1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-01-14 17:31:04 +00:00

fix(core/bootloader): do not use insecure LCG PRNG. Change insecure PRNG to be opt-in, not opt-out

This commit is contained in:
Ondrej Mikle 2023-03-20 15:56:57 +01:00 committed by matejcik
parent 12eb192b3f
commit a5f7c19f7e
7 changed files with 11 additions and 6 deletions

View File

@ -49,8 +49,9 @@ CPPDEFINES_MOD += [
'ED25519_NO_PRECOMP', 'ED25519_NO_PRECOMP',
'TREZOR_UI2', 'TREZOR_UI2',
'USE_RUST_LOADER', 'USE_RUST_LOADER',
'FANCY_FATAL_ERROR' 'FANCY_FATAL_ERROR',
] ]
SOURCE_MOD += [ SOURCE_MOD += [
'vendor/trezor-crypto/blake2s.c', 'vendor/trezor-crypto/blake2s.c',
'vendor/trezor-crypto/chacha_drbg.c', 'vendor/trezor-crypto/chacha_drbg.c',
@ -77,6 +78,7 @@ SOURCE_MOD += [
'embed/extmod/modtrezorui/display.c', 'embed/extmod/modtrezorui/display.c',
'embed/extmod/modtrezorui/fonts/fonts.c', 'embed/extmod/modtrezorui/fonts/fonts.c',
'embed/extmod/modtrezorui/fonts/font_bitmap.c', 'embed/extmod/modtrezorui/fonts/font_bitmap.c',
'embed/extmod/modtrezorcrypto/rand.c',
'vendor/micropython/lib/uzlib/adler32.c', 'vendor/micropython/lib/uzlib/adler32.c',
'vendor/micropython/lib/uzlib/crc32.c', 'vendor/micropython/lib/uzlib/crc32.c',
'vendor/micropython/lib/uzlib/tinflate.c', 'vendor/micropython/lib/uzlib/tinflate.c',

View File

@ -71,6 +71,7 @@ SOURCE_MOD += [
'embed/extmod/modtrezorui/colors.c', 'embed/extmod/modtrezorui/colors.c',
'embed/extmod/modtrezorui/fonts/fonts.c', 'embed/extmod/modtrezorui/fonts/fonts.c',
'embed/extmod/modtrezorui/fonts/font_bitmap.c', 'embed/extmod/modtrezorui/fonts/font_bitmap.c',
'embed/extmod/modtrezorcrypto/rand.c',
'vendor/micropython/lib/uzlib/adler32.c', 'vendor/micropython/lib/uzlib/adler32.c',
'vendor/micropython/lib/uzlib/crc32.c', 'vendor/micropython/lib/uzlib/crc32.c',
'vendor/micropython/lib/uzlib/tinflate.c', 'vendor/micropython/lib/uzlib/tinflate.c',

View File

@ -61,7 +61,6 @@ CPPPATH_MOD += [
CPPDEFINES_MOD += [ CPPDEFINES_MOD += [
'AES_128', 'AES_128',
'AES_192', 'AES_192',
'RAND_PLATFORM_INDEPENDENT',
('USE_BIP32_CACHE', '0'), ('USE_BIP32_CACHE', '0'),
('USE_KECCAK', '1'), ('USE_KECCAK', '1'),
('USE_ETHEREUM', '1' if EVERYTHING else '0'), ('USE_ETHEREUM', '1' if EVERYTHING else '0'),

View File

@ -10,7 +10,9 @@ FEATURES_WANTED = ["input", "sbu", "sdcard", "rdb_led"]
CCFLAGS_MOD = '' CCFLAGS_MOD = ''
CPPPATH_MOD = [] CPPPATH_MOD = []
CPPDEFINES_MOD = [] CPPDEFINES_MOD = [
'USE_INSECURE_PRNG',
]
SOURCE_MOD = [] SOURCE_MOD = []
if TREZOR_MODEL in ('1', 'R'): if TREZOR_MODEL in ('1', 'R'):

View File

@ -55,6 +55,7 @@ CPPPATH_MOD += [
CPPDEFINES_MOD += [ CPPDEFINES_MOD += [
'AES_128', 'AES_128',
'AES_192', 'AES_192',
'USE_INSECURE_PRNG',
('USE_BIP32_CACHE', '0'), ('USE_BIP32_CACHE', '0'),
('USE_KECCAK', '1'), ('USE_KECCAK', '1'),
('USE_ETHEREUM', '1' if EVERYTHING else '0'), ('USE_ETHEREUM', '1' if EVERYTHING else '0'),

View File

@ -23,7 +23,7 @@
#include "rand.h" #include "rand.h"
#ifndef RAND_PLATFORM_INDEPENDENT #ifdef USE_INSECURE_PRNG
#pragma message( \ #pragma message( \
"NOT SUITABLE FOR PRODUCTION USE! Replace random32() function with your own secure code.") "NOT SUITABLE FOR PRODUCTION USE! Replace random32() function with your own secure code.")
@ -48,7 +48,7 @@ uint32_t random32(void) {
return seed; return seed;
} }
#endif /* RAND_PLATFORM_INDEPENDENT */ #endif /* USE_INSECURE_PRNG */
// //
// The following code is platform independent // The following code is platform independent

View File

@ -104,6 +104,7 @@ CFLAGS += -DHW_REVISION=0
ifeq ($(EMULATOR),1) ifeq ($(EMULATOR),1)
CFLAGS += -DEMULATOR=1 CFLAGS += -DEMULATOR=1
CFLAGS += -DUSE_INSECURE_PRNG=1
CFLAGS += -include $(TOP_DIR)emulator/emulator.h CFLAGS += -include $(TOP_DIR)emulator/emulator.h
CFLAGS += -include stdio.h CFLAGS += -include stdio.h
@ -125,7 +126,6 @@ LDSCRIPT = $(TOP_DIR)/memory.ld
endif endif
CFLAGS += -DEMULATOR=0 CFLAGS += -DEMULATOR=0
CFLAGS += -DRAND_PLATFORM_INDEPENDENT=1
LDFLAGS += --static \ LDFLAGS += --static \
-Wl,--start-group \ -Wl,--start-group \