From ed4a12be8c951a6f249c4bab6fbc2478c4172cda Mon Sep 17 00:00:00 2001
From: grdddj <jiri.musil06@seznam.cz>
Date: Tue, 21 Nov 2023 12:38:38 +0100
Subject: [PATCH] WIP - allocate blob in RAM for translations data

---
 core/src/apps/management/change_language.py | 21 ++++++++++++++-------
 core/src/trezor/translations.py             |  2 +-
 2 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/core/src/apps/management/change_language.py b/core/src/apps/management/change_language.py
index d51b887377c..040f76ffff0 100644
--- a/core/src/apps/management/change_language.py
+++ b/core/src/apps/management/change_language.py
@@ -120,32 +120,39 @@ async def change_language(msg: ChangeLanguage) -> Success:
     ):
         raise DataError("Invalid translations version")
 
-    # Confirm with user and wipe old data
+    # Confirm with user
     await _require_confirm_change_language(header.language)
-    translations.wipe()
 
     # TODO: add loader, so that the screen does not freeze?
 
+    # Loading all the data at once, so we can verify its fingerprint
+    # If we saved it gradually to the storage and only checked the fingerprint at the end
+    # (with the idea of deleting the data if the fingerprint does not match),
+    # attackers could still write some data into storage and then unplug the device.
+    blob = utils.empty_bytearray(translations.data_max_size())
+
     # Write the header
-    translations.write(header_data, 0)
+    blob.extend(header_data)
 
-    # Requesting the data in chunks and saving them
+    # Requesting the data in chunks and storing them in the blob
     # Also checking the hash of the data for consistency
     data_left = data_length - len(header_data)
     offset = len(header_data)
     hash_writer = utils.HashWriter(sha256())
     while data_left > 0:
         data_chunk = await get_data_chunk(data_left, offset)
-        translations.write(data_chunk, offset)
+        blob.extend(data_chunk)
         hash_writer.write(data_chunk)
         data_left -= len(data_chunk)
         offset += len(data_chunk)
 
-    # When the data do not match the hash, wipe all the written translations
+    # When the data do not match the hash, do not write anything
     if hash_writer.get_digest() != header.data_hash:
-        translations.wipe()
         raise DataError("Invalid data hash")
 
+    translations.wipe()
+    translations.write(blob, 0)
+
     return Success(message="Language changed")
 
 
diff --git a/core/src/trezor/translations.py b/core/src/trezor/translations.py
index ab78c044773..fec8981973f 100644
--- a/core/src/trezor/translations.py
+++ b/core/src/trezor/translations.py
@@ -12,7 +12,7 @@ def get_language() -> str:
     return DEFAULT_LANGUAGE
 
 
-def write(data: bytes, offset: int) -> None:
+def write(data: bytes | bytearray, offset: int) -> None:
     from trezor import wire
 
     if offset + len(data) > data_max_size():