Add functions to lock/unlock the APDU source to a specific media

yrichard-ledger · yrichard-ledger · commit af9025359ed0 · 2024-10-02T12:17:22.000+02:00
diff --git a/include/os_io_seproxyhal.h b/include/os_io_seproxyhal.h
@@ -246,6 +246,7 @@ typedef struct io_seph_s {
     unsigned short  apdu_length;  // total length to be received
     unsigned short  io_flags;     // flags to be set when calling io_exchange
     io_apdu_media_t apdu_media;
+    io_apdu_media_t apdu_media_lock;
 
     unsigned int ms;
 
@@ -285,11 +286,29 @@ extern io_seph_app_t G_io_app;
  */
 void io_task(void);
 /**
- * IO task initializez
+ * IO task initialize
  */
 void io_start(void);
 #endif  // HAVE_IO_TASK
 
+/**
+ * Lock apdu source to a media
+ * After this function is called, all subsequent apdus
+ * that come from any other media will be refused
+ */
+void io_apdu_media_lock(io_apdu_media_t media);
+/**
+ * Unlock apdu source.
+ * After this function is called, apdus any media will be processed
+ */
+void io_apdu_media_unlock(void);
+/**
+ * Check if an Apdu media shall be accepted.
+ * Return true if source media is not locked or if the media corresponds to the current lock
+ * Return false if media doesn't correspond to the current lock
+ */
+bool io_apdu_is_media_accepted(io_apdu_media_t media);
+
 void io_seproxyhal_setup_ticker(unsigned int interval_ms);
 void io_seproxyhal_power_off(bool criticalBattery);
 void io_seproxyhal_se_reset(void);
diff --git a/lib_blewbxx_impl/src/ledger_ble.c b/lib_blewbxx_impl/src/ledger_ble.c
@@ -517,7 +517,8 @@ static void hci_evt_cmd_complete(const uint8_t *buffer, uint16_t length)
         if (ledger_ble_data.transfer_mode_enable) {
             if ((ledger_protocol_data.rx_apdu_length)
                 && (ledger_protocol_data.rx_apdu_status == APDU_STATUS_COMPLETE)) {
-                if (G_io_app.apdu_state == APDU_IDLE) {
+                if (G_io_app.apdu_state == APDU_IDLE
+                    && io_apdu_is_media_accepted(IO_APDU_MEDIA_BLE)) {
                     copy_apdu_to_app(false);
                 }
                 else {
@@ -892,7 +893,8 @@ static void attribute_modified(const uint8_t *buffer, uint16_t length)
                     LOG_BLE("Transfer failed 0x%04x\n", U2BE(ledger_ble_data.resp, 0));
                     G_io_app.transfer_mode = 0;
                     check_transfer_mode(G_io_app.transfer_mode);
-                    if (G_io_app.apdu_state == APDU_IDLE) {
+                    if (G_io_app.apdu_state == APDU_IDLE
+                        && io_apdu_is_media_accepted(IO_APDU_MEDIA_BLE)) {
                         copy_apdu_to_app(true);
                     }
                     else {
@@ -914,7 +916,8 @@ static void attribute_modified(const uint8_t *buffer, uint16_t length)
             }
             else {
                 // Nominal case for apdu reception
-                if (G_io_app.apdu_state == APDU_IDLE) {
+                if (G_io_app.apdu_state == APDU_IDLE
+                    && io_apdu_is_media_accepted(IO_APDU_MEDIA_BLE)) {
                     copy_apdu_to_app(true);
                 }
                 else {
@@ -961,7 +964,7 @@ static void write_permit_request(const uint8_t *buffer, uint16_t length)
                             data_length,
                             &buffer[3]);
         if (ledger_protocol_data.rx_apdu_status == APDU_STATUS_COMPLETE) {
-            if (G_io_app.apdu_state == APDU_IDLE) {
+            if (G_io_app.apdu_state == APDU_IDLE && io_apdu_is_media_accepted(IO_APDU_MEDIA_BLE)) {
                 copy_apdu_to_app(true);
             }
             else {
diff --git a/lib_stusb_impl/usbd_impl.c b/lib_stusb_impl/usbd_impl.c
@@ -1074,7 +1074,8 @@ uint8_t USBD_HID_DataOut_impl(USBD_HandleTypeDef *pdev,
 
 #ifndef HAVE_USB_HIDKBD
             // avoid troubles when an apdu has not been replied yet
-            if (G_io_app.apdu_state == APDU_IDLE) {
+            if (G_io_app.apdu_state == APDU_IDLE
+                && io_apdu_is_media_accepted(IO_APDU_MEDIA_USB_HID)) {
                 // add to the hid transport
                 switch (io_usb_hid_receive(io_usb_send_apdu_data,
                                            buffer,
@@ -1162,7 +1163,8 @@ uint8_t USBD_WEBUSB_DataOut(USBD_HandleTypeDef *pdev,
             USBD_LL_PrepareReceive(pdev, WEBUSB_EPOUT_ADDR, WEBUSB_EPOUT_SIZE);
 
             // avoid troubles when an apdu has not been replied yet
-            if (G_io_app.apdu_state == APDU_IDLE) {
+            if (G_io_app.apdu_state == APDU_IDLE
+                && io_apdu_is_media_accepted(IO_APDU_MEDIA_USB_WEBUSB)) {
                 // add to the hid transport
                 switch (io_usb_hid_receive(io_usb_send_apdu_data_ep0x83,
                                            buffer,
diff --git a/src/os_io_nfc.c b/src/os_io_nfc.c
@@ -67,7 +67,7 @@ void io_nfc_recv_event(void)
 
     // Full apdu is received, copy it to global apdu buffer
     if (ledger_protocol_data.rx_apdu_status == APDU_STATUS_COMPLETE) {
-        if (G_io_app.apdu_state == APDU_IDLE) {
+        if (G_io_app.apdu_state == APDU_IDLE && io_apdu_is_media_accepted(IO_APDU_MEDIA_NFC)) {
             memcpy(ledger_protocol_data.rx_dst_buffer,
                    ledger_protocol_data.rx_apdu_buffer,
                    ledger_protocol_data.rx_apdu_length);
diff --git a/src/os_io_seproxyhal.c b/src/os_io_seproxyhal.c
@@ -228,7 +228,7 @@ void io_usb_send_apdu_data_ep0x83(unsigned char *buffer, unsigned short length)
 
 void io_seproxyhal_handle_capdu_event(void)
 {
-    if (G_io_app.apdu_state == APDU_IDLE) {
+    if (G_io_app.apdu_state == APDU_IDLE && io_apdu_is_media_accepted(IO_APDU_MEDIA_RAW)) {
         size_t max  = MIN(sizeof(G_io_apdu_buffer) - 3, sizeof(G_io_seproxyhal_spi_buffer) - 3);
         size_t size = U2BE(G_io_seproxyhal_spi_buffer, 1);
 
@@ -446,9 +446,10 @@ void io_seproxyhal_init(void)
     G_io_app.plane_mode = plane;
 #endif  // HAVE_BLE
 
-    G_io_app.apdu_state  = APDU_IDLE;
-    G_io_app.apdu_length = 0;
-    G_io_app.apdu_media  = IO_APDU_MEDIA_NONE;
+    G_io_app.apdu_state      = APDU_IDLE;
+    G_io_app.apdu_length     = 0;
+    G_io_app.apdu_media      = IO_APDU_MEDIA_NONE;
+    G_io_app.apdu_media_lock = IO_APDU_MEDIA_NONE;
 
     G_io_app.ms = 0;
 
@@ -475,6 +476,22 @@ void io_seproxyhal_init(void)
 #endif  // !defined(HAVE_BOLOS) && defined(HAVE_PENDING_REVIEW_SCREEN)
 }
 
+void io_apdu_media_lock(io_apdu_media_t media)
+{
+    G_io_app.apdu_media_lock = media;
+}
+void io_apdu_media_unlock(void)
+{
+    G_io_app.apdu_media_lock = IO_APDU_MEDIA_NONE;
+}
+bool io_apdu_is_media_accepted(io_apdu_media_t media)
+{
+    if (G_io_app.apdu_media_lock == IO_APDU_MEDIA_NONE) {
+        return true;
+    }
+    return (G_io_app.apdu_media_lock == media);
+}
+
 #ifdef HAVE_PIEZO_SOUND
 void io_seproxyhal_play_tune(tune_index_e tune_index)
 {
