From 9341f0d5848f3672afcf05d0b79572686dbbba74 Mon Sep 17 00:00:00 2001
From: matejcik <ja@matejcik.cz>
Date: Fri, 3 Jan 2020 16:43:44 +0100
Subject: [PATCH] core: improve building of vendor headers

---
 core/embed/vendorheader/generate.sh           | 17 ++---
 .../vendorheader/vendor_satoshilabs.json      | 20 +++++
 core/embed/vendorheader/vendor_unsafe.json    | 20 +++++
 core/tools/build_vendorheader                 | 74 ++++---------------
 .../trezorlib/_internal/firmware_headers.py   |  2 +-
 5 files changed, 65 insertions(+), 68 deletions(-)
 create mode 100644 core/embed/vendorheader/vendor_satoshilabs.json
 create mode 100644 core/embed/vendorheader/vendor_unsafe.json

diff --git a/core/embed/vendorheader/generate.sh b/core/embed/vendorheader/generate.sh
index 0f78b25d7..c566911c5 100755
--- a/core/embed/vendorheader/generate.sh
+++ b/core/embed/vendorheader/generate.sh
@@ -1,13 +1,12 @@
-BINCTL=../../tools/binctl
-KEYCTL=../../tools/keyctl
 BUILDVH=../../tools/build_vendorheader
+BINCTL=../../tools/headertool.py
 
-# construct the default unsafe vendor header
-$BUILDVH e28a8970753332bd72fef413e6b0b2ef1b4aadda7aa2c141f233712a6876b351:d4eec1869fb1b8a4e817516ad5a931557cb56805c3eb16e8f3a803d647df7869:772c8a442b7db06e166cfbc1ccbcbcde6f3eba76a4e98ef3ffc519502237d6ef 2 0.0 xxx...x "UNSAFE, DO NOT USE!" vendor_unsafe.toif vendorheader_unsafe_unsigned.bin
+# construct all vendor headers
+for fn in *.json; do
+    name=$(echo $fn | sed 's/vendor_\(.*\)\.json/\1/')
+    $BUILDVH vendor_${name}.json vendor_${name}.toif vendorheader_${name}_unsigned.bin
+done
 
-# sign the default unsafe vendor header using development keys
+# sign dev vendor header
 cp -a vendorheader_unsafe_unsigned.bin vendorheader_unsafe_signed_dev.bin
-$BINCTL vendorheader_unsafe_signed_dev.bin -s 1:2 `$KEYCTL sign vendorheader vendorheader_unsafe_signed_dev.bin 4444444444444444444444444444444444444444444444444444444444444444 4545454545454545454545454545454545454545454545454545454545454545`
-
-# construct SatoshiLabs vendor header
-$BUILDVH 47fbdc84d8abef44fe6abde8f87b6ead821b7082ec63b9f7cc33dc53bf6c708d:9af22a52ab47a93091403612b3d6731a2dfef8a33383048ed7556a20e8b03c81:2218c25f8ba70c82eba8ed6a321df209c0a7643d014f33bf9317846f62923830 2 0.0 ....... SatoshiLabs vendor_satoshilabs.toif vendorheader_satoshilabs_unsigned.bin
+$BINCTL -D vendorheader_unsafe_signed_dev.bin
diff --git a/core/embed/vendorheader/vendor_satoshilabs.json b/core/embed/vendorheader/vendor_satoshilabs.json
new file mode 100644
index 000000000..7c4c6f456
--- /dev/null
+++ b/core/embed/vendorheader/vendor_satoshilabs.json
@@ -0,0 +1,20 @@
+{
+    "text": "SatoshiLabs",
+    "expiry": 0,
+    "version": {
+        "major": 0,
+        "minor": 0
+    },
+    "sig_m": 2,
+    "trust": {
+        "show_vendor_string": false,
+        "require_user_click": false,
+        "red_background": false,
+        "delay": 0
+    },
+    "pubkeys": [
+        "47fbdc84d8abef44fe6abde8f87b6ead821b7082ec63b9f7cc33dc53bf6c708d",
+        "9af22a52ab47a93091403612b3d6731a2dfef8a33383048ed7556a20e8b03c81",
+        "2218c25f8ba70c82eba8ed6a321df209c0a7643d014f33bf9317846f62923830"
+    ]
+}
diff --git a/core/embed/vendorheader/vendor_unsafe.json b/core/embed/vendorheader/vendor_unsafe.json
new file mode 100644
index 000000000..e7af4710e
--- /dev/null
+++ b/core/embed/vendorheader/vendor_unsafe.json
@@ -0,0 +1,20 @@
+{
+    "text": "UNSAFE, DO NOT USE!",
+    "expiry": 0,
+    "version": {
+        "major": 0,
+        "minor": 0
+    },
+    "sig_m": 2,
+    "trust": {
+        "show_vendor_string": true,
+        "require_user_click": true,
+        "red_background": true,
+        "delay": 1
+    },
+    "pubkeys": [
+        "e28a8970753332bd72fef413e6b0b2ef1b4aadda7aa2c141f233712a6876b351",
+        "d4eec1869fb1b8a4e817516ad5a931557cb56805c3eb16e8f3a803d647df7869",
+        "772c8a442b7db06e166cfbc1ccbcbcde6f3eba76a4e98ef3ffc519502237d6ef"
+    ]
+}
diff --git a/core/tools/build_vendorheader b/core/tools/build_vendorheader
index 0658ff78e..be085c121 100755
--- a/core/tools/build_vendorheader
+++ b/core/tools/build_vendorheader
@@ -1,65 +1,23 @@
 #!/usr/bin/env python3
-import sys
-import struct
-import binascii
+import json
 
+import click
 
-# encode vendor name, add length byte and padding to multiple of 4
-def encode_vendor(vname):
-    vbin = vname.encode()
-    vbin = struct.pack("<B", len(vbin)) + vbin
-    vbin += b"\0" * (-len(vbin) & 3)
-    return vbin
+from trezorlib import firmware
 
 
-def encode_pubkey(pubkey):
-    if len(pubkey) != 64:
-        raise Exception("Wrong public key length")
-    return binascii.unhexlify(pubkey)
+@click.command()
+@click.argument("specfile", type=click.File("r"))
+@click.argument("image", type=click.File("rb"))
+@click.argument("outfile", type=click.File("wb"))
+def build_vendorheader(specfile, image, outfile):
+    spec = json.load(specfile)
+    spec["pubkeys"] = [bytes.fromhex(k) for k in spec["pubkeys"]]
+    spec["image"] = firmware.Toif.parse(image.read())
+    spec["sigmask"] = 0
+    spec["signature"] = b"\x00" * 64
+    outfile.write(firmware.VendorHeader.build(spec))
 
 
-def decode_vtrust(vtrust):
-    t = 0xFFFF
-    for i, b in enumerate(reversed(vtrust)):
-        if b != ".":
-            t &= ~(1 << i)
-    return t
-
-
-def main():
-    if len(sys.argv) < 7:
-        print(
-            'Usage build_vendorheader "pubkey1hex:pubkey2hex:..." m version vendortrust vendorname vendorimage.toif vendorheader.bin'
-        )
-        return 1
-
-    keys = [encode_pubkey(x) for x in sys.argv[1].split(":")]
-    m = int(sys.argv[2])
-    (vmajor, vminor) = [int(x) for x in sys.argv[3].split(".")]
-    vtrust = decode_vtrust(sys.argv[4])
-    vname = sys.argv[5]
-    ifn = sys.argv[6]
-    ofn = sys.argv[7]
-    if not ifn.endswith(".toif"):
-        print("Must provide TOIF file")
-        return 2
-
-    expiry = 0
-    vheader = b"TRZV" + struct.pack(
-        "<IIBBBBH", 0, expiry, vmajor, vminor, m, len(keys), vtrust
-    )
-    vheader += 14 * b"\0"
-    for k in keys:
-        vheader += k
-    vheader += encode_vendor(vname) + open(ifn, "rb").read()
-    padding = 65 + (-len(vheader) - 65) & 511
-    vheader += b"\0" * padding
-
-    # put in length
-    vheader = vheader[0:4] + struct.pack("<I", len(vheader)) + vheader[8:]
-
-    with open(ofn, "wb") as f:
-        f.write(vheader)
-
-
-main()
+if __name__ == "__main__":
+    build_vendorheader()
diff --git a/python/src/trezorlib/_internal/firmware_headers.py b/python/src/trezorlib/_internal/firmware_headers.py
index cf6e6daab..14843365e 100644
--- a/python/src/trezorlib/_internal/firmware_headers.py
+++ b/python/src/trezorlib/_internal/firmware_headers.py
@@ -173,7 +173,7 @@ class SignableImage:
         raise NotImplementedError
 
     def rehash(self) -> None:
-        raise NotImplementedError
+        pass
 
     def insert_signature(self, signature: bytes, sigmask: int) -> None:
         self.header.signature = signature