Merge pull request #59 from vacuumlabs/audit_fixes

audit fixes

Makefile

@@ -18,7 +18,7 @@
 APPNAME      = "Cardano ADA"
 APPVERSION_M = 6
 APPVERSION_N = 1
-APPVERSION_P = 0
+APPVERSION_P = 1
 APPVERSION   = "$(APPVERSION_M).$(APPVERSION_N).$(APPVERSION_P)"
 
 ifeq ($(BOLOS_SDK),)
@@ -174,7 +174,7 @@ NANOS_ID = 1
 WORDS = "abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon about"
 PIN = 5555
 
-APP_LOAD_PARAMS =--appFlags 0x240 --curve ed25519 --path "44'/1815'" --path "1852'/1815'" --path "1853'/1815'" --path "1854'/1815'" --path "1855'/1815'" --path "1694'/1815'"
+APP_LOAD_PARAMS =--appFlags 0x200 --curve ed25519 --path "44'/1815'" --path "1852'/1815'" --path "1853'/1815'" --path "1854'/1815'" --path "1855'/1815'" --path "1694'/1815'"
 APP_LOAD_PARAMS += $(COMMON_LOAD_PARAMS)
 
 load:

src/addressUtilsByron.c

@@ -175,7 +175,7 @@ uint32_t extractProtocolMagic(
 
 	read_view_t view = make_read_view(addressBuffer, addressBuffer + addressSize);
 
-	uint32_t protocolMagic;
+	uint32_t protocolMagic = MAINNET_PROTOCOL_MAGIC; // mainnet addresses do not contain protocol magic
 	bool protocolMagicFound = false;
 	{
 		const uint8_t* unboxedAddressPayload;
@@ -245,6 +245,7 @@ uint32_t extractProtocolMagic(
 	VALIDATE(view_remainingSize(&view) == 0, ERR_INVALID_DATA);
 
 	if (!protocolMagicFound) {
+		// mainnet addresses are not supposed to explicitly contain protocol magic at all
 		protocolMagic = MAINNET_PROTOCOL_MAGIC;
 	}
 

src/cbor.c

@@ -46,7 +46,6 @@ cbor_token_t cbor_parseToken(const uint8_t* buf, size_t size)
 	if (val < 24) {
 		result.width = 0;
 		result.value = val;
-		// return result;
 	} else {
 		// shift buffer
 		// Holds minimum value for a given byte-width.

src/crypto.c

@@ -15,7 +15,7 @@
  *  limitations under the License.
  *****************************************************************************/
 #include <stdint.h>   // uint*_t
-#include <string.h>   // memset, explicit_bzero
+#include <string.h>   // explicit_bzero
 #include <stdbool.h>  // bool
 
 #include "cx.h"

src/ipUtils.c

@@ -84,7 +84,7 @@ void inet_ntop6 (const uint8_t* src, char* dst, size_t dstSize)
 	 *	Copy the input (bytewise) array into a wordwise array.
 	 *	Find the longest run of 0x00's in src[] for :: shorthanding.
 	 */
-	memset(words, '\0', sizeof words);
+	explicit_bzero(words, sizeof words);
 	for (int i = 0; i < NS_IN6ADDRSZ; i += 2) {
 		ASSERT((unsigned int)(i / 2) < SIZEOF(words));
 		words[i / 2] = (src[i] << 8) | src[i + 1];

src/securityPolicy.c

@@ -1790,7 +1790,6 @@ security_policy_t policyForCVoteRegistrationStakingKey(
 }
 
 // based on https://input-output-rnd.slack.com/archives/C036XSMFXE3/p1668185230182239
-// TODO make sure this is what we want
 security_policy_t policyForCVoteRegistrationPaymentDestination(
         const tx_output_destination_storage_t* destination,
         const uint8_t networkId

src/signTxCVoteRegistration.c

@@ -604,11 +604,9 @@ static void signTxCVoteRegistration_handleVotingPurposeAPDU(const uint8_t* wireD
 				VALIDATE(subctx->format == CIP36, ERR_INVALID_DATA);
 			}
 
-			if (isVotingPurposeIncluded) {
-				subctx->stateData.votingPurpose = parse_u8be(&view);
-			} else {
-				subctx->stateData.votingPurpose = DEFAULT_VOTING_PURPOSE;
-			}
+			subctx->stateData.votingPurpose = (isVotingPurposeIncluded) ?
+			                                  parse_u8be(&view) :
+			                                  DEFAULT_VOTING_PURPOSE;
 			TRACE("votingPurpose = %u", subctx->stateData.votingPurpose);
 
 			VALIDATE(view_remainingSize(&view) == 0, ERR_INVALID_DATA);

src/signTxOutput.h

@@ -35,7 +35,6 @@ typedef enum {
 typedef struct {
 	sign_tx_output_state_t state;
 	int ui_step;
-//	void (*ui_advanceState)();
 	const char* ui_text1;
 	const char* ui_text2;
 	const char* ui_text3;