1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-01-11 16:00:57 +00:00

tests: disable PIN detection, all PIN uses must be explicit

This commit is contained in:
matejcik 2020-04-27 16:37:07 +02:00 committed by matejcik
parent 4771d2c233
commit fc6c99c6f9
7 changed files with 44 additions and 42 deletions

View File

@ -87,14 +87,6 @@ class DebugLink:
obj = self._call(messages.DebugLinkGetState(wait_layout=True))
return layout_lines(obj.layout_lines)
def read_pin_encoded(self):
state = self.state()
if state.matrix is None:
raise RuntimeError("PIN matrix does not exist (are you running Trezor T?)")
if state.pin is None:
raise RuntimeError("PIN is not set")
return self.encode_pin(state.pin, state.matrix)
def encode_pin(self, pin, matrix=None):
"""Transform correct PIN according to the displayed matrix."""
if matrix is None:
@ -251,8 +243,7 @@ class DebugUI:
def get_pin(self, code=None):
if self.pins is None:
# respond with correct pin
return self.debuglink.read_pin_encoded()
raise RuntimeError("PIN requested but no sequence was configured")
try:
return self.debuglink.encode_pin(next(self.pins))

View File

@ -119,9 +119,6 @@ def client(request):
setup_params.update(marker.kwargs)
if not setup_params["uninitialized"]:
if setup_params["pin"] is True:
setup_params["pin"] = "1234"
debuglink.load_device(
client,
mnemonic=setup_params["mnemonic"],

View File

@ -41,7 +41,7 @@ class TestDebuglink:
assert state.pin == "1234"
assert state.matrix != ""
pin_encoded = client.debug.read_pin_encoded()
pin_encoded = client.debug.encode_pin("1234")
resp = client.call_raw(messages.PinMatrixAck(pin=pin_encoded))
assert isinstance(resp, messages.PassphraseRequest)

View File

@ -24,16 +24,18 @@ EXPECTED_RESPONSES_NOPIN = [proto.ButtonRequest(), proto.Success(), proto.Featur
EXPECTED_RESPONSES_PIN_T1 = [proto.PinMatrixRequest()] + EXPECTED_RESPONSES_NOPIN
EXPECTED_RESPONSES_PIN_TT = [proto.ButtonRequest()] + EXPECTED_RESPONSES_NOPIN
PIN4 = "1234"
def _set_expected_responses(client):
client.use_pin_sequence([PIN4])
if client.features.model == "1":
client.set_expected_responses(EXPECTED_RESPONSES_PIN_T1)
else:
client.use_pin_sequence(["1234"])
client.set_expected_responses(EXPECTED_RESPONSES_PIN_TT)
@pytest.mark.setup_client(pin=True)
@pytest.mark.setup_client(pin=PIN4)
class TestMsgApplysettings:
def test_apply_settings(self, client):
assert client.features.label == "test"
@ -54,7 +56,7 @@ class TestMsgApplysettings:
assert client.features.language == "en-US"
@pytest.mark.setup_client(pin=True, passphrase=False)
@pytest.mark.setup_client(pin=PIN4, passphrase=False)
def test_apply_settings_passphrase(self, client):
assert client.features.passphrase_protection is False
@ -121,7 +123,7 @@ class TestMsgApplysettings:
@pytest.mark.skip_t2
def test_apply_auto_lock_delay(self, client):
with client:
client.set_expected_responses(EXPECTED_RESPONSES_PIN)
_set_expected_responses(client)
device.apply_settings(client, auto_lock_delay_ms=int(10e3)) # 10 secs
time.sleep(0.1) # sleep less than auto-lock delay
@ -132,6 +134,7 @@ class TestMsgApplysettings:
time.sleep(10.1) # sleep more than auto-lock delay
with client:
client.use_pin_sequence([PIN4])
client.set_expected_responses([proto.PinMatrixRequest(), proto.Address()])
btc.get_address(client, "Testnet", [0])
@ -143,7 +146,7 @@ class TestMsgApplysettings:
"""
with client:
client.set_expected_responses(EXPECTED_RESPONSES_PIN)
_set_expected_responses(client)
# Note: the actual delay will be 10 secs (see above).
device.apply_settings(client, auto_lock_delay_ms=int(1e3))
@ -161,5 +164,6 @@ class TestMsgApplysettings:
time.sleep(10.1) # sleep more than the minimal auto-lock delay
with client:
client.use_pin_sequence([PIN4])
client.set_expected_responses([proto.PinMatrixRequest(), proto.Address()])
btc.get_address(client, "Testnet", [0])

View File

@ -27,11 +27,11 @@ WIPE_CODE6 = "456789"
pytestmark = pytest.mark.skip_t2
def _set_wipe_code(client, wipe_code):
def _set_wipe_code(client, pin, wipe_code):
# Set/change wipe code.
with client:
if client.features.pin_protection:
pins = [client.debug.state().pin, wipe_code, wipe_code]
pins = [pin, wipe_code, wipe_code]
pin_matrices = [
messages.PinMatrixRequest(type=PinType.Current),
messages.PinMatrixRequest(type=PinType.WipeCodeFirst),
@ -63,9 +63,9 @@ def _change_pin(client, old_pin, new_pin):
return f.failure
def _check_wipe_code(client, wipe_code):
def _check_wipe_code(client, pin, wipe_code):
"""Check that wipe code is set by changing the PIN to it."""
f = _change_pin(client, client.debug.state().pin, wipe_code)
f = _change_pin(client, pin, wipe_code)
assert isinstance(f, messages.Failure)
@ -75,27 +75,29 @@ def test_set_remove_wipe_code(client):
assert client.features.wipe_code_protection is None
# Test set wipe code.
_set_wipe_code(client, WIPE_CODE4)
_set_wipe_code(client, PIN4, WIPE_CODE4)
# Check that there's wipe code protection now.
client.init_device()
assert client.features.wipe_code_protection is True
# Check that the wipe code is correct.
_check_wipe_code(client, WIPE_CODE4)
_check_wipe_code(client, PIN4, WIPE_CODE4)
# Test change wipe code.
_set_wipe_code(client, WIPE_CODE6)
_set_wipe_code(client, PIN4, WIPE_CODE6)
# Check that there's still wipe code protection now.
client.init_device()
assert client.features.wipe_code_protection is True
# Check that the wipe code is correct.
_check_wipe_code(client, WIPE_CODE6)
_check_wipe_code(client, PIN4, WIPE_CODE6)
# Test remove wipe code.
device.change_wipe_code(client, remove=True)
with client:
client.use_pin_sequence([PIN4])
device.change_wipe_code(client, remove=True)
# Check that there's no wipe code protection now.
client.init_device()
@ -151,7 +153,7 @@ def test_set_wipe_code_to_pin(client):
def test_set_pin_to_wipe_code(client):
# Set wipe code.
_set_wipe_code(client, WIPE_CODE4)
_set_wipe_code(client, None, WIPE_CODE4)
# Try to set the PIN to the current wipe code value.
with client:

View File

@ -33,14 +33,13 @@ class TestProtectCall:
def test_no_protection(self, client):
with client:
assert client.debug.state().pin is None
client.set_expected_responses([proto.Address()])
self._some_protected_call(client)
@pytest.mark.setup_client(pin="1234")
def test_pin(self, client):
with client:
assert client.debug.state().pin == "1234"
client.use_pin_sequence(["1234"])
client.set_expected_responses([proto.PinMatrixRequest(), proto.Address()])
self._some_protected_call(client)

View File

@ -29,18 +29,21 @@ TXHASH_d5f65e = bytes.fromhex(
"d5f65ee80147b4bcc70b75e4bbf2d7382021b871bd8867ef8fa525ef50864882"
)
PIN4 = "1234"
@pytest.mark.skip_t2
class TestProtectionLevels:
@pytest.mark.setup_client(pin=True, passphrase=True)
@pytest.mark.setup_client(pin=PIN4, passphrase=True)
def test_initialize(self, client):
with client:
client.set_expected_responses([proto.Features()])
client.init_device()
@pytest.mark.setup_client(pin=True, passphrase=True)
@pytest.mark.setup_client(pin=PIN4, passphrase=True)
def test_apply_settings(self, client):
with client:
client.use_pin_sequence([PIN4])
client.set_expected_responses(
[
proto.PinMatrixRequest(),
@ -51,9 +54,10 @@ class TestProtectionLevels:
) # TrezorClient reinitializes device
device.apply_settings(client, label="nazdar")
@pytest.mark.setup_client(pin=True, passphrase=True)
@pytest.mark.setup_client(pin=PIN4, passphrase=True)
def test_change_pin(self, client):
with client:
client.use_pin_sequence([PIN4, PIN4, PIN4])
client.set_expected_responses(
[
proto.ButtonRequest(),
@ -71,29 +75,31 @@ class TestProtectionLevels:
client.set_expected_responses([proto.ButtonRequest(), proto.Success()])
client.ping("msg", True)
@pytest.mark.setup_client(pin=True, passphrase=True)
@pytest.mark.setup_client(pin=PIN4, passphrase=True)
def test_get_entropy(self, client):
with client:
client.set_expected_responses([proto.ButtonRequest(), proto.Entropy()])
misc.get_entropy(client, 10)
@pytest.mark.setup_client(pin=True, passphrase=True)
@pytest.mark.setup_client(pin=PIN4, passphrase=True)
def test_get_public_key(self, client):
with client:
client.use_pin_sequence([PIN4])
client.set_expected_responses(
[proto.PinMatrixRequest(), proto.PassphraseRequest(), proto.PublicKey()]
)
btc.get_public_node(client, [])
@pytest.mark.setup_client(pin=True, passphrase=True)
@pytest.mark.setup_client(pin=PIN4, passphrase=True)
def test_get_address(self, client):
with client:
client.use_pin_sequence([PIN4])
client.set_expected_responses(
[proto.PinMatrixRequest(), proto.PassphraseRequest(), proto.Address()]
)
btc.get_address(client, "Bitcoin", [])
@pytest.mark.setup_client(pin=True, passphrase=True)
@pytest.mark.setup_client(pin=PIN4, passphrase=True)
def test_wipe_device(self, client):
with client:
client.set_expected_responses(
@ -153,9 +159,10 @@ class TestProtectionLevels:
)
)
@pytest.mark.setup_client(pin=True, passphrase=True)
@pytest.mark.setup_client(pin=PIN4, passphrase=True)
def test_sign_message(self, client):
with client:
client.use_pin_sequence([PIN4])
client.set_expected_responses(
[
proto.ButtonRequest(),
@ -166,7 +173,7 @@ class TestProtectionLevels:
)
btc.sign_message(client, "Bitcoin", [], "testing message")
@pytest.mark.setup_client(pin=True, passphrase=True)
@pytest.mark.setup_client(pin=PIN4, passphrase=True)
def test_verify_message(self, client):
with client:
client.set_expected_responses(
@ -182,7 +189,7 @@ class TestProtectionLevels:
"This is an example of a signed message.",
)
@pytest.mark.setup_client(pin=True, passphrase=True)
@pytest.mark.setup_client(pin=PIN4, passphrase=True)
def test_signtx(self, client):
inp1 = proto.TxInputType(
address_n=[0], # 14LmW5k4ssUrtbAB4255zdqv3b4w1TuX9e
@ -198,6 +205,7 @@ class TestProtectionLevels:
with client:
client.use_pin_sequence([PIN4])
client.set_expected_responses(
[
proto.PinMatrixRequest(),
@ -224,11 +232,12 @@ class TestProtectionLevels:
# def test_firmware_upload(self):
# pass
@pytest.mark.setup_client(pin=True)
@pytest.mark.setup_client(pin=PIN4)
def test_pin_cached(self, client):
assert client.features.pin_cached is False
with client:
client.use_pin_sequence([PIN4])
client.set_expected_responses([proto.PinMatrixRequest(), proto.Address()])
btc.get_address(client, "Testnet", [0])