mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-12-24 07:18:09 +00:00
fix(legacy): Check PIN before confirming critical dialogs.
This commit is contained in:
parent
4c60f80f44
commit
e24e9fcdb3
@ -251,6 +251,8 @@ void fsm_msgWipeDevice(const WipeDevice *msg) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
void fsm_msgGetEntropy(const GetEntropy *msg) {
|
void fsm_msgGetEntropy(const GetEntropy *msg) {
|
||||||
|
CHECK_PIN
|
||||||
|
|
||||||
#if !DEBUG_RNG
|
#if !DEBUG_RNG
|
||||||
layoutDialogSwipe(&bmp_icon_question, _("Cancel"), _("Confirm"), NULL,
|
layoutDialogSwipe(&bmp_icon_question, _("Cancel"), _("Confirm"), NULL,
|
||||||
_("Do you really want to"), _("send entropy?"), NULL, NULL,
|
_("Do you really want to"), _("send entropy?"), NULL, NULL,
|
||||||
@ -523,6 +525,8 @@ void fsm_msgWordAck(const WordAck *msg) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
void fsm_msgSetU2FCounter(const SetU2FCounter *msg) {
|
void fsm_msgSetU2FCounter(const SetU2FCounter *msg) {
|
||||||
|
CHECK_PIN
|
||||||
|
|
||||||
layoutDialogSwipe(&bmp_icon_question, _("Cancel"), _("Confirm"), NULL,
|
layoutDialogSwipe(&bmp_icon_question, _("Cancel"), _("Confirm"), NULL,
|
||||||
_("Do you want to set"), _("the U2F counter?"), NULL, NULL,
|
_("Do you want to set"), _("the U2F counter?"), NULL, NULL,
|
||||||
NULL, NULL);
|
NULL, NULL);
|
||||||
@ -537,6 +541,8 @@ void fsm_msgSetU2FCounter(const SetU2FCounter *msg) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
void fsm_msgGetNextU2FCounter() {
|
void fsm_msgGetNextU2FCounter() {
|
||||||
|
CHECK_PIN
|
||||||
|
|
||||||
layoutDialogSwipe(&bmp_icon_question, _("Cancel"), _("Confirm"), NULL,
|
layoutDialogSwipe(&bmp_icon_question, _("Cancel"), _("Confirm"), NULL,
|
||||||
_("Do you want to"), _("increase and retrieve"),
|
_("Do you want to"), _("increase and retrieve"),
|
||||||
_("the U2F counter?"), NULL, NULL, NULL);
|
_("the U2F counter?"), NULL, NULL, NULL);
|
||||||
|
@ -75,6 +75,8 @@ void fsm_msgSignIdentity(const SignIdentity *msg) {
|
|||||||
|
|
||||||
CHECK_INITIALIZED
|
CHECK_INITIALIZED
|
||||||
|
|
||||||
|
CHECK_PIN
|
||||||
|
|
||||||
layoutSignIdentity(&(msg->identity),
|
layoutSignIdentity(&(msg->identity),
|
||||||
msg->has_challenge_visual ? msg->challenge_visual : 0);
|
msg->has_challenge_visual ? msg->challenge_visual : 0);
|
||||||
if (!protectButton(ButtonRequestType_ButtonRequest_ProtectCall, false)) {
|
if (!protectButton(ButtonRequestType_ButtonRequest_ProtectCall, false)) {
|
||||||
@ -83,8 +85,6 @@ void fsm_msgSignIdentity(const SignIdentity *msg) {
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
CHECK_PIN
|
|
||||||
|
|
||||||
uint8_t hash[32];
|
uint8_t hash[32];
|
||||||
if (cryptoIdentityFingerprint(&(msg->identity), hash) == 0) {
|
if (cryptoIdentityFingerprint(&(msg->identity), hash) == 0) {
|
||||||
fsm_sendFailure(FailureType_Failure_DataError, _("Invalid identity"));
|
fsm_sendFailure(FailureType_Failure_DataError, _("Invalid identity"));
|
||||||
@ -179,6 +179,8 @@ void fsm_msgGetECDHSessionKey(const GetECDHSessionKey *msg) {
|
|||||||
|
|
||||||
CHECK_INITIALIZED
|
CHECK_INITIALIZED
|
||||||
|
|
||||||
|
CHECK_PIN
|
||||||
|
|
||||||
layoutDecryptIdentity(&msg->identity);
|
layoutDecryptIdentity(&msg->identity);
|
||||||
if (!protectButton(ButtonRequestType_ButtonRequest_ProtectCall, false)) {
|
if (!protectButton(ButtonRequestType_ButtonRequest_ProtectCall, false)) {
|
||||||
fsm_sendFailure(FailureType_Failure_ActionCancelled, NULL);
|
fsm_sendFailure(FailureType_Failure_ActionCancelled, NULL);
|
||||||
@ -186,8 +188,6 @@ void fsm_msgGetECDHSessionKey(const GetECDHSessionKey *msg) {
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
CHECK_PIN
|
|
||||||
|
|
||||||
uint8_t hash[32];
|
uint8_t hash[32];
|
||||||
if (cryptoIdentityFingerprint(&(msg->identity), hash) == 0) {
|
if (cryptoIdentityFingerprint(&(msg->identity), hash) == 0) {
|
||||||
fsm_sendFailure(FailureType_Failure_DataError, _("Invalid identity"));
|
fsm_sendFailure(FailureType_Failure_DataError, _("Invalid identity"));
|
||||||
@ -258,6 +258,8 @@ void fsm_msgCosiCommit(const CosiCommit *msg) {
|
|||||||
|
|
||||||
CHECK_PARAM(msg->has_data, _("No data provided"));
|
CHECK_PARAM(msg->has_data, _("No data provided"));
|
||||||
|
|
||||||
|
CHECK_PIN
|
||||||
|
|
||||||
if (!fsm_checkCosiPath(msg->address_n_count, msg->address_n)) {
|
if (!fsm_checkCosiPath(msg->address_n_count, msg->address_n)) {
|
||||||
layoutHome();
|
layoutHome();
|
||||||
return;
|
return;
|
||||||
@ -271,8 +273,6 @@ void fsm_msgCosiCommit(const CosiCommit *msg) {
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
CHECK_PIN
|
|
||||||
|
|
||||||
const HDNode *node = fsm_getDerivedNode(ED25519_NAME, msg->address_n,
|
const HDNode *node = fsm_getDerivedNode(ED25519_NAME, msg->address_n,
|
||||||
msg->address_n_count, NULL);
|
msg->address_n_count, NULL);
|
||||||
if (!node) return;
|
if (!node) return;
|
||||||
@ -311,6 +311,8 @@ void fsm_msgCosiSign(const CosiSign *msg) {
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
CHECK_PIN
|
||||||
|
|
||||||
layoutCosiCommitSign(msg->address_n, msg->address_n_count, msg->data.bytes,
|
layoutCosiCommitSign(msg->address_n, msg->address_n_count, msg->data.bytes,
|
||||||
msg->data.size, true);
|
msg->data.size, true);
|
||||||
if (!protectButton(ButtonRequestType_ButtonRequest_ProtectCall, false)) {
|
if (!protectButton(ButtonRequestType_ButtonRequest_ProtectCall, false)) {
|
||||||
@ -319,8 +321,6 @@ void fsm_msgCosiSign(const CosiSign *msg) {
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
CHECK_PIN
|
|
||||||
|
|
||||||
const HDNode *node = fsm_getDerivedNode(ED25519_NAME, msg->address_n,
|
const HDNode *node = fsm_getDerivedNode(ED25519_NAME, msg->address_n,
|
||||||
msg->address_n_count, NULL);
|
msg->address_n_count, NULL);
|
||||||
if (!node) return;
|
if (!node) return;
|
||||||
|
@ -333,6 +333,8 @@ void fsm_msgNEMDecryptMessage(NEMDecryptMessage *msg) {
|
|||||||
CHECK_PARAM(msg->has_public_key, _("No public key provided"));
|
CHECK_PARAM(msg->has_public_key, _("No public key provided"));
|
||||||
CHECK_PARAM(msg->public_key.size == 32, _("Invalid public key"));
|
CHECK_PARAM(msg->public_key.size == 32, _("Invalid public key"));
|
||||||
|
|
||||||
|
CHECK_PIN
|
||||||
|
|
||||||
char address[NEM_ADDRESS_SIZE + 1];
|
char address[NEM_ADDRESS_SIZE + 1];
|
||||||
nem_get_address(msg->public_key.bytes, msg->network, address);
|
nem_get_address(msg->public_key.bytes, msg->network, address);
|
||||||
|
|
||||||
@ -344,13 +346,10 @@ void fsm_msgNEMDecryptMessage(NEMDecryptMessage *msg) {
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
CHECK_PIN
|
|
||||||
|
|
||||||
if (!fsm_nemCheckPath(msg->address_n_count, msg->address_n, msg->network)) {
|
if (!fsm_nemCheckPath(msg->address_n_count, msg->address_n, msg->network)) {
|
||||||
layoutHome();
|
layoutHome();
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
const HDNode *node = fsm_getDerivedNode(ED25519_KECCAK_NAME, msg->address_n,
|
const HDNode *node = fsm_getDerivedNode(ED25519_KECCAK_NAME, msg->address_n,
|
||||||
msg->address_n_count, NULL);
|
msg->address_n_count, NULL);
|
||||||
if (!node) return;
|
if (!node) return;
|
||||||
|
@ -158,21 +158,7 @@ def test_ping(client: Client):
|
|||||||
client.ping("msg", True)
|
client.ping("msg", True)
|
||||||
|
|
||||||
|
|
||||||
@pytest.mark.skip_t2
|
def test_get_entropy(client: Client):
|
||||||
def test_get_entropy_t1(client: Client):
|
|
||||||
_assert_protection(client)
|
|
||||||
with client:
|
|
||||||
client.set_expected_responses(
|
|
||||||
[
|
|
||||||
messages.ButtonRequest(code=B.ProtectCall),
|
|
||||||
messages.Entropy,
|
|
||||||
]
|
|
||||||
)
|
|
||||||
misc.get_entropy(client, 10)
|
|
||||||
|
|
||||||
|
|
||||||
@pytest.mark.skip_t1
|
|
||||||
def test_get_entropy_t2(client: Client):
|
|
||||||
_assert_protection(client)
|
_assert_protection(client)
|
||||||
with client:
|
with client:
|
||||||
client.use_pin_sequence([PIN4])
|
client.use_pin_sequence([PIN4])
|
||||||
|
Loading…
Reference in New Issue
Block a user