From 9b168daa19f66a3f913b9bd4de5e53a6b5084e45 Mon Sep 17 00:00:00 2001 From: matejcik Date: Mon, 13 May 2019 17:20:35 +0200 Subject: [PATCH] style: improve makefile output, format test files --- Makefile | 29 ++- crypto/shamir.c | 2 +- python/trezorlib/client.py | 2 +- storage/tests/c/common.c | 54 ++--- storage/tests/c/common.h | 11 +- storage/tests/c/flash.c | 164 +++++++------ storage/tests/c/flash.h | 7 +- storage/tests/c/norcow_config.h | 8 +- storage/tests/c/secbool.h | 4 +- storage/tests/c0/flash.c | 164 +++++++------ storage/tests/c0/flash.h | 7 +- storage/tests/c0/norcow.c | 384 +++++++++++++++---------------- storage/tests/c0/norcow_config.h | 5 +- storage/tests/c0/secbool.h | 4 +- storage/tests/c0/storage.c | 321 ++++++++++++-------------- storage/tests/c0/storage.h | 2 +- 16 files changed, 580 insertions(+), 588 deletions(-) diff --git a/Makefile b/Makefile index 2d3c69425..27586f476 100644 --- a/Makefile +++ b/Makefile @@ -9,22 +9,33 @@ PY_FILES = $(shell find . -type f -name '*.py' | grep -f ./tools/style.py.incl C_FILES = $(shell find . -type f -name '*.[ch]' | grep -f ./tools/style.c.include | grep -v -f ./tools/style.c.exclude ) -style_check: ## run code style check on application sources and tests +style_check: pystyle_check cstyle_check + +style: pystyle cstyle + +pystyle_check: ## run code style check on application sources and tests flake8 --version isort --version | awk '/VERSION/{print $$2}' black --version - flake8 $(PY_FILES) - isort --check-only $(PY_FILES) - black --check $(PY_FILES) + @echo [FLAKE8] + @flake8 $(PY_FILES) + @echo [ISORT] + @isort --check-only $(PY_FILES) + @echo [BLACK] + @black --check $(PY_FILES) make -C python style_check -style: ## apply code style on application sources and tests - isort $(PY_FILES) - black $(PY_FILES) +pystyle: ## apply code style on application sources and tests + @echo [ISORT] + @isort $(PY_FILES) + @echo [BLACK] + @black $(PY_FILES) make -C python style cstyle_check: ## run code style check on low-level C code - ./tools/clang-format-check $(C_FILES) + @echo [CLANG-FORMAT] + @./tools/clang-format-check $(C_FILES) cstyle: ## apply code style on low-level C code - clang-format -i $(C_FILES) + @echo [CLANG-FORMAT] + @clang-format -i $(C_FILES) diff --git a/crypto/shamir.c b/crypto/shamir.c index b3017bad4..38065fdf5 100644 --- a/crypto/shamir.c +++ b/crypto/shamir.c @@ -36,9 +36,9 @@ * lookup operations, as all proper crypto code must be. */ +#include "shamir.h" #include #include "memzero.h" -#include "shamir.h" static void bitslice(uint32_t r[8], const uint8_t *x, size_t len) { size_t bit_idx, arr_idx; diff --git a/python/trezorlib/client.py b/python/trezorlib/client.py index 367400262..d979c1c13 100644 --- a/python/trezorlib/client.py +++ b/python/trezorlib/client.py @@ -16,8 +16,8 @@ import logging import sys -from types import SimpleNamespace import warnings +from types import SimpleNamespace from mnemonic import Mnemonic diff --git a/storage/tests/c/common.c b/storage/tests/c/common.c index faa109c07..b3f9b7ffc 100644 --- a/storage/tests/c/common.c +++ b/storage/tests/c/common.c @@ -23,35 +23,35 @@ #include "common.h" -void __shutdown(void) -{ - printf("SHUTDOWN\n"); - exit(3); +void __shutdown(void) { + printf("SHUTDOWN\n"); + exit(3); } -void __fatal_error(const char *expr, const char *msg, const char *file, int line, const char *func) -{ - printf("\nFATAL ERROR:\n"); - if (expr) { - printf("expr: %s\n", expr); - } - if (msg) { - printf("msg : %s\n", msg); - } - if (file) { - printf("file: %s:%d\n", file, line); - } - if (func) { - printf("func: %s\n", func); - } - __shutdown(); +void __fatal_error(const char *expr, const char *msg, const char *file, + int line, const char *func) { + printf("\nFATAL ERROR:\n"); + if (expr) { + printf("expr: %s\n", expr); + } + if (msg) { + printf("msg : %s\n", msg); + } + if (file) { + printf("file: %s:%d\n", file, line); + } + if (func) { + printf("func: %s\n", func); + } + __shutdown(); } -void error_shutdown(const char *line1, const char *line2, const char *line3, const char *line4) { - // For testing do not treat pin_fails_check_max as a fatal error. - (void) line1; - (void) line2; - (void) line3; - (void) line4; - return; +void error_shutdown(const char *line1, const char *line2, const char *line3, + const char *line4) { + // For testing do not treat pin_fails_check_max as a fatal error. + (void)line1; + (void)line2; + (void)line3; + (void)line4; + return; } diff --git a/storage/tests/c/common.h b/storage/tests/c/common.h index e58a1b007..eaa077379 100644 --- a/storage/tests/c/common.h +++ b/storage/tests/c/common.h @@ -22,10 +22,15 @@ #include "secbool.h" -void __fatal_error(const char *expr, const char *msg, const char *file, int line, const char *func); -void error_shutdown(const char *line1, const char *line2, const char *line3, const char *line4); +void __fatal_error(const char *expr, const char *msg, const char *file, + int line, const char *func); +void error_shutdown(const char *line1, const char *line2, const char *line3, + const char *line4); -#define ensure(expr, msg) (((expr) == sectrue) ? (void)0 : __fatal_error(#expr, msg, __FILE__, __LINE__, __func__)) +#define ensure(expr, msg) \ + (((expr) == sectrue) \ + ? (void)0 \ + : __fatal_error(#expr, msg, __FILE__, __LINE__, __func__)) #define hal_delay(ms) (void)ms; diff --git a/storage/tests/c/flash.c b/storage/tests/c/flash.c index 6282e3997..f7fc2d239 100644 --- a/storage/tests/c/flash.c +++ b/storage/tests/c/flash.c @@ -17,113 +17,105 @@ * along with this program. If not, see . */ -#include #include +#include #include #include "common.h" #include "flash.h" static const uint32_t FLASH_SECTOR_TABLE[FLASH_SECTOR_COUNT + 1] = { - [ 0] = 0x08000000, // - 0x08003FFF | 16 KiB - [ 1] = 0x08004000, // - 0x08007FFF | 16 KiB - [ 2] = 0x08008000, // - 0x0800BFFF | 16 KiB - [ 3] = 0x0800C000, // - 0x0800FFFF | 16 KiB - [ 4] = 0x08010000, // - 0x0801FFFF | 64 KiB - [ 5] = 0x08020000, // - 0x0803FFFF | 128 KiB - [ 6] = 0x08040000, // - 0x0805FFFF | 128 KiB - [ 7] = 0x08060000, // - 0x0807FFFF | 128 KiB - [ 8] = 0x08080000, // - 0x0809FFFF | 128 KiB - [ 9] = 0x080A0000, // - 0x080BFFFF | 128 KiB - [10] = 0x080C0000, // - 0x080DFFFF | 128 KiB - [11] = 0x080E0000, // - 0x080FFFFF | 128 KiB - [12] = 0x08100000, // - 0x08103FFF | 16 KiB - [13] = 0x08104000, // - 0x08107FFF | 16 KiB - [14] = 0x08108000, // - 0x0810BFFF | 16 KiB - [15] = 0x0810C000, // - 0x0810FFFF | 16 KiB - [16] = 0x08110000, // - 0x0811FFFF | 64 KiB - [17] = 0x08120000, // - 0x0813FFFF | 128 KiB - [18] = 0x08140000, // - 0x0815FFFF | 128 KiB - [19] = 0x08160000, // - 0x0817FFFF | 128 KiB - [20] = 0x08180000, // - 0x0819FFFF | 128 KiB - [21] = 0x081A0000, // - 0x081BFFFF | 128 KiB - [22] = 0x081C0000, // - 0x081DFFFF | 128 KiB - [23] = 0x081E0000, // - 0x081FFFFF | 128 KiB - [24] = 0x08200000, // last element - not a valid sector + [0] = 0x08000000, // - 0x08003FFF | 16 KiB + [1] = 0x08004000, // - 0x08007FFF | 16 KiB + [2] = 0x08008000, // - 0x0800BFFF | 16 KiB + [3] = 0x0800C000, // - 0x0800FFFF | 16 KiB + [4] = 0x08010000, // - 0x0801FFFF | 64 KiB + [5] = 0x08020000, // - 0x0803FFFF | 128 KiB + [6] = 0x08040000, // - 0x0805FFFF | 128 KiB + [7] = 0x08060000, // - 0x0807FFFF | 128 KiB + [8] = 0x08080000, // - 0x0809FFFF | 128 KiB + [9] = 0x080A0000, // - 0x080BFFFF | 128 KiB + [10] = 0x080C0000, // - 0x080DFFFF | 128 KiB + [11] = 0x080E0000, // - 0x080FFFFF | 128 KiB + [12] = 0x08100000, // - 0x08103FFF | 16 KiB + [13] = 0x08104000, // - 0x08107FFF | 16 KiB + [14] = 0x08108000, // - 0x0810BFFF | 16 KiB + [15] = 0x0810C000, // - 0x0810FFFF | 16 KiB + [16] = 0x08110000, // - 0x0811FFFF | 64 KiB + [17] = 0x08120000, // - 0x0813FFFF | 128 KiB + [18] = 0x08140000, // - 0x0815FFFF | 128 KiB + [19] = 0x08160000, // - 0x0817FFFF | 128 KiB + [20] = 0x08180000, // - 0x0819FFFF | 128 KiB + [21] = 0x081A0000, // - 0x081BFFFF | 128 KiB + [22] = 0x081C0000, // - 0x081DFFFF | 128 KiB + [23] = 0x081E0000, // - 0x081FFFFF | 128 KiB + [24] = 0x08200000, // last element - not a valid sector }; const uint32_t FLASH_SIZE = 0x200000; uint8_t *FLASH_BUFFER = NULL; -void flash_init(void) -{ - assert(FLASH_SIZE == FLASH_SECTOR_TABLE[FLASH_SECTOR_COUNT] - FLASH_SECTOR_TABLE[0]); +void flash_init(void) { + assert(FLASH_SIZE == + FLASH_SECTOR_TABLE[FLASH_SECTOR_COUNT] - FLASH_SECTOR_TABLE[0]); } -secbool flash_unlock_write(void) -{ - return sectrue; -} +secbool flash_unlock_write(void) { return sectrue; } -secbool flash_lock_write(void) -{ - return sectrue; -} +secbool flash_lock_write(void) { return sectrue; } -const void *flash_get_address(uint8_t sector, uint32_t offset, uint32_t size) -{ - if (sector >= FLASH_SECTOR_COUNT) { - return NULL; - } - const uint32_t addr = FLASH_SECTOR_TABLE[sector] + offset; - const uint32_t next = FLASH_SECTOR_TABLE[sector + 1]; - if (addr + size > next) { - return NULL; - } - return FLASH_BUFFER + addr - FLASH_SECTOR_TABLE[0]; +const void *flash_get_address(uint8_t sector, uint32_t offset, uint32_t size) { + if (sector >= FLASH_SECTOR_COUNT) { + return NULL; + } + const uint32_t addr = FLASH_SECTOR_TABLE[sector] + offset; + const uint32_t next = FLASH_SECTOR_TABLE[sector + 1]; + if (addr + size > next) { + return NULL; + } + return FLASH_BUFFER + addr - FLASH_SECTOR_TABLE[0]; } -secbool flash_erase_sectors(const uint8_t *sectors, int len, void (*progress)(int pos, int len)) -{ +secbool flash_erase_sectors(const uint8_t *sectors, int len, + void (*progress)(int pos, int len)) { + if (progress) { + progress(0, len); + } + for (int i = 0; i < len; i++) { + const uint8_t sector = sectors[i]; + const uint32_t offset = FLASH_SECTOR_TABLE[sector] - FLASH_SECTOR_TABLE[0]; + const uint32_t size = + FLASH_SECTOR_TABLE[sector + 1] - FLASH_SECTOR_TABLE[sector]; + memset(FLASH_BUFFER + offset, 0xFF, size); if (progress) { - progress(0, len); + progress(i + 1, len); } - for (int i = 0; i < len; i++) { - const uint8_t sector = sectors[i]; - const uint32_t offset = FLASH_SECTOR_TABLE[sector] - FLASH_SECTOR_TABLE[0]; - const uint32_t size = FLASH_SECTOR_TABLE[sector + 1] - FLASH_SECTOR_TABLE[sector]; - memset(FLASH_BUFFER + offset, 0xFF, size); - if (progress) { - progress(i + 1, len); - } - } - return sectrue; + } + return sectrue; } -secbool flash_write_byte(uint8_t sector, uint32_t offset, uint8_t data) -{ - uint8_t *flash = (uint8_t *)flash_get_address(sector, offset, 1); - if (!flash) { - return secfalse; - } - if ((flash[0] & data) != data) { - return secfalse; // we cannot change zeroes to ones - } - flash[0] = data; - return sectrue; +secbool flash_write_byte(uint8_t sector, uint32_t offset, uint8_t data) { + uint8_t *flash = (uint8_t *)flash_get_address(sector, offset, 1); + if (!flash) { + return secfalse; + } + if ((flash[0] & data) != data) { + return secfalse; // we cannot change zeroes to ones + } + flash[0] = data; + return sectrue; } -secbool flash_write_word(uint8_t sector, uint32_t offset, uint32_t data) -{ - if (offset % 4) { // we write only at 4-byte boundary - return secfalse; - } - uint32_t *flash = (uint32_t *)flash_get_address(sector, offset, sizeof(data)); - if (!flash) { - return secfalse; - } - if ((flash[0] & data) != data) { - return secfalse; // we cannot change zeroes to ones - } - flash[0] = data; - return sectrue; +secbool flash_write_word(uint8_t sector, uint32_t offset, uint32_t data) { + if (offset % 4) { // we write only at 4-byte boundary + return secfalse; + } + uint32_t *flash = (uint32_t *)flash_get_address(sector, offset, sizeof(data)); + if (!flash) { + return secfalse; + } + if ((flash[0] & data) != data) { + return secfalse; // we cannot change zeroes to ones + } + flash[0] = data; + return sectrue; } diff --git a/storage/tests/c/flash.h b/storage/tests/c/flash.h index 102c9e190..6478079f3 100644 --- a/storage/tests/c/flash.h +++ b/storage/tests/c/flash.h @@ -33,8 +33,11 @@ secbool __wur flash_lock_write(void); const void *flash_get_address(uint8_t sector, uint32_t offset, uint32_t size); -secbool __wur flash_erase_sectors(const uint8_t *sectors, int len, void (*progress)(int pos, int len)); -static inline secbool flash_erase(uint8_t sector) { return flash_erase_sectors(§or, 1, NULL); } +secbool __wur flash_erase_sectors(const uint8_t *sectors, int len, + void (*progress)(int pos, int len)); +static inline secbool flash_erase(uint8_t sector) { + return flash_erase_sectors(§or, 1, NULL); +} secbool __wur flash_write_byte(uint8_t sector, uint32_t offset, uint8_t data); secbool __wur flash_write_word(uint8_t sector, uint32_t offset, uint32_t data); diff --git a/storage/tests/c/norcow_config.h b/storage/tests/c/norcow_config.h index 04e278c76..d8af9a7d1 100644 --- a/storage/tests/c/norcow_config.h +++ b/storage/tests/c/norcow_config.h @@ -23,11 +23,13 @@ #include "flash.h" #define NORCOW_SECTOR_COUNT 2 -#define NORCOW_SECTOR_SIZE (64*1024) -#define NORCOW_SECTORS {4, 16} +#define NORCOW_SECTOR_SIZE (64 * 1024) +#define NORCOW_SECTORS \ + { 4, 16 } /* - * The length of the sector header in bytes. The header is preserved between sector erasures. + * The length of the sector header in bytes. The header is preserved between + * sector erasures. */ #if TREZOR_MODEL == 1 #define NORCOW_HEADER_LEN (0x100) diff --git a/storage/tests/c/secbool.h b/storage/tests/c/secbool.h index 76dfb38dc..65860dd76 100644 --- a/storage/tests/c/secbool.h +++ b/storage/tests/c/secbool.h @@ -23,11 +23,11 @@ #include typedef uint32_t secbool; -#define sectrue 0xAAAAAAAAU +#define sectrue 0xAAAAAAAAU #define secfalse 0x00000000U #ifndef __wur -#define __wur __attribute__ ((warn_unused_result)) +#define __wur __attribute__((warn_unused_result)) #endif #endif diff --git a/storage/tests/c0/flash.c b/storage/tests/c0/flash.c index 3a0a143f2..545af930a 100644 --- a/storage/tests/c0/flash.c +++ b/storage/tests/c0/flash.c @@ -17,114 +17,106 @@ * along with this program. If not, see . */ -#include #include +#include #include #include "common.h" #include "flash.h" static const uint32_t FLASH_SECTOR_TABLE[FLASH_SECTOR_COUNT + 1] = { - [ 0] = 0x08000000, // - 0x08003FFF | 16 KiB - [ 1] = 0x08004000, // - 0x08007FFF | 16 KiB - [ 2] = 0x08008000, // - 0x0800BFFF | 16 KiB - [ 3] = 0x0800C000, // - 0x0800FFFF | 16 KiB - [ 4] = 0x08010000, // - 0x0801FFFF | 64 KiB - [ 5] = 0x08020000, // - 0x0803FFFF | 128 KiB - [ 6] = 0x08040000, // - 0x0805FFFF | 128 KiB - [ 7] = 0x08060000, // - 0x0807FFFF | 128 KiB - [ 8] = 0x08080000, // - 0x0809FFFF | 128 KiB - [ 9] = 0x080A0000, // - 0x080BFFFF | 128 KiB - [10] = 0x080C0000, // - 0x080DFFFF | 128 KiB - [11] = 0x080E0000, // - 0x080FFFFF | 128 KiB - [12] = 0x08100000, // - 0x08103FFF | 16 KiB - [13] = 0x08104000, // - 0x08107FFF | 16 KiB - [14] = 0x08108000, // - 0x0810BFFF | 16 KiB - [15] = 0x0810C000, // - 0x0810FFFF | 16 KiB - [16] = 0x08110000, // - 0x0811FFFF | 64 KiB - [17] = 0x08120000, // - 0x0813FFFF | 128 KiB - [18] = 0x08140000, // - 0x0815FFFF | 128 KiB - [19] = 0x08160000, // - 0x0817FFFF | 128 KiB - [20] = 0x08180000, // - 0x0819FFFF | 128 KiB - [21] = 0x081A0000, // - 0x081BFFFF | 128 KiB - [22] = 0x081C0000, // - 0x081DFFFF | 128 KiB - [23] = 0x081E0000, // - 0x081FFFFF | 128 KiB - [24] = 0x08200000, // last element - not a valid sector + [0] = 0x08000000, // - 0x08003FFF | 16 KiB + [1] = 0x08004000, // - 0x08007FFF | 16 KiB + [2] = 0x08008000, // - 0x0800BFFF | 16 KiB + [3] = 0x0800C000, // - 0x0800FFFF | 16 KiB + [4] = 0x08010000, // - 0x0801FFFF | 64 KiB + [5] = 0x08020000, // - 0x0803FFFF | 128 KiB + [6] = 0x08040000, // - 0x0805FFFF | 128 KiB + [7] = 0x08060000, // - 0x0807FFFF | 128 KiB + [8] = 0x08080000, // - 0x0809FFFF | 128 KiB + [9] = 0x080A0000, // - 0x080BFFFF | 128 KiB + [10] = 0x080C0000, // - 0x080DFFFF | 128 KiB + [11] = 0x080E0000, // - 0x080FFFFF | 128 KiB + [12] = 0x08100000, // - 0x08103FFF | 16 KiB + [13] = 0x08104000, // - 0x08107FFF | 16 KiB + [14] = 0x08108000, // - 0x0810BFFF | 16 KiB + [15] = 0x0810C000, // - 0x0810FFFF | 16 KiB + [16] = 0x08110000, // - 0x0811FFFF | 64 KiB + [17] = 0x08120000, // - 0x0813FFFF | 128 KiB + [18] = 0x08140000, // - 0x0815FFFF | 128 KiB + [19] = 0x08160000, // - 0x0817FFFF | 128 KiB + [20] = 0x08180000, // - 0x0819FFFF | 128 KiB + [21] = 0x081A0000, // - 0x081BFFFF | 128 KiB + [22] = 0x081C0000, // - 0x081DFFFF | 128 KiB + [23] = 0x081E0000, // - 0x081FFFFF | 128 KiB + [24] = 0x08200000, // last element - not a valid sector }; const uint32_t FLASH_SIZE = 0x200000; uint8_t *FLASH_BUFFER = NULL; -void flash_init(void) -{ - assert(FLASH_SIZE == FLASH_SECTOR_TABLE[FLASH_SECTOR_COUNT] - FLASH_SECTOR_TABLE[0]); +void flash_init(void) { + assert(FLASH_SIZE == + FLASH_SECTOR_TABLE[FLASH_SECTOR_COUNT] - FLASH_SECTOR_TABLE[0]); } -secbool flash_unlock(void) -{ - return sectrue; -} +secbool flash_unlock(void) { return sectrue; } -secbool flash_lock(void) -{ - return sectrue; -} +secbool flash_lock(void) { return sectrue; } -const void *flash_get_address(uint8_t sector, uint32_t offset, uint32_t size) -{ - if (sector >= FLASH_SECTOR_COUNT) { - return NULL; - } - const uint32_t addr = FLASH_SECTOR_TABLE[sector] + offset; - const uint32_t next = FLASH_SECTOR_TABLE[sector + 1]; - if (addr + size > next) { - return NULL; - } - return FLASH_BUFFER + addr - FLASH_SECTOR_TABLE[0]; +const void *flash_get_address(uint8_t sector, uint32_t offset, uint32_t size) { + if (sector >= FLASH_SECTOR_COUNT) { + return NULL; + } + const uint32_t addr = FLASH_SECTOR_TABLE[sector] + offset; + const uint32_t next = FLASH_SECTOR_TABLE[sector + 1]; + if (addr + size > next) { + return NULL; + } + return FLASH_BUFFER + addr - FLASH_SECTOR_TABLE[0]; } -secbool flash_erase_sectors(const uint8_t *sectors, int len, void (*progress)(int pos, int len)) -{ +secbool flash_erase_sectors(const uint8_t *sectors, int len, + void (*progress)(int pos, int len)) { + if (progress) { + progress(0, len); + } + for (int i = 0; i < len; i++) { + const uint8_t sector = sectors[i]; + const uint32_t offset = FLASH_SECTOR_TABLE[sector] - FLASH_SECTOR_TABLE[0]; + const uint32_t size = + FLASH_SECTOR_TABLE[sector + 1] - FLASH_SECTOR_TABLE[sector]; + memset(FLASH_BUFFER + offset, 0xFF, size); if (progress) { - progress(0, len); + progress(i + 1, len); } - for (int i = 0; i < len; i++) { - const uint8_t sector = sectors[i]; - const uint32_t offset = FLASH_SECTOR_TABLE[sector] - FLASH_SECTOR_TABLE[0]; - const uint32_t size = FLASH_SECTOR_TABLE[sector + 1] - FLASH_SECTOR_TABLE[sector]; - memset(FLASH_BUFFER + offset, 0xFF, size); - if (progress) { - progress(i + 1, len); - } - } - return sectrue; + } + return sectrue; } -secbool flash_write_byte(uint8_t sector, uint32_t offset, uint8_t data) -{ - uint8_t *flash = (uint8_t *)flash_get_address(sector, offset, 1); - if (!flash) { - return secfalse; - } - if ((flash[0] & data) != data) { - return secfalse; // we cannot change zeroes to ones - } - flash[0] = data; - return sectrue; +secbool flash_write_byte(uint8_t sector, uint32_t offset, uint8_t data) { + uint8_t *flash = (uint8_t *)flash_get_address(sector, offset, 1); + if (!flash) { + return secfalse; + } + if ((flash[0] & data) != data) { + return secfalse; // we cannot change zeroes to ones + } + flash[0] = data; + return sectrue; } -secbool flash_write_word(uint8_t sector, uint32_t offset, uint32_t data) -{ - if (offset % 4) { // we write only at 4-byte boundary - return secfalse; - } - uint32_t *flash = (uint32_t *)flash_get_address(sector, offset, sizeof(data)); - if (!flash) { - return secfalse; - } - if ((flash[0] & data) != data) { - return secfalse; // we cannot change zeroes to ones - } - flash[0] = data; - return sectrue; +secbool flash_write_word(uint8_t sector, uint32_t offset, uint32_t data) { + if (offset % 4) { // we write only at 4-byte boundary + return secfalse; + } + uint32_t *flash = (uint32_t *)flash_get_address(sector, offset, sizeof(data)); + if (!flash) { + return secfalse; + } + if ((flash[0] & data) != data) { + return secfalse; // we cannot change zeroes to ones + } + flash[0] = data; + return sectrue; } diff --git a/storage/tests/c0/flash.h b/storage/tests/c0/flash.h index 436dceb42..6de8952b3 100644 --- a/storage/tests/c0/flash.h +++ b/storage/tests/c0/flash.h @@ -33,8 +33,11 @@ secbool __wur flash_lock(void); const void *flash_get_address(uint8_t sector, uint32_t offset, uint32_t size); -secbool __wur flash_erase_sectors(const uint8_t *sectors, int len, void (*progress)(int pos, int len)); -static inline secbool flash_erase_sector(uint8_t sector) { return flash_erase_sectors(§or, 1, NULL); } +secbool __wur flash_erase_sectors(const uint8_t *sectors, int len, + void (*progress)(int pos, int len)); +static inline secbool flash_erase_sector(uint8_t sector) { + return flash_erase_sectors(§or, 1, NULL); +} secbool __wur flash_write_byte(uint8_t sector, uint32_t offset, uint8_t data); secbool __wur flash_write_word(uint8_t sector, uint32_t offset, uint32_t data); diff --git a/storage/tests/c0/norcow.c b/storage/tests/c0/norcow.c index ed54be3b2..13ec7737b 100644 --- a/storage/tests/c0/norcow.c +++ b/storage/tests/c0/norcow.c @@ -19,13 +19,13 @@ #include -#include "norcow.h" -#include "flash.h" #include "common.h" +#include "flash.h" +#include "norcow.h" // NRCW = 4e524357 -#define NORCOW_MAGIC ((uint32_t)0x5743524e) -#define NORCOW_MAGIC_LEN (sizeof(uint32_t)) +#define NORCOW_MAGIC ((uint32_t)0x5743524e) +#define NORCOW_MAGIC_LEN (sizeof(uint32_t)) static const uint8_t norcow_sectors[NORCOW_SECTOR_COUNT] = NORCOW_SECTORS; static uint8_t norcow_active_sector = 0; @@ -35,50 +35,48 @@ static uint32_t norcow_active_offset = NORCOW_MAGIC_LEN; * Returns pointer to sector, starting with offset * Fails when there is not enough space for data of given size */ -static const void *norcow_ptr(uint8_t sector, uint32_t offset, uint32_t size) -{ - ensure(sectrue * (sector <= NORCOW_SECTOR_COUNT), "invalid sector"); - return flash_get_address(norcow_sectors[sector], offset, size); +static const void *norcow_ptr(uint8_t sector, uint32_t offset, uint32_t size) { + ensure(sectrue * (sector <= NORCOW_SECTOR_COUNT), "invalid sector"); + return flash_get_address(norcow_sectors[sector], offset, size); } /* * Writes data to given sector, starting from offset */ -static secbool norcow_write(uint8_t sector, uint32_t offset, uint32_t prefix, const uint8_t *data, uint16_t len) -{ - if (sector >= NORCOW_SECTOR_COUNT) { - return secfalse; - } - ensure(flash_unlock(), NULL); +static secbool norcow_write(uint8_t sector, uint32_t offset, uint32_t prefix, + const uint8_t *data, uint16_t len) { + if (sector >= NORCOW_SECTOR_COUNT) { + return secfalse; + } + ensure(flash_unlock(), NULL); - // write prefix - ensure(flash_write_word(norcow_sectors[sector], offset, prefix), NULL); + // write prefix + ensure(flash_write_word(norcow_sectors[sector], offset, prefix), NULL); - if (len > 0) { - offset += sizeof(uint32_t); - // write data - for (uint16_t i = 0; i < len; i++, offset++) { - ensure(flash_write_byte(norcow_sectors[sector], offset, data[i]), NULL); - } - // pad with zeroes - for (; offset % 4; offset++) { - ensure(flash_write_byte(norcow_sectors[sector], offset, 0x00), NULL); - } + if (len > 0) { + offset += sizeof(uint32_t); + // write data + for (uint16_t i = 0; i < len; i++, offset++) { + ensure(flash_write_byte(norcow_sectors[sector], offset, data[i]), NULL); + } + // pad with zeroes + for (; offset % 4; offset++) { + ensure(flash_write_byte(norcow_sectors[sector], offset, 0x00), NULL); } - ensure(flash_lock(), NULL); - return sectrue; + } + ensure(flash_lock(), NULL); + return sectrue; } /* * Erases sector (and sets a magic) */ -static void norcow_erase(uint8_t sector, secbool set_magic) -{ - ensure(sectrue * (sector <= NORCOW_SECTOR_COUNT), "invalid sector"); - ensure(flash_erase_sector(norcow_sectors[sector]), "erase failed"); - if (sectrue == set_magic) { - ensure(norcow_write(sector, 0, NORCOW_MAGIC, NULL, 0), "set magic failed"); - } +static void norcow_erase(uint8_t sector, secbool set_magic) { + ensure(sectrue * (sector <= NORCOW_SECTOR_COUNT), "invalid sector"); + ensure(flash_erase_sector(norcow_sectors[sector]), "erase failed"); + if (sectrue == set_magic) { + ensure(norcow_write(sector, 0, NORCOW_MAGIC, NULL, 0), "set magic failed"); + } } #define ALIGN4(X) (X) = ((X) + 3) & ~3 @@ -86,220 +84,220 @@ static void norcow_erase(uint8_t sector, secbool set_magic) /* * Reads one item starting from offset */ -static secbool read_item(uint8_t sector, uint32_t offset, uint16_t *key, const void **val, uint16_t *len, uint32_t *pos) -{ - *pos = offset; +static secbool read_item(uint8_t sector, uint32_t offset, uint16_t *key, + const void **val, uint16_t *len, uint32_t *pos) { + *pos = offset; - const void *k = norcow_ptr(sector, *pos, 2); - if (k == NULL) return secfalse; - *pos += 2; - memcpy(key, k, sizeof(uint16_t)); - if (*key == 0xFFFF) { - return secfalse; - } + const void *k = norcow_ptr(sector, *pos, 2); + if (k == NULL) return secfalse; + *pos += 2; + memcpy(key, k, sizeof(uint16_t)); + if (*key == 0xFFFF) { + return secfalse; + } - const void *l = norcow_ptr(sector, *pos, 2); - if (l == NULL) return secfalse; - *pos += 2; - memcpy(len, l, sizeof(uint16_t)); + const void *l = norcow_ptr(sector, *pos, 2); + if (l == NULL) return secfalse; + *pos += 2; + memcpy(len, l, sizeof(uint16_t)); - *val = norcow_ptr(sector, *pos, *len); - if (*val == NULL) return secfalse; - *pos += *len; - ALIGN4(*pos); - return sectrue; + *val = norcow_ptr(sector, *pos, *len); + if (*val == NULL) return secfalse; + *pos += *len; + ALIGN4(*pos); + return sectrue; } /* * Writes one item starting from offset */ -static secbool write_item(uint8_t sector, uint32_t offset, uint16_t key, const void *val, uint16_t len, uint32_t *pos) -{ - uint32_t prefix = (len << 16) | key; - *pos = offset + sizeof(uint32_t) + len; - ALIGN4(*pos); - return norcow_write(sector, offset, prefix, val, len); +static secbool write_item(uint8_t sector, uint32_t offset, uint16_t key, + const void *val, uint16_t len, uint32_t *pos) { + uint32_t prefix = (len << 16) | key; + *pos = offset + sizeof(uint32_t) + len; + ALIGN4(*pos); + return norcow_write(sector, offset, prefix, val, len); } /* * Finds item in given sector */ -static secbool find_item(uint8_t sector, uint16_t key, const void **val, uint16_t *len) -{ - *val = 0; - *len = 0; - uint32_t offset = NORCOW_MAGIC_LEN; - for (;;) { - uint16_t k, l; - const void *v; - uint32_t pos; - if (sectrue != read_item(sector, offset, &k, &v, &l, &pos)) { - break; - } - if (key == k) { - *val = v; - *len = l; - } - offset = pos; +static secbool find_item(uint8_t sector, uint16_t key, const void **val, + uint16_t *len) { + *val = 0; + *len = 0; + uint32_t offset = NORCOW_MAGIC_LEN; + for (;;) { + uint16_t k, l; + const void *v; + uint32_t pos; + if (sectrue != read_item(sector, offset, &k, &v, &l, &pos)) { + break; } - return sectrue * (*val != NULL); + if (key == k) { + *val = v; + *len = l; + } + offset = pos; + } + return sectrue * (*val != NULL); } /* * Finds first unused offset in given sector */ -static uint32_t find_free_offset(uint8_t sector) -{ - uint32_t offset = NORCOW_MAGIC_LEN; - for (;;) { - uint16_t key, len; - const void *val; - uint32_t pos; - if (sectrue != read_item(sector, offset, &key, &val, &len, &pos)) { - break; - } - offset = pos; +static uint32_t find_free_offset(uint8_t sector) { + uint32_t offset = NORCOW_MAGIC_LEN; + for (;;) { + uint16_t key, len; + const void *val; + uint32_t pos; + if (sectrue != read_item(sector, offset, &key, &val, &len, &pos)) { + break; } - return offset; + offset = pos; + } + return offset; } /* * Compacts active sector and sets new active sector */ -static void compact() -{ - uint8_t norcow_next_sector = (norcow_active_sector + 1) % NORCOW_SECTOR_COUNT; - norcow_erase(norcow_next_sector, sectrue); - - uint32_t offset = NORCOW_MAGIC_LEN, offsetw = NORCOW_MAGIC_LEN; +static void compact() { + uint8_t norcow_next_sector = (norcow_active_sector + 1) % NORCOW_SECTOR_COUNT; + norcow_erase(norcow_next_sector, sectrue); - for (;;) { - // read item - uint16_t k, l; - const void *v; - uint32_t pos; - secbool r = read_item(norcow_active_sector, offset, &k, &v, &l, &pos); - if (sectrue != r) { - break; - } - offset = pos; + uint32_t offset = NORCOW_MAGIC_LEN, offsetw = NORCOW_MAGIC_LEN; - // check if not already saved - const void *v2; - uint16_t l2; - r = find_item(norcow_next_sector, k, &v2, &l2); - if (sectrue == r) { - continue; - } + for (;;) { + // read item + uint16_t k, l; + const void *v; + uint32_t pos; + secbool r = read_item(norcow_active_sector, offset, &k, &v, &l, &pos); + if (sectrue != r) { + break; + } + offset = pos; - // scan for latest instance - uint32_t offsetr = offset; - for (;;) { - uint16_t k2; - uint32_t posr; - r = read_item(norcow_active_sector, offsetr, &k2, &v2, &l2, &posr); - if (sectrue != r) { - break; - } - if (k == k2) { - v = v2; - l = l2; - } - offsetr = posr; - } + // check if not already saved + const void *v2; + uint16_t l2; + r = find_item(norcow_next_sector, k, &v2, &l2); + if (sectrue == r) { + continue; + } - // copy the last item - uint32_t posw; - ensure(write_item(norcow_next_sector, offsetw, k, v, l, &posw), "compaction write failed"); - offsetw = posw; + // scan for latest instance + uint32_t offsetr = offset; + for (;;) { + uint16_t k2; + uint32_t posr; + r = read_item(norcow_active_sector, offsetr, &k2, &v2, &l2, &posr); + if (sectrue != r) { + break; + } + if (k == k2) { + v = v2; + l = l2; + } + offsetr = posr; } - norcow_erase(norcow_active_sector, secfalse); - norcow_active_sector = norcow_next_sector; - norcow_active_offset = find_free_offset(norcow_active_sector); + // copy the last item + uint32_t posw; + ensure(write_item(norcow_next_sector, offsetw, k, v, l, &posw), + "compaction write failed"); + offsetw = posw; + } + + norcow_erase(norcow_active_sector, secfalse); + norcow_active_sector = norcow_next_sector; + norcow_active_offset = find_free_offset(norcow_active_sector); } /* * Initializes storage */ -void norcow_init(void) -{ - flash_init(); - secbool found = secfalse; - // detect active sector - starts with magic - for (uint8_t i = 0; i < NORCOW_SECTOR_COUNT; i++) { - const uint32_t *magic = norcow_ptr(i, 0, NORCOW_MAGIC_LEN); - if (magic != NULL && *magic == NORCOW_MAGIC) { - found = sectrue; - norcow_active_sector = i; - break; - } - } - // no active sectors found - let's erase - if (sectrue == found) { - norcow_active_offset = find_free_offset(norcow_active_sector); - } else { - norcow_wipe(); +void norcow_init(void) { + flash_init(); + secbool found = secfalse; + // detect active sector - starts with magic + for (uint8_t i = 0; i < NORCOW_SECTOR_COUNT; i++) { + const uint32_t *magic = norcow_ptr(i, 0, NORCOW_MAGIC_LEN); + if (magic != NULL && *magic == NORCOW_MAGIC) { + found = sectrue; + norcow_active_sector = i; + break; } + } + // no active sectors found - let's erase + if (sectrue == found) { + norcow_active_offset = find_free_offset(norcow_active_sector); + } else { + norcow_wipe(); + } } /* * Wipe the storage */ -void norcow_wipe(void) -{ - norcow_erase(0, sectrue); - for (uint8_t i = 1; i < NORCOW_SECTOR_COUNT; i++) { - norcow_erase(i, secfalse); - } - norcow_active_sector = 0; - norcow_active_offset = NORCOW_MAGIC_LEN; +void norcow_wipe(void) { + norcow_erase(0, sectrue); + for (uint8_t i = 1; i < NORCOW_SECTOR_COUNT; i++) { + norcow_erase(i, secfalse); + } + norcow_active_sector = 0; + norcow_active_offset = NORCOW_MAGIC_LEN; } /* * Looks for the given key, returns status of the operation */ -secbool norcow_get(uint16_t key, const void **val, uint16_t *len) -{ - return find_item(norcow_active_sector, key, val, len); +secbool norcow_get(uint16_t key, const void **val, uint16_t *len) { + return find_item(norcow_active_sector, key, val, len); } /* * Sets the given key, returns status of the operation */ -secbool norcow_set(uint16_t key, const void *val, uint16_t len) -{ - // check whether there is enough free space - // and compact if full - if (norcow_active_offset + sizeof(uint32_t) + len > NORCOW_SECTOR_SIZE) { - compact(); - } - // write item - uint32_t pos; - secbool r = write_item(norcow_active_sector, norcow_active_offset, key, val, len, &pos); - if (sectrue == r) { - norcow_active_offset = pos; - } - return r; +secbool norcow_set(uint16_t key, const void *val, uint16_t len) { + // check whether there is enough free space + // and compact if full + if (norcow_active_offset + sizeof(uint32_t) + len > NORCOW_SECTOR_SIZE) { + compact(); + } + // write item + uint32_t pos; + secbool r = write_item(norcow_active_sector, norcow_active_offset, key, val, + len, &pos); + if (sectrue == r) { + norcow_active_offset = pos; + } + return r; } /* * Update a word in flash at the given pointer. The pointer must point * into the NORCOW area. */ -secbool norcow_update(uint16_t key, uint16_t offset, uint32_t value) -{ - const void *ptr; - uint16_t len; - if (sectrue != find_item(norcow_active_sector, key, &ptr, &len)) { - return secfalse; - } - if ((offset & 3) != 0 || offset >= len) { - return secfalse; - } - uint32_t sector_offset = (const uint8_t*) ptr - (const uint8_t *)norcow_ptr(norcow_active_sector, 0, NORCOW_SECTOR_SIZE) + offset; - ensure(flash_unlock(), NULL); - ensure(flash_write_word(norcow_sectors[norcow_active_sector], sector_offset, value), NULL); - ensure(flash_lock(), NULL); - return sectrue; +secbool norcow_update(uint16_t key, uint16_t offset, uint32_t value) { + const void *ptr; + uint16_t len; + if (sectrue != find_item(norcow_active_sector, key, &ptr, &len)) { + return secfalse; + } + if ((offset & 3) != 0 || offset >= len) { + return secfalse; + } + uint32_t sector_offset = + (const uint8_t *)ptr - + (const uint8_t *)norcow_ptr(norcow_active_sector, 0, NORCOW_SECTOR_SIZE) + + offset; + ensure(flash_unlock(), NULL); + ensure(flash_write_word(norcow_sectors[norcow_active_sector], sector_offset, + value), + NULL); + ensure(flash_lock(), NULL); + return sectrue; } diff --git a/storage/tests/c0/norcow_config.h b/storage/tests/c0/norcow_config.h index ff7b1eb0b..fcddf1314 100644 --- a/storage/tests/c0/norcow_config.h +++ b/storage/tests/c0/norcow_config.h @@ -23,7 +23,8 @@ #include "flash.h" #define NORCOW_SECTOR_COUNT 2 -#define NORCOW_SECTOR_SIZE (64*1024) -#define NORCOW_SECTORS {4, 16} +#define NORCOW_SECTOR_SIZE (64 * 1024) +#define NORCOW_SECTORS \ + { 4, 16 } #endif diff --git a/storage/tests/c0/secbool.h b/storage/tests/c0/secbool.h index 76dfb38dc..65860dd76 100644 --- a/storage/tests/c0/secbool.h +++ b/storage/tests/c0/secbool.h @@ -23,11 +23,11 @@ #include typedef uint32_t secbool; -#define sectrue 0xAAAAAAAAU +#define sectrue 0xAAAAAAAAU #define secfalse 0x00000000U #ifndef __wur -#define __wur __attribute__ ((warn_unused_result)) +#define __wur __attribute__((warn_unused_result)) #endif #endif diff --git a/storage/tests/c0/storage.c b/storage/tests/c0/storage.c index 5e0f8343b..c35972485 100644 --- a/storage/tests/c0/storage.c +++ b/storage/tests/c0/storage.c @@ -40,199 +40,184 @@ static secbool initialized = secfalse; static secbool unlocked = secfalse; static PIN_UI_WAIT_CALLBACK ui_callback = NULL; -void storage_init(PIN_UI_WAIT_CALLBACK callback) -{ - initialized = secfalse; - unlocked = secfalse; - norcow_init(); - initialized = sectrue; - ui_callback = callback; +void storage_init(PIN_UI_WAIT_CALLBACK callback) { + initialized = secfalse; + unlocked = secfalse; + norcow_init(); + initialized = sectrue; + ui_callback = callback; } -static secbool pin_fails_reset(uint16_t ofs) -{ - return norcow_update(PIN_FAIL_KEY, ofs, 0); +static secbool pin_fails_reset(uint16_t ofs) { + return norcow_update(PIN_FAIL_KEY, ofs, 0); } -static secbool pin_fails_increase(const uint32_t *ptr, uint16_t ofs) -{ - uint32_t ctr = *ptr; - ctr = ctr << 1; +static secbool pin_fails_increase(const uint32_t *ptr, uint16_t ofs) { + uint32_t ctr = *ptr; + ctr = ctr << 1; - if (sectrue != norcow_update(PIN_FAIL_KEY, ofs, ctr)) { - return secfalse; - } + if (sectrue != norcow_update(PIN_FAIL_KEY, ofs, ctr)) { + return secfalse; + } - uint32_t check = *ptr; - if (ctr != check) { - return secfalse; - } - return sectrue; + uint32_t check = *ptr; + if (ctr != check) { + return secfalse; + } + return sectrue; } -static void pin_fails_check_max(uint32_t ctr) -{ - if (~ctr >= (1 << PIN_MAX_TRIES)) { - norcow_wipe(); - ensure(secfalse, "pin_fails_check_max"); - } +static void pin_fails_check_max(uint32_t ctr) { + if (~ctr >= (1 << PIN_MAX_TRIES)) { + norcow_wipe(); + ensure(secfalse, "pin_fails_check_max"); + } } -static secbool pin_cmp(const uint32_t pin) -{ - const void *spin = NULL; - uint16_t spinlen = 0; - norcow_get(PIN_KEY, &spin, &spinlen); - if (NULL != spin && spinlen == sizeof(uint32_t)) { - return sectrue * (pin == *(const uint32_t*)spin); - } else { - return sectrue * (1 == pin); - } +static secbool pin_cmp(const uint32_t pin) { + const void *spin = NULL; + uint16_t spinlen = 0; + norcow_get(PIN_KEY, &spin, &spinlen); + if (NULL != spin && spinlen == sizeof(uint32_t)) { + return sectrue * (pin == *(const uint32_t *)spin); + } else { + return sectrue * (1 == pin); + } } -static secbool pin_get_fails(const uint32_t **pinfail, uint32_t *pofs) -{ - const void *vpinfail; - uint16_t pinfaillen; - unsigned int ofs; - // The PIN_FAIL_KEY points to an area of words, initialized to - // 0xffffffff (meaning no pin failures). The first non-zero word - // in this area is the current pin failure counter. If PIN_FAIL_KEY - // has no configuration or is empty, the pin failure counter is 0. - // We rely on the fact that flash allows to clear bits and we clear one - // bit to indicate pin failure. On success, the word is set to 0, - // indicating that the next word is the pin failure counter. - - // Find the current pin failure counter - if (secfalse != norcow_get(PIN_FAIL_KEY, &vpinfail, &pinfaillen)) { - *pinfail = vpinfail; - for (ofs = 0; ofs < pinfaillen / sizeof(uint32_t); ofs++) { - if (((const uint32_t *) vpinfail)[ofs]) { - *pinfail = vpinfail; - *pofs = ofs; - return sectrue; - } - } - } - - // No pin failure section, or all entries used -> create a new one. - uint32_t pinarea[PIN_FAIL_SECTOR_SIZE]; - memset(pinarea, 0xff, sizeof(pinarea)); - if (sectrue != norcow_set(PIN_FAIL_KEY, pinarea, sizeof(pinarea))) { - return secfalse; - } - if (sectrue != norcow_get(PIN_FAIL_KEY, &vpinfail, &pinfaillen)) { - return secfalse; - } +static secbool pin_get_fails(const uint32_t **pinfail, uint32_t *pofs) { + const void *vpinfail; + uint16_t pinfaillen; + unsigned int ofs; + // The PIN_FAIL_KEY points to an area of words, initialized to + // 0xffffffff (meaning no pin failures). The first non-zero word + // in this area is the current pin failure counter. If PIN_FAIL_KEY + // has no configuration or is empty, the pin failure counter is 0. + // We rely on the fact that flash allows to clear bits and we clear one + // bit to indicate pin failure. On success, the word is set to 0, + // indicating that the next word is the pin failure counter. + + // Find the current pin failure counter + if (secfalse != norcow_get(PIN_FAIL_KEY, &vpinfail, &pinfaillen)) { *pinfail = vpinfail; - *pofs = 0; - return sectrue; + for (ofs = 0; ofs < pinfaillen / sizeof(uint32_t); ofs++) { + if (((const uint32_t *)vpinfail)[ofs]) { + *pinfail = vpinfail; + *pofs = ofs; + return sectrue; + } + } + } + + // No pin failure section, or all entries used -> create a new one. + uint32_t pinarea[PIN_FAIL_SECTOR_SIZE]; + memset(pinarea, 0xff, sizeof(pinarea)); + if (sectrue != norcow_set(PIN_FAIL_KEY, pinarea, sizeof(pinarea))) { + return secfalse; + } + if (sectrue != norcow_get(PIN_FAIL_KEY, &vpinfail, &pinfaillen)) { + return secfalse; + } + *pinfail = vpinfail; + *pofs = 0; + return sectrue; } -secbool storage_check_pin(const uint32_t pin) -{ - const uint32_t *pinfail = NULL; - uint32_t ofs; - uint32_t ctr; - - // Get the pin failure counter - if (pin_get_fails(&pinfail, &ofs) != sectrue) { - return secfalse; - } - - // Read current failure counter - ctr = pinfail[ofs]; - // Wipe storage if too many failures - pin_fails_check_max(ctr); - - // Sleep for ~ctr seconds before checking the PIN. - uint32_t progress; - for (uint32_t wait = ~ctr; wait > 0; wait--) { - for (int i = 0; i < 10; i++) { - if (ui_callback) { - if ((~ctr) > 1000000) { // precise enough - progress = (~ctr - wait) / ((~ctr) / 1000); - } else { - progress = ((~ctr - wait) * 10 + i) * 100 / (~ctr); - } - ui_callback(wait, progress); - } - hal_delay(100); +secbool storage_check_pin(const uint32_t pin) { + const uint32_t *pinfail = NULL; + uint32_t ofs; + uint32_t ctr; + + // Get the pin failure counter + if (pin_get_fails(&pinfail, &ofs) != sectrue) { + return secfalse; + } + + // Read current failure counter + ctr = pinfail[ofs]; + // Wipe storage if too many failures + pin_fails_check_max(ctr); + + // Sleep for ~ctr seconds before checking the PIN. + uint32_t progress; + for (uint32_t wait = ~ctr; wait > 0; wait--) { + for (int i = 0; i < 10; i++) { + if (ui_callback) { + if ((~ctr) > 1000000) { // precise enough + progress = (~ctr - wait) / ((~ctr) / 1000); + } else { + progress = ((~ctr - wait) * 10 + i) * 100 / (~ctr); } - } - // Show last frame if we were waiting - if ((~ctr > 0) && ui_callback) { - ui_callback(0, 1000); - } - - // First, we increase PIN fail counter in storage, even before checking the - // PIN. If the PIN is correct, we reset the counter afterwards. If not, we - // check if this is the last allowed attempt. - if (sectrue != pin_fails_increase(pinfail + ofs, ofs * sizeof(uint32_t))) { - return secfalse; - } - if (sectrue != pin_cmp(pin)) { - // Wipe storage if too many failures - pin_fails_check_max(ctr << 1); - return secfalse; - } - // Finally set the counter to 0 to indicate success. - return pin_fails_reset(ofs * sizeof(uint32_t)); + ui_callback(wait, progress); + } + hal_delay(100); + } + } + // Show last frame if we were waiting + if ((~ctr > 0) && ui_callback) { + ui_callback(0, 1000); + } + + // First, we increase PIN fail counter in storage, even before checking the + // PIN. If the PIN is correct, we reset the counter afterwards. If not, we + // check if this is the last allowed attempt. + if (sectrue != pin_fails_increase(pinfail + ofs, ofs * sizeof(uint32_t))) { + return secfalse; + } + if (sectrue != pin_cmp(pin)) { + // Wipe storage if too many failures + pin_fails_check_max(ctr << 1); + return secfalse; + } + // Finally set the counter to 0 to indicate success. + return pin_fails_reset(ofs * sizeof(uint32_t)); } -secbool storage_unlock(const uint32_t pin) -{ - unlocked = secfalse; - if (sectrue == initialized && sectrue == storage_check_pin(pin)) { - unlocked = sectrue; - } - return unlocked; +secbool storage_unlock(const uint32_t pin) { + unlocked = secfalse; + if (sectrue == initialized && sectrue == storage_check_pin(pin)) { + unlocked = sectrue; + } + return unlocked; } -secbool storage_get(const uint16_t key, const void **val, uint16_t *len) -{ - const uint8_t app = key >> 8; - // APP == 0 is reserved for PIN related values - if (sectrue != initialized || app == 0) { - return secfalse; - } - // top bit of APP set indicates the value can be read from unlocked device - if (sectrue != unlocked && ((app & 0x80) == 0)) { - return secfalse; - } - return norcow_get(key, val, len); +secbool storage_get(const uint16_t key, const void **val, uint16_t *len) { + const uint8_t app = key >> 8; + // APP == 0 is reserved for PIN related values + if (sectrue != initialized || app == 0) { + return secfalse; + } + // top bit of APP set indicates the value can be read from unlocked device + if (sectrue != unlocked && ((app & 0x80) == 0)) { + return secfalse; + } + return norcow_get(key, val, len); } -secbool storage_set(const uint16_t key, const void *val, uint16_t len) -{ - const uint8_t app = key >> 8; - // APP == 0 is reserved for PIN related values - if (sectrue != initialized || sectrue != unlocked || app == 0) { - return secfalse; - } - return norcow_set(key, val, len); +secbool storage_set(const uint16_t key, const void *val, uint16_t len) { + const uint8_t app = key >> 8; + // APP == 0 is reserved for PIN related values + if (sectrue != initialized || sectrue != unlocked || app == 0) { + return secfalse; + } + return norcow_set(key, val, len); } -secbool storage_has_pin(void) -{ - if (sectrue != initialized) { - return secfalse; - } - return sectrue == pin_cmp(1) ? secfalse : sectrue; +secbool storage_has_pin(void) { + if (sectrue != initialized) { + return secfalse; + } + return sectrue == pin_cmp(1) ? secfalse : sectrue; } -secbool storage_change_pin(const uint32_t oldpin, const uint32_t newpin) -{ - if (sectrue != initialized || sectrue != unlocked) { - return secfalse; - } - if (sectrue != storage_check_pin(oldpin)) { - return secfalse; - } - return norcow_set(PIN_KEY, &newpin, sizeof(uint32_t)); +secbool storage_change_pin(const uint32_t oldpin, const uint32_t newpin) { + if (sectrue != initialized || sectrue != unlocked) { + return secfalse; + } + if (sectrue != storage_check_pin(oldpin)) { + return secfalse; + } + return norcow_set(PIN_KEY, &newpin, sizeof(uint32_t)); } -void storage_wipe(void) -{ - norcow_wipe(); -} +void storage_wipe(void) { norcow_wipe(); } diff --git a/storage/tests/c0/storage.h b/storage/tests/c0/storage.h index 797528175..25ddd49d1 100644 --- a/storage/tests/c0/storage.h +++ b/storage/tests/c0/storage.h @@ -20,8 +20,8 @@ #ifndef __STORAGE_H__ #define __STORAGE_H__ -#include #include +#include #include "secbool.h" typedef void (*PIN_UI_WAIT_CALLBACK)(uint32_t wait, uint32_t progress);