throw UnexpectedMessage failure on unknown messages

firmware/Makefile

@@ -45,4 +45,3 @@ CFLAGS += -Iprotob -DPB_FIELD_16BIT=1
 CFLAGS += -DDEBUG_LINK=0
 CFLAGS += -DDEBUG_LOG=0
 CFLAGS += -DSCM_REVISION='"$(shell git rev-parse HEAD | sed 's:\(..\):\\x\1:g')"'
-CFLAGS += -DSCM_REVISION_LEN=20

firmware/fsm.c

@@ -111,7 +111,8 @@ void fsm_msgInitialize(Initialize *msg)
 	resp->has_pin_protection = true; resp->pin_protection = storage.has_pin;
 	resp->has_passphrase_protection = true; resp->passphrase_protection = storage.has_passphrase_protection && storage.passphrase_protection;
 #ifdef SCM_REVISION
-	resp->has_revision = true; memcpy(resp->revision.bytes, SCM_REVISION, sizeof(resp->revision)); resp->revision.size = SCM_REVISION_LEN;
+	int len = sizeof(SCM_REVISION) - 1;
+	resp->has_revision = true; memcpy(resp->revision.bytes, SCM_REVISION, len); resp->revision.size = len;
 #endif
 	resp->has_bootloader_hash = true; resp->bootloader_hash.size = memory_bootloader_hash(resp->bootloader_hash.bytes);
 	if (storage.has_language) {

firmware/messages.c

@@ -290,6 +290,8 @@ void msg_read_common(char type, uint8_t *buf, int len)
 	static uint32_t msg_pos = 0;
 	static const pb_field_t *fields = 0;
 
+	if (len != 64) return;
+
 	if (read_state == READSTATE_IDLE) {
 		if (buf[0] != '?' || buf[1] != '#' || buf[2] != '#') {	// invalid start - discard
 			return;
@@ -299,7 +301,7 @@ void msg_read_common(char type, uint8_t *buf, int len)
 
 		fields = MessageFields(type, 'i', msg_id);
 		if (!fields) { // unknown message
-			// fsm_sendFailure(FailureType_Failure_UnexpectedMessage, "Unknown message");
+			fsm_sendFailure(FailureType_Failure_UnexpectedMessage, "Unknown message");
 			return;
 		}
 		if (msg_size > MSG_IN_SIZE) { // message is too big :(
@@ -355,7 +357,7 @@ uint16_t msg_tiny_id = 0xFFFF;
 
 void msg_read_tiny(uint8_t *buf, int len)
 {
-	if (len < 9) return;
+	if (len != 64) return;
 	if (buf[0] != '?' || buf[1] != '#' || buf[2] != '#') {
 		return;
 	}
@@ -402,7 +404,7 @@ void msg_read_tiny(uint8_t *buf, int len)
 			msg_tiny_id = 0xFFFF;
 		}
 	} else {
-		// fsm_sendFailure(FailureType_Failure_UnexpectedMessage, "Unknown message");
+		fsm_sendFailure(FailureType_Failure_UnexpectedMessage, "Unknown message");
 		msg_tiny_id = 0xFFFF;
 	}
 }

firmware/protect.c

@@ -34,8 +34,11 @@ bool protectAbortedByInitialize = false;
 bool protectButton(ButtonRequestType type, bool confirm_only)
 {
 	ButtonRequest resp;
-	bool result;
+	bool result = false;
 	bool acked = false;
+#if DEBUG_LINK
+	bool debug_decided = false;
+#endif
 
 	memset(&resp, 0, sizeof(ButtonRequest));
 	resp.has_code = true;
@@ -46,7 +49,7 @@ bool protectButton(ButtonRequestType type, bool confirm_only)
 	for (;;) {
 		usbPoll();
 
-		// wait for ButtonAck
+		// check for ButtonAck
 		if (msg_tiny_id == MessageType_MessageType_ButtonAck) {
 			msg_tiny_id = 0xFFFF;
 			acked = true;
@@ -66,6 +69,7 @@ bool protectButton(ButtonRequestType type, bool confirm_only)
 			}
 		}
 
+		// check for Cancel / Initialize
 		if (msg_tiny_id == MessageType_MessageType_Cancel || msg_tiny_id == MessageType_MessageType_Initialize) {
 			if (msg_tiny_id == MessageType_MessageType_Initialize) {
 				protectAbortedByInitialize = true;
@@ -75,12 +79,16 @@ bool protectButton(ButtonRequestType type, bool confirm_only)
 			break;
 		}
 
-		// check debug link
 #if DEBUG_LINK
+		// check DebugLink
 		if (msg_tiny_id == MessageType_MessageType_DebugLinkDecision) {
 			msg_tiny_id = 0xFFFF;
 			DebugLinkDecision *dld = (DebugLinkDecision *)msg_tiny;
 			result = dld->yes_no;
+			debug_decided = true;
+		}
+
+		if (acked && debug_decided) {
 			break;
 		}