1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-01-10 23:40:58 +00:00
Commit Graph

35 Commits

Author SHA1 Message Date
Pavol Rusnak
a685462ee5
firmware: refactor last change in protect.c 2018-06-06 14:45:50 +02:00
Pavol Rusnak
df0bad4f09
firmware: introduce protectAbortedByCancel 2018-06-05 22:38:39 +02:00
Jochen Hoenicke
0127c1a374 Add function storage_getPinWait 2018-03-29 01:16:46 +02:00
Jochen Hoenicke
c09590b54d Cleaner flash handling using FLASH_PTR
Use `FLASH_PTR` macro to convert a flash address to a const pointer.
For real hardware it is just a cast, for emulator we subtract the
`FLASH_ORIGIN` and use it as index into the memory mapped flash file.

Make write access to flash with volatile pointers

Also use FLASH_PTR in DebugMemory* for now.  This allows for reading and
writing the flash in the emulator or just crash it by reading outside
the flash...
2018-03-29 01:16:46 +02:00
Pavol Rusnak
7834eaba26
protect: passphrase is optional 2018-02-27 15:41:02 +01:00
Pavol Rusnak
7fa8ae136f
firmware: implement behaviour of state (still missing in PassphraseAck) 2018-02-24 17:26:57 +01:00
Pavol Rusnak
bd660655ee
introduce and use memzero instead of explicit_bzero 2018-01-18 15:21:48 +01:00
Pavol Rusnak
4a2d68acb9
use explicit_bzero where possible; update trezor-crypto 2018-01-16 19:49:47 +01:00
Pavol Rusnak
f22c849767 storage: rework storage_commit into storage_update 2017-12-12 16:28:42 +01:00
Pavol Rusnak
57bbcc754a storage: make storage accessible only via functions
add calls also for debug build and use them in fsm
2017-12-12 16:28:42 +01:00
Pavol Rusnak
41901a8056 firmware: rework protectChangePin
bootloader: wait for flash operation to finish
2017-12-12 12:51:08 +01:00
Pavol Rusnak
18d8cb3c56
add project website (trezor.io) to license header 2017-11-05 17:47:23 +01:00
Jochen Hoenicke
33ed08ec32 Fix check for max try and add another check before 2017-07-31 13:13:49 +02:00
Pavol Rusnak
45ca9bd583
protect: change wording 2017-07-31 02:35:53 +02:00
Pavol Rusnak
c778d7b9c3
storage: wipe storage after 15 wrong pins 2017-07-31 02:26:28 +02:00
Pavol Rusnak
73708aa47e
refactor recovery.is_same_mnemonic function to storage_containsMnemonic 2017-06-26 15:44:01 +02:00
Pavol Rusnak
c6fd70b471
gettext: mark localizable strings as proof-of-concept 2017-06-18 22:47:32 +02:00
Pavol Rusnak
00f6312a81
rename failures, unify strings where possible 2017-06-18 21:19:21 +02:00
Saleem Rashid
25b9bfd97b timer: Use Cortex-M3 SysTick timers
Removed `usbDelay(uint32_t cycles)`, added `usbSleep(uint32_t millis)`

The same method signature could cause silent code breakage at runtime,
as opposed to noisy code breakage at compile time which is the better
kind.
2016-11-17 02:07:46 +01:00
Pavol Rusnak
5e57a1ceaf
Merge branch 'u2f' 2016-06-12 22:53:28 +02:00
Pavol Rusnak
b1e3c52b08
remove DialogIcon enum, use bitmap structure directly 2016-06-08 19:20:07 +02:00
Jochen Hoenicke
73e7d82e3f Allow initialize() to abort PIN wait 2016-05-28 16:24:14 +02:00
Jochen Hoenicke
053fe7cb66 Remove Cancel Option
U2F doesn't allow cancellation on device.

Also fix button state in protect.  This fixes the following bug:
1. wipe device
2. press and hold right button, click left button to cancel.
3. release all buttons.
4. wipe device again, now automatic.
2016-05-24 01:59:37 +02:00
Jochen Hoenicke
68b34af19e More standard conform behaviour
Tested with u2f-ref-code/u2f-tests.
Known incompatibility:
 - changed challenge invalidates button press.
2016-05-24 01:16:55 +02:00
Jochen Hoenicke
da98a3a6fd Don't reflash storage after each PIN entry
Instead of reflashing the whole storage, we use a designated area
in the second storage block, where we mark each PIN failure by a
single zero bit. This is because one can set bits in flash to zero but
not to one.  If the PIN was entered successfully the whole word is
set to zero and the next word stores the new PIN failure counter.
2016-04-27 18:39:04 +02:00
Jochen Hoenicke
218b9984bb New usbDelay that delays and handles USB requests
Added usbDelay that polls usb port (for system requests) while delaying.
This is called instead of delay in the button and pin delay functions.
Experimental evaluation gave that the cycle count should be roughly divided
by 28.5.
2015-04-29 19:10:48 +02:00
Pavol Rusnak
7d8fb375f0 seconds counter during pin lockdown 2015-04-16 18:16:30 +02:00
Jochen Hoenicke
286ee0525c PIN handling - constant time.
This diff contains three changes.
1. Make timing isPinCorrect independent of storage.pin, to avoid timing attacks
2. Only update failed PIN counter if the user entered a PIN.
   Of course, the fail counter is still incremented, before the PIN is checked.
3. Don't cache the PIN, but just the fact that the PIN was entered.  The
   cache should be in sync with storage.pin in any case.
2015-02-22 15:42:31 +01:00
Pavol Rusnak
40efefc571 rework pin handling 2015-01-27 13:00:25 +01:00
Pavol Rusnak
012d38a9a0 increasePinFails before asking PIN 2015-01-26 21:41:43 +01:00
Pavol Rusnak
849e758eb4 double the delay before buttonupdate 2014-06-26 00:26:47 +02:00
Pavol Rusnak
465ec2104b throw UnexpectedMessage failure on unknown messages 2014-06-06 02:45:15 +02:00
Pavol Rusnak
2b68813a4c adjust script_sig size for use with multisig
adjust delays used when wrong pin is entered
2014-06-04 18:00:35 +02:00
Pavol Rusnak
d7169a342c fix initialize handling in interactive mode 2014-05-20 15:37:58 +02:00
Pavol Rusnak
0d0a1ab5f2 import v1.0.0 2014-04-29 14:38:32 +02:00