diff --git a/core/embed/boardloader/main.c b/core/embed/boardloader/main.c index 47eed64d73..ea1a00d9b5 100644 --- a/core/embed/boardloader/main.c +++ b/core/embed/boardloader/main.c @@ -38,6 +38,9 @@ #ifdef USE_SDRAM #include "sdram.h" #endif +#ifdef USE_HASH_PROCESSOR +#include "hash_processor.h" +#endif #include "lowlevel.h" #include "model.h" @@ -266,6 +269,10 @@ int main(void) { sdram_init(); #endif +#ifdef USE_HASH_PROCESSOR + hash_processor_init(); +#endif + display_init(); display_clear(); diff --git a/core/embed/bootloader/main.c b/core/embed/bootloader/main.c index 307d77cce1..c87780bf5d 100644 --- a/core/embed/bootloader/main.c +++ b/core/embed/bootloader/main.c @@ -55,6 +55,10 @@ #ifdef USE_RGB_LED #include "rgb_led.h" #endif +#ifdef USE_HASH_PROCESSOR +#include "hash_processor.h" +#endif + #include "model.h" #include "usb.h" #include "version.h" @@ -418,6 +422,10 @@ int bootloader_main(void) { } #endif +#ifdef USE_HASH_PROCESSOR + hash_processor_init(); +#endif + #ifdef USE_DMA2D dma2d_init(); #endif diff --git a/core/embed/bootloader/messages.c b/core/embed/bootloader/messages.c index dcae074037..76fa4d5f78 100644 --- a/core/embed/bootloader/messages.c +++ b/core/embed/bootloader/messages.c @@ -599,12 +599,12 @@ int process_msg_FirmwareUpload(uint8_t iface_num, uint32_t msg_size, secbool is_ilu = secfalse; // interaction-less update if (bootargs_get_command() == BOOT_COMMAND_INSTALL_UPGRADE) { - BLAKE2S_CTX ctx; - uint8_t hash[BLAKE2S_DIGEST_LENGTH]; - blake2s_Init(&ctx, BLAKE2S_DIGEST_LENGTH); - blake2s_Update(&ctx, CHUNK_BUFFER_PTR, - vhdr.hdrlen + received_hdr->hdrlen); - blake2s_Final(&ctx, hash, BLAKE2S_DIGEST_LENGTH); + IMAGE_HASH_CTX ctx; + uint8_t hash[IMAGE_HASH_DIGEST_LENGTH]; + IMAGE_HASH_INIT(&ctx); + IMAGE_HASH_UPDATE(&ctx, CHUNK_BUFFER_PTR, + vhdr.hdrlen + received_hdr->hdrlen); + IMAGE_HASH_FINAL(&ctx, hash); // the firmware must be the same as confirmed by the user if (memcmp(bootargs_get_args()->hash, hash, sizeof(hash)) != 0) { diff --git a/core/embed/bootloader_ci/main.c b/core/embed/bootloader_ci/main.c index 6ad597d6bb..40c56d58a9 100644 --- a/core/embed/bootloader_ci/main.c +++ b/core/embed/bootloader_ci/main.c @@ -39,6 +39,11 @@ #include "bootui.h" #include "messages.h" #include "model.h" + +#ifdef USE_HASH_PROCESSOR +#include "hash_processor.h" +#endif + // #include "mpu.h" #define USB_IFACE_NUM 0 @@ -207,6 +212,10 @@ int main(void) { touch_power_on(); #endif +#ifdef USE_HASH_PROCESSOR + hash_processor_init(); +#endif + mpu_config_bootloader(); #if PRODUCTION diff --git a/core/embed/firmware/main.c b/core/embed/firmware/main.c index 878049408d..db1d244eb9 100644 --- a/core/embed/firmware/main.c +++ b/core/embed/firmware/main.c @@ -74,6 +74,10 @@ #ifdef USE_SD_CARD #include "sdcard.h" #endif +#ifdef USE_HASH_PROCESSOR +#include "hash_processor.h" +#endif + #ifdef USE_OPTIGA #include "optiga_commands.h" #include "optiga_transport.h" @@ -120,6 +124,10 @@ int main(void) { enable_systemview(); #endif +#ifdef USE_HASH_PROCESSOR + hash_processor_init(); +#endif + #ifdef USE_DMA2D dma2d_init(); #endif diff --git a/core/embed/lib/image.c b/core/embed/lib/image.c index 3b15ef6db5..b2bce0f5ad 100644 --- a/core/embed/lib/image.c +++ b/core/embed/lib/image.c @@ -19,7 +19,6 @@ #include -#include "blake2s.h" #include "ed25519-donna/ed25519.h" #include "common.h" @@ -120,13 +119,13 @@ secbool check_image_model(const image_header *const hdr) { } void get_image_fingerprint(const image_header *const hdr, uint8_t *const out) { - BLAKE2S_CTX ctx; - blake2s_Init(&ctx, BLAKE2S_DIGEST_LENGTH); - blake2s_Update(&ctx, hdr, IMAGE_HEADER_SIZE - IMAGE_SIG_SIZE); + IMAGE_HASH_CTX ctx; + IMAGE_HASH_INIT(&ctx); + IMAGE_HASH_UPDATE(&ctx, (uint8_t *)hdr, IMAGE_HEADER_SIZE - IMAGE_SIG_SIZE); for (int i = 0; i < IMAGE_SIG_SIZE; i++) { - blake2s_Update(&ctx, (const uint8_t *)"\x00", 1); + IMAGE_HASH_UPDATE(&ctx, (const uint8_t *)"\x00", 1); } - blake2s_Final(&ctx, out, BLAKE2S_DIGEST_LENGTH); + IMAGE_HASH_FINAL(&ctx, out); } secbool check_image_header_sig(const image_header *const hdr, uint8_t key_m, @@ -141,7 +140,7 @@ secbool check_image_header_sig(const image_header *const hdr, uint8_t key_m, return secfalse; return sectrue * - (0 == ed25519_sign_open(fingerprint, BLAKE2S_DIGEST_LENGTH, pub, + (0 == ed25519_sign_open(fingerprint, IMAGE_HASH_DIGEST_LENGTH, pub, *(const ed25519_signature *)hdr->sig)); } @@ -199,21 +198,21 @@ secbool check_vendor_header_sig(const vendor_header *const vhdr, uint8_t key_m, // check header signature - uint8_t hash[BLAKE2S_DIGEST_LENGTH]; - BLAKE2S_CTX ctx; - blake2s_Init(&ctx, BLAKE2S_DIGEST_LENGTH); - blake2s_Update(&ctx, vhdr->origin, vhdr->hdrlen - IMAGE_SIG_SIZE); + uint8_t hash[IMAGE_HASH_DIGEST_LENGTH]; + IMAGE_HASH_CTX ctx; + IMAGE_HASH_INIT(&ctx); + IMAGE_HASH_UPDATE(&ctx, vhdr->origin, vhdr->hdrlen - IMAGE_SIG_SIZE); for (int i = 0; i < IMAGE_SIG_SIZE; i++) { - blake2s_Update(&ctx, (const uint8_t *)"\x00", 1); + IMAGE_HASH_UPDATE(&ctx, (const uint8_t *)"\x00", 1); } - blake2s_Final(&ctx, hash, BLAKE2S_DIGEST_LENGTH); + IMAGE_HASH_FINAL(&ctx, hash); ed25519_public_key pub; if (sectrue != compute_pubkey(key_m, key_n, keys, vhdr->sigmask, pub)) return secfalse; return sectrue * - (0 == ed25519_sign_open(hash, BLAKE2S_DIGEST_LENGTH, pub, + (0 == ed25519_sign_open(hash, IMAGE_HASH_DIGEST_LENGTH, pub, *(const ed25519_signature *)vhdr->sig)); } @@ -223,20 +222,22 @@ secbool check_vendor_header_keys(const vendor_header *const vhdr) { } void vendor_header_hash(const vendor_header *const vhdr, uint8_t *hash) { - BLAKE2S_CTX ctx; - blake2s_Init(&ctx, BLAKE2S_DIGEST_LENGTH); - blake2s_Update(&ctx, vhdr->vstr, vhdr->vstr_len); - blake2s_Update(&ctx, "Trezor Vendor Header", 20); - blake2s_Final(&ctx, hash, BLAKE2S_DIGEST_LENGTH); + IMAGE_HASH_CTX ctx; + IMAGE_HASH_INIT(&ctx); + IMAGE_HASH_UPDATE(&ctx, (const uint8_t *)vhdr->vstr, vhdr->vstr_len); + IMAGE_HASH_UPDATE(&ctx, (const uint8_t *)"Trezor Vendor Header", 20); + IMAGE_HASH_FINAL(&ctx, hash); } secbool check_single_hash(const uint8_t *const hash, const uint8_t *const data, int len) { - uint8_t h[BLAKE2S_DIGEST_LENGTH]; - blake2s(data, len, h, BLAKE2S_DIGEST_LENGTH); - return sectrue * (0 == memcmp(h, hash, BLAKE2S_DIGEST_LENGTH)); + uint8_t s_c[IMAGE_HASH_DIGEST_LENGTH] = {0}; + + IMAGE_HASH_CALC(data, len, s_c); + + return sectrue * (0 == memcmp(s_c, hash, IMAGE_HASH_DIGEST_LENGTH)); } -// + secbool check_image_contents(const image_header *const hdr, uint32_t firstskip, const flash_area_t *area) { if (0 == area) { @@ -340,10 +341,7 @@ secbool check_firmware_header(const uint8_t *header, size_t header_size, get_image_fingerprint(ihdr, info->fingerprint); // calculate hash of both vendor and image headers - BLAKE2S_CTX ctx; - blake2s_Init(&ctx, BLAKE2S_DIGEST_LENGTH); - blake2s_Update(&ctx, header, vhdr.hdrlen + ihdr->hdrlen); - blake2s_Final(&ctx, &info->hash, BLAKE2S_DIGEST_LENGTH); + IMAGE_HASH_CALC(header, vhdr.hdrlen + ihdr->hdrlen, info->hash); return sectrue; } diff --git a/core/embed/lib/image.h b/core/embed/lib/image.h index 326b4bb524..bb6c58a396 100644 --- a/core/embed/lib/image.h +++ b/core/embed/lib/image.h @@ -23,6 +23,7 @@ #include #include "blake2s.h" #include "flash.h" +#include "image_hash_conf.h" #include "model.h" #include "secbool.h" @@ -90,9 +91,9 @@ typedef struct { uint8_t ver_patch; uint8_t ver_build; // firmware fingerprint - uint8_t fingerprint[BLAKE2S_DIGEST_LENGTH]; + uint8_t fingerprint[IMAGE_HASH_DIGEST_LENGTH]; // hash of vendor and image header - uint8_t hash[BLAKE2S_DIGEST_LENGTH]; + uint8_t hash[IMAGE_HASH_DIGEST_LENGTH]; } firmware_header_info_t; const image_header *read_image_header(const uint8_t *const data, diff --git a/core/embed/lib/image_hash_conf.h b/core/embed/lib/image_hash_conf.h new file mode 100644 index 0000000000..1fab5efabd --- /dev/null +++ b/core/embed/lib/image_hash_conf.h @@ -0,0 +1,41 @@ +#ifndef LIB_IMAGE_HASH_H_ +#define LIB_IMAGE_HASH_H_ + +#include "model.h" +#include TREZOR_BOARD + +#ifdef IMAGE_HASH_SHA256 +#include "sha2.h" +#define IMAGE_HASH_DIGEST_LENGTH SHA256_DIGEST_LENGTH +#ifdef USE_HASH_PROCESSOR +#include "hash_processor.h" +#define IMAGE_HASH_CTX hash_sha265_context_t +#define IMAGE_HASH_INIT(ctx) hash_processor_sha256_init(ctx) +#define IMAGE_HASH_UPDATE(ctx, data, len) \ + hash_processor_sha256_update(ctx, data, len) +#define IMAGE_HASH_FINAL(ctx, output) hash_processor_sha256_final(ctx, output) +#define IMAGE_HASH_CALC(data, len, output) \ + hash_processor_sha256_calc(data, len, output) +#else +#define IMAGE_HASH_CTX SHA256_CTX +#define IMAGE_HASH_INIT(ctx) sha256_Init(ctx) +#define IMAGE_HASH_UPDATE(ctx, data, len) sha256_Update(ctx, data, len) +#define IMAGE_HASH_FINAL(ctx, output) sha256_Final(ctx, output) +#define IMAGE_HASH_CALC(data, len, output) sha256_Raw(data, len, output) +#endif + +#elif defined IMAGE_HASH_BLAKE2S +#include "blake2s.h" +#define IMAGE_HASH_DIGEST_LENGTH BLAKE2S_DIGEST_LENGTH +#define IMAGE_HASH_CTX BLAKE2S_CTX +#define IMAGE_HASH_INIT(ctx) blake2s_Init(ctx, BLAKE2S_DIGEST_LENGTH) +#define IMAGE_HASH_UPDATE(ctx, data, len) blake2s_Update(ctx, data, len) +#define IMAGE_HASH_FINAL(ctx, output) \ + blake2s_Final(ctx, output, BLAKE2S_DIGEST_LENGTH) +#define IMAGE_HASH_CALC(data, len, output) \ + blake2s(data, len, output, BLAKE2S_DIGEST_LENGTH) +#else +#error "IMAGE_HASH_SHA256 or IMAGE_HASH_BLAKE2S must be defined" +#endif + +#endif diff --git a/core/embed/models/model_D001.h b/core/embed/models/model_D001.h index def874fc33..6c52dbc5bc 100644 --- a/core/embed/models/model_D001.h +++ b/core/embed/models/model_D001.h @@ -24,6 +24,7 @@ #define FIRMWARE_START 0x08040000 #define IMAGE_CHUNK_SIZE (128 * 1024) +#define IMAGE_HASH_BLAKE2S #define BOOTLOADER_IMAGE_MAXSIZE (128 * 1024 * 1) // 128 KB #define FIRMWARE_IMAGE_MAXSIZE (128 * 1024 * 13) // 1664 KB #define NORCOW_SECTOR_SIZE (64 * 1024) diff --git a/core/embed/models/model_D002.h b/core/embed/models/model_D002.h index 7b4b52f00a..e8c9c68785 100644 --- a/core/embed/models/model_D002.h +++ b/core/embed/models/model_D002.h @@ -27,6 +27,7 @@ #define FIRMWARE_START 0x0C050000 #define IMAGE_CHUNK_SIZE SIZE_256K +#define IMAGE_HASH_SHA256 #define BOOTLOADER_IMAGE_MAXSIZE SIZE_128K #define FIRMWARE_IMAGE_MAXSIZE SIZE_3712K #define NORCOW_SECTOR_SIZE SIZE_64K diff --git a/core/embed/models/model_T1B1.h b/core/embed/models/model_T1B1.h index 4349803e56..1138d43836 100644 --- a/core/embed/models/model_T1B1.h +++ b/core/embed/models/model_T1B1.h @@ -11,6 +11,7 @@ #define FIRMWARE_START 0x08010000 #define IMAGE_CHUNK_SIZE (64 * 1024) +#define IMAGE_HASH_SHA256 #define BOOTLOADER_IMAGE_MAXSIZE (32 * 1024 * 1) // 32 KB #define FIRMWARE_IMAGE_MAXSIZE (64 * 1024 * 15) // 960 KB #define NORCOW_SECTOR_SIZE (16 * 1024) diff --git a/core/embed/models/model_T2B1.h b/core/embed/models/model_T2B1.h index 460bb372cd..cd27202be9 100644 --- a/core/embed/models/model_T2B1.h +++ b/core/embed/models/model_T2B1.h @@ -24,6 +24,7 @@ #define FIRMWARE_START 0x08040000 #define IMAGE_CHUNK_SIZE (128 * 1024) +#define IMAGE_HASH_BLAKE2S #define BOOTLOADER_IMAGE_MAXSIZE (128 * 1024 * 1) // 128 KB #define FIRMWARE_IMAGE_MAXSIZE (128 * 1024 * 13) // 1664 KB #define NORCOW_SECTOR_SIZE (64 * 1024) diff --git a/core/embed/models/model_T2T1.h b/core/embed/models/model_T2T1.h index d632951d00..4c74521485 100644 --- a/core/embed/models/model_T2T1.h +++ b/core/embed/models/model_T2T1.h @@ -24,6 +24,7 @@ #define FIRMWARE_START 0x08040000 #define IMAGE_CHUNK_SIZE (128 * 1024) +#define IMAGE_HASH_BLAKE2S #define BOOTLOADER_IMAGE_MAXSIZE (128 * 1024 * 1) // 128 KB #define FIRMWARE_IMAGE_MAXSIZE (128 * 1024 * 13) // 1664 KB #define NORCOW_SECTOR_SIZE (64 * 1024) diff --git a/core/embed/models/model_T3T1.h b/core/embed/models/model_T3T1.h index 0091f3628c..e4f7241a54 100644 --- a/core/embed/models/model_T3T1.h +++ b/core/embed/models/model_T3T1.h @@ -26,6 +26,7 @@ #define FIRMWARE_START 0x0C050000 #define IMAGE_CHUNK_SIZE (128 * 1024) +#define IMAGE_HASH_SHA256 #define BOOTLOADER_IMAGE_MAXSIZE (128 * 1024 * 1) // 128 KB #define FIRMWARE_IMAGE_MAXSIZE (128 * 1024 * 13) // 1664 KB #define NORCOW_SECTOR_SIZE (64 * 1024) diff --git a/core/embed/prodtest/main.c b/core/embed/prodtest/main.c index c8978462f5..07e5ce5c6b 100644 --- a/core/embed/prodtest/main.c +++ b/core/embed/prodtest/main.c @@ -48,6 +48,10 @@ #include "optiga_transport.h" #endif +#ifdef USE_HASH_PROCESSOR +#include "hash_processor.h" +#endif + #include "memzero.h" #ifdef STM32U5 @@ -553,6 +557,9 @@ int main(void) { display_reinit(); display_orientation(0); random_delays_init(); +#ifdef USE_HASH_PROCESSOR + hash_processor_init(); +#endif #ifdef USE_SD_CARD sdcard_init(); #endif diff --git a/core/embed/reflash/main.c b/core/embed/reflash/main.c index d1f266d62e..1c00bf336e 100644 --- a/core/embed/reflash/main.c +++ b/core/embed/reflash/main.c @@ -34,6 +34,10 @@ #include "secbool.h" #include "touch.h" +#ifdef USE_HASH_PROCESSOR +#include "hash_processor.h" +#endif + static void progress_callback(int pos, int len) { term_printf("."); } static void flash_from_sdcard(const flash_area_t* area, uint32_t source, @@ -66,6 +70,10 @@ int main(void) { sdcard_init(); touch_init(); +#ifdef USE_HASH_PROCESSOR + hash_processor_init(); +#endif + display_orientation(0); display_clear(); display_backlight(255); diff --git a/core/embed/trezorhal/boards/stm32u5a9j-dk.h b/core/embed/trezorhal/boards/stm32u5a9j-dk.h index 59f86ad3a4..3ff3673ee6 100644 --- a/core/embed/trezorhal/boards/stm32u5a9j-dk.h +++ b/core/embed/trezorhal/boards/stm32u5a9j-dk.h @@ -9,6 +9,7 @@ #define USE_TOUCH 1 //#define USE_SBU 1 //#define USE_DISP_I8080_8BIT_DW 1 +#define USE_HASH_PROCESSOR 1 #include "displays/dsi.h" diff --git a/core/embed/trezorhal/boards/trezor_t3t1_v4.h b/core/embed/trezorhal/boards/trezor_t3t1_v4.h index 836acd9edf..cf4ea3fa40 100644 --- a/core/embed/trezorhal/boards/trezor_t3t1_v4.h +++ b/core/embed/trezorhal/boards/trezor_t3t1_v4.h @@ -15,6 +15,7 @@ #define USE_DISP_I8080_8BIT_DW 1 #define USE_HAPTIC 1 #define USE_BACKLIGHT 1 +#define USE_HASH_PROCESSOR 1 #include "displays/panels/lx154a2422.h" #include "displays/st7789v.h" diff --git a/core/embed/trezorhal/hash_processor.h b/core/embed/trezorhal/hash_processor.h new file mode 100644 index 0000000000..1ebc9bb94d --- /dev/null +++ b/core/embed/trezorhal/hash_processor.h @@ -0,0 +1,33 @@ +#ifndef TREZORHAL_HASH_PROCESSOR_H_ +#define TREZORHAL_HASH_PROCESSOR_H_ + +#include + +#define HASH_SHA256_BUFFER_SIZE 4 + +typedef struct { + uint32_t length; /*!< nb bytes in buffer */ + uint8_t buffer[HASH_SHA256_BUFFER_SIZE]; /*!< data being processed */ +} hash_sha265_context_t; + +// Initialize the hash processor +void hash_processor_init(void); + +// Calculate SHA256 hash of data +// for best performance, data should be 32-bit aligned - as this allows DMA to +// be used +void hash_processor_sha256_calc(const uint8_t *data, uint32_t len, + uint8_t *hash); + +// Initialize the hash context +// This serves for calculating hashes of multiple data blocks +void hash_processor_sha256_init(hash_sha265_context_t *ctx); + +// Feed the hash next chunk of data +void hash_processor_sha256_update(hash_sha265_context_t *ctx, + const uint8_t *data, uint32_t len); + +// Finalize the hash calculation, retrieve the digest +void hash_processor_sha256_final(hash_sha265_context_t *ctx, uint8_t *output); + +#endif diff --git a/core/embed/trezorhal/stm32u5/hash_processor.c b/core/embed/trezorhal/stm32u5/hash_processor.c new file mode 100644 index 0000000000..390b2426b1 --- /dev/null +++ b/core/embed/trezorhal/stm32u5/hash_processor.c @@ -0,0 +1,132 @@ +#include "hash_processor.h" +#include +#include +#include STM32_HAL_H +#include "irq.h" +#include "memzero.h" +#include "sha2.h" + +HASH_HandleTypeDef hhash = {0}; +DMA_HandleTypeDef DMA_Handle = {0}; + +void hash_processor_init(void) { + __HAL_RCC_HASH_CLK_ENABLE(); + __HAL_RCC_GPDMA1_CLK_ENABLE(); + + hhash.Init.DataType = HASH_DATATYPE_8B; + hhash.hdmain = &DMA_Handle; + HAL_HASH_Init(&hhash); + + /* USER CODE END GPDMA1_Init 1 */ + DMA_Handle.Instance = GPDMA1_Channel12; + DMA_Handle.Init.Request = GPDMA1_REQUEST_HASH_IN; + DMA_Handle.Init.BlkHWRequest = DMA_BREQ_SINGLE_BURST; + DMA_Handle.Init.Direction = DMA_MEMORY_TO_PERIPH; + DMA_Handle.Init.SrcInc = DMA_SINC_INCREMENTED; + DMA_Handle.Init.DestInc = DMA_DINC_FIXED; + DMA_Handle.Init.SrcDataWidth = DMA_SRC_DATAWIDTH_WORD; + DMA_Handle.Init.DestDataWidth = DMA_DEST_DATAWIDTH_WORD; + DMA_Handle.Init.Priority = DMA_LOW_PRIORITY_HIGH_WEIGHT; + DMA_Handle.Init.SrcBurstLength = 1; + DMA_Handle.Init.DestBurstLength = 4; + DMA_Handle.Init.TransferAllocatedPort = + DMA_SRC_ALLOCATED_PORT1 | DMA_DEST_ALLOCATED_PORT0; + DMA_Handle.Init.TransferEventMode = DMA_TCEM_BLOCK_TRANSFER; + DMA_Handle.Init.Mode = DMA_NORMAL; + HAL_DMA_Init(&DMA_Handle); + HAL_DMA_ConfigChannelAttributes(&DMA_Handle, DMA_CHANNEL_SEC | + DMA_CHANNEL_SRC_SEC | + DMA_CHANNEL_DEST_SEC); + + DMA_Handle.Parent = &hhash; + + HAL_NVIC_SetPriority(GPDMA1_Channel12_IRQn, IRQ_PRI_DMA, 0); + HAL_NVIC_EnableIRQ(GPDMA1_Channel12_IRQn); +} + +void GPDMA1_Channel12_IRQHandler(void) { HAL_DMA_IRQHandler(&DMA_Handle); } + +static void hash_processor_sha256_calc_dma(const uint8_t *data, uint32_t len, + uint8_t *hash) { + while (len > 0) { + uint32_t chunk = len > 0x8000 ? 0x8000 : len; + bool last = (len - chunk) <= 0; + + __HAL_HASH_SET_MDMAT(); + + HAL_HASHEx_SHA256_Start_DMA(&hhash, (uint8_t *)data, chunk); + while (HAL_HASH_GetState(&hhash) != HAL_HASH_STATE_READY) + ; + + if (last) { + HASH->STR |= HASH_STR_DCAL; + HAL_HASHEx_SHA256_Finish(&hhash, hash, 1000); + } + data += chunk; + len -= chunk; + } +} + +void hash_processor_sha256_calc(const uint8_t *data, uint32_t len, + uint8_t *hash) { + if (((uint32_t)data & 0x3) == 0) { + hash_processor_sha256_calc_dma(data, len, hash); + } else { + HAL_HASHEx_SHA256_Start(&hhash, (uint8_t *)data, len, hash, 1000); + } +} + +void hash_processor_sha256_init(hash_sha265_context_t *ctx) { + memzero(ctx, sizeof(hash_sha265_context_t)); +} + +void hash_processor_sha256_update(hash_sha265_context_t *ctx, + const uint8_t *data, uint32_t len) { + if (ctx->length > 0) { + uint32_t chunk = HASH_SHA256_BUFFER_SIZE - ctx->length; + if (chunk > len) { + chunk = len; + } + memcpy(ctx->buffer + ctx->length, data, chunk); + ctx->length += chunk; + data += chunk; + len -= chunk; + if (ctx->length == HASH_SHA256_BUFFER_SIZE) { + HAL_HASHEx_SHA256_Accmlt(&hhash, (uint8_t *)ctx->buffer, + HASH_SHA256_BUFFER_SIZE); + ctx->length = 0; + memzero(ctx->buffer, HASH_SHA256_BUFFER_SIZE); + } + } + + uint32_t len_aligned = len & ~(HASH_SHA256_BUFFER_SIZE - 1); + uint32_t len_rest = len & (HASH_SHA256_BUFFER_SIZE - 1); + + while (len_aligned > 0) { + uint32_t chunk = len_aligned > 0x8000 ? 0x8000 : len_aligned; + HAL_HASHEx_SHA256_Accmlt(&hhash, (uint8_t *)data, chunk); + data += chunk; + len_aligned -= chunk; + } + + if (len_rest > 0) { + memcpy(ctx->buffer, data, len_rest); + ctx->length = len_rest; + } +} + +void hash_processor_sha256_final(hash_sha265_context_t *ctx, uint8_t *output) { + uint32_t tmp_out[SHA256_DIGEST_LENGTH / sizeof(uint32_t)] = {0}; + + if (ctx->length > 0) { + memzero(ctx->buffer + ctx->length, HASH_SHA256_BUFFER_SIZE - ctx->length); + HAL_HASHEx_SHA256_Accmlt_End(&hhash, (uint8_t *)ctx->buffer, ctx->length, + (uint8_t *)tmp_out, 1000); + ctx->length = 0; + memzero(ctx->buffer, HASH_SHA256_BUFFER_SIZE); + } else { + HASH->STR |= HASH_STR_DCAL; + HAL_HASHEx_SHA256_Finish(&hhash, (uint8_t *)tmp_out, 1000); + } + memcpy(output, tmp_out, SHA256_DIGEST_LENGTH); +} diff --git a/core/embed/trezorhal/stm32u5/stm32u5xx_hal_conf.h b/core/embed/trezorhal/stm32u5/stm32u5xx_hal_conf.h index 8847100757..97c580fbb1 100644 --- a/core/embed/trezorhal/stm32u5/stm32u5xx_hal_conf.h +++ b/core/embed/trezorhal/stm32u5/stm32u5xx_hal_conf.h @@ -57,7 +57,7 @@ extern "C" { #define HAL_GFXMMU_MODULE_ENABLED /*#define HAL_GPU2D_MODULE_ENABLED */ #define HAL_GTZC_MODULE_ENABLED -/*#define HAL_HASH_MODULE_ENABLED */ +#define HAL_HASH_MODULE_ENABLED /*#define HAL_HRTIM_MODULE_ENABLED */ /*#define HAL_IRDA_MODULE_ENABLED */ /*#define HAL_IWDG_MODULE_ENABLED */ diff --git a/core/embed/vendorheader/D002/vendor_dev_DO_NOT_SIGN.json b/core/embed/vendorheader/D002/vendor_dev_DO_NOT_SIGN.json index 82c5dc44e0..d4483d0867 100644 --- a/core/embed/vendorheader/D002/vendor_dev_DO_NOT_SIGN.json +++ b/core/embed/vendorheader/D002/vendor_dev_DO_NOT_SIGN.json @@ -6,7 +6,7 @@ "version": [0, 0], "sig_m": 2, "trust": { - "allow_run_with_secret": false, + "allow_run_with_secret": true, "show_vendor_string": false, "require_user_click": false, "red_background": false, diff --git a/core/embed/vendorheader/D002/vendorheader_dev_DO_NOT_SIGN_signed_dev.bin b/core/embed/vendorheader/D002/vendorheader_dev_DO_NOT_SIGN_signed_dev.bin index 0689bb2efc..e338b2d098 100644 Binary files a/core/embed/vendorheader/D002/vendorheader_dev_DO_NOT_SIGN_signed_dev.bin and b/core/embed/vendorheader/D002/vendorheader_dev_DO_NOT_SIGN_signed_dev.bin differ diff --git a/core/embed/vendorheader/D002/vendorheader_dev_DO_NOT_SIGN_unsigned.bin b/core/embed/vendorheader/D002/vendorheader_dev_DO_NOT_SIGN_unsigned.bin index c46a005e79..151fccf6f5 100644 Binary files a/core/embed/vendorheader/D002/vendorheader_dev_DO_NOT_SIGN_unsigned.bin and b/core/embed/vendorheader/D002/vendorheader_dev_DO_NOT_SIGN_unsigned.bin differ diff --git a/core/embed/vendorheader/D002/vendorheader_unsafe_signed_dev.bin b/core/embed/vendorheader/D002/vendorheader_unsafe_signed_dev.bin index 8db53a9fe3..de32f571af 100644 Binary files a/core/embed/vendorheader/D002/vendorheader_unsafe_signed_dev.bin and b/core/embed/vendorheader/D002/vendorheader_unsafe_signed_dev.bin differ diff --git a/core/embed/vendorheader/D002/vendorheader_unsafe_signed_prod.bin b/core/embed/vendorheader/D002/vendorheader_unsafe_signed_prod.bin deleted file mode 100644 index 82633a030e..0000000000 Binary files a/core/embed/vendorheader/D002/vendorheader_unsafe_signed_prod.bin and /dev/null differ diff --git a/core/embed/vendorheader/T3T1/vendorheader_dev_DO_NOT_SIGN_signed_dev.bin b/core/embed/vendorheader/T3T1/vendorheader_dev_DO_NOT_SIGN_signed_dev.bin index c0f6e35769..81e72d1576 100644 Binary files a/core/embed/vendorheader/T3T1/vendorheader_dev_DO_NOT_SIGN_signed_dev.bin and b/core/embed/vendorheader/T3T1/vendorheader_dev_DO_NOT_SIGN_signed_dev.bin differ diff --git a/core/embed/vendorheader/T3T1/vendorheader_unsafe_signed_dev.bin b/core/embed/vendorheader/T3T1/vendorheader_unsafe_signed_dev.bin index 411ce61cee..a906b95818 100644 Binary files a/core/embed/vendorheader/T3T1/vendorheader_unsafe_signed_dev.bin and b/core/embed/vendorheader/T3T1/vendorheader_unsafe_signed_dev.bin differ diff --git a/core/embed/vendorheader/T3T1/vendorheader_unsafe_signed_prod.bin b/core/embed/vendorheader/T3T1/vendorheader_unsafe_signed_prod.bin deleted file mode 100644 index d18bca9311..0000000000 Binary files a/core/embed/vendorheader/T3T1/vendorheader_unsafe_signed_prod.bin and /dev/null differ diff --git a/core/site_scons/boards/stm32u5_common.py b/core/site_scons/boards/stm32u5_common.py index 67021e56b5..2ddf6c808d 100644 --- a/core/site_scons/boards/stm32u5_common.py +++ b/core/site_scons/boards/stm32u5_common.py @@ -19,12 +19,16 @@ def stm32u5_common_files(env, defines, sources, paths): "vendor/stm32u5xx_hal_driver/Src/stm32u5xx_hal_cortex.c", "vendor/stm32u5xx_hal_driver/Src/stm32u5xx_hal_cryp.c", "vendor/stm32u5xx_hal_driver/Src/stm32u5xx_hal_dma2d.c", + "vendor/stm32u5xx_hal_driver/Src/stm32u5xx_hal_dma.c", + "vendor/stm32u5xx_hal_driver/Src/stm32u5xx_hal_dma_ex.c", "vendor/stm32u5xx_hal_driver/Src/stm32u5xx_hal_dsi.c", "vendor/stm32u5xx_hal_driver/Src/stm32u5xx_hal_flash.c", "vendor/stm32u5xx_hal_driver/Src/stm32u5xx_hal_flash_ex.c", "vendor/stm32u5xx_hal_driver/Src/stm32u5xx_hal_gfxmmu.c", "vendor/stm32u5xx_hal_driver/Src/stm32u5xx_hal_gpio.c", "vendor/stm32u5xx_hal_driver/Src/stm32u5xx_hal_gtzc.c", + "vendor/stm32u5xx_hal_driver/Src/stm32u5xx_hal_hash.c", + "vendor/stm32u5xx_hal_driver/Src/stm32u5xx_hal_hash_ex.c", "vendor/stm32u5xx_hal_driver/Src/stm32u5xx_hal_i2c.c", "vendor/stm32u5xx_hal_driver/Src/stm32u5xx_hal_i2c_ex.c", "vendor/stm32u5xx_hal_driver/Src/stm32u5xx_hal_icache.c", @@ -50,6 +54,7 @@ def stm32u5_common_files(env, defines, sources, paths): "embed/trezorhal/stm32u5/flash.c", "embed/trezorhal/stm32u5/flash_otp.c", "embed/trezorhal/stm32u5/lowlevel.c", + "embed/trezorhal/stm32u5/hash_processor.c", "embed/trezorhal/stm32u5/mpu.c", "embed/trezorhal/stm32u5/platform.c", "embed/trezorhal/stm32u5/secret.c", diff --git a/python/src/trezorlib/firmware/models.py b/python/src/trezorlib/firmware/models.py index 2b39783dad..290824db4c 100644 --- a/python/src/trezorlib/firmware/models.py +++ b/python/src/trezorlib/firmware/models.py @@ -258,8 +258,14 @@ T2T1_HASH_PARAMS = FirmwareHashParameters( padding_byte=None, ) +T3T1_HASH_PARAMS = FirmwareHashParameters( + hash_function=hashlib.sha256, + chunk_size=1024 * 128, + padding_byte=None, +) + D002_HASH_PARAMS = FirmwareHashParameters( - hash_function=hashlib.blake2s, + hash_function=hashlib.sha256, chunk_size=1024 * 256, padding_byte=None, ) @@ -285,7 +291,7 @@ MODEL_MAP_DEV = { MODEL_HASH_PARAMS_MAP = { Model.T1B1: LEGACY_HASH_PARAMS, Model.T2T1: T2T1_HASH_PARAMS, - Model.T3T1: T2T1_HASH_PARAMS, + Model.T3T1: T3T1_HASH_PARAMS, Model.T2B1: T2T1_HASH_PARAMS, Model.D001: T2T1_HASH_PARAMS, Model.D002: D002_HASH_PARAMS, diff --git a/python/src/trezorlib/firmware/vendor.py b/python/src/trezorlib/firmware/vendor.py index a83128f123..a5a7822939 100644 --- a/python/src/trezorlib/firmware/vendor.py +++ b/python/src/trezorlib/firmware/vendor.py @@ -121,10 +121,11 @@ class VendorHeader(Struct): # fmt: on def digest(self) -> bytes: + hash_function = Model.from_hw_model(self.hw_model).hash_params().hash_function cpy = copy(self) cpy.sigmask = 0 cpy.signature = b"\x00" * 64 - return hashlib.blake2s(cpy.build()).digest() + return hash_function(cpy.build()).digest() def vhash(self) -> bytes: h = hashlib.blake2s()