arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-02-17 01:52:02 +00:00
Code Issues Releases Wiki Activity

boardloader, bootloader: check image contents against hashes in the header

Browse Source
This commit is contained in:
Pavol Rusnak 2017-10-26 17:16:59 +02:00
parent b4ff9deb6b
commit 7c891e19e5
No known key found for this signature in database
GPG Key ID: 91F3B339B9A02A3D
4 changed files with 40 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
embed/boardloader/main.c
View File

@ -182,6 +182,10 @@ int main(void)
load_image_header((const uint8_t *)BOOTLOADER_START, BOOTLOADER_IMAGE_MAGIC, BOOTLOADER_IMAGE_MAXSIZE, BOARDLOADER_KEY_M, BOARDLOADER_KEY_N, BOARDLOADER_KEYS, &hdr), load_image_header((const uint8_t *)BOOTLOADER_START, BOOTLOADER_IMAGE_MAGIC, BOOTLOADER_IMAGE_MAXSIZE, BOARDLOADER_KEY_M, BOARDLOADER_KEY_N, BOARDLOADER_KEYS, &hdr),
"invalid bootloader header"); "invalid bootloader header");
ensure(
check_image_contents(&hdr, (const uint8_t *)BOOTLOADER_START, 1),
"invalid bootloader hash");
jump_to(BOOTLOADER_START + IMAGE_HEADER_SIZE); jump_to(BOOTLOADER_START + IMAGE_HEADER_SIZE);
return 0; return 0;

4
embed/bootloader/main.c
View File

@ -327,6 +327,10 @@ int main(void)
load_image_header((const uint8_t *)(FIRMWARE_START + vhdr.hdrlen), FIRMWARE_IMAGE_MAGIC, FIRMWARE_IMAGE_MAXSIZE, vhdr.vsig_m, vhdr.vsig_n, vhdr.vpub, &hdr), load_image_header((const uint8_t *)(FIRMWARE_START + vhdr.hdrlen), FIRMWARE_IMAGE_MAGIC, FIRMWARE_IMAGE_MAXSIZE, vhdr.vsig_m, vhdr.vsig_n, vhdr.vpub, &hdr),
"invalid firmware header"); "invalid firmware header");
ensure(
check_image_contents(&hdr, (const uint8_t *)(FIRMWARE_START + vhdr.hdrlen), 6),
"invalid firmware hash");
display_vendor(vhdr.vimg, (const char *)vhdr.vstr, vhdr.vstr_len, hdr.version); display_vendor(vhdr.vimg, (const char *)vhdr.vstr, vhdr.vstr_len, hdr.version);
display_fade(0, BACKLIGHT_NORMAL, 1000); display_fade(0, BACKLIGHT_NORMAL, 1000);
if (vhdr.vtrust < 50) { if (vhdr.vtrust < 50) {

30
embed/trezorhal/image.c
View File

@ -128,3 +128,33 @@ bool load_vendor_header(const uint8_t * const data, uint8_t key_m, uint8_t key_n
return 0 == ed25519_sign_open(hash, BLAKE2S_DIGEST_LENGTH, pub, *(const ed25519_signature *)vhdr->sig); return 0 == ed25519_sign_open(hash, BLAKE2S_DIGEST_LENGTH, pub, *(const ed25519_signature *)vhdr->sig);
} }
static bool check_hash(const uint8_t * const hash, const uint8_t * const data, int len)
{
uint8_t h[BLAKE2S_DIGEST_LENGTH];
blake2s(data, len, h, BLAKE2S_DIGEST_LENGTH);
return 0 == memcmp(h, hash, BLAKE2S_DIGEST_LENGTH);
}
#define MIN(a,b) ((a) < (b) ? (a) : (b))
bool check_image_contents(const image_header * const hdr, const uint8_t * const data, int maxblocks)
{
int remaining = hdr->codelen;
if (!check_hash(hdr->hashes, data + IMAGE_HEADER_SIZE, MIN(remaining, IMAGE_CHUNK_SIZE - IMAGE_HEADER_SIZE))) {
return false;
}
int block = 1;
remaining -= IMAGE_CHUNK_SIZE - IMAGE_HEADER_SIZE;
while (remaining > 0) {
if (block >= maxblocks) {
return false;
}
if (!check_hash(hdr->hashes + block * 32, data + block * IMAGE_CHUNK_SIZE, MIN(remaining, IMAGE_CHUNK_SIZE))) {
return false;
}
block++;
remaining -= IMAGE_CHUNK_SIZE;
}
return true;
}

2
embed/trezorhal/image.h
View File

@ -48,4 +48,6 @@ bool load_image_header(const uint8_t * const data, const uint32_t magic, const u
bool load_vendor_header(const uint8_t * const data, uint8_t key_m, uint8_t key_n, const uint8_t * const *keys, vendor_header * const vhdr); bool load_vendor_header(const uint8_t * const data, uint8_t key_m, uint8_t key_n, const uint8_t * const *keys, vendor_header * const vhdr);
bool check_image_contents(const image_header * const hdr, const uint8_t * const data, int maxblocks);
#endif #endif