Merge 394fe37 into 107db64

.github/actions-rs/grcov.yml

@@ -0,0 +1,9 @@
+branch: true
+ignore-not-existing: true
+llvm: true
+filter: covered
+output-type: lcov
+output-path: ./lcov.info
+ignore:
+  - "third_party/*"
+  - "/*"

.github/workflows/coveralls.yml

@@ -0,0 +1,52 @@
+---
+name: OpenSK code coverage report
+on:
+  push:
+    paths:
+      - 'src/**/*.rs'
+      - 'libraries/**/*.rs'
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+jobs:
+  coveralls:
+    name: OpenSK code coverage
+    runs-on: ubuntu-18.04
+
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          submodules: "true"
+      - uses: actions-rs/toolchain@v1
+        with:
+          target: thumbv7em-none-eabi
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: nightly
+          override: true
+      - name: Install grcov
+        run: if [[ ! -e ~/.cargo/bin/grcov ]]; then cargo +nightly install grcov; fi
+      - uses: actions/setup-python@v1
+        with:
+          python-version: 3.7
+      - name: Install Python dependencies
+        run: python -m pip install --upgrade pip setuptools wheel
+      - name: Set up OpenSK
+        run: ./setup.sh
+
+      - uses: actions-rs/cargo@v1
+        with:
+          command: test
+          args: --features "with_ctap1,with_nfc,std" --no-fail-fast
+        env:
+          CARGO_INCREMENTAL: '0'
+          RUSTFLAGS: '-Zprofile -Ccodegen-units=1 -Cinline-threshold=0 -Coverflow-checks=off -Cpanic=abort -Zpanic_abort_tests'
+          RUSTDOCFLAGS: '-Zprofile -Ccodegen-units=1 -Cinline-threshold=0 -Coverflow-checks=off -Cpanic=abort -Zpanic_abort_tests'
+      - uses: actions-rs/grcov@v0.1.5
+        id: coverage
+      - uses: coverallsapp/github-action@1.1.3
+        name: upload report to coveralls
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          path-to-lcov: ${{ steps.coverage.outputs.report }}
+

Cargo.toml

@@ -31,7 +31,6 @@ with_ctap2_1 = []
 with_nfc = ["libtock_drivers/with_nfc"]
 
 [dev-dependencies]
-elf2tab = "0.6.0"
 enum-iterator = "0.6.0"
 
 [build-dependencies]

README.md

@@ -1,9 +1,10 @@
 # <img alt="OpenSK logo" src="docs/img/OpenSK.svg" width="200px">
 
-![markdownlint](https://github.com/google/OpenSK/workflows/markdownlint/badge.svg?branch=master)
-![pylint](https://github.com/google/OpenSK/workflows/pylint/badge.svg?branch=master)
-![Cargo check](https://github.com/google/OpenSK/workflows/Cargo%20check/badge.svg?branch=master)
-![Cargo format](https://github.com/google/OpenSK/workflows/Cargo%20format/badge.svg?branch=master)
+![markdownlint](https://github.com/google/OpenSK/workflows/markdownlint/badge.svg?branch=stable)
+![pylint](https://github.com/google/OpenSK/workflows/pylint/badge.svg?branch=stable)
+![Cargo check](https://github.com/google/OpenSK/workflows/Cargo%20check/badge.svg?branch=stable)
+![Cargo format](https://github.com/google/OpenSK/workflows/Cargo%20format/badge.svg?branch=stable)
+[![Coverage Status](https://coveralls.io/repos/github/google/OpenSK/badge.svg?branch=stable)](https://coveralls.io/github/google/OpenSK?branch=stable)
 
 ## OpenSK
 
@@ -201,3 +202,7 @@ cargo run --manifest-path tools/heapviz/Cargo.toml -- --logfile console.log --fp
 ## Contributing
 
 See [Contributing.md](docs/contributing.md).
+
+## Reporting a Vulnerability
+
+See [SECURITY.md](SECURITY.md).

SECURITY.md

@@ -0,0 +1,4 @@
+To report a security issue, please use http://g.co/vulnz. We use
+http://g.co/vulnz for our intake, and do coordination and disclosure here on
+GitHub (including using GitHub Security Advisory). The Google Security Team will
+respond within 5 working days of your report on g.co/vulnz.

deploy.py

@@ -308,7 +308,7 @@ def checked_command_output(self, cmd, env=None, cwd=None):
 
   def update_rustc_if_needed(self):
     target_toolchain_fullstring = "stable"
-    with open("rust-toolchain", "r") as f:
+    with open("rust-toolchain", "r", encoding="utf-8") as f:
       target_toolchain_fullstring = f.readline().strip()
     target_toolchain = target_toolchain_fullstring.split("-", maxsplit=1)
     if len(target_toolchain) == 1:
@@ -951,7 +951,16 @@ def main(args):
       dest="application",
       action="store_const",
       const="store_latency",
-      help=("Compiles and installs the store_latency example."))
+      help=("Compiles and installs the store_latency example which print "
+            "latency statistics of the persistent store library."))
+  apps_group.add_argument(
+      "--erase_storage",
+      dest="application",
+      action="store_const",
+      const="erase_storage",
+      help=("Compiles and installs the erase_storage example which erases "
+            "the storage. During operation the dongle red light is on. Once "
+            "the operation is completed the dongle green light is on."))
   apps_group.add_argument(
       "--panic_test",
       dest="application",

examples/erase_storage.rs

@@ -0,0 +1,53 @@
+// Copyright 2020 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#![no_std]
+
+extern crate lang_items;
+
+use core::fmt::Write;
+use ctap2::embedded_flash::new_storage;
+use libtock_drivers::console::Console;
+use libtock_drivers::led;
+use libtock_drivers::result::FlexUnwrap;
+use persistent_store::{Storage, StorageIndex};
+
+fn is_page_erased(storage: &dyn Storage, page: usize) -> bool {
+    let index = StorageIndex { page, byte: 0 };
+    let length = storage.page_size();
+    storage
+        .read_slice(index, length)
+        .unwrap()
+        .iter()
+        .all(|&x| x == 0xff)
+}
+
+fn main() {
+    led::get(1).flex_unwrap().on().flex_unwrap(); // red on dongle
+    const NUM_PAGES: usize = 20; // should be at least ctap::storage::NUM_PAGES
+    let mut storage = new_storage(NUM_PAGES);
+    writeln!(Console::new(), "Erase {} pages of storage:", NUM_PAGES).unwrap();
+    for page in 0..NUM_PAGES {
+        write!(Console::new(), "- Page {} ", page).unwrap();
+        if is_page_erased(&storage, page) {
+            writeln!(Console::new(), "skipped (was already erased).").unwrap();
+        } else {
+            storage.erase_page(page).unwrap();
+            writeln!(Console::new(), "erased.").unwrap();
+        }
+    }
+    writeln!(Console::new(), "Done.").unwrap();
+    led::get(1).flex_unwrap().off().flex_unwrap();
+    led::get(0).flex_unwrap().on().flex_unwrap(); // green on dongle
+}

fuzzing_setup.sh

@@ -20,4 +20,4 @@ done_text="$(tput bold)DONE.$(tput sgr0)"
 set -e
 
 # Install cargo-fuzz library.
-cargo install cargo-fuzz
+cargo +stable install cargo-fuzz

libraries/persistent_store/src/format.rs

@@ -335,12 +335,12 @@ impl Format {
     }
 
     /// Builds the storage representation of an init info.
-    pub fn build_init(&self, init: InitInfo) -> WordSlice {
+    pub fn build_init(&self, init: InitInfo) -> StoreResult<WordSlice> {
         let mut word = ERASED_WORD;
-        INIT_CYCLE.set(&mut word, init.cycle);
-        INIT_PREFIX.set(&mut word, init.prefix);
-        WORD_CHECKSUM.set(&mut word, 0);
-        word.as_slice()
+        INIT_CYCLE.set(&mut word, init.cycle)?;
+        INIT_PREFIX.set(&mut word, init.prefix)?;
+        WORD_CHECKSUM.set(&mut word, 0)?;
+        Ok(word.as_slice())
     }
 
     /// Returns the storage index of the compact info of a page.
@@ -368,36 +368,36 @@ impl Format {
     }
 
     /// Builds the storage representation of a compact info.
-    pub fn build_compact(&self, compact: CompactInfo) -> WordSlice {
+    pub fn build_compact(&self, compact: CompactInfo) -> StoreResult<WordSlice> {
         let mut word = ERASED_WORD;
-        COMPACT_TAIL.set(&mut word, compact.tail);
-        WORD_CHECKSUM.set(&mut word, 0);
-        word.as_slice()
+        COMPACT_TAIL.set(&mut word, compact.tail)?;
+        WORD_CHECKSUM.set(&mut word, 0)?;
+        Ok(word.as_slice())
     }
 
     /// Builds the storage representation of an internal entry.
-    pub fn build_internal(&self, internal: InternalEntry) -> WordSlice {
+    pub fn build_internal(&self, internal: InternalEntry) -> StoreResult<WordSlice> {
         let mut word = ERASED_WORD;
         match internal {
             InternalEntry::Erase { page } => {
-                ID_ERASE.set(&mut word);
-                ERASE_PAGE.set(&mut word, page);
+                ID_ERASE.set(&mut word)?;
+                ERASE_PAGE.set(&mut word, page)?;
             }
             InternalEntry::Clear { min_key } => {
-                ID_CLEAR.set(&mut word);
-                CLEAR_MIN_KEY.set(&mut word, min_key);
+                ID_CLEAR.set(&mut word)?;
+                CLEAR_MIN_KEY.set(&mut word, min_key)?;
             }
             InternalEntry::Marker { count } => {
-                ID_MARKER.set(&mut word);
-                MARKER_COUNT.set(&mut word, count);
+                ID_MARKER.set(&mut word)?;
+                MARKER_COUNT.set(&mut word, count)?;
             }
             InternalEntry::Remove { key } => {
-                ID_REMOVE.set(&mut word);
-                REMOVE_KEY.set(&mut word, key);
+                ID_REMOVE.set(&mut word)?;
+                REMOVE_KEY.set(&mut word, key)?;
             }
         }
-        WORD_CHECKSUM.set(&mut word, 0);
-        word.as_slice()
+        WORD_CHECKSUM.set(&mut word, 0)?;
+        Ok(word.as_slice())
     }
 
     /// Parses the first word of an entry from its storage representation.
@@ -459,31 +459,31 @@ impl Format {
     }
 
     /// Builds the storage representation of a user entry.
-    pub fn build_user(&self, key: Nat, value: &[u8]) -> Vec<u8> {
+    pub fn build_user(&self, key: Nat, value: &[u8]) -> StoreResult<Vec<u8>> {
         let length = usize_to_nat(value.len());
         let word_size = self.word_size();
         let footer = self.bytes_to_words(length);
         let mut result = vec![0xff; ((1 + footer) * word_size) as usize];
         result[word_size as usize..][..length as usize].copy_from_slice(value);
         let mut word = ERASED_WORD;
-        ID_HEADER.set(&mut word);
+        ID_HEADER.set(&mut word)?;
         if footer > 0 && is_erased(&result[(footer * word_size) as usize..]) {
             HEADER_FLIPPED.set(&mut word);
             *result.last_mut().unwrap() = 0x7f;
         }
-        HEADER_LENGTH.set(&mut word, length);
-        HEADER_KEY.set(&mut word, key);
+        HEADER_LENGTH.set(&mut word, length)?;
+        HEADER_KEY.set(&mut word, key)?;
         HEADER_CHECKSUM.set(
             &mut word,
             count_zeros(&result[(footer * word_size) as usize..]),
-        );
+        )?;
         result[..word_size as usize].copy_from_slice(&word.as_slice());
-        result
+        Ok(result)
     }
 
     /// Sets the padding bit in the first word of a user entry.
-    pub fn set_padding(&self, word: &mut Word) {
-        ID_PADDING.set(word);
+    pub fn set_padding(&self, word: &mut Word) -> StoreResult<()> {
+        ID_PADDING.set(word)
     }
 
     /// Sets the deleted bit in the first word of a user entry.

libraries/persistent_store/src/format/bitfield.rs

@@ -42,15 +42,20 @@ impl Field {
 
     /// Sets the value of a bit field.
     ///
-    /// # Preconditions
+    /// # Errors
     ///
     /// - The value must fit in the bit field: `num_bits(value) < self.len`.
     /// - The value must only change bits from 1 to 0: `self.get(*word) & value == value`.
-    pub fn set(&self, word: &mut Word, value: Nat) {
-        debug_assert_eq!(value & self.mask(), value);
+    pub fn set(&self, word: &mut Word, value: Nat) -> StoreResult<()> {
+        if value & self.mask() != value {
+            return Err(StoreError::InvalidStorage);
+        }
         let mask = !(self.mask() << self.pos);
         word.0 &= mask | (value << self.pos);
-        debug_assert_eq!(self.get(*word), value);
+        if self.get(*word) != value {
+            return Err(StoreError::InvalidStorage);
+        }
+        Ok(())
     }
 
     /// Returns a bit mask the length of the bit field.
@@ -82,8 +87,8 @@ impl ConstField {
     }
 
     /// Sets the bit field to its value.
-    pub fn set(&self, word: &mut Word) {
-        self.field.set(word, self.value);
+    pub fn set(&self, word: &mut Word) -> StoreResult<()> {
+        self.field.set(word, self.value)
     }
 }
 
@@ -135,15 +140,15 @@ impl Checksum {
 
     /// Sets the checksum to the external increment value.
     ///
-    /// # Preconditions
+    /// # Errors
     ///
     /// - The bits of the checksum bit field should be set to one: `self.field.get(*word) ==
     ///   self.field.mask()`.
     /// - The checksum value should fit in the checksum bit field: `num_bits(word.count_zeros() +
     ///   value) < self.field.len`.
-    pub fn set(&self, word: &mut Word, value: Nat) {
+    pub fn set(&self, word: &mut Word, value: Nat) -> StoreResult<()> {
         debug_assert_eq!(self.field.get(*word), self.field.mask());
-        self.field.set(word, word.0.count_zeros() + value);
+        self.field.set(word, word.0.count_zeros() + value)
     }
 }
 
@@ -290,7 +295,7 @@ mod tests {
         assert_eq!(field.get(Word(0x000000f8)), 0x1f);
         assert_eq!(field.get(Word(0x0000ff37)), 6);
         let mut word = Word(0xffffffff);
-        field.set(&mut word, 3);
+        field.set(&mut word, 3).unwrap();
         assert_eq!(word, Word(0xffffff1f));
     }
 
@@ -305,7 +310,7 @@ mod tests {
         assert!(field.check(Word(0x00000048)));
         assert!(field.check(Word(0x0000ff4f)));
         let mut word = Word(0xffffffff);
-        field.set(&mut word);
+        field.set(&mut word).unwrap();
         assert_eq!(word, Word(0xffffff4f));
     }
 
@@ -333,7 +338,7 @@ mod tests {
         assert_eq!(field.get(Word(0x00ffff67)), Ok(4));
         assert_eq!(field.get(Word(0x7fffff07)), Err(StoreError::InvalidStorage));
         let mut word = Word(0x0fffffff);
-        field.set(&mut word, 4);
+        field.set(&mut word, 4).unwrap();
         assert_eq!(word, Word(0x0fffff47));
     }