def test_set_failed(client):
assert client.features.pin_protection is False
# Check that there's no PIN protection
_check_no_pin(client)
# Let's set new PIN
def input_flow():
yield # do you want to set pin?
client.debug.press_yes()
yield # enter new pin
client.debug.input(PIN4)
yield # enter new pin again (but different)
client.debug.input(PIN60)
# failed retry
yield # enter new pin
client.cancel()
with client, pytest.raises(Cancelled):
client.set_expected_responses([messages.ButtonRequest] * 4 +
[messages.Failure])
client.set_input_flow(input_flow)
device.change_pin(client)
# Check that there's still no PIN protection now
client.init_device()
assert client.features.pin_protection is False
_check_no_pin(client)
def test_change_failed(client):
assert client.features.pin_protection is True
# Check current PIN value
_check_pin(client, PIN4)
# Let's set new PIN
def input_flow():
yield # do you want to change pin?
client.debug.press_yes()
yield # enter current pin
client.debug.input(PIN4)
yield # enter new pin
client.debug.input("457891")
yield # enter new pin again (but different)
client.debug.input("381847")
# failed retry
yield # enter current pin again
client.cancel()
with client, pytest.raises(Cancelled):
client.set_expected_responses([messages.ButtonRequest] * 5 +
[messages.Failure])
client.set_input_flow(input_flow)
device.change_pin(client)
# Check that there's still old PIN protection
client.init_device()
assert client.features.pin_protection is True
_check_pin(client, PIN4)
def test_change_invalid_current(client):
assert client.features.pin_protection is True
# Check current PIN value
_check_pin(client, PIN4)
# Let's set new PIN
def input_flow():
yield # do you want to change pin?
client.debug.press_yes()
yield # enter wrong current pin
client.debug.input(PIN60)
yield
client.debug.press_no()
with client, pytest.raises(TrezorFailure):
client.set_expected_responses([messages.ButtonRequest] * 3 +
[messages.Failure])
client.set_input_flow(input_flow)
device.change_pin(client)
# Check that there's still old PIN protection
client.init_device()
assert client.features.pin_protection is True
_check_pin(client, PIN4)
def _check_pin(client, pin):
client.clear_session()
assert client.features.pin_protection is True
with client:
client.set_expected_responses(
[messages.ButtonRequest()] * 5 +
[messages.Success(), messages.Features()])
client.set_input_flow(_input_flow_change_pin(client.debug, pin, pin))
device.change_pin(client)
def test_change_pin(self, client):
with client:
client.set_expected_responses([
proto.ButtonRequest(),
proto.PinMatrixRequest(),
proto.PinMatrixRequest(),
proto.PinMatrixRequest(),
proto.Success(),
proto.Features(),
])
device.change_pin(client)
def _check_wipe_code(client, pin, wipe_code):
client.init_device()
assert client.features.wipe_code_protection is True
# Try to change the PIN to the current wipe code value. The operation should fail.
with client, pytest.raises(TrezorFailure):
client.use_pin_sequence([pin, wipe_code, wipe_code])
client.set_expected_responses(
[messages.ButtonRequest()] * 5 +
[messages.Failure(code=messages.FailureType.PinInvalid)])
device.change_pin(client)
def test_change_pin(self):
with self.client:
self.setup_mnemonic_pin_passphrase()
self.client.set_expected_responses([
proto.ButtonRequest(),
proto.PinMatrixRequest(),
proto.PinMatrixRequest(),
proto.PinMatrixRequest(),
proto.Success(),
proto.Features(),
])
device.change_pin(self.client)
def test_change_pin(self, client):
with client:
client.use_pin_sequence([PIN4, PIN4, PIN4])
client.set_expected_responses([
messages.ButtonRequest,
messages.PinMatrixRequest,
messages.PinMatrixRequest,
messages.PinMatrixRequest,
messages.Success,
messages.Features,
])
device.change_pin(client)
def _check_wipe_code(client, pin, wipe_code):
client.clear_session()
assert client.features.wipe_code_protection is True
# Try to change the PIN to the current wipe code value. The operation should fail.
with client, pytest.raises(TrezorFailure):
client.set_expected_responses(
[messages.ButtonRequest()] * 5
+ [messages.Failure(code=messages.FailureType.PinInvalid)]
)
client.set_input_flow(_input_flow_change_pin(client.debug, pin, wipe_code))
device.change_pin(client)
def change_pin(hw_client, remove=False):
if hw_client:
try:
device.change_pin(hw_client, remove)
except exceptions.Cancelled:
raise CancelException('Cancelled')
except exceptions.TrezorFailure as e:
if e.failure.message == 'Device not initialized':
raise HwNotInitialized(e.failure.message)
else:
raise
else:
raise Exception('HW client not set.')
def test_change_pin_t1(client):
_assert_protection(client)
with client:
client.use_pin_sequence([PIN4, PIN4, PIN4])
client.set_expected_responses([
messages.ButtonRequest,
_pin_request(client),
_pin_request(client),
_pin_request(client),
messages.Success,
messages.Features,
])
device.change_pin(client)
def test_change_pin(self):
with self.client:
self.setup_mnemonic_pin_passphrase()
self.client.set_expected_responses(
[
proto.ButtonRequest(),
proto.PinMatrixRequest(),
proto.PinMatrixRequest(),
proto.PinMatrixRequest(),
proto.Success(),
proto.Features(),
]
)
device.change_pin(self.client)
def test_set_pin_to_wipe_code(client):
# Set wipe code.
with client:
client.set_expected_responses([messages.ButtonRequest()] * 4 +
[messages.Success, messages.Features])
client.use_pin_sequence([WIPE_CODE4, WIPE_CODE4])
device.change_wipe_code(client)
# Try to set the PIN to the current wipe code value.
with client, pytest.raises(TrezorFailure):
client.set_expected_responses(
[messages.ButtonRequest()] * 4 +
[messages.Failure(code=messages.FailureType.PinInvalid)])
client.use_pin_sequence([WIPE_CODE4, WIPE_CODE4])
device.change_pin(client)
def test_set_pin(client):
assert client.features.pin_protection is False
# Check that there's no PIN protection
_check_no_pin(client)
# Let's set new PIN
with client:
client.use_pin_sequence([PIN_MAX, PIN_MAX])
client.set_expected_responses([messages.ButtonRequest] * 4 +
[messages.Success, messages.Features])
device.change_pin(client)
client.init_device()
assert client.features.pin_protection is True
_check_pin(client, PIN_MAX)
def _change_pin(client: Client, old_pin, new_pin):
assert client.features.pin_protection is True
with client:
client.use_pin_sequence([old_pin, new_pin, new_pin])
try:
return device.change_pin(client)
except exceptions.TrezorFailure as f:
return f.failure
def test_remove_pin(client):
assert client.features.pin_protection is True
# Check current PIN value
_check_pin(client, PIN4)
# Let's remove PIN
with client:
client.use_pin_sequence([PIN4])
client.set_expected_responses([messages.ButtonRequest] * 3 +
[messages.Success, messages.Features])
device.change_pin(client, remove=True)
# Check that there's no PIN protection now
client.init_device()
assert client.features.pin_protection is False
_check_no_pin(client)
def test_change_pin(client):
assert client.features.pin_protection is True
# Check current PIN value
_check_pin(client, PIN4)
# Let's change PIN
with client:
client.use_pin_sequence([PIN4, PIN_MAX, PIN_MAX])
client.set_expected_responses([messages.ButtonRequest] * 5 +
[messages.Success, messages.Features])
device.change_pin(client)
# Check that there's still PIN protection now
client.init_device()
assert client.features.pin_protection is True
# Check that the PIN is correct
_check_pin(client, PIN_MAX)
def test_set_pin_to_wipe_code(client):
# Set wipe code.
with client:
client.set_expected_responses(
[messages.ButtonRequest()] * 4 + [messages.Success(), messages.Features()]
)
client.set_input_flow(_input_flow_set_wipe_code(client.debug, None, WIPE_CODE4))
device.change_wipe_code(client)
# Try to set the PIN to the current wipe code value.
with client, pytest.raises(TrezorFailure):
client.set_expected_responses(
[messages.ButtonRequest()] * 4
+ [messages.Failure(code=messages.FailureType.PinInvalid)]
)
client.set_input_flow(_input_flow_set_pin(client.debug, WIPE_CODE4))
device.change_pin(client)
def test_set_pin(client):
assert client.features.pin_protection is False
# Check that there's no PIN protection
_check_no_pin(client)
# Let's set new PIN
with client:
client.set_expected_responses(
[messages.ButtonRequest()] * 4 +
[messages.Success(), messages.Features()])
client.set_input_flow(_input_flow_set_pin(client.debug, PIN6))
device.change_pin(client)
client.init_device()
assert client.features.pin_protection is True
_check_pin(client, PIN6)
def test_remove_pin(client):
assert client.features.pin_protection is True
# Check current PIN value
_check_pin(client, PIN4)
# Let's remove PIN
with client:
client.set_expected_responses(
[messages.ButtonRequest()] * 3 +
[messages.Success(), messages.Features()])
client.set_input_flow(_input_flow_clear_pin(client.debug, PIN4))
device.change_pin(client, remove=True)
# Check that there's no PIN protection now
client.init_device()
assert client.features.pin_protection is False
_check_no_pin(client)
def _check_no_pin(client):
client.clear_session()
assert client.features.pin_protection is False
def input_flow():
yield from _input_flow_set_pin(client.debug, PIN4)
yield from _input_flow_clear_pin(client.debug, PIN4)
with client:
client.set_expected_responses(
[messages.ButtonRequest()] * 4 +
[messages.Success(), messages.Features()] +
[messages.ButtonRequest()] * 3 +
[messages.Success(), messages.Features()])
client.set_input_flow(input_flow)
device.change_pin(client)
device.change_pin(client, remove=True)
assert client.features.pin_protection is False
def test_remove_pin(client):
assert client.features.pin_protection is True
# Check that there's PIN protection
_check_pin(client, PIN4)
# Let's remove PIN
with client:
client.use_pin_sequence([PIN4])
client.set_expected_responses([
messages.ButtonRequest(
code=messages.ButtonRequestType.ProtectCall),
messages.PinMatrixRequest,
messages.Success,
messages.Features,
])
device.change_pin(client, remove=True)
# Check that there's no PIN protection now
assert client.features.pin_protection is False
_check_no_pin(client)
def test_change_mismatch(client):
assert client.features.pin_protection is True
# Let's set new PIN
with pytest.raises(TrezorFailure, match="PIN mismatch"), client:
client.use_pin_sequence([PIN4, PIN6, PIN6 + "3"])
client.set_expected_responses([
messages.ButtonRequest(
code=messages.ButtonRequestType.ProtectCall),
messages.PinMatrixRequest,
messages.PinMatrixRequest,
messages.PinMatrixRequest,
messages.Failure,
])
device.change_pin(client)
# Check that there's still old PIN protection
client.init_device()
assert client.features.pin_protection is True
_check_pin(client, PIN4)
def test_change_pin(client):
assert client.features.pin_protection is True
# Check current PIN value
_check_pin(client, PIN4)
# Let's change PIN
with client:
client.set_expected_responses(
[messages.ButtonRequest()] * 5 +
[messages.Success(), messages.Features()])
client.set_input_flow(_input_flow_change_pin(client.debug, PIN4, PIN6))
device.change_pin(client)
# Check that there's still PIN protection now
client.init_device()
assert client.features.pin_protection is True
# Check that the PIN is correct
_check_pin(client, PIN6)
def test_set_pin_to_wipe_code(client: Client):
# Set wipe code.
_set_wipe_code(client, None, WIPE_CODE4)
# Try to set the PIN to the current wipe code value.
with client:
client.use_pin_sequence([WIPE_CODE4, WIPE_CODE4])
client.set_expected_responses([
messages.ButtonRequest(),
messages.PinMatrixRequest(type=PinType.NewFirst),
messages.PinMatrixRequest(type=PinType.NewSecond),
messages.Failure(code=messages.FailureType.ProcessError),
])
with pytest.raises(exceptions.TrezorFailure):
device.change_pin(client)
# Check that there is no PIN protection.
client.init_device()
assert client.features.pin_protection is False
resp = client.call_raw(messages.GetAddress())
assert isinstance(resp, messages.Address)
def test_set_mismatch(client):
assert client.features.pin_protection is False
# Check that there's no PIN protection
_check_no_pin(client)
# Let's set new PIN
with pytest.raises(TrezorFailure, match="PIN mismatch"), client:
# use different PINs for first and second attempt. This will fail.
client.use_pin_sequence([PIN4, PIN6])
client.set_expected_responses([
messages.ButtonRequest(
code=messages.ButtonRequestType.ProtectCall),
messages.PinMatrixRequest,
messages.PinMatrixRequest,
messages.Failure,
])
device.change_pin(client)
# Check that there's still no PIN protection now
client.init_device()
assert client.features.pin_protection is False
_check_no_pin(client)
def test_change_pin(client):
assert client.features.pin_protection is True
# Check that there's PIN protection
_check_pin(client, PIN4)
# Let's change PIN
with client:
client.use_pin_sequence([PIN4, PIN6, PIN6])
client.set_expected_responses([
messages.ButtonRequest(
code=messages.ButtonRequestType.ProtectCall),
messages.PinMatrixRequest,
messages.PinMatrixRequest,
messages.PinMatrixRequest,
messages.Success,
messages.Features,
])
device.change_pin(client)
# Check that there's still PIN protection now
assert client.features.pin_protection is True
# Check that the PIN is correct
_check_pin(client, PIN6)
def test_upgrade_wipe_code(gen, tag):
PIN = "1234"
WIPE_CODE = "4321"
def asserts(client):
assert client.features.pin_protection
assert not client.features.passphrase_protection
assert client.features.initialized
assert client.features.label == LABEL
client.use_pin_sequence([PIN])
assert btc.get_address(client, "Bitcoin", PATH) == ADDRESS
with EmulatorWrapper(gen, tag) as emu:
debuglink.load_device_by_mnemonic(
emu.client,
mnemonic=MNEMONIC,
pin=PIN,
passphrase_protection=False,
label=LABEL,
language=LANGUAGE,
)
# Set wipe code.
emu.client.use_pin_sequence([PIN, WIPE_CODE, WIPE_CODE])
device.change_wipe_code(emu.client)
device_id = emu.client.features.device_id
asserts(emu.client)
storage = emu.get_storage()
with EmulatorWrapper(gen, storage=storage) as emu:
assert device_id == emu.client.features.device_id
asserts(emu.client)
assert emu.client.features.language == LANGUAGE
# Check that wipe code is set by changing the PIN to it.
emu.client.use_pin_sequence([PIN, WIPE_CODE, WIPE_CODE])
with pytest.raises(
exceptions.TrezorFailure,
match="The new PIN must be different from your wipe code",
):
return device.change_pin(emu.client)
def test_sd_protect_unlock(client):
def input_flow_enable_sd_protect():
yield # do you really want to enable SD protection
assert "SD card protection" in client.debug.wait_layout().text
client.debug.press_yes()
yield # enter current PIN
assert "PinDialog" == client.debug.wait_layout().text
client.debug.input("1234")
yield # you have successfully enabled SD protection
assert "Success" in client.debug.wait_layout().text
client.debug.press_yes()
with client:
client.set_input_flow(input_flow_enable_sd_protect)
device.sd_protect(client, Op.ENABLE)
def input_flow_change_pin():
yield # do you really want to change PIN?
assert "Change PIN" in client.debug.wait_layout().text
client.debug.press_yes()
yield # enter current PIN
assert "PinDialog" == client.debug.wait_layout().text
client.debug.input("1234")
yield # enter new PIN
assert "PinDialog" == client.debug.wait_layout().text
client.debug.input("1234")
yield # enter new PIN again
assert "PinDialog" == client.debug.wait_layout().text
client.debug.input("1234")
yield # Pin change successful
assert "Success" in client.debug.wait_layout().text
client.debug.press_yes()
with client:
client.set_input_flow(input_flow_change_pin)
device.change_pin(client)
client.debug.erase_sd_card(format=False)
def input_flow_change_pin_format():
yield # do you really want to change PIN?
assert "Change PIN" in client.debug.wait_layout().text
client.debug.press_yes()
yield # SD card problem
assert "SD card problem" in client.debug.wait_layout().text
client.debug.press_yes() # retry
yield # still SD card problem
assert "SD card problem" in client.debug.wait_layout().text
client.debug.press_no() # do not retry
with client, pytest.raises(TrezorFailure) as e:
client.set_input_flow(input_flow_change_pin_format)
device.change_pin(client)
assert e.value.failure.code == messages.FailureType.ProcessError
if __name__ == "__main__":
wirelink = get_device()
client = TrezorClientDebugLink(wirelink)
client.open()
i = 0
last_pin = None
while True:
# set private field
device.apply_settings(client, use_passphrase=True)
assert client.features.passphrase_protection is True
device.apply_settings(client, use_passphrase=False)
assert client.features.passphrase_protection is False
# set public field
label = "".join(random.choices(string.ascii_uppercase + string.digits, k=17))
device.apply_settings(client, label=label)
assert client.features.label == label
# change PIN
new_pin = "".join(random.choices(string.digits, k=random.randint(6, 10)))
client.set_input_flow(pin_input_flow(client, last_pin, new_pin))
device.change_pin(client)
client.set_input_flow(None)
last_pin = new_pin
print("iteration %d" % i)
i = i + 1
client = TrezorClientDebugLink(wirelink)
client.open()
i = 0
last_pin = None
while True:
# set private field
device.apply_settings(client, use_passphrase=True)
assert client.features.passphrase_protection is True
device.apply_settings(client, use_passphrase=False)
assert client.features.passphrase_protection is False
# set public field
label = "".join(
random.choices(string.ascii_uppercase + string.digits, k=17))
device.apply_settings(client, label=label)
assert client.features.label == label
# change PIN
new_pin = "".join(
random.choices(string.digits, k=random.randint(6, 10)))
client.set_input_flow(pin_input_flow(client, last_pin, new_pin))
device.change_pin(client)
client.set_input_flow(None)
last_pin = new_pin
print(f"iteration {i}")
i = i + 1
def change_pin(hw_session: HwSessionInfo, remove=False):
if hw_session.hw_client:
device.change_pin(hw_session.hw_client, remove)
else:
raise Exception('HW client not set.')
