From 7d8cb9018e567d5d1f6d45cf86c570efab449fbd Mon Sep 17 00:00:00 2001
From: Jochen Hoenicke <hoenicke@gmail.com>
Date: Thu, 14 Jul 2016 18:11:20 +0200
Subject: [PATCH] Ask for confirmation on ECDH Session (gpg decrypt)

Also fix abort to send a reply (a cancel failure)
---
 firmware/fsm.c     |  8 ++++++++
 firmware/layout2.c | 42 ++++++++++++++++++++++++++++++++++++++++++
 firmware/layout2.h |  1 +
 3 files changed, 51 insertions(+)

diff --git a/firmware/fsm.c b/firmware/fsm.c
index 428371a..ea7b1c3 100644
--- a/firmware/fsm.c
+++ b/firmware/fsm.c
@@ -424,6 +424,7 @@ void fsm_msgCancel(Cancel *msg)
 	(void)msg;
 	recovery_abort();
 	signing_abort();
+	fsm_sendFailure(FailureType_Failure_ActionCancelled, "Aborted");
 }
 
 void fsm_msgTxAck(TxAck *msg)
@@ -807,6 +808,13 @@ void fsm_msgGetECDHSessionKey(GetECDHSessionKey *msg)
 		return;
 	}
 
+	layoutDecryptIdentity(&msg->identity);
+	if (!protectButton(ButtonRequestType_ButtonRequest_ProtectCall, false)) {
+		fsm_sendFailure(FailureType_Failure_ActionCancelled, "ECDH Session cancelled");
+		layoutHome();
+		return;
+	}
+
 	if (!protectPin(true)) {
 		layoutHome();
 		return;
diff --git a/firmware/layout2.c b/firmware/layout2.c
index 4c0a3a3..fdb3626 100644
--- a/firmware/layout2.c
+++ b/firmware/layout2.c
@@ -336,6 +336,48 @@ void layoutSignIdentity(const IdentityType *identity, const char *challenge)
 		NULL);
 }
 
+void layoutDecryptIdentity(const IdentityType *identity)
+{
+	char row_proto[8 + 11 + 1];
+	char row_hostport[64 + 6 + 1];
+	char row_user[64 + 8 + 1];
+
+	if (identity->has_proto && identity->proto[0]) {
+		strlcpy(row_proto, identity->proto, sizeof(row_proto));
+		char *p = row_proto;
+		while (*p) { *p = toupper((int)*p); p++; }
+		strlcat(row_proto, " decrypt for:", sizeof(row_proto));
+	} else {
+		strlcpy(row_proto, "Decrypt for:", sizeof(row_proto));
+	}
+
+	if (identity->has_host && identity->host[0]) {
+		strlcpy(row_hostport, identity->host, sizeof(row_hostport));
+		if (identity->has_port && identity->port[0]) {
+			strlcat(row_hostport, ":", sizeof(row_hostport));
+			strlcat(row_hostport, identity->port, sizeof(row_hostport));
+		}
+	} else {
+		row_hostport[0] = 0;
+	}
+
+	if (identity->has_user && identity->user[0]) {
+		strlcpy(row_user, "user: ", sizeof(row_user));
+		strlcat(row_user, identity->user, sizeof(row_user));
+	} else {
+		row_user[0] = 0;
+	}
+
+	layoutDialogSwipe(&bmp_icon_question, "Cancel", "Confirm",
+		"Do you want to decrypt?",
+		row_proto[0] ? row_proto : NULL,
+		row_hostport[0] ? row_hostport : NULL,
+		row_user[0] ? row_user : NULL,
+		NULL,
+		NULL,
+		NULL);
+}
+
 void layoutU2FDialog(const char *verb, const char *appname, const BITMAP *appicon) {
 	if (!appicon) {
 		appicon = &bmp_icon_question;
diff --git a/firmware/layout2.h b/firmware/layout2.h
index 975d530..237207c 100644
--- a/firmware/layout2.h
+++ b/firmware/layout2.h
@@ -41,6 +41,7 @@ void layoutDecryptMessage(const uint8_t *msg, uint32_t len, const char *address)
 void layoutAddress(const char *address, const char *desc);
 void layoutPublicKey(const uint8_t *pubkey);
 void layoutSignIdentity(const IdentityType *identity, const char *challenge);
+void layoutDecryptIdentity(const IdentityType *identity);
 void layoutU2FDialog(const char *verb, const char *appname, const BITMAP *appicon);
 
 #endif