1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-11-22 23:48:12 +00:00

adapt python scripts to Python3

This commit is contained in:
Pavol Rusnak 2017-02-01 18:07:47 +01:00
parent 1943d840e3
commit 801ca6e644
No known key found for this signature in database
GPG Key ID: 91F3B339B9A02A3D
6 changed files with 68 additions and 51 deletions

View File

@ -1,4 +1,4 @@
#!/usr/bin/env python2 #!/usr/bin/env python
import sys import sys
import os import os

View File

@ -1,10 +1,16 @@
#!/usr/bin/env python2 #!/usr/bin/python
from __future__ import print_function
import argparse import argparse
import hashlib import hashlib
import struct import struct
import binascii import binascii
import ecdsa import ecdsa
try:
raw_input
except:
raw_input = input
SLOTS = 3 SLOTS = 3
pubkeys = { pubkeys = {
@ -31,17 +37,17 @@ def prepare(data):
# Takes raw OR signed firmware and clean out metadata structure # Takes raw OR signed firmware and clean out metadata structure
# This produces 'clean' data for signing # This produces 'clean' data for signing
meta = 'TRZR' # magic meta = b'TRZR' # magic
if data[:4] == 'TRZR': if data[:4] == b'TRZR':
meta += data[4:4 + struct.calcsize('<I')] meta += data[4:4 + struct.calcsize('<I')]
else: else:
meta += struct.pack('<I', len(data)) # length of the code meta += struct.pack('<I', len(data)) # length of the code
meta += '\x00' * SLOTS # signature index #1-#3 meta += b'\x00' * SLOTS # signature index #1-#3
meta += '\x01' # flags meta += b'\x01' # flags
meta += '\x00' * 52 # reserved meta += b'\x00' * 52 # reserved
meta += '\x00' * 64 * SLOTS # signature #1-#3 meta += b'\x00' * 64 * SLOTS # signature #1-#3
if data[:4] == 'TRZR': if data[:4] == b'TRZR':
# Replace existing header # Replace existing header
out = meta + data[len(meta):] out = meta + data[len(meta):]
else: else:
@ -54,19 +60,22 @@ def check_signatures(data):
# Analyses given firmware and prints out # Analyses given firmware and prints out
# status of included signatures # status of included signatures
indexes = [ ord(x) for x in data[INDEXES_START:INDEXES_START + SLOTS] ] try:
indexes = [ ord(x) for x in data[INDEXES_START:INDEXES_START + SLOTS] ]
except:
indexes = [ x for x in data[INDEXES_START:INDEXES_START + SLOTS] ]
to_sign = prepare(data)[256:] # without meta to_sign = prepare(data)[256:] # without meta
fingerprint = hashlib.sha256(to_sign).hexdigest() fingerprint = hashlib.sha256(to_sign).hexdigest()
print "Firmware fingerprint:", fingerprint print("Firmware fingerprint:", fingerprint)
used = [] used = []
for x in range(SLOTS): for x in range(SLOTS):
signature = data[SIG_START + 64 * x:SIG_START + 64 * x + 64] signature = data[SIG_START + 64 * x:SIG_START + 64 * x + 64]
if indexes[x] == 0: if indexes[x] == 0:
print "Slot #%d" % (x + 1), 'is empty' print("Slot #%d" % (x + 1), 'is empty')
else: else:
pk = pubkeys[indexes[x]] pk = pubkeys[indexes[x]]
verify = ecdsa.VerifyingKey.from_string(binascii.unhexlify(pk)[1:], verify = ecdsa.VerifyingKey.from_string(binascii.unhexlify(pk)[1:],
@ -76,13 +85,13 @@ def check_signatures(data):
verify.verify(signature, to_sign, hashfunc=hashlib.sha256) verify.verify(signature, to_sign, hashfunc=hashlib.sha256)
if indexes[x] in used: if indexes[x] in used:
print "Slot #%d signature: DUPLICATE" % (x + 1), binascii.hexlify(signature) print("Slot #%d signature: DUPLICATE" % (x + 1), binascii.hexlify(signature))
else: else:
used.append(indexes[x]) used.append(indexes[x])
print "Slot #%d signature: VALID" % (x + 1), binascii.hexlify(signature) print("Slot #%d signature: VALID" % (x + 1), binascii.hexlify(signature))
except: except:
print "Slot #%d signature: INVALID" % (x + 1), binascii.hexlify(signature) print("Slot #%d signature: INVALID" % (x + 1), binascii.hexlify(signature))
def modify(data, slot, index, signature): def modify(data, slot, index, signature):
@ -104,8 +113,8 @@ def sign(data, is_pem):
raise Exception("Invalid slot") raise Exception("Invalid slot")
if is_pem: if is_pem:
print "Paste ECDSA private key in PEM format and press Enter:" print("Paste ECDSA private key in PEM format and press Enter:")
print "(blank private key removes the signature on given index)" print("(blank private key removes the signature on given index)")
pem_key = '' pem_key = ''
while True: while True:
key = raw_input() key = raw_input()
@ -117,8 +126,8 @@ def sign(data, is_pem):
return modify(data, slot, 0, '\x00' * 64) return modify(data, slot, 0, '\x00' * 64)
key = ecdsa.SigningKey.from_pem(pem_key) key = ecdsa.SigningKey.from_pem(pem_key)
else: else:
print "Paste SECEXP (in hex) and press Enter:" print("Paste SECEXP (in hex) and press Enter:")
print "(blank private key removes the signature on given index)" print("(blank private key removes the signature on given index)")
secexp = raw_input() secexp = raw_input()
if secexp.strip() == '': if secexp.strip() == '':
# Blank key,let's remove existing signature from slot # Blank key,let's remove existing signature from slot
@ -128,9 +137,9 @@ def sign(data, is_pem):
to_sign = prepare(data)[256:] # without meta to_sign = prepare(data)[256:] # without meta
# Locate proper index of current signing key # Locate proper index of current signing key
pubkey = '04' + binascii.hexlify(key.get_verifying_key().to_string()) pubkey = b'04' + binascii.hexlify(key.get_verifying_key().to_string())
index = None index = None
for i, pk in pubkeys.iteritems(): for i, pk in pubkeys.items():
if pk == pubkey: if pk == pubkey:
index = i index = i
break break
@ -148,15 +157,15 @@ def main(args):
curve=ecdsa.curves.SECP256k1, curve=ecdsa.curves.SECP256k1,
hashfunc=hashlib.sha256) hashfunc=hashlib.sha256)
print "PRIVATE KEY (SECEXP):" print("PRIVATE KEY (SECEXP):")
print binascii.hexlify(key.to_string()) print(binascii.hexlify(key.to_string()))
print print()
print "PRIVATE KEY (PEM):" print("PRIVATE KEY (PEM):")
print key.to_pem() print(key.to_pem())
print "PUBLIC KEY:" print("PUBLIC KEY:")
print '04' + binascii.hexlify(key.get_verifying_key().to_string()) print('04' + binascii.hexlify(key.get_verifying_key().to_string()))
return return
if not args.path: if not args.path:
@ -165,14 +174,14 @@ def main(args):
data = open(args.path, 'rb').read() data = open(args.path, 'rb').read()
assert len(data) % 4 == 0 assert len(data) % 4 == 0
if data[:4] != 'TRZR': if data[:4] != b'TRZR':
print "Metadata has been added..." print("Metadata has been added...")
data = prepare(data) data = prepare(data)
if data[:4] != 'TRZR': if data[:4] != b'TRZR':
raise Exception("Firmware header expected") raise Exception("Firmware header expected")
print "Firmware size %d bytes" % len(data) print("Firmware size %d bytes" % len(data))
check_signatures(data) check_signatures(data)

View File

@ -1,27 +1,31 @@
#!/usr/bin/env python2 #!/usr/bin/env python
from __future__ import print_function
import hashlib import hashlib
import os import os
import subprocess import subprocess
import ecdsa import ecdsa
from binascii import hexlify, unhexlify from binascii import hexlify, unhexlify
print 'master secret:', print('master secret:', end='')
h = raw_input() try:
h = raw_input()
except:
h = input()
if h: if h:
h = unhexlify(h) h = unhexlify(h).encode('ascii')
else: else:
h = hashlib.sha256(os.urandom(1024)).digest() h = hashlib.sha256(os.urandom(1024)).digest()
print print()
print 'master secret:', hexlify(h) print('master secret:', hexlify(h))
print print()
for i in range(1, 6): for i in range(1, 6):
se = hashlib.sha256(h + chr(i)).hexdigest() se = hashlib.sha256(h + chr(i).encode('ascii')).hexdigest()
print 'seckey', i, ':', se print('seckey', i, ':', se)
sk = ecdsa.SigningKey.from_secret_exponent(secexp = int(se, 16), curve=ecdsa.curves.SECP256k1, hashfunc=hashlib.sha256) sk = ecdsa.SigningKey.from_secret_exponent(secexp = int(se, 16), curve=ecdsa.curves.SECP256k1, hashfunc=hashlib.sha256)
print 'pubkey', i, ':', '04' + hexlify(sk.get_verifying_key().to_string()) print('pubkey', i, ':', (b'04' + hexlify(sk.get_verifying_key().to_string())).decode('ascii'))
print sk.to_pem() print(sk.to_pem().decode('ascii'))
p = subprocess.Popen('ssss-split -t 3 -n 5 -x'.split(' '), stdin = subprocess.PIPE) p = subprocess.Popen('ssss-split -t 3 -n 5 -x'.split(' '), stdin = subprocess.PIPE)
p.communicate(input = hexlify(h) + '\n') p.communicate(input = hexlify(h) + '\n')

View File

@ -1,4 +1,5 @@
#!/usr/bin/env python2 #!/usr/bin/env python
from __future__ import print_function
import glob import glob
import os import os
from PIL import Image from PIL import Image
@ -10,14 +11,14 @@ imgs = []
def encode_pixels(img): def encode_pixels(img):
r = '' r = ''
img = [ (x[0] + x[1] + x[2] > 384 and '1' or '0') for x in img] img = [ (x[0] + x[1] + x[2] > 384 and '1' or '0') for x in img]
for i in range(len(img) / 8): for i in range(len(img) // 8):
c = ''.join(img[i * 8 : i * 8 + 8]) c = ''.join(img[i * 8 : i * 8 + 8])
r += '0x%02x, ' % int(c, 2) r += '0x%02x, ' % int(c, 2)
return r return r
cnt = 0 cnt = 0
for fn in sorted(glob.glob('*.png')): for fn in sorted(glob.glob('*.png')):
print 'Processing:', fn print('Processing:', fn)
im = Image.open(fn) im = Image.open(fn)
name = os.path.splitext(fn)[0] name = os.path.splitext(fn)[0]
w, h = im.size w, h = im.size

View File

@ -1,4 +1,5 @@
#!/usr/bin/env python2 #!/usr/bin/env python
from __future__ import print_function
from PIL import Image from PIL import Image
class Img(object): class Img(object):
@ -23,12 +24,12 @@ cur = ''
for i in range(256): for i in range(256):
x = (i % 16) * 10 x = (i % 16) * 10
y = (i / 16) * 10 y = (i // 16) * 10
cur = '' cur = ''
while img.pixel(x, y) != None: while img.pixel(x, y) != None:
val = ''.join(img.pixel(x, y + j) for j in range(8)) val = ''.join(img.pixel(x, y + j) for j in range(8))
x += 1 x += 1
cur += '\\x%02x' % int(val, 2) cur += '\\x%02x' % int(val, 2)
cur = '\\x%02x' % (len(cur) / 4) + cur cur = '\\x%02x' % (len(cur) // 4) + cur
ch = chr(i) if i >= 32 and i <= 126 else '_' ch = chr(i) if i >= 32 and i <= 126 else '_'
print '\t/* 0x%02x %c */ (uint8_t *)"%s",' % (i, ch , cur) print('\t/* 0x%02x %c */ (uint8_t *)"%s",' % (i, ch , cur))

View File

@ -1,4 +1,6 @@
#!/usr/bin/env python2 #!/usr/bin/env python
from __future__ import print_function
handlers = [ handlers = [
'hard_fault_handler', 'hard_fault_handler',
'mem_manage_handler', 'mem_manage_handler',