Git-Mirrors/tillitis-key
1
0
Fork 0
mirror of https://github.com/tillitis/tillitis-key1.git synced 2024-10-01 01:45:38 -04:00
Code Issues Packages Projects Releases Wiki Activity

Include authentication of preloaded app

Browse Source
This commit is contained in:
Daniel Jobson 2024-09-09 14:37:39 +02:00
parent 0abfdf592b
commit 80a155a1c2
No known key found for this signature in database
GPG Key ID: 3707A9DBF4BB8F1A
1 changed files with 30 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
hw/application_fpga/fw/tk1/main.c
View File

@ -5,6 +5,7 @@
#include "../tk1_mem.h" #include "../tk1_mem.h"
#include "assert.h" #include "assert.h"
#include "auth_app.h"
#include "blake2s/blake2s.h" #include "blake2s/blake2s.h"
#include "htif.h" #include "htif.h"
#include "lib.h" #include "lib.h"
@ -44,6 +45,7 @@ struct context {
uint8_t *loadaddr; // Where we are currently loading a TKey program uint8_t *loadaddr; // Where we are currently loading a TKey program
bool use_uss; // Use USS? bool use_uss; // Use USS?
uint8_t uss[32]; // User Supplied Secret, if any uint8_t uss[32]; // User Supplied Secret, if any
bool from_flash;
}; };
static void print_hw_version(void); static void print_hw_version(void);
@ -58,7 +60,7 @@ static enum state initial_commands(const struct frame_header *hdr,
static enum state loading_commands(const struct frame_header *hdr, static enum state loading_commands(const struct frame_header *hdr,
const uint8_t *cmd, enum state state, const uint8_t *cmd, enum state state,
struct context *ctx); struct context *ctx);
static void run(const struct context *ctx); static void run(const struct context *ctx, partition_table_t *part_table);
static void scramble_ram(void); static void scramble_ram(void);
static void print_hw_version(void) static void print_hw_version(void)
@ -323,13 +325,28 @@ static enum state loading_commands(const struct frame_header *hdr,
return state; return state;
} }
static void run(const struct context *ctx) static void run(const struct context *ctx, partition_table_t *part_table)
{ {
/* At this point we expect an app to be loaded into RAM */
*app_addr = TK1_RAM_BASE; *app_addr = TK1_RAM_BASE;
// CDI = hash(uds, hash(app), uss) // CDI = hash(uds, hash(app), uss)
compute_cdi(ctx->digest, ctx->use_uss, ctx->uss); compute_cdi(ctx->digest, ctx->use_uss, ctx->uss);
if (ctx->from_flash) {
if (part_table->pre_app_data.status == 0x02) {
htif_puts("Create auth\n");
auth_app_create(&part_table->pre_app_data.auth);
part_table->pre_app_data.status = 0x01;
part_table_write(part_table);
}
if (!auth_app_authenticate(&part_table->pre_app_data.auth)) {
htif_puts("!Authenticated\n");
assert(1 == 2);
}
}
htif_puts("Flipping to app mode!\n"); htif_puts("Flipping to app mode!\n");
htif_puts("Jumping to "); htif_puts("Jumping to ");
htif_putinthex(*app_addr); htif_putinthex(*app_addr);
@ -397,6 +414,7 @@ int main(void)
uint8_t cmd[CMDLEN_MAXBYTES] = {0}; uint8_t cmd[CMDLEN_MAXBYTES] = {0};
enum state state = FW_STATE_INITIAL; enum state state = FW_STATE_INITIAL;
partition_table_t part_table; partition_table_t part_table;
ctx.from_flash = false;
print_hw_version(); print_hw_version();
@ -416,6 +434,13 @@ int main(void)
/*readbyte(); // wait for input to start*/ /*readbyte(); // wait for input to start*/
part_table_init(&part_table); part_table_init(&part_table);
/* Force a preloaded app to start, to create the authentication digest
*/
if (preload_check_valid_app(&part_table) &&
part_table.pre_app_data.status == 0x02) {
state = FW_STATE_LOAD_APP_FLASH;
}
for (;;) { for (;;) {
switch (state) { switch (state) {
case FW_STATE_INITIAL: case FW_STATE_INITIAL:
@ -443,18 +468,20 @@ int main(void)
} }
*app_size = part_table.pre_app_data.size; *app_size = part_table.pre_app_data.size;
assert(*app_size <= TK1_APP_MAX_SIZE);
int digest_err = compute_app_digest(ctx.digest); int digest_err = compute_app_digest(ctx.digest);
assert(digest_err == 0); assert(digest_err == 0);
print_digest(ctx.digest); print_digest(ctx.digest);
ctx.use_uss = false; ctx.use_uss = false;
ctx.from_flash = true;
state = FW_STATE_RUN; state = FW_STATE_RUN;
break; break;
case FW_STATE_RUN: case FW_STATE_RUN:
run(&ctx); run(&ctx, &part_table);
break; // This is never reached! break; // This is never reached!
case FW_STATE_FAIL: case FW_STATE_FAIL: