From 73abffddb183a623487a6a9012be9943ec87f720 Mon Sep 17 00:00:00 2001 From: tychovrahe Date: Tue, 5 Sep 2023 22:06:57 +0200 Subject: [PATCH] replace signature scheme --- core/SConscript.ble_bootloader | 21 +- core/SConscript.ble_firmware | 4 +- core/embed/ble_bootloader/dfu_public_key.c | 22 +- core/embed/ble_bootloader/memory.ld | 2 +- .../embed/ble_bootloader/nrf_dfu_validation.c | 1088 +++++++++++++++++ core/embed/ble_firmware/memory.ld | 2 +- .../modules/nrfx/mdk/gcc_startup_nrf52833.S | 4 +- 7 files changed, 1125 insertions(+), 18 deletions(-) create mode 100644 core/embed/ble_bootloader/nrf_dfu_validation.c diff --git a/core/SConscript.ble_bootloader b/core/SConscript.ble_bootloader index 1f5b5b6ca..d2717edd3 100644 --- a/core/SConscript.ble_bootloader +++ b/core/SConscript.ble_bootloader @@ -49,6 +49,9 @@ CPPDEFINES_MOD += [ ('uECC_SQUARE_FUNC', '0'), ('uECC_SUPPORT_COMPRESSED_POINT', '0'), ('uECC_VLI_NATIVE_LITTLE_ENDIAN', '1'), + + + 'ED25519_NO_PRECOMP', ] @@ -112,7 +115,11 @@ CPPPATH_MOD += [ 'embed/sdk/nrf52/components/libraries/mutex', 'embed/sdk/nrf52/components/libraries/ringbuf', + 'embed/trezorhal/boards', + 'embed/lib', + + 'vendor/trezor-crypto', ] SOURCE_MOD += [ ] @@ -176,7 +183,6 @@ SOURCE_NRFHAL = [ 'embed/sdk/nrf52/components/libraries/bootloader/dfu/nrf_dfu_settings.c', 'embed/sdk/nrf52/components/libraries/bootloader/dfu/nrf_dfu_transport.c', 'embed/sdk/nrf52/components/libraries/bootloader/dfu/nrf_dfu_utils.c', - 'embed/sdk/nrf52/components/libraries/bootloader/dfu/nrf_dfu_validation.c', 'embed/sdk/nrf52/components/libraries/bootloader/dfu/nrf_dfu_ver_validation.c', 'embed/sdk/nrf52/components/libraries/bootloader/serial_dfu/nrf_dfu_serial.c', 'embed/sdk/nrf52/components/libraries/crypto/backend/micro_ecc/micro_ecc_backend_ecc.c', @@ -192,6 +198,16 @@ SOURCE_BLE_BOOTLOADER = [ # originally embed/sdk/nrf52/components/libraries/bootloader/serial_dfu/nrf_dfu_serial_uart.c', 'embed/ble_bootloader/nrf_dfu_serial_uart.c', 'embed/ble_bootloader/nrf_bootloader.c', + 'embed/ble_bootloader/nrf_dfu_validation.c', + 'vendor/trezor-crypto/blake2s.c', + 'vendor/trezor-crypto/ed25519-donna/curve25519-donna-32bit.c', + 'vendor/trezor-crypto/ed25519-donna/curve25519-donna-helpers.c', + 'vendor/trezor-crypto/ed25519-donna/ed25519.c', + 'vendor/trezor-crypto/ed25519-donna/ed25519-donna-32bit-tables.c', + 'vendor/trezor-crypto/ed25519-donna/ed25519-donna-impl-base.c', + 'vendor/trezor-crypto/ed25519-donna/modm-donna-32bit.c', + 'vendor/trezor-crypto/memzero.c', + 'vendor/trezor-crypto/sha2.c', ] if DEBUG: @@ -251,7 +267,8 @@ env.Replace( COPT=env.get('ENV').get('OPTIMIZE', '-Og'), CCFLAGS='$COPT ' '-g3 ' - '-std=c99 -Wall -Werror -Wdouble-promotion -Wpointer-arith -Wno-missing-braces -Wno-unused-function ' + '-nostdlib ' + '-std=gnu99 -Wall -Werror -Wdouble-promotion -Wpointer-arith -Wno-missing-braces -Wno-unused-function ' '-fdata-sections -ffunction-sections ' '-fno-strict-aliasing ' '-fno-builtin ' diff --git a/core/SConscript.ble_firmware b/core/SConscript.ble_firmware index e6e5b86ea..b2bf46163 100644 --- a/core/SConscript.ble_firmware +++ b/core/SConscript.ble_firmware @@ -461,14 +461,14 @@ program_pkg = env.Command( target='ble_firmware.zip', source=program_hex, action=[ - f'nrfutil pkg generate --hw-version 52 --sd-req=0x100 --application $SOURCE --app-boot-validation VALIDATE_ECDSA_P256_SHA256 --key-file ./embed/ble_bootloader/priv.pem $TARGET --application-version-string {tools.get_version("embed/ble_firmware/version.h")}' + f'python ../../pc-nrfutil/nordicsemi/ pkg generate --hw-version 52 --sd-req=0x100 --application $SOURCE --app-boot-validation VALIDATE_ECDSA_P256_SHA256 --key-file ./embed/ble_bootloader/priv.pem $TARGET --application-version-string {tools.get_version("embed/ble_firmware/version.h")}' ], ) settings = env.Command( target='settings.hex', source=program_hex, - action=f'nrfutil settings generate --family NRF52 --application $SOURCE --app-boot-validation VALIDATE_ECDSA_P256_SHA256 --application-version-string {tools.get_version("embed/ble_firmware/version.h")} --bootloader-version {tools.get_version_int("embed/ble_bootloader/version.h")} --bl-settings-version 2 --sd-boot-validation VALIDATE_ECDSA_P256_SHA256 --softdevice ./embed/sdk/nrf52/components/softdevice/s140/hex/s140_nrf52_7.2.0_softdevice.hex --key-file ./embed/ble_bootloader/priv.pem $TARGET', + action=f'python ../../pc-nrfutil/nordicsemi/ settings generate --family NRF52 --application $SOURCE --app-boot-validation VALIDATE_ECDSA_P256_SHA256 --application-version-string {tools.get_version("embed/ble_firmware/version.h")} --bootloader-version {tools.get_version_int("embed/ble_bootloader/version.h")} --bl-settings-version 2 --sd-boot-validation VALIDATE_ECDSA_P256_SHA256 --softdevice ./embed/sdk/nrf52/components/softdevice/s140/hex/s140_nrf52_7.2.0_softdevice.hex --key-file ./embed/ble_bootloader/priv.pem $TARGET', ) program_merge = env.Command( diff --git a/core/embed/ble_bootloader/dfu_public_key.c b/core/embed/ble_bootloader/dfu_public_key.c index fb06f836c..9d22b9bf0 100644 --- a/core/embed/ble_bootloader/dfu_public_key.c +++ b/core/embed/ble_bootloader/dfu_public_key.c @@ -5,12 +5,16 @@ #include "compiler_abstraction.h" #include "stdint.h" -/** @brief Public key used to verify DFU images */ -__ALIGN(4) -const uint8_t pk[64] = { - 0x7e, 0x2f, 0x54, 0x41, 0xb7, 0x3f, 0x0c, 0xc8, 0xa8, 0x8f, 0x29, - 0x1a, 0x91, 0x3c, 0x9f, 0x70, 0x7e, 0xc6, 0x6f, 0x69, 0x51, 0x14, - 0xa6, 0x04, 0xeb, 0x0b, 0x23, 0x61, 0xf0, 0x22, 0xa4, 0xf4, 0xad, - 0x73, 0x9b, 0xfa, 0x48, 0x2e, 0x1a, 0x90, 0xf6, 0x59, 0x28, 0x4c, - 0x73, 0x49, 0x64, 0xc5, 0x18, 0xd3, 0xb3, 0xb2, 0x1a, 0x60, 0xf0, - 0x79, 0xe8, 0x2c, 0x0a, 0x7c, 0x04, 0x84, 0xcd, 0xd6}; +/** @brief Public keys used to verify DFU images */ + +const uint8_t NRF_BOOTLOADER_KEY_M = 2; +const uint8_t NRF_BOOTLOADER_KEY_N = 3; +const uint8_t * const NRF_BOOTLOADER_KEYS[] = { +#if !PRODUCTION + (const uint8_t *)"\xdb\x99\x5f\xe2\x51\x69\xd1\x41\xca\xb9\xbb\xba\x92\xba\xa0\x1f\x9f\x2e\x1e\xce\x7d\xf4\xcb\x2a\xc0\x51\x90\xf3\x7f\xcc\x1f\x9d", + (const uint8_t *)"\x21\x52\xf8\xd1\x9b\x79\x1d\x24\x45\x32\x42\xe1\x5f\x2e\xab\x6c\xb7\xcf\xfa\x7b\x6a\x5e\xd3\x00\x97\x96\x0e\x06\x98\x81\xdb\x12", + (const uint8_t *)"\x22\xfc\x29\x77\x92\xf0\xb6\xff\xc0\xbf\xcf\xdb\x7e\xdb\x0c\x0a\xa1\x4e\x02\x5a\x36\x5e\xc0\xe3\x42\xe8\x6e\x38\x29\xcb\x74\xb6", +#else + MODEL_NRF_BOOTLOADER_KEYS +#endif +}; diff --git a/core/embed/ble_bootloader/memory.ld b/core/embed/ble_bootloader/memory.ld index cba932d57..5b825a6aa 100644 --- a/core/embed/ble_bootloader/memory.ld +++ b/core/embed/ble_bootloader/memory.ld @@ -5,7 +5,7 @@ GROUP(-lgcc -lc -lnosys) MEMORY { - FLASH (rx) : ORIGIN = 0x70000, LENGTH = 0xe000 + FLASH (rx) : ORIGIN = 0x60000, LENGTH = 0x1e000 RAM (rwx) : ORIGIN = 0x20002ae8, LENGTH = 0x1d518 uicr_bootloader_start_address (r) : ORIGIN = 0x10001014, LENGTH = 0x4 bootloader_settings_page (r) : ORIGIN = 0x0007F000, LENGTH = 0x1000 diff --git a/core/embed/ble_bootloader/nrf_dfu_validation.c b/core/embed/ble_bootloader/nrf_dfu_validation.c new file mode 100644 index 000000000..3cd0ab835 --- /dev/null +++ b/core/embed/ble_bootloader/nrf_dfu_validation.c @@ -0,0 +1,1088 @@ +/** + * Copyright (c) 2017 - 2021, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ +#include +#include "nrf_dfu_types.h" +#include "nrf_dfu_settings.h" +#include "nrf_dfu_utils.h" +#include "nrf_dfu_flash.h" +#include "nrf_bootloader_info.h" +#include "pb.h" +#include "pb_common.h" +#include "pb_decode.h" +#include "dfu-cc.pb.h" +#include "crc32.h" +#include "nrf_crypto.h" +#include "nrf_crypto_shared.h" +#include "nrf_assert.h" +#include "nrf_dfu_validation.h" +#include "nrf_dfu_ver_validation.h" +#include "nrf_strerror.h" + +#define NRF_LOG_MODULE_NAME nrf_dfu_validation +#include "nrf_log.h" +#include "nrf_log_ctrl.h" +NRF_LOG_MODULE_REGISTER(); + +#ifndef DFU_REQUIRES_SOFTDEVICE +#if !defined(BLE_STACK_SUPPORT_REQD) && !defined(ANT_STACK_SUPPORT_REQD) +#define DFU_REQUIRES_SOFTDEVICE 0 +#else +#define DFU_REQUIRES_SOFTDEVICE 1 +#endif +#endif + +#define EXT_ERR(err) (nrf_dfu_result_t)((uint32_t)NRF_DFU_RES_CODE_EXT_ERROR + (uint32_t)err) + +/* Whether a complete init command has been received and prevalidated, but the firmware + * is not yet fully transferred. This value will also be correct after reset. + */ +static bool m_valid_init_cmd_present = false; +static dfu_packet_t m_packet = DFU_PACKET_INIT_DEFAULT; +static uint8_t* m_init_packet_data_ptr = 0; +static uint32_t m_init_packet_data_len = 0; +static pb_istream_t m_pb_stream; + +static dfu_init_command_t const * mp_init = NULL; + +extern const uint8_t NRF_BOOTLOADER_KEY_M; +extern const uint8_t NRF_BOOTLOADER_KEY_N; +extern const uint8_t * const NRF_BOOTLOADER_KEYS[]; + +/** @brief Structure to hold a signature + */ +static nrf_crypto_ecdsa_secp256r1_signature_t m_signature; + +/** @brief Structure to hold the hash for signature verification + */ +static nrf_crypto_hash_sha256_digest_t m_sig_hash; + +/** @brief Structure to hold the hash for the firmware image + */ +static nrf_crypto_hash_sha256_digest_t m_fw_hash; + +/** @brief Flag used by parser code to indicate that the init command has been found to be invalid. + */ +static bool m_init_packet_valid = false; + +static void pb_decoding_callback(pb_istream_t *str, + uint32_t tag, + pb_wire_type_t wire_type, + void *iter) +{ + pb_field_iter_t* p_iter = (pb_field_iter_t *) iter; + + // Match the beginning of the init command. + if (p_iter->pos->ptr == &dfu_init_command_fields[0]) + { + uint8_t * ptr = (uint8_t *)str->state; + uint32_t size = str->bytes_left; + + if (m_init_packet_data_ptr != NULL || m_init_packet_data_len != 0) + { + m_init_packet_valid = false; + return; + } + + // Remove tag. + while (*ptr & 0x80) + { + ptr++; + size--; + } + ptr++; + size--; + + // Store the info in init_packet_data. + m_init_packet_data_ptr = ptr; + m_init_packet_data_len = size; + m_init_packet_valid = true; + + NRF_LOG_DEBUG("PB: Init packet data len: %d", size); + } +} + +/** @brief Function for decoding byte stream into variable. + * + * @retval true If the stored init command was successfully decoded. + * @retval false If there was no stored init command, or the decoding failed. + */ +static bool stored_init_cmd_decode(void) +{ + m_pb_stream = pb_istream_from_buffer(s_dfu_settings.init_command, + s_dfu_settings.progress.command_size); + + dfu_init_command_t * p_init; + + // Attach our callback to follow the field decoding. + m_pb_stream.decoding_callback = pb_decoding_callback; + + m_init_packet_valid = false; + m_init_packet_data_ptr = NULL; + m_init_packet_data_len = 0; + memset(&m_packet, 0, sizeof(m_packet)); + + if (!pb_decode(&m_pb_stream, dfu_packet_fields, &m_packet)) + { + NRF_LOG_ERROR("Handler: Invalid protocol buffer m_pb_stream"); + return false; + } + + if (!m_init_packet_valid || (m_packet.has_signed_command && m_packet.has_command)) + { + NRF_LOG_ERROR("Handler: Invalid init command."); + return false; + } + else if (m_packet.has_signed_command && m_packet.signed_command.command.has_init) + { + p_init = &m_packet.signed_command.command.init; + + m_pb_stream = pb_istream_from_buffer(m_init_packet_data_ptr, m_init_packet_data_len); + memset(p_init, 0, sizeof(dfu_init_command_t)); + + if (!pb_decode(&m_pb_stream, dfu_init_command_fields, p_init)) + { + NRF_LOG_ERROR("Handler: Invalid protocol buffer m_pb_stream (init command)"); + return false; + } + } + else if (m_packet.has_command && m_packet.command.has_init) + { + p_init = &m_packet.command.init; + } + else + { + return false; + } + + mp_init = p_init; + + return true; +} + +void nrf_dfu_validation_init(void) +{ + // If the command is stored to flash, init command was valid. + if ((s_dfu_settings.progress.command_size != 0) && + stored_init_cmd_decode()) + { + m_valid_init_cmd_present = true; + } + else + { + m_valid_init_cmd_present = false; + } +} + + +nrf_dfu_result_t nrf_dfu_validation_init_cmd_create(uint32_t size) +{ + nrf_dfu_result_t ret_val = NRF_DFU_RES_CODE_SUCCESS; + if (size == 0) + { + ret_val = NRF_DFU_RES_CODE_INVALID_PARAMETER; + } + else if (size > INIT_COMMAND_MAX_SIZE) + { + ret_val = NRF_DFU_RES_CODE_INSUFFICIENT_RESOURCES; + } + else + { + // Set DFU to uninitialized. + m_valid_init_cmd_present = false; + + // Reset all progress. + nrf_dfu_settings_progress_reset(); + + // Set the init command size. + s_dfu_settings.progress.command_size = size; + } + return ret_val; +} + + +nrf_dfu_result_t nrf_dfu_validation_init_cmd_append(uint8_t const * p_data, uint32_t length) +{ + nrf_dfu_result_t ret_val = NRF_DFU_RES_CODE_SUCCESS; + if ((length + s_dfu_settings.progress.command_offset) > s_dfu_settings.progress.command_size) + { + NRF_LOG_ERROR("Init command larger than expected."); + ret_val = NRF_DFU_RES_CODE_INVALID_PARAMETER; + } + else + { + // Copy the received data to RAM, update offset and calculate CRC. + memcpy(&s_dfu_settings.init_command[s_dfu_settings.progress.command_offset], + p_data, + length); + + s_dfu_settings.progress.command_offset += length; + s_dfu_settings.progress.command_crc = crc32_compute(p_data, + length, + &s_dfu_settings.progress.command_crc); + } + return ret_val; +} + + +void nrf_dfu_validation_init_cmd_status_get(uint32_t * p_offset, + uint32_t * p_crc, + uint32_t * p_max_size) +{ + *p_offset = s_dfu_settings.progress.command_offset; + *p_crc = s_dfu_settings.progress.command_crc; + *p_max_size = INIT_COMMAND_MAX_SIZE; +} + + +bool nrf_dfu_validation_init_cmd_present(void) +{ + return m_valid_init_cmd_present; +} + + +// Function determines if init command signature is obligatory. +static bool signature_required(dfu_fw_type_t fw_type_to_be_updated) +{ + bool result = true; + + // DFU_FW_TYPE_EXTERNAL_APPLICATION and bootloader updates always require + // signature check + if ((!DFU_REQUIRES_SOFTDEVICE && (fw_type_to_be_updated == DFU_FW_TYPE_SOFTDEVICE)) || + (fw_type_to_be_updated == DFU_FW_TYPE_APPLICATION)) + { + result = NRF_DFU_REQUIRE_SIGNED_APP_UPDATE; + } + return result; +} + +#include "ed25519-donna/ed25519.h" +#include "secbool.h" + +static secbool compute_pubkey(uint8_t sig_m, uint8_t sig_n, + const uint8_t *const *pub, uint8_t sigmask, + ed25519_public_key res) { + if (0 == sig_m || 0 == sig_n) return secfalse; + if (sig_m > sig_n) return secfalse; + + // discard bits higher than sig_n + sigmask &= ((1 << sig_n) - 1); + + // remove if number of set bits in sigmask is not equal to sig_m + if (__builtin_popcount(sigmask) != sig_m) return secfalse; + + ed25519_public_key keys[sig_m]; + int j = 0; + for (int i = 0; i < sig_n; i++) { + if ((1 << i) & sigmask) { + memcpy(keys[j], pub[i], 32); + j++; + } + } + + return sectrue * (0 == ed25519_cosi_combine_publickeys(res, keys, sig_m)); +} + +secbool check_trezor_sig(const uint8_t * digest, + size_t digest_len, + uint8_t key_m, + uint8_t key_n, + uint8_t sigmask, + const uint8_t *const *keys, + uint8_t * sig) { + // check header signature + + + ed25519_public_key pub; + if (sectrue != compute_pubkey(key_m, key_n, keys, sigmask, pub)) + return secfalse; + + return sectrue * + (0 == ed25519_sign_open(digest, digest_len, pub, + sig)); +} + + +// Function to perform signature check if required. +static nrf_dfu_result_t nrf_dfu_validation_signature_check(dfu_signature_type_t signature_type, + uint8_t const * p_signature, + uint32_t signature_len, + uint8_t const * p_data, + uint32_t data_len) +{ + ret_code_t err_code; + size_t hash_len = NRF_CRYPTO_HASH_SIZE_SHA256; + + nrf_crypto_hash_context_t hash_context = {0}; +// nrf_crypto_ecdsa_verify_context_t verify_context = {0}; + + // crypto_init(); + + NRF_LOG_INFO("Signature required. Checking signature.") + if (p_signature == NULL) + { + NRF_LOG_WARNING("No signature found."); + return EXT_ERR(NRF_DFU_EXT_ERROR_SIGNATURE_MISSING); + } + + if (signature_type != DFU_SIGNATURE_TYPE_ECDSA_P256_SHA256) + { + NRF_LOG_INFO("Invalid signature type"); + return EXT_ERR(NRF_DFU_EXT_ERROR_WRONG_SIGNATURE_TYPE); + } + + NRF_LOG_INFO("Calculating hash (len: %d)", data_len); + err_code = nrf_crypto_hash_calculate(&hash_context, + &g_nrf_crypto_hash_sha256_info, + p_data, + data_len, + m_sig_hash, + &hash_len); + if (err_code != NRF_SUCCESS) + { + return NRF_DFU_RES_CODE_OPERATION_FAILED; + } + + if (sizeof(m_signature) != signature_len) + { + return NRF_DFU_RES_CODE_OPERATION_FAILED; + } + + // Prepare the signature received over the air. + memcpy(m_signature, p_signature, signature_len); + + // Calculate the signature. + NRF_LOG_INFO("Verify signature"); + + if (sectrue != check_trezor_sig(m_sig_hash, hash_len, NRF_BOOTLOADER_KEY_M, NRF_BOOTLOADER_KEY_N, 3, NRF_BOOTLOADER_KEYS, m_signature)){ + NRF_LOG_ERROR("Signature failed"); + err_code = NRF_ERROR_CRYPTO_ECDSA_INVALID_SIGNATURE; + } + + if (err_code != NRF_SUCCESS) + { + NRF_LOG_ERROR("Signature failed (err_code: 0x%x)", err_code); + NRF_LOG_DEBUG("Signature:"); + NRF_LOG_HEXDUMP_DEBUG(m_signature, sizeof(m_signature)); + NRF_LOG_DEBUG("Hash:"); + NRF_LOG_HEXDUMP_DEBUG(m_sig_hash, hash_len); + NRF_LOG_FLUSH(); + + return NRF_DFU_RES_CODE_INVALID_OBJECT; + } + + NRF_LOG_INFO("Image verified"); + return NRF_DFU_RES_CODE_SUCCESS; +} + + +// Function to calculate the total size of the firmware(s) in the update. +static nrf_dfu_result_t update_data_size_get(dfu_init_command_t const * p_init, uint32_t * p_size) +{ + nrf_dfu_result_t ret_val = EXT_ERR(NRF_DFU_EXT_ERROR_INIT_COMMAND_INVALID); + uint32_t fw_sz = 0; + + if ((p_init->type == DFU_FW_TYPE_APPLICATION || + p_init->type == DFU_FW_TYPE_EXTERNAL_APPLICATION) && + (p_init->has_app_size == true)) + { + fw_sz = p_init->app_size; + } + else + { + if ((p_init->type & DFU_FW_TYPE_SOFTDEVICE) && (p_init->has_sd_size == true)) + { + fw_sz = p_init->sd_size; + } + + if ((p_init->type & DFU_FW_TYPE_BOOTLOADER) && (p_init->has_bl_size == true)) + { + if (p_init->bl_size <= BOOTLOADER_SIZE) + { + fw_sz += p_init->bl_size; + } + else + { + NRF_LOG_ERROR("BL size (%d) over limit (%d)", p_init->bl_size, BOOTLOADER_SIZE); + fw_sz = 0; + ret_val = NRF_DFU_RES_CODE_INSUFFICIENT_RESOURCES; + } + } + } + + if (fw_sz) + { + *p_size = fw_sz; + ret_val = NRF_DFU_RES_CODE_SUCCESS; + } + else + { + NRF_LOG_ERROR("Init packet does not contain valid firmware size"); + } + + return ret_val; +} + + +/** + * @brief Function to check if single bank update should be used. + * + * @param new_fw_type Firmware type. + */ +static bool use_single_bank(dfu_fw_type_t new_fw_type) +{ + bool result = false; + + // DFU_FW_TYPE_EXTERNAL_APPLICATION never uses single bank + if (((new_fw_type == DFU_FW_TYPE_APPLICATION) || + (new_fw_type == DFU_FW_TYPE_SOFTDEVICE)) && + NRF_DFU_SINGLE_BANK_APP_UPDATES) + { + result = true; + } + + return result; +} + + +// Function to determine whether the new firmware needs a SoftDevice to be present. +static bool update_requires_softdevice(dfu_init_command_t const * p_init) +{ + return ((p_init->sd_req_count > 0) && (p_init->sd_req[0] != SD_REQ_APP_OVERWRITES_SD)); +} + + +// Function to determine whether the SoftDevice can be removed during the update or not. +static bool keep_softdevice(dfu_init_command_t const * p_init) +{ + UNUSED_PARAMETER(p_init); // It's unused when DFU_REQUIRES_SOFTDEVICE is true. + return DFU_REQUIRES_SOFTDEVICE || update_requires_softdevice(p_init); +} + + +/**@brief Function to determine where to temporarily store the incoming firmware. + * This also checks whether the update will fit, and deletes existing + * firmware to make room for the new firmware. + * + * @param[in] p_init Init command. + * @param[in] fw_size The size of the incoming firmware. + * @param[out] p_addr The address at which to initially store the firmware. + * + * @retval NRF_DFU_RES_CODE_SUCCESS If the size check passed and + * an address was found. + * @retval NRF_DFU_RES_CODE_INSUFFICIENT_RESOURCES If the size check failed. + */ +static nrf_dfu_result_t update_data_addr_get(dfu_init_command_t const * p_init, + uint32_t fw_size, + uint32_t * p_addr) +{ + nrf_dfu_result_t ret_val = NRF_DFU_RES_CODE_SUCCESS; + ret_code_t err_code = nrf_dfu_cache_prepare(fw_size, + use_single_bank(p_init->type), + NRF_DFU_FORCE_DUAL_BANK_APP_UPDATES, + keep_softdevice(p_init)); + if (err_code != NRF_SUCCESS) + { + NRF_LOG_ERROR("Can't find room for update"); + ret_val = NRF_DFU_RES_CODE_INSUFFICIENT_RESOURCES; + } + else + { + *p_addr = nrf_dfu_bank1_start_addr(); + NRF_LOG_DEBUG("Write address set to 0x%08x", *p_addr); + } + return ret_val; +} + + +nrf_dfu_result_t nrf_dfu_validation_prevalidate(void) +{ + nrf_dfu_result_t ret_val = NRF_DFU_RES_CODE_SUCCESS; + dfu_command_t const * p_command = &m_packet.command; + dfu_signature_type_t signature_type = DFU_SIGNATURE_TYPE_MIN; + uint8_t const * p_signature = NULL; + uint32_t signature_len = 0; + + if (m_packet.has_signed_command) + { + p_command = &m_packet.signed_command.command; + signature_type = m_packet.signed_command.signature_type; + p_signature = m_packet.signed_command.signature.bytes; + signature_len = m_packet.signed_command.signature.size; + } + + // Validate signature. + if (signature_required(p_command->init.type)) + { + ret_val = nrf_dfu_validation_signature_check(signature_type, + p_signature, + signature_len, + m_init_packet_data_ptr, + m_init_packet_data_len); + } + + // Validate versions. + if (ret_val == NRF_DFU_RES_CODE_SUCCESS) + { + ret_val = nrf_dfu_ver_validation_check(&p_command->init); + } + + if (ret_val != NRF_DFU_RES_CODE_SUCCESS) + { + NRF_LOG_WARNING("Prevalidation failed."); + NRF_LOG_DEBUG("Init command:"); + NRF_LOG_HEXDUMP_DEBUG(m_init_packet_data_ptr, m_init_packet_data_len); + } + + return ret_val; +} + + +nrf_dfu_result_t nrf_dfu_validation_init_cmd_execute(uint32_t * p_dst_data_addr, + uint32_t * p_data_len) +{ + nrf_dfu_result_t ret_val = NRF_DFU_RES_CODE_SUCCESS; + + if (s_dfu_settings.progress.command_offset != s_dfu_settings.progress.command_size) + { + // The object wasn't the right (requested) size. + NRF_LOG_ERROR("Execute with faulty offset"); + ret_val = NRF_DFU_RES_CODE_OPERATION_NOT_PERMITTED; + } + else if (m_valid_init_cmd_present) + { + *p_dst_data_addr = nrf_dfu_bank1_start_addr(); + ret_val = update_data_size_get(mp_init, p_data_len); + } + else if (stored_init_cmd_decode()) + { + // Will only get here if init command was received since last reset. + // An init command should not be written to flash until after it's been checked here. + ret_val = nrf_dfu_validation_prevalidate(); + + *p_dst_data_addr = 0; + *p_data_len = 0; + + // Get size of binary. + if (ret_val == NRF_DFU_RES_CODE_SUCCESS) + { + ret_val = update_data_size_get(mp_init, p_data_len); + } + + // Get address where to flash the binary. + if (ret_val == NRF_DFU_RES_CODE_SUCCESS) + { + ret_val = update_data_addr_get(mp_init, *p_data_len, p_dst_data_addr); + } + + // Set flag validating the init command. + if (ret_val == NRF_DFU_RES_CODE_SUCCESS) + { + m_valid_init_cmd_present = true; + } + else + { + nrf_dfu_settings_progress_reset(); + } + } + else + { + NRF_LOG_ERROR("Failed to decode init packet"); + ret_val = NRF_DFU_RES_CODE_INVALID_OBJECT; + } + + return ret_val; +} + + +// Function to check the hash received in the init command against the received firmware. +// little_endian specifies the endianness of @p p_hash. +static bool nrf_dfu_validation_hash_ok(uint8_t const * p_hash, uint32_t src_addr, uint32_t data_len, bool little_endian) +{ + ret_code_t err_code; + bool result = true; + uint8_t hash_be[NRF_CRYPTO_HASH_SIZE_SHA256]; + size_t hash_len = NRF_CRYPTO_HASH_SIZE_SHA256; + + nrf_crypto_hash_context_t hash_context = {0}; + + if (little_endian) + { + // Convert to hash to big-endian format for use in nrf_crypto. + nrf_crypto_internal_swap_endian(hash_be, + p_hash, + NRF_CRYPTO_HASH_SIZE_SHA256); + p_hash = hash_be; + } + + NRF_LOG_DEBUG("Hash verification. start address: 0x%x, size: 0x%x", + src_addr, + data_len); + + err_code = nrf_crypto_hash_calculate(&hash_context, + &g_nrf_crypto_hash_sha256_info, + (uint8_t*)src_addr, + data_len, + m_fw_hash, + &hash_len); + + if (err_code != NRF_SUCCESS) + { + NRF_LOG_ERROR("Could not run hash verification (err_code 0x%x).", err_code); + result = false; + } + else if (memcmp(m_fw_hash, p_hash, NRF_CRYPTO_HASH_SIZE_SHA256) != 0) + { + NRF_LOG_WARNING("Hash verification failed."); + NRF_LOG_DEBUG("Expected FW hash:") + NRF_LOG_HEXDUMP_DEBUG(p_hash, NRF_CRYPTO_HASH_SIZE_SHA256); + NRF_LOG_DEBUG("Actual FW hash:") + NRF_LOG_HEXDUMP_DEBUG(m_fw_hash, NRF_CRYPTO_HASH_SIZE_SHA256); + NRF_LOG_FLUSH(); + + result = false; + } + + return result; +} + + +// Function to check the hash received in the init command against the received firmware. +bool fw_hash_ok(dfu_init_command_t const * p_init, uint32_t fw_start_addr, uint32_t fw_size) +{ + ASSERT(p_init != NULL); + return nrf_dfu_validation_hash_ok((uint8_t *)p_init->hash.hash.bytes, fw_start_addr, fw_size, true); +} + + +// Function to check whether the update contains a SoftDevice and, if so, if it is of a different +// major version than the existing SoftDevice. +static bool is_major_softdevice_update(uint32_t new_sd_addr) +{ + // True if there is no SD right now, but there is a new one coming. This counts as a major update. + bool result = !SD_PRESENT && (SD_MAGIC_NUMBER_GET(new_sd_addr) == SD_MAGIC_NUMBER); + + if (SD_PRESENT && (SD_MAGIC_NUMBER_GET(new_sd_addr) == SD_MAGIC_NUMBER)) + { + // Both SoftDevices are present. + uint32_t current_SD_major = SD_MAJOR_VERSION_EXTRACT(SD_VERSION_GET(MBR_SIZE)); + uint32_t new_SD_major = SD_MAJOR_VERSION_EXTRACT(SD_VERSION_GET(new_sd_addr)); + + result = (current_SD_major != new_SD_major); + + NRF_LOG_INFO("SoftDevice update is a %s version update. Current: %d. New: %d.", + result ? "major" : "minor", + current_SD_major, + new_SD_major); + } + + return result; +} + + +/**@brief Validate the SoftDevice size and magic number in structure found at 0x2000 in received SoftDevice. + * + * @param[in] sd_start_addr Start address of received SoftDevice. + * @param[in] sd_size Size of received SoftDevice in bytes. + */ +static bool softdevice_info_ok(uint32_t sd_start_addr, uint32_t sd_size) +{ + bool result = true; + + if (SD_MAGIC_NUMBER_GET(sd_start_addr) != SD_MAGIC_NUMBER) + { + NRF_LOG_ERROR("The SoftDevice does not contain the magic number identifying it as a SoftDevice."); + result = false; + } + else if (SD_SIZE_GET(sd_start_addr) < ALIGN_TO_PAGE(sd_size + MBR_SIZE)) + { + // The size in the info struct should be rounded up to a page boundary + // and be larger than the actual size + the size of the MBR. + NRF_LOG_ERROR("The SoftDevice size in the info struct is too small compared with the size reported in the init command."); + result = false; + } + else if (SD_PRESENT && (SD_ID_GET(MBR_SIZE) != SD_ID_GET(sd_start_addr))) + { + NRF_LOG_ERROR("The new SoftDevice is of a different family than the present SoftDevice. Compatibility cannot be guaranteed."); + result = false; + } + + return result; +} + + +static bool boot_validation_extract(boot_validation_t * p_boot_validation, + dfu_init_command_t const * p_init, + uint32_t index, + uint32_t start_addr, + uint32_t data_len, + boot_validation_type_t default_type) +{ + ret_code_t err_code; + size_t hash_len = NRF_CRYPTO_HASH_SIZE_SHA256; + + nrf_crypto_hash_context_t hash_context = {0}; + + memset(p_boot_validation, 0, sizeof(boot_validation_t)); + p_boot_validation->type = (p_init->boot_validation_count > index) + ? (boot_validation_type_t)p_init->boot_validation[index].type + : default_type; // default + + switch(p_boot_validation->type) + { + case NO_VALIDATION: + break; + + case VALIDATE_CRC: + *(uint32_t *)&p_boot_validation->bytes[0] = crc32_compute((uint8_t *)start_addr, data_len, NULL); + break; + + case VALIDATE_SHA256: + err_code = nrf_crypto_hash_calculate(&hash_context, + &g_nrf_crypto_hash_sha256_info, + (uint8_t*)start_addr, + data_len, + p_boot_validation->bytes, + &hash_len); + if (err_code != NRF_SUCCESS) + { + NRF_LOG_ERROR("nrf_crypto_hash_calculate() failed with error %s", nrf_strerror_get(err_code)); + return false; + } + break; + + case VALIDATE_ECDSA_P256_SHA256: + memcpy(p_boot_validation->bytes, p_init->boot_validation[index].bytes.bytes, p_init->boot_validation[index].bytes.size); + break; + + default: + NRF_LOG_ERROR("Invalid boot validation type: %d", p_boot_validation->type); + return false; + } + + return nrf_dfu_validation_boot_validate(p_boot_validation, start_addr, data_len); +} + + +// The is_trusted argument specifies whether the function should have side effects. +static bool postvalidate_app(dfu_init_command_t const * p_init, uint32_t src_addr, uint32_t data_len, bool is_trusted) +{ + boot_validation_t boot_validation; + + ASSERT(p_init->type == DFU_FW_TYPE_APPLICATION); + + if (!boot_validation_extract(&boot_validation, p_init, 0, src_addr, data_len, VALIDATE_CRC)) + { + return false; + } +#if !NRF_DFU_IN_APP + else if (NRF_BL_APP_SIGNATURE_CHECK_REQUIRED && + (boot_validation.type != VALIDATE_ECDSA_P256_SHA256)) + { + NRF_LOG_WARNING("The boot validation of the app must be a signature check."); + return false; + } +#endif + + if (!is_trusted) + { + return true; + } + + memcpy(&s_dfu_settings.boot_validation_app, &boot_validation, sizeof(boot_validation)); + + s_dfu_settings.bank_1.bank_code = NRF_DFU_BANK_VALID_APP; + + NRF_LOG_DEBUG("Invalidating old application in bank 0."); + s_dfu_settings.bank_0.bank_code = NRF_DFU_BANK_INVALID; + + if (!DFU_REQUIRES_SOFTDEVICE && !update_requires_softdevice(p_init)) + { + // App does not need SD, so it should be placed where SD is. + nrf_dfu_softdevice_invalidate(); + } + + if (!NRF_DFU_DEBUG || + (NRF_DFU_DEBUG && (p_init->has_is_debug == false || p_init->is_debug == false))) + { + s_dfu_settings.app_version = p_init->fw_version; + } + + return true; +} + + +// Function to check a received SoftDevice or Bootloader firmware, or both, +// before it is copied into place. +// The is_trusted argument specifies whether the function should have side effects. +static bool postvalidate_sd_bl(dfu_init_command_t const * p_init, + bool with_sd, + bool with_bl, + uint32_t start_addr, + uint32_t data_len, + bool is_trusted) +{ + boot_validation_t boot_validation_sd = {NO_VALIDATION}; + boot_validation_t boot_validation_bl = {NO_VALIDATION}; + uint32_t bl_start = start_addr; + uint32_t bl_size = data_len; + + ASSERT(with_sd || with_bl); + + if (with_sd) + { + if (!softdevice_info_ok(start_addr, p_init->sd_size)) + { + return false; + } + + if (is_major_softdevice_update(start_addr)) + { + NRF_LOG_WARNING("Invalidating app because it is incompatible with the SoftDevice."); + if (DFU_REQUIRES_SOFTDEVICE && !with_bl) + { + NRF_LOG_ERROR("Major SD update but no BL. Abort to avoid incapacitating the BL."); + return false; + } + } + + if (!boot_validation_extract(&boot_validation_sd, p_init, 0, start_addr, p_init->sd_size, VALIDATE_CRC)) + { + return false; + } + + bl_start += p_init->sd_size; + bl_size -= p_init->sd_size; + } + if (with_bl) + { + if (!boot_validation_extract(&boot_validation_bl, p_init, with_sd ? 1 : 0, bl_start, bl_size, NO_VALIDATION)) + { + return false; + } + else if (boot_validation_bl.type != NO_VALIDATION) + { + NRF_LOG_WARNING("Boot validation of bootloader is not supported and will be ignored."); + } + } + + if (!is_trusted) + { + return true; + } + + if (with_sd) + { + if (is_major_softdevice_update(start_addr)) + { + // Invalidate app since it may not be compatible with new SD. + nrf_dfu_bank_invalidate(&s_dfu_settings.bank_0); + } + + memcpy(&s_dfu_settings.boot_validation_softdevice, &boot_validation_sd, sizeof(boot_validation_sd)); + + // Mark the update as valid. + s_dfu_settings.bank_1.bank_code = with_bl ? NRF_DFU_BANK_VALID_SD_BL + : NRF_DFU_BANK_VALID_SD; + + s_dfu_settings.sd_size = p_init->sd_size; + } + else + { + s_dfu_settings.bank_1.bank_code = NRF_DFU_BANK_VALID_BL; + } + + + if (with_bl) + { + memcpy(&s_dfu_settings.boot_validation_bootloader, &boot_validation_bl, sizeof(boot_validation_bl)); + + if (!NRF_DFU_DEBUG || + (NRF_DFU_DEBUG && (p_init->has_is_debug == false || p_init->is_debug == false))) + { + // If the update contains a bootloader, update the version. + // Unless the update is a debug packet. + s_dfu_settings.bootloader_version = p_init->fw_version; + } + } + + return true; +} + + +bool nrf_dfu_validation_boot_validate(boot_validation_t const * p_validation, uint32_t data_addr, uint32_t data_len) +{ + uint8_t const * p_data = (uint8_t*) data_addr; + switch(p_validation->type) + { + case NO_VALIDATION: + return true; + + case VALIDATE_CRC: + { + uint32_t current_crc = *(uint32_t *)p_validation->bytes; + uint32_t crc = crc32_compute(p_data, data_len, NULL); + + if (crc != current_crc) + { + // CRC does not match with what is stored. + NRF_LOG_DEBUG("CRC check of app failed. Return %d", NRF_DFU_DEBUG); + return NRF_DFU_DEBUG; + } + return true; + } + + case VALIDATE_SHA256: + return nrf_dfu_validation_hash_ok(p_validation->bytes, data_addr, data_len, false); + + case VALIDATE_ECDSA_P256_SHA256: + { + nrf_dfu_result_t res_code = nrf_dfu_validation_signature_check( + DFU_SIGNATURE_TYPE_ECDSA_P256_SHA256, + p_validation->bytes, + NRF_CRYPTO_ECDSA_SECP256R1_SIGNATURE_SIZE, + p_data, + data_len); + return (res_code == NRF_DFU_RES_CODE_SUCCESS); + } + + default: + ASSERT(false); + return false; + } +} + + +nrf_dfu_result_t postvalidate(uint32_t data_addr, uint32_t data_len, bool is_trusted) +{ + nrf_dfu_result_t ret_val = NRF_DFU_RES_CODE_SUCCESS; + dfu_init_command_t const * p_init = mp_init; + + if (!fw_hash_ok(p_init, data_addr, data_len)) + { + ret_val = EXT_ERR(NRF_DFU_EXT_ERROR_VERIFICATION_FAILED); + } + else + { + if (p_init->type == DFU_FW_TYPE_APPLICATION) + { + if (!postvalidate_app(p_init, data_addr, data_len, is_trusted)) + { + ret_val = NRF_DFU_RES_CODE_INVALID_OBJECT; + } + } +#if NRF_DFU_SUPPORTS_EXTERNAL_APP + else if (p_init->type == DFU_FW_TYPE_EXTERNAL_APPLICATION) + { + if (!is_trusted) + { + // This function must be implemented externally + ret_val = nrf_dfu_validation_post_external_app_execute(p_init, is_trusted); + } + else + { + s_dfu_settings.bank_1.bank_code = NRF_DFU_BANK_VALID_EXT_APP; + } + } +#endif // NRF_DFU_SUPPORTS_EXTERNAL_APP + else + { + bool with_sd = p_init->type & DFU_FW_TYPE_SOFTDEVICE; + bool with_bl = p_init->type & DFU_FW_TYPE_BOOTLOADER; + + if (!postvalidate_sd_bl(p_init, with_sd, with_bl, data_addr, data_len, is_trusted)) + { + ret_val = NRF_DFU_RES_CODE_INVALID_OBJECT; + if (is_trusted && with_sd && !DFU_REQUIRES_SOFTDEVICE && + (data_addr == nrf_dfu_softdevice_start_address())) + { + nrf_dfu_softdevice_invalidate(); + } + } + } + } + + if (!is_trusted) + { + if (ret_val == NRF_DFU_RES_CODE_SUCCESS) + { + s_dfu_settings.bank_current = NRF_DFU_CURRENT_BANK_1; + } + else + { + nrf_dfu_settings_progress_reset(); + } + } + else + { + if (ret_val == NRF_DFU_RES_CODE_SUCCESS) + { + // Mark the update as complete and valid. + s_dfu_settings.bank_1.image_crc = crc32_compute((uint8_t *)data_addr, data_len, NULL); + s_dfu_settings.bank_1.image_size = data_len; + } + else + { + nrf_dfu_bank_invalidate(&s_dfu_settings.bank_1); + } + + nrf_dfu_settings_progress_reset(); + s_dfu_settings.progress.update_start_address = data_addr; + } + + return ret_val; +} + + +nrf_dfu_result_t nrf_dfu_validation_post_data_execute(uint32_t data_addr, uint32_t data_len) +{ + return postvalidate(data_addr, data_len, false); +} + + +nrf_dfu_result_t nrf_dfu_validation_activation_prepare(uint32_t data_addr, uint32_t data_len) +{ + return postvalidate(data_addr, data_len, true); +} + + +bool nrf_dfu_validation_valid_external_app(void) +{ + return s_dfu_settings.bank_1.bank_code == NRF_DFU_BANK_VALID_EXT_APP; +} diff --git a/core/embed/ble_firmware/memory.ld b/core/embed/ble_firmware/memory.ld index 6a607e0d9..5f60d7ab8 100644 --- a/core/embed/ble_firmware/memory.ld +++ b/core/embed/ble_firmware/memory.ld @@ -5,7 +5,7 @@ GROUP(-lgcc -lc -lnosys) MEMORY { - FLASH (rx) : ORIGIN = 0x27000, LENGTH = 0x49000 + FLASH (rx) : ORIGIN = 0x27000, LENGTH = 0x39000 RAM (rwx) : ORIGIN = 0x20002ae8, LENGTH = 0x1d518 } diff --git a/core/embed/sdk/nrf52/modules/nrfx/mdk/gcc_startup_nrf52833.S b/core/embed/sdk/nrf52/modules/nrfx/mdk/gcc_startup_nrf52833.S index 16030a7ee..14e113096 100644 --- a/core/embed/sdk/nrf52/modules/nrfx/mdk/gcc_startup_nrf52833.S +++ b/core/embed/sdk/nrf52/modules/nrfx/mdk/gcc_startup_nrf52833.S @@ -253,7 +253,6 @@ Reset_Handler: * * All addresses must be aligned to 4 bytes boundary. */ -#ifdef __STARTUP_CLEAR_BSS ldr r1, =__bss_start__ ldr r2, =__bss_end__ @@ -268,7 +267,6 @@ Reset_Handler: bgt .L_loop3 .L_loop3_done: -#endif /* __STARTUP_CLEAR_BSS */ /* Execute SystemInit function. */ bl SystemInit @@ -277,7 +275,7 @@ Reset_Handler: * If those libraries are not accessible, define __START as your entry point. */ #ifndef __START -#define __START _start +#define __START main #endif bl __START