1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-24 07:18:09 +00:00

core: Allow PIN entry even when SD protect is enabled and the card is not present.

This commit is contained in:
Andrew Kozlik 2020-03-16 23:40:39 +01:00 committed by Andrew Kozlik
parent bfd834d1de
commit 8ee0026637
4 changed files with 27 additions and 30 deletions

View File

@ -80,33 +80,41 @@ async def pin_mismatch() -> None:
async def request_pin_and_sd_salt(
ctx: wire.Context, prompt: str = "Enter your PIN", allow_cancel: bool = True
) -> Tuple[str, Optional[bytearray]]:
salt = await request_sd_salt(ctx)
if config.has_pin():
pin = await request_pin_ack(ctx, prompt, config.get_pin_rem(), allow_cancel)
config.ensure_not_wipe_code(pin_to_int(pin))
else:
pin = ""
salt = await request_sd_salt(ctx)
return pin, salt
async def verify_user_pin(
prompt: str = "Enter your PIN", allow_cancel: bool = True, retry: bool = True
) -> None:
if config.has_pin():
pin = await request_pin(prompt, config.get_pin_rem(), allow_cancel)
config.ensure_not_wipe_code(pin_to_int(pin))
else:
pin = ""
try:
salt = await request_sd_salt()
except SdCardUnavailable:
raise PinCancelled
if not config.has_pin() and not config.check_pin(pin_to_int(""), salt):
if config.unlock(pin_to_int(pin), salt):
return
elif not config.has_pin():
raise RuntimeError
while retry:
pin = await request_pin(prompt, config.get_pin_rem(), allow_cancel)
if config.check_pin(pin_to_int(pin), salt):
pin = await request_pin(
"Wrong PIN, enter again", config.get_pin_rem(), allow_cancel
)
if config.unlock(pin_to_int(pin), salt):
return
else:
prompt = "Wrong PIN, enter again"
raise PinInvalid

View File

@ -2,36 +2,21 @@ import storage
import storage.device
import storage.sd_salt
from trezor import config, log, loop, res, ui, utils
from trezor.pin import pin_to_int, show_pin_timeout
from trezor.pin import show_pin_timeout
from apps.common.request_pin import PinCancelled, request_pin
from apps.common.sdcard import SdCardUnavailable, request_sd_salt
from apps.common.request_pin import PinCancelled, verify_user_pin
async def bootscreen() -> None:
ui.display.orientation(storage.device.get_rotation())
while True:
try:
if storage.sd_salt.is_enabled() or config.has_pin():
await lockscreen()
salt = await request_sd_salt()
if not config.has_pin():
config.unlock(pin_to_int(""), salt)
storage.init_unlocked()
return
label = "Enter your PIN"
while True:
pin = await request_pin(label, config.get_pin_rem())
if config.unlock(pin_to_int(pin), salt):
storage.init_unlocked()
return
else:
label = "Wrong PIN, enter again"
except (OSError, PinCancelled, SdCardUnavailable) as e:
await verify_user_pin()
storage.init_unlocked()
return
except (OSError, PinCancelled) as e:
if __debug__:
log.exception(__name__, e)
except BaseException as e:

View File

@ -97,6 +97,10 @@ def test_sd_protect_unlock(client):
assert "Change PIN" in client.debug.wait_layout().text
client.debug.press_yes()
yield # enter current PIN
assert "PinDialog" == client.debug.wait_layout().text
client.debug.input("1234")
yield # SD card problem
assert "SD card problem" in client.debug.wait_layout().text
client.debug.press_yes() # retry

View File

@ -384,7 +384,7 @@
"test_reset_backup.py::test_skip_backup_msg[2-backup_flow_slip39_advanced]": "25a4e8a2ca91518b481538c7c9e70e1769f1aa26c85455bfaadf33c47ae185c2",
"test_sdcard.py::test_sd_format": "6bb7486932a5d38cdbb9b1368ee92aca3fad384115c744feadfade80c1605dd8",
"test_sdcard.py::test_sd_no_format": "f47e897caee95cf98c1b4506732825f853c4b8afcdc2713e38e3b4055973c9ac",
"test_sdcard.py::test_sd_protect_unlock": "ff6ab20979234230a6f4d67d7ff3a7ed3ddc536e1a8b8ad6a2c693b48e0006a9",
"test_sdcard.py::test_sd_protect_unlock": "23fdb2acb8d19edcca95d90512d53aea6c9d42d8bfb8712af5f7f0ef9fbed72d",
"test_u2f_counter.py::test_u2f_counter": "7d96a4d262b9d8a2c1158ac1e5f0f7b2c3ed5f2ba9d6235a014320313f9488fe",
"test_zerosig.py-test_one_zero_signature": "4099761c664ac57e9506abeb6a52cf898297c0dd592e2a394d008c5db7e62356",
"test_zerosig.py-test_two_zero_signature": "46e0f1749af632a75a6c6ccc2deb4591a925428db000c52008ecb940ec673a6f"