Merge pull request #17 from Zondax/several_updates

Namada v0.27.0

.github/workflows/guidelines_enforcer.yml

@@ -10,17 +10,17 @@ name: Ensure compliance with Ledger guidelines
 
 on:
   workflow_dispatch:
-  # push:
-  #   branches:
-  #     - master
-  #     - main
-  #     - develop
-  # pull_request:
+  push:
+    branches:
+      - master
+      - main
+      - develop
+  pull_request:
 
 jobs:
   guidelines_enforcer:
     name: Call Ledger guidelines_enforcer
     uses: LedgerHQ/ledger-app-workflows/.github/workflows/reusable_guidelines_enforcer.yml@v1
     with:
       relative_app_directory: app
-      run_for_devices: '["nanos", "nanosp", "nanox"]'
+      run_for_devices: '["nanos", "nanosp", "nanox", "stax"]'

.gitmodules

@@ -10,3 +10,6 @@
 [submodule "deps/nanos-secure-sdk"]
 	path = deps/nanos-secure-sdk
 	url = https://github.com/LedgerHQ/nanos-secure-sdk
+[submodule "deps/ledger-secure-sdk"]
+	path = deps/ledger-secure-sdk
+	url = https://github.com/LedgerHQ/ledger-secure-sdk

Makefile

@@ -24,8 +24,7 @@ TESTS_JS_DIR = $(CURDIR)/js
 ifeq ($(BOLOS_SDK),)
 # In this case, there is not predefined SDK and we run dockerized
 # When not using the SDK, we override and build the XL complete app
-
-SUBSTRATE_PARSER_FULL ?= 1
+ZXLIB_COMPILE_STAX ?= 1
 include $(CURDIR)/deps/ledger-zxlib/dockerized_build.mk
 
 else

app/Makefile

@@ -55,7 +55,7 @@ endif
 
 APP_LOAD_PARAMS =  --curve ed25519 $(COMMON_LOAD_PARAMS) --path $(APPPATH)
 
-NANOS_STACK_SIZE := 2620
+NANOS_STACK_SIZE := 2555
 include $(CURDIR)/../deps/ledger-zxlib/makefiles/Makefile.devices
 
 $(info TARGET_NAME  = [$(TARGET_NAME)])

app/Makefile.version

@@ -3,4 +3,4 @@ APPVERSION_M=0
 # This is the `spec_version` field of `Runtime`
 APPVERSION_N=0
 # This is the patch version of this release
-APPVERSION_P=9
+APPVERSION_P=10

app/src/coin.h

@@ -32,6 +32,7 @@ extern "C" {
 #define HDPATH_4_DEFAULT     (0u)
 
 #define SECP256K1_PK_LEN            65u
+#define COMPRESSED_SECP256K1_PK_LEN 33u
 #define SECP256K1_SK_LEN            32u
 #define SCALAR_LEN_SECP256K1        32u
 
@@ -50,8 +51,8 @@ extern "C" {
 #define SIG_LEN_25519_PLUS_TAG 65u
 
 
-#define ADDRESS_LEN_MAINNET 80u
-#define ADDRESS_LEN_TESTNET 84u
+#define ADDRESS_LEN_MAINNET 42u
+#define ADDRESS_LEN_TESTNET 45u
 
 #define SALT_LEN     8
 #define HASH_LEN    32
@@ -62,9 +63,6 @@ extern "C" {
 
 #define MAX_BECH32_HRP_LEN  83u
 
-/// An address string before bech32m encoding must be this size.
-#define FIXED_LEN_STRING_BYTES 45u
-
 /// For payment addresses on the Testnet, the Human-Readable Part is "patest"
 #define SAPLING_PAYMENT_ADDR_HRP "patest"
 

app/src/common/tx.c

@@ -21,7 +21,7 @@
 #include <string.h>
 #include "zxmacros.h"
 
-#if defined(TARGET_NANOX) || defined(TARGET_NANOS2)
+#if defined(TARGET_NANOX) || defined(TARGET_NANOS2) || defined(TARGET_STAX)
 #define RAM_BUFFER_SIZE 8192
 #define FLASH_BUFFER_SIZE 16384
 #elif defined(TARGET_NANOS)
@@ -37,7 +37,7 @@ typedef struct {
     uint8_t buffer[FLASH_BUFFER_SIZE];
 } storage_t;
 
-#if defined(TARGET_NANOS) || defined(TARGET_NANOX) || defined(TARGET_NANOS2)
+#if defined(TARGET_NANOS) || defined(TARGET_NANOX) || defined(TARGET_NANOS2) || defined(TARGET_STAX)
 storage_t NV_CONST N_appdata_impl __attribute__((aligned(64)));
 #define N_appdata (*(NV_VOLATILE storage_t *)PIC(&N_appdata_impl))
 #endif

app/src/crypto.c

@@ -40,7 +40,7 @@ static zxerr_t crypto_extractPublicKey_ed25519(uint8_t *pubKey, uint16_t pubKeyL
     uint8_t privateKeyData[2 * SK_LEN_25519] = {0};
 
     // Generate keys
-    CATCH_CXERROR(os_derive_bip32_with_seed_no_throw(HDW_NORMAL,
+    CATCH_CXERROR(os_derive_bip32_with_seed_no_throw(HDW_ED25519_SLIP10,
                                                      CX_CURVE_Ed25519,
                                                      hdPath,
                                                      HDPATH_LEN_DEFAULT,
@@ -81,7 +81,7 @@ static zxerr_t crypto_sign_ed25519(uint8_t *output, uint16_t outputLen, const ui
 
     zxerr_t error = zxerr_unknown;
 
-    CATCH_CXERROR(os_derive_bip32_with_seed_no_throw(HDW_NORMAL,
+    CATCH_CXERROR(os_derive_bip32_with_seed_no_throw(HDW_ED25519_SLIP10,
                                                      CX_CURVE_Ed25519,
                                                      hdPath,
                                                      HDPATH_LEN_DEFAULT,
@@ -205,7 +205,7 @@ zxerr_t crypto_hashSigSection(const signature_section_t *signature_section, cons
             break;
 
         case Address:
-            cx_sha256_update(&sha256, (uint8_t*) &signature_section->address.ptr, signature_section->address.len);
+            cx_sha256_update(&sha256, signature_section->address.ptr, signature_section->address.len);
             break;
 
         default:
@@ -341,11 +341,6 @@ zxerr_t crypto_sign(const parser_tx_t *txObj, uint8_t *output, uint16_t outputLe
     section_hashes.hashesLen++;
     signature_section.hashes.hashesLen++;
 
-    /// Hash the header section
-    uint8_t *header_hash = section_hashes.hashes.ptr;
-    CHECK_ZXERR(crypto_hashFeeHeader(&txObj->transaction.header, header_hash, HASH_LEN))
-    section_hashes.indices.ptr[0] = 0;
-
     // Hash the code and data sections
     const section_t *data = &txObj->transaction.sections.data;
     const section_t *code = &txObj->transaction.sections.code;
@@ -393,6 +388,11 @@ zxerr_t crypto_sign(const parser_tx_t *txObj, uint8_t *output, uint16_t outputLe
         signature_section.hashes.hashesLen++;
     }
 
+    /// Hash the header section
+    uint8_t *header_hash = section_hashes.hashes.ptr;
+    CHECK_ZXERR(crypto_hashFeeHeader(&txObj->transaction.header, header_hash, HASH_LEN))
+    section_hashes.indices.ptr[0] = 0;
+
     signature_section.signaturesLen = 0;
     signature_section.pubKeysLen = 0;
     // Hash the unsigned signature section into raw_sig_hash

app/src/crypto_helper.c

@@ -23,7 +23,7 @@
 #include "bolos_target.h"
 #endif
 
-#if defined(TARGET_NANOS) || defined(TARGET_NANOS2) || defined(TARGET_NANOX)
+#if defined(TARGET_NANOS) || defined(TARGET_NANOS2) || defined(TARGET_NANOX) || defined(TARGET_STAX)
     #include "cx.h"
     #include "cx_sha256.h"
 #else
@@ -47,7 +47,7 @@ static zxerr_t crypto_publicKeyHash_ed25519(uint8_t *publicKeyHash, const uint8_
 
     // Step 2. Hash the serialized public key with sha256.
     uint8_t pkh[CX_SHA256_SIZE] = {0};
-#if defined(TARGET_NANOS) || defined(TARGET_NANOS2) || defined(TARGET_NANOX)
+#if defined(TARGET_NANOS) || defined(TARGET_NANOS2) || defined(TARGET_NANOX) || defined(TARGET_STAX)
     cx_hash_sha256((const uint8_t*) borshEncodedPubKey, PK_LEN_25519 + 1, pkh, CX_SHA256_SIZE);
 #else
     picohash_ctx_t ctx;
@@ -62,10 +62,10 @@ static zxerr_t crypto_publicKeyHash_ed25519(uint8_t *publicKeyHash, const uint8_
     array_to_hexstr_uppercase(hexPubKeyHash, 2 * CX_SHA256_SIZE + 1, pkh, CX_SHA256_SIZE);
 
     // Prepend implicit address prefix
-    snprintf((char*) publicKeyHash, FIXED_LEN_STRING_BYTES, "imp::");
+    publicKeyHash[0] = 0;
 
     // Step 4. The Public Key Hash consists of the first 40 characters of the hex encoding. ---> UPPERCASE
-    MEMCPY(publicKeyHash + 5, hexPubKeyHash, PK_HASH_STR_LEN);
+    MEMCPY(publicKeyHash + 1, pkh, PK_HASH_LEN);
 
     return zxerr_ok;
 }
@@ -75,24 +75,24 @@ uint8_t crypto_encodePubkey_ed25519(uint8_t *buffer, uint16_t bufferLen, const u
         return 0;
     }
 
-    if (bufferLen < ADDRESS_LEN_MAINNET || (bufferLen < ADDRESS_LEN_TESTNET && isTestnet)) {
+    if ((bufferLen < ADDRESS_LEN_TESTNET && isTestnet) || bufferLen < ADDRESS_LEN_MAINNET) {
         return 0;
     }
 
-    const char *hrp = isTestnet ? "atest" : "a";
+    const char *hrp = isTestnet ? "tnam" : "a";
 
     // Step 1:  Compute the hash of the Ed25519 public key
-    uint8_t publicKeyHash[FIXED_LEN_STRING_BYTES] = {0};
+    uint8_t publicKeyHash[21] = {0};
     crypto_publicKeyHash_ed25519(publicKeyHash, pubkey);
 
     // Step 2. Encode the public key hash with bech32m
-    char addr_out[110] = {0};
+    char addr_out[79] = {0};
     zxerr_t err = bech32EncodeFromBytes(addr_out,
                                         sizeof(addr_out),
                                         hrp,
                                         publicKeyHash,
                                         sizeof(publicKeyHash),
-                                        0,
+                                        1,
                                         BECH32_ENCODING_BECH32M);
 
     if (err != zxerr_ok){
@@ -111,7 +111,7 @@ zxerr_t crypto_sha256(const uint8_t *input, uint16_t inputLen, uint8_t *output,
 
     MEMZERO(output, outputLen);
 
-#if defined(TARGET_NANOS) || defined(TARGET_NANOS2) || defined(TARGET_NANOX)
+#if defined(TARGET_NANOS) || defined(TARGET_NANOS2) || defined(TARGET_NANOX) || defined(TARGET_STAX)
     cx_hash_sha256(input, inputLen, output, CX_SHA256_SIZE);
 #else
     picohash_ctx_t ctx;
@@ -127,19 +127,27 @@ zxerr_t crypto_hashExtraDataSection(const section_t *extraData, uint8_t *output,
          return zxerr_invalid_crypto_settings;
     }
 
-#if defined(TARGET_NANOS) || defined(TARGET_NANOS2) || defined(TARGET_NANOX)
+#if defined(TARGET_NANOS) || defined(TARGET_NANOS2) || defined(TARGET_NANOX) || defined(TARGET_STAX)
     cx_sha256_t sha256 = {0};
     cx_sha256_init(&sha256);
     cx_sha256_update(&sha256, &extraData->discriminant, 1);
     cx_sha256_update(&sha256, extraData->salt.ptr, extraData->salt.len);
     cx_sha256_update(&sha256, extraData->bytes.ptr, extraData->bytes.len);
+    uint8_t has_tag = (extraData->tag.ptr == NULL) ? 0 : 1;
+    cx_sha256_update(&sha256, &has_tag, 1);
+    cx_sha256_update(&sha256, (uint8_t*) &extraData->tag.len, has_tag*sizeof(extraData->tag.len));
+    cx_sha256_update(&sha256, extraData->tag.ptr, has_tag*extraData->tag.len);
     cx_sha256_final(&sha256, output);
 #else
     picohash_ctx_t sha256 = {0};
     picohash_init_sha256(&sha256);
     picohash_update(&sha256, &extraData->discriminant, 1);
     picohash_update(&sha256, extraData->salt.ptr, extraData->salt.len);
     picohash_update(&sha256, extraData->bytes.ptr, extraData->bytes.len);
+    uint8_t has_tag = (extraData->tag.ptr == NULL) ? 0 : 1;
+    picohash_update(&sha256, &has_tag, 1);
+    picohash_update(&sha256, (uint8_t*) &extraData->tag.len, has_tag*sizeof(extraData->tag.len));
+    picohash_update(&sha256, extraData->tag.ptr, has_tag*extraData->tag.len);
     picohash_final(&sha256, output);
 #endif
 
@@ -151,7 +159,7 @@ zxerr_t crypto_hashDataSection(const section_t *data, uint8_t *output, uint32_t
         return zxerr_no_data;
     }
 
-#if defined(TARGET_NANOS) || defined(TARGET_NANOS2) || defined(TARGET_NANOX)
+#if defined(TARGET_NANOS) || defined(TARGET_NANOS2) || defined(TARGET_NANOX) || defined(TARGET_STAX)
     cx_sha256_t sha256 = {0};
     cx_sha256_init(&sha256);
     cx_sha256_update(&sha256, &data->discriminant, 1);
@@ -177,19 +185,27 @@ zxerr_t crypto_hashCodeSection(const section_t *code, uint8_t *output, uint32_t
          return zxerr_invalid_crypto_settings;
     }
 
-#if defined(TARGET_NANOS) || defined(TARGET_NANOS2) || defined(TARGET_NANOX)
+#if defined(TARGET_NANOS) || defined(TARGET_NANOS2) || defined(TARGET_NANOX) || defined(TARGET_STAX)
     cx_sha256_t sha256 = {0};
     cx_sha256_init(&sha256);
     cx_sha256_update(&sha256, &code->discriminant, 1);
     cx_sha256_update(&sha256, code->salt.ptr, code->salt.len);
     cx_sha256_update(&sha256, code->bytes.ptr, code->bytes.len);
+    uint8_t has_tag = (code->tag.ptr == NULL) ? 0 : 1;
+    cx_sha256_update(&sha256, &has_tag, 1);
+    cx_sha256_update(&sha256, (uint8_t*) &code->tag.len, has_tag*sizeof(code->tag.len));
+    cx_sha256_update(&sha256, code->tag.ptr, has_tag*code->tag.len);
     cx_sha256_final(&sha256, output);
 #else
     picohash_ctx_t sha256 = {0};
     picohash_init_sha256(&sha256);
     picohash_update(&sha256, &code->discriminant, 1);
     picohash_update(&sha256, code->salt.ptr, code->salt.len);
     picohash_update(&sha256, code->bytes.ptr, code->bytes.len);
+    uint8_t has_tag = (code->tag.ptr == NULL) ? 0 : 1;
+    picohash_update(&sha256, &has_tag, 1);
+    picohash_update(&sha256, (uint8_t*) &code->tag.len, has_tag*sizeof(code->tag.len));
+    picohash_update(&sha256, code->tag.ptr, has_tag*code->tag.len);
     picohash_final(&sha256, output);
 #endif
 

app/src/parser_impl.c

@@ -48,6 +48,9 @@ parser_error_t getNumItems(const parser_context_t *ctx, uint8_t *numItems) {
 
         case Transfer:
             *numItems = (app_mode_expert() ? TRANSFER_EXPERT_PARAMS : TRANSFER_NORMAL_PARAMS);
+            if(!ctx->tx_obj->transfer.symbol) {
+                (*numItems)++;
+            }
             break;
 
         case InitAccount: {
@@ -79,6 +82,15 @@ parser_error_t getNumItems(const parser_context_t *ctx, uint8_t *numItems) {
         case InitValidator: {
             const uint32_t accounts = ctx->tx_obj->initValidator.number_of_account_keys;
             *numItems = (uint8_t) ((app_mode_expert() ? INIT_VALIDATOR_EXPERT_PARAMS : INIT_VALIDATOR_NORMAL_PARAMS) + accounts);
+            if(ctx->tx_obj->initValidator.description.ptr) {
+                (*numItems)++;
+            }
+            if(ctx->tx_obj->initValidator.discord_handle.ptr) {
+                (*numItems)++;
+            }
+            if(ctx->tx_obj->initValidator.website.ptr) {
+                (*numItems)++;
+            }
             break;
         }
         case UpdateVP: {
@@ -100,6 +112,10 @@ parser_error_t getNumItems(const parser_context_t *ctx, uint8_t *numItems) {
             break;
     }
 
+    if(app_mode_expert() && ctx->tx_obj->transaction.header.fees.symbol == NULL) {
+        (*numItems)++;
+    }
+
     if(*numItems == 0) {
         return parser_unexpected_number_items;
     }