mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-12-26 16:18:22 +00:00
storage: make FLAG_PUBLIC and FLAGS_WRITE part of public API
This commit is contained in:
parent
51d7a5feaa
commit
1caae698ca
@ -183,7 +183,7 @@ STATIC mp_obj_t mod_trezorconfig_get(size_t n_args, const mp_obj_t *args) {
|
||||
uint8_t app = trezor_obj_get_uint8(args[0]) & 0x3F;
|
||||
uint8_t key = trezor_obj_get_uint8(args[1]);
|
||||
if (n_args > 2 && args[2] == mp_const_true) {
|
||||
app |= 0x80;
|
||||
app |= FLAG_PUBLIC;
|
||||
}
|
||||
uint16_t appkey = (app << 8) | key;
|
||||
uint16_t len = 0;
|
||||
@ -212,7 +212,7 @@ STATIC mp_obj_t mod_trezorconfig_set(size_t n_args, const mp_obj_t *args) {
|
||||
uint8_t app = trezor_obj_get_uint8(args[0]) & 0x3F;
|
||||
uint8_t key = trezor_obj_get_uint8(args[1]);
|
||||
if (n_args > 3 && args[3] == mp_const_true) {
|
||||
app |= 0x80;
|
||||
app |= FLAG_PUBLIC;
|
||||
}
|
||||
uint16_t appkey = (app << 8) | key;
|
||||
mp_buffer_info_t value;
|
||||
@ -233,7 +233,7 @@ STATIC mp_obj_t mod_trezorconfig_delete(size_t n_args, const mp_obj_t *args) {
|
||||
uint8_t app = trezor_obj_get_uint8(args[0]) & 0x3F;
|
||||
uint8_t key = trezor_obj_get_uint8(args[1]);
|
||||
if (n_args > 2 && args[2] == mp_const_true) {
|
||||
app |= 0x80;
|
||||
app |= FLAG_PUBLIC;
|
||||
}
|
||||
uint16_t appkey = (app << 8) | key;
|
||||
if (sectrue != storage_delete(appkey)) {
|
||||
@ -255,9 +255,9 @@ STATIC mp_obj_t mod_trezorconfig_set_counter(size_t n_args,
|
||||
uint8_t app = trezor_obj_get_uint8(args[0]) & 0x3F;
|
||||
uint8_t key = trezor_obj_get_uint8(args[1]);
|
||||
if (n_args > 3 && args[3] == mp_const_true) {
|
||||
app |= 0xC0;
|
||||
app |= FLAGS_WRITE;
|
||||
} else {
|
||||
app |= 0x80;
|
||||
app |= FLAG_PUBLIC;
|
||||
}
|
||||
uint16_t appkey = (app << 8) | key;
|
||||
if (args[2] == mp_const_none) {
|
||||
@ -287,9 +287,9 @@ STATIC mp_obj_t mod_trezorconfig_next_counter(size_t n_args,
|
||||
uint8_t app = trezor_obj_get_uint8(args[0]) & 0x3F;
|
||||
uint8_t key = trezor_obj_get_uint8(args[1]);
|
||||
if (n_args > 2 && args[2] == mp_const_true) {
|
||||
app |= 0xC0;
|
||||
app |= FLAGS_WRITE;
|
||||
} else {
|
||||
app |= 0x80;
|
||||
app |= FLAG_PUBLIC;
|
||||
}
|
||||
uint16_t appkey = (app << 8) | key;
|
||||
uint32_t count = 0;
|
||||
|
@ -56,28 +56,28 @@ static const uint32_t META_MAGIC_V10 = 0x525a5254; // 'TRZR' as uint32_t
|
||||
static const uint32_t META_MAGIC_V10 = 0xFFFFFFFF;
|
||||
#endif
|
||||
|
||||
#define APP 0x0100
|
||||
#define FLAG_PUBLIC 0x8000
|
||||
#define FLAGS_WRITE 0xC000
|
||||
#define APP (0x01 << 8)
|
||||
#define FLAG_PUBLIC_SHIFTED (FLAG_PUBLIC << 8)
|
||||
#define FLAGS_WRITE_SHIFTED (FLAGS_WRITE << 8)
|
||||
|
||||
#define KEY_UUID (0 | APP | FLAG_PUBLIC) // bytes(12)
|
||||
#define KEY_VERSION (1 | APP) // uint32
|
||||
#define KEY_MNEMONIC (2 | APP) // string(241)
|
||||
#define KEY_LANGUAGE (3 | APP | FLAG_PUBLIC) // string(17)
|
||||
#define KEY_LABEL (4 | APP | FLAG_PUBLIC) // string(33)
|
||||
#define KEY_PASSPHRASE_PROTECTION (5 | APP | FLAG_PUBLIC) // bool
|
||||
#define KEY_HOMESCREEN (6 | APP | FLAG_PUBLIC) // bytes(1024)
|
||||
#define KEY_NEEDS_BACKUP (7 | APP) // bool
|
||||
#define KEY_FLAGS (8 | APP) // uint32
|
||||
#define KEY_U2F_COUNTER (9 | APP | FLAGS_WRITE) // uint32
|
||||
#define KEY_UNFINISHED_BACKUP (11 | APP) // bool
|
||||
#define KEY_AUTO_LOCK_DELAY_MS (12 | APP) // uint32
|
||||
#define KEY_NO_BACKUP (13 | APP) // bool
|
||||
#define KEY_INITIALIZED (14 | APP | FLAG_PUBLIC) // uint32
|
||||
#define KEY_NODE (15 | APP) // node
|
||||
#define KEY_IMPORTED (16 | APP) // bool
|
||||
#define KEY_U2F_ROOT (17 | APP | FLAG_PUBLIC) // node
|
||||
#define KEY_DEBUG_LINK_PIN (255 | APP | FLAG_PUBLIC) // string(10)
|
||||
#define KEY_UUID (0 | APP | FLAG_PUBLIC_SHIFTED) // bytes(12)
|
||||
#define KEY_VERSION (1 | APP) // uint32
|
||||
#define KEY_MNEMONIC (2 | APP) // string(241)
|
||||
#define KEY_LANGUAGE (3 | APP | FLAG_PUBLIC_SHIFTED) // string(17)
|
||||
#define KEY_LABEL (4 | APP | FLAG_PUBLIC_SHIFTED) // string(33)
|
||||
#define KEY_PASSPHRASE_PROTECTION (5 | APP | FLAG_PUBLIC_SHIFTED) // bool
|
||||
#define KEY_HOMESCREEN (6 | APP | FLAG_PUBLIC_SHIFTED) // bytes(1024)
|
||||
#define KEY_NEEDS_BACKUP (7 | APP) // bool
|
||||
#define KEY_FLAGS (8 | APP) // uint32
|
||||
#define KEY_U2F_COUNTER (9 | APP | FLAGS_WRITE_SHIFTED) // uint32
|
||||
#define KEY_UNFINISHED_BACKUP (11 | APP) // bool
|
||||
#define KEY_AUTO_LOCK_DELAY_MS (12 | APP) // uint32
|
||||
#define KEY_NO_BACKUP (13 | APP) // bool
|
||||
#define KEY_INITIALIZED (14 | APP | FLAG_PUBLIC_SHIFTED) // uint32
|
||||
#define KEY_NODE (15 | APP) // node
|
||||
#define KEY_IMPORTED (16 | APP) // bool
|
||||
#define KEY_U2F_ROOT (17 | APP | FLAG_PUBLIC_SHIFTED) // node
|
||||
#define KEY_DEBUG_LINK_PIN (255 | APP | FLAG_PUBLIC_SHIFTED) // string(10)
|
||||
|
||||
// The PIN value corresponding to an empty PIN.
|
||||
static const uint32_t PIN_EMPTY = 1;
|
||||
|
@ -64,13 +64,6 @@
|
||||
// The number of seconds required to derive the KEK and KEIV.
|
||||
#define DERIVE_SECS 1
|
||||
|
||||
// If the top bit of APP is set, then the value is not encrypted.
|
||||
#define FLAG_PUBLIC 0x80
|
||||
|
||||
// If the top two bits of APP are set, then the value is not encrypted and it
|
||||
// can be written even when the storage is locked.
|
||||
#define FLAGS_WRITE 0xC0
|
||||
|
||||
// The length of the guard key in words.
|
||||
#define GUARD_KEY_WORDS 1
|
||||
|
||||
@ -967,7 +960,6 @@ secbool storage_get(const uint16_t key, void *val_dest, const uint16_t max_len,
|
||||
|
||||
// If the top bit of APP is set, then the value is not encrypted and can be
|
||||
// read from a locked device.
|
||||
secbool ret = secfalse;
|
||||
if ((app & FLAG_PUBLIC) != 0) {
|
||||
const void *val_stored = NULL;
|
||||
if (sectrue != norcow_get(key, &val_stored, len)) {
|
||||
@ -980,15 +972,13 @@ secbool storage_get(const uint16_t key, void *val_dest, const uint16_t max_len,
|
||||
return secfalse;
|
||||
}
|
||||
memcpy(val_dest, val_stored, *len);
|
||||
ret = sectrue;
|
||||
return sectrue;
|
||||
} else {
|
||||
if (sectrue != unlocked) {
|
||||
return secfalse;
|
||||
}
|
||||
ret = storage_get_encrypted(key, val_dest, max_len, len);
|
||||
return storage_get_encrypted(key, val_dest, max_len, len);
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -27,6 +27,13 @@
|
||||
// The length of the external salt in bytes.
|
||||
#define EXTERNAL_SALT_SIZE 32
|
||||
|
||||
// If the top bit of APP is set, then the value is not encrypted.
|
||||
#define FLAG_PUBLIC 0x80
|
||||
|
||||
// If the top two bits of APP are set, then the value is not encrypted and it
|
||||
// can be written even when the storage is locked.
|
||||
#define FLAGS_WRITE 0xC0
|
||||
|
||||
typedef secbool (*PIN_UI_WAIT_CALLBACK)(uint32_t wait, uint32_t progress,
|
||||
const char *message);
|
||||
|
||||
|
@ -80,7 +80,7 @@ FLAG_PUBLIC = 0x80
|
||||
|
||||
# If the top two bits of APP are set, then the value is not encrypted and it
|
||||
# can be written even when the storage is locked.
|
||||
FLAG_WRITE = 0xC0
|
||||
FLAGS_WRITE = 0xC0
|
||||
|
||||
# Length of word in bytes.
|
||||
WORD_SIZE = 4
|
||||
@ -147,6 +147,6 @@ def is_app_private(app: int):
|
||||
|
||||
|
||||
def is_app_lock_writable(app: int):
|
||||
if app & FLAG_WRITE == FLAG_WRITE:
|
||||
if app & FLAGS_WRITE == FLAGS_WRITE:
|
||||
return True
|
||||
return False
|
||||
|
Loading…
Reference in New Issue
Block a user