feat(core): Implement optiga.get_sec()

[no changelog]
2024-12-21 22:08:08 +00:00 · 2024-06-25 11:23:25 +02:00 · 2024-06-25 11:23:25 +02:00 · ca4bfa2ebd
commit ca4bfa2ebd
parent 4d4ee99716
5 changed files with 37 additions and 1 deletions
--- a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-optiga.h
+++ b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-optiga.h
@ -104,10 +104,23 @@ STATIC mp_obj_t mod_trezorcrypto_optiga_sign(mp_obj_t key_index,
  sig.len = sig_size;
  return mp_obj_new_str_from_vstr(&mp_type_bytes, &sig);
 }
-
 STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_optiga_sign_obj,
                                 mod_trezorcrypto_optiga_sign);

+/// def get_sec() -> int | None:
+///     """
+///     Returns the value of Optiga's security event counter.
+///     """
+STATIC mp_obj_t mod_trezorcrypto_optiga_get_sec() {
+  uint8_t sec = 0;
+  if (optiga_read_sec(&sec)) {
+    return mp_obj_new_int_from_uint(sec);
+  }
+  return mp_const_none;
+}
+STATIC MP_DEFINE_CONST_FUN_OBJ_0(mod_trezorcrypto_optiga_get_sec_obj,
+                                 mod_trezorcrypto_optiga_get_sec);
+
 /// DEVICE_CERT_INDEX: int
 /// DEVICE_ECC_KEY_INDEX: int

@ -116,6 +129,8 @@ STATIC const mp_rom_map_elem_t mod_trezorcrypto_optiga_globals_table[] = {
    {MP_ROM_QSTR(MP_QSTR_get_certificate),
     MP_ROM_PTR(&mod_trezorcrypto_optiga_get_certificate_obj)},
    {MP_ROM_QSTR(MP_QSTR_sign), MP_ROM_PTR(&mod_trezorcrypto_optiga_sign_obj)},
+    {MP_ROM_QSTR(MP_QSTR_get_sec),
+     MP_ROM_PTR(&mod_trezorcrypto_optiga_get_sec_obj)},
    {MP_ROM_QSTR(MP_QSTR_DEVICE_CERT_INDEX),
     MP_ROM_INT(OPTIGA_DEVICE_CERT_INDEX)},
    {MP_ROM_QSTR(MP_QSTR_DEVICE_ECC_KEY_INDEX),
--- a/core/embed/trezorhal/optiga.h
+++ b/core/embed/trezorhal/optiga.h
@ -59,6 +59,8 @@ bool __wur optiga_cert_size(uint8_t index, size_t *cert_size);
 bool __wur optiga_read_cert(uint8_t index, uint8_t *cert, size_t max_cert_size,
                            size_t *cert_size);

+bool __wur optiga_read_sec(uint8_t *sec);
+
 bool __wur optiga_random_buffer(uint8_t *dest, size_t size);

 int __wur optiga_pin_set(OPTIGA_UI_PROGRESS ui_progress,
--- a/core/embed/trezorhal/optiga/optiga.c
+++ b/core/embed/trezorhal/optiga/optiga.c
@ -159,6 +159,13 @@ bool optiga_read_cert(uint8_t index, uint8_t *cert, size_t max_cert_size,
  return OPTIGA_SUCCESS == ret;
 }

+bool optiga_read_sec(uint8_t *sec) {
+  size_t size = 0;
+  optiga_result ret = optiga_get_data_object(OPTIGA_OID_SEC, false, sec,
+                                             sizeof(uint8_t), &size);
+  return ret == OPTIGA_SUCCESS && size == sizeof(uint8_t);
+}
+
 bool optiga_random_buffer(uint8_t *dest, size_t size) {
  while (size > OPTIGA_RANDOM_MAX_SIZE) {
    if (optiga_get_random(dest, OPTIGA_RANDOM_MAX_SIZE) != OPTIGA_SUCCESS) {
--- a/core/embed/trezorhal/unix/optiga.c
+++ b/core/embed/trezorhal/unix/optiga.c
@ -149,6 +149,11 @@ bool optiga_read_cert(uint8_t index, uint8_t *cert, size_t max_cert_size,
  return true;
 }

+bool optiga_read_sec(uint8_t *sec) {
+  *sec = 0;
+  return true;
+}
+
 bool optiga_random_buffer(uint8_t *dest, size_t size) {
  random_buffer(dest, size);
  return true;
--- a/core/mocks/generated/trezorcrypto/optiga.pyi
+++ b/core/mocks/generated/trezorcrypto/optiga.pyi
@ -29,5 +29,12 @@ def sign(
    Uses the private key at key_index to produce a DER-encoded signature of
    the digest.
    """
+
+
+# extmod/modtrezorcrypto/modtrezorcrypto-optiga.h
+def get_sec() -> int | None:
+    """
+    Returns the value of Optiga's security event counter.
+    """
 DEVICE_CERT_INDEX: int
 DEVICE_ECC_KEY_INDEX: int