Merge pull request #200 from Zondax/update-9430

.github/workflows/main.yml

@@ -224,3 +224,37 @@ jobs:
           tag_name: ${{ steps.nanosp.outputs.tag_name }}
           draft: false
           prerelease: false
+
+  build_package_stax:
+    needs: [configure, build, build_ledger, test_zemu]
+    if: ${{ github.ref == 'refs/heads/main' }}
+    runs-on: ubuntu-latest
+    container:
+      image: zondax/ledger-app-builder:latest
+      options: --user ${{ needs.configure.outputs.uid_gid }}
+      env:
+        BOLOS_SDK: /opt/stax-secure-sdk
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          submodules: true
+      - name: Install deps
+        run: pip install ledgerblue
+
+      - name: Build Stax
+        shell: bash -l {0}
+        run: make SUBSTRATE_PARSER_FULL=1
+      - name: Set tag
+        id: stax
+        run: echo "tag_name=$(./app/pkg/installer_stax.sh version)" >> $GITHUB_OUTPUT
+      - name: Update Release
+        id: update_release_2
+        uses: softprops/action-gh-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
+        with:
+          files: ./app/pkg/installer_stax.sh
+          tag_name: ${{ steps.stax.outputs.tag_name }}
+          draft: false
+          prerelease: false

.gitmodules

@@ -16,3 +16,6 @@
 [submodule "deps/ledger-zxlib"]
 	path = deps/ledger-zxlib
 	url = https://github.com/zondax/ledger-zxlib
+[submodule "deps/stax-secure-sdk"]
+	path = deps/stax-secure-sdk
+	url = https://github.com/LedgerHQ/ledger-secure-sdk.git

app/Makefile.version

@@ -1,6 +1,6 @@
 # This is the `transaction_version` field of `Runtime`
-APPVERSION_M=22
+APPVERSION_M=23
 # This is the `spec_version` field of `Runtime`
-APPVERSION_N=9420
+APPVERSION_N=9430
 # This is the patch version of this release
-APPVERSION_P=1
+APPVERSION_P=0

app/src/apdu_handler.c

@@ -94,10 +94,8 @@ __Z_INLINE bool process_chunk(__Z_UNUSED volatile uint32_t *tx, uint32_t rx) {
             added = tx_append(&(G_io_apdu_buffer[OFFSET_DATA]), rx - OFFSET_DATA);
             tx_initialized = false;
             if (added != rx - OFFSET_DATA) {
-                tx_initialized = false;
                 THROW(APDU_CODE_OUTPUT_BUFFER_TOO_SMALL);
             }
-            tx_initialized = false;
             return true;
     }
 
@@ -153,49 +151,54 @@ __Z_INLINE void handleGetAddr(volatile uint32_t *flags, volatile uint32_t *tx, u
     THROW(APDU_CODE_OK);
 }
 
-#ifdef SUPPORT_SR25519
-__Z_INLINE void handleSignSr25519(volatile uint32_t *flags, volatile uint32_t *tx) {
-    zxerr_t err = app_sign_sr25519();
-    if(err != zxerr_ok){
-        *tx = 0;
-        THROW(APDU_CODE_DATA_INVALID);
+__Z_INLINE void handleSign(volatile uint32_t *flags, volatile uint32_t *tx, uint32_t rx) {
+    zemu_log("handleSign\n");
+    if (!process_chunk(tx, rx)) {
+        THROW(APDU_CODE_OK);
     }
+    if (app_mode_secret()) {
+        app_mode_set_secret(false);
+    }
+    const uint8_t addr_type = G_io_apdu_buffer[OFFSET_P2];
+    const key_kind_e key_type = get_key_type(addr_type);
 
-    CHECK_APP_CANARY()
-
+    *tx = 0;
     const char *error_msg = tx_parse();
     CHECK_APP_CANARY()
-
     if (error_msg != NULL) {
         const int error_msg_length = strnlen(error_msg, sizeof(G_io_apdu_buffer));
         memcpy(G_io_apdu_buffer, error_msg, error_msg_length);
         *tx += (error_msg_length);
         THROW(APDU_CODE_DATA_INVALID);
     }
-
-    view_review_init(tx_getItem, tx_getNumItems, app_return_sr25519);
-    view_review_show(REVIEW_TXN);
-    *flags |= IO_ASYNCH_REPLY;
-}
+    switch (key_type) {
+        case key_ed25519: {
+            view_review_init(tx_getItem, tx_getNumItems, app_sign_ed25519);
+            view_review_show(REVIEW_TXN);
+            *flags |= IO_ASYNCH_REPLY;
+            break;
+        }
+#ifdef SUPPORT_SR25519
+        case key_sr25519: {
+            zxerr_t err = app_sign_sr25519();
+            if(err != zxerr_ok){
+                *tx = 0;
+                THROW(APDU_CODE_DATA_INVALID);
+            }
+            view_review_init(tx_getItem, tx_getNumItems, app_return_sr25519);
+            view_review_show(REVIEW_TXN);
+            *flags |= IO_ASYNCH_REPLY;
+            break;
+        }
 #endif
-
-__Z_INLINE void handleSignEd25519(volatile uint32_t *flags, volatile uint32_t *tx) {
-    const char *error_msg = tx_parse();
-    CHECK_APP_CANARY()
-    if (error_msg != NULL) {
-        const int error_msg_length = strnlen(error_msg, sizeof(G_io_apdu_buffer));
-        memcpy(G_io_apdu_buffer, error_msg, error_msg_length);
-        *tx += (error_msg_length);
-        THROW(APDU_CODE_DATA_INVALID);
+        default: {
+            THROW(APDU_CODE_DATA_INVALID);
+        }
     }
-
-    view_review_init(tx_getItem, tx_getNumItems, app_sign_ed25519);
-    view_review_show(REVIEW_TXN);
-    *flags |= IO_ASYNCH_REPLY;
 }
 
-__Z_INLINE void handleSign(volatile uint32_t *flags, volatile uint32_t *tx, uint32_t rx) {
-    zemu_log("handleSign\n");
+__Z_INLINE void handleSignRaw(volatile uint32_t *flags, volatile uint32_t *tx, uint32_t rx) {
+    zemu_log("handleSignRaw\n");
     if (!process_chunk(tx, rx)) {
         THROW(APDU_CODE_OK);
     }
@@ -206,14 +209,33 @@ __Z_INLINE void handleSign(volatile uint32_t *flags, volatile uint32_t *tx, uint
     const key_kind_e key_type = get_key_type(addr_type);
 
     *tx = 0;
+    const char *error_msg = tx_raw_parse();
+    CHECK_APP_CANARY()
+    if (error_msg != NULL) {
+        const int error_msg_length = strnlen(error_msg, sizeof(G_io_apdu_buffer));
+        memcpy(G_io_apdu_buffer, error_msg, error_msg_length);
+        *tx += (error_msg_length);
+        THROW(APDU_CODE_DATA_INVALID);
+    }
     switch (key_type) {
-        case key_ed25519:
-            handleSignEd25519(flags, tx);
+        case key_ed25519: {
+            view_review_init(tx_raw_getItem, tx_raw_getNumItems, app_sign_ed25519);
+            view_review_show(REVIEW_TXN);
+            *flags |= IO_ASYNCH_REPLY;
             break;
+        }
 #ifdef SUPPORT_SR25519
-        case key_sr25519:
-            handleSignSr25519(flags, tx);
+        case key_sr25519: {
+            zxerr_t err = app_sign_sr25519();
+            if(err != zxerr_ok){
+                *tx = 0;
+                THROW(APDU_CODE_DATA_INVALID);
+            }
+            view_review_init(tx_raw_getItem, tx_raw_getNumItems, app_return_sr25519);
+            view_review_show(REVIEW_TXN);
+            *flags |= IO_ASYNCH_REPLY;
             break;
+        }
 #endif
         default: {
             THROW(APDU_CODE_DATA_INVALID);
@@ -228,7 +250,7 @@ void handleTest(volatile uint32_t *flags, volatile uint32_t *tx, uint32_t rx) {
 #endif
 
 void handleApdu(volatile uint32_t *flags, volatile uint32_t *tx, uint32_t rx) {
-    uint16_t sw = 0;
+    volatile uint16_t sw = 0;
 
     BEGIN_TRY
     {
@@ -249,17 +271,18 @@ void handleApdu(volatile uint32_t *flags, volatile uint32_t *tx, uint32_t rx) {
                 }
 
                 case INS_GET_ADDR: {
-                    if( os_global_pin_is_validated() != BOLOS_UX_OK ) {
-                        THROW(APDU_CODE_COMMAND_NOT_ALLOWED);
-                    }
+                    CHECK_PIN_VALIDATED()
                     handleGetAddr(flags, tx, rx);
                     break;
                 }
 
+                case INS_SIGN_RAW:
+                    CHECK_PIN_VALIDATED()
+                    handleSignRaw(flags, tx, rx);
+                    break;
+
                 case INS_SIGN: {
-                    if( os_global_pin_is_validated() != BOLOS_UX_OK ) {
-                        THROW(APDU_CODE_COMMAND_NOT_ALLOWED);
-                    }
+                    CHECK_PIN_VALIDATED()
                     handleSign(flags, tx, rx);
                     break;
                 }
@@ -291,7 +314,7 @@ void handleApdu(volatile uint32_t *flags, volatile uint32_t *tx, uint32_t rx) {
                     break;
             }
             G_io_apdu_buffer[*tx] = sw >> 8;
-            G_io_apdu_buffer[*tx + 1] = sw;
+            G_io_apdu_buffer[*tx + 1] = sw & 0xFF;
             *tx += 2;
         }
         FINALLY

app/src/common/tx.c

@@ -16,9 +16,11 @@
 
 #include "tx.h"
 #include "apdu_codes.h"
+#include "app_main.h"
 #include "buffering.h"
 #include "parser.h"
 #include <string.h>
+#include "zxformat.h"
 #include "zxmacros.h"
 
 #if defined(TARGET_NANOX) || defined(TARGET_NANOS2) || defined(TARGET_STAX)
@@ -70,6 +72,30 @@ uint8_t *tx_get_buffer() {
     return buffering_get_buffer()->data;
 }
 
+const char *tx_raw_parse() {
+    const char prefix[] = "<Bytes>";
+    const uint8_t prefixLen = strlen(prefix);
+    const char postfix[] = "</Bytes>";
+    const uint8_t postfixLen = strlen(postfix);
+
+    const uint8_t *data = tx_get_buffer();
+    const size_t dataLen = tx_get_buffer_length();
+    if (data == NULL) return parser_getErrorDescription(parser_no_data);
+
+    // we need to have, at least, prefix and postfix
+    if (dataLen < prefixLen + postfixLen) {
+        return parser_getErrorDescription(parser_unexpected_value);
+    }
+
+    // check if both prefix and postfix are correct
+    if (strncmp((const char*)data, prefix, prefixLen) != 0 ||
+        strncmp((const char*)data + dataLen - postfixLen, postfix, postfixLen) != 0) {
+        return parser_getErrorDescription(parser_unexpected_value);
+    }
+
+    return NULL;
+}
+
 const char *tx_parse() {
 
     uint8_t err = parser_parse(
@@ -110,7 +136,7 @@ zxerr_t tx_getItem(int8_t displayIdx,
 
     CHECK_ZXERR(tx_getNumItems(&numItems))
 
-    if (displayIdx < 0 || displayIdx > numItems) {
+    if (displayIdx < 0 || displayIdx >= numItems) {
         return zxerr_no_data;
     }
 
@@ -131,3 +157,44 @@ zxerr_t tx_getItem(int8_t displayIdx,
 
     return zxerr_ok;
 }
+
+zxerr_t tx_raw_getNumItems(uint8_t *num_items) {
+    *num_items = 2;
+    return zxerr_ok;
+}
+
+zxerr_t tx_raw_getItem(int8_t displayIdx,
+                       char *outKey, uint16_t outKeyLen,
+                       char *outVal, uint16_t outValLen,
+                       uint8_t pageIdx, uint8_t *pageCount) {
+    MEMZERO(outKey, outKeyLen);
+    MEMZERO(outVal, outValLen);
+
+    uint8_t numItems = 0;
+    CHECK_ZXERR(tx_raw_getNumItems(&numItems))
+    if (displayIdx < 0 || displayIdx >= numItems) return zxerr_no_data;
+
+    if (displayIdx == 0) {
+        *pageCount = 1;
+        snprintf(outKey, outKeyLen, "Sign and Verify");
+        snprintf(outVal, outValLen, "Arbitrary text");
+        return zxerr_ok;
+    }
+    const uint8_t *buf = tx_get_buffer();
+    const uint16_t bufLen = tx_get_buffer_length();
+    if (buf == NULL) return zxerr_no_data;
+
+    bool allPrintable = true;
+    for (uint16_t i = 0; i < bufLen; i++) {
+        allPrintable &= IS_PRINTABLE(buf[i]);
+    }
+    if (allPrintable) {
+        snprintf(outKey, outKeyLen, "Payload");
+        pageStringExt(outVal, outValLen, (const char*)buf, bufLen, pageIdx, pageCount);
+    } else {
+        snprintf(outKey, outKeyLen, "Payload (hex)");
+        pageStringHex(outVal, outValLen, (const char*)buf, bufLen, pageIdx, pageCount);
+    }
+
+    return zxerr_ok;
+}

app/src/common/tx.h

@@ -44,6 +44,8 @@ uint8_t *tx_get_buffer();
 /// \return It returns NULL if data is valid or error message otherwise.
 const char *tx_parse();
 
+const char *tx_raw_parse();
+
 /// Return the number of items in the transaction
 zxerr_t tx_getNumItems(uint8_t *num_items);
 
@@ -52,3 +54,10 @@ zxerr_t tx_getItem(int8_t displayIdx,
                    char *outKey, uint16_t outKeyLen,
                    char *outValue, uint16_t outValueLen,
                    uint8_t pageIdx, uint8_t *pageCount);
+
+zxerr_t tx_raw_getNumItems(uint8_t *num_items);
+
+zxerr_t tx_raw_getItem(int8_t displayIdx,
+                       char *outKey, uint16_t outKeyLen,
+                       char *outValue, uint16_t outValueLen,
+                       uint8_t pageIdx, uint8_t *pageCount);