1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-01-12 00:10:58 +00:00

test(storage): Update storage tests.

This commit is contained in:
Andrew Kozlik 2024-06-13 14:28:09 +02:00 committed by Andrew Kozlik
parent 183e53d3c2
commit 09ed141a0a
3 changed files with 6 additions and 10 deletions

View File

@ -41,6 +41,6 @@
/* /*
* Current storage version. * Current storage version.
*/ */
#define NORCOW_VERSION ((uint32_t)0x00000004) #define NORCOW_VERSION ((uint32_t)0x00000005)
#endif #endif

View File

@ -113,7 +113,7 @@ NORCOW_SECTOR_SIZE = 64 * 1024
NORCOW_MAGIC = b"NRC2" NORCOW_MAGIC = b"NRC2"
# Norcow version, set in the storage header, but also as an encrypted item. # Norcow version, set in the storage header, but also as an encrypted item.
NORCOW_VERSION = b"\x04\x00\x00\x00" NORCOW_VERSION = b"\x05\x00\x00\x00"
# Norcow magic combined with the version, which is stored as its negation. # Norcow magic combined with the version, which is stored as its negation.
NORCOW_MAGIC_AND_VERSION = NORCOW_MAGIC + bytes( NORCOW_MAGIC_AND_VERSION = NORCOW_MAGIC + bytes(

View File

@ -10,17 +10,13 @@ from . import consts, prng
def derive_kek_keiv(salt: bytes, pin: str) -> (bytes, bytes): def derive_kek_keiv(salt: bytes, pin: str) -> (bytes, bytes):
kdf = PBKDF2HMAC( kdf = PBKDF2HMAC(
algorithm=hashes.SHA256(), algorithm=hashes.SHA256(),
length=consts.KEK_SIZE + consts.KEIV_SIZE, length=consts.KEK_SIZE,
salt=bytes(salt), salt=bytes(salt),
iterations=10000, iterations=20000,
backend=default_backend(), backend=default_backend(),
) )
pbkdf_output = kdf.derive(pin.encode()) kek = kdf.derive(pin.encode())
# the first 256b is Key Encryption Key keiv = b"\0" * consts.KEIV_SIZE
kek = pbkdf_output[: consts.KEK_SIZE]
# following with 96b of Initialization Vector
keiv = pbkdf_output[consts.KEK_SIZE :]
return kek, keiv return kek, keiv