def test_pin_passphrase(self):
mnemonic = self.mnemonic12.split(' ')
ret = self.client.call_raw(
proto.RecoveryDevice(word_count=12,
passphrase_protection=True,
pin_protection=True,
label='label',
language='english',
enforce_wordlist=True))
self.assertIsInstance(ret, proto.PinMatrixRequest)
# Enter PIN for first time
pin_encoded = self.client.debug.encode_pin(self.pin6)
ret = self.client.call_raw(proto.PinMatrixAck(pin=pin_encoded))
self.assertIsInstance(ret, proto.PinMatrixRequest)
# Enter PIN for second time
pin_encoded = self.client.debug.encode_pin(self.pin6)
ret = self.client.call_raw(proto.PinMatrixAck(pin=pin_encoded))
fakes = 0
for _ in range(int(12 * 2)):
self.assertIsInstance(ret, proto.WordRequest)
(word, pos) = self.client.debug.read_recovery_word()
if pos != 0:
ret = self.client.call_raw(
proto.WordAck(word=mnemonic[pos - 1]))
mnemonic[pos - 1] = None
else:
ret = self.client.call_raw(proto.WordAck(word=word))
fakes += 1
print(mnemonic)
# Workflow succesfully ended
self.assertIsInstance(ret, proto.Success)
# 12 expected fake words and all words of mnemonic are used
self.assertEqual(fakes, 12)
self.assertEqual(mnemonic, [None] * 12)
# Mnemonic is the same
self.client.init_device()
self.client.clear_session()
self.assertEqual(self.client.debug.read_mnemonic(), self.mnemonic12)
self.assertTrue(self.client.features.pin_protection)
self.assertTrue(self.client.features.passphrase_protection)
# Do passphrase-protected action, PassphraseRequest should be raised
resp = self.client.call_raw(proto.Ping(passphrase_protection=True))
self.assertIsInstance(resp, proto.PassphraseRequest)
self.client.call_raw(proto.Cancel())
# Do PIN-protected action, PinRequest should be raised
resp = self.client.call_raw(proto.Ping(pin_protection=True))
self.assertIsInstance(resp, proto.PinMatrixRequest)
self.client.call_raw(proto.Cancel())
def test_set_failed(self):
self.setup_mnemonic_nopin_nopassphrase()
features = self.client.call_raw(proto.Initialize())
self.assertFalse(features.pin_protection)
# Check that there's no PIN protection
ret = self.client.call_raw(proto.Ping(pin_protection=True))
self.assertIsInstance(ret, proto.Success)
# Let's set new PIN
ret = self.client.call_raw(proto.ChangePin())
self.assertIsInstance(ret, proto.ButtonRequest)
# Press button
self.client.debug.press_yes()
ret = self.client.call_raw(proto.ButtonAck())
# Send the PIN for first time
self.assertIsInstance(ret, proto.PinMatrixRequest)
pin_encoded = self.client.debug.encode_pin(self.pin6)
ret = self.client.call_raw(proto.PinMatrixAck(pin=pin_encoded))
# Send the PIN for second time, but with typo
self.assertIsInstance(ret, proto.PinMatrixRequest)
pin_encoded = self.client.debug.encode_pin(self.pin4)
ret = self.client.call_raw(proto.PinMatrixAck(pin=pin_encoded))
# Now it should fail, because pins are different
self.assertIsInstance(ret, proto.Failure)
# Check that there's still no PIN protection now
features = self.client.call_raw(proto.Initialize())
self.assertFalse(features.pin_protection)
ret = self.client.call_raw(proto.Ping(pin_protection=True))
self.assertIsInstance(ret, proto.Success)
def test_remove_pin(self):
self.setup_mnemonic_pin_passphrase()
features = self.client.call_raw(proto.Initialize())
self.assertTrue(features.pin_protection)
self.client.clear_session()
# Check that there's PIN protection
ret = self.client.call_raw(proto.Ping(pin_protection=True))
self.assertIsInstance(ret, proto.PinMatrixRequest)
self.client.call_raw(proto.Cancel())
# Let's remove PIN
ret = self.client.call_raw(proto.ChangePin(remove=True))
self.assertIsInstance(ret, proto.ButtonRequest)
# Press button
self.client.debug.press_yes()
ret = self.client.call_raw(proto.ButtonAck())
# Send current PIN
self.assertIsInstance(ret, proto.PinMatrixRequest)
pin_encoded = self.client.debug.read_pin_encoded()
ret = self.client.call_raw(proto.PinMatrixAck(pin=pin_encoded))
# Now we're done
self.assertIsInstance(ret, proto.Success)
# Check that there's no PIN protection now
features = self.client.call_raw(proto.Initialize())
self.assertFalse(features.pin_protection)
ret = self.client.call_raw(proto.Ping(pin_protection=True))
self.assertIsInstance(ret, proto.Success)
def test_nopin_nopassphrase(self):
mnemonic = self.mnemonic12
ret = self.client.call_raw(
proto.RecoveryDevice(word_count=12,
passphrase_protection=False,
pin_protection=False,
label='label',
language='english',
enforce_wordlist=True,
use_character_cipher=True))
# Reminder UI
assert isinstance(ret, proto.ButtonRequest)
self.client.debug.press_yes()
ret = self.client.call_raw(proto.ButtonAck())
mnemonic_words = mnemonic.split(' ')
for index, word in enumerate(mnemonic_words):
for character in word:
self.assertIsInstance(ret, proto.CharacterRequest)
cipher = self.client.debug.read_recovery_cipher()
encoded_character = cipher[ord(character) - 97]
ret = self.client.call_raw(
proto.CharacterAck(character=encoded_character))
auto_completed = self.client.debug.read_recovery_auto_completed_word(
)
if word == auto_completed:
if len(mnemonic_words) != index + 1:
ret = self.client.call_raw(
proto.CharacterAck(character=' '))
break
# Send final ack
self.assertIsInstance(ret, proto.CharacterRequest)
ret = self.client.call_raw(proto.CharacterAck(done=True))
# Workflow succesfully ended
self.assertIsInstance(ret, proto.Success)
# Mnemonic is the same
self.client.init_device()
self.assertEqual(self.client.debug.read_mnemonic(), self.mnemonic12)
self.assertFalse(self.client.features.pin_protection)
self.assertFalse(self.client.features.passphrase_protection)
# Do passphrase-protected action, PassphraseRequest should NOT be raised
resp = self.client.call_raw(proto.Ping(passphrase_protection=True))
self.assertIsInstance(resp, proto.Success)
# Do PIN-protected action, PinRequest should NOT be raised
resp = self.client.call_raw(proto.Ping(pin_protection=True))
self.assertIsInstance(resp, proto.Success)
def test_reset_device(self):
# No PIN, no passphrase
external_entropy = b'zlutoucky kun upel divoke ody' * 2
strength = 128
ret = self.client.call_raw(
proto.ResetDevice(display_random=False,
strength=strength,
passphrase_protection=False,
pin_protection=False,
language='english',
label='test'))
# Provide entropy
self.assertIsInstance(ret, proto.EntropyRequest)
internal_entropy = self.client.debug.read_reset_entropy()
resp = self.client.call_raw(proto.EntropyAck(entropy=external_entropy))
# Generate mnemonic locally
entropy = generate_entropy(strength, internal_entropy,
external_entropy)
expected_mnemonic = Mnemonic('english').to_mnemonic(entropy)
# Explainer Dialog
self.assertIsInstance(resp, proto.ButtonRequest)
self.client.debug.press_yes()
resp = self.client.call_raw(proto.ButtonAck())
mnemonic = []
while isinstance(resp, proto.ButtonRequest):
mnemonic.append(self.client.debug.read_reset_word())
self.client.debug.press_yes()
resp = self.client.call_raw(proto.ButtonAck())
mnemonic = ' '.join(mnemonic)
# Compare that device generated proper mnemonic for given entropies
self.assertEqual(mnemonic, expected_mnemonic)
self.assertIsInstance(resp, proto.Success)
# Compare that second pass printed out the same mnemonic once again
self.assertEqual(mnemonic, expected_mnemonic)
# Check if device is properly initialized
resp = self.client.call_raw(proto.Initialize())
self.assertFalse(resp.pin_protection)
self.assertFalse(resp.passphrase_protection)
# Do passphrase-protected action, PassphraseRequest should NOT be raised
resp = self.client.call_raw(proto.Ping(passphrase_protection=True))
self.assertIsInstance(resp, proto.Success)
# Do PIN-protected action, PinRequest should NOT be raised
resp = self.client.call_raw(proto.Ping(pin_protection=True))
self.assertIsInstance(resp, proto.Success)
def test_change_pin(self):
self.setup_mnemonic_pin_passphrase()
features = self.client.call_raw(proto.Initialize())
self.assertTrue(features.pin_protection)
self.client.clear_session()
# Check that there's PIN protection
ret = self.client.call_raw(proto.Ping(pin_protection=True))
self.assertIsInstance(ret, proto.PinMatrixRequest)
self.client.call_raw(proto.Cancel())
# Check current PIN value
self.assertEqual(self.client.debug.read_pin()[0], self.pin4)
# Let's change PIN
ret = self.client.call_raw(proto.ChangePin())
self.assertIsInstance(ret, proto.ButtonRequest)
# Press button
self.client.debug.press_yes()
ret = self.client.call_raw(proto.ButtonAck())
# Send current PIN
self.assertIsInstance(ret, proto.PinMatrixRequest)
pin_encoded = self.client.debug.read_pin_encoded()
ret = self.client.call_raw(proto.PinMatrixAck(pin=pin_encoded))
# Send new PIN for first time
self.assertIsInstance(ret, proto.PinMatrixRequest)
pin_encoded = self.client.debug.encode_pin(self.pin6)
ret = self.client.call_raw(proto.PinMatrixAck(pin=pin_encoded))
# Send the PIN for second time
self.assertIsInstance(ret, proto.PinMatrixRequest)
pin_encoded = self.client.debug.encode_pin(self.pin6)
ret = self.client.call_raw(proto.PinMatrixAck(pin=pin_encoded))
# Now we're done
self.assertIsInstance(ret, proto.Success)
self.client.clear_session()
# Check that there's still PIN protection now
features = self.client.call_raw(proto.Initialize())
self.assertTrue(features.pin_protection)
ret = self.client.call_raw(proto.Ping(pin_protection=True))
self.assertIsInstance(ret, proto.PinMatrixRequest)
self.client.call_raw(proto.Cancel())
# Check that the PIN is correct
self.assertEqual(self.client.debug.read_pin()[0], self.pin6)
def test_nopin_nopassphrase(self):
mnemonic = self.mnemonic12.split(' ')
ret = self.client.call_raw(
proto.RecoveryDevice(word_count=12,
passphrase_protection=False,
pin_protection=False,
label='label',
language='english',
enforce_wordlist=True))
# Reminder UI
assert isinstance(ret, proto.ButtonRequest)
self.client.debug.press_yes()
ret = self.client.call_raw(proto.ButtonAck())
fakes = 0
for _ in range(int(12 * 2)):
self.assertIsInstance(ret, proto.WordRequest)
(word, pos) = self.client.debug.read_recovery_word()
if pos != 0:
ret = self.client.call_raw(
proto.WordAck(word=mnemonic[pos - 1]))
mnemonic[pos - 1] = None
else:
ret = self.client.call_raw(proto.WordAck(word=word))
fakes += 1
# Workflow succesfully ended
self.assertIsInstance(ret, proto.Success)
# 12 expected fake words and all words of mnemonic are used
self.assertEqual(fakes, 12)
self.assertEqual(mnemonic, [None] * 12)
# Mnemonic is the same
self.client.init_device()
self.assertEqual(self.client.debug.read_mnemonic(), self.mnemonic12)
self.assertFalse(self.client.features.pin_protection)
self.assertFalse(self.client.features.passphrase_protection)
# Do passphrase-protected action, PassphraseRequest should NOT be raised
resp = self.client.call_raw(proto.Ping(passphrase_protection=True))
self.assertIsInstance(resp, proto.Success)
# Do PIN-protected action, PinRequest should NOT be raised
resp = self.client.call_raw(proto.Ping(pin_protection=True))
self.assertIsInstance(resp, proto.Success)
def test(self):
self.setup_mnemonic_pin_passphrase()
self.client.clear_session()
ret = self.client.call_raw(
proto.Ping(message="VULN-1969",
button_protection=True,
pin_protection=False,
passphrase_protection=False))
assert isinstance(ret, proto.ButtonRequest)
ret = self.client.call_raw(
proto.Ping(message="very long",
button_protection=False,
pin_protection=False,
passphrase_protection=False))
self.assertIsInstance(ret, proto.Failure)
self.assertEndsWith(ret.message, "Unknown message")
def test_pin(self):
self.setup_mnemonic_pin_passphrase()
self.client.clear_session()
# Manually trigger PinMatrixRequest
resp = self.client.call_raw(
proto.Ping(message='test', pin_protection=True))
self.assertIsInstance(resp, proto.PinMatrixRequest)
pin = self.client.debug.read_pin()
self.assertEqual(pin[0], '1234')
self.assertNotEqual(pin[1], '')
pin_encoded = self.client.debug.read_pin_encoded()
resp = self.client.call_raw(proto.PinMatrixAck(pin=pin_encoded))
self.assertIsInstance(resp, proto.Success)
def test_pin_passphrase(self):
mnemonic = self.mnemonic12
ret = self.client.call_raw(proto.RecoveryDevice(word_count=12,
passphrase_protection=True,
pin_protection=True,
label='label',
language='english',
enforce_wordlist=True,
use_character_cipher=True))
self.assertIsInstance(ret, proto.PinMatrixRequest)
# Enter PIN for first time
pin_encoded = self.client.debug.encode_pin(self.pin6)
ret = self.client.call_raw(proto.PinMatrixAck(pin=pin_encoded))
self.assertIsInstance(ret, proto.PinMatrixRequest)
# Enter PIN for second time
pin_encoded = self.client.debug.encode_pin(self.pin6)
ret = self.client.call_raw(proto.PinMatrixAck(pin=pin_encoded))
mnemonic_words = mnemonic.split(' ')
for index, word in enumerate(mnemonic_words):
for character in word:
self.assertIsInstance(ret, proto.CharacterRequest)
cipher = self.client.debug.read_recovery_cipher()
encoded_character = cipher[ord(character) - 97]
ret = self.client.call_raw(proto.CharacterAck(character=encoded_character))
auto_completed = self.client.debug.read_recovery_auto_completed_word()
if word == auto_completed:
if len(mnemonic_words) != index + 1:
ret = self.client.call_raw(proto.CharacterAck(character=' '))
break
# Send final ack
self.assertIsInstance(ret, proto.CharacterRequest)
ret = self.client.call_raw(proto.CharacterAck(done=True))
# Workflow succesfully ended
self.assertIsInstance(ret, proto.Success)
# Mnemonic is the same
self.client.init_device()
self.assertEqual(self.client.debug.read_mnemonic(), self.mnemonic12)
self.assertTrue(self.client.features.pin_protection)
self.assertTrue(self.client.features.passphrase_protection)
# Do passphrase-protected action, PassphraseRequest should be raised
resp = self.client.call_raw(proto.Ping(passphrase_protection=True))
self.assertIsInstance(resp, proto.PassphraseRequest)
self.client.call_raw(proto.Cancel())
self.client.clear_session()
# Do PIN-protected action, PinRequest should be raised
resp = self.client.call_raw(proto.Ping(pin_protection=True))
self.assertIsInstance(resp, proto.PinMatrixRequest)
self.client.call_raw(proto.Cancel())
def test_ping(self):
ping = self.client.call(messages.Ping(message='ahoj!'))
self.assertEqual(ping, messages.Success(message='ahoj!'))
