From 2b583e1088480d5ce68f05750fd8099f6b019a13 Mon Sep 17 00:00:00 2001 From: pscott Date: Wed, 9 Jun 2021 14:43:59 +0200 Subject: [PATCH 1/7] Do not check for storageLimit when swapping --- src/swap/is_safe_to_swap.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/src/swap/is_safe_to_swap.c b/src/swap/is_safe_to_swap.c index 89ef272b..0c0c6f83 100644 --- a/src/swap/is_safe_to_swap.c +++ b/src/swap/is_safe_to_swap.c @@ -13,22 +13,23 @@ bool is_safe_to_swap() { PRINTF("Should not be originated\n"); return false; } else if (op->operation.tag != OPERATION_TAG_BABYLON_TRANSACTION) { - PRINTF("Should be of type babylon transaction\n"); + PRINTF("Expected a babylon transaction, got %d\n", op->operation.tag); return false; } else if (op->signing.signature_type != SIGNATURE_TYPE_ED25519) { - PRINTF("Signature type is not ED25519\n"); - return false; - } else if (op->total_storage_limit >= 257) { - PRINTF("Storage Limit incorrect\n"); + PRINTF("Expected type ED25519 signature, got %d\n", op->signing.signature_type); return false; } else if (op->total_fee != swap_values.fees) { - PRINTF("Fees differ\n"); + PRINTF("Fees differ: expected %d, got %d\n", op->total_fee, swap_values.fees); return false; } else if (op->operation.amount != swap_values.amount) { - PRINTF("Amounts differ\n"); + PRINTF("Amounts differ: expected %d, got %d\n", op->operation.amount, swap_values.amount); return false; } else if (strncmp((const char *) &tmp_dest, swap_values.destination, sizeof(tmp_dest))) { - PRINTF("Addresses differ\n"); + PRINTF("Addresses differ: expected %.*H, got %.*H\n", + sizeof(tmp_dest), + tmp_dest, + sizeof(tmp_dest), + swap_values.destination); return false; } return true; From 6b977c44c69e150b0a7249d8bf54c2617fb009b9 Mon Sep 17 00:00:00 2001 From: pscott Date: Wed, 9 Jun 2021 14:50:32 +0200 Subject: [PATCH 2/7] do not explicitly check for the signature curve when swapping --- src/swap/is_safe_to_swap.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/swap/is_safe_to_swap.c b/src/swap/is_safe_to_swap.c index 0c0c6f83..2216a350 100644 --- a/src/swap/is_safe_to_swap.c +++ b/src/swap/is_safe_to_swap.c @@ -15,9 +15,6 @@ bool is_safe_to_swap() { } else if (op->operation.tag != OPERATION_TAG_BABYLON_TRANSACTION) { PRINTF("Expected a babylon transaction, got %d\n", op->operation.tag); return false; - } else if (op->signing.signature_type != SIGNATURE_TYPE_ED25519) { - PRINTF("Expected type ED25519 signature, got %d\n", op->signing.signature_type); - return false; } else if (op->total_fee != swap_values.fees) { PRINTF("Fees differ: expected %d, got %d\n", op->total_fee, swap_values.fees); return false; From 35de39b72b328b21f8b43a1895732edfd3011e83 Mon Sep 17 00:00:00 2001 From: pscott Date: Wed, 9 Jun 2021 15:02:15 +0200 Subject: [PATCH 3/7] Check that curve is one of the three supported by the app --- src/swap/is_safe_to_swap.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/swap/is_safe_to_swap.c b/src/swap/is_safe_to_swap.c index 2216a350..2aab3fbb 100644 --- a/src/swap/is_safe_to_swap.c +++ b/src/swap/is_safe_to_swap.c @@ -15,6 +15,11 @@ bool is_safe_to_swap() { } else if (op->operation.tag != OPERATION_TAG_BABYLON_TRANSACTION) { PRINTF("Expected a babylon transaction, got %d\n", op->operation.tag); return false; + } else if (op->signing.signature_type != SIGNATURE_TYPE_ED25519 || + op->signing.signature_type != SIGNATURE_TYPE_SECP256K1 || + op->signing.signature_type != SIGNATURE_TYPE_SECP256R1) { + PRINTF("Expected type ED25519 signature, got %d\n", op->signing.signature_type); + return false; } else if (op->total_fee != swap_values.fees) { PRINTF("Fees differ: expected %d, got %d\n", op->total_fee, swap_values.fees); return false; From d8199d1005e421c53587f8a05a83a55a49984a7c Mon Sep 17 00:00:00 2001 From: pscott Date: Wed, 9 Jun 2021 16:05:42 +0200 Subject: [PATCH 4/7] Use && instead of ||... --- src/swap/is_safe_to_swap.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/swap/is_safe_to_swap.c b/src/swap/is_safe_to_swap.c index 2aab3fbb..c819be67 100644 --- a/src/swap/is_safe_to_swap.c +++ b/src/swap/is_safe_to_swap.c @@ -15,8 +15,8 @@ bool is_safe_to_swap() { } else if (op->operation.tag != OPERATION_TAG_BABYLON_TRANSACTION) { PRINTF("Expected a babylon transaction, got %d\n", op->operation.tag); return false; - } else if (op->signing.signature_type != SIGNATURE_TYPE_ED25519 || - op->signing.signature_type != SIGNATURE_TYPE_SECP256K1 || + } else if (op->signing.signature_type != SIGNATURE_TYPE_ED25519 && + op->signing.signature_type != SIGNATURE_TYPE_SECP256K1 && op->signing.signature_type != SIGNATURE_TYPE_SECP256R1) { PRINTF("Expected type ED25519 signature, got %d\n", op->signing.signature_type); return false; From a4bf6af47ee8afbd52269772cd7e1338b7979b7f Mon Sep 17 00:00:00 2001 From: Edouard Merle Date: Wed, 13 Apr 2022 16:03:23 +0200 Subject: [PATCH 5/7] fix: add missing semi-columns to TRY/CATCH macros --- src/apdu_hmac.c | 2 +- src/apdu_sign.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/apdu_hmac.c b/src/apdu_hmac.c index af345309..b8b3b559 100644 --- a/src/apdu_hmac.c +++ b/src/apdu_hmac.c @@ -47,7 +47,7 @@ static inline size_t hmac(uint8_t *const out, memset(&key_pair, 0, sizeof(key_pair)); } } - END_TRY + END_TRY; // Hash the signed value with SHA512 to get a 64-byte key for HMAC. cx_hash_sha512(state->signed_hmac_key, diff --git a/src/apdu_sign.c b/src/apdu_sign.c index c6003095..ac3071a0 100644 --- a/src/apdu_sign.c +++ b/src/apdu_sign.c @@ -607,7 +607,7 @@ static int perform_signature(bool const on_hash, bool const send_hash) { memset(&key_pair, 0, sizeof(key_pair)); } } - END_TRY + END_TRY; if (error) { THROW(error); From 928ad99697513ad72f3a937331fbcde2ef05a7b5 Mon Sep 17 00:00:00 2001 From: Sarah GLINER Date: Fri, 9 Jun 2023 15:32:21 +0200 Subject: [PATCH 6/7] boot.c: add parameter to io_seproxyhal_power_off (cherry picked from commit c8f6faaba868b5f71bde9163b585f0fc85e33cb2) --- src/boot.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/boot.c b/src/boot.c index d3847e09..b4f98b03 100644 --- a/src/boot.c +++ b/src/boot.c @@ -72,7 +72,7 @@ __attribute__((section(".boot"))) int main(arg0) { // Only reached in case of uncaught exception #ifdef BAKING_APP - io_seproxyhal_power_off(); // Should not be allowed dashboard access + io_seproxyhal_power_off(false); // Should not be allowed dashboard access #else exit_app(); #endif From 9e0d91b0e040eea67a6c5c1170ba2fa88c04032a Mon Sep 17 00:00:00 2001 From: Sarah GLINER Date: Thu, 15 Jun 2023 18:10:29 +0200 Subject: [PATCH 7/7] boot: fix only for API_LEVEL > 10 (cherry picked from commit baab79c63ce9435929fd1afec5cba1e3125e6c1b) --- src/boot.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/boot.c b/src/boot.c index b4f98b03..d1d53fc4 100644 --- a/src/boot.c +++ b/src/boot.c @@ -72,7 +72,12 @@ __attribute__((section(".boot"))) int main(arg0) { // Only reached in case of uncaught exception #ifdef BAKING_APP - io_seproxyhal_power_off(false); // Should not be allowed dashboard access + + io_seproxyhal_power_off( +#if defined API_LEVEL && API_LEVEL > 10 + false +#endif + ); // Should not be allowed dashboard access #else exit_app(); #endif