storage: Add storage_ensure_not_wipe_code().

4 years ago · bfd834d1de
parent e51ed5bf05
commit bfd834d1de
4 changed files with 31 additions and 6 deletions
--- a/core/embed/extmod/modtrezorconfig/modtrezorconfig.c
+++ b/core/embed/extmod/modtrezorconfig/modtrezorconfig.c
@ -173,6 +173,18 @@ STATIC mp_obj_t mod_trezorconfig_change_pin(size_t n_args,
 STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorconfig_change_pin_obj, 4,
                                           4, mod_trezorconfig_change_pin);

+/// def ensure_not_wipe_code(pin: int) -> None:
+///     """
+///     Wipes the device if the entered PIN is the wipe code.
+///     """
+STATIC mp_obj_t mod_trezorconfig_ensure_not_wipe_code(mp_obj_t pin) {
+  uint32_t pin_i = trezor_obj_get_uint(pin);
+  storage_ensure_not_wipe_code(pin_i);
+  return mp_const_none;
+}
+STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorconfig_ensure_not_wipe_code_obj,
+                                 mod_trezorconfig_ensure_not_wipe_code);
+
 /// def has_wipe_code() -> bool:
 ///     """
 ///     Returns True if storage has a configured wipe code, False otherwise.
@ -367,6 +379,8 @@ STATIC const mp_rom_map_elem_t mp_module_trezorconfig_globals_table[] = {
     MP_ROM_PTR(&mod_trezorconfig_get_pin_rem_obj)},
    {MP_ROM_QSTR(MP_QSTR_change_pin),
     MP_ROM_PTR(&mod_trezorconfig_change_pin_obj)},
+    {MP_ROM_QSTR(MP_QSTR_ensure_not_wipe_code),
+     MP_ROM_PTR(&mod_trezorconfig_ensure_not_wipe_code_obj)},
    {MP_ROM_QSTR(MP_QSTR_has_wipe_code),
     MP_ROM_PTR(&mod_trezorconfig_has_wipe_code_obj)},
    {MP_ROM_QSTR(MP_QSTR_change_wipe_code),
--- a/core/mocks/generated/trezorconfig.pyi
+++ b/core/mocks/generated/trezorconfig.pyi
@ -60,6 +60,13 @@ def change_pin(
    """


+# extmod/modtrezorconfig/modtrezorconfig.c
+def ensure_not_wipe_code(pin: int) -> None:
+    """
+    Wipes the device if the entered PIN is the wipe code.
+    """
+
+
 # extmod/modtrezorconfig/modtrezorconfig.c
 def has_wipe_code() -> bool:
    """
--- a/storage/storage.c
+++ b/storage/storage.c
@ -950,12 +950,7 @@ static secbool unlock(uint32_t pin, const uint8_t *ext_salt) {
    return secfalse;
  }

-  // Check whether the user entered the wipe code.
-  if (sectrue != is_not_wipe_code(pin)) {
-    storage_wipe();
-    error_shutdown("You have entered the", "wipe code. All private",
-                   "data has been erased.", NULL);
-  }
+  storage_ensure_not_wipe_code(pin);

  // Get the pin failure counter
  uint32_t ctr = 0;
@ -1339,6 +1334,14 @@ secbool storage_change_pin(uint32_t oldpin, uint32_t newpin,
  return ret;
 }

+void storage_ensure_not_wipe_code(uint32_t pin) {
+  if (sectrue != is_not_wipe_code(pin)) {
+    storage_wipe();
+    error_shutdown("You have entered the", "wipe code. All private",
+                   "data has been erased.", NULL);
+  }
+}
+
 secbool storage_has_wipe_code(void) {
  if (sectrue != initialized || sectrue != unlocked) {
    return secfalse;
--- a/storage/storage.h
+++ b/storage/storage.h
@ -52,6 +52,7 @@ uint32_t storage_get_pin_rem(void);
 secbool storage_change_pin(uint32_t oldpin, uint32_t newpin,
                           const uint8_t *old_ext_salt,
                           const uint8_t *new_ext_salt);
+void storage_ensure_not_wipe_code(uint32_t pin);
 secbool storage_has_wipe_code(void);
 secbool storage_change_wipe_code(uint32_t pin, const uint8_t *ext_salt,
                                 uint32_t wipe_code);