feat: give a warning when signing the hash. (#49)

LedgerHQ · Jul 14, 2024 · 88e0122 · 88e0122
1 parent fea13cd
commit 88e0122
Show file tree

Hide file tree

Showing 13 changed files with 59 additions and 27 deletions.
diff --git a/.github/workflows/ci-workflow.yml b/.github/workflows/ci-workflow.yml
@@ -11,9 +11,11 @@ on:
 jobs:
   build_application:
     name: Build application
-    uses: LedgerHQ/ledger-app-workflows/.github/workflows/reusable_build.yml@v1
+    uses: lightsail-network/ledger-app-workflows/.github/workflows/reusable_build.yml@master
     with:
       upload_app_binaries_artifact: compiled_app_binaries
+      # TODO: Zemu does not support 3.28.0 yet.
+      builder_tag: "3.27.0"
 
   unit_tests:
     name: Unit test

diff --git a/src/ui/nbgl_hash.c b/src/ui/nbgl_hash.c
@@ -29,7 +29,7 @@
 #include "action/validate.h"
 
 // Macros
-#define TAG_VAL_LST_PAIR_NB 2
+#define TAG_VAL_LST_PAIR_NB 1
 
 // Validate/Invalidate transaction and go back to home
 static void ui_action_validate_transaction(bool choice) {
@@ -45,50 +45,43 @@ static nbgl_layoutTagValueList_t pair_list;
 
 // Static functions declarations
 static void review_start(void);
-static void review_warning(void);
 static void review_continue(void);
 static void reject_confirmation(void);
 static void reject_choice(void);
+static void warning_choice2(bool confirm);
+static void warning_choice1(bool confirm);
 
 // Functions definitions
 static void prepare_page(void) {
     explicit_bzero(caption_value_pairs, sizeof(caption_value_pairs));
     explicit_bzero(str_values, sizeof(str_values));
 
-    // Address caption/value preparation.
-    caption_value_pairs[0].item = "Address";
-    if (!print_account_id(G_context.raw_public_key, str_values[0], DETAIL_VALUE_MAX_LENGTH, 0, 0)) {
-        io_send_sw(SW_DISPLAY_ADDRESS_FAIL);
-        return;
-    }
-    caption_value_pairs[0].value = str_values[0];
-
     // Hash caption/value preparation.
-    caption_value_pairs[1].item = "Hash";
-    if (!format_hex(G_context.hash, HASH_SIZE, str_values[1], DETAIL_VALUE_MAX_LENGTH)) {
+    caption_value_pairs[0].item = "Hash";
+    if (!format_hex(G_context.hash, HASH_SIZE, str_values[0], DETAIL_VALUE_MAX_LENGTH)) {
         io_send_sw(SW_DISPLAY_TRANSACTION_HASH_FAIL);
         return;
     }
-    caption_value_pairs[1].value = str_values[1];
+    caption_value_pairs[0].value = str_values[0];
 }
 
 static void reject_confirmation(void) {
     ui_action_validate_transaction(false);
-    nbgl_useCaseStatus("Hash Rejected", false, ui_menu_main);
+    nbgl_useCaseStatus("Hash rejected", false, ui_menu_main);
 }
 
 static void reject_choice(void) {
     nbgl_useCaseConfirm("Reject hash?",
                         NULL,
-                        "Yes, Reject",
+                        "Yes, reject",
                         "Go back to hash",
                         reject_confirmation);
 }
 
 static void review_choice(bool confirm) {
     if (confirm) {
         ui_action_validate_transaction(true);
-        nbgl_useCaseStatus("HASH SIGNED", true, ui_menu_main);
+        nbgl_useCaseStatus("Hash signed", true, ui_menu_main);
     } else {
         reject_choice();
     }
@@ -99,15 +92,6 @@ static void review_start(void) {
                             "Review hash signing",
                             "",
                             "Reject hash",
-                            review_warning,
-                            reject_choice);
-}
-
-static void review_warning(void) {
-    nbgl_useCaseReviewStart(NULL,
-                            "WARNING",
-                            "Dangerous Operation",
-                            "Reject hash",
                             review_continue,
                             reject_choice);
 }
@@ -125,13 +109,46 @@ static void review_continue(void) {
     nbgl_useCaseStaticReview(&pair_list, &info_long_press, "Reject hash", review_choice);
 }
 
+static void warning_choice2(bool confirm) {
+    if (confirm) {
+        review_start();
+    } else {
+        ui_action_validate_transaction(false);
+    }
+}
+
+static void warning_choice1(bool confirm) {
+    if (confirm) {
+        ui_action_validate_transaction(false);
+    } else {
+        nbgl_useCaseChoice(
+            NULL,
+            "The hash cannot be trusted",
+            "Your Ledger cannot verify the integrity of this hash. If you sign it, you could be "
+            "authorizing malicious actions that can drain your wallet.\n\nLearn more: "
+            "ledger.com/e8",
+            "I accept the risk",
+            "Reject transaction",
+            warning_choice2);
+    }
+}
+
 int ui_display_hash() {
     if (G_context.req_type != CONFIRM_HASH || G_context.state != STATE_NONE) {
         G_context.state = STATE_NONE;
         return io_send_sw(SW_BAD_STATE);
     }
+
     prepare_page();
-    review_start();
+
+    nbgl_useCaseChoice(&C_Warning_64px,
+                       "Security risk detected",
+                       "It may not be safe to sign this "
+                       "transaction. To continue, you'll "
+                       "need to review the risk.",
+                       "Back to safety",
+                       "Review the risk",
+                       warning_choice1);
     return 0;
 }
 #endif  // HAVE_NBGL
diff --git a/tests_zemu/snapshots/stax-hash-signing-approve/00001.png b/tests_zemu/snapshots/stax-hash-signing-approve/00001.png
diff --git a/tests_zemu/snapshots/stax-hash-signing-approve/00002.png b/tests_zemu/snapshots/stax-hash-signing-approve/00002.png
diff --git a/tests_zemu/snapshots/stax-hash-signing-approve/00003.png b/tests_zemu/snapshots/stax-hash-signing-approve/00003.png
diff --git a/tests_zemu/snapshots/stax-hash-signing-approve/00004.png b/tests_zemu/snapshots/stax-hash-signing-approve/00004.png
diff --git a/tests_zemu/snapshots/stax-hash-signing-approve/00005.png b/tests_zemu/snapshots/stax-hash-signing-approve/00005.png
diff --git a/tests_zemu/snapshots/stax-hash-signing-reject/00001.png b/tests_zemu/snapshots/stax-hash-signing-reject/00001.png
diff --git a/tests_zemu/snapshots/stax-hash-signing-reject/00002.png b/tests_zemu/snapshots/stax-hash-signing-reject/00002.png
diff --git a/tests_zemu/snapshots/stax-hash-signing-reject/00003.png b/tests_zemu/snapshots/stax-hash-signing-reject/00003.png
diff --git a/tests_zemu/snapshots/stax-hash-signing-reject/00004.png b/tests_zemu/snapshots/stax-hash-signing-reject/00004.png
diff --git a/tests_zemu/snapshots/stax-hash-signing-reject/00005.png b/tests_zemu/snapshots/stax-hash-signing-reject/00005.png
diff --git a/tests_zemu/tests/main.test.ts b/tests_zemu/tests/main.test.ts
@@ -129,6 +129,11 @@ describe("hash signing", () => {
       await sim.waitForScreenChanges(events);
       let textToFind = "Sign Hash";
       if (dev.name == "stax") {
+        const acceptRisk = new TouchNavigation([
+          ButtonKind.ConfirmNoButton,
+          ButtonKind.ConfirmYesButton,
+        ]);
+        await sim.navigate(".", `${dev.prefix.toLowerCase()}-hash-signing-approve`, acceptRisk.schedule, true, true);
         textToFind = "Hold to";
       }
       await sim.navigateAndCompareUntilText(".", `${dev.prefix.toLowerCase()}-hash-signing-approve`, textToFind, true);
@@ -167,6 +172,14 @@ describe("hash signing", () => {
 
       const events = await sim.getEvents();
       await sim.waitForScreenChanges(events);
+
+      if (dev.name == "stax") {
+        const acceptRisk = new TouchNavigation([
+          ButtonKind.ConfirmNoButton,
+          ButtonKind.ConfirmYesButton,
+        ]);
+        await sim.navigate(".", `${dev.prefix.toLowerCase()}-hash-signing-reject`, acceptRisk.schedule, true, false);
+      }
       await sim.navigateAndCompareUntilText(".", `${dev.prefix.toLowerCase()}-hash-signing-reject`, textToFind, true);
       if (dev.name == "stax") {
         const settingNav = new TouchNavigation([ButtonKind.ApproveTapButton]);