From 2caaf2a4534aec8432a648142860512983b55f01 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mikael=20=C3=85gren?= Date: Fri, 21 Mar 2025 15:24:56 +0100 Subject: [PATCH] WIP: verify pre loaded app 2 --- hw/application_fpga/fw/testloadapp/main.c | 62 ++++++++++++++++++-- hw/application_fpga/fw/tk1/preload_app.c | 11 ++++ hw/application_fpga/fw/tk1/preload_app.h | 3 + hw/application_fpga/fw/tk1/syscall_handler.c | 3 + hw/application_fpga/fw/tk1/syscall_num.h | 3 +- 5 files changed, 75 insertions(+), 7 deletions(-) diff --git a/hw/application_fpga/fw/testloadapp/main.c b/hw/application_fpga/fw/testloadapp/main.c index 555d922..ffc73ff 100644 --- a/hw/application_fpga/fw/testloadapp/main.c +++ b/hw/application_fpga/fw/testloadapp/main.c @@ -1,10 +1,12 @@ #include #include #include +#include #include #include #include "../testapp/syscall.h" +#include "../tk1/resetinfo.h" #include "../tk1/syscall_num.h" #include "blink.h" #include "tkey/assert.h" @@ -35,6 +37,18 @@ int install_app(uint8_t secret_key[64]) return -1; } + puts(IO_CDC, "blink: "); + putinthex(IO_CDC, (uint32_t)blink); + puts(IO_CDC, "\r\n"); + + puts(IO_CDC, "blink[0]: "); + putinthex(IO_CDC, blink[0]); + puts(IO_CDC, "\r\n"); + + puts(IO_CDC, "sizeof(blink): "); + putinthex(IO_CDC, sizeof(blink)); + puts(IO_CDC, "\r\n"); + if (blake2s(app_digest, 32, NULL, 0, blink, sizeof(blink)) != 0) { puts(IO_CDC, "couldn't compute digest\r\n"); return -1; @@ -43,9 +57,21 @@ int install_app(uint8_t secret_key[64]) crypto_ed25519_sign(app_signature, secret_key, app_digest, sizeof(app_digest)); + puts(IO_CDC, "app_digest:\r\n"); + hexdump(IO_CDC, app_digest, sizeof(app_digest)); + puts(IO_CDC, "\r\n"); + + puts(IO_CDC, "app_signature:\r\n"); + hexdump(IO_CDC, app_signature, sizeof(app_signature)); + puts(IO_CDC, "\r\n"); + + puts(IO_CDC, "secret_key:\r\n"); + hexdump(IO_CDC, secret_key, 64); + puts(IO_CDC, "\r\n"); + if (syscall(TK1_SYSCALL_PRELOAD_STORE_FIN, app_size, (uint32_t)app_digest, (uint32_t)app_signature) < 0) { - puts(IO_CDC, "couldn't finalize storing app\n"); + puts(IO_CDC, "couldn't finalize storing app\r\n"); return -1; } @@ -60,15 +86,39 @@ int verify(uint8_t pubkey[32]) // pubkey we already have // read signature // read digest + syscall(TK1_SYSCALL_PRELOAD_GET_DIGSIG, (uint32_t)app_digest, + (uint32_t)app_signature, 0); - if (!crypto_ed25519_check(app_signature, pubkey, app_digest, - sizeof(app_digest))) { - // failed!!! + puts(IO_CDC, "app_digest:\r\n"); + hexdump(IO_CDC, app_digest, sizeof(app_digest)); + puts(IO_CDC, "\r\n"); + + puts(IO_CDC, "app_signature:\r\n"); + hexdump(IO_CDC, app_signature, sizeof(app_signature)); + puts(IO_CDC, "\r\n"); + + puts(IO_CDC, "pubkey:\r\n"); + hexdump(IO_CDC, pubkey, 32); + puts(IO_CDC, "\r\n"); + + puts(IO_CDC, "Checking signature...\r\n"); + + if (crypto_ed25519_check(app_signature, pubkey, app_digest, + sizeof(app_digest)) != 0) { + return -1; } - // syscall reset flash2_ver with app_digest + puts(IO_CDC, "Resetting into pre loaded app (slot 2)...\r\n"); - return 0; + // syscall reset flash2_ver with app_digest + struct reset rst; + rst.type = START_FLASH2_VER; + memcpy_s(rst.app_digest, sizeof(rst.app_digest), app_digest, + sizeof(app_digest)); + memset(rst.next_app_data, 0, sizeof(rst.next_app_data)); + syscall(TK1_SYSCALL_RESET, (uint32_t)&rst, 0, 0); + + return -2; } int main(void) diff --git a/hw/application_fpga/fw/tk1/preload_app.c b/hw/application_fpga/fw/tk1/preload_app.c index ecdf2c3..0d00e2e 100644 --- a/hw/application_fpga/fw/tk1/preload_app.c +++ b/hw/application_fpga/fw/tk1/preload_app.c @@ -167,3 +167,14 @@ int preload_delete(struct partition_table *part_table, uint8_t slot) return 0; } + +int preload_get_digsig(struct partition_table *part_table, uint8_t app_digest[32], uint8_t app_signature[64], uint8_t slot) { + if (slot >= N_PRELOADED_APP) { + return -1; + } + + memcpy_s(app_digest, 32, part_table->pre_app_data[slot].digest, sizeof(part_table->pre_app_data[slot].digest)); + memcpy_s(app_signature, 64, part_table->pre_app_data[slot].signature, sizeof(part_table->pre_app_data[slot].signature)); + + return 0; +} diff --git a/hw/application_fpga/fw/tk1/preload_app.h b/hw/application_fpga/fw/tk1/preload_app.h index 27ecf11..bdb3c2d 100644 --- a/hw/application_fpga/fw/tk1/preload_app.h +++ b/hw/application_fpga/fw/tk1/preload_app.h @@ -18,5 +18,8 @@ int preload_store_finalize(struct partition_table *part_table, size_t app_size, uint8_t app_digest[32], uint8_t app_signature[64], uint8_t to_slot); int preload_delete(struct partition_table *part_table, uint8_t slot); +int preload_get_digsig(struct partition_table *part_table, + uint8_t app_digest[32], uint8_t app_signature[64], + uint8_t slot); #endif diff --git a/hw/application_fpga/fw/tk1/syscall_handler.c b/hw/application_fpga/fw/tk1/syscall_handler.c index bbc1e33..0100ae2 100644 --- a/hw/application_fpga/fw/tk1/syscall_handler.c +++ b/hw/application_fpga/fw/tk1/syscall_handler.c @@ -91,6 +91,9 @@ int32_t syscall_handler(uint32_t number, uint32_t arg1, uint32_t arg2, // always using slot 1 return preload_store_finalize(&part_table, arg1, (uint8_t *)arg2, (uint8_t *)arg3, 1); + case TK1_SYSCALL_PRELOAD_GET_DIGSIG: + return preload_get_digsig(&part_table, (uint8_t *)arg1, (uint8_t *)arg2, 1); + case TK1_SYSCALL_REG_MGMT: return mgmt_app_register(&part_table); diff --git a/hw/application_fpga/fw/tk1/syscall_num.h b/hw/application_fpga/fw/tk1/syscall_num.h index 41fdc0c..a201046 100644 --- a/hw/application_fpga/fw/tk1/syscall_num.h +++ b/hw/application_fpga/fw/tk1/syscall_num.h @@ -15,7 +15,8 @@ enum syscall_num { TK1_SYSCALL_PRELOAD_STORE = 8, TK1_SYSCALL_PRELOAD_STORE_FIN = 9, TK1_SYSCALL_PRELOAD_DELETE = 10, - TK1_SYSCALL_REG_MGMT = 11, + TK1_SYSCALL_PRELOAD_GET_DIGSIG = 11, + TK1_SYSCALL_REG_MGMT = 12, TK1_SYSCALL_SET_LED = 30, };