core: improve building of vendor headers

4 years ago · 9341f0d584
parent c03ac3f8dd
commit 9341f0d584
5 changed files with 65 additions and 68 deletions
--- a/core/embed/vendorheader/generate.sh
+++ b/core/embed/vendorheader/generate.sh
@ -1,13 +1,12 @@
-BINCTL=../../tools/binctl
-KEYCTL=../../tools/keyctl
 BUILDVH=../../tools/build_vendorheader
+BINCTL=../../tools/headertool.py

-# construct the default unsafe vendor header
-$BUILDVH e28a8970753332bd72fef413e6b0b2ef1b4aadda7aa2c141f233712a6876b351:d4eec1869fb1b8a4e817516ad5a931557cb56805c3eb16e8f3a803d647df7869:772c8a442b7db06e166cfbc1ccbcbcde6f3eba76a4e98ef3ffc519502237d6ef 2 0.0 xxx...x "UNSAFE, DO NOT USE!" vendor_unsafe.toif vendorheader_unsafe_unsigned.bin
+# construct all vendor headers
+for fn in *.json; do
+    name=$(echo $fn | sed 's/vendor_\(.*\)\.json/\1/')
+    $BUILDVH vendor_${name}.json vendor_${name}.toif vendorheader_${name}_unsigned.bin
+done

-# sign the default unsafe vendor header using development keys
+# sign dev vendor header
 cp -a vendorheader_unsafe_unsigned.bin vendorheader_unsafe_signed_dev.bin
-$BINCTL vendorheader_unsafe_signed_dev.bin -s 1:2 `$KEYCTL sign vendorheader vendorheader_unsafe_signed_dev.bin 4444444444444444444444444444444444444444444444444444444444444444 4545454545454545454545454545454545454545454545454545454545454545`
-
-# construct SatoshiLabs vendor header
-$BUILDVH 47fbdc84d8abef44fe6abde8f87b6ead821b7082ec63b9f7cc33dc53bf6c708d:9af22a52ab47a93091403612b3d6731a2dfef8a33383048ed7556a20e8b03c81:2218c25f8ba70c82eba8ed6a321df209c0a7643d014f33bf9317846f62923830 2 0.0 ....... SatoshiLabs vendor_satoshilabs.toif vendorheader_satoshilabs_unsigned.bin
+$BINCTL -D vendorheader_unsafe_signed_dev.bin
--- a/core/embed/vendorheader/vendor_satoshilabs.json
+++ b/core/embed/vendorheader/vendor_satoshilabs.json
@ -0,0 +1,20 @@
+{
+    "text": "SatoshiLabs",
+    "expiry": 0,
+    "version": {
+        "major": 0,
+        "minor": 0
+    },
+    "sig_m": 2,
+    "trust": {
+        "show_vendor_string": false,
+        "require_user_click": false,
+        "red_background": false,
+        "delay": 0
+    },
+    "pubkeys": [
+        "47fbdc84d8abef44fe6abde8f87b6ead821b7082ec63b9f7cc33dc53bf6c708d",
+        "9af22a52ab47a93091403612b3d6731a2dfef8a33383048ed7556a20e8b03c81",
+        "2218c25f8ba70c82eba8ed6a321df209c0a7643d014f33bf9317846f62923830"
+    ]
+}
--- a/core/embed/vendorheader/vendor_unsafe.json
+++ b/core/embed/vendorheader/vendor_unsafe.json
@ -0,0 +1,20 @@
+{
+    "text": "UNSAFE, DO NOT USE!",
+    "expiry": 0,
+    "version": {
+        "major": 0,
+        "minor": 0
+    },
+    "sig_m": 2,
+    "trust": {
+        "show_vendor_string": true,
+        "require_user_click": true,
+        "red_background": true,
+        "delay": 1
+    },
+    "pubkeys": [
+        "e28a8970753332bd72fef413e6b0b2ef1b4aadda7aa2c141f233712a6876b351",
+        "d4eec1869fb1b8a4e817516ad5a931557cb56805c3eb16e8f3a803d647df7869",
+        "772c8a442b7db06e166cfbc1ccbcbcde6f3eba76a4e98ef3ffc519502237d6ef"
+    ]
+}
--- a/core/tools/build_vendorheader
+++ b/core/tools/build_vendorheader
@ -1,65 +1,23 @@
 #!/usr/bin/env python3
-import sys
-import struct
-import binascii
+import json

+import click

-# encode vendor name, add length byte and padding to multiple of 4
-def encode_vendor(vname):
-    vbin = vname.encode()
-    vbin = struct.pack("<B", len(vbin)) + vbin
-    vbin += b"\0" * (-len(vbin) & 3)
-    return vbin
+from trezorlib import firmware


-def encode_pubkey(pubkey):
-    if len(pubkey) != 64:
-        raise Exception("Wrong public key length")
-    return binascii.unhexlify(pubkey)
+@click.command()
+@click.argument("specfile", type=click.File("r"))
+@click.argument("image", type=click.File("rb"))
+@click.argument("outfile", type=click.File("wb"))
+def build_vendorheader(specfile, image, outfile):
+    spec = json.load(specfile)
+    spec["pubkeys"] = [bytes.fromhex(k) for k in spec["pubkeys"]]
+    spec["image"] = firmware.Toif.parse(image.read())
+    spec["sigmask"] = 0
+    spec["signature"] = b"\x00" * 64
+    outfile.write(firmware.VendorHeader.build(spec))


-def decode_vtrust(vtrust):
-    t = 0xFFFF
-    for i, b in enumerate(reversed(vtrust)):
-        if b != ".":
-            t &= ~(1 << i)
-    return t
-
-
-def main():
-    if len(sys.argv) < 7:
-        print(
-            'Usage build_vendorheader "pubkey1hex:pubkey2hex:..." m version vendortrust vendorname vendorimage.toif vendorheader.bin'
-        )
-        return 1
-
-    keys = [encode_pubkey(x) for x in sys.argv[1].split(":")]
-    m = int(sys.argv[2])
-    (vmajor, vminor) = [int(x) for x in sys.argv[3].split(".")]
-    vtrust = decode_vtrust(sys.argv[4])
-    vname = sys.argv[5]
-    ifn = sys.argv[6]
-    ofn = sys.argv[7]
-    if not ifn.endswith(".toif"):
-        print("Must provide TOIF file")
-        return 2
-
-    expiry = 0
-    vheader = b"TRZV" + struct.pack(
-        "<IIBBBBH", 0, expiry, vmajor, vminor, m, len(keys), vtrust
-    )
-    vheader += 14 * b"\0"
-    for k in keys:
-        vheader += k
-    vheader += encode_vendor(vname) + open(ifn, "rb").read()
-    padding = 65 + (-len(vheader) - 65) & 511
-    vheader += b"\0" * padding
-
-    # put in length
-    vheader = vheader[0:4] + struct.pack("<I", len(vheader)) + vheader[8:]
-
-    with open(ofn, "wb") as f:
-        f.write(vheader)
-
-
-main()
+if __name__ == "__main__":
+    build_vendorheader()
--- a/python/src/trezorlib/_internal/firmware_headers.py
+++ b/python/src/trezorlib/_internal/firmware_headers.py
@ -173,7 +173,7 @@ class SignableImage:
        raise NotImplementedError

    def rehash(self) -> None:
-        raise NotImplementedError
+        pass

    def insert_signature(self, signature: bytes, sigmask: int) -> None:
        self.header.signature = signature