Skip to content
This repository has been archived by the owner on Oct 18, 2024. It is now read-only.

Commit

Permalink
Merge pull request #204 from Zondax/fix-audit
Browse files Browse the repository at this point in the history
  • Loading branch information
@carlosala
carlosala authored Nov 2, 2023
2 parents 3fe6d9a + 017ce1e commit cede2db
Show file tree
Hide file tree
Showing 12 changed files with 61 additions and 28 deletions.
7 changes: 3 additions & 4 deletions CMakeLists.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,15 +44,14 @@ if(ENABLE_FUZZING)
set(CMAKE_CXX_CLANG_TIDY clang-tidy -checks=-*,bugprone-*,cert-*,clang-analyzer-*,-cert-err58-cpp,misc-*)

if ("${CMAKE_CXX_COMPILER_ID}" STREQUAL "Clang")
# require at least clang 3.2
# require at least clang 10.0
if (CMAKE_CXX_COMPILER_VERSION VERSION_LESS 10.0)
message(FATAL_ERROR "Clang version must be at least 10.0!")
endif()
else()
message(FATAL_ERROR
"You are using an unsupported compiler! Fuzzing only works with Clang 10.\n"
"1. Install clang-10 \n"
"2. Pass -DCMAKE_C_COMPILER=clang-10 -DCMAKE_CXX_COMPILER=clang++-10")
"You are using an unsupported compiler! Fuzzing only works with Clang >10.\n"
"1. Install any clang >10")
endif()

string(APPEND CMAKE_C_FLAGS " -fsanitize=fuzzer-no-link")
Expand Down
2 changes: 1 addition & 1 deletion app/Makefile.version
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# This is the `transaction_version` field of `Runtime`
APPVERSION_M=24
# This is the `spec_version` field of `Runtime`
APPVERSION_N=1000000
APPVERSION_N=10000
# This is the patch version of this release
APPVERSION_P=0
4 changes: 3 additions & 1 deletion app/src/apdu_handler.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -118,7 +118,9 @@ __Z_INLINE void handle_getversion(__Z_UNUSED volatile uint32_t *flags, volatile
G_io_apdu_buffer[5] = (LEDGER_PATCH_VERSION >> 8) & 0xFF;
G_io_apdu_buffer[6] = (LEDGER_PATCH_VERSION >> 0) & 0xFF;

G_io_apdu_buffer[7] = !IS_UX_ALLOWED;
// sdk won't pass the apdu message if device is locked
// keeping it for backwards compatibility
G_io_apdu_buffer[7] = 0;

G_io_apdu_buffer[8] = (TARGET_ID >> 24) & 0xFF;
G_io_apdu_buffer[9] = (TARGET_ID >> 16) & 0xFF;
Expand Down
2 changes: 1 addition & 1 deletion deps/ledger-zxlib
Submodule ledger-zxlib updated 4 files
+2 −4 app/ui/view_nano_inspect.c
+1 −1 dockerized_build.mk
+2 −2 include/utf8.h
+1 −1 include/zxversion.h
74 changes: 53 additions & 21 deletions docs/APDUSPEC.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,18 +27,49 @@ The general structure of commands and responses is as follows:
| Return code | Description |
| ----------- | ----------------------- |
| 0x6400 | Execution Error |
| 0x6400 | Wrong buffer length |
| 0x6982 | Empty buffer |
| 0x6983 | Output buffer too small |
| 0x6984 | Data is invalid |
| 0x6986 | Command not allowed |
| 0x6987 | Tx is not initialized |
| 0x6B00 | P1/P2 are invalid |
| 0x6D00 | INS not supported |
| 0x6E00 | CLA not supported |
| 0x6F00 | Unknown |
| 0x6F01 | Sign / verify error |
| 0x9000 | Success |

---

## Command definition

### GET_DEVICE_INFO

#### Command

| Field | Type | Content | Expected |
| ----- | -------- | ---------------------- | -------- |
| CLA | byte (1) | Application Identifier | 0xE0 |
| INS | byte (1) | Instruction ID | 0x01 |
| P1 | byte (1) | Parameter 1 | 0x00 |
| P2 | byte (1) | Parameter 2 | 0x00 |
| L | byte (1) | Bytes in payload | 0x00 |

#### Response

| Field | Type | Content | Note |
| --------- | -------- | ------------------ | ------------------------ |
| TARGET_ID | byte (4) | Target Id | |
| OS_LEN | byte (1) | OS version length | 0..64 |
| OS | byte (?) | OS version | Non terminated string |
| FLAGS_LEN | byte (1) | Flags length | 0 |
| MCU_LEN | byte (1) | MCU version length | 0..64 |
| MCU | byte (?) | MCU version | Non terminated string |
| SW1-SW2 | byte (2) | Return code | see list of return codes |

---

### GET_VERSION

#### Command
Expand All @@ -53,34 +84,35 @@ The general structure of commands and responses is as follows:

#### Response

| Field | Type | Content | Note |
| ------- | -------- | ---------------- | ------------------------------- |
| TEST | byte (1) | Test Mode | 0xFF means test mode is enabled |
| MAJOR | byte (2) | Version Major | 0..65535 |
| MINOR | byte (2) | Version Minor | 0..65535 |
| PATCH | byte (2) | Version Patch | 0..65535 |
| LOCKED | byte (1) | Device is locked | |
| SW1-SW2 | byte (2) | Return code | see list of return codes |
| Field | Type | Content | Note |
| --------- | -------- | ---------------- | ------------------------------- |
| TEST | byte (1) | Test Mode | 0x01 means test mode is enabled |
| MAJOR | byte (2) | Version Major | 0..65535 |
| MINOR | byte (2) | Version Minor | 0..65535 |
| PATCH | byte (2) | Version Patch | 0..65535 |
| LOCKED | byte (1) | Device is locked | It'll always be 0 |
| TARGET_ID | byte (4) | Target Id | |
| SW1-SW2 | byte (2) | Return code | see list of return codes |

---

### INS_GET_ADDR

#### Command

| Field | Type | Content | Expected | |
| ------- | -------- | ------------------------- | ----------- | --- |
| CLA | byte (1) | Application Identifier | 0x99 | |
| INS | byte (1) | Instruction ID | 0x01 | |
| P1 | byte (1) | Request User confirmation | No = 0 | |
| P2 | byte (1) | Signature scheme | Ed25519 = 0 | |
| | | | Sr25519 = 1 | |
| L | byte (1) | Bytes in payload | (depends) | |
| Path[0] | byte (4) | Derivation Path Data | 0x80000000 | 44 |
| Path[1] | byte (4) | Derivation Path Data | 0x80000000 | 434 |
| Path[2] | byte (4) | Derivation Path Data | ? | |
| Path[3] | byte (4) | Derivation Path Data | ? | |
| Path[4] | byte (4) | Derivation Path Data | ? | |
| Field | Type | Content | Expected |
| ------- | -------- | ------------------------- | ----------------- |
| CLA | byte (1) | Application Identifier | 0x99 |
| INS | byte (1) | Instruction ID | 0x01 |
| P1 | byte (1) | Request User confirmation | No = 0 |
| P2 | byte (1) | Signature scheme | Ed25519 = 0 |
| | | | Sr25519 = 1 |
| L | byte (1) | Bytes in payload | (depends) |
| Path[0] | byte (4) | Derivation Path Data | 0x80000000 \| 44 |
| Path[1] | byte (4) | Derivation Path Data | 0x80000000 \| 434 |
| Path[2] | byte (4) | Derivation Path Data | ? |
| Path[3] | byte (4) | Derivation Path Data | ? |
| Path[4] | byte (4) | Derivation Path Data | ? |

#### Response

Expand Down
Binary file modified tests_zemu/snapshots/s-mainmenu/00004.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified tests_zemu/snapshots/s-mainmenu/00010.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified tests_zemu/snapshots/sp-mainmenu/00004.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified tests_zemu/snapshots/sp-mainmenu/00010.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified tests_zemu/snapshots/st-mainmenu/00001.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified tests_zemu/snapshots/x-mainmenu/00004.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified tests_zemu/snapshots/x-mainmenu/00010.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.

0 comments on commit cede2db

Please sign in to comment.