Skip to content
This repository was archived by the owner on Apr 16, 2019. It is now read-only.

Commit c9113fd

Browse files
jhoenickeprusnak
authored andcommitted
firmware: fix message processing, typos in recovery
1 parent 0148ec6 commit c9113fd

File tree

4 files changed

+15
-9
lines changed

4 files changed

+15
-9
lines changed

firmware/messages.c

Lines changed: 8 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -233,7 +233,7 @@ void msg_process(char type, uint16_t msg_id, const pb_field_t *fields, uint8_t *
233233
}
234234
}
235235

236-
void msg_read_common(char type, const uint8_t *buf, int len)
236+
void msg_read_common(char type, const uint8_t *buf, uint32_t len)
237237
{
238238
static char read_state = READSTATE_IDLE;
239239
static CONFIDENTIAL uint8_t msg_in[MSG_IN_SIZE];
@@ -271,8 +271,12 @@ void msg_read_common(char type, const uint8_t *buf, int len)
271271
read_state = READSTATE_IDLE;
272272
return;
273273
}
274-
memcpy(msg_in + msg_pos, buf + 1, len - 1);
275-
msg_pos += len - 1;
274+
/* raw data starts at buf + 1 with len - 1 bytes */
275+
buf++;
276+
len = MIN(len - 1, MSG_IN_SIZE - msg_pos);
277+
278+
memcpy(msg_in + msg_pos, buf, len);
279+
msg_pos += len;
276280
}
277281

278282
if (msg_pos >= msg_size) {
@@ -329,8 +333,7 @@ void msg_read_tiny(const uint8_t *buf, int len)
329333
}
330334

331335
const pb_field_t *fields = 0;
332-
// upstream nanopb is missing const qualifier, so we have to cast :-/
333-
pb_istream_t stream = pb_istream_from_buffer((uint8_t *)buf + 9, msg_size);
336+
pb_istream_t stream = pb_istream_from_buffer(buf + 9, msg_size);
334337

335338
switch (msg_id) {
336339
case MessageType_MessageType_PinMatrixAck:

firmware/messages.h

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -42,11 +42,10 @@ const uint8_t *msg_debug_out_data(void);
4242

4343
#endif
4444

45-
void msg_read_common(char type, const uint8_t *buf, int len);
45+
void msg_read_common(char type, const uint8_t *buf, uint32_t len);
4646
bool msg_write_common(char type, uint16_t msg_id, const void *msg_ptr);
4747

4848
void msg_read_tiny(const uint8_t *buf, int len);
49-
void msg_debug_read_tiny(const uint8_t *buf, int len);
5049
extern uint8_t msg_tiny[128];
5150
extern uint16_t msg_tiny_id;
5251

firmware/recovery.c

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -295,7 +295,7 @@ static void display_choices(bool twoColumn, char choices[9][12], int num)
295295

296296
/* avoid picking out of range numbers */
297297
for (int i = 0; i < displayedChoices; i++) {
298-
if (word_matrix[i] > num)
298+
if (word_matrix[i] >= num)
299299
word_matrix[i] = 0;
300300
}
301301
/* two column layout: middle column = right column */
@@ -405,11 +405,13 @@ static void recovery_digit(const char digit) {
405405
/* received final word */
406406

407407
/* Mark the chosen word for 250 ms */
408-
int y = 54 - ((digit - '1')/3)*11;
408+
int y = 54 - ((digit - '1') / 3) * 11;
409409
int x = 64 * (((digit - '1') % 3) > 0);
410410
oledInvert(x + 1, y, x + 62, y + 9);
411411
oledRefresh();
412+
usbTiny(1);
412413
usbSleep(250);
414+
usbTiny(0);
413415

414416
/* index of the chosen word */
415417
int idx = TABLE2(TABLE1(word_pincode / 9) + (word_pincode % 9)) + choice;

firmware/storage.c

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -565,13 +565,15 @@ bool storage_getRootNode(HDNode *node, const char *curve, bool usePassphrase)
565565
// decrypt hd node
566566
uint8_t secret[64];
567567
PBKDF2_HMAC_SHA512_CTX pctx;
568+
char oldTiny = usbTiny(1);
568569
pbkdf2_hmac_sha512_Init(&pctx, (const uint8_t *)sessionPassphrase, strlen(sessionPassphrase), (const uint8_t *)"TREZORHD", 8);
569570
get_root_node_callback(0, BIP39_PBKDF2_ROUNDS);
570571
for (int i = 0; i < 8; i++) {
571572
pbkdf2_hmac_sha512_Update(&pctx, BIP39_PBKDF2_ROUNDS / 8);
572573
get_root_node_callback((i + 1) * BIP39_PBKDF2_ROUNDS / 8, BIP39_PBKDF2_ROUNDS);
573574
}
574575
pbkdf2_hmac_sha512_Final(&pctx, secret);
576+
usbTiny(oldTiny);
575577
aes_decrypt_ctx ctx;
576578
aes_decrypt_key256(secret, &ctx);
577579
aes_cbc_decrypt(node->chain_code, node->chain_code, 32, secret + 32, &ctx);

0 commit comments

Comments
 (0)