signed update working

2018-12-02 23:31:34 -05:00
parent 0c461bb5d8
commit bfa2d2830d
12 changed files with 116 additions and 270 deletions
--- a/targets/stm32l442/Makefile
+++ b/targets/stm32l442/Makefile
@@ -1,9 +1,9 @@

 all:
-	$(MAKE) -f application.mk -j8
+	$(MAKE) -f application.mk -j8 solo.hex

 boot:
-	$(MAKE) -f bootloader.mk -j8
+	$(MAKE) -f bootloader.mk -j8 bootloader.hex

 clean:
 	$(MAKE) -f application.mk clean
@@ -14,6 +14,11 @@ flash: solo.hex bootloader.hex
 	STM32_Programmer_CLI -c port=SWD -halt -e all --readunprotect
 	STM32_Programmer_CLI -c port=SWD -halt  -d all.hex -rst

+flashboot: solo.hex bootloader.hex
+	python merge_hex.py solo.hex bootloader.hex all.hex
+	STM32_Programmer_CLI -c port=SWD -halt -e all --readunprotect
+	STM32_Programmer_CLI -c port=SWD -halt  -d bootloader.hex -rst
+
 bootloader.hex:
 	echo "You need to build the bootloader first."

--- a/targets/stm32l442/bootloader/main.c
+++ b/targets/stm32l442/bootloader/main.c
@@ -105,6 +105,7 @@ int main(int argc, char * argv[])
            // TAG_PARSE |
           // TAG_TIME|
            // TAG_DUMP|
+            TAG_BOOT|
            TAG_GREEN|
            TAG_RED|
            TAG_ERR
@@ -134,7 +135,7 @@ int main(int argc, char * argv[])

    usbhid_init();
    printf1(TAG_GEN,"init usb\n");
-    
+
    ctaphid_init();
    printf1(TAG_GEN,"init ctaphid\n");

--- a/targets/stm32l442/src/device.c
+++ b/targets/stm32l442/src/device.c
@@ -19,6 +19,7 @@
 #include "ctap.h"
 #include "crypto.h"
 #include "uECC.h"
+#include "u2f.h"


 #define PAGE_SIZE		2048
@@ -520,7 +521,8 @@ typedef enum
    BootDone = 0x41,
    BootCheck = 0x42,
    BootErase = 0x43,
-} WalletOperation;
+    BootVersion = 0x44,
+} BootOperation;


 typedef struct {
@@ -564,7 +566,9 @@ int bootloader_bridge(uint8_t klen, uint8_t * keyh)
    BootloaderReq * req =  (BootloaderReq *  )keyh;
    uint8_t payload[256];
    uint8_t hash[32];
-    uint8_t * pubkey = (uint8_t*)"\x57\xe6\x80\x39\x56\x46\x2f\x0c\x95\xac\x72\x71\xf0\xbc\xe8\x2d\x67\xd0\x59\x29\x2e\x15\x22\x89\x6a\xbd\x3f\x7f\x27\xf3\xc0\xc6\xe2\xd7\x7d\x8a\x9f\xcc\x53\xc5\x91\xb2\x0c\x9c\x3b\x4e\xa4\x87\x31\x67\xb4\xa9\x4b\x0e\x8d\x06\x67\xd8\xc5\xef\x2c\x50\x4a\x55";
+    uint8_t version = 1;
+
+    uint8_t * pubkey = (uint8_t*)"\x85\xaa\xce\xda\xd4\xb4\xd8\x0d\xf7\x0e\xe8\x91\x6d\x69\x8e\x00\x7a\x27\x40\x76\x93\x7a\x1d\x63\xb1\xcf\xe8\x22\xdd\x9f\xbc\x43\x3e\x34\x0a\x05\x9d\x8a\x9d\x72\xdc\xc2\x4b\x56\x9c\x64\x3d\xc1\x0d\x14\x64\x69\x52\x31\xd7\x54\xa3\xb6\x69\xa7\x6f\x6b\x81\x8d";
    const struct uECC_Curve_t * curve = NULL;

    if (req->len > 255-9)
@@ -575,18 +579,20 @@ int bootloader_bridge(uint8_t klen, uint8_t * keyh)
    memset(payload, 0xff, sizeof(payload));
    memmove(payload, req->payload, req->len);

-    uint32_t addr = (*((uint32_t*)req->addr)) & 0xffffff;
+    uint32_t addr = ((*((uint32_t*)req->addr)) & 0xffffff) | 0x8000000;

    uint32_t * ptr = (uint32_t *)addr;

    switch(req->op){
        case BootWrite:
+            printf1(TAG_BOOT, "BootWrite: %08lx\r\n",(uint32_t)ptr);
            if ((uint32_t)ptr < APPLICATION_START_ADDR || (uint32_t)ptr >= APPLICATION_END_ADDR)
            {
+                printf1(TAG_BOOT,"Bound exceeded [%08lx, %08lx]\r\n",APPLICATION_START_ADDR,APPLICATION_END_ADDR);
                return CTAP2_ERR_NOT_ALLOWED;
            }

-            if (!has_erased)
+            if (!has_erased || is_authorized_to_boot())
            {
                erase_application();
                has_erased = 1;
@@ -596,12 +602,15 @@ int bootloader_bridge(uint8_t klen, uint8_t * keyh)
                printf2(TAG_ERR, "Error, boot check bypassed\n");
                exit(1);
            }
+
            flash_write((uint32_t)ptr,payload, req->len + (req->len%4));
            break;
        case BootDone:
+            printf1(TAG_BOOT, "BootDone: ");
+            dump_hex1(TAG_BOOT, payload, 32);
            ptr = (uint32_t *)APPLICATION_START_ADDR;
            crypto_sha256_init();
-            crypto_sha256_update(ptr, APPLICATION_END_ADDR-APPLICATION_START_ADDR);
+            crypto_sha256_update((uint8_t*)ptr, APPLICATION_END_ADDR-APPLICATION_START_ADDR);
            crypto_sha256_final(hash);
            curve = uECC_secp256r1();

@@ -620,9 +629,15 @@ int bootloader_bridge(uint8_t klen, uint8_t * keyh)
            return 0;
            break;
        case BootErase:
+            printf1(TAG_BOOT, "BootErase.\r\n");
            erase_application();
            return 0;
            break;
+        case BootVersion:
+            printf1(TAG_BOOT, "BootVersion.\r\n");
+            u2f_response_writeback(&version,1);
+            return 0;
+            break;
        default:
            return CTAP1_ERR_INVALID_COMMAND;
    }
--- a/targets/stm32l442/stm32l432xx.ld
+++ b/targets/stm32l442/stm32l432xx.ld
@@ -42,8 +42,8 @@ _Min_Stack_Size = 0x400; /* required amount of stack */
 MEMORY
 {
 /* First 32 KB is bootloader */ 
-/*FLASH (rx)      : ORIGIN = 0x08000000, LENGTH = 238K-8 [> Leave out 18 Kb at end for data <]*/
-FLASH (rx)      : ORIGIN = 0x08008000, LENGTH = 206K-8 /* Leave out 18 Kb at end for data */
+/*FLASH (rx)      : ORIGIN = 0x08000000, LENGTH = 238K-8 [> Leave out 38 Kb at end for data <]*/
+FLASH (rx)      : ORIGIN = 0x08008000, LENGTH = 186K-8 /* Leave out 38 Kb at end for data */
 RAM (xrw)      : ORIGIN = 0x20000000, LENGTH = 48K
 SRAM2 (rw)      : ORIGIN = 0x10000000, LENGTH = 16K
 }