From e0218520d81ebf5b2aa0a5d2721a8a2d9302e78a Mon Sep 17 00:00:00 2001 From: Jorge Martins Date: Fri, 8 Jul 2022 11:12:50 +0200 Subject: [PATCH 1/7] Fix multiple vulnerabilities --- src/main.c | 30 +++++++++++++ src/shared_context.h | 15 ++++--- src_common/ethUstream.c | 6 +++ src_common/uint256.c | 5 +++ .../getEth2PublicKey/cmd_getEth2PublicKey.c | 20 ++++----- src_features/getPublicKey/cmd_getPublicKey.c | 24 +++++----- .../cmd_performPrivacyOperation.c | 44 +++++++++---------- src_features/signMessage/cmd_signMessage.c | 27 +++--------- .../signMessage/ui_common_signMessage.c | 4 +- .../signMessageEIP712/cmd_signMessage712.c | 30 +++---------- .../ui_common_signMessage712.c | 4 +- src_features/signTx/cmd_signTx.c | 30 +++++-------- src_features/signTx/logic_signTx.c | 4 +- src_features/signTx/ui_common_signTx.c | 4 +- .../cmd_stark_getPublicKey.c | 25 +++++------ src_features/stark_sign/cmd_stark_sign.c | 21 ++++++--- .../stark_sign/ui_common_stark_sign.c | 4 +- .../stark_unsafe_sign/cmd_stark_unsafe_sign.c | 29 ++++++------ .../ui_common_stark_unsafe_sign.c | 4 +- src_plugins/starkware/starkware_plugin.c | 4 +- 20 files changed, 166 insertions(+), 168 deletions(-) diff --git a/src/main.c b/src/main.c index 8b029fa..fdad285 100644 --- a/src/main.c +++ b/src/main.c @@ -480,6 +480,36 @@ void handleGetWalletId(volatile unsigned int *tx) { #endif // HAVE_WALLET_ID_SDK +uint8_t *parseBip32(uint8_t *dataBuffer, uint16_t *dataLength, bip32_path_t *bip32) { + if (*dataLength < 1) { + PRINTF("Invalid data\n"); + return NULL; + } + + bip32->length = *dataBuffer; + + if (bip32->length < 0x1 || bip32->length > MAX_BIP32_PATH) { + PRINTF("Invalid bip32\n"); + return NULL; + } + + dataBuffer++; + (*dataLength)--; + + if (*dataLength < sizeof(uint32_t) * (bip32->length)) { + PRINTF("Invalid data\n"); + return NULL; + } + + for (uint8_t i = 0; i < bip32->length; i++) { + bip32->path[i] = U4BE(dataBuffer, 0); + dataBuffer += sizeof(uint32_t); + *dataLength -= sizeof(uint32_t); + } + + return dataBuffer; +} + void handleApdu(unsigned int *flags, unsigned int *tx) { unsigned short sw = 0; diff --git a/src/shared_context.h b/src/shared_context.h index ef418fe..7447a10 100644 --- a/src/shared_context.h +++ b/src/shared_context.h @@ -18,6 +18,11 @@ #define N_storage (*(volatile internalStorage_t *) PIC(&N_storage_real)) +typedef struct bip32_path_t { + uint8_t length; + uint32_t path[MAX_BIP32_PATH]; +} bip32_path_t; + typedef struct internalStorage_t { unsigned char dataAllowed; unsigned char contractDetails; @@ -82,8 +87,7 @@ typedef union extraInfo_t { } extraInfo_t; typedef struct transactionContext_t { - uint8_t pathLength; - uint32_t bip32Path[MAX_BIP32_PATH]; + bip32_path_t bip32; uint8_t hash[INT256_LENGTH]; union extraInfo_t extraInfo[MAX_ITEMS]; uint8_t tokenSet[MAX_ITEMS]; @@ -91,15 +95,13 @@ typedef struct transactionContext_t { } transactionContext_t; typedef struct messageSigningContext_t { - uint8_t pathLength; - uint32_t bip32Path[MAX_BIP32_PATH]; + bip32_path_t bip32; uint8_t hash[INT256_LENGTH]; uint32_t remainingLength; } messageSigningContext_t; typedef struct messageSigningContext712_t { - uint8_t pathLength; - uint32_t bip32Path[MAX_BIP32_PATH]; + bip32_path_t bip32; uint8_t domainHash[32]; uint8_t messageHash[32]; } messageSigningContext712_t; @@ -217,5 +219,6 @@ extern uint32_t eth2WithdrawalIndex; #endif void reset_app_context(void); +uint8_t *parseBip32(uint8_t *, uint16_t *, bip32_path_t *); #endif // _SHARED_CONTEXT_H_ diff --git a/src_common/ethUstream.c b/src_common/ethUstream.c index 4080d3f..ccfd823 100644 --- a/src_common/ethUstream.c +++ b/src_common/ethUstream.c @@ -296,6 +296,12 @@ static void processV(txContext_t *context) { PRINTF("Invalid type for RLP_V\n"); THROW(EXCEPTION); } + + if (context->currentFieldLength > sizeof(context->content->v)) { + PRINTF("Invalid length for RLP_V\n"); + THROW(EXCEPTION); + } + if (context->currentFieldPos < context->currentFieldLength) { uint32_t copySize = MIN(context->commandLength, context->currentFieldLength - context->currentFieldPos); diff --git a/src_common/uint256.c b/src_common/uint256.c index 92b4d1f..22b738e 100644 --- a/src_common/uint256.c +++ b/src_common/uint256.c @@ -476,6 +476,11 @@ bool tostring256(uint256_t *number, uint32_t baseParam, char *out, uint32_t outL divmod256(&rDiv, &base, &rDiv, &rMod); out[offset++] = HEXDIGITS[(uint8_t) LOWER(LOWER(rMod))]; } while (!zero256(&rDiv)); + + if (offset > (outLength - 1)) { + return false; + } + out[offset] = '\0'; reverseString(out, offset); return true; diff --git a/src_features/getEth2PublicKey/cmd_getEth2PublicKey.c b/src_features/getEth2PublicKey/cmd_getEth2PublicKey.c index 33ca895..d94484d 100644 --- a/src_features/getEth2PublicKey/cmd_getEth2PublicKey.c +++ b/src_features/getEth2PublicKey/cmd_getEth2PublicKey.c @@ -46,29 +46,25 @@ void handleGetEth2PublicKey(uint8_t p1, uint16_t dataLength, unsigned int *flags, unsigned int *tx) { - UNUSED(dataLength); - uint32_t bip32Path[MAX_BIP32_PATH]; - uint32_t i; - uint8_t bip32PathLength = *(dataBuffer++); + bip32_path_t bip32; if (!called_from_swap) { reset_app_context(); } - if ((bip32PathLength < 0x01) || (bip32PathLength > MAX_BIP32_PATH)) { - PRINTF("Invalid path\n"); - THROW(0x6a80); - } if ((p1 != P1_CONFIRM) && (p1 != P1_NON_CONFIRM)) { THROW(0x6B00); } if (p2 != 0) { THROW(0x6B00); } - for (i = 0; i < bip32PathLength; i++) { - bip32Path[i] = U4BE(dataBuffer, 0); - dataBuffer += 4; + + dataBuffer = parseBip32(dataBuffer, &dataLength, &bip32); + + if (dataBuffer == NULL) { + THROW(0x6a80); } - getEth2PublicKey(bip32Path, bip32PathLength, tmpCtx.publicKeyContext.publicKey.W); + + getEth2PublicKey(bip32.path, bip32.length, tmpCtx.publicKeyContext.publicKey.W); #ifndef NO_CONSENT if (p1 == P1_NON_CONFIRM) diff --git a/src_features/getPublicKey/cmd_getPublicKey.c b/src_features/getPublicKey/cmd_getPublicKey.c index 59c9fb8..bba66a4 100644 --- a/src_features/getPublicKey/cmd_getPublicKey.c +++ b/src_features/getPublicKey/cmd_getPublicKey.c @@ -11,35 +11,33 @@ void handleGetPublicKey(uint8_t p1, uint16_t dataLength, unsigned int *flags, unsigned int *tx) { - UNUSED(dataLength); uint8_t privateKeyData[INT256_LENGTH]; - uint32_t bip32Path[MAX_BIP32_PATH]; - uint32_t i; - uint8_t bip32PathLength = *(dataBuffer++); + bip32_path_t bip32; cx_ecfp_private_key_t privateKey; + if (!called_from_swap) { reset_app_context(); } - if ((bip32PathLength < 0x01) || (bip32PathLength > MAX_BIP32_PATH)) { - PRINTF("Invalid path\n"); - THROW(0x6a80); - } + if ((p1 != P1_CONFIRM) && (p1 != P1_NON_CONFIRM)) { THROW(0x6B00); } if ((p2 != P2_CHAINCODE) && (p2 != P2_NO_CHAINCODE)) { THROW(0x6B00); } - for (i = 0; i < bip32PathLength; i++) { - bip32Path[i] = U4BE(dataBuffer, 0); - dataBuffer += 4; + + dataBuffer = parseBip32(dataBuffer, &dataLength, &bip32); + + if (dataBuffer == NULL) { + THROW(0x6a80); } + tmpCtx.publicKeyContext.getChaincode = (p2 == P2_CHAINCODE); io_seproxyhal_io_heartbeat(); os_perso_derive_node_bip32( CX_CURVE_256K1, - bip32Path, - bip32PathLength, + bip32.path, + bip32.length, privateKeyData, (tmpCtx.publicKeyContext.getChaincode ? tmpCtx.publicKeyContext.chainCode : NULL)); cx_ecfp_init_private_key(CX_CURVE_256K1, privateKeyData, 32, &privateKey); diff --git a/src_features/performPrivacyOperation/cmd_performPrivacyOperation.c b/src_features/performPrivacyOperation/cmd_performPrivacyOperation.c index 9bd5802..824ad2f 100644 --- a/src_features/performPrivacyOperation/cmd_performPrivacyOperation.c +++ b/src_features/performPrivacyOperation/cmd_performPrivacyOperation.c @@ -29,39 +29,35 @@ void handlePerformPrivacyOperation(uint8_t p1, uint16_t dataLength, unsigned int *flags, unsigned int *tx) { - UNUSED(dataLength); uint8_t privateKeyData[INT256_LENGTH]; uint8_t privateKeyDataSwapped[INT256_LENGTH]; - uint32_t bip32Path[MAX_BIP32_PATH]; - uint8_t bip32PathLength = *(dataBuffer++); + bip32_path_t bip32; cx_err_t status = CX_OK; - if (p2 == P2_PUBLIC_ENCRYPTION_KEY) { - if (dataLength < 1 + 4 * bip32PathLength) { - THROW(0x6700); - } - } else if (p2 == P2_SHARED_SECRET) { - if (dataLength < 1 + 4 * bip32PathLength + 32) { - THROW(0x6700); - } - } else { - THROW(0x6B00); - } - cx_ecfp_private_key_t privateKey; - if ((bip32PathLength < 0x01) || (bip32PathLength > MAX_BIP32_PATH)) { - PRINTF("Invalid path\n"); - THROW(0x6a80); - } + if ((p1 != P1_CONFIRM) && (p1 != P1_NON_CONFIRM)) { THROW(0x6B00); } - for (uint8_t i = 0; i < bip32PathLength; i++) { - bip32Path[i] = U4BE(dataBuffer, 0); - dataBuffer += 4; + + if ((p2 != P2_PUBLIC_ENCRYPTION_KEY) && (p2 != P2_SHARED_SECRET)) { + THROW(0x6700); } + + dataBuffer = parseBip32(dataBuffer, &dataLength, &bip32); + + if (dataBuffer == NULL) { + THROW(0x6a80); + } + + if ((p2 == P2_SHARED_SECRET) && (dataLength < 32)) { + THROW(0x6700); + } + + cx_ecfp_private_key_t privateKey; + os_perso_derive_node_bip32( CX_CURVE_256K1, - bip32Path, - bip32PathLength, + bip32.path, + bip32.length, privateKeyData, (tmpCtx.publicKeyContext.getChaincode ? tmpCtx.publicKeyContext.chainCode : NULL)); cx_ecfp_init_private_key(CX_CURVE_256K1, privateKeyData, 32, &privateKey); diff --git a/src_features/signMessage/cmd_signMessage.c b/src_features/signMessage/cmd_signMessage.c index 7ea12db..4069087 100644 --- a/src_features/signMessage/cmd_signMessage.c +++ b/src_features/signMessage/cmd_signMessage.c @@ -119,39 +119,26 @@ void handleSignPersonalMessage(uint8_t p1, unsigned int *tx) { UNUSED(tx); uint8_t hashMessage[INT256_LENGTH]; + if (p1 == P1_FIRST) { char tmp[11] = {0}; - uint32_t i; - if (dataLength < 1) { - PRINTF("Invalid data\n"); - THROW(0x6a80); - } + if (appState != APP_STATE_IDLE) { reset_app_context(); } appState = APP_STATE_SIGNING_MESSAGE; - tmpCtx.messageSigningContext.pathLength = workBuffer[0]; - if ((tmpCtx.messageSigningContext.pathLength < 0x01) || - (tmpCtx.messageSigningContext.pathLength > MAX_BIP32_PATH)) { - PRINTF("Invalid path\n"); + workBuffer = parseBip32(workBuffer, &dataLength, &tmpCtx.messageSigningContext.bip32); + + if (workBuffer == NULL) { THROW(0x6a80); } - workBuffer++; - dataLength--; - for (i = 0; i < tmpCtx.messageSigningContext.pathLength; i++) { - if (dataLength < sizeof(uint32_t)) { - PRINTF("Invalid data\n"); - THROW(0x6a80); - } - tmpCtx.messageSigningContext.bip32Path[i] = U4BE(workBuffer, 0); - workBuffer += sizeof(uint32_t); - dataLength -= sizeof(uint32_t); - } + if (dataLength < sizeof(uint32_t)) { PRINTF("Invalid data\n"); THROW(0x6a80); } + tmpCtx.messageSigningContext.remainingLength = U4BE(workBuffer, 0); workBuffer += sizeof(uint32_t); dataLength -= sizeof(uint32_t); diff --git a/src_features/signMessage/ui_common_signMessage.c b/src_features/signMessage/ui_common_signMessage.c index e2a901b..b8fc9c3 100644 --- a/src_features/signMessage/ui_common_signMessage.c +++ b/src_features/signMessage/ui_common_signMessage.c @@ -9,8 +9,8 @@ unsigned int io_seproxyhal_touch_signMessage_ok(__attribute__((unused)) const ba uint32_t tx = 0; io_seproxyhal_io_heartbeat(); os_perso_derive_node_bip32(CX_CURVE_256K1, - tmpCtx.messageSigningContext.bip32Path, - tmpCtx.messageSigningContext.pathLength, + tmpCtx.messageSigningContext.bip32.path, + tmpCtx.messageSigningContext.bip32.length, privateKeyData, NULL); io_seproxyhal_io_heartbeat(); diff --git a/src_features/signMessageEIP712/cmd_signMessage712.c b/src_features/signMessageEIP712/cmd_signMessage712.c index bc9443e..da0b0db 100644 --- a/src_features/signMessageEIP712/cmd_signMessage712.c +++ b/src_features/signMessageEIP712/cmd_signMessage712.c @@ -9,8 +9,6 @@ void handleSignEIP712Message(uint8_t p1, uint16_t dataLength, unsigned int *flags, unsigned int *tx) { - uint8_t i; - UNUSED(tx); if ((p1 != 00) || (p2 != 00)) { THROW(0x6B00); @@ -18,31 +16,13 @@ void handleSignEIP712Message(uint8_t p1, if (appState != APP_STATE_IDLE) { reset_app_context(); } - if (dataLength < 1) { - PRINTF("Invalid data\n"); - THROW(0x6a80); - } - tmpCtx.messageSigningContext712.pathLength = workBuffer[0]; - if ((tmpCtx.messageSigningContext712.pathLength < 0x01) || - (tmpCtx.messageSigningContext712.pathLength > MAX_BIP32_PATH)) { - PRINTF("Invalid path\n"); - THROW(0x6a80); - } - workBuffer++; - dataLength--; - for (i = 0; i < tmpCtx.messageSigningContext712.pathLength; i++) { - if (dataLength < 4) { - PRINTF("Invalid data\n"); - THROW(0x6a80); - } - tmpCtx.messageSigningContext712.bip32Path[i] = U4BE(workBuffer, 0); - workBuffer += 4; - dataLength -= 4; - } - if (dataLength < 32 + 32) { - PRINTF("Invalid data\n"); + + workBuffer = parseBip32(workBuffer, &dataLength, &tmpCtx.messageSigningContext.bip32); + + if (workBuffer == NULL || dataLength < 32 + 32) { THROW(0x6a80); } + memmove(tmpCtx.messageSigningContext712.domainHash, workBuffer, 32); memmove(tmpCtx.messageSigningContext712.messageHash, workBuffer + 32, 32); diff --git a/src_features/signMessageEIP712/ui_common_signMessage712.c b/src_features/signMessageEIP712/ui_common_signMessage712.c index e67cc4e..e7dea8f 100644 --- a/src_features/signMessageEIP712/ui_common_signMessage712.c +++ b/src_features/signMessageEIP712/ui_common_signMessage712.c @@ -34,8 +34,8 @@ unsigned int io_seproxyhal_touch_signMessage712_v0_ok(__attribute__((unused)) PRINTF("EIP712 hash to sign %.*H\n", 32, hash); io_seproxyhal_io_heartbeat(); os_perso_derive_node_bip32(CX_CURVE_256K1, - tmpCtx.messageSigningContext712.bip32Path, - tmpCtx.messageSigningContext712.pathLength, + tmpCtx.messageSigningContext712.bip32.path, + tmpCtx.messageSigningContext712.bip32.length, privateKeyData, NULL); io_seproxyhal_io_heartbeat(); diff --git a/src_features/signTx/cmd_signTx.c b/src_features/signTx/cmd_signTx.c index 3b084f5..1ea5d06 100644 --- a/src_features/signTx/cmd_signTx.c +++ b/src_features/signTx/cmd_signTx.c @@ -12,43 +12,33 @@ void handleSign(uint8_t p1, unsigned int *tx) { UNUSED(tx); parserStatus_e txResult; - uint32_t i; if (os_global_pin_is_validated() != BOLOS_UX_OK) { PRINTF("Device is PIN-locked"); THROW(0x6982); } if (p1 == P1_FIRST) { - if (dataLength < 1) { - PRINTF("Invalid data\n"); - THROW(0x6a80); - } if (appState != APP_STATE_IDLE) { reset_app_context(); } appState = APP_STATE_SIGNING_TX; - tmpCtx.transactionContext.pathLength = workBuffer[0]; - if ((tmpCtx.transactionContext.pathLength < 0x01) || - (tmpCtx.transactionContext.pathLength > MAX_BIP32_PATH)) { - PRINTF("Invalid path\n"); + + workBuffer = parseBip32(workBuffer, &dataLength, &tmpCtx.transactionContext.bip32); + + if (workBuffer == NULL) { THROW(0x6a80); } - workBuffer++; - dataLength--; - for (i = 0; i < tmpCtx.transactionContext.pathLength; i++) { - if (dataLength < 4) { - PRINTF("Invalid data\n"); - THROW(0x6a80); - } - tmpCtx.transactionContext.bip32Path[i] = U4BE(workBuffer, 0); - workBuffer += 4; - dataLength -= 4; - } + tmpContent.txContent.dataPresent = false; dataContext.tokenContext.pluginStatus = ETH_PLUGIN_RESULT_UNAVAILABLE; initTx(&txContext, &global_sha3, &tmpContent.txContent, customProcessor, NULL); + if (dataLength < 1) { + PRINTF("Invalid data\n"); + THROW(0x6a80); + } + // EIP 2718: TransactionType might be present before the TransactionPayload. uint8_t txType = *workBuffer; if (txType >= MIN_TX_TYPE && txType <= MAX_TX_TYPE) { diff --git a/src_features/signTx/logic_signTx.c b/src_features/signTx/logic_signTx.c index eb8e10f..d7e9767 100644 --- a/src_features/signTx/logic_signTx.c +++ b/src_features/signTx/logic_signTx.c @@ -282,8 +282,8 @@ static void get_public_key(uint8_t *out, uint8_t outLength) { } os_perso_derive_node_bip32(CX_CURVE_256K1, - tmpCtx.transactionContext.bip32Path, - tmpCtx.transactionContext.pathLength, + tmpCtx.transactionContext.bip32.path, + tmpCtx.transactionContext.bip32.length, privateKeyData, NULL); cx_ecfp_init_private_key(CX_CURVE_256K1, privateKeyData, 32, &privateKey); diff --git a/src_features/signTx/ui_common_signTx.c b/src_features/signTx/ui_common_signTx.c index 3d27197..6c482d0 100644 --- a/src_features/signTx/ui_common_signTx.c +++ b/src_features/signTx/ui_common_signTx.c @@ -10,8 +10,8 @@ unsigned int io_seproxyhal_touch_tx_ok(__attribute__((unused)) const bagl_elemen uint32_t tx = 0; io_seproxyhal_io_heartbeat(); os_perso_derive_node_bip32(CX_CURVE_256K1, - tmpCtx.transactionContext.bip32Path, - tmpCtx.transactionContext.pathLength, + tmpCtx.transactionContext.bip32.path, + tmpCtx.transactionContext.bip32.length, privateKeyData, NULL); cx_ecfp_init_private_key(CX_CURVE_256K1, privateKeyData, 32, &privateKey); diff --git a/src_features/stark_getPublicKey/cmd_stark_getPublicKey.c b/src_features/stark_getPublicKey/cmd_stark_getPublicKey.c index 54edf09..d93cd51 100644 --- a/src_features/stark_getPublicKey/cmd_stark_getPublicKey.c +++ b/src_features/stark_getPublicKey/cmd_stark_getPublicKey.c @@ -12,29 +12,28 @@ void handleStarkwareGetPublicKey(uint8_t p1, uint16_t dataLength, unsigned int *flags, unsigned int *tx) { - UNUSED(dataLength); - uint8_t privateKeyData[32]; - uint32_t bip32Path[MAX_BIP32_PATH]; - uint32_t i; - uint8_t bip32PathLength = *(dataBuffer++); + bip32_path_t bip32; cx_ecfp_private_key_t privateKey; + uint8_t privateKeyData[32]; + reset_app_context(); - if ((bip32PathLength < 0x01) || (bip32PathLength > MAX_BIP32_PATH)) { - PRINTF("Invalid path\n"); - THROW(0x6a80); - } + if ((p1 != P1_CONFIRM) && (p1 != P1_NON_CONFIRM)) { THROW(0x6B00); } + if (p2 != 0) { THROW(0x6B00); } - for (i = 0; i < bip32PathLength; i++) { - bip32Path[i] = U4BE(dataBuffer, 0); - dataBuffer += 4; + + dataBuffer = parseBip32(dataBuffer, &dataLength, &bip32); + + if (dataBuffer == NULL) { + THROW(0x6a80); } + io_seproxyhal_io_heartbeat(); - starkDerivePrivateKey(bip32Path, bip32PathLength, privateKeyData); + starkDerivePrivateKey(bip32.path, bip32.length, privateKeyData); cx_ecfp_init_private_key(CX_CURVE_Stark256, privateKeyData, 32, &privateKey); io_seproxyhal_io_heartbeat(); cx_ecfp_generate_pair(CX_CURVE_Stark256, &tmpCtx.publicKeyContext.publicKey, &privateKey, 1); diff --git a/src_features/stark_sign/cmd_stark_sign.c b/src_features/stark_sign/cmd_stark_sign.c index 12f7da7..6d08635 100644 --- a/src_features/stark_sign/cmd_stark_sign.c +++ b/src_features/stark_sign/cmd_stark_sign.c @@ -20,7 +20,7 @@ void handleStarkwareSignMessage(uint8_t p1, __attribute__((unused)) unsigned int *tx) { uint8_t privateKeyData[INT256_LENGTH]; uint32_t i; - uint8_t bip32PathLength = *(dataBuffer); + uint8_t bip32PathLength; uint8_t offset = 1; cx_ecfp_private_key_t privateKey; poorstream_t bitstream; @@ -29,10 +29,19 @@ void handleStarkwareSignMessage(uint8_t p1, uint8_t protocol = 2; uint8_t preOffset, postOffset; uint8_t zeroTest; + // Initial checks if (appState != APP_STATE_IDLE) { reset_app_context(); } + + if (dataLength < 1) { + PRINTF("Invalid data\n"); + THROW(0x6a80); + } + + bip32PathLength = *(dataBuffer); + if ((bip32PathLength < 0x01) || (bip32PathLength > MAX_BIP32_PATH)) { PRINTF("Invalid path\n"); THROW(0x6a80); @@ -70,10 +79,10 @@ void handleStarkwareSignMessage(uint8_t p1, if (p2 != 0) { THROW(0x6B00); } - tmpCtx.transactionContext.pathLength = bip32PathLength; + tmpCtx.transactionContext.bip32.length = bip32PathLength; for (i = 0; i < bip32PathLength; i++) { - tmpCtx.transactionContext.bip32Path[i] = U4BE(dataBuffer, offset); - PRINTF("Storing path %d %d\n", i, tmpCtx.transactionContext.bip32Path[i]); + tmpCtx.transactionContext.bip32.path[i] = U4BE(dataBuffer, offset); + PRINTF("Storing path %d %d\n", i, tmpCtx.transactionContext.bip32.path[i]); offset += 4; } // Discard the path to use part of dataBuffer as a temporary buffer @@ -205,7 +214,9 @@ void handleStarkwareSignMessage(uint8_t p1, cx_ecfp_public_key_t publicKey; // Check if the transfer is a self transfer io_seproxyhal_io_heartbeat(); - starkDerivePrivateKey(tmpCtx.transactionContext.bip32Path, bip32PathLength, privateKeyData); + starkDerivePrivateKey(tmpCtx.transactionContext.bip32.path, + bip32PathLength, + privateKeyData); cx_ecfp_init_private_key(CX_CURVE_Stark256, privateKeyData, 32, &privateKey); io_seproxyhal_io_heartbeat(); cx_ecfp_generate_pair(CX_CURVE_Stark256, &publicKey, &privateKey, 1); diff --git a/src_features/stark_sign/ui_common_stark_sign.c b/src_features/stark_sign/ui_common_stark_sign.c index 533f67f..a44ee99 100644 --- a/src_features/stark_sign/ui_common_stark_sign.c +++ b/src_features/stark_sign/ui_common_stark_sign.c @@ -10,8 +10,8 @@ unsigned int io_seproxyhal_touch_stark_ok(__attribute__((unused)) const bagl_ele uint8_t signature[72]; uint32_t tx = 0; io_seproxyhal_io_heartbeat(); - starkDerivePrivateKey(tmpCtx.transactionContext.bip32Path, - tmpCtx.transactionContext.pathLength, + starkDerivePrivateKey(tmpCtx.transactionContext.bip32.path, + tmpCtx.transactionContext.bip32.length, privateKeyData); io_seproxyhal_io_heartbeat(); stark_sign(signature, diff --git a/src_features/stark_unsafe_sign/cmd_stark_unsafe_sign.c b/src_features/stark_unsafe_sign/cmd_stark_unsafe_sign.c index e899816..1f057c2 100644 --- a/src_features/stark_unsafe_sign/cmd_stark_unsafe_sign.c +++ b/src_features/stark_unsafe_sign/cmd_stark_unsafe_sign.c @@ -12,37 +12,34 @@ void handleStarkwareUnsafeSign(uint8_t p1, uint16_t dataLength, unsigned int *flags, __attribute__((unused)) unsigned int *tx) { - uint32_t i; uint8_t privateKeyData[INT256_LENGTH]; cx_ecfp_public_key_t publicKey; cx_ecfp_private_key_t privateKey; - uint8_t bip32PathLength = *(dataBuffer); - uint8_t offset = 1; + // Initial checks if (appState != APP_STATE_IDLE) { reset_app_context(); } - if ((bip32PathLength < 0x01) || (bip32PathLength > MAX_BIP32_PATH)) { - PRINTF("Invalid path\n"); - THROW(0x6a80); - } + if ((p1 != 0) || (p2 != 0)) { THROW(0x6B00); } - if (dataLength != 32 + 4 * bip32PathLength + 1) { + dataBuffer = parseBip32(dataBuffer, &dataLength, &tmpCtx.transactionContext.bip32); + + if (dataBuffer == NULL) { + THROW(0x6a80); + } + + if (dataLength != 32) { THROW(0x6700); } - tmpCtx.transactionContext.pathLength = bip32PathLength; - for (i = 0; i < bip32PathLength; i++) { - tmpCtx.transactionContext.bip32Path[i] = U4BE(dataBuffer, offset); - PRINTF("Storing path %d %d\n", i, tmpCtx.transactionContext.bip32Path[i]); - offset += 4; - } - memmove(dataContext.starkContext.w2, dataBuffer + offset, 32); + memmove(dataContext.starkContext.w2, dataBuffer, 32); io_seproxyhal_io_heartbeat(); - starkDerivePrivateKey(tmpCtx.transactionContext.bip32Path, bip32PathLength, privateKeyData); + starkDerivePrivateKey(tmpCtx.transactionContext.bip32.path, + tmpCtx.transactionContext.bip32.length, + privateKeyData); cx_ecfp_init_private_key(CX_CURVE_Stark256, privateKeyData, 32, &privateKey); io_seproxyhal_io_heartbeat(); cx_ecfp_generate_pair(CX_CURVE_Stark256, &publicKey, &privateKey, 1); diff --git a/src_features/stark_unsafe_sign/ui_common_stark_unsafe_sign.c b/src_features/stark_unsafe_sign/ui_common_stark_unsafe_sign.c index 4c84e0b..899c59d 100644 --- a/src_features/stark_unsafe_sign/ui_common_stark_unsafe_sign.c +++ b/src_features/stark_unsafe_sign/ui_common_stark_unsafe_sign.c @@ -13,8 +13,8 @@ unsigned int io_seproxyhal_touch_stark_unsafe_sign_ok(__attribute__((unused)) unsigned int info = 0; uint32_t tx = 0; io_seproxyhal_io_heartbeat(); - starkDerivePrivateKey(tmpCtx.transactionContext.bip32Path, - tmpCtx.transactionContext.pathLength, + starkDerivePrivateKey(tmpCtx.transactionContext.bip32.path, + tmpCtx.transactionContext.bip32.length, privateKeyData); io_seproxyhal_io_heartbeat(); cx_ecfp_init_private_key(CX_CURVE_Stark256, privateKeyData, 32, &privateKey); diff --git a/src_plugins/starkware/starkware_plugin.c b/src_plugins/starkware/starkware_plugin.c index 9800f7c..3937ada 100644 --- a/src_plugins/starkware/starkware_plugin.c +++ b/src_plugins/starkware/starkware_plugin.c @@ -367,8 +367,8 @@ void starkware_get_source_address(char *destination) { cx_ecfp_private_key_t privateKey; cx_ecfp_public_key_t publicKey; os_perso_derive_node_bip32(CX_CURVE_256K1, - tmpCtx.transactionContext.bip32Path, - tmpCtx.transactionContext.pathLength, + tmpCtx.transactionContext.bip32.path, + tmpCtx.transactionContext.bip32.length, privateKeyData, NULL); cx_ecfp_init_private_key(CX_CURVE_256K1, privateKeyData, 32, &privateKey); From bc7c161876d23305dfdc87d76011a7cd70de8674 Mon Sep 17 00:00:00 2001 From: Jorge Martins Date: Fri, 8 Jul 2022 11:37:31 +0200 Subject: [PATCH 2/7] Pass E2E tests --- .github/workflows/ci-workflow.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci-workflow.yml b/.github/workflows/ci-workflow.yml index c3f4562..e0b419b 100644 --- a/.github/workflows/ci-workflow.yml +++ b/.github/workflows/ci-workflow.yml @@ -114,7 +114,9 @@ jobs: - uses: actions/checkout@v2 - name: Build testing binaries - run: cd tests && ./build_local_test_elfs.sh + run: | + git config --global --add safe.directory "$GITHUB_WORKSPACE" + cd tests && ./build_local_test_elfs.sh - name: Upload app binaries uses: actions/upload-artifact@v2 From 9ea16d909864a51fdb0dd60ffdcb39d2a11eba50 Mon Sep 17 00:00:00 2001 From: Jorge Martins Date: Fri, 15 Jul 2022 11:38:07 +0200 Subject: [PATCH 3/7] Mark dataBuffer pointer as const --- src/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main.c b/src/main.c index fdad285..d3be1c9 100644 --- a/src/main.c +++ b/src/main.c @@ -480,7 +480,7 @@ void handleGetWalletId(volatile unsigned int *tx) { #endif // HAVE_WALLET_ID_SDK -uint8_t *parseBip32(uint8_t *dataBuffer, uint16_t *dataLength, bip32_path_t *bip32) { +uint8_t *parseBip32(const uint8_t *dataBuffer, uint16_t *dataLength, bip32_path_t *bip32) { if (*dataLength < 1) { PRINTF("Invalid data\n"); return NULL; From 2811917658dc0b00a00ed637184d9e3990bb4dde Mon Sep 17 00:00:00 2001 From: Jorge Martins Date: Fri, 15 Jul 2022 12:33:19 +0200 Subject: [PATCH 4/7] Mark pointer to databuffer/workbuffer as const --- src/apdu_constants.h | 26 +++++++++---------- src/eth_plugin_handler.c | 6 +++-- src/eth_plugin_handler.h | 4 ++- src/main.c | 2 +- src/shared_context.h | 2 +- src/utils.c | 2 +- src/utils.h | 2 +- src_common/ethUstream.c | 2 +- src_common/ethUstream.h | 4 +-- .../getEth2PublicKey/cmd_getEth2PublicKey.c | 2 +- src_features/getPublicKey/cmd_getPublicKey.c | 2 +- .../cmd_performPrivacyOperation.c | 2 +- .../cmd_provideTokenInfo.c | 2 +- .../cmd_provideNFTInfo.c | 2 +- .../cmd_setEth2WithdrawalIndex.c | 2 +- .../setExternalPlugin/cmd_setExternalPlugin.c | 2 +- src_features/setPlugin/cmd_setPlugin.c | 4 +-- src_features/signMessage/cmd_signMessage.c | 2 +- .../signMessageEIP712/cmd_signMessage712.c | 2 +- src_features/signTx/cmd_signTx.c | 2 +- .../cmd_stark_getPublicKey.c | 2 +- .../cmd_stark_provideQuantum.c | 4 +-- .../stark_unsafe_sign/cmd_stark_unsafe_sign.c | 2 +- 23 files changed, 43 insertions(+), 39 deletions(-) diff --git a/src/apdu_constants.h b/src/apdu_constants.h index 9ef49d9..41d0207 100644 --- a/src/apdu_constants.h +++ b/src/apdu_constants.h @@ -60,13 +60,13 @@ void handleGetPublicKey(uint8_t p1, uint8_t p2, - uint8_t *dataBuffer, + const uint8_t *dataBuffer, uint16_t dataLength, unsigned int *flags, unsigned int *tx); void handleProvideErc20TokenInformation(uint8_t p1, uint8_t p2, - uint8_t *dataBuffer, + const uint8_t *dataBuffer, uint16_t dataLength, unsigned int *flags, unsigned int *tx); @@ -78,46 +78,46 @@ void handleProvideNFTInformation(uint8_t p1, unsigned int *tx); void handleSign(uint8_t p1, uint8_t p2, - uint8_t *dataBuffer, + const uint8_t *dataBuffer, uint16_t dataLength, unsigned int *flags, unsigned int *tx); void handleGetAppConfiguration(uint8_t p1, uint8_t p2, - uint8_t *dataBuffer, + const uint8_t *dataBuffer, uint16_t dataLength, unsigned int *flags, unsigned int *tx); void handleSignPersonalMessage(uint8_t p1, uint8_t p2, - uint8_t *dataBuffer, + const uint8_t *dataBuffer, uint16_t dataLength, unsigned int *flags, unsigned int *tx); void handleSignEIP712Message(uint8_t p1, uint8_t p2, - uint8_t *dataBuffer, + const uint8_t *dataBuffer, uint16_t dataLength, unsigned int *flags, unsigned int *tx); void handleSetExternalPlugin(uint8_t p1, uint8_t p2, - uint8_t *workBuffer, + const uint8_t *workBuffer, uint16_t dataLength, unsigned int *flags, unsigned int *tx); void handleSetPlugin(uint8_t p1, uint8_t p2, - uint8_t *workBuffer, + const uint8_t *workBuffer, uint16_t dataLength, unsigned int *flags, unsigned int *tx); void handlePerformPrivacyOperation(uint8_t p1, uint8_t p2, - uint8_t *workBuffer, + const uint8_t *workBuffer, uint16_t dataLength, unsigned int *flags, unsigned int *tx); @@ -126,7 +126,7 @@ void handlePerformPrivacyOperation(uint8_t p1, void handleGetEth2PublicKey(uint8_t p1, uint8_t p2, - uint8_t *dataBuffer, + const uint8_t *dataBuffer, uint16_t dataLength, unsigned int *flags, unsigned int *tx); @@ -143,7 +143,7 @@ void handleSetEth2WinthdrawalIndex(uint8_t p1, void handleStarkwareGetPublicKey(uint8_t p1, uint8_t p2, - uint8_t *dataBuffer, + const uint8_t *dataBuffer, uint16_t dataLength, unsigned int *flags, unsigned int *tx); @@ -155,13 +155,13 @@ void handleStarkwareSignMessage(uint8_t p1, unsigned int *tx); void handleStarkwareProvideQuantum(uint8_t p1, uint8_t p2, - uint8_t *dataBuffer, + const uint8_t *dataBuffer, uint16_t dataLength, unsigned int *flags, unsigned int *tx); void handleStarkwareUnsafeSign(uint8_t p1, uint8_t p2, - uint8_t *dataBuffer, + const uint8_t *dataBuffer, uint16_t dataLength, unsigned int *flags, unsigned int *tx); diff --git a/src/eth_plugin_handler.c b/src/eth_plugin_handler.c index f1944ef..e5187ca 100644 --- a/src/eth_plugin_handler.c +++ b/src/eth_plugin_handler.c @@ -5,7 +5,9 @@ #include "network.h" #include "ethUtils.h" -void eth_plugin_prepare_init(ethPluginInitContract_t *init, uint8_t *selector, uint32_t dataSize) { +void eth_plugin_prepare_init(ethPluginInitContract_t *init, + const uint8_t *selector, + uint32_t dataSize) { memset((uint8_t *) init, 0, sizeof(ethPluginInitContract_t)); init->selector = selector; init->dataSize = dataSize; @@ -111,7 +113,7 @@ static bool eth_plugin_perform_init_old_internal(uint8_t *contractAddress, j++) { if (memcmp(init->selector, (const void *) PIC(selectors[j]), SELECTOR_SIZE) == 0) { if ((INTERNAL_ETH_PLUGINS[i].availableCheck == NULL) || - ((PluginAvailableCheck) PIC(INTERNAL_ETH_PLUGINS[i].availableCheck)) ()) { + ((PluginAvailableCheck) PIC(INTERNAL_ETH_PLUGINS[i].availableCheck))()) { strlcpy(dataContext.tokenContext.pluginName, INTERNAL_ETH_PLUGINS[i].alias, PLUGIN_ID_LENGTH); diff --git a/src/eth_plugin_handler.h b/src/eth_plugin_handler.h index ba6ffee..28b13fb 100644 --- a/src/eth_plugin_handler.h +++ b/src/eth_plugin_handler.h @@ -6,7 +6,9 @@ #define NO_EXTRA_INFO(ctx, idx) \ (allzeroes(&(ctx.transactionContext.extraInfo[idx]), sizeof(extraInfo_t))) -void eth_plugin_prepare_init(ethPluginInitContract_t *init, uint8_t *selector, uint32_t dataSize); +void eth_plugin_prepare_init(ethPluginInitContract_t *init, + const uint8_t *selector, + uint32_t dataSize); void eth_plugin_prepare_provide_parameter(ethPluginProvideParameter_t *provideParameter, uint8_t *parameter, uint32_t parameterOffset); diff --git a/src/main.c b/src/main.c index d3be1c9..b93a70a 100644 --- a/src/main.c +++ b/src/main.c @@ -480,7 +480,7 @@ void handleGetWalletId(volatile unsigned int *tx) { #endif // HAVE_WALLET_ID_SDK -uint8_t *parseBip32(const uint8_t *dataBuffer, uint16_t *dataLength, bip32_path_t *bip32) { +const uint8_t *parseBip32(const uint8_t *dataBuffer, uint16_t *dataLength, bip32_path_t *bip32) { if (*dataLength < 1) { PRINTF("Invalid data\n"); return NULL; diff --git a/src/shared_context.h b/src/shared_context.h index 7447a10..424c0fa 100644 --- a/src/shared_context.h +++ b/src/shared_context.h @@ -219,6 +219,6 @@ extern uint32_t eth2WithdrawalIndex; #endif void reset_app_context(void); -uint8_t *parseBip32(uint8_t *, uint16_t *, bip32_path_t *); +const uint8_t *parseBip32(const uint8_t *, uint16_t *, bip32_path_t *); #endif // _SHARED_CONTEXT_H_ diff --git a/src/utils.c b/src/utils.c index e6d60e1..7a5627f 100644 --- a/src/utils.c +++ b/src/utils.c @@ -54,7 +54,7 @@ int local_strchr(char *string, char ch) { return -1; } -uint64_t u64_from_BE(uint8_t *in, uint8_t size) { +uint64_t u64_from_BE(const uint8_t *in, uint8_t size) { uint8_t i = 0; uint64_t res = 0; diff --git a/src/utils.h b/src/utils.h index 5afabd4..bd52398 100644 --- a/src/utils.h +++ b/src/utils.h @@ -28,7 +28,7 @@ void convertUint256BE(uint8_t* data, uint32_t length, uint256_t* target); int local_strchr(char* string, char ch); -uint64_t u64_from_BE(uint8_t* in, uint8_t size); +uint64_t u64_from_BE(const uint8_t* in, uint8_t size); bool uint256_to_decimal(const uint8_t* value, size_t value_len, char* out, size_t out_len); diff --git a/src_common/ethUstream.c b/src_common/ethUstream.c index ccfd823..81e607d 100644 --- a/src_common/ethUstream.c +++ b/src_common/ethUstream.c @@ -592,7 +592,7 @@ static parserStatus_e processTxInternal(txContext_t *context) { } parserStatus_e processTx(txContext_t *context, - uint8_t *buffer, + const uint8_t *buffer, uint32_t length, uint32_t processingFlags) { parserStatus_e result; diff --git a/src_common/ethUstream.h b/src_common/ethUstream.h index f63dd65..4229d40 100644 --- a/src_common/ethUstream.h +++ b/src_common/ethUstream.h @@ -142,7 +142,7 @@ typedef struct txContext_t { uint32_t dataLength; uint8_t rlpBuffer[5]; uint32_t rlpBufferPos; - uint8_t *workBuffer; + const uint8_t *workBuffer; uint32_t commandLength; uint32_t processingFlags; ustreamProcess_t customProcessor; @@ -157,7 +157,7 @@ void initTx(txContext_t *context, ustreamProcess_t customProcessor, void *extra); parserStatus_e processTx(txContext_t *context, - uint8_t *buffer, + const uint8_t *buffer, uint32_t length, uint32_t processingFlags); parserStatus_e continueTx(txContext_t *context); diff --git a/src_features/getEth2PublicKey/cmd_getEth2PublicKey.c b/src_features/getEth2PublicKey/cmd_getEth2PublicKey.c index d94484d..cccd0eb 100644 --- a/src_features/getEth2PublicKey/cmd_getEth2PublicKey.c +++ b/src_features/getEth2PublicKey/cmd_getEth2PublicKey.c @@ -42,7 +42,7 @@ void getEth2PublicKey(uint32_t *bip32Path, uint8_t bip32PathLength, uint8_t *out void handleGetEth2PublicKey(uint8_t p1, uint8_t p2, - uint8_t *dataBuffer, + const uint8_t *dataBuffer, uint16_t dataLength, unsigned int *flags, unsigned int *tx) { diff --git a/src_features/getPublicKey/cmd_getPublicKey.c b/src_features/getPublicKey/cmd_getPublicKey.c index bba66a4..244dbb7 100644 --- a/src_features/getPublicKey/cmd_getPublicKey.c +++ b/src_features/getPublicKey/cmd_getPublicKey.c @@ -7,7 +7,7 @@ void handleGetPublicKey(uint8_t p1, uint8_t p2, - uint8_t *dataBuffer, + const uint8_t *dataBuffer, uint16_t dataLength, unsigned int *flags, unsigned int *tx) { diff --git a/src_features/performPrivacyOperation/cmd_performPrivacyOperation.c b/src_features/performPrivacyOperation/cmd_performPrivacyOperation.c index 824ad2f..c41b122 100644 --- a/src_features/performPrivacyOperation/cmd_performPrivacyOperation.c +++ b/src_features/performPrivacyOperation/cmd_performPrivacyOperation.c @@ -25,7 +25,7 @@ void decodeScalar(const uint8_t *scalarIn, uint8_t *scalarOut) { void handlePerformPrivacyOperation(uint8_t p1, uint8_t p2, - uint8_t *dataBuffer, + const uint8_t *dataBuffer, uint16_t dataLength, unsigned int *flags, unsigned int *tx) { diff --git a/src_features/provideErc20TokenInformation/cmd_provideTokenInfo.c b/src_features/provideErc20TokenInformation/cmd_provideTokenInfo.c index 4f09b1f..325cbb9 100644 --- a/src_features/provideErc20TokenInformation/cmd_provideTokenInfo.c +++ b/src_features/provideErc20TokenInformation/cmd_provideTokenInfo.c @@ -101,7 +101,7 @@ void handleProvideErc20TokenInformation(uint8_t p1, void handleProvideErc20TokenInformation(uint8_t p1, uint8_t p2, - uint8_t *workBuffer, + const uint8_t *workBuffer, uint16_t dataLength, unsigned int *flags, __attribute__((unused)) unsigned int *tx) { diff --git a/src_features/provideNFTInformation/cmd_provideNFTInfo.c b/src_features/provideNFTInformation/cmd_provideNFTInfo.c index e7fea89..6f53b80 100644 --- a/src_features/provideNFTInformation/cmd_provideNFTInfo.c +++ b/src_features/provideNFTInformation/cmd_provideNFTInfo.c @@ -53,7 +53,7 @@ typedef bool verificationAlgo(const cx_ecfp_public_key_t *, void handleProvideNFTInformation(uint8_t p1, uint8_t p2, - uint8_t *workBuffer, + const uint8_t *workBuffer, uint16_t dataLength, unsigned int *flags, unsigned int *tx) { diff --git a/src_features/setEth2WithdrawalIndex/cmd_setEth2WithdrawalIndex.c b/src_features/setEth2WithdrawalIndex/cmd_setEth2WithdrawalIndex.c index d2338ef..a7f6f72 100644 --- a/src_features/setEth2WithdrawalIndex/cmd_setEth2WithdrawalIndex.c +++ b/src_features/setEth2WithdrawalIndex/cmd_setEth2WithdrawalIndex.c @@ -5,7 +5,7 @@ void handleSetEth2WithdrawalIndex(uint8_t p1, uint8_t p2, - uint8_t *dataBuffer, + const uint8_t *dataBuffer, uint16_t dataLength, __attribute__((unused)) unsigned int *flags, __attribute__((unused)) unsigned int *tx) { diff --git a/src_features/setExternalPlugin/cmd_setExternalPlugin.c b/src_features/setExternalPlugin/cmd_setExternalPlugin.c index 672bfaa..fb66f12 100644 --- a/src_features/setExternalPlugin/cmd_setExternalPlugin.c +++ b/src_features/setExternalPlugin/cmd_setExternalPlugin.c @@ -7,7 +7,7 @@ void handleSetExternalPlugin(uint8_t p1, uint8_t p2, - uint8_t *workBuffer, + const uint8_t *workBuffer, uint16_t dataLength, unsigned int *flags, unsigned int *tx) { diff --git a/src_features/setPlugin/cmd_setPlugin.c b/src_features/setPlugin/cmd_setPlugin.c index 58ad8bf..68b5e76 100644 --- a/src_features/setPlugin/cmd_setPlugin.c +++ b/src_features/setPlugin/cmd_setPlugin.c @@ -86,7 +86,7 @@ static pluginType_t getPluginType(char *pluginName, uint8_t pluginNameLength) { void handleSetPlugin(uint8_t p1, uint8_t p2, - uint8_t *workBuffer, + const uint8_t *workBuffer, uint16_t dataLength, unsigned int *flags, unsigned int *tx) { @@ -248,7 +248,7 @@ void handleSetPlugin(uint8_t p1, hashId, hash, sizeof(hash), - workBuffer + offset, + (unsigned char *) (workBuffer + offset), signatureLen)) { #ifndef HAVE_BYPASS_SIGNATURES PRINTF("Invalid NFT signature\n"); diff --git a/src_features/signMessage/cmd_signMessage.c b/src_features/signMessage/cmd_signMessage.c index 4069087..8389548 100644 --- a/src_features/signMessage/cmd_signMessage.c +++ b/src_features/signMessage/cmd_signMessage.c @@ -113,7 +113,7 @@ static void feed_value_str(const uint8_t *const data, size_t length, bool is_asc void handleSignPersonalMessage(uint8_t p1, uint8_t p2, - uint8_t *workBuffer, + const uint8_t *workBuffer, uint16_t dataLength, unsigned int *flags, unsigned int *tx) { diff --git a/src_features/signMessageEIP712/cmd_signMessage712.c b/src_features/signMessageEIP712/cmd_signMessage712.c index da0b0db..d12356c 100644 --- a/src_features/signMessageEIP712/cmd_signMessage712.c +++ b/src_features/signMessageEIP712/cmd_signMessage712.c @@ -5,7 +5,7 @@ void handleSignEIP712Message(uint8_t p1, uint8_t p2, - uint8_t *workBuffer, + const uint8_t *workBuffer, uint16_t dataLength, unsigned int *flags, unsigned int *tx) { diff --git a/src_features/signTx/cmd_signTx.c b/src_features/signTx/cmd_signTx.c index 1ea5d06..f7ca07c 100644 --- a/src_features/signTx/cmd_signTx.c +++ b/src_features/signTx/cmd_signTx.c @@ -6,7 +6,7 @@ void handleSign(uint8_t p1, uint8_t p2, - uint8_t *workBuffer, + const uint8_t *workBuffer, uint16_t dataLength, unsigned int *flags, unsigned int *tx) { diff --git a/src_features/stark_getPublicKey/cmd_stark_getPublicKey.c b/src_features/stark_getPublicKey/cmd_stark_getPublicKey.c index d93cd51..6e9efbf 100644 --- a/src_features/stark_getPublicKey/cmd_stark_getPublicKey.c +++ b/src_features/stark_getPublicKey/cmd_stark_getPublicKey.c @@ -8,7 +8,7 @@ void handleStarkwareGetPublicKey(uint8_t p1, uint8_t p2, - uint8_t *dataBuffer, + const uint8_t *dataBuffer, uint16_t dataLength, unsigned int *flags, unsigned int *tx) { diff --git a/src_features/stark_provideQuantum/cmd_stark_provideQuantum.c b/src_features/stark_provideQuantum/cmd_stark_provideQuantum.c index 1796fe5..89c68da 100644 --- a/src_features/stark_provideQuantum/cmd_stark_provideQuantum.c +++ b/src_features/stark_provideQuantum/cmd_stark_provideQuantum.c @@ -7,7 +7,7 @@ void handleStarkwareProvideQuantum(uint8_t p1, __attribute__((unused)) uint8_t p2, - uint8_t *dataBuffer, + const uint8_t *dataBuffer, uint16_t dataLength, __attribute__((unused)) unsigned int *flags, __attribute__((unused)) unsigned int *tx) { @@ -35,7 +35,7 @@ void handleStarkwareProvideQuantum(uint8_t p1, THROW(0x6700); } if (p1 == STARK_QUANTUM_LEGACY) { - addressZero = allzeroes(dataBuffer, 20); + addressZero = allzeroes((void *) dataBuffer, 20); } if ((p1 != STARK_QUANTUM_ETH) && !addressZero) { for (i = 0; i < MAX_ITEMS; i++) { diff --git a/src_features/stark_unsafe_sign/cmd_stark_unsafe_sign.c b/src_features/stark_unsafe_sign/cmd_stark_unsafe_sign.c index 1f057c2..33e3cad 100644 --- a/src_features/stark_unsafe_sign/cmd_stark_unsafe_sign.c +++ b/src_features/stark_unsafe_sign/cmd_stark_unsafe_sign.c @@ -8,7 +8,7 @@ void handleStarkwareUnsafeSign(uint8_t p1, uint8_t p2, - uint8_t *dataBuffer, + const uint8_t *dataBuffer, uint16_t dataLength, unsigned int *flags, __attribute__((unused)) unsigned int *tx) { From 8cc2adbb0a73764ecabd32e6f63ef805e571674a Mon Sep 17 00:00:00 2001 From: Jorge Martins Date: Fri, 15 Jul 2022 12:36:35 +0200 Subject: [PATCH 5/7] Mark pointer to databuffer/workbuffer as const --- src_features/getAppConfiguration/cmd_getAppConfiguration.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src_features/getAppConfiguration/cmd_getAppConfiguration.c b/src_features/getAppConfiguration/cmd_getAppConfiguration.c index c67b7f3..e9e09fc 100644 --- a/src_features/getAppConfiguration/cmd_getAppConfiguration.c +++ b/src_features/getAppConfiguration/cmd_getAppConfiguration.c @@ -5,7 +5,7 @@ void handleGetAppConfiguration(uint8_t p1, uint8_t p2, - uint8_t *workBuffer, + const uint8_t *workBuffer, uint16_t dataLength, unsigned int *flags, unsigned int *tx) { From 53520d23c2612324401fff14acfda4eab68d2e14 Mon Sep 17 00:00:00 2001 From: Jorge Martins Date: Fri, 15 Jul 2022 12:42:09 +0200 Subject: [PATCH 6/7] Fix code style --- src/eth_plugin_handler.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/eth_plugin_handler.c b/src/eth_plugin_handler.c index e5187ca..d0de69c 100644 --- a/src/eth_plugin_handler.c +++ b/src/eth_plugin_handler.c @@ -113,7 +113,7 @@ static bool eth_plugin_perform_init_old_internal(uint8_t *contractAddress, j++) { if (memcmp(init->selector, (const void *) PIC(selectors[j]), SELECTOR_SIZE) == 0) { if ((INTERNAL_ETH_PLUGINS[i].availableCheck == NULL) || - ((PluginAvailableCheck) PIC(INTERNAL_ETH_PLUGINS[i].availableCheck))()) { + ((PluginAvailableCheck) PIC(INTERNAL_ETH_PLUGINS[i].availableCheck)) ()) { strlcpy(dataContext.tokenContext.pluginName, INTERNAL_ETH_PLUGINS[i].alias, PLUGIN_ID_LENGTH); From 143d0e54f6200b15c10266c042d1f2b0f865e1f1 Mon Sep 17 00:00:00 2001 From: Jorge Martins Date: Fri, 15 Jul 2022 12:51:30 +0200 Subject: [PATCH 7/7] Fix function signature --- src/apdu_constants.h | 2 +- src_features/provideNFTInformation/cmd_provideNFTInfo.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/apdu_constants.h b/src/apdu_constants.h index 41d0207..1937075 100644 --- a/src/apdu_constants.h +++ b/src/apdu_constants.h @@ -72,7 +72,7 @@ void handleProvideErc20TokenInformation(uint8_t p1, unsigned int *tx); void handleProvideNFTInformation(uint8_t p1, uint8_t p2, - uint8_t *dataBuffer, + const uint8_t *dataBuffer, uint16_t dataLength, unsigned int *flags, unsigned int *tx); diff --git a/src_features/provideNFTInformation/cmd_provideNFTInfo.c b/src_features/provideNFTInformation/cmd_provideNFTInfo.c index 6f53b80..8d373ba 100644 --- a/src_features/provideNFTInformation/cmd_provideNFTInfo.c +++ b/src_features/provideNFTInformation/cmd_provideNFTInfo.c @@ -218,7 +218,7 @@ void handleProvideNFTInformation(uint8_t p1, hashId, hash, sizeof(hash), - workBuffer + offset, + (uint8_t *) workBuffer + offset, signatureLen)) { #ifndef HAVE_BYPASS_SIGNATURES PRINTF("Invalid NFT signature\n");