apps.common: add protect_with_pin, adjust seed.py

src/apps/common/request_pin.py

@@ -2,8 +2,8 @@ from trezor import ui
 from trezor import wire
 from trezor.utils import unimport
 
-# TODO: publish only when debuglink is on
+if __debug__:
-matrix = None
+    matrix = None
 
 
 @unimport
@@ -15,7 +15,8 @@ async def request_pin_on_display(session_id: int, code: int=None) -> str:
     from trezor.ui.confirm import ConfirmDialog, CONFIRMED
     from trezor.ui.pin import PinMatrix
 
-    global matrix
+    if __debug__:
+        global matrix
 
     _, label = _get_code_and_label(code)
 
@@ -41,7 +42,8 @@ async def request_pin_on_client(session_id: int, code: int=None) -> str:
     from trezor.messages.wire_types import PinMatrixAck, Cancel
     from trezor.ui.pin import PinMatrix
 
-    global matrix
+    if __debug__:
+        global matrix
 
     code, label = _get_code_and_label(code)
 
@@ -76,6 +78,20 @@ async def request_pin_twice(session_id: int) -> str:
     return pin_first
 
 
+async def protect_by_pin(session_id: int):
+    from . import storage
+
+    while storage.is_locked():
+        pin = await request_pin(session_id)
+        storage.unlock(pin, _render_pin_failure)
+
+
+def _render_pin_failure(sleep_ms: int):
+    ui.display.clear()
+    ui.display.text_center(240, 240, 'Sleeping for %d seconds' % sleep_ms / 1000,
+                           ui.BOLD, ui.RED, ui.BLACK)
+
+
 def _get_code_and_label(code: int) -> str:
     from trezor.messages import PinMatrixRequestType
     if code is None:

src/apps/common/seed.py

@@ -2,11 +2,6 @@ from trezor import wire
 
 # FIXME: this is a stub
 
-# TODO: decomplect the MVC layers
-# TODO: most likely storage sensitive data in c
-# TODO: check pin in constant time
-# TODO: pin failure counter
-
 _cached_seed = None
 _cached_root_node = None
 
@@ -40,22 +35,18 @@ async def get_seed(session_id: int) -> bytes:
 
 async def compute_seed(session_id):
     from trezor.crypto import bip39
-    from trezor.messages.FailureType import PinInvalid, Other
+    from trezor.messages.FailureType import Other
     from .request_passphrase import request_passphrase
-    from .request_pin import request_pin
+    from .request_pin import protect_by_pin
     from . import storage
 
     if not storage.is_initialized():
         raise wire.FailureError(Other, 'Device is not initialized')
 
-    if storage.is_protected_by_pin():
+    await protect_by_pin(session_id)
-        pin = await request_pin(session_id)
-        if not storage.check_pin(pin):
-            raise wire.FailureError(PinInvalid, 'PIN is incorrect')
 
     if storage.is_protected_by_passphrase():
         passphrase = await request_passphrase(session_id)
     else:
         passphrase = ''
-
     return bip39.seed(storage.get_mnemonic(), passphrase)