Change blindsign flow according to guideline.

app/src/apdu_sign.c

@@ -592,7 +592,6 @@ handle_data_apdu_clear(command_t *cmd)
 
 #ifdef HAVE_NBGL
 static nbgl_layoutTagValueList_t useCaseTagValueList;
-static nbgl_pageInfoLongPress_t  infoLongPress;
 
 void
 reject_blindsign_cb(void)
@@ -633,7 +632,7 @@ reviewChoice(bool confirm)
     if (confirm) {
         nbgl_useCaseStatus("TRANSACTION\nSIGNED", true, accept_blindsign_cb);
     } else {
-        tz_reject_ui();
+        tz_reject();
     }
 
     FUNC_LEAVE();
@@ -665,18 +664,18 @@ void
 continue_blindsign_cb(void)
 {
     FUNC_ENTER(("void"));
+    nbgl_operationType_t op = TYPE_TRANSACTION;
+    op |= BLIND_OPERATION;
 
     useCaseTagValueList.pairs             = NULL;
     useCaseTagValueList.callback          = getTagValuePair;
     useCaseTagValueList.startIndex        = 0;
     useCaseTagValueList.nbPairs           = 2;
     useCaseTagValueList.smallCaseForValue = false;
     useCaseTagValueList.wrapping          = false;
-    infoLongPress.icon                    = &C_tezos;
-    infoLongPress.text                    = "Sign transaction?";
-    infoLongPress.longPressText           = "Hold to sign";
-    nbgl_useCaseStaticReview(&useCaseTagValueList, &infoLongPress,
-                             "Reject transaction", reviewChoice);
+    nbgl_useCaseReview(op, &useCaseTagValueList, &C_tezos,
+                       REVIEW("Transaction"), NULL, SIGN("Transaction"),
+                       reviewChoice);
 
     FUNC_LEAVE();
 }

app/src/globals.h

@@ -20,7 +20,6 @@
    limitations under the License. */
 
 #pragma once
-
 #include <memory.h>
 #include <string.h>
 #include <bolos_target.h>
@@ -58,6 +57,7 @@ void toggle_blindsigning(void);
 
 #define MAX_APDU_SIZE      235
 #define MAX_SIGNATURE_SIZE 100
+#define ERROR_CODE_SIZE    15
 /**
  * @brief Home screen pages in order
  *
@@ -116,6 +116,11 @@ typedef struct {
         bagl_element_t bagls[5 + TZ_SCREEN_LINES_11PX];
     } ux;  /// Config for history screens for nano devices.
 #endif
+
+#ifdef HAVE_NBGL
+    char error_code[ERROR_CODE_SIZE];  /// Error codes to be displayed in
+                                       /// blindsigning.
+#endif
 } globals_t;
 
 /* Settings */

app/src/ui_commons.h

@@ -41,3 +41,12 @@
 #define REGULAR BAGL_FONT_OPEN_SANS_REGULAR_11px | BAGL_FONT_ALIGNMENT_CENTER
 #define BOLD    BAGL_FONT_OPEN_SANS_EXTRABOLD_11px | BAGL_FONT_ALIGNMENT_CENTER
 #endif  // HAVE_BAGL
+
+#define SIGN_BUTTON           "Hold to sign"
+#define REJECT_BUTTON         "Reject"
+#define SIGN(msg)             "Sign " msg "?"
+#define REVIEW(msg)           "Review " msg
+#define REJECT(msg)           "Reject " msg
+#define REJECT_QUESTION(msg)  REJECT(msg) "?"
+#define REJECT_CONFIRM_BUTTON "Yes, reject"
+#define RESUME(msg)           "Go back to " msg

app/src/ui_home_nbgl.c

@@ -40,11 +40,9 @@ static const char *const infoContents[]
 
 enum {
     EXPERT_MODE_TOKEN = FIRST_USER_TOKEN,
-    BLIND_SIGNING_TOKEN
 };
 enum {
     EXPERT_MODE_TOKEN_ID = 0,
-    BLIND_SIGNING_TOKEN_ID,
     SETTINGS_SWITCHES_NB
 };
 
@@ -59,12 +57,7 @@ controls_callback(int token, __attribute__((unused)) uint8_t index,
                   __attribute__((unused)) int page)
 {
     uint8_t switch_value;
-    if (token == BLIND_SIGNING_TOKEN) {
-        switch_value = !N_settings.blindsigning;
-        toggle_blindsigning();
-        switches[BLIND_SIGNING_TOKEN_ID].initState
-            = (nbgl_state_t)(switch_value);
-    } else if (token == EXPERT_MODE_TOKEN) {
+    if (token == EXPERT_MODE_TOKEN) {
         switch_value = !N_settings.expert_mode;
         toggle_expert_mode();
         switches[EXPERT_MODE_TOKEN_ID].initState
@@ -96,14 +89,6 @@ initSettings(void)
     switches[EXPERT_MODE_TOKEN_ID].subText = "Enable expert mode signing";
     switches[EXPERT_MODE_TOKEN_ID].token   = EXPERT_MODE_TOKEN;
     switches[EXPERT_MODE_TOKEN_ID].tuneId  = TUNE_TAP_CASUAL;
-
-    switches[BLIND_SIGNING_TOKEN_ID].initState
-        = (nbgl_state_t)(N_settings.blindsigning);
-    switches[BLIND_SIGNING_TOKEN_ID].text = "Blind signing";
-    switches[BLIND_SIGNING_TOKEN_ID].subText
-        = "Enable transaction blind signing";
-    switches[BLIND_SIGNING_TOKEN_ID].token  = BLIND_SIGNING_TOKEN;
-    switches[BLIND_SIGNING_TOKEN_ID].tuneId = TUNE_TAP_CASUAL;
 }
 
 void

app/src/ui_stream.h

@@ -272,6 +272,11 @@ void tz_ui_stream_start(void);
 tz_ui_cb_type_t tz_ui_stream_get_cb_type(void);
 
 #ifdef HAVE_NBGL
+/**
+ * @brief Send Reject code.
+ *
+ */
+void tz_reject(void);
 /**
  * @brief Reject confirmation screen.
  *

app/src/ui_stream_nbgl.c

@@ -72,8 +72,8 @@ tz_reject_ui(void)
 {
     FUNC_ENTER(("void"));
 
-    nbgl_useCaseConfirm("Reject transaction?", NULL, "Yes, Reject",
-                        "Go back to transaction", tz_reject);
+    nbgl_useCaseConfirm("Reject transaction?", NULL, REJECT_CONFIRM_BUTTON,
+                        RESUME("transaction"), tz_reject);
 
     FUNC_LEAVE();
 }
@@ -90,30 +90,35 @@ start_blindsign(void)
 }
 
 static void
-blindsign_splash(void)
+blindsign_choice(bool confirm)
 {
     TZ_PREAMBLE(("void"));
-    nbgl_useCaseReviewStart(
-        &C_Important_Circle_64px, "Blind signing",
-        "This transaction can not be securely interpreted by Ledger Stax. It "
-        "might put your assets at risk.",
-        "Reject transaction", start_blindsign, tz_reject_ui);
-
+    if (confirm) {
+        start_blindsign();
+    } else {
+        tz_reject_ui();
+    }
     TZ_POSTAMBLE;
 }
 
 static void
-handle_blindsigning(bool confirm)
+blindsign_splash(bool confirm)
 {
     TZ_PREAMBLE(("void"));
     if (confirm) {
-        if (!N_settings.blindsigning) {
-            toggle_blindsigning();
-        }
-        nbgl_useCaseStatus("BLIND SIGNING\nENABLED", true, blindsign_splash);
-    } else {
         tz_reject_ui();
+    } else {
+        char blindsign_msg[150]
+            = "Transaction could not be decoded correctly. Learn More:\n"
+              "tinyurl.com/Tezos-ledger\nERROR: ";
+        memcpy(blindsign_msg + strlen(blindsign_msg), global.error_code,
+               ERROR_CODE_SIZE);
+        nbgl_useCaseChoice(&C_Important_Circle_64px,
+                           "The transaction cannot be trusted", blindsign_msg,
+                           "I accept the risk", "Reject transaction",
+                           blindsign_choice);
     }
+
     TZ_POSTAMBLE;
 }
 
@@ -122,22 +127,17 @@ switch_to_blindsigning(__attribute__((unused)) const char *err_type,
                        const char                         *err_code)
 {
     TZ_PREAMBLE(("void"));
-    PRINTF("[DEBUG] refill_error: global.step = %d\n", global.step);
+    PRINTF("[DEBUG] refill_error: global.step = %d\n %s", global.step,
+           err_code);
     TZ_ASSERT(EXC_UNEXPECTED_STATE, global.step == ST_CLEAR_SIGN);
     global.keys.apdu.sign.step = SIGN_ST_WAIT_USER_INPUT;
     global.step                = ST_BLIND_SIGN;
-    if (N_settings.blindsigning) {
-        nbgl_useCaseReviewStart(&C_Important_Circle_64px,
-                                "Blind signing required:\nParsing Error",
-                                err_code, "Reject transaction",
-                                blindsign_splash, tz_reject_ui);
-    } else {
-        nbgl_useCaseChoice(&C_Important_Circle_64px,
-                           "Enable blind signing to authorize this "
-                           "transaction:\nParsing Error",
-                           err_code, "Enable blind signing",
-                           "Reject transaction", handle_blindsigning);
-    }
+    memcpy(global.error_code, err_code, sizeof(global.error_code));
+
+    nbgl_useCaseChoice(&C_Important_Circle_64px, "Security risk detected",
+                       "It may not be safe to sign this transaction. To "
+                       "continue, you'll need to review the risk.",
+                       "Back to safety", "Review risk", blindsign_splash);
 
     TZ_POSTAMBLE;
 }

tests/integration/touch/test_basic.py

@@ -18,18 +18,13 @@
 if __name__ == "__main__":
     app = tezos_app(__file__)
 
+    app.remove_info_page()
     app.assert_home()
 
     app.welcome.settings()
     app.assert_settings()
 
-    app.settings.toggle_blindsigning()
-    app.assert_settings(blindsigning=True)
-
     app.settings.toggle_expert_mode()
-    app.assert_settings(blindsigning=True, expert_mode=True)
-
-    app.settings.toggle_blindsigning()
     app.assert_settings(expert_mode=True)
 
     app.settings.toggle_expert_mode()

tests/integration/touch/test_blindsign_too_deep.py

@@ -24,57 +24,24 @@
 
     app.assert_home()
 
-    # Blindsigning disabled (default state)
     send_initialize_msg(app, "800f000011048000002c800006c18000000080000000")
     send_payload(app, "800f0100eb0502000000f702000000f202000000ed02000000e802000000e302000000de02000000d902000000d402000000cf02000000ca02000000c502000000c002000000bb02000000b602000000b102000000ac02000000a702000000a2020000009d02000000980200000093020000008e02000000890200000084020000007f020000007a02000000750200000070020000006b02000000660200000061020000005c02000000570200000052020000004d02000000480200000043020000003e02000000390200000034020000002f020000002a02000000250200000020020000001b020000001602000000")
     app.review.next()
 
     app.assert_screen("tbtd_review_0")
     app.review.next()
-    app.assert_screen("too_deep_enable_blindsign")
-    with app.fading_screen("blindsign_enabled"):
-        app.review.enable_blindsign.confirm()
 
-    app.assert_screen("blindsign_warning")
-    with app.fading_screen("loading_operation"):
-        app.review.next()
+    app.process_blindsign_warnings("loading_operation")
     app.send_apdu("800f82001211020000000c02000000070200000002002a")
 
-    app.assert_screen("tbtd_review_1")
-    app.review.next()
-    app.assert_screen("operation_sign")
-
-    expected_apdu = "93070b00990e4cf29c31f6497307bea0ad86a9d0dc08dba8b607e8dc0e23652f8309e41ed87ac1d33006806b688cfcff7632c4fbe499ff3ea4983ae4f06dea7790ec25db045689bca2c63967b5c563aabff86c4ef163bff92af3bb2ca9392d099000"
-    app.review_confirm_signing(expected_apdu)
-
-    app.assert_home()
-
-    # Blindsign enabled
-    app.welcome.settings()
-    app.assert_settings(blindsigning=True)
-    # blind sign will be on because of previous test run.
-    app.settings.exit()
-
-    app.assert_home()
-
-    send_initialize_msg(app, "800f000011048000002c800006c18000000080000000")
-    send_payload(app,"800f0100eb0502000000f702000000f202000000ed02000000e802000000e302000000de02000000d902000000d402000000cf02000000ca02000000c502000000c002000000bb02000000b602000000b102000000ac02000000a702000000a2020000009d02000000980200000093020000008e02000000890200000084020000007f020000007a02000000750200000070020000006b02000000660200000061020000005c02000000570200000052020000004d02000000480200000043020000003e02000000390200000034020000002f020000002a02000000250200000020020000001b020000001602000000")
-    app.review.next()
-    app.assert_screen("tbtd_review_0")
+    app.assert_screen("tbtd_start_review_blindsign")
     app.review.next()
-    app.assert_screen("too_deep_blindsign_notify")
-    app.review.next()
-    app.assert_screen("blindsign_warning")
-    with app.fading_screen("loading_operation"):
-        app.review.next()
-    app.send_apdu("800f82001211020000000c02000000070200000002002a")
-
     app.assert_screen("tbtd_review_1")
     app.review.next()
-
     app.assert_screen("operation_sign")
 
     expected_apdu = "93070b00990e4cf29c31f6497307bea0ad86a9d0dc08dba8b607e8dc0e23652f8309e41ed87ac1d33006806b688cfcff7632c4fbe499ff3ea4983ae4f06dea7790ec25db045689bca2c63967b5c563aabff86c4ef163bff92af3bb2ca9392d099000"
     app.review_confirm_signing(expected_apdu)
 
+    app.assert_home()
     app.quit()