mirror of
https://github.com/trezor/trezor-firmware.git
synced 2025-01-08 22:40:59 +00:00
fix(legacy): fix v2 signature validation
This commit is contained in:
parent
0c3b0371dd
commit
daf566a260
@ -64,7 +64,6 @@ void show_unplug(const char *line1, const char *line2) {
|
||||
"You may now", "unplug your Trezor.", NULL);
|
||||
}
|
||||
|
||||
#if !BOOTLOADER_QA
|
||||
static void show_unofficial_warning(const uint8_t *hash) {
|
||||
// On production bootloader, show warning and wait for user
|
||||
// to accept or reject it
|
||||
@ -94,7 +93,6 @@ static void show_unofficial_warning(const uint8_t *hash) {
|
||||
delay(100000000);
|
||||
#endif
|
||||
}
|
||||
#endif
|
||||
|
||||
static void __attribute__((noreturn)) load_app(int signed_firmware) {
|
||||
// zero out SRAM
|
||||
@ -161,11 +159,7 @@ int main(void) {
|
||||
uint8_t fingerprint[32] = {0};
|
||||
int signed_firmware = signatures_match(hdr, fingerprint);
|
||||
if (SIG_OK != signed_firmware) {
|
||||
#if BOOTLOADER_QA
|
||||
show_halt("Unsigned firmware", "Won't run on QA device");
|
||||
#else
|
||||
show_unofficial_warning(fingerprint);
|
||||
#endif
|
||||
}
|
||||
#if !PRODUCTION && !BOOTLOADER_QA && !DEBUG_T1_SIGNATURES
|
||||
// try to avoid bricking board SWD debug by accident
|
||||
|
@ -412,12 +412,20 @@ static void rx_callback(usbd_device *dev, uint8_t ep) {
|
||||
|
||||
if (flash_state == STATE_CHECK) {
|
||||
// use the firmware header from RAM
|
||||
const image_header *hdr = (const image_header *)FW_HEADER;
|
||||
image_header *hdr = (image_header *)FW_HEADER;
|
||||
|
||||
bool hash_check_ok;
|
||||
// show fingerprint of unsigned firmware
|
||||
// allow only v3 signmessage/verifymessage signatures
|
||||
if (SIG_OK != signatures_ok(hdr, NULL, sectrue)) {
|
||||
// clear invalid signatures
|
||||
hdr->sigindex1 = 0;
|
||||
hdr->sigindex2 = 0;
|
||||
hdr->sigindex3 = 0;
|
||||
memset(hdr->sig1, 0, sizeof(hdr->sig1));
|
||||
memset(hdr->sig2, 0, sizeof(hdr->sig2));
|
||||
memset(hdr->sig3, 0, sizeof(hdr->sig3));
|
||||
|
||||
if (msg_id != 0x001B) { // ButtonAck message (id 27)
|
||||
return;
|
||||
}
|
||||
|
@ -191,9 +191,10 @@ int signatures_ok(const image_header *hdr, uint8_t store_fingerprint[32],
|
||||
return SIG_FAIL; // invalid index
|
||||
if (hdr->sigindex2 < 1 || hdr->sigindex2 > pubkeys)
|
||||
return SIG_FAIL; // invalid index
|
||||
if (use_verifymessage != sectrue &&
|
||||
(hdr->sigindex3 < 1 || hdr->sigindex3 > pubkeys)) {
|
||||
if (use_verifymessage != sectrue) {
|
||||
if (hdr->sigindex3 < 1 || hdr->sigindex3 > pubkeys) {
|
||||
return SIG_FAIL; // invalid index
|
||||
}
|
||||
} else if (hdr->sigindex3 != 0) {
|
||||
return SIG_FAIL;
|
||||
}
|
||||
@ -210,10 +211,12 @@ int signatures_ok(const image_header *hdr, uint8_t store_fingerprint[32],
|
||||
hdr->sig2, hash)) { // failure
|
||||
return SIG_FAIL;
|
||||
}
|
||||
if (use_verifymessage != sectrue &&
|
||||
(0 != ecdsa_verify_digest(&secp256k1, pubkey_ptr[hdr->sigindex3 - 1],
|
||||
hdr->sig3, hash))) { // failure
|
||||
if (use_verifymessage != sectrue) {
|
||||
if (0 != ecdsa_verify_digest(&secp256k1, pubkey_ptr[hdr->sigindex3 - 1],
|
||||
hdr->sig3, hash)) // failure
|
||||
{
|
||||
return SIG_FAIL;
|
||||
}
|
||||
} else {
|
||||
for (unsigned int i = 0; i < sizeof(hdr->sig3); i++) {
|
||||
if (hdr->sig3[i] != 0) {
|
||||
|
Loading…
Reference in New Issue
Block a user