fixup! feat(core): Account for Optiga throttling delay in PIN countdown.

core/SConscript.unix

@@ -423,6 +423,7 @@ SOURCE_UNIX = [
     'embed/trezorhal/unix/flash.c',
     'embed/trezorhal/unix/random_delays.c',
     'embed/trezorhal/unix/rng.c',
+    'embed/trezorhal/unix/time_estimate.c',
     'embed/trezorhal/unix/usb.c',
     'embed/unix/main_main.c',
     'embed/unix/main.c',

core/embed/trezorhal/optiga.h

@@ -64,7 +64,7 @@ bool __wur optiga_random_buffer(uint8_t *dest, size_t size);
 bool __wur optiga_pin_set(optiga_ui_progress_t ui_progress,
                           uint8_t stretched_pin[OPTIGA_PIN_SECRET_SIZE]);
 
-uint32_t optiga_estimate_time(storage_pin_op_t op);
+uint32_t optiga_estimate_time_ms(storage_pin_op_t op);
 
 optiga_pin_result __wur
 optiga_pin_verify(optiga_ui_progress_t ui_progress,

core/embed/trezorhal/optiga/optiga.c

@@ -190,7 +190,7 @@ void optiga_set_sec_max(void) {
                    sizeof(invalid_point), buffer, sizeof(buffer), &size);
 }
 
-uint32_t optiga_estimate_time(storage_pin_op_t op) {
+uint32_t optiga_estimate_time_ms(storage_pin_op_t op) {
   uint8_t sec = 0;
   if (!optiga_read_sec(&sec)) {
     return UINT32_MAX;

core/embed/trezorhal/stm32f4/time_estimate.c

@@ -0,0 +1,28 @@
+/*
+ * This file is part of the Trezor project, https://trezor.io/
+ *
+ * Copyright (c) SatoshiLabs
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "time_estimate.h"
+
+// The number of CPU cycles required to execute one iteration of PBKDF2.
+#define PIN_PBKDF2_CYCLES_PER_ITER 11100
+
+uint32_t time_estimate_pbkdf2_ms(uint32_t iterations) {
+  extern uint32_t SystemCoreClock;
+  return PIN_PBKDF2_CYCLES_PER_ITER * iterations / (SystemCoreClock / 1000);
+}

core/embed/trezorhal/stm32u5/time_estimate.c

@@ -0,0 +1 @@
+../stm32f4/time_estimations.c

core/embed/trezorhal/time_estimate.h

@@ -0,0 +1,27 @@
+/*
+ * This file is part of the Trezor project, https://trezor.io/
+ *
+ * Copyright (c) SatoshiLabs
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef TREZORHAL_TIME_ESTIMATE_H
+#define TREZORHAL_TIME_ESTIMATE_H
+
+#include <stdint.h>
+
+uint32_t time_estimate_pbkdf2_ms(uint32_t iterations);
+
+#endif

core/embed/trezorhal/unix/optiga.c

@@ -90,7 +90,7 @@ bool optiga_read_sec(uint8_t *sec) {
 
 void optiga_set_sec_max(void) {}
 
-uint32_t optiga_estimate_time(storage_pin_op_t op) { return 0; }
+uint32_t optiga_estimate_time_ms(storage_pin_op_t op) { return 0; }
 
 bool optiga_random_buffer(uint8_t *dest, size_t size) {
   random_buffer(dest, size);

core/embed/trezorhal/unix/time_estimate.c

@@ -0,0 +1,25 @@
+/*
+ * This file is part of the Trezor project, https://trezor.io/
+ *
+ * Copyright (c) SatoshiLabs
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "time_estimate.h"
+
+uint32_t time_estimate_pbkdf2_ms(uint32_t iterations) {
+  (void)iterations;
+  return 500;
+}

core/site_scons/models/stm32f4_common.py

@@ -52,6 +52,7 @@ def stm32f4_common_files(env, defines, sources, paths):
         "embed/trezorhal/stm32f4/secret.c",
         "embed/trezorhal/stm32f4/systick.c",
         "embed/trezorhal/stm32f4/supervise.c",
+        "embed/trezorhal/stm32f4/time_estimate.c",
         "embed/trezorhal/stm32f4/random_delays.c",
         "embed/trezorhal/stm32f4/rng.c",
         "embed/trezorhal/stm32f4/vectortable.s",

core/site_scons/models/stm32u5_common.py

@@ -66,6 +66,7 @@ def stm32u5_common_files(env, defines, sources, paths):
         "embed/trezorhal/stm32u5/random_delays.c",
         "embed/trezorhal/stm32u5/rng.c",
         "embed/trezorhal/stm32u5/tamper.c",
+        "embed/trezorhal/stm32f4/time_estimate.c",
         "embed/trezorhal/stm32u5/trustzone.c",
         "embed/trezorhal/stm32u5/vectortable.s",
     ]

legacy/Makefile

@@ -15,6 +15,7 @@ OBJS += oled.o
 OBJS += random_delays.o
 OBJS += rng.o
 OBJS += supervise.o
+OBJS += time_estimate.o
 OBJS += usb21_standard.o
 OBJS += usb_standard.o
 OBJS += util.o

legacy/Makefile.include

@@ -106,7 +106,6 @@ CFLAGS   += -DFLASH_BIT_ACCESS=1
 
 ifeq ($(EMULATOR),1)
 CFLAGS   += -DEMULATOR=1
-CFLAGS   += -DTREZOR_EMULATOR
 CFLAGS   += -DUSE_INSECURE_PRNG=1
 
 CFLAGS   += -include $(TOP_DIR)emulator/emulator.h

legacy/setup.c

@@ -31,9 +31,6 @@
 
 uint32_t __stack_chk_guard;
 
-// MCU clock 120 MHz
-uint32_t SystemCoreClock = 120000000;
-
 static inline void __attribute__((noreturn)) fault_handler(const char *line1) {
   layoutDialog(&bmp_icon_error, NULL, NULL, NULL, line1, "detected.", NULL,
                "Please unplug", "the device.", NULL);

legacy/time_estimate.c

@@ -0,0 +1,35 @@
+/*
+ * This file is part of the Trezor project, https://trezor.io/
+ *
+ * Copyright (c) SatoshiLabs
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "time_estimate.h"
+
+// The number of CPU cycles required to execute one iteration of PBKDF2.
+#define PIN_PBKDF2_CYCLES_PER_ITER 11100
+
+// MCU clock 120 MHz
+#define MCU_CLOCK 120000000
+
+uint32_t time_estimate_pbkdf2_ms(uint32_t iterations) {
+#if EMULATOR
+  (void)iterations;
+  return 500;
+#else
+  return PIN_PBKDF2_CYCLES_PER_ITER * iterations / (MCU_CLOCK / 1000);
+#endif
+}

legacy/time_estimate.h

@@ -0,0 +1,27 @@
+/*
+ * This file is part of the Trezor project, https://trezor.io/
+ *
+ * Copyright (c) SatoshiLabs
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef TREZORHAL_TIME_ESTIMATE_H
+#define TREZORHAL_TIME_ESTIMATE_H
+
+#include <stdint.h>
+
+uint32_t time_estimate_pbkdf2_ms(uint32_t iterations);
+
+#endif

storage/storage.c

@@ -31,6 +31,7 @@
 #include "sha2.h"
 #include "storage.h"
 #include "storage_utils.h"
+#include "time_estimate.h"
 
 #if USE_OPTIGA
 #include "optiga.h"
@@ -88,9 +89,6 @@ const uint32_t V0_PIN_EMPTY = 1;
 // The total number of iterations to use in PBKDF2.
 #define PIN_ITER_COUNT 20000
 
-// The number of CPU cycles required to execute PBKDF2.
-#define PIN_PBKDF2_CYCLES 222000000
-
 // The minimum number of milliseconds between progress updates.
 #define MIN_PROGRESS_UPDATE_MS 100
 
@@ -448,32 +446,30 @@ static secbool is_not_wipe_code(const uint8_t *pin, size_t pin_len) {
   return sectrue;
 }
 
-static uint32_t ui_estimate_time(storage_pin_op_t op) {
-#ifdef TREZOR_EMULATOR
-  (void)op;
-  return 500;
-#else
+static uint32_t ui_estimate_time_ms(storage_pin_op_t op) {
   uint32_t time_ms = 0;
 #if USE_OPTIGA
-  time_ms += optiga_estimate_time(op);
+  time_ms += optiga_estimate_time_ms(op);
 #endif
-  extern uint32_t SystemCoreClock;
-  uint32_t pbkdf2_ms = PIN_PBKDF2_CYCLES / (SystemCoreClock / 1000);
+
+  uint32_t pbkdf2_ms = time_estimate_pbkdf2_ms(PIN_ITER_COUNT);
   switch (op) {
     case STORAGE_PIN_OP_SET:
-      return time_ms + pbkdf2_ms;
     case STORAGE_PIN_OP_VERIFY:
-      return time_ms + pbkdf2_ms;
+      time_ms += pbkdf2_ms;
+      break;
     case STORAGE_PIN_OP_CHANGE:
-      return time_ms + 2 * pbkdf2_ms;
+      time_ms += 2 * pbkdf2_ms;
+      break;
     default:
       return 1;
   }
-#endif
+
+  return time_ms;
 }
 
 static void ui_progress_init(storage_pin_op_t op) {
-  ui_total = ui_estimate_time(op);
+  ui_total = ui_estimate_time_ms(op);
   ui_next_update = 0;
 }
 
@@ -985,7 +981,7 @@ static secbool unlock(const uint8_t *pin, size_t pin_len,
   // In case of an upgrade from version 4 or earlier bump the total time of UI
   // progress to account for the set_pin() call in storage_upgrade_unlocked().
   if (get_lock_version() <= 4) {
-    ui_progress_add(ui_estimate_time(STORAGE_PIN_OP_SET));
+    ui_progress_add(ui_estimate_time_ms(STORAGE_PIN_OP_SET));
   }
 
   // Now we can check for wipe code.

storage/tests/c/time_estimate.h

@@ -0,0 +1,30 @@
+/*
+ * This file is part of the Trezor project, https://trezor.io/
+ *
+ * Copyright (c) SatoshiLabs
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef TREZORHAL_TIME_ESTIMATE_H
+#define TREZORHAL_TIME_ESTIMATE_H
+
+#include <stdint.h>
+
+uint32_t time_estimate_pbkdf2_ms(uint32_t iterations) {
+  (void)iterations;
+  return 500;
+}
+
+#endif