mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-11-22 15:38:11 +00:00
apps.common: add protect_with_pin, adjust seed.py
This commit is contained in:
parent
b400448b97
commit
e8da59ced0
@ -2,8 +2,8 @@ from trezor import ui
|
||||
from trezor import wire
|
||||
from trezor.utils import unimport
|
||||
|
||||
# TODO: publish only when debuglink is on
|
||||
matrix = None
|
||||
if __debug__:
|
||||
matrix = None
|
||||
|
||||
|
||||
@unimport
|
||||
@ -15,7 +15,8 @@ async def request_pin_on_display(session_id: int, code: int=None) -> str:
|
||||
from trezor.ui.confirm import ConfirmDialog, CONFIRMED
|
||||
from trezor.ui.pin import PinMatrix
|
||||
|
||||
global matrix
|
||||
if __debug__:
|
||||
global matrix
|
||||
|
||||
_, label = _get_code_and_label(code)
|
||||
|
||||
@ -41,7 +42,8 @@ async def request_pin_on_client(session_id: int, code: int=None) -> str:
|
||||
from trezor.messages.wire_types import PinMatrixAck, Cancel
|
||||
from trezor.ui.pin import PinMatrix
|
||||
|
||||
global matrix
|
||||
if __debug__:
|
||||
global matrix
|
||||
|
||||
code, label = _get_code_and_label(code)
|
||||
|
||||
@ -76,6 +78,20 @@ async def request_pin_twice(session_id: int) -> str:
|
||||
return pin_first
|
||||
|
||||
|
||||
async def protect_by_pin(session_id: int):
|
||||
from . import storage
|
||||
|
||||
while storage.is_locked():
|
||||
pin = await request_pin(session_id)
|
||||
storage.unlock(pin, _render_pin_failure)
|
||||
|
||||
|
||||
def _render_pin_failure(sleep_ms: int):
|
||||
ui.display.clear()
|
||||
ui.display.text_center(240, 240, 'Sleeping for %d seconds' % sleep_ms / 1000,
|
||||
ui.BOLD, ui.RED, ui.BLACK)
|
||||
|
||||
|
||||
def _get_code_and_label(code: int) -> str:
|
||||
from trezor.messages import PinMatrixRequestType
|
||||
if code is None:
|
||||
|
@ -2,11 +2,6 @@ from trezor import wire
|
||||
|
||||
# FIXME: this is a stub
|
||||
|
||||
# TODO: decomplect the MVC layers
|
||||
# TODO: most likely storage sensitive data in c
|
||||
# TODO: check pin in constant time
|
||||
# TODO: pin failure counter
|
||||
|
||||
_cached_seed = None
|
||||
_cached_root_node = None
|
||||
|
||||
@ -40,22 +35,18 @@ async def get_seed(session_id: int) -> bytes:
|
||||
|
||||
async def compute_seed(session_id):
|
||||
from trezor.crypto import bip39
|
||||
from trezor.messages.FailureType import PinInvalid, Other
|
||||
from trezor.messages.FailureType import Other
|
||||
from .request_passphrase import request_passphrase
|
||||
from .request_pin import request_pin
|
||||
from .request_pin import protect_by_pin
|
||||
from . import storage
|
||||
|
||||
if not storage.is_initialized():
|
||||
raise wire.FailureError(Other, 'Device is not initialized')
|
||||
|
||||
if storage.is_protected_by_pin():
|
||||
pin = await request_pin(session_id)
|
||||
if not storage.check_pin(pin):
|
||||
raise wire.FailureError(PinInvalid, 'PIN is incorrect')
|
||||
await protect_by_pin(session_id)
|
||||
|
||||
if storage.is_protected_by_passphrase():
|
||||
passphrase = await request_passphrase(session_id)
|
||||
else:
|
||||
passphrase = ''
|
||||
|
||||
return bip39.seed(storage.get_mnemonic(), passphrase)
|
||||
|
Loading…
Reference in New Issue
Block a user