Merge pull request #1138 from LedgerHQ/FWEO-1481-app-storage-crc

FWEO-1481: app storage crc

Author: jarevalo-ledger

include/app_storage.h

@@ -34,9 +34,12 @@
 #define APP_STORAGE_HEADER_STRUCT_VERSION 1
 
 ///< Error codes
+#define APP_STORAGE_SUCCESS               0   ///< No error
 #define APP_STORAGE_ERR_INVALID_ARGUMENT  -1  ///< Invalid argument
 #define APP_STORAGE_ERR_NO_DATA_AVAILABLE -2  ///< Address not available for reading
 #define APP_STORAGE_ERR_OVERFLOW          -3  ///< Value too large to be stored
+#define APP_STORAGE_ERR_INVALID_HEADER    -4  ///< Invalid storage header
+#define APP_STORAGE_ERR_CORRUPTED         -5  ///< App storage is corrupted
 
 /// Initial app data storage version
 #define APP_STORAGE_INITIAL_APP_DATA_VERSION 1

include/decorators.h

@@ -72,3 +72,9 @@
 #else
 #define STATIC
 #endif
+
+#if !defined(UNIT_TESTING)
+#define CONST const
+#else
+#define CONST
+#endif

lib_cxng/src/cx_crc32.c

@@ -20,6 +20,7 @@
 
 #include "lcx_crc.h"
 #include "cx_ram.h"
+#include "ox_crc.h"
 
 static uint32_t reverse_32_bits(uint32_t value)
 {

lib_standard_app/app_storage.c

@@ -18,30 +18,48 @@
 #include <string.h>
 #include "app_storage.h"
 #include "app_storage_internal.h"
+#include "lcx_crc.h"
 #include "os_nvm.h"
 #include "os_pic.h"
 
 #define APP_STORAGE_ERASE_BLOCK_SIZE 256
 
-/* In order to be used in unit testing */
-#if !defined(TEST)
-#define CONST const
-#else
-#define CONST
-#endif
-
 CONST app_storage_t app_storage_real __attribute__((section(".storage_section")));
 #define app_storage (*(volatile app_storage_t *) PIC(&app_storage_real))
 
 /**
- * @brief checks if the app storage struct is initialized
+ * @brief checks if the app storage struct is initialized and valid
  */
-static bool app_storage_is_initalized(void)
+STATIC int32_t app_storage_is_initalized(void)
 {
-    if (memcmp((const void *) &app_storage.header.tag, APP_STORAGE_TAG, APP_STORAGE_TAG_LEN) != 0) {
-        return false;
+    int32_t status = APP_STORAGE_ERR_INVALID_ARGUMENT;
+    if (memcmp((const void *) &app_storage.header.tag, APP_STORAGE_TAG, APP_STORAGE_TAG_LEN) == 0) {
+        status = APP_STORAGE_SUCCESS;
+    }
+    else {
+        status = APP_STORAGE_ERR_INVALID_HEADER;
+        goto error;
+    }
+
+    uint32_t crc = cx_crc32((void *) &app_storage.header,
+                            sizeof(app_storage.header) + app_storage.header.size);
+    if (crc != app_storage.crc) {
+        // Invalid CRC, force reset
+        status = APP_STORAGE_ERR_CORRUPTED;
     }
-    return true;
+    else {
+        status = APP_STORAGE_SUCCESS;
+    }
+
+error:
+    return status;
+}
+
+static inline void update_crc(void)
+{
+    uint32_t crc = cx_crc32((void *) &app_storage.header,
+                            sizeof(app_storage.header) + app_storage.header.size);
+    nvm_write((void *) &app_storage.crc, &crc, sizeof(app_storage.crc));
 }
 
 /**
@@ -60,6 +78,7 @@ static inline void system_header_reset(void)
     /* Setting up properties fields from the app makefile */
     header.properties = ((HAVE_APP_STORAGE_PROP_SETTINGS << 0) | (HAVE_APP_STORAGE_PROP_DATA << 1));
     nvm_write((void *) &app_storage.header, &header, sizeof(header));
+    update_crc();
 }
 
 /**
@@ -69,13 +88,31 @@ static inline void system_header_reset(void)
  *  - sets initial size (0)
  *  - sets struct and data versions (1)
  *  - sets properties (from Makefile)
+ *
+ * @returns int32_t
+ *
+ * @retval APP_STORAGE_SUCCESS Application storage is successfully initialized.
+ * @retval APP_STORAGE_ERR_CORRUPTED Error, application storage is corrupted.
  */
-void app_storage_init(void)
+int32_t app_storage_init(void)
 {
-    if (app_storage_is_initalized()) {
-        return;
+    int32_t status = app_storage_is_initalized();
+    switch (status) {
+        case APP_STORAGE_ERR_INVALID_HEADER:
+            // Invalid tag or uninitialized storage, reset the HEADER
+            system_header_reset();
+            status = APP_STORAGE_SUCCESS;
+            break;
+        case APP_STORAGE_ERR_CORRUPTED:
+            system_header_reset();
+            break;
+        case APP_STORAGE_SUCCESS:
+        default:
+            // Return status as-is
+            break;
     }
-    system_header_reset();
+
+    return status;
 }
 
 /**
@@ -87,17 +124,24 @@ void app_storage_reset(void)
 
     uint8_t  erase_buf[APP_STORAGE_ERASE_BLOCK_SIZE] = {0};
     uint32_t offset                                  = 0;
+    bool     need_update                             = false;
+
     if (APP_STORAGE_SIZE > APP_STORAGE_ERASE_BLOCK_SIZE) {
         for (; offset < APP_STORAGE_SIZE - APP_STORAGE_ERASE_BLOCK_SIZE;
              offset += APP_STORAGE_ERASE_BLOCK_SIZE) {
             nvm_write((void *) &app_storage.data[offset],
                       (void *) erase_buf,
                       APP_STORAGE_ERASE_BLOCK_SIZE);
         }
+        need_update = true;
     }
     if (APP_STORAGE_SIZE > offset) {
         nvm_write(
             (void *) &app_storage.data[offset], (void *) erase_buf, APP_STORAGE_SIZE - offset);
+        need_update = true;
+    }
+    if (need_update) {
+        update_crc();
     }
 }
 
@@ -141,6 +185,7 @@ void app_storage_increment_data_version(void)
     }
     nvm_write(
         (void *) &app_storage.header.data_version, (void *) &data_version, sizeof(data_version));
+    update_crc();
 }
 
 /**
@@ -150,6 +195,7 @@ void app_storage_set_data_version(uint32_t data_version)
 {
     nvm_write(
         (void *) &app_storage.header.data_version, (void *) &data_version, sizeof(data_version));
+    update_crc();
 }
 
 /**
@@ -181,6 +227,8 @@ int32_t app_storage_write(const void *buf, uint32_t nbyte, uint32_t offset)
     if (app_storage.header.size < max_offset) {
         nvm_write((void *) &app_storage.header.size, (void *) &max_offset, sizeof(max_offset));
     }
+    update_crc();
+
     return nbyte;
 }
 

lib_standard_app/app_storage_internal.h

@@ -13,18 +13,30 @@
  *  See the License for the specific language governing permissions and
  *  limitations under the License.
  *****************************************************************************/
-#ifdef HAVE_APP_STORAGE
+#if defined(HAVE_APP_STORAGE) || defined(HAVE_BOLOS)
 
 #pragma once
 
 #include "app_storage.h"
 
-/* The storage consists of the system and the app parts */
+/**
+ * @brief The storage consists of the system and the app parts
+ */
 typedef struct app_storage_s {
+    uint32_t             crc;  ///< CRC32 of the app storage header and data
     app_storage_header_t header;
     uint8_t              data[APP_STORAGE_SIZE];
 } app_storage_t;
 
-void app_storage_init(void);
+/**
+ * @brief initializes the application storage.
+ *
+ * @returns int32_t Initialization status.
+ *
+ * @retval APP_STORAGE_SUCCESS Application storage is successfully initialized.
+ * @retval APP_STORAGE_ERR_CORRUPTED Error, application storage is corrupted.
+ *
+ */
+int32_t app_storage_init(void);
 
-#endif /* #ifdef HAVE_APP_STORAGE */
+#endif /* HAVE_APP_STORAGE || HAVE_BOLOS */

unit-tests/app_storage/CMakeLists.txt

@@ -7,10 +7,9 @@ endif()
 # project information
 project(unit_tests
         VERSION 0.1
-	      DESCRIPTION "Unit tests for UX_SYNC"
+        DESCRIPTION "Unit tests for Application storage"
         LANGUAGES C)
 
-
 # guard against bad build-type strings
 if (NOT CMAKE_BUILD_TYPE)
   set(CMAKE_BUILD_TYPE "Debug")
@@ -22,42 +21,80 @@ ENABLE_TESTING()
 # specify C standard
 set(CMAKE_C_STANDARD 11)
 set(CMAKE_C_STANDARD_REQUIRED True)
-add_compile_definitions(SCREEN_SIZE_WALLET)
-add_compile_definitions(USB_SEGMENT_SIZE=64)
-add_compile_definitions(HAVE_NBGL)
-add_compile_definitions(WITH_STDIO)
-add_compile_definitions(HAVE_APP_STORAGE)
-add_compile_definitions(APP_STORAGE_SIZE=5555)
-add_compile_definitions(HAVE_APP_STORAGE_PROP_SETTINGS)
-add_compile_definitions(HAVE_APP_STORAGE_PROP_DATA)
-
 
-set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -Wall ${DEFINES} -g -O0 --coverage")
-
-set(GCC_COVERAGE_LINK_FLAGS "--coverage -lgcov")
-set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} ${GCC_COVERAGE_LINK_FLAGS}")
-set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} ${GCC_COVERAGE_LINK_FLAGS}")
+set(CMAKE_BUILD_TYPE Debug)
 
 # guard against in-source builds
 if(${CMAKE_SOURCE_DIR} STREQUAL ${CMAKE_BINARY_DIR})
   message(FATAL_ERROR "In-source builds not allowed. Please make a new directory (called a build directory) and run CMake from there. You may need to remove CMakeCache.txt. ")
 endif()
 
-add_compile_definitions(TEST)
-
-include_directories(.)
-include_directories(../../target/stax/include)
-include_directories(../../include)
-include_directories(../../lib_nbgl/include)
-include_directories(../../lib_nbgl/include/fonts)
-include_directories(../../lib_ux_nbgl)
-include_directories(../../lib_standard_app)
-
-add_executable(test_app_storage test_app_storage.c)
-
-add_library(app_storage_stubs SHARED app_storage_stubs.c)
-add_library(app_storage SHARED ../../lib_standard_app/app_storage.c)
-
-target_link_libraries(test_app_storage PUBLIC cmocka gcov app_storage app_storage_stubs)
-
-add_test(test_app_storage test_app_storage)
+set(TEST test_app_storage)
+
+add_executable(
+  ${TEST}
+  test_app_storage.c
+  app_storage_stubs.c
+  ../../lib_standard_app/app_storage.c
+  ../../lib_cxng/src/cx_crc32.c
+  ../../mock/src/cx_crc.c
+)
+
+target_include_directories(
+  ${TEST}
+  PRIVATE
+  ./
+  ../../target/stax/include
+  ../../include
+  ../../lib_cxng/include
+  ../../lib_nbgl/include
+  ../../lib_nbgl/include/fonts
+  ../../lib_ux_nbgl
+  ../../lib_standard_app
+  ../mock/include
+)
+
+target_compile_options(
+  ${TEST}
+  PRIVATE
+  -Wall
+  -Werror
+  -O0
+  --coverage
+  -fsanitize=address,undefined
+)
+
+target_compile_definitions(
+  ${TEST}
+  PRIVATE
+  UNIT_TESTING
+  SCREEN_SIZE_WALLET
+  USB_SEGMENT_SIZE=64
+  HAVE_NBGL
+  WITH_STDIO
+  HAVE_APP_STORAGE
+  APP_STORAGE_SIZE=5555
+  HAVE_APP_STORAGE_PROP_SETTINGS
+  HAVE_APP_STORAGE_PROP_DATA
+  HAVE_CRC
+)
+
+target_link_libraries(
+  ${TEST}
+  PRIVATE
+  cmocka
+  gcov
+)
+
+target_link_options(
+  ${TEST}
+  PRIVATE
+  --coverage
+  -lgcov
+  -fsanitize=address,undefined
+)
+
+add_test(
+  NAME ${TEST}
+  COMMAND ${TEST}
+)

unit-tests/app_storage/app_storage_stubs.c

@@ -18,6 +18,16 @@
 #include <setjmp.h>
 #include <string.h>
 
+#ifdef UNIT_TESTING
+// When defined cmocka redefine malloc/free which does not work well with
+// address-sanitizer
+#undef UNIT_TESTING
+#include <cmocka.h>
+#define UNIT_TESTING
+#else
+#include <cmocka.h>
+#endif
+
 #include <cmocka.h>
 #include <malloc.h>
 #include <stdio.h>