arno
/
trezor-firmware
mirror of https://github.com/trezor/trezor-firmware.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Added callback for PIN timeout

Browse Source 
When PIN is entered or changed and their were failed tries the function
waits for time (exponential slow down).  For every second it waits, it
now calls back into python to give it the chance to show a message.

GUI still needs to be implemented
pull/25/head
Jochen Hoenicke 7 years ago
parent 9f2bbb0e1a
commit 87f7054e46
5 changed files with 65 additions and 38 deletions
Show Stats Download Patch File Download Diff File

16
embed/extmod/modtrezorconfig/modtrezorconfig.c
Unescape View File

@ -25,20 +25,20 @@ STATIC mp_obj_t mod_trezorconfig_init(void) {
}
STATIC MP_DEFINE_CONST_FUN_OBJ_0(mod_trezorconfig_init_obj, mod_trezorconfig_init);
/// def unlock(pin: str) -> bool:
/// def unlock(pin: str, waitcallback: (int -> None)) -> bool:
/// '''
/// Attempts to unlock the storage with given PIN. Returns True on
/// success, False on failure.
/// '''
STATIC mp_obj_t mod_trezorconfig_unlock(mp_obj_t pin) {
STATIC mp_obj_t mod_trezorconfig_unlock(mp_obj_t pin, mp_obj_t waitcallback) {
mp_buffer_info_t buf;
mp_get_buffer_raise(pin, &buf, MP_BUFFER_READ);
if (sectrue != storage_unlock(buf.buf, buf.len)) {
if (sectrue != storage_unlock(buf.buf, buf.len, waitcallback)) {
return mp_const_false;
}
return mp_const_true;
}
STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorconfig_unlock_obj, mod_trezorconfig_unlock);
STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorconfig_unlock_obj, mod_trezorconfig_unlock);
/// def has_pin() -> bool:
/// '''
@ -52,21 +52,21 @@ STATIC mp_obj_t mod_trezorconfig_has_pin(void) {
}
STATIC MP_DEFINE_CONST_FUN_OBJ_0(mod_trezorconfig_has_pin_obj, mod_trezorconfig_has_pin);
/// def change_pin(pin: str, newpin: str) -> bool:
/// def change_pin(pin: str, newpin: str, waitcallback: (int -> None)) -> bool:
/// '''
/// Change PIN. Returns True on success, False on failure.
/// '''
STATIC mp_obj_t mod_trezorconfig_change_pin(mp_obj_t pin, mp_obj_t newpin) {
STATIC mp_obj_t mod_trezorconfig_change_pin(mp_obj_t pin, mp_obj_t newpin, mp_obj_t waitcallback) {
mp_buffer_info_t pinbuf;
mp_get_buffer_raise(pin, &pinbuf, MP_BUFFER_READ);
mp_buffer_info_t newbuf;
mp_get_buffer_raise(newpin, &newbuf, MP_BUFFER_READ);
if (sectrue != storage_change_pin(pinbuf.buf, pinbuf.len, newbuf.buf, newbuf.len)) {
if (sectrue != storage_change_pin(pinbuf.buf, pinbuf.len, newbuf.buf, newbuf.len, waitcallback)) {
return mp_const_false;
}
return mp_const_true;
}
STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorconfig_change_pin_obj, mod_trezorconfig_change_pin);
STATIC MP_DEFINE_CONST_FUN_OBJ_3(mod_trezorconfig_change_pin_obj, mod_trezorconfig_change_pin);
/// def get(app: int, key: int) -> bytes:
/// '''

67
embed/extmod/modtrezorconfig/storage.c
Unescape View File

@ -10,6 +10,8 @@
#include "common.h"
#include "norcow.h"
#include "../../trezorhal/flash.h"
#include "py/runtime.h"
#include "py/obj.h"
// Norcow storage key of configured PIN.
#define PIN_KEY 0x0000
@ -89,14 +91,11 @@ static secbool pin_cmp(const uint8_t *pin, size_t pinlen)
}
}
static secbool pin_check(const uint8_t *pin, size_t len)
static secbool pin_get_fails(const uint32_t **pinfail, uint32_t *pofs)
{
uint32_t ofs = 0;
uint32_t ctr;
const void *vpinfail;
const uint32_t *pinfail = NULL;
uint16_t pinfaillen;
unsigned int ofs;
// The PIN_FAIL_KEY points to an area of words, initialized to
// 0xffffffff (meaning no pin failures). The first non-zero word
// in this area is the current pin failure counter. If PIN_FAIL_KEY
@ -106,36 +105,51 @@ static secbool pin_check(const uint8_t *pin, size_t len)
// indicating that the next word is the pin failure counter.
// Find the current pin failure counter
secbool found = secfalse;
if (secfalse != norcow_get(PIN_FAIL_KEY, &vpinfail, &pinfaillen)) {
pinfail = vpinfail;
*pinfail = vpinfail;
for (ofs = 0; ofs < pinfaillen / sizeof(uint32_t); ofs++) {
if (pinfail[ofs]) {
found = sectrue;
break;
if (((const uint32_t *) vpinfail)[ofs]) {
*pinfail = vpinfail;
*pofs = ofs;
return sectrue;
}
}
}
if (found == secfalse) {
// No pin failure section, or all entries used -> create a new one.
uint32_t pinarea[PIN_FAIL_SECTOR_SIZE];
memset(pinarea, 0xff, sizeof(pinarea));
if (sectrue != norcow_set(PIN_FAIL_KEY, pinarea, sizeof(pinarea))) {
return secfalse;
}
if (sectrue != norcow_get(PIN_FAIL_KEY, &vpinfail, &pinfaillen)) {
return secfalse;
}
pinfail = vpinfail;
ofs = 0;
// No pin failure section, or all entries used -> create a new one.
uint32_t pinarea[PIN_FAIL_SECTOR_SIZE];
memset(pinarea, 0xff, sizeof(pinarea));
if (sectrue != norcow_set(PIN_FAIL_KEY, pinarea, sizeof(pinarea))) {
return secfalse;
}
if (sectrue != norcow_get(PIN_FAIL_KEY, &vpinfail, &pinfaillen)) {
return secfalse;
}
*pinfail = vpinfail;
*pofs = 0;
return sectrue;
}
static secbool pin_check(const uint8_t *pin, size_t len, mp_obj_t callback)
{
const uint32_t *pinfail = NULL;
uint32_t ofs;
uint32_t ctr;
// Get the pin failure counter
if (pin_get_fails(&pinfail, &ofs) != sectrue) {
return secfalse;
}
// Read current failure counter
ctr = pinfail[ofs];
// Wipe storage if too many failures
pin_fails_check_max(ctr);
// Sleep for ~ctr seconds before checking the PIN.
for (uint32_t wait = ~ctr; wait > 0; wait--) {
mp_obj_t waitobj = mp_obj_new_int(wait);
mp_call_function_1(callback, waitobj);
hal_delay(1000);
}
@ -146,6 +160,7 @@ static secbool pin_check(const uint8_t *pin, size_t len)
return secfalse;
}
if (sectrue != pin_cmp(pin, len)) {
// Wipe storage if too many failures
pin_fails_check_max(ctr << 1);
return secfalse;
}
@ -155,10 +170,10 @@ static secbool pin_check(const uint8_t *pin, size_t len)
return sectrue;
}
secbool storage_unlock(const uint8_t *pin, size_t len)
secbool storage_unlock(const uint8_t *pin, size_t len, mp_obj_t callback)
{
unlocked = secfalse;
if (sectrue == initialized && sectrue == pin_check(pin, len)) {
if (sectrue == initialized && sectrue == pin_check(pin, len, callback)) {
unlocked = sectrue;
}
return unlocked;
@ -191,12 +206,12 @@ secbool storage_has_pin(void)
return sectrue * (0 != spinlen);
}
secbool storage_change_pin(const uint8_t *pin, size_t len, const uint8_t *newpin, size_t newlen)
secbool storage_change_pin(const uint8_t *pin, size_t len, const uint8_t *newpin, size_t newlen, mp_obj_t callback)
{
if (sectrue != initialized || sectrue != unlocked || newlen > PIN_MAXLEN) {
return secfalse;
}
if (sectrue != pin_check(pin, len)) {
if (sectrue != pin_check(pin, len, callback)) {
return secfalse;
}
return norcow_set(PIN_KEY, newpin, newlen);

6
embed/extmod/modtrezorconfig/storage.h
Unescape View File

@ -8,11 +8,13 @@
#include <stdint.h>
#include <stddef.h>
#include "../../trezorhal/secbool.h"
#include "py/obj.h"
void storage_init(void);
void storage_wipe(void);
secbool storage_unlock(const uint8_t *pin, size_t len);
secbool storage_unlock(const uint8_t *pin, size_t len, mp_obj_t callback);
secbool storage_has_pin(void);
secbool storage_change_pin(const uint8_t *pin, size_t len, const uint8_t *newpin, size_t newlen);
uint32_t storage_pin_wait_time(void);
secbool storage_change_pin(const uint8_t *pin, size_t len, const uint8_t *newpin, size_t newlen, mp_obj_t callback);
secbool storage_get(uint16_t key, const void **val, uint16_t *len);
secbool storage_set(uint16_t key, const void *val, uint16_t len);

6
src/apps/management/change_pin.py
Unescape View File

@ -62,7 +62,11 @@ async def layout_change_pin(ctx, msg):
else:
new_pin = await request_pin_confirm(ctx)
config.change_pin(curr_pin, new_pin)
def show_timeout(wait):
# TODO
return
config.change_pin(curr_pin, new_pin, show_timeout)
if new_pin:
return Success(message='PIN changed')

8
src/boot.py
Unescape View File

@ -5,13 +5,19 @@ from trezor import ui
from apps.common.request_pin import request_pin
def show_timeout(wait):
# TODO
from trezor import log
log.debug('PIN', 'waiting %d seconds', wait)
async def unlock_layout():
while True:
if config.has_pin():
pin = await request_pin()
else:
pin = ''
if config.unlock(pin):
if config.unlock(pin, show_timeout):
return
else:
await unlock_failed()

Write Preview
Loading…
Cancel
Save