New blind-signing flow for Stax/Flex
This commit is contained in:
Alexandre Paillier
@@ -1,5 +1,5 @@
|
|||||||
#include <ctype.h>
|
#include <ctype.h>
|
||||||
#include <nbgl_page.h>
|
#include "nbgl_page.h"
|
||||||
#include "shared_context.h"
|
#include "shared_context.h"
|
||||||
#include "ui_callbacks.h"
|
#include "ui_callbacks.h"
|
||||||
#include "ui_nbgl.h"
|
#include "ui_nbgl.h"
|
||||||
@@ -25,7 +25,6 @@ static char msg_buffer[MAX_PLUGIN_ITEMS][VALUE_MAX_LEN];
|
|||||||
|
|
||||||
struct tx_approval_context_t {
|
struct tx_approval_context_t {
|
||||||
bool fromPlugin;
|
bool fromPlugin;
|
||||||
bool blindSigning;
|
|
||||||
bool displayNetwork;
|
bool displayNetwork;
|
||||||
#ifdef HAVE_DOMAIN_NAME
|
#ifdef HAVE_DOMAIN_NAME
|
||||||
bool domain_name_match;
|
bool domain_name_match;
|
||||||
@@ -174,7 +173,11 @@ static void reviewCommon(void) {
|
|||||||
|
|
||||||
pairsList.nbPairs = setTagValuePairs();
|
pairsList.nbPairs = setTagValuePairs();
|
||||||
pairsList.pairs = pairs;
|
pairsList.pairs = pairs;
|
||||||
|
nbgl_operationType_t op = TYPE_TRANSACTION;
|
||||||
|
|
||||||
|
if (tmpContent.txContent.dataPresent) {
|
||||||
|
op |= BLIND_OPERATION;
|
||||||
|
}
|
||||||
if (tx_approval_context.fromPlugin) {
|
if (tx_approval_context.fromPlugin) {
|
||||||
uint32_t buf_size = SHARED_BUFFER_SIZE / 2;
|
uint32_t buf_size = SHARED_BUFFER_SIZE / 2;
|
||||||
char op_name[sizeof(strings.common.fullAmount)];
|
char op_name[sizeof(strings.common.fullAmount)];
|
||||||
@@ -195,7 +198,7 @@ static void reviewCommon(void) {
|
|||||||
(pluginType == EXTERNAL ? "on " : ""),
|
(pluginType == EXTERNAL ? "on " : ""),
|
||||||
strings.common.toAddress);
|
strings.common.toAddress);
|
||||||
|
|
||||||
nbgl_useCaseReview(TYPE_TRANSACTION,
|
nbgl_useCaseReview(op,
|
||||||
&pairsList,
|
&pairsList,
|
||||||
get_tx_icon(),
|
get_tx_icon(),
|
||||||
g_stax_shared_buffer,
|
g_stax_shared_buffer,
|
||||||
@@ -203,7 +206,7 @@ static void reviewCommon(void) {
|
|||||||
g_stax_shared_buffer + buf_size,
|
g_stax_shared_buffer + buf_size,
|
||||||
reviewChoice);
|
reviewChoice);
|
||||||
} else {
|
} else {
|
||||||
nbgl_useCaseReview(TYPE_TRANSACTION,
|
nbgl_useCaseReview(op,
|
||||||
&pairsList,
|
&pairsList,
|
||||||
get_tx_icon(),
|
get_tx_icon(),
|
||||||
REVIEW("transaction"),
|
REVIEW("transaction"),
|
||||||
@@ -224,8 +227,6 @@ void blind_confirm_cb(bool confirm) {
|
|||||||
void ux_approve_tx(bool fromPlugin) {
|
void ux_approve_tx(bool fromPlugin) {
|
||||||
memset(&tx_approval_context, 0, sizeof(tx_approval_context));
|
memset(&tx_approval_context, 0, sizeof(tx_approval_context));
|
||||||
|
|
||||||
tx_approval_context.blindSigning =
|
|
||||||
!fromPlugin && tmpContent.txContent.dataPresent && !N_storage.contractDetails;
|
|
||||||
tx_approval_context.fromPlugin = fromPlugin;
|
tx_approval_context.fromPlugin = fromPlugin;
|
||||||
tx_approval_context.displayNetwork = false;
|
tx_approval_context.displayNetwork = false;
|
||||||
|
|
||||||
@@ -234,16 +235,5 @@ void ux_approve_tx(bool fromPlugin) {
|
|||||||
tx_approval_context.displayNetwork = true;
|
tx_approval_context.displayNetwork = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (tx_approval_context.blindSigning) {
|
reviewCommon();
|
||||||
nbgl_useCaseChoice(&C_Important_Circle_64px,
|
|
||||||
"Blind Signing",
|
|
||||||
"This transaction cannot be securely interpreted by "
|
|
||||||
"your Ledger device.\nIt might put "
|
|
||||||
"your assets at risk.",
|
|
||||||
"Continue",
|
|
||||||
"Cancel",
|
|
||||||
blind_confirm_cb);
|
|
||||||
} else {
|
|
||||||
reviewCommon();
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -2,20 +2,37 @@
|
|||||||
#include "shared_context.h"
|
#include "shared_context.h"
|
||||||
#include "ui_callbacks.h"
|
#include "ui_callbacks.h"
|
||||||
#include "ui_nbgl.h"
|
#include "ui_nbgl.h"
|
||||||
|
#include "feature_signTx.h"
|
||||||
|
|
||||||
static void ui_warning_contract_data_choice(bool confirm) {
|
static void ui_warning_contract_data_choice2(bool confirm) {
|
||||||
if (confirm) {
|
if (confirm) {
|
||||||
ui_idle();
|
start_signature_flow();
|
||||||
} else {
|
} else {
|
||||||
ui_menu_settings();
|
report_finalize_error();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
static void ui_warning_contract_data_choice1(bool confirm) {
|
||||||
|
if (confirm) {
|
||||||
|
report_finalize_error();
|
||||||
|
} else {
|
||||||
|
nbgl_useCaseChoice(
|
||||||
|
NULL,
|
||||||
|
"The transaction cannot be trusted",
|
||||||
|
"Your Ledger cannot decode this transaction. If you sign it, you could be authorizing "
|
||||||
|
"malicious actions that can drain your wallet.\n\nLearn more: ledger.com/e8",
|
||||||
|
"I accept the risk",
|
||||||
|
"Reject transaction",
|
||||||
|
ui_warning_contract_data_choice2);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void ui_warning_contract_data(void) {
|
void ui_warning_contract_data(void) {
|
||||||
nbgl_useCaseChoice(&C_Warning_64px,
|
nbgl_useCaseChoice(
|
||||||
"This message cannot\nbe clear-signed",
|
&C_Warning_64px,
|
||||||
"Enable blind-signing in\nthe settings to sign\nthis transaction.",
|
"Security risk detected",
|
||||||
"Exit",
|
"It may not be safe to sign this transaction. To continue, you'll need to review the risk.",
|
||||||
"Go to settings",
|
"Back to safety",
|
||||||
ui_warning_contract_data_choice);
|
"Review risk",
|
||||||
|
ui_warning_contract_data_choice1);
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user