arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-11-22 23:48:12 +00:00
Code Issues Releases Wiki Activity

trezorhal: introduce secbool/sectrue/secfalse and use it where possible

Browse Source
This commit is contained in:
Pavol Rusnak 2017-10-26 23:51:39 +02:00
parent 7ddfdf69d6
commit f73eb3effd
No known key found for this signature in database
GPG Key ID: 91F3B339B9A02A3D
33 changed files with 271 additions and 252 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
embed/boardloader/lowlevel.c
View File

@ -41,12 +41,12 @@ void flash_set_option_bytes(void)
}
}
bool flash_check_option_bytes(void)
secbool flash_check_option_bytes(void)
{
return
((FLASH->OPTCR & FLASH_OPTCR_nWRP) == (FLASH_OPTCR_nWRP_0 | FLASH_OPTCR_nWRP_1 | FLASH_OPTCR_nWRP_2)) &&
((FLASH->OPTCR & FLASH_OPTCR_RDP) == FLASH_OPTCR_RDP_2) &&
((FLASH->OPTCR & FLASH_OPTCR_BOR_LEV) == (FLASH_OPTCR_BOR_LEV_0 | FLASH_OPTCR_BOR_LEV_1));
if ((FLASH->OPTCR & FLASH_OPTCR_nWRP) != (FLASH_OPTCR_nWRP_0 | FLASH_OPTCR_nWRP_1 | FLASH_OPTCR_nWRP_2)) return secfalse;
if ((FLASH->OPTCR & FLASH_OPTCR_RDP) != FLASH_OPTCR_RDP_2) return secfalse;
if ((FLASH->OPTCR & FLASH_OPTCR_BOR_LEV) != (FLASH_OPTCR_BOR_LEV_0 | FLASH_OPTCR_BOR_LEV_1)) return secfalse;
return sectrue;
}
void periph_init(void)
@ -78,18 +78,18 @@ void periph_init(void)
NVIC_EnableIRQ(PVD_IRQn);
}
bool reset_flags_init(void)
secbool reset_flags_init(void)
{
#if PRODUCTION
// this is effective enough that it makes development painful, so only use it for production.
// check the reset flags to assure that we arrive here due to a regular full power-on event,
// and not as a result of a lesser reset.
if ((RCC->CSR & (RCC_CSR_LPWRRSTF | RCC_CSR_WWDGRSTF | RCC_CSR_IWDGRSTF | RCC_CSR_SFTRSTF | RCC_CSR_PORRSTF | RCC_CSR_PINRSTF | RCC_CSR_BORRSTF)) != (RCC_CSR_PORRSTF | RCC_CSR_PINRSTF | RCC_CSR_BORRSTF)) {
return false;
return secfalse;
}
#endif
RCC->CSR |= RCC_CSR_RMVF; // clear the reset flags
return true;
return sectrue;
}

6
embed/boardloader/lowlevel.h
View File

@ -1,11 +1,11 @@
#ifndef __BOARDLOADER_LOWLEVEL_H__
#define __BOARDLOADER_LOWLEVEL_H__
#include <stdbool.h>
#include "secbool.h"
void flash_set_option_bytes(void);
bool flash_check_option_bytes(void);
secbool flash_check_option_bytes(void);
void periph_init(void);
bool reset_flags_init(void);
secbool reset_flags_init(void);
#endif

16
embed/boardloader/main.c
View File

@ -49,7 +49,7 @@ static uint32_t check_sdcard(void)
image_header hdr;
if (load_image_header((const uint8_t *)buf, BOOTLOADER_IMAGE_MAGIC, BOOTLOADER_IMAGE_MAXSIZE, BOARDLOADER_KEY_M, BOARDLOADER_KEY_N, BOARDLOADER_KEYS, &hdr)) {
if (sectrue == load_image_header((const uint8_t *)buf, BOOTLOADER_IMAGE_MAGIC, BOOTLOADER_IMAGE_MAXSIZE, BOARDLOADER_KEY_M, BOARDLOADER_KEY_N, BOARDLOADER_KEYS, &hdr)) {
return hdr.codelen;
} else {
return 0;
@ -60,7 +60,7 @@ static void progress_callback(int pos, int len) {
display_printf(".");
}
static bool copy_sdcard(void)
static secbool copy_sdcard(void)
{
display_backlight(255);
@ -79,7 +79,7 @@ static bool copy_sdcard(void)
codelen = check_sdcard();
if (!codelen) {
display_printf("\n\nno SD card, aborting\n");
return false;
return secfalse;
}
}
@ -111,13 +111,13 @@ static bool copy_sdcard(void)
};
if (!flash_erase_sectors(sectors, 2 + 1 + 6 + 4 + 7 + 1, progress_callback)) {
display_printf(" failed\n");
return false;
return secfalse;
}
display_printf(" done\n\n");
if (!flash_unlock()) {
display_printf("could not unlock flash\n");
return false;
return secfalse;
}
// copy bootloader from SD card to Flash
@ -133,7 +133,7 @@ static bool copy_sdcard(void)
display_printf("copy failed\n");
sdcard_power_off();
flash_lock();
return false;
return secfalse;
}
}
}
@ -144,7 +144,7 @@ static bool copy_sdcard(void)
display_printf("\ndone\n\n");
display_printf("Unplug the device and remove the SD card\n");
return true;
return sectrue;
}
int main(void)
@ -173,7 +173,7 @@ int main(void)
sdcard_init();
if (check_sdcard()) {
return copy_sdcard() ? 0 : 3;
return copy_sdcard() == sectrue ? 0 : 3;
}
image_header hdr;

36
embed/bootloader/main.c
View File

@ -5,11 +5,12 @@
#include "display.h"
#include "image.h"
#include "flash.h"
#include "mini_printf.h"
#include "rng.h"
#include "secbool.h"
#include "touch.h"
#include "usb.h"
#include "version.h"
#include "mini_printf.h"
#include "icon_cross.h"
#include "icon_lock.h"
@ -83,13 +84,14 @@ void display_error(void)
display_footer("Error! Unplug the device", COLOR_BL_RED);
}
void display_welcome(bool firmware_present)
void display_welcome(secbool firmware_present)
{
display_clear();
if (!firmware_present) {
if (secfalse == firmware_present) {
display_icon((DISPLAY_RESX - 124) / 2, (DISPLAY_RESY - 40 - 180) / 2, 124, 180, toi_icon_lock, sizeof(toi_icon_lock), COLOR_WHITE, COLOR_BLACK);
display_text_center(DISPLAY_RESX / 2, DISPLAY_RESY - 20, "Go to trezor.io/start", -1, FONT_BOLD, COLOR_WHITE, COLOR_BLACK);
} else {
}
if (sectrue == firmware_present) {
display_header(ICON_TOOLS, "TREZOR Bootloader");
uint8_t dom[32];
// format: TREZOR2-YYMMDD
@ -189,7 +191,7 @@ void usb_init_all(void) {
usb_start();
}
bool bootloader_loop(bool firmware_present)
secbool bootloader_loop(secbool firmware_present)
{
usb_init_all();
@ -202,7 +204,7 @@ bool bootloader_loop(bool firmware_present)
if (r != USB_PACKET_SIZE) {
continue;
}
ensure(r == USB_PACKET_SIZE, NULL);
ensure(sectrue * (r == USB_PACKET_SIZE), NULL);
uint16_t msg_id;
uint32_t msg_size;
if (!msg_parse_header(buf, &msg_id, &msg_size)) {
@ -227,12 +229,12 @@ bool bootloader_loop(bool firmware_present)
display_error();
usb_stop();
usb_deinit();
return false; // shutdown
return secfalse; // shutdown
} else { // success
display_done(0);
usb_stop();
usb_deinit();
return false; // shutdown
return secfalse; // shutdown
}
break;
case 6: // FirmwareErase
@ -249,7 +251,7 @@ bool bootloader_loop(bool firmware_present)
display_error();
usb_stop();
usb_deinit();
return false; // shutdown
return secfalse; // shutdown
} else
if (r == 0) { // last chunk received
display_done(3); hal_delay(1000);
@ -258,7 +260,7 @@ bool bootloader_loop(bool firmware_present)
usb_stop();
usb_deinit();
display_fade(BACKLIGHT_NORMAL, 0, 500);
return true; // jump to firmware
return sectrue; // jump to firmware
}
break;
default:
@ -282,12 +284,12 @@ void check_bootloader_version(void)
bits[i / 8] |= (1 << (7 - (i % 8)));
}
}
ensure(true == flash_otp_write(BOOTLOADER_VERSION_OTP_BLOCK, 0, bits, FLASH_OTP_BLOCK_SIZE), NULL);
ensure(flash_otp_write(BOOTLOADER_VERSION_OTP_BLOCK, 0, bits, FLASH_OTP_BLOCK_SIZE), NULL);
uint8_t bits2[FLASH_OTP_BLOCK_SIZE];
ensure(true == flash_otp_read(BOOTLOADER_VERSION_OTP_BLOCK, 0, bits2, FLASH_OTP_BLOCK_SIZE), NULL);
ensure(flash_otp_read(BOOTLOADER_VERSION_OTP_BLOCK, 0, bits2, FLASH_OTP_BLOCK_SIZE), NULL);
ensure(0 == memcmp(bits, bits2, FLASH_OTP_BLOCK_SIZE), "Bootloader downgraded");
ensure(sectrue * (0 == memcmp(bits, bits2, FLASH_OTP_BLOCK_SIZE)), "Bootloader downgraded");
}
int main(void)
@ -310,14 +312,14 @@ int main(void)
vendor_header vhdr;
// start the bootloader if user touched the screen or no firmware installed
bool firmware_present = load_vendor_header((const uint8_t *)FIRMWARE_START, BOOTLOADER_KEY_M, BOOTLOADER_KEY_N, BOOTLOADER_KEYS, &vhdr);
if (touched || !firmware_present) {
if (!bootloader_loop(firmware_present)) {
secbool firmware_present = load_vendor_header((const uint8_t *)FIRMWARE_START, BOOTLOADER_KEY_M, BOOTLOADER_KEY_N, BOOTLOADER_KEYS, &vhdr);
if (touched || firmware_present != sectrue) {
if (bootloader_loop(firmware_present) != sectrue) {
return 1;
}
}
ensure (
ensure(
load_vendor_header((const uint8_t *)FIRMWARE_START, BOOTLOADER_KEY_M, BOOTLOADER_KEY_N, BOOTLOADER_KEYS, &vhdr),
"invalid vendor header");

26
embed/bootloader/messages.c
View File

@ -9,6 +9,7 @@
#include "display.h"
#include "flash.h"
#include "image.h"
#include "secbool.h"
#include "usb.h"
#include "version.h"
@ -18,14 +19,14 @@
#define MSG_HEADER1_LEN 9
#define MSG_HEADER2_LEN 1
bool msg_parse_header(const uint8_t *buf, uint16_t *msg_id, uint32_t *msg_size)
secbool msg_parse_header(const uint8_t *buf, uint16_t *msg_id, uint32_t *msg_size)
{
if (buf[0] != '?' || buf[1] != '#' || buf[2] != '#') {
return false;
return secfalse;
}
*msg_id = (buf[3] << 8) + buf[4];
*msg_size = (buf[5] << 24) + (buf[6] << 16) + (buf[7] << 8) + buf[8];
return true;
return sectrue;
}
typedef struct {
@ -35,6 +36,7 @@ typedef struct {
uint8_t buf[USB_PACKET_SIZE];
} usb_write_state;
/* we don't use secbool/sectrue/secfalse here as it is a nanopb api */
static bool _usb_write(pb_ostream_t *stream, const pb_byte_t *buf, size_t count)
{
usb_write_state *state = (usb_write_state *)(stream->state);
@ -79,7 +81,7 @@ static void _usb_write_flush(usb_write_state *state)
usb_hid_write_blocking(state->iface_num, state->buf, USB_PACKET_SIZE, 100);
}
static bool _send_msg(uint8_t iface_num, uint16_t msg_id, const pb_field_t fields[], const void *msg)
static secbool _send_msg(uint8_t iface_num, uint16_t msg_id, const pb_field_t fields[], const void *msg)
{
// determine message size by serializing it into a dummy stream
pb_ostream_t sizestream = {
@ -89,7 +91,7 @@ static bool _send_msg(uint8_t iface_num, uint16_t msg_id, const pb_field_t field
.bytes_written = 0,
.errmsg = NULL};
if (!pb_encode(&sizestream, fields, msg)) {
return false;
return secfalse;
}
const uint32_t msg_size = sizestream.bytes_written;
@ -113,12 +115,12 @@ static bool _send_msg(uint8_t iface_num, uint16_t msg_id, const pb_field_t field
};
if (!pb_encode(&stream, fields, msg)) {
return false;
return secfalse;
}
_usb_write_flush(&state);
return true;
return sectrue;
}
#define MSG_SEND_INIT(TYPE) TYPE msg_send = TYPE##_init_default
@ -134,6 +136,7 @@ typedef struct {
uint8_t *buf;
} usb_read_state;
/* we don't use secbool/sectrue/secfalse here as it is a nanopb api */
static bool _usb_read(pb_istream_t *stream, uint8_t *buf, size_t count)
{
usb_read_state *state = (usb_read_state *)(stream->state);
@ -170,7 +173,7 @@ static void _usb_read_flush(usb_read_state *state)
(void)state;
}
static bool _recv_msg(uint8_t iface_num, uint32_t msg_size, uint8_t *buf, const pb_field_t fields[], void *msg)
static secbool _recv_msg(uint8_t iface_num, uint32_t msg_size, uint8_t *buf, const pb_field_t fields[], void *msg)
{
usb_read_state state = {
.iface_num = iface_num,
@ -187,19 +190,19 @@ static bool _recv_msg(uint8_t iface_num, uint32_t msg_size, uint8_t *buf, const
};
if (!pb_decode_noinit(&stream, fields, msg)) {
return false;
return secfalse;
}
_usb_read_flush(&state);
return true;
return sectrue;
}
#define MSG_RECV_INIT(TYPE) TYPE msg_recv = TYPE##_init_default
#define MSG_RECV_CALLBACK(FIELD, CALLBACK) do { msg_recv.FIELD.funcs.decode = &CALLBACK; } while (0)
#define MSG_RECV(TYPE) do { _recv_msg(iface_num, msg_size, buf, TYPE##_fields, &msg_recv); } while(0)
void process_msg_Initialize(uint8_t iface_num, uint32_t msg_size, uint8_t *buf, bool firmware_present)
void process_msg_Initialize(uint8_t iface_num, uint32_t msg_size, uint8_t *buf, secbool firmware_present)
{
MSG_RECV_INIT(Initialize);
MSG_RECV(Initialize);
@ -281,6 +284,7 @@ void process_msg_FirmwareErase(uint8_t iface_num, uint32_t msg_size, uint8_t *bu
static uint32_t chunk_size = 0;
/* we don't use secbool/sectrue/secfalse here as it is a nanopb api */
static bool _read_payload(pb_istream_t *stream, const pb_field_t *field, void **arg)
{
#define BUFSIZE 4096

6
embed/bootloader/messages.h
View File

@ -2,14 +2,14 @@
#define __MESSAGES_H__
#include <stdint.h>
#include <stdbool.h>
#include "secbool.h"
#define USB_PACKET_SIZE 64
#define USB_IFACE_NUM 0
bool msg_parse_header(const uint8_t *buf, uint16_t *msg_id, uint32_t *msg_size);
secbool msg_parse_header(const uint8_t *buf, uint16_t *msg_id, uint32_t *msg_size);
void process_msg_Initialize(uint8_t iface_num, uint32_t msg_size, uint8_t *buf, bool firmware_present);
void process_msg_Initialize(uint8_t iface_num, uint32_t msg_size, uint8_t *buf, secbool firmware_present);
void process_msg_Ping(uint8_t iface_num, uint32_t msg_size, uint8_t *buf);
void process_msg_FirmwareErase(uint8_t iface_num, uint32_t msg_size, uint8_t *buf);
int process_msg_FirmwareUpload(uint8_t iface_num, uint32_t msg_size, uint8_t *buf);

28
embed/extmod/modtrezorio/unix-flash-mock.h
View File

@ -11,37 +11,37 @@ void flash_set_option_bytes(void)
{
}
bool flash_unlock(void)
secbool flash_unlock(void)
{
return false;
return secfalse;
}
bool flash_lock(void)
secbool flash_lock(void)
{
return false;
return secfalse;
}
bool flash_erase_sectors(const uint8_t *sectors, int len, void (*progress)(int pos, int len))
secbool flash_erase_sectors(const uint8_t *sectors, int len, void (*progress)(int pos, int len))
{
return false;
return secfalse;
}
bool flash_otp_read(uint8_t block, uint8_t offset, uint8_t *data, uint8_t datalen)
secbool flash_otp_read(uint8_t block, uint8_t offset, uint8_t *data, uint8_t datalen)
{
return false;
return secfalse;
}
bool flash_otp_write(uint8_t block, uint8_t offset, const uint8_t *data, uint8_t datalen)
secbool flash_otp_write(uint8_t block, uint8_t offset, const uint8_t *data, uint8_t datalen)
{
return false;
return secfalse;
}
bool flash_otp_lock(uint8_t block)
secbool flash_otp_lock(uint8_t block)
{
return false;
return secfalse;
}
bool flash_otp_is_locked(uint8_t block)
secbool flash_otp_is_locked(uint8_t block)
{
return false;
return secfalse;
}

24
embed/extmod/modtrezorio/unix-msg-mock.h
View File

@ -28,7 +28,7 @@ void usb_init(const usb_dev_info_t *dev_info) {
(void)dev_info;
sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
ensure(sock >= 0, NULL);
ensure(sectrue * (sock >= 0), NULL);
fcntl(sock, F_SETFL, O_NONBLOCK);
@ -46,7 +46,7 @@ void usb_init(const usb_dev_info_t *dev_info) {
si_me.sin_port = htons(TREZOR_UDP_PORT);
}
ensure(0 == bind(sock, (struct sockaddr*)&si_me, sizeof(si_me)), NULL);
ensure(sectrue * (0 == bind(sock, (struct sockaddr*)&si_me, sizeof(si_me))), NULL);
}
void usb_deinit(void) {
@ -58,34 +58,34 @@ void usb_start(void) {
void usb_stop(void) {
}
bool usb_hid_add(const usb_hid_info_t *info) {
return true;
secbool usb_hid_add(const usb_hid_info_t *info) {
return sectrue;
}
bool usb_vcp_add(const usb_vcp_info_t *info) {
return true;
secbool usb_vcp_add(const usb_vcp_info_t *info) {
return sectrue;
}
bool usb_hid_can_read(uint8_t iface_num) {
secbool usb_hid_can_read(uint8_t iface_num) {
if (iface_num != TREZOR_UDP_IFACE) {
return false;
return secfalse;
}
struct pollfd fds[] = {
{ sock, POLLIN, 0 },
};
int r = poll(fds, 1, 0);
return r > 0;
return sectrue * (r > 0);
}
bool usb_hid_can_write(uint8_t iface_num) {
secbool usb_hid_can_write(uint8_t iface_num) {
if (iface_num != TREZOR_UDP_IFACE) {
return false;
return secfalse;
}
struct pollfd fds[] = {
{ sock, POLLOUT, 0 },
};
int r = poll(fds, 1, 0);
return r > 0;
return sectrue * (r > 0);
}
int usb_hid_read(uint8_t iface_num, uint8_t *buf, uint32_t len) {

2
embed/extmod/modtrezorio/unix-sbu-mock.h
View File

@ -11,6 +11,6 @@ void sbu_init(void)
{
}
void sbu_set(bool sbu1, bool sbu2)
void sbu_set(secbool sbu1, secbool sbu2)
{
}

22
embed/extmod/modtrezorio/unix-sdcard-mock.h
View File

@ -7,31 +7,29 @@
#include "../../trezorhal/sdcard.h"
#define SD_ERROR 41U
void sdcard_init(void) {
}
bool sdcard_is_present(void) {
return false;
secbool sdcard_is_present(void) {
return secfalse;
}
bool sdcard_power_on(void) {
return false;
secbool sdcard_power_on(void) {
return secfalse;
}
bool sdcard_power_off(void) {
return true;
secbool sdcard_power_off(void) {
return sectrue;
}
uint64_t sdcard_get_capacity_in_bytes(void) {
return 0;
}
bool sdcard_read_blocks(void *dest, uint32_t block_num, uint32_t num_blocks) {
return false;
secbool sdcard_read_blocks(void *dest, uint32_t block_num, uint32_t num_blocks) {
return secfalse;
}
bool sdcard_write_blocks(const void *src, uint32_t block_num, uint32_t num_blocks) {
return false;
secbool sdcard_write_blocks(const void *src, uint32_t block_num, uint32_t num_blocks) {
return secfalse;
}

4
embed/extmod/modtrezorutils/modtrezorutils.c
View File

@ -86,9 +86,9 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorutils_memcpy_obj, 5, 5, mod
STATIC mp_obj_t mod_trezorutils_halt(size_t n_args, const mp_obj_t *args) {
mp_buffer_info_t msg;
if (n_args > 0 && mp_get_buffer(args[0], &msg, MP_BUFFER_READ)) {
ensure(0, msg.buf);
ensure(secfalse, msg.buf);
} else {
ensure(0, "halt");
ensure(secfalse, "halt");
}
return mp_const_none;
}

2
embed/firmware/main.c
View File

@ -68,7 +68,7 @@ int main(void)
// MicroPython default exception handler
void __attribute__((noreturn)) nlr_jump_fail(void *val) {
ensure(0, "uncaught exception");
ensure(secfalse, "uncaught exception");
}
void PendSV_Handler(void) {

2
embed/firmware/mphalport.c
View File

@ -6,7 +6,7 @@ static int vcp_iface_num = -1;
int mp_hal_stdin_rx_chr(void) {
ensure(vcp_iface_num >= 0, "vcp stdio is not configured");
ensure(sectrue * (vcp_iface_num >= 0), "vcp stdio is not configured");
#define VCP_READ_TIMEOUT 25
uint8_t c = 0;

2
embed/trezorhal/common.c
View File

@ -34,7 +34,7 @@ uint32_t __stack_chk_guard = 0;
void __attribute__((noreturn)) __stack_chk_fail(void)
{
ensure(0, "Stack smashing detected");
ensure(secfalse, "Stack smashing detected");
}
#ifndef NDEBUG

3
embed/trezorhal/common.h
View File

@ -2,6 +2,7 @@
#define __TREZORHAL_COMMON_H__
#include <stdint.h>
#include "secbool.h"
extern void memset_reg(volatile void *start, volatile void *stop, uint32_t val);
@ -9,7 +10,7 @@ void clear_otg_hs_memory(void);
void __attribute__((noreturn)) __fatal_error(const char *expr, const char *msg, const char *file, int line, const char *func);
#define ensure(expr, msg) ((expr) ? (void)0 : __fatal_error(#expr, msg, __FILE__, __LINE__, __func__))
#define ensure(expr, msg) (((expr) == sectrue) ? (void)0 : __fatal_error(#expr, msg, __FILE__, __LINE__, __func__))
void jump_to(uint32_t address);

52
embed/trezorhal/flash.c
View File

@ -33,23 +33,23 @@ const uint32_t FLASH_SECTOR_TABLE[FLASH_SECTOR_COUNT + 1] = {
[24] = 0x08200000, // last element - not a valid sector
};
bool flash_unlock(void)
secbool flash_unlock(void)
{
HAL_FLASH_Unlock();
__HAL_FLASH_CLEAR_FLAG(FLASH_FLAG_EOP | FLASH_FLAG_OPERR | FLASH_FLAG_WRPERR | FLASH_FLAG_PGAERR | FLASH_FLAG_PGPERR | FLASH_FLAG_PGSERR);
return true;
return sectrue;
}
bool flash_lock(void)
secbool flash_lock(void)
{
HAL_FLASH_Lock();
return true;
return sectrue;
}
bool flash_erase_sectors(const uint8_t *sectors, int len, void (*progress)(int pos, int len))
secbool flash_erase_sectors(const uint8_t *sectors, int len, void (*progress)(int pos, int len))
{
if (!flash_unlock()) {
return false;
return secfalse;
}
FLASH_EraseInitTypeDef EraseInitStruct;
EraseInitStruct.TypeErase = FLASH_TYPEERASE_SECTORS;
@ -63,13 +63,13 @@ bool flash_erase_sectors(const uint8_t *sectors, int len, void (*progress)(int p
EraseInitStruct.Sector = sectors[i];
if (HAL_FLASHEx_Erase(&EraseInitStruct, &SectorError) != HAL_OK) {
flash_lock();
return false;
return secfalse;
}
// check whether the sector was really deleted (contains only 0xFF)
uint32_t addr_start = FLASH_SECTOR_TABLE[sectors[i]], addr_end = FLASH_SECTOR_TABLE[sectors[i] + 1];
for (uint32_t addr = addr_start; addr < addr_end; addr += 4) {
if (*((const uint32_t *)addr) != 0xFFFFFFFF) {
return false;
return secfalse;
}
}
if (progress) {
@ -77,44 +77,44 @@ bool flash_erase_sectors(const uint8_t *sectors, int len, void (*progress)(int p
}
}
flash_lock();
return true;
return sectrue;
}
bool flash_write_byte(uint32_t address, uint8_t data)
secbool flash_write_byte(uint32_t address, uint8_t data)
{
return HAL_OK == HAL_FLASH_Program(FLASH_TYPEPROGRAM_BYTE, address, data);
return sectrue * (HAL_OK == HAL_FLASH_Program(FLASH_TYPEPROGRAM_BYTE, address, data));
}
bool flash_write_word(uint32_t address, uint32_t data)
secbool flash_write_word(uint32_t address, uint32_t data)
{
return HAL_OK == HAL_FLASH_Program(FLASH_TYPEPROGRAM_WORD, address, data);
return sectrue * (HAL_OK == HAL_FLASH_Program(FLASH_TYPEPROGRAM_WORD, address, data));
}
#define FLASH_OTP_LOCK_BASE 0x1FFF7A00U
bool flash_otp_read(uint8_t block, uint8_t offset, uint8_t *data, uint8_t datalen)
secbool flash_otp_read(uint8_t block, uint8_t offset, uint8_t *data, uint8_t datalen)
{
if (block >= FLASH_OTP_NUM_BLOCKS || offset + datalen > FLASH_OTP_BLOCK_SIZE) {
return false;
return secfalse;
}
for (uint8_t i = 0; i < datalen; i++) {
data[i] = *(__IO uint8_t *)(FLASH_OTP_BASE + block * FLASH_OTP_BLOCK_SIZE + offset + i);
}
return true;
return sectrue;
}
bool flash_otp_write(uint8_t block, uint8_t offset, const uint8_t *data, uint8_t datalen)
secbool flash_otp_write(uint8_t block, uint8_t offset, const uint8_t *data, uint8_t datalen)
{
if (block >= FLASH_OTP_NUM_BLOCKS || offset + datalen > FLASH_OTP_BLOCK_SIZE) {
return false;
return secfalse;
}
if (!flash_unlock()) {
return false;
return secfalse;
}
bool ret = false;
secbool ret = secfalse;
for (uint8_t i = 0; i < datalen; i++) {
ret = flash_write_byte(FLASH_OTP_BASE + block * FLASH_OTP_BLOCK_SIZE + offset + i, data[i]);
if (!ret) {
if (ret != sectrue) {
break;
}
}
@ -122,20 +122,20 @@ bool flash_otp_write(uint8_t block, uint8_t offset, const uint8_t *data, uint8_t
return ret;
}
bool flash_otp_lock(uint8_t block)
secbool flash_otp_lock(uint8_t block)
{
if (block >= FLASH_OTP_NUM_BLOCKS) {
return false;
return secfalse;
}
if (!flash_unlock()) {
return false;
return secfalse;
}
HAL_StatusTypeDef ret = HAL_FLASH_Program(FLASH_TYPEPROGRAM_BYTE, FLASH_OTP_LOCK_BASE + block, 0x00);
flash_lock();
return ret == HAL_OK;
return sectrue * (ret == HAL_OK);
}
bool flash_otp_is_locked(uint8_t block)
secbool flash_otp_is_locked(uint8_t block)
{
return *(__IO uint8_t *)(FLASH_OTP_LOCK_BASE + block) == 0x00;
}

20
embed/trezorhal/flash.h
View File

@ -1,8 +1,8 @@
#ifndef __TREZORHAL_FLASH_H__
#define __TREZORHAL_FLASH_H__
#include <stdbool.h>
#include <stdint.h>
#include "secbool.h"
// see docs/memory.md for more information
@ -44,19 +44,19 @@ extern const uint32_t FLASH_SECTOR_TABLE[FLASH_SECTOR_COUNT + 1];
void flash_set_option_bytes(void);
bool flash_unlock(void);
bool flash_lock(void);
secbool flash_unlock(void);
secbool flash_lock(void);
bool flash_erase_sectors(const uint8_t *sectors, int len, void (*progress)(int pos, int len));
bool flash_write_byte(uint32_t address, uint8_t data);
bool flash_write_word(uint32_t address, uint32_t data);
secbool flash_erase_sectors(const uint8_t *sectors, int len, void (*progress)(int pos, int len));
secbool flash_write_byte(uint32_t address, uint8_t data);
secbool flash_write_word(uint32_t address, uint32_t data);
#define FLASH_OTP_NUM_BLOCKS 16
#define FLASH_OTP_BLOCK_SIZE 32
bool flash_otp_read(uint8_t block, uint8_t offset, uint8_t *data, uint8_t datalen);
bool flash_otp_write(uint8_t block, uint8_t offset, const uint8_t *data, uint8_t datalen);
bool flash_otp_lock(uint8_t block);
bool flash_otp_is_locked(uint8_t block);
secbool flash_otp_read(uint8_t block, uint8_t offset, uint8_t *data, uint8_t datalen);
secbool flash_otp_write(uint8_t block, uint8_t offset, const uint8_t *data, uint8_t datalen);
secbool flash_otp_lock(uint8_t block);
secbool flash_otp_is_locked(uint8_t block);
#endif

58
embed/trezorhal/image.c
View File

@ -7,16 +7,16 @@
#include "flash.h"
#include "image.h"
static bool compute_pubkey(uint8_t sig_m, uint8_t sig_n, const uint8_t * const *pub, uint8_t sigmask, ed25519_public_key res)
static secbool compute_pubkey(uint8_t sig_m, uint8_t sig_n, const uint8_t * const *pub, uint8_t sigmask, ed25519_public_key res)
{
if (!sig_m || !sig_n) return false;
if (sig_m > sig_n) return false;
if (!sig_m || !sig_n) return secfalse;
if (sig_m > sig_n) return secfalse;
// discard bits higher than sig_n
sigmask &= ((1 << sig_n) - 1);
// remove if number of set bits in sigmask is not equal to sig_m
if (__builtin_popcount(sigmask) != sig_m) return false;
if (__builtin_popcount(sigmask) != sig_m) return secfalse;
ed25519_public_key keys[sig_m];
int j = 0;
@ -27,26 +27,26 @@ static bool compute_pubkey(uint8_t sig_m, uint8_t sig_n, const uint8_t * const *
}
}
return 0 == ed25519_cosi_combine_publickeys(res, keys, sig_m);
return sectrue * (0 == ed25519_cosi_combine_publickeys(res, keys, sig_m));
}
bool load_image_header(const uint8_t * const data, const uint32_t magic, const uint32_t maxsize, uint8_t key_m, uint8_t key_n, const uint8_t * const *keys, image_header * const hdr)
secbool load_image_header(const uint8_t * const data, const uint32_t magic, const uint32_t maxsize, uint8_t key_m, uint8_t key_n, const uint8_t * const *keys, image_header * const hdr)
{
memcpy(&hdr->magic, data, 4);
if (hdr->magic != magic) return false;
if (hdr->magic != magic) return secfalse;
memcpy(&hdr->hdrlen, data + 4, 4);
if (hdr->hdrlen != IMAGE_HEADER_SIZE) return false;
if (hdr->hdrlen != IMAGE_HEADER_SIZE) return secfalse;
memcpy(&hdr->expiry, data + 8, 4);
// TODO: expiry mechanism needs to be ironed out before production or those
// devices won't accept expiring bootloaders (due to boardloader write protection).
if (hdr->expiry != 0) return false;
if (hdr->expiry != 0) return secfalse;
memcpy(&hdr->codelen, data + 12, 4);
if (hdr->codelen > (maxsize - hdr->hdrlen)) return false;
if ((hdr->hdrlen + hdr->codelen) < 4 * 1024) return false;
if ((hdr->hdrlen + hdr->codelen) % 512 != 0) return false;
if (hdr->codelen > (maxsize - hdr->hdrlen)) return secfalse;
if ((hdr->hdrlen + hdr->codelen) < 4 * 1024) return secfalse;
if ((hdr->hdrlen + hdr->codelen) % 512 != 0) return secfalse;
memcpy(&hdr->version, data + 16, 4);
@ -68,21 +68,21 @@ bool load_image_header(const uint8_t * const data, const uint32_t magic, const u
blake2s_Final(&ctx, hash, BLAKE2S_DIGEST_LENGTH);
ed25519_public_key pub;
if (!compute_pubkey(key_m, key_n, keys, hdr->sigmask, pub)) return false;
if (!compute_pubkey(key_m, key_n, keys, hdr->sigmask, pub)) return secfalse;
return 0 == ed25519_sign_open(hash, BLAKE2S_DIGEST_LENGTH, pub, *(const ed25519_signature *)hdr->sig);
return sectrue * (0 == ed25519_sign_open(hash, BLAKE2S_DIGEST_LENGTH, pub, *(const ed25519_signature *)hdr->sig));
}
bool load_vendor_header(const uint8_t * const data, uint8_t key_m, uint8_t key_n, const uint8_t * const *keys, vendor_header * const vhdr)
secbool load_vendor_header(const uint8_t * const data, uint8_t key_m, uint8_t key_n, const uint8_t * const *keys, vendor_header * const vhdr)
{
memcpy(&vhdr->magic, data, 4);
if (vhdr->magic != 0x565A5254) return false; // TRZV
if (vhdr->magic != 0x565A5254) return secfalse; // TRZV
memcpy(&vhdr->hdrlen, data + 4, 4);
if (vhdr->hdrlen > 64 * 1024) return false;
if (vhdr->hdrlen > 64 * 1024) return secfalse;
memcpy(&vhdr->expiry, data + 8, 4);
if (vhdr->expiry != 0) return false;
if (vhdr->expiry != 0) return secfalse;
memcpy(&vhdr->version, data + 12, 2);
@ -91,7 +91,7 @@ bool load_vendor_header(const uint8_t * const data, uint8_t key_m, uint8_t key_n
memcpy(&vhdr->vtrust, data + 16, 1);
if (vhdr->vsig_n > MAX_VENDOR_PUBLIC_KEYS) {
return false;
return secfalse;
}
for (int i = 0; i < vhdr->vsig_n; i++) {
@ -125,42 +125,42 @@ bool load_vendor_header(const uint8_t * const data, uint8_t key_m, uint8_t key_n
blake2s_Final(&ctx, hash, BLAKE2S_DIGEST_LENGTH);
ed25519_public_key pub;
if (!compute_pubkey(key_m, key_n, keys, vhdr->sigmask, pub)) return false;
if (!compute_pubkey(key_m, key_n, keys, vhdr->sigmask, pub)) return secfalse;
return 0 == ed25519_sign_open(hash, BLAKE2S_DIGEST_LENGTH, pub, *(const ed25519_signature *)vhdr->sig);
return sectrue * (0 == ed25519_sign_open(hash, BLAKE2S_DIGEST_LENGTH, pub, *(const ed25519_signature *)vhdr->sig));
}
static bool check_hash(const uint8_t * const hash, const uint8_t * const data, int len)
static secbool check_hash(const uint8_t * const hash, const uint8_t * const data, int len)
{
uint8_t h[BLAKE2S_DIGEST_LENGTH];
blake2s(data, len, h, BLAKE2S_DIGEST_LENGTH);
return 0 == memcmp(h, hash, BLAKE2S_DIGEST_LENGTH);
return sectrue * (0 == memcmp(h, hash, BLAKE2S_DIGEST_LENGTH));
}
#define MIN(a,b) ((a) < (b) ? (a) : (b))
bool check_image_contents(const image_header * const hdr, uint32_t firstskip, const uint8_t *sectors, int blocks)
secbool check_image_contents(const image_header * const hdr, uint32_t firstskip, const uint8_t *sectors, int blocks)
{
if (!sectors || blocks < 1) {
return false;
return secfalse;
}
const void *data = (const void *)(FLASH_SECTOR_TABLE[sectors[0]] + firstskip);
int remaining = hdr->codelen;
if (!check_hash(hdr->hashes, data, MIN(remaining, IMAGE_CHUNK_SIZE - firstskip))) {
return false;
return secfalse;
}
int block = 1;
remaining -= IMAGE_CHUNK_SIZE - firstskip;
while (remaining > 0) {
if (block >= blocks) {
return false;
return secfalse;
}
data = (const void *)FLASH_SECTOR_TABLE[sectors[block]];
if (!check_hash(hdr->hashes + block * 32, data, MIN(remaining, IMAGE_CHUNK_SIZE))) {
return false;
return secfalse;
}
block++;
remaining -= IMAGE_CHUNK_SIZE;
}
return true;
return sectrue;
}

8
embed/trezorhal/image.h
View File

@ -2,7 +2,7 @@
#define __TREZORHAL_IMAGE_H__
#include <stdint.h>
#include <stdbool.h>
#include "secbool.h"
#define BOARDLOADER_START 0x08000000
#define BOOTLOADER_START 0x08020000
@ -44,10 +44,10 @@ typedef struct {
uint8_t sig[64];
} vendor_header;
bool load_image_header(const uint8_t * const data, const uint32_t magic, const uint32_t maxsize, uint8_t key_m, uint8_t key_n, const uint8_t * const *keys, image_header * const hdr);
secbool load_image_header(const uint8_t * const data, const uint32_t magic, const uint32_t maxsize, uint8_t key_m, uint8_t key_n, const uint8_t * const *keys, image_header * const hdr);
bool load_vendor_header(const uint8_t * const data, uint8_t key_m, uint8_t key_n, const uint8_t * const *keys, vendor_header * const vhdr);
secbool load_vendor_header(const uint8_t * const data, uint8_t key_m, uint8_t key_n, const uint8_t * const *keys, vendor_header * const vhdr);
bool check_image_contents(const image_header * const hdr, uint32_t firstskip, const uint8_t *sectors, int blocks);
secbool check_image_contents(const image_header * const hdr, uint32_t firstskip, const uint8_t *sectors, int blocks);
#endif

6
embed/trezorhal/sbu.c
View File

@ -23,7 +23,7 @@ void sbu_init(void) {
HAL_GPIO_WritePin(GPIOA, GPIO_PIN_3, GPIO_PIN_RESET);
}
void sbu_set(bool sbu1, bool sbu2) {
HAL_GPIO_WritePin(GPIOA, GPIO_PIN_2, sbu1 ? GPIO_PIN_SET : GPIO_PIN_RESET);
HAL_GPIO_WritePin(GPIOA, GPIO_PIN_3, sbu2 ? GPIO_PIN_SET : GPIO_PIN_RESET);
void sbu_set(secbool sbu1, secbool sbu2) {
HAL_GPIO_WritePin(GPIOA, GPIO_PIN_2, sbu1 == sectrue ? GPIO_PIN_SET : GPIO_PIN_RESET);
HAL_GPIO_WritePin(GPIOA, GPIO_PIN_3, sbu2 == sectrue ? GPIO_PIN_SET : GPIO_PIN_RESET);
}

4
embed/trezorhal/sbu.h
View File

@ -8,9 +8,9 @@
#ifndef __TREZORHAL_SBU_H__
#define __TREZORHAL_SBU_H__
#include <stdbool.h>
#include "secbool.h"
void sbu_init(void);
void sbu_set(bool sbu1, bool sbu2);
void sbu_set(secbool sbu1, secbool sbu2);
#endif

36
embed/trezorhal/sdcard.c
View File

@ -66,16 +66,16 @@ void HAL_SD_MspDeInit(SD_HandleTypeDef *hsd) {
__HAL_RCC_SDIO_CLK_DISABLE();
}
bool sdcard_is_present(void) {
return GPIO_PIN_RESET == HAL_GPIO_ReadPin(GPIOC, GPIO_PIN_13);
secbool sdcard_is_present(void) {
return sectrue * (GPIO_PIN_RESET == HAL_GPIO_ReadPin(GPIOC, GPIO_PIN_13));
}
bool sdcard_power_on(void) {
secbool sdcard_power_on(void) {
if (!sdcard_is_present()) {
return false;
return secfalse;
}
if (sd_handle.Instance) {
return true;
return sectrue;
}
// SD device interface configuration
@ -101,20 +101,20 @@ bool sdcard_power_on(void) {
goto error;
}
return true;
return sectrue;
error:
sd_handle.Instance = NULL;
return false;
return secfalse;
}
bool sdcard_power_off(void) {
secbool sdcard_power_off(void) {
if (!sd_handle.Instance) {
return true;
return sectrue;
}
HAL_SD_DeInit(&sd_handle);
sd_handle.Instance = NULL;
return true;
return sectrue;
}
uint64_t sdcard_get_capacity_in_bytes(void) {
@ -150,15 +150,15 @@ static HAL_StatusTypeDef sdcard_wait_finished(SD_HandleTypeDef *sd, uint32_t tim
return HAL_OK;
}
bool sdcard_read_blocks(void *dest, uint32_t block_num, uint32_t num_blocks) {
secbool sdcard_read_blocks(void *dest, uint32_t block_num, uint32_t num_blocks) {
// check that SD card is initialised
if (sd_handle.Instance == NULL) {
return false;
return secfalse;
}
// check that dest pointer is aligned on a 4-byte boundary
if (((uint32_t)dest & 3) != 0) {
return false;
return secfalse;
}
HAL_StatusTypeDef err = HAL_OK;
@ -168,18 +168,18 @@ bool sdcard_read_blocks(void *dest, uint32_t block_num, uint32_t num_blocks) {
err = sdcard_wait_finished(&sd_handle, 60000);
}
return err == HAL_OK;
return sectrue * (err == HAL_OK);
}
bool sdcard_write_blocks(const void *src, uint32_t block_num, uint32_t num_blocks) {
secbool sdcard_write_blocks(const void *src, uint32_t block_num, uint32_t num_blocks) {
// check that SD card is initialised
if (sd_handle.Instance == NULL) {
return false;
return secfalse;
}
// check that src pointer is aligned on a 4-byte boundary
if (((uint32_t)src & 3) != 0) {
return false;
return secfalse;
}
HAL_StatusTypeDef err = HAL_OK;
@ -189,5 +189,5 @@ bool sdcard_write_blocks(const void *src, uint32_t block_num, uint32_t num_block
err = sdcard_wait_finished(&sd_handle, 60000);
}
return err == HAL_OK;
return sectrue * (err == HAL_OK);
}

12
embed/trezorhal/sdcard.h
View File

@ -27,17 +27,17 @@
#ifndef __TREZORHAL_SDCARD_H__
#define __TREZORHAL_SDCARD_H__
#include <stdbool.h>
#include "secbool.h"
// this is a fixed size and should not be changed
#define SDCARD_BLOCK_SIZE (512)
void sdcard_init(void);
bool sdcard_is_present(void);
bool sdcard_power_on(void);
bool sdcard_power_off(void);
secbool sdcard_is_present(void);
secbool sdcard_power_on(void);
secbool sdcard_power_off(void);
uint64_t sdcard_get_capacity_in_bytes(void);
bool sdcard_read_blocks(void *dest, uint32_t block_num, uint32_t num_blocks);
bool sdcard_write_blocks(const void *src, uint32_t block_num, uint32_t num_blocks);
secbool sdcard_read_blocks(void *dest, uint32_t block_num, uint32_t num_blocks);
secbool sdcard_write_blocks(const void *src, uint32_t block_num, uint32_t num_blocks);
#endif

10
embed/trezorhal/secbool.h Normal file
View File

@ -0,0 +1,10 @@
#ifndef __TREZORHAL_SECBOOL_H__
#define __TREZORHAL_SECBOOL_H__
#include <stdint.h>
typedef uint32_t secbool;
#define sectrue 0xAAAAAAAA
#define secfalse 0x00000000
#endif

3
embed/trezorhal/touch.c
View File

@ -10,6 +10,7 @@
#include <string.h>
#include "common.h"
#include "secbool.h"
#include "touch.h"
I2C_HandleTypeDef i2c_handle = {
@ -41,7 +42,7 @@ void touch_init(void)
init->NoStretchMode = I2C_NOSTRETCH_DISABLE;
init->OwnAddress2 = 0;
ensure(HAL_I2C_Init(&i2c_handle) == HAL_OK, NULL);
ensure(sectrue * (HAL_OK == HAL_I2C_Init(&i2c_handle)), NULL);
}
#define TOUCH_ADDRESS 56

1
embed/trezorhal/touch.h
View File

@ -8,7 +8,6 @@
#ifndef __TREZORHAL_TOUCH_H__
#define __TREZORHAL_TOUCH_H__
#include <stdbool.h>
#include <stdint.h>
#define TOUCH_START 0x00010000

10
embed/trezorhal/usb.c
View File

@ -42,8 +42,10 @@ static USBD_HandleTypeDef usb_dev_handle;
static const USBD_DescriptorsTypeDef usb_descriptors;
static const USBD_ClassTypeDef usb_class;
static bool check_desc_str(const uint8_t *s) {
return s && strlen((const char *)s) <= USB_MAX_STR_SIZE;
static secbool check_desc_str(const uint8_t *s) {
if (!s) return secfalse;
if (strlen((const char *)s) > USB_MAX_STR_SIZE) return secfalse;
return sectrue;
}
void usb_init(const usb_dev_info_t *dev_info) {
@ -86,8 +88,8 @@ void usb_init(const usb_dev_info_t *dev_info) {
// Pointer to interface descriptor data
usb_next_iface_desc = (usb_interface_descriptor_t *)(usb_config_buf + usb_config_desc->wTotalLength);
ensure(USBD_OK == USBD_Init(&usb_dev_handle, (USBD_DescriptorsTypeDef*)&usb_descriptors, USB_PHY_ID), NULL);
ensure(USBD_OK == USBD_RegisterClass(&usb_dev_handle, (USBD_ClassTypeDef*)&usb_class), NULL);
ensure(sectrue * (USBD_OK == USBD_Init(&usb_dev_handle, (USBD_DescriptorsTypeDef*)&usb_descriptors, USB_PHY_ID)), NULL);
ensure(sectrue * (USBD_OK == USBD_RegisterClass(&usb_dev_handle, (USBD_ClassTypeDef*)&usb_class)), NULL);
}
void usb_deinit(void) {

2
embed/trezorhal/usb.h
View File

@ -8,8 +8,8 @@
#ifndef __TREZORHAL_USB_H__
#define __TREZORHAL_USB_H__
#include <stdbool.h>
#include <stdint.h>
#include "secbool.h"
#define USB_EP_DIR_OUT 0x00
#define USB_EP_DIR_IN 0x80

6
embed/trezorhal/usb_hid-defs.h
View File

@ -69,9 +69,9 @@ typedef struct {
uint8_t ep_in_is_idle; // Set to 1 after IN endpoint gets idle
} usb_hid_state_t;
bool usb_hid_add(const usb_hid_info_t *hid_info);
bool usb_hid_can_read(uint8_t iface_num);
bool usb_hid_can_write(uint8_t iface_num);
secbool usb_hid_add(const usb_hid_info_t *hid_info);
secbool usb_hid_can_read(uint8_t iface_num);
secbool usb_hid_can_write(uint8_t iface_num);
int usb_hid_read(uint8_t iface_num, uint8_t *buf, uint32_t len);
int usb_hid_write(uint8_t iface_num, const uint8_t *buf, uint32_t len);

42
embed/trezorhal/usb_hid-impl.h
View File

@ -17,34 +17,34 @@
/* usb_hid_add adds and configures new USB HID interface according to
* configuration options passed in `info`. */
bool usb_hid_add(const usb_hid_info_t *info) {
secbool usb_hid_add(const usb_hid_info_t *info) {
usb_iface_t *iface = usb_get_iface(info->iface_num);
if (iface == NULL) {
return false; // Invalid interface number
return secfalse; // Invalid interface number
}
if (iface->type != USB_IFACE_TYPE_DISABLED) {
return false; // Interface is already enabled
return secfalse; // Interface is already enabled
}
usb_hid_descriptor_block_t *d = usb_desc_alloc_iface(sizeof(usb_hid_descriptor_block_t));
if (d == NULL) {
return false; // Not enough space in the configuration descriptor
return secfalse; // Not enough space in the configuration descriptor
}
if ((info->ep_in & USB_EP_DIR_MSK) != USB_EP_DIR_IN) {
return false; // IN EP is invalid
return secfalse; // IN EP is invalid
}
if ((info->ep_out & USB_EP_DIR_MSK) != USB_EP_DIR_OUT) {
return false; // OUT EP is invalid
return secfalse; // OUT EP is invalid
}
if (info->rx_buffer == NULL) {
return false;
return secfalse;
}
if (info->report_desc == NULL) {
return false;
return secfalse;
}
// Interface descriptor
@ -101,41 +101,41 @@ bool usb_hid_add(const usb_hid_info_t *info) {
iface->hid.last_read_len = 0;
iface->hid.ep_in_is_idle = 1;
return true;
return sectrue;
}
bool usb_hid_can_read(uint8_t iface_num) {
secbool usb_hid_can_read(uint8_t iface_num) {
usb_iface_t *iface = usb_get_iface(iface_num);
if (iface == NULL) {
return false; // Invalid interface number
return secfalse; // Invalid interface number
}
if (iface->type != USB_IFACE_TYPE_HID) {
return false; // Invalid interface type
return secfalse; // Invalid interface type
}
if (iface->hid.last_read_len == 0) {
return false; // Nothing in the receiving buffer
return secfalse; // Nothing in the receiving buffer
}
if (usb_dev_handle.dev_state != USBD_STATE_CONFIGURED) {
return false; // Device is not configured
return secfalse; // Device is not configured
}
return true;
return sectrue;
}
bool usb_hid_can_write(uint8_t iface_num) {
secbool usb_hid_can_write(uint8_t iface_num) {
usb_iface_t *iface = usb_get_iface(iface_num);
if (iface == NULL) {
return false; // Invalid interface number
return secfalse; // Invalid interface number
}
if (iface->type != USB_IFACE_TYPE_HID) {
return false; // Invalid interface type
return secfalse; // Invalid interface type
}
if (iface->hid.ep_in_is_idle == 0) {
return false; // Last transmission is not over yet
return secfalse; // Last transmission is not over yet
}
if (usb_dev_handle.dev_state != USBD_STATE_CONFIGURED) {
return false; // Device is not configured
return secfalse; // Device is not configured
}
return true;
return sectrue;
}
int usb_hid_read(uint8_t iface_num, uint8_t *buf, uint32_t len) {

6
embed/trezorhal/usb_vcp-defs.h
View File

@ -119,9 +119,9 @@ typedef struct {
uint8_t ep_in_is_idle; // Set to 1 after IN endpoint gets idle
} usb_vcp_state_t;
bool usb_vcp_add(const usb_vcp_info_t *vcp_info);
bool usb_vcp_can_read(uint8_t iface_num);
bool usb_vcp_can_write(uint8_t iface_num);
secbool usb_vcp_add(const usb_vcp_info_t *vcp_info);
secbool usb_vcp_can_read(uint8_t iface_num);
secbool usb_vcp_can_write(uint8_t iface_num);
int usb_vcp_read(uint8_t iface_num, uint8_t *buf, uint32_t len);
int usb_vcp_write(uint8_t iface_num, const uint8_t *buf, uint32_t len);

48
embed/trezorhal/usb_vcp-impl.h
View File

@ -42,49 +42,49 @@
/* usb_vcp_add adds and configures new USB VCP interface according to
* configuration options passed in `info`. */
bool usb_vcp_add(const usb_vcp_info_t *info) {
secbool usb_vcp_add(const usb_vcp_info_t *info) {
usb_iface_t *iface = usb_get_iface(info->iface_num);
if (iface == NULL) {
return false; // Invalid interface number
return secfalse; // Invalid interface number
}
if (iface->type != USB_IFACE_TYPE_DISABLED) {
return false; // Interface is already enabled
return secfalse; // Interface is already enabled
}
usb_vcp_descriptor_block_t *d = usb_desc_alloc_iface(sizeof(usb_vcp_descriptor_block_t));
if (d == NULL) {
return false; // Not enough space in the configuration descriptor
return secfalse; // Not enough space in the configuration descriptor
}
if ((info->ep_cmd & USB_EP_DIR_MSK) != USB_EP_DIR_IN) {
return false; // IN CMD EP is invalid
return secfalse; // IN CMD EP is invalid
}
if ((info->ep_in & USB_EP_DIR_MSK) != USB_EP_DIR_IN) {
return false; // IN EP is invalid
return secfalse; // IN EP is invalid
}
if ((info->ep_out & USB_EP_DIR_MSK) != USB_EP_DIR_OUT) {
return false; // OUT EP is invalid
return secfalse; // OUT EP is invalid
}
if ((info->rx_buffer_len == 0) || (info->rx_buffer_len & (info->rx_buffer_len - 1)) != 0) {
return false; // Capacity needs to be a power of 2
return secfalse; // Capacity needs to be a power of 2
}
if ((info->tx_buffer_len == 0) || (info->tx_buffer_len & (info->tx_buffer_len - 1)) != 0) {
return false; // Capacity needs to be a power of 2
return secfalse; // Capacity needs to be a power of 2
}
if (info->rx_buffer == NULL) {
return false;
return secfalse;
}
if (info->rx_packet == NULL) {
return false;
return secfalse;
}
if (info->tx_buffer == NULL) {
return false;
return secfalse;
}
if (info->tx_packet == NULL) {
return false;
return secfalse;
}
// Interface association descriptor
@ -205,7 +205,7 @@ bool usb_vcp_add(const usb_vcp_info_t *info) {
iface->vcp.ep_in_is_idle = 1;
return true;
return sectrue;
}
static inline size_t ring_length(usb_rbuf_t *b) {
@ -220,32 +220,32 @@ static inline int ring_full(usb_rbuf_t *b) {
return ring_length(b) == b->cap;
}
bool usb_vcp_can_read(uint8_t iface_num) {
secbool usb_vcp_can_read(uint8_t iface_num) {
usb_iface_t *iface = usb_get_iface(iface_num);
if (iface == NULL) {
return false; // Invalid interface number
return secfalse; // Invalid interface number
}
if (iface->type != USB_IFACE_TYPE_VCP) {
return false; // Invalid interface type
return secfalse; // Invalid interface type
}
if (ring_empty(&iface->vcp.rx_ring)) {
return false; // Nothing in the rx buffer
return secfalse; // Nothing in the rx buffer
}
return true;
return sectrue;
}
bool usb_vcp_can_write(uint8_t iface_num) {
secbool usb_vcp_can_write(uint8_t iface_num) {
usb_iface_t *iface = usb_get_iface(iface_num);
if (iface == NULL) {
return false; // Invalid interface number
return secfalse; // Invalid interface number
}
if (iface->type != USB_IFACE_TYPE_VCP) {
return false; // Invalid interface type
return secfalse; // Invalid interface type
}
if (ring_full(&iface->vcp.tx_ring)) {
return false; // Tx ring buffer is full
return secfalse; // Tx ring buffer is full
}
return true;
return sectrue;
}
int usb_vcp_read(uint8_t iface_num, uint8_t *buf, uint32_t len) {

4
embed/unix/common.h
View File

@ -1,8 +1,10 @@
#ifndef __TREZORUNIX_COMMON_H__
#define __TREZORUNIX_COMMON_H__
#include "../trezorhal/secbool.h"
void __attribute__((noreturn)) __fatal_error(const char *expr, const char *msg, const char *file, int line, const char *func);
#define ensure(expr, msg) ((expr) ? (void)0 : __fatal_error(#expr, msg, __FILE__, __LINE__, __func__))
#define ensure(expr, msg) (((expr) == sectrue) ? (void)0 : __fatal_error(#expr, msg, __FILE__, __LINE__, __func__))
#endif