Merge pull request #276 from trilitech/palmer@functori@limit-number-o…

…f-screens-displayed-for-review

Limit the number of screens displayed for signing review for Nano

app/src/apdu_sign.h

@@ -59,6 +59,19 @@ typedef enum {
  BLINDSIGN_ST_ACCEPT_REJECT,
 } blindsign_step_t;
 
+/**
+ * @brief Steps to display summary.
+ *
+ */
+typedef enum {
+ SUMMARYSIGN_ST_OPERATION,
+ SUMMARYSIGN_ST_NB_TX,
+ SUMMARYSIGN_ST_AMOUNT,
+ SUMMARYSIGN_ST_FEE,
+ SUMMARYSIGN_ST_HASH,
+ SUMMARYSIGN_ST_ACCEPT_REJECT,
+} summarysign_step_t;
+
 /**
  * @brief Struct to track state/info about current sign operation.
  *
@@ -77,11 +90,15 @@ typedef struct {
  tz_parser_state parser_state;
  size_t total_length;
  uint8_t last_field_index;
+ uint8_t screen_displayed;
  bool received_msg;
  } clear;
  /// @brief blindsigning state info.
  struct {
  blindsign_step_t step;
  } blind;
+ struct {
+ summarysign_step_t step;
+ } summary;
  } u;
 } apdu_sign_state_t;

app/src/format.c

@@ -0,0 +1,35 @@
+/* Tezos Ledger application - Tezos-specific formatting function set
+
+ Copyright 2024 Functori <[email protected]>
+
+ With code excerpts from:
+ - Legacy Tezos app, Copyright 2019 Obsidian Systems
+ - Ledger Blue sample apps, Copyright 2016 Ledger
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License. */
+
+#include <format.h>
+
+#include "format.h"
+
+bool
+tz_mutez_to_string(char *obuf, size_t olen, uint64_t amount)
+{
+ if (!format_fpu64_trimmed(obuf, olen, amount, 6 /*DECIMALS*/)) {
+ memset(obuf, '\0', olen);
+ return false;
+ }
+
+ strlcat(obuf, " XTZ", olen);
+ return true;
+}

app/src/format.h

@@ -0,0 +1,25 @@
+/* Tezos Ledger application - Tezos-specific formatting function set
+
+ Copyright 2024 Functori <[email protected]>
+
+ With code excerpts from:
+ - Legacy Tezos app, Copyright 2019 Obsidian Systems
+ - Ledger Blue sample apps, Copyright 2016 Ledger
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License. */
+
+#include <stdbool.h>
+#include <stdint.h>
+#include <string.h>
+
+bool tz_mutez_to_string(char *obuf, size_t olen, uint64_t amount);

app/src/globals.h

@@ -68,12 +68,13 @@ typedef enum {
  *
  */
 typedef enum {
- ST_IDLE, /// Idle state
- ST_CLEAR_SIGN, /// Clearsigning an operation
- ST_BLIND_SIGN, /// blindsigning an operation
- ST_PROMPT, /// Waiting for user prompt
- ST_SWAP_SIGN, /// Performing swap operations
- ST_ERROR /// In error state.
+ ST_IDLE, /// Idle state
+ ST_CLEAR_SIGN, /// Clear signing an operation
+ ST_BLIND_SIGN, /// Blind signing an operation
+ ST_SUMMARY_SIGN, /// Summary signing an operation
+ ST_PROMPT, /// Waiting for user prompt
+ ST_SWAP_SIGN, /// Performing swap operations
+ ST_ERROR /// In error state.
 } main_step_t;
 
 typedef enum {

app/src/handle_swap.c

@@ -122,7 +122,7 @@ swap_handle_get_printable_amount(get_printable_amount_parameters_t *params)
 
 typedef struct {
  uint64_t amount;
- uint64_t fee;
+ uint64_t fee; /// Contains transaction fees plus reveal fees, if any.
  char destination_address[ADDRESS_MAX_SIZE];
 } swap_transaction_parameters_t;
 
@@ -204,8 +204,8 @@ swap_check_validity(void)
  TZ_ASSERT(EXC_REJECT, op->nb_reveal <= 1);
  TZ_ASSERT(EXC_REJECT, (op->batch_index - op->nb_reveal) == 1);
  TZ_ASSERT(EXC_REJECT, op->last_tag == TZ_OPERATION_TAG_TRANSACTION);
- TZ_ASSERT(EXC_REJECT, op->last_amount == G_swap_params.amount);
- TZ_ASSERT(EXC_REJECT, op->last_fee == G_swap_params.fee);
+ TZ_ASSERT(EXC_REJECT, op->total_amount == G_swap_params.amount);
+ TZ_ASSERT(EXC_REJECT, op->total_fee == G_swap_params.fee);
 
  tz_format_address(op->destination, 22, dstaddr, sizeof(dstaddr));
 

app/src/parser/operation_parser.c

@@ -319,11 +319,11 @@ tz_operation_parser_init(tz_parser_state *state, uint16_t size,
  memset(&state->operation.destination, 0, 22);
  op->batch_index = 0;
 #ifdef HAVE_SWAP
- op->last_tag = TZ_OPERATION_TAG_END;
- op->nb_reveal = 0;
- op->last_fee = 0;
- op->last_amount = 0;
+ op->last_tag = TZ_OPERATION_TAG_END;
+ op->nb_reveal = 0;
 #endif // HAVE_SWAP
+ op->total_fee = 0;
+ op->total_amount = 0;
  op->frame = op->stack;
  op->stack[0].stop = size;
  if (!skip_magic) {
@@ -665,22 +665,20 @@ tz_step_read_num(tz_parser_state *state)
  &op->frame->step_read_num.state, b,
  op->frame->step_read_num.natural));
  if (op->frame->step_read_num.state.stop) {
-#ifdef HAVE_SWAP
  uint64_t value;
  if (!tz_string_to_mutez(state->buffers.num.decimal, &value)) {
  tz_raise(INVALID_DATA);
  }
  switch (op->frame->step_read_num.kind) {
  case TZ_OPERATION_FIELD_AMOUNT:
- op->last_amount = value;
+ op->total_amount += value;
  break;
  case TZ_OPERATION_FIELD_FEE:
- op->last_fee = value;
+ op->total_fee += value;
  break;
  default:
  break;
  }
-#endif // HAVE_SWAP
  if (op->frame->step_read_num.skip) {
  tz_must(pop_frame(state));
  tz_continue;

app/src/parser/operation_state.h

@@ -243,9 +243,9 @@ typedef struct {
  uint8_t destination[22]; /// saved for entrypoint dispatch
  uint16_t batch_index; /// to print a sequence number
 #ifdef HAVE_SWAP
- tz_operation_tag last_tag;  /// last operations tag encountered
- uint16_t nb_reveal;  /// number of reveal encountered
- uint64_t last_fee; /// last fee encountered
- uint64_t last_amount; /// last amount encountered
-#endif    // HAVE_SWAP
+ tz_operation_tag last_tag; /// last operations tag encountered
+ uint16_t nb_reveal; /// number of reveal encountered
+#endif  // HAVE_SWAP
+ uint64_t total_fee; /// last fee encountered
+ uint64_t total_amount; /// last amount encountered
 } tz_operation_state;

app/src/ui_stream.h

@@ -82,6 +82,7 @@
 typedef uint8_t tz_ui_cb_type_t;
 #define TZ_UI_STREAM_CB_NOCB 0x00u
 #define TZ_UI_STREAM_CB_BLINDSIGN 0x0Eu
+#define TZ_UI_STREAM_CB_VALIDATE 0x0Fu
 #define TZ_UI_STREAM_CB_REFILL 0xEFu
 #define TZ_UI_STREAM_CB_MAINMASK 0xF0u
 #define TZ_UI_STREAM_CB_EXPERT_MODE_FIELD 0xFAu

tests/generate/gen_integration.ml

@@ -97,6 +97,7 @@ let reject ppf () =
  Button.(press ppf Both)
 
 let set_expert_mode ppf () = Format.fprintf ppf "set_expert_mode@."
+let set_blindsign_off ppf () = Format.fprintf ppf "set_blindsign_off@."
 
 type screen = { title : string; contents : string }
 
@@ -527,6 +528,7 @@ let gen_expect_test_sign ?(expert_mode = false) ppf ~watermark bin screens =
  start_speculos ppf signer.mnemonic;
  expected_home ppf ();
  if expert_mode then set_expert_mode ppf ();
+ set_blindsign_off ppf ();
  sign ppf ~signer ~watermark bin;
  expected_review_operation ppf ();
  Button.(press ppf Right);

tests/integration/nano/nanos/test_nanos_regression_batched_ops.py

@@ -46,6 +46,7 @@ def test_nanos_regression_batched_ops(app):
  test_name = Path(__file__).stem
 
  app.setup_expert_mode()
+ app.setup_blindsign_off()
 
  message = Message.from_bytes("0300000000000000000000000000000000000000000000000000000000000000006c001597c45b11b421bb806a0c56c5da5638bf4b1adbf0e617090006a09c010000bac799dfc7f6af2ff0b95f83d023e68c895020baffff086a65616e5f626f620000009a020000009507070200000000050800c6bab5ccc8d891cd8de4b6f7070707020000004b0704030b070702000000040505030b070705050a0000001503f01167865dc63dfee0e31251329ceab660d9460607070a000000150107b21fca96c5763f67b286752c7aaefc5931d15a030b050800a9df9fc1e7eaa7a9c1f7bd87a9ba9cadf5b5b2cd829deea2b7fef9070707020000000005050509030b6c01ee572f02e5be5d097ba17369789582882e8abb8790d627063202e0d403012b704944f5b5fd30eed2ab4385478488e09fe04a0000")