trezor-firmware/src/apps/common/request_pin.py

from trezor import ui
from trezor import wire
from trezor.utils import unimport

if __debug__:
    matrix = None


@unimport
async def request_pin_on_display(ctx: wire.Context, code: int=None) -> str:
    from trezor.messages.ButtonRequest import ButtonRequest
    from trezor.messages.ButtonRequestType import ProtectCall
    from trezor.messages.FailureType import PinCancelled
    from trezor.messages.wire_types import ButtonAck
    from trezor.ui.confirm import ConfirmDialog, CONFIRMED
    from trezor.ui.pin import PinMatrix

    if __debug__:
        global matrix

    _, label = _get_code_and_label(code)

    await ctx.call(ButtonRequest(code=ProtectCall),
                   ButtonAck)

    ui.display.clear()
    matrix = PinMatrix(label)
    dialog = ConfirmDialog(matrix)

    result = await dialog
    pin = matrix.pin
    matrix = None

    if result != CONFIRMED:
        raise wire.FailureError(PinCancelled, 'PIN cancelled')

    return pin


@unimport
async def request_pin_on_client(ctx: wire.Context, code: int=None) -> str:
    from trezor.messages.FailureType import PinCancelled
    from trezor.messages.PinMatrixRequest import PinMatrixRequest
    from trezor.messages.wire_types import PinMatrixAck, Cancel
    from trezor.ui.pin import PinMatrix

    if __debug__:
        global matrix

    code, label = _get_code_and_label(code)

    ui.display.clear()
    matrix = PinMatrix(label)
    matrix.render()

    ack = await ctx.call(PinMatrixRequest(type=code),
                         PinMatrixAck, Cancel)
    digits = matrix.digits
    matrix = None

    if ack.MESSAGE_WIRE_TYPE == Cancel:
        raise wire.FailureError(PinCancelled, 'PIN cancelled')
    return _decode_pin(ack.pin, digits)


request_pin = request_pin_on_display


@unimport
async def request_pin_twice(ctx: wire.Context) -> str:
    from trezor.messages.FailureType import ActionCancelled
    from trezor.messages import PinMatrixRequestType

    pin_first = await request_pin(ctx, PinMatrixRequestType.NewFirst)
    pin_again = await request_pin(ctx, PinMatrixRequestType.NewSecond)
    if pin_first != pin_again:
        # changed message due to consistency with T1 msgs
        raise wire.FailureError(ActionCancelled, 'PIN change failed')

    return pin_first


async def protect_by_pin_repeatedly(ctx: wire.Context, at_least_once: bool=False):
    from . import storage

    locked = storage.is_locked() or at_least_once
    while locked:
        pin = await request_pin(ctx)
        locked = not storage.unlock(pin, _render_pin_failure)


async def protect_by_pin_or_fail(ctx: wire.Context, at_least_once: bool=False):
    from trezor.messages.FailureType import PinInvalid
    from . import storage

    locked = storage.is_locked() or at_least_once
    if locked:
        pin = await request_pin(ctx)
        if not storage.unlock(pin, _render_pin_failure):
            raise wire.FailureError(PinInvalid, 'PIN invalid')


protect_by_pin = protect_by_pin_or_fail


def _render_pin_failure(sleep_ms: int):
    ui.display.clear()
    ui.display.text_center(240, 240, 'Sleeping for %d seconds' % (sleep_ms / 1000),
                           ui.BOLD, ui.RED, ui.BLACK)


def _get_code_and_label(code: int):
    from trezor.messages import PinMatrixRequestType
    if code is None:
        code = PinMatrixRequestType.Current
    if code == PinMatrixRequestType.NewFirst:
        label = 'Enter new PIN'
    elif code == PinMatrixRequestType.NewSecond:
        label = 'Enter PIN again'
    else:  # PinMatrixRequestType.Current
        label = 'Enter PIN'
    return code, label


def _decode_pin(pin: str, secret: list) -> str:
    return ''.join([str(secret[int(d) - 1]) for d in pin])
add ResetDevice workflow 2016-06-09 14:28:34 +00:00			`from trezor import ui`
add wipe, wire.write is a generator, add trezor/workflows 2016-06-06 12:10:36 +00:00			`from trezor import wire`
unify unimport_func and unimport_gen, asyncify 2016-09-21 12:24:12 +00:00			`from trezor.utils import unimport`
add wipe, wire.write is a generator, add trezor/workflows 2016-06-06 12:10:36 +00:00
apps.common: add protect_with_pin, adjust seed.py 2016-11-23 13:51:39 +00:00			`if __debug__:`
			`matrix = None`
apps.common: add client-side pin input method 2016-11-16 13:23:05 +00:00
add wipe, wire.write is a generator, add trezor/workflows 2016-06-06 12:10:36 +00:00
workflow monitor, reset_device layout work - request/response manner of usual protobuf workflows is enforced, workflows are expected to either return a valid protobuf response, or raise an exception - added wire.FailureError exception that allows workflow to provide Failure code & message - pin workflows simplified TODO: all this workflow work does not really belong in trezor.wire 2016-09-25 14:00:21 +00:00			`@unimport`
wire: pass Context to apps 2017-08-15 13:09:09 +00:00			`async def request_pin_on_display(ctx: wire.Context, code: int=None) -> str:`
workflow monitor, reset_device layout work - request/response manner of usual protobuf workflows is enforced, workflows are expected to either return a valid protobuf response, or raise an exception - added wire.FailureError exception that allows workflow to provide Failure code & message - pin workflows simplified TODO: all this workflow work does not really belong in trezor.wire 2016-09-25 14:00:21 +00:00			`from trezor.messages.ButtonRequest import ButtonRequest`
			`from trezor.messages.ButtonRequestType import ProtectCall`
			`from trezor.messages.FailureType import PinCancelled`
			`from trezor.messages.wire_types import ButtonAck`
add wipe, wire.write is a generator, add trezor/workflows 2016-06-06 12:10:36 +00:00			`from trezor.ui.confirm import ConfirmDialog, CONFIRMED`
workflow monitor, reset_device layout work - request/response manner of usual protobuf workflows is enforced, workflows are expected to either return a valid protobuf response, or raise an exception - added wire.FailureError exception that allows workflow to provide Failure code & message - pin workflows simplified TODO: all this workflow work does not really belong in trezor.wire 2016-09-25 14:00:21 +00:00			`from trezor.ui.pin import PinMatrix`
add ResetDevice workflow 2016-06-09 14:28:34 +00:00
apps.common: add protect_with_pin, adjust seed.py 2016-11-23 13:51:39 +00:00			`if __debug__:`
			`global matrix`
apps.common: add client-side pin input method 2016-11-16 13:23:05 +00:00
			`_, label = _get_code_and_label(code)`

wire: pass Context to apps 2017-08-15 13:09:09 +00:00			`await ctx.call(ButtonRequest(code=ProtectCall),`
			`ButtonAck)`
add ResetDevice workflow 2016-06-09 14:28:34 +00:00
ui: clear the screen before common layouts 2016-10-06 10:31:03 +00:00			`ui.display.clear()`
apps.common: add client-side pin input method 2016-11-16 13:23:05 +00:00			`matrix = PinMatrix(label)`
add ResetDevice workflow 2016-06-09 14:28:34 +00:00			`dialog = ConfirmDialog(matrix)`
apps/common/request_pin: fix request_pin_on_display 2017-09-21 13:22:50 +00:00
			`result = await dialog`
apps.common: add client-side pin input method 2016-11-16 13:23:05 +00:00			`pin = matrix.pin`
			`matrix = None`

apps/common/request_pin: fix request_pin_on_display 2017-09-21 13:22:50 +00:00			`if result != CONFIRMED:`
workflow monitor, reset_device layout work - request/response manner of usual protobuf workflows is enforced, workflows are expected to either return a valid protobuf response, or raise an exception - added wire.FailureError exception that allows workflow to provide Failure code & message - pin workflows simplified TODO: all this workflow work does not really belong in trezor.wire 2016-09-25 14:00:21 +00:00			`raise wire.FailureError(PinCancelled, 'PIN cancelled')`
apps/common/request_pin: fix request_pin_on_display 2017-09-21 13:22:50 +00:00
apps.common: add client-side pin input method 2016-11-16 13:23:05 +00:00			`return pin`
add ResetDevice workflow 2016-06-09 14:28:34 +00:00
apps.common: add client-side pin input method 2016-11-16 13:23:05 +00:00
			`@unimport`
wire: pass Context to apps 2017-08-15 13:09:09 +00:00			`async def request_pin_on_client(ctx: wire.Context, code: int=None) -> str:`
apps.common: add client-side pin input method 2016-11-16 13:23:05 +00:00			`from trezor.messages.FailureType import PinCancelled`
			`from trezor.messages.PinMatrixRequest import PinMatrixRequest`
			`from trezor.messages.wire_types import PinMatrixAck, Cancel`
			`from trezor.ui.pin import PinMatrix`

apps.common: add protect_with_pin, adjust seed.py 2016-11-23 13:51:39 +00:00			`if __debug__:`
			`global matrix`
apps.common: add client-side pin input method 2016-11-16 13:23:05 +00:00
			`code, label = _get_code_and_label(code)`

			`ui.display.clear()`
			`matrix = PinMatrix(label)`
			`matrix.render()`

wire: pass Context to apps 2017-08-15 13:09:09 +00:00			`ack = await ctx.call(PinMatrixRequest(type=code),`
			`PinMatrixAck, Cancel)`
apps.common: add client-side pin input method 2016-11-16 13:23:05 +00:00			`digits = matrix.digits`
			`matrix = None`

apps.common.request_pin: fix client cancel 2016-12-15 11:34:18 +00:00			`if ack.MESSAGE_WIRE_TYPE == Cancel:`
apps.common: add client-side pin input method 2016-11-16 13:23:05 +00:00			`raise wire.FailureError(PinCancelled, 'PIN cancelled')`
			`return _decode_pin(ack.pin, digits)`


apps/common/request_pin: fix request_pin_on_display 2017-09-21 13:22:50 +00:00			`request_pin = request_pin_on_display`
add ResetDevice workflow 2016-06-09 14:28:34 +00:00

workflow monitor, reset_device layout work - request/response manner of usual protobuf workflows is enforced, workflows are expected to either return a valid protobuf response, or raise an exception - added wire.FailureError exception that allows workflow to provide Failure code & message - pin workflows simplified TODO: all this workflow work does not really belong in trezor.wire 2016-09-25 14:00:21 +00:00			`@unimport`
wire: pass Context to apps 2017-08-15 13:09:09 +00:00			`async def request_pin_twice(ctx: wire.Context) -> str:`
trezor.ui: change failure pin msg 2017-04-06 12:16:48 +00:00			`from trezor.messages.FailureType import ActionCancelled`
apps.common: add client-side pin input method 2016-11-16 13:23:05 +00:00			`from trezor.messages import PinMatrixRequestType`
add ResetDevice workflow 2016-06-09 14:28:34 +00:00
wire: pass Context to apps 2017-08-15 13:09:09 +00:00			`pin_first = await request_pin(ctx, PinMatrixRequestType.NewFirst)`
			`pin_again = await request_pin(ctx, PinMatrixRequestType.NewSecond)`
workflow monitor, reset_device layout work - request/response manner of usual protobuf workflows is enforced, workflows are expected to either return a valid protobuf response, or raise an exception - added wire.FailureError exception that allows workflow to provide Failure code & message - pin workflows simplified TODO: all this workflow work does not really belong in trezor.wire 2016-09-25 14:00:21 +00:00			`if pin_first != pin_again:`
trezor.ui: change failure pin msg 2017-04-06 12:16:48 +00:00			`# changed message due to consistency with T1 msgs`
			`raise wire.FailureError(ActionCancelled, 'PIN change failed')`
add wipe, wire.write is a generator, add trezor/workflows 2016-06-06 12:10:36 +00:00
workflow monitor, reset_device layout work - request/response manner of usual protobuf workflows is enforced, workflows are expected to either return a valid protobuf response, or raise an exception - added wire.FailureError exception that allows workflow to provide Failure code & message - pin workflows simplified TODO: all this workflow work does not really belong in trezor.wire 2016-09-25 14:00:21 +00:00			`return pin_first`
apps.common: add client-side pin input method 2016-11-16 13:23:05 +00:00

wire: pass Context to apps 2017-08-15 13:09:09 +00:00			`async def protect_by_pin_repeatedly(ctx: wire.Context, at_least_once: bool=False):`
apps.common: add protect_with_pin, adjust seed.py 2016-11-23 13:51:39 +00:00			`from . import storage`

apps.common.request_pin: add at_least_once 2016-12-19 10:32:08 +00:00			`locked = storage.is_locked() or at_least_once`
			`while locked:`
wire: pass Context to apps 2017-08-15 13:09:09 +00:00			`pin = await request_pin(ctx)`
apps.common.request_pin: add at_least_once 2016-12-19 10:32:08 +00:00			`locked = not storage.unlock(pin, _render_pin_failure)`
apps.common: add protect_with_pin, adjust seed.py 2016-11-23 13:51:39 +00:00

wire: pass Context to apps 2017-08-15 13:09:09 +00:00			`async def protect_by_pin_or_fail(ctx: wire.Context, at_least_once: bool=False):`
apps.common: fix request_pin 2017-01-17 16:43:08 +00:00			`from trezor.messages.FailureType import PinInvalid`
			`from . import storage`

			`locked = storage.is_locked() or at_least_once`
			`if locked:`
wire: pass Context to apps 2017-08-15 13:09:09 +00:00			`pin = await request_pin(ctx)`
apps.common: fix request_pin 2017-01-17 16:43:08 +00:00			`if not storage.unlock(pin, _render_pin_failure):`
			`raise wire.FailureError(PinInvalid, 'PIN invalid')`


			`protect_by_pin = protect_by_pin_or_fail`


apps.common: add protect_with_pin, adjust seed.py 2016-11-23 13:51:39 +00:00			`def _render_pin_failure(sleep_ms: int):`
			`ui.display.clear()`
apps.common: fix request_pin 2017-01-17 16:43:08 +00:00			`ui.display.text_center(240, 240, 'Sleeping for %d seconds' % (sleep_ms / 1000),`
apps.common: add protect_with_pin, adjust seed.py 2016-11-23 13:51:39 +00:00			`ui.BOLD, ui.RED, ui.BLACK)`


micro fix 2017-03-21 12:15:04 +00:00			`def _get_code_and_label(code: int):`
apps.common: add client-side pin input method 2016-11-16 13:23:05 +00:00			`from trezor.messages import PinMatrixRequestType`
			`if code is None:`
			`code = PinMatrixRequestType.Current`
			`if code == PinMatrixRequestType.NewFirst:`
			`label = 'Enter new PIN'`
			`elif code == PinMatrixRequestType.NewSecond:`
apps.common.request_pin: add at_least_once 2016-12-19 10:32:08 +00:00			`label = 'Enter PIN again'`
apps.common: add client-side pin input method 2016-11-16 13:23:05 +00:00			`else: # PinMatrixRequestType.Current`
			`label = 'Enter PIN'`
			`return code, label`


			`def _decode_pin(pin: str, secret: list) -> str:`
			`return ''.join([str(secret[int(d) - 1]) for d in pin])`