signing is coming along
George Hotz
parent
2b93c6d85a
commit
fbddedb264
|
|
@ -8,14 +8,35 @@
|
|||
#include "early.h"
|
||||
#include "libc.h"
|
||||
|
||||
#include "crypto/rsa.h"
|
||||
#include "crypto/sha.h"
|
||||
|
||||
#include "obj/cert.h"
|
||||
|
||||
void __initialize_hardware_early() {
|
||||
early();
|
||||
}
|
||||
|
||||
void fail() {
|
||||
enter_bootloader_mode = ENTER_BOOTLOADER_MAGIC;
|
||||
NVIC_SystemReset();
|
||||
}
|
||||
|
||||
int main() {
|
||||
clock_init();
|
||||
|
||||
// TODO: do signature check
|
||||
// validate length
|
||||
int len = _app_start[0];
|
||||
if (len < 4) fail();
|
||||
|
||||
// compute SHA hash
|
||||
char digest[SHA_DIGEST_SIZE];
|
||||
SHA_hash(&_app_start[1], len, digest);
|
||||
|
||||
// verify RSA signature
|
||||
/*if (!RSA_verify(&rsa_key, ((void*)&_app_start[1]) + len, 0x80, digest, SHA_DIGEST_SIZE)) {
|
||||
fail();
|
||||
}*/
|
||||
|
||||
// jump to flash
|
||||
((void(*)()) _app_start[1])();
|
||||
|
|
|
|||
|
|
@ -5,6 +5,8 @@ CC = arm-none-eabi-gcc
|
|||
OBJCOPY = arm-none-eabi-objcopy
|
||||
OBJDUMP = arm-none-eabi-objdump
|
||||
|
||||
CERT = ../certs/debug
|
||||
|
||||
MACHINE = $(shell uname -m)
|
||||
OS = $(shell uname -o)
|
||||
|
||||
|
|
@ -35,7 +37,10 @@ obj/gitversion.h:
|
|||
echo "const uint8_t gitversion[] = \"RELEASE\";" > $@
|
||||
endif
|
||||
|
||||
obj/bootstub.$(PROJ_NAME).o: bootstub.c early.h
|
||||
obj/cert.h:
|
||||
./tools/getcertheader.py $(CERT) > $@
|
||||
|
||||
obj/bootstub.$(PROJ_NAME).o: bootstub.c early.h obj/cert.h
|
||||
$(CC) $(CFLAGS) -o $@ -c $<
|
||||
|
||||
obj/main.$(PROJ_NAME).o: main.c *.h obj/gitversion.h
|
||||
|
|
@ -56,7 +61,7 @@ obj/$(PROJ_NAME).bin: obj/$(STARTUP_FILE).o obj/main.$(PROJ_NAME).o
|
|||
# hack
|
||||
$(CC) -Wl,--section-start,.isr_vector=0x8004000 $(CFLAGS) -o obj/$(PROJ_NAME).elf $^
|
||||
$(OBJCOPY) -v -O binary obj/$(PROJ_NAME).elf obj/code.bin
|
||||
./tools/sign.py obj/code.bin $@
|
||||
./tools/sign.py obj/code.bin $@ $(CERT)
|
||||
|
||||
obj/bootstub.$(PROJ_NAME).bin: obj/$(STARTUP_FILE).o obj/bootstub.$(PROJ_NAME).o obj/sha.o obj/rsa.o
|
||||
$(CC) $(CFLAGS) -o obj/bootstub.$(PROJ_NAME).elf $^
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@
|
|||
extern "C" {
|
||||
#endif
|
||||
|
||||
#define RSANUMBYTES 256 /* 2048 bit key length */
|
||||
#define RSANUMBYTES 128 /* 1024 bit key length */
|
||||
#define RSANUMWORDS (RSANUMBYTES / sizeof(uint32_t))
|
||||
|
||||
typedef struct RSAPublicKey {
|
||||
|
|
|
|||
|
|
@ -0,0 +1,11 @@
|
|||
#!/usr/bin/env python
|
||||
import sys
|
||||
from Crypto.PublicKey import RSA
|
||||
|
||||
rsa = RSA.importKey(open(sys.argv[1]).read())
|
||||
mod = (hex(rsa.n)[2:-1].rjust(0x100, '0'))
|
||||
hh = ''.join('\\x'+mod[i:i+2] for i in range(0, 0x100, 2))
|
||||
print 'char rsa_mod[] = "'+hh+'";'
|
||||
print 'int rsa_e = %d;' % rsa.e
|
||||
|
||||
|
||||
|
|
@ -1,6 +1,11 @@
|
|||
#!/usr/bin/env python
|
||||
import os
|
||||
import sys
|
||||
import struct
|
||||
import hashlib
|
||||
from Crypto.PublicKey import RSA
|
||||
|
||||
rsa = RSA.importKey(open(sys.argv[3]).read())
|
||||
|
||||
with open(sys.argv[1]) as f:
|
||||
dat = f.read()
|
||||
|
|
@ -10,6 +15,10 @@ print "signing", len(dat), "bytes"
|
|||
with open(sys.argv[2], "wb") as f:
|
||||
x = struct.pack("I", len(dat)) + dat[4:]
|
||||
# mock signature of dat[4:]
|
||||
x += "\xaa"*0x80
|
||||
dd = hashlib.sha1(dat[4:]).digest()
|
||||
dd = "\x00\x01" + "\xff"*0x69 + "\x00" + dd
|
||||
rsa_out = pow(int(dd.encode("hex"), 16), rsa.d, rsa.n)
|
||||
sig = (hex(rsa_out)[2:-1].rjust(0x100, '0')).decode("hex")
|
||||
x += sig
|
||||
f.write(x)
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,15 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIICXQIBAAKBgQC948lnRo4x44Rd7Y8bQAML4aKDC4XRx958fHV8K6+FbCaP1Z42
|
||||
U2kX0yygak0LjoDutpgObmGHZA+Iz3HeUD6VGjr/teN24vPk+A95cRsjt8rgmGQ9
|
||||
6HNjaNgjR+gl1F9XxFimMzir82Xpl1ekTueJNXa7ia5HVH1nFdiksOKHGQIDAQAB
|
||||
AoGAQuPw2I6EHJLW1/eNB75e1FqhUqRGeYV8nEGDaUBCTi+wzc4kM2LijF/5QnDv
|
||||
vvht9qkfm0XK2VSoHDtnEzcVM/l1ksb68n4R/1nUooAWY6cQI7dCSk/A6yS1EJFg
|
||||
BXsgGbT/65khw9pzBW2zVtMVcVNWFayqfCO1I9WcDdA1x1kCQQDfrhoZTZNoDEUE
|
||||
JKM4fiUdWr1h3Aw8KLJFFexSWeGDwo+qqnujYcKWkHa9qaH1RG5x8Kir9s9Oi4Js
|
||||
mzKwov8fAkEA2VPJPWxJ4vVQpXle6wC1nyoL7s739yxMWFcabvkzDDhlIVBNdVJd
|
||||
gZKsFWV7QnVNdDMjn9D27FwKu3i2D+kKxwJBANp1SMojqO765MEKI1t+YDNONx6H
|
||||
cm+i85Fjuv4nCIjOEdCGVuCYDxtMFpxgO2y3HAMuHx5sm8XDnWsDHLvFRdMCQD7V
|
||||
XqWHnYUk8AAnqy2+ssQl3/VXmZG5GQmhhV74Za3u0C5ljT+SZL6FrYMyKAT67T3f
|
||||
WzllrT6BDglNyTWoZxkCQQCt0XSoGM3603GGYNt6AUlGSgtXSo/2Px7odGUtQoKA
|
||||
FH9q6FVMYpQJ38spZxIGufZJmLP8LLg6YIWJj1F+akxr
|
||||
-----END RSA PRIVATE KEY-----
|
||||
|
|
@ -0,0 +1 @@
|
|||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQC948lnRo4x44Rd7Y8bQAML4aKDC4XRx958fHV8K6+FbCaP1Z42U2kX0yygak0LjoDutpgObmGHZA+Iz3HeUD6VGjr/teN24vPk+A95cRsjt8rgmGQ96HNjaNgjR+gl1F9XxFimMzir82Xpl1ekTueJNXa7ia5HVH1nFdiksOKHGQ== batman@y840
|
||||
Loading…
Reference in New Issue