feat: support change passphrasae pin (#374)

* support change passphrase pin

Author: guowei0105

core/embed/extmod/modtrezorcrypto/modtrezorcrypto-se-thd89.h

@@ -150,6 +150,21 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_0(
     mod_trezorcrypto_se_thd89_get_session_state_obj,
     mod_trezorcrypto_se_thd89_get_session_state);
 
+/// def get_session_current_id() -> bytes:
+///     """
+///     get current session id.
+///     """
+STATIC mp_obj_t mod_trezorcrypto_se_thd89_get_session_current_id(void) {
+  uint8_t session_id[32] = {0};
+  if (!se_session_get_current_id(session_id)) {
+    return mp_const_none;
+  }
+  return mp_obj_new_bytes(session_id, 32);
+}
+STATIC MP_DEFINE_CONST_FUN_OBJ_0(
+    mod_trezorcrypto_se_thd89_get_session_current_id_obj,
+    mod_trezorcrypto_se_thd89_get_session_current_id);
+
 /// def session_is_open() -> bool:
 ///     """
 ///     get current session secret state.
@@ -1084,6 +1099,42 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_1(
     mod_trezorcrypto_se_thd89_check_passphrase_btc_test_address_obj,
     mod_trezorcrypto_se_thd89_check_passphrase_btc_test_address);
 
+/// def change_pin_passphrase(old_pin: str, new_pin: str) -> bool:
+///     """
+///     Change the PIN of an existing passphrase entry.
+///     Returns True on success, False on failure.
+///     """
+STATIC mp_obj_t mod_trezorcrypto_se_thd89_change_pin_passphrase(
+    mp_obj_t old_pin, mp_obj_t new_pin) {
+  mp_buffer_info_t old_pin_buf = {0};
+  mp_get_buffer_raise(old_pin, &old_pin_buf, MP_BUFFER_READ);
+
+  mp_buffer_info_t new_pin_buf = {0};
+  mp_get_buffer_raise(new_pin, &new_pin_buf, MP_BUFFER_READ);
+
+  if (old_pin_buf.len < 6 || old_pin_buf.len > PIN_MAX_LENGTH) {
+    mp_raise_ValueError("Old PIN length must be between 6 and 50 characters");
+  }
+
+  if (new_pin_buf.len < 6 || new_pin_buf.len > PIN_MAX_LENGTH) {
+    mp_raise_ValueError("New PIN length must be between 6 and 50 characters");
+  }
+
+  if (old_pin_buf.len == new_pin_buf.len) {
+    if (memcmp(old_pin_buf.buf, new_pin_buf.buf, old_pin_buf.len) == 0) {
+      mp_raise_ValueError("New PIN cannot be the same as old PIN");
+    }
+  }
+
+  secbool ret = se_change_pin_passphrase((const char *)old_pin_buf.buf,
+                                         (const char *)new_pin_buf.buf);
+
+  return ret ? mp_const_true : mp_const_false;
+}
+STATIC MP_DEFINE_CONST_FUN_OBJ_2(
+    mod_trezorcrypto_se_thd89_change_pin_passphrase_obj,
+    mod_trezorcrypto_se_thd89_change_pin_passphrase);
+
 /// FIDO2_CRED_COUNT_MAX: int
 
 STATIC const mp_rom_map_elem_t mod_trezorcrypto_se_thd89_globals_table[] = {
@@ -1100,6 +1151,8 @@ STATIC const mp_rom_map_elem_t mod_trezorcrypto_se_thd89_globals_table[] = {
      MP_ROM_PTR(&mod_trezorcrypto_se_thd89_end_session_obj)},
     {MP_ROM_QSTR(MP_QSTR_get_session_state),
      MP_ROM_PTR(&mod_trezorcrypto_se_thd89_get_session_state_obj)},
+    {MP_ROM_QSTR(MP_QSTR_get_session_current_id),
+     MP_ROM_PTR(&mod_trezorcrypto_se_thd89_get_session_current_id_obj)},
     {MP_ROM_QSTR(MP_QSTR_session_is_open),
      MP_ROM_PTR(&mod_trezorcrypto_se_thd89_session_is_open_obj)},
     {MP_ROM_QSTR(MP_QSTR_get_session_type),
@@ -1169,6 +1222,8 @@ STATIC const mp_rom_map_elem_t mod_trezorcrypto_se_thd89_globals_table[] = {
     {MP_ROM_QSTR(MP_QSTR_check_passphrase_btc_test_address),
      MP_ROM_PTR(
          &mod_trezorcrypto_se_thd89_check_passphrase_btc_test_address_obj)},
+    {MP_ROM_QSTR(MP_QSTR_change_pin_passphrase),
+     MP_ROM_PTR(&mod_trezorcrypto_se_thd89_change_pin_passphrase_obj)},
     {MP_ROM_QSTR(MP_QSTR_USER_PIN_ENTERED), MP_ROM_INT(USER_PIN_ENTERED)},
     {MP_ROM_QSTR(MP_QSTR_PASSPHRASE_PIN_ENTERED),
      MP_ROM_INT(PASSPHRASE_PIN_ENTERED)},

core/embed/trezorhal/se_thd89.c

@@ -3,6 +3,7 @@
 
 #include "common.h"
 #include "flash.h"
+#include "irq.h"
 #include "memzero.h"
 #include "secbool.h"
 
@@ -263,15 +264,30 @@ static secbool se_transmit_mac_ex(uint8_t addr, uint8_t *session_key,
 
 secbool se_transmit_mac(uint8_t ins, uint8_t p1, uint8_t p2, uint8_t *data,
                         uint16_t data_len, uint8_t *recv, uint16_t *recv_len) {
-  return se_transmit_mac_ex(THD89_MASTER_ADDRESS, se_session_key, ins, p1, p2,
-                            data, data_len, recv, recv_len);
+  uint32_t irq = disable_irq();
+  thd89_irq_nest++;
+  secbool result = se_transmit_mac_ex(THD89_MASTER_ADDRESS, se_session_key, ins,
+                                      p1, p2, data, data_len, recv, recv_len);
+  thd89_irq_nest--;
+  if (thd89_irq_nest == 0) {
+    enable_irq(irq);
+  }
+  return result;
 }
 
 secbool se_fp_transmit_mac(uint8_t ins, uint8_t p1, uint8_t p2, uint8_t *data,
                            uint16_t data_len, uint8_t *recv,
                            uint16_t *recv_len) {
-  return se_transmit_mac_ex(THD89_FINGER_ADDRESS, se_fp_session_key, ins, p1,
-                            p2, data, data_len, recv, recv_len);
+  uint32_t irq = disable_irq();
+  thd89_irq_nest++;
+  secbool result =
+      se_transmit_mac_ex(THD89_FINGER_ADDRESS, se_fp_session_key, ins, p1, p2,
+                         data, data_len, recv, recv_len);
+  thd89_irq_nest--;
+  if (thd89_irq_nest == 0) {
+    enable_irq(irq);
+  }
+  return result;
 }
 
 secbool se_random_encrypted(uint8_t *rand, uint16_t len) {
@@ -1478,6 +1494,47 @@ secbool se_get_pin_passphrase_space(uint8_t *space) {
   return sectrue;
 }
 
+secbool se_change_pin_passphrase_ex(uint8_t addr, uint8_t *session_key,
+                                    const char *old_pin, const char *new_pin) {
+  uint8_t buf[128];
+  uint8_t resp[1];
+  uint16_t resp_len = 1;
+
+  if (strlen(old_pin) < 6 || strlen(old_pin) > PIN_MAX_LENGTH ||
+      strlen(new_pin) < 6 || strlen(new_pin) > PIN_MAX_LENGTH) {
+    return secfalse;
+  }
+
+  buf[0] = strlen(old_pin);
+  memcpy(buf + 1, (uint8_t *)old_pin, strlen(old_pin));
+  buf[1 + strlen(old_pin)] = strlen(new_pin);
+  memcpy(buf + 1 + strlen(old_pin) + 1, (uint8_t *)new_pin, strlen(new_pin));
+
+  if (!se_transmit_mac_ex(addr, session_key, SE_INS_PIN, 0x00, 0x0E, buf,
+                          1 + strlen(old_pin) + 1 + strlen(new_pin), resp,
+                          &resp_len)) {
+    return secfalse;
+  }
+  if (resp[0] == PIN_SUCCESS) {
+    return sectrue;
+  }
+  return secfalse;
+}
+
+secbool se_change_pin_passphrase(const char *old_pin, const char *new_pin) {
+  secbool result = se_change_pin_passphrase_ex(
+      THD89_MASTER_ADDRESS, se_session_key, old_pin, new_pin);
+  if (result == sectrue) {
+    secbool fp_result = se_change_pin_passphrase_ex(
+        THD89_FINGER_ADDRESS, se_fp_session_key, old_pin, new_pin);
+    if (fp_result == sectrue) {
+      return sectrue;
+    }
+    return secfalse;
+  }
+  return secfalse;
+}
+
 pin_result_t se_get_pin_result_type(void) { return pin_result_type; }
 pin_result_t se_get_pin_passphrase_ret(void) { return pin_passphrase_ret; }
 
@@ -1959,6 +2016,14 @@ secbool se_session_get_type(uint8_t *type) {
   return sectrue;
 }
 
+secbool se_session_get_current_id(uint8_t id[32]) {
+  uint16_t recv_len = 32;
+  if (!se_transmit_mac(SE_INS_SESSION, 0x00, 0x0A, NULL, 0, id, &recv_len)) {
+    return secfalse;
+  }
+  return sectrue;
+}
+
 secbool se_node_sign_digest(const uint8_t *hash, uint8_t *sig, uint8_t *by) {
   uint8_t resp[68];
   uint16_t resp_len = sizeof(resp);

core/embed/trezorhal/se_thd89.h

@@ -40,6 +40,7 @@ typedef enum {
   PIN_TYPE_USER_AND_PASSPHRASE_PIN,
   PIN_TYPE_PASSPHRASE_PIN,
   PIN_TYPE_PASSPHRASE_PIN_CHECK,
+  PIN_TYPE_USER_AND_PASSPHRASE_PIN_CHECK,
   PIN_TYPE_MAX
 } pin_type_t;
 
@@ -120,6 +121,7 @@ secbool se_delete_pin_passphrase(const char *passphrase_pin, bool *current);
 pin_result_t se_get_pin_passphrase_ret(void);
 secbool se_get_pin_passphrase_space(uint8_t *space);
 secbool se_check_passphrase_btc_test_address(const char *address);
+secbool se_change_pin_passphrase(const char *old_pin, const char *new_pin);
 secbool se_clearSecsta(void);
 secbool se_getSecsta(void);
 secbool se_set_u2f_counter(uint32_t u2fcounter);
@@ -137,6 +139,7 @@ secbool se_session_is_open(void);
 secbool se_sessionClose(void);
 secbool se_sessionClear(void);
 secbool se_session_get_type(uint8_t *type);
+secbool se_session_get_current_id(uint8_t id[32]);
 
 secbool se_set_public_region(uint16_t offset, const void *val_dest,
                              uint16_t len);

core/embed/trezorhal/thd89.c

@@ -538,8 +538,8 @@ int i2c_master_recive(I2C_HandleTypeDef *hi2c, uint16_t DevAddress,
   }
 }
 
-secbool thd89_transmit_ex(uint8_t addr, uint8_t *cmd, uint16_t len,
-                          uint8_t *resp, uint16_t *resp_len) {
+static secbool _thd89_transmit_ex(uint8_t addr, uint8_t *cmd, uint16_t len,
+                                  uint8_t *resp, uint16_t *resp_len) {
   int ret = 0;
   char err_info[64] = {0};
   uint32_t irq = disable_irq();
@@ -553,7 +553,6 @@ secbool thd89_transmit_ex(uint8_t addr, uint8_t *cmd, uint16_t len,
     return secfalse;
   }
 
-  delay_ms(1);
   irq = disable_irq();
   ret =
       i2c_master_recive(&i2c_handle_se, addr, resp, resp_len, I2C_RECV_TIMEOUT);
@@ -577,6 +576,20 @@ secbool thd89_transmit_ex(uint8_t addr, uint8_t *cmd, uint16_t len,
   return sectrue;
 }
 
+int thd89_irq_nest = 0;
+
+secbool thd89_transmit_ex(uint8_t addr, uint8_t *cmd, uint16_t len,
+                          uint8_t *resp, uint16_t *resp_len) {
+  uint32_t irq = disable_irq();
+  thd89_irq_nest++;
+  secbool result = _thd89_transmit_ex(addr, cmd, len, resp, resp_len);
+  thd89_irq_nest--;
+  if (thd89_irq_nest == 0) {
+    enable_irq(irq);
+  }
+  return result;
+}
+
 secbool thd89_transmit(uint8_t *cmd, uint16_t len, uint8_t *resp,
                        uint16_t *resp_len) {
   return thd89_transmit_ex(THD89_MASTER_ADDRESS, cmd, len, resp, resp_len);

core/embed/trezorhal/thd89.h

@@ -11,6 +11,8 @@
 #define THD89_MASTER_ADDRESS THD89_1ST_ADDRESS
 #define THD89_FINGER_ADDRESS THD89_4TH_ADDRESS
 
+extern int thd89_irq_nest;
+
 void thd89_io_init(void);
 void thd89_init(void);
 void thd89_power_up(bool up);

core/mocks/generated/trezorcrypto/se_thd89.pyi

@@ -53,6 +53,13 @@ def get_session_state() -> bytes:
     """
 
 
+# extmod/modtrezorcrypto/modtrezorcrypto-se-thd89.h
+def get_session_current_id() -> bytes:
+    """
+    get current session id.
+    """
+
+
 # extmod/modtrezorcrypto/modtrezorcrypto-se-thd89.h
 def session_is_open() -> bool:
     """
@@ -331,4 +338,12 @@ def check_passphrase_btc_test_address(address: str) -> bool:
     """
     Check if the passphrase is a valid Bitcoin test address.
     """
+
+
+# extmod/modtrezorcrypto/modtrezorcrypto-se-thd89.h
+def change_pin_passphrase(old_pin: str, new_pin: str) -> bool:
+    """
+    Change the PIN of an existing passphrase entry.
+    Returns True on success, False on failure.
+    """
 FIDO2_CRED_COUNT_MAX: int

core/src/apps/base.py

@@ -247,6 +247,7 @@ def get_onekey_features() -> OnekeyFeatures:
 async def handle_Initialize(
     ctx: wire.Context | wire.QRContext, msg: Initialize
 ) -> Features:
+    session_id_in_msg = getattr(msg, "session_id", None)
     has_attach = (
         hasattr(msg, "is_contains_attach") and msg.is_contains_attach is not None
     )
@@ -262,13 +263,20 @@ async def handle_Initialize(
     else:
         passphrase_state = None
 
-    session_id_in_msg = getattr(msg, "session_id", None)
     if passphrase_state and se_thd89.check_passphrase_btc_test_address(
         passphrase_state
     ):
-        session_id = storage.cache.start_session()
+        session_id = se_thd89.get_session_current_id()
+        if device_is_unlocked() and not storage.device.is_passphrase_pin_enabled():
+            session_id = storage.cache.start_session(session_id_in_msg)
+        elif session_id_in_msg == session_id:
+            session_id = storage.cache.start_session(session_id_in_msg)
+        else:
+            session_id = storage.cache.start_session()
     elif has_attach and session_id_in_msg is not None and passphrase_state is None:
         session_id = storage.cache.start_session()
+    elif device_is_unlocked() and storage.device.is_passphrase_pin_enabled():
+        session_id = storage.cache.start_session()
     else:
         session_id = storage.cache.start_session(session_id_in_msg)
 
@@ -606,6 +614,7 @@ async def unlock_device(
     ctx: wire.GenericContext = wire.DUMMY_CONTEXT,
     pin_use_type: int = PinType.USER_AND_PASSPHRASE_PIN,
     attach_wall_only: bool = False,
+    allow_fingerprint: bool = True,
 ) -> None:
     from apps.common.request_pin import verify_user_pin, verify_user_fingerprint
 
@@ -627,11 +636,13 @@ async def unlock_device(
                 close_others=False,
                 pin_use_type=pin_use_type_int,
                 attach_wall_only=attach_wall_only,
+                allow_fingerprint=allow_fingerprint,
             )
             verify_finger = verify_user_fingerprint(ctx)
             racer = loop.race(verify_pin, verify_finger)
             await racer
             if verify_finger in racer.finished:
+
                 from trezor.lvglui.scrs.pinscreen import InputPin
 
                 pin_wind = InputPin.get_window_if_visible()
@@ -698,25 +709,15 @@ async def handle_GetPassphraseState(
 
     if not device_is_unlocked():
         await unlock_device(ctx, pin_use_type=PinType.USER_AND_PASSPHRASE_PIN)
-        session_id = storage.cache.start_session()
-
-    from trezor.lvglui.scrs import fingerprints
 
-    if (
-        fingerprints.is_available()
-        and fingerprints.is_unlocked()
-        and not config.is_unlocked()
-    ):
-        if storage.device.is_passphrase_pin_enabled():
-            storage.device.set_passphrase_pin_enabled(False)
+    session_id = se_thd89.get_session_current_id()
+    if session_id is None or session_id == b"":
+        session_id = storage.cache.start_session()
 
     import utime
     from apps.bitcoin.get_address import get_address as btc_get_address
 
     try:
-        session_id = storage.cache.get_session_id()
-        if session_id is None or session_id == b"":
-            session_id = storage.cache.start_session()
         utime.sleep_ms(500)
         fixed_path = "m/44'/1'/0'/0/0"
         address_msg = messages.GetAddress(
@@ -727,9 +728,6 @@ async def handle_GetPassphraseState(
         )
 
         address_obj = await btc_get_address(ctx, address_msg)
-        session_id = storage.cache.get_session_id()
-        if session_id is None or session_id == b"":
-            session_id = storage.cache.start_session()
         is_attach_to_pin_state = passphrase.is_passphrase_pin_enabled()
         return PassphraseState(
             passphrase_state=address_obj.address,

core/src/apps/common/passphrase.py

@@ -81,7 +81,10 @@ async def _request_on_host(ctx: wire.Context) -> str:
         from apps.common.pin_constants import PinType
 
         await unlock_device(
-            ctx, pin_use_type=PinType.PASSPHRASE_PIN, attach_wall_only=True
+            ctx,
+            pin_use_type=PinType.PASSPHRASE_PIN,
+            attach_wall_only=True,
+            allow_fingerprint=False,
         )
         storage.cache.start_session()
         return ""