mirror of
https://github.com/trezor/trezor-firmware.git
synced 2025-01-06 21:40:56 +00:00
fixup! feat(core): add libtropic to unix build
This commit is contained in:
parent
d708b6b37c
commit
c76fbb6dea
@ -494,6 +494,7 @@ ALLPATHS=['.',
|
||||
'embed/io/usb/inc',
|
||||
'embed/sec/entropy/inc',
|
||||
'embed/sec/random_delays/inc',
|
||||
'embed/sec/secret/inc',
|
||||
'embed/sec/time_estimate/inc',
|
||||
'embed/sys/bsp/inc',
|
||||
'embed/sec/rng/inc',
|
||||
|
@ -55,6 +55,10 @@
|
||||
#include <sec/optiga_transport.h>
|
||||
#endif
|
||||
|
||||
#ifdef USE_TROPIC
|
||||
#include <sec/tropic_transport.h>
|
||||
#endif
|
||||
|
||||
#ifdef USE_POWERCTL
|
||||
#include <sys/powerctl.h>
|
||||
#endif
|
||||
@ -151,8 +155,13 @@ void drivers_init() {
|
||||
#endif
|
||||
|
||||
#ifdef USE_OPTIGA
|
||||
uint8_t secret[SECRET_OPTIGA_KEY_LEN] = {0};
|
||||
secbool secret_ok = secret_optiga_get(secret);
|
||||
uint8_t optiga_secret[SECRET_OPTIGA_KEY_LEN] = {0};
|
||||
secbool optiga_secret_ok = secret_optiga_get(optiga_secret);
|
||||
#endif
|
||||
|
||||
#ifdef USE_TROPIC
|
||||
uint8_t tropic_secret[SECRET_TROPIC_KEY_LEN] = {0};
|
||||
secbool tropic_secret_ok = secret_tropic_get(tropic_secret);
|
||||
#endif
|
||||
|
||||
entropy_init();
|
||||
@ -195,18 +204,30 @@ void drivers_init() {
|
||||
#endif
|
||||
|
||||
optiga_init();
|
||||
if (sectrue == secret_ok) {
|
||||
if (sectrue == optiga_secret_ok) {
|
||||
// If the shielded connection cannot be established, reset Optiga and
|
||||
// continue without it. In this case, OID_KEY_FIDO and OID_KEY_DEV cannot be
|
||||
// used, which means device and FIDO attestation will not work.
|
||||
if (optiga_sec_chan_handshake(secret, sizeof(secret)) != OPTIGA_SUCCESS) {
|
||||
if (optiga_sec_chan_handshake(optiga_secret, sizeof(optiga_secret)) != OPTIGA_SUCCESS) {
|
||||
optiga_soft_reset();
|
||||
}
|
||||
}
|
||||
memzero(secret, sizeof(secret));
|
||||
memzero(optiga_secret, sizeof(optiga_secret));
|
||||
ensure(sectrue * (optiga_open_application() == OPTIGA_SUCCESS),
|
||||
"Cannot initialize optiga.");
|
||||
|
||||
#endif
|
||||
|
||||
#ifdef USE_TROPIC
|
||||
|
||||
tropic_init();
|
||||
if (sectrue == tropic_secret_ok) {
|
||||
if (tropic_handshake(tropic_secret) != TROPIC_SUCCESS) {
|
||||
// ??
|
||||
}
|
||||
}
|
||||
memzero(tropic_secret, sizeof(tropic_secret));
|
||||
|
||||
#endif
|
||||
}
|
||||
|
||||
|
@ -37,6 +37,7 @@
|
||||
#include <unistd.h>
|
||||
|
||||
#include <io/display.h>
|
||||
#include <sec/secret.h>
|
||||
#include <sys/system.h>
|
||||
#include <sys/systimer.h>
|
||||
#include <util/flash.h>
|
||||
@ -47,6 +48,7 @@
|
||||
#include "extmod/vfs_posix.h"
|
||||
#include "genhdr/mpversion.h"
|
||||
#include "input.h"
|
||||
#include "memzero.h"
|
||||
|
||||
#ifdef USE_BUTTON
|
||||
#include <io/button.h>
|
||||
@ -56,6 +58,10 @@
|
||||
#include <io/touch.h>
|
||||
#endif
|
||||
|
||||
#ifdef USE_TROPIC
|
||||
#include <sec/tropic_transport.h>
|
||||
#endif
|
||||
|
||||
#include "py/builtin.h"
|
||||
#include "py/compile.h"
|
||||
#include "py/gc.h"
|
||||
@ -498,6 +504,21 @@ static int sdl_event_filter(void *userdata, SDL_Event *event) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
void drivers_init() {
|
||||
#ifdef USE_TROPIC
|
||||
uint8_t tropic_secret[SECRET_TROPIC_KEY_LEN] = {0};
|
||||
secbool tropic_secret_ok = secret_tropic_get(tropic_secret);
|
||||
|
||||
tropic_init();
|
||||
if (sectrue == tropic_secret_ok) {
|
||||
if (tropic_handshake(tropic_secret) != TROPIC_SUCCESS) {
|
||||
// ??
|
||||
}
|
||||
}
|
||||
memzero(tropic_secret, sizeof(tropic_secret));
|
||||
#endif
|
||||
}
|
||||
|
||||
MP_NOINLINE int main_(int argc, char **argv) {
|
||||
#ifdef SIGPIPE
|
||||
// Do not raise SIGPIPE, instead return EPIPE. Otherwise, e.g. writing
|
||||
@ -519,6 +540,8 @@ MP_NOINLINE int main_(int argc, char **argv) {
|
||||
|
||||
system_init(&rsod_panic_handler);
|
||||
|
||||
drivers_init();
|
||||
|
||||
SDL_SetEventFilter(sdl_event_filter, NULL);
|
||||
|
||||
display_init(DISPLAY_RESET_CONTENT);
|
||||
|
@ -9,6 +9,7 @@
|
||||
#define SECRET_HEADER_LEN 16
|
||||
#define SECRET_OPTIGA_KEY_OFFSET 16
|
||||
#define SECRET_OPTIGA_KEY_LEN 32
|
||||
#define SECRET_TROPIC_KEY_LEN 32
|
||||
|
||||
#define SECRET_MONOTONIC_COUNTER_OFFSET 48
|
||||
#define SECRET_MONOTONIC_COUNTER_LEN 1024
|
||||
@ -57,6 +58,8 @@ secbool secret_optiga_writable(void);
|
||||
// Erases optiga pairing secret from the secret storage
|
||||
void secret_optiga_erase(void);
|
||||
|
||||
secbool secret_tropic_get(uint8_t dest[SECRET_TROPIC_KEY_LEN]);
|
||||
|
||||
// Regenerates the BHK and writes it to the secret storage
|
||||
void secret_bhk_regenerate(void);
|
||||
|
||||
|
@ -7,6 +7,11 @@
|
||||
|
||||
#ifdef KERNEL_MODE
|
||||
|
||||
static uint8_t SECRET_TROPIC_PRIVKEY_BYTES[] = \
|
||||
{0xf0, 0xc4, 0xaa, 0x04, 0x8f, 0x00, 0x13, 0xa0, 0x96, 0x84, 0xdf, \
|
||||
0x05, 0xe8, 0xa2, 0x2e, 0xf7, 0x21, 0x38, 0x98, 0x28, 0x2b, 0xa9, \
|
||||
0x43, 0x12, 0xf3, 0x13, 0xdf, 0x2d, 0xce, 0x8d, 0x41, 0x64};
|
||||
|
||||
static secbool bootloader_locked_set = secfalse;
|
||||
static secbool bootloader_locked = secfalse;
|
||||
|
||||
@ -123,6 +128,11 @@ secbool secret_optiga_writable(void) { return secret_wiped(); }
|
||||
|
||||
void secret_optiga_erase(void) { secret_erase(); }
|
||||
|
||||
secbool secret_tropic_get(uint8_t dest[SECRET_TROPIC_KEY_LEN]) {
|
||||
memcpy(dest, &SECRET_TROPIC_PRIVKEY_BYTES, SECRET_TROPIC_KEY_LEN);
|
||||
return sectrue;
|
||||
}
|
||||
|
||||
void secret_prepare_fw(secbool allow_run_with_secret, secbool _trust_all) {
|
||||
#ifdef USE_OPTIGA
|
||||
if (sectrue != allow_run_with_secret && sectrue != secret_wiped()) {
|
||||
|
31
core/embed/sec/tropic/inc/sec/tropic_common.h
Normal file
31
core/embed/sec/tropic/inc/sec/tropic_common.h
Normal file
@ -0,0 +1,31 @@
|
||||
/*
|
||||
* This file is part of the Trezor project, https://trezor.io/
|
||||
*
|
||||
* Copyright (c) SatoshiLabs
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
#ifndef TREZORHAL_TROPIC_COMMON_H
|
||||
#define TREZORHAL_TROPIC_COMMON_H
|
||||
|
||||
typedef enum _tropic_result {
|
||||
TROPIC_SUCCESS = 0, // Operation completed successfully.
|
||||
TROPIC_ERR_INIT,
|
||||
TROPIC_ERR_GET_INFO_CERT,
|
||||
TROPIC_ERR_CERT_VERIFY_AND_PARSE,
|
||||
TROPIC_ERR_SESSION_START,
|
||||
} tropic_result;
|
||||
|
||||
#endif
|
30
core/embed/sec/tropic/inc/sec/tropic_transport.h
Normal file
30
core/embed/sec/tropic/inc/sec/tropic_transport.h
Normal file
@ -0,0 +1,30 @@
|
||||
/*
|
||||
* This file is part of the Trezor project, https://trezor.io/
|
||||
*
|
||||
* Copyright (c) SatoshiLabs
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
#ifndef TREZORHAL_TROPIC_TRANSPORT_H
|
||||
#define TREZORHAL_TROPIC_TRANSPORT_H
|
||||
|
||||
#include <trezor_types.h>
|
||||
#include "tropic_common.h"
|
||||
#include "libtropic.h"
|
||||
|
||||
tropic_result tropic_init(void);
|
||||
tropic_result tropic_handshake(const uint8_t *trezor_privkey);
|
||||
|
||||
#endif
|
62
core/embed/sec/tropic/tropic_transport.c
Normal file
62
core/embed/sec/tropic/tropic_transport.c
Normal file
@ -0,0 +1,62 @@
|
||||
/*
|
||||
* This file is part of the Trezor project, https://trezor.io/
|
||||
*
|
||||
* Copyright (c) SatoshiLabs
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
|
||||
#include <sec/tropic_transport.h>
|
||||
#include <sec/secret.h>
|
||||
#include "ed25519-donna/ed25519.h"
|
||||
|
||||
#define PKEY_INDEX_BYTE PAIRING_KEY_SLOT_INDEX_0
|
||||
|
||||
STATIC lt_handle_t lt_handle = {0};
|
||||
|
||||
tropic_result tropic_init(void) {
|
||||
lt_ret_t ret = lt_init(<_handle);
|
||||
if (ret != LT_OK) {
|
||||
return TROPIC_ERR_INIT;
|
||||
}
|
||||
|
||||
return TROPIC_SUCCESS;
|
||||
}
|
||||
|
||||
tropic_result tropic_handshake(const uint8_t *trezor_privkey) {
|
||||
lt_ret_t ret = LT_FAIL;
|
||||
|
||||
uint8_t X509_cert[LT_L2_GET_INFO_REQ_CERT_SIZE] = {0};
|
||||
ret = lt_get_info_cert(<_handle, X509_cert, LT_L2_GET_INFO_REQ_CERT_SIZE);
|
||||
if (ret != LT_OK) {
|
||||
return TROPIC_ERR_GET_INFO_CERT;
|
||||
}
|
||||
|
||||
uint8_t stpub[32] = {0};
|
||||
ret = lt_cert_verify_and_parse(X509_cert, 512, stpub);
|
||||
if (ret != LT_OK) {
|
||||
return TROPIC_ERR_CERT_VERIFY_AND_PARSE;
|
||||
}
|
||||
|
||||
uint8_t shipub[SECRET_TROPIC_KEY_LEN] = {};
|
||||
curve25519_scalarmult_basepoint(shipub, trezor_privkey);
|
||||
|
||||
ret = lt_session_start(<_handle, stpub, PKEY_INDEX_BYTE, trezor_privkey, shipub);
|
||||
if (ret != LT_OK) {
|
||||
return TROPIC_ERR_SESSION_START;
|
||||
}
|
||||
|
||||
return TROPIC_SUCCESS;
|
||||
}
|
@ -19,19 +19,14 @@
|
||||
|
||||
#if USE_TROPIC
|
||||
|
||||
// Default initial Tropic handshake keys
|
||||
#define PKEY_INDEX_BYTE PAIRING_KEY_SLOT_INDEX_0
|
||||
#define SHiPRIV_BYTES \
|
||||
{0xf0, 0xc4, 0xaa, 0x04, 0x8f, 0x00, 0x13, 0xa0, 0x96, 0x84, 0xdf, \
|
||||
0x05, 0xe8, 0xa2, 0x2e, 0xf7, 0x21, 0x38, 0x98, 0x28, 0x2b, 0xa9, \
|
||||
0x43, 0x12, 0xf3, 0x13, 0xdf, 0x2d, 0xce, 0x8d, 0x41, 0x64};
|
||||
#define SHiPUB_BYTES \
|
||||
{0x84, 0x2f, 0xe3, 0x21, 0xa8, 0x24, 0x74, 0x08, 0x37, 0x37, 0xff, \
|
||||
0x2b, 0x9b, 0x88, 0xa2, 0xaf, 0x42, 0x44, 0x2d, 0xb0, 0xd8, 0xaa, \
|
||||
0xcc, 0x6d, 0xc6, 0x9e, 0x99, 0x53, 0x33, 0x44, 0xb2, 0x46};
|
||||
|
||||
#include <sec/secret.h>
|
||||
#include <sec/tropic_transport.h>
|
||||
#include "libtropic.h"
|
||||
|
||||
#define PKEY_INDEX_BYTE PAIRING_KEY_SLOT_INDEX_0
|
||||
|
||||
extern STATIC lt_handle_t lt_handle;
|
||||
|
||||
/// package: trezorcrypto.tropic
|
||||
|
||||
/// class TropicError(Exception):
|
||||
@ -42,40 +37,6 @@ MP_DEFINE_EXCEPTION(TropicError, Exception)
|
||||
#define ECC_SLOT_COUNT 32
|
||||
#define SIG_SIZE 64
|
||||
|
||||
STATIC bool lt_handle_initialized = false;
|
||||
STATIC lt_handle_t lt_handle = {0};
|
||||
|
||||
STATIC void tropic_init(lt_handle_t *handle) {
|
||||
lt_ret_t ret = LT_FAIL;
|
||||
|
||||
ret = lt_init(handle);
|
||||
if (ret != LT_OK) {
|
||||
mp_raise_msg(&mp_type_TropicError, "lt_init failed.");
|
||||
}
|
||||
|
||||
uint8_t X509_cert[LT_L2_GET_INFO_REQ_CERT_SIZE] = {0};
|
||||
|
||||
ret = lt_get_info_cert(handle, X509_cert, LT_L2_GET_INFO_REQ_CERT_SIZE);
|
||||
if (ret != LT_OK) {
|
||||
mp_raise_msg(&mp_type_TropicError, "lt_get_info_cert failed.");
|
||||
}
|
||||
|
||||
uint8_t stpub[32] = {0};
|
||||
ret = lt_cert_verify_and_parse(X509_cert, 512, stpub);
|
||||
if (ret != LT_OK) {
|
||||
mp_raise_msg(&mp_type_TropicError, "lt_cert_verify_and_parse failed.");
|
||||
}
|
||||
|
||||
uint8_t pkey_index = PKEY_INDEX_BYTE;
|
||||
uint8_t shipriv[] = SHiPRIV_BYTES;
|
||||
uint8_t shipub[] = SHiPUB_BYTES;
|
||||
|
||||
ret = lt_session_start(handle, stpub, pkey_index, shipriv, shipub);
|
||||
if (ret != LT_OK) {
|
||||
mp_raise_msg(&mp_type_TropicError, "lt_session_start failed.");
|
||||
}
|
||||
}
|
||||
|
||||
/// def ping(message: str) -> str:
|
||||
/// """
|
||||
/// Test the session by pinging the chip.
|
||||
@ -83,11 +44,6 @@ STATIC void tropic_init(lt_handle_t *handle) {
|
||||
STATIC mp_obj_t mod_trezorcrypto_tropic_ping(mp_obj_t message) {
|
||||
lt_ret_t ret = LT_FAIL;
|
||||
|
||||
if (!lt_handle_initialized) {
|
||||
tropic_init(<_handle);
|
||||
lt_handle_initialized = true;
|
||||
}
|
||||
|
||||
uint8_t msg_in[PING_MSG_MAX_LEN] = {0};
|
||||
|
||||
mp_buffer_info_t message_b = {0};
|
||||
@ -120,11 +76,6 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_tropic_ping_obj,
|
||||
STATIC mp_obj_t mod_trezorcrypto_tropic_get_certificate() {
|
||||
lt_ret_t ret = LT_FAIL;
|
||||
|
||||
if (!lt_handle_initialized) {
|
||||
tropic_init(<_handle);
|
||||
lt_handle_initialized = true;
|
||||
}
|
||||
|
||||
uint8_t X509_cert[512] = {0};
|
||||
ret = lt_get_info_cert(<_handle, X509_cert, 512);
|
||||
if (ret != LT_OK) {
|
||||
@ -155,11 +106,6 @@ STATIC mp_obj_t mod_trezorcrypto_tropic_key_generate(mp_obj_t key_index) {
|
||||
|
||||
lt_ret_t ret = LT_FAIL;
|
||||
|
||||
if (!lt_handle_initialized) {
|
||||
tropic_init(<_handle);
|
||||
lt_handle_initialized = true;
|
||||
}
|
||||
|
||||
ret = lt_ecc_key_generate(<_handle, idx, CURVE_ED25519);
|
||||
if (ret != LT_OK) {
|
||||
mp_raise_msg(&mp_type_TropicError, "lt_ecc_key_generate failed.");
|
||||
@ -193,11 +139,6 @@ STATIC mp_obj_t mod_trezorcrypto_tropic_sign(mp_obj_t key_index,
|
||||
|
||||
lt_ret_t ret = LT_FAIL;
|
||||
|
||||
if (!lt_handle_initialized) {
|
||||
tropic_init(<_handle);
|
||||
lt_handle_initialized = true;
|
||||
}
|
||||
|
||||
vstr_t sig = {0};
|
||||
vstr_init_len(&sig, SIG_SIZE);
|
||||
|
||||
|
@ -57,6 +57,8 @@ def configure(
|
||||
|
||||
if "tropic" in features_wanted:
|
||||
sources += [
|
||||
"embed/sec/secret/unix/secret.c",
|
||||
"embed/sec/tropic/tropic_transport.c",
|
||||
"vendor/libtropic/src/libtropic.c",
|
||||
"vendor/libtropic/src/lt_crc16.c",
|
||||
"vendor/libtropic/src/lt_hkdf.c",
|
||||
@ -72,6 +74,7 @@ def configure(
|
||||
"vendor/libtropic/hal/crypto/trezor_crypto/lt_crypto_trezor_sha256.c",
|
||||
"vendor/libtropic/hal/crypto/trezor_crypto/lt_crypto_trezor_x25519.c",
|
||||
]
|
||||
paths += ["embed/sec/tropic/inc"]
|
||||
defines += ["USE_TREZOR_CRYPTO"]
|
||||
features_available.append("tropic")
|
||||
defines += ["USE_TROPIC=1"]
|
||||
|
Loading…
Reference in New Issue
Block a user