fix hdpath validation

Makefile

@@ -48,6 +48,14 @@ zemu_install: tests_tools_build
 
 test_all:
 	make zemu_install
+
+	echo "Testing recovery"
+	make clean
+	SUBSTRATE_PARSER_FULL=1 COIN=AVAIL_RECOVERY make
+	cd tests_zemu && yarn test_recovery && cd ..
+
+	echo "Testing standard"
+	make clean
 	SUBSTRATE_PARSER_FULL=1 make
 	make clean_build
 	SUBSTRATE_PARSER_FULL=1 SUPPORT_SR25519=1 make buildS

app/src/apdu_handler.c

@@ -43,8 +43,13 @@ void extractHDPath(uint32_t rx, uint32_t offset) {
 
     memcpy(hdPath, G_io_apdu_buffer + offset, sizeof(uint32_t) * HDPATH_LEN_DEFAULT);
 
+#ifdef RECOVERY_APP
+    const bool mainnet = hdPath[0] == HDPATH_0_DEFAULT &&
+                         hdPath[1] == HDPATH_1_RECOVERY;
+#else
     const bool mainnet = hdPath[0] == HDPATH_0_DEFAULT &&
                          hdPath[1] == HDPATH_1_DEFAULT;
+#endif
 
     if (!mainnet) {
         THROW(APDU_CODE_DATA_INVALID);
@@ -249,9 +254,15 @@ void handleApdu(volatile uint32_t *flags, volatile uint32_t *tx, uint32_t rx) {
     {
         TRY
         {
+#ifdef RECOVERY_APP
+            if (G_io_apdu_buffer[OFFSET_CLA] != CLA_RECOVERY) {
+                THROW(APDU_CODE_CLA_NOT_SUPPORTED);
+            }
+#else
             if (G_io_apdu_buffer[OFFSET_CLA] != CLA) {
                 THROW(APDU_CODE_CLA_NOT_SUPPORTED);
             }
+#endif
 
             if (rx < APDU_MIN_LENGTH) {
                 THROW(APDU_CODE_WRONG_LENGTH);

app/src/substrate/substrate_coin.h

@@ -21,13 +21,14 @@ extern "C" {
 
 #define COIN_ADDR_TYPE 42
 #define CLA 0xbc
+#define CLA_RECOVERY 0x90
 
 #define INS_SIGN_RAW 0x03
 
 #define HDPATH_LEN_DEFAULT 5
 #define HDPATH_0_DEFAULT (0x80000000 | 0x2c)
 #define HDPATH_1_DEFAULT (0x80000000 | 0x2c5)
-#define HDPATH_1_RECOVERY (0x80000000 | 0x2c5)
+#define HDPATH_1_RECOVERY (0x80000000 | 0x162)
 
 #define HDPATH_2_DEFAULT (0x80000000u | 0u)
 #define HDPATH_3_DEFAULT (0u)

tests_zemu/package.json

@@ -15,7 +15,8 @@
   ],
   "scripts": {
     "clean": "ts-node tests/pullImageKillOld.ts",
-    "test": "yarn clean && jest --maxConcurrency 3"
+    "test": "yarn clean && jest --maxConcurrency 3 --testPathIgnorePatterns recovery.test.ts",
+    "test_recovery": "yarn clean && jest --maxConcurrency 3 recovery.test.ts"
   },
   "dependencies": {
     "@zondax/ledger-substrate": "^1.0.0",

tests_zemu/tests/recovery.test.ts

@@ -0,0 +1,118 @@
+/** ******************************************************************************
+ *  (c) 2020 Zondax GmbH
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ ******************************************************************************* */
+
+import Zemu, { ButtonKind, DEFAULT_START_OPTIONS, isTouchDevice } from '@zondax/zemu'
+import { newSubstrateApp } from '@zondax/ledger-substrate'
+import { APP_SEED, models } from './common'
+
+const defaultOptions = {
+  ...DEFAULT_START_OPTIONS,
+  logging: true,
+  custom: `-s "${APP_SEED}"`,
+  X11: false,
+}
+
+const expected_address_recovery = '5HAeMNeM1XzB9ab742XyV8rM4u1wsAUiQQod61n9cjMTrKbn'
+const expected_pk_recovery = 'e1b4d72d27b3e91b9b6116555b4ea17138ddc12ca7cdbab30e2e0509bd848419'
+
+jest.setTimeout(180000)
+
+describe('Standard', function () {
+  test.concurrent.each(models)('can start and stop container', async function (m) {
+    const sim = new Zemu(m.path)
+    try {
+      await sim.start({ ...defaultOptions, model: m.name })
+    } finally {
+      await sim.close()
+    }
+  })
+
+  test.concurrent.each(models)('get address recovery', async function (m) {
+    const sim = new Zemu(m.path)
+    try {
+      await sim.start({ ...defaultOptions, model: m.name })
+      const app = newSubstrateApp(sim.getTransport(), 'Polkadot')
+
+      const resp = await app.getAddress(0x80000000, 0x80000000, 0x80000000)
+
+      console.log(resp)
+
+      expect(resp.return_code).toEqual(0x9000)
+      expect(resp.error_message).toEqual('No errors')
+
+      expect(resp.address).toEqual(expected_address_recovery)
+      expect(resp.pubKey).toEqual(expected_pk_recovery)
+    } finally {
+      await sim.close()
+    }
+  })
+
+  test.concurrent.each(models)('show address recovery', async function (m) {
+    const sim = new Zemu(m.path)
+    try {
+      await sim.start({
+        ...defaultOptions,
+        model: m.name,
+        approveKeyword: isTouchDevice(m.name) ? 'Confirm' : '',
+        approveAction: ButtonKind.ApproveTapButton,
+      })
+      const app = newSubstrateApp(sim.getTransport(), 'Polkadot')
+
+      const respRequest = app.getAddress(0x80000000, 0x80000000, 0x80000000, true)
+      // Wait until we are not in the main menu
+      await sim.waitUntilScreenIsNot(sim.getMainMenuSnapshot())
+      await sim.compareSnapshotsAndApprove('.', `${m.prefix.toLowerCase()}-recovery_show_address`)
+
+      const resp = await respRequest
+
+      console.log(resp)
+
+      expect(resp.return_code).toEqual(0x9000)
+      expect(resp.error_message).toEqual('No errors')
+
+      expect(resp.address).toEqual(expected_address_recovery)
+      expect(resp.pubKey).toEqual(expected_pk_recovery)
+    } finally {
+      await sim.close()
+    }
+  })
+
+  test.concurrent.each(models)('show address recovery - reject', async function (m) {
+    const sim = new Zemu(m.path)
+    try {
+      await sim.start({
+        ...defaultOptions,
+        model: m.name,
+        approveKeyword: isTouchDevice(m.name) ? 'Confirm' : '',
+      })
+      const app = newSubstrateApp(sim.getTransport(), 'Polkadot')
+
+      const respRequest = app.getAddress(0x80000000, 0x80000000, 0x80000000, true)
+      // Wait until we are not in the main menu
+      await sim.waitUntilScreenIsNot(sim.getMainMenuSnapshot())
+
+      await sim.compareSnapshotsAndReject('.', `${m.prefix.toLowerCase()}-recovery_show_address_reject`)
+
+      const resp = await respRequest
+      console.log(resp)
+
+      expect(resp.return_code).toEqual(0x6986)
+      expect(resp.error_message).toEqual('Transaction rejected')
+    } finally {
+      await sim.close()
+    }
+  })
+})