arno
/
trezor-firmware
mirror of https://github.com/trezor/trezor-firmware.git
1
0
Fork 0
Code Issues Releases Wiki Activity

introduce and use memzero instead of explicit_bzero

Browse Source
pull/25/head
Pavol Rusnak 6 years ago
parent 4a2d68acb9
commit bd660655ee
No known key found for this signature in database
GPG Key ID: 91F3B339B9A02A3D
8 changed files with 22 additions and 15 deletions
Show Stats Download Patch File Download Diff File

1
bootloader/Makefile
Unescape View File

@ -8,6 +8,7 @@ OBJS += ../vendor/trezor-crypto/bignum.small.o
OBJS += ../vendor/trezor-crypto/ecdsa.small.o OBJS += ../vendor/trezor-crypto/ecdsa.small.o
OBJS += ../vendor/trezor-crypto/secp256k1.small.o OBJS += ../vendor/trezor-crypto/secp256k1.small.o
OBJS += ../vendor/trezor-crypto/sha2.small.o OBJS += ../vendor/trezor-crypto/sha2.small.o
OBJS += ../vendor/trezor-crypto/memzero.small.o
CFLAGS += -DUSE_PRECOMPUTED_IV=0 CFLAGS += -DUSE_PRECOMPUTED_IV=0
CFLAGS += -DUSE_PRECOMPUTED_CP=0 CFLAGS += -DUSE_PRECOMPUTED_CP=0

9
bootloader/usb.c
Unescape View File

@ -35,6 +35,7 @@
#include "sha2.h" #include "sha2.h"
#include "ecdsa.h" #include "ecdsa.h"
#include "secp256k1.h" #include "secp256k1.h"
#include "memzero.h"
#define FIRMWARE_MAGIC "TRZR" #define FIRMWARE_MAGIC "TRZR"
@ -402,7 +403,7 @@ static void hid_rx_callback(usbd_device *dev, uint8_t ep)
// restore metadata from backup // restore metadata from backup
erase_metadata_sectors(); erase_metadata_sectors();
restore_metadata(meta_backup); restore_metadata(meta_backup);
explicit_bzero(meta_backup, sizeof(meta_backup)); memzero(meta_backup, sizeof(meta_backup));
// compare against known hash computed via the following Python3 script: // compare against known hash computed via the following Python3 script:
// hashlib.sha256(binascii.unhexlify('0F5A693C' * 8192)).hexdigest() // hashlib.sha256(binascii.unhexlify('0F5A693C' * 8192)).hexdigest()
@ -599,7 +600,7 @@ static void hid_rx_callback(usbd_device *dev, uint8_t ep)
// 2) firmware restore flag isn't set // 2) firmware restore flag isn't set
// 3) signatures are not ok // 3) signatures are not ok
if (old_was_unsigned || (flags & 0x01) == 0 || !signatures_ok(NULL)) { if (old_was_unsigned || (flags & 0x01) == 0 || !signatures_ok(NULL)) {
explicit_bzero(meta_backup, sizeof(meta_backup)); memzero(meta_backup, sizeof(meta_backup));
} }
// copy new firmware header // copy new firmware header
memcpy(meta_backup, (void *)FLASH_META_START, FLASH_META_DESC_LEN); memcpy(meta_backup, (void *)FLASH_META_START, FLASH_META_DESC_LEN);
@ -607,12 +608,12 @@ static void hid_rx_callback(usbd_device *dev, uint8_t ep)
if (hash_check_ok) { if (hash_check_ok) {
memcpy(meta_backup, FIRMWARE_MAGIC, 4); memcpy(meta_backup, FIRMWARE_MAGIC, 4);
} else { } else {
explicit_bzero(meta_backup, 4); memzero(meta_backup, 4);
} }
// no need to erase, because we are not changing any already flashed byte. // no need to erase, because we are not changing any already flashed byte.
restore_metadata(meta_backup); restore_metadata(meta_backup);
explicit_bzero(meta_backup, sizeof(meta_backup)); memzero(meta_backup, sizeof(meta_backup));
flash_state = STATE_END; flash_state = STATE_END;
if (hash_check_ok) { if (hash_check_ok) {

1
firmware/Makefile
Unescape View File

@ -41,6 +41,7 @@ OBJS += ../vendor/trezor-crypto/curves.o
OBJS += ../vendor/trezor-crypto/secp256k1.o OBJS += ../vendor/trezor-crypto/secp256k1.o
OBJS += ../vendor/trezor-crypto/nist256p1.o OBJS += ../vendor/trezor-crypto/nist256p1.o
OBJS += ../vendor/trezor-crypto/rand.o OBJS += ../vendor/trezor-crypto/rand.o
OBJS += ../vendor/trezor-crypto/memzero.o
OBJS += ../vendor/trezor-crypto/ed25519-donna/curve25519-donna-32bit.o OBJS += ../vendor/trezor-crypto/ed25519-donna/curve25519-donna-32bit.o
OBJS += ../vendor/trezor-crypto/ed25519-donna/curve25519-donna-helpers.o OBJS += ../vendor/trezor-crypto/ed25519-donna/curve25519-donna-helpers.o

5
firmware/ethereum.c
Unescape View File

@ -33,6 +33,7 @@
#include "util.h" #include "util.h"
#include "gettext.h" #include "gettext.h"
#include "ethereum_tokens.h" #include "ethereum_tokens.h"
#include "memzero.h"
/* maximum supported chain id. v must fit in an uint32_t. */ /* maximum supported chain id. v must fit in an uint32_t. */
#define MAX_CHAIN_ID 2147483630 #define MAX_CHAIN_ID 2147483630
@ -193,7 +194,7 @@ static void send_signature(void)
return; return;
} }
explicit_bzero(privkey, sizeof(privkey)); memzero(privkey, sizeof(privkey));
/* Send back the result */ /* Send back the result */
msg_tx_request.has_data_length = false; msg_tx_request.has_data_length = false;
@ -592,7 +593,7 @@ void ethereum_signing_txack(EthereumTxAck *tx)
void ethereum_signing_abort(void) void ethereum_signing_abort(void)
{ {
if (ethereum_signing) { if (ethereum_signing) {
explicit_bzero(privkey, sizeof(privkey)); memzero(privkey, sizeof(privkey));
layoutHome(); layoutHome();
ethereum_signing = false; ethereum_signing = false;
} }

3
firmware/protect.c
Unescape View File

@ -29,6 +29,7 @@
#include "util.h" #include "util.h"
#include "debug.h" #include "debug.h"
#include "gettext.h" #include "gettext.h"
#include "memzero.h"
#define MAX_WRONG_PINS 15 #define MAX_WRONG_PINS 15
@ -231,7 +232,7 @@ bool protectChangePin(void)
storage_update(); storage_update();
} }
explicit_bzero(pin_compare, sizeof(pin_compare)); memzero(pin_compare, sizeof(pin_compare));
return result; return result;
} }

7
firmware/recovery.c
Unescape View File

@ -33,6 +33,7 @@
#include "gettext.h" #include "gettext.h"
#include "types.pb.h" #include "types.pb.h"
#include "recovery-table.h" #include "recovery-table.h"
#include "memzero.h"
/* number of words expected in the new seed */ /* number of words expected in the new seed */
static uint32_t word_count; static uint32_t word_count;
@ -142,7 +143,7 @@ static void recovery_done(void) {
if (!dry_run) { if (!dry_run) {
// Update mnemonic on storage. // Update mnemonic on storage.
storage_setMnemonic(new_mnemonic); storage_setMnemonic(new_mnemonic);
explicit_bzero(new_mnemonic, sizeof(new_mnemonic)); memzero(new_mnemonic, sizeof(new_mnemonic));
if (!enforce_wordlist) { if (!enforce_wordlist) {
// not enforcing => mark storage as imported // not enforcing => mark storage as imported
storage_setImported(true); storage_setImported(true);
@ -152,7 +153,7 @@ static void recovery_done(void) {
} else { } else {
// Inform the user about new mnemonic correctness (as well as whether it is the same as the current one). // Inform the user about new mnemonic correctness (as well as whether it is the same as the current one).
bool match = (storage_isInitialized() && storage_containsMnemonic(new_mnemonic)); bool match = (storage_isInitialized() && storage_containsMnemonic(new_mnemonic));
explicit_bzero(new_mnemonic, sizeof(new_mnemonic)); memzero(new_mnemonic, sizeof(new_mnemonic));
if (match) { if (match) {
layoutDialog(&bmp_icon_ok, NULL, _("Confirm"), NULL, layoutDialog(&bmp_icon_ok, NULL, _("Confirm"), NULL,
_("The seed is valid"), _("The seed is valid"),
@ -172,7 +173,7 @@ static void recovery_done(void) {
} }
} else { } else {
// New mnemonic is invalid. // New mnemonic is invalid.
explicit_bzero(new_mnemonic, sizeof(new_mnemonic)); memzero(new_mnemonic, sizeof(new_mnemonic));
if (!dry_run) { if (!dry_run) {
session_clear(true); session_clear(true);
} else { } else {

9
firmware/storage.c
Unescape View File

@ -41,6 +41,7 @@
#include "usb.h" #include "usb.h"
#include "gettext.h" #include "gettext.h"
#include "u2f.h" #include "u2f.h"
#include "memzero.h"
/* magic constant to check validity of storage block */ /* magic constant to check validity of storage block */
static const uint32_t storage_magic = 0x726f7473; // 'stor' as uint32_t static const uint32_t storage_magic = 0x726f7473; // 'stor' as uint32_t
@ -262,9 +263,9 @@ void storage_generate_uuid(void)
void session_clear(bool clear_pin) void session_clear(bool clear_pin)
{ {
sessionSeedCached = false; sessionSeedCached = false;
explicit_bzero(&sessionSeed, sizeof(sessionSeed)); memzero(&sessionSeed, sizeof(sessionSeed));
sessionPassphraseCached = false; sessionPassphraseCached = false;
explicit_bzero(&sessionPassphrase, sizeof(sessionPassphrase)); memzero(&sessionPassphrase, sizeof(sessionPassphrase));
if (clear_pin) { if (clear_pin) {
sessionPinCached = false; sessionPinCached = false;
} }
@ -297,7 +298,7 @@ static void storage_compute_u2froot(const char* mnemonic, StorageHDNode *u2froot
u2froot->has_private_key = true; u2froot->has_private_key = true;
u2froot->private_key.size = sizeof(node.private_key); u2froot->private_key.size = sizeof(node.private_key);
memcpy(u2froot->private_key.bytes, node.private_key, sizeof(node.private_key)); memcpy(u2froot->private_key.bytes, node.private_key, sizeof(node.private_key));
explicit_bzero(&node, sizeof(node)); memzero(&node, sizeof(node));
session_clear(false); // invalidate seed cache session_clear(false); // invalidate seed cache
} }
@ -399,7 +400,7 @@ static void storage_commit_locked(bool update)
void storage_clear_update(void) void storage_clear_update(void)
{ {
explicit_bzero(&storageUpdate, sizeof(storageUpdate)); memzero(&storageUpdate, sizeof(storageUpdate));
} }
void storage_update(void) void storage_update(void)

2
vendor/trezor-crypto vendored

@ -1 +1 @@
Subproject commit b7f73ee3ff78e09c266a30dbc31407558d471615 Subproject commit bb4c3d052561bd31856a03d975ca226571f6a893
Write Preview
Loading…
Cancel
Save