Skip to content

Commit be84448

Browse files
committed
api/firmware: add option to skip noise pairing confirmation
When communicating over a secure paired Bluetooth connection, we don't need a noise pairing confirmation, as Bluetooth has its own. This does not prevent one from displaying the pairing code at any time after, but it allows starting communicating without an explicit pairing code confirmation.
1 parent ee0c6bb commit be84448

File tree

3 files changed

+44
-2
lines changed

3 files changed

+44
-2
lines changed

api/firmware/device.go

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -108,6 +108,8 @@ type Device struct {
108108
mu sync.RWMutex
109109
onEvent func(Event, interface{})
110110
log Logger
111+
112+
options *deviceOptions
111113
}
112114

113115
// BluetoothInfo contains Bluetooth-related info.
@@ -144,17 +146,23 @@ func NewDevice(
144146
config ConfigInterface,
145147
communication Communication,
146148
log Logger,
149+
opts ...DeviceOption,
147150
) *Device {
148151
if (version == nil) != (product == nil) {
149152
panic("both version and product have to be specified, or none")
150153
}
154+
options := &deviceOptions{}
155+
for _, opt := range opts {
156+
opt(options)
157+
}
151158
return &Device{
152159
communication: communication,
153160
version: version,
154161
product: product,
155162
config: config,
156163
status: StatusConnected,
157164
log: log,
165+
options: options,
158166
}
159167
}
160168

api/firmware/options.go

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,35 @@
1+
// Copyright 2025 Shift Crypto AG
2+
//
3+
// Licensed under the Apache License, Version 2.0 (the "License");
4+
// you may not use this file except in compliance with the License.
5+
// You may obtain a copy of the License at
6+
//
7+
// http://www.apache.org/licenses/LICENSE-2.0
8+
//
9+
// Unless required by applicable law or agreed to in writing, software
10+
// distributed under the License is distributed on an "AS IS" BASIS,
11+
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12+
// See the License for the specific language governing permissions and
13+
// limitations under the License.
14+
15+
package firmware
16+
17+
type deviceOptions struct {
18+
// If true, the host does not require noise pairing confirmation before communicating over the
19+
// encrypted noise channel.
20+
optionalNoisePairingConfirmation bool
21+
}
22+
23+
// DeviceOption provides functional options.
24+
type DeviceOption func(*deviceOptions)
25+
26+
// WithOptionalNoisePairingConfirmation allows the host to communicate over the encrypted noise
27+
// channel without requiring a pairing confirmation on the BitBox.
28+
//
29+
// SECURITY NOTE: this enables a MITM in the noise channel to go undetected. Use only if the noise
30+
// channel is wrapped in another secure transport layer, e.g. a paired Bluetooth connection.
31+
func WithOptionalNoisePairingConfirmation() DeviceOption {
32+
return func(o *deviceOptions) {
33+
o.optionalNoisePairingConfirmation = true
34+
}
35+
}

api/firmware/pairing.go

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -101,8 +101,7 @@ func (device *Device) pair() error {
101101
panic(errp.New("expected 32 byte remote static pubkey"))
102102
}
103103

104-
pairingVerificationRequiredByApp := !device.config.ContainsDeviceStaticPubkey(
105-
device.deviceNoiseStaticPubkey)
104+
pairingVerificationRequiredByApp := !device.options.optionalNoisePairingConfirmation && !device.config.ContainsDeviceStaticPubkey(device.deviceNoiseStaticPubkey)
106105
pairingVerificationRequiredByDevice := string(responseBytes) == "\x01"
107106

108107
if pairingVerificationRequiredByDevice || pairingVerificationRequiredByApp {

0 commit comments

Comments
 (0)