Skip to content

Commit

Permalink
wip retrocompatibility
Browse files Browse the repository at this point in the history
  • Loading branch information
@abonnaudet-ledger
abonnaudet-ledger committed Dec 6, 2024
1 parent 87ff43c commit 686a44a
Show file tree
Hide file tree
Showing 3 changed files with 188 additions and 42 deletions.
47 changes: 46 additions & 1 deletion include/os_endorsement.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,57 @@

#include "bolos_target.h"
#include "decorators.h"
#include "os_types.h"
#include "lcx_sha256.h"

typedef enum {
ENDORSEMENT_SLOT_1 = 1,
ENDORSEMENT_SLOT_2
} ENDORSEMENT_slot_t;

#define ENDORSEMENT_MAX_ASN1_LENGTH (1 + 1 + 2 * (1 + 1 + 33))

// Endorsement fields length
#define ENDORSEMENT_HASH_LENGTH CX_SHA256_SIZE
#define ENDORSEMENT_METADATA_LENGTH 8
#define ENDORSEMENT_PUBLIC_KEY_LENGTH 65
#define ENDORSEMENT_APP_SECRET_LENGTH 64
#define ENDORSEMENT_SIGNATURE_MAX_LENGTH ENDORSEMENT_MAX_ASN1_LENGTH // 72

/* ----------------------------------------------------------------------- */
/* - ENDORSEMENT FEATURE - */
/* ----------------------------------------------------------------------- */

#define ENDORSEMENT_MAX_ASN1_LENGTH (1 + 1 + 2 * (1 + 1 + 33))
// NEW

bolos_err_t ENDORSEMENT_get_code_hash(uint8_t *out_hash);

bolos_err_t ENDORSEMENT_get_public_key(ENDORSEMENT_slot_t slot,
uint8_t *out_public_key,
uint8_t *out_public_key_length);

bolos_err_t ENDORSEMENT_get_public_key_certificate(ENDORSEMENT_slot_t endorsement_slot,
uint8_t *out_buffer,
uint8_t *out_length);

bolos_err_t ENDORSEMENT_key1_get_app_secret(uint8_t *out_secret);

bolos_err_t ENDORSEMENT_key1_sign_data(uint8_t *data,
uint32_t data_length,
uint8_t *out_signature,
uint32_t *out_signature_length);

uint32_t ENDORSEMENT_key1_sign_without_code_hash(uint8_t *data,
uint32_t data_length,
uint8_t *out_signature,
uint32_t *out_signature_length);

bolos_err_t ENDORSEMENT_key2_derive_sign_data_internal(uint8_t *data,
uint32_t data_length,
uint8_t *out_signature,
uint32_t *out_signature_len);

// OLD

SYSCALL unsigned int os_endorsement_get_code_hash(unsigned char *buffer PLENGTH(32));
SYSCALL unsigned int os_endorsement_get_public_key(unsigned char index,
Expand Down
96 changes: 96 additions & 0 deletions src/retrocompatibility_wrappers.c
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,96 @@
/**
* @file
* @brief
*/

#include <stdint.h>
#include "exceptions.h"
#include "os_types.h"
#include "os_endorsement.h"

/**
* @brief
*
* @param buffer
* @return
*/
unsigned int os_endorsement_get_code_hash(unsigned char *buffer PLENGTH(32))
{
bolos_err_t error = ENDORSEMENT_get_code_hash((uint8_t *) buffer);

if (error) {
THROW(error);
}

return ENDORSEMENT_HASH_LENGTH;
}

unsigned int os_endorsement_get_public_key(unsigned char index,
unsigned char *buffer,
unsigned char *length)
{
return ENDORSEMENT_get_public_key((ENDORSEMENT_slot_t) index, buffer, length);
}

unsigned int os_endorsement_get_public_key_certificate(unsigned char index,
unsigned char *buffer,
unsigned char *length)
{
return ENDORSEMENT_get_public_key_certificate(index, buffer, length);
}

unsigned int os_endorsement_key1_get_app_secret(unsigned char *buffer)
{
bolos_err_t error = ENDORSEMENT_key1_get_app_secret(buffer);

if (error) {
THROW(error);
}

return ENDORSEMENT_APP_SECRET_LENGTH;
}

unsigned int os_endorsement_key1_sign_data(unsigned char *src,
unsigned int srcLength,
unsigned char *signature)
{
uint32_t out_signature_length = 0;
bolos_err_t error
= ENDORSEMENT_key1_sign_data(src, srcLength, signature, &out_signature_length);

if (error) {
THROW(error);
}

return out_signature_length;
}

unsigned int os_endorsement_key1_sign_without_code_hash(unsigned char *src,
unsigned int srcLength,
unsigned char *signature)
{
uint32_t out_signature_length = 0;
bolos_err_t error
= ENDORSEMENT_key1_sign_without_code_hash(src, srcLength, signature, &out_signature_length);

if (error) {
THROW(error);
}

return out_signature_length;
}

unsigned int os_endorsement_key2_derive_sign_data(unsigned char *src,
unsigned int srcLength,
unsigned char *signature)
{
uint32_t out_signature_length = 0;
bolos_err_t error = ENDORSEMENT_key2_derive_sign_data_internal(
src, srcLength, signature, &out_signature_length);

if (error) {
THROW(error);
}

return out_signature_length;
}
87 changes: 46 additions & 41 deletions src/syscalls.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@
#endif // HAVE_VSS
#include "os_seed.h"
#include "ox_crc.h"
#include "os_endorsement.h"
#include <string.h>

unsigned int SVC_Call(unsigned int syscall_id, void *parameters);
Expand Down Expand Up @@ -1413,76 +1414,80 @@ bolos_err_t os_pki_get_info(uint8_t *key_usage,
}
#endif // HAVE_LEDGER_PKI

unsigned int os_endorsement_get_code_hash(unsigned char *buffer)
bolos_err_t ENDORSEMENT_get_code_hash(uint8_t *out_hash)
{
unsigned int parameters[2];
parameters[0] = (unsigned int) buffer;
parameters[1] = 0;
unsigned int parameters[1];
parameters[0] = (unsigned int) out_hash;
return (unsigned int) SVC_Call(SYSCALL_os_endorsement_get_code_hash_ID, parameters);
}

unsigned int os_endorsement_get_public_key(unsigned char index,
unsigned char *buffer,
unsigned char *length)
bolos_err_t ENDORSEMENT_get_public_key(ENDORSEMENT_slot_t slot,
uint8_t *out_public_key,
uint8_t *out_public_key_length)
{
unsigned int parameters[3];
parameters[0] = (unsigned int) index;
parameters[1] = (unsigned int) buffer;
parameters[2] = (unsigned int) length;
parameters[0] = (unsigned int) slot;
parameters[1] = (unsigned int) out_public_key;
parameters[2] = (unsigned int) out_public_key_length;
return (unsigned int) SVC_Call(SYSCALL_os_endorsement_get_public_key_ID, parameters);
}

unsigned int os_endorsement_get_public_key_certificate(unsigned char index,
unsigned char *buffer,
unsigned char *length)
bolos_err_t ENDORSEMENT_get_public_key_certificate(ENDORSEMENT_slot_t endorsement_slot,
uint8_t *out_buffer,
uint8_t *out_length)
{
unsigned int parameters[3];
parameters[0] = (unsigned int) index;
parameters[1] = (unsigned int) buffer;
parameters[2] = (unsigned int) length;
parameters[0] = (unsigned int) endorsement_slot;
parameters[1] = (unsigned int) out_buffer;
parameters[2] = (unsigned int) out_length;
return (unsigned int) SVC_Call(SYSCALL_os_endorsement_get_public_key_certificate_ID,
parameters);
}

unsigned int os_endorsement_key1_get_app_secret(unsigned char *buffer)
bolos_err_t ENDORSEMENT_key1_get_app_secret(uint8_t *out_secret)
{
unsigned int parameters[2];
parameters[0] = (unsigned int) buffer;
parameters[1] = 0;
unsigned int parameters[1];
parameters[0] = (unsigned int) out_secret;
return (unsigned int) SVC_Call(SYSCALL_os_endorsement_key1_get_app_secret_ID, parameters);
}

unsigned int os_endorsement_key1_sign_data(unsigned char *src,
unsigned int srcLength,
unsigned char *signature)
bolos_err_t ENDORSEMENT_key1_sign_data(uint8_t *data,
uint32_t data_length,
uint8_t *out_signature,
uint32_t *out_signature_length)
{
unsigned int parameters[3];
parameters[0] = (unsigned int) src;
parameters[1] = (unsigned int) srcLength;
parameters[2] = (unsigned int) signature;
unsigned int parameters[4];
parameters[0] = (unsigned int) data;
parameters[1] = data_length;
parameters[2] = (unsigned int) out_signature;
parameters[3] = (unsigned int) out_signature_length;
return (unsigned int) SVC_Call(SYSCALL_os_endorsement_key1_sign_data_ID, parameters);
}

unsigned int os_endorsement_key1_sign_without_code_hash(unsigned char *src,
unsigned int srcLength,
unsigned char *signature)
bolos_err_t ENDORSEMENT_key1_sign_without_code_hash(uint8_t *data,
uint32_t data_length,
uint8_t *out_signature,
uint32_t *out_signature_length)
{
unsigned int parameters[3];
parameters[0] = (unsigned int) src;
parameters[1] = (unsigned int) srcLength;
parameters[2] = (unsigned int) signature;
unsigned int parameters[4];
parameters[0] = (unsigned int) data;
parameters[1] = data_length;
parameters[2] = (unsigned int) out_signature;
parameters[3] = (unsigned int) out_signature_length;
return (unsigned int) SVC_Call(SYSCALL_os_endorsement_key1_sign_without_code_hash_ID,
parameters);
}

unsigned int os_endorsement_key2_derive_sign_data(unsigned char *src,
unsigned int srcLength,
unsigned char *signature)
bolos_err_t ENDORSEMENT_key2_derive_sign_data_internal(uint8_t *data,
uint32_t data_length,
uint8_t *out_signature,
uint32_t *out_signature_len)
{
unsigned int parameters[3];
parameters[0] = (unsigned int) src;
parameters[1] = (unsigned int) srcLength;
parameters[2] = (unsigned int) signature;
unsigned int parameters[4];
parameters[0] = (unsigned int) data;
parameters[1] = (unsigned int) data_length;
parameters[2] = (unsigned int) out_signature;
parameters[3] = (unsigned int) out_signature_len;
return (unsigned int) SVC_Call(SYSCALL_os_endorsement_key2_derive_sign_data_ID, parameters);
}

Expand Down

0 comments on commit 686a44a

Please sign in to comment.