diff --git a/core/embed/trezorhal/optiga.h b/core/embed/trezorhal/optiga.h index 9ae082bbfb..532e9da9cf 100644 --- a/core/embed/trezorhal/optiga.h +++ b/core/embed/trezorhal/optiga.h @@ -79,12 +79,12 @@ optiga_pin_verify_v4(OPTIGA_UI_PROGRESS ui_progress, const uint8_t pin_secret[OPTIGA_PIN_SECRET_SIZE], uint8_t out_secret[OPTIGA_PIN_SECRET_SIZE]); -int __wur optiga_pin_get_fails_v4(uint32_t *ctr); +bool __wur optiga_pin_get_rem_v4(uint32_t *ctr); -int __wur optiga_pin_get_fails(uint32_t *ctr); +bool __wur optiga_pin_get_rem(uint32_t *ctr); -int __wur optiga_pin_fails_increase_v4(uint32_t count); +bool __wur optiga_pin_decrease_rem_v4(uint32_t count); -int __wur optiga_pin_fails_increase(uint32_t count); +bool __wur optiga_pin_decrease_rem(uint32_t count); #endif diff --git a/core/embed/trezorhal/optiga/optiga.c b/core/embed/trezorhal/optiga/optiga.c index 0cf61ebb0d..96b9c6efff 100644 --- a/core/embed/trezorhal/optiga/optiga.c +++ b/core/embed/trezorhal/optiga/optiga.c @@ -851,75 +851,73 @@ end: return ret; } -static int optiga_get_counter(uint16_t oid, uint32_t *ctr) { +static uint32_t uint32_from_be(uint8_t buf[4]) { + uint32_t i = buf[0]; + i = (i << 8) + buf[1]; + i = (i << 8) + buf[2]; + i = (i << 8) + buf[3]; + return i; +} + +static bool optiga_get_counter_rem(uint16_t oid, uint32_t *ctr) { uint8_t counter[8] = {0}; size_t counter_size = 0; - optiga_result res = optiga_get_data_object(oid, false, counter, - sizeof(counter), &counter_size); - if (res != OPTIGA_SUCCESS) { - return res; + if (optiga_get_data_object(oid, false, counter, sizeof(counter), + &counter_size) != OPTIGA_SUCCESS || + counter_size != sizeof(counter)) { + return false; } - if (counter_size != sizeof(counter)) { - return OPTIGA_ERR_SIZE; - } - - *ctr = counter[0]; - *ctr = (*ctr << 8) + counter[1]; - *ctr = (*ctr << 8) + counter[2]; - *ctr = (*ctr << 8) + counter[3]; - - return OPTIGA_SUCCESS; + *ctr = uint32_from_be(&counter[4]) - uint32_from_be(&counter[0]); + return true; } -int optiga_pin_get_fails_v4(uint32_t *ctr) { - return optiga_get_counter(OID_STRETCHED_PIN_CTR, ctr); +bool optiga_pin_get_rem_v4(uint32_t *ctr) { + return optiga_get_counter_rem(OID_STRETCHED_PIN_CTR, ctr); } -int optiga_pin_get_fails(uint32_t *ctr) { +bool optiga_pin_get_rem(uint32_t *ctr) { uint32_t ctr1 = 0; uint32_t ctr2 = 0; - if (optiga_get_counter(OID_PIN_HMAC_CTR, &ctr1) != OPTIGA_SUCCESS || - optiga_get_counter(OID_STRETCHED_PIN_CTR, &ctr2) != OPTIGA_SUCCESS) { - return -1; + if (!optiga_get_counter_rem(OID_PIN_HMAC_CTR, &ctr1) || + !optiga_get_counter_rem(OID_STRETCHED_PIN_CTR, &ctr2)) { + return false; } // Ensure that the counters are in sync. if (ctr1 > ctr2) { - if (optiga_count_data_object(OID_STRETCHED_PIN_CTR, ctr1 - ctr2) != + if (optiga_count_data_object(OID_PIN_HMAC_CTR, ctr1 - ctr2) != OPTIGA_SUCCESS) { - return -1; - } - *ctr = ctr1; - } else if (ctr2 > ctr1) { - if (optiga_count_data_object(OID_PIN_HMAC_CTR, ctr2 - ctr1) != - OPTIGA_SUCCESS) { - return -1; + return false; } *ctr = ctr2; + } else if (ctr2 > ctr1) { + if (optiga_count_data_object(OID_STRETCHED_PIN_CTR, ctr2 - ctr1) != + OPTIGA_SUCCESS) { + return false; + } + *ctr = ctr1; } else { *ctr = ctr2; } - return OPTIGA_SUCCESS; + return true; } -int optiga_pin_fails_increase_v4(uint32_t count) { +bool optiga_pin_decrease_rem_v4(uint32_t count) { if (count > 0xff) { - return OPTIGA_ERR_PARAM; + return false; } - return optiga_count_data_object(OID_STRETCHED_PIN_CTR, count); + return optiga_count_data_object(OID_STRETCHED_PIN_CTR, count) == + OPTIGA_SUCCESS; } -int optiga_pin_fails_increase(uint32_t count) { +bool optiga_pin_decrease_rem(uint32_t count) { if (count > 0xff) { - return OPTIGA_ERR_PARAM; + return false; } - if (optiga_count_data_object(OID_PIN_HMAC_CTR, count) != OPTIGA_SUCCESS || - optiga_count_data_object(OID_STRETCHED_PIN_CTR, count) != - OPTIGA_SUCCESS) { - return -1; - } - return OPTIGA_SUCCESS; + return optiga_count_data_object(OID_PIN_HMAC_CTR, count) == OPTIGA_SUCCESS && + optiga_count_data_object(OID_STRETCHED_PIN_CTR, count) == + OPTIGA_SUCCESS; } diff --git a/core/embed/trezorhal/unix/optiga.c b/core/embed/trezorhal/unix/optiga.c index 1deca6dd69..292c0d4b21 100644 --- a/core/embed/trezorhal/unix/optiga.c +++ b/core/embed/trezorhal/unix/optiga.c @@ -23,6 +23,7 @@ #include "nist256p1.h" #include "optiga_common.h" #include "rand.h" +#include "storage.h" #if defined(TREZOR_MODEL_R) #include "certs/T2B1.h" @@ -114,16 +115,16 @@ optiga_pin_result optiga_pin_verify( return OPTIGA_PIN_SUCCESS; } -int optiga_pin_get_fails_v4(uint32_t *ctr) { - *ctr = 0; - return OPTIGA_SUCCESS; +bool optiga_pin_get_rem_v4(uint32_t *ctr) { + *ctr = PIN_MAX_TRIES; + return true; } -int optiga_pin_get_fails(uint32_t *ctr) { - *ctr = 0; - return OPTIGA_SUCCESS; +bool optiga_pin_get_rem(uint32_t *ctr) { + *ctr = PIN_MAX_TRIES; + return true; } -int optiga_pin_fails_increase_v4(uint32_t count) { return OPTIGA_SUCCESS; } +bool optiga_pin_decrease_rem_v4(uint32_t count) { return true; } -int optiga_pin_fails_increase(uint32_t count) { return OPTIGA_SUCCESS; } +bool optiga_pin_decrease_rem(uint32_t count) { return true; } diff --git a/storage/storage.c b/storage/storage.c index 08b5e3ac72..59b0a8e4a5 100644 --- a/storage/storage.c +++ b/storage/storage.c @@ -1286,35 +1286,36 @@ uint32_t storage_get_pin_rem(void) { return 0; } + uint32_t rem_mcu = PIN_MAX_TRIES - ctr_mcu; + #if USE_OPTIGA // Synchronize counters in case they diverged. - uint32_t ctr_optiga = 0; - optiga_result ret = OPTIGA_SUCCESS; + uint32_t rem_optiga = 0; if (get_lock_version() >= 5) { - ret = optiga_pin_get_fails(&ctr_optiga); + ensure(optiga_pin_get_rem(&rem_optiga) * sectrue, + "optiga_pin_get_rem failed"); } else { - ret = optiga_pin_get_fails_v4(&ctr_optiga); + ensure(optiga_pin_get_rem_v4(&rem_optiga) * sectrue, + "optiga_pin_get_rem failed"); } - ensure(ret == OPTIGA_SUCCESS ? sectrue : secfalse, - "optiga_pin_get_fails failed"); - while (ctr_mcu < ctr_optiga) { + while (rem_mcu > rem_optiga) { storage_pin_fails_increase(); - ctr_mcu++; + rem_mcu--; } - if (ctr_optiga < ctr_mcu) { + if (rem_optiga > rem_mcu) { if (get_lock_version() >= 5) { - ret = optiga_pin_fails_increase(ctr_mcu - ctr_optiga); + ensure(optiga_pin_decrease_rem(rem_optiga - rem_mcu) * sectrue, + "optiga_pin_decrease_rem failed"); } else { - ret = optiga_pin_fails_increase_v4(ctr_mcu - ctr_optiga); + ensure(optiga_pin_decrease_rem_v4(rem_optiga - rem_mcu) * sectrue, + "optiga_pin_decrease_rem failed"); } - ensure(ret == OPTIGA_SUCCESS ? sectrue : secfalse, - "optiga_pin_fails_increase failed"); } #endif - return PIN_MAX_TRIES - ctr_mcu; + return rem_mcu; } secbool storage_change_pin(const uint8_t *oldpin, size_t oldpin_len,