feat(core): Implement optiga.get_sec()

[no changelog]

core/embed/extmod/modtrezorcrypto/modtrezorcrypto-optiga.h

@@ -104,10 +104,23 @@ STATIC mp_obj_t mod_trezorcrypto_optiga_sign(mp_obj_t key_index,
   sig.len = sig_size;
   return mp_obj_new_str_from_vstr(&mp_type_bytes, &sig);
 }
-
 STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_optiga_sign_obj,
                                  mod_trezorcrypto_optiga_sign);
 
+/// def get_sec() -> int | None:
+///     """
+///     Returns the value of Optiga's security event counter.
+///     """
+STATIC mp_obj_t mod_trezorcrypto_optiga_get_sec() {
+  uint8_t sec = 0;
+  if (optiga_read_sec(&sec)) {
+    return mp_obj_new_int_from_uint(sec);
+  }
+  return mp_const_none;
+}
+STATIC MP_DEFINE_CONST_FUN_OBJ_0(mod_trezorcrypto_optiga_get_sec_obj,
+                                 mod_trezorcrypto_optiga_get_sec);
+
 /// DEVICE_CERT_INDEX: int
 /// DEVICE_ECC_KEY_INDEX: int
 
@@ -116,6 +129,8 @@ STATIC const mp_rom_map_elem_t mod_trezorcrypto_optiga_globals_table[] = {
     {MP_ROM_QSTR(MP_QSTR_get_certificate),
      MP_ROM_PTR(&mod_trezorcrypto_optiga_get_certificate_obj)},
     {MP_ROM_QSTR(MP_QSTR_sign), MP_ROM_PTR(&mod_trezorcrypto_optiga_sign_obj)},
+    {MP_ROM_QSTR(MP_QSTR_get_sec),
+     MP_ROM_PTR(&mod_trezorcrypto_optiga_get_sec_obj)},
     {MP_ROM_QSTR(MP_QSTR_DEVICE_CERT_INDEX),
      MP_ROM_INT(OPTIGA_DEVICE_CERT_INDEX)},
     {MP_ROM_QSTR(MP_QSTR_DEVICE_ECC_KEY_INDEX),

core/embed/trezorhal/optiga.h

@@ -59,6 +59,8 @@ bool __wur optiga_cert_size(uint8_t index, size_t *cert_size);
 bool __wur optiga_read_cert(uint8_t index, uint8_t *cert, size_t max_cert_size,
                             size_t *cert_size);
 
+bool __wur optiga_read_sec(uint8_t *sec);
+
 bool __wur optiga_random_buffer(uint8_t *dest, size_t size);
 
 int __wur optiga_pin_set(OPTIGA_UI_PROGRESS ui_progress,

core/embed/trezorhal/optiga/optiga.c

@@ -159,6 +159,13 @@ bool optiga_read_cert(uint8_t index, uint8_t *cert, size_t max_cert_size,
   return OPTIGA_SUCCESS == ret;
 }
 
+bool optiga_read_sec(uint8_t *sec) {
+  size_t size = 0;
+  optiga_result ret = optiga_get_data_object(OPTIGA_OID_SEC, false, sec,
+                                             sizeof(uint8_t), &size);
+  return ret == OPTIGA_SUCCESS && size == sizeof(uint8_t);
+}
+
 bool optiga_random_buffer(uint8_t *dest, size_t size) {
   while (size > OPTIGA_RANDOM_MAX_SIZE) {
     if (optiga_get_random(dest, OPTIGA_RANDOM_MAX_SIZE) != OPTIGA_SUCCESS) {

core/embed/trezorhal/unix/optiga.c

@@ -149,6 +149,11 @@ bool optiga_read_cert(uint8_t index, uint8_t *cert, size_t max_cert_size,
   return true;
 }
 
+bool optiga_read_sec(uint8_t *sec) {
+  *sec = 0;
+  return true;
+}
+
 bool optiga_random_buffer(uint8_t *dest, size_t size) {
   random_buffer(dest, size);
   return true;

core/mocks/generated/trezorcrypto/optiga.pyi

@@ -29,5 +29,12 @@ def sign(
     Uses the private key at key_index to produce a DER-encoded signature of
     the digest.
     """
+
+
+# extmod/modtrezorcrypto/modtrezorcrypto-optiga.h
+def get_sec() -> int | None:
+    """
+    Returns the value of Optiga's security event counter.
+    """
 DEVICE_CERT_INDEX: int
 DEVICE_ECC_KEY_INDEX: int