api: centralize state check

benma · benma · commit 8e1cf1f4cf30 · 2025-03-31T08:57:25.000+02:00
We had two separate checks to decide if we will allow a protobuf
message API call to proceed: in hww.rs (forbid if initialized and
locked) and in api.rs in the can_call() function that defines which
states the API call can run in.

This makes it a bit hard to follow as split into two locations, and it
also prevents us from introducing a protobuf call that is only allowed
to run if the device is initialized but still locked. `Unlock` would
be such a useful new API call if we want to allow entering the
passphrase on the host.

The hww.rs check passed if `!initialized || !locked`,
which means the same as `uninitialized || seeded || unlocked`.

We change the `can_call` state checks to include this condition. For
this we split the local `Initialized` state into
`InitializedAndLocked` and `InitializedAndUnlocked`. For each line in
can_call, the two conditions are combined. The equivalent state check
in the end is simply to convert all `Initialized` checks to
`InitializedAndUnlocked`.

The `true` entries become explicit as they can't include
`InitializedAndLocked` (e.g. can't change the name using `DeviceName`
if initialized but not yet unlocked).
diff --git a/src/rust/bitbox02-rust/src/hww.rs b/src/rust/bitbox02-rust/src/hww.rs
@@ -119,12 +119,6 @@ pub async fn process_packet(usb_in: Vec<u8>) -> Vec<u8> {
         _ => (),
     }
 
-    // No other message than the attestation and unlock calls shall pass until the device is
-    // unlocked or ready to be initialized.
-    if bitbox02::memory::is_initialized() && bitbox02::keystore::is_locked() {
-        return Vec::new();
-    }
-
     let mut out = [OP_STATUS_SUCCESS].to_vec();
     match noise::process(usb_in, &mut out).await {
         Ok(()) => out,
@@ -417,7 +411,14 @@ mod tests {
 
         // Can't reboot when initialized but locked.
         bitbox02::keystore::lock();
-        assert!(make_request(reboot_request.encode_to_vec().as_ref()).is_err());
+        let response_encoded = make_request(&reboot_request.encode_to_vec()).unwrap();
+        let response = crate::pb::Response::decode(&response_encoded[..]).unwrap();
+        assert_eq!(
+            response,
+            crate::pb::Response {
+                response: Some(api::error::make_error(api::error::Error::InvalidState))
+            },
+        );
 
         // Unlock.
         assert_eq!(
diff --git a/src/rust/bitbox02-rust/src/hww/api.rs b/src/rust/bitbox02-rust/src/hww/api.rs
@@ -94,11 +94,17 @@ fn can_call(request: &Request) -> bool {
         Uninitialized,
         // Seeded (password defined, seed created/loaded).
         Seeded,
-        // Initialized (seed backuped up on SD card).
-        Initialized,
+        // InitializedAndLocked (seed backuped up on SD card, keystore locked).
+        InitializedAndLocked,
+        // InitializedAndUnlocked (seed backuped up on SD card, keystore unlocked).
+        InitializedAndUnlocked,
     }
     let state: State = if bitbox02::memory::is_initialized() {
-        State::Initialized
+        if bitbox02::keystore::is_locked() {
+            State::InitializedAndLocked
+        } else {
+            State::InitializedAndUnlocked
+        }
     } else if bitbox02::memory::is_seeded() {
         State::Seeded
     } else {
@@ -108,33 +114,54 @@ fn can_call(request: &Request) -> bool {
     match request {
         // Deprecated call, last used in v1.0.0.
         Request::PerformAttestation(_) => false,
-        Request::DeviceInfo(_) => true,
-        Request::Reboot(_) => true,
-        Request::DeviceName(_) => true,
-        Request::DeviceLanguage(_) => true,
-        Request::CheckSdcard(_) => true,
-        Request::InsertRemoveSdcard(_) => true,
-        Request::ListBackups(_) => true,
+        Request::DeviceInfo(_) => matches!(
+            state,
+            State::Uninitialized | State::Seeded | State::InitializedAndUnlocked
+        ),
+        Request::Reboot(_) => matches!(
+            state,
+            State::Uninitialized | State::Seeded | State::InitializedAndUnlocked
+        ),
+        Request::DeviceName(_) => matches!(
+            state,
+            State::Uninitialized | State::Seeded | State::InitializedAndUnlocked
+        ),
+        Request::DeviceLanguage(_) => matches!(
+            state,
+            State::Uninitialized | State::Seeded | State::InitializedAndUnlocked
+        ),
+        Request::CheckSdcard(_) => matches!(
+            state,
+            State::Uninitialized | State::Seeded | State::InitializedAndUnlocked
+        ),
+        Request::InsertRemoveSdcard(_) => matches!(
+            state,
+            State::Uninitialized | State::Seeded | State::InitializedAndUnlocked
+        ),
+        Request::ListBackups(_) => matches!(
+            state,
+            State::Uninitialized | State::Seeded | State::InitializedAndUnlocked
+        ),
         Request::SetPassword(_) => matches!(state, State::Uninitialized | State::Seeded),
         Request::RestoreBackup(_) => matches!(state, State::Uninitialized | State::Seeded),
         Request::RestoreFromMnemonic(_) => matches!(state, State::Uninitialized | State::Seeded),
-        Request::CreateBackup(_) => matches!(state, State::Seeded | State::Initialized),
-        Request::ShowMnemonic(_) => matches!(state, State::Seeded | State::Initialized),
-        Request::Fingerprint(_) => matches!(state, State::Initialized),
-        Request::ElectrumEncryptionKey(_) => matches!(state, State::Initialized),
+        Request::CreateBackup(_) => matches!(state, State::Seeded | State::InitializedAndUnlocked),
+        Request::ShowMnemonic(_) => matches!(state, State::Seeded | State::InitializedAndUnlocked),
+        Request::Fingerprint(_) => matches!(state, State::InitializedAndUnlocked),
+        Request::ElectrumEncryptionKey(_) => matches!(state, State::InitializedAndUnlocked),
         Request::BtcPub(_) | Request::Btc(_) | Request::BtcSignInit(_) => {
-            matches!(state, State::Initialized)
+            matches!(state, State::InitializedAndUnlocked)
         }
         // These are streamed asynchronously using the `next_request()` primitive in
         // bitcoin/signtx.rs and are not handled directly.
         Request::BtcSignInput(_) | Request::BtcSignOutput(_) => false,
 
-        Request::CheckBackup(_) => matches!(state, State::Initialized),
-        Request::SetMnemonicPassphraseEnabled(_) => matches!(state, State::Initialized),
-        Request::Eth(_) => matches!(state, State::Initialized),
-        Request::Reset(_) => matches!(state, State::Initialized),
-        Request::Cardano(_) => matches!(state, State::Initialized),
-        Request::Bip85(_) => matches!(state, State::Initialized),
+        Request::CheckBackup(_) => matches!(state, State::InitializedAndUnlocked),
+        Request::SetMnemonicPassphraseEnabled(_) => matches!(state, State::InitializedAndUnlocked),
+        Request::Eth(_) => matches!(state, State::InitializedAndUnlocked),
+        Request::Reset(_) => matches!(state, State::InitializedAndUnlocked),
+        Request::Cardano(_) => matches!(state, State::InitializedAndUnlocked),
+        Request::Bip85(_) => matches!(state, State::InitializedAndUnlocked),
     }
 }
 
