arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-02-07 13:12:41 +00:00
Code Issues Releases Wiki Activity

refactor(storage): Refactor storage_upgrade().

Browse Source
This commit is contained in:
Andrew Kozlik 2024-06-11 10:29:41 +02:00 committed by Andrew Kozlik
parent a8f808822c
commit ecf31610b0
1 changed files with 24 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
storage/storage.c
View File

@ -1529,48 +1529,39 @@ static secbool storage_upgrade(void) {
unlocked = secfalse; unlocked = secfalse;
memzero(cached_keys, sizeof(cached_keys)); memzero(cached_keys, sizeof(cached_keys));
} else if (norcow_active_version < 4) {
// Change data structure for encrypted entries.
uint32_t offset = 0;
while (sectrue == norcow_get_next(&offset, &key, &val, &len)) {
const uint8_t app = key >> 8;
if (((app & FLAG_PUBLIC) == 0) &&
(app != APP_STORAGE || key == VERSION_KEY)) {
const uint8_t *iv = (const uint8_t *)val;
const uint8_t *tag = (const uint8_t *)val + CHACHA20_IV_SIZE;
const uint8_t *ciphertext =
(const uint8_t *)val + CHACHA20_IV_SIZE + POLY1305_TAG_SIZE;
const size_t ciphertext_len =
len - CHACHA20_IV_SIZE - POLY1305_TAG_SIZE;
if (sectrue != norcow_set(key, NULL, len) ||
sectrue != norcow_update_bytes(key, iv, CHACHA20_IV_SIZE) ||
sectrue != norcow_update_bytes(key, ciphertext, ciphertext_len) ||
sectrue != norcow_update_bytes(key, tag, POLY1305_TAG_SIZE)) {
return secfalse;
}
} else {
if (sectrue != norcow_set(key, val, len)) {
return secfalse;
}
}
}
} else { } else {
// Copy all entries. // Copy all entries.
uint32_t offset = 0; uint32_t offset = 0;
while (sectrue == norcow_get_next(&offset, &key, &val, &len)) { while (sectrue == norcow_get_next(&offset, &key, &val, &len)) {
if (norcow_active_version < 4) {
// Change data structure for encrypted entries.
const uint8_t app = key >> 8;
if (((app & FLAG_PUBLIC) == 0) &&
!(key == PIN_LOGS_KEY || key == EDEK_PVC_KEY ||
key == PIN_NOT_SET_KEY || key == STORAGE_TAG_KEY ||
key == WIPE_CODE_DATA_KEY || key == STORAGE_UPGRADED_KEY ||
key == UNAUTH_VERSION_KEY)) {
if (sectrue != norcow_set(key, NULL, len)) {
return secfalse;
}
if (sectrue !=
norcow_update_bytes(key, ((uint8_t *)val), CHACHA20_IV_SIZE)) {
return secfalse;
}
if (sectrue !=
norcow_update_bytes(
key, ((uint8_t *)val) + CHACHA20_IV_SIZE + POLY1305_TAG_SIZE,
len - CHACHA20_IV_SIZE - POLY1305_TAG_SIZE)) {
return secfalse;
}
if (sectrue !=
norcow_update_bytes(key, ((uint8_t *)val) + CHACHA20_IV_SIZE,
POLY1305_TAG_SIZE)) {
return secfalse;
}
} else {
if (sectrue != norcow_set(key, val, len)) { if (sectrue != norcow_set(key, val, len)) {
return secfalse; return secfalse;
} }
} }
} else {
if (sectrue != norcow_set(key, val, len)) {
return secfalse;
}
}
}
} }
// Set wipe code. // Set wipe code.