diff --git a/CHANGELOG.md b/CHANGELOG.md index 151eff69..5a6c0af7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,19 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/). +## [7.1.0](TBD) - [TBD] + +Message signing (CIP-8) + +### Added + +- support for basic message signing (CIP-8, CIP-30) + +### Changed + +- TODO updated list of native tokens recognized by the app with correct decimal places + + ## [7.0.2](TBD) - [TBD] Conway era diff --git a/Makefile b/Makefile index 73a40b71..9f20aeac 100644 --- a/Makefile +++ b/Makefile @@ -18,8 +18,8 @@ APPNAME = "Cardano ADA" APPVERSION_M = 7 -APPVERSION_N = 0 -APPVERSION_P = 2 +APPVERSION_N = 1 +APPVERSION_P = 0 APPVERSION = "$(APPVERSION_M).$(APPVERSION_N).$(APPVERSION_P)" ifeq ($(BOLOS_SDK),) diff --git a/src/cardano.h b/src/cardano.h index cc99ac2c..390b9f8a 100644 --- a/src/cardano.h +++ b/src/cardano.h @@ -13,6 +13,8 @@ STATIC_ASSERT(LOVELACE_MAX_SUPPLY < LOVELACE_INVALID, "bad LOVELACE_INVALID"); +#define ED25519_SIGNATURE_LENGTH 64 + #define ADDRESS_KEY_HASH_LENGTH 28 #define POOL_KEY_HASH_LENGTH 28 #define VRF_KEY_HASH_LENGTH 32 @@ -180,4 +182,11 @@ typedef enum { #endif // APP_FEATURE_NATIVE_SCRIPT_HASH +// ============================== CIP8 MESSAGE SIGNING ============================== + +typedef enum { + CIP8_ADDRESS_FIELD_ADDRESS = 1, + CIP8_ADDRESS_FIELD_KEYHASH = 2, +} cip8_address_field_type_t; + #endif // H_CARDANO_APP_CARDANO diff --git a/src/handlers.c b/src/handlers.c index db9792f4..dd90fdb5 100644 --- a/src/handlers.c +++ b/src/handlers.c @@ -12,6 +12,7 @@ #include "deriveAddress.h" #include "deriveNativeScriptHash.h" #include "signTx.h" +#include "signMsg.h" #include "signOpCert.h" #include "signCVote.h" @@ -39,6 +40,7 @@ handler_fn_t* lookupHandler(uint8_t ins) CASE(0x22, signOpCert_handleAPDU); #endif // APP_FEATURE_OPCERT CASE(0x23, signCVote_handleAPDU); + CASE(0x24, signMsg_handleAPDU); #ifdef DEVEL // 0xF* - debug_mode related diff --git a/src/messageSigning.c b/src/messageSigning.c index 4d495ff1..dab0e403 100644 --- a/src/messageSigning.c +++ b/src/messageSigning.c @@ -6,9 +6,9 @@ #include "securityPolicy.h" #include "crypto.h" -static void signRawMessageWithPath(bip44_path_t* pathSpec, - const uint8_t* messageBuffer, size_t messageSize, - uint8_t* outBuffer, size_t outSize) +void signRawMessageWithPath(bip44_path_t* pathSpec, + const uint8_t* messageBuffer, size_t messageSize, + uint8_t* outBuffer, size_t outSize) { size_t sigLen = outSize; @@ -37,7 +37,6 @@ static void signRawMessageWithPath(bip44_path_t* pathSpec, #endif ASSERT(sigLen == ED25519_SIGNATURE_LENGTH); - } // sign the given hash by the private key derived according to the given path diff --git a/src/messageSigning.h b/src/messageSigning.h index e2db31f8..4984df72 100644 --- a/src/messageSigning.h +++ b/src/messageSigning.h @@ -3,6 +3,10 @@ #include "bip44.h" +void signRawMessageWithPath(bip44_path_t* pathSpec, + const uint8_t* messageBuffer, size_t messageSize, + uint8_t* outBuffer, size_t outSize); + void getWitness(bip44_path_t* pathSpec, const uint8_t* txHashBuffer, size_t txHashSize, uint8_t* outBuffer, size_t outSize); diff --git a/src/runTests.h b/src/runTests.h index 4dec40ed..3c49170e 100644 --- a/src/runTests.h +++ b/src/runTests.h @@ -1,12 +1,12 @@ -#ifdef DEVEL - #ifndef H_CARDANO_APP_RUN_TESTS #define H_CARDANO_APP_RUN_TESTS +#ifdef DEVEL + #include "handlers.h" handler_fn_t handleRunTests; -#endif // H_CARDANO_APP_RUN_TESTS - #endif // DEVEL + +#endif // H_CARDANO_APP_RUN_TESTS diff --git a/src/securityPolicy.c b/src/securityPolicy.c index 7e5e1451..94ff7ef1 100644 --- a/src/securityPolicy.c +++ b/src/securityPolicy.c @@ -2183,3 +2183,46 @@ security_policy_t policyForSignCVoteWitness(bip44_path_t* path) break; } } + +security_policy_t policyForSignMsg( + const bip44_path_t* witnessPath, + cip8_address_field_type_t addressFieldType, + const addressParams_t* addressParams +) +{ + switch (bip44_classifyPath(witnessPath)) { + case PATH_ORDINARY_SPENDING_KEY: + case PATH_ORDINARY_STAKING_KEY: + case PATH_MULTISIG_SPENDING_KEY: + case PATH_MULTISIG_STAKING_KEY: + case PATH_MINT_KEY: + case PATH_DREP_KEY: + case PATH_COMMITTEE_COLD_KEY: + case PATH_COMMITTEE_HOT_KEY: + case PATH_POOL_COLD_KEY: + // OK + break; + default: + DENY(); + break; + } + + if (addressFieldType == CIP8_ADDRESS_FIELD_ADDRESS) { + DENY_UNLESS(isValidAddressParams(addressParams)); + + switch (addressParams->type) { + case BASE_PAYMENT_KEY_STAKE_KEY: + case BASE_PAYMENT_KEY_STAKE_SCRIPT: + case REWARD_KEY: + case ENTERPRISE_KEY: + // OK + break; + + default: + DENY(); + break; + } + } + + PROMPT(); +} diff --git a/src/securityPolicy.h b/src/securityPolicy.h index b185ac2c..7bcbd776 100644 --- a/src/securityPolicy.h +++ b/src/securityPolicy.h @@ -242,4 +242,10 @@ security_policy_t policyForSignCVoteInit(); security_policy_t policyForSignCVoteConfirm(); security_policy_t policyForSignCVoteWitness(bip44_path_t* path); +security_policy_t policyForSignMsg( + const bip44_path_t* witnessPath, + cip8_address_field_type_t addressFieldType, + const addressParams_t* addressParams +); + #endif // H_CARDANO_APP_SECURITY_POLICY diff --git a/src/signCVote.c b/src/signCVote.c index c588b7e8..6f275e4f 100644 --- a/src/signCVote.c +++ b/src/signCVote.c @@ -115,7 +115,7 @@ void signCVote_handleInitAPDU( default: THROW(ERR_NOT_IMPLEMENTED); } - handleInit_ui_runStep(); + signCVote_handleInit_ui_runStep(); } // ============================== VOTECAST CHUNK ============================== @@ -190,7 +190,7 @@ void signCVote_handleConfirmAPDU( } } - handleConfirm_ui_runStep(); + signCVote_handleConfirm_ui_runStep(); } // ============================== WITNESS ============================== diff --git a/src/signCVote_ui.c b/src/signCVote_ui.c index be0fe563..d1b3c48e 100644 --- a/src/signCVote_ui.c +++ b/src/signCVote_ui.c @@ -17,9 +17,9 @@ static ins_sign_cvote_context_t* ctx = &(instructionState.signCVoteContext); // ============================== INIT ============================== -void handleInit_ui_runStep() +void signCVote_handleInit_ui_runStep() { - ui_callback_fn_t* this_fn = handleInit_ui_runStep; + ui_callback_fn_t* this_fn = signCVote_handleInit_ui_runStep; UI_STEP_BEGIN(ctx->ui_step, this_fn); @@ -92,11 +92,11 @@ void handleInit_ui_runStep() // ============================== CONFIRM ============================== -void handleConfirm_ui_runStep() +void signCVote_handleConfirm_ui_runStep() { TRACE("UI step %d", ctx->ui_step); TRACE_STACK_USAGE(); - ui_callback_fn_t* this_fn = handleConfirm_ui_runStep; + ui_callback_fn_t* this_fn = signCVote_handleConfirm_ui_runStep; UI_STEP_BEGIN(ctx->ui_step, this_fn); diff --git a/src/signCVote_ui.h b/src/signCVote_ui.h index d18a1fb0..ca1edc3d 100644 --- a/src/signCVote_ui.h +++ b/src/signCVote_ui.h @@ -2,6 +2,7 @@ #define H_CARDANO_APP_SIGN_CVOTE_UI #include "uiHelpers.h" + // ============================== INIT ============================== enum { @@ -13,7 +14,7 @@ enum { HANDLE_INIT_INVALID, }; -void handleInit_ui_runStep(); +void signCVote_handleInit_ui_runStep(); // ============================== CONFIRM ============================== @@ -23,7 +24,7 @@ enum { HANDLE_CONFIRM_STEP_INVALID, }; -void handleConfirm_ui_runStep(); +void signCVote_handleConfirm_ui_runStep(); // ============================== WITNESS ============================== diff --git a/src/signMsg.c b/src/signMsg.c new file mode 100644 index 00000000..345ece9d --- /dev/null +++ b/src/signMsg.c @@ -0,0 +1,360 @@ +#include "common.h" + +#include "signMsg.h" +#include "signMsg_ui.h" +#include "keyDerivation.h" +#include "endian.h" +#include "state.h" +#include "uiHelpers.h" +#include "securityPolicy.h" +#include "messageSigning.h" +#include "textUtils.h" +#include "signTxUtils.h" + +#ifdef HAVE_BAGL +#include "uiScreens_bagl.h" +#elif defined(HAVE_NBGL) +#include "uiScreens_nbgl.h" +#endif + +static ins_sign_msg_context_t* ctx = &(instructionState.signMsgContext); + + +static bool parseBool(read_view_t* view) +{ + uint8_t value = parse_u1be(view); + TRACE("bool value: %d", value); + + switch (value) { + case 0: + return false; + case 1: + return true; + default: + THROW(ERR_INVALID_DATA); + } +} + +void signMsg_handleInitAPDU( + const uint8_t* wireDataBuffer, + size_t wireDataSize +) +{ + { + TRACE_BUFFER(wireDataBuffer, wireDataSize); + read_view_t view = make_read_view(wireDataBuffer, wireDataBuffer + wireDataSize); + + ctx->msgLength = parse_u4be(&view); + TRACE("Msg length: %d", ctx->msgLength); + ctx->remainingBytes = ctx->msgLength; + + view_skipBytes(&view, bip44_parseFromWire(&ctx->witnessPath, VIEW_REMAINING_TO_TUPLE_BUF_SIZE(&view))); + TRACE("Witness path:"); + BIP44_PRINTF(&ctx->witnessPath); + PRINTF("\n"); + + ctx->hashPayload = parseBool(&view); + TRACE("Hash payload: %d", ctx->hashPayload); + + ctx->isAscii = parseBool(&view); + TRACE("Is ascii: %d", ctx->isAscii); + + ctx->addressFieldType = parse_u1be(&view); + TRACE("Address field type: %d", ctx->addressFieldType); + switch (ctx->addressFieldType) { + case CIP8_ADDRESS_FIELD_ADDRESS: + view_parseAddressParams(&view, &ctx->addressParams); + break; + case CIP8_ADDRESS_FIELD_KEYHASH: + // no address field data to parse + break; + default: + THROW(ERR_INVALID_DATA); + } + + VALIDATE(view_remainingSize(&view) == 0, ERR_INVALID_DATA); + } + + // Check security policy + security_policy_t policy = policyForSignMsg( + &ctx->witnessPath, + ctx->addressFieldType, + &ctx->addressParams + ); + ENSURE_NOT_DENIED(policy); + + // always compute message hash + blake2b_224_init(&ctx->msgHashCtx); + + { + // key is sent back at the end and possibly needed when displaying address field + extendedPublicKey_t extPubKey; + deriveExtendedPublicKey( + &ctx->witnessPath, + &extPubKey + ); + STATIC_ASSERT(SIZEOF(extPubKey.pubKey) == SIZEOF(ctx->witnessKey), "wrong witness key size"); + memmove(ctx->witnessKey, extPubKey.pubKey, SIZEOF(extPubKey.pubKey)); + } + + // this must always be shown + ASSERT(policy == POLICY_PROMPT_BEFORE_RESPONSE); + ctx->ui_step = HANDLE_INIT_HASH_PAYLOAD; + signMsg_handleInit_ui_runStep(); +} + +static void signMsg_handleMsgChunkAPDU(const uint8_t* wireDataBuffer, size_t wireDataSize) +{ + { + ASSERT(ctx->stage == SIGN_MSG_STAGE_CHUNKS); + if (!ctx->hashPayload) { + // only a single chunk is to be received + ASSERT(ctx->receivedChunks == 0); + } + } + { + ctx->receivedChunks += 1; + + TRACE_BUFFER(wireDataBuffer, wireDataSize); + + read_view_t view = make_read_view(wireDataBuffer, wireDataBuffer + wireDataSize); + + const size_t chunkSize = parse_u4be(&view); + TRACE("chunkSize = %u", chunkSize); + + // we allow empty message, displayed in the ui at this stage; it comes with empty chunk + if (ctx->msgLength > 0) { + VALIDATE(chunkSize > 0, ERR_INVALID_DATA); + } + + if (ctx->receivedChunks == 1) { + if (ctx->isAscii) { + VALIDATE(chunkSize <= MAX_CIP8_MSG_FIRST_CHUNK_ASCII_SIZE, ERR_INVALID_DATA); + } else { + VALIDATE(chunkSize <= MAX_CIP8_MSG_FIRST_CHUNK_HEX_SIZE, ERR_INVALID_DATA); + } + } else { + VALIDATE(chunkSize <= MAX_CIP8_MSG_HIDDEN_CHUNK_SIZE, ERR_INVALID_DATA); + } + + VALIDATE(chunkSize <= ctx->remainingBytes, ERR_INVALID_DATA); + ctx->remainingBytes -= chunkSize; + ctx->chunkSize = chunkSize; + + ASSERT(chunkSize <= SIZEOF(ctx->chunk)); + view_parseBuffer(ctx->chunk, &view, chunkSize); + if (ctx->isAscii) { + VALIDATE(str_isUnambiguousAscii(ctx->chunk, ctx->chunkSize), ERR_INVALID_DATA); + } + + VALIDATE(view_remainingSize(&view) == 0, ERR_INVALID_DATA); + } + { + TRACE("Adding msg chunk to msg hash"); + blake2b_224_append(&ctx->msgHashCtx, ctx->chunk, ctx->chunkSize); + } + + if (ctx->receivedChunks == 1) { + if (!ctx->hashPayload) { + // for non-hashed payload, we expect only a single chunk + VALIDATE(ctx->remainingBytes == 0, ERR_INVALID_DATA); + } + ctx->ui_step = HANDLE_CHUNK_STEP_INTRO; + signMsg_handleChunk_ui_runStep(); + } else { + // for non-hashed payload, we expect only a single chunk, + // so the state should be SIGN_MSG_STAGE_CONFIRM already + ASSERT(ctx->hashPayload); + + // the chunk has been added to msg hash, nothing more to do, and no UI + respondSuccessEmptyMsg(); + + if (ctx->remainingBytes == 0) { + ctx->stage = SIGN_MSG_STAGE_CONFIRM; + } + } +} + +static size_t _createProtectedHeader(uint8_t* protectedHeaderBuffer, size_t maxSize) +{ + // protectedHeader = { + // 1 : -8, // set algorithm to EdDSA + // “address” : address_bytes // raw address given by the user, or key hash + // } + BEGIN_TRY { + TRY { + uint8_t* p = protectedHeaderBuffer; + uint8_t* end = protectedHeaderBuffer + maxSize; + + { + size_t len = cbor_writeToken(CBOR_TYPE_MAP, 2, p, end - p); + p += len; + } + { + size_t len = cbor_writeToken(CBOR_TYPE_UNSIGNED, 1, p, end - p); + p += len; + } + { + size_t len = cbor_writeToken(CBOR_TYPE_NEGATIVE, -8, p, end - p); + p += len; + } + + switch (ctx->addressFieldType) { + case CIP8_ADDRESS_FIELD_ADDRESS: { + uint8_t addressBuffer[MAX_ADDRESS_SIZE]; + size_t addressLen = deriveAddress(&ctx->addressParams, addressBuffer, SIZEOF(addressBuffer)); + { + size_t len = cbor_writeToken(CBOR_TYPE_BYTES, addressLen, p, end - p); + p += len; + } + ASSERT(p + addressLen < end); + { + memmove(p, addressBuffer, addressLen); + p += addressLen; + } + break; + } + case CIP8_ADDRESS_FIELD_KEYHASH: { + uint8_t hashedKey[ADDRESS_KEY_HASH_LENGTH] = {0}; + bip44_pathToKeyHash(&ctx->witnessPath, hashedKey, SIZEOF(hashedKey)); + { + size_t len = cbor_writeToken(CBOR_TYPE_BYTES, SIZEOF(hashedKey), p, end - p); + p += len; + } + ASSERT(p + SIZEOF(hashedKey) < end); + { + memmove(p, hashedKey, SIZEOF(hashedKey)); + p += SIZEOF(hashedKey); + } + break; + } + default: + ASSERT(false); + } + + const size_t protectedHeaderSize = p - protectedHeaderBuffer; + ASSERT(protectedHeaderSize > 0); + ASSERT(protectedHeaderSize < maxSize); + + TRACE_BUFFER(protectedHeaderBuffer, protectedHeaderSize); // TODO remove later + + return protectedHeaderSize; + } CATCH(ERR_DATA_TOO_LARGE) { + ASSERT(false); + } FINALLY { + } + } END_TRY; + + return -1; +} + +static void signMsg_handleConfirmAPDU(const uint8_t* wireDataBuffer MARK_UNUSED, size_t wireDataSize) +{ + VALIDATE(wireDataSize == 0, ERR_INVALID_DATA); + + uint8_t sigStructure[400]; // TODO + explicit_bzero(sigStructure, SIZEOF(sigStructure)); + size_t written = 0; + const size_t maxWritten = SIZEOF(sigStructure); + + // Sig_structure = [ + // context : “Signature1”, + // body_protected : CBOR_encode(protectedHeader), + // external_aad : bstr, // empty buffer here + // payload : bstr // message or its hash as bytes + // ] + + written += cbor_writeToken(CBOR_TYPE_ARRAY, 4, sigStructure + written, maxWritten - written); + ASSERT(written < maxWritten); + + { + const char* firstElement = "Signature1"; + written += cbor_writeToken(CBOR_TYPE_TEXT, strlen(firstElement), sigStructure + written, maxWritten - written); + ASSERT(written < maxWritten); + ASSERT(strlen(firstElement) < maxWritten - written); + memcpy(sigStructure + written, firstElement, strlen(firstElement)); + written += strlen(firstElement); + } + { + written += _createProtectedHeader(sigStructure + written, maxWritten - written); + ASSERT(written < maxWritten); + } + { + written += cbor_writeToken(CBOR_TYPE_BYTES, 0, sigStructure + written, maxWritten - written); + ASSERT(written < maxWritten); + } + { + if (ctx->hashPayload) { + uint8_t msgHash[28]; + blake2b_224_finalize(&ctx->msgHashCtx, msgHash, SIZEOF(msgHash)); + + written += cbor_writeToken(CBOR_TYPE_BYTES, SIZEOF(msgHash), sigStructure + written, maxWritten - written); + ASSERT(written < maxWritten); + + ASSERT(SIZEOF(msgHash) < maxWritten - written); + memcpy(sigStructure + written, msgHash, SIZEOF(msgHash)); + written += SIZEOF(msgHash); + ASSERT(written < maxWritten); + } else { + // for non-hashed payload, the chunk from the previous APDU is used + ASSERT(ctx->receivedChunks == 1); + + written += cbor_writeToken(CBOR_TYPE_BYTES, ctx->chunkSize, sigStructure + written, maxWritten - written); + ASSERT(written < maxWritten); + + ASSERT(ctx->chunkSize < maxWritten - written); + memcpy(sigStructure + written, ctx->chunk, ctx->chunkSize); + written += ctx->chunkSize; + ASSERT(written < maxWritten); + } + } + + const size_t sigStructureSize = written; + TRACE_BUFFER(sigStructure, sigStructureSize); + + signRawMessageWithPath(&ctx->witnessPath, sigStructure, sigStructureSize, ctx->signature, SIZEOF(ctx->signature)); + + ctx->ui_step = HANDLE_CONFIRM_STEP_FINAL_CONFIRM; + signMsg_handleConfirm_ui_runStep(); +} + +// ============================== MAIN HANDLER ============================== + +typedef void subhandler_fn_t(const uint8_t* dataBuffer, size_t dataSize); + +static subhandler_fn_t* lookup_subhandler(uint8_t p1) +{ + switch (p1) { +#define CASE(P1, HANDLER) case P1: return HANDLER; +#define DEFAULT(HANDLER) default: return HANDLER; + CASE(0x01, signMsg_handleInitAPDU); + CASE(0x02, signMsg_handleMsgChunkAPDU); + CASE(0x03, signMsg_handleConfirmAPDU); + DEFAULT(NULL) +#undef CASE +#undef DEFAULT + } +} + +void signMsg_handleAPDU( + uint8_t p1, + uint8_t p2, + const uint8_t* wireDataBuffer, + size_t wireDataSize, + bool isNewCall +) +{ + TRACE("P1 = 0x%x, P2 = 0x%x, isNewCall = %d", p1, p2, isNewCall); + ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); + + VALIDATE(p2 == P2_UNUSED, ERR_INVALID_REQUEST_PARAMETERS); + + if (isNewCall) { + explicit_bzero(ctx, SIZEOF(*ctx)); + ctx->stage = SIGN_MSG_STAGE_INIT; + } + + subhandler_fn_t* subhandler = lookup_subhandler(p1); + VALIDATE(subhandler != NULL, ERR_INVALID_REQUEST_PARAMETERS); + subhandler(wireDataBuffer, wireDataSize); +} diff --git a/src/signMsg.h b/src/signMsg.h new file mode 100644 index 00000000..f2dcb356 --- /dev/null +++ b/src/signMsg.h @@ -0,0 +1,51 @@ +#ifndef H_CARDANO_APP_SIGN_MSG +#define H_CARDANO_APP_SIGN_MSG + +#include "addressUtilsShelley.h" +#include "cardano.h" +#include "common.h" +#include "handlers.h" +#include "hash.h" +#include "bip44.h" +#include "keyDerivation.h" + +handler_fn_t signMsg_handleAPDU; + +// Note: this cannot be increased, there is a limit of 200 chars in the UI +#define MAX_CIP8_MSG_FIRST_CHUNK_ASCII_SIZE 198 +#define MAX_CIP8_MSG_FIRST_CHUNK_HEX_SIZE 99 +#define MAX_CIP8_MSG_HIDDEN_CHUNK_SIZE 250 + +typedef enum { + SIGN_MSG_STAGE_NONE = 0, + SIGN_MSG_STAGE_INIT = 43, + SIGN_MSG_STAGE_CHUNKS = 44, + SIGN_MSG_STAGE_CONFIRM = 45, +} sign_msg_stage_t; + +typedef struct { + bip44_path_t witnessPath; + cip8_address_field_type_t addressFieldType; + addressParams_t addressParams; + + bool isAscii; + bool hashPayload; + + size_t msgLength; + size_t remainingBytes; + size_t receivedChunks; + + uint8_t chunk[MAX_CIP8_MSG_HIDDEN_CHUNK_SIZE]; + size_t chunkSize; + + blake2b_224_context_t msgHashCtx; + uint8_t signature[ED25519_SIGNATURE_LENGTH]; + uint8_t witnessKey[PUBLIC_KEY_SIZE]; + + sign_msg_stage_t stage; + int ui_step; +} ins_sign_msg_context_t; + +handler_fn_t signMsg_handleAPDU; + +#endif // H_CARDANO_APP_SIGN_MSG \ No newline at end of file diff --git a/src/signMsg_ui.c b/src/signMsg_ui.c new file mode 100644 index 00000000..983f6a3e --- /dev/null +++ b/src/signMsg_ui.c @@ -0,0 +1,310 @@ +#include "hexUtils.h" +#include "messageSigning.h" +#include "securityPolicy.h" +#include "signMsg.h" +#include "signTxUtils.h" +#include "state.h" +#include "signMsg_ui.h" + +#ifdef HAVE_BAGL +#include "uiScreens_bagl.h" +#elif defined(HAVE_NBGL) +#include "uiScreens_nbgl.h" +#include "nbgl_use_case.h" +#endif + + +static ins_sign_msg_context_t* ctx = &(instructionState.signMsgContext); + +// ============================== INIT ============================== + +void signMsg_handleInit_ui_runStep() +{ + TRACE("UI step %d", ctx->ui_step); + TRACE_STACK_USAGE(); + ui_callback_fn_t* this_fn = signMsg_handleInit_ui_runStep; + + UI_STEP_BEGIN(ctx->ui_step, this_fn); + + UI_STEP(HANDLE_INIT_HASH_PAYLOAD) { + #ifdef HAVE_BAGL + const char* firstLine = (ctx->hashPayload) ? "Sign hashed" : "Sign non-hashed"; + ui_displayPrompt( + firstLine, + "message? (CIP-8)", + this_fn, + respond_with_user_reject + ); + #elif defined(HAVE_NBGL) + set_light_confirmation(true); + const char* text = (ctx->hashPayload) ? "Sign hashed\nmessage? (CIP-8)" : "Sign non-hashed\nmessage? (CIP-8)"; + display_prompt(text, "", this_fn, respond_with_user_reject); + #endif // HAVE_BAGL + } + UI_STEP(HANDLE_INIT_WITNESS_PATH) { + #ifdef HAVE_BAGL + ui_displayPathScreen("Signing path", &ctx->witnessPath, this_fn); + #elif defined(HAVE_NBGL) + char pathStr[BIP44_PATH_STRING_SIZE_MAX + 1] = {0}; + ui_getPathScreen(pathStr, SIZEOF(pathStr), &ctx->witnessPath); + fill_and_display_if_required("Signing path", pathStr, this_fn, respond_with_user_reject); + #endif // HAVE_BAGL + } + UI_STEP(HANDLE_INIT_ADDRESS_FIELD_DISPLAY_KEY_HASH) { + if (ctx->addressFieldType == CIP8_ADDRESS_FIELD_ADDRESS) { + UI_STEP_JUMP(HANDLE_INIT_ADDRESS_FIELD_DISPLAY_ADDRESS); + } + + uint8_t hash[28]; + blake2b_224_hash( + ctx->witnessKey, SIZEOF(ctx->witnessKey), + hash, SIZEOF(hash) + ); + + #ifdef HAVE_BAGL + ui_displayHexBufferScreen( + "Address field", + hash, + SIZEOF(hash), + this_fn + ); + #elif defined(HAVE_NBGL) + char bufferHex[2 * SCRIPT_HASH_LENGTH + 1] = {0}; + ui_getHexBufferScreen(bufferHex, SIZEOF(bufferHex), hash, SIZEOF(hash)); + fill_and_display_if_required("Address field", bufferHex, this_fn, respond_with_user_reject); + #endif // HAVE_BAGL + } + UI_STEP(HANDLE_INIT_ADDRESS_FIELD_DISPLAY_ADDRESS) { + if (ctx->addressFieldType != CIP8_ADDRESS_FIELD_ADDRESS) { + UI_STEP_JUMP(HANDLE_INIT_RESPOND); + } + + uint8_t addressBuffer[MAX_ADDRESS_SIZE] = {0}; + size_t addressSize = deriveAddress(&ctx->addressParams, addressBuffer, SIZEOF(addressBuffer)); + ASSERT(addressSize > 0); + ASSERT(addressSize <= MAX_ADDRESS_SIZE); + + #ifdef HAVE_BAGL + ui_displayAddressScreen( + "Address field", + addressBuffer, addressSize, + this_fn + ); + #elif defined(HAVE_NBGL) + char humanAddress[MAX_HUMAN_ADDRESS_SIZE] = {0}; + ui_getAddressScreen( + humanAddress, + SIZEOF(humanAddress), + addressBuffer, + addressSize + ); + fill_and_display_if_required("Address field", humanAddress, this_fn, respond_with_user_reject); + #endif // HAVE_BAGL + } + UI_STEP(HANDLE_INIT_ADDRESS_FIELD_DISPLAY_SPENDING_PATH) { + #ifdef HAVE_BAGL + ui_displaySpendingInfoScreen(&ctx->addressParams, this_fn); + #elif defined(HAVE_NBGL) +#define SPENDING_INFO_SIZE MAX(BECH32_STRING_SIZE_MAX, BIP44_PATH_STRING_SIZE_MAX) + char line1[30]; + char spendingInfo[SPENDING_INFO_SIZE] = {0}; + ui_getSpendingInfoScreen(line1, SIZEOF(line1), spendingInfo, SIZEOF(spendingInfo), &ctx->addressParams); + fill_and_display_if_required(line1, spendingInfo, this_fn, respond_with_user_reject); + #endif // HAVE_BAGL + } + UI_STEP(HANDLE_INIT_ADDRESS_FIELD_DISPLAY_STAKING_INFO) { + #ifdef HAVE_BAGL + ui_displayStakingInfoScreen(&ctx->addressParams, this_fn); + #elif defined(HAVE_NBGL) + char line1[30] = {0}; + char stakingInfo[120] = {0}; + ui_getStakingInfoScreen(line1, SIZEOF(line1), stakingInfo, SIZEOF(stakingInfo), &ctx->addressParams); + fill_and_display_if_required(line1, stakingInfo, this_fn, respond_with_user_reject); + #endif // HAVE_BAGL + } + UI_STEP(HANDLE_INIT_RESPOND) { + respondSuccessEmptyMsg(); + ctx->stage = SIGN_MSG_STAGE_CHUNKS; + } + UI_STEP_END(HANDLE_INIT_INVALID); +} + +// ============================== CHUNK ============================== + +void _displayMsgEmpty(ui_callback_fn_t* callback) +{ + #ifdef HAVE_BAGL + ui_displayPaginatedText( + "Empty", + "message", + callback + ); + #elif defined(HAVE_NBGL) + fill_and_display_if_required("Empty", "message", callback, respond_with_user_reject); + #endif // HAVE_BAGL +} + +void _displayMsgIntro(ui_callback_fn_t* callback) +{ + char l1[30] = {0}; + if (ctx->isAscii) { + snprintf(l1, SIZEOF(l1), "Message (ascii)"); + } else { + snprintf(l1, SIZEOF(l1), "Message (hex)"); + } + ASSERT(strlen(l1) + 1 < SIZEOF(l1)); + + char l2[30] = {0}; + snprintf(l2, SIZEOF(l2), "%u bytes", ctx->msgLength); + ASSERT(strlen(l2) + 1 < SIZEOF(l2)); + + #ifdef HAVE_BAGL + ui_displayPaginatedText( + l1, + l2, + callback + ); + #elif defined(HAVE_NBGL) + fill_and_display_if_required(l1, l2, callback, respond_with_user_reject); + #endif // HAVE_BAGL +} + +__noinline_due_to_stack__ +void _displayMsgFull(ui_callback_fn_t* callback) +{ + char l1[30]; + if (ctx->isAscii) { + snprintf(l1, SIZEOF(l1), "Message (ascii)"); + } else { + snprintf(l1, SIZEOF(l1), "Message (hex)"); + } + ASSERT(strlen(l1) + 1 < SIZEOF(l1)); + + char l2[200]; + if (ctx->isAscii) { + ASSERT(ctx->chunkSize + 1 < SIZEOF(l2)); + memcpy(l2, ctx->chunk, ctx->chunkSize); + l2[ctx->chunkSize] = '\0'; + } else { + encode_hex(ctx->chunk, ctx->chunkSize, l2, SIZEOF(l2)); + } + ASSERT(strlen(l2) + 1 < SIZEOF(l2)); + + #ifdef HAVE_BAGL + ui_displayPaginatedText( + l1, + l2, + callback + ); + #elif defined(HAVE_NBGL) + fill_and_display_if_required(l1, l2, callback, respond_with_user_reject); + #endif // HAVE_BAGL +} + +__noinline_due_to_stack__ +void _displayMsgChunk(ui_callback_fn_t* callback) +{ + const char* l1 = "Message starts with"; + + char l2[200]; + if (ctx->isAscii) { + ASSERT(ctx->chunkSize + 1 < SIZEOF(l2)); + memcpy(l2, ctx->chunk, ctx->chunkSize); + l2[ctx->chunkSize] = '\0'; + } else { + encode_hex(ctx->chunk, ctx->chunkSize, l2, SIZEOF(l2)); + } + ASSERT(strlen(l2) + 1 < SIZEOF(l2)); + + #ifdef HAVE_BAGL + ui_displayPaginatedText( + l1, + l2, + callback + ); + #elif defined(HAVE_NBGL) + fill_and_display_if_required(l1, l2, callback, respond_with_user_reject); + #endif // HAVE_BAGL +} + +void signMsg_handleChunk_ui_runStep() +{ + TRACE("UI step %d", ctx->ui_step); + TRACE_STACK_USAGE(); + ui_callback_fn_t* this_fn = signMsg_handleChunk_ui_runStep; + + ASSERT(ctx->receivedChunks == 1); + + UI_STEP_BEGIN(ctx->ui_step, this_fn); + + UI_STEP(HANDLE_CHUNK_STEP_INTRO) { + if (ctx->msgLength == 0) { + _displayMsgEmpty(this_fn); + } else { + _displayMsgIntro(this_fn); + } + } + UI_STEP(HANDLE_CHUNK_STEP_DISPLAY) { + if (ctx->msgLength == 0) { + UI_STEP_JUMP(HANDLE_CHUNK_STEP_RESPOND); + } + if (ctx->remainingBytes == 0) { + _displayMsgFull(this_fn); + } else { + _displayMsgChunk(this_fn); + } + } + UI_STEP(HANDLE_CHUNK_STEP_RESPOND) { + respondSuccessEmptyMsg(); + + if (ctx->remainingBytes == 0) { + ctx->stage = SIGN_MSG_STAGE_CONFIRM; + } + } + UI_STEP_END(HANDLE_CHUNK_STEP_INVALID); +} + +// ============================== CONFIRM ============================== + +void signMsg_handleConfirm_ui_runStep() +{ + TRACE("UI step %d", ctx->ui_step); + TRACE_STACK_USAGE(); + ui_callback_fn_t* this_fn = signMsg_handleConfirm_ui_runStep; + + UI_STEP_BEGIN(ctx->ui_step, this_fn); + + UI_STEP(HANDLE_CONFIRM_STEP_FINAL_CONFIRM) { + #ifdef HAVE_BAGL + ui_displayPrompt( + "Sign", + "message?", + this_fn, + respond_with_user_reject + ); + #elif defined(HAVE_NBGL) + display_confirmation("Sign\n message?", "", "MESSAGE\nSIGNED", "Message\nrejected", this_fn, respond_with_user_reject); + #endif // HAVE_BAGL + } + UI_STEP(HANDLE_CONFIRM_STEP_RESPOND) { + struct { + uint8_t signature[ED25519_SIGNATURE_LENGTH]; + uint8_t witnessKey[PUBLIC_KEY_SIZE]; + } wireResponse = {0}; + + STATIC_ASSERT(SIZEOF(ctx->signature) == ED25519_SIGNATURE_LENGTH, "wrong signature buffer size"); + memmove(wireResponse.signature, ctx->signature, ED25519_SIGNATURE_LENGTH); + + STATIC_ASSERT(SIZEOF(ctx->witnessKey) == PUBLIC_KEY_SIZE, "wrong key buffer size"); + memmove(wireResponse.witnessKey, ctx->witnessKey, PUBLIC_KEY_SIZE); + + io_send_buf(SUCCESS, (uint8_t*) &wireResponse, SIZEOF(wireResponse)); + #ifdef HAVE_BAGL + ui_displayBusy(); // displays dots, called only after I/O to avoid freezing + #endif // HAVE_BAGL + + ctx->stage = SIGN_MSG_STAGE_NONE; + ui_idle(); + } + UI_STEP_END(HANDLE_CONFIRM_STEP_INVALID); +} diff --git a/src/signMsg_ui.h b/src/signMsg_ui.h new file mode 100644 index 00000000..ea601ff0 --- /dev/null +++ b/src/signMsg_ui.h @@ -0,0 +1,42 @@ +#ifndef H_CARDANO_APP_SIGN_CVOTE_UI +#define H_CARDANO_APP_SIGN_CVOTE_UI + +#include "uiHelpers.h" + +// ============================== INIT ============================== + +enum { + HANDLE_INIT_HASH_PAYLOAD = 100, + HANDLE_INIT_WITNESS_PATH, + HANDLE_INIT_ADDRESS_FIELD_DISPLAY_KEY_HASH, + HANDLE_INIT_ADDRESS_FIELD_DISPLAY_ADDRESS, + HANDLE_INIT_ADDRESS_FIELD_DISPLAY_SPENDING_PATH, + HANDLE_INIT_ADDRESS_FIELD_DISPLAY_STAKING_INFO, + HANDLE_INIT_RESPOND, + HANDLE_INIT_INVALID, +}; + +void signMsg_handleInit_ui_runStep(); + +// ============================== CHUNK ============================== + +enum { + HANDLE_CHUNK_STEP_INTRO = 200, + HANDLE_CHUNK_STEP_DISPLAY, + HANDLE_CHUNK_STEP_RESPOND, + HANDLE_CHUNK_STEP_INVALID, +}; + +void signMsg_handleChunk_ui_runStep(); + +// ============================== CONFIRM ============================== + +enum { + HANDLE_CONFIRM_STEP_FINAL_CONFIRM = 300, + HANDLE_CONFIRM_STEP_RESPOND, + HANDLE_CONFIRM_STEP_INVALID, +}; + +void signMsg_handleConfirm_ui_runStep(); + +#endif // H_CARDANO_APP_SIGN_CVOTE_UI diff --git a/src/signOpCert.c b/src/signOpCert.c index b28e820c..2d42dfde 100644 --- a/src/signOpCert.c +++ b/src/signOpCert.c @@ -132,6 +132,8 @@ void signOpCert_handleAPDU( static void signOpCert_ui_runStep() { + TRACE("UI step %d", ctx->ui_step); + TRACE_STACK_USAGE(); ui_callback_fn_t* this_fn = signOpCert_ui_runStep; UI_STEP_BEGIN(ctx->ui_step, this_fn); diff --git a/src/signOpCert.h b/src/signOpCert.h index e88eec68..29eb9d1f 100644 --- a/src/signOpCert.h +++ b/src/signOpCert.h @@ -3,6 +3,7 @@ #ifdef APP_FEATURE_OPCERT +#include "cardano.h" #include "common.h" #include "handlers.h" #include "bip44.h" @@ -18,7 +19,7 @@ typedef struct { uint64_t kesPeriod; uint64_t issueCounter; bip44_path_t poolColdKeyPathSpec; - uint8_t signature[64]; + uint8_t signature[ED25519_SIGNATURE_LENGTH]; int ui_step; } ins_sign_op_cert_context_t; diff --git a/src/signTx.h b/src/signTx.h index 1fbabcd7..8ff04c32 100644 --- a/src/signTx.h +++ b/src/signTx.h @@ -1,6 +1,7 @@ #ifndef H_CARDANO_APP_SIGN_TX #define H_CARDANO_APP_SIGN_TX +#include "cardano.h" #include "common.h" #include "hash.h" #include "handlers.h" @@ -156,7 +157,7 @@ typedef struct { typedef struct { bip44_path_t path; - uint8_t signature[64]; + uint8_t signature[ED25519_SIGNATURE_LENGTH]; } sign_tx_witness_data_t; typedef struct { diff --git a/src/signTxPoolRegistration.c b/src/signTxPoolRegistration.c index aed6c5d0..d91863e8 100644 --- a/src/signTxPoolRegistration.c +++ b/src/signTxPoolRegistration.c @@ -600,7 +600,7 @@ static void _parseDnsName(pool_relay_t* relay, read_view_t* view) { relay->dnsNameSize = view_remainingSize(view); VALIDATE(relay->dnsNameSize <= DNS_NAME_SIZE_MAX, ERR_INVALID_DATA); - VALIDATE(str_isAllowedDnsName(VIEW_REMAINING_TO_TUPLE_BUF_SIZE(view)), ERR_INVALID_DATA); + VALIDATE(str_isUnambiguousAscii(VIEW_REMAINING_TO_TUPLE_BUF_SIZE(view)), ERR_INVALID_DATA); STATIC_ASSERT(SIZEOF(relay->dnsName) == DNS_NAME_SIZE_MAX, "wrong dns name buffer size"); view_parseBuffer(relay->dnsName, view, relay->dnsNameSize); diff --git a/src/state.h b/src/state.h index f95bcb53..59ff02a3 100644 --- a/src/state.h +++ b/src/state.h @@ -5,6 +5,7 @@ #include "getPublicKeys.h" #include "deriveAddress.h" #include "deriveNativeScriptHash.h" +#include "signMsg.h" #include "signTx.h" #include "signOpCert.h" #include "signCVote.h" @@ -22,6 +23,7 @@ typedef union { ins_sign_op_cert_context_t signOpCertContext; #endif // APP_FEATURE_OPCERT ins_sign_cvote_context_t signCVoteContext; + ins_sign_msg_context_t signMsgContext; } instructionState_t; // Note(instructions are uint8_t but we have a special INS_NONE value diff --git a/src/textUtils.c b/src/textUtils.c index 892fafef..f2c987de 100644 --- a/src/textUtils.c +++ b/src/textUtils.c @@ -263,7 +263,8 @@ bool str_isPrintableAsciiWithSpaces(const uint8_t* buffer, size_t bufferSize) return true; } -bool str_isAllowedDnsName(const uint8_t* buffer, size_t bufferSize) +// check if the string can be unambiguously displayed to the user +bool str_isUnambiguousAscii(const uint8_t* buffer, size_t bufferSize) { ASSERT(bufferSize < BUFFER_SIZE_PARANOIA); diff --git a/src/textUtils.h b/src/textUtils.h index 1ce68ba2..69b5ec56 100644 --- a/src/textUtils.h +++ b/src/textUtils.h @@ -46,7 +46,7 @@ size_t str_formatValidityBoundary(uint64_t slotNumber, char* out, size_t outSize bool str_isPrintableAsciiWithoutSpaces(const uint8_t* buffer, size_t bufferSize); bool str_isPrintableAsciiWithSpaces(const uint8_t* buffer, size_t bufferSize); -bool str_isAllowedDnsName(const uint8_t* buffer, size_t bufferSize); +bool str_isUnambiguousAscii(const uint8_t* buffer, size_t bufferSize); #ifdef DEVEL diff --git a/src/uiScreens_bagl.c b/src/uiScreens_bagl.c index cea937ae..ab0d85d1 100644 --- a/src/uiScreens_bagl.c +++ b/src/uiScreens_bagl.c @@ -373,7 +373,7 @@ void ui_displaySpendingInfoScreen( case SPENDING_PATH: { ui_displayPathScreen( - "Derivation path", + "Spending key path", &addressParams->spendingKeyPath, callback ); @@ -398,7 +398,7 @@ void ui_displaySpendingInfoScreen( } } -static const char STAKING_HEADING_PATH[] = "Staking path"; +static const char STAKING_HEADING_PATH[] = "Stake key path"; static const char STAKING_HEADING_KEY_HASH[] = "Stake key hash"; static const char STAKING_HEADING_SCRIPT_HASH[] = "Stake script hash"; static const char STAKING_HEADING_POINTER[] = "Stake key pointer";