diff --git a/SConscript.prodtest b/SConscript.prodtest index 9eb2ebb071..1ef6dc9020 100644 --- a/SConscript.prodtest +++ b/SConscript.prodtest @@ -7,6 +7,14 @@ CPPPATH_MOD = [] CPPDEFINES_MOD = [] SOURCE_MOD = [] +# modtrezorcrypto +CPPPATH_MOD += [ + 'vendor/trezor-crypto', +] +SOURCE_MOD += [ + 'vendor/trezor-crypto/memzero.c', +] + # modtrezorui CPPDEFINES_MOD += [ 'TREZOR_FONT_BOLD_ENABLE', diff --git a/embed/boardloader/main.c b/embed/boardloader/main.c index 5edb707796..1d32a3ce0c 100644 --- a/embed/boardloader/main.c +++ b/embed/boardloader/main.c @@ -29,6 +29,8 @@ #include "lowlevel.h" #include "version.h" +#include "memzero.h" + const uint8_t BOARDLOADER_KEY_M = 2; const uint8_t BOARDLOADER_KEY_N = 3; static const uint8_t * const BOARDLOADER_KEYS[] = { @@ -57,7 +59,7 @@ static uint32_t check_sdcard(void) uint32_t buf[IMAGE_HEADER_SIZE / sizeof(uint32_t)]; - memset(buf, 0, sizeof(buf)); + memzero(buf, sizeof(buf)); const secbool read_status = sdcard_read_blocks(buf, 0, IMAGE_HEADER_SIZE / SDCARD_BLOCK_SIZE); diff --git a/embed/bootloader/messages.c b/embed/bootloader/messages.c index 35bd91d8b5..28949c43ed 100644 --- a/embed/bootloader/messages.c +++ b/embed/bootloader/messages.c @@ -34,6 +34,8 @@ #include "bootui.h" #include "messages.h" +#include "memzero.h" + #define MSG_HEADER1_LEN 9 #define MSG_HEADER2_LEN 1 @@ -96,7 +98,7 @@ static bool _usb_write(pb_ostream_t *stream, const pb_byte_t *buf, size_t count) ensure(sectrue * (r == USB_PACKET_SIZE), NULL); // prepare new packet state->packet_index++; - memset(state->buf, 0, USB_PACKET_SIZE); + memzero(state->buf, USB_PACKET_SIZE); state->buf[0] = '?'; state->packet_pos = MSG_HEADER2_LEN; } @@ -110,7 +112,7 @@ static void _usb_write_flush(usb_write_state *state) // if packet is not filled up completely if (state->packet_pos < USB_PACKET_SIZE) { // pad it with zeroes - memset(state->buf + state->packet_pos, 0, USB_PACKET_SIZE - state->packet_pos); + memzero(state->buf + state->packet_pos, USB_PACKET_SIZE - state->packet_pos); } // send packet int r = usb_webusb_write_blocking(state->iface_num, state->buf, USB_PACKET_SIZE, USB_TIMEOUT); @@ -161,9 +163,9 @@ static secbool _send_msg(uint8_t iface_num, uint16_t msg_id, const pb_field_t fi #define MSG_SEND_INIT(TYPE) TYPE msg_send = TYPE##_init_default #define MSG_SEND_ASSIGN_VALUE(FIELD, VALUE) { msg_send.has_##FIELD = true; msg_send.FIELD = VALUE; } -#define MSG_SEND_ASSIGN_STRING(FIELD, VALUE) { msg_send.has_##FIELD = true; memset(msg_send.FIELD, 0, sizeof(msg_send.FIELD)); strncpy(msg_send.FIELD, VALUE, sizeof(msg_send.FIELD) - 1); } -#define MSG_SEND_ASSIGN_STRING_LEN(FIELD, VALUE, LEN) { msg_send.has_##FIELD = true; memset(msg_send.FIELD, 0, sizeof(msg_send.FIELD)); strncpy(msg_send.FIELD, VALUE, MIN(LEN, sizeof(msg_send.FIELD) - 1)); } -#define MSG_SEND_ASSIGN_BYTES(FIELD, VALUE, LEN) { msg_send.has_##FIELD = true; memset(msg_send.FIELD.bytes, 0, sizeof(msg_send.FIELD.bytes)); memcpy(msg_send.FIELD.bytes, VALUE, MIN(LEN, sizeof(msg_send.FIELD.bytes))); msg_send.FIELD.size = MIN(LEN, sizeof(msg_send.FIELD.bytes)); } +#define MSG_SEND_ASSIGN_STRING(FIELD, VALUE) { msg_send.has_##FIELD = true; memzero(msg_send.FIELD, sizeof(msg_send.FIELD)); strncpy(msg_send.FIELD, VALUE, sizeof(msg_send.FIELD) - 1); } +#define MSG_SEND_ASSIGN_STRING_LEN(FIELD, VALUE, LEN) { msg_send.has_##FIELD = true; memzero(msg_send.FIELD, sizeof(msg_send.FIELD)); strncpy(msg_send.FIELD, VALUE, MIN(LEN, sizeof(msg_send.FIELD) - 1)); } +#define MSG_SEND_ASSIGN_BYTES(FIELD, VALUE, LEN) { msg_send.has_##FIELD = true; memzero(msg_send.FIELD.bytes, sizeof(msg_send.FIELD.bytes)); memcpy(msg_send.FIELD.bytes, VALUE, MIN(LEN, sizeof(msg_send.FIELD.bytes))); msg_send.FIELD.size = MIN(LEN, sizeof(msg_send.FIELD.bytes)); } #define MSG_SEND(TYPE) _send_msg(iface_num, MessageType_MessageType_##TYPE, TYPE##_fields, &msg_send) typedef struct { diff --git a/embed/extmod/modtrezorcrypto/modtrezorcrypto-aes.h b/embed/extmod/modtrezorcrypto/modtrezorcrypto-aes.h index aea3c25d9a..1bfdaa8f7a 100644 --- a/embed/extmod/modtrezorcrypto/modtrezorcrypto-aes.h +++ b/embed/extmod/modtrezorcrypto/modtrezorcrypto-aes.h @@ -69,7 +69,7 @@ STATIC mp_obj_t mod_trezorcrypto_AES_make_new(const mp_obj_type_t *type, size_t } memcpy(o->iv, iv.buf, AES_BLOCK_SIZE); } else { - memset(o->iv, 0, AES_BLOCK_SIZE); + memzero(o->iv, AES_BLOCK_SIZE); } switch (key.len) { case 16: diff --git a/embed/extmod/modtrezorcrypto/modtrezorcrypto-blake256.h b/embed/extmod/modtrezorcrypto/modtrezorcrypto-blake256.h index d7937cd4e8..069346246d 100644 --- a/embed/extmod/modtrezorcrypto/modtrezorcrypto-blake256.h +++ b/embed/extmod/modtrezorcrypto/modtrezorcrypto-blake256.h @@ -76,7 +76,7 @@ STATIC mp_obj_t mod_trezorcrypto_Blake256_digest(mp_obj_t self) { BLAKE256_CTX ctx; memcpy(&ctx, &(o->ctx), sizeof(BLAKE256_CTX)); blake256_Final(&ctx, hash); - memset(&ctx, 0, sizeof(BLAKE256_CTX)); + memzero(&ctx, sizeof(BLAKE256_CTX)); return mp_obj_new_bytes(hash, sizeof(hash)); } STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Blake256_digest_obj, mod_trezorcrypto_Blake256_digest); diff --git a/embed/extmod/modtrezorcrypto/modtrezorcrypto-blake2b.h b/embed/extmod/modtrezorcrypto/modtrezorcrypto-blake2b.h index ea61853d27..99e50b40c8 100644 --- a/embed/extmod/modtrezorcrypto/modtrezorcrypto-blake2b.h +++ b/embed/extmod/modtrezorcrypto/modtrezorcrypto-blake2b.h @@ -113,7 +113,7 @@ STATIC mp_obj_t mod_trezorcrypto_Blake2b_digest(mp_obj_t self) { BLAKE2B_CTX ctx; memcpy(&ctx, &(o->ctx), sizeof(BLAKE2B_CTX)); blake2b_Final(&ctx, out, ctx.outlen); - memset(&ctx, 0, sizeof(BLAKE2B_CTX)); + memzero(&ctx, sizeof(BLAKE2B_CTX)); return mp_obj_new_bytes(out, o->ctx.outlen); } STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Blake2b_digest_obj, mod_trezorcrypto_Blake2b_digest); diff --git a/embed/extmod/modtrezorcrypto/modtrezorcrypto-blake2s.h b/embed/extmod/modtrezorcrypto/modtrezorcrypto-blake2s.h index 4971090250..f450c0ab8d 100644 --- a/embed/extmod/modtrezorcrypto/modtrezorcrypto-blake2s.h +++ b/embed/extmod/modtrezorcrypto/modtrezorcrypto-blake2s.h @@ -113,7 +113,7 @@ STATIC mp_obj_t mod_trezorcrypto_Blake2s_digest(mp_obj_t self) { BLAKE2S_CTX ctx; memcpy(&ctx, &(o->ctx), sizeof(BLAKE2S_CTX)); blake2s_Final(&ctx, out, ctx.outlen); - memset(&ctx, 0, sizeof(BLAKE2S_CTX)); + memzero(&ctx, sizeof(BLAKE2S_CTX)); return mp_obj_new_bytes(out, o->ctx.outlen); } STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Blake2s_digest_obj, mod_trezorcrypto_Blake2s_digest); diff --git a/embed/extmod/modtrezorcrypto/modtrezorcrypto-groestl.h b/embed/extmod/modtrezorcrypto/modtrezorcrypto-groestl.h index 87071f5e6a..396d536aa4 100644 --- a/embed/extmod/modtrezorcrypto/modtrezorcrypto-groestl.h +++ b/embed/extmod/modtrezorcrypto/modtrezorcrypto-groestl.h @@ -78,7 +78,7 @@ STATIC mp_obj_t mod_trezorcrypto_Groestl512_digest(mp_obj_t self) { GROESTL512_CTX ctx; memcpy(&ctx, &(o->ctx), sizeof(GROESTL512_CTX)); groestl512_Final(&ctx, out); - memset(&ctx, 0, sizeof(GROESTL512_CTX)); + memzero(&ctx, sizeof(GROESTL512_CTX)); return mp_obj_new_bytes(out, sizeof(out)); } STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Groestl512_digest_obj, mod_trezorcrypto_Groestl512_digest); diff --git a/embed/extmod/modtrezorcrypto/modtrezorcrypto-monero.h b/embed/extmod/modtrezorcrypto/modtrezorcrypto-monero.h index 67508205fe..995f479613 100644 --- a/embed/extmod/modtrezorcrypto/modtrezorcrypto-monero.h +++ b/embed/extmod/modtrezorcrypto/modtrezorcrypto-monero.h @@ -23,6 +23,7 @@ #include "monero/monero.h" #include "bignum.h" +#include "memzero.h" /// package: trezorcrypto.monero @@ -1089,7 +1090,7 @@ STATIC mp_obj_t mod_trezorcrypto_monero_hasher_digest(size_t n_args, const mp_ob uint8_t out[SHA3_256_DIGEST_LENGTH]; xmr_hasher_final(&ctx, out); - memset(&ctx, 0, sizeof(SHA3_CTX)); + memzero(&ctx, sizeof(SHA3_CTX)); if (n_args == 1 || args[1] == mp_const_none){ return mp_obj_new_bytes(out, sizeof(out)); diff --git a/embed/extmod/modtrezorcrypto/modtrezorcrypto-pbkdf2.h b/embed/extmod/modtrezorcrypto/modtrezorcrypto-pbkdf2.h index f941f9ed99..13777a01cc 100644 --- a/embed/extmod/modtrezorcrypto/modtrezorcrypto-pbkdf2.h +++ b/embed/extmod/modtrezorcrypto/modtrezorcrypto-pbkdf2.h @@ -112,7 +112,7 @@ STATIC mp_obj_t mod_trezorcrypto_Pbkdf2_key(mp_obj_t self) { memcpy(&ctx, &(o->ctx256), sizeof(PBKDF2_HMAC_SHA256_CTX)); uint8_t out[SHA256_DIGEST_LENGTH]; pbkdf2_hmac_sha256_Final(&ctx, out); - memset(&ctx, 0, sizeof(PBKDF2_HMAC_SHA256_CTX)); + memzero(&ctx, sizeof(PBKDF2_HMAC_SHA256_CTX)); return mp_obj_new_bytes(out, sizeof(out)); } if (o->prf == PRF_HMAC_SHA512) { @@ -120,7 +120,7 @@ STATIC mp_obj_t mod_trezorcrypto_Pbkdf2_key(mp_obj_t self) { memcpy(&ctx, &(o->ctx512), sizeof(PBKDF2_HMAC_SHA512_CTX)); uint8_t out[SHA512_DIGEST_LENGTH]; pbkdf2_hmac_sha512_Final(&ctx, out); - memset(&ctx, 0, sizeof(PBKDF2_HMAC_SHA512_CTX)); + memzero(&ctx, sizeof(PBKDF2_HMAC_SHA512_CTX)); return mp_obj_new_bytes(out, sizeof(out)); } return mp_const_none; diff --git a/embed/extmod/modtrezorcrypto/modtrezorcrypto-ripemd160.h b/embed/extmod/modtrezorcrypto/modtrezorcrypto-ripemd160.h index 9aba1238f8..6ceba06555 100644 --- a/embed/extmod/modtrezorcrypto/modtrezorcrypto-ripemd160.h +++ b/embed/extmod/modtrezorcrypto/modtrezorcrypto-ripemd160.h @@ -76,7 +76,7 @@ STATIC mp_obj_t mod_trezorcrypto_Ripemd160_digest(mp_obj_t self) { RIPEMD160_CTX ctx; memcpy(&ctx, &(o->ctx), sizeof(RIPEMD160_CTX)); ripemd160_Final(&ctx, out); - memset(&ctx, 0, sizeof(RIPEMD160_CTX)); + memzero(&ctx, sizeof(RIPEMD160_CTX)); return mp_obj_new_bytes(out, sizeof(out)); } STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Ripemd160_digest_obj, mod_trezorcrypto_Ripemd160_digest); diff --git a/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha1.h b/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha1.h index fff30dbfcc..5bfad34e97 100644 --- a/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha1.h +++ b/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha1.h @@ -76,7 +76,7 @@ STATIC mp_obj_t mod_trezorcrypto_Sha1_digest(mp_obj_t self) { SHA1_CTX ctx; memcpy(&ctx, &(o->ctx), sizeof(SHA1_CTX)); sha1_Final(&ctx, out); - memset(&ctx, 0, sizeof(SHA1_CTX)); + memzero(&ctx, sizeof(SHA1_CTX)); return mp_obj_new_bytes(out, sizeof(out)); } STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Sha1_digest_obj, mod_trezorcrypto_Sha1_digest); diff --git a/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha256.h b/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha256.h index 98c1d1caa7..85efd4e203 100644 --- a/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha256.h +++ b/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha256.h @@ -76,7 +76,7 @@ STATIC mp_obj_t mod_trezorcrypto_Sha256_digest(mp_obj_t self) { SHA256_CTX ctx; memcpy(&ctx, &(o->ctx), sizeof(SHA256_CTX)); sha256_Final(&ctx, out); - memset(&ctx, 0, sizeof(SHA256_CTX)); + memzero(&ctx, sizeof(SHA256_CTX)); return mp_obj_new_bytes(out, sizeof(out)); } STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Sha256_digest_obj, mod_trezorcrypto_Sha256_digest); diff --git a/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha3-256.h b/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha3-256.h index a761739536..da480d284e 100644 --- a/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha3-256.h +++ b/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha3-256.h @@ -92,7 +92,7 @@ STATIC mp_obj_t mod_trezorcrypto_Sha3_256_digest(mp_obj_t self) { } else { sha3_Final(&ctx, out); } - memset(&ctx, 0, sizeof(SHA3_CTX)); + memzero(&ctx, sizeof(SHA3_CTX)); return mp_obj_new_bytes(out, sizeof(out)); } STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Sha3_256_digest_obj, mod_trezorcrypto_Sha3_256_digest); diff --git a/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha3-512.h b/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha3-512.h index e374ad1c72..f1c52c052c 100644 --- a/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha3-512.h +++ b/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha3-512.h @@ -92,7 +92,7 @@ STATIC mp_obj_t mod_trezorcrypto_Sha3_512_digest(mp_obj_t self) { } else { sha3_Final(&ctx, out); } - memset(&ctx, 0, sizeof(SHA3_CTX)); + memzero(&ctx, sizeof(SHA3_CTX)); return mp_obj_new_bytes(out, sizeof(out)); } STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Sha3_512_digest_obj, mod_trezorcrypto_Sha3_512_digest); diff --git a/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha512.h b/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha512.h index 09d7ac75ac..713f02c177 100644 --- a/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha512.h +++ b/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha512.h @@ -75,7 +75,7 @@ STATIC mp_obj_t mod_trezorcrypto_Sha512_digest(mp_obj_t self) { SHA512_CTX ctx; memcpy(&ctx, &(o->ctx), sizeof(SHA512_CTX)); sha512_Final(&ctx, out); - memset(&ctx, 0, sizeof(SHA512_CTX)); + memzero(&ctx, sizeof(SHA512_CTX)); return mp_obj_new_bytes(out, sizeof(out)); } STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Sha512_digest_obj, mod_trezorcrypto_Sha512_digest); diff --git a/embed/extmod/modtrezorui/display.c b/embed/extmod/modtrezorui/display.c index ab6838c014..124312f5a2 100644 --- a/embed/extmod/modtrezorui/display.c +++ b/embed/extmod/modtrezorui/display.c @@ -40,6 +40,8 @@ #include #include +#include "memzero.h" + static int DISPLAY_BACKLIGHT = -1; static int DISPLAY_ORIENTATION = -1; @@ -422,7 +424,7 @@ void display_print(const char *text, int textlen) for (int j = 0; j < DISPLAY_PRINT_ROWS - 1; j++) { memcpy(display_print_buf[j], display_print_buf[j + 1], DISPLAY_PRINT_COLS); } - memset(display_print_buf[DISPLAY_PRINT_ROWS - 1], 0x00, DISPLAY_PRINT_COLS); + memzero(display_print_buf[DISPLAY_PRINT_ROWS - 1], DISPLAY_PRINT_COLS); row = DISPLAY_PRINT_ROWS - 1; } diff --git a/embed/prodtest/main.c b/embed/prodtest/main.c index ebe24f916b..4287965e6e 100644 --- a/embed/prodtest/main.c +++ b/embed/prodtest/main.c @@ -34,6 +34,8 @@ #include "touch.h" #include "usb.h" +#include "memzero.h" + enum { VCP_IFACE = 0x00 }; static void vcp_intr(void) @@ -298,7 +300,7 @@ static void test_sbu(const char *args) static void test_otp_read(void) { uint8_t data[32]; - memset(data, 0, sizeof(data)); + memzero(data, sizeof(data)); ensure(flash_otp_read(0, 0, data, sizeof(data)), NULL); // strip trailing 0xFF @@ -320,7 +322,7 @@ static void test_otp_read(void) static void test_otp_write(const char *args) { char data[32]; - memset(data, 0, sizeof(data)); + memzero(data, sizeof(data)); strncpy(data, args, sizeof(data) - 1); ensure(flash_otp_write(0, 0, (const uint8_t *) data, sizeof(data)), NULL); ensure(flash_otp_lock(0), NULL); diff --git a/embed/unix/usb.c b/embed/unix/usb.c index 8ba9044db4..3a430379ae 100644 --- a/embed/unix/usb.c +++ b/embed/unix/usb.c @@ -28,6 +28,8 @@ #include "usb.h" #include "touch.h" +#include "memzero.h" + void __attribute__((noreturn)) __fatal_error(const char *expr, const char *msg, const char *file, int line, const char *func); #define ensure(expr, msg) (((expr) == sectrue) ? (void)0 : __fatal_error(#expr, msg, __FILE__, __LINE__, __func__)) @@ -51,8 +53,8 @@ void usb_init(const usb_dev_info_t *dev_info) { for (int i = 0; i < USBD_MAX_NUM_INTERFACES; i++) { usb_ifaces[i].type = USB_IFACE_TYPE_DISABLED; usb_ifaces[i].sock = -1; - memset(&usb_ifaces[i].si_me, 0, sizeof(struct sockaddr_in)); - memset(&usb_ifaces[i].si_other, 0, sizeof(struct sockaddr_in)); + memzero(&usb_ifaces[i].si_me, sizeof(struct sockaddr_in)); + memzero(&usb_ifaces[i].si_other, sizeof(struct sockaddr_in)); usb_ifaces[i].slen = 0; } } diff --git a/vendor/trezor-crypto b/vendor/trezor-crypto index b9e8adc160..c316e775a2 160000 --- a/vendor/trezor-crypto +++ b/vendor/trezor-crypto @@ -1 +1 @@ -Subproject commit b9e8adc16091f8ec162f40111d8fb6339381f0d9 +Subproject commit c316e775a2152db255ace96b6b65ac0f20525ec0