1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-22 06:18:07 +00:00

feat(core): Implement DebugLinkOptigaSetSecMax.

This commit is contained in:
Andrew Kozlik 2024-07-09 14:30:18 +02:00 committed by Andrew Kozlik
parent b6b1ad8825
commit e84f969f4f
6 changed files with 57 additions and 0 deletions

View File

@ -122,6 +122,19 @@ STATIC mp_obj_t mod_trezorcrypto_optiga_get_sec() {
STATIC MP_DEFINE_CONST_FUN_OBJ_0(mod_trezorcrypto_optiga_get_sec_obj,
mod_trezorcrypto_optiga_get_sec);
#if PYOPT == 0
/// def set_sec_max() -> None:
/// """
/// Set Optiga's security event counter to maximum.
/// """
STATIC mp_obj_t mod_trezorcrypto_optiga_set_sec_max() {
optiga_set_sec_max();
return mp_const_none;
}
STATIC MP_DEFINE_CONST_FUN_OBJ_0(mod_trezorcrypto_optiga_set_sec_max_obj,
mod_trezorcrypto_optiga_set_sec_max);
#endif
/// DEVICE_CERT_INDEX: int
/// DEVICE_ECC_KEY_INDEX: int
@ -132,6 +145,10 @@ STATIC const mp_rom_map_elem_t mod_trezorcrypto_optiga_globals_table[] = {
{MP_ROM_QSTR(MP_QSTR_sign), MP_ROM_PTR(&mod_trezorcrypto_optiga_sign_obj)},
{MP_ROM_QSTR(MP_QSTR_get_sec),
MP_ROM_PTR(&mod_trezorcrypto_optiga_get_sec_obj)},
#if PYOPT == 0
{MP_ROM_QSTR(MP_QSTR_set_sec_max),
MP_ROM_PTR(&mod_trezorcrypto_optiga_set_sec_max_obj)},
#endif
{MP_ROM_QSTR(MP_QSTR_DEVICE_CERT_INDEX),
MP_ROM_INT(OPTIGA_DEVICE_CERT_INDEX)},
{MP_ROM_QSTR(MP_QSTR_DEVICE_ECC_KEY_INDEX),

View File

@ -57,6 +57,8 @@ bool __wur optiga_read_cert(uint8_t index, uint8_t *cert, size_t max_cert_size,
bool __wur optiga_read_sec(uint8_t *sec);
void optiga_set_sec_max(void);
bool __wur optiga_random_buffer(uint8_t *dest, size_t size);
bool __wur optiga_pin_set(optiga_ui_progress_t ui_progress,

View File

@ -176,6 +176,20 @@ bool optiga_read_sec(uint8_t *sec) {
return ret == OPTIGA_SUCCESS && size == sizeof(uint8_t);
}
void optiga_set_sec_max(void) {
uint8_t invalid_point[] = {
0x03, 0x42, 0x00, 0x04, 0xe2, 0x67, 0x5b, 0xe0, 0xbb, 0xf4, 0xfb, 0x9d,
0xec, 0xaa, 0x1e, 0x96, 0xac, 0xc8, 0xa7, 0xca, 0xd0, 0x05, 0x84, 0xfe,
0xfd, 0x7f, 0x24, 0xc6, 0xe7, 0x72, 0x5b, 0x56, 0xb3, 0x45, 0x06, 0x67,
0xbc, 0x73, 0xe3, 0xb8, 0xf5, 0x5d, 0x1c, 0xad, 0xa0, 0x3e, 0x59, 0x1b,
0x3b, 0x9c, 0x6e, 0xc4, 0xb6, 0xd1, 0x05, 0xf7, 0xd8, 0xc0, 0x67, 0x0d,
0xfb, 0xcc, 0xea, 0xb1, 0x65, 0xdb, 0xa6, 0x5f};
uint8_t buffer[32] = {0};
size_t size = 0;
optiga_calc_ssec(OPTIGA_CURVE_P256, OID_PIN_ECDH, invalid_point,
sizeof(invalid_point), buffer, sizeof(buffer), &size);
}
uint32_t optiga_estimate_time_ms(storage_pin_op_t op) {
uint8_t sec = 0;
if (!optiga_read_sec(&sec)) {

View File

@ -88,6 +88,8 @@ bool optiga_read_sec(uint8_t *sec) {
return true;
}
void optiga_set_sec_max(void) {}
uint32_t optiga_estimate_time_ms(storage_pin_op_t op) { return 0; }
bool optiga_random_buffer(uint8_t *dest, size_t size) {

View File

@ -36,5 +36,12 @@ def get_sec() -> int | None:
"""
Returns the value of Optiga's security event counter.
"""
# extmod/modtrezorcrypto/modtrezorcrypto-optiga.h
def set_sec_max() -> None:
"""
Set Optiga's security event counter to maximum.
"""
DEVICE_CERT_INDEX: int
DEVICE_ECC_KEY_INDEX: int

View File

@ -22,6 +22,7 @@ if __debug__:
DebugLinkDecision,
DebugLinkEraseSdCard,
DebugLinkGetState,
DebugLinkOptigaSetSecMax,
DebugLinkRecordScreen,
DebugLinkReseedRandom,
DebugLinkResetDebugEvents,
@ -274,7 +275,21 @@ if __debug__:
register(
MessageType.DebugLinkResetDebugEvents, dispatch_DebugLinkResetDebugEvents
)
register(
MessageType.DebugLinkOptigaSetSecMax, dispatch_DebugLinkOptigaSetSecMax
)
loop.schedule(debuglink_decision_dispatcher())
if storage.layout_watcher is not LAYOUT_WATCHER_NONE:
loop.schedule(return_layout_change())
async def dispatch_DebugLinkOptigaSetSecMax(
msg: DebugLinkOptigaSetSecMax,
) -> Success:
if utils.USE_OPTIGA:
from trezor.crypto import optiga
optiga.set_sec_max()
return Success()
else:
raise wire.UnexpectedMessage("Optiga not supported")