fix(legacy): Check PIN before confirming critical dialogs.

2 years ago · e24e9fcdb3
parent 4c60f80f44
commit e24e9fcdb3
4 changed files with 17 additions and 26 deletions
--- a/legacy/firmware/fsm_msg_common.h
+++ b/legacy/firmware/fsm_msg_common.h
@ -251,6 +251,8 @@ void fsm_msgWipeDevice(const WipeDevice *msg) {
 }

 void fsm_msgGetEntropy(const GetEntropy *msg) {
+  CHECK_PIN
+
 #if !DEBUG_RNG
  layoutDialogSwipe(&bmp_icon_question, _("Cancel"), _("Confirm"), NULL,
                    _("Do you really want to"), _("send entropy?"), NULL, NULL,
@ -523,6 +525,8 @@ void fsm_msgWordAck(const WordAck *msg) {
 }

 void fsm_msgSetU2FCounter(const SetU2FCounter *msg) {
+  CHECK_PIN
+
  layoutDialogSwipe(&bmp_icon_question, _("Cancel"), _("Confirm"), NULL,
                    _("Do you want to set"), _("the U2F counter?"), NULL, NULL,
                    NULL, NULL);
@ -537,6 +541,8 @@ void fsm_msgSetU2FCounter(const SetU2FCounter *msg) {
 }

 void fsm_msgGetNextU2FCounter() {
+  CHECK_PIN
+
  layoutDialogSwipe(&bmp_icon_question, _("Cancel"), _("Confirm"), NULL,
                    _("Do you want to"), _("increase and retrieve"),
                    _("the U2F counter?"), NULL, NULL, NULL);
--- a/legacy/firmware/fsm_msg_crypto.h
+++ b/legacy/firmware/fsm_msg_crypto.h
@ -75,6 +75,8 @@ void fsm_msgSignIdentity(const SignIdentity *msg) {

  CHECK_INITIALIZED

+  CHECK_PIN
+
  layoutSignIdentity(&(msg->identity),
                     msg->has_challenge_visual ? msg->challenge_visual : 0);
  if (!protectButton(ButtonRequestType_ButtonRequest_ProtectCall, false)) {
@ -83,8 +85,6 @@ void fsm_msgSignIdentity(const SignIdentity *msg) {
    return;
  }

-  CHECK_PIN
-
  uint8_t hash[32];
  if (cryptoIdentityFingerprint(&(msg->identity), hash) == 0) {
    fsm_sendFailure(FailureType_Failure_DataError, _("Invalid identity"));
@ -179,6 +179,8 @@ void fsm_msgGetECDHSessionKey(const GetECDHSessionKey *msg) {

  CHECK_INITIALIZED

+  CHECK_PIN
+
  layoutDecryptIdentity(&msg->identity);
  if (!protectButton(ButtonRequestType_ButtonRequest_ProtectCall, false)) {
    fsm_sendFailure(FailureType_Failure_ActionCancelled, NULL);
@ -186,8 +188,6 @@ void fsm_msgGetECDHSessionKey(const GetECDHSessionKey *msg) {
    return;
  }

-  CHECK_PIN
-
  uint8_t hash[32];
  if (cryptoIdentityFingerprint(&(msg->identity), hash) == 0) {
    fsm_sendFailure(FailureType_Failure_DataError, _("Invalid identity"));
@ -258,6 +258,8 @@ void fsm_msgCosiCommit(const CosiCommit *msg) {

  CHECK_PARAM(msg->has_data, _("No data provided"));

+  CHECK_PIN
+
  if (!fsm_checkCosiPath(msg->address_n_count, msg->address_n)) {
    layoutHome();
    return;
@ -271,8 +273,6 @@ void fsm_msgCosiCommit(const CosiCommit *msg) {
    return;
  }

-  CHECK_PIN
-
  const HDNode *node = fsm_getDerivedNode(ED25519_NAME, msg->address_n,
                                          msg->address_n_count, NULL);
  if (!node) return;
@ -311,6 +311,8 @@ void fsm_msgCosiSign(const CosiSign *msg) {
    return;
  }

+  CHECK_PIN
+
  layoutCosiCommitSign(msg->address_n, msg->address_n_count, msg->data.bytes,
                       msg->data.size, true);
  if (!protectButton(ButtonRequestType_ButtonRequest_ProtectCall, false)) {
@ -319,8 +321,6 @@ void fsm_msgCosiSign(const CosiSign *msg) {
    return;
  }

-  CHECK_PIN
-
  const HDNode *node = fsm_getDerivedNode(ED25519_NAME, msg->address_n,
                                          msg->address_n_count, NULL);
  if (!node) return;
--- a/legacy/firmware/fsm_msg_nem.h
+++ b/legacy/firmware/fsm_msg_nem.h
@ -333,6 +333,8 @@ void fsm_msgNEMDecryptMessage(NEMDecryptMessage *msg) {
  CHECK_PARAM(msg->has_public_key, _("No public key provided"));
  CHECK_PARAM(msg->public_key.size == 32, _("Invalid public key"));

+  CHECK_PIN
+
  char address[NEM_ADDRESS_SIZE + 1];
  nem_get_address(msg->public_key.bytes, msg->network, address);

@ -344,13 +346,10 @@ void fsm_msgNEMDecryptMessage(NEMDecryptMessage *msg) {
    return;
  }

-  CHECK_PIN
-
  if (!fsm_nemCheckPath(msg->address_n_count, msg->address_n, msg->network)) {
    layoutHome();
    return;
  }
-
  const HDNode *node = fsm_getDerivedNode(ED25519_KECCAK_NAME, msg->address_n,
                                          msg->address_n_count, NULL);
  if (!node) return;
--- a/tests/device_tests/test_protection_levels.py
+++ b/tests/device_tests/test_protection_levels.py
@ -158,21 +158,7 @@ def test_ping(client: Client):
        client.ping("msg", True)


-@pytest.mark.skip_t2
-def test_get_entropy_t1(client: Client):
-    _assert_protection(client)
-    with client:
-        client.set_expected_responses(
-            [
-                messages.ButtonRequest(code=B.ProtectCall),
-                messages.Entropy,
-            ]
-        )
-        misc.get_entropy(client, 10)
-
-
-@pytest.mark.skip_t1
-def test_get_entropy_t2(client: Client):
+def test_get_entropy(client: Client):
    _assert_protection(client)
    with client:
        client.use_pin_sequence([PIN4])