mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-12-22 06:18:07 +00:00
feat(core): Implement DebugLinkOptigaSetSecMax.
This commit is contained in:
parent
b6b1ad8825
commit
e84f969f4f
@ -122,6 +122,19 @@ STATIC mp_obj_t mod_trezorcrypto_optiga_get_sec() {
|
||||
STATIC MP_DEFINE_CONST_FUN_OBJ_0(mod_trezorcrypto_optiga_get_sec_obj,
|
||||
mod_trezorcrypto_optiga_get_sec);
|
||||
|
||||
#if PYOPT == 0
|
||||
/// def set_sec_max() -> None:
|
||||
/// """
|
||||
/// Set Optiga's security event counter to maximum.
|
||||
/// """
|
||||
STATIC mp_obj_t mod_trezorcrypto_optiga_set_sec_max() {
|
||||
optiga_set_sec_max();
|
||||
return mp_const_none;
|
||||
}
|
||||
STATIC MP_DEFINE_CONST_FUN_OBJ_0(mod_trezorcrypto_optiga_set_sec_max_obj,
|
||||
mod_trezorcrypto_optiga_set_sec_max);
|
||||
#endif
|
||||
|
||||
/// DEVICE_CERT_INDEX: int
|
||||
/// DEVICE_ECC_KEY_INDEX: int
|
||||
|
||||
@ -132,6 +145,10 @@ STATIC const mp_rom_map_elem_t mod_trezorcrypto_optiga_globals_table[] = {
|
||||
{MP_ROM_QSTR(MP_QSTR_sign), MP_ROM_PTR(&mod_trezorcrypto_optiga_sign_obj)},
|
||||
{MP_ROM_QSTR(MP_QSTR_get_sec),
|
||||
MP_ROM_PTR(&mod_trezorcrypto_optiga_get_sec_obj)},
|
||||
#if PYOPT == 0
|
||||
{MP_ROM_QSTR(MP_QSTR_set_sec_max),
|
||||
MP_ROM_PTR(&mod_trezorcrypto_optiga_set_sec_max_obj)},
|
||||
#endif
|
||||
{MP_ROM_QSTR(MP_QSTR_DEVICE_CERT_INDEX),
|
||||
MP_ROM_INT(OPTIGA_DEVICE_CERT_INDEX)},
|
||||
{MP_ROM_QSTR(MP_QSTR_DEVICE_ECC_KEY_INDEX),
|
||||
|
@ -57,6 +57,8 @@ bool __wur optiga_read_cert(uint8_t index, uint8_t *cert, size_t max_cert_size,
|
||||
|
||||
bool __wur optiga_read_sec(uint8_t *sec);
|
||||
|
||||
void optiga_set_sec_max(void);
|
||||
|
||||
bool __wur optiga_random_buffer(uint8_t *dest, size_t size);
|
||||
|
||||
bool __wur optiga_pin_set(optiga_ui_progress_t ui_progress,
|
||||
|
@ -176,6 +176,20 @@ bool optiga_read_sec(uint8_t *sec) {
|
||||
return ret == OPTIGA_SUCCESS && size == sizeof(uint8_t);
|
||||
}
|
||||
|
||||
void optiga_set_sec_max(void) {
|
||||
uint8_t invalid_point[] = {
|
||||
0x03, 0x42, 0x00, 0x04, 0xe2, 0x67, 0x5b, 0xe0, 0xbb, 0xf4, 0xfb, 0x9d,
|
||||
0xec, 0xaa, 0x1e, 0x96, 0xac, 0xc8, 0xa7, 0xca, 0xd0, 0x05, 0x84, 0xfe,
|
||||
0xfd, 0x7f, 0x24, 0xc6, 0xe7, 0x72, 0x5b, 0x56, 0xb3, 0x45, 0x06, 0x67,
|
||||
0xbc, 0x73, 0xe3, 0xb8, 0xf5, 0x5d, 0x1c, 0xad, 0xa0, 0x3e, 0x59, 0x1b,
|
||||
0x3b, 0x9c, 0x6e, 0xc4, 0xb6, 0xd1, 0x05, 0xf7, 0xd8, 0xc0, 0x67, 0x0d,
|
||||
0xfb, 0xcc, 0xea, 0xb1, 0x65, 0xdb, 0xa6, 0x5f};
|
||||
uint8_t buffer[32] = {0};
|
||||
size_t size = 0;
|
||||
optiga_calc_ssec(OPTIGA_CURVE_P256, OID_PIN_ECDH, invalid_point,
|
||||
sizeof(invalid_point), buffer, sizeof(buffer), &size);
|
||||
}
|
||||
|
||||
uint32_t optiga_estimate_time_ms(storage_pin_op_t op) {
|
||||
uint8_t sec = 0;
|
||||
if (!optiga_read_sec(&sec)) {
|
||||
|
@ -88,6 +88,8 @@ bool optiga_read_sec(uint8_t *sec) {
|
||||
return true;
|
||||
}
|
||||
|
||||
void optiga_set_sec_max(void) {}
|
||||
|
||||
uint32_t optiga_estimate_time_ms(storage_pin_op_t op) { return 0; }
|
||||
|
||||
bool optiga_random_buffer(uint8_t *dest, size_t size) {
|
||||
|
@ -36,5 +36,12 @@ def get_sec() -> int | None:
|
||||
"""
|
||||
Returns the value of Optiga's security event counter.
|
||||
"""
|
||||
|
||||
|
||||
# extmod/modtrezorcrypto/modtrezorcrypto-optiga.h
|
||||
def set_sec_max() -> None:
|
||||
"""
|
||||
Set Optiga's security event counter to maximum.
|
||||
"""
|
||||
DEVICE_CERT_INDEX: int
|
||||
DEVICE_ECC_KEY_INDEX: int
|
||||
|
@ -22,6 +22,7 @@ if __debug__:
|
||||
DebugLinkDecision,
|
||||
DebugLinkEraseSdCard,
|
||||
DebugLinkGetState,
|
||||
DebugLinkOptigaSetSecMax,
|
||||
DebugLinkRecordScreen,
|
||||
DebugLinkReseedRandom,
|
||||
DebugLinkResetDebugEvents,
|
||||
@ -274,7 +275,21 @@ if __debug__:
|
||||
register(
|
||||
MessageType.DebugLinkResetDebugEvents, dispatch_DebugLinkResetDebugEvents
|
||||
)
|
||||
register(
|
||||
MessageType.DebugLinkOptigaSetSecMax, dispatch_DebugLinkOptigaSetSecMax
|
||||
)
|
||||
|
||||
loop.schedule(debuglink_decision_dispatcher())
|
||||
if storage.layout_watcher is not LAYOUT_WATCHER_NONE:
|
||||
loop.schedule(return_layout_change())
|
||||
|
||||
async def dispatch_DebugLinkOptigaSetSecMax(
|
||||
msg: DebugLinkOptigaSetSecMax,
|
||||
) -> Success:
|
||||
if utils.USE_OPTIGA:
|
||||
from trezor.crypto import optiga
|
||||
|
||||
optiga.set_sec_max()
|
||||
return Success()
|
||||
else:
|
||||
raise wire.UnexpectedMessage("Optiga not supported")
|
||||
|
Loading…
Reference in New Issue
Block a user