Check support before calling SE FIDO-related commands.

core/src/apps/webauthn/resident_credentials.py

@@ -1,13 +1,15 @@
 from micropython import const
 from typing import Iterator
 
+import storage
 import storage.resident_credentials
 from storage.resident_credentials import MAX_RESIDENT_CREDENTIALS
 
 from .credential import Fido2Credential
 from .fido_seed import ensure_fido_seed
 
 RP_ID_HASH_LENGTH = const(32)
+_ALLOW_RESIDENT_CREDENTIALS = storage.device.get_se01_version() >= "1.1.5"
 
 
 def _credential_from_data(index: int, data: bytes) -> Fido2Credential:
@@ -20,6 +22,8 @@ def _credential_from_data(index: int, data: bytes) -> Fido2Credential:
 
 @ensure_fido_seed
 def find_all() -> Iterator[Fido2Credential]:
+    if not _ALLOW_RESIDENT_CREDENTIALS:
+        return
     registered_count = storage.resident_credentials.get_fido2_counter()
     if registered_count == 0:
         return
@@ -35,6 +39,8 @@ def find_all() -> Iterator[Fido2Credential]:
 
 @ensure_fido_seed
 def find_by_rp_id_hash(rp_id_hash: bytes) -> Iterator[Fido2Credential]:
+    if not _ALLOW_RESIDENT_CREDENTIALS:
+        return
     for index in range(MAX_RESIDENT_CREDENTIALS):
         data = storage.resident_credentials.get(index)
 
@@ -51,6 +57,8 @@ def find_by_rp_id_hash(rp_id_hash: bytes) -> Iterator[Fido2Credential]:
 
 @ensure_fido_seed
 def get_resident_credential(index: int) -> Fido2Credential | None:
+    if not _ALLOW_RESIDENT_CREDENTIALS:
+        return None
     if not 0 <= index < MAX_RESIDENT_CREDENTIALS:
         return None
 
@@ -63,6 +71,8 @@ def get_resident_credential(index: int) -> Fido2Credential | None:
 
 @ensure_fido_seed
 def store_resident_credential(cred: Fido2Credential) -> bool:
+    if not _ALLOW_RESIDENT_CREDENTIALS:
+        return False
     if storage.resident_credentials.get_fido2_counter() >= MAX_RESIDENT_CREDENTIALS:
         return False