arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-08-05 05:15:27 +00:00
Code Issues Releases Wiki Activity

storage, norcow: use secbool

Browse Source
This commit is contained in:
Jan Pochyla 2017-10-27 17:49:30 +02:00
parent 662cfc1b2c
commit 0376ff7f48
5 changed files with 128 additions and 123 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
embed/extmod/modtrezorconfig/norcow.c
View File

@ -15,10 +15,10 @@ static uint32_t norcow_active_offset = 0;
/* /*
* Erases sector * Erases sector
*/ */
static bool norcow_erase(uint8_t sector) static secbool norcow_erase(uint8_t sector)
{ {
if (sector >= NORCOW_SECTOR_COUNT) { if (sector >= NORCOW_SECTOR_COUNT) {
return false; return secfalse;
} }
return flash_erase_sectors(&norcow_sectors[sector], 1, NULL); return flash_erase_sectors(&norcow_sectors[sector], 1, NULL);
} }
@ -38,36 +38,36 @@ static const void *norcow_ptr(uint8_t sector, uint32_t offset, uint32_t size)
/* /*
* Writes data to given sector, starting from offset * Writes data to given sector, starting from offset
*/ */
static bool norcow_write(uint8_t sector, uint32_t offset, uint32_t prefix, const uint8_t *data, uint16_t len) static secbool norcow_write(uint8_t sector, uint32_t offset, uint32_t prefix, const uint8_t *data, uint16_t len)
{ {
if (sector >= NORCOW_SECTOR_COUNT) { if (sector >= NORCOW_SECTOR_COUNT) {
return false; return secfalse;
} }
if (!flash_unlock()) { if (sectrue != flash_unlock()) {
return false; return secfalse;
} }
// write prefix // write prefix
if (!flash_write_word_rel(norcow_sectors[sector], offset, prefix)) { if (sectrue != flash_write_word_rel(norcow_sectors[sector], offset, prefix)) {
flash_lock(); flash_lock();
return false; return secfalse;
} }
offset += sizeof(uint32_t); offset += sizeof(uint32_t);
// write data // write data
for (uint16_t i = 0; i < len; i++, offset++) { for (uint16_t i = 0; i < len; i++, offset++) {
if (!flash_write_byte_rel(norcow_sectors[sector], offset, data[i])) { if (sectrue != flash_write_byte_rel(norcow_sectors[sector], offset, data[i])) {
flash_lock(); flash_lock();
return false; return secfalse;
} }
} }
// pad with zeroes // pad with zeroes
for (; offset % 4; offset++) { for (; offset % 4; offset++) {
if (!flash_write_byte_rel(norcow_sectors[sector], offset, 0x00)) { if (sectrue != flash_write_byte_rel(norcow_sectors[sector], offset, 0x00)) {
flash_lock(); flash_lock();
return false; return secfalse;
} }
} }
flash_lock(); flash_lock();
return true; return sectrue;
} }
#define ALIGN4(X) (X) = ((X) + 3) & ~3 #define ALIGN4(X) (X) = ((X) + 3) & ~3
@ -75,34 +75,34 @@ static bool norcow_write(uint8_t sector, uint32_t offset, uint32_t prefix, const
/* /*
* Reads one item starting from offset * Reads one item starting from offset
*/ */
static bool read_item(uint8_t sector, uint32_t offset, uint16_t *key, const void **val, uint16_t *len, uint32_t *pos) static secbool read_item(uint8_t sector, uint32_t offset, uint16_t *key, const void **val, uint16_t *len, uint32_t *pos)
{ {
*pos = offset; *pos = offset;
const void *k = norcow_ptr(sector, *pos, 2); const void *k = norcow_ptr(sector, *pos, 2);
if (k == NULL) return false; if (k == NULL) return secfalse;
*pos += 2; *pos += 2;
memcpy(key, k, sizeof(uint16_t)); memcpy(key, k, sizeof(uint16_t));
if (*key == 0xFFFF) { if (*key == 0xFFFF) {
return false; return secfalse;
} }
const void *l = norcow_ptr(sector, *pos, 2); const void *l = norcow_ptr(sector, *pos, 2);
if (l == NULL) return false; if (l == NULL) return secfalse;
*pos += 2; *pos += 2;
memcpy(len, l, sizeof(uint16_t)); memcpy(len, l, sizeof(uint16_t));
*val = norcow_ptr(sector, *pos, *len); *val = norcow_ptr(sector, *pos, *len);
if (*val == NULL) return false; if (*val == NULL) return secfalse;
*pos += *len; *pos += *len;
ALIGN4(*pos); ALIGN4(*pos);
return true; return sectrue;
} }
/* /*
* Writes one item starting from offset * Writes one item starting from offset
*/ */
static bool write_item(uint8_t sector, uint32_t offset, uint16_t key, const void *val, uint16_t len, uint32_t *pos) static secbool write_item(uint8_t sector, uint32_t offset, uint16_t key, const void *val, uint16_t len, uint32_t *pos)
{ {
uint32_t prefix = (len << 16) | key; uint32_t prefix = (len << 16) | key;
*pos = offset + sizeof(uint32_t) + len; *pos = offset + sizeof(uint32_t) + len;
@ -113,7 +113,7 @@ static bool write_item(uint8_t sector, uint32_t offset, uint16_t key, const void
/* /*
* Finds item in given sector * Finds item in given sector
*/ */
static bool find_item(uint8_t sector, uint16_t key, const void **val, uint16_t *len) static secbool find_item(uint8_t sector, uint16_t key, const void **val, uint16_t *len)
{ {
*val = 0; *val = 0;
*len = 0; *len = 0;
@ -122,15 +122,16 @@ static bool find_item(uint8_t sector, uint16_t key, const void **val, uint16_t *
uint16_t k, l; uint16_t k, l;
const void *v; const void *v;
uint32_t pos; uint32_t pos;
bool r = read_item(sector, offset, &k, &v, &l, &pos); if (sectrue != read_item(sector, offset, &k, &v, &l, &pos)) {
if (!r) break; break;
}
if (key == k) { if (key == k) {
*val = v; *val = v;
*len = l; *len = l;
} }
offset = pos; offset = pos;
} }
return (*val); return sectrue * (*val != NULL);
} }
/* /*
@ -143,8 +144,9 @@ static uint32_t find_free_offset(uint8_t sector)
uint16_t key, len; uint16_t key, len;
const void *val; const void *val;
uint32_t pos; uint32_t pos;
bool r = read_item(sector, offset, &key, &val, &len, &pos); if (sectrue != read_item(sector, offset, &key, &val, &len, &pos)) {
if (!r) break; break;
}
offset = pos; offset = pos;
} }
return offset; return offset;
@ -164,17 +166,15 @@ static void compact()
uint16_t k, l; uint16_t k, l;
const void *v; const void *v;
uint32_t pos; uint32_t pos;
bool r = read_item(norcow_active_sector, offset, &k, &v, &l, &pos); secbool r = read_item(norcow_active_sector, offset, &k, &v, &l, &pos);
if (!r) break; if (sectrue != r) break;
offset = pos; offset = pos;
// check if not already saved // check if not already saved
const void *v2; const void *v2;
uint16_t l2; uint16_t l2;
r = find_item(norcow_next_sector, k, &v2, &l2); r = find_item(norcow_next_sector, k, &v2, &l2);
if (r) { if (sectrue == r) continue;
continue;
}
// scan for latest instance // scan for latest instance
uint32_t offsetr = offset; uint32_t offsetr = offset;
@ -182,7 +182,7 @@ static void compact()
uint16_t k2; uint16_t k2;
uint32_t posr; uint32_t posr;
r = read_item(norcow_active_sector, offsetr, &k2, &v2, &l2, &posr); r = read_item(norcow_active_sector, offsetr, &k2, &v2, &l2, &posr);
if (!r) break; if (sectrue != r) break;
if (k == k2) { if (k == k2) {
v = v2; v = v2;
l = l2; l = l2;
@ -193,7 +193,7 @@ static void compact()
// copy the last item // copy the last item
uint32_t posw; uint32_t posw;
r = write_item(norcow_next_sector, offsetw, k, v, l, &posw); r = write_item(norcow_next_sector, offsetw, k, v, l, &posw);
if (!r) { } // TODO: error if (sectrue != r) { } // TODO: error
offsetw = posw; offsetw = posw;
} }
@ -205,7 +205,7 @@ static void compact()
/* /*
* Initializes storage * Initializes storage
*/ */
bool norcow_init(void) secbool norcow_init(void)
{ {
// detect active sector (inactive sectors are empty = start with 0xFF) // detect active sector (inactive sectors are empty = start with 0xFF)
for (uint8_t i = 0; i < NORCOW_SECTOR_COUNT; i++) { for (uint8_t i = 0; i < NORCOW_SECTOR_COUNT; i++) {
@ -216,28 +216,28 @@ bool norcow_init(void)
} }
} }
norcow_active_offset = find_free_offset(norcow_active_sector); norcow_active_offset = find_free_offset(norcow_active_sector);
return true; return sectrue;
} }
/* /*
* Wipe the storage * Wipe the storage
*/ */
bool norcow_wipe(void) secbool norcow_wipe(void)
{ {
for (uint8_t i = 0; i < NORCOW_SECTOR_COUNT; i++) { for (uint8_t i = 0; i < NORCOW_SECTOR_COUNT; i++) {
if (!norcow_erase(i)) { if (sectrue != norcow_erase(i)) {
return false; return secfalse;
} }
} }
norcow_active_sector = 0; norcow_active_sector = 0;
norcow_active_offset = 0; norcow_active_offset = 0;
return true; return sectrue;
} }
/* /*
* Looks for the given key, returns status of the operation * Looks for the given key, returns status of the operation
*/ */
bool norcow_get(uint16_t key, const void **val, uint16_t *len) secbool norcow_get(uint16_t key, const void **val, uint16_t *len)
{ {
return find_item(norcow_active_sector, key, val, len); return find_item(norcow_active_sector, key, val, len);
} }
@ -245,7 +245,7 @@ bool norcow_get(uint16_t key, const void **val, uint16_t *len)
/* /*
* Sets the given key, returns status of the operation * Sets the given key, returns status of the operation
*/ */
bool norcow_set(uint16_t key, const void *val, uint16_t len) secbool norcow_set(uint16_t key, const void *val, uint16_t len)
{ {
// check whether there is enough free space // check whether there is enough free space
// and compact if full // and compact if full
@ -254,8 +254,8 @@ bool norcow_set(uint16_t key, const void *val, uint16_t len)
} }
// write item // write item
uint32_t pos; uint32_t pos;
bool r = write_item(norcow_active_sector, norcow_active_offset, key, val, len, &pos); secbool r = write_item(norcow_active_sector, norcow_active_offset, key, val, len, &pos);
if (r) { if (sectrue == r) {
norcow_active_offset = pos; norcow_active_offset = pos;
} }
return r; return r;

9
embed/extmod/modtrezorconfig/norcow.h
View File

@ -3,6 +3,7 @@
#include <stdint.h> #include <stdint.h>
#include <stdbool.h> #include <stdbool.h>
#include "../../trezorhal/secbool.h"
/* /*
* Storage parameters: * Storage parameters:
@ -14,21 +15,21 @@
/* /*
* Initialize storage * Initialize storage
*/ */
bool norcow_init(void); secbool norcow_init(void);
/* /*
* Wipe the storage * Wipe the storage
*/ */
bool norcow_wipe(void); secbool norcow_wipe(void);
/* /*
* Looks for the given key, returns status of the operation * Looks for the given key, returns status of the operation
*/ */
bool norcow_get(uint16_t key, const void **val, uint16_t *len); secbool norcow_get(uint16_t key, const void **val, uint16_t *len);
/* /*
* Sets the given key, returns status of the operation * Sets the given key, returns status of the operation
*/ */
bool norcow_set(uint16_t key, const void *val, uint16_t len); secbool norcow_set(uint16_t key, const void *val, uint16_t len);
#endif #endif

129
embed/extmod/modtrezorconfig/storage.c
View File

@ -19,20 +19,20 @@
// Norcow storage key of configured PIN. // Norcow storage key of configured PIN.
#define PIN_KEY 0x0000 #define PIN_KEY 0x0000
static bool initialized = false; static secbool initialized = secfalse;
static bool unlocked = false; static secbool unlocked = secfalse;
bool storage_init(void) secbool storage_init(void)
{ {
if (!flash_init()) { if (sectrue != flash_init()) {
return false; return secfalse;
} }
if (!norcow_init()) { if (sectrue != norcow_init()) {
return false; return secfalse;
} }
initialized = true; initialized = sectrue;
unlocked = false; unlocked = secfalse;
return true; return sectrue;
} }
static void pin_fails_reset(uint32_t ofs) static void pin_fails_reset(uint32_t ofs)
@ -51,26 +51,29 @@ static void pin_fails_reset(uint32_t ofs)
} }
} }
static bool pin_fails_increase(uint32_t ofs) static secbool pin_fails_increase(uint32_t ofs)
{ {
uint32_t ctr = ~PIN_MAX_TRIES; uint32_t ctr = ~PIN_MAX_TRIES;
if (!flash_read_word_rel(FLASH_SECTOR_PIN_AREA, ofs, &ctr)) { if (sectrue != flash_read_word_rel(FLASH_SECTOR_PIN_AREA, ofs, &ctr)) {
return false; return secfalse;
} }
ctr = ctr << 1; ctr = ctr << 1;
flash_unlock(); flash_unlock();
if (!flash_write_word_rel(FLASH_SECTOR_PIN_AREA, ofs, ctr)) { if (sectrue != flash_write_word_rel(FLASH_SECTOR_PIN_AREA, ofs, ctr)) {
flash_lock(); flash_lock();
return false; return secfalse;
} }
flash_lock(); flash_lock();
uint32_t check = 0; uint32_t check = 0;
if (!flash_read_word_rel(FLASH_SECTOR_PIN_AREA, ofs, &check)) { if (sectrue != flash_read_word_rel(FLASH_SECTOR_PIN_AREA, ofs, &check)) {
return false; return secfalse;
} }
return ctr == check; if (ctr != check) {
return secfalse;
}
return sectrue;
} }
static void pin_fails_check_max(uint32_t ctr) static void pin_fails_check_max(uint32_t ctr)
@ -85,35 +88,35 @@ static void pin_fails_check_max(uint32_t ctr)
} }
} }
static bool pin_fails_read(uint32_t *ofs, uint32_t *ctr) static secbool pin_fails_read(uint32_t *ofs, uint32_t *ctr)
{ {
if (!ofs || !ctr) { if (NULL == ofs || NULL == ctr) {
return false; return secfalse;
} }
for (uint32_t o = 0; o < PIN_SECTOR_SIZE; o += sizeof(uint32_t)) { for (uint32_t o = 0; o < PIN_SECTOR_SIZE; o += sizeof(uint32_t)) {
uint32_t c = 0; uint32_t c = 0;
if (!flash_read_word_rel(FLASH_SECTOR_PIN_AREA, o, &c)) { if (!flash_read_word_rel(FLASH_SECTOR_PIN_AREA, o, &c)) {
return false; return secfalse;
} }
if (c != 0) { if (c != 0) {
*ofs = o; *ofs = o;
*ctr = c; *ctr = c;
return true; return sectrue;
} }
} }
return false; return secfalse;
} }
static bool const_cmp(const uint8_t *pub, size_t publen, const uint8_t *sec, size_t seclen) static secbool const_cmp(const uint8_t *pub, size_t publen, const uint8_t *sec, size_t seclen)
{ {
size_t diff = seclen ^ publen; size_t diff = seclen ^ publen;
for (size_t i = 0; i < publen; i++) { for (size_t i = 0; i < publen; i++) {
diff |= pub[i] ^ sec[i]; diff |= pub[i] ^ sec[i];
} }
return diff == 0; return sectrue * (diff == 0);
} }
static bool pin_check(const uint8_t *pin, size_t pinlen) static secbool pin_check(const uint8_t *pin, size_t pinlen)
{ {
const void *spin = NULL; const void *spin = NULL;
uint16_t spinlen = 0; uint16_t spinlen = 0;
@ -121,16 +124,16 @@ static bool pin_check(const uint8_t *pin, size_t pinlen)
return const_cmp(pin, pinlen, spin, (size_t)spinlen); return const_cmp(pin, pinlen, spin, (size_t)spinlen);
} }
bool storage_unlock(const uint8_t *pin, size_t len) secbool storage_unlock(const uint8_t *pin, size_t len)
{ {
if (!initialized) { if (sectrue != initialized) {
return false; return secfalse;
} }
uint32_t ofs; uint32_t ofs;
uint32_t ctr; uint32_t ctr;
if (!pin_fails_read(&ofs, &ctr)) { if (sectrue != pin_fails_read(&ofs, &ctr)) {
return false; return secfalse;
} }
pin_fails_check_max(ctr); pin_fails_check_max(ctr);
@ -142,75 +145,75 @@ bool storage_unlock(const uint8_t *pin, size_t len)
// First, we increase PIN fail counter in storage, even before checking the // First, we increase PIN fail counter in storage, even before checking the
// PIN. If the PIN is correct, we reset the counter afterwards. If not, we // PIN. If the PIN is correct, we reset the counter afterwards. If not, we
// check if this is the last allowed attempt. // check if this is the last allowed attempt.
if (!pin_fails_increase(ofs)) { if (sectrue != pin_fails_increase(ofs)) {
return false; return secfalse;
} }
if (!pin_check(pin, len)) { if (sectrue != pin_check(pin, len)) {
pin_fails_check_max(ctr << 1); pin_fails_check_max(ctr << 1);
return false; return secfalse;
} }
pin_fails_reset(ofs); pin_fails_reset(ofs);
return true; return sectrue;
} }
bool storage_get(uint16_t key, const void **val, uint16_t *len) secbool storage_get(uint16_t key, const void **val, uint16_t *len)
{ {
if (!initialized) { if (sectrue != initialized) {
return false; return secfalse;
} }
if (!unlocked) { if (sectrue != unlocked) {
// shutdown(); // shutdown();
return false; return secfalse;
} }
if (key == PIN_KEY) { if (key == PIN_KEY) {
return false; return secfalse;
} }
return norcow_get(key, val, len); return norcow_get(key, val, len);
} }
bool storage_set(uint16_t key, const void *val, uint16_t len) secbool storage_set(uint16_t key, const void *val, uint16_t len)
{ {
if (!initialized) { if (sectrue != initialized) {
return false; return secfalse;
} }
if (!unlocked) { if (sectrue != unlocked) {
// shutdown(); // shutdown();
return false; return secfalse;
} }
if (key == PIN_KEY) { if (key == PIN_KEY) {
return false; return secfalse;
} }
return norcow_set(key, val, len); return norcow_set(key, val, len);
} }
bool storage_has_pin(void) secbool storage_has_pin(void)
{ {
if (!initialized) { if (sectrue != initialized) {
return false; return secfalse;
} }
const void *spin = NULL; const void *spin = NULL;
uint16_t spinlen = 0; uint16_t spinlen = 0;
norcow_get(PIN_KEY, &spin, &spinlen); norcow_get(PIN_KEY, &spin, &spinlen);
return spinlen != 0; return sectrue * (spinlen != 0);
} }
bool storage_change_pin(const uint8_t *pin, size_t len, const uint8_t *newpin, size_t newlen) secbool storage_change_pin(const uint8_t *pin, size_t len, const uint8_t *newpin, size_t newlen)
{ {
if (!initialized) { if (sectrue != initialized) {
return false; return secfalse;
} }
if (!unlocked) { if (sectrue != unlocked) {
// shutdown(); // shutdown();
return false; return secfalse;
} }
if (!pin_check(pin, len)) { if (sectrue != pin_check(pin, len)) {
return false; return secfalse;
} }
// TODO // TODO: change pin in storage
return true; return sectrue;
} }
bool storage_wipe(void) secbool storage_wipe(void)
{ {
return norcow_wipe(); return norcow_wipe();
} }

15
embed/extmod/modtrezorconfig/storage.h
View File

@ -7,11 +7,12 @@
#include <stdint.h> #include <stdint.h>
#include <stddef.h> #include <stddef.h>
#include "../../trezorhal/secbool.h"
bool storage_init(void); secbool storage_init(void);
bool storage_wipe(void); secbool storage_wipe(void);
bool storage_unlock(const uint8_t *pin, size_t len); secbool storage_unlock(const uint8_t *pin, size_t len);
bool storage_has_pin(void); secbool storage_has_pin(void);
bool storage_change_pin(const uint8_t *pin, size_t len, const uint8_t *newpin, size_t newlen); secbool storage_change_pin(const uint8_t *pin, size_t len, const uint8_t *newpin, size_t newlen);
bool storage_get(uint16_t key, const void **val, uint16_t *len); secbool storage_get(uint16_t key, const void **val, uint16_t *len);
bool storage_set(uint16_t key, const void *val, uint16_t len); secbool storage_set(uint16_t key, const void *val, uint16_t len);

12
embed/trezorhal/flash.c
View File

@ -61,11 +61,11 @@ secbool flash_lock(void)
const void *flash_get_address(uint8_t sector, uint32_t offset, uint32_t size) const void *flash_get_address(uint8_t sector, uint32_t offset, uint32_t size)
{ {
if (sector >= SECTOR_COUNT) { if (sector >= FLASH_SECTOR_COUNT) {
return NULL; return NULL;
} }
uint32_t addr = SECTOR_TABLE[sector]; uint32_t addr = FLASH_SECTOR_TABLE[sector];
uint32_t next = SECTOR_TABLE[sector + 1]; uint32_t next = FLASH_SECTOR_TABLE[sector + 1];
if (offset + size > next - addr) { if (offset + size > next - addr) {
return NULL; return NULL;
} }
@ -119,7 +119,7 @@ secbool flash_write_word(uint32_t address, uint32_t data)
secbool flash_write_byte_rel(uint8_t sector, uint32_t offset, uint8_t data) secbool flash_write_byte_rel(uint8_t sector, uint32_t offset, uint8_t data)
{ {
return sectrue * (HAL_OK == HAL_FLASH_Program(FLASH_TYPEPROGRAM_BYTE, SECTOR_TABLE[sector] + offset, data)); return sectrue * (HAL_OK == HAL_FLASH_Program(FLASH_TYPEPROGRAM_BYTE, FLASH_SECTOR_TABLE[sector] + offset, data));
} }
secbool flash_write_word_rel(uint8_t sector, uint32_t offset, uint32_t data) secbool flash_write_word_rel(uint8_t sector, uint32_t offset, uint32_t data)
@ -127,7 +127,7 @@ secbool flash_write_word_rel(uint8_t sector, uint32_t offset, uint32_t data)
if (offset % 4 != 0) { if (offset % 4 != 0) {
return secfalse; return secfalse;
} }
return sectrue * (HAL_OK == HAL_FLASH_Program(FLASH_TYPEPROGRAM_WORD, SECTOR_TABLE[sector] + offset, data)); return sectrue * (HAL_OK == HAL_FLASH_Program(FLASH_TYPEPROGRAM_WORD, FLASH_SECTOR_TABLE[sector] + offset, data));
} }
secbool flash_read_word_rel(uint8_t sector, uint32_t offset, uint32_t *data) secbool flash_read_word_rel(uint8_t sector, uint32_t offset, uint32_t *data)
@ -135,7 +135,7 @@ secbool flash_read_word_rel(uint8_t sector, uint32_t offset, uint32_t *data)
if (offset % 4 != 0) { if (offset % 4 != 0) {
return secfalse; return secfalse;
} }
*data = *((uint32_t *) SECTOR_TABLE[sector] + offset); *data = *((uint32_t *) FLASH_SECTOR_TABLE[sector] + offset);
return sectrue; return sectrue;
} }