Merge pull request #127 from LedgerHQ/tdj/add_blindsign_flow_example

Add an example of Blind-sign flow for Stax/Flex

Author: tdejoigny-ledger

src/handler/sign_tx.c

@@ -89,7 +89,17 @@ int handler_sign_tx(buffer_t *cdata, uint8_t chunk, bool more) {
 
             PRINTF("Hash: %.*H\n", sizeof(G_context.tx_info.m_hash), G_context.tx_info.m_hash);
 
-            return ui_display_transaction();
+            // Example to trig a blind-sign flow
+            if (strcmp((char *) G_context.tx_info.transaction.memo, "Blind-sign") == 0) {
+// to remove when Nbgl will be available for Nanos
+#ifdef HAVE_NBGL
+                return ui_display_blind_signed_transaction();
+#else
+                return ui_display_transaction();
+#endif
+            } else {
+                return ui_display_transaction();
+            }
         }
     }
 

src/ui/display.h

@@ -22,3 +22,11 @@ int ui_display_address(void);
  *
  */
 int ui_display_transaction(void);
+
+/**
+ * Display blind-sign transaction information on the device and ask confirmation to sign.
+ *
+ * @return 0 if success, negative integer otherwise.
+ *
+ */
+int ui_display_blind_signed_transaction(void);

src/ui/nbgl_display_transaction.c

@@ -60,7 +60,8 @@ static void review_choice(bool confirm) {
 // - Check if the app is in the right state for transaction review
 // - Format the amount and address strings in g_amount and g_address buffers
 // - Display the first screen of the transaction review
-int ui_display_transaction() {
+// - Display a warning if the transaction is blind-signed
+int ui_display_transaction_bs_choice(bool is_blind_signed) {
     if (G_context.req_type != CONFIRM_TRANSACTION || G_context.state != STATE_PARSED) {
         G_context.state = STATE_NONE;
         return io_send_sw(SW_BAD_STATE);
@@ -94,15 +95,38 @@ int ui_display_transaction() {
     pairList.nbPairs = 2;
     pairList.pairs = pairs;
 
-    // Start review
-    nbgl_useCaseReview(TYPE_TRANSACTION,
-                       &pairList,
-                       &C_app_boilerplate_64px,
-                       "Review transaction\nto send BOL",
-                       NULL,
-                       "Sign transaction\nto send BOL",
-                       review_choice);
+    if (is_blind_signed) {
+        // Start blind-signing review flow
+        nbgl_useCaseReviewBlindSigning(TYPE_TRANSACTION,
+                                       &pairList,
+                                       &C_app_boilerplate_64px,
+                                       "Review transaction\nto send BOL",
+                                       NULL,
+                                       "Sign transaction\nto send BOL",
+                                       NULL,
+                                       review_choice);
+    } else {
+        // Start review flow
+        nbgl_useCaseReview(TYPE_TRANSACTION,
+                           &pairList,
+                           &C_app_boilerplate_64px,
+                           "Review transaction\nto send BOL",
+                           NULL,
+                           "Sign transaction\nto send BOL",
+                           review_choice);
+    }
+
     return 0;
 }
 
+// Flow used to display a blind-signed transaction
+int ui_display_blind_signed_transaction(void) {
+    return ui_display_transaction_bs_choice(true);
+}
+
+// Flow used to display a clear-signed transaction
+int ui_display_transaction() {
+    return ui_display_transaction_bs_choice(false);
+}
+
 #endif

tests/snapshots/flex/test_sign_tx_short_tx_blind_sign/00000.png

@@ -4,12 +4,13 @@
 from application_client.boilerplate_command_sender import BoilerplateCommandSender, Errors
 from application_client.boilerplate_response_unpacker import unpack_get_public_key_response, unpack_sign_tx_response
 from ragger.error import ExceptionRAPDU
+from ragger.navigator import NavInsID
 from utils import check_signature_validity
 
 # In this tests we check the behavior of the device when asked to sign a transaction
 
 
-# In this test se send to the device a transaction to sign and validate it on screen
+# In this test we send to the device a transaction to sign and validate it on screen
 # The transaction is short and will be sent in one chunk
 # We will ensure that the displayed information is correct by using screenshots comparison
 def test_sign_tx_short_tx(backend, scenario_navigator):
@@ -43,6 +44,47 @@ def test_sign_tx_short_tx(backend, scenario_navigator):
     assert check_signature_validity(public_key, der_sig, transaction)
 
 
+# In this test we send to the device a transaction to trig a blind-signing flow
+# The transaction is short and will be sent in one chunk
+# We will ensure that the displayed information is correct by using screenshots comparison
+def test_sign_tx_short_tx_blind_sign(firmware, navigator, backend, scenario_navigator, test_name, default_screenshot_path):
+    if firmware.is_nano:
+        pytest.skip("Not supported on Nano devices")
+
+    # Use the app interface instead of raw interface
+    client = BoilerplateCommandSender(backend)
+    # The path used for this entire test
+    path: str = "m/44'/1'/0'/0/0"
+
+    # First we need to get the public key of the device in order to build the transaction
+    rapdu = client.get_public_key(path=path)
+    _, public_key, _, _ = unpack_get_public_key_response(rapdu.data)
+
+    # Create the transaction that will be sent to the device for signing
+    transaction = Transaction(
+        nonce=1,
+        to="0x0000000000000000000000000000000000000000",
+        value=0,
+        memo="Blind-sign"
+    ).serialize()
+
+    # Send the sign device instruction.
+    # As it requires on-screen validation, the function is asynchronous.
+    # It will yield the result when the navigation is done
+    with client.sign_tx(path=path, transaction=transaction):
+        navigator.navigate_and_compare(default_screenshot_path,
+                                        test_name+"/part1",
+                                        [NavInsID.USE_CASE_CHOICE_REJECT],
+                                        screen_change_after_last_instruction=False)
+
+        # Validate the on-screen request by performing the navigation appropriate for this device
+        scenario_navigator.review_approve()
+
+    # The device as yielded the result, parse it and ensure that the signature is correct
+    response = client.get_async_response().data
+    _, der_sig, _ = unpack_sign_tx_response(response)
+    assert check_signature_validity(public_key, der_sig, transaction)
+
 # In this test se send to the device a transaction to sign and validate it on screen
 # This test is mostly the same as the previous one but with different values.
 # In particular the long memo will force the transaction to be sent in multiple chunks