wip

app/src/coin.h

@@ -1,5 +1,5 @@
 /*******************************************************************************
- *  (c) 2019-2021 Zondax AG
+ *  (c) 2019 - 2023 Zondax AG
  *
  *  Licensed under the Apache License, Version 2.0 (the "License");
  *  you may not use this file except in compliance with the License.
@@ -22,7 +22,6 @@ extern "C" {
 #define CLA                0x85
 
 #define HDPATH_LEN_DEFAULT 5
-
 #define HDPATH_0_DEFAULT   (0x80000000u | 0x2cu)
 #define HDPATH_1_DEFAULT   (0x80000000u | 0x85)
 #define HDPATH_2_DEFAULT   (0x80000000u | 0u)
@@ -44,8 +43,6 @@ extern "C" {
 // ak, nsk
 #define LEN_PGK                      64u
 
-#define ENABLE_SDK_MULT              0
-
 #define DATA_LENGTH_GET_IVK          4   // ZIP32-path
 #define DATA_LENGTH_GET_OVK          4   // ZIP32-path
 #define DATA_LENGTH_GET_FVK          4   // ZIP32-path

app/src/crypto.c

@@ -184,25 +184,28 @@ zxerr_t crypto_fillAddress_secp256k1(uint8_t *buffer, uint16_t buffer_len, uint1
     return zxerr_ok;
 }
 
-zxerr_t crypto_fillSaplingSeed(uint8_t *sk) {
-    zemu_log_stack("crypto_fillSaplingSeed");
+zxerr_t crypto_fillZip32Seed(uint8_t *zip32_seed) {
+    zemu_log_stack("crypto_fillZip32Seed");
 
     // Generate randomness using a fixed path related to the device mnemonic
     const uint32_t path[HDPATH_LEN_DEFAULT] = {
         0x8000002c, 0x80000085, MASK_HARDENED, MASK_HARDENED, MASK_HARDENED,
     };
-    MEMZERO(sk, ED25519_SK_SIZE);
+    MEMZERO(zip32_seed, ED25519_SK_SIZE);
 
     zxerr_t error = zxerr_unknown;
     io_seproxyhal_io_heartbeat();
-    CATCH_CXERROR(
-        os_derive_bip32_with_seed_no_throw(HDW_NORMAL, CX_CURVE_Ed25519, path, HDPATH_LEN_DEFAULT, sk, NULL, NULL, 0));
+
+    CATCH_CXERROR(os_derive_bip32_with_seed_no_throw(HDW_NORMAL, CX_CURVE_Ed25519, path, HDPATH_LEN_DEFAULT, zip32_seed,
+                                                     NULL, NULL, 0));
+
     io_seproxyhal_io_heartbeat();
     error = zxerr_ok;
 
 catch_cx_error:
     if (error != zxerr_ok) {
-        MEMZERO(sk, 64);
+        // FIXME: this can be dangerous, we should actually crash?
+        MEMZERO(zip32_seed, 64);
     }
 
     return error;
@@ -403,7 +406,7 @@ zxerr_t crypto_extract_spend_proofkeyandrnd(uint8_t *buffer, uint16_t bufferLen)
 
     tmp_spendinfo_s tmp = {0};
 
-    CHECK_ZXERROR_AND_CLEAN(crypto_fillSaplingSeed(tmp.step1.zip32_seed))
+    CHECK_ZXERROR_AND_CLEAN(crypto_fillZip32Seed(tmp.step1.zip32_seed))
     CHECK_APP_CANARY()
 
     // Gets ak and nsk
@@ -672,7 +675,7 @@ zxerr_t crypto_checkspend_sapling(uint8_t *buffer, uint16_t bufferLen, const uin
     const uint8_t spendListSize = spendlist_len();
 
     for (uint8_t i = 0; i < spendListSize; i++) {
-        CHECK_ZXERROR_AND_CLEAN(crypto_fillSaplingSeed(tmp.step1.zip32_seed))
+        CHECK_ZXERROR_AND_CLEAN(crypto_fillZip32Seed(tmp.step1.zip32_seed))
         const spend_item_t *item = spendlist_retrieve_item(i);
         if (item == NULL) {
             return zxerr_unknown;
@@ -1216,7 +1219,7 @@ zxerr_t crypto_signspends_sapling(uint8_t *buffer, uint16_t bufferLen, const uin
     //  Temporarily get sk from Ed25519
     const uint8_t spendListLen = spendlist_len();
     for (uint8_t i = 0; i < spendListLen; i++) {
-        CHECK_ZXERROR_AND_CLEAN(crypto_fillSaplingSeed(tmp.step1.zip32_seed))
+        CHECK_ZXERROR_AND_CLEAN(crypto_fillZip32Seed(tmp.step1.zip32_seed))
         const spend_item_t *item = spendlist_retrieve_item(i);
         if (item == NULL) {
             CHECK_ZXERROR_AND_CLEAN(zxerr_unknown)
@@ -1291,7 +1294,7 @@ zxerr_t crypto_ivk_sapling(uint8_t *buffer, uint16_t bufferLen, uint32_t p, uint
     uint8_t zip32_seed[ZIP32_SEED_SIZE] = {0};
 
     // Temporarily get sk from Ed25519
-    if (crypto_fillSaplingSeed(zip32_seed) != zxerr_ok) {
+    if (crypto_fillZip32Seed(zip32_seed) != zxerr_ok) {
         MEMZERO(buffer, bufferLen);
         MEMZERO(zip32_seed, sizeof(zip32_seed));
         *replyLen = 0;
@@ -1318,7 +1321,7 @@ zxerr_t crypto_ovk_sapling(uint8_t *buffer, uint16_t bufferLen, uint32_t p, uint
     uint8_t zip32_seed[ZIP32_SEED_SIZE] = {0};
 
     // Temporarily get sk from Ed25519
-    if (crypto_fillSaplingSeed(zip32_seed) != zxerr_ok) {
+    if (crypto_fillZip32Seed(zip32_seed) != zxerr_ok) {
         MEMZERO(zip32_seed, sizeof(zip32_seed));
         MEMZERO(buffer, bufferLen);
         *replyLen = 0;
@@ -1350,7 +1353,7 @@ zxerr_t crypto_fvk_sapling(uint8_t *buffer, uint16_t bufferLen, uint32_t p, uint
     uint8_t zip32_seed[ZIP32_SEED_SIZE] = {0};
 
     // Temporarily get sk from Ed25519
-    if (crypto_fillSaplingSeed(zip32_seed) != zxerr_ok) {
+    if (crypto_fillZip32Seed(zip32_seed) != zxerr_ok) {
         MEMZERO(zip32_seed, sizeof(zip32_seed));
         MEMZERO(buffer, bufferLen);
         *replyLen = 0;
@@ -1377,12 +1380,13 @@ zxerr_t crypto_nullifier_sapling(uint8_t *buffer, uint16_t bufferLen, uint64_t n
     uint8_t zip32_seed[ZIP32_SEED_SIZE] = {0};
     uint8_t nsk[NSK_SIZE] = {0};
 
-    if (crypto_fillSaplingSeed(zip32_seed) != zxerr_ok) {
+    if (crypto_fillZip32Seed(zip32_seed) != zxerr_ok) {
         MEMZERO(zip32_seed, sizeof(zip32_seed));
         MEMZERO(buffer, bufferLen);
         *replyLen = 0;
         return zxerr_unknown;
     }
+
     CHECK_APP_CANARY()
     // nk can be computed from nsk which itself can be computed from the seed.
     zip32_nsk_from_seed(zip32_seed, nsk);
@@ -1404,7 +1408,7 @@ zxerr_t crypto_diversifier_with_startindex(uint8_t *buffer, uint32_t p, const ui
     uint8_t zip32_seed[ZIP32_SEED_SIZE] = {0};
 
     // Temporarily get sk from Ed25519
-    if (crypto_fillSaplingSeed(zip32_seed) != zxerr_ok) {
+    if (crypto_fillZip32Seed(zip32_seed) != zxerr_ok) {
         MEMZERO(zip32_seed, sizeof(zip32_seed));
         *replylen = 0;
         return zxerr_unknown;
@@ -1462,7 +1466,7 @@ zxerr_t crypto_fillAddress_with_diversifier_sapling(uint8_t *buffer, uint16_t bu
     }
 
     // Temporarily get sk from Ed25519
-    if (crypto_fillSaplingSeed(zip32_seed) != zxerr_ok) {
+    if (crypto_fillZip32Seed(zip32_seed) != zxerr_ok) {
         MEMZERO(zip32_seed, sizeof(zip32_seed));
         *replyLen = 0;
         return zxerr_unknown;
@@ -1506,7 +1510,7 @@ zxerr_t crypto_fillAddress_sapling(uint8_t *buffer, uint16_t bufferLen, uint32_t
     uint8_t zip32_seed[ZIP32_SEED_SIZE] = {0};
 
     // Temporarily get sk from Ed25519
-    if (crypto_fillSaplingSeed(zip32_seed) != zxerr_ok) {
+    if (crypto_fillZip32Seed(zip32_seed) != zxerr_ok) {
         MEMZERO(zip32_seed, sizeof(zip32_seed));
         *replyLen = 0;
         return zxerr_unknown;

app/src/crypto.h

@@ -31,7 +31,7 @@ extern uint32_t hdPath[HDPATH_LEN_DEFAULT];
 
 extern address_kind_e addressKind;
 
-zxerr_t crypto_fillSaplingSeed(uint8_t *sk);
+zxerr_t crypto_fillZip32Seed(uint8_t *sk);
 
 zxerr_t crypto_fillAddress_secp256k1(uint8_t *buffer, uint16_t bufferLen, uint16_t *replyLen);
 

app/src/parser.c

@@ -66,19 +66,24 @@ parser_error_t parser_sapling_path_with_div(const uint8_t *data, size_t dataLen,
     return parser_ok;
 }
 
+// TODO: deprecate
 parser_error_t parser_sapling_path(const uint8_t *data, size_t dataLen, uint32_t *p) {
     if (dataLen < 4) {
         return parser_context_unexpected_size;
     }
-    parser_context_t pars_ctx;
+
+    parser_context_t ctx;
+    ctx.offset = 0;
+    ctx.buffer = data;
+    ctx.bufferLen = 4;
+
     parser_error_t pars_err;
-    pars_ctx.offset = 0;
-    pars_ctx.buffer = data;
-    pars_ctx.bufferLen = 4;
-    pars_err = _readUInt32(&pars_ctx, p);
+    pars_err = _readUInt32(&ctx, p);
+
     if (pars_err != parser_ok) {
         return pars_err;
     }
+
     *p |= 0x80000000;
     return parser_ok;
 }