MCU code for the Digital Bitbox hardware wallet.
All communication to the hardware wallet enters and exits a single gateway char *commander(const char *command)
that receives an encrypted command and returns an encrypted reply. The communication protocol is described in the API.
The code can be compiled and tested locally without the need for a device. See the tests_cmdline.c
code for a simple example and the tests_api.c
code to test the full API. The tests_api.c
code will also test a live device if one is plugged into a USB slot. This requires installation of the hidapi library for USB communication, a micro SD card in the device, and a number of touch button presses to permit erase
and sign
commands. WARNING: data on the device and micro SD card will be lost when running tests_api.c
.
ECDSA signatures are performed with either the bitcoin core secp256k1 library or using a simplified version of the smaller micro ECC library, depending on a setting in the CMakeLists.txt
file. Each library is resistant to known side channel attacks.
Standardized functions:
Cryptographic: secp256k1, RFC6979, AES-256-CBC, SHA2, HMAC, PBKDF2, RIPEMD160
Encoding: Base-64, Base-58-check, JSON
Bitcoin: BIP32, BIP39, BIP44
Dependencies:
- HIDAPI (For live testing)
- Doxygen (Optional, to generate source code documentation)
- Graphviz (Optional, to generate graphs for the Doxygen documentation)
Build:
git clone https://github.com/digitalbitbox/mcu && cd mcu
mkdir build && cd build
cmake .. -DBUILD_TYPE=test # `-DBUILD_TYPE=firmware` and `-DBUILD_TYPE=bootloader` work if a GNU ARM toolchain is installed
make
make test
Requires:
To build the base image:
docker build --tag shift/mcu-base -f Dockerfile.dev .
To build and run the full set of tests with both gcc and clang:
docker build --tag shift/mcu-base-ci -f Dockerfile.tests .
To use the base container:
docker run -it shift/mcu-base
To use the contious integration container:
docker run -it shift/mcu-base-ci
This build process Debian Stable (Stretch).
Please do not use an editor that automatically reformats.
Please do use the coding style set by AStyle version 3.0 (http://astyle.sourceforge.net/; also available from homebrew) with the following parameters:
astyle --style=kr --indent-switches --indent-labels --pad-oper --pad-header --align-pointer=name --add-braces --convert-tabs --max-code-length=90 --break-after-logical --suffix=none *.c *.h --recursive --exclude=src/yajl --exclude=src/secp256k1 --exclude=src/drivers --exclude=tests/hidapi | grep Formatted
Pull requests will automatically fail if the coding style is not met. For convenience, enable a Git hook to trigger the astyle
styling whenever a git commit
operation is performed. This is done by typing in the repository directory:
cd .git/hooks
ln -s ../../contrib/git/pre-commit
All commits must be signed with PGP. To set Git to auto-sign your commits:
git config --global user.signingkey YourGPGKeyID
git config --global commit.gpgsign true
The PGP public keys of the contributors can be found in contrib/contributors_gpg_keys. Please add your PGP key with your first pull request.