diff --git a/.github/workflows/guidelines_enforcer.yml b/.github/workflows/guidelines_enforcer.yml index 4da97c9e..fdaf9f27 100644 --- a/.github/workflows/guidelines_enforcer.yml +++ b/.github/workflows/guidelines_enforcer.yml @@ -21,6 +21,3 @@ jobs: guidelines_enforcer: name: Call Ledger guidelines_enforcer uses: LedgerHQ/ledger-app-workflows/.github/workflows/reusable_guidelines_enforcer.yml@v1 - with: - relative_app_directory: app - run_for_devices: '["nanos", "nanosp", "nanox", "stax"]' diff --git a/app/src/crypto.c b/app/src/crypto.c index 9b593f5d..9b0ca4e3 100644 --- a/app/src/crypto.c +++ b/app/src/crypto.c @@ -47,11 +47,11 @@ static zxerr_t crypto_extractPublicKey_ed25519(uint8_t *pubKey, uint16_t pubKeyL privateKeyData, NULL, NULL, - 0)) + 0)); - CATCH_CXERROR(cx_ecfp_init_private_key_no_throw(CX_CURVE_Ed25519, privateKeyData, SK_LEN_25519, &cx_privateKey)) - CATCH_CXERROR(cx_ecfp_init_public_key_no_throw(CX_CURVE_Ed25519, NULL, 0, &cx_publicKey)) - CATCH_CXERROR(cx_ecfp_generate_pair_no_throw(CX_CURVE_Ed25519, &cx_publicKey, &cx_privateKey, 1)) + CATCH_CXERROR(cx_ecfp_init_private_key_no_throw(CX_CURVE_Ed25519, privateKeyData, SK_LEN_25519, &cx_privateKey)); + CATCH_CXERROR(cx_ecfp_init_public_key_no_throw(CX_CURVE_Ed25519, NULL, 0, &cx_publicKey)); + CATCH_CXERROR(cx_ecfp_generate_pair_no_throw(CX_CURVE_Ed25519, &cx_publicKey, &cx_privateKey, 1)); for (unsigned int i = 0; i < PK_LEN_25519; i++) { pubKey[i] = cx_publicKey.W[64 - i]; } @@ -88,15 +88,15 @@ static zxerr_t crypto_sign_ed25519(uint8_t *output, uint16_t outputLen, const ui privateKeyData, NULL, NULL, - 0)) + 0)); - CATCH_CXERROR(cx_ecfp_init_private_key_no_throw(CX_CURVE_Ed25519, privateKeyData, SK_LEN_25519, &cx_privateKey)) + CATCH_CXERROR(cx_ecfp_init_private_key_no_throw(CX_CURVE_Ed25519, privateKeyData, SK_LEN_25519, &cx_privateKey)); CATCH_CXERROR(cx_eddsa_sign_no_throw(&cx_privateKey, CX_SHA512, message, messageLen, output, - outputLen)) + outputLen)); error = zxerr_ok; catch_cx_error: @@ -125,7 +125,7 @@ zxerr_t crypto_fillAddress_ed25519(uint8_t *buffer, uint16_t bufferLen, uint16_t if (bufferLen < PK_LEN_25519_PLUS_TAG + ADDRESS_LEN_TESTNET) { return zxerr_unknown; } - CHECK_ZXERR(crypto_extractPublicKey_ed25519(answer->publicKey + 1, PK_LEN_25519)) + CHECK_ZXERR(crypto_extractPublicKey_ed25519(answer->publicKey + 1, PK_LEN_25519)); const bool isTestnet = hdPath[1] == HDPATH_1_TESTNET; outLen = crypto_encodePubkey_ed25519(answer->address, sizeof(answer->address), answer->publicKey + 1, isTestnet); @@ -160,9 +160,9 @@ static zxerr_t crypto_hashFeeHeader(const header_t *header, uint8_t *output, uin cx_sha256_t sha256 = {0}; cx_sha256_init(&sha256); const uint8_t discriminant = 0x07; - cx_sha256_update(&sha256, &discriminant, sizeof(discriminant)); - cx_sha256_update(&sha256, header->extBytes.ptr, header->extBytes.len); - cx_sha256_final(&sha256, output); + CHECK_CX_OK(cx_sha256_update(&sha256, &discriminant, sizeof(discriminant))); + CHECK_CX_OK(cx_sha256_update(&sha256, header->extBytes.ptr, header->extBytes.len)); + CHECK_CX_OK(cx_sha256_final(&sha256, output)); return zxerr_ok; } @@ -174,11 +174,11 @@ static zxerr_t crypto_hashRawHeader(const header_t *header, uint8_t *output, uin cx_sha256_t sha256 = {0}; cx_sha256_init(&sha256); const uint8_t discriminant = 0x07; - cx_sha256_update(&sha256, &discriminant, sizeof(discriminant)); - cx_sha256_update(&sha256, header->bytes.ptr, header->bytes.len); + CHECK_CX_OK(cx_sha256_update(&sha256, &discriminant, sizeof(discriminant))); + CHECK_CX_OK(cx_sha256_update(&sha256, header->bytes.ptr, header->bytes.len)); const uint8_t header_discriminant = 0x00; - cx_sha256_update(&sha256, &header_discriminant, sizeof(header_discriminant)); - cx_sha256_final(&sha256, output); + CHECK_CX_OK(cx_sha256_update(&sha256, &header_discriminant, sizeof(header_discriminant))); + CHECK_CX_OK(cx_sha256_final(&sha256, output)); return zxerr_ok; } @@ -190,15 +190,15 @@ zxerr_t crypto_hashSigSection(const signature_section_t *signature_section, cons cx_sha256_t sha256 = {0}; cx_sha256_init(&sha256); if (prefix != NULL) { - cx_sha256_update(&sha256, prefix, prefixLen); + CHECK_CX_OK(cx_sha256_update(&sha256, prefix, prefixLen)); } - cx_sha256_update(&sha256, (uint8_t*) &signature_section->hashes.hashesLen, 4); - cx_sha256_update(&sha256, signature_section->hashes.hashes.ptr, HASH_LEN * signature_section->hashes.hashesLen); - cx_sha256_update(&sha256, (uint8_t*) &signature_section->signerDiscriminant, 1); + CHECK_CX_OK(cx_sha256_update(&sha256, (uint8_t*) &signature_section->hashes.hashesLen, 4)); + CHECK_CX_OK(cx_sha256_update(&sha256, signature_section->hashes.hashes.ptr, HASH_LEN * signature_section->hashes.hashesLen)); + CHECK_CX_OK(cx_sha256_update(&sha256, (uint8_t*) &signature_section->signerDiscriminant, 1)); switch (signature_section->signerDiscriminant) { case PubKeys: { - cx_sha256_update(&sha256, (uint8_t*) &signature_section->pubKeysLen, 4); + CHECK_CX_OK(cx_sha256_update(&sha256, (uint8_t*) &signature_section->pubKeysLen, 4)); uint32_t pos = 0; for (uint32_t i = 0; i < signature_section->pubKeysLen; i++) { uint8_t tag = signature_section->pubKeys.ptr[pos++]; @@ -211,19 +211,19 @@ zxerr_t crypto_hashSigSection(const signature_section_t *signature_section, cons pos += pubKeySize; } if(pos > 0) { - cx_sha256_update(&sha256, signature_section->pubKeys.ptr, pos); + CHECK_CX_OK(cx_sha256_update(&sha256, signature_section->pubKeys.ptr, pos)); } break; } case Address: - cx_sha256_update(&sha256, signature_section->address.ptr, signature_section->address.len); + CHECK_CX_OK(cx_sha256_update(&sha256, signature_section->address.ptr, signature_section->address.len)); break; default: return zxerr_invalid_crypto_settings; } - cx_sha256_update(&sha256, (const uint8_t*) &signature_section->signaturesLen, 4); + CHECK_CX_OK(cx_sha256_update(&sha256, (const uint8_t*) &signature_section->signaturesLen, 4)); uint32_t pos = 0; for (uint32_t i = 0; i < signature_section->signaturesLen; i++) { // Skip the signature's 1 byte index @@ -238,9 +238,9 @@ zxerr_t crypto_hashSigSection(const signature_section_t *signature_section, cons pos += signatureSize; } if(pos > 0) { - cx_sha256_update(&sha256, signature_section->indexedSignatures.ptr, pos); + CHECK_CX_OK(cx_sha256_update(&sha256, signature_section->indexedSignatures.ptr, pos)); } - cx_sha256_final(&sha256, output); + CHECK_CX_OK(cx_sha256_final(&sha256, output)); return zxerr_ok; } diff --git a/app/src/crypto_helper.c b/app/src/crypto_helper.c index 370e948c..f44998b2 100644 --- a/app/src/crypto_helper.c +++ b/app/src/crypto_helper.c @@ -18,6 +18,7 @@ #include "bech32.h" #include "zxformat.h" #include "leb128.h" +#include "zxmacros.h" #ifdef LEDGER_SPECIFIC #include "bolos_target.h" @@ -130,14 +131,14 @@ zxerr_t crypto_hashExtraDataSection(const section_t *extraData, uint8_t *output, #if defined(TARGET_NANOS) || defined(TARGET_NANOS2) || defined(TARGET_NANOX) || defined(TARGET_STAX) cx_sha256_t sha256 = {0}; cx_sha256_init(&sha256); - cx_sha256_update(&sha256, &extraData->discriminant, 1); - cx_sha256_update(&sha256, extraData->salt.ptr, extraData->salt.len); - cx_sha256_update(&sha256, extraData->bytes.ptr, extraData->bytes.len); + CHECK_CX_OK(cx_sha256_update(&sha256, &extraData->discriminant, 1)); + CHECK_CX_OK(cx_sha256_update(&sha256, extraData->salt.ptr, extraData->salt.len)); + CHECK_CX_OK(cx_sha256_update(&sha256, extraData->bytes.ptr, extraData->bytes.len)); uint8_t has_tag = (extraData->tag.ptr == NULL) ? 0 : 1; - cx_sha256_update(&sha256, &has_tag, 1); - cx_sha256_update(&sha256, (uint8_t*) &extraData->tag.len, has_tag*sizeof(extraData->tag.len)); - cx_sha256_update(&sha256, extraData->tag.ptr, has_tag*extraData->tag.len); - cx_sha256_final(&sha256, output); + CHECK_CX_OK(cx_sha256_update(&sha256, &has_tag, 1)); + CHECK_CX_OK(cx_sha256_update(&sha256, (uint8_t*) &extraData->tag.len, has_tag*sizeof(extraData->tag.len))); + CHECK_CX_OK(cx_sha256_update(&sha256, extraData->tag.ptr, has_tag*extraData->tag.len)); + CHECK_CX_OK(cx_sha256_final(&sha256, output)); #else picohash_ctx_t sha256 = {0}; picohash_init_sha256(&sha256); @@ -162,11 +163,11 @@ zxerr_t crypto_hashDataSection(const section_t *data, uint8_t *output, uint32_t #if defined(TARGET_NANOS) || defined(TARGET_NANOS2) || defined(TARGET_NANOX) || defined(TARGET_STAX) cx_sha256_t sha256 = {0}; cx_sha256_init(&sha256); - cx_sha256_update(&sha256, &data->discriminant, 1); - cx_sha256_update(&sha256, data->salt.ptr, data->salt.len); - cx_sha256_update(&sha256, (uint8_t*) &data->bytes.len, sizeof(data->bytes.len)); - cx_sha256_update(&sha256, data->bytes.ptr, data->bytes.len); - cx_sha256_final(&sha256, output); + CHECK_CX_OK(cx_sha256_update(&sha256, &data->discriminant, 1)); + CHECK_CX_OK(cx_sha256_update(&sha256, data->salt.ptr, data->salt.len)); + CHECK_CX_OK(cx_sha256_update(&sha256, (uint8_t*) &data->bytes.len, sizeof(data->bytes.len))); + CHECK_CX_OK(cx_sha256_update(&sha256, data->bytes.ptr, data->bytes.len)); + CHECK_CX_OK(cx_sha256_final(&sha256, output)); #else picohash_ctx_t sha256 = {0}; picohash_init_sha256(&sha256); @@ -188,14 +189,14 @@ zxerr_t crypto_hashCodeSection(const section_t *code, uint8_t *output, uint32_t #if defined(TARGET_NANOS) || defined(TARGET_NANOS2) || defined(TARGET_NANOX) || defined(TARGET_STAX) cx_sha256_t sha256 = {0}; cx_sha256_init(&sha256); - cx_sha256_update(&sha256, &code->discriminant, 1); - cx_sha256_update(&sha256, code->salt.ptr, code->salt.len); - cx_sha256_update(&sha256, code->bytes.ptr, code->bytes.len); + CHECK_CX_OK(cx_sha256_update(&sha256, &code->discriminant, 1)); + CHECK_CX_OK(cx_sha256_update(&sha256, code->salt.ptr, code->salt.len)); + CHECK_CX_OK(cx_sha256_update(&sha256, code->bytes.ptr, code->bytes.len)); uint8_t has_tag = (code->tag.ptr == NULL) ? 0 : 1; - cx_sha256_update(&sha256, &has_tag, 1); - cx_sha256_update(&sha256, (uint8_t*) &code->tag.len, has_tag*sizeof(code->tag.len)); - cx_sha256_update(&sha256, code->tag.ptr, has_tag*code->tag.len); - cx_sha256_final(&sha256, output); + CHECK_CX_OK(cx_sha256_update(&sha256, &has_tag, 1)); + CHECK_CX_OK(cx_sha256_update(&sha256, (uint8_t*) &code->tag.len, has_tag*sizeof(code->tag.len))); + CHECK_CX_OK(cx_sha256_update(&sha256, code->tag.ptr, has_tag*code->tag.len)); + CHECK_CX_OK(cx_sha256_final(&sha256, output)); #else picohash_ctx_t sha256 = {0}; picohash_init_sha256(&sha256); diff --git a/app/src/leb128.c b/app/src/leb128.c index 1b5ab2a3..d6c1fdd3 100644 --- a/app/src/leb128.c +++ b/app/src/leb128.c @@ -14,6 +14,7 @@ * limitations under the License. ******************************************************************************* */ #include "leb128.h" +#include zxerr_t encodeLEB128(uint64_t number, uint8_t *encoded, uint8_t encodedLen, uint8_t *encodedBytes) { if (encoded == NULL || encodedBytes == NULL) { diff --git a/app/src/leb128.h b/app/src/leb128.h index f5da34f9..922f3773 100644 --- a/app/src/leb128.h +++ b/app/src/leb128.h @@ -20,6 +20,7 @@ extern "C" { #endif #include +#include #define MAX_LEB128_OUTPUT 10 diff --git a/ledger_app.toml b/ledger_app.toml new file mode 100644 index 00000000..3e4cbb1f --- /dev/null +++ b/ledger_app.toml @@ -0,0 +1,7 @@ +[app] +build_directory = "./app/" +sdk = "C" +devices = ["nanos", "nanox", "nanos+", "stax"] + +[tests] +unit_directory = "./tests/"