mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-11-22 07:28:10 +00:00
build: sign all stuff using ed25519 cosi (2 out of 3)
This commit is contained in:
parent
ca649eb8f0
commit
8ddcd74080
4
Makefile
4
Makefile
@ -149,8 +149,8 @@ gdb_firmware: $(FIRMWARE_BUILD_DIR)/firmware.elf ## start remote gdb session to
|
||||
## misc commands:
|
||||
|
||||
vendorheader: ## construct default vendor header
|
||||
./tools/build_vendorheader 'e28a8970753332bd72fef413e6b0b2ef1b4aadda7aa2c141f233712a6876b351:d4eec1869fb1b8a4e817516ad5a931557cb56805c3eb16e8f3a803d647df7869:772c8a442b7db06e166cfbc1ccbcbcde6f3eba76a4e98ef3ffc519502237d6ef' 1 0.0 SatoshiLabs assets/satoshilabs_120.toif embed/firmware/vendorheader.bin
|
||||
./tools/binctl embed/firmware/vendorheader.bin -s 1 4444444444444444444444444444444444444444444444444444444444444444
|
||||
./tools/build_vendorheader 'e28a8970753332bd72fef413e6b0b2ef1b4aadda7aa2c141f233712a6876b351:d4eec1869fb1b8a4e817516ad5a931557cb56805c3eb16e8f3a803d647df7869:772c8a442b7db06e166cfbc1ccbcbcde6f3eba76a4e98ef3ffc519502237d6ef' 2 0.0 DEVEL assets/vendor_devel.toif embed/firmware/vendorheader.bin
|
||||
./tools/binctl embed/firmware/vendorheader.bin -s 1:2 4444444444444444444444444444444444444444444444444444444444444444:4545454545454545454545454545454545454545454545454545454545454545
|
||||
|
||||
binctl: ## print info about binary files
|
||||
./tools/binctl $(BOOTLOADER_BUILD_DIR)/bootloader.bin
|
||||
|
@ -169,5 +169,5 @@ program_bin = env.Command(
|
||||
source=program_elf,
|
||||
action=[
|
||||
'$OBJCOPY -O binary -j .header -j .flash -j .data $SOURCE $TARGET',
|
||||
'$BINCTL $TARGET -s 1 4141414141414141414141414141414141414141414141414141414141414141',
|
||||
'$BINCTL $TARGET -s 1:2 4141414141414141414141414141414141414141414141414141414141414141:4242424242424242424242424242424242424242424242424242424242424242',
|
||||
], )
|
||||
|
@ -434,7 +434,7 @@ program_bin = env.Command(
|
||||
source=program_elf,
|
||||
action=[
|
||||
'$OBJCOPY -O binary -j .header -j .flash -j .data $SOURCE $TARGET',
|
||||
'$BINCTL $TARGET -s 1 4747474747474747474747474747474747474747474747474747474747474747',
|
||||
'$BINCTL $TARGET -s 1:2 4747474747474747474747474747474747474747474747474747474747474747:4848484848484848484848484848484848484848484848484848484848484848',
|
||||
], )
|
||||
|
||||
program0_bin = env.Command(
|
||||
|
Binary file not shown.
BIN
assets/vendor_devel.png
Normal file
BIN
assets/vendor_devel.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 10 KiB |
BIN
assets/vendor_devel.toif
Normal file
BIN
assets/vendor_devel.toif
Normal file
Binary file not shown.
@ -104,7 +104,7 @@ bool copy_sdcard(void)
|
||||
return true;
|
||||
}
|
||||
|
||||
const uint8_t BOARDLOADER_KEY_M = 1;
|
||||
const uint8_t BOARDLOADER_KEY_M = 2;
|
||||
const uint8_t BOARDLOADER_KEY_N = 3;
|
||||
static const uint8_t * const BOARDLOADER_KEYS[] = {
|
||||
(const uint8_t *)"\xdb\x99\x5f\xe2\x51\x69\xd1\x41\xca\xb9\xbb\xba\x92\xba\xa0\x1f\x9f\x2e\x1e\xce\x7d\xf4\xcb\x2a\xc0\x51\x90\xf3\x7f\xcc\x1f\x9d",
|
||||
|
@ -47,7 +47,7 @@ void display_vendor(const uint8_t *vimg, const char *vstr, uint32_t vstr_len, ui
|
||||
display_refresh();
|
||||
}
|
||||
|
||||
const uint8_t BOOTLOADER_KEY_M = 1;
|
||||
const uint8_t BOOTLOADER_KEY_M = 2;
|
||||
const uint8_t BOOTLOADER_KEY_N = 3;
|
||||
static const uint8_t * const BOOTLOADER_KEYS[] = {
|
||||
(const uint8_t *)"\xd7\x59\x79\x3b\xbc\x13\xa2\x81\x9a\x82\x7c\x76\xad\xb6\xfb\xa8\xa4\x9a\xee\x00\x7f\x49\xf2\xd0\x99\x2d\x99\xb8\x25\xad\x2c\x48",
|
||||
|
34
tools/binctl
34
tools/binctl
@ -8,16 +8,36 @@ import binascii
|
||||
import pyblake2
|
||||
|
||||
import ed25519raw
|
||||
import ed25519cosi
|
||||
|
||||
|
||||
def sign_data(seckeys, data):
|
||||
digest = pyblake2.blake2s(data).digest()
|
||||
if len(seckeys) == 1:
|
||||
sk = seckeys[0]
|
||||
pk = ed25519raw.publickey(sk)
|
||||
digest = pyblake2.blake2s(data).digest()
|
||||
return ed25519raw.signature(digest, sk, pk)
|
||||
else:
|
||||
raise NotImplementedError
|
||||
pubkeys = [ed25519raw.publickey(sk) for sk in seckeys]
|
||||
ctr = 0
|
||||
nonces = []
|
||||
commits = []
|
||||
for sk in seckeys:
|
||||
r, R = ed25519cosi.get_nonce(sk, digest, ctr)
|
||||
nonces.append(r)
|
||||
commits.append(R)
|
||||
global_pk = ed25519cosi.combine_keys(pubkeys)
|
||||
global_R = ed25519cosi.combine_keys(commits)
|
||||
sigs = []
|
||||
for sk, r, R in zip(seckeys, nonces, commits):
|
||||
h = ed25519raw.H(sk)
|
||||
b = ed25519raw.b
|
||||
a = 2**(b - 2) + sum(2**i * ed25519raw.bit(h, i) for i in range(3, b - 2))
|
||||
S = (r + ed25519raw.Hint(global_R + global_pk + digest) * a) % ed25519raw.l
|
||||
sigs.append(ed25519raw.encodeint(S))
|
||||
sig = ed25519cosi.combine_sig(global_R, sigs)
|
||||
ed25519raw.checkvalid(sig, digest, global_pk)
|
||||
return sig
|
||||
|
||||
|
||||
def format_sigmask(sigmask):
|
||||
@ -186,6 +206,14 @@ class VendorHeader(object):
|
||||
return header
|
||||
|
||||
def sign(self, sigmask, seckeys):
|
||||
# check whether provided arguments match vsig_m/vsig_n
|
||||
if len(seckeys) != self.vsig_m:
|
||||
raise Exception('invalid number of signatures (vsig_m expected %d, got %d)' % (self.vsig_m, len(seckeys)))
|
||||
if sigmask >= (1 << self.vsig_n):
|
||||
raise Exception('signature index is higher than vsig_n (%d)' % self.vsig_n)
|
||||
if bin(sigmask).count('1') != self.vsig_m:
|
||||
raise Exception('invalid number of indexes (vsig_m expected %d, got %d)' % (self.vsig_m, bin(sigmask).count('1')))
|
||||
# sign
|
||||
header = self.serialize_header(sig=False)
|
||||
self.sigmask = sigmask
|
||||
self.sig = sign_data(seckeys, header)
|
||||
@ -224,7 +252,7 @@ def main():
|
||||
sigmask = 0
|
||||
if ':' in sys.argv[3]:
|
||||
for idx in sys.argv[3].split(':'):
|
||||
sigmask = 1 << (int(idx) - 1)
|
||||
sigmask |= 1 << (int(idx) - 1)
|
||||
else:
|
||||
sigmask = 1 << (int(sys.argv[3]) - 1)
|
||||
if ':' in sys.argv[4]:
|
||||
|
@ -220,17 +220,17 @@ def test(data):
|
||||
sks.append(seckey)
|
||||
pks.append(pubkey)
|
||||
ctr = 0
|
||||
(r, R) = get_nonce(seckey, digest, ctr)
|
||||
r, R = get_nonce(seckey, digest, ctr)
|
||||
print('Local nonce: %s' % hex(ed25519raw.encodeint(r)))
|
||||
print('Local commit: %s' % hex(R))
|
||||
nonces.append(r)
|
||||
commits.append(R)
|
||||
|
||||
globalPk = combine_keys([pks[i] for i in keyset])
|
||||
globalR = combine_keys([commits[i] for i in keyset])
|
||||
global_pk = combine_keys([pks[i] for i in keyset])
|
||||
global_R = combine_keys([commits[i] for i in keyset])
|
||||
print('-----------------')
|
||||
print('Global pubkey: %s' % hex(globalPk))
|
||||
print('Global commit: %s' % hex(globalR))
|
||||
print('Global pubkey: %s' % hex(global_pk))
|
||||
print('Global commit: %s' % hex(global_R))
|
||||
print('-----------------')
|
||||
|
||||
for i in range(0, N):
|
||||
@ -240,17 +240,15 @@ def test(data):
|
||||
R = commits[i]
|
||||
h = ed25519raw.H(seckey)
|
||||
b = ed25519raw.b
|
||||
a = 2**(b - 2) + sum(2**i * ed25519raw.bit(h, i)
|
||||
for i in range(3, b - 2))
|
||||
S = (r + ed25519raw.Hint(globalR + globalPk + digest) * a) % ed25519raw.l
|
||||
a = 2**(b - 2) + sum(2**i * ed25519raw.bit(h, i) for i in range(3, b - 2))
|
||||
S = (r + ed25519raw.Hint(global_R + global_pk + digest) * a) % ed25519raw.l
|
||||
print('Local sig %d: %s' % (i + 1, hex(ed25519raw.encodeint(S))))
|
||||
commits.append(R)
|
||||
sigs.append(ed25519raw.encodeint(S))
|
||||
|
||||
print('-----------------')
|
||||
sig = combine_sig(globalR, [sigs[i] for i in keyset])
|
||||
sig = combine_sig(global_R, [sigs[i] for i in keyset])
|
||||
print('Global sig: %s' % hex(sig))
|
||||
ed25519raw.checkvalid(sig, digest, globalPk)
|
||||
ed25519raw.checkvalid(sig, digest, global_pk)
|
||||
print('Valid Signature!')
|
||||
|
||||
|
||||
|
@ -14,7 +14,7 @@ def H(m):
|
||||
|
||||
def expmod(b, e, m):
|
||||
if e < 0:
|
||||
raise Exception("negative exponent")
|
||||
raise Exception('negative exponent')
|
||||
if e == 0:
|
||||
return 1
|
||||
t = expmod(b, e >> 1, m)**2 % m
|
||||
@ -120,18 +120,18 @@ def decodepoint(s):
|
||||
x = q - x
|
||||
P = [x, y]
|
||||
if not isoncurve(P):
|
||||
raise Exception("decoding point that is not on curve")
|
||||
raise Exception('decoding point that is not on curve')
|
||||
return P
|
||||
|
||||
|
||||
def checkvalid(s, m, pk):
|
||||
if len(s) != b >> 2:
|
||||
raise Exception("signature length is wrong")
|
||||
raise Exception('signature length is wrong')
|
||||
if len(pk) != b >> 3:
|
||||
raise Exception("public-key length is wrong")
|
||||
raise Exception('public-key length is wrong')
|
||||
R = decodepoint(s[0:b >> 3])
|
||||
A = decodepoint(pk)
|
||||
S = decodeint(s[b >> 3:b >> 2])
|
||||
h = Hint(encodepoint(R) + pk + m)
|
||||
if scalarmult(B, S) != edwards(R, scalarmult(A, h)):
|
||||
raise Exception("signature does not pass verification")
|
||||
raise Exception('signature does not pass verification')
|
||||
|
Loading…
Reference in New Issue
Block a user