1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-08-05 05:15:27 +00:00

WIP - set_mnemonic_secret

This commit is contained in:
grdddj 2022-03-16 19:27:01 +01:00
parent 8dfe235085
commit 2bfa5025fc
7 changed files with 98 additions and 22 deletions

View File

@ -30,6 +30,7 @@ static void _librust_qstrs(void) {
MP_QSTR_get_label; MP_QSTR_get_label;
MP_QSTR_set_label; MP_QSTR_set_label;
MP_QSTR_get_mnemonic_secret; MP_QSTR_get_mnemonic_secret;
MP_QSTR_set_mnemonic_secret;
MP_QSTR_is_passphrase_enabled; MP_QSTR_is_passphrase_enabled;
MP_QSTR_set_passphrase_enabled; MP_QSTR_set_passphrase_enabled;
MP_QSTR_get_passphrase_always_on_device; MP_QSTR_get_passphrase_always_on_device;
@ -68,4 +69,5 @@ static void _librust_qstrs(void) {
MP_QSTR_verb; MP_QSTR_verb;
MP_QSTR_verb_cancel; MP_QSTR_verb_cancel;
MP_QSTR_reverse; MP_QSTR_reverse;
MP_QSTR_secret;
} }

View File

@ -77,6 +77,8 @@ const AUTOLOCK_DELAY_MAXIMUM: u32 = 0x2000_0000; // ~6 days
// Other SD-salt-related constants are in core/src/storage/sd_salt.py // Other SD-salt-related constants are in core/src/storage/sd_salt.py
const SD_SALT_AUTH_KEY_LEN_BYTES: u8 = 16; const SD_SALT_AUTH_KEY_LEN_BYTES: u8 = 16;
const STORAGE_VERSION_CURRENT: u8 = 0x02;
extern "C" { extern "C" {
// storage.h // storage.h
fn storage_has(key: u16) -> secbool::Secbool; fn storage_has(key: u16) -> secbool::Secbool;
@ -196,6 +198,50 @@ extern "C" fn storagedevice_get_mnemonic_secret() -> Obj {
unsafe { util::try_or_raise(block) } unsafe { util::try_or_raise(block) }
} }
extern "C" fn storagedevice_set_mnemonic_secret(
n_args: usize,
args: *const Obj,
kwargs: *mut Map,
) -> Obj {
let block = |_args: &[Obj], kwargs: &Map| {
let secret: Buffer = kwargs.get(Qstr::MP_QSTR_secret)?.try_into()?;
let backup_type: u8 = kwargs.get(Qstr::MP_QSTR_backup_type)?.try_into()?;
let needs_backup: bool = if kwargs.contains_key(Qstr::MP_QSTR_needs_backup) {
kwargs.get(Qstr::MP_QSTR_needs_backup)?.try_into()?
} else {
false
};
let no_backup: bool = if kwargs.contains_key(Qstr::MP_QSTR_no_backup) {
kwargs.get(Qstr::MP_QSTR_needs_backup)?.try_into()?
} else {
false
};
let key = _get_appkey(_VERSION, false);
storagedevice_storage_set(key, &[STORAGE_VERSION_CURRENT] as *const _, 1);
let key = _get_appkey(_MNEMONIC_SECRET, false);
storagedevice_storage_set(key, secret.as_ptr(), secret.len() as u16);
let key = _get_appkey(_BACKUP_TYPE, false);
storagedevice_storage_set_u8(key, backup_type);
let key = _get_appkey(_NO_BACKUP, false);
storagedevice_storage_set_true_or_delete(key, no_backup);
let key = _get_appkey(INITIALIZED, true);
storagedevice_storage_set_bool(key, true);
if !no_backup {
let key = _get_appkey(_NEEDS_BACKUP, false);
storagedevice_storage_set_true_or_delete(key, needs_backup);
}
Ok(true.into())
};
unsafe { util::try_with_args_and_kwargs(n_args, args, kwargs, block) }
}
extern "C" fn storagedevice_is_passphrase_enabled() -> Obj { extern "C" fn storagedevice_is_passphrase_enabled() -> Obj {
let block = || { let block = || {
let key = _get_appkey(_USE_PASSPHRASE, false); let key = _get_appkey(_USE_PASSPHRASE, false);
@ -545,6 +591,14 @@ pub fn storagedevice_storage_set_bool(key: u16, val: bool) -> bool {
storagedevice_storage_set(key, &val as *const _, 1) storagedevice_storage_set(key, &val as *const _, 1)
} }
pub fn storagedevice_storage_set_true_or_delete(key: u16, val: bool) -> bool {
if val {
storagedevice_storage_set_bool(key, true)
} else {
storagedevice_storage_delete(key)
}
}
pub fn storagedevice_storage_set_u8(key: u16, val: u8) -> bool { pub fn storagedevice_storage_set_u8(key: u16, val: u8) -> bool {
storagedevice_storage_set(key, &val.to_be_bytes() as *const _, 1) storagedevice_storage_set(key, &val.to_be_bytes() as *const _, 1)
} }
@ -592,6 +646,7 @@ pub static mp_module_trezorstoragedevice: Module = obj_module! {
// TODO: should we return None or True in case of set_xxx? // TODO: should we return None or True in case of set_xxx?
/// BackupTypeInt = TypeVar("BackupTypeInt", bound=int)
/// StorageSafetyCheckLevel = Literal[0, 1] /// StorageSafetyCheckLevel = Literal[0, 1]
/// def is_version_stored() -> bool: /// def is_version_stored() -> bool:
@ -630,6 +685,15 @@ pub static mp_module_trezorstoragedevice: Module = obj_module! {
/// """Get mnemonic secret.""" /// """Get mnemonic secret."""
Qstr::MP_QSTR_get_mnemonic_secret => obj_fn_0!(storagedevice_get_mnemonic_secret).as_obj(), Qstr::MP_QSTR_get_mnemonic_secret => obj_fn_0!(storagedevice_get_mnemonic_secret).as_obj(),
/// def set_mnemonic_secret(
/// secret: bytes,
/// backup_type: BackupTypeInt,
/// needs_backup: bool = False,
/// no_backup: bool = False,
/// ) -> None:
/// """Set mnemonic secret"""
Qstr::MP_QSTR_set_mnemonic_secret => obj_fn_kw!(0, storagedevice_set_mnemonic_secret).as_obj(),
/// def is_passphrase_enabled() -> bool: /// def is_passphrase_enabled() -> bool:
/// """Whether passphrase is enabled.""" /// """Whether passphrase is enabled."""
Qstr::MP_QSTR_is_passphrase_enabled => obj_fn_0!(storagedevice_is_passphrase_enabled).as_obj(), Qstr::MP_QSTR_is_passphrase_enabled => obj_fn_0!(storagedevice_is_passphrase_enabled).as_obj(),

View File

@ -1,4 +1,5 @@
from typing import * from typing import *
BackupTypeInt = TypeVar("BackupTypeInt", bound=int)
StorageSafetyCheckLevel = Literal[0, 1] StorageSafetyCheckLevel = Literal[0, 1]
@ -47,6 +48,16 @@ def get_mnemonic_secret() -> bytes:
"""Get mnemonic secret.""" """Get mnemonic secret."""
# rust/src/storagedevice/storage_device.rs
def set_mnemonic_secret(
secret: bytes,
backup_type: BackupTypeInt,
needs_backup: bool = False,
no_backup: bool = False,
) -> None:
"""Set mnemonic secret"""
# rust/src/storagedevice/storage_device.rs # rust/src/storagedevice/storage_device.rs
def is_passphrase_enabled() -> bool: def is_passphrase_enabled() -> bool:
"""Whether passphrase is enabled.""" """Whether passphrase is enabled."""

View File

@ -36,9 +36,9 @@ async def load_device(ctx: wire.Context, msg: LoadDevice) -> Success:
storagedevice.set_slip39_identifier(identifier) storagedevice.set_slip39_identifier(identifier)
storagedevice.set_slip39_iteration_exponent(iteration_exponent) storagedevice.set_slip39_iteration_exponent(iteration_exponent)
storage.device.store_mnemonic_secret( storagedevice.set_mnemonic_secret(
secret, secret=secret,
backup_type, backup_type=backup_type,
needs_backup=msg.needs_backup is True, needs_backup=msg.needs_backup is True,
no_backup=msg.no_backup is True, no_backup=msg.no_backup is True,
) )

View File

@ -129,8 +129,8 @@ async def _finish_recovery(
if backup_type is None: if backup_type is None:
raise RuntimeError raise RuntimeError
storage.device.store_mnemonic_secret( storagedevice.set_mnemonic_secret(
secret, backup_type, needs_backup=False, no_backup=False secret=secret, backup_type=backup_type, needs_backup=False, no_backup=False
) )
if backup_type in (BackupType.Slip39_Basic, BackupType.Slip39_Advanced): if backup_type in (BackupType.Slip39_Basic, BackupType.Slip39_Advanced):
identifier = storage.recovery.get_slip39_identifier() identifier = storage.recovery.get_slip39_identifier()

View File

@ -86,9 +86,9 @@ async def reset_device(ctx: wire.Context, msg: ResetDevice) -> Success:
if msg.label is not None: if msg.label is not None:
storage.device.set_label(msg.label) storage.device.set_label(msg.label)
storagedevice.set_passphrase_enabled(bool(msg.passphrase_protection)) storagedevice.set_passphrase_enabled(bool(msg.passphrase_protection))
storage.device.store_mnemonic_secret( storagedevice.set_mnemonic_secret(
secret, # for SLIP-39, this is the EMS secret=secret, # for SLIP-39, this is the EMS
msg.backup_type, backup_type=msg.backup_type,
needs_backup=not perform_backup, needs_backup=not perform_backup,
no_backup=bool(msg.no_backup), no_backup=bool(msg.no_backup),
) )

View File

@ -4,7 +4,6 @@ from ubinascii import hexlify
import storage.cache import storage.cache
from storage import common from storage import common
from trezor import storagedevice
# TODO: export all the constants also in storagedevice? # TODO: export all the constants also in storagedevice?
@ -160,19 +159,19 @@ def get_backup_type() -> BackupType:
# common.set(_NAMESPACE, _HOMESCREEN, homescreen, public=True) # common.set(_NAMESPACE, _HOMESCREEN, homescreen, public=True)
def store_mnemonic_secret( # def store_mnemonic_secret(
secret: bytes, # secret: bytes,
backup_type: BackupType, # backup_type: BackupType,
needs_backup: bool = False, # needs_backup: bool = False,
no_backup: bool = False, # no_backup: bool = False,
) -> None: # ) -> None:
storagedevice.set_version(common.STORAGE_VERSION_CURRENT) # storagedevice.set_version(common.STORAGE_VERSION_CURRENT)
common.set(_NAMESPACE, _MNEMONIC_SECRET, secret) # common.set(_NAMESPACE, _MNEMONIC_SECRET, secret)
common.set_uint8(_NAMESPACE, _BACKUP_TYPE, backup_type) # common.set_uint8(_NAMESPACE, _BACKUP_TYPE, backup_type)
common.set_true_or_delete(_NAMESPACE, _NO_BACKUP, no_backup) # common.set_true_or_delete(_NAMESPACE, _NO_BACKUP, no_backup)
common.set_bool(_NAMESPACE, INITIALIZED, True, public=True) # common.set_bool(_NAMESPACE, INITIALIZED, True, public=True)
if not no_backup: # if not no_backup:
common.set_true_or_delete(_NAMESPACE, _NEEDS_BACKUP, needs_backup) # common.set_true_or_delete(_NAMESPACE, _NEEDS_BACKUP, needs_backup)
# def needs_backup() -> bool: # def needs_backup() -> bool: