chore(storage): make device secret and credential key counter persist reset

[no changelog]
2025-04-20 09:09:02 +00:00 · 2025-04-17 17:46:00 +02:00 · 2025-04-17 17:46:00 +02:00 · 9e7c1f6c83
commit 9e7c1f6c83
parent 135648423b
3 changed files with 20 additions and 9 deletions
--- a/core/src/storage/init.py
+++ b/core/src/storage/init.py
@ -40,12 +40,23 @@ def init_unlocked() -> None:

 def reset(excluded: Tuple[bytes, bytes] | None) -> None:
    """
-    Wipes storage but keeps the device id unchanged.
+    Wipes storage but keeps the device id, device secret, and credential counter unchanged.
    """
+    from trezor import utils
+
    device_id = device.get_device_id()
+
+    if utils.USE_THP:
+        device_secret = device.get_device_secret()
+        credential_counter = device.get_cred_auth_key_counter()
    wipe(clear_cache=False)
    wipe_cache(excluded)
    common.set(common.APP_DEVICE, device.DEVICE_ID, device_id.encode(), public=True)
+    if utils.USE_THP:
+        common.set(common.APP_DEVICE, device.DEVICE_SECRET, device_secret, True)
+        common.set(
+            common.APP_DEVICE, device.CRED_AUTH_KEY_COUNTER, credential_counter, True
+        )


 def _migrate_from_version_01() -> None:
--- a/core/src/storage/device.py
+++ b/core/src/storage/device.py
@ -36,8 +36,8 @@ _SAFETY_CHECK_LEVEL        = const(0x14)  # int
 _EXPERIMENTAL_FEATURES     = const(0x15)  # bool (0x01 or empty)
 _HIDE_PASSPHRASE_FROM_HOST = const(0x16)  # bool (0x01 or empty)
 if utils.USE_THP:
-    _DEVICE_SECRET         = const(0x17)  # bytes
-    _CRED_AUTH_KEY_COUNTER = const(0x18)  # bytes
+    DEVICE_SECRET         = const(0x17)  # bytes
+    CRED_AUTH_KEY_COUNTER = const(0x18)  # bytes
 # unused from python:
 # _BRIGHTNESS                = const(0x19)  # int
 _DISABLE_HAPTIC_FEEDBACK   = const(0x20)  # bool (0x01 or empty)
@ -364,22 +364,22 @@ if utils.USE_THP:
        """
        Device secret is used to derive keys that are independent of the seed.
        """
-        device_secret = common.get(_NAMESPACE, _DEVICE_SECRET, True)
+        device_secret = common.get(_NAMESPACE, DEVICE_SECRET, True)
        if not device_secret:
            from trezor.crypto import random

            device_secret = random.bytes(16, True)
-            common.set(_NAMESPACE, _DEVICE_SECRET, device_secret, True)
+            common.set(_NAMESPACE, DEVICE_SECRET, device_secret, True)
        return device_secret

    def get_cred_auth_key_counter() -> bytes:
-        return common.get(_NAMESPACE, _CRED_AUTH_KEY_COUNTER, True) or bytes(4)
+        return common.get(_NAMESPACE, CRED_AUTH_KEY_COUNTER, True) or bytes(4)

    def increment_cred_auth_key_counter() -> None:
        counter = int.from_bytes(get_cred_auth_key_counter(), "big")
        utils.ensure(counter < 0xFFFFFFFF, "Overflow of cred_auth_key_counter")
        common.set(
-            _NAMESPACE, _CRED_AUTH_KEY_COUNTER, (counter + 1).to_bytes(4, "big"), True
+            _NAMESPACE, CRED_AUTH_KEY_COUNTER, (counter + 1).to_bytes(4, "big"), True
        )


--- a/core/tests/test_storage.py
+++ b/core/tests/test_storage.py
@ -40,9 +40,9 @@ class TestConfig(unittest.TestCase):

        def test_cred_auth_key_counter_overflow(self):
            from storage import common
-            from storage.device import _CRED_AUTH_KEY_COUNTER, _NAMESPACE
+            from storage.device import _NAMESPACE, CRED_AUTH_KEY_COUNTER

-            common.set(_NAMESPACE, _CRED_AUTH_KEY_COUNTER, b"\xff\xff\xff\xfe", True)
+            common.set(_NAMESPACE, CRED_AUTH_KEY_COUNTER, b"\xff\xff\xff\xfe", True)
            device.increment_cred_auth_key_counter()
            self.assertEqual(device.get_cred_auth_key_counter(), b"\xff\xff\xff\xff")
            with self.assertRaises(AssertionError) as e: