void fsm_msgInitialize(Initialize *msg)
{
(void)msg;
recovery_abort();
signing_abort();
RESP_INIT(Features);
resp->has_vendor = true; strlcpy(resp->vendor, "bitcointrezor.com", sizeof(resp->vendor));
resp->has_major_version = true; resp->major_version = VERSION_MAJOR;
resp->has_minor_version = true; resp->minor_version = VERSION_MINOR;
resp->has_patch_version = true; resp->patch_version = VERSION_PATCH;
resp->has_device_id = true; strlcpy(resp->device_id, storage_uuid_str, sizeof(resp->device_id));
resp->has_pin_protection = true; resp->pin_protection = storage.has_pin;
resp->has_passphrase_protection = true; resp->passphrase_protection = storage.has_passphrase_protection && storage.passphrase_protection;
#ifdef SCM_REVISION
int len = sizeof(SCM_REVISION) - 1;
resp->has_revision = true; memcpy(resp->revision.bytes, SCM_REVISION, len); resp->revision.size = len;
#endif
resp->has_bootloader_hash = true; resp->bootloader_hash.size = memory_bootloader_hash(resp->bootloader_hash.bytes);
if (storage.has_language) {
resp->has_language = true;
strlcpy(resp->language, storage.language, sizeof(resp->language));
}
if (storage.has_label) {
resp->has_label = true;
strlcpy(resp->label, storage.label, sizeof(resp->label));
}
resp->coins_count = COINS_COUNT;
memcpy(resp->coins, coins, COINS_COUNT * sizeof(CoinType));
resp->has_initialized = true; resp->initialized = storage_isInitialized();
resp->has_imported = true; resp->imported = storage.has_imported && storage.imported;
msg_write(MessageType_MessageType_Features, resp);
}
void fsm_msgLoadDevice(LoadDevice *msg)
{
if (storage_isInitialized()) {
fsm_sendFailure(FailureType_Failure_UnexpectedMessage, "Device is already initialized. Use Wipe first.");
return;
}
layoutDialogSwipe(DIALOG_ICON_QUESTION, "Cancel", "I take the risk", NULL, "Loading private seed", "is not recommended.", "Continue only if you", "know what you are", "doing!", NULL);
if (!protectButton(ButtonRequestType_ButtonRequest_ProtectCall, false)) {
fsm_sendFailure(FailureType_Failure_ActionCancelled, "Load cancelled");
layoutHome();
return;
}
if (msg->has_mnemonic && !(msg->has_skip_checksum && msg->skip_checksum) ) {
if (!mnemonic_check(msg->mnemonic)) {
fsm_sendFailure(FailureType_Failure_ActionCancelled, "Mnemonic with wrong checksum provided");
layoutHome();
return;
}
}
storage_loadDevice(msg);
storage_commit();
fsm_sendSuccess("Device loaded");
layoutHome();
}
int main(void)
{
_buttonusr_isr = (void *)&buttonisr_usr;
_timerusr_isr = (void *)&timerisr_usr;
_mmhusr_isr = (void *)&mmhisr;
/* Drop privileges */
drop_privs();
/* Init board */
kk_board_init();
/* Program the model into OTP, if we're not in screen-test mode, and it's
* not already there
*/
(void)flash_programModel();
/* Init for safeguard against stack overflow (-fstack-protector-all) */
__stack_chk_guard = (uintptr_t)random32();
/* Bootloader Verification */
check_bootloader();
led_func(SET_RED_LED);
dbg_print("Application Version %d.%d.%d\n\r", MAJOR_VERSION, MINOR_VERSION,
PATCH_VERSION);
/* Init storage */
storage_init();
/* Init protcol buffer message map and usb msg callback */
fsm_init();
led_func(SET_GREEN_LED);
usbInit();
u2fInit();
led_func(CLR_RED_LED);
reset_idle_time();
if (is_mfg_mode())
layout_screen_test();
else if (!storage_isInitialized())
layout_standard_notification("Welcome", "keepkey.com/get-started",
NOTIFICATION_LOGO);
else
layoutHomeForced();
while (1) {
delay_ms_with_callback(ONE_SEC, &exec, 1);
increment_idle_time(ONE_SEC);
toggle_screensaver();
}
return 0;
}
void fsm_msgRecoveryDevice(RecoveryDevice *msg)
{
if (storage_isInitialized()) {
fsm_sendFailure(FailureType_Failure_UnexpectedMessage, "Device is already initialized. Use Wipe first.");
return;
}
recovery_init(
msg->has_word_count ? msg->word_count : 12,
msg->has_passphrase_protection && msg->passphrase_protection,
msg->has_pin_protection && msg->pin_protection,
msg->has_language ? msg->language : 0,
msg->has_label ? msg->label : 0,
msg->has_enforce_wordlist ? msg->enforce_wordlist : false
);
}
void fsm_msgResetDevice(ResetDevice *msg)
{
if (storage_isInitialized()) {
fsm_sendFailure(FailureType_Failure_UnexpectedMessage, "Device is already initialized. Use Wipe first.");
return;
}
reset_init(
msg->has_display_random && msg->display_random,
msg->has_strength ? msg->strength : 128,
msg->has_passphrase_protection && msg->passphrase_protection,
msg->has_pin_protection && msg->pin_protection,
msg->has_language ? msg->language : 0,
msg->has_label ? msg->label : 0
);
}
void layoutHome(void)
{
if (layoutLast == layoutHome || layoutLast == layoutScreensaver) {
oledClear();
} else {
layoutSwipe();
}
layoutLast = layoutHome;
const char *label = storage_isInitialized() ? storage_getLabel() : _("Go to trezor.io/start");
const uint8_t *homescreen = storage_getHomescreen();
if (homescreen) {
BITMAP b;
b.width = 128;
b.height = 64;
b.data = homescreen;
oledDrawBitmap(0, 0, &b);
} else {
if (label && strlen(label) > 0) {
oledDrawBitmap(44, 4, &bmp_logo48);
oledDrawStringCenter(OLED_HEIGHT - 8, label, FONT_STANDARD);
} else {
oledDrawBitmap(40, 0, &bmp_logo64);
}
}
if (storage_noBackup()) {
oledBox(0, 0, 127, 8, false);
oledDrawStringCenter(0, "SEEDLESS", FONT_STANDARD);
} else
if (storage_unfinishedBackup()) {
oledBox(0, 0, 127, 8, false);
oledDrawStringCenter(0, "BACKUP FAILED!", FONT_STANDARD);
} else
if (storage_needsBackup()) {
oledBox(0, 0, 127, 8, false);
oledDrawStringCenter(0, "NEEDS BACKUP!", FONT_STANDARD);
}
oledRefresh();
// Reset lock screen timeout
system_millis_lock_start = timer_ms();
}
static void promptRegister(bool request, const U2F_REGISTER_REQ *req)
{
#if 0
// Users find it confusing when a Ledger and a KeepKey are plugged in
// at the same time. To avoid that, we elect not to show a message in
// this case.
if (0 == memcmp(req->appId, BOGUS_APPID, U2F_APPID_SIZE)) {
layoutU2FDialog(request, "U2f Register",
"Another U2F device was used to register in this application.");
} else {
#else
{
#endif
const char *appname = "";
bool readable = getReadableAppId(req->appId, &appname);
layoutU2FDialog(request, "U2F Register",
readable
? "Do you want to register with %s?"
: "Do you want to register with this U2F application?\n\n%s",
appname);
}
}
void u2f_register(const APDU *a)
{
static U2F_REGISTER_REQ last_req;
const U2F_REGISTER_REQ *req = (U2F_REGISTER_REQ *)a->data;
if (!storage_isInitialized()) {
layout_warning_static("Cannot register u2f: not initialized");
send_u2f_error(U2F_SW_CONDITIONS_NOT_SATISFIED);
delay_ms(3000);
return;
}
// Validate basic request parameters
debugLog(0, "", "u2f register");
if (APDU_LEN(*a) != sizeof(U2F_REGISTER_REQ)) {
debugLog(0, "", "u2f register - badlen");
send_u2f_error(U2F_SW_WRONG_LENGTH);
return;
}
// If this request is different from last request, reset state machine
if (memcmp(&last_req, req, sizeof(last_req)) != 0) {
memcpy(&last_req, req, sizeof(last_req));
last_req_state = INIT;
}
// First Time request, return not present and display request dialog
if (last_req_state == INIT) {
// error: testof-user-presence is required
//buttonUpdate();
promptRegister(true, req);
last_req_state = REG;
}
// Still awaiting Keypress
if (last_req_state == REG) {
// error: testof-user-presence is required
send_u2f_error(U2F_SW_CONDITIONS_NOT_SATISFIED);
dialog_timeout = U2F_TIMEOUT;
return;
}
// Buttons said yes
if (last_req_state == REG_PASS) {
uint8_t data[sizeof(U2F_REGISTER_RESP) + 2];
U2F_REGISTER_RESP *resp = (U2F_REGISTER_RESP *)&data;
memzero(data, sizeof(data));
resp->registerId = U2F_REGISTER_ID;
resp->keyHandleLen = KEY_HANDLE_LEN;
// Generate keypair for this appId
const HDNode *node =
generateKeyHandle(req->appId, (uint8_t*)&resp->keyHandleCertSig);
if (!node) {
debugLog(0, "", "getDerivedNode Fail");
send_u2f_error(U2F_SW_WRONG_DATA); // error:bad key handle
return;
}
ecdsa_get_public_key65(node->curve->params, node->private_key,
(uint8_t *)&resp->pubKey);
memcpy(resp->keyHandleCertSig + resp->keyHandleLen,
U2F_ATT_CERT, sizeof(U2F_ATT_CERT));
uint8_t sig[64];
U2F_REGISTER_SIG_STR sig_base;
sig_base.reserved = 0;
memcpy(sig_base.appId, req->appId, U2F_APPID_SIZE);
memcpy(sig_base.chal, req->chal, U2F_CHAL_SIZE);
memcpy(sig_base.keyHandle, &resp->keyHandleCertSig, KEY_HANDLE_LEN);
memcpy(sig_base.pubKey, &resp->pubKey, U2F_PUBKEY_LEN);
if (ecdsa_sign(&nist256p1, HASHER_SHA2, U2F_ATT_PRIV_KEY, (uint8_t *)&sig_base, sizeof(sig_base), sig, NULL, NULL) != 0) {
send_u2f_error(U2F_SW_WRONG_DATA);
return;
}
// Where to write the signature in the response
uint8_t *resp_sig = resp->keyHandleCertSig +
resp->keyHandleLen + sizeof(U2F_ATT_CERT);
// Convert to der for the response
const uint8_t sig_len = ecdsa_sig_to_der(sig, resp_sig);
// Append success bytes
memcpy(resp->keyHandleCertSig + resp->keyHandleLen +
sizeof(U2F_ATT_CERT) + sig_len,
"\x90\x00", 2);
int l = 1 /* registerId */ + U2F_PUBKEY_LEN +
1 /* keyhandleLen */ + resp->keyHandleLen +
sizeof(U2F_ATT_CERT) + sig_len + 2;
last_req_state = INIT;
dialog_timeout = 0;
send_u2f_msg(data, l);
promptRegister(false, req);
return;
}
// Didnt expect to get here
dialog_timeout = 0;
}
static void promptAuthenticate(bool request, const U2F_AUTHENTICATE_REQ *req)
{
const char *appname = "";
bool readable = getReadableAppId(req->appId, &appname);
layoutU2FDialog(request,
"U2F Authenticate",
readable
? "Log in to %s?"
: "Do you want to log in?\n\n%s",
appname);
}
void u2f_authenticate(const APDU *a)
{
const U2F_AUTHENTICATE_REQ *req = (U2F_AUTHENTICATE_REQ *)a->data;
static U2F_AUTHENTICATE_REQ last_req;
if (!storage_isInitialized()) {
layout_warning_static("Cannot authenticate u2f: not initialized");
send_u2f_error(U2F_SW_CONDITIONS_NOT_SATISFIED);
delay_ms(3000);
return;
}
if (APDU_LEN(*a) < 64) { /// FIXME: decent value
debugLog(0, "", "u2f authenticate - badlen");
send_u2f_error(U2F_SW_WRONG_LENGTH);
return;
}
if (req->keyHandleLen != KEY_HANDLE_LEN) {
debugLog(0, "", "u2f auth - bad keyhandle len");
send_u2f_error(U2F_SW_WRONG_DATA); // error:bad key handle
return;
}
const HDNode *node =
validateKeyHandle(req->appId, req->keyHandle);
if (!node) {
debugLog(0, "", "u2f auth - bad keyhandle len");
send_u2f_error(U2F_SW_WRONG_DATA); // error:bad key handle
return;
}
if (a->p1 == U2F_AUTH_CHECK_ONLY) {
debugLog(0, "", "u2f authenticate check");
// This is a success for a good keyhandle
// A failed check would have happened earlier
// error: testof-user-presence is required
send_u2f_error(U2F_SW_CONDITIONS_NOT_SATISFIED);
return;
}
if (a->p1 != U2F_AUTH_ENFORCE) {
debugLog(0, "", "u2f authenticate unknown");
// error:bad key handle
send_u2f_error(U2F_SW_WRONG_DATA);
return;
}
debugLog(0, "", "u2f authenticate enforce");
if (memcmp(&last_req, req, sizeof(last_req)) != 0) {
memcpy(&last_req, req, sizeof(last_req));
last_req_state = INIT;
}
if (last_req_state == INIT) {
// error: testof-user-presence is required
//buttonUpdate(); // Clear button state
promptAuthenticate(true, req);
last_req_state = AUTH;
}
// Awaiting Keypress
if (last_req_state == AUTH) {
// error: testof-user-presence is required
send_u2f_error(U2F_SW_CONDITIONS_NOT_SATISFIED);
dialog_timeout = U2F_TIMEOUT;
return;
}
// Buttons said yes
if (last_req_state == AUTH_PASS) {
uint8_t buf[sizeof(U2F_AUTHENTICATE_RESP) + 2];
U2F_AUTHENTICATE_RESP *resp =
(U2F_AUTHENTICATE_RESP *)&buf;
const uint32_t ctr = storage_nextU2FCounter();
resp->flags = U2F_AUTH_FLAG_TUP;
resp->ctr[0] = ctr >> 24 & 0xff;
resp->ctr[1] = ctr >> 16 & 0xff;
resp->ctr[2] = ctr >> 8 & 0xff;
resp->ctr[3] = ctr & 0xff;
// Build and sign response
U2F_AUTHENTICATE_SIG_STR sig_base;
uint8_t sig[64];
memcpy(sig_base.appId, req->appId, U2F_APPID_SIZE);
sig_base.flags = resp->flags;
memcpy(sig_base.ctr, resp->ctr, 4);
memcpy(sig_base.chal, req->chal, U2F_CHAL_SIZE);
if (ecdsa_sign(&nist256p1, HASHER_SHA2, node->private_key, (uint8_t *)&sig_base, sizeof(sig_base), sig, NULL, NULL) != 0) {
send_u2f_error(U2F_SW_WRONG_DATA);
return;
}
// Copy DER encoded signature into response
const uint8_t sig_len = ecdsa_sig_to_der(sig, resp->sig);
// Append OK
memcpy(buf + sizeof(U2F_AUTHENTICATE_RESP) -
U2F_MAX_EC_SIG_SIZE + sig_len,
"\x90\x00", 2);
last_req_state = INIT;
dialog_timeout = 0;
send_u2f_msg(buf, sizeof(U2F_AUTHENTICATE_RESP) -
U2F_MAX_EC_SIG_SIZE + sig_len +
2);
promptAuthenticate(false, req);
}
}
