Skip to content

Commit

Permalink
Merge pull request #16 from blooo-io/feat/make-it-work-on-bagl
Browse files Browse the repository at this point in the history
LDG-505: Implement verifyAddress method
  • Loading branch information
keiff3r authored Dec 4, 2024
2 parents 4708f2b + 71d62df commit f50fd1c
Show file tree
Hide file tree
Showing 36 changed files with 84 additions and 22 deletions.
2 changes: 1 addition & 1 deletion fuzzing/mocks/ux.c
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
#include "ux.h"

ux_state_t dummy_ux_state;
ux_state_t dummy_ux_state;
27 changes: 20 additions & 7 deletions src/common/getPublicKey.c
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
static keyDerivationPath_t *keyPath = &path;
static exportPublicKeyContext_t *ctx = &global.exportPublicKeyContext;
static tx_state_t *tx_state = &global_tx_state;
static const uint32_t HARDENED_OFFSET = 0x80000000;

void sendPublicKey(bool compare);

Expand Down Expand Up @@ -86,7 +87,7 @@ void handleGetPublicKey(uint8_t *cdata, uint8_t p1, uint8_t p2, volatile unsigne
} else {
// If the key path is of length 5, then it is a request for a governance key.
// Also it has to be in the governance subtree, which starts with 1.
if (keyPath->pathLength == 5) {
if (keyPath->pathLength == 5 && keyPath->rawKeyDerivationPath[0] == 1105) {
if (keyPath->rawKeyDerivationPath[2] != 1) {
THROW(ERROR_INVALID_PATH);
}
Expand All @@ -107,12 +108,24 @@ void handleGetPublicKey(uint8_t *cdata, uint8_t p1, uint8_t p2, volatile unsigne
THROW(ERROR_INVALID_PATH);
}
} else {
uint32_t identityIndex = keyPath->rawKeyDerivationPath[4];
uint32_t accountIndex = keyPath->rawKeyDerivationPath[6];
getIdentityAccountDisplay(ctx->display,
sizeof(ctx->display),
identityIndex,
accountIndex);
if (keyPath->rawKeyDerivationPath[0] == 44 ||
keyPath->rawKeyDerivationPath[0] == (44 | HARDENED_OFFSET)) {
uint32_t identityProviderIndex = keyPath->rawKeyDerivationPath[2];
uint32_t identityIndex = keyPath->rawKeyDerivationPath[3];
uint32_t accountIndex = keyPath->rawKeyDerivationPath[5];
getIdentityAccountDisplayNewPath(ctx->display,
sizeof(ctx->display),
identityProviderIndex,
identityIndex,
accountIndex);
} else {
uint32_t identityIndex = keyPath->rawKeyDerivationPath[4];
uint32_t accountIndex = keyPath->rawKeyDerivationPath[6];
getIdentityAccountDisplay(ctx->display,
sizeof(ctx->display),
identityIndex,
accountIndex);
}
}

// Display the UI for the public-key flow, where the user can validate that the
Expand Down
2 changes: 1 addition & 1 deletion src/common/getPublicKey.h
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
void handleGetPublicKey(uint8_t *cdata, uint8_t p1, uint8_t p2, volatile unsigned int *flags);

typedef struct {
uint8_t display[14];
uint8_t display[21];
char publicKey[68];
bool signPublicKey;
} exportPublicKeyContext_t;
Expand Down
19 changes: 19 additions & 0 deletions src/common/util.c
Original file line number Diff line number Diff line change
Expand Up @@ -149,6 +149,25 @@ void getIdentityAccountDisplay(uint8_t *dst,
bin2dec(dst + offset, dstLength - offset, accountIndex);
}

void getIdentityAccountDisplayNewPath(uint8_t *dst,
size_t dstLength,
uint32_t identityProviderIndex,
uint32_t identityIndex,
uint32_t accountIndex) {
// Convert identityProviderIndex to text and store it in dst
int offset = numberToText(dst, dstLength, identityProviderIndex);
memmove(dst + offset, "/", 1);
offset += 1;

// Convert identityIndex to text and append it to dst
offset += numberToText(dst + offset, dstLength - offset, identityIndex);
memmove(dst + offset, "/", 1);
offset += 1;

// Convert accountIndex to text and append it to dst
bin2dec(dst + offset, dstLength - offset, accountIndex);
}

/**
* Used to validate that an error result code from a Ledger library call
* is equal CX_OK. If it is not CX_OK, then throw an ERROR_FAILED_CX_OPERATION
Expand Down
17 changes: 16 additions & 1 deletion src/common/util.h
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ static const uint8_t r[32] = {0x73, 0xed, 0xa7, 0x53, 0x29, 0x9d, 0x7d, 0x48, 0x
* Converts bytes into uint64_t (big endian).
*/
#define U8BE(buf, off) \
(((uint64_t)(U4BE(buf, off)) << 32) | ((uint64_t)(U4BE(buf, off + 4)) & 0xFFFFFFFF))
(((uint64_t)(U4BE(buf, off)) << 32) | ((uint64_t) (U4BE(buf, off + 4)) & 0xFFFFFFFF))

/**
* Send a user rejection back to the caller, which will indicate to
Expand Down Expand Up @@ -131,6 +131,21 @@ void getIdentityAccountDisplay(uint8_t *dst,
uint32_t identityIndex,
uint32_t accountIndex);

/**
* Builds a human-readable representation of the identityProvider/identity/account path for the new
* path format.
* @param dst [out] where to write the identityProvider/identity/account string
* @param dstLength length of dst
* @param identityProviderIndex index of the identity provider
* @param identityIndex index of the identity
* @param accountIndex index of the account
*/
void getIdentityAccountDisplayNewPath(uint8_t *dst,
size_t dstLength,
uint32_t identityProviderIndex,
uint32_t identityIndex,
uint32_t accountIndex);

/**
* Adds the account transaction header and transaction kind to the current
* transaction hash.
Expand Down
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
39 changes: 27 additions & 12 deletions tests/test_pubkey_cmd.py
Original file line number Diff line number Diff line change
Expand Up @@ -83,59 +83,74 @@ def test_get_signed_legacy_public_key_confirm_accepted(


# In this test we check that the GET_PUBLIC_KEY works in confirmation mode with signing for governance key
@pytest.mark.active_test_scope
def test_get_signed_legacy_governance_public_key_confirm_accepted(
backend, navigator, firmware, default_screenshot_path, test_name
):
client = BoilerplateCommandSender(backend)
path = "m/1105/0/1/0/0"
with client.get_public_key_with_confirmation(path=path, signPublicKey=True):
navigate_until_text_and_compare(
firmware, navigator, "Approve", default_screenshot_path, test_name
)
if firmware.is_nano:
navigator.navigate_and_compare(
default_screenshot_path,
test_name,
nano_accept_instructions,
screen_change_before_first_instruction=False,
)

response = client.get_async_response().data
print("km------------------|response:", response.hex())
assert (
response.hex()
== "2091fcf639f03a8e1c00ab0837383728c9a105df9d44c293b2436dddd7213bee1c4062cf20d6c17d1971e66808d325ce1fed188b26b0d543de9f25e5a1c5e46d979cbd2ab98bc4213159883837b9fffa67d43dc5bcbc7b694d164feea777abc4a30d"
== "91fcf639f03a8e1c00ab0837383728c9a105df9d44c293b2436dddd7213bee1c62cf20d6c17d1971e66808d325ce1fed188b26b0d543de9f25e5a1c5e46d979cbd2ab98bc4213159883837b9fffa67d43dc5bcbc7b694d164feea777abc4a30d"
)


# In this test we check that the GET_PUBLIC_KEY works in confirmation mode
@pytest.mark.active_test_scope
def test_get_legacy_public_key_confirm_accepted(
backend, navigator, firmware, default_screenshot_path, test_name
):
client = BoilerplateCommandSender(backend)
path = "m/1105/0/0/0/0/2/0/0"
with client.get_public_key_with_confirmation(path=path):
navigate_until_text_and_compare(
firmware, navigator, "Approve", default_screenshot_path, test_name
)
if firmware.is_nano:
navigator.navigate_and_compare(
default_screenshot_path,
test_name,
nano_accept_instructions,
screen_change_before_first_instruction=False,
)

response = client.get_async_response().data
print("km------------------|response:", response.hex())
assert (
response.hex()
== "2087e16c8269270b1c75b930224df456d2927b80c760ffa77e57dbd738f6399492"
== "87e16c8269270b1c75b930224df456d2927b80c760ffa77e57dbd738f6399492"
)


# In this test we check that the GET_PUBLIC_KEY works in confirmation mode with signing
@pytest.mark.active_test_scope
def test_get_signed_new_public_key_confirm_accepted(
backend, navigator, firmware, default_screenshot_path, test_name
):
client = BoilerplateCommandSender(backend)
path = "m/44/919/0/0/0"
with client.get_public_key_with_confirmation(path=path, signPublicKey=True):
navigate_until_text_and_compare(
firmware, navigator, "Approve", default_screenshot_path, test_name
)
if firmware.is_nano:
navigator.navigate_and_compare(
default_screenshot_path,
test_name,
nano_accept_instructions,
screen_change_before_first_instruction=False,
)

response = client.get_async_response().data
print("km------------------|response:", response.hex())
assert (
response.hex()
== "20e31d69e500b0f83983fb6080aaa46129cf7c70e27d59b1aae9820b1d03f984024052c415c2552d81fde03a9aef6bba24325711a5924b417d79324f60ef67466a017542c6423387fd0d7679cab784d8178bf15e10eb4cb2eef944d47611682c930c"
== "e31d69e500b0f83983fb6080aaa46129cf7c70e27d59b1aae9820b1d03f9840252c415c2552d81fde03a9aef6bba24325711a5924b417d79324f60ef67466a017542c6423387fd0d7679cab784d8178bf15e10eb4cb2eef944d47611682c930c"
)


Expand Down

0 comments on commit f50fd1c

Please sign in to comment.