arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-07-06 14:52:33 +00:00
Code Issues Releases Wiki Activity

signatures_ok function in bootloader exports firmware hash if needed

Browse Source
This commit is contained in:
Pavol Rusnak 2016-02-10 13:53:08 +01:00
parent 0eab05cd53
commit 63bc16d375
No known key found for this signature in database
GPG Key ID: 91F3B339B9A02A3D
4 changed files with 15 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bootloader/bootloader.c
View File

@ -128,7 +128,7 @@ int main(void)
oledDrawBitmap(40, 0, &bmp_logo64_empty); oledDrawBitmap(40, 0, &bmp_logo64_empty);
oledRefresh(); oledRefresh();
if (!signatures_ok()) { if (!signatures_ok(NULL)) {
show_unofficial_warning(); show_unofficial_warning();
} }

16
bootloader/signatures.c
View File

@ -18,10 +18,12 @@
*/ */
#include <stdint.h> #include <stdint.h>
#include <string.h>
#include "signatures.h" #include "signatures.h"
#include "ecdsa.h" #include "ecdsa.h"
#include "secp256k1.h" #include "secp256k1.h"
#include "sha2.h"
#include "bootloader.h" #include "bootloader.h"
#define PUBKEYS 5 #define PUBKEYS 5
@ -36,7 +38,7 @@ static const uint8_t *pubkey[PUBKEYS] = {
#define SIGNATURES 3 #define SIGNATURES 3
int signatures_ok(void) int signatures_ok(uint8_t *store_hash)
{ {
uint32_t codelen = *((uint32_t *)FLASH_META_CODELEN); uint32_t codelen = *((uint32_t *)FLASH_META_CODELEN);
uint8_t sigindex1, sigindex2, sigindex3; uint8_t sigindex1, sigindex2, sigindex3;
@ -53,13 +55,19 @@ int signatures_ok(void)
if (sigindex1 == sigindex3) return 0; // duplicate use if (sigindex1 == sigindex3) return 0; // duplicate use
if (sigindex2 == sigindex3) return 0; // duplicate use if (sigindex2 == sigindex3) return 0; // duplicate use
if (ecdsa_verify(&secp256k1, pubkey[sigindex1 - 1], (uint8_t *)FLASH_META_SIG1, (uint8_t *)FLASH_APP_START, codelen) != 0) { // failure uint8_t hash[32];
sha256_Raw((uint8_t *)FLASH_APP_START, codelen, hash);
if (store_hash) {
memcpy(store_hash, hash, 32);
}
if (ecdsa_verify_digest(&secp256k1, pubkey[sigindex1 - 1], (uint8_t *)FLASH_META_SIG1, hash) != 0) { // failure
return 0; return 0;
} }
if (ecdsa_verify(&secp256k1, pubkey[sigindex2 - 1], (uint8_t *)FLASH_META_SIG2, (uint8_t *)FLASH_APP_START, codelen) != 0) { // failure if (ecdsa_verify_digest(&secp256k1, pubkey[sigindex2 - 1], (uint8_t *)FLASH_META_SIG2, hash) != 0) { // failure
return 0; return 0;
} }
if (ecdsa_verify(&secp256k1, pubkey[sigindex3 - 1], (uint8_t *)FLASH_META_SIG3, (uint8_t *)FLASH_APP_START, codelen) != 0) { // failture if (ecdsa_verify_digest(&secp256k1, pubkey[sigindex3 - 1], (uint8_t *)FLASH_META_SIG3, hash) != 0) { // failture
return 0; return 0;
} }

2
bootloader/signatures.h
View File

@ -20,6 +20,6 @@
#ifndef __SIGNATURES_H__ #ifndef __SIGNATURES_H__
#define __SIGNATURES_H__ #define __SIGNATURES_H__
int signatures_ok(void); int signatures_ok(uint8_t *store_hash);
#endif #endif

2
bootloader/usb.c
View File

@ -444,7 +444,7 @@ static void hid_rx_callback(usbd_device *dev, uint8_t ep)
layoutProgress("INSTALLING ... Please wait", 1000); layoutProgress("INSTALLING ... Please wait", 1000);
uint8_t flags = *((uint8_t *)FLASH_META_FLAGS); uint8_t flags = *((uint8_t *)FLASH_META_FLAGS);
// check if to restore old storage area but only if signatures are ok // check if to restore old storage area but only if signatures are ok
if ((flags & 0x01) && signatures_ok()) { if ((flags & 0x01) && signatures_ok(NULL)) {
// copy new stuff // copy new stuff
memcpy(meta_backup, (void *)FLASH_META_START, FLASH_META_DESC_LEN); memcpy(meta_backup, (void *)FLASH_META_START, FLASH_META_DESC_LEN);
// replace "TRZR" in header with 0000 when hash not confirmed // replace "TRZR" in header with 0000 when hash not confirmed