|
|
|
@ -38,14 +38,15 @@ class Storage:
|
|
|
|
|
self.sak = prng.random_buffer(consts.SAK_SIZE)
|
|
|
|
|
|
|
|
|
|
self.nc.set(consts.SAT_KEY, crypto.init_hmacs(self.sak))
|
|
|
|
|
self._set_encrypt(consts.VERSION_KEY, b"\x02\x00\x00\x00")
|
|
|
|
|
self._set_encrypt(consts.VERSION_KEY, consts.NORCOW_VERSION)
|
|
|
|
|
self.nc.set(consts.UNAUTH_VERSION_KEY, consts.NORCOW_VERSION)
|
|
|
|
|
self.nc.set(consts.STORAGE_UPGRADED_KEY, consts.FALSE_WORD)
|
|
|
|
|
self.pin_log.init()
|
|
|
|
|
self._set_wipe_code(consts.WIPE_CODE_EMPTY)
|
|
|
|
|
self._set_pin(consts.PIN_EMPTY)
|
|
|
|
|
self.unlocked = False
|
|
|
|
|
|
|
|
|
|
def _set_pin(self, pin: int):
|
|
|
|
|
def _set_pin(self, pin: str):
|
|
|
|
|
random_salt = prng.random_buffer(consts.PIN_SALT_SIZE)
|
|
|
|
|
salt = self.hw_salt_hash + random_salt
|
|
|
|
|
kek, keiv = crypto.derive_kek_keiv(salt, pin)
|
|
|
|
@ -61,10 +62,10 @@ class Storage:
|
|
|
|
|
else:
|
|
|
|
|
self._set_bool(consts.PIN_NOT_SET_KEY, False)
|
|
|
|
|
|
|
|
|
|
def _set_wipe_code(self, wipe_code: int):
|
|
|
|
|
def _set_wipe_code(self, wipe_code: str):
|
|
|
|
|
if wipe_code == consts.PIN_EMPTY:
|
|
|
|
|
wipe_code = consts.WIPE_CODE_EMPTY
|
|
|
|
|
wipe_code_bytes = wipe_code.to_bytes(4, "little")
|
|
|
|
|
wipe_code_bytes = wipe_code.encode()
|
|
|
|
|
salt = prng.random_buffer(consts.WIPE_CODE_SALT_SIZE)
|
|
|
|
|
tag = crypto._hmac(salt, wipe_code_bytes)[: consts.WIPE_CODE_TAG_SIZE]
|
|
|
|
|
self.nc.set(consts.WIPE_CODE_DATA_KEY, wipe_code_bytes + salt + tag)
|
|
|
|
@ -73,10 +74,7 @@ class Storage:
|
|
|
|
|
self.nc.wipe()
|
|
|
|
|
self._init_pin()
|
|
|
|
|
|
|
|
|
|
def check_pin(self, pin: int) -> bool:
|
|
|
|
|
if pin == 0:
|
|
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
def check_pin(self, pin: str) -> bool:
|
|
|
|
|
self.pin_log.write_attempt()
|
|
|
|
|
|
|
|
|
|
data = self.nc.get(consts.EDEK_ESEK_PVC_KEY)
|
|
|
|
@ -99,7 +97,7 @@ class Storage:
|
|
|
|
|
def lock(self) -> None:
|
|
|
|
|
self.unlocked = False
|
|
|
|
|
|
|
|
|
|
def unlock(self, pin: int) -> bool:
|
|
|
|
|
def unlock(self, pin: str) -> bool:
|
|
|
|
|
if not self.initialized or not self.check_pin(pin):
|
|
|
|
|
return False
|
|
|
|
|
|
|
|
|
@ -117,13 +115,8 @@ class Storage:
|
|
|
|
|
def get_pin_rem(self) -> int:
|
|
|
|
|
return consts.PIN_MAX_TRIES - self.pin_log.get_failures_count()
|
|
|
|
|
|
|
|
|
|
def change_pin(self, oldpin: int, newpin: int) -> bool:
|
|
|
|
|
if (
|
|
|
|
|
not self.initialized
|
|
|
|
|
or not self.unlocked
|
|
|
|
|
or oldpin == consts.PIN_INVALID
|
|
|
|
|
or newpin == consts.PIN_INVALID
|
|
|
|
|
):
|
|
|
|
|
def change_pin(self, oldpin: str, newpin: str) -> bool:
|
|
|
|
|
if not self.initialized or not self.unlocked:
|
|
|
|
|
return False
|
|
|
|
|
if not self.check_pin(oldpin):
|
|
|
|
|
return False
|
|
|
|
|