arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-11-22 15:38:11 +00:00
Code Issues Releases Wiki Activity

bootloader/loader: rename crypto.c/h to image.c/h, refactor

Browse Source
This commit is contained in:
Pavol Rusnak 2017-04-01 12:57:14 +02:00
parent a440f3d322
commit 74db11cbfc
No known key found for this signature in database
GPG Key ID: 91F3B339B9A02A3D
12 changed files with 88 additions and 208 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Makefile.bootloader
View File

@ -56,11 +56,11 @@ OBJ_HAL += $(addprefix $(BUILD_MP)/,\
# OBJ micropython/
OBJ_FW += $(addprefix $(BUILD_FW)/, \
bootloader/crypto.o \
bootloader/main.o \
extmod/modtrezorui/display.o \
extmod/modtrezorui/font_bitmap.o \
trezorhal/common.o \
trezorhal/image.o \
trezorhal/sdcard.o \
trezorhal/stm32_it.o \
trezorhal/stm32_system.o \
@ -94,8 +94,8 @@ SRC_MOD = $(patsubst $(BUILD_FW)%.o, $(SRCDIR_FW)%.c, $(OBJ_MOD))
CROSS_COMPILE = arm-none-eabi-
INC += -I.
INC += -I$(SRCDIR_FW)/bootloader
INC += -I$(SRCDIR_FW)/extmod/modtrezorui
INC += -I$(SRCDIR_FW)/firmware
INC += -I$(SRCDIR_FW)/trezorhal
INC += -I$(SRCDIR_FW)/trezorhal/hal
INC += -I$(SRCDIR_MP)

2
Makefile.firmware
View File

@ -341,8 +341,8 @@ SRC_MOD = $(patsubst $(BUILD_FW)%.o, $(SRCDIR_FW)%.c, $(OBJ_MOD))
CROSS_COMPILE = arm-none-eabi-
INC += -I.
INC += -I$(SRCDIR_FW)/extmod/modtrezorui
INC += -I$(SRCDIR_FW)/firmware
INC += -I$(SRCDIR_FW)/extmod/modtrezorui
INC += -I$(SRCDIR_FW)/trezorhal
INC += -I$(SRCDIR_FW)/trezorhal/hal
INC += -I$(SRCDIR_MP)

4
Makefile.loader
View File

@ -56,12 +56,12 @@ OBJ_HAL += $(addprefix $(BUILD_MP)/,\
# OBJ micropython/
OBJ_FW += $(addprefix $(BUILD_FW)/, \
loader/crypto.o \
loader/header.o \
loader/main.o \
extmod/modtrezorui/display.o \
extmod/modtrezorui/font_bitmap.o \
trezorhal/common.o \
trezorhal/image.o \
trezorhal/stm32_it.o \
trezorhal/stm32_system.o \
trezorhal/hal/stm32f4xx_hal_sram.o \
@ -94,8 +94,8 @@ SRC_MOD = $(patsubst $(BUILD_FW)%.o, $(SRCDIR_FW)%.c, $(OBJ_MOD))
CROSS_COMPILE = arm-none-eabi-
INC += -I.
INC += -I$(SRCDIR_FW)/loader
INC += -I$(SRCDIR_FW)/extmod/modtrezorui
INC += -I$(SRCDIR_FW)/firmware
INC += -I$(SRCDIR_FW)/trezorhal
INC += -I$(SRCDIR_FW)/trezorhal/hal
INC += -I$(SRCDIR_MP)

105
micropython/bootloader/crypto.c
View File

@ -1,105 +0,0 @@
#include <string.h>
#include "blake2s.h"
#include "ed25519-donna/ed25519.h"
#include "common.h"
#include "crypto.h"
bool parse_header(const uint8_t *data, uint32_t *codelen, uint8_t *sigmask, uint8_t *sig)
{
uint32_t magic;
memcpy(&magic, data, 4);
if (magic != 0x4C5A5254) return false; // TRZL
uint32_t hdrlen;
memcpy(&hdrlen, data + 4, 4);
if (hdrlen != HEADER_SIZE) return false;
uint32_t expiry;
memcpy(&expiry, data + 8, 4);
if (expiry != 0) return false;
uint32_t clen;
memcpy(&clen, data + 12, 4);
if (clen + hdrlen < 4 * 1024) return false;
if (clen + hdrlen > 64 * 1024 + 7 * 128 * 1024) return false;
if ((clen + hdrlen) % 512 != 0) return false;
if (codelen) {
*codelen = clen;
}
uint32_t version;
memcpy(&version, data + 16, 4);
// uint8_t reserved[427];
if (sigmask) {
memcpy(sigmask, data + 0x01BF, 1);
}
if (sig) {
memcpy(sig, data + 0x01C0, 64);
}
return true;
}
#define KEYMASK(A, B, C) ((1 << (A - 1)) | (1 << (B - 1)) | (1 << (C - 1)))
const uint8_t *get_pubkey(uint8_t index)
{
switch (index) {
case KEYMASK(1, 2, 3):
return (const uint8_t *)"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
case KEYMASK(1, 2, 4):
return (const uint8_t *)"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
case KEYMASK(1, 2, 5):
return (const uint8_t *)"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
case KEYMASK(1, 3, 4):
return (const uint8_t *)"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
case KEYMASK(1, 3, 5):
return (const uint8_t *)"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
case KEYMASK(1, 4, 5):
return (const uint8_t *)"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
case KEYMASK(2, 3, 4):
return (const uint8_t *)"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
case KEYMASK(2, 3, 5):
return (const uint8_t *)"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
case KEYMASK(2, 4, 5):
return (const uint8_t *)"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
case KEYMASK(3, 4, 5):
return (const uint8_t *)"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
default:
return NULL;
}
}
bool check_signature(const uint8_t *start)
{
uint32_t codelen;
uint8_t sigmask;
uint8_t sig[64];
if (!parse_header(start, &codelen, &sigmask, sig)) {
return false;
}
uint8_t hash[BLAKE2S_DIGEST_LENGTH];
BLAKE2S_CTX ctx;
blake2s_Init(&ctx, BLAKE2S_DIGEST_LENGTH);
blake2s_Update(&ctx, start, 256 - 65);
for (int i = 0; i < 65; i++) {
blake2s_Update(&ctx, (const uint8_t *)"\x00", 1);
}
blake2s_Update(&ctx, start + 256, codelen);
blake2s_Final(&ctx, hash, BLAKE2S_DIGEST_LENGTH);
const uint8_t *pub = get_pubkey(sigmask);
// TODO: remove debug skip of unsigned
if (!pub) return true;
// end
return pub && (0 == ed25519_sign_open(hash, BLAKE2S_DIGEST_LENGTH, *(const ed25519_public_key *)pub, *(const ed25519_signature *)sig));
}

11
micropython/bootloader/crypto.h
View File

@ -1,11 +0,0 @@
#ifndef __BOOTLOADER_CRYPTO_H__
#define __BOOTLOADER_CRYPTO_H__
#include <stdint.h>
#include <stdbool.h>
bool parse_header(const uint8_t *data, uint32_t *codelen, uint8_t *sigidx, uint8_t *sig);
bool check_signature(const uint8_t *start);
#endif

2
micropython/bootloader/image_options.h Normal file
View File

@ -0,0 +1,2 @@
#define IMAGE_MAGIC 0x4C5A5254 // TRZL
#define IMAGE_MAXSIZE (1 * 64 * 1024 + 7 * 128 + 1024)

24
micropython/bootloader/main.c
View File

@ -2,10 +2,9 @@
#include <string.h>
#include "crypto.h"
#include "common.h"
#include "display.h"
#include "image.h"
#include "sdcard.h"
#define BOOTLOADER_FGCOLOR 0xFFFF
@ -38,13 +37,13 @@ bool check_sdcard(void)
return false;
}
uint8_t buf[SDCARD_BLOCK_SIZE] __attribute__((aligned(4)));
uint32_t buf[SDCARD_BLOCK_SIZE / sizeof(uint32_t)];
sdcard_read_blocks(buf, 0, 1);
sdcard_power_off();
if (parse_header(buf, NULL, NULL, NULL)) {
if (image_parse_header((const uint8_t *)buf, NULL)) {
BOOTLOADER_PRINTLN("SD card header is valid");
return true;
} else {
@ -86,13 +85,13 @@ bool copy_sdcard(void)
uint32_t buf[SDCARD_BLOCK_SIZE / sizeof(uint32_t)];
sdcard_read_blocks((uint8_t *)buf, 0, 1);
uint32_t codelen;
if (!parse_header((uint8_t *)buf, &codelen, NULL, NULL)) {
image_header hdr;
if (!image_parse_header((const uint8_t *)buf, &hdr)) {
BOOTLOADER_PRINTLN("wrong header");
return false;
}
for (int i = 0; i < codelen / SDCARD_BLOCK_SIZE; i++) {
for (int i = 0; i < (HEADER_SIZE + hdr.codelen) / SDCARD_BLOCK_SIZE; i++) {
sdcard_read_blocks((uint8_t *)buf, i, 1);
for (int j = 0; j < SDCARD_BLOCK_SIZE / sizeof(uint32_t); j++) {
if (HAL_FLASH_Program(TYPEPROGRAM_WORD, LOADER_START + i * SDCARD_BLOCK_SIZE + j * sizeof(uint32_t), buf[j]) != HAL_OK) {
@ -115,10 +114,8 @@ bool copy_sdcard(void)
void check_and_jump(void)
{
BOOTLOADER_PRINTLN("checking loader");
if (parse_header((const uint8_t *)LOADER_START, NULL, NULL, NULL)) {
BOOTLOADER_PRINTLN("valid loader header");
if (check_signature((const uint8_t *)LOADER_START)) {
BOOTLOADER_PRINTLN("valid loader signature");
if (image_check_signature((const uint8_t *)LOADER_START)) {
BOOTLOADER_PRINTLN("valid loader image");
// TODO: remove debug wait
BOOTLOADER_PRINTLN("waiting 1 second");
HAL_Delay(1000);
@ -126,10 +123,7 @@ void check_and_jump(void)
BOOTLOADER_PRINTLN("JUMP!");
jump_to(LOADER_START + HEADER_SIZE);
} else {
BOOTLOADER_PRINTLN("invalid loader signature");
}
} else {
BOOTLOADER_PRINTLN("invalid loader header");
BOOTLOADER_PRINTLN("invalid loader image");
}
}

11
micropython/loader/crypto.h
View File

@ -1,11 +0,0 @@
#ifndef __LOADER_CRYPTO_H__
#define __LOADER_CRYPTO_H__
#include <stdint.h>
#include <stdbool.h>
bool parse_header(const uint8_t *data, uint32_t *codelen, uint8_t *sigidx, uint8_t *sig);
bool check_signature(const uint8_t *start);
#endif

2
micropython/loader/image_options.h Normal file
View File

@ -0,0 +1,2 @@
#define IMAGE_MAGIC 0x465A5254 // TRZF
#define IMAGE_MAXSIZE (7 * 128 + 1024)

15
micropython/loader/main.c
View File

@ -2,7 +2,7 @@
#include "common.h"
#include "display.h"
#include "crypto.h"
#include "image.h"
#define LOADER_FGCOLOR 0xFFFF
#define LOADER_BGCOLOR 0x0000
@ -17,21 +17,16 @@ void pendsv_isr_handler(void) {
void check_and_jump(void)
{
LOADER_PRINTLN("checking firmware");
if (parse_header((const uint8_t *)FIRMWARE_START, NULL, NULL, NULL)) {
LOADER_PRINTLN("valid firmware header");
if (check_signature((const uint8_t *)FIRMWARE_START)) {
LOADER_PRINTLN("valid firmware signature");
LOADER_PRINTLN("JUMP!");
if (image_check_signature((const uint8_t *)FIRMWARE_START)) {
LOADER_PRINTLN("valid firmware image");
// TODO: remove debug wait
LOADER_PRINTLN("waiting 1 second");
HAL_Delay(1000);
// end
LOADER_PRINTLN("JUMP!");
jump_to(FIRMWARE_START + HEADER_SIZE);
} else {
LOADER_PRINTLN("invalid firmware signature");
}
} else {
LOADER_PRINTLN("invalid firmware header");
LOADER_PRINTLN("invalid firmware image");
}
}

70
micropython/loader/crypto.c → micropython/trezorhal/image.c
View File

@ -4,51 +4,43 @@
#include "ed25519-donna/ed25519.h"
#include "common.h"
#include "crypto.h"
#include "image.h"
bool parse_header(const uint8_t *data, uint32_t *codelen, uint8_t *sigmask, uint8_t *sig)
bool image_parse_header(const uint8_t *data, image_header *header)
{
uint32_t magic;
memcpy(&magic, data, 4);
if (magic != 0x465A5254) return false; // TRZF
uint32_t hdrlen;
memcpy(&hdrlen, data + 4, 4);
if (hdrlen != HEADER_SIZE) return false;
uint32_t expiry;
memcpy(&expiry, data + 8, 4);
if (expiry != 0) return false;
uint32_t clen;
memcpy(&clen, data + 12, 4);
if (clen + hdrlen < 4 * 1024) return false;
if (clen + hdrlen > 7 * 128 * 1024) return false;
if ((clen + hdrlen) % 512 != 0) return false;
if (codelen) {
*codelen = clen;
if (!header) {
image_header h;
header = &h;
}
uint32_t version;
memcpy(&version, data + 16, 4);
memcpy(&header->magic, data, 4);
if (header->magic != IMAGE_MAGIC) return false;
memcpy(&header->hdrlen, data + 4, 4);
if (header->hdrlen != HEADER_SIZE) return false;
memcpy(&header->expiry, data + 8, 4);
if (header->expiry != 0) return false;
memcpy(&header->codelen, data + 12, 4);
if (header->hdrlen + header->codelen < 4 * 1024) return false;
if (header->hdrlen + header->codelen > IMAGE_MAXSIZE) return false;
if ((header->hdrlen + header->codelen) % 512 != 0) return false;
memcpy(&header->version, data + 16, 4);
// uint8_t reserved[427];
if (sigmask) {
memcpy(sigmask, data + 0x01BF, 1);
}
memcpy(&header->sigmask, data + 0x01BF, 1);
if (sig) {
memcpy(sig, data + 0x01C0, 64);
}
memcpy(header->sig, data + 0x01C0, 64);
return true;
}
#define KEYMASK(A, B, C) ((1 << (A - 1)) | (1 << (B - 1)) | (1 << (C - 1)))
const uint8_t *get_pubkey(uint8_t index)
static const uint8_t *get_pubkey(uint8_t index)
{
switch (index) {
case KEYMASK(1, 2, 3):
@ -76,30 +68,28 @@ const uint8_t *get_pubkey(uint8_t index)
}
}
bool check_signature(const uint8_t *start)
bool image_check_signature(const uint8_t *data)
{
uint32_t codelen;
uint8_t sigmask;
uint8_t sig[64];
if (!parse_header(start, &codelen, &sigmask, sig)) {
image_header hdr;
if (!image_parse_header(data, &hdr)) {
return false;
}
uint8_t hash[BLAKE2S_DIGEST_LENGTH];
BLAKE2S_CTX ctx;
blake2s_Init(&ctx, BLAKE2S_DIGEST_LENGTH);
blake2s_Update(&ctx, start, 256 - 65);
blake2s_Update(&ctx, data, HEADER_SIZE - 65);
for (int i = 0; i < 65; i++) {
blake2s_Update(&ctx, (const uint8_t *)"\x00", 1);
}
blake2s_Update(&ctx, start + 256, codelen);
blake2s_Update(&ctx, data + HEADER_SIZE, hdr.codelen);
blake2s_Final(&ctx, hash, BLAKE2S_DIGEST_LENGTH);
const uint8_t *pub = get_pubkey(sigmask);
const uint8_t *pub = get_pubkey(hdr.sigmask);
// TODO: remove debug skip of unsigned
if (!pub) return true;
// end
return pub && (0 == ed25519_sign_open(hash, BLAKE2S_DIGEST_LENGTH, *(const ed25519_public_key *)pub, *(const ed25519_signature *)sig));
return pub && (0 == ed25519_sign_open(hash, BLAKE2S_DIGEST_LENGTH, *(const ed25519_public_key *)pub, *(const ed25519_signature *)hdr.sig));
}

24
micropython/trezorhal/image.h Normal file
View File

@ -0,0 +1,24 @@
#ifndef __TREZORHAL_IMAGE_H__
#define __TREZORHAL_IMAGE_H__
#include <stdint.h>
#include <stdbool.h>
#include "image_options.h"
typedef struct {
uint32_t magic;
uint32_t hdrlen;
uint32_t expiry;
uint32_t codelen;
uint32_t version;
// uint8_t reserved[427];
uint8_t sigmask;
uint8_t sig[64];
} image_header;
bool image_parse_header(const uint8_t *data, image_header *header);
bool image_check_signature(const uint8_t *data);
#endif