arno
/
trezor-firmware
mirror of https://github.com/trezor/trezor-firmware.git
1
0
Fork 0
Code Issues Releases Wiki Activity

test(storage): add upgrade test from version 3

Browse Source 
[no changelog]
pull/3522/head
tychovrahe 3 months ago committed by TychoVrahe
parent 434ed04b7f
commit cd8a0ea690
20 changed files with 3443 additions and 0 deletions
Show Stats Download Patch File Download Diff File

2
storage/tests/Makefile
Unescape View File

@ -6,10 +6,12 @@ build:
$(MAKE) -C c $(MAKE) -C c
$(MAKE) -C c libtrezor-storage-qw.so $(MAKE) -C c libtrezor-storage-qw.so
$(MAKE) -C c0 $(MAKE) -C c0
$(MAKE) -C c3
clean: clean:
$(MAKE) -C c clean $(MAKE) -C c clean
$(MAKE) -C c0 clean $(MAKE) -C c0 clean
$(MAKE) -C c3 clean
## tests commands: ## tests commands:
tests: tests:

46
storage/tests/c3/Makefile
Unescape View File

@ -0,0 +1,46 @@
CC = cc
CFLAGS = -Wall -Wshadow -Wextra -Wpedantic -Werror -Wno-missing-braces
CFLAGS += -fPIC
CFALGS += -fsanitize=address,undefined
CFLAGS += -DTREZOR_MODEL_T
CFLAGS += -DUSE_INSECURE_PRNG
LIBS =
INC = -I ../../../crypto -I ../.. -I .
BASE = ../../../
SRC = storage/tests/c3/flash.c
SRC += storage/tests/c3/common.c
SRC += storage/tests/c3/random_delays.c
SRC += storage/tests/c3/test_layout.c
SRC += storage/tests/c3/flash_common.c
SRC += storage/tests/c3/storage.c
SRC += storage/tests/c3/norcow.c
SRC += crypto/pbkdf2.c
SRC += crypto/rand.c
SRC += crypto/chacha20poly1305/rfc7539.c
SRC += crypto/chacha20poly1305/chacha20poly1305.c
SRC += crypto/chacha20poly1305/poly1305-donna.c
SRC += crypto/chacha20poly1305/chacha_merged.c
SRC += crypto/hmac.c
SRC += crypto/sha2.c
SRC += crypto/memzero.c
OBJ = $(SRC:%.c=build/%.o)
OUT = libtrezor-storage3.so
$(OUT): $(OBJ)
$(CC) $(CFLAGS) $(LIBS) $(OBJ) -shared -o $(OUT)
build/crypto/chacha20poly1305/chacha_merged.o: $(BASE)crypto/chacha20poly1305/chacha_merged.c
mkdir -p $(@D)
$(CC) $(CFLAGS) $(INC) -c $< -o $@
build/%.o: $(BASE)%.c $(BASE)%.h
mkdir -p $(@D)
$(CC) $(CFLAGS) $(INC) -c $< -o $@
clean:
rm -f $(OUT) $(OBJ)

50
storage/tests/c3/common.c
Unescape View File

@ -0,0 +1,50 @@
/*
* This file is part of the Trezor project, https://trezor.io/
*
* Copyright (c) SatoshiLabs
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "common.h"
void __shutdown(void) {
printf("SHUTDOWN\n");
exit(3);
}
void __fatal_error(const char *expr, const char *msg, const char *file,
int line, const char *func) {
printf("\nFATAL ERROR:\n");
if (expr) {
printf("expr: %s\n", expr);
}
if (msg) {
printf("msg : %s\n", msg);
}
if (file) {
printf("file: %s:%d\n", file, line);
}
if (func) {
printf("func: %s\n", func);
}
__shutdown();
}
void show_wipe_code_screen(void) {}
void show_pin_too_many_screen(void) {}

38
storage/tests/c3/common.h
Unescape View File

@ -0,0 +1,38 @@
/*
* This file is part of the Trezor project, https://trezor.io/
*
* Copyright (c) SatoshiLabs
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef __TREZORHAL_COMMON_H__
#define __TREZORHAL_COMMON_H__
#include "secbool.h"
void __fatal_error(const char *expr, const char *msg, const char *file,
int line, const char *func);
void show_wipe_code_screen(void);
void show_pin_too_many_screen(void);
#define ensure(expr, msg) \
(((expr) == sectrue) \
? (void)0 \
: __fatal_error(#expr, msg, __FILE__, __LINE__, __func__))
#define hal_delay(ms) (void)ms;
#endif

148
storage/tests/c3/flash.c
Unescape View File

@ -0,0 +1,148 @@
/*
* This file is part of the Trezor project, https://trezor.io/
*
* Copyright (c) SatoshiLabs
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <assert.h>
#include <stdlib.h>
#include <string.h>
#include "common.h"
#include "flash.h"
#include "norcow_config.h"
#define FLASH_SECTOR_COUNT 24
static const uint32_t FLASH_START = 0x08000000;
static const uint32_t FLASH_END = 0x08200000;
static const uint32_t FLASH_SECTOR_TABLE[FLASH_SECTOR_COUNT + 1] = {
[0] = FLASH_START, // - 0x08003FFF | 16 KiB
[1] = 0x08004000, // - 0x08007FFF | 16 KiB
[2] = 0x08008000, // - 0x0800BFFF | 16 KiB
[3] = 0x0800C000, // - 0x0800FFFF | 16 KiB
[4] = 0x08010000, // - 0x0801FFFF | 64 KiB
[5] = 0x08020000, // - 0x0803FFFF | 128 KiB
[6] = 0x08040000, // - 0x0805FFFF | 128 KiB
[7] = 0x08060000, // - 0x0807FFFF | 128 KiB
[8] = 0x08080000, // - 0x0809FFFF | 128 KiB
[9] = 0x080A0000, // - 0x080BFFFF | 128 KiB
[10] = 0x080C0000, // - 0x080DFFFF | 128 KiB
[11] = 0x080E0000, // - 0x080FFFFF | 128 KiB
[12] = 0x08100000, // - 0x08103FFF | 16 KiB
[13] = 0x08104000, // - 0x08107FFF | 16 KiB
[14] = 0x08108000, // - 0x0810BFFF | 16 KiB
[15] = 0x0810C000, // - 0x0810FFFF | 16 KiB
[16] = 0x08110000, // - 0x0811FFFF | 64 KiB
[17] = 0x08120000, // - 0x0813FFFF | 128 KiB
[18] = 0x08140000, // - 0x0815FFFF | 128 KiB
[19] = 0x08160000, // - 0x0817FFFF | 128 KiB
[20] = 0x08180000, // - 0x0819FFFF | 128 KiB
[21] = 0x081A0000, // - 0x081BFFFF | 128 KiB
[22] = 0x081C0000, // - 0x081DFFFF | 128 KiB
[23] = 0x081E0000, // - 0x081FFFFF | 128 KiB
[24] = FLASH_END, // last element - not a valid sector
};
const uint32_t FLASH_SIZE = FLASH_END - FLASH_START;
uint8_t *FLASH_BUFFER = NULL;
secbool flash_unlock_write(void) { return sectrue; }
secbool flash_lock_write(void) { return sectrue; }
uint32_t flash_sector_size(uint16_t sector) {
if (sector >= FLASH_SECTOR_COUNT) {
return 0;
}
return FLASH_SECTOR_TABLE[sector + 1] - FLASH_SECTOR_TABLE[sector];
}
const void *flash_get_address(uint16_t sector, uint32_t offset, uint32_t size) {
if (sector >= FLASH_SECTOR_COUNT) {
return NULL;
}
const uint32_t addr = FLASH_SECTOR_TABLE[sector] + offset;
const uint32_t next = FLASH_SECTOR_TABLE[sector + 1];
if (addr + size > next) {
return NULL;
}
return FLASH_BUFFER + addr - FLASH_SECTOR_TABLE[0];
}
secbool flash_area_erase_bulk(const flash_area_t *area, int count,
void (*progress)(int pos, int len)) {
ensure(flash_unlock_write(), NULL);
int total_sectors = 0;
int done_sectors = 0;
for (int a = 0; a < count; a++) {
for (int i = 0; i < area[a].num_subareas; i++) {
total_sectors += area[a].subarea[i].num_sectors;
}
}
if (progress) {
progress(0, total_sectors);
}
for (int a = 0; a < count; a++) {
for (int s = 0; s < area[a].num_subareas; s++) {
for (int i = 0; i < area[a].subarea[s].num_sectors; i++) {
int sector = area[a].subarea[s].first_sector + i;
const uint32_t offset =
FLASH_SECTOR_TABLE[sector] - FLASH_SECTOR_TABLE[0];
const uint32_t size =
FLASH_SECTOR_TABLE[sector + 1] - FLASH_SECTOR_TABLE[sector];
memset(FLASH_BUFFER + offset, 0xFF, size);
done_sectors++;
if (progress) {
progress(done_sectors, total_sectors);
}
}
}
}
ensure(flash_lock_write(), NULL);
return sectrue;
}
secbool flash_write_byte(uint16_t sector, uint32_t offset, uint8_t data) {
uint8_t *flash = (uint8_t *)flash_get_address(sector, offset, 1);
if (!flash) {
return secfalse;
}
if ((flash[0] & data) != data) {
return secfalse; // we cannot change zeroes to ones
}
flash[0] = data;
return sectrue;
}
secbool flash_write_word(uint16_t sector, uint32_t offset, uint32_t data) {
if (offset % 4) { // we write only at 4-byte boundary
return secfalse;
}
uint32_t *flash = (uint32_t *)flash_get_address(sector, offset, sizeof(data));
if (!flash) {
return secfalse;
}
if ((flash[0] & data) != data) {
return secfalse; // we cannot change zeroes to ones
}
flash[0] = data;
return sectrue;
}

38
storage/tests/c3/flash.h
Unescape View File

@ -0,0 +1,38 @@
/*
* This file is part of the Trezor project, https://trezor.io/
*
* Copyright (c) SatoshiLabs
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef FLASH_H
#define FLASH_H
#include <stdint.h>
#include <stdlib.h>
#include "secbool.h"
#define FLASH_BYTE_ACCESS 1
#include "flash_common.h"
#include "test_layout.h"
uint32_t flash_sector_size(uint16_t sector);
secbool flash_write_byte(uint16_t sector, uint32_t offset, uint8_t data);
secbool flash_write_word(uint16_t sector, uint32_t offset, uint32_t data);
#endif

133
storage/tests/c3/flash_common.c
Unescape View File

@ -0,0 +1,133 @@
#include "flash.h"
secbool flash_write_byte(uint16_t sector, uint32_t offset, uint8_t data);
secbool flash_write_word(uint16_t sector, uint32_t offset, uint32_t data);
const void *flash_get_address(uint16_t sector, uint32_t offset, uint32_t size);
static uint32_t flash_subarea_get_size(const flash_subarea_t *subarea) {
uint32_t size = 0;
for (int s = 0; s < subarea->num_sectors; s++) {
size += flash_sector_size(subarea->first_sector + s);
}
return size;
}
static secbool subarea_get_sector_and_offset(const flash_subarea_t *subarea,
uint32_t offset,
uint16_t *sector_out,
uint32_t *offset_out) {
uint32_t tmp_offset = offset;
uint16_t sector = subarea->first_sector;
// in correct subarea
for (int s = 0; s < subarea->num_sectors; s++) {
const uint32_t sector_size = flash_sector_size(sector);
if (tmp_offset < sector_size) {
*sector_out = sector;
*offset_out = tmp_offset;
return sectrue;
}
tmp_offset -= sector_size;
sector++;
}
return secfalse;
}
uint32_t flash_area_get_size(const flash_area_t *area) {
uint32_t size = 0;
for (int i = 0; i < area->num_subareas; i++) {
size += flash_subarea_get_size(&area->subarea[i]);
}
return size;
}
uint16_t flash_total_sectors(const flash_area_t *area) {
uint16_t total = 0;
for (int i = 0; i < area->num_subareas; i++) {
total += area->subarea[i].num_sectors;
}
return total;
}
int32_t flash_get_sector_num(const flash_area_t *area,
uint32_t sector_inner_num) {
uint16_t sector = 0;
uint16_t remaining = sector_inner_num;
for (int i = 0; i < area->num_subareas; i++) {
if (remaining < area->subarea[i].num_sectors) {
sector = area->subarea[i].first_sector + remaining;
return sector;
} else {
remaining -= area->subarea[i].num_sectors;
}
}
return -1;
}
static secbool get_sector_and_offset(const flash_area_t *area, uint32_t offset,
uint16_t *sector_out,
uint32_t *offset_out) {
uint32_t tmp_offset = offset;
for (int i = 0; i < area->num_subareas; i++) {
uint32_t sub_size = flash_subarea_get_size(&area->subarea[i]);
if (tmp_offset >= sub_size) {
tmp_offset -= sub_size;
continue;
}
return subarea_get_sector_and_offset(&area->subarea[i], tmp_offset,
sector_out, offset_out);
}
return secfalse;
}
const void *flash_area_get_address(const flash_area_t *area, uint32_t offset,
uint32_t size) {
uint16_t sector;
uint32_t sector_offset;
if (!get_sector_and_offset(area, offset, &sector, &sector_offset)) {
return NULL;
}
return flash_get_address(sector, sector_offset, size);
}
secbool flash_area_erase(const flash_area_t *area,
void (*progress)(int pos, int len)) {
return flash_area_erase_bulk(area, 1, progress);
}
secbool flash_area_write_byte(const flash_area_t *area, uint32_t offset,
uint8_t data) {
uint16_t sector;
uint32_t sector_offset;
if (get_sector_and_offset(area, offset, &sector, &sector_offset) != sectrue) {
return secfalse;
}
return flash_write_byte(sector, sector_offset, data);
}
secbool flash_area_write_word(const flash_area_t *area, uint32_t offset,
uint32_t data) {
uint16_t sector;
uint32_t sector_offset;
if (get_sector_and_offset(area, offset, &sector, &sector_offset) != sectrue) {
return secfalse;
}
return flash_write_word(sector, sector_offset, data);
}
secbool flash_area_write_quadword(const flash_area_t *area, uint32_t offset,
const uint32_t *data) {
for (int i = 0; i < 4; i++) {
if (sectrue !=
flash_area_write_word(area, offset + i * sizeof(uint32_t), data[i])) {
return secfalse;
}
}
return sectrue;
}

45
storage/tests/c3/flash_common.h
Unescape View File

@ -0,0 +1,45 @@
#ifndef FLASH_COMMON_H
#define FLASH_COMMON_H
#include <stdint.h>
#include "secbool.h"
typedef struct {
uint16_t first_sector;
uint16_t num_sectors;
} flash_subarea_t;
typedef struct {
flash_subarea_t subarea[4];
uint8_t num_subareas;
} flash_area_t;
void flash_init(void);
secbool __wur flash_unlock_write(void);
secbool __wur flash_lock_write(void);
uint32_t flash_sector_size(uint16_t sector);
uint16_t flash_total_sectors(const flash_area_t *area);
int32_t flash_get_sector_num(const flash_area_t *area,
uint32_t sector_inner_num);
const void *flash_area_get_address(const flash_area_t *area, uint32_t offset,
uint32_t size);
uint32_t flash_area_get_size(const flash_area_t *area);
secbool __wur flash_area_erase(const flash_area_t *area,
void (*progress)(int pos, int len));
secbool __wur flash_area_erase_bulk(const flash_area_t *area, int count,
void (*progress)(int pos, int len));
#if defined FLASH_BYTE_ACCESS
secbool __wur flash_area_write_byte(const flash_area_t *area, uint32_t offset,
uint8_t data);
secbool __wur flash_area_write_word(const flash_area_t *area, uint32_t offset,
uint32_t data);
#endif
secbool __wur flash_area_write_quadword(const flash_area_t *area,
uint32_t offset, const uint32_t *data);
#endif

585
storage/tests/c3/norcow.c
Unescape View File

@ -0,0 +1,585 @@
/*
* This file is part of the Trezor project, https://trezor.io/
*
* Copyright (c) SatoshiLabs
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <string.h>
#include "common.h"
#include "flash.h"
#include "norcow.h"
// NRC2 = 4e524332
#define NORCOW_MAGIC ((uint32_t)0x3243524e)
// NRCW = 4e524357
#define NORCOW_MAGIC_V0 ((uint32_t)0x5743524e)
#define NORCOW_WORD_SIZE (sizeof(uint32_t))
#define NORCOW_PREFIX_LEN NORCOW_WORD_SIZE
#define NORCOW_MAGIC_LEN NORCOW_WORD_SIZE
#define NORCOW_VERSION_LEN NORCOW_WORD_SIZE
// The key value which is used to indicate that the entry is not set.
#define NORCOW_KEY_FREE (0xFFFF)
// The key value which is used to indicate that the entry has been deleted.
#define NORCOW_KEY_DELETED (0x0000)
// The offset from the beginning of the sector where stored items start.
#define NORCOW_STORAGE_START \
(NORCOW_HEADER_LEN + NORCOW_MAGIC_LEN + NORCOW_VERSION_LEN)
// The index of the active reading sector and writing sector. These should be
// equal except when storage version upgrade or compaction is in progress.
static uint8_t norcow_active_sector = 0;
static uint8_t norcow_write_sector = 0;
// The norcow version of the reading sector.
static uint32_t norcow_active_version = 0;
// The offset of the first free item in the writing sector.
static uint32_t norcow_free_offset = 0;
/*
* Returns pointer to sector, starting with offset
* Fails when there is not enough space for data of given size
*/
static const void *norcow_ptr(uint8_t sector, uint32_t offset, uint32_t size) {
ensure(sectrue * (sector <= NORCOW_SECTOR_COUNT), "invalid sector");
return flash_area_get_address(&STORAGE_AREAS[sector], offset, size);
}
/*
* Writes data to given sector, starting from offset
*/
static secbool norcow_write(uint8_t sector, uint32_t offset, uint32_t prefix,
const uint8_t *data, uint16_t len) {
if (sector >= NORCOW_SECTOR_COUNT) {
return secfalse;
}
if (offset + NORCOW_PREFIX_LEN + len > NORCOW_SECTOR_SIZE) {
return secfalse;
}
ensure(flash_unlock_write(), NULL);
// write prefix
ensure(flash_area_write_word(&STORAGE_AREAS[sector], offset, prefix), NULL);
offset += NORCOW_PREFIX_LEN;
if (data != NULL) {
// write data
for (uint16_t i = 0; i < len; i++, offset++) {
ensure(flash_area_write_byte(&STORAGE_AREAS[sector], offset, data[i]),
NULL);
}
} else {
offset += len;
}
// pad with zeroes
for (; offset % NORCOW_WORD_SIZE; offset++) {
ensure(flash_area_write_byte(&STORAGE_AREAS[sector], offset, 0x00), NULL);
}
ensure(flash_lock_write(), NULL);
return sectrue;
}
/*
* Erases sector (and sets a magic)
*/
static void erase_sector(uint8_t sector, secbool set_magic) {
#if NORCOW_HEADER_LEN > 0
// Backup the sector header.
uint32_t header_backup[NORCOW_HEADER_LEN / sizeof(uint32_t)] = {0};
const void *sector_start = norcow_ptr(sector, 0, NORCOW_HEADER_LEN);
memcpy(header_backup, sector_start, sizeof(header_backup));
#endif
ensure(flash_area_erase(&STORAGE_AREAS[sector], NULL), "erase failed");
#if NORCOW_HEADER_LEN > 0
// Copy the sector header back.
ensure(flash_unlock_write(), NULL);
for (uint32_t i = 0; i < NORCOW_HEADER_LEN / sizeof(uint32_t); ++i) {
ensure(flash_write_word(norcow_sectors[sector], i * sizeof(uint32_t),
header_backup[i]),
NULL);
}
ensure(flash_lock_write(), NULL);
#endif
if (sectrue == set_magic) {
ensure(norcow_write(sector, NORCOW_HEADER_LEN, NORCOW_MAGIC, NULL, 0),
"set magic failed");
ensure(norcow_write(sector, NORCOW_HEADER_LEN + NORCOW_MAGIC_LEN,
~NORCOW_VERSION, NULL, 0),
"set version failed");
}
}
#define ALIGN4(X) (X) = ((X) + 3) & ~3
/*
* Reads one item starting from offset
*/
static secbool read_item(uint8_t sector, uint32_t offset, uint16_t *key,
const void **val, uint16_t *len, uint32_t *pos) {
*pos = offset;
const void *k = norcow_ptr(sector, *pos, 2);
if (k == NULL) return secfalse;
*pos += 2;
memcpy(key, k, sizeof(uint16_t));
if (*key == NORCOW_KEY_FREE) {
return secfalse;
}
const void *l = norcow_ptr(sector, *pos, 2);
if (l == NULL) return secfalse;
*pos += 2;
memcpy(len, l, sizeof(uint16_t));
*val = norcow_ptr(sector, *pos, *len);
if (*val == NULL) return secfalse;
*pos += *len;
ALIGN4(*pos);
return sectrue;
}
/*
* Writes one item starting from offset
*/
static secbool write_item(uint8_t sector, uint32_t offset, uint16_t key,
const void *val, uint16_t len, uint32_t *pos) {
uint32_t prefix = ((uint32_t)len << 16) | key;
*pos = offset + NORCOW_PREFIX_LEN + len;
ALIGN4(*pos);
return norcow_write(sector, offset, prefix, val, len);
}
/*
* Finds the offset from the beginning of the sector where stored items start.
*/
static secbool find_start_offset(uint8_t sector, uint32_t *offset,
uint32_t *version) {
const uint32_t *magic = norcow_ptr(sector, NORCOW_HEADER_LEN,
NORCOW_MAGIC_LEN + NORCOW_VERSION_LEN);
if (magic == NULL) {
return secfalse;
}
if (*magic == NORCOW_MAGIC) {
*offset = NORCOW_STORAGE_START;
*version = ~(magic[1]);
} else if (*magic == NORCOW_MAGIC_V0) {
*offset = NORCOW_HEADER_LEN + NORCOW_MAGIC_LEN;
*version = 0;
} else {
return secfalse;
}
return sectrue;
}
/*
* Finds item in given sector
*/
static secbool find_item(uint8_t sector, uint16_t key, const void **val,
uint16_t *len) {
*val = NULL;
*len = 0;
uint32_t offset = 0;
uint32_t version = 0;
if (sectrue != find_start_offset(sector, &offset, &version)) {
return secfalse;
}
for (;;) {
uint16_t k = 0, l = 0;
const void *v = NULL;
uint32_t pos = 0;
if (sectrue != read_item(sector, offset, &k, &v, &l, &pos)) {
break;
}
if (key == k) {
*val = v;
*len = l;
}
offset = pos;
}
return sectrue * (*val != NULL);
}
/*
* Finds first unused offset in given sector
*/
static uint32_t find_free_offset(uint8_t sector) {
uint32_t offset = 0;
uint32_t version = 0;
if (sectrue != find_start_offset(sector, &offset, &version)) {
return secfalse;
}
for (;;) {
uint16_t key = 0, len = 0;
const void *val = NULL;
uint32_t pos = 0;
if (sectrue != read_item(sector, offset, &key, &val, &len, &pos)) {
break;
}
offset = pos;
}
return offset;
}
/*
* Compacts active sector and sets new active sector
*/
static void compact(void) {
uint32_t offsetr = 0;
uint32_t version = 0;
if (sectrue != find_start_offset(norcow_active_sector, &offsetr, &version)) {
return;
}
norcow_write_sector = (norcow_active_sector + 1) % NORCOW_SECTOR_COUNT;
erase_sector(norcow_write_sector, sectrue);
uint32_t offsetw = NORCOW_STORAGE_START;
for (;;) {
// read item
uint16_t k = 0, l = 0;
const void *v = NULL;
uint32_t posr = 0;
secbool r = read_item(norcow_active_sector, offsetr, &k, &v, &l, &posr);
if (sectrue != r) {
break;
}
offsetr = posr;
// skip deleted items
if (k == NORCOW_KEY_DELETED) {
continue;
}
// copy the item
uint32_t posw = 0;
ensure(write_item(norcow_write_sector, offsetw, k, v, l, &posw),
"compaction write failed");
offsetw = posw;
}
erase_sector(norcow_active_sector, secfalse);
norcow_active_sector = norcow_write_sector;
norcow_active_version = NORCOW_VERSION;
norcow_free_offset = find_free_offset(norcow_write_sector);
}
/*
* Initializes storage
*/
void norcow_init(uint32_t *norcow_version) {
secbool found = secfalse;
*norcow_version = 0;
norcow_active_sector = 0;
// detect active sector - starts with magic and has highest version
for (uint8_t i = 0; i < NORCOW_SECTOR_COUNT; i++) {
uint32_t offset = 0;
if (sectrue == find_start_offset(i, &offset, &norcow_active_version) &&
norcow_active_version >= *norcow_version) {
found = sectrue;
norcow_active_sector = i;
*norcow_version = norcow_active_version;
}
}
// If no active sectors found or version downgrade, then erase.
if (sectrue != found || *norcow_version > NORCOW_VERSION) {
norcow_wipe();
*norcow_version = NORCOW_VERSION;
} else if (*norcow_version < NORCOW_VERSION) {
// Prepare write sector for storage upgrade.
norcow_write_sector = (norcow_active_sector + 1) % NORCOW_SECTOR_COUNT;
erase_sector(norcow_write_sector, sectrue);
norcow_free_offset = find_free_offset(norcow_write_sector);
} else {
norcow_write_sector = norcow_active_sector;
norcow_free_offset = find_free_offset(norcow_write_sector);
}
}
/*
* Wipe the storage
*/
void norcow_wipe(void) {
// Erase the active sector first, because it contains sensitive data.
erase_sector(norcow_active_sector, sectrue);
for (uint8_t i = 0; i < NORCOW_SECTOR_COUNT; i++) {
if (i != norcow_active_sector) {
erase_sector(i, secfalse);
}
}
norcow_active_version = NORCOW_VERSION;
norcow_write_sector = norcow_active_sector;
norcow_free_offset = NORCOW_STORAGE_START;
}
/*
* Looks for the given key, returns status of the operation
*/
secbool norcow_get(uint16_t key, const void **val, uint16_t *len) {
return find_item(norcow_active_sector, key, val, len);
}
/*
* Reads the next entry in the storage starting at offset. Returns secfalse if
* there is none.
*/
secbool norcow_get_next(uint32_t *offset, uint16_t *key, const void **val,
uint16_t *len) {
if (*offset == 0) {
uint32_t version = 0;
if (sectrue != find_start_offset(norcow_active_sector, offset, &version)) {
return secfalse;
}
}
for (;;) {
uint32_t pos = 0;
secbool ret = read_item(norcow_active_sector, *offset, key, val, len, &pos);
if (sectrue != ret) {
break;
}
*offset = pos;
// Skip deleted items.
if (*key == NORCOW_KEY_DELETED) {
continue;
}
if (norcow_active_version == 0) {
// Check whether the item is the latest instance.
uint32_t offsetr = *offset;
for (;;) {
uint16_t k = 0;
uint16_t l = 0;
const void *v = NULL;
ret = read_item(norcow_active_sector, offsetr, &k, &v, &l, &offsetr);
if (sectrue != ret) {
// There is no newer instance of the item.
return sectrue;
}
if (*key == k) {
// There exists a newer instance of the item.
break;
}
}
} else {
return sectrue;
}
}
return secfalse;
}
/*
* Sets the given key, returns status of the operation. If NULL is passed
* as val, then norcow_set allocates a new key of size len. The value should
* then be written using norcow_update_bytes().
*/
secbool norcow_set(uint16_t key, const void *val, uint16_t len) {
secbool found = secfalse;
return norcow_set_ex(key, val, len, &found);
}
secbool norcow_set_ex(uint16_t key, const void *val, uint16_t len,
secbool *found) {
// Key 0xffff is used as a marker to indicate that the entry is not set.
if (key == NORCOW_KEY_FREE) {
return secfalse;
}
secbool ret = secfalse;
const void *ptr = NULL;
uint16_t len_old = 0;
*found = find_item(norcow_write_sector, key, &ptr, &len_old);
// Try to update the entry if it already exists.
uint32_t offset = 0;
if (sectrue == *found) {
offset =
(const uint8_t *)ptr -
(const uint8_t *)norcow_ptr(norcow_write_sector, 0, NORCOW_SECTOR_SIZE);
if (val != NULL && len_old == len) {
ret = sectrue;
ensure(flash_unlock_write(), NULL);
for (uint16_t i = 0; i < len; i++) {
if (sectrue !=
flash_area_write_byte(&STORAGE_AREAS[norcow_write_sector],
offset + i, ((const uint8_t *)val)[i])) {
ret = secfalse;
break;
}
}
ensure(flash_lock_write(), NULL);
}
}
// If the update was not possible then write the entry as a new item.
if (secfalse == ret) {
// Delete the old item.
if (sectrue == *found) {
ensure(flash_unlock_write(), NULL);
// Update the prefix to indicate that the old item has been deleted.
uint32_t prefix = (uint32_t)len_old << 16;
ensure(flash_area_write_word(&STORAGE_AREAS[norcow_write_sector],
offset - NORCOW_PREFIX_LEN, prefix),
NULL);
// Delete the old item data.
uint32_t end = offset + len_old;
while (offset < end) {
ensure(flash_area_write_word(&STORAGE_AREAS[norcow_write_sector],
offset, 0x00000000),
NULL);
offset += NORCOW_WORD_SIZE;
}
ensure(flash_lock_write(), NULL);
}
// Check whether there is enough free space and compact if full.
if (norcow_free_offset + NORCOW_PREFIX_LEN + len > NORCOW_SECTOR_SIZE) {
compact();
}
// Write new item.
uint32_t pos = 0;
ret = write_item(norcow_write_sector, norcow_free_offset, key, val, len,
&pos);
if (sectrue == ret) {
norcow_free_offset = pos;
}
}
return ret;
}
/*
* Deletes the given key, returns status of the operation.
*/
secbool norcow_delete(uint16_t key) {
// Key 0xffff is used as a marker to indicate that the entry is not set.
if (key == NORCOW_KEY_FREE) {
return secfalse;
}
const void *ptr = NULL;
uint16_t len = 0;
if (sectrue != find_item(norcow_write_sector, key, &ptr, &len)) {
return secfalse;
}
uint32_t offset =
(const uint8_t *)ptr -
(const uint8_t *)norcow_ptr(norcow_write_sector, 0, NORCOW_SECTOR_SIZE);
ensure(flash_unlock_write(), NULL);
// Update the prefix to indicate that the item has been deleted.
uint32_t prefix = (uint32_t)len << 16;
ensure(flash_area_write_word(&STORAGE_AREAS[norcow_write_sector],
offset - NORCOW_PREFIX_LEN, prefix),
NULL);
// Delete the item data.
uint32_t end = offset + len;
while (offset < end) {
ensure(flash_area_write_word(&STORAGE_AREAS[norcow_write_sector], offset,
0x00000000),
NULL);
offset += NORCOW_WORD_SIZE;
}
ensure(flash_lock_write(), NULL);
return sectrue;
}
/*
* Update a word in flash at the given pointer. The pointer must point
* into the NORCOW area.
*/
secbool norcow_update_word(uint16_t key, uint16_t offset, uint32_t value) {
const void *ptr = NULL;
uint16_t len = 0;
if (sectrue != find_item(norcow_write_sector, key, &ptr, &len)) {
return secfalse;
}
if ((offset & 3) != 0 || offset >= len) {
return secfalse;
}
uint32_t sector_offset =
(const uint8_t *)ptr -
(const uint8_t *)norcow_ptr(norcow_write_sector, 0, NORCOW_SECTOR_SIZE) +
offset;
ensure(flash_unlock_write(), NULL);
ensure(flash_area_write_word(&STORAGE_AREAS[norcow_write_sector],
sector_offset, value),
NULL);
ensure(flash_lock_write(), NULL);
return sectrue;
}
/*
* Update the value of the given key starting at the given offset.
*/
secbool norcow_update_bytes(const uint16_t key, const uint16_t offset,
const uint8_t *data, const uint16_t len) {
const void *ptr = NULL;
uint16_t allocated_len = 0;
if (sectrue != find_item(norcow_write_sector, key, &ptr, &allocated_len)) {
return secfalse;
}
if (offset + len > allocated_len) {
return secfalse;
}
uint32_t sector_offset =
(const uint8_t *)ptr -
(const uint8_t *)norcow_ptr(norcow_write_sector, 0, NORCOW_SECTOR_SIZE) +
offset;
ensure(flash_unlock_write(), NULL);
for (uint16_t i = 0; i < len; i++, sector_offset++) {
ensure(flash_area_write_byte(&STORAGE_AREAS[norcow_write_sector],
sector_offset, data[i]),
NULL);
}
ensure(flash_lock_write(), NULL);
return sectrue;
}
/*
* Complete storage version upgrade
*/
secbool norcow_upgrade_finish(void) {
erase_sector(norcow_active_sector, secfalse);
norcow_active_sector = norcow_write_sector;
norcow_active_version = NORCOW_VERSION;
return sectrue;
}

86
storage/tests/c3/norcow.h
Unescape View File

@ -0,0 +1,86 @@
/*
* This file is part of the Trezor project, https://trezor.io/
*
* Copyright (c) SatoshiLabs
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef __NORCOW_H__
#define __NORCOW_H__
#include <stdint.h>
#include "secbool.h"
/*
* Storage parameters
*/
#include "norcow_config.h"
/*
* Initialize storage
*/
void norcow_init(uint32_t *norcow_version);
/*
* Wipe the storage
*/
void norcow_wipe(void);
/*
* Looks for the given key, returns status of the operation
*/
secbool norcow_get(uint16_t key, const void **val, uint16_t *len);
/*
* Reads the next entry in the storage starting at offset. Returns secfalse if
* there is none.
*/
secbool norcow_get_next(uint32_t *offset, uint16_t *key, const void **val,
uint16_t *len);
/*
* Sets the given key, returns status of the operation. If NULL is passed
* as val, then norcow_set allocates a new key of size len. The value should
* then be written using norcow_update_bytes().
*/
secbool norcow_set(uint16_t key, const void *val, uint16_t len);
secbool norcow_set_ex(uint16_t key, const void *val, uint16_t len,
secbool *found);
/*
* Deletes the given key, returns status of the operation.
*/
secbool norcow_delete(uint16_t key);
/*
* Update a word in flash in the given key at the given offset.
* Note that you can only change bits from 1 to 0.
*/
secbool norcow_update_word(uint16_t key, uint16_t offset, uint32_t value);
/*
* Update the value of the given key starting at the given offset.
* Note that you can only change bits from 1 to 0.
*/
secbool norcow_update_bytes(const uint16_t key, const uint16_t offset,
const uint8_t *data, const uint16_t len);
/*
* Complete storage version upgrade
*/
secbool norcow_upgrade_finish(void);
#endif

45
storage/tests/c3/norcow_config.h
Unescape View File

@ -0,0 +1,45 @@
/*
* This file is part of the Trezor project, https://trezor.io/
*
* Copyright (c) SatoshiLabs
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef __NORCOW_CONFIG_H__
#define __NORCOW_CONFIG_H__
#include "flash.h"
#define NORCOW_SECTOR_COUNT 2
#define NORCOW_SECTOR_SIZE (64 * 1024)
/*
* The length of the sector header in bytes. The header is preserved between
* sector erasures.
*/
#if defined TREZOR_MODEL_T
#define NORCOW_HEADER_LEN 0
#elif defined TREZOR_MODEL_1
#define NORCOW_HEADER_LEN (0x100)
#else
#error Unknown Trezor model
#endif
/*
* Current storage version.
*/
#define NORCOW_VERSION ((uint32_t)0x00000003)
#endif

22
storage/tests/c3/random_delays.c
Unescape View File

@ -0,0 +1,22 @@
/*
* This file is part of the Trezor project, https://trezor.io/
*
* Copyright (c) SatoshiLabs
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "random_delays.h"
void wait_random(void) {}

25
storage/tests/c3/random_delays.h
Unescape View File

@ -0,0 +1,25 @@
/*
* This file is part of the Trezor project, https://trezor.io/
*
* Copyright (c) SatoshiLabs
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef __TREZORHAL_RANDOM_DELAYS_H__
#define __TREZORHAL_RANDOM_DELAYS_H__
void wait_random(void);
#endif

33
storage/tests/c3/secbool.h
Unescape View File

@ -0,0 +1,33 @@
/*
* This file is part of the Trezor project, https://trezor.io/
*
* Copyright (c) SatoshiLabs
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef TREZORHAL_SECBOOL_H
#define TREZORHAL_SECBOOL_H
#include <stdint.h>
typedef uint32_t secbool;
#define sectrue 0xAAAAAAAAU
#define secfalse 0x00000000U
#ifndef __wur
#define __wur __attribute__((warn_unused_result))
#endif
#endif

1897
storage/tests/c3/storage.c
View File

File diff suppressed because it is too large Load Diff

87
storage/tests/c3/storage.h
Unescape View File

@ -0,0 +1,87 @@
/*
* This file is part of the Trezor project, https://trezor.io/
*
* Copyright (c) SatoshiLabs
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef __STORAGE_H__
#define __STORAGE_H__
#include <stddef.h>
#include <stdint.h>
#include "secbool.h"
// The length of the external salt in bytes.
#define EXTERNAL_SALT_SIZE 32
// If the top bit of APP is set, then the value is not encrypted.
#define FLAG_PUBLIC 0x80
// If the top two bits of APP are set, then the value is not encrypted and it
// can be written even when the storage is locked.
#define FLAGS_WRITE 0xC0
// The maximum value of app_id which is the six least significant bits of APP.
#define MAX_APPID 0x3F
// The PIN value corresponding to an empty PIN.
extern const uint8_t *PIN_EMPTY;
#define PIN_EMPTY_LEN 0
// Maximum number of failed unlock attempts.
// NOTE: The PIN counter logic relies on this constant being less than or equal
// to 16.
#define PIN_MAX_TRIES 16
// The length of the random salt in bytes.
#if USE_OPTIGA
#define STORAGE_SALT_SIZE 32
#else
#define STORAGE_SALT_SIZE 4
#endif
typedef secbool (*PIN_UI_WAIT_CALLBACK)(uint32_t wait, uint32_t progress,
const char *message);
void storage_init(PIN_UI_WAIT_CALLBACK callback, const uint8_t *salt,
const uint16_t salt_len);
void storage_wipe(void);
secbool storage_is_unlocked(void);
void storage_lock(void);
secbool storage_unlock(const uint8_t *pin, size_t pin_len,
const uint8_t *ext_salt);
secbool storage_has_pin(void);
secbool storage_pin_fails_increase(void);
uint32_t storage_get_pin_rem(void);
secbool storage_change_pin(const uint8_t *oldpin, size_t oldpin_len,
const uint8_t *newpin, size_t newpin_len,
const uint8_t *old_ext_salt,
const uint8_t *new_ext_salt);
void storage_ensure_not_wipe_code(const uint8_t *pin, size_t pin_len);
secbool storage_has_wipe_code(void);
secbool storage_change_wipe_code(const uint8_t *pin, size_t pin_len,
const uint8_t *ext_salt,
const uint8_t *wipe_code,
size_t wipe_code_len);
secbool storage_has(const uint16_t key);
secbool storage_get(const uint16_t key, void *val, const uint16_t max_len,
uint16_t *len);
secbool storage_set(const uint16_t key, const void *val, const uint16_t len);
secbool storage_delete(const uint16_t key);
secbool storage_set_counter(const uint16_t key, const uint32_t count);
secbool storage_next_counter(const uint16_t key, uint32_t *count);
#endif

116
storage/tests/c3/storage.py
Unescape View File

@ -0,0 +1,116 @@
import ctypes as c
import os
import sys
sys.path.append(
os.path.normpath(
os.path.join(os.path.dirname(os.path.abspath(__file__)), "..", "python", "src")
)
)
import consts
EXTERNAL_SALT_LEN = 32
sectrue = -1431655766 # 0xAAAAAAAAA
class Storage:
def __init__(self, lib_name) -> None:
lib_path = os.path.join(os.path.dirname(__file__), lib_name)
self.lib = c.cdll.LoadLibrary(lib_path)
self.flash_size = c.cast(self.lib.FLASH_SIZE, c.POINTER(c.c_uint32))[0]
self.flash_buffer = c.create_string_buffer(self.flash_size)
c.cast(self.lib.FLASH_BUFFER, c.POINTER(c.c_void_p))[0] = c.addressof(
self.flash_buffer
)
def init(self, salt: bytes) -> None:
self.lib.storage_init(0, salt, c.c_uint16(len(salt)))
def wipe(self) -> None:
self.lib.storage_wipe()
def unlock(self, pin: str, ext_salt: bytes = None) -> bool:
if ext_salt is not None and len(ext_salt) != EXTERNAL_SALT_LEN:
raise ValueError
return sectrue == self.lib.storage_unlock(pin.encode(), len(pin), ext_salt)
def lock(self) -> None:
self.lib.storage_lock()
def has_pin(self) -> bool:
return sectrue == self.lib.storage_has_pin()
def get_pin_rem(self) -> int:
return self.lib.storage_get_pin_rem()
def change_pin(
self,
oldpin: str,
newpin: str,
old_ext_salt: bytes = None,
new_ext_salt: bytes = None,
) -> bool:
if old_ext_salt is not None and len(old_ext_salt) != EXTERNAL_SALT_LEN:
raise ValueError
if new_ext_salt is not None and len(new_ext_salt) != EXTERNAL_SALT_LEN:
raise ValueError
return sectrue == self.lib.storage_change_pin(
oldpin.encode(),
len(oldpin),
newpin.encode(),
len(newpin),
old_ext_salt,
new_ext_salt,
)
def get(self, key: int) -> bytes:
val_len = c.c_uint16()
if sectrue != self.lib.storage_get(c.c_uint16(key), None, 0, c.byref(val_len)):
raise RuntimeError("Failed to find key in storage.")
s = c.create_string_buffer(val_len.value)
if sectrue != self.lib.storage_get(
c.c_uint16(key), s, val_len, c.byref(val_len)
):
raise RuntimeError("Failed to get value from storage.")
return s.raw
def set(self, key: int, val: bytes) -> None:
if sectrue != self.lib.storage_set(c.c_uint16(key), val, c.c_uint16(len(val))):
raise RuntimeError("Failed to set value in storage.")
def set_counter(self, key: int, count: int) -> None:
if count > 0xFFFF_FFFF or sectrue != self.lib.storage_set_counter(
c.c_uint16(key), c.c_uint32(count)
):
raise RuntimeError("Failed to set value in storage.")
def next_counter(self, key: int) -> int:
count = c.c_uint32()
if sectrue != self.lib.storage_next_counter(c.c_uint16(key), c.byref(count)):
raise RuntimeError("Failed to set value in storage.")
return count.value
def delete(self, key: int) -> bool:
return sectrue == self.lib.storage_delete(c.c_uint16(key))
def _dump(self) -> bytes:
# return just sectors 4 and 16 of the whole flash
return [
self.flash_buffer[0x010000 : 0x010000 + 0x10000],
self.flash_buffer[0x110000 : 0x110000 + 0x10000],
]
def _get_flash_buffer(self) -> bytes:
return bytes(self.flash_buffer)
def _set_flash_buffer(self, buf: bytes) -> None:
if len(buf) != self.flash_size:
raise RuntimeError("Failed to set flash buffer due to length mismatch.")
self.flash_buffer.value = buf
def _get_active_sector(self) -> int:
if self._dump()[0][:8].hex() == consts.NORCOW_MAGIC_AND_VERSION.hex():
return 0
elif self._dump()[1][:8].hex() == consts.NORCOW_MAGIC_AND_VERSION.hex():
return 1
raise RuntimeError("Failed to get active sector.")

21
storage/tests/c3/test_layout.c
Unescape View File

@ -0,0 +1,21 @@
#include "test_layout.h"
const flash_area_t STORAGE_AREAS[STORAGE_AREAS_COUNT] = {
{
.num_subareas = 1,
.subarea[0] =
{
.first_sector = 4,
.num_sectors = 1,
},
},
{
.num_subareas = 1,
.subarea[0] =
{
.first_sector = 16,
.num_sectors = 1,
},
},
};

10
storage/tests/c3/test_layout.h
Unescape View File

@ -0,0 +1,10 @@
#ifndef TEST_LAYOUT_H
#define TEST_LAYOUT_H
#define STORAGE_AREAS_COUNT 2
#include "flash_common.h"
extern const flash_area_t STORAGE_AREAS[STORAGE_AREAS_COUNT];
#endif

16
storage/tests/tests/test_upgrade.py
Unescape View File

@ -1,5 +1,6 @@
import pytest import pytest
from c0.storage import Storage as StorageC0 from c0.storage import Storage as StorageC0
from c3.storage import Storage as StorageC3
from c.storage import Storage as StorageC from c.storage import Storage as StorageC
from python.src.norcow import NorcowBitwise from python.src.norcow import NorcowBitwise
@ -60,6 +61,21 @@ def test_upgrade():
check_values(sc1) check_values(sc1)
def test_upgrade_from_3():
sc3 = StorageC3("libtrezor-storage3.so")
sc3.init(common.test_uid)
assert sc3.unlock("")
set_values(sc3)
for _ in range(10):
assert not sc3.unlock("3")
sc = StorageC("libtrezor-storage.so")
sc._set_flash_buffer(sc3._get_flash_buffer())
sc.init(common.test_uid)
assert sc.get_pin_rem() == 6
check_values(sc)
@pytest.mark.parametrize("nc_class", [NorcowBitwise]) @pytest.mark.parametrize("nc_class", [NorcowBitwise])
def test_python_set_sectors(nc_class): def test_python_set_sectors(nc_class):
sp0 = StoragePy(nc_class) sp0 = StoragePy(nc_class)

Write Preview
Loading…
Cancel
Save