1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-01 20:08:26 +00:00
trezor-firmware/tests/device_tests/test_protection_levels.py

458 lines
15 KiB
Python
Raw Normal View History

# This file is part of the Trezor project.
2017-01-03 18:40:05 +00:00
#
2019-05-29 16:44:09 +00:00
# Copyright (C) 2012-2019 SatoshiLabs and contributors
2017-01-03 18:40:05 +00:00
#
# This library is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License version 3
# as published by the Free Software Foundation.
2017-01-03 18:40:05 +00:00
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the License along with this library.
# If not, see <https://www.gnu.org/licenses/lgpl-3.0.html>.
import pytest
2017-01-03 18:40:05 +00:00
from trezorlib import btc, device, messages, misc, models
from trezorlib.debuglink import LayoutType
2024-11-15 16:31:22 +00:00
from trezorlib.debuglink import SessionDebugWrapper as Session
from trezorlib.exceptions import TrezorFailure
from trezorlib.tools import parse_path
from ..common import MNEMONIC12, WITH_MOCK_URANDOM, get_test_address, is_core
2020-03-03 16:29:02 +00:00
from ..tx_cache import TxCache
from .bitcoin.signtx import (
request_finished,
request_input,
request_meta,
request_output,
)
B = messages.ButtonRequestType
2017-05-15 12:14:45 +00:00
TXHASH_50f6f1 = bytes.fromhex(
"50f6f1209ca92d7359564be803cb2c932cde7d370f7cee50fd1fad6790f6206d"
2018-08-13 16:21:24 +00:00
)
2017-05-15 12:14:45 +00:00
PIN4 = "1234"
2017-05-15 12:14:45 +00:00
pytestmark = pytest.mark.setup_client(pin=PIN4, passphrase=True)
2024-11-15 16:31:22 +00:00
def _pin_request(session: Session):
"""Get appropriate PIN request for each model"""
2024-11-15 16:31:22 +00:00
if session.model is models.T1B1:
return messages.PinMatrixRequest
else:
return messages.ButtonRequest(code=B.PinEntry)
def _assert_protection(
2024-11-15 16:31:22 +00:00
session: Session, pin: bool = True, passphrase: bool = True
) -> None:
"""Make sure PIN and passphrase protection have expected values"""
2024-11-15 16:31:22 +00:00
with session, session.client as client:
client.use_pin_sequence([PIN4])
2024-11-15 16:31:22 +00:00
session.ensure_unlocked()
client.refresh_features()
assert client.features.pin_protection is pin
assert client.features.passphrase_protection is passphrase
2024-11-15 16:31:22 +00:00
session.lock()
# TODO session.clear_session()
2024-11-15 16:31:22 +00:00
def test_initialize(session: Session):
# The with block is temporary until the test is skipped for THP
with session, session.client as client:
client.use_pin_sequence([PIN4])
session.ensure_unlocked()
raise Exception("INITIALIZE IS DISABLED")
_assert_protection(session)
with session:
session.set_expected_responses([messages.Features])
# TODO session.init_device()
@pytest.mark.models("core")
@pytest.mark.setup_client(pin=PIN4)
@pytest.mark.parametrize("passphrase", (True, False))
2024-11-15 16:31:22 +00:00
def test_passphrase_reporting(session: Session, passphrase):
"""On TT, passphrase_protection is a private setting, so a locked device should
report passphrase_protection=None.
"""
2024-11-15 16:31:22 +00:00
with session, session.client as client:
client.use_pin_sequence([PIN4])
2024-11-15 16:31:22 +00:00
device.apply_settings(session, use_passphrase=passphrase)
2024-11-15 16:31:22 +00:00
session.lock()
# on a locked device, passphrase_protection should be None
2024-11-15 16:31:22 +00:00
assert session.features.unlocked is False
assert session.features.passphrase_protection is None
# on an unlocked device, protection should be reported accurately
2024-11-15 16:31:22 +00:00
_assert_protection(session, pin=True, passphrase=passphrase)
# after re-locking, the setting should be hidden again
2024-11-15 16:31:22 +00:00
session.lock()
assert session.features.unlocked is False
assert session.features.passphrase_protection is None
2024-11-15 16:31:22 +00:00
def test_apply_settings(session: Session):
_assert_protection(session)
2024-11-15 16:31:22 +00:00
with session, session.client as client:
client.use_pin_sequence([PIN4])
2024-11-15 16:31:22 +00:00
session.set_expected_responses(
[
2024-11-15 16:31:22 +00:00
_pin_request(session),
messages.ButtonRequest,
messages.Success,
2024-11-15 16:31:22 +00:00
# messages.Features,
]
2024-11-15 16:31:22 +00:00
)
device.apply_settings(session, label="nazdar")
@pytest.mark.models("legacy")
2024-11-15 16:31:22 +00:00
def test_change_pin_t1(session: Session):
_assert_protection(session)
with session, session.client as client:
client.use_pin_sequence([PIN4, PIN4, PIN4])
2024-11-15 16:31:22 +00:00
session.set_expected_responses(
[
messages.ButtonRequest,
2024-11-15 16:31:22 +00:00
_pin_request(session),
_pin_request(session),
_pin_request(session),
messages.Success,
messages.Features,
]
)
2024-11-15 16:31:22 +00:00
device.change_pin(session)
@pytest.mark.models("core")
2024-11-15 16:31:22 +00:00
def test_change_pin_t2(session: Session):
_assert_protection(session)
with session, session.client as client:
client.use_pin_sequence([PIN4, PIN4, PIN4, PIN4])
2024-11-15 16:31:22 +00:00
session.set_expected_responses(
[
2024-11-15 16:31:22 +00:00
_pin_request(session),
messages.ButtonRequest,
2024-11-15 16:31:22 +00:00
_pin_request(session),
_pin_request(session),
(session.client.layout_type is LayoutType.TR, messages.ButtonRequest),
_pin_request(session),
messages.ButtonRequest,
messages.Success,
2024-11-15 16:31:22 +00:00
# messages.Features,
]
)
2024-11-15 16:31:22 +00:00
device.change_pin(session)
@pytest.mark.setup_client(pin=None, passphrase=False)
2024-11-15 16:31:22 +00:00
def test_ping(session: Session):
_assert_protection(session, pin=False, passphrase=False)
with session:
session.set_expected_responses([messages.ButtonRequest, messages.Success])
session.call(messages.Ping(message="msg", button_protection=True))
2024-11-15 16:31:22 +00:00
def test_get_entropy(session: Session):
_assert_protection(session)
with session, session.client as client:
client.use_pin_sequence([PIN4])
2024-11-15 16:31:22 +00:00
session.set_expected_responses(
[
2024-11-15 16:31:22 +00:00
_pin_request(session),
messages.ButtonRequest(code=B.ProtectCall),
messages.Entropy,
]
)
2024-11-15 16:31:22 +00:00
misc.get_entropy(session, 10)
2024-11-15 16:31:22 +00:00
def test_get_public_key(session: Session):
_assert_protection(session)
with session, session.client as client:
client.use_pin_sequence([PIN4])
2024-11-15 16:31:22 +00:00
session.set_expected_responses(
[
2024-11-15 16:31:22 +00:00
_pin_request(session),
# messages.PassphraseRequest,
messages.PublicKey,
]
)
2024-11-15 16:31:22 +00:00
btc.get_public_node(session, [])
2024-11-15 16:31:22 +00:00
def test_get_address(session: Session):
_assert_protection(session)
with session, session.client as client:
client.use_pin_sequence([PIN4])
2024-11-15 16:31:22 +00:00
session.set_expected_responses(
[
2024-11-15 16:31:22 +00:00
_pin_request(session),
# messages.PassphraseRequest,
messages.Address,
]
)
2024-11-15 16:31:22 +00:00
get_test_address(session)
def test_wipe_device(session: Session):
raise Exception("WIPE causes test fails on THP")
# Precise cause of crash is not determined, it happens with some order of
# tests, but not with all. The following leads to crash:
# pytest --random-order-seed=675848 tests/device_tests/test_protection_levels.py
#
# Traceback (most recent call last):
# File "trezor/wire/__init__.py", line 70, in handle_session
# File "trezor/wire/thp_main.py", line 79, in thp_main_loop
# File "trezor/wire/thp_main.py", line 145, in _handle_allocated
# File "trezor/wire/thp/received_message_handler.py", line 123, in handle_received_message
# File "trezor/wire/thp/received_message_handler.py", line 231, in _handle_state_TH1
# File "trezor/wire/thp/crypto.py", line 93, in handle_th1_crypto
# File "trezor/wire/thp/crypto.py", line 178, in _derive_static_key_pair
# File "storage/device.py", line 364, in get_device_secret
# File "storage/common.py", line 21, in set
# RuntimeError: Could not save value
_assert_protection(session)
with session:
session.set_expected_responses([messages.ButtonRequest, messages.Success])
device.wipe(session)
client = session.client.get_new_client()
session = Session(client.get_management_session())
with session, session.client as client:
client.use_pin_sequence([PIN4])
session.set_expected_responses([messages.Features])
session.call(messages.GetFeatures())
@pytest.mark.setup_client(uninitialized=True)
@pytest.mark.models("legacy")
2024-11-15 16:31:22 +00:00
def test_reset_device(session: Session):
assert session.features.pin_protection is False
assert session.features.passphrase_protection is False
with WITH_MOCK_URANDOM, session:
session.set_expected_responses(
[messages.ButtonRequest]
+ [messages.EntropyRequest]
+ [messages.ButtonRequest] * 24
+ [messages.Success, messages.Features]
)
2024-08-22 16:49:48 +00:00
device.reset(
2024-11-15 16:31:22 +00:00
session,
2024-08-22 16:49:48 +00:00
strength=128,
passphrase_protection=True,
pin_protection=False,
label="label",
)
2024-11-15 16:31:22 +00:00
session.call(messages.GetFeatures())
with pytest.raises(TrezorFailure):
# This must fail, because device is already initialized
# Using direct call because `device.reset` has its own check
2024-11-15 16:31:22 +00:00
session.call(
messages.ResetDevice(
strength=128,
passphrase_protection=True,
pin_protection=False,
label="label",
2018-08-13 16:21:24 +00:00
)
)
@pytest.mark.setup_client(uninitialized=True)
@pytest.mark.models("legacy")
2024-11-15 16:31:22 +00:00
def test_recovery_device(session: Session):
assert session.features.pin_protection is False
assert session.features.passphrase_protection is False
session.client.use_mnemonic(MNEMONIC12)
with session:
session.set_expected_responses(
[messages.ButtonRequest]
+ [messages.WordRequest] * 24
2024-11-15 16:31:22 +00:00
+ [messages.Success] # , messages.Features]
2017-06-23 19:31:42 +00:00
)
device.recover(
2024-11-15 16:31:22 +00:00
session,
2023-05-04 12:18:55 +00:00
12,
False,
False,
"label",
2024-11-15 16:31:22 +00:00
input_callback=session.client.mnemonic_callback,
2017-06-23 19:31:42 +00:00
)
with pytest.raises(TrezorFailure):
# This must fail, because device is already initialized
# Using direct call because `device.recover` has its own check
2024-11-15 16:31:22 +00:00
session.call(
messages.RecoveryDevice(
word_count=12,
passphrase_protection=False,
pin_protection=False,
label="label",
2018-08-13 16:21:24 +00:00
)
)
2024-11-15 16:31:22 +00:00
def test_sign_message(session: Session):
_assert_protection(session)
with session, session.client as client:
client.use_pin_sequence([PIN4])
2024-11-15 16:31:22 +00:00
session.set_expected_responses(
[
2024-11-15 16:31:22 +00:00
_pin_request(session),
# messages.PassphraseRequest,
messages.ButtonRequest,
messages.ButtonRequest,
messages.MessageSignature,
]
)
btc.sign_message(
2024-11-15 16:31:22 +00:00
session, "Bitcoin", parse_path("m/44h/0h/0h/0/0"), "testing message"
)
@pytest.mark.models("legacy")
2024-11-15 16:31:22 +00:00
def test_verify_message_t1(session: Session):
_assert_protection(session)
with session:
session.set_expected_responses(
[
messages.ButtonRequest,
messages.ButtonRequest,
messages.ButtonRequest,
messages.Success,
]
)
btc.verify_message(
2024-11-15 16:31:22 +00:00
session,
"Bitcoin",
"14LmW5k4ssUrtbAB4255zdqv3b4w1TuX9e",
bytes.fromhex(
"209e23edf0e4e47ff1dec27f32cd78c50e74ef018ee8a6adf35ae17c7a9b0dd96f48b493fd7dbab03efb6f439c6383c9523b3bbc5f1a7d158a6af90ab154e9be80"
),
"This is an example of a signed message.",
)
@pytest.mark.models("core")
2024-11-15 16:31:22 +00:00
def test_verify_message_t2(session: Session):
_assert_protection(session)
with session, session.client as client:
client.use_pin_sequence([PIN4])
2024-11-15 16:31:22 +00:00
session.set_expected_responses(
[
2024-11-15 16:31:22 +00:00
_pin_request(session),
messages.ButtonRequest,
messages.ButtonRequest,
messages.ButtonRequest,
messages.Success,
]
)
btc.verify_message(
2024-11-15 16:31:22 +00:00
session,
"Bitcoin",
"14LmW5k4ssUrtbAB4255zdqv3b4w1TuX9e",
bytes.fromhex(
"209e23edf0e4e47ff1dec27f32cd78c50e74ef018ee8a6adf35ae17c7a9b0dd96f48b493fd7dbab03efb6f439c6383c9523b3bbc5f1a7d158a6af90ab154e9be80"
),
"This is an example of a signed message.",
)
2024-11-15 16:31:22 +00:00
def test_signtx(session: Session):
# input tx: 50f6f1209ca92d7359564be803cb2c932cde7d370f7cee50fd1fad6790f6206d
inp1 = messages.TxInputType(
address_n=parse_path("m/44h/0h/0h/0/5"), # 1GA9u9TfCG7SWmKCveBumdA1TZpfom6ZdJ
amount=50_000,
prev_hash=TXHASH_50f6f1,
prev_index=1,
)
out1 = messages.TxOutputType(
address="1MJ2tj2ThBE62zXbBYA5ZaN3fdve5CPAz1",
amount=50_000 - 10_000,
script_type=messages.OutputScriptType.PAYTOADDRESS,
)
2024-11-15 16:31:22 +00:00
_assert_protection(session)
with session, session.client as client:
client.use_pin_sequence([PIN4])
2024-11-15 16:31:22 +00:00
session.set_expected_responses(
[
2024-11-15 16:31:22 +00:00
_pin_request(session),
# messages.PassphraseRequest,
request_input(0),
request_output(0),
messages.ButtonRequest(code=B.ConfirmOutput),
2024-11-15 16:31:22 +00:00
(is_core(session), messages.ButtonRequest(code=B.ConfirmOutput)),
messages.ButtonRequest(code=B.SignTx),
request_input(0),
request_meta(TXHASH_50f6f1),
request_input(0, TXHASH_50f6f1),
request_output(0, TXHASH_50f6f1),
request_output(1, TXHASH_50f6f1),
request_input(0),
request_output(0),
request_output(0),
request_finished(),
]
)
2024-11-15 16:31:22 +00:00
btc.sign_tx(session, "Bitcoin", [inp1], [out1], prev_txes=TxCache("Bitcoin"))
# def test_firmware_erase():
# pass
# def test_firmware_upload():
# pass
@pytest.mark.setup_client(pin=PIN4, passphrase=False)
2024-11-15 16:31:22 +00:00
def test_unlocked(session: Session):
session.lock()
assert session.features.unlocked is False
2024-11-15 16:31:22 +00:00
_assert_protection(session, passphrase=False)
with session, session.client as client:
client.use_pin_sequence([PIN4])
2024-11-15 16:31:22 +00:00
session.set_expected_responses([_pin_request(session), messages.Address])
get_test_address(session)
2024-11-15 16:31:22 +00:00
session.refresh_features()
assert session.features.unlocked is True
with session:
session.set_expected_responses([messages.Address])
get_test_address(session)
@pytest.mark.setup_client(pin=None, passphrase=True)
2024-11-15 16:31:22 +00:00
def test_passphrase_cached(session: Session):
_assert_protection(session, pin=False)
with session:
session.set_expected_responses(
[
# messages.PassphraseRequest,
messages.Address
]
)
get_test_address(session)
with session:
session.set_expected_responses([messages.Address])
get_test_address(session)