1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-11-22 07:28:10 +00:00

boot: use cosi to compute aggregated key and use it

This commit is contained in:
Pavol Rusnak 2017-04-02 02:25:55 +02:00
parent 71ea884ad8
commit 87b7d0649b
No known key found for this signature in database
GPG Key ID: 91F3B339B9A02A3D
5 changed files with 57 additions and 36 deletions

View File

@ -25,7 +25,12 @@ res: ## update resources
./tools/res_collect
vendorheader: ## construct default vendor header
./tools/build_vendorheader '0000000000000000000000000000000000000000000000000000000000000000:0000000000000000000000000000000000000000000000000000000000000000:0000000000000000000000000000000000000000000000000000000000000000' 2 1.1 SatoshiLabs assets/satoshilabs_120.toif micropython/firmware/vendorheader.bin
./tools/build_vendorheader 'db995fe25169d141cab9bbba92baa01f9f2e1ece7df4cb2ac05190f37fcc1f9d:2152f8d19b791d24453242e15f2eab6cb7cffa7b6a5ed30097960e069881db12:22fc297792f0b6ffc0bfcfdb7edb0c0aa14e025a365ec0e342e86e3829cb74b6' 1 0.0 SatoshiLabs assets/satoshilabs_120.toif micropython/firmware/vendorheader.bin
binctl:
./tools/binctl micropython/loader/build/loader.bin
./tools/binctl micropython/firmware/vendorheader.bin
./tools/binctl micropython/firmware/build/firmware.bin
## emulator commands:

14
assets/keys.txt Normal file
View File

@ -0,0 +1,14 @@
seckey1: 4141414141414141414141414141414141414141414141414141414141414141
pubkey1: db995fe25169d141cab9bbba92baa01f9f2e1ece7df4cb2ac05190f37fcc1f9d
seckey2: 4242424242424242424242424242424242424242424242424242424242424242
pubkey2: 2152f8d19b791d24453242e15f2eab6cb7cffa7b6a5ed30097960e069881db12
seckey3: 4343434343434343434343434343434343434343434343434343434343434343
pubkey3: 22fc297792f0b6ffc0bfcfdb7edb0c0aa14e025a365ec0e342e86e3829cb74b6
seckey4: 4444444444444444444444444444444444444444444444444444444444444444
pubkey4: d759793bbc13a2819a827c76adb6fba8a49aee007f49f2d0992d99b825ad2c48
seckey5: 4545454545454545454545454545454545454545454545454545454545454545
pubkey5: 6355691c178a8ff91007a7478afb955ef7352c63e7b25703984cf78b26e21a56

View File

@ -39,43 +39,48 @@ bool image_parse_header(const uint8_t *data, image_header *header)
}
static const uint8_t * const SATOSHILABS_PUBKEYS[] = {
(const uint8_t *)"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
(const uint8_t *)"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
(const uint8_t *)"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
(const uint8_t *)"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
(const uint8_t *)"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
(const uint8_t *)"\xdb\x99\x5f\xe2\x51\x69\xd1\x41\xca\xb9\xbb\xba\x92\xba\xa0\x1f\x9f\x2e\x1e\xce\x7d\xf4\xcb\x2a\xc0\x51\x90\xf3\x7f\xcc\x1f\x9d",
(const uint8_t *)"\x21\x52\xf8\xd1\x9b\x79\x1d\x24\x45\x32\x42\xe1\x5f\x2e\xab\x6c\xb7\xcf\xfa\x7b\x6a\x5e\xd3\x00\x97\x96\x0e\x06\x98\x81\xdb\x12",
(const uint8_t *)"\x22\xfc\x29\x77\x92\xf0\xb6\xff\xc0\xbf\xcf\xdb\x7e\xdb\x0c\x0a\xa1\x4e\x02\x5a\x36\x5e\xc0\xe3\x42\xe8\x6e\x38\x29\xcb\x74\xb6",
(const uint8_t *)"\xd7\x59\x79\x3b\xbc\x13\xa2\x81\x9a\x82\x7c\x76\xad\xb6\xfb\xa8\xa4\x9a\xee\x00\x7f\x49\xf2\xd0\x99\x2d\x99\xb8\x25\xad\x2c\x48",
(const uint8_t *)"\x63\x55\x69\x1c\x17\x8a\x8f\xf9\x10\x07\xa7\x47\x8a\xfb\x95\x5e\xf7\x35\x2c\x63\xe7\xb2\x57\x03\x98\x4c\xf7\x8b\x26\xe2\x1a\x56",
};
static const uint8_t *compute_pubkey(const vendor_header *vhdr, uint8_t sigmask)
static bool compute_pubkey(const vendor_header *vhdr, uint8_t sigmask, ed25519_public_key res)
{
uint8_t vsig_m;
uint8_t vsig_n;
const uint8_t * const *vpub;
if (vhdr) {
vsig_m = vhdr->vsig_n;
vsig_m = vhdr->vsig_m;
vsig_n = vhdr->vsig_n;
vpub = vhdr->vpub;
} else {
vsig_m = 3;
vsig_m = 1;
vsig_n = 5;
vpub = SATOSHILABS_PUBKEYS;
}
if (!vsig_m || !vsig_n) return NULL;
if (vsig_m > vsig_n) return NULL;
if (!vsig_m || !vsig_n) return false;
if (vsig_m > vsig_n) return false;
// discard bits higher than vsig_n
sigmask &= ((1 << vsig_n) - 1);
// remove if number of set bits in sigmask is not equal to vsig_m
if (__builtin_popcount(sigmask) != vsig_m) return NULL;
if (__builtin_popcount(sigmask) != vsig_m) return false;
// TODO: add keys from vpub according to sigmask
(void)vpub;
(void)sigmask;
ed25519_public_key keys[vsig_m];
int j = 0;
for (int i = 0; i < vsig_n; i++) {
if ((1 << i) & sigmask) {
memcpy(keys[j], vpub[i], 32);
j++;
}
}
return NULL;
return 0 == ed25519_cosi_combine_publickeys(res, keys, vsig_m);
}
bool image_check_signature(const uint8_t *data, const vendor_header *vhdr)
@ -95,13 +100,10 @@ bool image_check_signature(const uint8_t *data, const vendor_header *vhdr)
blake2s_Update(&ctx, data + HEADER_SIZE, hdr.codelen);
blake2s_Final(&ctx, hash, BLAKE2S_DIGEST_LENGTH);
const uint8_t *pub = compute_pubkey(vhdr, hdr.sigmask);
ed25519_public_key pub;
if (!compute_pubkey(vhdr, hdr.sigmask, pub)) return false;
// TODO: remove debug skip of unsigned
if (!pub) return true;
// end
return pub && (0 == ed25519_sign_open(hash, BLAKE2S_DIGEST_LENGTH, *(const ed25519_public_key *)pub, *(const ed25519_signature *)hdr.sig));
return 0 == ed25519_sign_open(hash, BLAKE2S_DIGEST_LENGTH, pub, *(const ed25519_signature *)hdr.sig);
}
bool vendor_parse_header(const uint8_t *data, vendor_header *header)
@ -164,11 +166,8 @@ bool vendor_check_signature(const uint8_t *data)
}
blake2s_Final(&ctx, hash, BLAKE2S_DIGEST_LENGTH);
const uint8_t *pub = compute_pubkey(NULL, hdr.sigmask);
ed25519_public_key pub;
if (!compute_pubkey(NULL, hdr.sigmask, pub)) return false;
// TODO: remove debug skip of unsigned
if (!pub) return true;
// end
return pub && (0 == ed25519_sign_open(hash, BLAKE2S_DIGEST_LENGTH, *(const ed25519_public_key *)pub, *(const ed25519_signature *)hdr.sig));
return 0 == ed25519_sign_open(hash, BLAKE2S_DIGEST_LENGTH, pub, *(const ed25519_signature *)hdr.sig);
}

View File

@ -7,11 +7,13 @@ import pyblake2
def get_sig(data):
print('Enter privkey: ', end='')
print('Enter index : ', end='')
idx = int(input())
print('Enter privkey : ', end='')
seckey = binascii.unhexlify(input())
signkey = ed25519.SigningKey(seckey)
digest = pyblake2.blake2s(data).digest()
sigmask = 0x01 # (1 _ _ _ _)
sigmask = 1 << (idx - 1)
sig = signkey.sign(digest)
return sigmask, sig
@ -147,10 +149,10 @@ class VendorHeader:
print(' * scheme : %d out of %d' % (self.vsig_m, self.vsig_n))
for i in range(self.vsig_n):
print(' * vpub #%d :' % (i + 1), binascii.hexlify(self.vpub[i]).decode('ascii'))
print(' * vstr :', self.vstr.decode('ascii'))
print(' * vimg : (%d bytes)', len(self.vimg))
print(' * sigmask :', self.sigmask)
print(' * sig :', binascii.hexlify(self.sig).decode('ascii'))
print(' * vstr :', self.vstr.decode('ascii'))
print(' * vimg : (%d bytes)' % len(self.vimg))
print(' * sigmask :', self.sigmask)
print(' * sig :', binascii.hexlify(self.sig).decode('ascii'))
def serialize_header(self, sig=True):
header = struct.pack('<4sIIBBBB', \
@ -160,7 +162,8 @@ class VendorHeader:
for i in range(self.vsig_n):
header += self.vpub[i]
header += struct.pack('<B', self.vstr_len) + self.vstr
header += struct.pack('<H', self.vimg_len) + self.vimg
header += (-len(header) & 3) * b'\x00' # vstr_pad
header += self.vimg
if sig:
header += struct.pack('<B64s', self.sigmask, self.sig)
else:

@ -1 +1 @@
Subproject commit c200ce121ac268d7b201dddc89b42758ccfc40bf
Subproject commit 3d04064384b3f4e8331bdcfc96d2c7e5fc04a269