check return error

Zondax · Dec 8, 2023 · 4507343 · 4507343
1 parent 2e623f8
commit 4507343
Show file tree

Hide file tree

Showing 10 changed files with 544 additions and 386 deletions.
diff --git a/app/src/apdu_handler.c b/app/src/apdu_handler.c
@@ -758,13 +758,17 @@ void handleTest(volatile uint32_t *tx) {
 
   jubjub_extendedpoint p;
   jubjub_fq scal;
-  jubjub_field_frombytes(scal, scalar);
+  if (jubjub_field_frombytes(scal, scalar) != zxerr_ok) {
+    *tx = 0;
+    MEMZERO(point, sizeof(point));
+    THROW(APDU_CODE_OK);
+  }
 
   jubjub_extendedpoint_tobytes(point, JUBJUB_GEN);
-  zxerr_t err = jubjub_extendedpoint_frombytes(&p, point);
+  const zxerr_t err = jubjub_extendedpoint_frombytes(&p, point);
   if (err != zxerr_ok) {
     *tx = 0;
-    MEMZERO(point, 32);
+    MEMZERO(point, sizeof(point));
     THROW(APDU_CODE_OK);
   }
   // MEMCPY(&p, &JUBJUB_GEN, 32);

diff --git a/app/src/c_api/rust.c b/app/src/c_api/rust.c
@@ -7,6 +7,7 @@
 #include <inttypes.h>
 #include <zxformat.h>
 #include <zxmacros.h>
+#include "zcash_utils.h"
 
 #define CTX_REDJUBJUB "Zcash_RedJubjubH"
 #define CTX_REDJUBJUB_LEN 16
@@ -29,78 +30,103 @@ unsigned char *bolos_cx_rng(uint8_t *buffer, size_t len) {
 }
 #endif
 
-void c_blake2b32_withpersonal(const uint8_t *person, const uint8_t *a,
+zxerr_t c_blake2b32_withpersonal(const uint8_t *person, const uint8_t *a,
                               uint32_t a_len, uint8_t *out) {
-  cx_blake2b_t ctx;
-  cx_blake2b_init2_no_throw(&ctx, 256, NULL, 0, (uint8_t *)person, 16);
-  cx_hash_no_throw(&ctx.header, CX_LAST, a, a_len, out, 256);
+  if (person == NULL || a == NULL || out == NULL) {
+    return zxerr_no_data;
+  }
+  cx_blake2b_t ctx = {0};
+  CHECK_CX_OK(cx_blake2b_init2_no_throw(&ctx, 256, NULL, 0, (uint8_t *)person, 16));
+  CHECK_CX_OK(cx_hash_no_throw(&ctx.header, CX_LAST, a, a_len, out, 256));
+  return zxerr_ok;
 };
 
-void c_blake2b64_withpersonal(const uint8_t *person, const uint8_t *a,
+zxerr_t c_blake2b64_withpersonal(const uint8_t *person, const uint8_t *a,
                               uint32_t a_len, uint8_t *out) {
-  cx_blake2b_t ctx;
-  cx_blake2b_init2_no_throw(&ctx, 512, NULL, 0, (uint8_t *)person, 16);
-  cx_hash_no_throw(&ctx.header, CX_LAST, a, a_len, out, 512);
+  if (person == NULL || a == NULL || out == NULL) {
+    return zxerr_no_data;
+  }
+
+  cx_blake2b_t ctx = {0};
+  CHECK_CX_OK(cx_blake2b_init2_no_throw(&ctx, 512, NULL, 0, (uint8_t *)person, 16));
+  CHECK_CX_OK(cx_hash_no_throw(&ctx.header, CX_LAST, a, a_len, out, 512));
+  return zxerr_ok;
 };
 
-void c_zcash_blake2b_redjubjub(const uint8_t *a, uint32_t a_len,
+zxerr_t c_zcash_blake2b_redjubjub(const uint8_t *a, uint32_t a_len,
                                const uint8_t *b, uint32_t b_len, uint8_t *out) {
-  cx_blake2b_t ctx;
-  cx_blake2b_init2_no_throw(&ctx, 8 * CTX_REDJUBJUB_HASH_LEN, NULL, 0,
-                            (uint8_t *)CTX_REDJUBJUB, CTX_REDJUBJUB_LEN);
-  cx_hash_no_throw(&ctx.header, 0, a, a_len, NULL, 0);
-  cx_hash_no_throw(&ctx.header, CX_LAST, b, b_len, out, CTX_REDJUBJUB_HASH_LEN);
+  if (a == NULL || b == NULL || out == NULL) {
+    return zxerr_no_data;
+  }
+
+  cx_blake2b_t ctx = {0};
+  CHECK_CX_OK(cx_blake2b_init2_no_throw(&ctx, 8 * CTX_REDJUBJUB_HASH_LEN, NULL, 0,(uint8_t *)CTX_REDJUBJUB, CTX_REDJUBJUB_LEN));
+  CHECK_CX_OK(cx_hash_no_throw(&ctx.header, 0, a, a_len, NULL, 0));
+  CHECK_CX_OK(cx_hash_no_throw(&ctx.header, CX_LAST, b, b_len, out, CTX_REDJUBJUB_HASH_LEN));
+  return zxerr_ok;
 }
 
-void c_zcash_blake2b_expand_seed(const uint8_t *a, uint32_t a_len,
-                                 const uint8_t *b, uint32_t b_len,
-                                 uint8_t *out) {
-  cx_blake2b_t ctx;
-  cx_blake2b_init2_no_throw(&ctx, 8 * CTX_EXPAND_SEED_HASH_LEN, NULL, 0,
-                            (uint8_t *)CTX_EXPAND_SEED, CTX_EXPAND_SEED_LEN);
-  cx_hash_no_throw(&ctx.header, 0, a, a_len, NULL, 0);
-  cx_hash_no_throw(&ctx.header, CX_LAST, b, b_len, out,
-                   CTX_EXPAND_SEED_HASH_LEN);
+zxerr_t c_zcash_blake2b_expand_seed(const uint8_t *a, uint32_t a_len,
+                                 const uint8_t *b, uint32_t b_len, uint8_t *out) {
+  if (a == NULL || b == NULL || out == NULL) {
+    return zxerr_no_data;
+  }
+
+  cx_blake2b_t ctx = {0};
+  CHECK_CX_OK(cx_blake2b_init2_no_throw(&ctx, 8 * CTX_EXPAND_SEED_HASH_LEN, NULL, 0,(uint8_t *)CTX_EXPAND_SEED, CTX_EXPAND_SEED_LEN));
+  CHECK_CX_OK(cx_hash_no_throw(&ctx.header, 0, a, a_len, NULL, 0));
+  CHECK_CX_OK(cx_hash_no_throw(&ctx.header, CX_LAST, b, b_len, out,CTX_EXPAND_SEED_HASH_LEN));
+  return zxerr_ok;
 }
 
-void c_zcash_blake2b_expand_vec_two(const uint8_t *a, uint32_t a_len,
+zxerr_t c_zcash_blake2b_expand_vec_two(const uint8_t *a, uint32_t a_len,
                                     const uint8_t *b, uint32_t b_len,
                                     const uint8_t *c, uint32_t c_len,
                                     uint8_t *out) {
-  cx_blake2b_t ctx;
-  cx_blake2b_init2_no_throw(&ctx, 8 * CTX_EXPAND_SEED_HASH_LEN, NULL, 0,
-                            (uint8_t *)CTX_EXPAND_SEED, CTX_EXPAND_SEED_LEN);
-  cx_hash_no_throw(&ctx.header, 0, a, a_len, NULL, 0);
-  cx_hash_no_throw(&ctx.header, 0, b, b_len, NULL, 0);
-  cx_hash_no_throw(&ctx.header, CX_LAST, c, c_len, out,
-                   CTX_EXPAND_SEED_HASH_LEN);
+  if (a == NULL || b == NULL || c == NULL || out == NULL) {
+    return zxerr_no_data;
+  }
+
+  cx_blake2b_t ctx = {0};
+  CHECK_CX_OK(cx_blake2b_init2_no_throw(&ctx, 8 * CTX_EXPAND_SEED_HASH_LEN, NULL, 0, (uint8_t *)CTX_EXPAND_SEED, CTX_EXPAND_SEED_LEN));
+  CHECK_CX_OK(cx_hash_no_throw(&ctx.header, 0, a, a_len, NULL, 0));
+  CHECK_CX_OK(cx_hash_no_throw(&ctx.header, 0, b, b_len, NULL, 0));
+  CHECK_CX_OK(cx_hash_no_throw(&ctx.header, CX_LAST, c, c_len, out, CTX_EXPAND_SEED_HASH_LEN));
+  return zxerr_ok;
 }
 
-void c_zcash_blake2b_expand_vec_four(const uint8_t *a, uint32_t a_len,
+zxerr_t c_zcash_blake2b_expand_vec_four(const uint8_t *a, uint32_t a_len,
                                      const uint8_t *b, uint32_t b_len,
                                      const uint8_t *c, uint32_t c_len,
                                      const uint8_t *d, uint32_t d_len,
                                      const uint8_t *e, uint32_t e_len,
                                      uint8_t *out) {
-  cx_blake2b_t ctx;
-  cx_blake2b_init2_no_throw(&ctx, 8 * CTX_EXPAND_SEED_HASH_LEN, NULL, 0,
-                            (uint8_t *)CTX_EXPAND_SEED, CTX_EXPAND_SEED_LEN);
-  cx_hash_no_throw(&ctx.header, 0, a, a_len, NULL, 0);
-  cx_hash_no_throw(&ctx.header, 0, b, b_len, NULL, 0);
-  cx_hash_no_throw(&ctx.header, 0, c, c_len, NULL, 0);
-  cx_hash_no_throw(&ctx.header, 0, d, d_len, NULL, 0);
-  cx_hash_no_throw(&ctx.header, CX_LAST, e, e_len, out,
-                   CTX_EXPAND_SEED_HASH_LEN);
+  if (a == NULL || b == NULL || c == NULL || d == NULL || e == NULL || out == NULL) {
+    return zxerr_no_data;
+  }
+
+  cx_blake2b_t ctx = {0};
+  CHECK_CX_OK(cx_blake2b_init2_no_throw(&ctx, 8 * CTX_EXPAND_SEED_HASH_LEN, NULL, 0, (uint8_t *)CTX_EXPAND_SEED, CTX_EXPAND_SEED_LEN));
+  CHECK_CX_OK(cx_hash_no_throw(&ctx.header, 0, a, a_len, NULL, 0));
+  CHECK_CX_OK(cx_hash_no_throw(&ctx.header, 0, b, b_len, NULL, 0));
+  CHECK_CX_OK(cx_hash_no_throw(&ctx.header, 0, c, c_len, NULL, 0));
+  CHECK_CX_OK(cx_hash_no_throw(&ctx.header, 0, d, d_len, NULL, 0));
+  CHECK_CX_OK(cx_hash_no_throw(&ctx.header, CX_LAST, e, e_len, out, CTX_EXPAND_SEED_HASH_LEN));
+  return zxerr_ok;
 }
 
-void zcash_blake2b_hash_two(const uint8_t *perso, uint32_t perso_len,
+zxerr_t zcash_blake2b_hash_two(const uint8_t *perso, uint32_t perso_len,
                             const uint8_t *a, uint32_t a_len, const uint8_t *b,
                             uint32_t b_len, uint8_t *out, uint32_t out_len) {
-  cx_blake2b_t zcashHashBlake2b;
-  cx_blake2b_init2_no_throw(&zcashHashBlake2b, 8 * out_len, NULL, 0,
-                            (uint8_t *)perso, perso_len);
-  cx_hash_no_throw(&zcashHashBlake2b.header, 0, a, a_len, NULL, 0);
-  cx_hash_no_throw(&zcashHashBlake2b.header, CX_LAST, b, b_len, out, out_len);
+  if (perso == NULL || a == NULL || b == NULL || out == NULL) {
+    return zxerr_no_data;
+  }
+
+  cx_blake2b_t zcashHashBlake2b = {0};
+  CHECK_CX_OK(cx_blake2b_init2_no_throw(&zcashHashBlake2b, 8 * out_len, NULL, 0, (uint8_t *)perso, perso_len));
+  CHECK_CX_OK(cx_hash_no_throw(&zcashHashBlake2b.header, 0, a, a_len, NULL, 0));
+  CHECK_CX_OK(cx_hash_no_throw(&zcashHashBlake2b.header, CX_LAST, b, b_len, out, out_len));
+  return zxerr_ok;
 }
 
 uint16_t fp_uint64_to_str(char *out, uint16_t outLen, const uint64_t value,
@@ -128,13 +154,12 @@ void c_jubjub_scalarmult(uint8_t *point, const uint8_t *scalar) {
   MEMCPY(scal, scalar, JUBJUB_FIELD_BYTES);
   SWAP_ENDIAN_BYTES(scal);
 
-  zxerr_t err = jubjub_extendedpoint_frombytes(&p, point);
-  if (err != zxerr_ok) {
+  if (jubjub_extendedpoint_frombytes(&p, point) != zxerr_ok ||
+      jubjub_extendedpoint_scalarmult(&p, scal) != zxerr_ok ||
+      jubjub_extendedpoint_tobytes(point, &p) != zxerr_ok) {
+
     MEMZERO(point, JUBJUB_FIELD_BYTES);
-    return;
   }
-  jubjub_extendedpoint_scalarmult(&p, scal);
-  jubjub_extendedpoint_tobytes(point, p);
 }
 
 void c_jubjub_spending_base_scalarmult(uint8_t *point, const uint8_t *scalar) {
@@ -143,8 +168,11 @@ void c_jubjub_spending_base_scalarmult(uint8_t *point, const uint8_t *scalar) {
   MEMCPY(scal, scalar, JUBJUB_FIELD_BYTES);
   SWAP_ENDIAN_BYTES(scal);
   MEMCPY(&p, &JUBJUB_GEN, sizeof(jubjub_extendedpoint));
-  jubjub_extendedpoint_scalarmult(&p, scal);
-  jubjub_extendedpoint_tobytes(point, p);
+  if (jubjub_extendedpoint_scalarmult(&p, scal) != zxerr_ok ||
+      jubjub_extendedpoint_tobytes(point, &p) != zxerr_ok) {
+
+    MEMZERO(point, JUBJUB_FIELD_BYTES);
+  }
 }
 
 // Replace functions affected by non-constant time opcodes

diff --git a/app/src/crypto.c b/app/src/crypto.c
@@ -212,7 +212,7 @@ zxerr_t crypto_fillSaplingSeed(uint8_t *sk) {
   zxerr_t error = zxerr_unknown;
   CATCH_CXERROR(os_derive_bip32_with_seed_no_throw(HDW_NORMAL, CX_CURVE_Ed25519,
                                                    path, HDPATH_LEN_DEFAULT, sk,
-                                                   NULL, NULL, 0))
+                                                   NULL, NULL, 0));
   error = zxerr_ok;
 
 catch_cx_error:
@@ -1180,13 +1180,13 @@ zxerr_t crypto_sign_and_check_transparent(uint8_t *buffer, uint16_t bufferLen,
     const t_input_item_t *item = t_inlist_retrieve_item(i);
 
     CATCH_CXERROR(os_derive_bip32_no_throw(
-        CX_CURVE_256K1, item->path, HDPATH_LEN_DEFAULT, privateKeyData, NULL))
+        CX_CURVE_256K1, item->path, HDPATH_LEN_DEFAULT, privateKeyData, NULL));
     CATCH_CXERROR(cx_ecfp_init_private_key_no_throw(
-        CX_CURVE_256K1, privateKeyData, SK_SECP256K1_SIZE, &cx_privateKey))
+        CX_CURVE_256K1, privateKeyData, SK_SECP256K1_SIZE, &cx_privateKey));
     CATCH_CXERROR(cx_ecfp_init_public_key_no_throw(CX_CURVE_256K1, NULL, 0,
-                                                   &cx_publicKey))
+                                                   &cx_publicKey));
     CATCH_CXERROR(cx_ecfp_generate_pair_no_throw(CX_CURVE_256K1, &cx_publicKey,
-                                                 &cx_privateKey, 1))
+                                                 &cx_privateKey, 1));
 
     for (int j = 0; j < PUB_KEY_SIZE; j++) {
       pubKey[j] = cx_publicKey.W[SIG_S_SIZE + SIG_R_SIZE - j];