1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-11-14 03:30:02 +00:00

apps.common: add protect_with_pin, adjust seed.py

This commit is contained in:
Jan Pochyla 2016-11-23 14:51:39 +01:00
parent b400448b97
commit e8da59ced0
2 changed files with 23 additions and 16 deletions

View File

@ -2,8 +2,8 @@ from trezor import ui
from trezor import wire
from trezor.utils import unimport
# TODO: publish only when debuglink is on
matrix = None
if __debug__:
matrix = None
@unimport
@ -15,7 +15,8 @@ async def request_pin_on_display(session_id: int, code: int=None) -> str:
from trezor.ui.confirm import ConfirmDialog, CONFIRMED
from trezor.ui.pin import PinMatrix
global matrix
if __debug__:
global matrix
_, label = _get_code_and_label(code)
@ -41,7 +42,8 @@ async def request_pin_on_client(session_id: int, code: int=None) -> str:
from trezor.messages.wire_types import PinMatrixAck, Cancel
from trezor.ui.pin import PinMatrix
global matrix
if __debug__:
global matrix
code, label = _get_code_and_label(code)
@ -76,6 +78,20 @@ async def request_pin_twice(session_id: int) -> str:
return pin_first
async def protect_by_pin(session_id: int):
from . import storage
while storage.is_locked():
pin = await request_pin(session_id)
storage.unlock(pin, _render_pin_failure)
def _render_pin_failure(sleep_ms: int):
ui.display.clear()
ui.display.text_center(240, 240, 'Sleeping for %d seconds' % sleep_ms / 1000,
ui.BOLD, ui.RED, ui.BLACK)
def _get_code_and_label(code: int) -> str:
from trezor.messages import PinMatrixRequestType
if code is None:

View File

@ -2,11 +2,6 @@ from trezor import wire
# FIXME: this is a stub
# TODO: decomplect the MVC layers
# TODO: most likely storage sensitive data in c
# TODO: check pin in constant time
# TODO: pin failure counter
_cached_seed = None
_cached_root_node = None
@ -40,22 +35,18 @@ async def get_seed(session_id: int) -> bytes:
async def compute_seed(session_id):
from trezor.crypto import bip39
from trezor.messages.FailureType import PinInvalid, Other
from trezor.messages.FailureType import Other
from .request_passphrase import request_passphrase
from .request_pin import request_pin
from .request_pin import protect_by_pin
from . import storage
if not storage.is_initialized():
raise wire.FailureError(Other, 'Device is not initialized')
if storage.is_protected_by_pin():
pin = await request_pin(session_id)
if not storage.check_pin(pin):
raise wire.FailureError(PinInvalid, 'PIN is incorrect')
await protect_by_pin(session_id)
if storage.is_protected_by_passphrase():
passphrase = await request_passphrase(session_id)
else:
passphrase = ''
return bip39.seed(storage.get_mnemonic(), passphrase)