BTCPrivate
/
trezor-mcu
mirror of https://github.com/BTCPrivate/trezor-mcu.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

session: rework get_state

This commit is contained in:
Pavol Rusnak 2018-03-03 22:22:45 +01:00
parent 7834eaba26
commit e460c4fe17
No known key found for this signature in database
GPG Key ID: 91F3B339B9A02A3D
5 changed files with 25 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
firmware/fsm.c
View File

@ -234,9 +234,14 @@ void fsm_msgInitialize(Initialize *msg)
{ {
recovery_abort(); recovery_abort();
signing_abort(); signing_abort();
if (msg->has_state && msg->state.size == 64) { if (msg && msg->has_state && msg->state.size == 64) {
if (!session_compareState(msg->state.bytes)) { uint8_t i_state[64];
if (!session_getState(msg->state.bytes, i_state, NULL)) {
session_clear(false); // do not clear PIN session_clear(false); // do not clear PIN
} else {
if (0 != memcmp(msg->state.bytes, i_state, 64)) {
session_clear(false); // do not clear PIN
}
} }
} else { } else {
session_clear(false); // do not clear PIN session_clear(false); // do not clear PIN
@ -306,7 +311,6 @@ void fsm_msgGetFeatures(GetFeatures *msg)
resp->has_needs_backup = true; resp->needs_backup = storage_needsBackup(); resp->has_needs_backup = true; resp->needs_backup = storage_needsBackup();
resp->has_flags = true; resp->flags = storage_getFlags(); resp->has_flags = true; resp->flags = storage_getFlags();
resp->has_model = true; strlcpy(resp->model, "1", sizeof(resp->model)); resp->has_model = true; strlcpy(resp->model, "1", sizeof(resp->model));
resp->has_state = true; resp->state.size = 64; session_getState(NULL, resp->state.bytes);
msg_write(MessageType_MessageType_Features, resp); msg_write(MessageType_MessageType_Features, resp);
} }

3
firmware/protob/messages.options
View File

@ -10,7 +10,6 @@ Features.bootloader_hash max_size:32
Features.model max_size:17 Features.model max_size:17
Features.fw_vendor max_size:256 Features.fw_vendor max_size:256
Features.fw_vendor_keys max_size:32 Features.fw_vendor_keys max_size:32
Features.state max_size:64
ApplySettings.language max_size:17 ApplySettings.language max_size:17
ApplySettings.label max_size:33 ApplySettings.label max_size:33
@ -29,6 +28,8 @@ PinMatrixAck.pin max_size:10
PassphraseAck.passphrase max_size:51 PassphraseAck.passphrase max_size:51
PassphraseAck.state max_size:64 PassphraseAck.state max_size:64
PassphraseStateRequest.state max_size:64
Entropy.entropy max_size:1024 Entropy.entropy max_size:1024
GetPublicKey.address_n max_count:8 GetPublicKey.address_n max_count:8

47
firmware/storage.c
View File

@ -125,9 +125,6 @@ static bool sessionPinCached;
static bool sessionPassphraseCached; static bool sessionPassphraseCached;
static char CONFIDENTIAL sessionPassphrase[51]; static char CONFIDENTIAL sessionPassphrase[51];
static bool sessionStateSaltSet;
static uint8_t sessionStateSalt[32];
#define STORAGE_VERSION 9 #define STORAGE_VERSION 9
void storage_show_error(void) void storage_show_error(void)
@ -270,8 +267,6 @@ void session_clear(bool clear_pin)
memzero(&sessionSeed, sizeof(sessionSeed)); memzero(&sessionSeed, sizeof(sessionSeed));
sessionPassphraseCached = false; sessionPassphraseCached = false;
memzero(&sessionPassphrase, sizeof(sessionPassphrase)); memzero(&sessionPassphrase, sizeof(sessionPassphrase));
sessionStateSaltSet = false;
memzero(&sessionStateSalt, sizeof(sessionStateSalt));
if (clear_pin) { if (clear_pin) {
sessionPinCached = false; sessionPinCached = false;
} }
@ -715,45 +710,31 @@ bool session_isPassphraseCached(void)
return sessionPassphraseCached; return sessionPassphraseCached;
} }
void session_getState(const uint8_t *salt, uint8_t *state) bool session_getState(const uint8_t *salt, uint8_t *state, const char *passphrase)
{ {
if (!salt) { if (!passphrase && !sessionPassphraseCached) {
if (!sessionStateSaltSet) { return false;
// generate a random salt if not provided and not already cached
random_buffer(sessionStateSalt, 32);
}
} else { } else {
// otherwise copy provided salt to cached salt passphrase = sessionPassphrase;
memcpy(sessionStateSalt, salt, 32); }
if (!salt) {
// if salt is not provided fill the first half of the state with random data
random_buffer(state, 32);
} else {
// if salt is provided fill the first half of the state with salt
memcpy(state, salt, 32);
} }
sessionStateSaltSet = true;
// state[0:32] = salt // state[0:32] = salt
memcpy(state, sessionStateSalt, 32);
// state[32:64] = HMAC(passphrase, salt || device_id) // state[32:64] = HMAC(passphrase, salt || device_id)
HMAC_SHA256_CTX ctx; HMAC_SHA256_CTX ctx;
if (sessionPassphraseCached) { hmac_sha256_Init(&ctx, (const uint8_t *)passphrase, strlen(passphrase));
hmac_sha256_Init(&ctx, (const uint8_t *)sessionPassphrase, strlen(sessionPassphrase)); hmac_sha256_Update(&ctx, state, 32);
} else {
hmac_sha256_Init(&ctx, (const uint8_t *)"", 0);
}
hmac_sha256_Update(&ctx, sessionStateSalt, 32);
hmac_sha256_Update(&ctx, (const uint8_t *)storage_uuid, sizeof(storage_uuid)); hmac_sha256_Update(&ctx, (const uint8_t *)storage_uuid, sizeof(storage_uuid));
hmac_sha256_Final(&ctx, state + 32); hmac_sha256_Final(&ctx, state + 32);
memzero(&ctx, sizeof(ctx)); memzero(&ctx, sizeof(ctx));
}
bool session_compareState(const uint8_t *state) return true;
{
if (!state) {
return false;
}
uint8_t istate[64];
session_getState(state, istate);
return 0 == memcmp(state, istate, 64);
} }
void session_cachePin(void) void session_cachePin(void)

3
firmware/storage.h
View File

@ -103,8 +103,7 @@ void storage_setHomescreen(const uint8_t *data, uint32_t size);
void session_cachePassphrase(const char *passphrase); void session_cachePassphrase(const char *passphrase);
bool session_isPassphraseCached(void); bool session_isPassphraseCached(void);
void session_getState(const uint8_t *salt, uint8_t *state); bool session_getState(const uint8_t *salt, uint8_t *state, const char *passphrase);
bool session_compareState(const uint8_t *state);
void storage_setMnemonic(const char *mnemonic); void storage_setMnemonic(const char *mnemonic);
bool storage_containsMnemonic(const char *mnemonic); bool storage_containsMnemonic(const char *mnemonic);

2
vendor/trezor-common vendored

@ -1 +1 @@
Subproject commit d85f7ac6bbcccbc83012d85fdf25635e57c5f15b Subproject commit 0924bd6826bb63f66010e2e511356d54ea733df3