From 4471c6e0e6944024f60965ba6267337e367a7f4d Mon Sep 17 00:00:00 2001
From: Pavol Rusnak <stick@gk2.sk>
Date: Mon, 31 Oct 2016 11:56:11 +0100
Subject: [PATCH] show different dialog when U2F client uses bogus appid

---
 firmware/layout2.c |  2 +-
 firmware/u2f.c     | 16 ++++++++++++----
 2 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/firmware/layout2.c b/firmware/layout2.c
index ca226ca87d..e7d49262ab 100644
--- a/firmware/layout2.c
+++ b/firmware/layout2.c
@@ -389,5 +389,5 @@ void layoutU2FDialog(const char *verb, const char *appname, const BITMAP *appico
 	if (!appicon) {
 		appicon = &bmp_icon_question;
 	}
-	layoutDialog(appicon, NULL, verb, NULL, verb, "U2F security key?", "", appname, "", NULL);
+	layoutDialog(appicon, NULL, verb, NULL, verb, "U2F security key?", NULL, appname, NULL, NULL);
 }
diff --git a/firmware/u2f.c b/firmware/u2f.c
index 942ef9bf79..d8b93135fc 100644
--- a/firmware/u2f.c
+++ b/firmware/u2f.c
@@ -62,6 +62,10 @@ static uint8_t u2f_out_packets[U2F_OUT_PKT_BUFFER_LEN][HID_RPT_SIZE];
 // Derivation path is m/U2F'/r'/r'/r'/r'/r'/r'/r'/r'
 #define KEY_PATH_ENTRIES (1 + KEY_PATH_LEN / sizeof(uint32_t))
 
+// Defined as UsbSignHandler.BOGUS_APP_ID_HASH
+// in https://github.com/google/u2f-ref-code/blob/master/u2f-chrome-extension/usbsignhandler.js#L118
+#define BOGUS_APPID "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
+
 // Auth/Register request state machine
 typedef enum {
 	INIT = 0,
@@ -569,10 +573,14 @@ void u2f_register(const APDU *a)
 		getDerivedNode(NULL, 0);
 		// error: testof-user-presence is required
 		buttonUpdate(); // Clear button state
-		const char *appname;
-		const BITMAP *appicon;
-		getReadableAppId(req->appId, &appname, &appicon);
-		layoutU2FDialog("Register", appname, appicon);
+		if (0 == memcmp(req->appId, BOGUS_APPID, U2F_APPID_SIZE)) {
+			layoutDialog(&bmp_icon_warning, NULL, "OK", NULL, "Another U2F device", "was used to register", "in this application.", NULL, NULL, NULL);
+		} else {
+			const char *appname;
+			const BITMAP *appicon;
+			getReadableAppId(req->appId, &appname, &appicon);
+			layoutU2FDialog("Register", appname, appicon);
+		}
 		last_req_state = REG;
 	}