shimun/solo
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

bootloader compiles

Browse Source
This commit is contained in:
Conor Patrick
2018-12-01 14:42:49 -05:00
parent 1a9548c0f0
commit 93d4112bc3
22 changed files with 458 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
targets/stm32l442/Makefile
View File

@@ -10,7 +10,7 @@ SRC += src/startup_stm32l432xx.s src/system_stm32l4xx.c
SRC += $(wildcard lib/*.c) $(wildcard lib/usbd/*.c)
# FIDO2 lib
SRC += ../../fido2/util.c ../../fido2/u2f.c ../../fido2/test_power.c ../../fido2/test_power.c
SRC += ../../fido2/util.c ../../fido2/u2f.c ../../fido2/test_power.c
SRC += ../../fido2/stubs.c ../../fido2/log.c ../../fido2/ctaphid.c ../../fido2/ctap.c
SRC += ../../fido2/ctap_parse.c ../../fido2/main.c
@@ -39,7 +39,7 @@ HW=-mcpu=cortex-m4 -mfpu=fpv4-sp-d16 -mfloat-abi=hard -mthumb
# Solo
CHIP=STM32L442xx
DEFINES = -D$(CHIP) -DAES256=1 -DUSE_FULL_LL_DRIVER
DEFINES = -D$(CHIP) -DAES256=1 -DUSE_FULL_LL_DRIVER -DAPP_CONFIG=\"app.h\"
# DEFINES += -DTEST_SOLO_STM32 -DTEST -DTEST_FIFO=1
CFLAGS=$(INC) -c $(DEFINES) -Wall -fdata-sections -ffunction-sections $(HW)
@@ -67,6 +67,9 @@ all: $(TARGET).elf
%.hex: %.elf
$(CP) -O ihex $^ $(TARGET).hex
bootloader:
make -f bootloader.mk
clean:
rm -f *.o src/*.o src/*.elf *.elf *.hex $(OBJ)

81
targets/stm32l442/bootloader.mk Normal file
View File

@@ -0,0 +1,81 @@
CC=arm-none-eabi-gcc
CP=arm-none-eabi-objcopy
SZ=arm-none-eabi-size
AR=arm-none-eabi-ar
# ST related
SRC = bootloader/main.c src/init.c src/redirect.c src/flash.c src/rng.c src/led.c src/device.c
SRC += src/fifo.c src/crypto.c src/attestation.c
SRC += src/startup_stm32l432xx.s src/system_stm32l4xx.c
SRC += $(wildcard lib/*.c) $(wildcard lib/usbd/*.c)
# FIDO2 lib
SRC += ../../fido2/util.c ../../fido2/u2f.c ../../fido2/extensions/extensions.c
SRC += ../../fido2/stubs.c ../../fido2/log.c ../../fido2/ctaphid.c ../../fido2/ctap.c
# Crypto libs
SRC += ../../crypto/sha256/sha256.c ../../crypto/micro-ecc/uECC.c
OBJ1=$(SRC:.c=.o)
OBJ=$(OBJ1:.s=.o)
INC = -Ibootloader/ -Isrc/ -Isrc/cmsis/ -Ilib/ -Ilib/usbd/ -I../../fido2/ -I../../fido2/extensions
INC += -I../../tinycbor/src -I../../crypto/sha256 -I../../crypto/micro-ecc
INC += -I../../crypto/tiny-AES-c
LDSCRIPT=stm32l432xx.ld
CFLAGS= $(INC)
TARGET=solo
HW=-mcpu=cortex-m4 -mfpu=fpv4-sp-d16 -mfloat-abi=hard -mthumb
# Nucleo board
#CHIP=STM32L432xx
# Solo
CHIP=STM32L442xx
DEFINES = -D$(CHIP) -DAES256=1 -DUSE_FULL_LL_DRIVER -DAPP_CONFIG=\"bootloader.h\"
# DEFINES += -DTEST_SOLO_STM32 -DTEST -DTEST_FIFO=1
CFLAGS=$(INC) -c $(DEFINES) -Wall -fdata-sections -ffunction-sections $(HW)
LDFLAGS_LIB=$(HW) $(SEARCH) -specs=nano.specs -specs=nosys.specs -Wl,--gc-sections -lnosys
LDFLAGS=$(HW) $(LDFLAGS_LIB) -T$(LDSCRIPT) -Wl,-Map=$(TARGET).map,--cref
.PRECIOUS: %.o
all: $(TARGET).elf
$(SZ) $^
%.o: %.c
$(CC) $^ $(HW) -Os $(CFLAGS) -o $@
../../crypto/micro-ecc/uECC.o: ../../crypto/micro-ecc/uECC.c
$(CC) $^ $(HW) -Os $(CFLAGS) -o $@
%.o: %.s
$(CC) $^ $(HW) -Os $(CFLAGS) -o $@
%.elf: $(OBJ)
$(CC) $^ $(HW) $(LDFLAGS) -o $@
%.hex: %.elf
$(CP) -O ihex $^ $(TARGET).hex
clean:
rm -f *.o src/*.o src/*.elf *.elf *.hex $(OBJ)
flash: $(TARGET).hex
STM32_Programmer_CLI -c port=SWD -halt -e all --readunprotect
STM32_Programmer_CLI -c port=SWD -halt -d $(TARGET).hex -rst
detach:
STM32_Programmer_CLI -c port=usb1 -ob nBOOT0=1
cbor:
cd ../../tinycbor/ && make clean
cd ../../tinycbor/ && make CC="$(CC)" AR=$(AR) \
LDFLAGS="$(LDFLAGS_LIB)" \
CFLAGS="$(CFLAGS)"

38
targets/stm32l442/bootloader/bootloader.h Normal file
View File

@@ -0,0 +1,38 @@
#ifndef _APP_H_
#define _APP_H_
#include <stdint.h>
#define DEBUG_UART USART1
#define DEBUG_LEVEL 0
#define NON_BLOCK_PRINTING 0
#define BOOT_TO_DFU 0
#define IS_BOOTLOADER 1
#define ENABLE_U2F_EXTENSIONS
// #define ENABLE_U2F
#define DISABLE_CTAPHID_PING
#define DISABLE_CTAPHID_WINK
#define DISABLE_CTAPHID_CBOR
void printing_init();
void hw_init(void);
//#define TEST
//#define TEST_POWER
#define LED_INIT_VALUE 0x001000
// Button
#define SOLO_BUTTON_PORT GPIOA
#define SOLO_BUTTON_PIN LL_GPIO_PIN_0
#define SKIP_BUTTON_CHECK_WITH_DELAY 0
#define SKIP_BUTTON_CHECK_FAST 1
#endif

105
targets/stm32l442/bootloader/main.c Normal file
View File

@@ -0,0 +1,105 @@
/*
Copyright 2018 Conor Patrick
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
of the Software, and to permit persons to whom the Software is furnished to do
so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
*/
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include "cbor.h"
#include "device.h"
#include "ctaphid.h"
//#include "bsp.h"
#include "util.h"
#include "log.h"
#include "ctap.h"
#include "app.h"
uint8_t REBOOT_FLAG = 0;
#if !defined(TEST)
int main(int argc, char * argv[])
{
uint8_t hidmsg[64];
uint32_t t1 = 0;
set_logging_mask(
/*0*/
// TAG_GEN|
// TAG_MC |
// TAG_GA |
// TAG_WALLET |
TAG_STOR |
// TAG_CP |
// TAG_CTAP|
// TAG_HID|
/*TAG_U2F|*/
// TAG_PARSE |
// TAG_TIME|
// TAG_DUMP|
TAG_GREEN|
TAG_RED|
TAG_ERR
);
device_init();
printf1(TAG_GEN,"init device\n");
printf1(TAG_GEN,"init ctaphid\n");
ctaphid_init();
printf1(TAG_GEN,"init ctap\n");
ctap_init();
memset(hidmsg,0,sizeof(hidmsg));
printf1(TAG_GEN,"recv'ing hid msg \n");
while(1)
{
if (millis() - t1 > 100)
{
/*printf("heartbeat %ld\n", beat++);*/
heartbeat();
t1 = millis();
}
device_manage();
if (usbhid_recv(hidmsg) > 0)
{
ctaphid_handle_packet(hidmsg);
memset(hidmsg, 0, sizeof(hidmsg));
}
else
{
}
ctaphid_check_timeouts();
}
// Should never get here
usbhid_close();
printf1(TAG_GREEN, "done\n");
return 0;
}
#endif

2
targets/stm32l442/src/app.h
View File

@@ -4,7 +4,7 @@
#define DEBUG_UART USART1
#define DEBUG_LEVEL 0
#define DEBUG_LEVEL 1
#define NON_BLOCK_PRINTING 0

2
targets/stm32l442/src/crypto.c
View File

@@ -18,7 +18,7 @@
#include "aes.h"
#include "ctap.h"
#include "device.h"
#include "app.h"
#include APP_CONFIG
#include "log.h"

139
targets/stm32l442/src/device.c
View File

@@ -7,7 +7,7 @@
#include "stm32l4xx_ll_usart.h"
#include "usbd_hid.h"
#include "app.h"
#include APP_CONFIG
#include "flash.h"
#include "rng.h"
#include "led.h"
@@ -17,6 +17,8 @@
#include "log.h"
#include "ctaphid.h"
#include "ctap.h"
#include "crypto.h"
#include "uECC.h"
#define PAGE_SIZE 2048
@@ -36,9 +38,9 @@
#define APPLICATION_START_ADDR flash_addr(APPLICATION_START_PAGE)
#define APPLICATION_END_PAGE ((PAGES - 19)) // 119 is NOT included in application
#define APPLICATION_END_ADDR (flash_addr(APPLICATION_END_PAGE)-4) // NOT included in application
#define APPLICATION_END_ADDR (flash_addr(APPLICATION_END_PAGE)-8) // NOT included in application
#define AUTH_WORD_ADDR (flash_addr(APPLICATION_END_PAGE)-4)
#define AUTH_WORD_ADDR (flash_addr(APPLICATION_END_PAGE)-8)
uint32_t __90_ms = 0;
uint32_t __device_status = 0;
@@ -497,3 +499,134 @@ void _Error_Handler(char *file, int line)
{
}
}
#ifdef IS_BOOTLOADER
extern uint8_t REBOOT_FLAG;
typedef enum
{
BootWrite = 0x40,
BootDone = 0x41,
BootCheck = 0x42,
BootErase = 0x43,
} WalletOperation;
typedef struct {
uint8_t op;
uint8_t addr[3];
uint8_t tag[4];
uint8_t len;
uint8_t payload[255 - 9];
} __attribute__((packed)) BootloaderReq;
//#define APPLICATION_START_ADDR 0x8000
//#define APPLICATION_START_PAGE (0x8000/PAGE_SIZE)
//#define APPLICATION_END_ADDR (PAGE_SIZE*125-4) // NOT included in application
static void erase_application()
{
int page;
for(page = APPLICATION_START_PAGE; page < APPLICATION_END_PAGE; page++)
{
flash_erase_page(page);
}
}
static void authorize_application()
{
uint32_t zero = 0;
uint32_t * ptr;
ptr = (uint32_t *)AUTH_WORD_ADDR;
flash_write((uint32_t)ptr, (uint8_t *)&zero, 4);
}
static int is_authorized_to_boot()
{
uint32_t * auth = (uint32_t *)AUTH_WORD_ADDR;
return *auth == 0;
}
int bootloader_bridge(uint8_t klen, uint8_t * keyh)
{
static int has_erased = 0;
BootloaderReq * req = (BootloaderReq * )keyh;
uint8_t payload[256];
uint8_t hash[32];
uint8_t * pubkey = (uint8_t*)"\x57\xe6\x80\x39\x56\x46\x2f\x0c\x95\xac\x72\x71\xf0\xbc\xe8\x2d\x67\xd0\x59\x29\x2e\x15\x22\x89\x6a\xbd\x3f\x7f\x27\xf3\xc0\xc6\xe2\xd7\x7d\x8a\x9f\xcc\x53\xc5\x91\xb2\x0c\x9c\x3b\x4e\xa4\x87\x31\x67\xb4\xa9\x4b\x0e\x8d\x06\x67\xd8\xc5\xef\x2c\x50\x4a\x55";
const struct uECC_Curve_t * curve = NULL;
/*printf("bootloader_bridge\n");*/
if (req->len > 255-9)
{
return CTAP1_ERR_INVALID_LENGTH;
}
memset(payload, 0xff, sizeof(payload));
memmove(payload, req->payload, req->len);
uint32_t addr = (*((uint32_t*)req->addr)) & 0xffffff;
uint32_t * ptr = (uint32_t *)addr;
switch(req->op){
case BootWrite:
/*printf("BootWrite 0x%08x\n", addr);*/
if ((uint32_t)ptr < APPLICATION_START_ADDR || (uint32_t)ptr >= APPLICATION_END_ADDR)
{
return CTAP2_ERR_NOT_ALLOWED;
}
if (!has_erased)
{
erase_application();
has_erased = 1;
}
if (is_authorized_to_boot())
{
printf2(TAG_ERR, "Error, boot check bypassed\n");
exit(1);
}
flash_write((uint32_t)ptr,payload, req->len + (req->len%4));
break;
case BootDone:
// printf("BootDone\n");
ptr = (uint32_t *)APPLICATION_START_ADDR;
crypto_sha256_init();
crypto_sha256_update(ptr, APPLICATION_END_ADDR-APPLICATION_START_ADDR);
crypto_sha256_final(hash);
// printf("hash: "); dump_hex(hash, 32);
// printf("sig: "); dump_hex(payload, 64);
curve = uECC_secp256r1();
if (! uECC_verify(pubkey,
hash,
32,
payload,
curve))
{
return CTAP2_ERR_OPERATION_DENIED;
}
authorize_application();
REBOOT_FLAG = 1;
break;
case BootCheck:
/*printf("BootCheck\n");*/
return 0;
break;
case BootErase:
/*printf("BootErase\n");*/
erase_application();
return 0;
break;
default:
return CTAP1_ERR_INVALID_COMMAND;
}
return 0;
}
#endif

2
targets/stm32l442/src/fifo.h
View File

@@ -1,7 +1,7 @@
#ifndef _FIFO_H_
#define _FIFO_H_
#include "app.h"
#include APP_CONFIG
#ifndef TEST_FIFO
#define TEST_FIFO 0

2
targets/stm32l442/src/flash.c
View File

@@ -3,7 +3,7 @@
#include <string.h>
#include "stm32l4xx.h"
#include "app.h"
#include APP_CONFIG
#include "flash.h"
#include "log.h"
#include "device.h"

2
targets/stm32l442/src/main.c
View File

@@ -20,7 +20,7 @@
#include "usbd_hid.h"
/*#include "usbd_hid.h"*/
#include "app.h"
#include APP_CONFIG
#include "flash.h"
#include "rng.h"
#include "led.h"

2
targets/stm32l442/src/redirect.c
View File

@@ -1,6 +1,6 @@
#include "stm32l4xx_ll_usart.h"
#include "app.h"
#include APP_CONFIG
#include "fifo.h"
#if DEBUG_LEVEL>0