arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-11-14 03:30:02 +00:00
Code Issues Releases Wiki Activity

sigmask

Browse Source
This commit is contained in:
tychovrahe 2023-09-07 21:27:55 +02:00
parent 4ed270efee
commit ed6e85d45a
10 changed files with 43 additions and 113 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
core/SConscript.ble_bootloader
View File

@ -93,7 +93,6 @@ CPPPATH_MOD += [
'embed/sdk/nrf52/modules/nrfx/hal',
'embed/sdk/nrf52/components/libraries/crypto/backend/nrf_hw',
'embed/sdk/nrf52/components/libraries/log',
'embed/sdk/nrf52/external/nrf_oberon',
'embed/sdk/nrf52/components/libraries/strerror',
'embed/sdk/nrf52/components/libraries/crypto/backend/mbedtls',
'embed/sdk/nrf52/components/libraries/crypto/backend/cc310',
@ -139,7 +138,6 @@ SOURCE_NRFHAL = [
'embed/sdk/nrf52/components/libraries/scheduler/app_scheduler.c',
'embed/sdk/nrf52/components/libraries/util/app_util_platform.c',
'embed/sdk/nrf52/components/libraries/crc32/crc32.c',
'embed/sdk/nrf52/components/libraries/sha256/sha256.c',
'embed/sdk/nrf52/components/libraries/mem_manager/mem_manager.c',
'embed/sdk/nrf52/components/libraries/util/nrf_assert.c',
'embed/sdk/nrf52/components/libraries/atomic/nrf_atomic.c',
@ -161,11 +159,6 @@ SOURCE_NRFHAL = [
'embed/sdk/nrf52/modules/nrfx/drivers/src/prs/nrfx_prs.c',
'embed/sdk/nrf52/modules/nrfx/drivers/src/nrfx_uart.c',
'embed/sdk/nrf52/modules/nrfx/drivers/src/nrfx_uarte.c',
'embed/sdk/nrf52/components/libraries/crypto/nrf_crypto_ecc.c',
'embed/sdk/nrf52/components/libraries/crypto/nrf_crypto_ecdsa.c',
'embed/sdk/nrf52/components/libraries/crypto/nrf_crypto_hash.c',
'embed/sdk/nrf52/components/libraries/crypto/nrf_crypto_init.c',
'embed/sdk/nrf52/components/libraries/crypto/nrf_crypto_shared.c',
'embed/sdk/nrf52/components/libraries/bootloader/nrf_bootloader_app_start.c',
'embed/sdk/nrf52/components/libraries/bootloader/nrf_bootloader_app_start_final.c',
'embed/sdk/nrf52/components/libraries/bootloader/nrf_bootloader_dfu_timers.c',
@ -185,10 +178,6 @@ SOURCE_NRFHAL = [
'embed/sdk/nrf52/components/libraries/bootloader/dfu/nrf_dfu_utils.c',
'embed/sdk/nrf52/components/libraries/bootloader/dfu/nrf_dfu_ver_validation.c',
'embed/sdk/nrf52/components/libraries/bootloader/serial_dfu/nrf_dfu_serial.c',
'embed/sdk/nrf52/components/libraries/crypto/backend/micro_ecc/micro_ecc_backend_ecc.c',
'embed/sdk/nrf52/components/libraries/crypto/backend/micro_ecc/micro_ecc_backend_ecdh.c',
'embed/sdk/nrf52/components/libraries/crypto/backend/micro_ecc/micro_ecc_backend_ecdsa.c',
'embed/sdk/nrf52/components/libraries/crypto/backend/nrf_sw/nrf_sw_backend_hash.c',
]
SOURCE_BLE_BOOTLOADER = [
@ -309,8 +298,6 @@ cmake_gen = env.Command(
LIB_FILES = [
'embed/sdk/nrf52/external/nrf_oberon/lib/cortex-m4/hard-float/liboberon_3.0.8.a',
'embed/sdk/nrf52/external/nrf_cc310_bl/lib/cortex-m4/hard-float/libnrf_cc310_bl_0.9.13.a',
]
program_elf = env.Command(

16
core/embed/ble_bootloader/nrf_bootloader.c
View File

@ -236,10 +236,7 @@ static bool crc_on_valid_app_required(void) {
}
static bool boot_validate(boot_validation_t const* p_validation,
uint32_t data_addr, uint32_t data_len, bool do_crc) {
if (!do_crc && (p_validation->type == VALIDATE_CRC)) {
return true;
}
uint32_t data_addr, uint32_t data_len) {
return nrf_dfu_validation_boot_validate(p_validation, data_addr, data_len);
}
@ -259,22 +256,15 @@ static bool app_is_valid(bool do_crc) {
if (s_dfu_settings.bank_0.bank_code != NRF_DFU_BANK_VALID_APP) {
NRF_LOG_INFO("Boot validation failed. No valid app to boot.");
return false;
} else if (NRF_BL_APP_SIGNATURE_CHECK_REQUIRED &&
(s_dfu_settings.boot_validation_app.type !=
VALIDATE_ECDSA_P256_SHA256)) {
NRF_LOG_WARNING(
"Boot validation failed. The boot validation of the app must be a "
"signature check.");
return false;
} else if (SD_PRESENT &&
!boot_validate(&s_dfu_settings.boot_validation_softdevice,
MBR_SIZE, s_dfu_settings.sd_size, do_crc)) {
MBR_SIZE, s_dfu_settings.sd_size)) {
NRF_LOG_WARNING(
"Boot validation failed. SoftDevice is present but invalid.");
return false;
} else if (!boot_validate(&s_dfu_settings.boot_validation_app,
nrf_dfu_bank0_start_addr(),
s_dfu_settings.bank_0.image_size, do_crc)) {
s_dfu_settings.bank_0.image_size)) {
NRF_LOG_WARNING("Boot validation failed. App is invalid.");
return false;
}

54
core/embed/ble_bootloader/nrf_dfu_validation.c
View File

@ -331,7 +331,7 @@ secbool check_trezor_sig(const uint8_t * digest,
// Function to perform signature check if required.
static nrf_dfu_result_t nrf_dfu_validation_signature_check(dfu_signature_type_t signature_type,
static nrf_dfu_result_t nrf_dfu_validation_signature_check(uint32_t sigmask,
uint8_t const * p_signature,
uint32_t signature_len,
uint8_t const * p_data,
@ -366,7 +366,7 @@ static nrf_dfu_result_t nrf_dfu_validation_signature_check(dfu_signature_type_t
// Calculate the signature.
NRF_LOG_INFO("Verify signature");
if (sectrue != check_trezor_sig(hash_digest, BLAKE2S_DIGEST_LENGTH, NRF_BOOTLOADER_KEY_M, NRF_BOOTLOADER_KEY_N, 3, NRF_BOOTLOADER_KEYS, signature)){
if (sectrue != check_trezor_sig(hash_digest, BLAKE2S_DIGEST_LENGTH, NRF_BOOTLOADER_KEY_M, NRF_BOOTLOADER_KEY_N, sigmask, NRF_BOOTLOADER_KEYS, signature)){
NRF_LOG_ERROR("Signature failed");
err_code = NRF_ERROR_CRYPTO_ECDSA_INVALID_SIGNATURE;
}
@ -511,14 +511,14 @@ nrf_dfu_result_t nrf_dfu_validation_prevalidate(void)
{
nrf_dfu_result_t ret_val = NRF_DFU_RES_CODE_SUCCESS;
dfu_command_t const * p_command = &m_packet.command;
dfu_signature_type_t signature_type = DFU_SIGNATURE_TYPE_MIN;
uint32_t sigmask = 0;
uint8_t const * p_signature = NULL;
uint32_t signature_len = 0;
if (m_packet.has_signed_command)
{
p_command = &m_packet.signed_command.command;
signature_type = m_packet.signed_command.signature_type;
sigmask = m_packet.signed_command.sigmask;
p_signature = m_packet.signed_command.signature.bytes;
signature_len = m_packet.signed_command.signature.size;
}
@ -526,7 +526,7 @@ nrf_dfu_result_t nrf_dfu_validation_prevalidate(void)
// Validate signature.
if (signature_required(p_command->init.type))
{
ret_val = nrf_dfu_validation_signature_check(signature_type,
ret_val = nrf_dfu_validation_signature_check(sigmask,
p_signature,
signature_len,
m_init_packet_data_ptr,
@ -709,19 +709,12 @@ static bool boot_validation_extract(boot_validation_t * p_boot_validation,
boot_validation_type_t default_type)
{
memset(p_boot_validation, 0, sizeof(boot_validation_t));
p_boot_validation->type = (p_init->boot_validation_count > index)
? (boot_validation_type_t)p_init->boot_validation[index].type
: default_type; // default
p_boot_validation->sigmask = (boot_validation_type_t)p_init->boot_validation[index].sigmask;
switch(p_boot_validation->type)
{
case VALIDATE_ECDSA_P256_SHA256:
memcpy(p_boot_validation->bytes, p_init->boot_validation[index].bytes.bytes, p_init->boot_validation[index].bytes.size);
break;
memcpy(p_boot_validation->bytes, p_init->boot_validation[index].bytes.bytes, p_init->boot_validation[index].bytes.size);
default:
NRF_LOG_ERROR("Invalid boot validation type: %d", p_boot_validation->type);
return false;
if (default_type == NO_VALIDATION) {
return true;
}
return nrf_dfu_validation_boot_validate(p_boot_validation, start_addr, data_len);
@ -735,18 +728,18 @@ static bool postvalidate_app(dfu_init_command_t const * p_init, uint32_t src_add
ASSERT(p_init->type == DFU_FW_TYPE_APPLICATION);
if (!boot_validation_extract(&boot_validation, p_init, 0, src_addr, data_len, VALIDATE_CRC))
if (!boot_validation_extract(&boot_validation, p_init, 0, src_addr, data_len, VALIDATE_ECDSA_P256_SHA256))
{
return false;
}
#if !NRF_DFU_IN_APP
else if (NRF_BL_APP_SIGNATURE_CHECK_REQUIRED &&
(boot_validation.type != VALIDATE_ECDSA_P256_SHA256))
{
NRF_LOG_WARNING("The boot validation of the app must be a signature check.");
return false;
}
#endif
//#if !NRF_DFU_IN_APP
// else if (NRF_BL_APP_SIGNATURE_CHECK_REQUIRED &&
// (boot_validation.type != VALIDATE_ECDSA_P256_SHA256))
// {
// NRF_LOG_WARNING("The boot validation of the app must be a signature check.");
// return false;
// }
//#endif
if (!is_trusted)
{
@ -810,7 +803,7 @@ static bool postvalidate_sd_bl(dfu_init_command_t const * p_init,
}
}
if (!boot_validation_extract(&boot_validation_sd, p_init, 0, start_addr, p_init->sd_size, VALIDATE_CRC))
if (!boot_validation_extract(&boot_validation_sd, p_init, 0, start_addr, p_init->sd_size, VALIDATE_ECDSA_P256_SHA256))
{
return false;
}
@ -820,14 +813,7 @@ static bool postvalidate_sd_bl(dfu_init_command_t const * p_init,
}
if (with_bl)
{
if (!boot_validation_extract(&boot_validation_bl, p_init, with_sd ? 1 : 0, bl_start, bl_size, NO_VALIDATION))
{
return false;
}
else if (boot_validation_bl.type != NO_VALIDATION)
{
NRF_LOG_WARNING("Boot validation of bootloader is not supported and will be ignored.");
}
boot_validation_extract(&boot_validation_bl, p_init, with_sd ? 1 : 0, bl_start, bl_size, NO_VALIDATION);
}
if (!is_trusted)

2
core/embed/ble_bootloader/sdk_config.h
View File

@ -1102,7 +1102,7 @@
#ifndef NRF_DFU_SETTINGS_COMPATIBILITY_MODE
#define NRF_DFU_SETTINGS_COMPATIBILITY_MODE 1
#define NRF_DFU_SETTINGS_COMPATIBILITY_MODE 0
#endif
// <h> nrf_dfu - Device Firmware Upgrade

8
core/embed/sdk/nrf52/components/libraries/bootloader/dfu/dfu-cc.pb.c
View File

@ -57,8 +57,8 @@ const pb_field_t dfu_hash_fields[3] = {
};
const pb_field_t dfu_boot_validation_fields[3] = {
PB_FIELD( 1, UENUM , REQUIRED, STATIC , FIRST, dfu_boot_validation_t, type, type, 0),
PB_FIELD( 2, BYTES , REQUIRED, STATIC , OTHER, dfu_boot_validation_t, bytes, type, 0),
PB_FIELD( 1, UINT32 , REQUIRED, STATIC , FIRST, dfu_boot_validation_t, sigmask, type, 0),
PB_FIELD( 2, BYTES , REQUIRED, STATIC , OTHER, dfu_boot_validation_t, bytes, sigmask, 0),
PB_LAST_FIELD
};
@ -84,8 +84,8 @@ const pb_field_t dfu_command_fields[3] = {
const pb_field_t dfu_signed_command_fields[4] = {
PB_FIELD( 1, MESSAGE , REQUIRED, STATIC , FIRST, dfu_signed_command_t, command, command, &dfu_command_fields),
PB_FIELD( 2, UENUM , REQUIRED, STATIC , OTHER, dfu_signed_command_t, signature_type, command, 0),
PB_FIELD( 3, BYTES , REQUIRED, STATIC , OTHER, dfu_signed_command_t, signature, signature_type, 0),
PB_FIELD( 2, UINT32 , REQUIRED, STATIC , OTHER, dfu_signed_command_t, sigmask, command, 0),
PB_FIELD( 3, BYTES , REQUIRED, STATIC , OTHER, dfu_signed_command_t, signature, sigmask, 0),
PB_LAST_FIELD
};

32
core/embed/sdk/nrf52/components/libraries/bootloader/dfu/dfu-cc.pb.h
View File

@ -86,30 +86,10 @@ typedef enum
#define DFU_OP_CODE_MAX DFU_OP_CODE_INIT
#define DFU_OP_CODE_ARRAYSIZE ((dfu_op_code_t)(DFU_OP_CODE_INIT+1))
typedef enum
{
DFU_VALIDATION_TYPE_NO_VALIDATION = 0,
DFU_VALIDATION_TYPE_VALIDATE_GENERATED_CRC = 1,
DFU_VALIDATION_TYPE_VALIDATE_SHA256 = 2,
DFU_VALIDATION_TYPE_VALIDATE_ECDSA_P256_SHA256 = 3
} dfu_validation_type_t;
#define DFU_VALIDATION_TYPE_MIN DFU_VALIDATION_TYPE_NO_VALIDATION
#define DFU_VALIDATION_TYPE_MAX DFU_VALIDATION_TYPE_VALIDATE_ECDSA_P256_SHA256
#define DFU_VALIDATION_TYPE_ARRAYSIZE ((dfu_validation_type_t)(DFU_VALIDATION_TYPE_VALIDATE_ECDSA_P256_SHA256+1))
typedef enum
{
DFU_SIGNATURE_TYPE_ECDSA_P256_SHA256 = 0,
DFU_SIGNATURE_TYPE_ED25519 = 1
} dfu_signature_type_t;
#define DFU_SIGNATURE_TYPE_MIN DFU_SIGNATURE_TYPE_ECDSA_P256_SHA256
#define DFU_SIGNATURE_TYPE_MAX DFU_SIGNATURE_TYPE_ED25519
#define DFU_SIGNATURE_TYPE_ARRAYSIZE ((dfu_signature_type_t)(DFU_SIGNATURE_TYPE_ED25519+1))
/* Struct definitions */
typedef PB_BYTES_ARRAY_T(64) dfu_boot_validation_bytes_t;
typedef struct {
dfu_validation_type_t type;
uint32_t sigmask;
dfu_boot_validation_bytes_t bytes;
/* @@protoc_insertion_point(struct:dfu_boot_validation_t) */
} dfu_boot_validation_t;
@ -156,7 +136,7 @@ typedef struct {
typedef PB_BYTES_ARRAY_T(64) dfu_signed_command_signature_t;
typedef struct {
dfu_command_t command;
dfu_signature_type_t signature_type;
uint32_t sigmask;
dfu_signed_command_signature_t signature;
/* @@protoc_insertion_point(struct:dfu_signed_command_t) */
} dfu_signed_command_t;
@ -174,16 +154,16 @@ extern const bool dfu_init_command_is_debug_default;
/* Initializer values for message structs */
#define DFU_HASH_INIT_DEFAULT {(dfu_hash_type_t)0, {0, {0}}}
#define DFU_BOOT_VALIDATION_INIT_DEFAULT {(dfu_validation_type_t)0, {0, {0}}}
#define DFU_BOOT_VALIDATION_INIT_DEFAULT {0, {0, {0}}}
#define DFU_INIT_COMMAND_INIT_DEFAULT {false, 0, false, 0, 0, {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}, false, (dfu_fw_type_t)0, false, 0, false, 0, false, 0, false, DFU_HASH_INIT_DEFAULT, false, false, 0, {DFU_BOOT_VALIDATION_INIT_DEFAULT, DFU_BOOT_VALIDATION_INIT_DEFAULT, DFU_BOOT_VALIDATION_INIT_DEFAULT}}
#define DFU_COMMAND_INIT_DEFAULT {false, (dfu_op_code_t)0, false, DFU_INIT_COMMAND_INIT_DEFAULT}
#define DFU_SIGNED_COMMAND_INIT_DEFAULT {DFU_COMMAND_INIT_DEFAULT, (dfu_signature_type_t)0, {0, {0}}}
#define DFU_SIGNED_COMMAND_INIT_DEFAULT {DFU_COMMAND_INIT_DEFAULT, 0, {0, {0}}}
#define DFU_PACKET_INIT_DEFAULT {false, DFU_COMMAND_INIT_DEFAULT, false, DFU_SIGNED_COMMAND_INIT_DEFAULT}
#define DFU_HASH_INIT_ZERO {(dfu_hash_type_t)0, {0, {0}}}
#define DFU_BOOT_VALIDATION_INIT_ZERO {(dfu_validation_type_t)0, {0, {0}}}
#define DFU_BOOT_VALIDATION_INIT_ZERO {0, {0, {0}}}
#define DFU_INIT_COMMAND_INIT_ZERO {false, 0, false, 0, 0, {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}, false, (dfu_fw_type_t)0, false, 0, false, 0, false, 0, false, DFU_HASH_INIT_ZERO, false, 0, 0, {DFU_BOOT_VALIDATION_INIT_ZERO, DFU_BOOT_VALIDATION_INIT_ZERO, DFU_BOOT_VALIDATION_INIT_ZERO}}
#define DFU_COMMAND_INIT_ZERO {false, (dfu_op_code_t)0, false, DFU_INIT_COMMAND_INIT_ZERO}
#define DFU_SIGNED_COMMAND_INIT_ZERO {DFU_COMMAND_INIT_ZERO, (dfu_signature_type_t)0, {0, {0}}}
#define DFU_SIGNED_COMMAND_INIT_ZERO {DFU_COMMAND_INIT_ZERO, 0, {0, {0}}}
#define DFU_PACKET_INIT_ZERO {false, DFU_COMMAND_INIT_ZERO, false, DFU_SIGNED_COMMAND_INIT_ZERO}
/* Field tags (for use in manual encoding/decoding) */

10
core/embed/sdk/nrf52/components/libraries/bootloader/dfu/dfu-cc.proto
View File

@ -36,7 +36,7 @@ message Hash {
message BootValidation {
required ValidationType type = 1;
required uint32 sigmask = 1;
required bytes bytes = 2;
}
@ -63,15 +63,9 @@ message Command {
optional InitCommand init = 2;
}
// Signed command types
enum SignatureType {
ECDSA_P256_SHA256 = 0;
ED25519 = 1;
}
message SignedCommand {
required Command command = 1;
required SignatureType signature_type = 2;
required uint32 sigmask = 2;
required bytes signature = 3;
}

16
core/embed/sdk/nrf52/components/libraries/bootloader/dfu/nrf_dfu_settings.c
View File

@ -258,19 +258,9 @@ void nrf_dfu_settings_reinit(void)
if (NRF_DFU_SETTINGS_COMPATIBILITY_MODE && !NRF_DFU_IN_APP && (s_dfu_settings.settings_version == 1))
{
NRF_LOG_INFO("Old settings page detected. Upgrading info.");
// Old version. Translate.
memcpy(&s_dfu_settings.peer_data, (uint8_t *)&s_dfu_settings + DFU_SETTINGS_BOND_DATA_OFFSET_V1, NRF_DFU_PEER_DATA_LEN);
memcpy(&s_dfu_settings.adv_name, (uint8_t *)&s_dfu_settings + DFU_SETTINGS_ADV_NAME_OFFSET_V1, NRF_DFU_ADV_NAME_LEN);
// Initialize with defaults.
s_dfu_settings.boot_validation_softdevice.type = NO_VALIDATION;
s_dfu_settings.boot_validation_app.type = VALIDATE_CRC;
s_dfu_settings.boot_validation_bootloader.type = NO_VALIDATION;
memcpy(s_dfu_settings.boot_validation_app.bytes, &s_dfu_settings.bank_0.image_crc, sizeof(uint32_t));
s_dfu_settings.settings_version = NRF_DFU_SETTINGS_VERSION;
NRF_LOG_WARNING("Resetting bootloader settings since neither the settings page is old.");
memset(&s_dfu_settings, 0x00, sizeof(nrf_dfu_settings_t));
s_dfu_settings.settings_version = NRF_DFU_SETTINGS_VERSION;
}
return;

2
core/embed/sdk/nrf52/components/libraries/bootloader/dfu/nrf_dfu_types.h
View File

@ -295,7 +295,7 @@ typedef enum
typedef struct
{
boot_validation_type_t type;
uint32_t sigmask;
uint8_t bytes[SETTINGS_BOOT_VALIDATION_SIZE];
} boot_validation_t;

3
core/embed/trezorhal/stm32f4/ble.c
View File

@ -417,6 +417,9 @@ bool ble_reset_to_bootloader(void) {
HAL_GPIO_WritePin(GPIOB, GPIO_PIN_12, GPIO_PIN_RESET);
HAL_Delay(1000);
return true;
}