WIP: verify pre loaded app 2

2025-03-26 00:28:15 -04:00 · 2025-03-21 15:24:56 +01:00 · 2025-03-21 15:24:56 +01:00 · 2caaf2a453
commit 2caaf2a453
parent 543c5a8968
5 changed files with 75 additions and 7 deletions
--- a/hw/application_fpga/fw/testloadapp/main.c
+++ b/hw/application_fpga/fw/testloadapp/main.c
@ -1,10 +1,12 @@
 #include <blake2s/blake2s.h>
 #include <monocypher/monocypher-ed25519.h>
 #include <stdint.h>
+#include <tkey/lib.h>
 #include <tkey/tk1_mem.h>
 #include <tkey/debug.h>

 #include "../testapp/syscall.h"
+#include "../tk1/resetinfo.h"
 #include "../tk1/syscall_num.h"
 #include "blink.h"
 #include "tkey/assert.h"
@ -35,6 +37,18 @@ int install_app(uint8_t secret_key[64])
 		return -1;
 	}

+	puts(IO_CDC, "blink: ");
+	putinthex(IO_CDC, (uint32_t)blink);
+	puts(IO_CDC, "\r\n");
+
+	puts(IO_CDC, "blink[0]: ");
+	putinthex(IO_CDC, blink[0]);
+	puts(IO_CDC, "\r\n");
+
+	puts(IO_CDC, "sizeof(blink): ");
+	putinthex(IO_CDC, sizeof(blink));
+	puts(IO_CDC, "\r\n");
+
 	if (blake2s(app_digest, 32, NULL, 0, blink, sizeof(blink)) != 0) {
 		puts(IO_CDC, "couldn't compute digest\r\n");
 		return -1;
@ -43,9 +57,21 @@ int install_app(uint8_t secret_key[64])
 	crypto_ed25519_sign(app_signature, secret_key, app_digest,
 			    sizeof(app_digest));

+	puts(IO_CDC, "app_digest:\r\n");
+	hexdump(IO_CDC, app_digest, sizeof(app_digest));
+	puts(IO_CDC, "\r\n");
+
+	puts(IO_CDC, "app_signature:\r\n");
+	hexdump(IO_CDC, app_signature, sizeof(app_signature));
+	puts(IO_CDC, "\r\n");
+
+	puts(IO_CDC, "secret_key:\r\n");
+	hexdump(IO_CDC, secret_key, 64);
+	puts(IO_CDC, "\r\n");
+
 	if (syscall(TK1_SYSCALL_PRELOAD_STORE_FIN, app_size,
 		    (uint32_t)app_digest, (uint32_t)app_signature) < 0) {
-		puts(IO_CDC, "couldn't finalize storing app\n");
+		puts(IO_CDC, "couldn't finalize storing app\r\n");
 		return -1;
 	}

@ -60,15 +86,39 @@ int verify(uint8_t pubkey[32])
 	// pubkey we already have
 	// read signature
 	// read digest
+	syscall(TK1_SYSCALL_PRELOAD_GET_DIGSIG, (uint32_t)app_digest,
+		(uint32_t)app_signature, 0);

-	if (!crypto_ed25519_check(app_signature, pubkey, app_digest,
-				  sizeof(app_digest))) {
-		// failed!!!
+	puts(IO_CDC, "app_digest:\r\n");
+	hexdump(IO_CDC, app_digest, sizeof(app_digest));
+	puts(IO_CDC, "\r\n");
+
+	puts(IO_CDC, "app_signature:\r\n");
+	hexdump(IO_CDC, app_signature, sizeof(app_signature));
+	puts(IO_CDC, "\r\n");
+
+	puts(IO_CDC, "pubkey:\r\n");
+	hexdump(IO_CDC, pubkey, 32);
+	puts(IO_CDC, "\r\n");
+
+	puts(IO_CDC, "Checking signature...\r\n");
+
+	if (crypto_ed25519_check(app_signature, pubkey, app_digest,
+				  sizeof(app_digest)) != 0) {
+		return -1;
 	}

-	// syscall reset flash2_ver with app_digest
+	puts(IO_CDC, "Resetting into pre loaded app (slot 2)...\r\n");

-	return 0;
+	// syscall reset flash2_ver with app_digest
+	struct reset rst;
+	rst.type = START_FLASH2_VER;
+	memcpy_s(rst.app_digest, sizeof(rst.app_digest), app_digest,
+		 sizeof(app_digest));
+	memset(rst.next_app_data, 0, sizeof(rst.next_app_data));
+	syscall(TK1_SYSCALL_RESET, (uint32_t)&rst, 0, 0);
+
+	return -2;
 }

 int main(void)
--- a/hw/application_fpga/fw/tk1/preload_app.c
+++ b/hw/application_fpga/fw/tk1/preload_app.c
@ -167,3 +167,14 @@ int preload_delete(struct partition_table *part_table, uint8_t slot)

 	return 0;
 }
+
+int preload_get_digsig(struct partition_table *part_table, uint8_t app_digest[32], uint8_t app_signature[64], uint8_t slot) {
+	if (slot >= N_PRELOADED_APP) {
+		return -1;
+	}
+
+	memcpy_s(app_digest, 32, part_table->pre_app_data[slot].digest, sizeof(part_table->pre_app_data[slot].digest));
+	memcpy_s(app_signature, 64, part_table->pre_app_data[slot].signature, sizeof(part_table->pre_app_data[slot].signature));
+
+	return 0;
+}
--- a/hw/application_fpga/fw/tk1/preload_app.h
+++ b/hw/application_fpga/fw/tk1/preload_app.h
@ -18,5 +18,8 @@ int preload_store_finalize(struct partition_table *part_table, size_t app_size,
 			   uint8_t app_digest[32], uint8_t app_signature[64],
 			   uint8_t to_slot);
 int preload_delete(struct partition_table *part_table, uint8_t slot);
+int preload_get_digsig(struct partition_table *part_table,
+		       uint8_t app_digest[32], uint8_t app_signature[64],
+		       uint8_t slot);

 #endif
--- a/hw/application_fpga/fw/tk1/syscall_handler.c
+++ b/hw/application_fpga/fw/tk1/syscall_handler.c
@ -91,6 +91,9 @@ int32_t syscall_handler(uint32_t number, uint32_t arg1, uint32_t arg2,
 		// always using slot 1
 		return preload_store_finalize(&part_table, arg1, (uint8_t *)arg2, (uint8_t *)arg3, 1);

+	case TK1_SYSCALL_PRELOAD_GET_DIGSIG:
+		return preload_get_digsig(&part_table, (uint8_t *)arg1, (uint8_t *)arg2, 1);
+
 	case TK1_SYSCALL_REG_MGMT:
 		return mgmt_app_register(&part_table);

--- a/hw/application_fpga/fw/tk1/syscall_num.h
+++ b/hw/application_fpga/fw/tk1/syscall_num.h
@ -15,7 +15,8 @@ enum syscall_num {
 	TK1_SYSCALL_PRELOAD_STORE = 8,
 	TK1_SYSCALL_PRELOAD_STORE_FIN = 9,
 	TK1_SYSCALL_PRELOAD_DELETE = 10,
-	TK1_SYSCALL_REG_MGMT = 11,
+	TK1_SYSCALL_PRELOAD_GET_DIGSIG = 11,
+	TK1_SYSCALL_REG_MGMT = 12,
 	TK1_SYSCALL_SET_LED = 30,
 };