Store pin as integer

- New module trezor.pin (add timeout here)
- Convert pin to integer by adding a '1' (to detect leading 0s)
- pin is still limited to 9 digits.

embed/extmod/modtrezorconfig/modtrezorconfig.c

@@ -25,15 +25,14 @@ STATIC mp_obj_t mod_trezorconfig_init(void) {
 }
 STATIC MP_DEFINE_CONST_FUN_OBJ_0(mod_trezorconfig_init_obj, mod_trezorconfig_init);
 
-/// def unlock(pin: str, waitcallback: (int, int -> None)) -> bool:
+/// def unlock(pin: int, waitcallback: (int, int -> None)) -> bool:
 ///     '''
 ///     Attempts to unlock the storage with given PIN.  Returns True on
 ///     success, False on failure.
 ///     '''
 STATIC mp_obj_t mod_trezorconfig_unlock(mp_obj_t pin, mp_obj_t waitcallback) {
-    mp_buffer_info_t buf;
+    uint32_t pin_i = mp_obj_get_int(pin);
-    mp_get_buffer_raise(pin, &buf, MP_BUFFER_READ);
+    if (sectrue != storage_unlock(pin_i, waitcallback)) {
-    if (sectrue != storage_unlock(buf.buf, buf.len, waitcallback)) {
         return mp_const_false;
     }
     return mp_const_true;
@@ -52,16 +51,14 @@ STATIC mp_obj_t mod_trezorconfig_has_pin(void) {
 }
 STATIC MP_DEFINE_CONST_FUN_OBJ_0(mod_trezorconfig_has_pin_obj, mod_trezorconfig_has_pin);
 
-/// def change_pin(pin: str, newpin: str, waitcallback: (int, int -> None)) -> bool:
+/// def change_pin(pin: int, newpin: int, waitcallback: (int, int -> None)) -> bool:
 ///     '''
 ///     Change PIN. Returns True on success, False on failure.
 ///     '''
 STATIC mp_obj_t mod_trezorconfig_change_pin(mp_obj_t pin, mp_obj_t newpin, mp_obj_t waitcallback) {
-    mp_buffer_info_t pinbuf;
+    uint32_t pin_i = mp_obj_get_int(pin);
-    mp_get_buffer_raise(pin, &pinbuf, MP_BUFFER_READ);
+    uint32_t newpin_i = mp_obj_get_int(newpin);
-    mp_buffer_info_t newbuf;
+    if (sectrue != storage_change_pin(pin_i, newpin_i, waitcallback)) {
-    mp_get_buffer_raise(newpin, &newbuf, MP_BUFFER_READ);
-    if (sectrue != storage_change_pin(pinbuf.buf, pinbuf.len, newbuf.buf, newbuf.len, waitcallback)) {
         return mp_const_false;
     }
     return mp_const_true;

embed/extmod/modtrezorconfig/storage.c

@@ -71,24 +71,15 @@ static void pin_fails_check_max(uint32_t ctr)
     }
 }
 
-static secbool const_cmp(const uint8_t *pub, size_t publen, const uint8_t *sec, size_t seclen)
+static secbool pin_cmp(const uint32_t pin)
-{
-    size_t diff = seclen ^ publen;
-    for (size_t i = 0; i < publen; i++) {
-        diff |= pub[i] ^ sec[i];
-    }
-    return sectrue * (0 == diff);
-}
-
-static secbool pin_cmp(const uint8_t *pin, size_t pinlen)
 {
     const void *spin = NULL;
     uint16_t spinlen = 0;
     norcow_get(PIN_KEY, &spin, &spinlen);
-    if (NULL != spin) {
+    if (NULL != spin && spinlen == sizeof(uint32_t)) {
-        return const_cmp(pin, pinlen, spin, spinlen);
+        return sectrue * (pin == *(const uint32_t*)spin);
     } else {
-        return sectrue * (0 == pinlen);
+        return sectrue * (1 == pin);
     }
 }
 
@@ -131,7 +122,7 @@ static secbool pin_get_fails(const uint32_t **pinfail, uint32_t *pofs)
     return sectrue;
 }
 
-static secbool pin_check(const uint8_t *pin, size_t len, mp_obj_t callback)
+static secbool pin_check(uint32_t pin, mp_obj_t callback)
 {
     const uint32_t *pinfail = NULL;
     uint32_t ofs;
@@ -161,7 +152,7 @@ static secbool pin_check(const uint8_t *pin, size_t len, mp_obj_t callback)
     if (sectrue != pin_fails_increase(pinfail + ofs, ofs * sizeof(uint32_t))) {
         return secfalse;
     }
-    if (sectrue != pin_cmp(pin, len)) {
+    if (sectrue != pin_cmp(pin)) {
         // Wipe storage if too many failures
         pin_fails_check_max(ctr << 1);
         return secfalse;
@@ -172,10 +163,10 @@ static secbool pin_check(const uint8_t *pin, size_t len, mp_obj_t callback)
     return sectrue;
 }
 
-secbool storage_unlock(const uint8_t *pin, size_t len, mp_obj_t callback)
+secbool storage_unlock(const uint32_t pin, mp_obj_t callback)
 {
     unlocked = secfalse;
-    if (sectrue == initialized && sectrue == pin_check(pin, len, callback)) {
+    if (sectrue == initialized && sectrue == pin_check(pin, callback)) {
         unlocked = sectrue;
     }
     return unlocked;
@@ -208,15 +199,15 @@ secbool storage_has_pin(void)
     return sectrue * (0 != spinlen);
 }
 
-secbool storage_change_pin(const uint8_t *pin, size_t len, const uint8_t *newpin, size_t newlen, mp_obj_t callback)
+secbool storage_change_pin(const uint32_t pin, const uint32_t newpin, mp_obj_t callback)
 {
-    if (sectrue != initialized || sectrue != unlocked || newlen > PIN_MAXLEN) {
+    if (sectrue != initialized || sectrue != unlocked) {
         return secfalse;
     }
-    if (sectrue != pin_check(pin, len, callback)) {
+    if (sectrue != pin_check(pin, callback)) {
         return secfalse;
     }
-    return norcow_set(PIN_KEY, newpin, newlen);
+    return norcow_set(PIN_KEY, &newpin, sizeof(uint32_t));
 }
 
 void storage_wipe(void)

embed/extmod/modtrezorconfig/storage.h

@@ -12,9 +12,9 @@
 
 void storage_init(void);
 void storage_wipe(void);
-secbool storage_unlock(const uint8_t *pin, size_t len, mp_obj_t callback);
+secbool storage_unlock(const uint32_t pin, mp_obj_t callback);
 secbool storage_has_pin(void);
 uint32_t storage_pin_wait_time(void);
-secbool storage_change_pin(const uint8_t *pin, size_t len, const uint8_t *newpin, size_t newlen, mp_obj_t callback);
+secbool storage_change_pin(const uint32_t pin, const uint32_t newpin, mp_obj_t callback);
 secbool storage_get(uint16_t key, const void **val, uint16_t *len);
 secbool storage_set(uint16_t key, const void *val, uint16_t len);

src/apps/management/change_pin.py

@@ -1,5 +1,6 @@
 from trezor import ui
 from trezor import config
+from trezor.pin import pin_to_int
 from trezor.utils import unimport
 
 
@@ -50,6 +51,8 @@ def confirm_change_pin(ctx, msg):
 @unimport
 async def layout_change_pin(ctx, msg):
     from trezor.messages.Success import Success
+    from trezor.messages.Failure import Failure
+    from trezor.messages.FailureType import PinInvalid
     from apps.common.request_pin import show_pin_timeout
 
     await confirm_change_pin(ctx, msg)
@@ -63,9 +66,10 @@ async def layout_change_pin(ctx, msg):
     else:
         new_pin = await request_pin_confirm(ctx)
 
-    config.change_pin(curr_pin, new_pin, show_pin_timeout)
+    if config.change_pin(pin_to_int(curr_pin), pin_to_int(new_pin), show_pin_timeout):
-
+        if new_pin:
-    if new_pin:
+            return Success(message='PIN changed')
-        return Success(message='PIN changed')
+        else:
+            return Success(message='PIN removed')
     else:
-        return Success(message='PIN removed')
+        return Failure(code=PinInvalid, message='PIN invalid')

src/apps/management/load_device.py

@@ -1,4 +1,5 @@
 from trezor import wire, ui, config
+from trezor.pin import pin_to_int
 from trezor.utils import unimport
 
 
@@ -29,6 +30,6 @@ async def layout_load_device(ctx, msg):
     storage.load_settings(use_passphrase=msg.passphrase_protection,
                           label=msg.label)
     if msg.pin:
-        config.change_pin('', msg.pin, None)
+        config.change_pin(pin_to_int(''), pin_to_int(msg.pin), None)
 
     return Success(message='Device loaded')

src/boot.py

@@ -1,4 +1,5 @@
 from trezor import config
+from trezor.pin import pin_to_int
 from trezor import loop
 from trezor import ui
 
@@ -11,7 +12,7 @@ async def unlock_layout():
             pin = await request_pin()
         else:
             pin = ''
-        if config.unlock(pin, show_pin_timeout):
+        if config.unlock(pin_to_int(pin), show_pin_timeout):
             return
         else:
             await unlock_failed()

src/trezor/pin.py

@@ -0,0 +1,6 @@
+from trezor import config
+from trezor import log
+
+
+def pin_to_int(pin):
+    return int('1'+pin)