async def handle_download(self, offset, length, file_number): # let them read from where we store the signed txn # - filenumber can be 0 or 1: uploaded txn, or result from main import sf # limiting memory use here, should be MAX_BLK_LEN really length = min(length, MAX_BLK_LEN) assert 0 <= file_number < 2, 'bad fnum' assert 0 <= offset <= MAX_TXN_LEN, "bad offset" assert 1 <= length, 'len' # maintain a running SHA256 over what's sent if offset == 0: self.file_checksum = tcc.sha256() pos = (MAX_TXN_LEN * file_number) + offset resp = bytearray(4 + length) resp[0:4] = b'biny' sf.read(pos, memoryview(resp)[4:]) self.file_checksum.update(memoryview(resp)[4:]) return resp
def find_spot(self, not_here=0): # search for a blank sector to use # - check randomly and pick first blank one (wear leveling, deniability) # - we will write and then erase old slot # - if "full", blow away a random one from main import sf options = [s for s in SLOTS if s != not_here] tcc.random.shuffle(options) buf = bytearray(16) for pos in options: sf.read(pos, buf) if set(buf) == {0xff}: # blank return sf, pos # No where to write! (probably a bug because we have lots of slots) # ... so pick a random slot and kill what it had #print("ERROR: nvram full?") victem = options[0] sf.sector_erase(victem) sf.wait_done() return sf, victem
def count_busy(): from main import sf from nvstore import SLOTS busy = 0 b = bytearray(4096) for pos in SLOTS: sf.read(pos, b) if len(set(b)) > 200: busy += 1 return busy
async def handle_upload(self, offset, total_size, data): from main import dis, sf # maintain a running SHA256 over what's received if offset == 0: self.file_checksum = tcc.sha256() assert offset % 256 == 0, 'alignment' assert offset + len(data) <= total_size <= MAX_UPLOAD_LEN, 'long' rb = bytearray(256) for pos in range(offset, offset + len(data), 256): if pos % 4096 == 0: # erase here sf.sector_erase(pos) dis.fullscreen("Receiving...") dis.progress_bar_show(offset / total_size) while sf.is_busy(): await sleep_ms(10) # write up to 256 bytes here = data[pos - offset:pos - offset + 256] sf.write(pos, here) # full page write: 0.6 to 3ms while sf.is_busy(): await sleep_ms(1) # use actual read back for verify sf.read(pos, rb) self.file_checksum.update(rb[0:len(here)]) if offset + len(data) >= total_size: # probably done dis.progress_bar_show(1.0) ux.restore_menu() return offset
async def test_sflash(): dis.clear() dis.text(None, 18, 'Serial Flash') dis.show() #if ckcc.is_simulator(): return from main import sf from ustruct import pack import tcc msize = 1024 * 1024 sf.chip_erase() for phase in [0, 1]: steps = 7 * 4 for i in range(steps): dis.progress_bar(i / steps) dis.show() await sleep_ms(250) if not sf.is_busy(): break assert not sf.is_busy(), "sflash erase didn't finish" # leave chip blank if phase == 1: break buf = bytearray(32) for addr in range(0, msize, 1024): sf.read(addr, buf) assert set(buf) == {255}, "sflash not blank:" + repr(buf) rnd = tcc.sha256(pack('I', addr)).digest() sf.write(addr, rnd) sf.read(addr, buf) assert buf == rnd, "sflash write failed" dis.progress_bar_show(addr / msize) # check no aliasing, also right size part for addr in range(0, msize, 1024): expect = tcc.sha256(pack('I', addr)).digest() sf.read(addr, buf) assert buf == expect, "sflash readback failed" dis.progress_bar_show(addr / msize)
def load(self): # Search all slots for any we can read, decrypt that, # and pick the newest one (in unlikely case of dups) from main import sf # reset self.current = {} self.my_pos = 0 self.is_dirty = 0 # 4k, but last 32 bytes are a SHA (itself encrypted) global _tmp buf = bytearray(4) empty = 0 for pos in SLOTS: gc.collect() sf.read(pos, buf) if buf[0] == buf[1] == buf[2] == buf[3] == 0xff: # erased (probably) empty += 1 continue # check if first 2 bytes makes sense for JSON aes = self.get_aes(tcc.AES.Encrypt, pos) chk = aes.update(b'{"') if chk != buf[0:2]: # doesn't look like JSON meant for me continue # probably good, read it aes = self.get_aes(tcc.AES.Encrypt, pos) chk = tcc.sha256() expect = None with SFFile(pos, length=4096, pre_erased=True) as fd: for i in range(4096 / 32): b = aes.update(fd.read(32)) if i != 127: _tmp[i * 32:(i * 32) + 32] = b chk.update(b) else: expect = b try: # verify checksum in last 32 bytes assert expect == chk.digest() # loads() can't work from a byte array, and converting to # bytes here would copy it; better to use file emulation. d = ujson.load(BytesIO(_tmp)) except: # One in 65k or so chance to come here w/ garbage decoded, so # not an error. continue got_age = d.get('_age', 0) if got_age > self.current.get('_age', -1): # likely winner self.current = d self.my_pos = pos #print("NV: data @ %d w/ age=%d" % (pos, got_age)) else: # stale data seen; clean it up. assert self.current['_age'] > 0 print("NV: cleanup @ %d" % pos) sf.sector_erase(pos) sf.wait_done() # 4k is a large object, sigh, for us right now. cleanup gc.collect() # done, if we found something if self.my_pos: return # nothing found. self.my_pos = 0 self.current = self.default_values() if empty == len(SLOTS): # Whole thing is blank. Bad for plausible deniability. Write 3 slots # with garbage. They will be wasted space until it fills. blks = list(SLOTS) tcc.random.shuffle(blks) for pos in blks[0:3]: for i in range(0, 4096, 256): h = tcc.random.bytes(256) sf.wait_done() sf.write(pos + i, h)
# everything should be encrypted now assert count_busy() == len(SLOTS) # check we hide initial values sf.chip_erase() settings.load() settings.save() assert count_busy() == 4 # check checksum/age stuff works settings.set('wrecked', 768) settings.save() b = bytearray(4096) sf.read(settings.my_pos, b) was_age = settings.get('_age') settings.set('wrecked', 123) settings.save() assert settings.get('_age') == was_age + 1 was_pos = settings.my_pos # write old data everywhere else for pos in SLOTS: if pos != was_pos: for i in range(0, 4096, 256): sf.write(pos + i, b[i:i + 256]) settings.load() assert was_pos == settings.my_pos