def test_public(self): config.init() config.wipe() self.assertEqual(config.unlock(pin_to_int('')), True) appid, key = random_entry() value32 = random.bytes(32) config.set(appid, key, value32) value16 = random.bytes(16) config.set(appid, key, value16, True) v1 = config.get(appid, key) v2 = config.get(appid, key, True) self.assertNotEqual(v1, v2) self.assertEqual(v1, value32) self.assertEqual(v2, value16) config.init() v1 = config.get(appid, key) v2 = config.get(appid, key, True) self.assertNotEqual(v1, v2) self.assertEqual(v1, None) self.assertEqual(v2, value16)
def test_change_sd_salt(self): salt1 = b"0123456789abcdef0123456789abcdef" salt2 = b"0123456789ABCDEF0123456789ABCDEF" # Enable PIN and SD salt. config.init() config.wipe() self.assertTrue(config.unlock('', None)) config.set(1, 1, b'value') self.assertFalse(config.change_pin('', '', salt1, None)) self.assertTrue(config.change_pin('', '000', None, salt1)) self.assertEqual(config.get(1, 1), b'value') # Disable PIN and change SD salt. config.init() self.assertFalse(config.unlock('000', None)) self.assertIsNone(config.get(1, 1)) self.assertTrue(config.unlock('000', salt1)) self.assertTrue(config.change_pin('000', '', salt1, salt2)) self.assertEqual(config.get(1, 1), b'value') # Disable SD salt. config.init() self.assertFalse(config.unlock('000', salt2)) self.assertIsNone(config.get(1, 1)) self.assertTrue(config.unlock('', salt2)) self.assertTrue(config.change_pin('', '', salt2, None)) self.assertEqual(config.get(1, 1), b'value') # Check that PIN and SD salt are disabled. config.init() self.assertTrue(config.unlock('', None)) self.assertEqual(config.get(1, 1), b'value')
def boot() -> None: # wipe storage when debug build is used on real hardware if not utils.EMULATOR: config.wipe() register(MessageType.DebugLinkDecision, dispatch_DebugLinkDecision) register(MessageType.DebugLinkGetState, dispatch_DebugLinkGetState)
def test_get_default(self): config.init() config.wipe() for _ in range(64): appid, key = random.uniform(256), random.uniform(256) value = config.get(appid, key) self.assertEqual(value, bytes())
def test_set_get(self): config.init() config.wipe() self.assertEqual(config.unlock('', None), True) for _ in range(32): appid, key = random_entry() value = random.bytes(128) config.set(appid, key, value) value2 = config.get(appid, key) self.assertEqual(value, value2) # Test value deletion. self.assertTrue(config.delete(appid, key)) self.assertIsNone(config.get(appid, key)) self.assertFalse(config.delete(appid, key)) # Test get/set for APP out ouf range. with self.assertRaises(ValueError): config.set(0, 1, b'test') with self.assertRaises(ValueError): config.get(0, 1) with self.assertRaises(ValueError): config.set(192, 1, b'test') with self.assertRaises(ValueError): config.get(192, 1)
def test_get_default(self): config.init() config.wipe() self.assertEqual(config.unlock(pin_to_int(''), None), True) for _ in range(128): appid, key = random_entry() value = config.get(appid, key) self.assertEqual(value, bytes())
def test_set_get(self): config.wipe() for _ in range(64): appid, key = random.uniform(256), random.uniform(256) value = random.bytes(128) config.set(appid, key, value) value2 = config.get(appid, key) self.assertEqual(value, value2)
def test_set_get(self): config.init() config.wipe() self.assertEqual(config.unlock(pin_to_int(''), None), True) for _ in range(32): appid, key = random_entry() value = random.bytes(128) config.set(appid, key, value) value2 = config.get(appid, key) self.assertEqual(value, value2)
def test_counter(self): config.init() config.wipe() for i in range(150): self.assertEqual(device.next_u2f_counter(), i) device.set_u2f_counter(350) for i in range(351, 500): self.assertEqual(device.next_u2f_counter(), i) device.set_u2f_counter(0) self.assertEqual(device.next_u2f_counter(), 1)
def test_compact(self): config.init() config.wipe() self.assertEqual(config.unlock(pin_to_int(''), None), True) appid, key = 1, 1 for _ in range(259): value = random.bytes(259) config.set(appid, key, value) value2 = config.get(appid, key) self.assertEqual(value, value2)
def boot() -> None: # wipe storage when debug build is used on real hardware if not utils.EMULATOR: config.wipe() wire.register(MessageType.DebugLinkDecision, dispatch_DebugLinkDecision) wire.register(MessageType.DebugLinkGetState, dispatch_DebugLinkGetState) wire.add(MessageType.LoadDevice, __name__, "load_device")
def test_counter(self): config.init() config.wipe() for i in range(150): self.assertEqual(storage.next_u2f_counter(), i) storage.set_u2f_counter(350) for i in range(351, 500): self.assertEqual(storage.next_u2f_counter(), i) storage.set_u2f_counter(0) self.assertEqual(storage.next_u2f_counter(), 1) storage.set_u2f_counter(None) self.assertEqual(storage.next_u2f_counter(), 0)
def test_wipe(self): config.wipe() config.set(0, 0, b'hello') config.set(1, 1, b'world') v0 = config.get(0, 0) v1 = config.get(1, 1) self.assertEqual(v0, b'hello') self.assertEqual(v1, b'world') config.wipe() v0 = config.get(0, 0) v1 = config.get(1, 1) self.assertEqual(v0, bytes()) self.assertEqual(v1, bytes())
def boot() -> None: # wipe storage when debug build is used on real hardware if not utils.EMULATOR: config.wipe() wire.add(MessageType.LoadDevice, __name__, "load_device") wire.add(MessageType.DebugLinkShowText, __name__, "show_text") wire.register(MessageType.DebugLinkDecision, dispatch_DebugLinkDecision) # type: ignore wire.register(MessageType.DebugLinkGetState, dispatch_DebugLinkGetState) wire.register(MessageType.DebugLinkReseedRandom, dispatch_DebugLinkReseedRandom) wire.register(MessageType.DebugLinkRecordScreen, dispatch_DebugLinkRecordScreen) wire.register(MessageType.DebugLinkEraseSdCard, dispatch_DebugLinkEraseSdCard) wire.register(MessageType.DebugLinkWatchLayout, dispatch_DebugLinkWatchLayout)
def test_lock(self): for _ in range(128): config.init() config.wipe() self.assertEqual(config.unlock(pin_to_int('')), True) appid, key = random_entry() value = random.bytes(16) config.set(appid, key, value) config.init() self.assertEqual(config.get(appid, key), None) with self.assertRaises(RuntimeError): config.set(appid, key, bytes()) config.init() config.wipe()
def test_wipe(self): config.init() config.wipe() self.assertEqual(config.unlock(pin_to_int(''), None), True) config.set(1, 1, b'hello') config.set(1, 2, b'world') v0 = config.get(1, 1) v1 = config.get(1, 2) self.assertEqual(v0, b'hello') self.assertEqual(v1, b'world') config.wipe() v0 = config.get(1, 1) v1 = config.get(1, 2) self.assertEqual(v0, bytes()) self.assertEqual(v1, bytes())
def test_change_pin(self): config.init() config.wipe() self.assertTrue(config.unlock('', None)) config.set(1, 1, b'value') PINS = ('123', '123', 'Trezor T', '3141592653589793238462643383279502884197', '') old_pin = '' for new_pin in PINS: self.assertTrue(config.unlock(old_pin, None)) # The APP namespace which is reserved for storage related values is inaccessible even # when unlocked. with self.assertRaises(ValueError): config.set(PINAPP, PINKEY, b'value') self.assertTrue(config.change_pin(old_pin, new_pin, None, None)) # Old PIN cannot be used to change the current PIN. if old_pin != new_pin: self.assertFalse(config.change_pin(old_pin, '666', None, None)) # Storage remains unlocked. self.assertEqual(config.get(1, 1), b'value') # The APP namespace which is reserved for storage related values is inaccessible even # when unlocked. with self.assertRaises(ValueError): config.get(PINAPP, PINKEY) # Old PIN cannot be used to unlock storage. if old_pin != new_pin: config.init() self.assertFalse(config.unlock(old_pin, None)) self.assertEqual(config.get(1, 1), None) with self.assertRaises(RuntimeError): config.set(1, 1, b'new value') # New PIN unlocks the storage. self.assertTrue(config.unlock(new_pin, None)) self.assertEqual(config.get(1, 1), b'value') # Lock the storage. config.init() old_pin = new_pin
def test_change_pin(self): config.init() config.wipe() self.assertEqual(config.unlock(pin_to_int('')), True) with self.assertRaises(RuntimeError): config.set(PINAPP, PINKEY, b'value') self.assertEqual( config.change_pin(pin_to_int('000'), pin_to_int('666')), False) self.assertEqual(config.change_pin(pin_to_int(''), pin_to_int('000')), True) self.assertEqual(config.get(PINAPP, PINKEY), None) config.set(1, 1, b'value') config.init() self.assertEqual(config.unlock(pin_to_int('000')), True) config.change_pin(pin_to_int('000'), pin_to_int('')) config.init() self.assertEqual(config.unlock(pin_to_int('000')), False) self.assertEqual(config.unlock(pin_to_int('')), True) self.assertEqual(config.get(1, 1), b'value')
def test_counter(self): config.init() config.wipe() # Test writable_locked when storage is locked. config.lock() with self.assertRaises(RuntimeError): config.set_counter(1, 2, 0, False) with self.assertRaises(RuntimeError): config.next_counter(1, 2, False) config.set_counter(1, 2, 100, True) for i in range(100, 200): self.assertEqual(config.next_counter(1, 2, True), i + 1) # Test increment with storage unlocked. self.assertEqual(config.unlock('', None), True) for i in range(200, 300): self.assertEqual(config.next_counter(1, 2, True), i + 1) # Test counter deletion. config.delete(1, 2, True, True) self.assertEqual(config.next_counter(1, 2, True), 0) # Test overflow protection. with self.assertRaises(RuntimeError): config.set_counter(1, 2, 0x1_0000_0000, True) start = 0xFFFF_FFFF - 100 config.set_counter(1, 2, start, True) for i in range(start, 0xFFFF_FFFF): self.assertEqual(config.next_counter(1, 2, True), i + 1)
def wipe(): lock() config.wipe()
def wipe(): config.wipe() cache.clear()
def wipe() -> None: config.wipe() cache.clear()
lockscreen = Lockscreen(bootscreen=True) ui.display.orientation(storage.device.get_rotation()) while True: try: if can_lock_device(): await lockscreen await verify_user_pin() storage.init_unlocked() return except wire.PinCancelled: # verify_user_pin will convert a SdCardUnavailable (in case of sd salt) # to PinCancelled exception. # Ignore exception, retry loop. pass except BaseException as e: # other exceptions here are unexpected and should halt the device if __debug__: log.exception(__name__, e) utils.halt(e.__class__.__name__) ui.display.backlight(ui.BACKLIGHT_NONE) ui.backlight_fade(ui.BACKLIGHT_NORMAL) config.init(show_pin_timeout) if __debug__ and not utils.EMULATOR: config.wipe() loop.schedule(bootscreen()) loop.run()
def test_sign_transaction(self): test_datasets = ( ( # Inputs: [ # KIDV: # idx, type, sub_idx, value [1, 1, 1, 2], [2, 2, 2, 5], ], # Outputs: [ # KIDV: # idx, type, sub_idx, value [3, 3, 3, 3], ], # Nonce slot: 2, # Kernel params: # fee, min_height, max_height, # commitment_x, commitment_y, # multisig_nonce_x, multisig_nonce_y, # offset_sk # expected_signature, expected_is_signed 1, 1, 5, "0x12abcdef12abcdef12abcdef12abcdef12abcdef12abcdef12abcdef12abcdef", 0, "0x12abcdef12abcdef12abcdef12abcdef12abcdef12abcdef12abcdef12abcdef", 0, "0x12abcdef12abcdef12abcdef12abcdef12abcdef12abcdef12abcdef12abcdef", "614856ca69245fd9c6e8db15a256c050ca078e79a6f49e61e24688fdcad73bf6", True), ([ [1, 0, 1, 8], [2, 0, 0, 5], ], [ [1, 0, 1, 4], ], 2, 1, 1, 5, "0x12abcdef12abcdef12abcdef12abcdef12abcdef12abcdef12abcdef12abcdef", 0, "0x12abcdef12abcdef12abcdef12abcdef12abcdef12abcdef12abcdef12abcdef", 0, "0x12abcdef12abcdef12abcdef12abcdef12abcdef12abcdef12abcdef12abcdef", "7c4fe694451b28159e5407714072acd1eae4da18aef1dfd42bb165405f529a04", True), ([ [0, 0, 0, 40], ], [ [0, 0, 0, 16], [0, 0, 0, 24], ], 1, 0, 25000, 27500, "0x12abcdef12abcdef12abcdef12abcdef12abcdef12abcdef12abcdef12abcdef", 0, "0x12abcdef12abcdef12abcdef12abcdef12abcdef12abcdef12abcdef12abcdef", 0, "0x12abcdef12abcdef12abcdef12abcdef12abcdef12abcdef12abcdef12abcdef", "60e3e9d87bd264bdcac4518284bd4f850561c3bb251bd758bb1349a44188a28c", True), ) config.init() config.wipe() config.unlock(pin_to_int('')) create_master_nonce(self.seed) for test_params in test_datasets: inputs = create_kidv_list_from(test_params[0]) outputs = create_kidv_list_from(test_params[1]) nonce_slot = test_params[2] fee = test_params[3] min_height = test_params[4] max_height = test_params[5] commitment_x = test_params[6] commitment_y = test_params[7] multisig_nonce_x = test_params[8] multisig_nonce_y = test_params[9] offset_sk = test_params[10] expected_signature = test_params[11] expected_is_signed = test_params[12] tm = beam.TransactionMaker() sk_total, value_transferred = sign_tx_part_1( tm, self.mnemonic, inputs, outputs, fee, min_height, max_height, commitment_x, commitment_y, multisig_nonce_x, multisig_nonce_y, nonce_slot, offset_sk) signature, is_signed = sign_tx_part_2(tm, sk_total, nonce_slot) self.assertEqual(bin_to_str(signature), expected_signature) self.assertEqual(is_signed, expected_is_signed)
def wipe(): from . import cache config.wipe() cache.clear()