Improve stax/flex ui using the streaming api

Author: Lbqds

Makefile

@@ -1,4 +1,4 @@
-version := 3.30.0
+version := 3.34.0
 ledger_app_builder = ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder:$(version)
 ledger_app_dev_tools = ghcr.io/ledgerhq/ledger-app-builder/ledger-app-dev-tools:$(version)
 
@@ -15,8 +15,8 @@ _release:
 			cd app && \
 			echo 'Building $(device) app' && \
 			RUST_BACKTRACE=1 cargo ledger build $(device) -- -Z unstable-options && \
-			cp ./target/$(device)/release/app.hex ../$(device).hex && \
-			mv ./app_$(device).json ../$(device).json && \
+			cp ./target/$(device)/release/alephium.hex ../$(device).hex && \
+			mv ./target/$(device)/release/app_$(device).json ../$(device).json && \
 			sed -i 's|target/$(device)/release/app.hex|$(device).hex|g;s|alph_16x16.gif|./app/alph_16x16.gif|g;s|alph_14x14.gif|./app/alph_14x14.gif|g;s|alph_32x32.gif|./app/alph_32x32.gif|g;s|alph_64x64.gif|./app/alph_64x64.gif|g' ../$(device).json \
 		"
 

app/src/ledger_sdk_stub/nbgl_review.rs

@@ -59,7 +59,7 @@ impl NbglStreamingReview {
             let subtitle = CString::new(subtitle).unwrap();
 
             if self.blind {
-                if !show_blind_warning() {
+                if !accept_blind_warning() {
                     return false;
                 }
             }
@@ -150,25 +150,14 @@ impl NbglStreamingReview {
 /// or review the risk. If the user chooses to review the risk, a second screen
 /// is displayed with the option to accept the risk or reject the transaction.
 /// Used in NbglReview and NbglStreamingReview.
-fn show_blind_warning() -> bool {
+fn accept_blind_warning() -> bool {
     const WARNING: NbglGlyph = NbglGlyph::from_include(include_gif!("Warning_64px.gif", NBGL));
 
-    let back_to_safety = NbglChoice::new().glyph(&WARNING).show(
-        "Security risk detected",
-        "It may not be safe to sign this transaction. To continue, you'll need to review the risk.",
-        "Back to safety",
-        "Review risk",
-    );
-
-    if !back_to_safety {
-        NbglChoice::new()
-            .show(
-                "The transaction cannot be trusted",
-                "Your Ledger cannot decode this transaction. If you sign it, you could be authorizing malicious actions that can drain your wallet.\n\nLearn more: ledger.com/e8",
-                "I accept the risk",
-                "Reject transaction"
-            )
-    } else {
-        false
-    }
+    !NbglChoice::new().glyph(&WARNING)
+        .show(
+            "Blind signing ahead",
+            "This transaction's details are not fully verifiable. If you sign it, you could lose all your assets.",
+            "Back to safety",
+            "Continue anyway"
+        )
 }

app/src/main.rs

@@ -5,11 +5,9 @@
 use crate::ui::display::MainPages;
 use crate::ui::tx_reviewer::TxReviewer;
 use handler::{handle_apdu, Ins};
-#[cfg(any(target_os = "stax", target_os = "flex"))]
-use include_gif::include_gif;
 use ledger_device_sdk::io;
 #[cfg(any(target_os = "stax", target_os = "flex"))]
-use ledger_device_sdk::nbgl::{init_comm, NbglGlyph, NbglHomeAndSettings};
+use ledger_device_sdk::nbgl::{init_comm, NbglHomeAndSettings};
 #[cfg(any(target_os = "stax", target_os = "flex"))]
 use settings::SETTINGS_DATA;
 use sign_tx_context::SignTxContext;
@@ -54,19 +52,25 @@ extern "C" fn sample_main() {
 
     #[cfg(any(target_os = "stax", target_os = "flex"))]
     {
+        use crate::ui::nbgl::APP_ICON;
         init_comm(&mut comm);
         let settings_strings = [["Blind signing", "Enable blind signing"]];
-        const APP_ICON: NbglGlyph = NbglGlyph::from_include(include_gif!("alph_64x64.gif", NBGL));
+
+        let mut home_and_settings = NbglHomeAndSettings::new()
+            .glyph(&APP_ICON)
+            .settings(unsafe { SETTINGS_DATA.get_mut() }, &settings_strings)
+            .infos(
+                "Alephium",
+                env!("CARGO_PKG_VERSION"),
+                env!("CARGO_PKG_AUTHORS"),
+            );
+
         loop {
-            let event = NbglHomeAndSettings::new()
-                .glyph(&APP_ICON)
-                .settings(unsafe { SETTINGS_DATA.get_mut() }, &settings_strings)
-                .infos(
-                    "Alephium",
-                    env!("CARGO_PKG_VERSION"),
-                    env!("CARGO_PKG_AUTHORS"),
-                )
-                .show::<Ins>();
+            let event = if !tx_reviewer.nbgl_reviewer.review_started {
+                home_and_settings.show::<Ins>()
+            } else {
+                comm.next_event()
+            };
             if let io::Event::Command(ins) = event {
                 match handle_apdu(&mut comm, ins, &mut sign_tx_context, &mut tx_reviewer) {
                     Ok(_) => comm.reply_ok(),

app/src/sign_tx_context.rs

@@ -30,7 +30,7 @@ enum DecodeStep {
 // A streaming decoder is used to decode the transaction in chunks so that it can handle large transactions
 pub struct SignTxContext {
     pub path: [u32; PATH_LENGTH],
-    tx_decoder: StreamingDecoder<UnsignedTx>,
+    pub tx_decoder: StreamingDecoder<UnsignedTx>,
     current_step: DecodeStep,
     hasher: Blake2bHasher,
     temp_data: SwappingBuffer<'static, RAM_SIZE, NVM_DATA_SIZE>,
@@ -194,11 +194,16 @@ pub fn check_blind_signing() -> Result<(), ErrorCode> {
 
 #[cfg(any(target_os = "stax", target_os = "flex"))]
 pub fn check_blind_signing() -> Result<(), ErrorCode> {
-    use crate::ui::nbgl::nbgl_review_info;
+    use crate::ui::nbgl::nbgl_review_warning;
 
     if is_blind_signing_enabled() {
         return Ok(());
     }
-    nbgl_review_info("Blind signing must be enabled in Settings");
+    let _ = nbgl_review_warning(
+        "This transaction cannot be clear-signed",
+        "Enable blind signing in the settings to sign this transaction.",
+        "Go to home", // The ledger rust sdk does not support going to settings.
+        "Reject transaction",
+    );
     Err(ErrorCode::BlindSigningDisabled)
 }

app/src/ui/mod.rs

@@ -45,19 +45,14 @@ pub fn sign_hash_ui(path: &[u32], message: &[u8]) -> Result<([u8; 72], u32, u32)
 
     #[cfg(any(target_os = "stax", target_os = "flex"))]
     {
-        use crate::ui::nbgl::{nbgl_review_fields, nbgl_sync_review_status, ReviewType};
-        use ledger_device_sdk::nbgl::{Field, TagValueList};
+        use crate::ui::nbgl::nbgl_review_hash;
+        use ledger_device_sdk::nbgl::NbglReviewStatus;
 
-        let fields = [Field {
-            name: "Hash",
-            value: hex_str,
-        }];
-        let values = TagValueList::new(&fields, 0, false, false);
-        let approved = nbgl_review_fields("Review", "Hash", &values);
-        if approved {
-            nbgl_sync_review_status(ReviewType::Hash);
+        if nbgl_review_hash(hex_str) {
+            NbglReviewStatus::new().show(true);
             sign_hash(path, message)
         } else {
+            NbglReviewStatus::new().show(false);
             Err(ErrorCode::UserCancelled)
         }
     }

app/src/ui/nbgl.rs

@@ -1,93 +1,101 @@
-extern crate alloc;
-use alloc::{vec, vec::Vec};
+use crate::error_code::ErrorCode;
+use crate::ledger_sdk_stub::nbgl_review::NbglStreamingReview;
+use include_gif::include_gif;
+use ledger_device_sdk::nbgl::{Field, NbglChoice, NbglGlyph, NbglReviewStatus, TransactionType};
 
-#[cfg(any(target_os = "stax", target_os = "flex"))]
-use alloc::ffi::CString;
-use core::ffi::c_char;
-use ledger_device_sdk::nbgl::*;
-use ledger_secure_sdk_sys::*;
+pub static APP_ICON: NbglGlyph = NbglGlyph::from_include(include_gif!("alph_64x64.gif", NBGL));
 
-pub enum ReviewType {
-    Transaction,
-    Hash,
+fn new_nbgl_review(tx_type: TransactionType, blind: bool) -> NbglStreamingReview {
+    let reviewer = NbglStreamingReview::new().tx_type(tx_type).glyph(&APP_ICON);
+    if blind {
+        reviewer.blind()
+    } else {
+        reviewer
+    }
 }
 
-pub fn nbgl_review_fields(title: &str, subtitle: &str, fields: &TagValueList) -> bool {
-    unsafe {
-        let title = CString::new(title).unwrap();
-        let subtitle = CString::new(subtitle).unwrap();
-        let finish = CString::new("Click to continue").unwrap();
-        let icon = nbgl_icon_details_t::default();
-        let sync_ret = ux_sync_reviewLight(
-            TYPE_TRANSACTION.into(),
-            &fields.into() as *const nbgl_contentTagValueList_t,
-            &icon as *const nbgl_icon_details_t,
-            title.as_ptr() as *const c_char,
-            subtitle.as_ptr() as *const c_char,
-            finish.as_ptr() as *const c_char,
-        );
-        matches!(sync_ret, UX_SYNC_RET_APPROVED)
-    }
+pub struct NbglReviewer {
+    pub review_started: bool,
+    reviewer: Option<NbglStreamingReview>,
 }
 
-pub fn nbgl_sync_review_status(tpe: ReviewType) {
-    unsafe {
-        let status_type = match tpe {
-            ReviewType::Transaction => STATUS_TYPE_TRANSACTION_SIGNED,
-            ReviewType::Hash => STATUS_TYPE_OPERATION_SIGNED, // there is no `STATUS_TYPE_HASH` in ledger sdk
-        };
-        let _ = ux_sync_reviewStatus(status_type);
+impl NbglReviewer {
+    pub fn new() -> NbglReviewer {
+        NbglReviewer {
+            review_started: false,
+            reviewer: None,
+        }
     }
-}
 
-fn nbgl_generic_review(content: &NbglPageContent, button_str: &str) -> bool {
-    unsafe {
-        let (c_struct, content_type, action_callback) = content.into();
-        let c_content_list: Vec<nbgl_content_t> = vec![nbgl_content_t {
-            content: c_struct,
-            contentActionCallback: action_callback,
-            type_: content_type,
-        }];
+    pub fn reset(&mut self) {
+        self.review_started = false;
+        self.reviewer = None;
+    }
 
-        let content_struct = nbgl_genericContents_t {
-            callbackCallNeeded: false,
-            __bindgen_anon_1: nbgl_genericContents_t__bindgen_ty_1 {
-                contentsList: c_content_list.as_ptr(),
-            },
-            nbContents: 1,
-        };
+    #[inline]
+    fn get_reviewer(&self) -> &NbglStreamingReview {
+        assert!(self.reviewer.is_some());
+        self.reviewer.as_ref().unwrap()
+    }
 
-        let button_cstring = CString::new(button_str).unwrap();
+    pub fn set_reviewer(&mut self, blind: bool) {
+        assert!(self.reviewer.is_none());
+        self.reviewer = Some(new_nbgl_review(TransactionType::Transaction, blind));
+    }
 
-        let sync_ret = ux_sync_genericReview(
-            &content_struct as *const nbgl_genericContents_t,
-            button_cstring.as_ptr() as *const c_char,
-        );
+    pub fn start_review(&mut self, message: &str) -> Result<(), ErrorCode> {
+        if self.get_reviewer().start(message, "") {
+            self.review_started = true;
+            Ok(())
+        } else {
+            NbglReviewStatus::new().show(false);
+            Err(ErrorCode::UserCancelled)
+        }
+    }
+
+    pub fn continue_review<'a>(&self, fields: &'a [Field<'a>]) -> Result<(), ErrorCode> {
+        if self.get_reviewer().continue_review(fields) {
+            Ok(())
+        } else {
+            NbglReviewStatus::new().show(false);
+            Err(ErrorCode::UserCancelled)
+        }
+    }
 
-        // Return true if the user approved the transaction, false otherwise.
-        matches!(sync_ret, ledger_secure_sdk_sys::UX_SYNC_RET_APPROVED)
+    pub fn finish_review(&self, message: &str) -> Result<(), ErrorCode> {
+        if self.get_reviewer().finish(message) {
+            NbglReviewStatus::new().show(true);
+            Ok(())
+        } else {
+            NbglReviewStatus::new().show(false);
+            Err(ErrorCode::UserCancelled)
+        }
     }
 }
 
-pub fn nbgl_review_warning(message: &str) -> bool {
-    let content = NbglPageContent::InfoButton(InfoButton::new(
-        message,
-        None,
-        "Continue",
-        TuneIndex::TapCasual,
-    ));
-    nbgl_generic_review(&content, "Reject")
+pub fn nbgl_review_hash(hash: &str) -> bool {
+    let reviewer = new_nbgl_review(TransactionType::Operation, false);
+    if !reviewer.start("Review Hash", "") {
+        return false;
+    }
+    let fields = [Field {
+        name: "Hash",
+        value: hash,
+    }];
+    if !reviewer.continue_review(&fields) {
+        return false;
+    }
+    reviewer.finish("Sign Hash")
 }
 
-pub fn nbgl_review_info(message: &str) {
-    let content = NbglPageContent::CenteredInfo(CenteredInfo::new(
-        message,
-        "",
-        "",
-        None,
-        false,
-        CenteredInfoStyle::NormalInfo,
-        0,
-    ));
-    let _ = nbgl_generic_review(&content, "Tap to continue");
+pub fn nbgl_review_warning(
+    message: &str,
+    sub_message: &str,
+    confirm_text: &str,
+    cancel_text: &str,
+) -> bool {
+    const WARNING: NbglGlyph = NbglGlyph::from_include(include_gif!("Warning_64px.gif", NBGL));
+    NbglChoice::new()
+        .glyph(&WARNING)
+        .show(message, sub_message, confirm_text, cancel_text)
 }