mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-11-26 09:28:13 +00:00
Merge pull request #739 from trezor/tsusanka/storage-unlock
Unlock storage after wipe
This commit is contained in:
commit
4cc2250ddb
@ -629,6 +629,7 @@ static void init_wiped_storage(void) {
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
random_buffer(cached_keys, sizeof(cached_keys));
|
random_buffer(cached_keys, sizeof(cached_keys));
|
||||||
|
unlocked = sectrue;
|
||||||
uint32_t version = NORCOW_VERSION;
|
uint32_t version = NORCOW_VERSION;
|
||||||
ensure(auth_init(), "set_storage_auth_tag failed");
|
ensure(auth_init(), "set_storage_auth_tag failed");
|
||||||
ensure(storage_set_encrypted(VERSION_KEY, &version, sizeof(version)),
|
ensure(storage_set_encrypted(VERSION_KEY, &version, sizeof(version)),
|
||||||
@ -642,9 +643,6 @@ static void init_wiped_storage(void) {
|
|||||||
ui_rem = ui_total;
|
ui_rem = ui_total;
|
||||||
ui_message = PROCESSING_MSG;
|
ui_message = PROCESSING_MSG;
|
||||||
ensure(set_pin(PIN_EMPTY, NULL), "init_pin failed");
|
ensure(set_pin(PIN_EMPTY, NULL), "init_pin failed");
|
||||||
if (unlocked != sectrue) {
|
|
||||||
memzero(cached_keys, sizeof(cached_keys));
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
void storage_init(PIN_UI_WAIT_CALLBACK callback, const uint8_t *salt,
|
void storage_init(PIN_UI_WAIT_CALLBACK callback, const uint8_t *salt,
|
||||||
@ -669,6 +667,7 @@ void storage_init(PIN_UI_WAIT_CALLBACK callback, const uint8_t *salt,
|
|||||||
uint16_t len = 0;
|
uint16_t len = 0;
|
||||||
if (secfalse == norcow_get(EDEK_PVC_KEY, &val, &len)) {
|
if (secfalse == norcow_get(EDEK_PVC_KEY, &val, &len)) {
|
||||||
init_wiped_storage();
|
init_wiped_storage();
|
||||||
|
storage_lock();
|
||||||
}
|
}
|
||||||
memzero(cached_keys, sizeof(cached_keys));
|
memzero(cached_keys, sizeof(cached_keys));
|
||||||
}
|
}
|
||||||
|
@ -130,8 +130,12 @@ class Storage:
|
|||||||
# public fields can be read from an unlocked device
|
# public fields can be read from an unlocked device
|
||||||
raise RuntimeError("Storage locked")
|
raise RuntimeError("Storage locked")
|
||||||
if consts.is_app_public(app):
|
if consts.is_app_public(app):
|
||||||
return self.nc.get(key)
|
value = self.nc.get(key)
|
||||||
return self._get_encrypted(key)
|
else:
|
||||||
|
value = self._get_encrypted(key)
|
||||||
|
if value is False:
|
||||||
|
raise RuntimeError("Failed to find key in storage.")
|
||||||
|
return value
|
||||||
|
|
||||||
def set(self, key: int, val: bytes) -> bool:
|
def set(self, key: int, val: bytes) -> bool:
|
||||||
app = key >> 8
|
app = key >> 8
|
||||||
@ -153,7 +157,7 @@ class Storage:
|
|||||||
app = key >> 8
|
app = key >> 8
|
||||||
self._check_lock(app)
|
self._check_lock(app)
|
||||||
|
|
||||||
current = self.get(key)
|
current = self.nc.get(key)
|
||||||
if current is False:
|
if current is False:
|
||||||
self.set_counter(key, 0)
|
self.set_counter(key, 0)
|
||||||
return 0
|
return 0
|
||||||
|
@ -83,6 +83,13 @@ def test_invalid_key():
|
|||||||
s.set(0xFFFF, b"Hello")
|
s.set(0xFFFF, b"Hello")
|
||||||
|
|
||||||
|
|
||||||
|
def test_non_existing_key():
|
||||||
|
sc, sp = common.init()
|
||||||
|
for s in (sc, sp):
|
||||||
|
with pytest.raises(RuntimeError):
|
||||||
|
s.get(0xABCD)
|
||||||
|
|
||||||
|
|
||||||
def test_chacha_strings():
|
def test_chacha_strings():
|
||||||
sc, sp = common.init(unlock=True)
|
sc, sp = common.init(unlock=True)
|
||||||
for s in (sc, sp):
|
for s in (sc, sp):
|
||||||
|
Loading…
Reference in New Issue
Block a user