|
|
|
@ -1,7 +1,6 @@
|
|
|
|
|
from common import *
|
|
|
|
|
|
|
|
|
|
from trezor.crypto import random
|
|
|
|
|
from trezor.pin import pin_to_int
|
|
|
|
|
|
|
|
|
|
from trezor import config
|
|
|
|
|
|
|
|
|
@ -27,7 +26,7 @@ class TestConfig(unittest.TestCase):
|
|
|
|
|
def test_wipe(self):
|
|
|
|
|
config.init()
|
|
|
|
|
config.wipe()
|
|
|
|
|
self.assertEqual(config.unlock(pin_to_int(''), None), True)
|
|
|
|
|
self.assertEqual(config.unlock('', None), True)
|
|
|
|
|
config.set(1, 1, b'hello')
|
|
|
|
|
config.set(1, 2, b'world')
|
|
|
|
|
v0 = config.get(1, 1)
|
|
|
|
@ -44,7 +43,7 @@ class TestConfig(unittest.TestCase):
|
|
|
|
|
for _ in range(128):
|
|
|
|
|
config.init()
|
|
|
|
|
config.wipe()
|
|
|
|
|
self.assertEqual(config.unlock(pin_to_int(''), None), True)
|
|
|
|
|
self.assertEqual(config.unlock('', None), True)
|
|
|
|
|
appid, key = random_entry()
|
|
|
|
|
value = random.bytes(16)
|
|
|
|
|
config.set(appid, key, value)
|
|
|
|
@ -58,7 +57,7 @@ class TestConfig(unittest.TestCase):
|
|
|
|
|
def test_public(self):
|
|
|
|
|
config.init()
|
|
|
|
|
config.wipe()
|
|
|
|
|
self.assertEqual(config.unlock(pin_to_int(''), None), True)
|
|
|
|
|
self.assertEqual(config.unlock('', None), True)
|
|
|
|
|
|
|
|
|
|
appid, key = random_entry()
|
|
|
|
|
|
|
|
|
@ -84,20 +83,46 @@ class TestConfig(unittest.TestCase):
|
|
|
|
|
def test_change_pin(self):
|
|
|
|
|
config.init()
|
|
|
|
|
config.wipe()
|
|
|
|
|
self.assertEqual(config.unlock(pin_to_int(''), None), True)
|
|
|
|
|
with self.assertRaises(RuntimeError):
|
|
|
|
|
config.set(PINAPP, PINKEY, b'value')
|
|
|
|
|
self.assertEqual(config.change_pin(pin_to_int('000'), pin_to_int('666'), None, None), False)
|
|
|
|
|
self.assertEqual(config.change_pin(pin_to_int(''), pin_to_int('000'), None, None), True)
|
|
|
|
|
self.assertEqual(config.get(PINAPP, PINKEY), None)
|
|
|
|
|
self.assertTrue(config.unlock('', None))
|
|
|
|
|
config.set(1, 1, b'value')
|
|
|
|
|
config.init()
|
|
|
|
|
self.assertEqual(config.unlock(pin_to_int('000'), None), True)
|
|
|
|
|
config.change_pin(pin_to_int('000'), pin_to_int(''), None, None)
|
|
|
|
|
config.init()
|
|
|
|
|
self.assertEqual(config.unlock(pin_to_int('000'), None), False)
|
|
|
|
|
self.assertEqual(config.unlock(pin_to_int(''), None), True)
|
|
|
|
|
self.assertEqual(config.get(1, 1), b'value')
|
|
|
|
|
PINS = ('123', '123', 'Trezor T', '3141592653589793238462643383279502884197', '')
|
|
|
|
|
old_pin = ''
|
|
|
|
|
for new_pin in PINS:
|
|
|
|
|
self.assertTrue(config.unlock(old_pin, None))
|
|
|
|
|
|
|
|
|
|
# The APP namespace which is reserved for storage related values is inaccessible even
|
|
|
|
|
# when unlocked.
|
|
|
|
|
with self.assertRaises(RuntimeError):
|
|
|
|
|
config.set(PINAPP, PINKEY, b'value')
|
|
|
|
|
|
|
|
|
|
self.assertTrue(config.change_pin(old_pin, new_pin, None, None))
|
|
|
|
|
|
|
|
|
|
# Old PIN cannot be used to change the current PIN.
|
|
|
|
|
if old_pin != new_pin:
|
|
|
|
|
self.assertFalse(config.change_pin(old_pin, '666', None, None))
|
|
|
|
|
|
|
|
|
|
# Storage remains unlocked.
|
|
|
|
|
self.assertEqual(config.get(1, 1), b'value')
|
|
|
|
|
|
|
|
|
|
# The APP namespace which is reserved for storage related values is inaccessible even
|
|
|
|
|
# when unlocked.
|
|
|
|
|
self.assertEqual(config.get(PINAPP, PINKEY), None)
|
|
|
|
|
|
|
|
|
|
# Old PIN cannot be used to unlock storage.
|
|
|
|
|
if old_pin != new_pin:
|
|
|
|
|
config.init()
|
|
|
|
|
self.assertFalse(config.unlock(old_pin, None))
|
|
|
|
|
self.assertEqual(config.get(1, 1), None)
|
|
|
|
|
with self.assertRaises(RuntimeError):
|
|
|
|
|
config.set(1, 1, b'new value')
|
|
|
|
|
|
|
|
|
|
# New PIN unlocks the storage.
|
|
|
|
|
self.assertTrue(config.unlock(new_pin, None))
|
|
|
|
|
self.assertEqual(config.get(1, 1), b'value')
|
|
|
|
|
|
|
|
|
|
# Lock the storage.
|
|
|
|
|
config.init()
|
|
|
|
|
old_pin = new_pin
|
|
|
|
|
|
|
|
|
|
def test_change_sd_salt(self):
|
|
|
|
|
salt1 = b"0123456789abcdef0123456789abcdef"
|
|
|
|
@ -106,37 +131,37 @@ class TestConfig(unittest.TestCase):
|
|
|
|
|
# Enable PIN and SD salt.
|
|
|
|
|
config.init()
|
|
|
|
|
config.wipe()
|
|
|
|
|
self.assertTrue(config.unlock(pin_to_int(''), None))
|
|
|
|
|
self.assertTrue(config.unlock('', None))
|
|
|
|
|
config.set(1, 1, b'value')
|
|
|
|
|
self.assertFalse(config.change_pin(pin_to_int(''), pin_to_int(''), salt1, None))
|
|
|
|
|
self.assertTrue(config.change_pin(pin_to_int(''), pin_to_int('000'), None, salt1))
|
|
|
|
|
self.assertFalse(config.change_pin('', '', salt1, None))
|
|
|
|
|
self.assertTrue(config.change_pin('', '000', None, salt1))
|
|
|
|
|
self.assertEqual(config.get(1, 1), b'value')
|
|
|
|
|
|
|
|
|
|
# Disable PIN and change SD salt.
|
|
|
|
|
config.init()
|
|
|
|
|
self.assertFalse(config.unlock(pin_to_int('000'), None))
|
|
|
|
|
self.assertFalse(config.unlock('000', None))
|
|
|
|
|
self.assertIsNone(config.get(1, 1))
|
|
|
|
|
self.assertTrue(config.unlock(pin_to_int('000'), salt1))
|
|
|
|
|
self.assertTrue(config.change_pin(pin_to_int('000'), pin_to_int(''), salt1, salt2))
|
|
|
|
|
self.assertTrue(config.unlock('000', salt1))
|
|
|
|
|
self.assertTrue(config.change_pin('000', '', salt1, salt2))
|
|
|
|
|
self.assertEqual(config.get(1, 1), b'value')
|
|
|
|
|
|
|
|
|
|
# Disable SD salt.
|
|
|
|
|
config.init()
|
|
|
|
|
self.assertFalse(config.unlock(pin_to_int('000'), salt2))
|
|
|
|
|
self.assertFalse(config.unlock('000', salt2))
|
|
|
|
|
self.assertIsNone(config.get(1, 1))
|
|
|
|
|
self.assertTrue(config.unlock(pin_to_int(''), salt2))
|
|
|
|
|
self.assertTrue(config.change_pin(pin_to_int(''), pin_to_int(''), salt2, None))
|
|
|
|
|
self.assertTrue(config.unlock('', salt2))
|
|
|
|
|
self.assertTrue(config.change_pin('', '', salt2, None))
|
|
|
|
|
self.assertEqual(config.get(1, 1), b'value')
|
|
|
|
|
|
|
|
|
|
# Check that PIN and SD salt are disabled.
|
|
|
|
|
config.init()
|
|
|
|
|
self.assertTrue(config.unlock(pin_to_int(''), None))
|
|
|
|
|
self.assertTrue(config.unlock('', None))
|
|
|
|
|
self.assertEqual(config.get(1, 1), b'value')
|
|
|
|
|
|
|
|
|
|
def test_set_get(self):
|
|
|
|
|
config.init()
|
|
|
|
|
config.wipe()
|
|
|
|
|
self.assertEqual(config.unlock(pin_to_int(''), None), True)
|
|
|
|
|
self.assertEqual(config.unlock('', None), True)
|
|
|
|
|
for _ in range(32):
|
|
|
|
|
appid, key = random_entry()
|
|
|
|
|
value = random.bytes(128)
|
|
|
|
@ -147,7 +172,7 @@ class TestConfig(unittest.TestCase):
|
|
|
|
|
def test_compact(self):
|
|
|
|
|
config.init()
|
|
|
|
|
config.wipe()
|
|
|
|
|
self.assertEqual(config.unlock(pin_to_int(''), None), True)
|
|
|
|
|
self.assertEqual(config.unlock('', None), True)
|
|
|
|
|
appid, key = 1, 1
|
|
|
|
|
for _ in range(259):
|
|
|
|
|
value = random.bytes(259)
|
|
|
|
@ -158,7 +183,7 @@ class TestConfig(unittest.TestCase):
|
|
|
|
|
def test_get_default(self):
|
|
|
|
|
config.init()
|
|
|
|
|
config.wipe()
|
|
|
|
|
self.assertEqual(config.unlock(pin_to_int(''), None), True)
|
|
|
|
|
self.assertEqual(config.unlock('', None), True)
|
|
|
|
|
for _ in range(128):
|
|
|
|
|
appid, key = random_entry()
|
|
|
|
|
value = config.get(appid, key)
|
|
|
|
|