mirror of
https://github.com/trezor/trezor-firmware.git
synced 2025-01-14 17:31:04 +00:00
storage: make FLAG_PUBLIC and FLAGS_WRITE part of public API
This commit is contained in:
parent
51d7a5feaa
commit
1caae698ca
@ -183,7 +183,7 @@ STATIC mp_obj_t mod_trezorconfig_get(size_t n_args, const mp_obj_t *args) {
|
|||||||
uint8_t app = trezor_obj_get_uint8(args[0]) & 0x3F;
|
uint8_t app = trezor_obj_get_uint8(args[0]) & 0x3F;
|
||||||
uint8_t key = trezor_obj_get_uint8(args[1]);
|
uint8_t key = trezor_obj_get_uint8(args[1]);
|
||||||
if (n_args > 2 && args[2] == mp_const_true) {
|
if (n_args > 2 && args[2] == mp_const_true) {
|
||||||
app |= 0x80;
|
app |= FLAG_PUBLIC;
|
||||||
}
|
}
|
||||||
uint16_t appkey = (app << 8) | key;
|
uint16_t appkey = (app << 8) | key;
|
||||||
uint16_t len = 0;
|
uint16_t len = 0;
|
||||||
@ -212,7 +212,7 @@ STATIC mp_obj_t mod_trezorconfig_set(size_t n_args, const mp_obj_t *args) {
|
|||||||
uint8_t app = trezor_obj_get_uint8(args[0]) & 0x3F;
|
uint8_t app = trezor_obj_get_uint8(args[0]) & 0x3F;
|
||||||
uint8_t key = trezor_obj_get_uint8(args[1]);
|
uint8_t key = trezor_obj_get_uint8(args[1]);
|
||||||
if (n_args > 3 && args[3] == mp_const_true) {
|
if (n_args > 3 && args[3] == mp_const_true) {
|
||||||
app |= 0x80;
|
app |= FLAG_PUBLIC;
|
||||||
}
|
}
|
||||||
uint16_t appkey = (app << 8) | key;
|
uint16_t appkey = (app << 8) | key;
|
||||||
mp_buffer_info_t value;
|
mp_buffer_info_t value;
|
||||||
@ -233,7 +233,7 @@ STATIC mp_obj_t mod_trezorconfig_delete(size_t n_args, const mp_obj_t *args) {
|
|||||||
uint8_t app = trezor_obj_get_uint8(args[0]) & 0x3F;
|
uint8_t app = trezor_obj_get_uint8(args[0]) & 0x3F;
|
||||||
uint8_t key = trezor_obj_get_uint8(args[1]);
|
uint8_t key = trezor_obj_get_uint8(args[1]);
|
||||||
if (n_args > 2 && args[2] == mp_const_true) {
|
if (n_args > 2 && args[2] == mp_const_true) {
|
||||||
app |= 0x80;
|
app |= FLAG_PUBLIC;
|
||||||
}
|
}
|
||||||
uint16_t appkey = (app << 8) | key;
|
uint16_t appkey = (app << 8) | key;
|
||||||
if (sectrue != storage_delete(appkey)) {
|
if (sectrue != storage_delete(appkey)) {
|
||||||
@ -255,9 +255,9 @@ STATIC mp_obj_t mod_trezorconfig_set_counter(size_t n_args,
|
|||||||
uint8_t app = trezor_obj_get_uint8(args[0]) & 0x3F;
|
uint8_t app = trezor_obj_get_uint8(args[0]) & 0x3F;
|
||||||
uint8_t key = trezor_obj_get_uint8(args[1]);
|
uint8_t key = trezor_obj_get_uint8(args[1]);
|
||||||
if (n_args > 3 && args[3] == mp_const_true) {
|
if (n_args > 3 && args[3] == mp_const_true) {
|
||||||
app |= 0xC0;
|
app |= FLAGS_WRITE;
|
||||||
} else {
|
} else {
|
||||||
app |= 0x80;
|
app |= FLAG_PUBLIC;
|
||||||
}
|
}
|
||||||
uint16_t appkey = (app << 8) | key;
|
uint16_t appkey = (app << 8) | key;
|
||||||
if (args[2] == mp_const_none) {
|
if (args[2] == mp_const_none) {
|
||||||
@ -287,9 +287,9 @@ STATIC mp_obj_t mod_trezorconfig_next_counter(size_t n_args,
|
|||||||
uint8_t app = trezor_obj_get_uint8(args[0]) & 0x3F;
|
uint8_t app = trezor_obj_get_uint8(args[0]) & 0x3F;
|
||||||
uint8_t key = trezor_obj_get_uint8(args[1]);
|
uint8_t key = trezor_obj_get_uint8(args[1]);
|
||||||
if (n_args > 2 && args[2] == mp_const_true) {
|
if (n_args > 2 && args[2] == mp_const_true) {
|
||||||
app |= 0xC0;
|
app |= FLAGS_WRITE;
|
||||||
} else {
|
} else {
|
||||||
app |= 0x80;
|
app |= FLAG_PUBLIC;
|
||||||
}
|
}
|
||||||
uint16_t appkey = (app << 8) | key;
|
uint16_t appkey = (app << 8) | key;
|
||||||
uint32_t count = 0;
|
uint32_t count = 0;
|
||||||
|
@ -56,28 +56,28 @@ static const uint32_t META_MAGIC_V10 = 0x525a5254; // 'TRZR' as uint32_t
|
|||||||
static const uint32_t META_MAGIC_V10 = 0xFFFFFFFF;
|
static const uint32_t META_MAGIC_V10 = 0xFFFFFFFF;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#define APP 0x0100
|
#define APP (0x01 << 8)
|
||||||
#define FLAG_PUBLIC 0x8000
|
#define FLAG_PUBLIC_SHIFTED (FLAG_PUBLIC << 8)
|
||||||
#define FLAGS_WRITE 0xC000
|
#define FLAGS_WRITE_SHIFTED (FLAGS_WRITE << 8)
|
||||||
|
|
||||||
#define KEY_UUID (0 | APP | FLAG_PUBLIC) // bytes(12)
|
#define KEY_UUID (0 | APP | FLAG_PUBLIC_SHIFTED) // bytes(12)
|
||||||
#define KEY_VERSION (1 | APP) // uint32
|
#define KEY_VERSION (1 | APP) // uint32
|
||||||
#define KEY_MNEMONIC (2 | APP) // string(241)
|
#define KEY_MNEMONIC (2 | APP) // string(241)
|
||||||
#define KEY_LANGUAGE (3 | APP | FLAG_PUBLIC) // string(17)
|
#define KEY_LANGUAGE (3 | APP | FLAG_PUBLIC_SHIFTED) // string(17)
|
||||||
#define KEY_LABEL (4 | APP | FLAG_PUBLIC) // string(33)
|
#define KEY_LABEL (4 | APP | FLAG_PUBLIC_SHIFTED) // string(33)
|
||||||
#define KEY_PASSPHRASE_PROTECTION (5 | APP | FLAG_PUBLIC) // bool
|
#define KEY_PASSPHRASE_PROTECTION (5 | APP | FLAG_PUBLIC_SHIFTED) // bool
|
||||||
#define KEY_HOMESCREEN (6 | APP | FLAG_PUBLIC) // bytes(1024)
|
#define KEY_HOMESCREEN (6 | APP | FLAG_PUBLIC_SHIFTED) // bytes(1024)
|
||||||
#define KEY_NEEDS_BACKUP (7 | APP) // bool
|
#define KEY_NEEDS_BACKUP (7 | APP) // bool
|
||||||
#define KEY_FLAGS (8 | APP) // uint32
|
#define KEY_FLAGS (8 | APP) // uint32
|
||||||
#define KEY_U2F_COUNTER (9 | APP | FLAGS_WRITE) // uint32
|
#define KEY_U2F_COUNTER (9 | APP | FLAGS_WRITE_SHIFTED) // uint32
|
||||||
#define KEY_UNFINISHED_BACKUP (11 | APP) // bool
|
#define KEY_UNFINISHED_BACKUP (11 | APP) // bool
|
||||||
#define KEY_AUTO_LOCK_DELAY_MS (12 | APP) // uint32
|
#define KEY_AUTO_LOCK_DELAY_MS (12 | APP) // uint32
|
||||||
#define KEY_NO_BACKUP (13 | APP) // bool
|
#define KEY_NO_BACKUP (13 | APP) // bool
|
||||||
#define KEY_INITIALIZED (14 | APP | FLAG_PUBLIC) // uint32
|
#define KEY_INITIALIZED (14 | APP | FLAG_PUBLIC_SHIFTED) // uint32
|
||||||
#define KEY_NODE (15 | APP) // node
|
#define KEY_NODE (15 | APP) // node
|
||||||
#define KEY_IMPORTED (16 | APP) // bool
|
#define KEY_IMPORTED (16 | APP) // bool
|
||||||
#define KEY_U2F_ROOT (17 | APP | FLAG_PUBLIC) // node
|
#define KEY_U2F_ROOT (17 | APP | FLAG_PUBLIC_SHIFTED) // node
|
||||||
#define KEY_DEBUG_LINK_PIN (255 | APP | FLAG_PUBLIC) // string(10)
|
#define KEY_DEBUG_LINK_PIN (255 | APP | FLAG_PUBLIC_SHIFTED) // string(10)
|
||||||
|
|
||||||
// The PIN value corresponding to an empty PIN.
|
// The PIN value corresponding to an empty PIN.
|
||||||
static const uint32_t PIN_EMPTY = 1;
|
static const uint32_t PIN_EMPTY = 1;
|
||||||
|
@ -64,13 +64,6 @@
|
|||||||
// The number of seconds required to derive the KEK and KEIV.
|
// The number of seconds required to derive the KEK and KEIV.
|
||||||
#define DERIVE_SECS 1
|
#define DERIVE_SECS 1
|
||||||
|
|
||||||
// If the top bit of APP is set, then the value is not encrypted.
|
|
||||||
#define FLAG_PUBLIC 0x80
|
|
||||||
|
|
||||||
// If the top two bits of APP are set, then the value is not encrypted and it
|
|
||||||
// can be written even when the storage is locked.
|
|
||||||
#define FLAGS_WRITE 0xC0
|
|
||||||
|
|
||||||
// The length of the guard key in words.
|
// The length of the guard key in words.
|
||||||
#define GUARD_KEY_WORDS 1
|
#define GUARD_KEY_WORDS 1
|
||||||
|
|
||||||
@ -967,7 +960,6 @@ secbool storage_get(const uint16_t key, void *val_dest, const uint16_t max_len,
|
|||||||
|
|
||||||
// If the top bit of APP is set, then the value is not encrypted and can be
|
// If the top bit of APP is set, then the value is not encrypted and can be
|
||||||
// read from a locked device.
|
// read from a locked device.
|
||||||
secbool ret = secfalse;
|
|
||||||
if ((app & FLAG_PUBLIC) != 0) {
|
if ((app & FLAG_PUBLIC) != 0) {
|
||||||
const void *val_stored = NULL;
|
const void *val_stored = NULL;
|
||||||
if (sectrue != norcow_get(key, &val_stored, len)) {
|
if (sectrue != norcow_get(key, &val_stored, len)) {
|
||||||
@ -980,15 +972,13 @@ secbool storage_get(const uint16_t key, void *val_dest, const uint16_t max_len,
|
|||||||
return secfalse;
|
return secfalse;
|
||||||
}
|
}
|
||||||
memcpy(val_dest, val_stored, *len);
|
memcpy(val_dest, val_stored, *len);
|
||||||
ret = sectrue;
|
return sectrue;
|
||||||
} else {
|
} else {
|
||||||
if (sectrue != unlocked) {
|
if (sectrue != unlocked) {
|
||||||
return secfalse;
|
return secfalse;
|
||||||
}
|
}
|
||||||
ret = storage_get_encrypted(key, val_dest, max_len, len);
|
return storage_get_encrypted(key, val_dest, max_len, len);
|
||||||
}
|
}
|
||||||
|
|
||||||
return ret;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -27,6 +27,13 @@
|
|||||||
// The length of the external salt in bytes.
|
// The length of the external salt in bytes.
|
||||||
#define EXTERNAL_SALT_SIZE 32
|
#define EXTERNAL_SALT_SIZE 32
|
||||||
|
|
||||||
|
// If the top bit of APP is set, then the value is not encrypted.
|
||||||
|
#define FLAG_PUBLIC 0x80
|
||||||
|
|
||||||
|
// If the top two bits of APP are set, then the value is not encrypted and it
|
||||||
|
// can be written even when the storage is locked.
|
||||||
|
#define FLAGS_WRITE 0xC0
|
||||||
|
|
||||||
typedef secbool (*PIN_UI_WAIT_CALLBACK)(uint32_t wait, uint32_t progress,
|
typedef secbool (*PIN_UI_WAIT_CALLBACK)(uint32_t wait, uint32_t progress,
|
||||||
const char *message);
|
const char *message);
|
||||||
|
|
||||||
|
@ -80,7 +80,7 @@ FLAG_PUBLIC = 0x80
|
|||||||
|
|
||||||
# If the top two bits of APP are set, then the value is not encrypted and it
|
# If the top two bits of APP are set, then the value is not encrypted and it
|
||||||
# can be written even when the storage is locked.
|
# can be written even when the storage is locked.
|
||||||
FLAG_WRITE = 0xC0
|
FLAGS_WRITE = 0xC0
|
||||||
|
|
||||||
# Length of word in bytes.
|
# Length of word in bytes.
|
||||||
WORD_SIZE = 4
|
WORD_SIZE = 4
|
||||||
@ -147,6 +147,6 @@ def is_app_private(app: int):
|
|||||||
|
|
||||||
|
|
||||||
def is_app_lock_writable(app: int):
|
def is_app_lock_writable(app: int):
|
||||||
if app & FLAG_WRITE == FLAG_WRITE:
|
if app & FLAGS_WRITE == FLAGS_WRITE:
|
||||||
return True
|
return True
|
||||||
return False
|
return False
|
||||||
|
Loading…
Reference in New Issue
Block a user