1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-26 16:18:22 +00:00

modtrezorconfig: extract pin & unlocking to storage.c

This commit is contained in:
Jan Pochyla 2017-10-17 19:18:16 +02:00
parent fdc2f6a39d
commit f07b4dda0b
5 changed files with 222 additions and 163 deletions

View File

@ -11,6 +11,7 @@ SOURCE_MOD = []
SOURCE_MOD += [
'embed/extmod/modtrezorconfig/modtrezorconfig.c',
'embed/extmod/modtrezorconfig/norcow.c',
'embed/extmod/modtrezorconfig/storage.c',
]
# modtrezorcrypto

View File

@ -12,6 +12,7 @@ LIBS_MOD = []
SOURCE_MOD += [
'embed/extmod/modtrezorconfig/modtrezorconfig.c',
'embed/extmod/modtrezorconfig/norcow.c',
'embed/extmod/modtrezorconfig/storage.c',
]
# modtrezorcrypto

View File

@ -7,163 +7,36 @@
#include "py/runtime.h"
#include "py/mphal.h"
#include "py/objstr.h"
#if MICROPY_PY_TREZORCONFIG
#include <stdint.h>
#include <string.h>
#include "norcow.h"
#include "../../trezorhal/flash.h"
#define MAX_WRONG_PINS 15
#define FAIL_SECTOR_LEN 0x4000
#define STORAGE_KEY_PIN 0x00
static void pin_fails_reset(uint32_t ofs)
{
if (ofs + sizeof(uint32_t) >= FAIL_SECTOR_LEN) {
// ofs points to the last word of the PIN fails area. Because there is
// no space left, we recycle the sector (set all words to 0xffffffff).
// On next unlock attempt, we start counting from the the first word.
flash_erase_sectors((uint8_t[]) { FLASH_SECTOR_PIN_AREA }, 1, NULL);
} else {
// Mark this counter as exhausted. On next unlock attempt, pinfails_get
// seeks to the next word.
flash_unlock();
flash_write_word_rel(FLASH_SECTOR_PIN_AREA, ofs, 0);
flash_lock();
}
}
static bool pin_fails_increase(uint32_t ofs)
{
uint32_t ctr = ~MAX_WRONG_PINS;
if (!flash_read_word_rel(FLASH_SECTOR_PIN_AREA, ofs, &ctr)) {
return false;
}
ctr = ctr << 1;
flash_unlock();
if (!flash_write_word_rel(FLASH_SECTOR_PIN_AREA, ofs, ctr)) {
flash_lock();
return false;
}
flash_lock();
uint32_t check = 0;
if (!flash_read_word_rel(FLASH_SECTOR_PIN_AREA, ofs, &check)) {
return false;
}
return ctr == check;
}
static bool pin_fails_check_max(uint32_t ctr)
{
if (~ctr >= 1 << MAX_WRONG_PINS) {
norcow_wipe();
// TODO: shutdown
return false;
}
return true;
}
static bool pin_fails_get(uint32_t *ofs, uint32_t *ctr)
{
if (!ofs || !ctr) {
return false;
}
for (uint32_t o = 0; o < FAIL_SECTOR_LEN; o += sizeof(uint32_t)) {
uint32_t c = 0;
if (!flash_read_word_rel(FLASH_SECTOR_PIN_AREA, o, &c)) {
return false;
}
if (c != 0) {
*ofs = o;
*ctr = c;
return true;
}
}
return false;
}
static bool const_cmp(const uint8_t *pub, size_t publen, const uint8_t *sec, size_t seclen)
{
size_t diff = seclen - publen;
for (size_t i = 0; i < publen; i++) {
diff |= pub[i] ^ sec[i];
}
return diff == 0;
}
static bool pin_check(const uint8_t *pin, size_t pinlen)
{
const void *st_pin;
uint16_t st_pinlen;
if (!norcow_get(STORAGE_KEY_PIN, &st_pin, &st_pinlen)) {
return false;
}
return const_cmp(pin, pinlen, st_pin, (size_t)st_pinlen);
}
static bool pin_unlock(const uint8_t *pin, size_t pinlen)
{
uint32_t ofs;
uint32_t ctr;
if (!pin_fails_get(&ofs, &ctr)) {
return false;
}
pin_fails_check_max(ctr);
// Sleep for ~ctr seconds before checking the PIN.
for (uint32_t wait = ~ctr; wait > 0; wait--) {
mp_hal_delay_ms(1000);
}
// First, we increase PIN fail counter in storage, even before checking the
// PIN. If the PIN is correct, we reset the counter afterwards. If not, we
// check if this is the last allowed attempt.
if (!pin_fails_increase(ofs)) {
return false;
}
if (!pin_check(pin, pinlen)) {
pin_fails_check_max(ctr << 1);
return false;
}
pin_fails_reset(ofs);
return true;
}
static bool initialized = false;
static bool unlocked = false;
#include "storage.h"
/// def init() -> None:
/// '''
/// Initializes the storage. Must be called before any other method is called from this module!
/// Initializes the storage. Must be called before any other method is
/// called from this module!
/// '''
STATIC mp_obj_t mod_trezorconfig_init(void) {
bool r = norcow_init();
bool r = storage_init();
if (!r) {
mp_raise_msg(&mp_type_RuntimeError, "Could not initialize config module");
}
initialized = true;
unlocked = false;
return mp_const_none;
}
STATIC MP_DEFINE_CONST_FUN_OBJ_0(mod_trezorconfig_init_obj, mod_trezorconfig_init);
/// def unlock(pin: str) -> None:
/// def unlock(pin: str) -> bool:
/// '''
/// Tries to unlock the storage with given PIN key.
/// Attempts to unlock the storage with given PIN. Returns True on
/// success, False on failure.
/// '''
STATIC mp_obj_t mod_trezorconfig_unlock(mp_obj_t pin) {
if (!initialized) {
mp_raise_msg(&mp_type_RuntimeError, "Config module not initialized");
}
mp_buffer_info_t pinbuf;
mp_get_buffer_raise(pin, &pinbuf, MP_BUFFER_READ);
bool r = pin_unlock(pinbuf.buf, pinbuf.len);
mp_buffer_info_t buf;
mp_get_buffer_raise(pin, &buf, MP_BUFFER_READ);
bool r = storage_unlock(buf.buf, buf.len);
if (!r) {
return mp_const_false;
}
@ -176,25 +49,16 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorconfig_unlock_obj, mod_trezorconfig_u
/// Gets a value of given key for given app (or empty bytes if not set).
/// '''
STATIC mp_obj_t mod_trezorconfig_get(mp_obj_t app, mp_obj_t key) {
if (!initialized) {
mp_raise_msg(&mp_type_RuntimeError, "Config module not initialized");
}
if (!unlocked) {
mp_raise_msg(&mp_type_RuntimeError, "Config module locked");
// TODO: shutdown?
}
uint8_t a = mp_obj_get_int(app);
uint8_t k = mp_obj_get_int(key);
uint16_t appkey = a << 8 | k, len;
uint16_t appkey = a << 8 | k;
uint16_t len = 0;
const void *val;
bool r = norcow_get(appkey, &val, &len);
bool r = storage_get(appkey, &val, &len);
if (!r || len == 0) {
return mp_const_empty_bytes;
}
vstr_t vstr;
vstr_init_len(&vstr, len);
memcpy(vstr.buf, val, len);
return mp_obj_new_str_from_vstr(&mp_type_bytes, &vstr);
return mp_obj_new_str_of_type(&mp_type_bytes, val, len);
}
STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorconfig_get_obj, mod_trezorconfig_get);
@ -203,19 +67,12 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorconfig_get_obj, mod_trezorconfig_get)
/// Sets a value of given key for given app.
/// '''
STATIC mp_obj_t mod_trezorconfig_set(mp_obj_t app, mp_obj_t key, mp_obj_t value) {
if (!initialized) {
mp_raise_msg(&mp_type_RuntimeError, "Config module not initialized");
}
if (!unlocked) {
mp_raise_msg(&mp_type_RuntimeError, "Config module locked");
// TODO: shutdown?
}
uint8_t a = mp_obj_get_int(app);
uint8_t k = mp_obj_get_int(key);
uint16_t appkey = a << 8 | k;
mp_buffer_info_t v;
mp_get_buffer_raise(value, &v, MP_BUFFER_READ);
bool r = norcow_set(appkey, v.buf, v.len);
bool r = storage_set(appkey, v.buf, v.len);
if (!r) {
mp_raise_msg(&mp_type_RuntimeError, "Could not save value");
}
@ -228,10 +85,7 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_3(mod_trezorconfig_set_obj, mod_trezorconfig_set)
/// Erases the whole config. Use with caution!
/// '''
STATIC mp_obj_t mod_trezorconfig_wipe(void) {
if (!initialized) {
mp_raise_msg(&mp_type_RuntimeError, "Config module not initialized");
}
bool r = norcow_wipe();
bool r = storage_wipe();
if (!r) {
mp_raise_msg(&mp_type_RuntimeError, "Could not wipe storage");
}

View File

@ -0,0 +1,188 @@
/*
* Copyright (c) Pavol Rusnak, Jan Pochyla, SatoshiLabs
*
* Licensed under TREZOR License
* see LICENSE file for details
*/
#include <string.h>
#include "norcow.h"
#include "../../trezorhal/flash.h"
// Byte-length of flash sector containing fail counters.
#define PIN_AREA_LEN 0x4000
// Maximum number of failed unlock attempts.
#define PIN_MAX_TRIES 15
// Norcow storage key of configured PIN.
#define PIN_KEY 0x0000
static bool initialized = false;
static bool unlocked = false;
bool storage_init(void)
{
if (!norcow_init()) {
return false;
}
initialized = true;
unlocked = false;
return true;
}
static void pin_fails_reset(uint32_t ofs)
{
if (ofs + sizeof(uint32_t) >= PIN_AREA_LEN) {
// ofs points to the last word of the PIN fails area. Because there is
// no space left, we recycle the sector (set all words to 0xffffffff).
// On next unlock attempt, we start counting from the the first word.
flash_erase_sectors((uint8_t[]) { FLASH_SECTOR_PIN_AREA }, 1, NULL);
} else {
// Mark this counter as exhausted. On next unlock attempt, pinfails_get
// seeks to the next word.
flash_unlock();
flash_write_word_rel(FLASH_SECTOR_PIN_AREA, ofs, 0);
flash_lock();
}
}
static bool pin_fails_increase(uint32_t ofs)
{
uint32_t ctr = ~PIN_MAX_TRIES;
if (!flash_read_word_rel(FLASH_SECTOR_PIN_AREA, ofs, &ctr)) {
return false;
}
ctr = ctr << 1;
flash_unlock();
if (!flash_write_word_rel(FLASH_SECTOR_PIN_AREA, ofs, ctr)) {
flash_lock();
return false;
}
flash_lock();
uint32_t check = 0;
if (!flash_read_word_rel(FLASH_SECTOR_PIN_AREA, ofs, &check)) {
return false;
}
return ctr == check;
}
static void pin_fails_check_max(uint32_t ctr)
{
if (~ctr >= 1 << PIN_MAX_TRIES) {
for (;;) {
if (norcow_wipe()) {
break;
}
}
// shutdown();
}
}
static bool pin_fails_read(uint32_t *ofs, uint32_t *ctr)
{
if (!ofs || !ctr) {
return false;
}
for (uint32_t o = 0; o < PIN_AREA_LEN; o += sizeof(uint32_t)) {
uint32_t c = 0;
if (!flash_read_word_rel(FLASH_SECTOR_PIN_AREA, o, &c)) {
return false;
}
if (c != 0) {
*ofs = o;
*ctr = c;
return true;
}
}
return false;
}
static bool const_cmp(const uint8_t *pub, size_t publen, const uint8_t *sec, size_t seclen)
{
size_t diff = seclen ^ publen;
for (size_t i = 0; i < publen; i++) {
diff |= pub[i] ^ sec[i];
}
return diff == 0;
}
static bool pin_check(const uint8_t *pin, size_t pinlen)
{
const void *st_pin;
uint16_t st_pinlen;
if (!norcow_get(PIN_KEY, &st_pin, &st_pinlen)) {
return false;
}
return const_cmp(pin, pinlen, st_pin, (size_t)st_pinlen);
}
bool storage_unlock(const uint8_t *pin, size_t len)
{
if (!initialized) {
return false;
}
uint32_t ofs;
uint32_t ctr;
if (!pin_fails_read(&ofs, &ctr)) {
return false;
}
pin_fails_check_max(ctr);
// Sleep for ~ctr seconds before checking the PIN.
for (uint32_t wait = ~ctr; wait > 0; wait--) {
// hal_delay(1000);
}
// First, we increase PIN fail counter in storage, even before checking the
// PIN. If the PIN is correct, we reset the counter afterwards. If not, we
// check if this is the last allowed attempt.
if (!pin_fails_increase(ofs)) {
return false;
}
if (!pin_check(pin, len)) {
pin_fails_check_max(ctr << 1);
return false;
}
pin_fails_reset(ofs);
return true;
}
bool storage_get(uint16_t key, const void **val, uint16_t *len)
{
if (!initialized) {
return false;
}
if (!unlocked) {
// shutdown();
return false;
}
if (key == PIN_KEY) {
return false;
}
return norcow_get(key, val, len);
}
bool storage_set(uint16_t key, const void *val, uint16_t len)
{
if (!initialized) {
return false;
}
if (!unlocked) {
// shutdown();
return false;
}
if (key == PIN_KEY) {
return false;
}
return norcow_set(key, val, len);
}
bool storage_wipe(void)
{
return norcow_wipe();
}

View File

@ -0,0 +1,15 @@
/*
* Copyright (c) Pavol Rusnak, Jan Pochyla, SatoshiLabs
*
* Licensed under TREZOR License
* see LICENSE file for details
*/
#include <stdint.h>
#include <stddef.h>
bool storage_init(void);
bool storage_wipe(void);
bool storage_unlock(const uint8_t *pin, size_t len);
bool storage_get(uint16_t key, const void **val, uint16_t *len);
bool storage_set(uint16_t key, const void *val, uint16_t len);