1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-11-27 01:48:17 +00:00
trezor-firmware/firmware/protect.c
Jochen Hoenicke da98a3a6fd Don't reflash storage after each PIN entry
Instead of reflashing the whole storage, we use a designated area
in the second storage block, where we mark each PIN failure by a
single zero bit. This is because one can set bits in flash to zero but
not to one.  If the PIN was entered successfully the whole word is
set to zero and the next word stores the new PIN failure counter.
2016-04-27 18:39:04 +02:00

243 lines
6.1 KiB
C

/*
* This file is part of the TREZOR project.
*
* Copyright (C) 2014 Pavol Rusnak <stick@satoshilabs.com>
*
* This library is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this library. If not, see <http://www.gnu.org/licenses/>.
*/
#include "protect.h"
#include "storage.h"
#include "messages.h"
#include "usb.h"
#include "oled.h"
#include "buttons.h"
#include "pinmatrix.h"
#include "fsm.h"
#include "layout2.h"
#include "util.h"
#include "debug.h"
bool protectAbortedByInitialize = false;
bool protectButton(ButtonRequestType type, bool confirm_only)
{
ButtonRequest resp;
bool result = false;
bool acked = false;
#if DEBUG_LINK
bool debug_decided = false;
#endif
memset(&resp, 0, sizeof(ButtonRequest));
resp.has_code = true;
resp.code = type;
usbTiny(1);
msg_write(MessageType_MessageType_ButtonRequest, &resp);
for (;;) {
usbPoll();
// check for ButtonAck
if (msg_tiny_id == MessageType_MessageType_ButtonAck) {
msg_tiny_id = 0xFFFF;
acked = true;
}
// button acked - check buttons
if (acked) {
usbDelay(3500);
buttonUpdate();
if (button.YesUp) {
result = true;
break;
}
if (!confirm_only && button.NoUp) {
result = false;
break;
}
}
// check for Cancel / Initialize
if (msg_tiny_id == MessageType_MessageType_Cancel || msg_tiny_id == MessageType_MessageType_Initialize) {
if (msg_tiny_id == MessageType_MessageType_Initialize) {
protectAbortedByInitialize = true;
}
msg_tiny_id = 0xFFFF;
result = false;
break;
}
#if DEBUG_LINK
// check DebugLink
if (msg_tiny_id == MessageType_MessageType_DebugLinkDecision) {
msg_tiny_id = 0xFFFF;
DebugLinkDecision *dld = (DebugLinkDecision *)msg_tiny;
result = dld->yes_no;
debug_decided = true;
}
if (acked && debug_decided) {
break;
}
if (msg_tiny_id == MessageType_MessageType_DebugLinkGetState) {
msg_tiny_id = 0xFFFF;
fsm_msgDebugLinkGetState((DebugLinkGetState *)msg_tiny);
}
#endif
}
usbTiny(0);
return result;
}
const char *requestPin(PinMatrixRequestType type, const char *text)
{
PinMatrixRequest resp;
memset(&resp, 0, sizeof(PinMatrixRequest));
resp.has_type = true;
resp.type = type;
usbTiny(1);
msg_write(MessageType_MessageType_PinMatrixRequest, &resp);
pinmatrix_start(text);
for (;;) {
usbPoll();
if (msg_tiny_id == MessageType_MessageType_PinMatrixAck) {
msg_tiny_id = 0xFFFF;
PinMatrixAck *pma = (PinMatrixAck *)msg_tiny;
pinmatrix_done(pma->pin); // convert via pinmatrix
usbTiny(0);
return pma->pin;
}
if (msg_tiny_id == MessageType_MessageType_Cancel || msg_tiny_id == MessageType_MessageType_Initialize) {
pinmatrix_done(0);
if (msg_tiny_id == MessageType_MessageType_Initialize) {
protectAbortedByInitialize = true;
}
msg_tiny_id = 0xFFFF;
usbTiny(0);
return 0;
}
#if DEBUG_LINK
if (msg_tiny_id == MessageType_MessageType_DebugLinkGetState) {
msg_tiny_id = 0xFFFF;
fsm_msgDebugLinkGetState((DebugLinkGetState *)msg_tiny);
}
#endif
}
}
bool protectPin(bool use_cached)
{
if (!storage.has_pin || storage.pin[0] == 0 || (use_cached && session_isPinCached())) {
return true;
}
uint32_t *fails = storage_getPinFailsPtr();
uint32_t wait = ~*fails;
while (wait > 0) {
// convert wait to secstr string
char secstrbuf[20];
strlcpy(secstrbuf, "________0 seconds", sizeof(secstrbuf));
char *secstr = secstrbuf + 9;
uint32_t secs = wait;
while (secs > 0 && secstr >= secstrbuf) {
secstr--;
*secstr = (secs % 10) + '0';
secs /= 10;
}
if (wait == 1) {
secstrbuf[16] = 0;
}
layoutDialog(DIALOG_ICON_INFO, NULL, NULL, NULL, "Wrong PIN entered", NULL, "Please wait", secstr, "to continue ...", NULL);
// wait one second
usbDelay(840000);
wait--;
}
const char *pin;
pin = requestPin(PinMatrixRequestType_PinMatrixRequestType_Current, "Please enter current PIN:");
if (!pin) {
fsm_sendFailure(FailureType_Failure_PinCancelled, "PIN Cancelled");
return false;
}
if (storage_increasePinFails(fails) && storage_isPinCorrect(pin)) {
session_cachePin();
storage_resetPinFails(fails);
return true;
} else {
fsm_sendFailure(FailureType_Failure_PinInvalid, "Invalid PIN");
return false;
}
}
bool protectChangePin(void)
{
const char *pin;
char pin1[17], pin2[17];
pin = requestPin(PinMatrixRequestType_PinMatrixRequestType_NewFirst, "Please enter new PIN:");
if (!pin) {
return false;
}
strlcpy(pin1, pin, sizeof(pin1));
pin = requestPin(PinMatrixRequestType_PinMatrixRequestType_NewSecond, "Please re-enter new PIN:");
if (!pin) {
return false;
}
strlcpy(pin2, pin, sizeof(pin2));
if (strcmp(pin1, pin2) == 0) {
storage_setPin(pin1);
return true;
} else {
return false;
}
}
bool protectPassphrase(void)
{
if (!storage.has_passphrase_protection || !storage.passphrase_protection || session_isPassphraseCached()) {
return true;
}
PassphraseRequest resp;
memset(&resp, 0, sizeof(PassphraseRequest));
usbTiny(1);
msg_write(MessageType_MessageType_PassphraseRequest, &resp);
layoutDialogSwipe(DIALOG_ICON_INFO, NULL, NULL, NULL, "Please enter your", "passphrase using", "the computer's", "keyboard.", NULL, NULL);
bool result;
for (;;) {
usbPoll();
if (msg_tiny_id == MessageType_MessageType_PassphraseAck) {
msg_tiny_id = 0xFFFF;
PassphraseAck *ppa = (PassphraseAck *)msg_tiny;
session_cachePassphrase(ppa->passphrase);
result = true;
break;
}
if (msg_tiny_id == MessageType_MessageType_Cancel || msg_tiny_id == MessageType_MessageType_Initialize) {
if (msg_tiny_id == MessageType_MessageType_Initialize) {
protectAbortedByInitialize = true;
}
msg_tiny_id = 0xFFFF;
result = false;
break;
}
}
usbTiny(0);
layoutHome();
return result;
}