From 6ff2172f1bcc3348fcb5d36a66f80fae206bf071 Mon Sep 17 00:00:00 2001 From: pscott Date: Thu, 22 Apr 2021 10:08:05 +0200 Subject: [PATCH 01/28] Add upper bound for withdrawal index --- src_features/getEth2PublicKey/cmd_getEth2PublicKey.c | 2 +- .../setEth2WithdrawalIndex/cmd_setEth2WithdrawalIndex.c | 4 ++++ src_features/setEth2WithdrawalIndex/withdrawal_index.h | 2 ++ src_plugins/eth2/eth2_plugin.c | 6 ++++++ 4 files changed, 13 insertions(+), 1 deletion(-) diff --git a/src_features/getEth2PublicKey/cmd_getEth2PublicKey.c b/src_features/getEth2PublicKey/cmd_getEth2PublicKey.c index e584011..d4d38d4 100644 --- a/src_features/getEth2PublicKey/cmd_getEth2PublicKey.c +++ b/src_features/getEth2PublicKey/cmd_getEth2PublicKey.c @@ -19,7 +19,7 @@ void getEth2PublicKey(uint32_t *bip32Path, uint8_t bip32PathLength, uint8_t *out uint8_t tmp[96]; io_seproxyhal_io_heartbeat(); - os_perso_derive_eip2333(CX_CURVE_BLS12_381_G1, bip32Path, bip32PathLength, privateKeyData); + // os_perso_derive_eip2333(CX_CURVE_BLS12_381_G1, bip32Path, bip32PathLength, privateKeyData); io_seproxyhal_io_heartbeat(); memset(tmp, 0, 48); memmove(tmp + 16, privateKeyData, 32); diff --git a/src_features/setEth2WithdrawalIndex/cmd_setEth2WithdrawalIndex.c b/src_features/setEth2WithdrawalIndex/cmd_setEth2WithdrawalIndex.c index ea99f03..24d528f 100644 --- a/src_features/setEth2WithdrawalIndex/cmd_setEth2WithdrawalIndex.c +++ b/src_features/setEth2WithdrawalIndex/cmd_setEth2WithdrawalIndex.c @@ -2,6 +2,7 @@ #include "shared_context.h" #include "apdu_constants.h" +#include "withdrawal_index.h" void handleSetEth2WithdrawalIndex(uint8_t p1, uint8_t p2, @@ -18,6 +19,9 @@ void handleSetEth2WithdrawalIndex(uint8_t p1, } eth2WithdrawalIndex = U4BE(dataBuffer, 0); + if (eth2WithdrawalIndex > INDEX_MAX) { + THROW(0x6A80); // scott throw this error code or create new one ? + } THROW(0x9000); } diff --git a/src_features/setEth2WithdrawalIndex/withdrawal_index.h b/src_features/setEth2WithdrawalIndex/withdrawal_index.h index 497b489..a70064f 100644 --- a/src_features/setEth2WithdrawalIndex/withdrawal_index.h +++ b/src_features/setEth2WithdrawalIndex/withdrawal_index.h @@ -1,5 +1,7 @@ #include "stdint.h" +#define INDEX_MAX 1337 // scott + void handleSetEth2WithdrawalIndex(uint8_t p1, uint8_t p2, uint8_t *dataBuffer, diff --git a/src_plugins/eth2/eth2_plugin.c b/src_plugins/eth2/eth2_plugin.c index e4d57a2..09279d0 100644 --- a/src_plugins/eth2/eth2_plugin.c +++ b/src_plugins/eth2/eth2_plugin.c @@ -6,6 +6,7 @@ #include "shared_context.h" #include "ethUtils.h" #include "utils.h" +#include "withdrawal_index.h" void getEth2PublicKey(uint32_t *bip32Path, uint8_t bip32PathLength, uint8_t *out); @@ -98,6 +99,11 @@ void eth2_plugin_call(int message, void *parameters) { uint32_t withdrawalKeyPath[4]; withdrawalKeyPath[0] = WITHDRAWAL_KEY_PATH_1; withdrawalKeyPath[1] = WITHDRAWAL_KEY_PATH_2; + if (eth2WithdrawalIndex > INDEX_MAX) { + PRINTF("eth2 plugin eth2 withdrawal index is too big\n"); + PRINTF("Got %u which is higher than INDEX_MAX (%u)\n", eth2WithdrawalIndex, INDEX_MAX); + context->valid = 0; + } withdrawalKeyPath[2] = eth2WithdrawalIndex; withdrawalKeyPath[3] = WITHDRAWAL_KEY_PATH_4; getEth2PublicKey(withdrawalKeyPath, 4, tmp); From 4c067f2a43645ae8e1b8a6fd6c585d5800e26347 Mon Sep 17 00:00:00 2001 From: pscott Date: Thu, 22 Apr 2021 11:38:21 +0200 Subject: [PATCH 02/28] Add check for deposit contract address --- src_plugins/eth2/eth2_plugin.c | 96 +++++++++++++++++++++++++--------- 1 file changed, 72 insertions(+), 24 deletions(-) diff --git a/src_plugins/eth2/eth2_plugin.c b/src_plugins/eth2/eth2_plugin.c index 09279d0..66793d5 100644 --- a/src_plugins/eth2/eth2_plugin.c +++ b/src_plugins/eth2/eth2_plugin.c @@ -21,17 +21,64 @@ void getEth2PublicKey(uint32_t *bip32Path, uint8_t bip32PathLength, uint8_t *out #define ETH2_WITHDRAWAL_CREDENTIALS_LENGTH 0x20 #define ETH2_SIGNATURE_LENGTH 0x60 +#define DEPOSIT_CONTRACT_ADDRESS "0x00000000219ab540356cbb839cbe05303d7705fa" +#define DEPOSIT_CONTRACT_LENGTH sizeof(DEPOSIT_CONTRACT_ADDRESS) + typedef struct eth2_deposit_parameters_t { uint8_t valid; } eth2_deposit_parameters_t; +static void to_lowercase(char *str, unsigned char size) { + for (unsigned char i = 0; i < size && str[i] != 0; i++) { + if (str[i] >= 'A' && str[i] <= 'Z') { + str[i] += 'a' - 'A'; + } + } +} + +static int check_deposit_contract(ethPluginInitContract_t *msg) { + txContent_t *content = msg->pluginSharedRO->txContent; + char destinationAddress[DEPOSIT_CONTRACT_LENGTH]; + + destinationAddress[0] = '0'; + destinationAddress[1] = 'x'; + getEthAddressStringFromBinary(content->destination, + (uint8_t *) destinationAddress + 2, + &global_sha3, + chainConfig); + + uint8_t destinationLen = strlen(destinationAddress); + // Ensure address is in lowercase, to match DEPOSIT_CONTRACT_ADDRESS' case. + to_lowercase(destinationAddress, destinationLen); + + if (destinationLen != DEPOSIT_CONTRACT_LENGTH) { + PRINTF("eth2plugin: destination lengths differs. Expected %u got %u\n", + DEPOSIT_CONTRACT_LENGTH, + destinationLen); + return 0; + } else if (memcmp(destinationAddress, DEPOSIT_CONTRACT_ADDRESS, DEPOSIT_CONTRACT_LENGTH) != 0) { + PRINTF("eth2plugin: destination addresses differ. Expected %s got %s\n", + DEPOSIT_CONTRACT_ADDRESS, + destinationAddress); + return 0; + } else { + return 1; + } +} + void eth2_plugin_call(int message, void *parameters) { switch (message) { case ETH_PLUGIN_INIT_CONTRACT: { ethPluginInitContract_t *msg = (ethPluginInitContract_t *) parameters; eth2_deposit_parameters_t *context = (eth2_deposit_parameters_t *) msg->pluginContext; - context->valid = 1; - msg->result = ETH_PLUGIN_RESULT_OK; + if (check_deposit_contract(msg) == 0) { + PRINTF("eth2plugin: failed to check deposit contract\n"); + context->valid = 0; + msg->result = ETH_PLUGIN_RESULT_ERROR; + } else { + context->valid = 1; + msg->result = ETH_PLUGIN_RESULT_OK; + } } break; case ETH_PLUGIN_PROVIDE_PARAMETER: { @@ -95,27 +142,27 @@ void eth2_plugin_call(int message, void *parameters) { case 4 + (32 * 8): // withdrawal credentials { - uint8_t tmp[48]; - uint32_t withdrawalKeyPath[4]; - withdrawalKeyPath[0] = WITHDRAWAL_KEY_PATH_1; - withdrawalKeyPath[1] = WITHDRAWAL_KEY_PATH_2; - if (eth2WithdrawalIndex > INDEX_MAX) { - PRINTF("eth2 plugin eth2 withdrawal index is too big\n"); - PRINTF("Got %u which is higher than INDEX_MAX (%u)\n", eth2WithdrawalIndex, INDEX_MAX); - context->valid = 0; - } - withdrawalKeyPath[2] = eth2WithdrawalIndex; - withdrawalKeyPath[3] = WITHDRAWAL_KEY_PATH_4; - getEth2PublicKey(withdrawalKeyPath, 4, tmp); - PRINTF("eth2 plugin computed withdrawal public key %.*H\n", 48, tmp); - cx_hash_sha256(tmp, 48, tmp, 32); - tmp[0] = 0; - if (memcmp(tmp, msg->parameter, 32) != 0) { - PRINTF("eth2 plugin invalid withdrawal credentials\n"); - PRINTF("Got %.*H\n", 32, msg->parameter); - PRINTF("Expected %.*H\n", 32, tmp); - context->valid = 0; - } + // uint8_t tmp[48]; + // uint32_t withdrawalKeyPath[4]; + // withdrawalKeyPath[0] = WITHDRAWAL_KEY_PATH_1; + // withdrawalKeyPath[1] = WITHDRAWAL_KEY_PATH_2; + // if (eth2WithdrawalIndex > INDEX_MAX) { + // PRINTF("eth2 plugin: withdrawal index is too big\n"); + // PRINTF("Got %u which is higher than INDEX_MAX (%u)\n", + // eth2WithdrawalIndex, INDEX_MAX); context->valid = 0; + // } + // withdrawalKeyPath[2] = eth2WithdrawalIndex; + // withdrawalKeyPath[3] = WITHDRAWAL_KEY_PATH_4; + // getEth2PublicKey(withdrawalKeyPath, 4, tmp); + // PRINTF("eth2 plugin computed withdrawal public key %.*H\n", 48, tmp); + // cx_hash_sha256(tmp, 48, tmp, 32); + // tmp[0] = 0; + // if (memcmp(tmp, msg->parameter, 32) != 0) { + // PRINTF("eth2 plugin invalid withdrawal credentials\n"); + // PRINTF("Got %.*H\n", 32, msg->parameter); + // PRINTF("Expected %.*H\n", 32, tmp); + // context->valid = 0; + // } msg->result = ETH_PLUGIN_RESULT_OK; } break; @@ -147,7 +194,8 @@ void eth2_plugin_call(int message, void *parameters) { case ETH_PLUGIN_QUERY_CONTRACT_UI: { ethQueryContractUI_t *msg = (ethQueryContractUI_t *) parameters; - // eth2_deposit_parameters_t *context = (eth2_deposit_parameters_t*)msg->pluginContext; + // eth2_deposit_parameters_t *context = + // (eth2_deposit_parameters_t*)msg->pluginContext; switch (msg->screenIndex) { case 0: { uint8_t decimals = WEI_TO_ETHER; From d1f5cd0286e5e4c9a503924acc466f57f709e649 Mon Sep 17 00:00:00 2001 From: pscott Date: Thu, 22 Apr 2021 11:40:12 +0200 Subject: [PATCH 03/28] Fix destinationLen computing --- src_plugins/eth2/eth2_plugin.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src_plugins/eth2/eth2_plugin.c b/src_plugins/eth2/eth2_plugin.c index 66793d5..572df0f 100644 --- a/src_plugins/eth2/eth2_plugin.c +++ b/src_plugins/eth2/eth2_plugin.c @@ -47,7 +47,8 @@ static int check_deposit_contract(ethPluginInitContract_t *msg) { &global_sha3, chainConfig); - uint8_t destinationLen = strlen(destinationAddress); + uint8_t destinationLen = strlen(destinationAddress) + 1; // Adding one to account for \0. + // Ensure address is in lowercase, to match DEPOSIT_CONTRACT_ADDRESS' case. to_lowercase(destinationAddress, destinationLen); From b899edfaaf7887aaf86ad9c1cf1f3ae97bf1032b Mon Sep 17 00:00:00 2001 From: pscott Date: Thu, 22 Apr 2021 13:57:09 +0200 Subject: [PATCH 04/28] Display validator address --- src_plugins/eth2/eth2_plugin.c | 65 ++++++++++++++++++++++++++-------- 1 file changed, 50 insertions(+), 15 deletions(-) diff --git a/src_plugins/eth2/eth2_plugin.c b/src_plugins/eth2/eth2_plugin.c index 572df0f..2edabdd 100644 --- a/src_plugins/eth2/eth2_plugin.c +++ b/src_plugins/eth2/eth2_plugin.c @@ -24,6 +24,8 @@ void getEth2PublicKey(uint32_t *bip32Path, uint8_t bip32PathLength, uint8_t *out #define DEPOSIT_CONTRACT_ADDRESS "0x00000000219ab540356cbb839cbe05303d7705fa" #define DEPOSIT_CONTRACT_LENGTH sizeof(DEPOSIT_CONTRACT_ADDRESS) +char deposit_address[ETH2_DEPOSIT_PUBKEY_LENGTH]; + typedef struct eth2_deposit_parameters_t { uint8_t valid; } eth2_deposit_parameters_t; @@ -36,21 +38,30 @@ static void to_lowercase(char *str, unsigned char size) { } } +// Fills the `out` buffer with the lowercase string representation of the pubkey passed in as binary format by `in`. +// Does not check the size, so expects `out` to be big enough to told the string representation. +// Returns the length of string (counting the null terminating character). +static int getEthDisplayableAddress(char *out, uint8_t *in) { + out[0] = '0'; + out[1] = 'x'; + getEthAddressStringFromBinary(in, + (uint8_t *) out + 2, + &global_sha3, + chainConfig); + + uint8_t destinationLen = strlen(out) + 1; // Adding one to account for \0. + + // Ensure address is in lowercase, to match DEPOSIT_CONTRACT_ADDRESS' case. + to_lowercase(out, destinationLen); + + return (destinationLen); +} + static int check_deposit_contract(ethPluginInitContract_t *msg) { txContent_t *content = msg->pluginSharedRO->txContent; char destinationAddress[DEPOSIT_CONTRACT_LENGTH]; - destinationAddress[0] = '0'; - destinationAddress[1] = 'x'; - getEthAddressStringFromBinary(content->destination, - (uint8_t *) destinationAddress + 2, - &global_sha3, - chainConfig); - - uint8_t destinationLen = strlen(destinationAddress) + 1; // Adding one to account for \0. - - // Ensure address is in lowercase, to match DEPOSIT_CONTRACT_ADDRESS' case. - to_lowercase(destinationAddress, destinationLen); + uint8_t destinationLen = getEthDisplayableAddress(destinationAddress, content->destination); if (destinationLen != DEPOSIT_CONTRACT_LENGTH) { PRINTF("eth2plugin: destination lengths differs. Expected %u got %u\n", @@ -132,9 +143,28 @@ void eth2_plugin_call(int message, void *parameters) { msg->result = ETH_PLUGIN_RESULT_OK; } break; + case 4 + (32 * 5): // deposit pubkey 1 + { + // Copy the first 32 bytes. + memcpy(deposit_address, msg->parameter, sizeof(deposit_address)); + msg->result = ETH_PLUGIN_RESULT_OK; + break; + } + case 4 + (32 * 6): // deposit pubkey 2 + { + // Copy the last 16 bytes. + memcpy(deposit_address + 32, msg->parameter, sizeof(deposit_address) - 32); + + // Use a temporary buffer to store the string representation. + char tmp[ETH2_DEPOSIT_PUBKEY_LENGTH]; + getEthDisplayableAddress(tmp, (uint8_t *)deposit_address); + + // Copy back the string to the global variable. + strcpy(deposit_address, tmp); + msg->result = ETH_PLUGIN_RESULT_OK; + break; + } case 4 + (32 * 3): // deposit data root - case 4 + (32 * 5): // deposit pubkey - case 4 + (32 * 6): case 4 + (32 * 10): // signature case 4 + (32 * 11): case 4 + (32 * 12): @@ -178,7 +208,7 @@ void eth2_plugin_call(int message, void *parameters) { eth2_deposit_parameters_t *context = (eth2_deposit_parameters_t *) msg->pluginContext; PRINTF("eth2 plugin finalize\n"); if (context->valid) { - msg->numScreens = 1; + msg->numScreens = 2; msg->uiType = ETH_UI_TYPE_GENERIC; msg->result = ETH_PLUGIN_RESULT_OK; } else { @@ -198,7 +228,7 @@ void eth2_plugin_call(int message, void *parameters) { // eth2_deposit_parameters_t *context = // (eth2_deposit_parameters_t*)msg->pluginContext; switch (msg->screenIndex) { - case 0: { + case 0: { // Amount screen uint8_t decimals = WEI_TO_ETHER; uint8_t *ticker = (uint8_t *) PIC(chainConfig->coinName); strcpy(msg->title, "Amount"); @@ -210,6 +240,11 @@ void eth2_plugin_call(int message, void *parameters) { 100); msg->result = ETH_PLUGIN_RESULT_OK; } break; + case 1: { // Deposit pubkey screen + strcpy(msg->title, "Validator"); + strcpy(msg->msg, deposit_address); + msg->result = ETH_PLUGIN_RESULT_OK; + } default: break; } From a4dcec436f9b52f65ea6d172f1ebca171710a863 Mon Sep 17 00:00:00 2001 From: pscott Date: Thu, 22 Apr 2021 14:01:52 +0200 Subject: [PATCH 05/28] Clang-format --- .../setEth2WithdrawalIndex/withdrawal_index.h | 2 +- src_plugins/eth2/eth2_plugin.c | 55 +++++++++---------- 2 files changed, 27 insertions(+), 30 deletions(-) diff --git a/src_features/setEth2WithdrawalIndex/withdrawal_index.h b/src_features/setEth2WithdrawalIndex/withdrawal_index.h index a70064f..f84535b 100644 --- a/src_features/setEth2WithdrawalIndex/withdrawal_index.h +++ b/src_features/setEth2WithdrawalIndex/withdrawal_index.h @@ -1,6 +1,6 @@ #include "stdint.h" -#define INDEX_MAX 1337 // scott +#define INDEX_MAX 1337 // scott void handleSetEth2WithdrawalIndex(uint8_t p1, uint8_t p2, diff --git a/src_plugins/eth2/eth2_plugin.c b/src_plugins/eth2/eth2_plugin.c index 2edabdd..a194293 100644 --- a/src_plugins/eth2/eth2_plugin.c +++ b/src_plugins/eth2/eth2_plugin.c @@ -38,18 +38,15 @@ static void to_lowercase(char *str, unsigned char size) { } } -// Fills the `out` buffer with the lowercase string representation of the pubkey passed in as binary format by `in`. -// Does not check the size, so expects `out` to be big enough to told the string representation. -// Returns the length of string (counting the null terminating character). +// Fills the `out` buffer with the lowercase string representation of the pubkey passed in as binary +// format by `in`. Does not check the size, so expects `out` to be big enough to told the string +// representation. Returns the length of string (counting the null terminating character). static int getEthDisplayableAddress(char *out, uint8_t *in) { out[0] = '0'; out[1] = 'x'; - getEthAddressStringFromBinary(in, - (uint8_t *) out + 2, - &global_sha3, - chainConfig); + getEthAddressStringFromBinary(in, (uint8_t *) out + 2, &global_sha3, chainConfig); - uint8_t destinationLen = strlen(out) + 1; // Adding one to account for \0. + uint8_t destinationLen = strlen(out) + 1; // Adding one to account for \0. // Ensure address is in lowercase, to match DEPOSIT_CONTRACT_ADDRESS' case. to_lowercase(out, destinationLen); @@ -144,27 +141,27 @@ void eth2_plugin_call(int message, void *parameters) { } break; case 4 + (32 * 5): // deposit pubkey 1 - { - // Copy the first 32 bytes. - memcpy(deposit_address, msg->parameter, sizeof(deposit_address)); - msg->result = ETH_PLUGIN_RESULT_OK; - break; - } - case 4 + (32 * 6): // deposit pubkey 2 - { - // Copy the last 16 bytes. - memcpy(deposit_address + 32, msg->parameter, sizeof(deposit_address) - 32); + { + // Copy the first 32 bytes. + memcpy(deposit_address, msg->parameter, sizeof(deposit_address)); + msg->result = ETH_PLUGIN_RESULT_OK; + break; + } + case 4 + (32 * 6): // deposit pubkey 2 + { + // Copy the last 16 bytes. + memcpy(deposit_address + 32, msg->parameter, sizeof(deposit_address) - 32); - // Use a temporary buffer to store the string representation. - char tmp[ETH2_DEPOSIT_PUBKEY_LENGTH]; - getEthDisplayableAddress(tmp, (uint8_t *)deposit_address); + // Use a temporary buffer to store the string representation. + char tmp[ETH2_DEPOSIT_PUBKEY_LENGTH]; + getEthDisplayableAddress(tmp, (uint8_t *) deposit_address); - // Copy back the string to the global variable. - strcpy(deposit_address, tmp); - msg->result = ETH_PLUGIN_RESULT_OK; - break; - } - case 4 + (32 * 3): // deposit data root + // Copy back the string to the global variable. + strcpy(deposit_address, tmp); + msg->result = ETH_PLUGIN_RESULT_OK; + break; + } + case 4 + (32 * 3): // deposit data root case 4 + (32 * 10): // signature case 4 + (32 * 11): case 4 + (32 * 12): @@ -228,7 +225,7 @@ void eth2_plugin_call(int message, void *parameters) { // eth2_deposit_parameters_t *context = // (eth2_deposit_parameters_t*)msg->pluginContext; switch (msg->screenIndex) { - case 0: { // Amount screen + case 0: { // Amount screen uint8_t decimals = WEI_TO_ETHER; uint8_t *ticker = (uint8_t *) PIC(chainConfig->coinName); strcpy(msg->title, "Amount"); @@ -240,7 +237,7 @@ void eth2_plugin_call(int message, void *parameters) { 100); msg->result = ETH_PLUGIN_RESULT_OK; } break; - case 1: { // Deposit pubkey screen + case 1: { // Deposit pubkey screen strcpy(msg->title, "Validator"); strcpy(msg->msg, deposit_address); msg->result = ETH_PLUGIN_RESULT_OK; From 31ad5e3431cc507f001c88accc225b94b6011a31 Mon Sep 17 00:00:00 2001 From: pscott Date: Thu, 22 Apr 2021 14:04:09 +0200 Subject: [PATCH 06/28] Remove comments --- src_plugins/eth2/eth2_plugin.c | 44 +++++++++++++++++----------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/src_plugins/eth2/eth2_plugin.c b/src_plugins/eth2/eth2_plugin.c index a194293..378bdc3 100644 --- a/src_plugins/eth2/eth2_plugin.c +++ b/src_plugins/eth2/eth2_plugin.c @@ -61,7 +61,7 @@ static int check_deposit_contract(ethPluginInitContract_t *msg) { uint8_t destinationLen = getEthDisplayableAddress(destinationAddress, content->destination); if (destinationLen != DEPOSIT_CONTRACT_LENGTH) { - PRINTF("eth2plugin: destination lengths differs. Expected %u got %u\n", + PRINTF("eth2plugin: destination lengths differ. Expected %u got %u\n", DEPOSIT_CONTRACT_LENGTH, destinationLen); return 0; @@ -170,27 +170,27 @@ void eth2_plugin_call(int message, void *parameters) { case 4 + (32 * 8): // withdrawal credentials { - // uint8_t tmp[48]; - // uint32_t withdrawalKeyPath[4]; - // withdrawalKeyPath[0] = WITHDRAWAL_KEY_PATH_1; - // withdrawalKeyPath[1] = WITHDRAWAL_KEY_PATH_2; - // if (eth2WithdrawalIndex > INDEX_MAX) { - // PRINTF("eth2 plugin: withdrawal index is too big\n"); - // PRINTF("Got %u which is higher than INDEX_MAX (%u)\n", - // eth2WithdrawalIndex, INDEX_MAX); context->valid = 0; - // } - // withdrawalKeyPath[2] = eth2WithdrawalIndex; - // withdrawalKeyPath[3] = WITHDRAWAL_KEY_PATH_4; - // getEth2PublicKey(withdrawalKeyPath, 4, tmp); - // PRINTF("eth2 plugin computed withdrawal public key %.*H\n", 48, tmp); - // cx_hash_sha256(tmp, 48, tmp, 32); - // tmp[0] = 0; - // if (memcmp(tmp, msg->parameter, 32) != 0) { - // PRINTF("eth2 plugin invalid withdrawal credentials\n"); - // PRINTF("Got %.*H\n", 32, msg->parameter); - // PRINTF("Expected %.*H\n", 32, tmp); - // context->valid = 0; - // } + uint8_t tmp[48]; + uint32_t withdrawalKeyPath[4]; + withdrawalKeyPath[0] = WITHDRAWAL_KEY_PATH_1; + withdrawalKeyPath[1] = WITHDRAWAL_KEY_PATH_2; + if (eth2WithdrawalIndex > INDEX_MAX) { + PRINTF("eth2 plugin: withdrawal index is too big\n"); + PRINTF("Got %u which is higher than INDEX_MAX (%u)\n", + eth2WithdrawalIndex, INDEX_MAX); context->valid = 0; + } + withdrawalKeyPath[2] = eth2WithdrawalIndex; + withdrawalKeyPath[3] = WITHDRAWAL_KEY_PATH_4; + getEth2PublicKey(withdrawalKeyPath, 4, tmp); + PRINTF("eth2 plugin computed withdrawal public key %.*H\n", 48, tmp); + cx_hash_sha256(tmp, 48, tmp, 32); + tmp[0] = 0; + if (memcmp(tmp, msg->parameter, 32) != 0) { + PRINTF("eth2 plugin invalid withdrawal credentials\n"); + PRINTF("Got %.*H\n", 32, msg->parameter); + PRINTF("Expected %.*H\n", 32, tmp); + context->valid = 0; + } msg->result = ETH_PLUGIN_RESULT_OK; } break; From 3fd3b2e46dcc38a1bcef91a794cd8ac8ee53f638 Mon Sep 17 00:00:00 2001 From: pscott Date: Thu, 22 Apr 2021 14:05:39 +0200 Subject: [PATCH 07/28] clang-format --- .../setEth2WithdrawalIndex/cmd_setEth2WithdrawalIndex.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src_features/setEth2WithdrawalIndex/cmd_setEth2WithdrawalIndex.c b/src_features/setEth2WithdrawalIndex/cmd_setEth2WithdrawalIndex.c index 24d528f..9a03986 100644 --- a/src_features/setEth2WithdrawalIndex/cmd_setEth2WithdrawalIndex.c +++ b/src_features/setEth2WithdrawalIndex/cmd_setEth2WithdrawalIndex.c @@ -20,7 +20,7 @@ void handleSetEth2WithdrawalIndex(uint8_t p1, eth2WithdrawalIndex = U4BE(dataBuffer, 0); if (eth2WithdrawalIndex > INDEX_MAX) { - THROW(0x6A80); // scott throw this error code or create new one ? + THROW(0x6A80); // scott throw this error code or create new one ? } THROW(0x9000); From e76a7aa5cac19183d60f5c0e087e1db49993806b Mon Sep 17 00:00:00 2001 From: pscott Date: Thu, 22 Apr 2021 14:08:02 +0200 Subject: [PATCH 08/28] Clang please --- src_plugins/eth2/eth2_plugin.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src_plugins/eth2/eth2_plugin.c b/src_plugins/eth2/eth2_plugin.c index 378bdc3..de8bac9 100644 --- a/src_plugins/eth2/eth2_plugin.c +++ b/src_plugins/eth2/eth2_plugin.c @@ -177,7 +177,9 @@ void eth2_plugin_call(int message, void *parameters) { if (eth2WithdrawalIndex > INDEX_MAX) { PRINTF("eth2 plugin: withdrawal index is too big\n"); PRINTF("Got %u which is higher than INDEX_MAX (%u)\n", - eth2WithdrawalIndex, INDEX_MAX); context->valid = 0; + eth2WithdrawalIndex, + INDEX_MAX); + context->valid = 0; } withdrawalKeyPath[2] = eth2WithdrawalIndex; withdrawalKeyPath[3] = WITHDRAWAL_KEY_PATH_4; From a6a196b62d0ea8c38bfba362bf5724eba8ccab4a Mon Sep 17 00:00:00 2001 From: pscott Date: Thu, 22 Apr 2021 14:29:27 +0200 Subject: [PATCH 09/28] Remove comment of os_perso_derive --- src_features/getEth2PublicKey/cmd_getEth2PublicKey.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src_features/getEth2PublicKey/cmd_getEth2PublicKey.c b/src_features/getEth2PublicKey/cmd_getEth2PublicKey.c index d4d38d4..e584011 100644 --- a/src_features/getEth2PublicKey/cmd_getEth2PublicKey.c +++ b/src_features/getEth2PublicKey/cmd_getEth2PublicKey.c @@ -19,7 +19,7 @@ void getEth2PublicKey(uint32_t *bip32Path, uint8_t bip32PathLength, uint8_t *out uint8_t tmp[96]; io_seproxyhal_io_heartbeat(); - // os_perso_derive_eip2333(CX_CURVE_BLS12_381_G1, bip32Path, bip32PathLength, privateKeyData); + os_perso_derive_eip2333(CX_CURVE_BLS12_381_G1, bip32Path, bip32PathLength, privateKeyData); io_seproxyhal_io_heartbeat(); memset(tmp, 0, 48); memmove(tmp + 16, privateKeyData, 32); From 18822f9462fe0c01373274bf55766ca09aebbe65 Mon Sep 17 00:00:00 2001 From: pscott Date: Thu, 22 Apr 2021 14:39:46 +0200 Subject: [PATCH 10/28] Move deposit_address to eth2_deposit_parameters_t --- src_plugins/eth2/eth2_plugin.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src_plugins/eth2/eth2_plugin.c b/src_plugins/eth2/eth2_plugin.c index de8bac9..4c38efd 100644 --- a/src_plugins/eth2/eth2_plugin.c +++ b/src_plugins/eth2/eth2_plugin.c @@ -24,10 +24,9 @@ void getEth2PublicKey(uint32_t *bip32Path, uint8_t bip32PathLength, uint8_t *out #define DEPOSIT_CONTRACT_ADDRESS "0x00000000219ab540356cbb839cbe05303d7705fa" #define DEPOSIT_CONTRACT_LENGTH sizeof(DEPOSIT_CONTRACT_ADDRESS) -char deposit_address[ETH2_DEPOSIT_PUBKEY_LENGTH]; - typedef struct eth2_deposit_parameters_t { uint8_t valid; + char deposit_address[ETH2_DEPOSIT_PUBKEY_LENGTH]; } eth2_deposit_parameters_t; static void to_lowercase(char *str, unsigned char size) { From 550fc86ba8899dbc0ed5d4e9ffbbad99b68edcd8 Mon Sep 17 00:00:00 2001 From: pscott Date: Thu, 22 Apr 2021 14:57:30 +0200 Subject: [PATCH 11/28] Remove INDEX_MAX from withdrawal_index.h ; set limit to 2^19 --- .../setEth2WithdrawalIndex/cmd_setEth2WithdrawalIndex.c | 5 ----- src_features/setEth2WithdrawalIndex/withdrawal_index.h | 2 -- src_plugins/eth2/eth2_plugin.c | 4 +++- 3 files changed, 3 insertions(+), 8 deletions(-) diff --git a/src_features/setEth2WithdrawalIndex/cmd_setEth2WithdrawalIndex.c b/src_features/setEth2WithdrawalIndex/cmd_setEth2WithdrawalIndex.c index 9a03986..c60631d 100644 --- a/src_features/setEth2WithdrawalIndex/cmd_setEth2WithdrawalIndex.c +++ b/src_features/setEth2WithdrawalIndex/cmd_setEth2WithdrawalIndex.c @@ -18,11 +18,6 @@ void handleSetEth2WithdrawalIndex(uint8_t p1, THROW(0x6B00); } - eth2WithdrawalIndex = U4BE(dataBuffer, 0); - if (eth2WithdrawalIndex > INDEX_MAX) { - THROW(0x6A80); // scott throw this error code or create new one ? - } - THROW(0x9000); } diff --git a/src_features/setEth2WithdrawalIndex/withdrawal_index.h b/src_features/setEth2WithdrawalIndex/withdrawal_index.h index f84535b..497b489 100644 --- a/src_features/setEth2WithdrawalIndex/withdrawal_index.h +++ b/src_features/setEth2WithdrawalIndex/withdrawal_index.h @@ -1,7 +1,5 @@ #include "stdint.h" -#define INDEX_MAX 1337 // scott - void handleSetEth2WithdrawalIndex(uint8_t p1, uint8_t p2, uint8_t *dataBuffer, diff --git a/src_plugins/eth2/eth2_plugin.c b/src_plugins/eth2/eth2_plugin.c index 4c38efd..4e3d49f 100644 --- a/src_plugins/eth2/eth2_plugin.c +++ b/src_plugins/eth2/eth2_plugin.c @@ -6,7 +6,6 @@ #include "shared_context.h" #include "ethUtils.h" #include "utils.h" -#include "withdrawal_index.h" void getEth2PublicKey(uint32_t *bip32Path, uint8_t bip32PathLength, uint8_t *out); @@ -24,6 +23,9 @@ void getEth2PublicKey(uint32_t *bip32Path, uint8_t bip32PathLength, uint8_t *out #define DEPOSIT_CONTRACT_ADDRESS "0x00000000219ab540356cbb839cbe05303d7705fa" #define DEPOSIT_CONTRACT_LENGTH sizeof(DEPOSIT_CONTRACT_ADDRESS) +// Highest index for withdrawal derivation path. +#define INDEX_MAX 524288 // 2 ^ 19 + typedef struct eth2_deposit_parameters_t { uint8_t valid; char deposit_address[ETH2_DEPOSIT_PUBKEY_LENGTH]; From d4bd5cac8950ca0dad3105efe31c3a250ddd1ff8 Mon Sep 17 00:00:00 2001 From: pscott Date: Thu, 22 Apr 2021 15:06:12 +0200 Subject: [PATCH 12/28] Fix compilation error --- src_plugins/eth2/eth2_plugin.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/src_plugins/eth2/eth2_plugin.c b/src_plugins/eth2/eth2_plugin.c index 4e3d49f..e15dce8 100644 --- a/src_plugins/eth2/eth2_plugin.c +++ b/src_plugins/eth2/eth2_plugin.c @@ -144,21 +144,25 @@ void eth2_plugin_call(int message, void *parameters) { case 4 + (32 * 5): // deposit pubkey 1 { // Copy the first 32 bytes. - memcpy(deposit_address, msg->parameter, sizeof(deposit_address)); + memcpy(context->deposit_address, + msg->parameter, + sizeof(context->deposit_address)); msg->result = ETH_PLUGIN_RESULT_OK; break; } case 4 + (32 * 6): // deposit pubkey 2 { // Copy the last 16 bytes. - memcpy(deposit_address + 32, msg->parameter, sizeof(deposit_address) - 32); + memcpy(context->deposit_address + 32, + msg->parameter, + sizeof(context->deposit_address) - 32); // Use a temporary buffer to store the string representation. char tmp[ETH2_DEPOSIT_PUBKEY_LENGTH]; - getEthDisplayableAddress(tmp, (uint8_t *) deposit_address); + getEthDisplayableAddress(tmp, (uint8_t *) context->deposit_address); // Copy back the string to the global variable. - strcpy(deposit_address, tmp); + strcpy(context->deposit_address, tmp); msg->result = ETH_PLUGIN_RESULT_OK; break; } @@ -225,8 +229,7 @@ void eth2_plugin_call(int message, void *parameters) { case ETH_PLUGIN_QUERY_CONTRACT_UI: { ethQueryContractUI_t *msg = (ethQueryContractUI_t *) parameters; - // eth2_deposit_parameters_t *context = - // (eth2_deposit_parameters_t*)msg->pluginContext; + eth2_deposit_parameters_t *context = (eth2_deposit_parameters_t *) msg->pluginContext; switch (msg->screenIndex) { case 0: { // Amount screen uint8_t decimals = WEI_TO_ETHER; @@ -242,7 +245,7 @@ void eth2_plugin_call(int message, void *parameters) { } break; case 1: { // Deposit pubkey screen strcpy(msg->title, "Validator"); - strcpy(msg->msg, deposit_address); + strcpy(msg->msg, context->deposit_address); msg->result = ETH_PLUGIN_RESULT_OK; } default: From fe2aab08a16b4381a2aaeb90e5ccfeb09e8fca8e Mon Sep 17 00:00:00 2001 From: pscott Date: Thu, 22 Apr 2021 15:53:09 +0200 Subject: [PATCH 13/28] Add comment regarding arbitrary value of INDEX_MAX --- src_plugins/eth2/eth2_plugin.c | 53 ++++++++++++++++++---------------- 1 file changed, 28 insertions(+), 25 deletions(-) diff --git a/src_plugins/eth2/eth2_plugin.c b/src_plugins/eth2/eth2_plugin.c index e15dce8..6e1ee6b 100644 --- a/src_plugins/eth2/eth2_plugin.c +++ b/src_plugins/eth2/eth2_plugin.c @@ -24,7 +24,7 @@ void getEth2PublicKey(uint32_t *bip32Path, uint8_t bip32PathLength, uint8_t *out #define DEPOSIT_CONTRACT_LENGTH sizeof(DEPOSIT_CONTRACT_ADDRESS) // Highest index for withdrawal derivation path. -#define INDEX_MAX 524288 // 2 ^ 19 +#define INDEX_MAX 524288 // 2 ^ 19 : arbitrary value to protect from path attacks. typedef struct eth2_deposit_parameters_t { uint8_t valid; @@ -59,7 +59,10 @@ static int check_deposit_contract(ethPluginInitContract_t *msg) { txContent_t *content = msg->pluginSharedRO->txContent; char destinationAddress[DEPOSIT_CONTRACT_LENGTH]; - uint8_t destinationLen = getEthDisplayableAddress(destinationAddress, content->destination); + // uint8_t destinationLen = getEthDisplayableAddress(destinationAddress, content->destination); + PRINTF("INSIDE content: string: |%s|\n", content->destination); + PRINTF("INSIDE content: bytes: |%.*H|\n", sizeof(content->destination), content->destination); + uint8_t destinationLen = 43; if (destinationLen != DEPOSIT_CONTRACT_LENGTH) { PRINTF("eth2plugin: destination lengths differ. Expected %u got %u\n", @@ -175,29 +178,29 @@ void eth2_plugin_call(int message, void *parameters) { case 4 + (32 * 8): // withdrawal credentials { - uint8_t tmp[48]; - uint32_t withdrawalKeyPath[4]; - withdrawalKeyPath[0] = WITHDRAWAL_KEY_PATH_1; - withdrawalKeyPath[1] = WITHDRAWAL_KEY_PATH_2; - if (eth2WithdrawalIndex > INDEX_MAX) { - PRINTF("eth2 plugin: withdrawal index is too big\n"); - PRINTF("Got %u which is higher than INDEX_MAX (%u)\n", - eth2WithdrawalIndex, - INDEX_MAX); - context->valid = 0; - } - withdrawalKeyPath[2] = eth2WithdrawalIndex; - withdrawalKeyPath[3] = WITHDRAWAL_KEY_PATH_4; - getEth2PublicKey(withdrawalKeyPath, 4, tmp); - PRINTF("eth2 plugin computed withdrawal public key %.*H\n", 48, tmp); - cx_hash_sha256(tmp, 48, tmp, 32); - tmp[0] = 0; - if (memcmp(tmp, msg->parameter, 32) != 0) { - PRINTF("eth2 plugin invalid withdrawal credentials\n"); - PRINTF("Got %.*H\n", 32, msg->parameter); - PRINTF("Expected %.*H\n", 32, tmp); - context->valid = 0; - } + // uint8_t tmp[48]; + // uint32_t withdrawalKeyPath[4]; + // withdrawalKeyPath[0] = WITHDRAWAL_KEY_PATH_1; + // withdrawalKeyPath[1] = WITHDRAWAL_KEY_PATH_2; + // if (eth2WithdrawalIndex > INDEX_MAX) { + // PRINTF("eth2 plugin: withdrawal index is too big\n"); + // PRINTF("Got %u which is higher than INDEX_MAX (%u)\n", + // eth2WithdrawalIndex, + // INDEX_MAX); + // context->valid = 0; + // } + // withdrawalKeyPath[2] = eth2WithdrawalIndex; + // withdrawalKeyPath[3] = WITHDRAWAL_KEY_PATH_4; + // getEth2PublicKey(withdrawalKeyPath, 4, tmp); + // PRINTF("eth2 plugin computed withdrawal public key %.*H\n", 48, tmp); + // cx_hash_sha256(tmp, 48, tmp, 32); + // tmp[0] = 0; + // if (memcmp(tmp, msg->parameter, 32) != 0) { + // PRINTF("eth2 plugin invalid withdrawal credentials\n"); + // PRINTF("Got %.*H\n", 32, msg->parameter); + // PRINTF("Expected %.*H\n", 32, tmp); + // context->valid = 0; + // } msg->result = ETH_PLUGIN_RESULT_OK; } break; From 0af10691eb462d799e96e1a0616e91c2a8bbace4 Mon Sep 17 00:00:00 2001 From: pscott Date: Fri, 23 Apr 2021 19:15:30 +0200 Subject: [PATCH 14/28] Verify return value of plugin --- src/eth_plugin_handler.c | 11 ++-- src/eth_plugin_handler.h | 3 +- src/eth_plugin_interface.h | 3 +- src/shared_context.h | 2 +- .../getEth2PublicKey/cmd_getEth2PublicKey.c | 2 +- src_features/signTx/cmd_signTx.c | 2 +- src_features/signTx/logic_signTx.c | 32 ++++++----- src_plugins/eth2/eth2_plugin.c | 56 +++++++++---------- 8 files changed, 60 insertions(+), 51 deletions(-) diff --git a/src/eth_plugin_handler.c b/src/eth_plugin_handler.c index ccaa86e..29e0b6e 100644 --- a/src/eth_plugin_handler.c +++ b/src/eth_plugin_handler.c @@ -56,10 +56,11 @@ void eth_plugin_prepare_query_contract_UI(ethQueryContractUI_t *queryContractUI, queryContractUI->msgLength = msgLength; } -int eth_plugin_perform_init(uint8_t *contractAddress, ethPluginInitContract_t *init) { +eth_plugin_result_t eth_plugin_perform_init(uint8_t *contractAddress, + ethPluginInitContract_t *init) { uint8_t i; const uint8_t **selectors; - dataContext.tokenContext.pluginAvailable = 0; + dataContext.tokenContext.pluginStatus = ETH_PLUGIN_RESULT_UNAVAILABLE; // Handle hardcoded plugin list PRINTF("Selector %.*H\n", 4, init->selector); for (i = 0;; i++) { @@ -74,7 +75,7 @@ int eth_plugin_perform_init(uint8_t *contractAddress, ethPluginInitContract_t *i if ((INTERNAL_ETH_PLUGINS[i].availableCheck == NULL) || ((PluginAvailableCheck) PIC(INTERNAL_ETH_PLUGINS[i].availableCheck))()) { strcpy(dataContext.tokenContext.pluginName, INTERNAL_ETH_PLUGINS[i].alias); - dataContext.tokenContext.pluginAvailable = 1; + dataContext.tokenContext.pluginStatus = ETH_PLUGIN_RESULT_OK; contractAddress = NULL; break; } @@ -106,7 +107,7 @@ int eth_plugin_perform_init(uint8_t *contractAddress, ethPluginInitContract_t *i } } PRINTF("eth_plugin_init ok %s\n", dataContext.tokenContext.pluginName); - dataContext.tokenContext.pluginAvailable = 1; + dataContext.tokenContext.pluginStatus = ETH_PLUGIN_RESULT_OK; return 1; } @@ -122,7 +123,7 @@ int eth_plugin_call(uint8_t *contractAddress, int method, void *parameter) { pluginRO.txContent = &tmpContent.txContent; if (contractAddress == NULL) { - if (!dataContext.tokenContext.pluginAvailable) { + if (dataContext.tokenContext.pluginStatus == ETH_PLUGIN_RESULT_UNAVAILABLE) { PRINTF("Cached plugin call but no plugin available\n"); return 0; } diff --git a/src/eth_plugin_handler.h b/src/eth_plugin_handler.h index 9336ce9..6f309ef 100644 --- a/src/eth_plugin_handler.h +++ b/src/eth_plugin_handler.h @@ -22,7 +22,8 @@ void eth_plugin_prepare_query_contract_UI(ethQueryContractUI_t *queryContractUI, char *msg, uint32_t msgLength); -int eth_plugin_perform_init(uint8_t *contractAddress, ethPluginInitContract_t *init); +eth_plugin_result_t eth_plugin_perform_init(uint8_t *contractAddress, + ethPluginInitContract_t *init); // NULL for cached address, or base contract address int eth_plugin_call(uint8_t *contractAddress, int method, void *parameter); int compound_plugin_call(uint8_t *contractAddress, int method, void *parameter); diff --git a/src/eth_plugin_interface.h b/src/eth_plugin_interface.h index e5f8dd9..73e26b3 100644 --- a/src/eth_plugin_interface.h +++ b/src/eth_plugin_interface.h @@ -25,7 +25,8 @@ typedef enum { ETH_PLUGIN_RESULT_ERROR = 0x00, ETH_PLUGIN_RESULT_OK = 0x01, ETH_PLUGIN_RESULT_OK_ALIAS = 0x02, - ETH_PLUGIN_RESULT_FALLBACK = 0x03 + ETH_PLUGIN_RESULT_FALLBACK = 0x03, + ETH_PLUGIN_RESULT_UNAVAILABLE = 0x03 } eth_plugin_result_t; diff --git a/src/shared_context.h b/src/shared_context.h index 63db781..95791f5 100644 --- a/src/shared_context.h +++ b/src/shared_context.h @@ -48,7 +48,7 @@ typedef enum starkQuantumType_e { typedef struct tokenContext_t { char pluginName[PLUGIN_ID_LENGTH]; - uint8_t pluginAvailable; + uint8_t pluginStatus; uint8_t data[32]; uint8_t fieldIndex; diff --git a/src_features/getEth2PublicKey/cmd_getEth2PublicKey.c b/src_features/getEth2PublicKey/cmd_getEth2PublicKey.c index e584011..d4d38d4 100644 --- a/src_features/getEth2PublicKey/cmd_getEth2PublicKey.c +++ b/src_features/getEth2PublicKey/cmd_getEth2PublicKey.c @@ -19,7 +19,7 @@ void getEth2PublicKey(uint32_t *bip32Path, uint8_t bip32PathLength, uint8_t *out uint8_t tmp[96]; io_seproxyhal_io_heartbeat(); - os_perso_derive_eip2333(CX_CURVE_BLS12_381_G1, bip32Path, bip32PathLength, privateKeyData); + // os_perso_derive_eip2333(CX_CURVE_BLS12_381_G1, bip32Path, bip32PathLength, privateKeyData); io_seproxyhal_io_heartbeat(); memset(tmp, 0, 48); memmove(tmp + 16, privateKeyData, 32); diff --git a/src_features/signTx/cmd_signTx.c b/src_features/signTx/cmd_signTx.c index e721d06..cd6b447 100644 --- a/src_features/signTx/cmd_signTx.c +++ b/src_features/signTx/cmd_signTx.c @@ -39,7 +39,7 @@ void handleSign(uint8_t p1, dataLength -= 4; } dataPresent = false; - dataContext.tokenContext.pluginAvailable = 0; + dataContext.tokenContext.pluginStatus = ETH_PLUGIN_RESULT_UNAVAILABLE; initTx(&txContext, &global_sha3, &tmpContent.txContent, customProcessor, NULL); } else if (p1 != P1_MORE) { THROW(0x6B00); diff --git a/src_features/signTx/logic_signTx.c b/src_features/signTx/logic_signTx.c index cfbfa8a..cf668e4 100644 --- a/src_features/signTx/logic_signTx.c +++ b/src_features/signTx/logic_signTx.c @@ -42,24 +42,29 @@ customStatus_e customProcessor(txContext_t *context) { PRINTF("Missing function selector\n"); return CUSTOM_FAULT; } - dataContext.tokenContext.pluginAvailable = 0; + dataContext.tokenContext.pluginStatus = ETH_PLUGIN_RESULT_UNAVAILABLE; // If contract debugging mode is activated, do not go through the plugin activation // as they wouldn't be displayed if the plugin consumes all data but fallbacks if (!N_storage.contractDetails) { eth_plugin_prepare_init(&pluginInit, context->workBuffer, context->currentFieldLength); - dataContext.tokenContext.pluginAvailable = + dataContext.tokenContext.pluginStatus = eth_plugin_perform_init(tmpContent.txContent.destination, &pluginInit); } - PRINTF("pluginAvailable %d\n", dataContext.tokenContext.pluginAvailable); - if (dataContext.tokenContext.pluginAvailable) { - dataContext.tokenContext.fieldIndex = 0; - dataContext.tokenContext.fieldOffset = 0; - copyTxData(context, NULL, 4); - if (context->currentFieldLength == 4) { - return CUSTOM_NOT_HANDLED; - } + PRINTF("pluginstatus %d\n", dataContext.tokenContext.pluginStatus); + switch (dataContext.tokenContext.pluginStatus) { + case ETH_PLUGIN_RESULT_ERROR: + return CUSTOM_FAULT; + case ETH_PLUGIN_RESULT_UNAVAILABLE: + break; + default: + dataContext.tokenContext.fieldIndex = 0; + dataContext.tokenContext.fieldOffset = 0; + copyTxData(context, NULL, 4); + if (context->currentFieldLength == 4) { + return CUSTOM_NOT_HANDLED; + } } } uint32_t blockSize; @@ -77,7 +82,8 @@ customStatus_e customProcessor(txContext_t *context) { dataContext.tokenContext.fieldOffset = 0; blockSize = 4; } else { - if (!N_storage.contractDetails && !dataContext.tokenContext.pluginAvailable) { + if (!N_storage.contractDetails && + dataContext.tokenContext.pluginStatus != ETH_PLUGIN_RESULT_OK) { return CUSTOM_NOT_HANDLED; } blockSize = 32 - (dataContext.tokenContext.fieldOffset % 32); @@ -106,7 +112,7 @@ customStatus_e customProcessor(txContext_t *context) { if (copySize == blockSize) { // Can process or display - if (dataContext.tokenContext.pluginAvailable) { + if (dataContext.tokenContext.pluginStatus == ETH_PLUGIN_RESULT_OK) { ethPluginProvideParameter_t pluginProvideParameter; eth_plugin_prepare_provide_parameter(&pluginProvideParameter, dataContext.tokenContext.data, @@ -257,7 +263,7 @@ void finalizeParsing(bool direct) { 32); // Finalize the plugin handling - if (dataContext.tokenContext.pluginAvailable) { + if (dataContext.tokenContext.pluginStatus == ETH_PLUGIN_RESULT_OK) { genericUI = false; eth_plugin_prepare_finalize(&pluginFinalize); if (!eth_plugin_call(NULL, ETH_PLUGIN_FINALIZE, (void *) &pluginFinalize)) { diff --git a/src_plugins/eth2/eth2_plugin.c b/src_plugins/eth2/eth2_plugin.c index 6e1ee6b..ea360d2 100644 --- a/src_plugins/eth2/eth2_plugin.c +++ b/src_plugins/eth2/eth2_plugin.c @@ -59,10 +59,7 @@ static int check_deposit_contract(ethPluginInitContract_t *msg) { txContent_t *content = msg->pluginSharedRO->txContent; char destinationAddress[DEPOSIT_CONTRACT_LENGTH]; - // uint8_t destinationLen = getEthDisplayableAddress(destinationAddress, content->destination); - PRINTF("INSIDE content: string: |%s|\n", content->destination); - PRINTF("INSIDE content: bytes: |%.*H|\n", sizeof(content->destination), content->destination); - uint8_t destinationLen = 43; + uint8_t destinationLen = getEthDisplayableAddress(destinationAddress, content->destination); if (destinationLen != DEPOSIT_CONTRACT_LENGTH) { PRINTF("eth2plugin: destination lengths differ. Expected %u got %u\n", @@ -178,30 +175,33 @@ void eth2_plugin_call(int message, void *parameters) { case 4 + (32 * 8): // withdrawal credentials { - // uint8_t tmp[48]; - // uint32_t withdrawalKeyPath[4]; - // withdrawalKeyPath[0] = WITHDRAWAL_KEY_PATH_1; - // withdrawalKeyPath[1] = WITHDRAWAL_KEY_PATH_2; - // if (eth2WithdrawalIndex > INDEX_MAX) { - // PRINTF("eth2 plugin: withdrawal index is too big\n"); - // PRINTF("Got %u which is higher than INDEX_MAX (%u)\n", - // eth2WithdrawalIndex, - // INDEX_MAX); - // context->valid = 0; - // } - // withdrawalKeyPath[2] = eth2WithdrawalIndex; - // withdrawalKeyPath[3] = WITHDRAWAL_KEY_PATH_4; - // getEth2PublicKey(withdrawalKeyPath, 4, tmp); - // PRINTF("eth2 plugin computed withdrawal public key %.*H\n", 48, tmp); - // cx_hash_sha256(tmp, 48, tmp, 32); - // tmp[0] = 0; - // if (memcmp(tmp, msg->parameter, 32) != 0) { - // PRINTF("eth2 plugin invalid withdrawal credentials\n"); - // PRINTF("Got %.*H\n", 32, msg->parameter); - // PRINTF("Expected %.*H\n", 32, tmp); - // context->valid = 0; - // } - msg->result = ETH_PLUGIN_RESULT_OK; + uint8_t tmp[48]; + uint32_t withdrawalKeyPath[4]; + withdrawalKeyPath[0] = WITHDRAWAL_KEY_PATH_1; + withdrawalKeyPath[1] = WITHDRAWAL_KEY_PATH_2; + if (eth2WithdrawalIndex > INDEX_MAX) { + PRINTF("eth2 plugin: withdrawal index is too big\n"); + PRINTF("Got %u which is higher than INDEX_MAX (%u)\n", + eth2WithdrawalIndex, + INDEX_MAX); + msg->result = ETH_PLUGIN_RESULT_ERROR; + context->valid = 0; + } + withdrawalKeyPath[2] = eth2WithdrawalIndex; + withdrawalKeyPath[3] = WITHDRAWAL_KEY_PATH_4; + getEth2PublicKey(withdrawalKeyPath, 4, tmp); + PRINTF("eth2 plugin computed withdrawal public key %.*H\n", 48, tmp); + cx_hash_sha256(tmp, 48, tmp, 32); + tmp[0] = 0; + if (memcmp(tmp, msg->parameter, 32) != 0) { + PRINTF("eth2 plugin invalid withdrawal credentials\n"); + PRINTF("Got %.*H\n", 32, msg->parameter); + PRINTF("Expected %.*H\n", 32, tmp); + msg->result = ETH_PLUGIN_RESULT_ERROR; + context->valid = 0; + } else { + msg->result = ETH_PLUGIN_RESULT_OK; + } } break; default: From c006233a7801fbb8fec1eec8c7bdfa1af766b3e5 Mon Sep 17 00:00:00 2001 From: pscott Date: Sat, 24 Apr 2021 12:02:25 +0200 Subject: [PATCH 15/28] Fix enum value for UNAVAILABLE --- src/eth_plugin_interface.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/eth_plugin_interface.h b/src/eth_plugin_interface.h index 73e26b3..6d60514 100644 --- a/src/eth_plugin_interface.h +++ b/src/eth_plugin_interface.h @@ -26,7 +26,7 @@ typedef enum { ETH_PLUGIN_RESULT_OK = 0x01, ETH_PLUGIN_RESULT_OK_ALIAS = 0x02, ETH_PLUGIN_RESULT_FALLBACK = 0x03, - ETH_PLUGIN_RESULT_UNAVAILABLE = 0x03 + ETH_PLUGIN_RESULT_UNAVAILABLE = 0x04 } eth_plugin_result_t; From 59ce2b6562cd795636446971bb44bb967c86b145 Mon Sep 17 00:00:00 2001 From: pscott Date: Sat, 24 Apr 2021 12:02:47 +0200 Subject: [PATCH 16/28] Uncomment os_perso_derive --- src_features/getEth2PublicKey/cmd_getEth2PublicKey.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src_features/getEth2PublicKey/cmd_getEth2PublicKey.c b/src_features/getEth2PublicKey/cmd_getEth2PublicKey.c index d4d38d4..e584011 100644 --- a/src_features/getEth2PublicKey/cmd_getEth2PublicKey.c +++ b/src_features/getEth2PublicKey/cmd_getEth2PublicKey.c @@ -19,7 +19,7 @@ void getEth2PublicKey(uint32_t *bip32Path, uint8_t bip32PathLength, uint8_t *out uint8_t tmp[96]; io_seproxyhal_io_heartbeat(); - // os_perso_derive_eip2333(CX_CURVE_BLS12_381_G1, bip32Path, bip32PathLength, privateKeyData); + os_perso_derive_eip2333(CX_CURVE_BLS12_381_G1, bip32Path, bip32PathLength, privateKeyData); io_seproxyhal_io_heartbeat(); memset(tmp, 0, 48); memmove(tmp + 16, privateKeyData, 32); From dcacda44c10487e86a85c8146121a66b849bde4b Mon Sep 17 00:00:00 2001 From: pscott Date: Sat, 24 Apr 2021 12:04:41 +0200 Subject: [PATCH 17/28] Revert changes to seteth2withdrawalindex --- .../setEth2WithdrawalIndex/cmd_setEth2WithdrawalIndex.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src_features/setEth2WithdrawalIndex/cmd_setEth2WithdrawalIndex.c b/src_features/setEth2WithdrawalIndex/cmd_setEth2WithdrawalIndex.c index c60631d..ea99f03 100644 --- a/src_features/setEth2WithdrawalIndex/cmd_setEth2WithdrawalIndex.c +++ b/src_features/setEth2WithdrawalIndex/cmd_setEth2WithdrawalIndex.c @@ -2,7 +2,6 @@ #include "shared_context.h" #include "apdu_constants.h" -#include "withdrawal_index.h" void handleSetEth2WithdrawalIndex(uint8_t p1, uint8_t p2, @@ -18,6 +17,8 @@ void handleSetEth2WithdrawalIndex(uint8_t p1, THROW(0x6B00); } + eth2WithdrawalIndex = U4BE(dataBuffer, 0); + THROW(0x9000); } From 6cd4b6e2aab2ee66b63b54c307d82606ecfa2344 Mon Sep 17 00:00:00 2001 From: pscott Date: Sat, 24 Apr 2021 12:14:36 +0200 Subject: [PATCH 18/28] Revamp return results of plugins --- src/eth_plugin_handler.c | 2 +- src/eth_plugin_interface.h | 14 +++++++++----- src_features/signTx/logic_signTx.c | 7 ++++--- 3 files changed, 14 insertions(+), 9 deletions(-) diff --git a/src/eth_plugin_handler.c b/src/eth_plugin_handler.c index 29e0b6e..f68eb7e 100644 --- a/src/eth_plugin_handler.c +++ b/src/eth_plugin_handler.c @@ -123,7 +123,7 @@ int eth_plugin_call(uint8_t *contractAddress, int method, void *parameter) { pluginRO.txContent = &tmpContent.txContent; if (contractAddress == NULL) { - if (dataContext.tokenContext.pluginStatus == ETH_PLUGIN_RESULT_UNAVAILABLE) { + if (dataContext.tokenContext.pluginStatus < ETH_PLUGIN_RESULT_UNSUCCESSFUL) { PRINTF("Cached plugin call but no plugin available\n"); return 0; } diff --git a/src/eth_plugin_interface.h b/src/eth_plugin_interface.h index 6d60514..8e17672 100644 --- a/src/eth_plugin_interface.h +++ b/src/eth_plugin_interface.h @@ -21,12 +21,16 @@ typedef enum { } eth_plugin_msg_t; typedef enum { - + // Unsuccesful return values ETH_PLUGIN_RESULT_ERROR = 0x00, - ETH_PLUGIN_RESULT_OK = 0x01, - ETH_PLUGIN_RESULT_OK_ALIAS = 0x02, - ETH_PLUGIN_RESULT_FALLBACK = 0x03, - ETH_PLUGIN_RESULT_UNAVAILABLE = 0x04 + ETH_PLUGIN_RESULT_UNAVAILABLE = 0x01, + ETH_PLUGIN_RESULT_UNSUCCESSFUL = 0x02, // Used for comparison + + // Successful return values + ETH_PLUGIN_RESULT_SUCCESSFUL = 0x03, // Used for comparison + ETH_PLUGIN_RESULT_OK = 0x04, + ETH_PLUGIN_RESULT_OK_ALIAS = 0x05, + ETH_PLUGIN_RESULT_FALLBACK = 0x06 } eth_plugin_result_t; diff --git a/src_features/signTx/logic_signTx.c b/src_features/signTx/logic_signTx.c index cf668e4..dcd5bd1 100644 --- a/src_features/signTx/logic_signTx.c +++ b/src_features/signTx/logic_signTx.c @@ -57,6 +57,7 @@ customStatus_e customProcessor(txContext_t *context) { case ETH_PLUGIN_RESULT_ERROR: return CUSTOM_FAULT; case ETH_PLUGIN_RESULT_UNAVAILABLE: + case ETH_PLUGIN_RESULT_UNSUCCESSFUL: break; default: dataContext.tokenContext.fieldIndex = 0; @@ -83,7 +84,7 @@ customStatus_e customProcessor(txContext_t *context) { blockSize = 4; } else { if (!N_storage.contractDetails && - dataContext.tokenContext.pluginStatus != ETH_PLUGIN_RESULT_OK) { + dataContext.tokenContext.pluginStatus <= ETH_PLUGIN_RESULT_UNSUCCESSFUL) { return CUSTOM_NOT_HANDLED; } blockSize = 32 - (dataContext.tokenContext.fieldOffset % 32); @@ -112,7 +113,7 @@ customStatus_e customProcessor(txContext_t *context) { if (copySize == blockSize) { // Can process or display - if (dataContext.tokenContext.pluginStatus == ETH_PLUGIN_RESULT_OK) { + if (dataContext.tokenContext.pluginStatus >= ETH_PLUGIN_RESULT_SUCCESSFUL) { ethPluginProvideParameter_t pluginProvideParameter; eth_plugin_prepare_provide_parameter(&pluginProvideParameter, dataContext.tokenContext.data, @@ -263,7 +264,7 @@ void finalizeParsing(bool direct) { 32); // Finalize the plugin handling - if (dataContext.tokenContext.pluginStatus == ETH_PLUGIN_RESULT_OK) { + if (dataContext.tokenContext.pluginStatus >= ETH_PLUGIN_RESULT_SUCCESSFUL) { genericUI = false; eth_plugin_prepare_finalize(&pluginFinalize); if (!eth_plugin_call(NULL, ETH_PLUGIN_FINALIZE, (void *) &pluginFinalize)) { From e4d66535ed2f054c378979be8e076cefc1c48f62 Mon Sep 17 00:00:00 2001 From: pscott Date: Sat, 24 Apr 2021 12:15:32 +0200 Subject: [PATCH 19/28] Use equal for comparison with unsuccesful variant --- src/eth_plugin_handler.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/eth_plugin_handler.c b/src/eth_plugin_handler.c index f68eb7e..6fe6f61 100644 --- a/src/eth_plugin_handler.c +++ b/src/eth_plugin_handler.c @@ -123,7 +123,7 @@ int eth_plugin_call(uint8_t *contractAddress, int method, void *parameter) { pluginRO.txContent = &tmpContent.txContent; if (contractAddress == NULL) { - if (dataContext.tokenContext.pluginStatus < ETH_PLUGIN_RESULT_UNSUCCESSFUL) { + if (dataContext.tokenContext.pluginStatus <= ETH_PLUGIN_RESULT_UNSUCCESSFUL) { PRINTF("Cached plugin call but no plugin available\n"); return 0; } From a6945c42b21511259cf0581ca3faea9f5d163260 Mon Sep 17 00:00:00 2001 From: pscott Date: Tue, 27 Apr 2021 10:36:22 +0200 Subject: [PATCH 20/28] Fix return values from enums --- src/eth_plugin_handler.c | 50 +++++++++++++++++------------- src/eth_plugin_handler.h | 2 +- src_features/signTx/logic_signTx.c | 9 ++---- 3 files changed, 33 insertions(+), 28 deletions(-) diff --git a/src/eth_plugin_handler.c b/src/eth_plugin_handler.c index 6fe6f61..9110660 100644 --- a/src/eth_plugin_handler.c +++ b/src/eth_plugin_handler.c @@ -95,23 +95,23 @@ eth_plugin_result_t eth_plugin_perform_init(uint8_t *contractAddress, } else { PRINTF("Trying alias %s\n", dataContext.tokenContext.pluginName); } - int status = eth_plugin_call(contractAddress, ETH_PLUGIN_INIT_CONTRACT, (void *) init); - if (!status) { - return 0; + eth_plugin_result_t status = eth_plugin_call(contractAddress, ETH_PLUGIN_INIT_CONTRACT, (void *) init); + if (status <= ETH_PLUGIN_RESULT_UNSUCCESSFUL) { + return status; } - if (status == ETH_PLUGIN_RESULT_OK) { - break; - } - if (status == ETH_PLUGIN_RESULT_OK_ALIAS) { + else if (status == ETH_PLUGIN_RESULT_OK_ALIAS) { contractAddress = NULL; } + else { + break; + } } PRINTF("eth_plugin_init ok %s\n", dataContext.tokenContext.pluginName); dataContext.tokenContext.pluginStatus = ETH_PLUGIN_RESULT_OK; - return 1; + return ETH_PLUGIN_RESULT_OK; } -int eth_plugin_call(uint8_t *contractAddress, int method, void *parameter) { +eth_plugin_result_t eth_plugin_call(uint8_t *contractAddress, int method, void *parameter) { ethPluginSharedRW_t pluginRW; ethPluginSharedRO_t pluginRO; char tmp[PLUGIN_ID_LENGTH]; @@ -125,7 +125,7 @@ int eth_plugin_call(uint8_t *contractAddress, int method, void *parameter) { if (contractAddress == NULL) { if (dataContext.tokenContext.pluginStatus <= ETH_PLUGIN_RESULT_UNSUCCESSFUL) { PRINTF("Cached plugin call but no plugin available\n"); - return 0; + return dataContext.tokenContext.pluginStatus; } alias = dataContext.tokenContext.pluginName; } else { @@ -177,7 +177,7 @@ int eth_plugin_call(uint8_t *contractAddress, int method, void *parameter) { break; default: PRINTF("Unknown plugin method %d\n", method); - return 0; + return ETH_PLUGIN_RESULT_UNAVAILABLE; } // Perform the call @@ -223,8 +223,10 @@ int eth_plugin_call(uint8_t *contractAddress, int method, void *parameter) { break; case ETH_PLUGIN_RESULT_OK_ALIAS: break; + case ETH_PLUGIN_RESULT_ERROR: + return ETH_PLUGIN_RESULT_ERROR; default: - return 0; + return ETH_PLUGIN_RESULT_UNAVAILABLE; } break; case ETH_PLUGIN_PROVIDE_PARAMETER: @@ -232,8 +234,10 @@ int eth_plugin_call(uint8_t *contractAddress, int method, void *parameter) { case ETH_PLUGIN_RESULT_OK: case ETH_PLUGIN_RESULT_FALLBACK: break; + case ETH_PLUGIN_RESULT_ERROR: + return ETH_PLUGIN_RESULT_ERROR; default: - return 0; + return ETH_PLUGIN_RESULT_UNAVAILABLE; } break; case ETH_PLUGIN_FINALIZE: @@ -241,8 +245,10 @@ int eth_plugin_call(uint8_t *contractAddress, int method, void *parameter) { case ETH_PLUGIN_RESULT_OK: case ETH_PLUGIN_RESULT_FALLBACK: break; + case ETH_PLUGIN_RESULT_ERROR: + return ETH_PLUGIN_RESULT_ERROR; default: - return 0; + return ETH_PLUGIN_RESULT_UNAVAILABLE; } break; case ETH_PLUGIN_PROVIDE_TOKEN: @@ -250,23 +256,25 @@ int eth_plugin_call(uint8_t *contractAddress, int method, void *parameter) { case ETH_PLUGIN_RESULT_OK: case ETH_PLUGIN_RESULT_FALLBACK: break; + case ETH_PLUGIN_RESULT_ERROR: + return ETH_PLUGIN_RESULT_ERROR; default: - return 0; + return ETH_PLUGIN_RESULT_UNAVAILABLE; } break; case ETH_PLUGIN_QUERY_CONTRACT_ID: - if (((ethQueryContractID_t *) parameter)->result != ETH_PLUGIN_RESULT_OK) { - return 0; + if (((ethQueryContractID_t *) parameter)->result <= ETH_PLUGIN_RESULT_UNSUCCESSFUL) { + return ETH_PLUGIN_RESULT_UNAVAILABLE; } break; case ETH_PLUGIN_QUERY_CONTRACT_UI: - if (((ethQueryContractUI_t *) parameter)->result != ETH_PLUGIN_RESULT_OK) { - return 0; + if (((ethQueryContractUI_t *) parameter)->result <= ETH_PLUGIN_RESULT_OK) { + return ETH_PLUGIN_RESULT_UNAVAILABLE; } break; default: - return 0; + return ETH_PLUGIN_RESULT_UNAVAILABLE; } - return 1; + return ETH_PLUGIN_RESULT_OK; } diff --git a/src/eth_plugin_handler.h b/src/eth_plugin_handler.h index 6f309ef..35892b9 100644 --- a/src/eth_plugin_handler.h +++ b/src/eth_plugin_handler.h @@ -25,7 +25,7 @@ void eth_plugin_prepare_query_contract_UI(ethQueryContractUI_t *queryContractUI, eth_plugin_result_t eth_plugin_perform_init(uint8_t *contractAddress, ethPluginInitContract_t *init); // NULL for cached address, or base contract address -int eth_plugin_call(uint8_t *contractAddress, int method, void *parameter); +eth_plugin_result_t eth_plugin_call(uint8_t *contractAddress, int method, void *parameter); int compound_plugin_call(uint8_t *contractAddress, int method, void *parameter); void plugin_ui_start(void); diff --git a/src_features/signTx/logic_signTx.c b/src_features/signTx/logic_signTx.c index dcd5bd1..95958d5 100644 --- a/src_features/signTx/logic_signTx.c +++ b/src_features/signTx/logic_signTx.c @@ -53,13 +53,10 @@ customStatus_e customProcessor(txContext_t *context) { eth_plugin_perform_init(tmpContent.txContent.destination, &pluginInit); } PRINTF("pluginstatus %d\n", dataContext.tokenContext.pluginStatus); - switch (dataContext.tokenContext.pluginStatus) { - case ETH_PLUGIN_RESULT_ERROR: + eth_plugin_result_t status = dataContext.tokenContext.pluginStatus; + if (status == ETH_PLUGIN_RESULT_ERROR) { return CUSTOM_FAULT; - case ETH_PLUGIN_RESULT_UNAVAILABLE: - case ETH_PLUGIN_RESULT_UNSUCCESSFUL: - break; - default: + } else if (status >= ETH_PLUGIN_RESULT_SUCCESSFUL) { dataContext.tokenContext.fieldIndex = 0; dataContext.tokenContext.fieldOffset = 0; copyTxData(context, NULL, 4); From f893637d7158665cd6df38f9b35a0582655e0dc1 Mon Sep 17 00:00:00 2001 From: pscott Date: Tue, 27 Apr 2021 10:37:22 +0200 Subject: [PATCH 21/28] Clang-format --- src/eth_plugin_handler.c | 9 ++++----- src/eth_plugin_interface.h | 4 ++-- src_features/signTx/logic_signTx.c | 14 +++++++------- 3 files changed, 13 insertions(+), 14 deletions(-) diff --git a/src/eth_plugin_handler.c b/src/eth_plugin_handler.c index 9110660..a39d22d 100644 --- a/src/eth_plugin_handler.c +++ b/src/eth_plugin_handler.c @@ -95,14 +95,13 @@ eth_plugin_result_t eth_plugin_perform_init(uint8_t *contractAddress, } else { PRINTF("Trying alias %s\n", dataContext.tokenContext.pluginName); } - eth_plugin_result_t status = eth_plugin_call(contractAddress, ETH_PLUGIN_INIT_CONTRACT, (void *) init); + eth_plugin_result_t status = + eth_plugin_call(contractAddress, ETH_PLUGIN_INIT_CONTRACT, (void *) init); if (status <= ETH_PLUGIN_RESULT_UNSUCCESSFUL) { return status; - } - else if (status == ETH_PLUGIN_RESULT_OK_ALIAS) { + } else if (status == ETH_PLUGIN_RESULT_OK_ALIAS) { contractAddress = NULL; - } - else { + } else { break; } } diff --git a/src/eth_plugin_interface.h b/src/eth_plugin_interface.h index 8e17672..b6a00ac 100644 --- a/src/eth_plugin_interface.h +++ b/src/eth_plugin_interface.h @@ -24,10 +24,10 @@ typedef enum { // Unsuccesful return values ETH_PLUGIN_RESULT_ERROR = 0x00, ETH_PLUGIN_RESULT_UNAVAILABLE = 0x01, - ETH_PLUGIN_RESULT_UNSUCCESSFUL = 0x02, // Used for comparison + ETH_PLUGIN_RESULT_UNSUCCESSFUL = 0x02, // Used for comparison // Successful return values - ETH_PLUGIN_RESULT_SUCCESSFUL = 0x03, // Used for comparison + ETH_PLUGIN_RESULT_SUCCESSFUL = 0x03, // Used for comparison ETH_PLUGIN_RESULT_OK = 0x04, ETH_PLUGIN_RESULT_OK_ALIAS = 0x05, ETH_PLUGIN_RESULT_FALLBACK = 0x06 diff --git a/src_features/signTx/logic_signTx.c b/src_features/signTx/logic_signTx.c index 95958d5..57f08ff 100644 --- a/src_features/signTx/logic_signTx.c +++ b/src_features/signTx/logic_signTx.c @@ -55,14 +55,14 @@ customStatus_e customProcessor(txContext_t *context) { PRINTF("pluginstatus %d\n", dataContext.tokenContext.pluginStatus); eth_plugin_result_t status = dataContext.tokenContext.pluginStatus; if (status == ETH_PLUGIN_RESULT_ERROR) { - return CUSTOM_FAULT; + return CUSTOM_FAULT; } else if (status >= ETH_PLUGIN_RESULT_SUCCESSFUL) { - dataContext.tokenContext.fieldIndex = 0; - dataContext.tokenContext.fieldOffset = 0; - copyTxData(context, NULL, 4); - if (context->currentFieldLength == 4) { - return CUSTOM_NOT_HANDLED; - } + dataContext.tokenContext.fieldIndex = 0; + dataContext.tokenContext.fieldOffset = 0; + copyTxData(context, NULL, 4); + if (context->currentFieldLength == 4) { + return CUSTOM_NOT_HANDLED; + } } } uint32_t blockSize; From 653e5e667b29f1f3fb7f1557bc984ff27bd48b9d Mon Sep 17 00:00:00 2001 From: pscott <30843220+pscott@users.noreply.github.com> Date: Tue, 27 Apr 2021 18:00:38 +0200 Subject: [PATCH 22/28] Update INDEX_MAX to 2^16 --- src_plugins/eth2/eth2_plugin.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src_plugins/eth2/eth2_plugin.c b/src_plugins/eth2/eth2_plugin.c index ea360d2..a0825ef 100644 --- a/src_plugins/eth2/eth2_plugin.c +++ b/src_plugins/eth2/eth2_plugin.c @@ -24,7 +24,7 @@ void getEth2PublicKey(uint32_t *bip32Path, uint8_t bip32PathLength, uint8_t *out #define DEPOSIT_CONTRACT_LENGTH sizeof(DEPOSIT_CONTRACT_ADDRESS) // Highest index for withdrawal derivation path. -#define INDEX_MAX 524288 // 2 ^ 19 : arbitrary value to protect from path attacks. +#define INDEX_MAX 65536 // 2 ^ 16 : arbitrary value to protect from path attacks. typedef struct eth2_deposit_parameters_t { uint8_t valid; From 257ff60b9b4cc9971ae416fc75c02b6cf1c22dcd Mon Sep 17 00:00:00 2001 From: pscott Date: Tue, 4 May 2021 12:06:16 +0200 Subject: [PATCH 23/28] Fix typo --- src_plugins/eth2/eth2_plugin.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src_plugins/eth2/eth2_plugin.c b/src_plugins/eth2/eth2_plugin.c index ea360d2..362282f 100644 --- a/src_plugins/eth2/eth2_plugin.c +++ b/src_plugins/eth2/eth2_plugin.c @@ -40,7 +40,7 @@ static void to_lowercase(char *str, unsigned char size) { } // Fills the `out` buffer with the lowercase string representation of the pubkey passed in as binary -// format by `in`. Does not check the size, so expects `out` to be big enough to told the string +// format by `in`. Does not check the size, so expects `out` to be big enough to hold the string // representation. Returns the length of string (counting the null terminating character). static int getEthDisplayableAddress(char *out, uint8_t *in) { out[0] = '0'; From a88ed3de5d642b2565dc5f20bc75e441e98f1db9 Mon Sep 17 00:00:00 2001 From: pscott Date: Tue, 4 May 2021 12:11:18 +0200 Subject: [PATCH 24/28] Do not used global sha3 for future-proofness --- src_plugins/eth2/eth2_plugin.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src_plugins/eth2/eth2_plugin.c b/src_plugins/eth2/eth2_plugin.c index 362282f..2d904a9 100644 --- a/src_plugins/eth2/eth2_plugin.c +++ b/src_plugins/eth2/eth2_plugin.c @@ -42,10 +42,10 @@ static void to_lowercase(char *str, unsigned char size) { // Fills the `out` buffer with the lowercase string representation of the pubkey passed in as binary // format by `in`. Does not check the size, so expects `out` to be big enough to hold the string // representation. Returns the length of string (counting the null terminating character). -static int getEthDisplayableAddress(char *out, uint8_t *in) { +static int getEthDisplayableAddress(char *out, uint8_t *in, cx_sha3_t *sha3) { out[0] = '0'; out[1] = 'x'; - getEthAddressStringFromBinary(in, (uint8_t *) out + 2, &global_sha3, chainConfig); + getEthAddressStringFromBinary(in, (uint8_t *) out + 2, &sha3, chainConfig); uint8_t destinationLen = strlen(out) + 1; // Adding one to account for \0. @@ -59,7 +59,7 @@ static int check_deposit_contract(ethPluginInitContract_t *msg) { txContent_t *content = msg->pluginSharedRO->txContent; char destinationAddress[DEPOSIT_CONTRACT_LENGTH]; - uint8_t destinationLen = getEthDisplayableAddress(destinationAddress, content->destination); + uint8_t destinationLen = getEthDisplayableAddress(destinationAddress, content->destination, msg->pluginSharedRW->sha3); if (destinationLen != DEPOSIT_CONTRACT_LENGTH) { PRINTF("eth2plugin: destination lengths differ. Expected %u got %u\n", @@ -159,7 +159,7 @@ void eth2_plugin_call(int message, void *parameters) { // Use a temporary buffer to store the string representation. char tmp[ETH2_DEPOSIT_PUBKEY_LENGTH]; - getEthDisplayableAddress(tmp, (uint8_t *) context->deposit_address); + getEthDisplayableAddress(tmp, (uint8_t *) context->deposit_address, msg->pluginSharedRW->sha3); // Copy back the string to the global variable. strcpy(context->deposit_address, tmp); From e29813bcb9e8bd51ebf2e535f7c1ccb19ae23468 Mon Sep 17 00:00:00 2001 From: TamtamHero <10632523+TamtamHero@users.noreply.github.com> Date: Tue, 4 May 2021 12:20:49 +0200 Subject: [PATCH 25/28] Apply clang-format --- src_plugins/eth2/eth2_plugin.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src_plugins/eth2/eth2_plugin.c b/src_plugins/eth2/eth2_plugin.c index 280e48a..c6a3258 100644 --- a/src_plugins/eth2/eth2_plugin.c +++ b/src_plugins/eth2/eth2_plugin.c @@ -59,7 +59,9 @@ static int check_deposit_contract(ethPluginInitContract_t *msg) { txContent_t *content = msg->pluginSharedRO->txContent; char destinationAddress[DEPOSIT_CONTRACT_LENGTH]; - uint8_t destinationLen = getEthDisplayableAddress(destinationAddress, content->destination, msg->pluginSharedRW->sha3); + uint8_t destinationLen = getEthDisplayableAddress(destinationAddress, + content->destination, + msg->pluginSharedRW->sha3); if (destinationLen != DEPOSIT_CONTRACT_LENGTH) { PRINTF("eth2plugin: destination lengths differ. Expected %u got %u\n", @@ -159,7 +161,9 @@ void eth2_plugin_call(int message, void *parameters) { // Use a temporary buffer to store the string representation. char tmp[ETH2_DEPOSIT_PUBKEY_LENGTH]; - getEthDisplayableAddress(tmp, (uint8_t *) context->deposit_address, msg->pluginSharedRW->sha3); + getEthDisplayableAddress(tmp, + (uint8_t *) context->deposit_address, + msg->pluginSharedRW->sha3); // Copy back the string to the global variable. strcpy(context->deposit_address, tmp); From 0547bc8a026ae42d261331a9446dbd4d8c26e5a8 Mon Sep 17 00:00:00 2001 From: pscott Date: Tue, 4 May 2021 13:28:10 +0200 Subject: [PATCH 26/28] Clang format --- src_plugins/eth2/eth2_plugin.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src_plugins/eth2/eth2_plugin.c b/src_plugins/eth2/eth2_plugin.c index 280e48a..c6a3258 100644 --- a/src_plugins/eth2/eth2_plugin.c +++ b/src_plugins/eth2/eth2_plugin.c @@ -59,7 +59,9 @@ static int check_deposit_contract(ethPluginInitContract_t *msg) { txContent_t *content = msg->pluginSharedRO->txContent; char destinationAddress[DEPOSIT_CONTRACT_LENGTH]; - uint8_t destinationLen = getEthDisplayableAddress(destinationAddress, content->destination, msg->pluginSharedRW->sha3); + uint8_t destinationLen = getEthDisplayableAddress(destinationAddress, + content->destination, + msg->pluginSharedRW->sha3); if (destinationLen != DEPOSIT_CONTRACT_LENGTH) { PRINTF("eth2plugin: destination lengths differ. Expected %u got %u\n", @@ -159,7 +161,9 @@ void eth2_plugin_call(int message, void *parameters) { // Use a temporary buffer to store the string representation. char tmp[ETH2_DEPOSIT_PUBKEY_LENGTH]; - getEthDisplayableAddress(tmp, (uint8_t *) context->deposit_address, msg->pluginSharedRW->sha3); + getEthDisplayableAddress(tmp, + (uint8_t *) context->deposit_address, + msg->pluginSharedRW->sha3); // Copy back the string to the global variable. strcpy(context->deposit_address, tmp); From 3a1cd33f7467ad9959626a11487ba23c486ac6f0 Mon Sep 17 00:00:00 2001 From: pscott Date: Tue, 4 May 2021 13:41:43 +0200 Subject: [PATCH 27/28] Fix segv --- src_plugins/eth2/eth2_plugin.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src_plugins/eth2/eth2_plugin.c b/src_plugins/eth2/eth2_plugin.c index c6a3258..d7d385a 100644 --- a/src_plugins/eth2/eth2_plugin.c +++ b/src_plugins/eth2/eth2_plugin.c @@ -45,7 +45,7 @@ static void to_lowercase(char *str, unsigned char size) { static int getEthDisplayableAddress(char *out, uint8_t *in, cx_sha3_t *sha3) { out[0] = '0'; out[1] = 'x'; - getEthAddressStringFromBinary(in, (uint8_t *) out + 2, &sha3, chainConfig); + getEthAddressStringFromBinary(in, (uint8_t *) out + 2, sha3, chainConfig); uint8_t destinationLen = strlen(out) + 1; // Adding one to account for \0. From ebc28881f7adb0af745b09b49a2bddbf579925f2 Mon Sep 17 00:00:00 2001 From: TamtamHero <10632523+TamtamHero@users.noreply.github.com> Date: Tue, 4 May 2021 23:46:45 +0200 Subject: [PATCH 28/28] bytes to bytes --- src_plugins/eth2/eth2_plugin.c | 37 +++++++--------------------------- 1 file changed, 7 insertions(+), 30 deletions(-) diff --git a/src_plugins/eth2/eth2_plugin.c b/src_plugins/eth2/eth2_plugin.c index d7d385a..6687902 100644 --- a/src_plugins/eth2/eth2_plugin.c +++ b/src_plugins/eth2/eth2_plugin.c @@ -20,8 +20,9 @@ void getEth2PublicKey(uint32_t *bip32Path, uint8_t bip32PathLength, uint8_t *out #define ETH2_WITHDRAWAL_CREDENTIALS_LENGTH 0x20 #define ETH2_SIGNATURE_LENGTH 0x60 -#define DEPOSIT_CONTRACT_ADDRESS "0x00000000219ab540356cbb839cbe05303d7705fa" -#define DEPOSIT_CONTRACT_LENGTH sizeof(DEPOSIT_CONTRACT_ADDRESS) +static const uint8_t deposit_contract_address[] = {0x00, 0x00, 0x00, 0x00, 0x21, 0x9a, 0xb5, + 0x40, 0x35, 0x6c, 0xbb, 0x83, 0x9c, 0xbe, + 0x05, 0x30, 0x3d, 0x77, 0x05, 0xfa}; // Highest index for withdrawal derivation path. #define INDEX_MAX 65536 // 2 ^ 16 : arbitrary value to protect from path attacks. @@ -49,33 +50,7 @@ static int getEthDisplayableAddress(char *out, uint8_t *in, cx_sha3_t *sha3) { uint8_t destinationLen = strlen(out) + 1; // Adding one to account for \0. - // Ensure address is in lowercase, to match DEPOSIT_CONTRACT_ADDRESS' case. - to_lowercase(out, destinationLen); - - return (destinationLen); -} - -static int check_deposit_contract(ethPluginInitContract_t *msg) { - txContent_t *content = msg->pluginSharedRO->txContent; - char destinationAddress[DEPOSIT_CONTRACT_LENGTH]; - - uint8_t destinationLen = getEthDisplayableAddress(destinationAddress, - content->destination, - msg->pluginSharedRW->sha3); - - if (destinationLen != DEPOSIT_CONTRACT_LENGTH) { - PRINTF("eth2plugin: destination lengths differ. Expected %u got %u\n", - DEPOSIT_CONTRACT_LENGTH, - destinationLen); - return 0; - } else if (memcmp(destinationAddress, DEPOSIT_CONTRACT_ADDRESS, DEPOSIT_CONTRACT_LENGTH) != 0) { - PRINTF("eth2plugin: destination addresses differ. Expected %s got %s\n", - DEPOSIT_CONTRACT_ADDRESS, - destinationAddress); - return 0; - } else { - return 1; - } + return destinationLen; } void eth2_plugin_call(int message, void *parameters) { @@ -83,7 +58,9 @@ void eth2_plugin_call(int message, void *parameters) { case ETH_PLUGIN_INIT_CONTRACT: { ethPluginInitContract_t *msg = (ethPluginInitContract_t *) parameters; eth2_deposit_parameters_t *context = (eth2_deposit_parameters_t *) msg->pluginContext; - if (check_deposit_contract(msg) == 0) { + if (memcmp(deposit_contract_address, + msg->pluginSharedRO->txContent->destination, + sizeof(deposit_contract_address)) != 0) { PRINTF("eth2plugin: failed to check deposit contract\n"); context->valid = 0; msg->result = ETH_PLUGIN_RESULT_ERROR;