arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-11-13 19:18:56 +00:00
Code Issues Releases Wiki Activity

storage, norcow: use secbool

Browse Source
This commit is contained in:
Jan Pochyla 2017-10-27 17:49:30 +02:00
parent 662cfc1b2c
commit 0376ff7f48
5 changed files with 128 additions and 123 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
embed/extmod/modtrezorconfig/norcow.c
View File

@ -15,10 +15,10 @@ static uint32_t norcow_active_offset = 0;
/*
* Erases sector
*/
static bool norcow_erase(uint8_t sector)
static secbool norcow_erase(uint8_t sector)
{
if (sector >= NORCOW_SECTOR_COUNT) {
return false;
return secfalse;
}
return flash_erase_sectors(&norcow_sectors[sector], 1, NULL);
}
@ -38,36 +38,36 @@ static const void *norcow_ptr(uint8_t sector, uint32_t offset, uint32_t size)
/*
* Writes data to given sector, starting from offset
*/
static bool norcow_write(uint8_t sector, uint32_t offset, uint32_t prefix, const uint8_t *data, uint16_t len)
static secbool norcow_write(uint8_t sector, uint32_t offset, uint32_t prefix, const uint8_t *data, uint16_t len)
{
if (sector >= NORCOW_SECTOR_COUNT) {
return false;
return secfalse;
}
if (!flash_unlock()) {
return false;
if (sectrue != flash_unlock()) {
return secfalse;
}
// write prefix
if (!flash_write_word_rel(norcow_sectors[sector], offset, prefix)) {
if (sectrue != flash_write_word_rel(norcow_sectors[sector], offset, prefix)) {
flash_lock();
return false;
return secfalse;
}
offset += sizeof(uint32_t);
// write data
for (uint16_t i = 0; i < len; i++, offset++) {
if (!flash_write_byte_rel(norcow_sectors[sector], offset, data[i])) {
if (sectrue != flash_write_byte_rel(norcow_sectors[sector], offset, data[i])) {
flash_lock();
return false;
return secfalse;
}
}
// pad with zeroes
for (; offset % 4; offset++) {
if (!flash_write_byte_rel(norcow_sectors[sector], offset, 0x00)) {
if (sectrue != flash_write_byte_rel(norcow_sectors[sector], offset, 0x00)) {
flash_lock();
return false;
return secfalse;
}
}
flash_lock();
return true;
return sectrue;
}
#define ALIGN4(X) (X) = ((X) + 3) & ~3
@ -75,34 +75,34 @@ static bool norcow_write(uint8_t sector, uint32_t offset, uint32_t prefix, const
/*
* Reads one item starting from offset
*/
static bool read_item(uint8_t sector, uint32_t offset, uint16_t *key, const void **val, uint16_t *len, uint32_t *pos)
static secbool read_item(uint8_t sector, uint32_t offset, uint16_t *key, const void **val, uint16_t *len, uint32_t *pos)
{
*pos = offset;
const void *k = norcow_ptr(sector, *pos, 2);
if (k == NULL) return false;
if (k == NULL) return secfalse;
*pos += 2;
memcpy(key, k, sizeof(uint16_t));
if (*key == 0xFFFF) {
return false;
return secfalse;
}
const void *l = norcow_ptr(sector, *pos, 2);
if (l == NULL) return false;
if (l == NULL) return secfalse;
*pos += 2;
memcpy(len, l, sizeof(uint16_t));
*val = norcow_ptr(sector, *pos, *len);
if (*val == NULL) return false;
if (*val == NULL) return secfalse;
*pos += *len;
ALIGN4(*pos);
return true;
return sectrue;
}
/*
* Writes one item starting from offset
*/
static bool write_item(uint8_t sector, uint32_t offset, uint16_t key, const void *val, uint16_t len, uint32_t *pos)
static secbool write_item(uint8_t sector, uint32_t offset, uint16_t key, const void *val, uint16_t len, uint32_t *pos)
{
uint32_t prefix = (len << 16) | key;
*pos = offset + sizeof(uint32_t) + len;
@ -113,7 +113,7 @@ static bool write_item(uint8_t sector, uint32_t offset, uint16_t key, const void
/*
* Finds item in given sector
*/
static bool find_item(uint8_t sector, uint16_t key, const void **val, uint16_t *len)
static secbool find_item(uint8_t sector, uint16_t key, const void **val, uint16_t *len)
{
*val = 0;
*len = 0;
@ -122,15 +122,16 @@ static bool find_item(uint8_t sector, uint16_t key, const void **val, uint16_t *
uint16_t k, l;
const void *v;
uint32_t pos;
bool r = read_item(sector, offset, &k, &v, &l, &pos);
if (!r) break;
if (sectrue != read_item(sector, offset, &k, &v, &l, &pos)) {
break;
}
if (key == k) {
*val = v;
*len = l;
}
offset = pos;
}
return (*val);
return sectrue * (*val != NULL);
}
/*
@ -143,8 +144,9 @@ static uint32_t find_free_offset(uint8_t sector)
uint16_t key, len;
const void *val;
uint32_t pos;
bool r = read_item(sector, offset, &key, &val, &len, &pos);
if (!r) break;
if (sectrue != read_item(sector, offset, &key, &val, &len, &pos)) {
break;
}
offset = pos;
}
return offset;
@ -164,17 +166,15 @@ static void compact()
uint16_t k, l;
const void *v;
uint32_t pos;
bool r = read_item(norcow_active_sector, offset, &k, &v, &l, &pos);
if (!r) break;
secbool r = read_item(norcow_active_sector, offset, &k, &v, &l, &pos);
if (sectrue != r) break;
offset = pos;
// check if not already saved
const void *v2;
uint16_t l2;
r = find_item(norcow_next_sector, k, &v2, &l2);
if (r) {
continue;
}
if (sectrue == r) continue;
// scan for latest instance
uint32_t offsetr = offset;
@ -182,7 +182,7 @@ static void compact()
uint16_t k2;
uint32_t posr;
r = read_item(norcow_active_sector, offsetr, &k2, &v2, &l2, &posr);
if (!r) break;
if (sectrue != r) break;
if (k == k2) {
v = v2;
l = l2;
@ -193,7 +193,7 @@ static void compact()
// copy the last item
uint32_t posw;
r = write_item(norcow_next_sector, offsetw, k, v, l, &posw);
if (!r) { } // TODO: error
if (sectrue != r) { } // TODO: error
offsetw = posw;
}
@ -205,7 +205,7 @@ static void compact()
/*
* Initializes storage
*/
bool norcow_init(void)
secbool norcow_init(void)
{
// detect active sector (inactive sectors are empty = start with 0xFF)
for (uint8_t i = 0; i < NORCOW_SECTOR_COUNT; i++) {
@ -216,28 +216,28 @@ bool norcow_init(void)
}
}
norcow_active_offset = find_free_offset(norcow_active_sector);
return true;
return sectrue;
}
/*
* Wipe the storage
*/
bool norcow_wipe(void)
secbool norcow_wipe(void)
{
for (uint8_t i = 0; i < NORCOW_SECTOR_COUNT; i++) {
if (!norcow_erase(i)) {
return false;
if (sectrue != norcow_erase(i)) {
return secfalse;
}
}
norcow_active_sector = 0;
norcow_active_offset = 0;
return true;
return sectrue;
}
/*
* Looks for the given key, returns status of the operation
*/
bool norcow_get(uint16_t key, const void **val, uint16_t *len)
secbool norcow_get(uint16_t key, const void **val, uint16_t *len)
{
return find_item(norcow_active_sector, key, val, len);
}
@ -245,7 +245,7 @@ bool norcow_get(uint16_t key, const void **val, uint16_t *len)
/*
* Sets the given key, returns status of the operation
*/
bool norcow_set(uint16_t key, const void *val, uint16_t len)
secbool norcow_set(uint16_t key, const void *val, uint16_t len)
{
// check whether there is enough free space
// and compact if full
@ -254,8 +254,8 @@ bool norcow_set(uint16_t key, const void *val, uint16_t len)
}
// write item
uint32_t pos;
bool r = write_item(norcow_active_sector, norcow_active_offset, key, val, len, &pos);
if (r) {
secbool r = write_item(norcow_active_sector, norcow_active_offset, key, val, len, &pos);
if (sectrue == r) {
norcow_active_offset = pos;
}
return r;

9
embed/extmod/modtrezorconfig/norcow.h
View File

@ -3,6 +3,7 @@
#include <stdint.h>
#include <stdbool.h>
#include "../../trezorhal/secbool.h"
/*
* Storage parameters:
@ -14,21 +15,21 @@
/*
* Initialize storage
*/
bool norcow_init(void);
secbool norcow_init(void);
/*
* Wipe the storage
*/
bool norcow_wipe(void);
secbool norcow_wipe(void);
/*
* Looks for the given key, returns status of the operation
*/
bool norcow_get(uint16_t key, const void **val, uint16_t *len);
secbool norcow_get(uint16_t key, const void **val, uint16_t *len);
/*
* Sets the given key, returns status of the operation
*/
bool norcow_set(uint16_t key, const void *val, uint16_t len);
secbool norcow_set(uint16_t key, const void *val, uint16_t len);
#endif

129
embed/extmod/modtrezorconfig/storage.c
View File

@ -19,20 +19,20 @@
// Norcow storage key of configured PIN.
#define PIN_KEY 0x0000
static bool initialized = false;
static bool unlocked = false;
static secbool initialized = secfalse;
static secbool unlocked = secfalse;
bool storage_init(void)
secbool storage_init(void)
{
if (!flash_init()) {
return false;
if (sectrue != flash_init()) {
return secfalse;
}
if (!norcow_init()) {
return false;
if (sectrue != norcow_init()) {
return secfalse;
}
initialized = true;
unlocked = false;
return true;
initialized = sectrue;
unlocked = secfalse;
return sectrue;
}
static void pin_fails_reset(uint32_t ofs)
@ -51,26 +51,29 @@ static void pin_fails_reset(uint32_t ofs)
}
}
static bool pin_fails_increase(uint32_t ofs)
static secbool pin_fails_increase(uint32_t ofs)
{
uint32_t ctr = ~PIN_MAX_TRIES;
if (!flash_read_word_rel(FLASH_SECTOR_PIN_AREA, ofs, &ctr)) {
return false;
if (sectrue != flash_read_word_rel(FLASH_SECTOR_PIN_AREA, ofs, &ctr)) {
return secfalse;
}
ctr = ctr << 1;
flash_unlock();
if (!flash_write_word_rel(FLASH_SECTOR_PIN_AREA, ofs, ctr)) {
if (sectrue != flash_write_word_rel(FLASH_SECTOR_PIN_AREA, ofs, ctr)) {
flash_lock();
return false;
return secfalse;
}
flash_lock();
uint32_t check = 0;
if (!flash_read_word_rel(FLASH_SECTOR_PIN_AREA, ofs, &check)) {
return false;
if (sectrue != flash_read_word_rel(FLASH_SECTOR_PIN_AREA, ofs, &check)) {
return secfalse;
}
return ctr == check;
if (ctr != check) {
return secfalse;
}
return sectrue;
}
static void pin_fails_check_max(uint32_t ctr)
@ -85,35 +88,35 @@ static void pin_fails_check_max(uint32_t ctr)
}
}
static bool pin_fails_read(uint32_t *ofs, uint32_t *ctr)
static secbool pin_fails_read(uint32_t *ofs, uint32_t *ctr)
{
if (!ofs || !ctr) {
return false;
if (NULL == ofs || NULL == ctr) {
return secfalse;
}
for (uint32_t o = 0; o < PIN_SECTOR_SIZE; o += sizeof(uint32_t)) {
uint32_t c = 0;
if (!flash_read_word_rel(FLASH_SECTOR_PIN_AREA, o, &c)) {
return false;
return secfalse;
}
if (c != 0) {
*ofs = o;
*ctr = c;
return true;
return sectrue;
}
}
return false;
return secfalse;
}
static bool const_cmp(const uint8_t *pub, size_t publen, const uint8_t *sec, size_t seclen)
static secbool const_cmp(const uint8_t *pub, size_t publen, const uint8_t *sec, size_t seclen)
{
size_t diff = seclen ^ publen;
for (size_t i = 0; i < publen; i++) {
diff |= pub[i] ^ sec[i];
}
return diff == 0;
return sectrue * (diff == 0);
}
static bool pin_check(const uint8_t *pin, size_t pinlen)
static secbool pin_check(const uint8_t *pin, size_t pinlen)
{
const void *spin = NULL;
uint16_t spinlen = 0;
@ -121,16 +124,16 @@ static bool pin_check(const uint8_t *pin, size_t pinlen)
return const_cmp(pin, pinlen, spin, (size_t)spinlen);
}
bool storage_unlock(const uint8_t *pin, size_t len)
secbool storage_unlock(const uint8_t *pin, size_t len)
{
if (!initialized) {
return false;
if (sectrue != initialized) {
return secfalse;
}
uint32_t ofs;
uint32_t ctr;
if (!pin_fails_read(&ofs, &ctr)) {
return false;
if (sectrue != pin_fails_read(&ofs, &ctr)) {
return secfalse;
}
pin_fails_check_max(ctr);
@ -142,75 +145,75 @@ bool storage_unlock(const uint8_t *pin, size_t len)
// First, we increase PIN fail counter in storage, even before checking the
// PIN. If the PIN is correct, we reset the counter afterwards. If not, we
// check if this is the last allowed attempt.
if (!pin_fails_increase(ofs)) {
return false;
if (sectrue != pin_fails_increase(ofs)) {
return secfalse;
}
if (!pin_check(pin, len)) {
if (sectrue != pin_check(pin, len)) {
pin_fails_check_max(ctr << 1);
return false;
return secfalse;
}
pin_fails_reset(ofs);
return true;
return sectrue;
}
bool storage_get(uint16_t key, const void **val, uint16_t *len)
secbool storage_get(uint16_t key, const void **val, uint16_t *len)
{
if (!initialized) {
return false;
if (sectrue != initialized) {
return secfalse;
}
if (!unlocked) {
if (sectrue != unlocked) {
// shutdown();
return false;
return secfalse;
}
if (key == PIN_KEY) {
return false;
return secfalse;
}
return norcow_get(key, val, len);
}
bool storage_set(uint16_t key, const void *val, uint16_t len)
secbool storage_set(uint16_t key, const void *val, uint16_t len)
{
if (!initialized) {
return false;
if (sectrue != initialized) {
return secfalse;
}
if (!unlocked) {
if (sectrue != unlocked) {
// shutdown();
return false;
return secfalse;
}
if (key == PIN_KEY) {
return false;
return secfalse;
}
return norcow_set(key, val, len);
}
bool storage_has_pin(void)
secbool storage_has_pin(void)
{
if (!initialized) {
return false;
if (sectrue != initialized) {
return secfalse;
}
const void *spin = NULL;
uint16_t spinlen = 0;
norcow_get(PIN_KEY, &spin, &spinlen);
return spinlen != 0;
return sectrue * (spinlen != 0);
}
bool storage_change_pin(const uint8_t *pin, size_t len, const uint8_t *newpin, size_t newlen)
secbool storage_change_pin(const uint8_t *pin, size_t len, const uint8_t *newpin, size_t newlen)
{
if (!initialized) {
return false;
if (sectrue != initialized) {
return secfalse;
}
if (!unlocked) {
if (sectrue != unlocked) {
// shutdown();
return false;
return secfalse;
}
if (!pin_check(pin, len)) {
return false;
if (sectrue != pin_check(pin, len)) {
return secfalse;
}
// TODO
return true;
// TODO: change pin in storage
return sectrue;
}
bool storage_wipe(void)
secbool storage_wipe(void)
{
return norcow_wipe();
}

15
embed/extmod/modtrezorconfig/storage.h
View File

@ -7,11 +7,12 @@
#include <stdint.h>
#include <stddef.h>
#include "../../trezorhal/secbool.h"
bool storage_init(void);
bool storage_wipe(void);
bool storage_unlock(const uint8_t *pin, size_t len);
bool storage_has_pin(void);
bool storage_change_pin(const uint8_t *pin, size_t len, const uint8_t *newpin, size_t newlen);
bool storage_get(uint16_t key, const void **val, uint16_t *len);
bool storage_set(uint16_t key, const void *val, uint16_t len);
secbool storage_init(void);
secbool storage_wipe(void);
secbool storage_unlock(const uint8_t *pin, size_t len);
secbool storage_has_pin(void);
secbool storage_change_pin(const uint8_t *pin, size_t len, const uint8_t *newpin, size_t newlen);
secbool storage_get(uint16_t key, const void **val, uint16_t *len);
secbool storage_set(uint16_t key, const void *val, uint16_t len);

12
embed/trezorhal/flash.c
View File

@ -61,11 +61,11 @@ secbool flash_lock(void)
const void *flash_get_address(uint8_t sector, uint32_t offset, uint32_t size)
{
if (sector >= SECTOR_COUNT) {
if (sector >= FLASH_SECTOR_COUNT) {
return NULL;
}
uint32_t addr = SECTOR_TABLE[sector];
uint32_t next = SECTOR_TABLE[sector + 1];
uint32_t addr = FLASH_SECTOR_TABLE[sector];
uint32_t next = FLASH_SECTOR_TABLE[sector + 1];
if (offset + size > next - addr) {
return NULL;
}
@ -119,7 +119,7 @@ secbool flash_write_word(uint32_t address, uint32_t data)
secbool flash_write_byte_rel(uint8_t sector, uint32_t offset, uint8_t data)
{
return sectrue * (HAL_OK == HAL_FLASH_Program(FLASH_TYPEPROGRAM_BYTE, SECTOR_TABLE[sector] + offset, data));
return sectrue * (HAL_OK == HAL_FLASH_Program(FLASH_TYPEPROGRAM_BYTE, FLASH_SECTOR_TABLE[sector] + offset, data));
}
secbool flash_write_word_rel(uint8_t sector, uint32_t offset, uint32_t data)
@ -127,7 +127,7 @@ secbool flash_write_word_rel(uint8_t sector, uint32_t offset, uint32_t data)
if (offset % 4 != 0) {
return secfalse;
}
return sectrue * (HAL_OK == HAL_FLASH_Program(FLASH_TYPEPROGRAM_WORD, SECTOR_TABLE[sector] + offset, data));
return sectrue * (HAL_OK == HAL_FLASH_Program(FLASH_TYPEPROGRAM_WORD, FLASH_SECTOR_TABLE[sector] + offset, data));
}
secbool flash_read_word_rel(uint8_t sector, uint32_t offset, uint32_t *data)
@ -135,7 +135,7 @@ secbool flash_read_word_rel(uint8_t sector, uint32_t offset, uint32_t *data)
if (offset % 4 != 0) {
return secfalse;
}
*data = *((uint32_t *) SECTOR_TABLE[sector] + offset);
*data = *((uint32_t *) FLASH_SECTOR_TABLE[sector] + offset);
return sectrue;
}