1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-11-22 23:48:12 +00:00

feat(core): add device_secret and cred_auth_key_counter

[no changelog]
This commit is contained in:
M1nd3r 2024-05-24 17:29:55 +02:00 committed by Petr Sedláček
parent cd319fec1f
commit 45d06f13eb

View File

@ -3,6 +3,7 @@ from typing import TYPE_CHECKING
import storage.cache as storage_cache
from storage import common
from trezor import utils
if TYPE_CHECKING:
from trezor.enums import BackupType
@ -36,6 +37,10 @@ _SAFETY_CHECK_LEVEL = const(0x14) # int
_EXPERIMENTAL_FEATURES = const(0x15) # bool (0x01 or empty)
_HIDE_PASSPHRASE_FROM_HOST = const(0x16) # bool (0x01 or empty)
if utils.USE_THP:
_DEVICE_SECRET = const(0x17) # bytes
_CRED_AUTH_KEY_COUNTER = const(0x18) # bytes
SAFETY_CHECK_LEVEL_STRICT : Literal[0] = const(0)
SAFETY_CHECK_LEVEL_PROMPT : Literal[1] = const(1)
_DEFAULT_SAFETY_CHECK_LEVEL = SAFETY_CHECK_LEVEL_STRICT
@ -347,3 +352,26 @@ def get_hide_passphrase_from_host() -> bool:
Whether we should hide the passphrase from the host.
"""
return common.get_bool(_NAMESPACE, _HIDE_PASSPHRASE_FROM_HOST)
if utils.USE_THP:
def get_device_secret() -> bytes:
"""
Device secret is used to derive keys that are independent of the seed.
"""
device_secret = common.get(_NAMESPACE, _DEVICE_SECRET)
if not device_secret:
from trezor.crypto import random
device_secret = random.bytes(16, True)
common.set(_NAMESPACE, _DEVICE_SECRET, device_secret)
return device_secret
def get_cred_auth_key_counter() -> bytes:
return common.get(_NAMESPACE, _CRED_AUTH_KEY_COUNTER) or bytes(4)
def increment_cred_auth_key_counter() -> None:
counter = int.from_bytes(get_cred_auth_key_counter(), "big")
utils.ensure(counter < 0xFFFFFFFF, "Overflow of cred_auth_key_counter")
common.set(_NAMESPACE, _CRED_AUTH_KEY_COUNTER, (counter + 1).to_bytes(4, "big"))