1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-01-14 17:31:04 +00:00

storage: make FLAG_PUBLIC and FLAGS_WRITE part of public API

This commit is contained in:
Pavol Rusnak 2019-11-09 11:25:17 +00:00
parent 51d7a5feaa
commit 1caae698ca
No known key found for this signature in database
GPG Key ID: 91F3B339B9A02A3D
5 changed files with 39 additions and 42 deletions

View File

@ -183,7 +183,7 @@ STATIC mp_obj_t mod_trezorconfig_get(size_t n_args, const mp_obj_t *args) {
uint8_t app = trezor_obj_get_uint8(args[0]) & 0x3F; uint8_t app = trezor_obj_get_uint8(args[0]) & 0x3F;
uint8_t key = trezor_obj_get_uint8(args[1]); uint8_t key = trezor_obj_get_uint8(args[1]);
if (n_args > 2 && args[2] == mp_const_true) { if (n_args > 2 && args[2] == mp_const_true) {
app |= 0x80; app |= FLAG_PUBLIC;
} }
uint16_t appkey = (app << 8) | key; uint16_t appkey = (app << 8) | key;
uint16_t len = 0; uint16_t len = 0;
@ -212,7 +212,7 @@ STATIC mp_obj_t mod_trezorconfig_set(size_t n_args, const mp_obj_t *args) {
uint8_t app = trezor_obj_get_uint8(args[0]) & 0x3F; uint8_t app = trezor_obj_get_uint8(args[0]) & 0x3F;
uint8_t key = trezor_obj_get_uint8(args[1]); uint8_t key = trezor_obj_get_uint8(args[1]);
if (n_args > 3 && args[3] == mp_const_true) { if (n_args > 3 && args[3] == mp_const_true) {
app |= 0x80; app |= FLAG_PUBLIC;
} }
uint16_t appkey = (app << 8) | key; uint16_t appkey = (app << 8) | key;
mp_buffer_info_t value; mp_buffer_info_t value;
@ -233,7 +233,7 @@ STATIC mp_obj_t mod_trezorconfig_delete(size_t n_args, const mp_obj_t *args) {
uint8_t app = trezor_obj_get_uint8(args[0]) & 0x3F; uint8_t app = trezor_obj_get_uint8(args[0]) & 0x3F;
uint8_t key = trezor_obj_get_uint8(args[1]); uint8_t key = trezor_obj_get_uint8(args[1]);
if (n_args > 2 && args[2] == mp_const_true) { if (n_args > 2 && args[2] == mp_const_true) {
app |= 0x80; app |= FLAG_PUBLIC;
} }
uint16_t appkey = (app << 8) | key; uint16_t appkey = (app << 8) | key;
if (sectrue != storage_delete(appkey)) { if (sectrue != storage_delete(appkey)) {
@ -255,9 +255,9 @@ STATIC mp_obj_t mod_trezorconfig_set_counter(size_t n_args,
uint8_t app = trezor_obj_get_uint8(args[0]) & 0x3F; uint8_t app = trezor_obj_get_uint8(args[0]) & 0x3F;
uint8_t key = trezor_obj_get_uint8(args[1]); uint8_t key = trezor_obj_get_uint8(args[1]);
if (n_args > 3 && args[3] == mp_const_true) { if (n_args > 3 && args[3] == mp_const_true) {
app |= 0xC0; app |= FLAGS_WRITE;
} else { } else {
app |= 0x80; app |= FLAG_PUBLIC;
} }
uint16_t appkey = (app << 8) | key; uint16_t appkey = (app << 8) | key;
if (args[2] == mp_const_none) { if (args[2] == mp_const_none) {
@ -287,9 +287,9 @@ STATIC mp_obj_t mod_trezorconfig_next_counter(size_t n_args,
uint8_t app = trezor_obj_get_uint8(args[0]) & 0x3F; uint8_t app = trezor_obj_get_uint8(args[0]) & 0x3F;
uint8_t key = trezor_obj_get_uint8(args[1]); uint8_t key = trezor_obj_get_uint8(args[1]);
if (n_args > 2 && args[2] == mp_const_true) { if (n_args > 2 && args[2] == mp_const_true) {
app |= 0xC0; app |= FLAGS_WRITE;
} else { } else {
app |= 0x80; app |= FLAG_PUBLIC;
} }
uint16_t appkey = (app << 8) | key; uint16_t appkey = (app << 8) | key;
uint32_t count = 0; uint32_t count = 0;

View File

@ -56,28 +56,28 @@ static const uint32_t META_MAGIC_V10 = 0x525a5254; // 'TRZR' as uint32_t
static const uint32_t META_MAGIC_V10 = 0xFFFFFFFF; static const uint32_t META_MAGIC_V10 = 0xFFFFFFFF;
#endif #endif
#define APP 0x0100 #define APP (0x01 << 8)
#define FLAG_PUBLIC 0x8000 #define FLAG_PUBLIC_SHIFTED (FLAG_PUBLIC << 8)
#define FLAGS_WRITE 0xC000 #define FLAGS_WRITE_SHIFTED (FLAGS_WRITE << 8)
#define KEY_UUID (0 | APP | FLAG_PUBLIC) // bytes(12) #define KEY_UUID (0 | APP | FLAG_PUBLIC_SHIFTED) // bytes(12)
#define KEY_VERSION (1 | APP) // uint32 #define KEY_VERSION (1 | APP) // uint32
#define KEY_MNEMONIC (2 | APP) // string(241) #define KEY_MNEMONIC (2 | APP) // string(241)
#define KEY_LANGUAGE (3 | APP | FLAG_PUBLIC) // string(17) #define KEY_LANGUAGE (3 | APP | FLAG_PUBLIC_SHIFTED) // string(17)
#define KEY_LABEL (4 | APP | FLAG_PUBLIC) // string(33) #define KEY_LABEL (4 | APP | FLAG_PUBLIC_SHIFTED) // string(33)
#define KEY_PASSPHRASE_PROTECTION (5 | APP | FLAG_PUBLIC) // bool #define KEY_PASSPHRASE_PROTECTION (5 | APP | FLAG_PUBLIC_SHIFTED) // bool
#define KEY_HOMESCREEN (6 | APP | FLAG_PUBLIC) // bytes(1024) #define KEY_HOMESCREEN (6 | APP | FLAG_PUBLIC_SHIFTED) // bytes(1024)
#define KEY_NEEDS_BACKUP (7 | APP) // bool #define KEY_NEEDS_BACKUP (7 | APP) // bool
#define KEY_FLAGS (8 | APP) // uint32 #define KEY_FLAGS (8 | APP) // uint32
#define KEY_U2F_COUNTER (9 | APP | FLAGS_WRITE) // uint32 #define KEY_U2F_COUNTER (9 | APP | FLAGS_WRITE_SHIFTED) // uint32
#define KEY_UNFINISHED_BACKUP (11 | APP) // bool #define KEY_UNFINISHED_BACKUP (11 | APP) // bool
#define KEY_AUTO_LOCK_DELAY_MS (12 | APP) // uint32 #define KEY_AUTO_LOCK_DELAY_MS (12 | APP) // uint32
#define KEY_NO_BACKUP (13 | APP) // bool #define KEY_NO_BACKUP (13 | APP) // bool
#define KEY_INITIALIZED (14 | APP | FLAG_PUBLIC) // uint32 #define KEY_INITIALIZED (14 | APP | FLAG_PUBLIC_SHIFTED) // uint32
#define KEY_NODE (15 | APP) // node #define KEY_NODE (15 | APP) // node
#define KEY_IMPORTED (16 | APP) // bool #define KEY_IMPORTED (16 | APP) // bool
#define KEY_U2F_ROOT (17 | APP | FLAG_PUBLIC) // node #define KEY_U2F_ROOT (17 | APP | FLAG_PUBLIC_SHIFTED) // node
#define KEY_DEBUG_LINK_PIN (255 | APP | FLAG_PUBLIC) // string(10) #define KEY_DEBUG_LINK_PIN (255 | APP | FLAG_PUBLIC_SHIFTED) // string(10)
// The PIN value corresponding to an empty PIN. // The PIN value corresponding to an empty PIN.
static const uint32_t PIN_EMPTY = 1; static const uint32_t PIN_EMPTY = 1;

View File

@ -64,13 +64,6 @@
// The number of seconds required to derive the KEK and KEIV. // The number of seconds required to derive the KEK and KEIV.
#define DERIVE_SECS 1 #define DERIVE_SECS 1
// If the top bit of APP is set, then the value is not encrypted.
#define FLAG_PUBLIC 0x80
// If the top two bits of APP are set, then the value is not encrypted and it
// can be written even when the storage is locked.
#define FLAGS_WRITE 0xC0
// The length of the guard key in words. // The length of the guard key in words.
#define GUARD_KEY_WORDS 1 #define GUARD_KEY_WORDS 1
@ -967,7 +960,6 @@ secbool storage_get(const uint16_t key, void *val_dest, const uint16_t max_len,
// If the top bit of APP is set, then the value is not encrypted and can be // If the top bit of APP is set, then the value is not encrypted and can be
// read from a locked device. // read from a locked device.
secbool ret = secfalse;
if ((app & FLAG_PUBLIC) != 0) { if ((app & FLAG_PUBLIC) != 0) {
const void *val_stored = NULL; const void *val_stored = NULL;
if (sectrue != norcow_get(key, &val_stored, len)) { if (sectrue != norcow_get(key, &val_stored, len)) {
@ -980,15 +972,13 @@ secbool storage_get(const uint16_t key, void *val_dest, const uint16_t max_len,
return secfalse; return secfalse;
} }
memcpy(val_dest, val_stored, *len); memcpy(val_dest, val_stored, *len);
ret = sectrue; return sectrue;
} else { } else {
if (sectrue != unlocked) { if (sectrue != unlocked) {
return secfalse; return secfalse;
} }
ret = storage_get_encrypted(key, val_dest, max_len, len); return storage_get_encrypted(key, val_dest, max_len, len);
} }
return ret;
} }
/* /*

View File

@ -27,6 +27,13 @@
// The length of the external salt in bytes. // The length of the external salt in bytes.
#define EXTERNAL_SALT_SIZE 32 #define EXTERNAL_SALT_SIZE 32
// If the top bit of APP is set, then the value is not encrypted.
#define FLAG_PUBLIC 0x80
// If the top two bits of APP are set, then the value is not encrypted and it
// can be written even when the storage is locked.
#define FLAGS_WRITE 0xC0
typedef secbool (*PIN_UI_WAIT_CALLBACK)(uint32_t wait, uint32_t progress, typedef secbool (*PIN_UI_WAIT_CALLBACK)(uint32_t wait, uint32_t progress,
const char *message); const char *message);

View File

@ -80,7 +80,7 @@ FLAG_PUBLIC = 0x80
# If the top two bits of APP are set, then the value is not encrypted and it # If the top two bits of APP are set, then the value is not encrypted and it
# can be written even when the storage is locked. # can be written even when the storage is locked.
FLAG_WRITE = 0xC0 FLAGS_WRITE = 0xC0
# Length of word in bytes. # Length of word in bytes.
WORD_SIZE = 4 WORD_SIZE = 4
@ -147,6 +147,6 @@ def is_app_private(app: int):
def is_app_lock_writable(app: int): def is_app_lock_writable(app: int):
if app & FLAG_WRITE == FLAG_WRITE: if app & FLAGS_WRITE == FLAGS_WRITE:
return True return True
return False return False