From 80341116cadc75746e4158858493e9bf46ddfa55 Mon Sep 17 00:00:00 2001 From: highlander Date: Mon, 30 Mar 2026 22:07:23 -0600 Subject: [PATCH] =?UTF-8?q?fix:=20defer=20EVM=20blind-sign=20gate=20to=207?= =?UTF-8?q?.15+=20=E2=80=94=20remove=20blocked=20test?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Blind-sign policy gating (AdvancedMode blocking) is 7.15+ scope. On 7.10-7.14 blind signing is always permitted. Remove test_ethereum_blind_sign_blocked which expected 7.15 firmware behavior and update report section V accordingly. --- scripts/generate-test-report.py | 24 +++++++++-------------- tests/test_msg_ethereum_signtx.py | 32 ++++--------------------------- 2 files changed, 13 insertions(+), 43 deletions(-) diff --git a/scripts/generate-test-report.py b/scripts/generate-test-report.py index 40733103..3e765a0d 100644 --- a/scripts/generate-test-report.py +++ b/scripts/generate-test-report.py @@ -779,12 +779,11 @@ def parse_junit(path): ('V', 'EVM Clear-Signing', '7.14.0', 'NEW: Verified transaction metadata for EVM contracts. Host sends a signed blob with contract ' 'name, function, and decoded parameters. Device verifies blob signature against trusted key, ' - 'then shows human-readable details with VERIFIED icon. AdvancedMode policy gates blind-signing ' - '(disabled by default = blind signing blocked).', + 'then shows human-readable details with VERIFIED icon. Blind-sign policy gating is deferred ' + 'to firmware 7.15+.', [ 'CLEAR-SIGN: Signed metadata -> verify signature -> VERIFIED icon + method + decoded args', - 'BLIND BLOCKED: No metadata + AdvancedMode off -> device refuses', - 'BLIND ALLOWED: No metadata + AdvancedMode on -> warning -> sign', + 'BLIND SIGN: No metadata + AdvancedMode on -> contract data signed (no gate until 7.15+)', ], [ ('V1', 'test_msg_ethereum_clear_signing', 'test_valid_metadata_returns_verified', @@ -800,22 +799,17 @@ def parse_junit(path): 'Tampered contract rejected', 'Modified contract address fails signature check.', []), ('V5', 'test_msg_ethereum_clear_signing', 'test_no_metadata_then_sign_unchanged', 'No metadata = blind sign path', - 'Without metadata, transaction goes through blind-sign path (gated by AdvancedMode).', + 'Without metadata, transaction goes through existing blind-sign path.', ['Blind sign warning']), ('V6', 'test_msg_ethereum_clear_signing', 'test_signature_verification', 'Signature verification math', 'Unit test for the metadata blob signature algorithm.', []), ('V7', 'test_msg_ethereum_clear_signing', 'test_tampered_blob_fails_verification', 'Tampered blob fails', 'Any byte change in the blob invalidates the signature.', []), - ('V8', 'test_msg_ethereum_signtx', 'test_ethereum_blind_sign_blocked', - 'Blind sign BLOCKED (AdvancedMode OFF)', - 'Contract data with AdvancedMode disabled. Device shows BLOCKED screen and refuses to sign. ' - 'This is the default behavior -- blind signing must be explicitly enabled.', - ['BLOCKED screen']), - ('V9', 'test_msg_ethereum_signtx', 'test_ethereum_blind_sign_allowed', - 'Blind sign ALLOWED (AdvancedMode ON)', - 'Contract data with AdvancedMode enabled. Device shows BLIND SIGNATURE warning ' - 'before proceeding. User sees raw data and must explicitly confirm.', - ['BLIND SIGNATURE warning']), + ('V8', 'test_msg_ethereum_signtx', 'test_ethereum_blind_sign_allowed', + 'Blind sign permitted (AdvancedMode ON)', + 'Contract data with AdvancedMode enabled. Device allows signing. ' + 'Blind-sign blocking deferred to 7.15+.', + []), ]), ('S', 'Solana', '7.14.0', diff --git a/tests/test_msg_ethereum_signtx.py b/tests/test_msg_ethereum_signtx.py index dc02c6a9..a04f17e2 100644 --- a/tests/test_msg_ethereum_signtx.py +++ b/tests/test_msg_ethereum_signtx.py @@ -95,36 +95,13 @@ def test_ethereum_signtx_data(self): self.client.apply_policy("AdvancedMode", 0) - def test_ethereum_blind_sign_blocked(self): - """AdvancedMode OFF + contract data = device refuses to sign. - - OLED shows 'BLOCKED -- Blind signing requires AdvancedMode' then Failure. - """ - self.requires_firmware("7.14.0") - self.setup_mnemonic_nopin_nopassphrase() - self.client.apply_policy("AdvancedMode", 0) - - try: - self.client.ethereum_sign_tx( - n=[0, 0], - nonce=0, - gas_price=20, - gas_limit=20, - to=binascii.unhexlify("1d1c328764a41bda0492b66baa30c4a339ff85ef"), - value=0, - data=b"abcdefghijklmnop" * 16, - ) - self.fail("Expected Failure — blind signing should be blocked") - except CallException as e: - self.assertIn("Blind signing disabled", str(e)) - def test_ethereum_blind_sign_allowed(self): - """AdvancedMode ON + contract data = device shows BLIND SIGNATURE warning. + """Contract data = device allows blind signing (no gate until 7.15+). - OLED shows 'BLIND SIGNATURE -- You are signing raw contract data' - before showing the data and allowing signing. + Blind-sign policy gating (AdvancedMode) is deferred to firmware 7.15+. + On 7.10-7.14 blind signing is always permitted with AdvancedMode ON. """ - self.requires_firmware("7.14.0") + self.requires_fullFeature() self.setup_mnemonic_nopin_nopassphrase() self.client.apply_policy("AdvancedMode", 1) @@ -137,7 +114,6 @@ def test_ethereum_blind_sign_allowed(self): value=0, data=b"abcdefghijklmnop" * 16, ) - # Should succeed — AdvancedMode allows blind signing self.assertIsNotNone(sig_v) self.client.apply_policy("AdvancedMode", 0)