From 61ffd8c98881f46f4a4e68e00fb0cc604ffd8162 Mon Sep 17 00:00:00 2001
From: Ajinkya Rajandekar <ajinkya.raj@trili.tech>
Date: Tue, 27 Feb 2024 17:20:51 +0000
Subject: [PATCH] - Add precondition in important functions for improved
 security.

---
 src/apdu_sign.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/apdu_sign.c b/src/apdu_sign.c
index e20d3784..b77c4504 100644
--- a/src/apdu_sign.c
+++ b/src/apdu_sign.c
@@ -197,6 +197,9 @@ static size_t handle_apdu(bool const enable_hashing,
                           bool const enable_parsing,
                           uint8_t const instruction,
                           volatile uint32_t *flags) {
+    if (os_global_pin_is_validated() != BOLOS_UX_OK) {
+        THROW(EXC_SECURITY);
+    }
     uint8_t *const buff = &G_io_apdu_buffer[OFFSET_CDATA];
     uint8_t const p1 = G_io_apdu_buffer[OFFSET_P1];
     uint8_t const buff_size = G_io_apdu_buffer[OFFSET_LC];
@@ -285,6 +288,10 @@ size_t handle_apdu_sign_with_hash(uint8_t instruction, volatile uint32_t *flags)
 }
 
 int perform_signature(bool const on_hash, bool const send_hash) {
+    if (os_global_pin_is_validated() != BOLOS_UX_OK) {
+        THROW(EXC_SECURITY);
+    }
+
     write_high_water_mark(&G.parsed_baking_data);
     size_t tx = 0;
     if (send_hash && on_hash) {