shimun/solo
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

bootloader compiles

Browse Source
This commit is contained in:
Conor Patrick 2018-12-01 14:42:49 -05:00
parent 1a9548c0f0
commit 93d4112bc3
22 changed files with 458 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
fido2/crypto.c
View File

@ -18,7 +18,7 @@
#include "aes.h" #include "aes.h"
#include "ctap.h" #include "ctap.h"
#include "device.h" #include "device.h"
#include "app.h" #include APP_CONFIG
#ifdef USING_PC #ifdef USING_PC
typedef enum typedef enum

2
fido2/ctap.c
View File

@ -34,7 +34,7 @@
#include "util.h" #include "util.h"
#include "log.h" #include "log.h"
#include "device.h" #include "device.h"
#include "app.h" #include APP_CONFIG
#include "wallet.h" #include "wallet.h"
#include "device.h" #include "device.h"

3
fido2/ctaphid.c
View File

@ -30,7 +30,7 @@
#include "time.h" #include "time.h"
#include "util.h" #include "util.h"
#include "log.h" #include "log.h"
#include "app.h" #include APP_CONFIG
typedef enum typedef enum
{ {
@ -616,6 +616,7 @@ uint8_t ctaphid_handle_packet(uint8_t * pkt_raw)
break; break;
#endif #endif
#ifndef DISABLE_CTAPHID_CBOR #ifndef DISABLE_CTAPHID_CBOR
#error rere
case CTAPHID_CBOR: case CTAPHID_CBOR:
printf1(TAG_HID,"CTAPHID_CBOR\n"); printf1(TAG_HID,"CTAPHID_CBOR\n");

3
fido2/device.h
View File

@ -90,4 +90,7 @@ void ctap_store_rk(int index,CTAP_residentKey * rk);
void ctap_load_rk(int index,CTAP_residentKey * rk); void ctap_load_rk(int index,CTAP_residentKey * rk);
void ctap_overwrite_rk(int index,CTAP_residentKey * rk); void ctap_overwrite_rk(int index,CTAP_residentKey * rk);
// Boot laoder application
int bootloader_bridge(uint8_t klen, uint8_t * keyh);
#endif #endif

63
fido2/extensions/extensions.c
View File

@ -23,9 +23,66 @@
#include "extensions.h" #include "extensions.h"
#include "u2f.h" #include "u2f.h"
#include "wallet.h" #include "wallet.h"
#include "device.h"
#include "log.h" #include "log.h"
int is_extension_request(uint8_t * kh, int len)
{
wallet_request * req = (wallet_request *) kh;
if (len < WALLET_MIN_LENGTH)
return 0;
return memcmp(req->tag, WALLET_TAG, sizeof(WALLET_TAG)-1) == 0;
}
int extension_needs_atomic_count(uint8_t klen, uint8_t * keyh)
{
return ((wallet_request *) keyh)->operation == WalletRegister
|| ((wallet_request *) keyh)->operation == WalletSign;
}
int16_t bridge_u2f_to_extensions(uint8_t * _chal, uint8_t * _appid, uint8_t klen, uint8_t * keyh)
{
int8_t ret = 0;
uint32_t count;
uint8_t up = 1;
uint8_t sig[72];
if (extension_needs_atomic_count(klen, keyh))
{
count = ctap_atomic_count(0);
}
else
{
count = 10;
}
u2f_response_writeback(&up,1);
u2f_response_writeback((uint8_t *)&count,4);
u2f_response_writeback((uint8_t *)&ret,1);
#ifdef IS_BOOTLOADER
ret = bootloader_bridge(klen, keyh);
#else
ret = bridge_u2f_to_wallet(_chal, _appid, klen, keyh);
#endif
if (ret != 0)
{
u2f_reset_response();
u2f_response_writeback(&up,1);
u2f_response_writeback((uint8_t *)&count,4);
memset(sig,0,sizeof(sig));
sig[0] = ret;
u2f_response_writeback(sig,72);
}
return U2F_SW_NO_ERROR;
}
int16_t extend_u2f(struct u2f_request_apdu* req, uint32_t len) int16_t extend_u2f(struct u2f_request_apdu* req, uint32_t len)
{ {
@ -37,7 +94,7 @@ int16_t extend_u2f(struct u2f_request_apdu* req, uint32_t len)
if (req->p1 == U2F_AUTHENTICATE_CHECK) if (req->p1 == U2F_AUTHENTICATE_CHECK)
{ {
if (is_wallet_device((uint8_t *) &auth->kh, auth->khl)) // Pin requests if (is_extension_request((uint8_t *) &auth->kh, auth->khl)) // Pin requests
{ {
rcode = U2F_SW_CONDITIONS_NOT_SATISFIED; rcode = U2F_SW_CONDITIONS_NOT_SATISFIED;
} }
@ -50,13 +107,13 @@ int16_t extend_u2f(struct u2f_request_apdu* req, uint32_t len)
} }
else else
{ {
if ( ! is_wallet_device((uint8_t *) &auth->kh, auth->khl)) // Pin requests if ( ! is_extension_request((uint8_t *) &auth->kh, auth->khl)) // Pin requests
{ {
rcode = U2F_SW_WRONG_PAYLOAD; rcode = U2F_SW_WRONG_PAYLOAD;
printf1(TAG_WALLET,"Ignoring U2F request\n"); printf1(TAG_WALLET,"Ignoring U2F request\n");
goto end; goto end;
} }
rcode = bridge_u2f_to_wallet(auth->chal, auth->app, auth->khl, (uint8_t*)&auth->kh); rcode = bridge_u2f_to_extensions(auth->chal, auth->app, auth->khl, (uint8_t*)&auth->kh);
} }
} }
else if (req->ins == U2F_VERSION) else if (req->ins == U2F_VERSION)

58
fido2/extensions/wallet.c
View File

@ -20,7 +20,7 @@
SOFTWARE. SOFTWARE.
*/ */
#include "wallet.h" #include "wallet.h"
#include "app.h" #include APP_CONFIG
#include "ctap.h" #include "ctap.h"
#include "ctap_errors.h" #include "ctap_errors.h"
#include "crypto.h" #include "crypto.h"
@ -52,26 +52,6 @@ typedef enum
#endif #endif
typedef enum
{
WalletSign = 0x10,
WalletRegister = 0x11,
WalletPin = 0x12,
WalletReset= 0x13,
WalletVersion= 0x14,
WalletRng = 0x15,
} WalletOperation;
int is_wallet_device(uint8_t * kh, int len)
{
wallet_request * req = (wallet_request *) kh;
if (len < WALLET_MIN_LENGTH)
return 0;
return memcmp(req->tag, WALLET_TAG, sizeof(WALLET_TAG)-1) == 0;
}
// return 1 if hash is valid, 0 otherwise // return 1 if hash is valid, 0 otherwise
int check_pinhash(uint8_t * pinAuth, uint8_t * msg, uint8_t len) int check_pinhash(uint8_t * pinAuth, uint8_t * msg, uint8_t len)
{ {
@ -200,8 +180,7 @@ int16_t bridge_u2f_to_wallet(uint8_t * _chal, uint8_t * _appid, uint8_t klen, ui
int reqlen = klen; int reqlen = klen;
int i; int i;
int8_t ret = 0; int8_t ret = 0;
uint32_t count;
uint8_t up = 1;
uint8_t sig[200]; uint8_t sig[200];
uint8_t * args[5] = {NULL,NULL,NULL,NULL,NULL}; uint8_t * args[5] = {NULL,NULL,NULL,NULL,NULL};
@ -222,21 +201,6 @@ int16_t bridge_u2f_to_wallet(uint8_t * _chal, uint8_t * _appid, uint8_t klen, ui
printf1(TAG_WALLET, "u2f2wallet [%d]: ",reqlen); dump_hex1(TAG_WALLET, msg_buf,reqlen); printf1(TAG_WALLET, "u2f2wallet [%d]: ",reqlen); dump_hex1(TAG_WALLET, msg_buf,reqlen);
if (req->operation == WalletRegister || req->operation == WalletSign)
{
count = ctap_atomic_count(0);
}
else
{
count = 10;
}
u2f_response_writeback(&up,1);
u2f_response_writeback((uint8_t *)&count,4);
u2f_response_writeback((uint8_t *)&ret,1);
#ifndef IS_BOOTLOADER
int offset = 0; int offset = 0;
for (i = 0; i < MIN(5,req->numArgs); i++) for (i = 0; i < MIN(5,req->numArgs); i++)
{ {
@ -466,24 +430,8 @@ int16_t bridge_u2f_to_wallet(uint8_t * _chal, uint8_t * _appid, uint8_t klen, ui
ret = CTAP1_ERR_INVALID_COMMAND; ret = CTAP1_ERR_INVALID_COMMAND;
break; break;
} }
#else
ret = bootloader_bridge(klen, keyh);
#endif
cleanup: cleanup:
if (ret != 0)
{
u2f_reset_response();
u2f_response_writeback(&up,1);
u2f_response_writeback((uint8_t *)&count,4);
memset(sig,0,sizeof(sig)); return ret;
sig[0] = ret;
u2f_response_writeback(sig,72);
}
else
{
/*u2f_response_writeback(sig,sizeof(sig));*/
}
return U2F_SW_NO_ERROR;
} }

15
fido2/extensions/wallet.h
View File

@ -92,10 +92,21 @@ typedef struct
}__attribute__((packed)) wallet_request; }__attribute__((packed)) wallet_request;
int16_t bridge_u2f_to_wallet(uint8_t * chal, uint8_t * appid, uint8_t klen, uint8_t * keyh); typedef enum
{
WalletSign = 0x10,
WalletRegister = 0x11,
WalletPin = 0x12,
WalletReset= 0x13,
WalletVersion= 0x14,
WalletRng = 0x15,
} WalletOperation;
int16_t bridge_u2f_to_extensions(uint8_t * chal, uint8_t * appid, uint8_t klen, uint8_t * keyh);
// return 1 if request is a wallet request // return 1 if request is a wallet request
int is_wallet_device(uint8_t * req, int len); int is_extension_request(uint8_t * req, int len);
void wallet_init(); void wallet_init();

2
fido2/log.h
View File

@ -22,7 +22,7 @@
#ifndef _LOG_H #ifndef _LOG_H
#define _LOG_H #define _LOG_H
#include "app.h" #include APP_CONFIG
#include <stdint.h> #include <stdint.h>
#ifndef DEBUG_LEVEL #ifndef DEBUG_LEVEL

2
fido2/main.c
View File

@ -30,7 +30,7 @@
#include "util.h" #include "util.h"
#include "log.h" #include "log.h"
#include "ctap.h" #include "ctap.h"
#include "app.h" #include APP_CONFIG
#if !defined(TEST) #if !defined(TEST)

2
fido2/test_power.c
View File

@ -19,7 +19,7 @@
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE. SOFTWARE.
*/ */
#include "app.h" #include APP_CONFIG
#ifdef TEST_POWER #ifdef TEST_POWER
/* /*

4
fido2/u2f.c
View File

@ -26,7 +26,7 @@
#include "log.h" #include "log.h"
#include "device.h" #include "device.h"
#include "wallet.h" #include "wallet.h"
#include "app.h" #include APP_CONFIG
// void u2f_response_writeback(uint8_t * buf, uint8_t len); // void u2f_response_writeback(uint8_t * buf, uint8_t len);
static int16_t u2f_register(struct u2f_register_request * req); static int16_t u2f_register(struct u2f_register_request * req);
@ -284,8 +284,6 @@ static int16_t u2f_register(struct u2f_register_request * req)
crypto_ecc256_load_attestation_key(); crypto_ecc256_load_attestation_key();
/*printf("check key handle size: %d vs %d\n", U2F_KEY_HANDLE_SIZE, sizeof(struct u2f_key_handle));*/
printf1(TAG_U2F, "sha256: "); dump_hex1(TAG_U2F,hash,32); printf1(TAG_U2F, "sha256: "); dump_hex1(TAG_U2F,hash,32);
crypto_ecc256_sign(hash, 32, sig); crypto_ecc256_sign(hash, 32, sig);

7
targets/stm32l442/Makefile
View File

@ -10,7 +10,7 @@ SRC += src/startup_stm32l432xx.s src/system_stm32l4xx.c
SRC += $(wildcard lib/*.c) $(wildcard lib/usbd/*.c) SRC += $(wildcard lib/*.c) $(wildcard lib/usbd/*.c)
# FIDO2 lib # FIDO2 lib
SRC += ../../fido2/util.c ../../fido2/u2f.c ../../fido2/test_power.c ../../fido2/test_power.c SRC += ../../fido2/util.c ../../fido2/u2f.c ../../fido2/test_power.c
SRC += ../../fido2/stubs.c ../../fido2/log.c ../../fido2/ctaphid.c ../../fido2/ctap.c SRC += ../../fido2/stubs.c ../../fido2/log.c ../../fido2/ctaphid.c ../../fido2/ctap.c
SRC += ../../fido2/ctap_parse.c ../../fido2/main.c SRC += ../../fido2/ctap_parse.c ../../fido2/main.c
@ -39,7 +39,7 @@ HW=-mcpu=cortex-m4 -mfpu=fpv4-sp-d16 -mfloat-abi=hard -mthumb
# Solo # Solo
CHIP=STM32L442xx CHIP=STM32L442xx
DEFINES = -D$(CHIP) -DAES256=1 -DUSE_FULL_LL_DRIVER DEFINES = -D$(CHIP) -DAES256=1 -DUSE_FULL_LL_DRIVER -DAPP_CONFIG=\"app.h\"
# DEFINES += -DTEST_SOLO_STM32 -DTEST -DTEST_FIFO=1 # DEFINES += -DTEST_SOLO_STM32 -DTEST -DTEST_FIFO=1
CFLAGS=$(INC) -c $(DEFINES) -Wall -fdata-sections -ffunction-sections $(HW) CFLAGS=$(INC) -c $(DEFINES) -Wall -fdata-sections -ffunction-sections $(HW)
@ -67,6 +67,9 @@ all: $(TARGET).elf
%.hex: %.elf %.hex: %.elf
$(CP) -O ihex $^ $(TARGET).hex $(CP) -O ihex $^ $(TARGET).hex
bootloader:
make -f bootloader.mk
clean: clean:
rm -f *.o src/*.o src/*.elf *.elf *.hex $(OBJ) rm -f *.o src/*.o src/*.elf *.elf *.hex $(OBJ)

81
targets/stm32l442/bootloader.mk Normal file
View File

@ -0,0 +1,81 @@
CC=arm-none-eabi-gcc
CP=arm-none-eabi-objcopy
SZ=arm-none-eabi-size
AR=arm-none-eabi-ar
# ST related
SRC = bootloader/main.c src/init.c src/redirect.c src/flash.c src/rng.c src/led.c src/device.c
SRC += src/fifo.c src/crypto.c src/attestation.c
SRC += src/startup_stm32l432xx.s src/system_stm32l4xx.c
SRC += $(wildcard lib/*.c) $(wildcard lib/usbd/*.c)
# FIDO2 lib
SRC += ../../fido2/util.c ../../fido2/u2f.c ../../fido2/extensions/extensions.c
SRC += ../../fido2/stubs.c ../../fido2/log.c ../../fido2/ctaphid.c ../../fido2/ctap.c
# Crypto libs
SRC += ../../crypto/sha256/sha256.c ../../crypto/micro-ecc/uECC.c
OBJ1=$(SRC:.c=.o)
OBJ=$(OBJ1:.s=.o)
INC = -Ibootloader/ -Isrc/ -Isrc/cmsis/ -Ilib/ -Ilib/usbd/ -I../../fido2/ -I../../fido2/extensions
INC += -I../../tinycbor/src -I../../crypto/sha256 -I../../crypto/micro-ecc
INC += -I../../crypto/tiny-AES-c
LDSCRIPT=stm32l432xx.ld
CFLAGS= $(INC)
TARGET=solo
HW=-mcpu=cortex-m4 -mfpu=fpv4-sp-d16 -mfloat-abi=hard -mthumb
# Nucleo board
#CHIP=STM32L432xx
# Solo
CHIP=STM32L442xx
DEFINES = -D$(CHIP) -DAES256=1 -DUSE_FULL_LL_DRIVER -DAPP_CONFIG=\"bootloader.h\"
# DEFINES += -DTEST_SOLO_STM32 -DTEST -DTEST_FIFO=1
CFLAGS=$(INC) -c $(DEFINES) -Wall -fdata-sections -ffunction-sections $(HW)
LDFLAGS_LIB=$(HW) $(SEARCH) -specs=nano.specs -specs=nosys.specs -Wl,--gc-sections -lnosys
LDFLAGS=$(HW) $(LDFLAGS_LIB) -T$(LDSCRIPT) -Wl,-Map=$(TARGET).map,--cref
.PRECIOUS: %.o
all: $(TARGET).elf
$(SZ) $^
%.o: %.c
$(CC) $^ $(HW) -Os $(CFLAGS) -o $@
../../crypto/micro-ecc/uECC.o: ../../crypto/micro-ecc/uECC.c
$(CC) $^ $(HW) -Os $(CFLAGS) -o $@
%.o: %.s
$(CC) $^ $(HW) -Os $(CFLAGS) -o $@
%.elf: $(OBJ)
$(CC) $^ $(HW) $(LDFLAGS) -o $@
%.hex: %.elf
$(CP) -O ihex $^ $(TARGET).hex
clean:
rm -f *.o src/*.o src/*.elf *.elf *.hex $(OBJ)
flash: $(TARGET).hex
STM32_Programmer_CLI -c port=SWD -halt -e all --readunprotect
STM32_Programmer_CLI -c port=SWD -halt -d $(TARGET).hex -rst
detach:
STM32_Programmer_CLI -c port=usb1 -ob nBOOT0=1
cbor:
cd ../../tinycbor/ && make clean
cd ../../tinycbor/ && make CC="$(CC)" AR=$(AR) \
LDFLAGS="$(LDFLAGS_LIB)" \
CFLAGS="$(CFLAGS)"

38
targets/stm32l442/bootloader/bootloader.h Normal file
View File

@ -0,0 +1,38 @@
#ifndef _APP_H_
#define _APP_H_
#include <stdint.h>
#define DEBUG_UART USART1
#define DEBUG_LEVEL 0
#define NON_BLOCK_PRINTING 0
#define BOOT_TO_DFU 0
#define IS_BOOTLOADER 1
#define ENABLE_U2F_EXTENSIONS
// #define ENABLE_U2F
#define DISABLE_CTAPHID_PING
#define DISABLE_CTAPHID_WINK
#define DISABLE_CTAPHID_CBOR
void printing_init();
void hw_init(void);
//#define TEST
//#define TEST_POWER
#define LED_INIT_VALUE 0x001000
// Button
#define SOLO_BUTTON_PORT GPIOA
#define SOLO_BUTTON_PIN LL_GPIO_PIN_0
#define SKIP_BUTTON_CHECK_WITH_DELAY 0
#define SKIP_BUTTON_CHECK_FAST 1
#endif

105
targets/stm32l442/bootloader/main.c Normal file
View File

@ -0,0 +1,105 @@
/*
Copyright 2018 Conor Patrick
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
of the Software, and to permit persons to whom the Software is furnished to do
so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
*/
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include "cbor.h"
#include "device.h"
#include "ctaphid.h"
//#include "bsp.h"
#include "util.h"
#include "log.h"
#include "ctap.h"
#include "app.h"
uint8_t REBOOT_FLAG = 0;
#if !defined(TEST)
int main(int argc, char * argv[])
{
uint8_t hidmsg[64];
uint32_t t1 = 0;
set_logging_mask(
/*0*/
// TAG_GEN|
// TAG_MC |
// TAG_GA |
// TAG_WALLET |
TAG_STOR |
// TAG_CP |
// TAG_CTAP|
// TAG_HID|
/*TAG_U2F|*/
// TAG_PARSE |
// TAG_TIME|
// TAG_DUMP|
TAG_GREEN|
TAG_RED|
TAG_ERR
);
device_init();
printf1(TAG_GEN,"init device\n");
printf1(TAG_GEN,"init ctaphid\n");
ctaphid_init();
printf1(TAG_GEN,"init ctap\n");
ctap_init();
memset(hidmsg,0,sizeof(hidmsg));
printf1(TAG_GEN,"recv'ing hid msg \n");
while(1)
{
if (millis() - t1 > 100)
{
/*printf("heartbeat %ld\n", beat++);*/
heartbeat();
t1 = millis();
}
device_manage();
if (usbhid_recv(hidmsg) > 0)
{
ctaphid_handle_packet(hidmsg);
memset(hidmsg, 0, sizeof(hidmsg));
}
else
{
}
ctaphid_check_timeouts();
}
// Should never get here
usbhid_close();
printf1(TAG_GREEN, "done\n");
return 0;
}
#endif

2
targets/stm32l442/src/app.h
View File

@ -4,7 +4,7 @@
#define DEBUG_UART USART1 #define DEBUG_UART USART1
#define DEBUG_LEVEL 0 #define DEBUG_LEVEL 1
#define NON_BLOCK_PRINTING 0 #define NON_BLOCK_PRINTING 0

2
targets/stm32l442/src/crypto.c
View File

@ -18,7 +18,7 @@
#include "aes.h" #include "aes.h"
#include "ctap.h" #include "ctap.h"
#include "device.h" #include "device.h"
#include "app.h" #include APP_CONFIG
#include "log.h" #include "log.h"

139
targets/stm32l442/src/device.c
View File

@ -7,7 +7,7 @@
#include "stm32l4xx_ll_usart.h" #include "stm32l4xx_ll_usart.h"
#include "usbd_hid.h" #include "usbd_hid.h"
#include "app.h" #include APP_CONFIG
#include "flash.h" #include "flash.h"
#include "rng.h" #include "rng.h"
#include "led.h" #include "led.h"
@ -17,6 +17,8 @@
#include "log.h" #include "log.h"
#include "ctaphid.h" #include "ctaphid.h"
#include "ctap.h" #include "ctap.h"
#include "crypto.h"
#include "uECC.h"
#define PAGE_SIZE 2048 #define PAGE_SIZE 2048
@ -36,9 +38,9 @@
#define APPLICATION_START_ADDR flash_addr(APPLICATION_START_PAGE) #define APPLICATION_START_ADDR flash_addr(APPLICATION_START_PAGE)
#define APPLICATION_END_PAGE ((PAGES - 19)) // 119 is NOT included in application #define APPLICATION_END_PAGE ((PAGES - 19)) // 119 is NOT included in application
#define APPLICATION_END_ADDR (flash_addr(APPLICATION_END_PAGE)-4) // NOT included in application #define APPLICATION_END_ADDR (flash_addr(APPLICATION_END_PAGE)-8) // NOT included in application
#define AUTH_WORD_ADDR (flash_addr(APPLICATION_END_PAGE)-4) #define AUTH_WORD_ADDR (flash_addr(APPLICATION_END_PAGE)-8)
uint32_t __90_ms = 0; uint32_t __90_ms = 0;
uint32_t __device_status = 0; uint32_t __device_status = 0;
@ -497,3 +499,134 @@ void _Error_Handler(char *file, int line)
{ {
} }
} }
#ifdef IS_BOOTLOADER
extern uint8_t REBOOT_FLAG;
typedef enum
{
BootWrite = 0x40,
BootDone = 0x41,
BootCheck = 0x42,
BootErase = 0x43,
} WalletOperation;
typedef struct {
uint8_t op;
uint8_t addr[3];
uint8_t tag[4];
uint8_t len;
uint8_t payload[255 - 9];
} __attribute__((packed)) BootloaderReq;
//#define APPLICATION_START_ADDR 0x8000
//#define APPLICATION_START_PAGE (0x8000/PAGE_SIZE)
//#define APPLICATION_END_ADDR (PAGE_SIZE*125-4) // NOT included in application
static void erase_application()
{
int page;
for(page = APPLICATION_START_PAGE; page < APPLICATION_END_PAGE; page++)
{
flash_erase_page(page);
}
}
static void authorize_application()
{
uint32_t zero = 0;
uint32_t * ptr;
ptr = (uint32_t *)AUTH_WORD_ADDR;
flash_write((uint32_t)ptr, (uint8_t *)&zero, 4);
}
static int is_authorized_to_boot()
{
uint32_t * auth = (uint32_t *)AUTH_WORD_ADDR;
return *auth == 0;
}
int bootloader_bridge(uint8_t klen, uint8_t * keyh)
{
static int has_erased = 0;
BootloaderReq * req = (BootloaderReq * )keyh;
uint8_t payload[256];
uint8_t hash[32];
uint8_t * pubkey = (uint8_t*)"\x57\xe6\x80\x39\x56\x46\x2f\x0c\x95\xac\x72\x71\xf0\xbc\xe8\x2d\x67\xd0\x59\x29\x2e\x15\x22\x89\x6a\xbd\x3f\x7f\x27\xf3\xc0\xc6\xe2\xd7\x7d\x8a\x9f\xcc\x53\xc5\x91\xb2\x0c\x9c\x3b\x4e\xa4\x87\x31\x67\xb4\xa9\x4b\x0e\x8d\x06\x67\xd8\xc5\xef\x2c\x50\x4a\x55";
const struct uECC_Curve_t * curve = NULL;
/*printf("bootloader_bridge\n");*/
if (req->len > 255-9)
{
return CTAP1_ERR_INVALID_LENGTH;
}
memset(payload, 0xff, sizeof(payload));
memmove(payload, req->payload, req->len);
uint32_t addr = (*((uint32_t*)req->addr)) & 0xffffff;
uint32_t * ptr = (uint32_t *)addr;
switch(req->op){
case BootWrite:
/*printf("BootWrite 0x%08x\n", addr);*/
if ((uint32_t)ptr < APPLICATION_START_ADDR || (uint32_t)ptr >= APPLICATION_END_ADDR)
{
return CTAP2_ERR_NOT_ALLOWED;
}
if (!has_erased)
{
erase_application();
has_erased = 1;
}
if (is_authorized_to_boot())
{
printf2(TAG_ERR, "Error, boot check bypassed\n");
exit(1);
}
flash_write((uint32_t)ptr,payload, req->len + (req->len%4));
break;
case BootDone:
// printf("BootDone\n");
ptr = (uint32_t *)APPLICATION_START_ADDR;
crypto_sha256_init();
crypto_sha256_update(ptr, APPLICATION_END_ADDR-APPLICATION_START_ADDR);
crypto_sha256_final(hash);
// printf("hash: "); dump_hex(hash, 32);
// printf("sig: "); dump_hex(payload, 64);
curve = uECC_secp256r1();
if (! uECC_verify(pubkey,
hash,
32,
payload,
curve))
{
return CTAP2_ERR_OPERATION_DENIED;
}
authorize_application();
REBOOT_FLAG = 1;
break;
case BootCheck:
/*printf("BootCheck\n");*/
return 0;
break;
case BootErase:
/*printf("BootErase\n");*/
erase_application();
return 0;
break;
default:
return CTAP1_ERR_INVALID_COMMAND;
}
return 0;
}
#endif

2
targets/stm32l442/src/fifo.h
View File

@ -1,7 +1,7 @@
#ifndef _FIFO_H_ #ifndef _FIFO_H_
#define _FIFO_H_ #define _FIFO_H_
#include "app.h" #include APP_CONFIG
#ifndef TEST_FIFO #ifndef TEST_FIFO
#define TEST_FIFO 0 #define TEST_FIFO 0

2
targets/stm32l442/src/flash.c
View File

@ -3,7 +3,7 @@
#include <string.h> #include <string.h>
#include "stm32l4xx.h" #include "stm32l4xx.h"
#include "app.h" #include APP_CONFIG
#include "flash.h" #include "flash.h"
#include "log.h" #include "log.h"
#include "device.h" #include "device.h"

2
targets/stm32l442/src/main.c
View File

@ -20,7 +20,7 @@
#include "usbd_hid.h" #include "usbd_hid.h"
/*#include "usbd_hid.h"*/ /*#include "usbd_hid.h"*/
#include "app.h" #include APP_CONFIG
#include "flash.h" #include "flash.h"
#include "rng.h" #include "rng.h"
#include "led.h" #include "led.h"

2
targets/stm32l442/src/redirect.c
View File

@ -1,6 +1,6 @@
#include "stm32l4xx_ll_usart.h" #include "stm32l4xx_ll_usart.h"
#include "app.h" #include APP_CONFIG
#include "fifo.h" #include "fifo.h"
#if DEBUG_LEVEL>0 #if DEBUG_LEVEL>0