From 6d66b739c65dfb7593eec0dfad3dbb842cc0ff43 Mon Sep 17 00:00:00 2001 From: Charles-Edouard de la Vergne Date: Tue, 6 Feb 2024 19:07:36 +0100 Subject: [PATCH] PRODUCT: Update SEED mode management - Set SEED mode On at startup - Add a warning if the user disables it --- src/gpg_init.c | 2 ++ src/gpg_ux_nanos.c | 45 ++++++++++++++++++++++++++++++++++++++++-- src/gpg_ux_nanox.c | 49 +++++++++++++++++++++++++++++++++++++++++++--- 3 files changed, 91 insertions(+), 5 deletions(-) diff --git a/src/gpg_init.c b/src/gpg_init.c index 127a3c2..37c0e9c 100644 --- a/src/gpg_init.c +++ b/src/gpg_init.c @@ -361,6 +361,8 @@ void gpg_init() { gpg_mse_reset(); // pin conf G_gpg_vstate.pinmode = N_gpg_pstate->config_pin[0]; + // seed conf + G_gpg_vstate.seed_mode = 1; // ux conf gpg_init_ux(); } diff --git a/src/gpg_ux_nanos.c b/src/gpg_ux_nanos.c index 7d7befa..3ab355a 100644 --- a/src/gpg_ux_nanos.c +++ b/src/gpg_ux_nanos.c @@ -705,11 +705,52 @@ void ui_menu_seedmode_display(unsigned int value) { UX_MENU_DISPLAY(value, ui_menu_seedmode, ui_menu_seedmode_predisplay); } -void ui_menu_seedmode_action(unsigned int value) { - G_gpg_vstate.seed_mode = value; +static void toggle_seed(unsigned int value) { + if (value != 128) { + return; + } + if (G_gpg_vstate.seed_mode) { + G_gpg_vstate.seed_mode = 0; + } else { + G_gpg_vstate.seed_mode = 1; + } ui_menu_seedmode_display(0); } +const ux_menu_entry_t ui_seed_warning[] = { + {NULL, NULL, -1, &C_icon_warning, "Warning", NULL, 0, 0}, + {NULL, NULL, -1, NULL, "SEED mode", NULL, 0, 0}, + {NULL, NULL, -1, NULL, "allows to", NULL, 0, 0}, + {NULL, NULL, -1, NULL, "derive your", NULL, 0, 0}, + {NULL, NULL, -1, NULL, "key from", NULL, 0, 0}, + {NULL, NULL, -1, NULL, "Master SEED.", NULL, 0, 0}, + {NULL, NULL, -1, NULL, "Without such", NULL, 0, 0}, + {NULL, NULL, -1, NULL, "mode, an OS", NULL, 0, 0}, + {NULL, NULL, -1, NULL, "or App update", NULL, 0, 0}, + {NULL, NULL, -1, NULL, "will cause", NULL, 0, 0}, + {NULL, NULL, -1, NULL, "your private", NULL, 0, 0}, + {NULL, NULL, -1, NULL, "key to be", NULL, 0, 0}, + {NULL, NULL, -1, NULL, "lost!", NULL, 0, 0}, + {NULL, NULL, -1, NULL, "", NULL, 0, 0}, + {NULL, NULL, -1, NULL, "Are you sure", NULL, 0, 0}, + {NULL, NULL, -1, NULL, "you want to", NULL, 0, 0}, + {NULL, NULL, -1, NULL, "disable", NULL, 0, 0}, + {NULL, NULL, -1, NULL, "SEED mode?", NULL, 0, 0}, + {NULL, ui_menu_seedmode_display, 0, &C_icon_back, "Cancel", NULL, 61, 40}, + {NULL, toggle_seed, 128, &C_icon_validate_14, "Disable", NULL, 0, 0}, + UX_MENU_END}; + +void ui_menu_seedmode_action(unsigned int value) { + if (value == 0) { + // Request deactivate + UX_MENU_DISPLAY(0, ui_seed_warning, NULL); + } else { + // Reactivate + G_gpg_vstate.seed_mode = 1; + ui_menu_seedmode_display(0); + } +} + /* ------------------------------- PIN MODE UX ------------------------------ */ void ui_menu_pinmode_action(unsigned int value); diff --git a/src/gpg_ux_nanox.c b/src/gpg_ux_nanox.c index 2e80384..790eb59 100644 --- a/src/gpg_ux_nanox.c +++ b/src/gpg_ux_nanox.c @@ -670,7 +670,7 @@ void ui_menu_seedmode_predisplay(void); UX_STEP_CB_INIT(ux_menu_seedmode_1_step, bn, ui_menu_seedmode_predisplay(), - ui_menu_seedmode_action(0), + ui_menu_seedmode_action(G_gpg_vstate.seed_mode), {"Toggle seed mode", CUR_SEED_MODE}); UX_STEP_CB(ux_menu_seedmode_2_step, @@ -691,8 +691,7 @@ void ui_menu_seedmode_display(unsigned int value) { ui_flow_display(ux_flow_seedmode, value); } -void ui_menu_seedmode_action(unsigned int value) { - UNUSED(value); +static void toggle_seed() { if (G_gpg_vstate.seed_mode) { G_gpg_vstate.seed_mode = 0; } else { @@ -701,6 +700,50 @@ void ui_menu_seedmode_action(unsigned int value) { ui_menu_seedmode_display(0); } +UX_STEP_NOCB(ui_seed_warning_step, + paging, + {.title = "Warning", + .text = "SEED mode allows to derive " + "your key from Master SEED.\n" + "Without such mode,\n" + "an OS or App update\n" + "will cause your private key to be lost!\n\n" + "Are you sure you want " + "to disable SEED mode?"}); + +UX_STEP_CB(ui_seed_warning_flow_cancel_step, + pb, + ui_menu_seedmode_display(0), + { + &C_icon_crossmark, + "Cancel", + }); + +UX_STEP_CB(ui_seed_disabling_flow_confirm_step, + pbb, + toggle_seed(), + { + &C_icon_validate_14, + "Disable", + "SEED Mode", + }); + +UX_FLOW(ui_seed_disabling_flow, + &ui_seed_warning_step, + &ui_seed_warning_flow_cancel_step, + &ui_seed_disabling_flow_confirm_step); + +void ui_menu_seedmode_action(unsigned int value) { + if (value == 1) { + // Current value is 'enable' -> Confirm deactivate + ux_flow_init(0, ui_seed_disabling_flow, NULL); + } else { + // Current value is 'disable' -> Reactivate + G_gpg_vstate.seed_mode = 1; + ui_menu_seedmode_display(0); + } +} + /* ------------------------------- PIN MODE UX ------------------------------ */ void ui_menu_pinmode_action(unsigned int value);