MCU code for the Digital Bitbox hardware wallet.

All communication to the hardware wallet enters and exits a single gateway char *commander(const char *command) that receives an encrypted command and returns an encrypted reply. The communication protocol is described in the API.

The code can be compiled and tested locally without the need for a device. See the tests_cmdline.c code for a simple example and the tests_api.c code to test the full API. The tests_api.c code will also test a live device if one is plugged into a USB slot. This requires installation of the hidapi library for USB communication, a micro SD card in the device, and a number of touch button presses to permit erase and sign commands. WARNING: data on the device and micro SD card will be lost when running tests_api.c.

ECDSA signatures are performed with either the bitcoin core secp256k1 library or using a simplified version of the smaller micro ECC library, depending on a setting in the CMakeLists.txt file. Each library is resistant to known side channel attacks.

Standardized functions:

Cryptographic: secp256k1, RFC6979, AES-256-CBC, SHA2, HMAC, PBKDF2, RIPEMD160
Encoding: Base-64, Base-58-check, JSON
Bitcoin: BIP32, BIP39, BIP44

Dependencies:

• HIDAPI (For live testing)
• Doxygen (Optional, to generate source code documentation)
• Graphviz (Optional, to generate graphs for the Doxygen documentation)

Build:

git clone https://github.com/digitalbitbox/mcu && cd mcu
mkdir build && cd build
cmake .. -DBUILD_TYPE=test # `-DBUILD_TYPE=firmware` and `-DBUILD_TYPE=bootloader` work if a GNU ARM toolchain is installed
make
make test

Requires:

• Vagrant
• Virtual Box

Build:

git clone https://github.com/digitalbitbox/mcu && cd mcu
vagrant up # Creates: build-vagrant/bin/firmware.bin
vagrant halt

Please do not use an editor that automatically reformats.

Please do use the coding style set by AStyle version 3.0 (http://astyle.sourceforge.net/; also available from homebrew) with the following parameters:

astyle --style=kr --indent-switches --indent-labels --pad-oper --pad-header --align-pointer=name --add-braces --convert-tabs --max-code-length=90 --break-after-logical --suffix=none *.c *.h --recursive --exclude=src/yajl --exclude=src/secp256k1 --exclude=src/drivers --exclude=tests/hidapi | grep Formatted

Pull requests will automatically fail if the coding style is not met. For convenience, enable a Git hook to trigger the astyle styling whenever a git commit operation is performed. This is done by typing in the repository directory:

cd .git/hooks
ln -s ../../contrib/git/pre-commit

All commits must be signed with PGP. To set Git to auto-sign your commits:

git config --global user.signingkey YourGPGKeyID
git config --global commit.gpgsign true

The PGP public keys of the contributors can be found in contrib/contributors_gpg_keys. Please add your PGP key with your first pull request.