1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-11-26 09:28:13 +00:00

Merge pull request #739 from trezor/tsusanka/storage-unlock

Unlock storage after wipe
This commit is contained in:
Tomas Susanka 2019-12-13 14:32:08 +01:00 committed by GitHub
commit 4cc2250ddb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 16 additions and 6 deletions

View File

@ -629,6 +629,7 @@ static void init_wiped_storage(void) {
return; return;
} }
random_buffer(cached_keys, sizeof(cached_keys)); random_buffer(cached_keys, sizeof(cached_keys));
unlocked = sectrue;
uint32_t version = NORCOW_VERSION; uint32_t version = NORCOW_VERSION;
ensure(auth_init(), "set_storage_auth_tag failed"); ensure(auth_init(), "set_storage_auth_tag failed");
ensure(storage_set_encrypted(VERSION_KEY, &version, sizeof(version)), ensure(storage_set_encrypted(VERSION_KEY, &version, sizeof(version)),
@ -642,9 +643,6 @@ static void init_wiped_storage(void) {
ui_rem = ui_total; ui_rem = ui_total;
ui_message = PROCESSING_MSG; ui_message = PROCESSING_MSG;
ensure(set_pin(PIN_EMPTY, NULL), "init_pin failed"); ensure(set_pin(PIN_EMPTY, NULL), "init_pin failed");
if (unlocked != sectrue) {
memzero(cached_keys, sizeof(cached_keys));
}
} }
void storage_init(PIN_UI_WAIT_CALLBACK callback, const uint8_t *salt, void storage_init(PIN_UI_WAIT_CALLBACK callback, const uint8_t *salt,
@ -669,6 +667,7 @@ void storage_init(PIN_UI_WAIT_CALLBACK callback, const uint8_t *salt,
uint16_t len = 0; uint16_t len = 0;
if (secfalse == norcow_get(EDEK_PVC_KEY, &val, &len)) { if (secfalse == norcow_get(EDEK_PVC_KEY, &val, &len)) {
init_wiped_storage(); init_wiped_storage();
storage_lock();
} }
memzero(cached_keys, sizeof(cached_keys)); memzero(cached_keys, sizeof(cached_keys));
} }

View File

@ -130,8 +130,12 @@ class Storage:
# public fields can be read from an unlocked device # public fields can be read from an unlocked device
raise RuntimeError("Storage locked") raise RuntimeError("Storage locked")
if consts.is_app_public(app): if consts.is_app_public(app):
return self.nc.get(key) value = self.nc.get(key)
return self._get_encrypted(key) else:
value = self._get_encrypted(key)
if value is False:
raise RuntimeError("Failed to find key in storage.")
return value
def set(self, key: int, val: bytes) -> bool: def set(self, key: int, val: bytes) -> bool:
app = key >> 8 app = key >> 8
@ -153,7 +157,7 @@ class Storage:
app = key >> 8 app = key >> 8
self._check_lock(app) self._check_lock(app)
current = self.get(key) current = self.nc.get(key)
if current is False: if current is False:
self.set_counter(key, 0) self.set_counter(key, 0)
return 0 return 0

View File

@ -83,6 +83,13 @@ def test_invalid_key():
s.set(0xFFFF, b"Hello") s.set(0xFFFF, b"Hello")
def test_non_existing_key():
sc, sp = common.init()
for s in (sc, sp):
with pytest.raises(RuntimeError):
s.get(0xABCD)
def test_chacha_strings(): def test_chacha_strings():
sc, sp = common.init(unlock=True) sc, sp = common.init(unlock=True)
for s in (sc, sp): for s in (sc, sp):