Bindsign consent request (#283)

* add --break-system-packages flag to pip install

* BlindSign Flow for Consent Requests

* Upgrade deps

* Add testing

* Snapshots

* bump version

Author: 0xPxt

.github/workflows/main.yml

@@ -199,7 +199,7 @@ jobs:
         with:
           submodules: true
       - name: Install deps
-        run: pip install ledgerblue
+        run: pip install ledgerblue --break-system-packages
 
       - name: Build NanoS
         shell: bash -l {0}
@@ -235,7 +235,7 @@ jobs:
         with:
           submodules: true
       - name: Install deps
-        run: pip install ledgerblue
+        run: pip install ledgerblue --break-system-packages
 
       - name: Build NanoSP
         shell: bash -l {0}
@@ -271,7 +271,7 @@ jobs:
         with:
           submodules: true
       - name: Install deps
-        run: pip install ledgerblue
+        run: pip install ledgerblue --break-system-packages
 
       - name: Build Stax
         shell: bash -l {0}
@@ -307,7 +307,7 @@ jobs:
         with:
           submodules: true
       - name: Install deps
-        run: pip install ledgerblue
+        run: pip install ledgerblue --break-system-packages
 
       - name: Build Flex
         shell: bash -l {0}

app/Makefile

@@ -114,6 +114,7 @@ else
 endif
  # Add the PRODUCTION_BUILD definition to the compiler flags
 DEFINES += PRODUCTION_BUILD=$(PRODUCTION_BUILD)
+DEFINES += APP_BLINDSIGN_MODE_ENABLED
 
 ########################################
 

app/Makefile.version

@@ -3,4 +3,4 @@ APPVERSION_M=4
 # This is the minor version of this release
 APPVERSION_N=0
 # This is the patch version of this release
-APPVERSION_P=0
+APPVERSION_P=1

app/src/apdu_handler.c

@@ -134,6 +134,9 @@ void handleApdu(volatile uint32_t *flags, volatile uint32_t *tx, uint32_t rx) {
     check_app_canary();
     zemu_log("HandleAPDU******\n");
 
+    // Reset Blindsign state on every APDU
+    app_mode_skip_blindsign_ui();
+
     BEGIN_TRY {
         TRY {
             if (G_io_apdu_buffer[OFFSET_CLA] != CLA) {

app/src/handlers/handle_bls.h

@@ -83,6 +83,12 @@ __Z_INLINE void handleSignBls(volatile uint32_t *flags, volatile uint32_t *tx, u
         THROW(APDU_CODE_OK);
     }
 
+    if (!app_mode_blindsign()) {
+        *flags |= IO_ASYNCH_REPLY;
+        view_blindsign_error_show();
+        THROW(APDU_CODE_DATA_INVALID);
+    }
+
     // Parser Certificate and verify
     CHECK_APP_CANARY()
     zxerr_t err = tx_certVerify();

tests_zemu/package.json

@@ -25,29 +25,29 @@
     "upgrade": "bunx npm-check-updates -i"
   },
   "dependencies": {
-    "@ledgerhq/hw-transport-node-hid": "^6.29.5",
-    "@ledgerhq/logs": "^6.12.0",
+    "@ledgerhq/hw-transport-node-hid": "^6.29.7",
+    "@ledgerhq/logs": "^6.13.0",
     "@zondax/ledger-icp": "^3.2.8",
-    "@zondax/zemu": "^0.55.3"
+    "@zondax/zemu": "^0.55.3",
+    "@ledgerhq/hw-transport": "^6.30.6"
   },
   "devDependencies": {
     "@matteoh2o1999/github-actions-jest-reporter": "^3.0.0",
     "@types/jest": "^29.5.14",
-    "@types/ledgerhq__hw-transport": "^4.21.8",
     "@types/secp256k1": "^4.0.6",
-    "@typescript-eslint/eslint-plugin": "^8.31.0",
-    "@typescript-eslint/parser": "^8.31.0",
+    "@typescript-eslint/eslint-plugin": "^8.34.0",
+    "@typescript-eslint/parser": "^8.34.0",
     "crypto-js": "4.2.0",
-    "eslint": "^9.25.1",
+    "eslint": "^9.28.0",
     "eslint-config-prettier": "^10.1.2",
     "eslint-plugin-import": "^2.31.0",
-    "eslint-plugin-jest": "^28.11.0",
+    "eslint-plugin-jest": "^28.13.3",
     "eslint-plugin-prettier": "^5.2.6",
     "eslint-plugin-promise": "^7.2.1",
     "eslint-plugin-tsdoc": "^0.4.0",
     "eslint-plugin-unused-imports": "^4.1.4",
-    "jest": "29.7.0",
-    "js-sha256": "0.11.0",
+    "jest": "30.0.0",
+    "js-sha256": "0.11.1",
     "prettier": "^3.5.3",
     "secp256k1": "^5.0.1",
     "sort-package-json": "^3.0.0",