Finetune with a real swap request transaction

LedgerHQ · Feb 1, 2023 · 7a5cdaa · 7a5cdaa
1 parent c953b0f
commit 7a5cdaa
Show file tree

Hide file tree

Showing 6 changed files with 30 additions and 24 deletions.
diff --git a/src/apdu.c b/src/apdu.c
@@ -193,4 +193,4 @@ int apdu_handle_message(const uint8_t* apdu_message,
     apdu_command->state = ApduStatePayloadComplete;
 
     return 0;
-}
+}
diff --git a/src/globals.h b/src/globals.h
@@ -53,6 +53,8 @@ typedef enum InstructionCode {
 } InstructionCode;
 
 extern volatile bool G_called_from_swap;
+extern volatile bool G_swap_response_ready;
+
 
 // display stepped screens
 extern unsigned int ux_step;

diff --git a/src/main.c b/src/main.c
@@ -31,6 +31,7 @@
 ApduCommand G_command;
 unsigned char G_io_seproxyhal_spi_buffer[IO_SEPROXYHAL_BUFFER_SIZE_B];
 volatile bool G_called_from_swap;
+volatile bool G_swap_response_ready;
 
 static void reset_main_globals(void) {
     MEMCLEAR(G_command);
@@ -105,7 +106,6 @@ void app_main(void) {
     // APDU injection faults.
     for (;;) {
         volatile unsigned short sw = 0;
-
         BEGIN_TRY {
             TRY {
                 rx = tx;
@@ -114,6 +114,12 @@ void app_main(void) {
                 rx = io_exchange(CHANNEL_APDU | flags, rx);
                 flags = 0;
 
+                if (G_called_from_swap && G_swap_response_ready) {
+                    PRINTF("Quitting app started in swap mode\n");
+                    // Quit app, we are in limited mode and our work is done
+                    os_sched_exit(0);
+                }
+
                 // no apdu received, well, reset the session, and reset the
                 // bootloader configuration
                 if (rx == 0) {
@@ -128,7 +134,6 @@ void app_main(void) {
                 THROW(ApduReplySdkExceptionIoReset);
             }
             CATCH_OTHER(e) {
-                G_called_from_swap = false;
                 switch (e & 0xF000) {
                     case 0x6000:
                         sw = e;
@@ -316,6 +321,7 @@ void coin_main(void) {
 
 static void start_app_from_lib(void) {
     G_called_from_swap = true;
+    G_swap_response_ready = false;
     UX_INIT();
     io_seproxyhal_init();
     nv_app_state_init();

diff --git a/src/signMessage.c b/src/signMessage.c
@@ -139,12 +139,6 @@ void handle_sign_message_parse_message(volatile unsigned int *tx) {
         //*tx = set_result_sign_message();
         // THROW(ApduReplySuccess);
         UNUSED(tx);
-    }
-
-    if ((G_command.non_confirm || G_called_from_swap) &&
-        !(G_command.non_confirm && G_called_from_swap)) {
-        // User validation bypass requested NOT in swap context
-        // Or user validation requested while in swap context
         THROW(ApduReplySdkNotSupported);
     }
 
@@ -179,9 +173,8 @@ static bool check_swap_validity(const SummaryItemKind_t kinds[MAX_TRANSACTION_SU
                                 size_t num_summary_steps) {
     bool amount_ok = false;
     bool recipient_ok = false;
-    bool fee_payer_ok = false;
-    if (num_summary_steps != 3) {
-        PRINTF("3 steps expected for transaction in swap context, not %u\n", num_summary_steps);
+    if (num_summary_steps != 2) {
+        PRINTF("2 steps expected for transaction in swap context, not %u\n", num_summary_steps);
         return false;
     }
     for (size_t i = 0; i < num_summary_steps; ++i) {
@@ -200,19 +193,17 @@ static bool check_swap_validity(const SummaryItemKind_t kinds[MAX_TRANSACTION_SU
             case SummaryItemPubkey:
                 if (strcmp(G_transaction_summary_title, "Recipient") == 0) {
                     recipient_ok = check_swap_recipient(G_transaction_summary_text);
-                } else if (strcmp(G_transaction_summary_title, "Fee payer") == 0) {
-                    fee_payer_ok = check_swap_fee_payer(G_transaction_summary_text);
                 } else {
                     PRINTF("Refused field '%s'\n", G_transaction_summary_title);
                     return false;
                 }
                 break;
             default:
-                PRINTF("Refused kind '%u'\n", SummaryItemAmount);
+                PRINTF("Refused kind '%u'\n", kinds[i]);
                 return false;
         }
     }
-    return amount_ok && recipient_ok && fee_payer_ok;
+    return amount_ok && recipient_ok;
 }
 
 void handle_sign_message_ui(volatile unsigned int *flags) {
@@ -223,12 +214,20 @@ void handle_sign_message_ui(volatile unsigned int *flags) {
         // If we are in swap context, do not redisplay the message data
         // Instead, ensure they are identitical with what was previously displayed
         if (G_called_from_swap) {
+            if (G_swap_response_ready) {
+                // Safety against trying to make the app sign multiple TX
+                PRINTF("Safety agains double signing triggered\n");
+                os_sched_exit(-1);
+            } else {
+                // We will quit the app after this transaction, whether it succeeds or fails
+                PRINTF("Swap response is ready, the app will quit after the next send\n");
+                G_swap_response_ready = true;
+            }
             if (check_swap_validity(summary_step_kinds, num_summary_steps)) {
+                PRINTF("Valid swap transaction signed\n");
                 send_result_sign_message();
-                // Quit app, we are in limited mode and our work is done
-                os_sched_exit(0);
             } else {
-                PRINTF("Refused blind signing incorrect Swap transaction\n");
+                PRINTF("Refused signing incorrect Swap transaction\n");
                 THROW(ApduReplySolanaSummaryFinalizeFailed);
             }
         } else {

diff --git a/tests/python/apps/solana.py b/tests/python/apps/solana.py
@@ -2,8 +2,7 @@
 from enum import IntEnum
 from contextlib import contextmanager
 
-from ragger.backend import BackendInterface
-from ragger.utils import RAPDU
+from ragger.backend.interface import BackendInterface, RAPDU
 
 
 class INS(IntEnum):
@@ -135,12 +134,12 @@ def send_blind_sign_message(self, derivation_path : bytes, message: bytes) -> RA
         # Send all chunks with P2_EXTEND except for the first chunk
         if len(message_splited_prefixed) > 1:
             final_p2 |= P2_EXTEND
-            self.send_first_message_batch(message_splited_prefixed[:-1], P1_NON_CONFIRM)
+            self.send_first_message_batch(message_splited_prefixed[:-1], P1_CONFIRM)
         else:
             final_p2 = 0
 
         return self._client.exchange(CLA,
                                      INS.INS_SIGN_MESSAGE,
-                                     P1_NON_CONFIRM,
+                                     P1_CONFIRM,
                                      final_p2,
                                      message_splited_prefixed[-1])
diff --git a/tests/python/apps/solana_utils.py b/tests/python/apps/solana_utils.py
@@ -1,7 +1,7 @@
 import base58
 
-from ragger.bip import pack_derivation_path
 from ragger.utils import create_currency_config
+from ragger.bip import pack_derivation_path
 
 ### Some utilities functions for amounts conversions ###