[add] Fetch attestation / user private keys from env at startup then …

…stick with it
LedgerHQ · Dec 19, 2023 · 6099d21 · 6099d21
1 parent dc9fe08
commit 6099d21
Show file tree

Hide file tree

Showing 11 changed files with 238 additions and 79 deletions.
diff --git a/speculos/main.py b/speculos/main.py
@@ -227,6 +227,11 @@ def run_qemu(s1: socket.socket, s2: socket.socket, args: argparse.Namespace) ->
     if args.deterministic_rng:
         os.environ['RNG_SEED'] = args.deterministic_rng
 
+    if args.user_private_key:
+        os.environ['USER_PRIVATE_KEY'] = args.user_private_key
+    if args.attestation_key:
+        os.environ['ATTESTATION_PRIVATE_KEY'] = args.attestation_key
+
     logger.debug(f"executing qemu: {argv}")
     try:
         os.execvp(argv[0], argv)
@@ -260,8 +265,11 @@ def main(prog=None) -> int:
                                                        'to specify a path')
     parser.add_argument('--color', default='MATTE_BLACK', choices=list(display.COLORS.keys()), help='Nano color')
     parser.add_argument('-d', '--debug', action='store_true', help='Wait gdb connection to port 1234')
-    parser.add_argument('--deterministic-rng', default="", help='Seed the rng with a given value to produce '
+    parser.add_argument('--deterministic-rng', default='', help='Seed the rng with a given value to produce '
                                                                 'deterministic randomness')
+    parser.add_argument('--user-private-key', default='', help='32B in hex format, will be used as the user private keys')
+    parser.add_argument('--attestation-key', default='', help='32B in hex format, will be used as the private '
+                                                              'attestation key')
     parser.add_argument('-k', '--sdk', type=str, help='SDK version')
     parser.add_argument('-a', '--apiLevel', type=str, help='Api level')
     parser.add_argument('-l', '--library', default=[], action='append', help='Additional library (eg. '

diff --git a/src/bolos/cx.c b/src/bolos/cx.c
@@ -17,7 +17,7 @@ unsigned long sys_cx_rng(uint8_t *buffer, unsigned int length)
   unsigned int i;
 
   if (!initialized) {
-    srand(get_env_rng());
+    srand(env_get_rng());
     initialized = true;
   }
 

diff --git a/src/bolos/endorsement.c b/src/bolos/endorsement.c
@@ -3,51 +3,10 @@
 #include "bolos/exception.h"
 #include "cx.h"
 #include "emulate.h"
+#include "environment.h"
 
 #define cx_ecdsa_init_public_key sys_cx_ecfp_init_public_key
 
-// TODO: all keys are currently hardcoded
-
-static cx_ecfp_private_key_t user_private_key_1 = {
-  CX_CURVE_256K1,
-  32,
-  { 0xe1, 0x5e, 0x01, 0xd4, 0x70, 0x82, 0xf0, 0xea, 0x47, 0x71, 0xc9,
-    0x9f, 0xe3, 0x12, 0xf9, 0xd7, 0x00, 0x93, 0xc8, 0x9a, 0xf4, 0x77,
-    0x87, 0xfd, 0xf8, 0x2e, 0x03, 0x1f, 0x67, 0x28, 0xb7, 0x10 },
-};
-
-static cx_ecfp_private_key_t user_private_key_2 = {
-  CX_CURVE_256K1,
-  32,
-  { 0xe1, 0x5e, 0x01, 0xd4, 0x70, 0x82, 0xf0, 0xea, 0x47, 0x71, 0xc9,
-    0x9f, 0xe3, 0x12, 0xf9, 0xd7, 0x00, 0x93, 0xc8, 0x9a, 0xf4, 0x77,
-    0x87, 0xfd, 0xf8, 0x2e, 0x03, 0x1f, 0x67, 0x28, 0xb7, 0x10 },
-};
-
-// user_private_key_1 signed by test owner private key
-// "138fb9b91da745f12977a2b46f0bce2f0418b50fcb76631baf0f08ceefdb5d57"
-static uint8_t user_certificate_1[] = {
-  0x30, 0x45, 0x02, 0x21, 0x00, 0xbf, 0x23, 0x7e, 0x5b, 0x40, 0x06, 0x14,
-  0x17, 0xf6, 0x62, 0xa6, 0xd0, 0x8a, 0x4b, 0xde, 0x1f, 0xe3, 0x34, 0x3b,
-  0xd8, 0x70, 0x8c, 0xed, 0x04, 0x6c, 0x84, 0x17, 0x49, 0x5a, 0xd3, 0x6c,
-  0xcf, 0x02, 0x20, 0x3d, 0x39, 0xa5, 0x32, 0xee, 0xca, 0xdf, 0xf6, 0xdf,
-  0x20, 0x53, 0xe4, 0xab, 0x98, 0x96, 0xaa, 0x00, 0xf3, 0xbe, 0xf1, 0x5c,
-  0x4b, 0xd1, 0x1c, 0x53, 0x66, 0x1e, 0x54, 0xfe, 0x5e, 0x2f, 0xf4
-};
-static const uint8_t user_certificate_1_length = sizeof(user_certificate_1);
-
-// user_private_key_2 signed by test owner private key
-// "138fb9b91da745f12977a2b46f0bce2f0418b50fcb76631baf0f08ceefdb5d57"
-static uint8_t user_certificate_2[] = {
-  0x30, 0x45, 0x02, 0x21, 0x00, 0xbf, 0x23, 0x7e, 0x5b, 0x40, 0x06, 0x14,
-  0x17, 0xf6, 0x62, 0xa6, 0xd0, 0x8a, 0x4b, 0xde, 0x1f, 0xe3, 0x34, 0x3b,
-  0xd8, 0x70, 0x8c, 0xed, 0x04, 0x6c, 0x84, 0x17, 0x49, 0x5a, 0xd3, 0x6c,
-  0xcf, 0x02, 0x20, 0x3d, 0x39, 0xa5, 0x32, 0xee, 0xca, 0xdf, 0xf6, 0xdf,
-  0x20, 0x53, 0xe4, 0xab, 0x98, 0x96, 0xaa, 0x00, 0xf3, 0xbe, 0xf1, 0x5c,
-  0x4b, 0xd1, 0x1c, 0x53, 0x66, 0x1e, 0x54, 0xfe, 0x5e, 0x2f, 0xf4
-};
-static uint8_t user_certificate_2_length;
-
 unsigned int sys_os_endorsement_get_code_hash(uint8_t *buffer)
 {
   memcpy(buffer, "12345678abcdef0000fedcba87654321", 32);
@@ -61,10 +20,10 @@ unsigned long sys_os_endorsement_get_public_key(uint8_t index, uint8_t *buffer)
 
   switch (index) {
   case 1:
-    privateKey = &user_private_key_1;
+    privateKey = env_get_user_private_key(1);
     break;
   case 2:
-    privateKey = &user_private_key_2;
+    privateKey = env_get_user_private_key(2);
     break;
   default:
     THROW(EXCEPTION);
@@ -93,30 +52,27 @@ unsigned int
 sys_os_endorsement_get_public_key_certificate(unsigned char index,
                                               unsigned char *buffer)
 {
-  unsigned char *certificate;
-  unsigned char length;
+  env_user_certificate_t* certificate;
 
   switch (index) {
   case 1:
-    length = user_certificate_1_length;
-    certificate = user_certificate_1;
+    certificate = env_get_user_certificate(1);
     break;
   case 2:
-    length = user_certificate_2_length;
-    certificate = user_certificate_2;
+    certificate = env_get_user_certificate(2);
     break;
   default:
     THROW(EXCEPTION);
     break;
   }
 
-  if (length == 0) {
+  if (certificate->length == 0) {
     THROW(EXCEPTION);
   }
 
-  memcpy(buffer, certificate, length);
+  memcpy(buffer, certificate->buffer, certificate->length);
 
-  return length;
+  return certificate->length;
 }
 
 unsigned int sys_os_endorsement_get_public_key_certificate_new(
@@ -140,7 +96,7 @@ unsigned long sys_os_endorsement_key1_sign_data(uint8_t *data,
   sys_cx_hash((cx_hash_t *)&sha256, CX_LAST, hash, sizeof(hash), hash, 32);
   /* XXX: CX_RND_TRNG is set but actually ignored by speculos'
    *      sys_cx_ecdsa_sign implementation */
-  sys_cx_ecdsa_sign(&user_private_key_1, CX_LAST | CX_RND_TRNG, CX_SHA256, hash,
+  sys_cx_ecdsa_sign(env_get_user_private_key(1), CX_LAST | CX_RND_TRNG, CX_SHA256, hash,
                     sizeof(hash),          // size of SHA256 hash
                     signature, 6 + 33 * 2, /*3TL+2V*/
                     NULL);

diff --git a/src/bolos/os_bip32.c b/src/bolos/os_bip32.c
@@ -444,7 +444,7 @@ unsigned long sys_os_perso_derive_node_with_seed_key(
     sk_length = seed_key_length;
   }
 
-  seed_size = get_env_seed(seed, sizeof(seed));
+  seed_size = env_get_seed(seed, sizeof(seed));
 
   if (mode == HDW_SLIP21) {
     ret = hdw_slip21(sk, sk_length, seed, seed_size, (const uint8_t *)path,

diff --git a/src/bolos/os_eip2333.c b/src/bolos/os_eip2333.c
@@ -142,7 +142,7 @@ unsigned long sys_os_perso_derive_eip2333(cx_curve_t curve,
     THROW(EXCEPTION);
   }
 
-  seed_size = get_env_seed(seed, sizeof(seed));
+  seed_size = env_get_seed(seed, sizeof(seed));
 
   cx_derive_master_sk(seed, seed_size, sk);
   if (privateKey != NULL) {