arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-01-31 09:50:58 +00:00
Code Issues Releases Wiki Activity

feat(core): Optimize Optiga counter initialization.

Browse Source 
[no changelog]
This commit is contained in:
Andrew Kozlik 2024-06-26 11:16:54 +02:00 committed by Andrew Kozlik
parent 869b6fe6dc
commit ff653f038e
1 changed files with 8 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
core/embed/trezorhal/optiga/optiga.c
View File

@ -62,6 +62,10 @@
// Value of the PIN counter when it is reset. // Value of the PIN counter when it is reset.
static const uint8_t COUNTER_RESET[] = {0, 0, 0, 0, 0, 0, 0, PIN_MAX_TRIES}; static const uint8_t COUNTER_RESET[] = {0, 0, 0, 0, 0, 0, 0, PIN_MAX_TRIES};
// Value of the PIN counter with one extra attempt needed in optiga_pin_set().
static const uint8_t COUNTER_RESET_EXTRA[] = {0, 0, 0, 0,
0, 0, 0, PIN_MAX_TRIES + 1};
// Initial value of the counter which limits the total number of PIN stretching // Initial value of the counter which limits the total number of PIN stretching
// operations. The limit is 600000 stretching operations, which equates to // operations. The limit is 600000 stretching operations, which equates to
// 300000 / PIN_STRETCH_ITERATIONS unlock operations over the lifetime of the // 300000 / PIN_STRETCH_ITERATIONS unlock operations over the lifetime of the
@ -578,10 +582,10 @@ bool optiga_pin_set(OPTIGA_UI_PROGRESS ui_progress,
goto end; goto end;
} }
// Initialize the counter which limits the guesses at OID_STRETCHED_PIN so // Initialize the counter which limits the guesses at OID_STRETCHED_PIN with
// that we can authorise using OID_STRETCHED_PIN. // one extra attempt that we will use up in the next step.
if (optiga_set_data_object(OID_STRETCHED_PIN_CTR, false, COUNTER_RESET, if (optiga_set_data_object(OID_STRETCHED_PIN_CTR, false, COUNTER_RESET_EXTRA,
sizeof(COUNTER_RESET)) != OPTIGA_SUCCESS) { sizeof(COUNTER_RESET_EXTRA)) != OPTIGA_SUCCESS) {
ret = false; ret = false;
goto end; goto end;
} }
@ -603,14 +607,6 @@ bool optiga_pin_set(OPTIGA_UI_PROGRESS ui_progress,
goto end; goto end;
} }
// Initialize the counter which limits the guesses at OID_STRETCHED_PIN again,
// since we just depleted one attempt.
if (optiga_set_data_object(OID_STRETCHED_PIN_CTR, false, COUNTER_RESET,
sizeof(COUNTER_RESET)) != OPTIGA_SUCCESS) {
ret = false;
goto end;
}
// Initialize the PIN counter which limits the use of OID_PIN_HMAC. // Initialize the PIN counter which limits the use of OID_PIN_HMAC.
if (optiga_set_data_object(OID_PIN_HMAC_CTR, false, COUNTER_RESET, if (optiga_set_data_object(OID_PIN_HMAC_CTR, false, COUNTER_RESET,
sizeof(COUNTER_RESET)) != OPTIGA_SUCCESS) { sizeof(COUNTER_RESET)) != OPTIGA_SUCCESS) {