Merge pull request #654 from LedgerHQ/feat/apa/eip712_v0_friction

EIP-712 v0 friction

src_bagl/ui_flow_signMessage712_v0.c

@@ -3,6 +3,7 @@
 #include "common_712.h"
 #include "uint_common.h"
 #include "common_ui.h"
+#include "ui_flow.h"  // ux_warning_blind_signing_warn_step
 
 void prepare_domain_hash_v0() {
     array_bytes_string(strings.tmp.tmp,
@@ -59,8 +60,8 @@ UX_STEP_CB(
     _approve_cb(),
     {
       &C_icon_validate_14,
-      "Sign",
-      "message",
+      "Accept risk",
+      "and sign",
     });
 UX_STEP_CB(
     ux_sign_712_v0_flow_5_step,
@@ -74,6 +75,7 @@ UX_STEP_CB(
 // clang-format on
 
 UX_FLOW(ux_sign_712_v0_flow,
+        &ux_warning_blind_signing_warn_step,
         &ux_sign_712_v0_flow_1_step,
         &ux_sign_712_v0_flow_2_step,
         &ux_sign_712_v0_flow_3_step,

src_features/signMessageEIP712_v0/cmd_signMessage712.c

@@ -15,6 +15,10 @@ uint16_t handleSignEIP712Message_v0(uint8_t p1,
         reset_app_context();
     }
 
+    if (!N_storage.dataAllowed) {
+        ui_error_blind_signing();
+        return APDU_RESPONSE_INVALID_DATA;
+    }
     workBuffer = parseBip32(workBuffer, &dataLength, &tmpCtx.messageSigningContext.bip32);
     if ((workBuffer == NULL) || (dataLength < (KECCAK256_HASH_BYTESIZE * 2))) {
         return APDU_RESPONSE_INVALID_DATA;

src_nbgl/ui_sign_712_v0.c

@@ -32,11 +32,12 @@ void ui_sign_712_v0(void) {
     pairs_list.pairs = pairs;
     pairs_list.nbMaxLinesForValue = 0;
 
-    nbgl_useCaseReview(TYPE_MESSAGE,
-                       &pairs_list,
-                       &C_Review_64px,
-                       TEXT_REVIEW_EIP712,
-                       NULL,
-                       TEXT_SIGN_EIP712,
-                       ui_typed_message_review_choice);
+    nbgl_useCaseReviewBlindSigning(TYPE_TRANSACTION,
+                                   &pairs_list,
+                                   &C_Review_64px,
+                                   TEXT_REVIEW_EIP712,
+                                   NULL,
+                                   TEXT_BLIND_SIGN_EIP712,
+                                   NULL,
+                                   ui_typed_message_review_choice);
 }

tests/ragger/test_eip712.py

@@ -12,7 +12,6 @@
 from ragger.backend import BackendInterface
 from ragger.firmware import Firmware
 from ragger.navigator import Navigator, NavInsID, NavIns
-from ragger.navigator.navigation_scenario import NavigateWithScenario
 from ragger.error import ExceptionRAPDU
 
 import client.response_parser as ResponseParser
@@ -68,14 +67,27 @@ def get_wallet_addr(client: EthAppClient) -> bytes:
     return WALLET_ADDR
 
 
-def test_eip712_legacy(backend: BackendInterface, scenario_navigator: NavigateWithScenario):
+def test_eip712_v0(firmware: Firmware, backend: BackendInterface, navigator: Navigator):
     app_client = EthAppClient(backend)
 
+    settings_toggle(firmware, navigator, [SettingID.BLIND_SIGNING])
     with open(input_files()[0], encoding="utf-8") as file:
         data = json.load(file)
     smsg = encode_typed_data(full_message=data)
     with app_client.eip712_sign_legacy(BIP32_PATH, smsg.header, smsg.body):
-        scenario_navigator.review_approve(custom_screen_text="Sign", do_comparison=False)
+        moves = []
+        if firmware.is_nano:
+            moves += [NavInsID.RIGHT_CLICK] * 2
+            if firmware == Firmware.NANOS:
+                moves += [NavInsID.RIGHT_CLICK] * 8
+            else:
+                moves += [NavInsID.RIGHT_CLICK] * 4
+            moves += [NavInsID.BOTH_CLICK]
+        else:
+            moves += [NavInsID.USE_CASE_CHOICE_REJECT]
+            moves += [NavInsID.SWIPE_CENTER_TO_LEFT] * 2
+            moves += [NavInsID.USE_CASE_REVIEW_CONFIRM]
+        navigator.navigate(moves)
 
     vrs = ResponseParser.signature(app_client.response().data)
     recovered_addr = recover_message(data, vrs)