1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-24 07:18:09 +00:00

fix(legacy): Check PIN before confirming critical dialogs.

This commit is contained in:
Andrew Kozlik 2022-02-17 11:02:06 +01:00 committed by Martin Milata
parent 4c60f80f44
commit e24e9fcdb3
4 changed files with 17 additions and 26 deletions

View File

@ -251,6 +251,8 @@ void fsm_msgWipeDevice(const WipeDevice *msg) {
}
void fsm_msgGetEntropy(const GetEntropy *msg) {
CHECK_PIN
#if !DEBUG_RNG
layoutDialogSwipe(&bmp_icon_question, _("Cancel"), _("Confirm"), NULL,
_("Do you really want to"), _("send entropy?"), NULL, NULL,
@ -523,6 +525,8 @@ void fsm_msgWordAck(const WordAck *msg) {
}
void fsm_msgSetU2FCounter(const SetU2FCounter *msg) {
CHECK_PIN
layoutDialogSwipe(&bmp_icon_question, _("Cancel"), _("Confirm"), NULL,
_("Do you want to set"), _("the U2F counter?"), NULL, NULL,
NULL, NULL);
@ -537,6 +541,8 @@ void fsm_msgSetU2FCounter(const SetU2FCounter *msg) {
}
void fsm_msgGetNextU2FCounter() {
CHECK_PIN
layoutDialogSwipe(&bmp_icon_question, _("Cancel"), _("Confirm"), NULL,
_("Do you want to"), _("increase and retrieve"),
_("the U2F counter?"), NULL, NULL, NULL);

View File

@ -75,6 +75,8 @@ void fsm_msgSignIdentity(const SignIdentity *msg) {
CHECK_INITIALIZED
CHECK_PIN
layoutSignIdentity(&(msg->identity),
msg->has_challenge_visual ? msg->challenge_visual : 0);
if (!protectButton(ButtonRequestType_ButtonRequest_ProtectCall, false)) {
@ -83,8 +85,6 @@ void fsm_msgSignIdentity(const SignIdentity *msg) {
return;
}
CHECK_PIN
uint8_t hash[32];
if (cryptoIdentityFingerprint(&(msg->identity), hash) == 0) {
fsm_sendFailure(FailureType_Failure_DataError, _("Invalid identity"));
@ -179,6 +179,8 @@ void fsm_msgGetECDHSessionKey(const GetECDHSessionKey *msg) {
CHECK_INITIALIZED
CHECK_PIN
layoutDecryptIdentity(&msg->identity);
if (!protectButton(ButtonRequestType_ButtonRequest_ProtectCall, false)) {
fsm_sendFailure(FailureType_Failure_ActionCancelled, NULL);
@ -186,8 +188,6 @@ void fsm_msgGetECDHSessionKey(const GetECDHSessionKey *msg) {
return;
}
CHECK_PIN
uint8_t hash[32];
if (cryptoIdentityFingerprint(&(msg->identity), hash) == 0) {
fsm_sendFailure(FailureType_Failure_DataError, _("Invalid identity"));
@ -258,6 +258,8 @@ void fsm_msgCosiCommit(const CosiCommit *msg) {
CHECK_PARAM(msg->has_data, _("No data provided"));
CHECK_PIN
if (!fsm_checkCosiPath(msg->address_n_count, msg->address_n)) {
layoutHome();
return;
@ -271,8 +273,6 @@ void fsm_msgCosiCommit(const CosiCommit *msg) {
return;
}
CHECK_PIN
const HDNode *node = fsm_getDerivedNode(ED25519_NAME, msg->address_n,
msg->address_n_count, NULL);
if (!node) return;
@ -311,6 +311,8 @@ void fsm_msgCosiSign(const CosiSign *msg) {
return;
}
CHECK_PIN
layoutCosiCommitSign(msg->address_n, msg->address_n_count, msg->data.bytes,
msg->data.size, true);
if (!protectButton(ButtonRequestType_ButtonRequest_ProtectCall, false)) {
@ -319,8 +321,6 @@ void fsm_msgCosiSign(const CosiSign *msg) {
return;
}
CHECK_PIN
const HDNode *node = fsm_getDerivedNode(ED25519_NAME, msg->address_n,
msg->address_n_count, NULL);
if (!node) return;

View File

@ -333,6 +333,8 @@ void fsm_msgNEMDecryptMessage(NEMDecryptMessage *msg) {
CHECK_PARAM(msg->has_public_key, _("No public key provided"));
CHECK_PARAM(msg->public_key.size == 32, _("Invalid public key"));
CHECK_PIN
char address[NEM_ADDRESS_SIZE + 1];
nem_get_address(msg->public_key.bytes, msg->network, address);
@ -344,13 +346,10 @@ void fsm_msgNEMDecryptMessage(NEMDecryptMessage *msg) {
return;
}
CHECK_PIN
if (!fsm_nemCheckPath(msg->address_n_count, msg->address_n, msg->network)) {
layoutHome();
return;
}
const HDNode *node = fsm_getDerivedNode(ED25519_KECCAK_NAME, msg->address_n,
msg->address_n_count, NULL);
if (!node) return;

View File

@ -158,21 +158,7 @@ def test_ping(client: Client):
client.ping("msg", True)
@pytest.mark.skip_t2
def test_get_entropy_t1(client: Client):
_assert_protection(client)
with client:
client.set_expected_responses(
[
messages.ButtonRequest(code=B.ProtectCall),
messages.Entropy,
]
)
misc.get_entropy(client, 10)
@pytest.mark.skip_t1
def test_get_entropy_t2(client: Client):
def test_get_entropy(client: Client):
_assert_protection(client)
with client:
client.use_pin_sequence([PIN4])