1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-22 22:38:08 +00:00

fix(legacy): fix v2 signature validation

This commit is contained in:
tychovrahe 2023-01-04 17:26:57 +01:00 committed by matejcik
parent 0c3b0371dd
commit daf566a260
3 changed files with 19 additions and 14 deletions

View File

@ -64,7 +64,6 @@ void show_unplug(const char *line1, const char *line2) {
"You may now", "unplug your Trezor.", NULL);
}
#if !BOOTLOADER_QA
static void show_unofficial_warning(const uint8_t *hash) {
// On production bootloader, show warning and wait for user
// to accept or reject it
@ -94,7 +93,6 @@ static void show_unofficial_warning(const uint8_t *hash) {
delay(100000000);
#endif
}
#endif
static void __attribute__((noreturn)) load_app(int signed_firmware) {
// zero out SRAM
@ -161,11 +159,7 @@ int main(void) {
uint8_t fingerprint[32] = {0};
int signed_firmware = signatures_match(hdr, fingerprint);
if (SIG_OK != signed_firmware) {
#if BOOTLOADER_QA
show_halt("Unsigned firmware", "Won't run on QA device");
#else
show_unofficial_warning(fingerprint);
#endif
}
#if !PRODUCTION && !BOOTLOADER_QA && !DEBUG_T1_SIGNATURES
// try to avoid bricking board SWD debug by accident

View File

@ -412,12 +412,20 @@ static void rx_callback(usbd_device *dev, uint8_t ep) {
if (flash_state == STATE_CHECK) {
// use the firmware header from RAM
const image_header *hdr = (const image_header *)FW_HEADER;
image_header *hdr = (image_header *)FW_HEADER;
bool hash_check_ok;
// show fingerprint of unsigned firmware
// allow only v3 signmessage/verifymessage signatures
if (SIG_OK != signatures_ok(hdr, NULL, sectrue)) {
// clear invalid signatures
hdr->sigindex1 = 0;
hdr->sigindex2 = 0;
hdr->sigindex3 = 0;
memset(hdr->sig1, 0, sizeof(hdr->sig1));
memset(hdr->sig2, 0, sizeof(hdr->sig2));
memset(hdr->sig3, 0, sizeof(hdr->sig3));
if (msg_id != 0x001B) { // ButtonAck message (id 27)
return;
}

View File

@ -191,9 +191,10 @@ int signatures_ok(const image_header *hdr, uint8_t store_fingerprint[32],
return SIG_FAIL; // invalid index
if (hdr->sigindex2 < 1 || hdr->sigindex2 > pubkeys)
return SIG_FAIL; // invalid index
if (use_verifymessage != sectrue &&
(hdr->sigindex3 < 1 || hdr->sigindex3 > pubkeys)) {
return SIG_FAIL; // invalid index
if (use_verifymessage != sectrue) {
if (hdr->sigindex3 < 1 || hdr->sigindex3 > pubkeys) {
return SIG_FAIL; // invalid index
}
} else if (hdr->sigindex3 != 0) {
return SIG_FAIL;
}
@ -210,10 +211,12 @@ int signatures_ok(const image_header *hdr, uint8_t store_fingerprint[32],
hdr->sig2, hash)) { // failure
return SIG_FAIL;
}
if (use_verifymessage != sectrue &&
(0 != ecdsa_verify_digest(&secp256k1, pubkey_ptr[hdr->sigindex3 - 1],
hdr->sig3, hash))) { // failure
return SIG_FAIL;
if (use_verifymessage != sectrue) {
if (0 != ecdsa_verify_digest(&secp256k1, pubkey_ptr[hdr->sigindex3 - 1],
hdr->sig3, hash)) // failure
{
return SIG_FAIL;
}
} else {
for (unsigned int i = 0; i < sizeof(hdr->sig3); i++) {
if (hdr->sig3[i] != 0) {