Add an example of Blind-sign flow for Stax/Flex

src/handler/sign_tx.c

@@ -89,7 +89,17 @@ int handler_sign_tx(buffer_t *cdata, uint8_t chunk, bool more) {
 
  PRINTF("Hash: %.*H\n", sizeof(G_context.tx_info.m_hash), G_context.tx_info.m_hash);
 
- return ui_display_transaction();
+ // Example to trig a blind-sign flow
+ if (strcmp((char *) G_context.tx_info.transaction.memo, "Blind-sign") == 0) {
+// to remove when Nbgl will be available for Nanos
+#ifdef HAVE_NBGL
+ return ui_display_blind_signed_transaction();
+#else
+ return ui_display_transaction();
+#endif
+ } else {
+ return ui_display_transaction();
+ }
  }
  }
 

src/ui/display.h

@@ -22,3 +22,11 @@ int ui_display_address(void);
  *
  */
 int ui_display_transaction(void);
+
+/**
+ * Display blind-sign transaction information on the device and ask confirmation to sign.
+ *
+ * @return 0 if success, negative integer otherwise.
+ *
+ */
+int ui_display_blind_signed_transaction(void);

src/ui/nbgl_display_transaction.c

@@ -60,7 +60,8 @@ static void review_choice(bool confirm) {
 // - Check if the app is in the right state for transaction review
 // - Format the amount and address strings in g_amount and g_address buffers
 // - Display the first screen of the transaction review
-int ui_display_transaction() {
+// - Display a warning if the transaction is blind-signed
+int ui_display_transaction_bs_choice(bool is_blind_signed) {
  if (G_context.req_type != CONFIRM_TRANSACTION || G_context.state != STATE_PARSED) {
  G_context.state = STATE_NONE;
  return io_send_sw(SW_BAD_STATE);
@@ -94,15 +95,38 @@ int ui_display_transaction() {
  pairList.nbPairs = 2;
  pairList.pairs = pairs;
 
- // Start review
- nbgl_useCaseReview(TYPE_TRANSACTION,
- &pairList,
- &C_app_boilerplate_64px,
- "Review transaction\nto send BOL",
- NULL,
- "Sign transaction\nto send BOL",
- review_choice);
+ if (is_blind_signed) {
+ // Start blind-signing review flow
+ nbgl_useCaseReviewBlindSigning(TYPE_TRANSACTION,
+ &pairList,
+ &C_app_boilerplate_64px,
+ "Review transaction\nto send BOL",
+ NULL,
+ "Sign transaction\nto send BOL",
+ NULL,
+ review_choice);
+ } else {
+ // Start review flow
+ nbgl_useCaseReview(TYPE_TRANSACTION,
+ &pairList,
+ &C_app_boilerplate_64px,
+ "Review transaction\nto send BOL",
+ NULL,
+ "Sign transaction\nto send BOL",
+ review_choice);
+ }
+
  return 0;
 }
 
+// Flow used to display a blind-signed transaction
+int ui_display_blind_signed_transaction(void) {
+ return ui_display_transaction_bs_choice(true);
+}
+
+// Flow used to display a clear-signed transaction
+int ui_display_transaction() {
+ return ui_display_transaction_bs_choice(false);
+}
+
 #endif

tests/test_sign_cmd.py

@@ -4,12 +4,13 @@
 from application_client.boilerplate_command_sender import BoilerplateCommandSender, Errors
 from application_client.boilerplate_response_unpacker import unpack_get_public_key_response, unpack_sign_tx_response
 from ragger.error import ExceptionRAPDU
+from ragger.navigator import NavInsID
 from utils import check_signature_validity
 
 # In this tests we check the behavior of the device when asked to sign a transaction
 
 
-# In this test se send to the device a transaction to sign and validate it on screen
+# In this test we send to the device a transaction to sign and validate it on screen
 # The transaction is short and will be sent in one chunk
 # We will ensure that the displayed information is correct by using screenshots comparison
 def test_sign_tx_short_tx(backend, scenario_navigator):
@@ -43,6 +44,47 @@ def test_sign_tx_short_tx(backend, scenario_navigator):
  assert check_signature_validity(public_key, der_sig, transaction)
 
 
+# In this test we send to the device a transaction to trig a blind-signing flow
+# The transaction is short and will be sent in one chunk
+# We will ensure that the displayed information is correct by using screenshots comparison
+def test_sign_tx_short_tx_blind_sign(firmware, navigator, backend, scenario_navigator, test_name, default_screenshot_path):
+ if firmware.is_nano:
+ pytest.skip("Not supported on Nano devices")
+
+ # Use the app interface instead of raw interface
+ client = BoilerplateCommandSender(backend)
+ # The path used for this entire test
+ path: str = "m/44'/1'/0'/0/0"
+
+ # First we need to get the public key of the device in order to build the transaction
+ rapdu = client.get_public_key(path=path)
+ _, public_key, _, _ = unpack_get_public_key_response(rapdu.data)
+
+ # Create the transaction that will be sent to the device for signing
+ transaction = Transaction(
+ nonce=1,
+ to="0x0000000000000000000000000000000000000000",
+ value=0,
+ memo="Blind-sign"
+ ).serialize()
+
+ # Send the sign device instruction.
+ # As it requires on-screen validation, the function is asynchronous.
+ # It will yield the result when the navigation is done
+ with client.sign_tx(path=path, transaction=transaction):
+ navigator.navigate_and_compare(default_screenshot_path,
+ test_name+"/part1",
+ [NavInsID.USE_CASE_CHOICE_REJECT],
+ screen_change_after_last_instruction=False)
+
+ # Validate the on-screen request by performing the navigation appropriate for this device
+ scenario_navigator.review_approve()
+
+ # The device as yielded the result, parse it and ensure that the signature is correct
+ response = client.get_async_response().data
+ _, der_sig, _ = unpack_sign_tx_response(response)
+ assert check_signature_validity(public_key, der_sig, transaction)
+
 # In this test se send to the device a transaction to sign and validate it on screen
 # This test is mostly the same as the previous one but with different values.
 # In particular the long memo will force the transaction to be sent in multiple chunks