From e24e9fcdb39fc6686d1b2c8f31bac933a92a91d2 Mon Sep 17 00:00:00 2001 From: Andrew Kozlik Date: Thu, 17 Feb 2022 11:02:06 +0100 Subject: [PATCH] fix(legacy): Check PIN before confirming critical dialogs. --- legacy/firmware/fsm_msg_common.h | 6 ++++++ legacy/firmware/fsm_msg_crypto.h | 16 ++++++++-------- legacy/firmware/fsm_msg_nem.h | 5 ++--- tests/device_tests/test_protection_levels.py | 16 +--------------- 4 files changed, 17 insertions(+), 26 deletions(-) diff --git a/legacy/firmware/fsm_msg_common.h b/legacy/firmware/fsm_msg_common.h index 8b396d1c8..fb9dec4ab 100644 --- a/legacy/firmware/fsm_msg_common.h +++ b/legacy/firmware/fsm_msg_common.h @@ -251,6 +251,8 @@ void fsm_msgWipeDevice(const WipeDevice *msg) { } void fsm_msgGetEntropy(const GetEntropy *msg) { + CHECK_PIN + #if !DEBUG_RNG layoutDialogSwipe(&bmp_icon_question, _("Cancel"), _("Confirm"), NULL, _("Do you really want to"), _("send entropy?"), NULL, NULL, @@ -523,6 +525,8 @@ void fsm_msgWordAck(const WordAck *msg) { } void fsm_msgSetU2FCounter(const SetU2FCounter *msg) { + CHECK_PIN + layoutDialogSwipe(&bmp_icon_question, _("Cancel"), _("Confirm"), NULL, _("Do you want to set"), _("the U2F counter?"), NULL, NULL, NULL, NULL); @@ -537,6 +541,8 @@ void fsm_msgSetU2FCounter(const SetU2FCounter *msg) { } void fsm_msgGetNextU2FCounter() { + CHECK_PIN + layoutDialogSwipe(&bmp_icon_question, _("Cancel"), _("Confirm"), NULL, _("Do you want to"), _("increase and retrieve"), _("the U2F counter?"), NULL, NULL, NULL); diff --git a/legacy/firmware/fsm_msg_crypto.h b/legacy/firmware/fsm_msg_crypto.h index bb6fe22e7..7904be01a 100644 --- a/legacy/firmware/fsm_msg_crypto.h +++ b/legacy/firmware/fsm_msg_crypto.h @@ -75,6 +75,8 @@ void fsm_msgSignIdentity(const SignIdentity *msg) { CHECK_INITIALIZED + CHECK_PIN + layoutSignIdentity(&(msg->identity), msg->has_challenge_visual ? msg->challenge_visual : 0); if (!protectButton(ButtonRequestType_ButtonRequest_ProtectCall, false)) { @@ -83,8 +85,6 @@ void fsm_msgSignIdentity(const SignIdentity *msg) { return; } - CHECK_PIN - uint8_t hash[32]; if (cryptoIdentityFingerprint(&(msg->identity), hash) == 0) { fsm_sendFailure(FailureType_Failure_DataError, _("Invalid identity")); @@ -179,6 +179,8 @@ void fsm_msgGetECDHSessionKey(const GetECDHSessionKey *msg) { CHECK_INITIALIZED + CHECK_PIN + layoutDecryptIdentity(&msg->identity); if (!protectButton(ButtonRequestType_ButtonRequest_ProtectCall, false)) { fsm_sendFailure(FailureType_Failure_ActionCancelled, NULL); @@ -186,8 +188,6 @@ void fsm_msgGetECDHSessionKey(const GetECDHSessionKey *msg) { return; } - CHECK_PIN - uint8_t hash[32]; if (cryptoIdentityFingerprint(&(msg->identity), hash) == 0) { fsm_sendFailure(FailureType_Failure_DataError, _("Invalid identity")); @@ -258,6 +258,8 @@ void fsm_msgCosiCommit(const CosiCommit *msg) { CHECK_PARAM(msg->has_data, _("No data provided")); + CHECK_PIN + if (!fsm_checkCosiPath(msg->address_n_count, msg->address_n)) { layoutHome(); return; @@ -271,8 +273,6 @@ void fsm_msgCosiCommit(const CosiCommit *msg) { return; } - CHECK_PIN - const HDNode *node = fsm_getDerivedNode(ED25519_NAME, msg->address_n, msg->address_n_count, NULL); if (!node) return; @@ -311,6 +311,8 @@ void fsm_msgCosiSign(const CosiSign *msg) { return; } + CHECK_PIN + layoutCosiCommitSign(msg->address_n, msg->address_n_count, msg->data.bytes, msg->data.size, true); if (!protectButton(ButtonRequestType_ButtonRequest_ProtectCall, false)) { @@ -319,8 +321,6 @@ void fsm_msgCosiSign(const CosiSign *msg) { return; } - CHECK_PIN - const HDNode *node = fsm_getDerivedNode(ED25519_NAME, msg->address_n, msg->address_n_count, NULL); if (!node) return; diff --git a/legacy/firmware/fsm_msg_nem.h b/legacy/firmware/fsm_msg_nem.h index c17b68a58..579ee50cb 100644 --- a/legacy/firmware/fsm_msg_nem.h +++ b/legacy/firmware/fsm_msg_nem.h @@ -333,6 +333,8 @@ void fsm_msgNEMDecryptMessage(NEMDecryptMessage *msg) { CHECK_PARAM(msg->has_public_key, _("No public key provided")); CHECK_PARAM(msg->public_key.size == 32, _("Invalid public key")); + CHECK_PIN + char address[NEM_ADDRESS_SIZE + 1]; nem_get_address(msg->public_key.bytes, msg->network, address); @@ -344,13 +346,10 @@ void fsm_msgNEMDecryptMessage(NEMDecryptMessage *msg) { return; } - CHECK_PIN - if (!fsm_nemCheckPath(msg->address_n_count, msg->address_n, msg->network)) { layoutHome(); return; } - const HDNode *node = fsm_getDerivedNode(ED25519_KECCAK_NAME, msg->address_n, msg->address_n_count, NULL); if (!node) return; diff --git a/tests/device_tests/test_protection_levels.py b/tests/device_tests/test_protection_levels.py index 9640859bf..e1ef5d2bf 100644 --- a/tests/device_tests/test_protection_levels.py +++ b/tests/device_tests/test_protection_levels.py @@ -158,21 +158,7 @@ def test_ping(client: Client): client.ping("msg", True) -@pytest.mark.skip_t2 -def test_get_entropy_t1(client: Client): - _assert_protection(client) - with client: - client.set_expected_responses( - [ - messages.ButtonRequest(code=B.ProtectCall), - messages.Entropy, - ] - ) - misc.get_entropy(client, 10) - - -@pytest.mark.skip_t1 -def test_get_entropy_t2(client: Client): +def test_get_entropy(client: Client): _assert_protection(client) with client: client.use_pin_sequence([PIN4])