PRODUCT: Update PIN modes management

- Remove support of "On Host" - Add warnning message if user select "Trust"
2024-11-09 07:10:30 +00:00 · 2024-02-06 18:37:54 +01:00 · 2024-02-06 18:37:54 +01:00 · 1eda5785e7
commit 1eda5785e7
parent 56c0ece628
4 changed files with 148 additions and 119 deletions
--- a/src/gpg_pin.c
+++ b/src/gpg_pin.c
@ -214,12 +214,10 @@ int gpg_apdu_change_ref_data() {
    }
    // avoid any-overflow without giving info
    if (G_gpg_vstate.io_length == 0) {
-        if (G_gpg_vstate.pinmode != PIN_MODE_HOST) {
-            // Delegate pin change to ui
-            gpg_io_discard(1);
-            ui_menu_pinentry_display(0);
-            return 0;
-        }
+        // Delegate pin change to ui
+        gpg_io_discard(1);
+        ui_menu_pinentry_display(0);
+        return 0;
    }

    len = MIN(G_gpg_vstate.io_length, pin->length);
--- a/src/gpg_types.h
+++ b/src/gpg_types.h
@ -271,8 +271,6 @@ struct gpg_v_state_s {
    char ux_buff1[32];
    char ux_buff2[32];
    char ux_buff3[32];
-    char ux_buff4[32];
-    char ux_buff5[32];
 #endif

 #ifdef GPG_LOG
@ -294,10 +292,10 @@ typedef struct gpg_v_state_s gpg_v_state_t;
 #define PIN_ID_PW3 0x83
 #define PIN_ID_RC  0x84

-#define PIN_MODE_HOST    1
-#define PIN_MODE_SCREEN  2
-#define PIN_MODE_CONFIRM 3
-#define PIN_MODE_TRUST   4
+// PIN_MODE_HOST not supported by Ledger App
+#define PIN_MODE_SCREEN  0
+#define PIN_MODE_CONFIRM 1
+#define PIN_MODE_TRUST   2

 /* ---  CLA  --- */
 #define CLA_APP_DEF      0x00
--- a/src/gpg_ux_nanos.c
+++ b/src/gpg_ux_nanos.c
@ -718,7 +718,6 @@ const bagl_element_t *ui_menu_pinmode_predisplay(const ux_menu_entry_t *entry,

 const ux_menu_entry_t ui_menu_pinmode[] = {
    {NULL, NULL, -1, NULL, "Choose:", NULL, 0, 0},
-    {NULL, ui_menu_pinmode_action, 0x8000 | PIN_MODE_HOST, NULL, "Host", NULL, 0, 0},
    {NULL, ui_menu_pinmode_action, 0x8000 | PIN_MODE_SCREEN, NULL, "On Screen", NULL, 0, 0},
    {NULL, ui_menu_pinmode_action, 0x8000 | PIN_MODE_CONFIRM, NULL, "Confirm only", NULL, 0, 0},
    {NULL, ui_menu_pinmode_action, 0x8000 | PIN_MODE_TRUST, NULL, "Trust", NULL, 0, 0},
@ -733,7 +732,7 @@ void ui_menu_pinmode_display(unsigned int value) {
 const bagl_element_t *ui_menu_pinmode_predisplay(const ux_menu_entry_t *entry,
                                                 bagl_element_t *element) {
    if (element->component.userid == 0x20) {
-        if ((entry->userid >= (0x8000 | PIN_MODE_HOST)) &&
+        if ((entry->userid >= (0x8000 | PIN_MODE_SCREEN)) &&
            (entry->userid <= (0x8000 | PIN_MODE_TRUST))) {
            unsigned char id = entry->userid & 0x7FFFF;
            snprintf(G_gpg_vstate.menu,
@ -749,51 +748,77 @@ const bagl_element_t *ui_menu_pinmode_predisplay(const ux_menu_entry_t *entry,
    return element;
 }

+const ux_menu_entry_t ui_trust_warning[] = {
+    {NULL, NULL, -1, &C_icon_warning, "Warning", NULL, 0, 0},
+    {NULL, NULL, -1, NULL, "TRUST mode", NULL, 0, 0},
+    {NULL, NULL, -1, NULL, "won't request", NULL, 0, 0},
+    {NULL, NULL, -1, NULL, "any more PINs", NULL, 0, 0},
+    {NULL, NULL, -1, NULL, "or validation", NULL, 0, 0},
+    {NULL, NULL, -1, NULL, "before", NULL, 0, 0},
+    {NULL, NULL, -1, NULL, "operations!", NULL, 0, 0},
+    {NULL, NULL, -1, NULL, "Are you sure", NULL, 0, 0},
+    {NULL, NULL, -1, NULL, "you want to", NULL, 0, 0},
+    {NULL, NULL, -1, NULL, "select", NULL, 0, 0},
+    {NULL, NULL, -1, NULL, "TRUST mode?", NULL, 0, 0},
+    {NULL, ui_menu_pinmode_display, 3, &C_icon_back, "Cancel", NULL, 61, 40},
+    {NULL, ui_menu_pinmode_action, 127, &C_icon_validate_14, "Select", NULL, 61, 40},
+    UX_MENU_END};
+
 void ui_menu_pinmode_action(unsigned int value) {
    unsigned char s;
    value = value & 0x7FFF;
-    if (value == 128) {
-        if (G_gpg_vstate.pinmode != N_gpg_pstate->config_pin[0]) {
-            if (G_gpg_vstate.pinmode == PIN_MODE_TRUST) {
-                ui_info(DEFAULT_MODE, NOT_ALLOWED, ui_menu_pinmode_display, 0);
-                return;
-            }
-            // set new mode
-            s = G_gpg_vstate.pinmode;
-            nvm_write((void *) (&N_gpg_pstate->config_pin[0]), &s, 1);
-            // disactivate pinpad if any
-            if (G_gpg_vstate.pinmode == PIN_MODE_HOST) {
-                s = 0;
-            } else {
-                s = 3;
-            }
-            gpg_activate_pinpad(s);
-        }
-    } else {
-        switch (value) {
-            case PIN_MODE_HOST:
-            case PIN_MODE_SCREEN:
-            case PIN_MODE_CONFIRM:
-                if (!gpg_pin_is_verified(PIN_ID_PW2)) {
-                    ui_info(PIN_USER_82, NOT_VERIFIED, ui_menu_pinmode_display, 0);
-                    return;
-                }
-                break;

-            case PIN_MODE_TRUST:
-                if (!gpg_pin_is_verified(PIN_ID_PW3)) {
-                    ui_info(PIN_ADMIN, NOT_VERIFIED, ui_menu_pinmode_display, 0);
+    switch (value) {
+        case 128:
+            if (G_gpg_vstate.pinmode != N_gpg_pstate->config_pin[0]) {
+                if (G_gpg_vstate.pinmode == PIN_MODE_TRUST) {
+                    ui_info(DEFAULT_MODE, NOT_ALLOWED, ui_menu_pinmode_display, 0);
                    return;
                }
+                // set new mode
+                s = G_gpg_vstate.pinmode;
+                nvm_write((void *) (&N_gpg_pstate->config_pin[0]), &s, 1);
+                gpg_activate_pinpad(3);
+            }
+            value = G_gpg_vstate.pinmode + 1;
+            break;
+        case PIN_MODE_SCREEN:
+        case PIN_MODE_CONFIRM:
+            if (value == G_gpg_vstate.pinmode) {
+                // Current selected mode
+                value++;
                break;
-            default:
-                ui_info(INVALID_SELECTION, EMPTY, ui_menu_pinmode_display, 0);
+            }
+            if (!gpg_pin_is_verified(PIN_ID_PW2)) {
+                ui_info(PIN_USER_82, NOT_VERIFIED, ui_menu_pinmode_display, 0);
                return;
-        }
-        G_gpg_vstate.pinmode = value;
+            }
+            G_gpg_vstate.pinmode = value;
+            value++;
+            break;
+        case PIN_MODE_TRUST:
+            if (value == G_gpg_vstate.pinmode) {
+                // Current selected mode
+                value++;
+                break;
+            }
+            if (!gpg_pin_is_verified(PIN_ID_PW3)) {
+                ui_info(PIN_ADMIN, NOT_VERIFIED, ui_menu_pinmode_display, 0);
+                return;
+            }
+            // Confirm request
+            UX_MENU_DISPLAY(0, ui_trust_warning, NULL);
+            return;
+        case 127:
+            G_gpg_vstate.pinmode = PIN_MODE_TRUST;
+            value = PIN_MODE_TRUST + 1;
+            break;
+        default:
+            value = 0;
+            ui_info(INVALID_SELECTION, EMPTY, ui_menu_pinmode_display, 0);
+            break;
    }
-    // redisplay first entry of the idle menu
-    ui_menu_pinmode_display(0);
+    ui_menu_pinmode_display(value);
 }

 /* ------------------------------- UIF MODE UX ------------------------------ */
--- a/src/gpg_ux_nanox.c
+++ b/src/gpg_ux_nanox.c
@ -706,36 +706,29 @@ void ui_menu_seedmode_action(unsigned int value) {
 void ui_menu_pinmode_action(unsigned int value);
 void ui_menu_pinmode_predisplay(void);

-#define ONHST_BUFF G_gpg_vstate.ux_buff1
-#define ONSCR_BUFF G_gpg_vstate.ux_buff2
-#define CONFI_BUFF G_gpg_vstate.ux_buff3
-#define TRUST_BUFF G_gpg_vstate.ux_buff4
+#define ONSCR_BUFF G_gpg_vstate.ux_buff1
+#define CONFI_BUFF G_gpg_vstate.ux_buff2
+#define TRUST_BUFF G_gpg_vstate.ux_buff3

 UX_STEP_CB_INIT(ux_menu_pinmode_1_step,
-                bnn,
-                ui_menu_pinmode_predisplay(),
-                ui_menu_pinmode_action(PIN_MODE_HOST),
-                {"On Host", ONHST_BUFF, ONHST_BUFF + 5});
-
-UX_STEP_CB_INIT(ux_menu_pinmode_2_step,
                bnn,
                ui_menu_pinmode_predisplay(),
                ui_menu_pinmode_action(PIN_MODE_SCREEN),
                {"On Screen", ONSCR_BUFF, ONSCR_BUFF + 5});

-UX_STEP_CB_INIT(ux_menu_pinmode_3_step,
+UX_STEP_CB_INIT(ux_menu_pinmode_2_step,
                bnn,
                ui_menu_pinmode_predisplay(),
                ui_menu_pinmode_action(PIN_MODE_CONFIRM),
                {"Confirm Only", CONFI_BUFF, CONFI_BUFF + 5});

-UX_STEP_CB_INIT(ux_menu_pinmode_4_step,
+UX_STEP_CB_INIT(ux_menu_pinmode_3_step,
                bnn,
                ui_menu_pinmode_predisplay(),
                ui_menu_pinmode_action(PIN_MODE_TRUST),
                {"Trust", TRUST_BUFF, TRUST_BUFF + 5});

-UX_STEP_CB(ux_menu_pinmode_6_step,
+UX_STEP_CB(ux_menu_pinmode_4_step,
           pb,
           ui_menu_pinmode_action(128),
           {
@ -743,7 +736,7 @@ UX_STEP_CB(ux_menu_pinmode_6_step,
               "Set as Default",
           });

-UX_STEP_CB(ux_menu_pinmode_7_step,
+UX_STEP_CB(ux_menu_pinmode_5_step,
           pb,
           ui_menu_settings_display(2),
           {
@ -756,19 +749,13 @@ UX_FLOW(ux_flow_pinmode,
        &ux_menu_pinmode_2_step,
        &ux_menu_pinmode_3_step,
        &ux_menu_pinmode_4_step,
-        &ux_menu_pinmode_6_step,
-        &ux_menu_pinmode_7_step);
+        &ux_menu_pinmode_5_step);

 void ui_menu_pinmode_predisplay() {
-    snprintf(ONHST_BUFF, 5, "%s", PIN_MODE_HOST == G_gpg_vstate.pinmode ? "ON" : "OFF");
    snprintf(ONSCR_BUFF, 5, "%s", PIN_MODE_SCREEN == G_gpg_vstate.pinmode ? "ON" : "OFF");
    snprintf(CONFI_BUFF, 5, "%s", PIN_MODE_CONFIRM == G_gpg_vstate.pinmode ? "ON" : "OFF");
    snprintf(TRUST_BUFF, 5, "%s", PIN_MODE_TRUST == G_gpg_vstate.pinmode ? "ON" : "OFF");

-    snprintf(ONHST_BUFF + 5,
-             sizeof(ONHST_BUFF) - 5,
-             "%s",
-             PIN_MODE_HOST == N_gpg_pstate->config_pin[0] ? "(Default)" : "");
    snprintf(ONSCR_BUFF + 5,
             sizeof(ONSCR_BUFF) - 5,
             "%s",
@ -787,68 +774,89 @@ void ui_menu_pinmode_display(unsigned int value) {
    ui_flow_display(ux_flow_pinmode, value);
 }

+UX_STEP_NOCB(ui_trust_warning_step,
+             paging,
+             {.title = "Warning",
+              .text = "TRUST mode won't request any more PINs "
+                      "or validation before operations!\n\n"
+                      "Are you sure you want "
+                      "to select TRUST mode?"});
+
+UX_STEP_CB(ui_trust_warning_flow_cancel_step,
+           pb,
+           ui_menu_pinmode_display(PIN_MODE_TRUST),
+           {
+               &C_icon_crossmark,
+               "Cancel",
+           });
+
+UX_STEP_CB(ui_trust_selecting_flow_confirm_step,
+           pbb,
+           ui_menu_pinmode_action(127),
+           {
+               &C_icon_validate_14,
+               "Select",
+               "TRUST Mode",
+           });
+
+UX_FLOW(ui_trust_selecting_flow,
+        &ui_trust_warning_step,
+        &ui_trust_warning_flow_cancel_step,
+        &ui_trust_selecting_flow_confirm_step);
+
 void ui_menu_pinmode_action(unsigned int value) {
    unsigned char s;
-    value = value & 0x7FFF;
-    if (value == 128) {
-        if (G_gpg_vstate.pinmode != N_gpg_pstate->config_pin[0]) {
-            if (G_gpg_vstate.pinmode == PIN_MODE_TRUST) {
-                ui_info(DEFAULT_MODE, NOT_ALLOWED);
-                return;
-            }
-            // set new mode
-            s = G_gpg_vstate.pinmode;
-            nvm_write((void *) (&N_gpg_pstate->config_pin[0]), &s, 1);
-            // disactivate pinpad if any
-            if (G_gpg_vstate.pinmode == PIN_MODE_HOST) {
-                s = 0;
-            } else {
-                s = 3;
-            }
-            gpg_activate_pinpad(s);
-            value = G_gpg_vstate.pinmode;
-        }
-    } else {
-        switch (value) {
-            case PIN_MODE_HOST:
-            case PIN_MODE_SCREEN:
-            case PIN_MODE_CONFIRM:
-                if (!gpg_pin_is_verified(PIN_ID_PW2)) {
-                    ui_info(PIN_USER_82, NOT_VERIFIED);
-                    return;
-                }
-                break;

-            case PIN_MODE_TRUST:
-                if (!gpg_pin_is_verified(PIN_ID_PW3)) {
-                    ui_info(PIN_ADMIN, NOT_VERIFIED);
+    switch (value) {
+        case 128:
+            if (G_gpg_vstate.pinmode != N_gpg_pstate->config_pin[0]) {
+                if (G_gpg_vstate.pinmode == PIN_MODE_TRUST) {
+                    ui_info(DEFAULT_MODE, NOT_ALLOWED);
                    return;
                }
-                break;
-            default:
-                ui_info(INVALID_SELECTION, EMPTY);
-                return;
-        }
-        G_gpg_vstate.pinmode = value;
-    }
-    // redisplay active pin mode entry
-    switch (value) {
-        case PIN_MODE_HOST:
-            ui_menu_pinmode_display(0);
+                // set new mode
+                s = G_gpg_vstate.pinmode;
+                nvm_write((void *) (&N_gpg_pstate->config_pin[0]), &s, 1);
+                gpg_activate_pinpad(3);
+            }
+            value = G_gpg_vstate.pinmode;
            break;
        case PIN_MODE_SCREEN:
-            ui_menu_pinmode_display(1);
-            break;
        case PIN_MODE_CONFIRM:
-            ui_menu_pinmode_display(2);
+            if (value == G_gpg_vstate.pinmode) {
+                // Current selected mode
+                break;
+            }
+            if (!gpg_pin_is_verified(PIN_ID_PW2)) {
+                ui_info(PIN_USER_82, NOT_VERIFIED);
+                return;
+            }
+            G_gpg_vstate.pinmode = value;
            break;
        case PIN_MODE_TRUST:
-            ui_menu_pinmode_display(3);
+            if (value == G_gpg_vstate.pinmode) {
+                // Current selected mode
+                break;
+            }
+            if (!gpg_pin_is_verified(PIN_ID_PW3)) {
+                ui_info(PIN_ADMIN, NOT_VERIFIED);
+                return;
+            }
+            // Confirm request
+            ux_flow_init(0, ui_trust_selecting_flow, NULL);
+            return;
+        case 127:
+            G_gpg_vstate.pinmode = PIN_MODE_TRUST;
+            value = PIN_MODE_TRUST;
            break;
        default:
-            ui_menu_pinmode_display(0);
+            value = 0;
+            ui_info(INVALID_SELECTION, EMPTY);
            break;
    }
+
+    // redisplay active pin mode entry
+    ui_menu_pinmode_display(value);
 }

 /* ------------------------------- UIF MODE UX ------------------------------ */