From d041fc982ec0fd19229bd51becd9f106cccdf2b5 Mon Sep 17 00:00:00 2001
From: 0xPxt <aleix.raventos@zondax.ch>
Date: Tue, 27 Aug 2024 22:03:18 +0200
Subject: [PATCH] hash sign base64

---
 app/src/items.c        | 33 ++++++++++++++++++++++++---------
 app/src/items_format.c |  9 +++++++++
 app/src/items_format.h |  2 ++
 3 files changed, 35 insertions(+), 9 deletions(-)

diff --git a/app/src/items.c b/app/src/items.c
index 2407d5b..c164070 100644
--- a/app/src/items.c
+++ b/app/src/items.c
@@ -21,6 +21,7 @@
 #include "crypto_helper.h"
 #include "items_format.h"
 #include "parser_impl.h"
+#include "zxformat.h"
 
 #define INCREMENT_NUM_ITEMS()                           \
     item_array.numOfItems++;                            \
@@ -36,6 +37,7 @@ static items_error_t items_validateSigners();
 static items_error_t items_storePayingGas();
 static items_error_t items_storeAllTransfers();
 static items_error_t items_storeCaution();
+static items_error_t items_storeHashWarning();
 static items_error_t items_storeChainId();
 static items_error_t items_storeUsingGas();
 static items_error_t items_checkTxLengths();
@@ -97,6 +99,10 @@ items_error_t items_storeItems(tx_type_t tx_type) {
         CHECK_ITEMS_ERROR(items_checkTxLengths());
     }
 
+    if (tx_type == tx_type_hash) {
+        CHECK_ITEMS_ERROR(items_storeHashWarning());
+    }
+
     CHECK_ITEMS_ERROR(items_computeHash(tx_type));
 
     CHECK_ITEMS_ERROR(items_storeHash());
@@ -288,6 +294,16 @@ static items_error_t items_storeAllTransfers() {
     return items_ok;
 }
 
+static items_error_t items_storeHashWarning() {
+    item_t *item = &item_array.items[item_array.numOfItems];
+
+    strcpy(item->key, "WARNING");
+    item_array.toString[item_array.numOfItems] = items_hashWarningToDisplayString;
+    INCREMENT_NUM_ITEMS()
+
+    return items_ok;
+}
+
 static items_error_t items_storeCaution() {
     item_t *item = &item_array.items[item_array.numOfItems];
 
@@ -353,17 +369,16 @@ static items_error_t items_checkTxLengths() {
 static items_error_t items_computeHash(tx_type_t tx_type) {
     if (tx_type == tx_type_hash) {
         tx_hash_t *hash_obj = parser_getParserHashObj();
-        MEMCPY(base64_hash, hash_obj->tx, hash_obj->hash_len);
-        return items_ok;
-    }
-
-    if (blake2b_hash((uint8_t *)parser_getParserJsonObj()->json.buffer, parser_getParserJsonObj()->json.bufferLen, hash) !=
-        zxerr_ok) {
-        return items_error;
+        base64_encode(base64_hash, 44, hash_obj->tx, hash_obj->hash_len);
+    } else if (tx_type == tx_type_json) {
+        if (blake2b_hash((uint8_t *)parser_getParserJsonObj()->json.buffer, parser_getParserJsonObj()->json.bufferLen, hash) !=
+            zxerr_ok) {
+            return items_error;
+        }
+    
+        base64_encode(base64_hash, 44, hash, sizeof(hash));
     }
 
-    base64_encode(base64_hash, 44, hash, sizeof(hash));
-
     // Make it base64 URL safe
     for (int i = 0; base64_hash[i] != '\0'; i++) {
         if (base64_hash[i] == '+') {
diff --git a/app/src/items_format.c b/app/src/items_format.c
index 7c3b037..1bcfd03 100644
--- a/app/src/items_format.c
+++ b/app/src/items_format.c
@@ -58,6 +58,15 @@ items_error_t items_warningToDisplayString(__Z_UNUSED item_t item, char *outVal,
     return items_ok;
 }
 
+items_error_t items_hashWarningToDisplayString(__Z_UNUSED item_t item, char *outVal, uint16_t outValLen) {
+    uint16_t len = sizeof(HASH_WARNING_TEXT);
+
+    if (len > outValLen) return items_data_too_large;
+
+    snprintf(outVal, len, HASH_WARNING_TEXT);
+    return items_ok;
+}
+
 items_error_t items_cautionToDisplayString(__Z_UNUSED item_t item, char *outVal, uint16_t outValLen) {
     uint16_t len = sizeof(CAUTION_TEXT);
 
diff --git a/app/src/items_format.h b/app/src/items_format.h
index 738d759..6d3f60e 100644
--- a/app/src/items_format.h
+++ b/app/src/items_format.h
@@ -23,6 +23,7 @@
 #define WARNING_TEXT                                                                                                   \
     "UNSAFE TRANSACTION. This transaction's code was not recognized and does not limit capabilities for all signers. " \
     "Signing this transaction may make arbitrary actions on the chain including loss of all funds."
+#define HASH_WARNING_TEXT "Blind Signing a Transaction Hash is a very unusual operation. Do not continue unless you know what you are doing"
 #define CAUTION_TEXT "'meta' field of transaction not recognized"
 #define TX_TOO_LARGE_TEXT \
     "Transaction too large for Ledger to display.  PROCEED WITH GREAT CAUTION.  Do you want to continue?"
@@ -30,6 +31,7 @@
 items_error_t items_stdToDisplayString(item_t item, char *outVal, uint16_t outValLen);
 items_error_t items_nothingToDisplayString(__Z_UNUSED item_t item, char *outVal, uint16_t outValLen);
 items_error_t items_warningToDisplayString(__Z_UNUSED item_t item, char *outVal, uint16_t outValLen);
+items_error_t items_hashWarningToDisplayString(__Z_UNUSED item_t item, char *outVal, uint16_t outValLen);
 items_error_t items_cautionToDisplayString(__Z_UNUSED item_t item, char *outVal, uint16_t outValLen);
 items_error_t items_txTooLargeToDisplayString(__Z_UNUSED item_t item, char *outVal, uint16_t outValLen);
 items_error_t items_signingToDisplayString(item_t item, char *outVal, uint16_t outValLen);