def set_sd_salt(salt: bytes, salt_tag: bytes, stage: bool = False) -> None:
salt_path = _get_salt_path(stage)
fatfs.mkdir("/trezor", True)
fatfs.mkdir(_get_device_dir(), True)
with fatfs.open(salt_path, "w") as f:
f.write(salt)
f.write(salt_tag)
def _load_salt(auth_key: bytes, path: str) -> Optional[bytearray]:
# Load the salt file if it exists.
try:
with fatfs.open(path, "r") as f:
salt = bytearray(SD_SALT_LEN_BYTES)
stored_tag = bytearray(SD_SALT_AUTH_TAG_LEN_BYTES)
f.read(salt)
f.read(stored_tag)
except fatfs.FatFSError:
return None
# Check the salt's authentication tag.
computed_tag = compute_auth_tag(salt, auth_key)
if not consteq(computed_tag, stored_tag):
return None
return salt