mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-12-26 16:18:22 +00:00
modtrezorconfig: extract pin & unlocking to storage.c
This commit is contained in:
parent
fdc2f6a39d
commit
f07b4dda0b
@ -11,6 +11,7 @@ SOURCE_MOD = []
|
||||
SOURCE_MOD += [
|
||||
'embed/extmod/modtrezorconfig/modtrezorconfig.c',
|
||||
'embed/extmod/modtrezorconfig/norcow.c',
|
||||
'embed/extmod/modtrezorconfig/storage.c',
|
||||
]
|
||||
|
||||
# modtrezorcrypto
|
||||
|
@ -12,6 +12,7 @@ LIBS_MOD = []
|
||||
SOURCE_MOD += [
|
||||
'embed/extmod/modtrezorconfig/modtrezorconfig.c',
|
||||
'embed/extmod/modtrezorconfig/norcow.c',
|
||||
'embed/extmod/modtrezorconfig/storage.c',
|
||||
]
|
||||
|
||||
# modtrezorcrypto
|
||||
|
@ -7,163 +7,36 @@
|
||||
|
||||
#include "py/runtime.h"
|
||||
#include "py/mphal.h"
|
||||
#include "py/objstr.h"
|
||||
|
||||
#if MICROPY_PY_TREZORCONFIG
|
||||
|
||||
#include <stdint.h>
|
||||
#include <string.h>
|
||||
#include "norcow.h"
|
||||
#include "../../trezorhal/flash.h"
|
||||
|
||||
#define MAX_WRONG_PINS 15
|
||||
|
||||
#define FAIL_SECTOR_LEN 0x4000
|
||||
|
||||
#define STORAGE_KEY_PIN 0x00
|
||||
|
||||
static void pin_fails_reset(uint32_t ofs)
|
||||
{
|
||||
if (ofs + sizeof(uint32_t) >= FAIL_SECTOR_LEN) {
|
||||
// ofs points to the last word of the PIN fails area. Because there is
|
||||
// no space left, we recycle the sector (set all words to 0xffffffff).
|
||||
// On next unlock attempt, we start counting from the the first word.
|
||||
flash_erase_sectors((uint8_t[]) { FLASH_SECTOR_PIN_AREA }, 1, NULL);
|
||||
} else {
|
||||
// Mark this counter as exhausted. On next unlock attempt, pinfails_get
|
||||
// seeks to the next word.
|
||||
flash_unlock();
|
||||
flash_write_word_rel(FLASH_SECTOR_PIN_AREA, ofs, 0);
|
||||
flash_lock();
|
||||
}
|
||||
}
|
||||
|
||||
static bool pin_fails_increase(uint32_t ofs)
|
||||
{
|
||||
uint32_t ctr = ~MAX_WRONG_PINS;
|
||||
if (!flash_read_word_rel(FLASH_SECTOR_PIN_AREA, ofs, &ctr)) {
|
||||
return false;
|
||||
}
|
||||
ctr = ctr << 1;
|
||||
|
||||
flash_unlock();
|
||||
if (!flash_write_word_rel(FLASH_SECTOR_PIN_AREA, ofs, ctr)) {
|
||||
flash_lock();
|
||||
return false;
|
||||
}
|
||||
flash_lock();
|
||||
|
||||
uint32_t check = 0;
|
||||
if (!flash_read_word_rel(FLASH_SECTOR_PIN_AREA, ofs, &check)) {
|
||||
return false;
|
||||
}
|
||||
return ctr == check;
|
||||
}
|
||||
|
||||
static bool pin_fails_check_max(uint32_t ctr)
|
||||
{
|
||||
if (~ctr >= 1 << MAX_WRONG_PINS) {
|
||||
norcow_wipe();
|
||||
// TODO: shutdown
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
static bool pin_fails_get(uint32_t *ofs, uint32_t *ctr)
|
||||
{
|
||||
if (!ofs || !ctr) {
|
||||
return false;
|
||||
}
|
||||
for (uint32_t o = 0; o < FAIL_SECTOR_LEN; o += sizeof(uint32_t)) {
|
||||
uint32_t c = 0;
|
||||
if (!flash_read_word_rel(FLASH_SECTOR_PIN_AREA, o, &c)) {
|
||||
return false;
|
||||
}
|
||||
if (c != 0) {
|
||||
*ofs = o;
|
||||
*ctr = c;
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
static bool const_cmp(const uint8_t *pub, size_t publen, const uint8_t *sec, size_t seclen)
|
||||
{
|
||||
size_t diff = seclen - publen;
|
||||
for (size_t i = 0; i < publen; i++) {
|
||||
diff |= pub[i] ^ sec[i];
|
||||
}
|
||||
return diff == 0;
|
||||
}
|
||||
|
||||
static bool pin_check(const uint8_t *pin, size_t pinlen)
|
||||
{
|
||||
const void *st_pin;
|
||||
uint16_t st_pinlen;
|
||||
if (!norcow_get(STORAGE_KEY_PIN, &st_pin, &st_pinlen)) {
|
||||
return false;
|
||||
}
|
||||
return const_cmp(pin, pinlen, st_pin, (size_t)st_pinlen);
|
||||
}
|
||||
|
||||
static bool pin_unlock(const uint8_t *pin, size_t pinlen)
|
||||
{
|
||||
uint32_t ofs;
|
||||
uint32_t ctr;
|
||||
if (!pin_fails_get(&ofs, &ctr)) {
|
||||
return false;
|
||||
}
|
||||
pin_fails_check_max(ctr);
|
||||
|
||||
// Sleep for ~ctr seconds before checking the PIN.
|
||||
for (uint32_t wait = ~ctr; wait > 0; wait--) {
|
||||
mp_hal_delay_ms(1000);
|
||||
}
|
||||
|
||||
// First, we increase PIN fail counter in storage, even before checking the
|
||||
// PIN. If the PIN is correct, we reset the counter afterwards. If not, we
|
||||
// check if this is the last allowed attempt.
|
||||
if (!pin_fails_increase(ofs)) {
|
||||
return false;
|
||||
}
|
||||
if (!pin_check(pin, pinlen)) {
|
||||
pin_fails_check_max(ctr << 1);
|
||||
return false;
|
||||
}
|
||||
pin_fails_reset(ofs);
|
||||
return true;
|
||||
}
|
||||
|
||||
static bool initialized = false;
|
||||
static bool unlocked = false;
|
||||
#include "storage.h"
|
||||
|
||||
/// def init() -> None:
|
||||
/// '''
|
||||
/// Initializes the storage. Must be called before any other method is called from this module!
|
||||
/// Initializes the storage. Must be called before any other method is
|
||||
/// called from this module!
|
||||
/// '''
|
||||
STATIC mp_obj_t mod_trezorconfig_init(void) {
|
||||
bool r = norcow_init();
|
||||
bool r = storage_init();
|
||||
if (!r) {
|
||||
mp_raise_msg(&mp_type_RuntimeError, "Could not initialize config module");
|
||||
}
|
||||
initialized = true;
|
||||
unlocked = false;
|
||||
return mp_const_none;
|
||||
}
|
||||
STATIC MP_DEFINE_CONST_FUN_OBJ_0(mod_trezorconfig_init_obj, mod_trezorconfig_init);
|
||||
|
||||
/// def unlock(pin: str) -> None:
|
||||
/// def unlock(pin: str) -> bool:
|
||||
/// '''
|
||||
/// Tries to unlock the storage with given PIN key.
|
||||
/// Attempts to unlock the storage with given PIN. Returns True on
|
||||
/// success, False on failure.
|
||||
/// '''
|
||||
STATIC mp_obj_t mod_trezorconfig_unlock(mp_obj_t pin) {
|
||||
if (!initialized) {
|
||||
mp_raise_msg(&mp_type_RuntimeError, "Config module not initialized");
|
||||
}
|
||||
mp_buffer_info_t pinbuf;
|
||||
mp_get_buffer_raise(pin, &pinbuf, MP_BUFFER_READ);
|
||||
bool r = pin_unlock(pinbuf.buf, pinbuf.len);
|
||||
mp_buffer_info_t buf;
|
||||
mp_get_buffer_raise(pin, &buf, MP_BUFFER_READ);
|
||||
bool r = storage_unlock(buf.buf, buf.len);
|
||||
if (!r) {
|
||||
return mp_const_false;
|
||||
}
|
||||
@ -176,25 +49,16 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorconfig_unlock_obj, mod_trezorconfig_u
|
||||
/// Gets a value of given key for given app (or empty bytes if not set).
|
||||
/// '''
|
||||
STATIC mp_obj_t mod_trezorconfig_get(mp_obj_t app, mp_obj_t key) {
|
||||
if (!initialized) {
|
||||
mp_raise_msg(&mp_type_RuntimeError, "Config module not initialized");
|
||||
}
|
||||
if (!unlocked) {
|
||||
mp_raise_msg(&mp_type_RuntimeError, "Config module locked");
|
||||
// TODO: shutdown?
|
||||
}
|
||||
uint8_t a = mp_obj_get_int(app);
|
||||
uint8_t k = mp_obj_get_int(key);
|
||||
uint16_t appkey = a << 8 | k, len;
|
||||
uint16_t appkey = a << 8 | k;
|
||||
uint16_t len = 0;
|
||||
const void *val;
|
||||
bool r = norcow_get(appkey, &val, &len);
|
||||
bool r = storage_get(appkey, &val, &len);
|
||||
if (!r || len == 0) {
|
||||
return mp_const_empty_bytes;
|
||||
}
|
||||
vstr_t vstr;
|
||||
vstr_init_len(&vstr, len);
|
||||
memcpy(vstr.buf, val, len);
|
||||
return mp_obj_new_str_from_vstr(&mp_type_bytes, &vstr);
|
||||
return mp_obj_new_str_of_type(&mp_type_bytes, val, len);
|
||||
}
|
||||
STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorconfig_get_obj, mod_trezorconfig_get);
|
||||
|
||||
@ -203,19 +67,12 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorconfig_get_obj, mod_trezorconfig_get)
|
||||
/// Sets a value of given key for given app.
|
||||
/// '''
|
||||
STATIC mp_obj_t mod_trezorconfig_set(mp_obj_t app, mp_obj_t key, mp_obj_t value) {
|
||||
if (!initialized) {
|
||||
mp_raise_msg(&mp_type_RuntimeError, "Config module not initialized");
|
||||
}
|
||||
if (!unlocked) {
|
||||
mp_raise_msg(&mp_type_RuntimeError, "Config module locked");
|
||||
// TODO: shutdown?
|
||||
}
|
||||
uint8_t a = mp_obj_get_int(app);
|
||||
uint8_t k = mp_obj_get_int(key);
|
||||
uint16_t appkey = a << 8 | k;
|
||||
mp_buffer_info_t v;
|
||||
mp_get_buffer_raise(value, &v, MP_BUFFER_READ);
|
||||
bool r = norcow_set(appkey, v.buf, v.len);
|
||||
bool r = storage_set(appkey, v.buf, v.len);
|
||||
if (!r) {
|
||||
mp_raise_msg(&mp_type_RuntimeError, "Could not save value");
|
||||
}
|
||||
@ -228,10 +85,7 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_3(mod_trezorconfig_set_obj, mod_trezorconfig_set)
|
||||
/// Erases the whole config. Use with caution!
|
||||
/// '''
|
||||
STATIC mp_obj_t mod_trezorconfig_wipe(void) {
|
||||
if (!initialized) {
|
||||
mp_raise_msg(&mp_type_RuntimeError, "Config module not initialized");
|
||||
}
|
||||
bool r = norcow_wipe();
|
||||
bool r = storage_wipe();
|
||||
if (!r) {
|
||||
mp_raise_msg(&mp_type_RuntimeError, "Could not wipe storage");
|
||||
}
|
||||
|
188
embed/extmod/modtrezorconfig/storage.c
Normal file
188
embed/extmod/modtrezorconfig/storage.c
Normal file
@ -0,0 +1,188 @@
|
||||
/*
|
||||
* Copyright (c) Pavol Rusnak, Jan Pochyla, SatoshiLabs
|
||||
*
|
||||
* Licensed under TREZOR License
|
||||
* see LICENSE file for details
|
||||
*/
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#include "norcow.h"
|
||||
#include "../../trezorhal/flash.h"
|
||||
|
||||
// Byte-length of flash sector containing fail counters.
|
||||
#define PIN_AREA_LEN 0x4000
|
||||
|
||||
// Maximum number of failed unlock attempts.
|
||||
#define PIN_MAX_TRIES 15
|
||||
|
||||
// Norcow storage key of configured PIN.
|
||||
#define PIN_KEY 0x0000
|
||||
|
||||
static bool initialized = false;
|
||||
static bool unlocked = false;
|
||||
|
||||
bool storage_init(void)
|
||||
{
|
||||
if (!norcow_init()) {
|
||||
return false;
|
||||
}
|
||||
initialized = true;
|
||||
unlocked = false;
|
||||
return true;
|
||||
}
|
||||
|
||||
static void pin_fails_reset(uint32_t ofs)
|
||||
{
|
||||
if (ofs + sizeof(uint32_t) >= PIN_AREA_LEN) {
|
||||
// ofs points to the last word of the PIN fails area. Because there is
|
||||
// no space left, we recycle the sector (set all words to 0xffffffff).
|
||||
// On next unlock attempt, we start counting from the the first word.
|
||||
flash_erase_sectors((uint8_t[]) { FLASH_SECTOR_PIN_AREA }, 1, NULL);
|
||||
} else {
|
||||
// Mark this counter as exhausted. On next unlock attempt, pinfails_get
|
||||
// seeks to the next word.
|
||||
flash_unlock();
|
||||
flash_write_word_rel(FLASH_SECTOR_PIN_AREA, ofs, 0);
|
||||
flash_lock();
|
||||
}
|
||||
}
|
||||
|
||||
static bool pin_fails_increase(uint32_t ofs)
|
||||
{
|
||||
uint32_t ctr = ~PIN_MAX_TRIES;
|
||||
if (!flash_read_word_rel(FLASH_SECTOR_PIN_AREA, ofs, &ctr)) {
|
||||
return false;
|
||||
}
|
||||
ctr = ctr << 1;
|
||||
|
||||
flash_unlock();
|
||||
if (!flash_write_word_rel(FLASH_SECTOR_PIN_AREA, ofs, ctr)) {
|
||||
flash_lock();
|
||||
return false;
|
||||
}
|
||||
flash_lock();
|
||||
|
||||
uint32_t check = 0;
|
||||
if (!flash_read_word_rel(FLASH_SECTOR_PIN_AREA, ofs, &check)) {
|
||||
return false;
|
||||
}
|
||||
return ctr == check;
|
||||
}
|
||||
|
||||
static void pin_fails_check_max(uint32_t ctr)
|
||||
{
|
||||
if (~ctr >= 1 << PIN_MAX_TRIES) {
|
||||
for (;;) {
|
||||
if (norcow_wipe()) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
// shutdown();
|
||||
}
|
||||
}
|
||||
|
||||
static bool pin_fails_read(uint32_t *ofs, uint32_t *ctr)
|
||||
{
|
||||
if (!ofs || !ctr) {
|
||||
return false;
|
||||
}
|
||||
for (uint32_t o = 0; o < PIN_AREA_LEN; o += sizeof(uint32_t)) {
|
||||
uint32_t c = 0;
|
||||
if (!flash_read_word_rel(FLASH_SECTOR_PIN_AREA, o, &c)) {
|
||||
return false;
|
||||
}
|
||||
if (c != 0) {
|
||||
*ofs = o;
|
||||
*ctr = c;
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
static bool const_cmp(const uint8_t *pub, size_t publen, const uint8_t *sec, size_t seclen)
|
||||
{
|
||||
size_t diff = seclen ^ publen;
|
||||
for (size_t i = 0; i < publen; i++) {
|
||||
diff |= pub[i] ^ sec[i];
|
||||
}
|
||||
return diff == 0;
|
||||
}
|
||||
|
||||
static bool pin_check(const uint8_t *pin, size_t pinlen)
|
||||
{
|
||||
const void *st_pin;
|
||||
uint16_t st_pinlen;
|
||||
if (!norcow_get(PIN_KEY, &st_pin, &st_pinlen)) {
|
||||
return false;
|
||||
}
|
||||
return const_cmp(pin, pinlen, st_pin, (size_t)st_pinlen);
|
||||
}
|
||||
|
||||
bool storage_unlock(const uint8_t *pin, size_t len)
|
||||
{
|
||||
if (!initialized) {
|
||||
return false;
|
||||
}
|
||||
|
||||
uint32_t ofs;
|
||||
uint32_t ctr;
|
||||
if (!pin_fails_read(&ofs, &ctr)) {
|
||||
return false;
|
||||
}
|
||||
pin_fails_check_max(ctr);
|
||||
|
||||
// Sleep for ~ctr seconds before checking the PIN.
|
||||
for (uint32_t wait = ~ctr; wait > 0; wait--) {
|
||||
// hal_delay(1000);
|
||||
}
|
||||
|
||||
// First, we increase PIN fail counter in storage, even before checking the
|
||||
// PIN. If the PIN is correct, we reset the counter afterwards. If not, we
|
||||
// check if this is the last allowed attempt.
|
||||
if (!pin_fails_increase(ofs)) {
|
||||
return false;
|
||||
}
|
||||
if (!pin_check(pin, len)) {
|
||||
pin_fails_check_max(ctr << 1);
|
||||
return false;
|
||||
}
|
||||
pin_fails_reset(ofs);
|
||||
return true;
|
||||
}
|
||||
|
||||
bool storage_get(uint16_t key, const void **val, uint16_t *len)
|
||||
{
|
||||
if (!initialized) {
|
||||
return false;
|
||||
}
|
||||
if (!unlocked) {
|
||||
// shutdown();
|
||||
return false;
|
||||
}
|
||||
if (key == PIN_KEY) {
|
||||
return false;
|
||||
}
|
||||
return norcow_get(key, val, len);
|
||||
}
|
||||
|
||||
bool storage_set(uint16_t key, const void *val, uint16_t len)
|
||||
{
|
||||
if (!initialized) {
|
||||
return false;
|
||||
}
|
||||
if (!unlocked) {
|
||||
// shutdown();
|
||||
return false;
|
||||
}
|
||||
if (key == PIN_KEY) {
|
||||
return false;
|
||||
}
|
||||
return norcow_set(key, val, len);
|
||||
}
|
||||
|
||||
bool storage_wipe(void)
|
||||
{
|
||||
return norcow_wipe();
|
||||
}
|
15
embed/extmod/modtrezorconfig/storage.h
Normal file
15
embed/extmod/modtrezorconfig/storage.h
Normal file
@ -0,0 +1,15 @@
|
||||
/*
|
||||
* Copyright (c) Pavol Rusnak, Jan Pochyla, SatoshiLabs
|
||||
*
|
||||
* Licensed under TREZOR License
|
||||
* see LICENSE file for details
|
||||
*/
|
||||
|
||||
#include <stdint.h>
|
||||
#include <stddef.h>
|
||||
|
||||
bool storage_init(void);
|
||||
bool storage_wipe(void);
|
||||
bool storage_unlock(const uint8_t *pin, size_t len);
|
||||
bool storage_get(uint16_t key, const void **val, uint16_t *len);
|
||||
bool storage_set(uint16_t key, const void *val, uint16_t len);
|
Loading…
Reference in New Issue
Block a user