74\xb6",
#endif
};
static uint32_t check_sdcard(void)
{
if (!sdcard_is_present()) {
@ -35,7 +49,7 @@ static uint32_t check_sdcard(void)
image_header hdr;
if (image_parse_header((const uint8_t *)buf, BOOTLOADER_IMAGE_MAGIC, BOOTLOADER_IMAGE_MAXSIZE, &hdr)) {
if (load_image_header((const uint8_t *)buf, BOOTLOADER_IMAGE_MAGIC, BOOTLOADER_IMAGE_MAXSIZE, BOARDLOADER_KEY_M, BOARDLOADER_KEY_N, BOARDLOADER_KEYS, &hdr)) {
return hdr.codelen;
} else {
return 0;
@ -133,20 +147,6 @@ static bool copy_sdcard(void)
return true;
}
const uint8_t BOARDLOADER_KEY_M = 2;
const uint8_t BOARDLOADER_KEY_N = 3;
static const uint8_t * const BOARDLOADER_KEYS[] = {
#if PRODUCTION
(const uint8_t *)"\x0e\xb9\x85\x6b\xe9\xba\x7e\x97\x2c\x7f\x34\xea\xc1\xed\x9b\x6f\xd0\xef\xd1\x72\xec\x00\xfa\xf0\xc5\x89\x75\x9d\xa4\xdd\xfb\xa0",
(const uint8_t *)"\xac\x8a\xb4\x0b\x32\xc9\x86\x55\x79\x8f\xd5\xda\x5e\x19\x2b\xe2\x7a\x22\x30\x6e\xa0\x5c\x6d\x27\x7c\xdf\xf4\xa3\xf4\x12\x5c\xd8",
(const uint8_t *)"\xce\x0f\xcd\x12\x54\x3e\xf5\x93\x6c\xf2\x80\x49\x82\x13\x67\x07\x86\x3d\x17\x29\x5f\xac\xed\x72\xaf\x17\x1d\x6e\x65\x13\xff\x06",
#else
(const uint8_t *)"\xdb\x99\x5f\xe2\x51\x69\xd1\x41\xca\xb9\xbb\xba\x92\xba\xa0\x1f\x9f\x2e\x1e\xce\x7d\xf4\xcb\x2a\xc0\x51\x90\xf3\x7f\xcc\x1f\x9d",
(const uint8_t *)"\x21\x52\xf8\xd1\x9b\x79\x1d\x24\x45\x32\x42\xe1\x5f\x2e\xab\x6c\xb7\xcf\xfa\x7b\x6a\x5e\xd3\x00\x97\x96\x0e\x06\x98\x81\xdb\x12",
(const uint8_t *)"\x22\xfc\x29\x77\x92\xf0\xb6\xff\xc0\xbf\xcf\xdb\x7e\xdb\x0c\x0a\xa1\x4e\x02\x5a\x36\x5e\xc0\xe3\x42\xe8\x6e\x38\x29\xcb\x74\xb6",
#endif
};
int main(void)
{
periph_init(); // need the systick timer running before the production flash (and many other HAL) operations
@ -179,13 +179,9 @@ int main(void)
image_header hdr;
ensure(
image_parse_header((const uint8_t *)BOOTLOADER_START, BOOTLOADER_IMAGE_MAGIC, BOOTLOADER_IMAGE_MAXSIZE, &hdr),
load_image_header((const uint8_t *)BOOTLOADER_START, BOOTLOADER_IMAGE_MAGIC, BOOTLOADER_IMAGE_MAXSIZE, BOARDLOADER_KEY_M, BOARDLOADER_KEY_N, BOARDLOADER_KEYS, &hdr),
"invalid bootloader header");
ensure(
image_check_signature((const uint8_t *)BOOTLOADER_START, &hdr, BOARDLOADER_KEY_M, BOARDLOADER_KEY_N, BOARDLOADER_KEYS),
"invalid bootloader signature");
jump_to(BOOTLOADER_START + IMAGE_HEADER_SIZE);
return 0;

29
embed/bootloader/main.c
Unescape View File

@ -83,10 +83,8 @@ void display_error(void)
display_footer("Error! Unplug the device", COLOR_BL_RED);
}
void display_welcome(void)
void display_welcome(bool firmware_present)
{
vendor_header vhdr;
bool firmware_present = vendor_parse_header((const uint8_t *)FIRMWARE_START, &vhdr);
display_clear();
if (!firmware_present) {
display_icon((DISPLAY_RESX - 124) / 2, (DISPLAY_RESY - 40 - 180) / 2, 124, 180, toi_icon_lock, sizeof(toi_icon_lock), COLOR_WHITE, COLOR_BLACK);
@ -191,11 +189,11 @@ void usb_init_all(void) {
usb_start();
}
bool bootloader_loop(void)
bool bootloader_loop(bool firmware_present)
{
usb_init_all();
display_welcome();
display_welcome(firmware_present);
uint8_t buf[USB_PACKET_SIZE];
@ -213,7 +211,7 @@ bool bootloader_loop(void)
}
switch (msg_id) {
case 0: // Initialize
process_msg_Initialize(USB_IFACE_NUM, msg_size, buf);
process_msg_Initialize(USB_IFACE_NUM, msg_size, buf, firmware_present);
break;
case 1: // Ping
process_msg_Ping(USB_IFACE_NUM, msg_size, buf);
@ -312,30 +310,23 @@ int main(void)
vendor_header vhdr;
// start the bootloader if user touched the screen or no firmware installed
if (touched || !vendor_parse_header((const uint8_t *)FIRMWARE_START, &vhdr)) {
if (!bootloader_loop()) {
bool firmware_present = load_vendor_header((const uint8_t *)FIRMWARE_START, BOOTLOADER_KEY_M, BOOTLOADER_KEY_N, BOOTLOADER_KEYS, &vhdr);
if (touched || !firmware_present) {
if (!bootloader_loop(firmware_present)) {
return 1;
}
}
ensure(
vendor_parse_header((const uint8_t *)FIRMWARE_START, &vhdr),
ensure (
load_vendor_header((const uint8_t *)FIRMWARE_START, BOOTLOADER_KEY_M, BOOTLOADER_KEY_N, BOOTLOADER_KEYS, &vhdr),
"invalid vendor header");
ensure(
vendor_check_signature((const uint8_t *)FIRMWARE_START, &vhdr, BOOTLOADER_KEY_M, BOOTLOADER_KEY_N, BOOTLOADER_KEYS),
"invalid vendor header signature");
image_header hdr;
ensure(
image_parse_header((const uint8_t *)(FIRMWARE_START + vhdr.hdrlen), FIRMWARE_IMAGE_MAGIC, FIRMWARE_IMAGE_MAXSIZE, &hdr),
load_image_header((const uint8_t *)(FIRMWARE_START + vhdr.hdrlen), FIRMWARE_IMAGE_MAGIC, FIRMWARE_IMAGE_MAXSIZE, vhdr.vsig_m, vhdr.vsig_n, vhdr.vpub, &hdr),
"invalid firmware header");
ensure(
image_check_signature((const uint8_t *)(FIRMWARE_START + vhdr.hdrlen), &hdr, vhdr.vsig_m, vhdr.vsig_n, vhdr.vpub),
"invalid firmware signature");
display_vendor(vhdr.vimg, (const char *)vhdr.vstr, vhdr.vstr_len, hdr.version);
display_fade(0, BACKLIGHT_NORMAL, 1000);
if (vhdr.vtrust < 50) {

4
embed/bootloader/messages.c
Unescape View File

@ -199,7 +199,7 @@ static bool _recv_msg(uint8_t iface_num, uint32_t msg_size, uint8_t *buf, const
#define MSG_RECV_CALLBACK(FIELD, CALLBACK) do { msg_recv.FIELD.funcs.decode = &CALLBACK; } while (0)
#define MSG_RECV(TYPE) do { _recv_msg(iface_num, msg_size, buf, TYPE##_fields, &msg_recv); } while(0)
void process_msg_Initialize(uint8_t iface_num, uint32_t msg_size, uint8_t *buf)
void process_msg_Initialize(uint8_t iface_num, uint32_t msg_size, uint8_t *buf, bool firmware_present)
{
MSG_RECV_INIT(Initialize);
MSG_RECV(Initialize);
@ -210,8 +210,6 @@ void process_msg_Initialize(uint8_t iface_num, uint32_t msg_size, uint8_t *buf)
MSG_SEND_ASSIGN_VALUE(minor_version, VERSION_MINOR);
MSG_SEND_ASSIGN_VALUE(patch_version, VERSION_PATCH);
MSG_SEND_ASSIGN_VALUE(bootloader_mode, true);
vendor_header vhdr;
bool firmware_present = vendor_parse_header((const uint8_t *)FIRMWARE_START, &vhdr);
MSG_SEND_ASSIGN_VALUE(firmware_present, firmware_present);
MSG_SEND(Features);
}

2
embed/bootloader/messages.h
Unescape View File

@ -9,7 +9,7 @@
bool msg_parse_header(const uint8_t *buf, uint16_t *msg_id, uint32_t *msg_size);
void process_msg_Initialize(uint8_t iface_num, uint32_t msg_size, uint8_t *buf);
void process_msg_Initialize(uint8_t iface_num, uint32_t msg_size, uint8_t *buf, bool firmware_present);
void process_msg_Ping(uint8_t iface_num, uint32_t msg_size, uint8_t *buf);
void process_msg_FirmwareErase(uint8_t iface_num, uint32_t msg_size, uint8_t *buf);
int process_msg_FirmwareUpload(uint8_t iface_num, uint32_t msg_size, uint8_t *buf);

21
embed/trezorhal/image.c
Unescape View File

@ -29,7 +29,7 @@ static bool compute_pubkey(uint8_t sig_m, uint8_t sig_n, const uint8_t * const *
return 0 == ed25519_cosi_combine_publickeys(res, keys, sig_m);
}
bool image_parse_header(const uint8_t * const data, const uint32_t magic, const uint32_t maxsize, image_header * const hdr)
bool load_image_header(const uint8_t * const data, const uint32_t magic, const uint32_t maxsize, uint8_t key_m, uint8_t key_n, const uint8_t * const *keys, image_header * const hdr)
{
memcpy(&hdr->magic, data, 4);
if (hdr->magic != magic) return false;
@ -49,17 +49,14 @@ bool image_parse_header(const uint8_t * const data, const uint32_t magic, const
memcpy(&hdr->version, data + 16, 4);
// uint8_t reserved[939];
memcpy(hdr->hashes, data + 32, 512);
memcpy(&hdr->sigmask, data + IMAGE_HEADER_SIZE - IMAGE_SIG_SIZE, 1);
memcpy(hdr->sig, data + IMAGE_HEADER_SIZE - IMAGE_SIG_SIZE + 1, IMAGE_SIG_SIZE - 1);
return true;
}
// check header signature
bool image_check_signature(const uint8_t *data, const image_header *hdr, uint8_t key_m, uint8_t key_n, const uint8_t * const *keys)
{
uint8_t hash[BLAKE2S_DIGEST_LENGTH];
BLAKE2S_CTX ctx;
blake2s_Init(&ctx, BLAKE2S_DIGEST_LENGTH);
@ -67,7 +64,6 @@ bool image_check_signature(const uint8_t *data, const image_header *hdr, uint8_t
for (int i = 0; i < IMAGE_SIG_SIZE; i++) {
blake2s_Update(&ctx, (const uint8_t *)"\x00", 1);
}
blake2s_Update(&ctx, data + IMAGE_HEADER_SIZE, hdr->codelen);
blake2s_Final(&ctx, hash, BLAKE2S_DIGEST_LENGTH);
ed25519_public_key pub;
@ -76,13 +72,13 @@ bool image_check_signature(const uint8_t *data, const image_header *hdr, uint8_t
return 0 == ed25519_sign_open(hash, BLAKE2S_DIGEST_LENGTH, pub, *(const ed25519_signature *)hdr->sig);
}
bool vendor_parse_header(const uint8_t * const data, vendor_header * const vhdr)
bool load_vendor_header(const uint8_t * const data, uint8_t key_m, uint8_t key_n, const uint8_t * const *keys, vendor_header * const vhdr)
{
memcpy(&vhdr->magic, data, 4);
if (vhdr->magic != 0x565A5254) return false; // TRZV
memcpy(&vhdr->hdrlen, data + 4, 4);
// TODO: sanity check hdr->hdrlen as it is used as a src to memcpy below
if (vhdr->hdrlen > 64 * 1024) return false;
memcpy(&vhdr->expiry, data + 8, 4);
if (vhdr->expiry != 0) return false;
@ -112,17 +108,12 @@ bool vendor_parse_header(const uint8_t * const data, vendor_header * const vhdr)
// align to 4 bytes
vhdr->vimg += (-(uintptr_t)vhdr->vimg) & 3;
// reserved for padding
memcpy(&vhdr->sigmask, data + vhdr->hdrlen - IMAGE_SIG_SIZE, 1);
memcpy(vhdr->sig, data + vhdr->hdrlen - IMAGE_SIG_SIZE + 1, IMAGE_SIG_SIZE - 1);
return true;
}
// check header signature
bool vendor_check_signature(const uint8_t *data, const vendor_header *vhdr, uint8_t key_m, uint8_t key_n, const uint8_t * const *keys)
{
uint8_t hash[BLAKE2S_DIGEST_LENGTH];
BLAKE2S_CTX ctx;
blake2s_Init(&ctx, BLAKE2S_DIGEST_LENGTH);

12
embed/trezorhal/image.h
Unescape View File

@ -18,7 +18,9 @@ typedef struct {
uint32_t expiry;
uint32_t codelen;
uint32_t version;
// uint8_t reserved[939];
// uint8_t reserved[12];
uint8_t hashes[512];
// uint8_t reserved[415];
uint8_t sigmask;
uint8_t sig[64];
} image_header;
@ -42,12 +44,8 @@ typedef struct {
uint8_t sig[64];
} vendor_header;
bool image_parse_header(const uint8_t * const data, const uint32_t magic, const uint32_t maxsize, image_header * const hdr);
bool load_image_header(const uint8_t * const data, const uint32_t magic, const uint32_t maxsize, uint8_t key_m, uint8_t key_n, const uint8_t * const *keys, image_header * const hdr);
bool image_check_signature(const uint8_t *data, const image_header *hdr, uint8_t key_m, uint8_t key_n, const uint8_t * const *keys);
bool vendor_parse_header(const uint8_t * const data, vendor_header * const vhdr);
bool vendor_check_signature(const uint8_t *data, const vendor_header *vhdr, uint8_t key_m, uint8_t key_n, const uint8_t * const *keys);
bool load_vendor_header(const uint8_t * const data, uint8_t key_m, uint8_t key_n, const uint8_t * const *keys, vendor_header * const vhdr);
#endif

Write Preview
Loading…
Cancel
Save