From d49e3c9f3c1f1d10149ae9bdc70ba113f9b72507 Mon Sep 17 00:00:00 2001
From: andrew <andrew.kozlik@gmail.com>
Date: Wed, 30 Jan 2019 16:22:50 +0100
Subject: [PATCH] Add storage_wipe_ex() which allows to specify the new PIN and
 the PIN fail count.

---
 storage.c | 19 ++++++++++++-------
 storage.h |  1 +
 2 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/storage.c b/storage.c
index b491ce51d..4d551f63e 100644
--- a/storage.c
+++ b/storage.c
@@ -443,17 +443,17 @@ static secbool pin_logs_init(uint32_t fails)
 }
 
 /*
- * Initializes the values of VERSION_KEY, EDEK_PVC_KEY, PIN_NOT_SET_KEY and PIN_LOGS_KEY using an empty PIN.
+ * Initializes the values of VERSION_KEY, EDEK_PVC_KEY, PIN_NOT_SET_KEY and PIN_LOGS_KEY using the given PIN.
  * This function should be called to initialize freshly wiped storage.
  */
-static void init_wiped_storage(void)
+static void init_wiped_storage(uint32_t new_pin, uint32_t pin_fail_count)
 {
     random_buffer(cached_keys, sizeof(cached_keys));
     uint32_t version = NORCOW_VERSION;
     ensure(auth_init(), "failed to initialize storage authentication tag");
     ensure(storage_set_encrypted(VERSION_KEY, &version, sizeof(version)), "failed to set storage version");
-    ensure(set_pin(PIN_EMPTY), "failed to initialize PIN");
-    ensure(pin_logs_init(0), "failed to initialize PIN logs");
+    ensure(set_pin(new_pin), "failed to initialize PIN");
+    ensure(pin_logs_init(pin_fail_count), "failed to initialize PIN logs");
     if (unlocked != sectrue) {
         memzero(cached_keys, sizeof(cached_keys));
     }
@@ -480,7 +480,7 @@ void storage_init(PIN_UI_WAIT_CALLBACK callback, const uint8_t *salt, const uint
     const void *val;
     uint16_t len;
     if (secfalse == norcow_get(EDEK_PVC_KEY, &val, &len)) {
-        init_wiped_storage();
+        init_wiped_storage(PIN_EMPTY, 0);
     }
     memzero(cached_keys, sizeof(cached_keys));
 }
@@ -960,13 +960,18 @@ secbool storage_change_pin(uint32_t oldpin, uint32_t newpin)
     return ret;
 }
 
-void storage_wipe(void)
+void storage_wipe_ex(uint32_t new_pin, uint32_t pin_fail_count)
 {
     norcow_wipe();
     norcow_active_version = NORCOW_VERSION;
     memzero(authentication_sum, sizeof(authentication_sum));
     memzero(cached_keys, sizeof(cached_keys));
-    init_wiped_storage();
+    init_wiped_storage(new_pin, pin_fail_count);
+}
+
+void storage_wipe(void)
+{
+    storage_wipe_ex(PIN_EMPTY, 0);
 }
 
 static void handle_fault(void)
diff --git a/storage.h b/storage.h
index 00e7bd074..21509deaa 100644
--- a/storage.h
+++ b/storage.h
@@ -28,6 +28,7 @@ typedef void (*PIN_UI_WAIT_CALLBACK)(uint32_t wait, uint32_t progress);
 
 void storage_init(PIN_UI_WAIT_CALLBACK callback, const uint8_t *salt, const uint16_t salt_len);
 void storage_wipe(void);
+void storage_wipe_ex(uint32_t new_pin, uint32_t pin_fail_count);
 secbool storage_unlock(const uint32_t pin);
 secbool storage_has_pin(void);
 uint32_t storage_get_pin_rem(void);