From d4d70eda2b43314be96d84e473a6a642853ccf37 Mon Sep 17 00:00:00 2001 From: douglasbakkum Date: Thu, 9 May 2019 08:38:29 +0200 Subject: [PATCH 1/2] change to GCC ARM v8-2018-q4-major --- .travis.yml | 6 +++--- Dockerfile.dev | 2 +- Makefile | 34 ++++++++++++++++++++++++++++++++++ Vagrantfile | 2 +- src/commander.c | 16 +++++++++++----- 5 files changed, 50 insertions(+), 10 deletions(-) create mode 100644 Makefile diff --git a/.travis.yml b/.travis.yml index 87e0fb13..fabc39cb 100644 --- a/.travis.yml +++ b/.travis.yml @@ -40,9 +40,9 @@ install: export PATH=$PATH:$PWD/bin/; cd ../../..; - if [ "$TEST" = "no" ]; then - wget https://developer.arm.com/-/media/Files/downloads/gnu-rm/7-2018q2/gcc-arm-none-eabi-7-2018-q2-update-linux.tar.bz2; - tar -xf gcc-arm-none-eabi-7-2018-q2-update-linux.tar.bz2; - export PATH=$PATH:$PWD/gcc-arm-none-eabi-7-2018-q2-update/bin; + wget https://developer.arm.com/-/media/Files/downloads/gnu-rm/8-2018q4/gcc-arm-none-eabi-8-2018-q4-major-linux.tar.bz2; + tar -xf gcc-arm-none-eabi-8-2018-q4-major-linux.tar.bz2; + export PATH=$PATH:$PWD/gcc-arm-none-eabi-8-2018-q4-major/bin; fi; - if [ "$TEST" = "yes" ]; then sudo apt-get update; diff --git a/Dockerfile.dev b/Dockerfile.dev index 0eccea18..093c7131 100644 --- a/Dockerfile.dev +++ b/Dockerfile.dev @@ -22,7 +22,7 @@ WORKDIR /app COPY . /app RUN apt update && apt-get install -y cmake git wget locales python python-pip -RUN mkdir ~/Downloads && cd ~/Downloads && wget -O gcc.tar.bz2 https://developer.arm.com/-/media/Files/downloads/gnu-rm/7-2018q2/gcc-arm-none-eabi-7-2018-q2-update-linux.tar.bz2?revision=bc2c96c0-14b5-4bb4-9f18-bceb4050fee7?product=GNU%20Arm%20Embedded%20Toolchain,64-bit,,Linux,7-2018-q2-update +RUN mkdir ~/Downloads && cd ~/Downloads && wget -O gcc.tar.bz2 https://developer.arm.com/-/media/Files/downloads/gnu-rm/8-2018q4/gcc-arm-none-eabi-8-2018-q4-major-linux.tar.bz2 RUN cd ~/Downloads && tar -xjvf gcc.tar.bz2 RUN cd ~/Downloads && rsync -a gcc-arm-none-eabi-7-2018-q2-update/ /usr/local/ RUN apt install -y libbz2-1.0 libncurses5 libz1 valgrind astyle clang libudev-dev python-urllib3 libssl1.0-dev diff --git a/Makefile b/Makefile new file mode 100644 index 00000000..236d1803 --- /dev/null +++ b/Makefile @@ -0,0 +1,34 @@ +# The MIT License (MIT) +# +# Copyright 2019 Shift Cryptosecurity AG +# +# Permission is hereby granted, free of charge, to any person obtaining +# a copy of this software and associated documentation files (the "Software"), +# to deal in the Software without restriction, including without limitation +# the rights to use, copy, modify, merge, publish, distribute, sublicense, +# and/or sell copies of the Software, and to permit persons to whom the +# Software is furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included +# in all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS +# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES +# OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, +# ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR +# OTHER DEALINGS IN THE SOFTWARE. + +firmware: + mkdir -p build; cd build; cmake .. -DBUILD_TYPE=firmware && make -j4 +bootloader: + mkdir -p build; cd build; cmake .. -DBUILD_TYPE=bootloader && make -j4 +docs: + mkdir -p build; cd build; cmake .. -DBUILD_TYPE=firmware -DBUILD_DOCUMENTATION=ON && make doc +test: + mkdir -p build; cd build; cmake .. -DBUILD_TYPE=test && make -j4 +flash-dev-firmware: + ./py/load_firmware.py build/bin/firmware.bin debug +clean: + rm -rf build/* diff --git a/Vagrantfile b/Vagrantfile index 801c1375..fbc42d33 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -8,7 +8,7 @@ Vagrant.configure(2) do |config| sudo locale-gen UTF-8 sudo add-apt-repository ppa:team-gcc-arm-embedded/ppa -y sudo apt-get update - sudo apt-get install -y cmake git gcc-arm-embedded=7-2018q2-1~trusty1 + sudo apt-get install -y cmake git gcc-arm-embedded=8-2018q4-major~trusty1 SHELL config.vm.provision "shell", run: "always", privileged: false, inline: <<-SHELL diff --git a/src/commander.c b/src/commander.c index 877969fd..28e6f840 100644 --- a/src/commander.c +++ b/src/commander.c @@ -91,7 +91,7 @@ void commander_fill_report(const char *cmd, const char *msg, int flag) char *p = json_report; if (!strlens(json_report)) { - strncat(json_report, "{", 1); + strcat(json_report, "{"); } else { json_report[strlens(json_report) - 1] = ','; // replace closing '}' with continuing ',' } @@ -162,7 +162,7 @@ int commander_fill_json_array(const char **key, const char **value, int *type, i // add element to array if (!strlens(json_array)) { - strncat(json_array, "[", 1); + strcat(json_array, "["); } else { json_array[strlens(json_array) - 1] = ','; // replace closing ']' with continuing ',' } @@ -1444,9 +1444,15 @@ static int commander_echo_command(yajl_val json_node) commander_fill_report(cmd_str(CMD_checkpub), json_array, DBB_JSON_ARRAY); } - snprintf(json_array, COMMANDER_ARRAY_MAX, "%s", json_report); - memset(json_report, 0, COMMANDER_REPORT_SIZE); - commander_fill_report(cmd_str(CMD_sign), json_array, DBB_JSON_ARRAY); + int ret = snprintf(json_array, COMMANDER_ARRAY_MAX, "%s", json_report); + if (ret >= COMMANDER_ARRAY_MAX || ret < 0) { + commander_clear_report(); + commander_fill_report(cmd_str(CMD_sign), NULL, DBB_ERR_IO_REPORT_BUF); + return DBB_ERROR; + } else { + memset(json_report, 0, COMMANDER_REPORT_SIZE); + commander_fill_report(cmd_str(CMD_sign), json_array, DBB_JSON_ARRAY); + } uint8_t disable_pairing = 1; for (size_t i = 0; i < data->u.array.len; i++) { From 3730ee39a0a08b9a2833eb91f8bb5afa9d0e5a54 Mon Sep 17 00:00:00 2001 From: Tomas Vrba <14039565+Tomasvrba@users.noreply.github.com> Date: Mon, 29 Apr 2019 09:17:04 +0200 Subject: [PATCH 2/2] documentation: update dependencies and device programming --- README.md | 23 +++++++++++++---------- py/README.md | 4 +--- 2 files changed, 14 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index f39c771c..555b17d2 100644 --- a/README.md +++ b/README.md @@ -9,28 +9,22 @@ Digital Bitbox Firmware **MCU code for the [Digital Bitbox](https://digitalbitbox.com) hardware wallet.** -All communication to the hardware wallet enters and exits a single gateway `char *commander(const char *command)` that receives an encrypted command and returns an encrypted reply. The communication protocol is described in the [API](https://digitalbitbox.com/api.html). +All communication to the hardware wallet enters and exits a single gateway `char *commander(const char *command)` that receives an encrypted command and returns an encrypted reply. The communication protocol is described in the [API](https://digitalbitbox.com/api.html). A Python script to interact with the device is in the `py/` folder. -The code can be compiled and tested locally without the need for a device. See the `tests_cmdline.c` code for a simple example and the `tests_api.c` code to test the full API. The `tests_api.c` code will also test a live device if one is plugged into a USB slot. This requires installation of the [hidapi library](http://www.signal11.us/oss/hidapi/) for USB communication, a micro SD card in the device, and a number of touch button presses to permit `erase` and `sign` commands. WARNING: data on the device and micro SD card will be **lost** when running `tests_api.c`. +The code can be compiled and tested locally without the need for a device, e.g., `tests/tests_api.c` tests the full API. The `tests_api.c` code will also test a live device if one is plugged into a USB slot. This requires installation of the [hidapi library](http://www.signal11.us/oss/hidapi/) for USB communication, a micro SD card in the device, and a number of touch button presses to permit `erase` and `sign` commands. ECDSA signatures are performed with either the [bitcoin core secp256k1 library](https://github.com/bitcoin/secp256k1) or using a simplified version of the smaller [micro ECC library](https://github.com/kmackay/micro-ecc), depending on a setting in the `CMakeLists.txt` file. Each library is resistant to known side channel attacks. -**Standardized functions:** - - Cryptographic: secp256k1, RFC6979, AES-256-CBC, SHA2, HMAC, PBKDF2, RIPEMD160 - Encoding: Base-64, Base-58-check, JSON - Bitcoin: BIP32, BIP39, BIP44 - - - ## Build Instructions #### Building test code: Dependencies: +- [GNU ARM Embedded Toolchain](https://developer.arm.com/open-source/gnu-toolchain/gnu-rm/downloads) - [HIDAPI](https://github.com/signal11/hidapi) (For live testing) +- cmake - Doxygen (Optional, to generate source code documentation) - Graphviz (Optional, to generate graphs for the Doxygen documentation) @@ -42,6 +36,15 @@ Build: make make test +Load the firmware by the bootloader (requires a bootloader already on the device): + +- If you used the device with the desktop app, your bootloader will be locked + - Unlock it by sending the `message = '{"bootloader":"unlock"}'` command with `send_command.py` ([see python API documentation](https://github.com/shiftdevices/mcu/tree/master/py)) + - Long touch the device when the LED turns on + - You should receive a `Reply: {"bootloader":"unlock"}` reply +- Long touch the device after plugging in to enter the bootloader +- Flash the new firmware with `./load_firmware.py ../build/bin/firmware.bin debug` from the `py` directory + #### Deterministic build of firmware: ### Build environment with Docker and Debian Stretch: diff --git a/py/README.md b/py/README.md index be94aa87..26a9dc31 100644 --- a/py/README.md +++ b/py/README.md @@ -10,7 +10,5 @@ Use `send_command.py` and `dbb_utils.py` to communicate with a Digital Bitbox. S Dependencies: - [Python](http://python.org) -- [Cython](http://cython.org) -- [HIDAPI](https://pypi.python.org/pypi/hidapi) -The code uses the following additional Python libraries: `os`, `sys`, `struct`, `json`, `base64`, `pyaes`, and `hashlib`. +The code uses the following additional Python libraries: `os`, `sys`, `struct`, `json`, `base64`, `pyaes`, `hashlib`, and `hidapi`.