fix(core): do not send passphrase_protection field when device is locked (fixes #1807)

2025-01-11 16:00:57 +00:00 · 2021-10-20 13:26:02 +02:00 · 2021-10-20 13:26:02 +02:00 · f0ae16069c
commit f0ae16069c
parent 0e4e56711c
4 changed files with 30 additions and 4 deletions
--- a/core/src/apps/base.py
+++ b/core/src/apps/base.py
@ -44,7 +44,6 @@ def get_features() -> Features:
        label=storage.device.get_label(),
        pin_protection=config.has_pin(),
        unlocked=config.is_unlocked(),
-        passphrase_protection=storage.device.is_passphrase_enabled(),
    )

    if utils.BITCOIN_ONLY:
@ -79,7 +78,8 @@ def get_features() -> Features:

    # private fields:
    if config.is_unlocked():
-
+        # passphrase_protection is private, see #1807
+        f.passphrase_protection = storage.device.is_passphrase_enabled()
        f.needs_backup = storage.device.needs_backup()
        f.unfinished_backup = storage.device.unfinished_backup()
        f.no_backup = storage.device.no_backup()
--- a/tests/device_tests/test_msg_applysettings.py
+++ b/tests/device_tests/test_msg_applysettings.py
@ -71,8 +71,6 @@ class TestMsgApplysettings:

    @pytest.mark.setup_client(pin=PIN4, passphrase=False)
    def test_apply_settings_passphrase(self, client):
-        assert client.features.passphrase_protection is False
-
        with client:
            _set_expected_responses(client)
            device.apply_settings(client, use_passphrase=True)
--- a/tests/device_tests/test_protection_levels.py
+++ b/tests/device_tests/test_protection_levels.py
@ -61,6 +61,32 @@ def test_initialize(client):
        client.init_device()


+@pytest.mark.skip_t1
+@pytest.mark.setup_client(pin=PIN4)
+@pytest.mark.parametrize("passphrase", (True, False))
+def test_passphrase_reporting(client, passphrase):
+    """On TT, passphrase_protection is a private setting, so a locked device should
+    report passphrase_protection=None.
+    """
+    with client:
+        client.use_pin_sequence([PIN4])
+        device.apply_settings(client, use_passphrase=passphrase)
+
+    client.lock()
+
+    # on a locked device, passphrase_protection should be None
+    assert client.features.unlocked is False
+    assert client.features.passphrase_protection is None
+
+    # on an unlocked device, protection should be reported accurately
+    _assert_protection(client, pin=True, passphrase=passphrase)
+
+    # after re-locking, the setting should be hidden again
+    client.lock()
+    assert client.features.unlocked is False
+    assert client.features.passphrase_protection is None
+
+
 def test_apply_settings(client):
    _assert_protection(client)
    with client:
--- a/tests/ui_tests/fixtures.json
+++ b/tests/ui_tests/fixtures.json
@ -794,6 +794,8 @@
 "test_protection_levels.py::test_get_public_key": "f0ac110de788b3112e04dc2ef131fca011a8dea1c309df37adeb23066729e273",
 "test_protection_levels.py::test_initialize": "59e518cba8589979f0af46e2acb211d37c96312f1d1a63a899d138ebb2f3ca29",
 "test_protection_levels.py::test_passphrase_cached": "7fe34cc300a6f3547eaf72ab4339b758469f1e2722244d2a14d06e55ab1a3716",
+"test_protection_levels.py::test_passphrase_reporting[False]": "233f8978b159ec8fb4092599d63f001c8059222ca14a9e84d185560d3c32ce24",
+"test_protection_levels.py::test_passphrase_reporting[True]": "d9e9bdb39d15d6737ed6234f16c36bb7ad95ca54067ff8f10cffccaa3caa96cb",
 "test_protection_levels.py::test_ping": "5551c263e8e09c8ae683f4dec3dd9d7ecc05ebbd3f2556604b27479c8f1fbc82",
 "test_protection_levels.py::test_sign_message_t2": "bdcc7268caf112c3ba1708d9387fcca8384b330ba5a1e500df87e5fa3b0a4320",
 "test_protection_levels.py::test_signtx": "f13f1687e062bd407dc781ae93ebb6619eee5ea3d37ee031ffdc98d5bd7aea33",