From 91a46d027789fa015c055a2780330837dac2c895 Mon Sep 17 00:00:00 2001 From: Andrew Kozlik Date: Mon, 8 Jul 2024 19:18:00 +0200 Subject: [PATCH] fixup! feat(core): Account for Optiga throttling delay in PIN countdown. --- core/SConscript.unix | 1 + core/embed/trezorhal/optiga.h | 2 +- core/embed/trezorhal/optiga/optiga.c | 2 +- core/embed/trezorhal/stm32f4/time_estimate.c | 28 ++++++++++++++++ core/embed/trezorhal/stm32u5/time_estimate.c | 1 + core/embed/trezorhal/time_estimate.h | 27 +++++++++++++++ core/embed/trezorhal/unix/optiga.c | 2 +- core/embed/trezorhal/unix/time_estimate.c | 25 ++++++++++++++ core/site_scons/models/stm32f4_common.py | 1 + core/site_scons/models/stm32u5_common.py | 1 + legacy/Makefile | 1 + legacy/Makefile.include | 1 - legacy/setup.c | 3 -- legacy/time_estimate.c | 35 ++++++++++++++++++++ legacy/time_estimate.h | 27 +++++++++++++++ storage/storage.c | 30 ++++++++--------- storage/tests/c/time_estimate.h | 30 +++++++++++++++++ 17 files changed, 193 insertions(+), 24 deletions(-) create mode 100644 core/embed/trezorhal/stm32f4/time_estimate.c create mode 120000 core/embed/trezorhal/stm32u5/time_estimate.c create mode 100644 core/embed/trezorhal/time_estimate.h create mode 100644 core/embed/trezorhal/unix/time_estimate.c create mode 100644 legacy/time_estimate.c create mode 100644 legacy/time_estimate.h create mode 100644 storage/tests/c/time_estimate.h diff --git a/core/SConscript.unix b/core/SConscript.unix index b98314393ab..7d5d28869ac 100644 --- a/core/SConscript.unix +++ b/core/SConscript.unix @@ -423,6 +423,7 @@ SOURCE_UNIX = [ 'embed/trezorhal/unix/flash.c', 'embed/trezorhal/unix/random_delays.c', 'embed/trezorhal/unix/rng.c', + 'embed/trezorhal/unix/time_estimate.c', 'embed/trezorhal/unix/usb.c', 'embed/unix/main_main.c', 'embed/unix/main.c', diff --git a/core/embed/trezorhal/optiga.h b/core/embed/trezorhal/optiga.h index c45cbe13630..b3a133a6297 100644 --- a/core/embed/trezorhal/optiga.h +++ b/core/embed/trezorhal/optiga.h @@ -64,7 +64,7 @@ bool __wur optiga_random_buffer(uint8_t *dest, size_t size); bool __wur optiga_pin_set(optiga_ui_progress_t ui_progress, uint8_t stretched_pin[OPTIGA_PIN_SECRET_SIZE]); -uint32_t optiga_estimate_time(storage_pin_op_t op); +uint32_t optiga_estimate_time_ms(storage_pin_op_t op); optiga_pin_result __wur optiga_pin_verify(optiga_ui_progress_t ui_progress, diff --git a/core/embed/trezorhal/optiga/optiga.c b/core/embed/trezorhal/optiga/optiga.c index 2b95f635e72..2189fc8dd92 100644 --- a/core/embed/trezorhal/optiga/optiga.c +++ b/core/embed/trezorhal/optiga/optiga.c @@ -190,7 +190,7 @@ void optiga_set_sec_max(void) { sizeof(invalid_point), buffer, sizeof(buffer), &size); } -uint32_t optiga_estimate_time(storage_pin_op_t op) { +uint32_t optiga_estimate_time_ms(storage_pin_op_t op) { uint8_t sec = 0; if (!optiga_read_sec(&sec)) { return UINT32_MAX; diff --git a/core/embed/trezorhal/stm32f4/time_estimate.c b/core/embed/trezorhal/stm32f4/time_estimate.c new file mode 100644 index 00000000000..99732ee900c --- /dev/null +++ b/core/embed/trezorhal/stm32f4/time_estimate.c @@ -0,0 +1,28 @@ +/* + * This file is part of the Trezor project, https://trezor.io/ + * + * Copyright (c) SatoshiLabs + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +#include "time_estimate.h" + +// The number of CPU cycles required to execute one iteration of PBKDF2. +#define PIN_PBKDF2_CYCLES_PER_ITER 11100 + +uint32_t time_estimate_pbkdf2_ms(uint32_t iterations) { + extern uint32_t SystemCoreClock; + return PIN_PBKDF2_CYCLES_PER_ITER * iterations / (SystemCoreClock / 1000); +} diff --git a/core/embed/trezorhal/stm32u5/time_estimate.c b/core/embed/trezorhal/stm32u5/time_estimate.c new file mode 120000 index 00000000000..5aeba450011 --- /dev/null +++ b/core/embed/trezorhal/stm32u5/time_estimate.c @@ -0,0 +1 @@ +../stm32f4/time_estimations.c \ No newline at end of file diff --git a/core/embed/trezorhal/time_estimate.h b/core/embed/trezorhal/time_estimate.h new file mode 100644 index 00000000000..68baa3098db --- /dev/null +++ b/core/embed/trezorhal/time_estimate.h @@ -0,0 +1,27 @@ +/* + * This file is part of the Trezor project, https://trezor.io/ + * + * Copyright (c) SatoshiLabs + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +#ifndef TREZORHAL_TIME_ESTIMATE_H +#define TREZORHAL_TIME_ESTIMATE_H + +#include + +uint32_t time_estimate_pbkdf2_ms(uint32_t iterations); + +#endif diff --git a/core/embed/trezorhal/unix/optiga.c b/core/embed/trezorhal/unix/optiga.c index aeb28bfe854..990702eee2b 100644 --- a/core/embed/trezorhal/unix/optiga.c +++ b/core/embed/trezorhal/unix/optiga.c @@ -90,7 +90,7 @@ bool optiga_read_sec(uint8_t *sec) { void optiga_set_sec_max(void) {} -uint32_t optiga_estimate_time(storage_pin_op_t op) { return 0; } +uint32_t optiga_estimate_time_ms(storage_pin_op_t op) { return 0; } bool optiga_random_buffer(uint8_t *dest, size_t size) { random_buffer(dest, size); diff --git a/core/embed/trezorhal/unix/time_estimate.c b/core/embed/trezorhal/unix/time_estimate.c new file mode 100644 index 00000000000..803121d28f6 --- /dev/null +++ b/core/embed/trezorhal/unix/time_estimate.c @@ -0,0 +1,25 @@ +/* + * This file is part of the Trezor project, https://trezor.io/ + * + * Copyright (c) SatoshiLabs + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +#include "time_estimate.h" + +uint32_t time_estimate_pbkdf2_ms(uint32_t iterations) { + (void)iterations; + return 500; +} diff --git a/core/site_scons/models/stm32f4_common.py b/core/site_scons/models/stm32f4_common.py index 03dc80ab9da..86032a51c1a 100644 --- a/core/site_scons/models/stm32f4_common.py +++ b/core/site_scons/models/stm32f4_common.py @@ -52,6 +52,7 @@ def stm32f4_common_files(env, defines, sources, paths): "embed/trezorhal/stm32f4/secret.c", "embed/trezorhal/stm32f4/systick.c", "embed/trezorhal/stm32f4/supervise.c", + "embed/trezorhal/stm32f4/time_estimate.c", "embed/trezorhal/stm32f4/random_delays.c", "embed/trezorhal/stm32f4/rng.c", "embed/trezorhal/stm32f4/vectortable.s", diff --git a/core/site_scons/models/stm32u5_common.py b/core/site_scons/models/stm32u5_common.py index 454e33ae07a..e2f2ae68517 100644 --- a/core/site_scons/models/stm32u5_common.py +++ b/core/site_scons/models/stm32u5_common.py @@ -66,6 +66,7 @@ def stm32u5_common_files(env, defines, sources, paths): "embed/trezorhal/stm32u5/random_delays.c", "embed/trezorhal/stm32u5/rng.c", "embed/trezorhal/stm32u5/tamper.c", + "embed/trezorhal/stm32f4/time_estimate.c", "embed/trezorhal/stm32u5/trustzone.c", "embed/trezorhal/stm32u5/vectortable.s", ] diff --git a/legacy/Makefile b/legacy/Makefile index d77354a04e9..0435a42d405 100644 --- a/legacy/Makefile +++ b/legacy/Makefile @@ -15,6 +15,7 @@ OBJS += oled.o OBJS += random_delays.o OBJS += rng.o OBJS += supervise.o +OBJS += time_estimate.o OBJS += usb21_standard.o OBJS += usb_standard.o OBJS += util.o diff --git a/legacy/Makefile.include b/legacy/Makefile.include index 6110545eb8e..c98ec6b28e0 100644 --- a/legacy/Makefile.include +++ b/legacy/Makefile.include @@ -106,7 +106,6 @@ CFLAGS += -DFLASH_BIT_ACCESS=1 ifeq ($(EMULATOR),1) CFLAGS += -DEMULATOR=1 -CFLAGS += -DTREZOR_EMULATOR CFLAGS += -DUSE_INSECURE_PRNG=1 CFLAGS += -include $(TOP_DIR)emulator/emulator.h diff --git a/legacy/setup.c b/legacy/setup.c index b90c5891866..1537c3fb1b8 100644 --- a/legacy/setup.c +++ b/legacy/setup.c @@ -31,9 +31,6 @@ uint32_t __stack_chk_guard; -// MCU clock 120 MHz -uint32_t SystemCoreClock = 120000000; - static inline void __attribute__((noreturn)) fault_handler(const char *line1) { layoutDialog(&bmp_icon_error, NULL, NULL, NULL, line1, "detected.", NULL, "Please unplug", "the device.", NULL); diff --git a/legacy/time_estimate.c b/legacy/time_estimate.c new file mode 100644 index 00000000000..d5efed7e7b9 --- /dev/null +++ b/legacy/time_estimate.c @@ -0,0 +1,35 @@ +/* + * This file is part of the Trezor project, https://trezor.io/ + * + * Copyright (c) SatoshiLabs + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +#include "time_estimate.h" + +// The number of CPU cycles required to execute one iteration of PBKDF2. +#define PIN_PBKDF2_CYCLES_PER_ITER 11100 + +// MCU clock 120 MHz +#define MCU_CLOCK 120000000 + +uint32_t time_estimate_pbkdf2_ms(uint32_t iterations) { +#if EMULATOR + (void)iterations; + return 500; +#else + return PIN_PBKDF2_CYCLES_PER_ITER * iterations / (MCU_CLOCK / 1000); +#endif +} diff --git a/legacy/time_estimate.h b/legacy/time_estimate.h new file mode 100644 index 00000000000..68baa3098db --- /dev/null +++ b/legacy/time_estimate.h @@ -0,0 +1,27 @@ +/* + * This file is part of the Trezor project, https://trezor.io/ + * + * Copyright (c) SatoshiLabs + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +#ifndef TREZORHAL_TIME_ESTIMATE_H +#define TREZORHAL_TIME_ESTIMATE_H + +#include + +uint32_t time_estimate_pbkdf2_ms(uint32_t iterations); + +#endif diff --git a/storage/storage.c b/storage/storage.c index c6419153b88..fe36b52e063 100644 --- a/storage/storage.c +++ b/storage/storage.c @@ -31,6 +31,7 @@ #include "sha2.h" #include "storage.h" #include "storage_utils.h" +#include "time_estimate.h" #if USE_OPTIGA #include "optiga.h" @@ -88,9 +89,6 @@ const uint32_t V0_PIN_EMPTY = 1; // The total number of iterations to use in PBKDF2. #define PIN_ITER_COUNT 20000 -// The number of CPU cycles required to execute PBKDF2. -#define PIN_PBKDF2_CYCLES 222000000 - // The minimum number of milliseconds between progress updates. #define MIN_PROGRESS_UPDATE_MS 100 @@ -448,32 +446,30 @@ static secbool is_not_wipe_code(const uint8_t *pin, size_t pin_len) { return sectrue; } -static uint32_t ui_estimate_time(storage_pin_op_t op) { -#ifdef TREZOR_EMULATOR - (void)op; - return 500; -#else +static uint32_t ui_estimate_time_ms(storage_pin_op_t op) { uint32_t time_ms = 0; #if USE_OPTIGA - time_ms += optiga_estimate_time(op); + time_ms += optiga_estimate_time_ms(op); #endif - extern uint32_t SystemCoreClock; - uint32_t pbkdf2_ms = PIN_PBKDF2_CYCLES / (SystemCoreClock / 1000); + + uint32_t pbkdf2_ms = time_estimate_pbkdf2_ms(PIN_ITER_COUNT); switch (op) { case STORAGE_PIN_OP_SET: - return time_ms + pbkdf2_ms; case STORAGE_PIN_OP_VERIFY: - return time_ms + pbkdf2_ms; + time_ms += pbkdf2_ms; + break; case STORAGE_PIN_OP_CHANGE: - return time_ms + 2 * pbkdf2_ms; + time_ms += 2 * pbkdf2_ms; + break; default: return 1; } -#endif + + return time_ms; } static void ui_progress_init(storage_pin_op_t op) { - ui_total = ui_estimate_time(op); + ui_total = ui_estimate_time_ms(op); ui_next_update = 0; } @@ -985,7 +981,7 @@ static secbool unlock(const uint8_t *pin, size_t pin_len, // In case of an upgrade from version 4 or earlier bump the total time of UI // progress to account for the set_pin() call in storage_upgrade_unlocked(). if (get_lock_version() <= 4) { - ui_progress_add(ui_estimate_time(STORAGE_PIN_OP_SET)); + ui_progress_add(ui_estimate_time_ms(STORAGE_PIN_OP_SET)); } // Now we can check for wipe code. diff --git a/storage/tests/c/time_estimate.h b/storage/tests/c/time_estimate.h new file mode 100644 index 00000000000..2e487b3ce71 --- /dev/null +++ b/storage/tests/c/time_estimate.h @@ -0,0 +1,30 @@ +/* + * This file is part of the Trezor project, https://trezor.io/ + * + * Copyright (c) SatoshiLabs + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +#ifndef TREZORHAL_TIME_ESTIMATE_H +#define TREZORHAL_TIME_ESTIMATE_H + +#include + +uint32_t time_estimate_pbkdf2_ms(uint32_t iterations) { + (void)iterations; + return 500; +} + +#endif