kmwebnet/OpenSK
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' into master

Browse Source
This commit is contained in:
Jean-Michel Picod
2020-03-06 13:36:11 +01:00
committed by GitHub
parent 9b3eca2c78 96b1a68f45
commit e21c753dd3
12 changed files with 97 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
.github/workflows/boards_build.yml vendored Normal file
View File

@@ -0,0 +1,35 @@
---
name: Build supported boards
on:
push:
paths:
- 'patches/tock/*'
- 'third_party/tock/**'
pull_request:
types: [opened, synchronize, reopened]
jobs:
build_boards:
strategy:
matrix:
os: [ubuntu-18.04, macos-10.15]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v2
- uses: actions-rs/toolchain@v1
with:
target: thumbv7em-none-eabi
- uses: actions/setup-python@v1
with:
python-version: 3.7
- name: Install Python dependencies
run: python -m pip install --upgrade pip setuptools wheel
- name: Set up OpenSK
run: ./setup.sh
- name: Create a long build directory
run: mkdir this-is-a-long-build-directory-0123456789abcdefghijklmnopqrstuvwxyz && mv third_party this-is-a-long-build-directory-0123456789abcdefghijklmnopqrstuvwxyz/
- name: Building board nrf52840dk
run: make -C this-is-a-long-build-directory-0123456789abcdefghijklmnopqrstuvwxyz/third_party/tock/boards/nordic/nrf52840dk
- name: Building board nrf52840_dongle
run: make -C this-is-a-long-build-directory-0123456789abcdefghijklmnopqrstuvwxyz/third_party/tock/boards/nordic/nrf52840_dongle

6
.github/workflows/cargo_check.yml vendored
View File

@@ -58,6 +58,12 @@ jobs:
command: check
args: --target thumbv7em-none-eabi --release --features debug_allocations
- name: Check OpenSK ram_storage
uses: actions-rs/cargo@v1
with:
command: check
args: --target thumbv7em-none-eabi --release --features ram_storage
- name: Check OpenSK debug_ctap,with_ctap1
uses: actions-rs/cargo@v1
with:

1
Cargo.toml
View File

@@ -23,6 +23,7 @@ debug_ctap = ["crypto/derive_debug"]
with_ctap1 = ["crypto/with_ctap1"]
panic_console = ["libtock/panic_console"]
debug_allocations = ["libtock/debug_allocations"]
ram_storage = []
[dev-dependencies]
elf2tab = "0.4.0"

8
deploy.py
View File

@@ -405,6 +405,14 @@ if __name__ == "__main__":
"(i.e. more debug messages will be sent over the console port "
"such as hexdumps of packets)."),
)
app_commands.add_argument(
"--no-persistent-storage",
action="append_const",
const="ram_storage",
dest="features",
help=("Compiles and installs the OpenSK application without persistent "
"storage (i.e. unplugging the key will reset the key)."),
)
apps_group = app_commands.add_mutually_exclusive_group()
apps_group.add_argument(
"--opensk",

2
patches/tock/01-persistent-storage.patch
View File

@@ -295,7 +295,7 @@ index ece4a443..9a1afc84 100644
}
+
+ pub fn in_writeable_flash_region(&self, ptr: usize, len: usize) -> bool {
+ self.kernel.process_map_or(false, self.idx, |process| {
+ self.kernel.process_map_or(false, *self, |process| {
+ let ptr = match ptr.checked_sub(process.flash_start() as usize) {
+ None => return false,
+ Some(ptr) => ptr,

46
patches/tock/04-fix-dynamic-deferred-call.patch
View File

@@ -1,46 +0,0 @@
diff --git a/kernel/src/common/dynamic_deferred_call.rs b/kernel/src/common/dynamic_deferred_call.rs
index 53f5143d..ca349972 100644
--- a/kernel/src/common/dynamic_deferred_call.rs
+++ b/kernel/src/common/dynamic_deferred_call.rs
@@ -226,23 +226,25 @@ impl DynamicDeferredCall {
/// `call_global_instance_while`.
pub(self) fn call_while<F: Fn() -> bool>(&self, f: F) {
if self.call_pending.get() {
- // Reset call_pending here, as it may be set again in the deferred calls
- self.call_pending.set(false);
+ for (i, client_state) in self.client_states.iter().enumerate() {
+ if !f() {
+ break;
+ }
+ if client_state.scheduled.get() {
+ client_state.client.map(|client| {
+ client_state.scheduled.set(false);
+ client.call(DeferredCallHandle(i));
+ });
+ }
+ }
- self.client_states
- .iter()
- .enumerate()
- .filter(|(_i, client_state)| client_state.scheduled.get())
- .filter_map(|(i, client_state)| {
- client_state
- .client
- .map(|c| (i, &client_state.scheduled, *c))
- })
- .take_while(|_| f())
- .for_each(|(i, call_reqd, client)| {
- call_reqd.set(false);
- client.call(DeferredCallHandle(i));
- });
+ // Recompute call_pending here, as some deferred calls may have been skipped due to the
+ // `f` predicate becoming false.
+ self.call_pending.set(
+ self.client_states
+ .iter()
+ .any(|client_state| client_state.scheduled.get()),
+ );
}
}
}

24
patches/tock/04-increase-rom-nordic.patch Normal file
View File

@@ -0,0 +1,24 @@
diff --git a/boards/nordic/nrf52840_dongle/layout.ld b/boards/nordic/nrf52840_dongle/layout.ld
index 657b0d26..f86b2321 100644
--- a/boards/nordic/nrf52840_dongle/layout.ld
+++ b/boards/nordic/nrf52840_dongle/layout.ld
@@ -1,6 +1,6 @@
MEMORY
{
- rom (rx) : ORIGIN = 0x00000000, LENGTH = 128K
+ rom (rx) : ORIGIN = 0x00000000, LENGTH = 192K
prog (rx) : ORIGIN = 0x00030000, LENGTH = 832K
ram (rwx) : ORIGIN = 0x20000000, LENGTH = 256K
}
diff --git a/boards/nordic/nrf52840dk/layout.ld b/boards/nordic/nrf52840dk/layout.ld
index 657b0d26..f86b2321 100644
--- a/boards/nordic/nrf52840dk/layout.ld
+++ b/boards/nordic/nrf52840dk/layout.ld
@@ -1,6 +1,6 @@
MEMORY
{
- rom (rx) : ORIGIN = 0x00000000, LENGTH = 128K
+ rom (rx) : ORIGIN = 0x00000000, LENGTH = 192K
prog (rx) : ORIGIN = 0x00030000, LENGTH = 832K
ram (rwx) : ORIGIN = 0x20000000, LENGTH = 256K
}

5
run_desktop_tests.sh
View File

@@ -30,6 +30,7 @@ cargo check --release --target=thumbv7em-none-eabi --features with_ctap1
cargo check --release --target=thumbv7em-none-eabi --features debug_ctap
cargo check --release --target=thumbv7em-none-eabi --features panic_console
cargo check --release --target=thumbv7em-none-eabi --features debug_allocations
cargo check --release --target=thumbv7em-none-eabi --features ram_storage
cargo check --release --target=thumbv7em-none-eabi --features debug_ctap,with_ctap1
cargo check --release --target=thumbv7em-none-eabi --features debug_ctap,with_ctap1,panic_console,debug_allocations
@@ -39,6 +40,10 @@ cargo check --release --target=thumbv7em-none-eabi --examples
echo "Checking that CTAP2 builds and links properly (1 set of features)..."
cargo build --release --target=thumbv7em-none-eabi --features with_ctap1
echo "Checking that supported boards build properly..."
make -C third_party/tock/boards/nordic/nrf52840dk
make -C third_party/tock/boards/nordic/nrf52840_dongle
if [ -z "${TRAVIS_OS_NAME}" -o "${TRAVIS_OS_NAME}" = "linux" ]
then
echo "Running unit tests on the desktop (release mode)..."

21
src/ctap/storage.rs
View File

@@ -21,9 +21,9 @@ use alloc::vec::Vec;
use core::convert::TryInto;
use ctap2::embedded_flash::{self, StoreConfig, StoreEntry, StoreError, StoreIndex};
#[cfg(test)]
#[cfg(any(test, feature = "ram_storage"))]
type Storage = embedded_flash::BufferStorage;
#[cfg(not(test))]
#[cfg(not(any(test, feature = "ram_storage")))]
type Storage = embedded_flash::SyscallStorage;
// Those constants may be modified before compilation to tune the behavior of the key.
@@ -44,6 +44,9 @@ type Storage = embedded_flash::SyscallStorage;
// We have: I = ((P - 1) * 4092 - K * S) / 12 * C
//
// With P=20 and K=150, we have I > 2M which is enough for 500 increments per day for 10 years.
#[cfg(feature = "ram_storage")]
const NUM_PAGES: usize = 2;
#[cfg(not(feature = "ram_storage"))]
const NUM_PAGES: usize = 20;
const MAX_SUPPORTED_RESIDENTIAL_KEYS: usize = 150;
@@ -130,10 +133,14 @@ pub struct PersistentStore {
store: embedded_flash::Store<Storage, Config>,
}
#[cfg(feature = "ram_storage")]
const PAGE_SIZE: usize = 0x100;
#[cfg(not(feature = "ram_storage"))]
const PAGE_SIZE: usize = 0x1000;
const STORE_SIZE: usize = NUM_PAGES * PAGE_SIZE;
#[cfg(not(test))]
#[cfg(not(any(test, feature = "ram_storage")))]
#[link_section = ".app_state"]
static STORE: [u8; STORE_SIZE] = [0xff; STORE_SIZE];
@@ -144,9 +151,9 @@ impl PersistentStore {
///
/// This should be at most one instance of persistent store per program lifetime.
pub fn new(rng: &mut impl Rng256) -> PersistentStore {
#[cfg(not(test))]
#[cfg(not(any(test, feature = "ram_storage")))]
let storage = PersistentStore::new_prod_storage();
#[cfg(test)]
#[cfg(any(test, feature = "ram_storage"))]
let storage = PersistentStore::new_test_storage();
let mut store = PersistentStore {
store: embedded_flash::Store::new(storage, Config).unwrap(),
@@ -155,7 +162,7 @@ impl PersistentStore {
store
}
#[cfg(not(test))]
#[cfg(not(any(test, feature = "ram_storage")))]
fn new_prod_storage() -> Storage {
let store = unsafe {
// Safety: The store cannot alias because this function is called only once.
@@ -167,7 +174,7 @@ impl PersistentStore {
}
}
#[cfg(test)]
#[cfg(any(test, feature = "ram_storage"))]
fn new_test_storage() -> Storage {
let store = vec![0xff; STORE_SIZE].into_boxed_slice();
let options = embedded_flash::BufferOptions {

3
src/embedded_flash/buffer.rs
View File

@@ -13,6 +13,7 @@
// limitations under the License.
use super::{Index, Storage, StorageError, StorageResult};
use alloc::boxed::Box;
pub struct BufferStorage {
storage: Box<[u8]>,
@@ -230,7 +231,7 @@ impl Snapshot {
fn get(&mut self) -> Result<Box<[u8]>, usize> {
let mut snapshot = Snapshot::Ready;
std::mem::swap(self, &mut snapshot);
core::mem::swap(self, &mut snapshot);
match snapshot {
Snapshot::Armed { delay } => Err(delay),
Snapshot::Taken { storage } => Ok(storage),

2
src/embedded_flash/mod.rs
View File

@@ -12,13 +12,11 @@
// See the License for the specific language governing permissions and
// limitations under the License.
#[cfg(feature = "std")]
mod buffer;
mod storage;
mod store;
mod syscall;
#[cfg(feature = "std")]
pub use self::buffer::{BufferOptions, BufferStorage};
pub use self::storage::{Index, Storage, StorageError, StorageResult};
pub use self::store::{Store, StoreConfig, StoreEntry, StoreError, StoreIndex};

2
third_party/tock vendored

Submodule third_party/tock updated: 3a7d6b775d...fbc863faf0