1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-23 23:08:14 +00:00

tests: Add device tests for wipe code protection.

This commit is contained in:
Andrew Kozlik 2019-11-25 17:08:19 +01:00
parent a08b66ee6c
commit 89a3ec1696
2 changed files with 489 additions and 0 deletions

View File

@ -0,0 +1,229 @@
# This file is part of the Trezor project.
#
# Copyright (C) 2012-2019 SatoshiLabs and contributors
#
# This library is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License version 3
# as published by the Free Software Foundation.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the License along with this library.
# If not, see <https://www.gnu.org/licenses/lgpl-3.0.html>.
import pytest
from trezorlib import messages
PIN4 = "1234"
WIPE_CODE4 = "4321"
WIPE_CODE6 = "456789"
pytestmark = pytest.mark.skip_t2
def _set_wipe_code(client, wipe_code):
# Set/change wipe code.
ret = client.call_raw(messages.ChangeWipeCode())
assert isinstance(ret, messages.ButtonRequest)
# Confirm intent to set/change wipe code.
client.debug.press_yes()
ret = client.call_raw(messages.ButtonAck())
if client.features.pin_protection:
# Send current PIN.
assert isinstance(ret, messages.PinMatrixRequest)
pin_encoded = client.debug.read_pin_encoded()
ret = client.call_raw(messages.PinMatrixAck(pin=pin_encoded))
# Send the new wipe code for the first time.
assert isinstance(ret, messages.PinMatrixRequest)
wipe_code_encoded = client.debug.encode_pin(wipe_code)
ret = client.call_raw(messages.PinMatrixAck(pin=wipe_code_encoded))
# Send the new wipe code for the second time.
assert isinstance(ret, messages.PinMatrixRequest)
wipe_code_encoded = client.debug.encode_pin(wipe_code)
ret = client.call_raw(messages.PinMatrixAck(pin=wipe_code_encoded))
# Now we're done.
assert isinstance(ret, messages.Success)
def _remove_wipe_code(client):
# Remove wipe code
ret = client.call_raw(messages.ChangeWipeCode(remove=True))
assert isinstance(ret, messages.ButtonRequest)
# Confirm intent to remove wipe code.
client.debug.press_yes()
ret = client.call_raw(messages.ButtonAck())
# Send current PIN.
assert isinstance(ret, messages.PinMatrixRequest)
pin_encoded = client.debug.read_pin_encoded()
ret = client.call_raw(messages.PinMatrixAck(pin=pin_encoded))
# Now we're done.
assert isinstance(ret, messages.Success)
def _check_wipe_code(client, wipe_code):
# Try to change the PIN to the current wipe code value. The operation should fail.
ret = client.call_raw(messages.ChangePin())
assert isinstance(ret, messages.ButtonRequest)
# Confirm intent to change PIN.
client.debug.press_yes()
ret = client.call_raw(messages.ButtonAck())
# Send current PIN.
assert isinstance(ret, messages.PinMatrixRequest)
pin_encoded = client.debug.read_pin_encoded()
ret = client.call_raw(messages.PinMatrixAck(pin=pin_encoded))
# Send the new wipe code for the first time.
assert isinstance(ret, messages.PinMatrixRequest)
wipe_code_encoded = client.debug.encode_pin(wipe_code)
ret = client.call_raw(messages.PinMatrixAck(pin=wipe_code_encoded))
# Send the new wipe code for the second time.
assert isinstance(ret, messages.PinMatrixRequest)
wipe_code_encoded = client.debug.encode_pin(wipe_code)
ret = client.call_raw(messages.PinMatrixAck(pin=wipe_code_encoded))
# Expect failure.
assert isinstance(ret, messages.Failure)
@pytest.mark.setup_client(pin=PIN4)
def test_set_remove_wipe_code(client):
# Check that wipe code protection status is not revealed in locked state.
assert client.features.wipe_code_protection is None
# Test set wipe code.
_set_wipe_code(client, WIPE_CODE4)
# Check that there's wipe code protection now.
client.init_device()
assert client.features.wipe_code_protection is True
# Check that the wipe code is correct.
_check_wipe_code(client, WIPE_CODE4)
# Test change wipe code.
_set_wipe_code(client, WIPE_CODE6)
# Check that there's still wipe code protection now.
client.init_device()
assert client.features.wipe_code_protection is True
# Check that the PIN is correct.
_check_wipe_code(client, WIPE_CODE6)
# Test remove wipe code.
_remove_wipe_code(client)
# Check that there's no wipe code protection now.
client.init_device()
assert client.features.wipe_code_protection is False
def test_set_wipe_code_mismatch(client):
# Check that there is no wipe code protection.
assert client.features.wipe_code_protection is False
# Let's set a new wipe code.
ret = client.call_raw(messages.ChangeWipeCode())
assert isinstance(ret, messages.ButtonRequest)
# Confirm intent to set wipe code.
client.debug.press_yes()
ret = client.call_raw(messages.ButtonAck())
# Send the new wipe code for the first time.
assert isinstance(ret, messages.PinMatrixRequest)
wipe_code_encoded = client.debug.encode_pin(WIPE_CODE4)
ret = client.call_raw(messages.PinMatrixAck(pin=wipe_code_encoded))
# Send the new wipe code for the second time, but different.
assert isinstance(ret, messages.PinMatrixRequest)
wipe_code_encoded = client.debug.encode_pin(WIPE_CODE6)
ret = client.call_raw(messages.PinMatrixAck(pin=wipe_code_encoded))
# The operation should fail, because the wipe codes are different.
assert isinstance(ret, messages.Failure)
assert ret.code == messages.FailureType.WipeCodeMismatch
# Check that there is no wipe code protection.
client.init_device()
assert client.features.wipe_code_protection is False
@pytest.mark.setup_client(pin=PIN4)
def test_set_wipe_code_to_pin(client):
# Check that wipe code protection status is not revealed in locked state.
assert client.features.wipe_code_protection is None
# Let's try setting the wipe code to the curent PIN value.
ret = client.call_raw(messages.ChangeWipeCode())
assert isinstance(ret, messages.ButtonRequest)
# Confirm intent to set wipe code.
client.debug.press_yes()
ret = client.call_raw(messages.ButtonAck())
# Send current PIN.
assert isinstance(ret, messages.PinMatrixRequest)
pin_encoded = client.debug.read_pin_encoded()
ret = client.call_raw(messages.PinMatrixAck(pin=pin_encoded))
# Send the new wipe code.
assert isinstance(ret, messages.PinMatrixRequest)
pin_encoded = client.debug.read_pin_encoded()
ret = client.call_raw(messages.PinMatrixAck(pin=pin_encoded))
# The operation should fail, because the wipe code must be different from the PIN.
assert isinstance(ret, messages.Failure)
assert ret.code == messages.FailureType.ProcessError
# Check that there is no wipe code protection.
client.init_device()
assert client.features.wipe_code_protection is False
def test_set_pin_to_wipe_code(client):
# Set wipe code.
_set_wipe_code(client, WIPE_CODE4)
# Try to set the PIN to the current wipe code value.
ret = client.call_raw(messages.ChangePin())
assert isinstance(ret, messages.ButtonRequest)
# Confirm intent to set PIN.
client.debug.press_yes()
ret = client.call_raw(messages.ButtonAck())
# Send the new PIN for the first time.
assert isinstance(ret, messages.PinMatrixRequest)
pin_encoded = client.debug.encode_pin(WIPE_CODE4)
ret = client.call_raw(messages.PinMatrixAck(pin=pin_encoded))
# Send the new PIN for the second time.
assert isinstance(ret, messages.PinMatrixRequest)
pin_encoded = client.debug.encode_pin(WIPE_CODE4)
ret = client.call_raw(messages.PinMatrixAck(pin=pin_encoded))
# The operation should fail, because the PIN must be different from the wipe code.
assert isinstance(ret, messages.Failure)
assert ret.code == messages.FailureType.ProcessError
# Check that there is no PIN protection.
client.init_device()
assert client.features.pin_protection is False
ret = client.call_raw(messages.Ping(pin_protection=True))
assert isinstance(ret, messages.Success)

View File

@ -0,0 +1,260 @@
# This file is part of the Trezor project.
#
# Copyright (C) 2012-2019 SatoshiLabs and contributors
#
# This library is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License version 3
# as published by the Free Software Foundation.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the License along with this library.
# If not, see <https://www.gnu.org/licenses/lgpl-3.0.html>.
import pytest
from trezorlib import device, messages
from trezorlib.exceptions import Cancelled, TrezorFailure
PIN4 = "1234"
WIPE_CODE4 = "4321"
WIPE_CODE6 = "456789"
pytestmark = pytest.mark.skip_t1
def _input_flow_set_pin(debug, pin):
yield # do you want to set a new pin?
print("set pin?")
debug.press_yes()
yield # enter new pin
print(f"enter pin {pin}")
debug.input(pin)
yield # enter new pin again
print(f"reenter pin {pin}")
debug.input(pin)
yield # success
print("success")
debug.press_yes()
def _input_flow_change_pin(debug, old_pin, new_pin):
yield # do you want to change pin?
debug.press_yes()
yield # enter current pin
debug.input(old_pin)
yield # enter new pin
debug.input(new_pin)
yield # enter new pin again
debug.input(new_pin)
yield # success
debug.press_yes()
def _input_flow_clear_pin(debug, old_pin):
yield # do you want to remove pin?
debug.press_yes()
yield # enter current pin
debug.input(old_pin)
yield # success
debug.press_yes()
def _input_flow_set_wipe_code(debug, pin, wipe_code):
yield # do you want to set/change the wipe_code?
debug.press_yes()
if pin is not None:
yield # enter current pin
debug.input(pin)
yield # enter new wipe code
debug.input(wipe_code)
yield # enter new wipe code again
debug.input(wipe_code)
yield # success
debug.press_yes()
def _input_flow_remove_wipe_code(debug, pin):
yield # do you want to remove wipe code?
debug.press_yes()
yield # enter current pin
debug.input(pin)
yield # success
debug.press_yes()
def _check_wipe_code(client, pin, wipe_code):
client.clear_session()
assert client.features.wipe_code_protection is True
# Try to change the PIN to the current wipe code value. The operation should fail.
with client, pytest.raises(TrezorFailure):
client.set_expected_responses(
[messages.ButtonRequest()] * 5
+ [messages.Failure(code=messages.FailureType.PinInvalid)]
)
client.set_input_flow(_input_flow_change_pin(client.debug, pin, wipe_code))
device.change_pin(client)
@pytest.mark.setup_client(pin=PIN4)
def test_set_remove_wipe_code(client):
# Test set wipe code.
assert client.features.wipe_code_protection is False
with client:
client.set_expected_responses(
[messages.ButtonRequest()] * 5 + [messages.Success(), messages.Features()]
)
client.set_input_flow(_input_flow_set_wipe_code(client.debug, PIN4, WIPE_CODE4))
device.change_wipe_code(client)
client.init_device()
assert client.features.wipe_code_protection is True
_check_wipe_code(client, PIN4, WIPE_CODE4)
# Test change wipe code.
with client:
client.set_expected_responses(
[messages.ButtonRequest()] * 5 + [messages.Success(), messages.Features()]
)
client.set_input_flow(_input_flow_set_wipe_code(client.debug, PIN4, WIPE_CODE6))
device.change_wipe_code(client)
client.init_device()
assert client.features.wipe_code_protection is True
_check_wipe_code(client, PIN4, WIPE_CODE6)
# Test remove wipe code.
with client:
client.set_expected_responses(
[messages.ButtonRequest()] * 3 + [messages.Success(), messages.Features()]
)
client.set_input_flow(_input_flow_clear_pin(client.debug, PIN4))
device.change_wipe_code(client, remove=True)
client.init_device()
assert client.features.wipe_code_protection is False
def test_set_wipe_code_mismatch(client):
# Let's set a wipe code.
def input_flow():
yield # do you want to set the wipe code?
client.debug.press_yes()
yield # enter new wipe code
client.debug.input(WIPE_CODE4)
yield # enter new wipe code again (but different)
client.debug.input(WIPE_CODE6)
# failed retry
yield # enter new wipe code
client.cancel()
with client, pytest.raises(Cancelled):
client.set_expected_responses(
[messages.ButtonRequest()] * 4 + [messages.Failure()]
)
client.set_input_flow(input_flow)
device.change_wipe_code(client)
# Check that there's still no wipe code protection now
client.init_device()
assert client.features.wipe_code_protection is False
@pytest.mark.setup_client(pin=PIN4)
def test_set_wipe_code_to_pin(client):
def input_flow():
yield # do you want to set the wipe code?
client.debug.press_yes()
yield # enter current pin
client.debug.input(PIN4)
yield # enter new wipe code (same as PIN)
client.debug.input(PIN4)
# failed retry
yield # enter new wipe code
client.debug.input(WIPE_CODE4)
yield # enter new wipe code again
client.debug.input(WIPE_CODE4)
yield # success
client.debug.press_yes()
with client:
client.set_expected_responses(
[messages.ButtonRequest()] * 6 + [messages.Success(), messages.Features()]
)
client.set_input_flow(input_flow)
device.change_wipe_code(client)
client.init_device()
assert client.features.wipe_code_protection is True
_check_wipe_code(client, PIN4, WIPE_CODE4)
def test_set_pin_to_wipe_code(client):
# Set wipe code.
with client:
client.set_expected_responses(
[messages.ButtonRequest()] * 4 + [messages.Success(), messages.Features()]
)
client.set_input_flow(_input_flow_set_wipe_code(client.debug, None, WIPE_CODE4))
device.change_wipe_code(client)
# Try to set the PIN to the current wipe code value.
with client, pytest.raises(TrezorFailure):
client.set_expected_responses(
[messages.ButtonRequest()] * 4
+ [messages.Failure(code=messages.FailureType.PinInvalid)]
)
client.set_input_flow(_input_flow_set_pin(client.debug, WIPE_CODE4))
device.change_pin(client)
@pytest.mark.setup_client(pin=PIN4)
def test_wipe_code_activate(client):
import time
device_id = client.features.device_id
# Set wipe code.
with client:
client.set_expected_responses(
[messages.ButtonRequest()] * 5 + [messages.Success(), messages.Features()]
)
client.set_input_flow(_input_flow_set_wipe_code(client.debug, PIN4, WIPE_CODE4))
device.change_wipe_code(client)
# Try to change the PIN.
ret = client.call_raw(messages.ChangePin(remove=False))
# Confirm change PIN.
assert isinstance(ret, messages.ButtonRequest)
client.debug.press_yes()
ret = client.call_raw(messages.ButtonAck())
# Enter the wipe code instead of the current PIN
assert ret == messages.ButtonRequest(code=messages.ButtonRequestType.Other)
client.debug.input(WIPE_CODE4)
client._raw_write(messages.ButtonAck())
# Allow the device to display wipe code popup and restart.
time.sleep(7)
# Check that the device has been wiped.
client.init_device()
assert client.features.initialized is False
assert client.features.pin_protection is False
assert client.features.wipe_code_protection is False
assert client.features.device_id != device_id