arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-22 14:28:07 +00:00
Code Issues Releases Wiki Activity

feat(core): custom exception types for Optiga

Browse Source
This commit is contained in:
matejcik 2023-09-13 11:31:11 +02:00 committed by Andrew Kozlik
parent 024ea604ca
commit afa6f84174
2 changed files with 29 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
core/embed/extmod/modtrezorcrypto/modtrezorcrypto-optiga.h
View File

@ -28,6 +28,16 @@
#define MAX_DER_SIGNATURE_SIZE 72 #define MAX_DER_SIGNATURE_SIZE 72
/// class OptigaError(Exception):
/// """Error returned by the Optiga chip."""
MP_DEFINE_EXCEPTION(OptigaError, Exception)
/// class SigningInaccessible(OptigaError):
/// """The signing key is inaccessible.
/// Typically, this will happen after the bootloader has been unlocked.
/// """
MP_DEFINE_EXCEPTION(SigningInaccessible, OptigaError)
/// mock:global
/// def get_certificate(cert_index: int) -> bytes: /// def get_certificate(cert_index: int) -> bytes:
/// """ /// """
/// Return the certificate stored at the given index. /// Return the certificate stored at the given index.
@ -40,14 +50,14 @@ STATIC mp_obj_t mod_trezorcrypto_optiga_get_certificate(mp_obj_t cert_index) {
size_t cert_size = 0; size_t cert_size = 0;
if (!optiga_cert_size(idx, &cert_size)) { if (!optiga_cert_size(idx, &cert_size)) {
mp_raise_ValueError("Failed to get certificate size."); mp_raise_msg(&mp_type_OptigaError, "Failed to get certificate size.");
} }
vstr_t cert = {0}; vstr_t cert = {0};
vstr_init_len(&cert, cert_size); vstr_init_len(&cert, cert_size);
if (!optiga_read_cert(idx, (uint8_t *)cert.buf, cert.alloc, &cert_size)) { if (!optiga_read_cert(idx, (uint8_t *)cert.buf, cert.alloc, &cert_size)) {
vstr_clear(&cert); vstr_clear(&cert);
mp_raise_ValueError("Failed to read certificate."); mp_raise_msg(&mp_type_OptigaError, "Failed to read certificate.");
} }
cert.len = cert_size; cert.len = cert_size;
@ -85,9 +95,9 @@ STATIC mp_obj_t mod_trezorcrypto_optiga_sign(mp_obj_t key_index,
if (ret != 0) { if (ret != 0) {
vstr_clear(&sig); vstr_clear(&sig);
if (ret == OPTIGA_ERR_ACCESS_COND_NOT_SAT) { if (ret == OPTIGA_ERR_ACCESS_COND_NOT_SAT) {
mp_raise_msg(&mp_type_RuntimeError, "Signing inaccessible."); mp_raise_msg(&mp_type_SigningInaccessible, "Signing inaccessible.");
} else { } else {
mp_raise_msg(&mp_type_RuntimeError, "Signing failed."); mp_raise_msg(&mp_type_OptigaError, "Signing failed.");
} }
} }
@ -110,7 +120,9 @@ STATIC const mp_rom_map_elem_t mod_trezorcrypto_optiga_globals_table[] = {
MP_ROM_INT(OPTIGA_DEVICE_CERT_INDEX)}, MP_ROM_INT(OPTIGA_DEVICE_CERT_INDEX)},
{MP_ROM_QSTR(MP_QSTR_DEVICE_ECC_KEY_INDEX), {MP_ROM_QSTR(MP_QSTR_DEVICE_ECC_KEY_INDEX),
MP_ROM_INT(OPTIGA_DEVICE_ECC_KEY_INDEX)}, MP_ROM_INT(OPTIGA_DEVICE_ECC_KEY_INDEX)},
}; {MP_ROM_QSTR(MP_QSTR_OptigaError), MP_ROM_PTR(&mp_type_OptigaError)},
{MP_ROM_QSTR(MP_QSTR_SigningInaccessible),
MP_ROM_PTR(&mp_type_SigningInaccessible)}};
STATIC MP_DEFINE_CONST_DICT(mod_trezorcrypto_optiga_globals, STATIC MP_DEFINE_CONST_DICT(mod_trezorcrypto_optiga_globals,
mod_trezorcrypto_optiga_globals_table); mod_trezorcrypto_optiga_globals_table);

12
core/mocks/generated/trezorcrypto/optiga.pyi
View File

@ -1,6 +1,18 @@
from typing import * from typing import *
# extmod/modtrezorcrypto/modtrezorcrypto-optiga.h
class OptigaError(Exception):
"""Error returned by the Optiga chip."""
# extmod/modtrezorcrypto/modtrezorcrypto-optiga.h
class SigningInaccessible(OptigaError):
"""The signing key is inaccessible.
Typically, this will happen after the bootloader has been unlocked.
"""
# extmod/modtrezorcrypto/modtrezorcrypto-optiga.h # extmod/modtrezorcrypto/modtrezorcrypto-optiga.h
def get_certificate(cert_index: int) -> bytes: def get_certificate(cert_index: int) -> bytes:
""" """