From 16547a133a47ec49d32591e71154232ebba4156f Mon Sep 17 00:00:00 2001
From: George Hotz <george@comma.ai>
Date: Fri, 28 Apr 2017 15:06:01 -0700
Subject: [PATCH] add release cert support

---
 board/bootstub.c         | 12 ++++++++++--
 board/build.mk           |  2 +-
 board/tools/bl_unlock.py | 23 +++++++++++++++++------
 boardesp/Makefile        |  2 +-
 boardesp/tcp_ota.c       |  2 +-
 crypto/getcertheader.py  | 21 ++++++++++++---------
 6 files changed, 42 insertions(+), 20 deletions(-)

diff --git a/board/bootstub.c b/board/bootstub.c
index 5def52b..a3de37b 100644
--- a/board/bootstub.c
+++ b/board/bootstub.c
@@ -55,10 +55,18 @@ int main() {
   SHA_hash(&_app_start[1], len-4, digest);
 
   // verify RSA signature
-  if (!RSA_verify(&rsa_key, ((void*)&_app_start[0]) + len, RSANUMBYTES, digest, SHA_DIGEST_SIZE)) {
-    fail();
+  if (RSA_verify(&release_rsa_key, ((void*)&_app_start[0]) + len, RSANUMBYTES, digest, SHA_DIGEST_SIZE)) {
+    goto good;
   }
 
+  // allow debug cert for now
+  if (RSA_verify(&debug_rsa_key, ((void*)&_app_start[0]) + len, RSANUMBYTES, digest, SHA_DIGEST_SIZE)) {
+    goto good;
+  }
+
+// here is a failure
+  fail();
+good:
   // jump to flash
   ((void(*)()) _app_start[1])();
   return 0;
diff --git a/board/build.mk b/board/build.mk
index 99bcf1f..3674892 100644
--- a/board/build.mk
+++ b/board/build.mk
@@ -38,7 +38,7 @@ obj/gitversion.h:
 endif
 
 obj/cert.h: ../crypto/getcertheader.py
-	../crypto/getcertheader.py $(CERT).pub > $@
+	../crypto/getcertheader.py ../certs/debug.pub ../certs/release.pub > $@
 
 obj/bootstub.$(PROJ_NAME).o: bootstub.c early.h obj/cert.h
 	$(CC) $(CFLAGS) -o $@ -c $<
diff --git a/board/tools/bl_unlock.py b/board/tools/bl_unlock.py
index cbb4cb8..1346992 100755
--- a/board/tools/bl_unlock.py
+++ b/board/tools/bl_unlock.py
@@ -1,4 +1,5 @@
 #!/usr/bin/env python
+import sys
 import usb1
 import struct
 from hexdump import hexdump
@@ -31,9 +32,11 @@ elif stat[4] == "\x09":
   dostat()
 hexdump(dev.controlRead(0x21, DFU_GETSTATUS, 0, 0, 6))
 
-# Read Unprotect
-#dev.controlWrite(0x21, DFU_DNLOAD, 0, 0, "\x92")
-#hexdump(dev.controlRead(0x21, DFU_GETSTATUS, 0, 0, 6))
+if len(sys.argv) > 1 and sys.argv[1] == "--unprotect":
+  # Read Unprotect
+  dev.controlWrite(0x21, DFU_DNLOAD, 0, 0, "\x92")
+  dostat()
+  exit(0)
 
 # Set Address Pointer
 dev.controlWrite(0x21, DFU_DNLOAD, 0, 0, "\x21" + struct.pack("I", 0x1fffc000))
@@ -45,6 +48,7 @@ dostat()
 
 # Dump
 val = dev.controlRead(0xA1, DFU_UPLOAD, 2, 0, 0x10)
+print "OLD:",
 hexdump(val)
 
 # Abort
@@ -55,10 +59,17 @@ dostat()
 dev.controlWrite(0x21, DFU_DNLOAD, 0, 0, "\x21" + struct.pack("I", 0x1fffc000))
 dostat()
 
-#val = val[0:8] + "\xfe\x7f\x01\x80"*2
-val = val[0:8] + "\xff\x7f\x00\x80"*2
+if len(sys.argv) > 1 and sys.argv[1] == "--lock":
+  val = "\xef\xaa\x10\x55"*2 + "\xfe\x7f\x01\x80"*2
+else:
+  val = "\xef\xaa\x10\x55"*2 + "\xff\x7f\x00\x80"*2
+print "NEW:",
+hexdump(val)
 
 # Program
 dev.controlWrite(0x21, DFU_DNLOAD, 2, 0, val)
-dostat()
+
+# triggers reboot
+dat = dev.controlRead(0x21, DFU_GETSTATUS, 0, 0, 6)
+hexdump(dat)
 
diff --git a/boardesp/Makefile b/boardesp/Makefile
index 54a4afc..5c1ee1a 100644
--- a/boardesp/Makefile
+++ b/boardesp/Makefile
@@ -22,7 +22,7 @@ proxy: proxy.o tcp_ota.o
 proxy.o: proxy.c
 
 cert.h:
-	../crypto/getcertheader.py $(CERT).pub > cert.h
+	../crypto/getcertheader.py ../certs/debugesp.pub ../certs/releaseesp.pub > cert.h
 
 tcp_ota.o: tcp_ota.c cert.h
 
diff --git a/boardesp/tcp_ota.c b/boardesp/tcp_ota.c
index 8f69a2e..14993de 100644
--- a/boardesp/tcp_ota.c
+++ b/boardesp/tcp_ota.c
@@ -322,7 +322,7 @@ LOCAL void ICACHE_FLASH_ATTR ota_rx_cb(void *arg, char *data, uint16_t len) {
                         os_sprintf(buf, "%d: %02x %02x %02x %02x", ota_firmware_size-RSANUMBYTES, digest[0], digest[1], digest[2], digest[3]);
                         espconn_send(conn, buf, strlen(buf));*/
 
-                        if (!RSA_verify(&rsa_key, rsa, RSANUMBYTES, digest, SHA_DIGEST_SIZE)) {
+                        if (!RSA_verify(&debugesp_rsa_key, rsa, RSANUMBYTES, digest, SHA_DIGEST_SIZE)) {
                           espconn_send(conn, "Signature check FAILED. OTA fail.......\r\n", 41);
                         } else {
                           // We've flashed all of the firmware now, reboot into the new firmware.
diff --git a/crypto/getcertheader.py b/crypto/getcertheader.py
index 4def3c0..75d04e9 100755
--- a/crypto/getcertheader.py
+++ b/crypto/getcertheader.py
@@ -29,15 +29,18 @@ def to_c_uint32(x):
     x /= (2**32)
   return "{"+'U,'.join(map(str, nums))+"U}"
 
-rsa = RSA.importKey(open(sys.argv[1]).read())
-rr = pow(2**1024, 2, rsa.n)
-n0inv = 2**32 - modinv(rsa.n, 2**32)
+for fn in sys.argv[1:]:
+  rsa = RSA.importKey(open(fn).read())
+  rr = pow(2**1024, 2, rsa.n)
+  n0inv = 2**32 - modinv(rsa.n, 2**32)
 
-print 'RSAPublicKey rsa_key = {.len = 0x20,'
-print '  .n0inv = %dU,' % n0inv
-print '  .n = %s,' % to_c_uint32(rsa.n)
-print '  .rr = %s,' % to_c_uint32(rr)
-print '  .exponent = %d,' % rsa.e
-print '};'
+  cname = fn.split("/")[-1].split(".")[0] + "_rsa_key"
+
+  print 'RSAPublicKey '+cname+' = {.len = 0x20,'
+  print '  .n0inv = %dU,' % n0inv
+  print '  .n = %s,' % to_c_uint32(rsa.n)
+  print '  .rr = %s,' % to_c_uint32(rr)
+  print '  .exponent = %d,' % rsa.e
+  print '};'