trezor-firmware/tools/keyctl

#!/usr/bin/env python3
import binascii
import struct
import click
import pyblake2
from trezorlib import cosi

indexmap = {"bootloader": 0, "vendorheader": 1, "firmware": 2}


def header_digest(index, filename):
    data = open(filename, "rb").read()
    z = bytes(65 * [0x00])
    if index == "bootloader":
        header = data[:0x03BF] + z
    elif index == "vendorheader":
        header = data[:-65] + z
    elif index == "firmware":
        vhdrlen = struct.unpack("<I", data[4:8])[0]
        header = data[vhdrlen : vhdrlen + 0x03BF] + z
    else:
        raise ValueError('Unknown index "%s"' % index)
    return pyblake2.blake2s(header).digest()


@click.group()
def cli():
    pass


@cli.command(help="")
@click.argument("index", type=click.Choice(indexmap.keys()))
@click.argument("filename")
@click.argument("seckeys", nargs=-1)
def sign(index, filename, seckeys):
    # compute header digest
    digest = header_digest(index, filename)
    # collect commits
    pks, nonces, Rs = [], [], []
    for ctr, seckey in enumerate(seckeys):
        sk = binascii.unhexlify(seckey)
        pk = cosi.pubkey_from_privkey(sk)
        r, R = cosi.get_nonce(sk, digest, ctr)
        pks.append(pk)
        nonces.append(r)
        Rs.append(R)
    # compute global commit
    global_pk = cosi.combine_keys(pks)
    global_R = cosi.combine_keys(Rs)
    # collect signatures
    sigs = []
    for seckey, nonce in zip(seckeys, nonces):
        sk = binascii.unhexlify(seckey)
        sig = cosi.sign_with_privkey(digest, sk, global_pk, nonce, global_R)
        sigs.append(sig)
    # compute global signature
    sig = cosi.combine_sig(global_R, sigs)
    cosi.verify(sig, digest, global_pk)
    print(binascii.hexlify(sig).decode())


if __name__ == "__main__":
    cli()