1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-11-22 23:48:12 +00:00

bootloader/loader: use blake2s instead of sha256 for digests

This commit is contained in:
Pavol Rusnak 2017-03-22 01:53:25 +01:00
parent 4c206be585
commit e313234fe3
No known key found for this signature in database
GPG Key ID: 91F3B339B9A02A3D
5 changed files with 15 additions and 12 deletions

View File

@ -83,6 +83,7 @@ CFLAGS_MOD += \
OBJ_MOD += \ OBJ_MOD += \
$(BUILD_FW)/extmod/modtrezorcrypto/trezor-crypto/ed25519-donna/ed25519.o \ $(BUILD_FW)/extmod/modtrezorcrypto/trezor-crypto/ed25519-donna/ed25519.o \
$(BUILD_FW)/extmod/modtrezorcrypto/trezor-crypto/blake2s.o \
$(BUILD_FW)/extmod/modtrezorcrypto/trezor-crypto/sha2.o \ $(BUILD_FW)/extmod/modtrezorcrypto/trezor-crypto/sha2.o \
OBJ = $(OBJ_MOD) $(OBJ_MP) $(OBJ_FW) OBJ = $(OBJ_MOD) $(OBJ_MP) $(OBJ_FW)

View File

@ -81,6 +81,7 @@ CFLAGS_MOD += \
OBJ_MOD += \ OBJ_MOD += \
$(BUILD_FW)/extmod/modtrezorcrypto/trezor-crypto/ed25519-donna/ed25519.o \ $(BUILD_FW)/extmod/modtrezorcrypto/trezor-crypto/ed25519-donna/ed25519.o \
$(BUILD_FW)/extmod/modtrezorcrypto/trezor-crypto/blake2s.o \
$(BUILD_FW)/extmod/modtrezorcrypto/trezor-crypto/sha2.o \ $(BUILD_FW)/extmod/modtrezorcrypto/trezor-crypto/sha2.o \
OBJ = $(OBJ_MOD) $(OBJ_MP) $(OBJ_FW) OBJ = $(OBJ_MOD) $(OBJ_MP) $(OBJ_FW)

View File

@ -21,7 +21,8 @@ it will start in a firmware update mode, allowing a firmware update via USB.
## Common notes ## Common notes
* Hash function used below is SHA-256 and signature system is Ed25519 (allows combining signatures by multiple keys into one). * Hash function used for computing data digest for signatures is BLAKE2s.
* Signature system is Ed25519 (allows combining signatures by multiple keys into one).
* All multibyte integer values are little endian. * All multibyte integer values are little endian.
* There is a tool called [firmwarectl](../tools/firmwarectl) which checks validity of the loader/firmware images including their headers. * There is a tool called [firmwarectl](../tools/firmwarectl) which checks validity of the loader/firmware images including their headers.

View File

@ -1,6 +1,6 @@
#include <string.h> #include <string.h>
#include "sha2.h" #include "blake2s.h"
#include "ed25519-donna/ed25519.h" #include "ed25519-donna/ed25519.h"
#include "crypto.h" #include "crypto.h"
@ -87,17 +87,17 @@ bool check_signature(const uint8_t *start)
return false; return false;
} }
uint8_t hash[SHA256_DIGEST_LENGTH]; uint8_t hash[BLAKE2S_DIGEST_LENGTH];
SHA256_CTX ctx; BLAKE2S_CTX ctx;
sha256_Init(&ctx); blake2s_Init(&ctx, BLAKE2S_DIGEST_LENGTH);
sha256_Update(&ctx, start, 256 - 65); blake2s_Update(&ctx, start, 256 - 65);
for (int i = 0; i < 65; i++) { for (int i = 0; i < 65; i++) {
sha256_Update(&ctx, (const uint8_t *)"\x00", 1); blake2s_Update(&ctx, (const uint8_t *)"\x00", 1);
} }
sha256_Update(&ctx, start + 256, codelen); blake2s_Update(&ctx, start + 256, codelen);
sha256_Final(&ctx, hash); blake2s_Final(&ctx, hash, BLAKE2S_DIGEST_LENGTH);
const uint8_t *pub = get_pubkey(sigidx); const uint8_t *pub = get_pubkey(sigidx);
return pub && (0 == ed25519_sign_open(hash, SHA256_DIGEST_LENGTH, *(const ed25519_public_key *)pub, *(const ed25519_signature *)sig)); return pub && (0 == ed25519_sign_open(hash, BLAKE2S_DIGEST_LENGTH, *(const ed25519_public_key *)pub, *(const ed25519_signature *)sig));
} }

View File

@ -2,8 +2,8 @@
import sys import sys
import struct import struct
import binascii import binascii
import hashlib
import ed25519 import ed25519
import pyblake2
# loader/firmware headers specification: https://github.com/trezor/trezor-core/blob/master/docs/bootloader.md # loader/firmware headers specification: https://github.com/trezor/trezor-core/blob/master/docs/bootloader.md
@ -27,7 +27,7 @@ def get_sig(data):
print('Enter privkey: ', end='') print('Enter privkey: ', end='')
seckey = binascii.unhexlify(input()) seckey = binascii.unhexlify(input())
signkey = ed25519.SigningKey(seckey) signkey = ed25519.SigningKey(seckey)
digest = hashlib.sha256(data).digest() digest = pyblake2.blake2s(data).digest()
sigidx = (1, ) sigidx = (1, )
sig = signkey.sign(digest) sig = signkey.sign(digest)
return sigidx, sig return sigidx, sig