From 8ee0026637fed0ce60760c5b424b513b836d596a Mon Sep 17 00:00:00 2001 From: Andrew Kozlik Date: Mon, 16 Mar 2020 23:40:39 +0100 Subject: [PATCH] core: Allow PIN entry even when SD protect is enabled and the card is not present. --- core/src/apps/common/request_pin.py | 24 ++++++++++++++++-------- core/src/boot.py | 27 ++++++--------------------- tests/device_tests/test_sdcard.py | 4 ++++ tests/ui_tests/fixtures.json | 2 +- 4 files changed, 27 insertions(+), 30 deletions(-) diff --git a/core/src/apps/common/request_pin.py b/core/src/apps/common/request_pin.py index 1de809be72..42f1e29046 100644 --- a/core/src/apps/common/request_pin.py +++ b/core/src/apps/common/request_pin.py @@ -80,33 +80,41 @@ async def pin_mismatch() -> None: async def request_pin_and_sd_salt( ctx: wire.Context, prompt: str = "Enter your PIN", allow_cancel: bool = True ) -> Tuple[str, Optional[bytearray]]: - salt = await request_sd_salt(ctx) - if config.has_pin(): pin = await request_pin_ack(ctx, prompt, config.get_pin_rem(), allow_cancel) + config.ensure_not_wipe_code(pin_to_int(pin)) else: pin = "" + salt = await request_sd_salt(ctx) + return pin, salt async def verify_user_pin( prompt: str = "Enter your PIN", allow_cancel: bool = True, retry: bool = True ) -> None: + if config.has_pin(): + pin = await request_pin(prompt, config.get_pin_rem(), allow_cancel) + config.ensure_not_wipe_code(pin_to_int(pin)) + else: + pin = "" + try: salt = await request_sd_salt() except SdCardUnavailable: raise PinCancelled - - if not config.has_pin() and not config.check_pin(pin_to_int(""), salt): + if config.unlock(pin_to_int(pin), salt): + return + elif not config.has_pin(): raise RuntimeError while retry: - pin = await request_pin(prompt, config.get_pin_rem(), allow_cancel) - if config.check_pin(pin_to_int(pin), salt): + pin = await request_pin( + "Wrong PIN, enter again", config.get_pin_rem(), allow_cancel + ) + if config.unlock(pin_to_int(pin), salt): return - else: - prompt = "Wrong PIN, enter again" raise PinInvalid diff --git a/core/src/boot.py b/core/src/boot.py index 32d910cbf6..a2eeca40f7 100644 --- a/core/src/boot.py +++ b/core/src/boot.py @@ -2,36 +2,21 @@ import storage import storage.device import storage.sd_salt from trezor import config, log, loop, res, ui, utils -from trezor.pin import pin_to_int, show_pin_timeout +from trezor.pin import show_pin_timeout -from apps.common.request_pin import PinCancelled, request_pin -from apps.common.sdcard import SdCardUnavailable, request_sd_salt +from apps.common.request_pin import PinCancelled, verify_user_pin async def bootscreen() -> None: ui.display.orientation(storage.device.get_rotation()) - while True: try: if storage.sd_salt.is_enabled() or config.has_pin(): await lockscreen() - - salt = await request_sd_salt() - - if not config.has_pin(): - config.unlock(pin_to_int(""), salt) - storage.init_unlocked() - return - - label = "Enter your PIN" - while True: - pin = await request_pin(label, config.get_pin_rem()) - if config.unlock(pin_to_int(pin), salt): - storage.init_unlocked() - return - else: - label = "Wrong PIN, enter again" - except (OSError, PinCancelled, SdCardUnavailable) as e: + await verify_user_pin() + storage.init_unlocked() + return + except (OSError, PinCancelled) as e: if __debug__: log.exception(__name__, e) except BaseException as e: diff --git a/tests/device_tests/test_sdcard.py b/tests/device_tests/test_sdcard.py index 7f9b365196..d63bff9331 100644 --- a/tests/device_tests/test_sdcard.py +++ b/tests/device_tests/test_sdcard.py @@ -97,6 +97,10 @@ def test_sd_protect_unlock(client): assert "Change PIN" in client.debug.wait_layout().text client.debug.press_yes() + yield # enter current PIN + assert "PinDialog" == client.debug.wait_layout().text + client.debug.input("1234") + yield # SD card problem assert "SD card problem" in client.debug.wait_layout().text client.debug.press_yes() # retry diff --git a/tests/ui_tests/fixtures.json b/tests/ui_tests/fixtures.json index 1d6e4183d7..b6fd172215 100644 --- a/tests/ui_tests/fixtures.json +++ b/tests/ui_tests/fixtures.json @@ -384,7 +384,7 @@ "test_reset_backup.py::test_skip_backup_msg[2-backup_flow_slip39_advanced]": "25a4e8a2ca91518b481538c7c9e70e1769f1aa26c85455bfaadf33c47ae185c2", "test_sdcard.py::test_sd_format": "6bb7486932a5d38cdbb9b1368ee92aca3fad384115c744feadfade80c1605dd8", "test_sdcard.py::test_sd_no_format": "f47e897caee95cf98c1b4506732825f853c4b8afcdc2713e38e3b4055973c9ac", -"test_sdcard.py::test_sd_protect_unlock": "ff6ab20979234230a6f4d67d7ff3a7ed3ddc536e1a8b8ad6a2c693b48e0006a9", +"test_sdcard.py::test_sd_protect_unlock": "23fdb2acb8d19edcca95d90512d53aea6c9d42d8bfb8712af5f7f0ef9fbed72d", "test_u2f_counter.py::test_u2f_counter": "7d96a4d262b9d8a2c1158ac1e5f0f7b2c3ed5f2ba9d6235a014320313f9488fe", "test_zerosig.py-test_one_zero_signature": "4099761c664ac57e9506abeb6a52cf898297c0dd592e2a394d008c5db7e62356", "test_zerosig.py-test_two_zero_signature": "46e0f1749af632a75a6c6ccc2deb4591a925428db000c52008ecb940ec673a6f"