diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 1be1df43..8a688477 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -34,7 +34,7 @@ jobs: run: | aws s3 sync \ middleware/coverage/ \ - s3://${{ secrets.CODECOVERAGE_S3_BUCKET }}/powhsm_5.2.x/middleware_coverage_report \ + s3://${{ secrets.CODECOVERAGE_S3_BUCKET }}/powhsm_5.3.x/middleware_coverage_report \ --sse aws:kms --sse-kms-key-id ${{ secrets.CODECOVERAGE_KMS_KEY_ID }} \ --no-progress --follow-symlinks --delete --only-show-errors @@ -49,7 +49,7 @@ jobs: run: | aws s3 sync \ firmware/coverage/output/ \ - s3://${{ secrets.CODECOVERAGE_S3_BUCKET }}/powhsm_5.2.x/firmware_coverage_report \ + s3://${{ secrets.CODECOVERAGE_S3_BUCKET }}/powhsm_5.3.x/firmware_coverage_report \ --sse aws:kms --sse-kms-key-id ${{ secrets.CODECOVERAGE_KMS_KEY_ID }} \ --no-progress --follow-symlinks --delete --only-show-errors diff --git a/CHANGELOG.md b/CHANGELOG.md index d680f359..bcdc3c73 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,21 @@ # Changelog +## [5.3.0 ALPHA] - 23/10/2024 + +### Features/enhancements + +- SGX powHSM inital implementation +- SGX simulation build +- SGX middleware manager +- SGX middleware admin tooling +- SGX distribution scripts +- SGX tests +- SGX documentation + +### Fixes + +- Removed compilation products from repository + ## [5.2.0] - 09/09/2024 ### Features/enhancements diff --git a/README.md b/README.md index ee086462..7c54a95f 100644 --- a/README.md +++ b/README.md @@ -3,8 +3,8 @@ ![Tests](https://github.com/rsksmart/rsk-powhsm/actions/workflows/run-tests.yml/badge.svg) ![Python linter](https://github.com/rsksmart/rsk-powhsm/actions/workflows/lint-python.yml/badge.svg) ![C linter](https://github.com/rsksmart/rsk-powhsm/actions/workflows/lint-c.yml/badge.svg) -[![Middleware coverage](https://img.shields.io/endpoint?url=https://d16sboe9lzo4ru.cloudfront.net/powhsm_5.2.x/middleware_coverage_report/badge.json)](https://d16sboe9lzo4ru.cloudfront.net/powhsm_5.2.x/middleware_coverage_report/index.html) -[![Firmware coverage](https://img.shields.io/endpoint?url=https://d16sboe9lzo4ru.cloudfront.net/powhsm_5.2.x/firmware_coverage_report/badge.json)](https://d16sboe9lzo4ru.cloudfront.net/powhsm_5.2.x/firmware_coverage_report/index.html) +[![Middleware coverage](https://img.shields.io/endpoint?url=https://d16sboe9lzo4ru.cloudfront.net/powhsm_5.3.x/middleware_coverage_report/badge.json)](https://d16sboe9lzo4ru.cloudfront.net/powhsm_5.3.x/middleware_coverage_report/index.html) +[![Firmware coverage](https://img.shields.io/endpoint?url=https://d16sboe9lzo4ru.cloudfront.net/powhsm_5.3.x/firmware_coverage_report/badge.json)](https://d16sboe9lzo4ru.cloudfront.net/powhsm_5.3.x/firmware_coverage_report/index.html) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](./LICENSE) diff --git a/docs/attestation.md b/docs/attestation.md index 3cc0ac25..bba1a8bc 100644 --- a/docs/attestation.md +++ b/docs/attestation.md @@ -56,7 +56,7 @@ Before diving into the UI attestation, it is important to recall a few relevant To generate the attestation, the UI uses the configured attestation scheme to sign a message generated by the concatenation of: -- A predefined header (`HSM:UI:5.2`). +- A predefined header (`HSM:UI:5.3`). - A 32 byte user-defined value. By default, the attestation generation client supplies the latest RSK block hash as this value, so it can then be used as a minimum timestamp reference for the attestation generation. - The compressed public key corresponding to the private key obtained by deriving the generated seed with the BIP32 path `m/44'/0'/0'/0/0` (normally used as the BTC key by the Signer application). - The hash of the currently authorized Signer version. @@ -66,7 +66,7 @@ As a consequence of the aforementioned features, this message guarantees that th ### Signer attestation -To generate the attestation, the Signer uses the configured attestation scheme to sign a message containing a predefined header (`HSM:SIGNER:5.2`) and the `sha256sum` of the concatenation of the authorized public keys (see the [protocol](./protocol.md) for details on this) lexicographically ordered by their UTF-encoded derivation path. This message guarantees that the device is running a specific version of the Signer and that those keys are in control of the ledger device. +To generate the attestation, the Signer uses the configured attestation scheme to sign a message containing a predefined header (`HSM:SIGNER:5.3`) and the `sha256sum` of the concatenation of the authorized public keys (see the [protocol](./protocol.md) for details on this) lexicographically ordered by their UTF-encoded derivation path. This message guarantees that the device is running a specific version of the Signer and that those keys are in control of the ledger device. ## Attestation file format diff --git a/docs/heartbeat.md b/docs/heartbeat.md index 6d4f5fdf..58ec43ba 100644 --- a/docs/heartbeat.md +++ b/docs/heartbeat.md @@ -41,7 +41,7 @@ certification -- to verify. To generate the heartbeat, the Signer uses the configured endorsement scheme to sign a message generated by the concatenation of: -- A predefined header (`HSM:SIGNER:HB:5.2:`). +- A predefined header (`HSM:SIGNER:HB:5.3:`). - A 32 byte value corresponding to the currently known best block hash. - A value corresponding to the first 8 bytes of the last successful authorized signed operation's transaction hash. @@ -57,7 +57,7 @@ transactions. To generate the heartbeat, the UI uses the configured endorsement scheme to sign a message generated by the concatenation of: -- A predefined header (`HSM:UI:HB:5.2:`). +- A predefined header (`HSM:UI:HB:5.3:`). - A 32 byte user-defined value. This value can vary and could be, for example, used as a timestamp reference for the end user. - A 32 byte value corresponding to the currently authorized Signer hash. diff --git a/firmware/src/ledger/ui/src/attestation.h b/firmware/src/ledger/ui/src/attestation.h index bb9230e3..51cdd2f0 100644 --- a/firmware/src/ledger/ui/src/attestation.h +++ b/firmware/src/ledger/ui/src/attestation.h @@ -48,7 +48,7 @@ typedef enum { } err_code_att_t; // Attestation message prefix -#define ATT_MSG_PREFIX "HSM:UI:5.2" +#define ATT_MSG_PREFIX "HSM:UI:5.3" #define ATT_MSG_PREFIX_LENGTH (sizeof(ATT_MSG_PREFIX) - sizeof("")) // User defined value size diff --git a/firmware/src/ledger/ui/src/defs.h b/firmware/src/ledger/ui/src/defs.h index afb7635b..8583a641 100644 --- a/firmware/src/ledger/ui/src/defs.h +++ b/firmware/src/ledger/ui/src/defs.h @@ -30,7 +30,7 @@ // Version and patchlevel #define VERSION_MAJOR 0x05 -#define VERSION_MINOR 0x02 +#define VERSION_MINOR 0x03 #define VERSION_PATCH 0x00 #endif // __DEFS_H diff --git a/firmware/src/ledger/ui/src/ui_heartbeat.h b/firmware/src/ledger/ui/src/ui_heartbeat.h index e42db887..8d840c2e 100644 --- a/firmware/src/ledger/ui/src/ui_heartbeat.h +++ b/firmware/src/ledger/ui/src/ui_heartbeat.h @@ -46,7 +46,7 @@ typedef enum { } err_code_ui_heartbeat_t; // Heartbeat message prefix -#define UI_HEARTBEAT_MSG_PREFIX "HSM:UI:HB:5.2:" +#define UI_HEARTBEAT_MSG_PREFIX "HSM:UI:HB:5.3:" #define UI_HEARTBEAT_MSG_PREFIX_LENGTH \ (sizeof(UI_HEARTBEAT_MSG_PREFIX) - sizeof("")) diff --git a/firmware/src/ledger/ui/test/attestation/test_attestation.c b/firmware/src/ledger/ui/test/attestation/test_attestation.c index 31333927..eaba76fe 100644 --- a/firmware/src/ledger/ui/test/attestation/test_attestation.c +++ b/firmware/src/ledger/ui/test/attestation/test_attestation.c @@ -160,7 +160,7 @@ void test_get_attestation_ud_value() { assert(3 == get_attestation(rx, &G_att_ctx)); // PREFIX + UD_VALUE + Compressed pubkey + Signer hash + Iteration ASSERT_MEMCMP( - "HSM:UI:5.2" + "HSM:UI:5.3" "\x46\x8d\xa8\x7f\x6a\x85\xe6\x40\x93\x27\xe1\x17\xe8\xc7\xd2\x11\x0c" "\x73\x60\x22\x26\xbb\xb5\xed\xf2\x7d\x98\xc8\xa3\x1b\xcc\xf0" "\x02\xe6\xd7\x1d\x5c\x2b\x06\x36\x03\x53\xfb\xd8\x22\x7a\xb3\xab\xfc" @@ -208,7 +208,7 @@ void test_get_attestation_get_msg() { *N_onboarded_ui = 1; memcpy( G_att_ctx.msg, - "HSM:UI:5.2" + "HSM:UI:5.3" "\x46\x8d\xa8\x7f\x6a\x85\xe6\x40\x93\x27\xe1\x17\xe8\xc7\xd2\x11\x0c" "\x73\x60\x22\x26\xbb\xb5\xed\xf2\x7d\x98\xc8\xa3\x1b\xcc\xf0" "\x03\xe6\xd7\x1d\x5c\x2b\x06\x36\x03\x53\xfb\xd8\x22\x7a\xb3\xab\xfc" @@ -225,7 +225,7 @@ void test_get_attestation_get_msg() { assert((APDU_TOTAL_DATA_SIZE_OUT + 3) == get_attestation(rx, &G_att_ctx)); ASSERT_APDU( "\x80\x50\x02\x01" - "HSM:UI:5.2" + "HSM:UI:5.3" "\x46\x8d\xa8\x7f\x6a\x85\xe6\x40\x93\x27\xe1\x17\xe8\xc7\xd2\x11\x0c" "\x73\x60\x22\x26\xbb\xb5\xed\xf2\x7d\x98\xc8\xa3\x1b\xcc\xf0" "\x03\xe6\xd7\x1d\x5c\x2b\x06\x36\x03\x53\xfb\xd8\x22\x7a\xb3\xab\xfc" @@ -249,7 +249,7 @@ void test_get_attestation_get_msg_wrong_state() { *N_onboarded_ui = 1; memcpy( &G_att_ctx.msg, - "HSM:UI:5.2" + "HSM:UI:5.3" "\x46\x8d\xa8\x7f\x6a\x85\xe6\x40\x93\x27\xe1\x17\xe8\xc7\xd2\x11\x0c" "\x73\x60\x22\x26\xbb\xb5\xed\xf2\x7d\x98\xc8\xa3\x1b\xcc\xf0" "\x03\xe6\xd7\x1d\x5c\x2b\x06\x36\x03\x53\xfb\xd8\x22\x7a\xb3\xab\xfc" diff --git a/firmware/src/ledger/ui/test/onboard/test_onboard.c b/firmware/src/ledger/ui/test/onboard/test_onboard.c index 1e9ccebc..5269c6aa 100644 --- a/firmware/src/ledger/ui/test/onboard/test_onboard.c +++ b/firmware/src/ledger/ui/test/onboard/test_onboard.c @@ -313,11 +313,11 @@ void test_is_onboarded() { G_device_onboarded = true; assert(5 == is_onboarded()); - ASSERT_APDU("\x80\x01\x05\x02\x00"); + ASSERT_APDU("\x80\x01\x05\x03\x00"); G_device_onboarded = false; assert(5 == is_onboarded()); - ASSERT_APDU("\x80\x00\x05\x02\x00"); + ASSERT_APDU("\x80\x00\x05\x03\x00"); } int main() { diff --git a/firmware/src/ledger/ui/test/ui_heartbeat/test_ui_heartbeat.c b/firmware/src/ledger/ui/test/ui_heartbeat/test_ui_heartbeat.c index 36fe5518..5bb9924b 100644 --- a/firmware/src/ledger/ui/test/ui_heartbeat/test_ui_heartbeat.c +++ b/firmware/src/ledger/ui/test/ui_heartbeat/test_ui_heartbeat.c @@ -230,7 +230,7 @@ void test_op_ud_value() { assert_ok("\x80\x60\x01"); - const char expected_msg[] = "HSM:UI:HB:5.2:" // Prefix + const char expected_msg[] = "HSM:UI:HB:5.3:" // Prefix "\x11" // UD "\x22\x22\x22\x22\x22\x22\x22\x22\x22\x22" // . "\x22\x22\x22\x22\x22\x22\x22\x22\x22\x22" // . diff --git a/firmware/src/powhsm/src/attestation.h b/firmware/src/powhsm/src/attestation.h index 23d1171b..5b61be27 100644 --- a/firmware/src/powhsm/src/attestation.h +++ b/firmware/src/powhsm/src/attestation.h @@ -33,7 +33,7 @@ // ----------------------------------------------------------------------- // Attestation message prefix -#define ATT_MSG_PREFIX "HSM:SIGNER:5.2" +#define ATT_MSG_PREFIX "HSM:SIGNER:5.3" #define ATT_MSG_PREFIX_LENGTH (sizeof(ATT_MSG_PREFIX) - sizeof("")) // ----------------------------------------------------------------------- diff --git a/firmware/src/powhsm/src/defs.h b/firmware/src/powhsm/src/defs.h index 7413c6ee..d2eac45c 100644 --- a/firmware/src/powhsm/src/defs.h +++ b/firmware/src/powhsm/src/defs.h @@ -29,7 +29,7 @@ // Version and patchlevel #define VERSION_MAJOR 0x05 -#define VERSION_MINOR 0x02 +#define VERSION_MINOR 0x03 #define VERSION_PATCH 0x00 #endif // __DEFS_H diff --git a/firmware/src/powhsm/src/heartbeat.h b/firmware/src/powhsm/src/heartbeat.h index 1026f2b1..2bcf905c 100644 --- a/firmware/src/powhsm/src/heartbeat.h +++ b/firmware/src/powhsm/src/heartbeat.h @@ -45,7 +45,7 @@ typedef enum { } err_code_heartbeat_t; // Heartbeat message prefix -#define HEARTBEAT_MSG_PREFIX "HSM:SIGNER:HB:5.2:" +#define HEARTBEAT_MSG_PREFIX "HSM:SIGNER:HB:5.3:" #define HEARTBEAT_MSG_PREFIX_LENGTH (sizeof(HEARTBEAT_MSG_PREFIX) - sizeof("")) // User-defined value size diff --git a/firmware/test/cases/heartbeat.py b/firmware/test/cases/heartbeat.py index 09bad8d2..d6ba7d77 100644 --- a/firmware/test/cases/heartbeat.py +++ b/firmware/test/cases/heartbeat.py @@ -27,7 +27,7 @@ class Heartbeat(TestCase): - EXPECTED_HEADER = "HSM:SIGNER:HB:5.2:" + EXPECTED_HEADER = "HSM:SIGNER:HB:5.3:" EHL = len(EXPECTED_HEADER) @classmethod diff --git a/middleware/ledger/protocol.py b/middleware/ledger/protocol.py index 4e6af5cc..86fbb91f 100644 --- a/middleware/ledger/protocol.py +++ b/middleware/ledger/protocol.py @@ -38,8 +38,8 @@ class HSM2ProtocolLedger(HSM2Protocol): # Current manager supported versions for HSM UI and HSM SIGNER (<=) - UI_VERSION = HSM2FirmwareVersion(5, 2, 0) - APP_VERSION = HSM2FirmwareVersion(5, 2, 0) + UI_VERSION = HSM2FirmwareVersion(5, 3, 0) + APP_VERSION = HSM2FirmwareVersion(5, 3, 0) # Amount of time to wait to make sure the app is opened OPEN_APP_WAIT = 1 # second diff --git a/middleware/tests/admin/test_verify_attestation.py b/middleware/tests/admin/test_verify_attestation.py index 3b1968ab..665e96db 100644 --- a/middleware/tests/admin/test_verify_attestation.py +++ b/middleware/tests/admin/test_verify_attestation.py @@ -37,8 +37,8 @@ logging.disable(logging.CRITICAL) EXPECTED_UI_DERIVATION_PATH = "m/44'/0'/0'/0/0" -SIGNER_HEADER = b"HSM:SIGNER:5.2" -UI_HEADER = b"HSM:UI:5.2" +SIGNER_HEADER = b"HSM:SIGNER:5.3" +UI_HEADER = b"HSM:UI:5.3" @patch("sys.stdout.write") @@ -114,7 +114,7 @@ def test_verify_attestation(self, f"Authorized signer hash: {'cc'*32}", "Authorized signer iteration: 291", f"Installed UI hash: {'ee'*32}", - "Installed UI version: 5.2", + "Installed UI version: 5.3", ], fill="-", ) @@ -125,7 +125,7 @@ def test_verify_attestation(self, "", f"Hash: {self.pubkeys_hash.hex()}", f"Installed Signer hash: {'ff'*32}", - "Installed Signer version: 5.2", + "Installed Signer version: 5.3", ], fill="-", ) diff --git a/middleware/tests/ledger/test_protocol.py b/middleware/tests/ledger/test_protocol.py index 13de3f4f..968b0d8f 100644 --- a/middleware/tests/ledger/test_protocol.py +++ b/middleware/tests/ledger/test_protocol.py @@ -49,7 +49,7 @@ def setUp(self): self.dongle.disconnect = Mock() self.dongle.is_onboarded = Mock(return_value=True) self.dongle.get_current_mode = Mock(return_value=HSM2Dongle.MODE.SIGNER) - self.dongle.get_version = Mock(return_value=HSM2FirmwareVersion(5, 2, 0)) + self.dongle.get_version = Mock(return_value=HSM2FirmwareVersion(5, 3, 0)) self.dongle.get_signer_parameters = Mock(return_value=Mock( min_required_difficulty=123)) self.protocol = HSM2ProtocolLedger(self.pin, self.dongle) diff --git a/middleware/tests/ledger/test_protocol_v1.py b/middleware/tests/ledger/test_protocol_v1.py index 9a98ee65..63d6d042 100644 --- a/middleware/tests/ledger/test_protocol_v1.py +++ b/middleware/tests/ledger/test_protocol_v1.py @@ -47,7 +47,7 @@ def setUp(self): self.dongle.disconnect = Mock() self.dongle.is_onboarded = Mock(return_value=True) self.dongle.get_current_mode = Mock(return_value=HSM2Dongle.MODE.SIGNER) - self.dongle.get_version = Mock(return_value=HSM2FirmwareVersion(5, 2, 0)) + self.dongle.get_version = Mock(return_value=HSM2FirmwareVersion(5, 3, 0)) self.dongle.get_signer_parameters = Mock(return_value=Mock( min_required_difficulty=123)) self.protocol = HSM1ProtocolLedger(self.pin, self.dongle)