trezor-firmware/tests/device_tests/test_msg_changepin.py

# This file is part of the Trezor project.
#
# Copyright (C) 2012-2019 SatoshiLabs and contributors
#
# This library is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License version 3
# as published by the Free Software Foundation.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the License along with this library.
# If not, see <https://www.gnu.org/licenses/lgpl-3.0.html>.

import pytest

from trezorlib import device, messages
from trezorlib.exceptions import TrezorFailure

from ..common import get_test_address

PIN4 = "1234"
PIN6 = "789456"


pytestmark = pytest.mark.skip_t2


def _check_pin(client, pin):
    client.lock()
    with client:
        client.use_pin_sequence([pin])
        client.set_expected_responses([messages.PinMatrixRequest, messages.Address])
        get_test_address(client)


def _check_no_pin(client):
    client.lock()
    with client:
        client.set_expected_responses([messages.Address])
        get_test_address(client)


def test_set_pin(client):
    assert client.features.pin_protection is False

    # Check that there's no PIN protection
    _check_no_pin(client)

    # Let's set new PIN
    with client:
        client.use_pin_sequence([PIN6, PIN6])
        client.set_expected_responses(
            [
                messages.ButtonRequest(code=messages.ButtonRequestType.ProtectCall),
                messages.PinMatrixRequest,
                messages.PinMatrixRequest,
                messages.Success,
                messages.Features,
            ]
        )
        device.change_pin(client)

    # Check that there's PIN protection now
    assert client.features.pin_protection is True
    # Check that the PIN is correct
    _check_pin(client, PIN6)


@pytest.mark.setup_client(pin=PIN4)
def test_change_pin(client):
    assert client.features.pin_protection is True
    # Check that there's PIN protection
    _check_pin(client, PIN4)

    # Let's change PIN
    with client:
        client.use_pin_sequence([PIN4, PIN6, PIN6])
        client.set_expected_responses(
            [
                messages.ButtonRequest(code=messages.ButtonRequestType.ProtectCall),
                messages.PinMatrixRequest,
                messages.PinMatrixRequest,
                messages.PinMatrixRequest,
                messages.Success,
                messages.Features,
            ]
        )
        device.change_pin(client)

    # Check that there's still PIN protection now
    assert client.features.pin_protection is True
    # Check that the PIN is correct
    _check_pin(client, PIN6)


@pytest.mark.setup_client(pin=PIN4)
def test_remove_pin(client):
    assert client.features.pin_protection is True
    # Check that there's PIN protection
    _check_pin(client, PIN4)

    # Let's remove PIN
    with client:
        client.use_pin_sequence([PIN4])
        client.set_expected_responses(
            [
                messages.ButtonRequest(code=messages.ButtonRequestType.ProtectCall),
                messages.PinMatrixRequest,
                messages.Success,
                messages.Features,
            ]
        )
        device.change_pin(client, remove=True)

    # Check that there's no PIN protection now
    assert client.features.pin_protection is False
    _check_no_pin(client)


def test_set_mismatch(client):
    assert client.features.pin_protection is False
    # Check that there's no PIN protection
    _check_no_pin(client)

    # Let's set new PIN
    with pytest.raises(TrezorFailure, match="PIN mismatch"), client:
        # use different PINs for first and second attempt. This will fail.
        client.use_pin_sequence([PIN4, PIN6])
        client.set_expected_responses(
            [
                messages.ButtonRequest(code=messages.ButtonRequestType.ProtectCall),
                messages.PinMatrixRequest,
                messages.PinMatrixRequest,
                messages.Failure,
            ]
        )
        device.change_pin(client)

    # Check that there's still no PIN protection now
    client.init_device()
    assert client.features.pin_protection is False
    _check_no_pin(client)


@pytest.mark.setup_client(pin=PIN4)
def test_change_mismatch(client):
    assert client.features.pin_protection is True

    # Let's set new PIN
    with pytest.raises(TrezorFailure, match="PIN mismatch"), client:
        client.use_pin_sequence([PIN4, PIN6, PIN6 + "3"])
        client.set_expected_responses(
            [
                messages.ButtonRequest(code=messages.ButtonRequestType.ProtectCall),
                messages.PinMatrixRequest,
                messages.PinMatrixRequest,
                messages.PinMatrixRequest,
                messages.Failure,
            ]
        )
        device.change_pin(client)

    # Check that there's still old PIN protection
    client.init_device()
    assert client.features.pin_protection is True
    _check_pin(client, PIN4)


@pytest.mark.parametrize("invalid_pin", ("1204", "", "1234567891"))
def test_set_invalid(client, invalid_pin):
    assert client.features.pin_protection is False

    # Let's set an invalid PIN
    ret = client.call_raw(messages.ChangePin())
    assert isinstance(ret, messages.ButtonRequest)

    # Press button
    client.debug.press_yes()
    ret = client.call_raw(messages.ButtonAck())

    # Send a PIN containing an invalid digit
    assert isinstance(ret, messages.PinMatrixRequest)
    ret = client.call_raw(messages.PinMatrixAck(pin=invalid_pin))

    # Ensure the invalid PIN is detected
    assert isinstance(ret, messages.Failure)

    # Check that there's still no PIN protection now
    client.init_device()
    assert client.features.pin_protection is False
    _check_no_pin(client)


@pytest.mark.parametrize("invalid_pin", ("1204", "", "1234567891"))
@pytest.mark.setup_client(pin=PIN4)
def test_enter_invalid(client, invalid_pin):
    assert client.features.pin_protection is True

    # use an invalid PIN
    ret = client.call_raw(messages.GetAddress())

    # Send a PIN containing an invalid digit
    assert isinstance(ret, messages.PinMatrixRequest)
    ret = client.call_raw(messages.PinMatrixAck(pin=invalid_pin))

    # Ensure the invalid PIN is detected
    assert isinstance(ret, messages.Failure)
regenerate license headers This clarifies the intent: the project is licenced under terms of LGPL version 3 only, but the standard headers cover only "3 or later", so we had to rewrite them. In the same step, we removed author information from individual files in favor of "SatoshiLabs and contributors", and include an AUTHORS file that lists the contributors. Apologies to those whose names are missing; please contact us if you wish to add your info to the AUTHORS file. 2018-06-21 14:28:34 +00:00			`# This file is part of the Trezor project.`
add license headers to unit tests 2017-01-03 18:40:05 +00:00			`#`
python: add or update licence headers 2019-05-29 16:44:09 +00:00			`# Copyright (C) 2012-2019 SatoshiLabs and contributors`
add license headers to unit tests 2017-01-03 18:40:05 +00:00			`#`
			`# This library is free software: you can redistribute it and/or modify`
regenerate license headers This clarifies the intent: the project is licenced under terms of LGPL version 3 only, but the standard headers cover only "3 or later", so we had to rewrite them. In the same step, we removed author information from individual files in favor of "SatoshiLabs and contributors", and include an AUTHORS file that lists the contributors. Apologies to those whose names are missing; please contact us if you wish to add your info to the AUTHORS file. 2018-06-21 14:28:34 +00:00			`# it under the terms of the GNU Lesser General Public License version 3`
			`# as published by the Free Software Foundation.`
add license headers to unit tests 2017-01-03 18:40:05 +00:00			`#`
			`# This library is distributed in the hope that it will be useful,`
			`# but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`# GNU Lesser General Public License for more details.`
			`#`
regenerate license headers This clarifies the intent: the project is licenced under terms of LGPL version 3 only, but the standard headers cover only "3 or later", so we had to rewrite them. In the same step, we removed author information from individual files in favor of "SatoshiLabs and contributors", and include an AUTHORS file that lists the contributors. Apologies to those whose names are missing; please contact us if you wish to add your info to the AUTHORS file. 2018-06-21 14:28:34 +00:00			`# You should have received a copy of the License along with this library.`
			`# If not, see <https://www.gnu.org/licenses/lgpl-3.0.html>.`

tests/device_tests: remove all star imports 2018-05-11 12:53:51 +00:00			`import pytest`
add license headers to unit tests 2017-01-03 18:40:05 +00:00
tests: refactor T1 changepin test 2020-04-27 14:37:16 +00:00			`from trezorlib import device, messages`
			`from trezorlib.exceptions import TrezorFailure`
style: use flake8 2017-06-23 19:31:42 +00:00
chore(tests): update to kwargs usage and new btc.sign_tx API 2020-09-15 11:06:41 +00:00			`from ..common import get_test_address`

tests: drop TrezorTest class 2019-09-11 12:29:39 +00:00			`PIN4 = "1234"`
			`PIN6 = "789456"`
style: apply black/isort 2018-08-13 16:21:24 +00:00
ChangePin unittest 2014-02-21 03:46:33 +00:00
tests: refactor T1 changepin test 2020-04-27 14:37:16 +00:00			`pytestmark = pytest.mark.skip_t2`


			`def _check_pin(client, pin):`
tests: use new trezorlib locking/sessioning API where appropriate 2020-08-25 14:28:32 +00:00			`client.lock()`
tests: refactor T1 changepin test 2020-04-27 14:37:16 +00:00			`with client:`
			`client.use_pin_sequence([pin])`
chore(tests): update to kwargs usage and new btc.sign_tx API 2020-09-15 11:06:41 +00:00			`client.set_expected_responses([messages.PinMatrixRequest, messages.Address])`
			`get_test_address(client)`
tests: refactor T1 changepin test 2020-04-27 14:37:16 +00:00

			`def _check_no_pin(client):`
tests: use new trezorlib locking/sessioning API where appropriate 2020-08-25 14:28:32 +00:00			`client.lock()`
tests: refactor T1 changepin test 2020-04-27 14:37:16 +00:00			`with client:`
chore(tests): update to kwargs usage and new btc.sign_tx API 2020-09-15 11:06:41 +00:00			`client.set_expected_responses([messages.Address])`
			`get_test_address(client)`
tests: refactor T1 changepin test 2020-04-27 14:37:16 +00:00

			`def test_set_pin(client):`
			`assert client.features.pin_protection is False`

			`# Check that there's no PIN protection`
			`_check_no_pin(client)`

			`# Let's set new PIN`
			`with client:`
			`client.use_pin_sequence([PIN6, PIN6])`
			`client.set_expected_responses(`
			`[`
			`messages.ButtonRequest(code=messages.ButtonRequestType.ProtectCall),`
chore(tests): update to kwargs usage and new btc.sign_tx API 2020-09-15 11:06:41 +00:00			`messages.PinMatrixRequest,`
			`messages.PinMatrixRequest,`
			`messages.Success,`
			`messages.Features,`
tests: refactor T1 changepin test 2020-04-27 14:37:16 +00:00			`]`
			`)`
			`device.change_pin(client)`

			`# Check that there's PIN protection now`
			`assert client.features.pin_protection is True`
			`# Check that the PIN is correct`
			`_check_pin(client, PIN6)`


			`@pytest.mark.setup_client(pin=PIN4)`
			`def test_change_pin(client):`
			`assert client.features.pin_protection is True`
			`# Check that there's PIN protection`
			`_check_pin(client, PIN4)`

			`# Let's change PIN`
			`with client:`
			`client.use_pin_sequence([PIN4, PIN6, PIN6])`
			`client.set_expected_responses(`
			`[`
			`messages.ButtonRequest(code=messages.ButtonRequestType.ProtectCall),`
chore(tests): update to kwargs usage and new btc.sign_tx API 2020-09-15 11:06:41 +00:00			`messages.PinMatrixRequest,`
			`messages.PinMatrixRequest,`
			`messages.PinMatrixRequest,`
			`messages.Success,`
			`messages.Features,`
tests: refactor T1 changepin test 2020-04-27 14:37:16 +00:00			`]`
			`)`
			`device.change_pin(client)`

			`# Check that there's still PIN protection now`
			`assert client.features.pin_protection is True`
			`# Check that the PIN is correct`
			`_check_pin(client, PIN6)`


			`@pytest.mark.setup_client(pin=PIN4)`
			`def test_remove_pin(client):`
			`assert client.features.pin_protection is True`
			`# Check that there's PIN protection`
			`_check_pin(client, PIN4)`

			`# Let's remove PIN`
			`with client:`
			`client.use_pin_sequence([PIN4])`
			`client.set_expected_responses(`
			`[`
			`messages.ButtonRequest(code=messages.ButtonRequestType.ProtectCall),`
chore(tests): update to kwargs usage and new btc.sign_tx API 2020-09-15 11:06:41 +00:00			`messages.PinMatrixRequest,`
			`messages.Success,`
			`messages.Features,`
tests: refactor T1 changepin test 2020-04-27 14:37:16 +00:00			`]`
			`)`
			`device.change_pin(client, remove=True)`

			`# Check that there's no PIN protection now`
			`assert client.features.pin_protection is False`
			`_check_no_pin(client)`


			`def test_set_mismatch(client):`
			`assert client.features.pin_protection is False`
			`# Check that there's no PIN protection`
			`_check_no_pin(client)`

			`# Let's set new PIN`
			`with pytest.raises(TrezorFailure, match="PIN mismatch"), client:`
			`# use different PINs for first and second attempt. This will fail.`
			`client.use_pin_sequence([PIN4, PIN6])`
			`client.set_expected_responses(`
			`[`
			`messages.ButtonRequest(code=messages.ButtonRequestType.ProtectCall),`
chore(tests): update to kwargs usage and new btc.sign_tx API 2020-09-15 11:06:41 +00:00			`messages.PinMatrixRequest,`
			`messages.PinMatrixRequest,`
			`messages.Failure,`
tests: refactor T1 changepin test 2020-04-27 14:37:16 +00:00			`]`
			`)`
			`device.change_pin(client)`

			`# Check that there's still no PIN protection now`
			`client.init_device()`
			`assert client.features.pin_protection is False`
			`_check_no_pin(client)`


			`@pytest.mark.setup_client(pin=PIN4)`
			`def test_change_mismatch(client):`
			`assert client.features.pin_protection is True`

			`# Let's set new PIN`
			`with pytest.raises(TrezorFailure, match="PIN mismatch"), client:`
			`client.use_pin_sequence([PIN4, PIN6, PIN6 + "3"])`
			`client.set_expected_responses(`
			`[`
			`messages.ButtonRequest(code=messages.ButtonRequestType.ProtectCall),`
chore(tests): update to kwargs usage and new btc.sign_tx API 2020-09-15 11:06:41 +00:00			`messages.PinMatrixRequest,`
			`messages.PinMatrixRequest,`
			`messages.PinMatrixRequest,`
			`messages.Failure,`
tests: refactor T1 changepin test 2020-04-27 14:37:16 +00:00			`]`
			`)`
			`device.change_pin(client)`

			`# Check that there's still old PIN protection`
			`client.init_device()`
			`assert client.features.pin_protection is True`
			`_check_pin(client, PIN4)`


			`@pytest.mark.parametrize("invalid_pin", ("1204", "", "1234567891"))`
			`def test_set_invalid(client, invalid_pin):`
			`assert client.features.pin_protection is False`

			`# Let's set an invalid PIN`
			`ret = client.call_raw(messages.ChangePin())`
			`assert isinstance(ret, messages.ButtonRequest)`

			`# Press button`
			`client.debug.press_yes()`
			`ret = client.call_raw(messages.ButtonAck())`

			`# Send a PIN containing an invalid digit`
			`assert isinstance(ret, messages.PinMatrixRequest)`
			`ret = client.call_raw(messages.PinMatrixAck(pin=invalid_pin))`

			`# Ensure the invalid PIN is detected`
			`assert isinstance(ret, messages.Failure)`

			`# Check that there's still no PIN protection now`
			`client.init_device()`
			`assert client.features.pin_protection is False`
			`_check_no_pin(client)`


			`@pytest.mark.parametrize("invalid_pin", ("1204", "", "1234567891"))`
			`@pytest.mark.setup_client(pin=PIN4)`
			`def test_enter_invalid(client, invalid_pin):`
			`assert client.features.pin_protection is True`

			`# use an invalid PIN`
			`ret = client.call_raw(messages.GetAddress())`

			`# Send a PIN containing an invalid digit`
			`assert isinstance(ret, messages.PinMatrixRequest)`
			`ret = client.call_raw(messages.PinMatrixAck(pin=invalid_pin))`

			`# Ensure the invalid PIN is detected`
			`assert isinstance(ret, messages.Failure)`