App 0.8.6 Update

Makefile

@@ -23,7 +23,7 @@ include $(BOLOS_SDK)/Makefile.defines
 
 APPVERSION_M = 0
 APPVERSION_N = 8
-APPVERSION_P = 5
+APPVERSION_P = 6
 APPVERSION   = "$(APPVERSION_M).$(APPVERSION_N).$(APPVERSION_P)"
 
 APP_LOAD_PARAMS = --path "44'/1'" --curve ed25519 --appFlags 0x240 $(COMMON_LOAD_PARAMS)
@@ -127,6 +127,10 @@ include $(BOLOS_SDK)/Makefile.glyphs
 APP_SOURCE_PATH += src
 SDK_SOURCE_PATH += lib_stusb lib_stusb_impl lib_ux
 
+# Allow usage of function from lib_standard_app/crypto_helpers.c
+INCLUDES_PATH  += ${BOLOS_SDK}
+APP_SOURCE_FILES += ${BOLOS_SDK}/lib_standard_app/crypto_helpers.c
+
 ifeq ($(TARGET_NAME),TARGET_NANOX)
     SDK_SOURCE_PATH += lib_blewbxx lib_blewbxx_impl
 endif

build.sh

@@ -29,15 +29,16 @@ function error {
 
 function usage {
     echo "usage: $0 [-h|--help] [-d|--debug] [-m|--model (nanos*|nanox|nanosplus)] [-l|--load] [-s|--speculos] [-c|--cxlib 1.0.2]"
-    echo "-d|--debug:    build app with DEBUG=1"
-    echo "-m|--model:    nanos (default), nanox, nanosplus"
-    echo "-l|--load:     load app to device"
-    echo "-p|--pull:     force pull docker images before using them"
-    echo "-s|--speculos: run app after building with the speculos simulator"
-    echo "-c|--cxlib:    don't autodetect cx-lib version (for speculos)"
-    echo "-g|--gdb:      start speculos with -d (waiting for gdb debugger)"
-    echo "-a|--analyze   run static code analysis"
-    echo "-v|--variant   build for 'iota' or 'shimmer'"
+    echo "-d|--debug:      build app with DEBUG=1"
+    echo "-b|--background: start simulator in background (detached)"
+    echo "-m|--model:      nanos (default), nanox, nanosplus"
+    echo "-l|--load:       load app to device"
+    echo "-p|--pull:       force pull docker images before using them"
+    echo "-s|--speculos:   run app after building with the speculos simulator"
+    echo "-c|--cxlib:      don't autodetect cx-lib version (for speculos)"
+    echo "-g|--gdb:        start speculos with -d (waiting for gdb debugger)"
+    echo "-a|--analyze     run static code analysis"
+    echo "-v|--variant     build for 'iota' or 'shimmer'"
     exit 1
 }
 
@@ -77,6 +78,7 @@ load=0
 speculos=0
 debug=0
 gdb=0
+background=0
 analysis=0
 pull=0
 cxlib=""
@@ -104,6 +106,9 @@ do
     "-d" | "--debug")
         debug=1
         ;;
+    "-b" | "--background")
+        background=1
+        ;;
     "-g" | "--gdb")
         gdb=1
         ;;
@@ -219,14 +224,16 @@ docker run \
 
     (( $gdb )) && extra_args="-d "
 
+    (( $background )) && docker_extra_args="-d "
+
     docker run \
         -v "$rpath:/speculos/apps" \
         -p 9999:9999 \
         -p 5000:5000 \
         -p 1234:1234 \
         -e SPECULOS_APPNAME="$APPNAME:$APPVERSION" \
+        $docker_extra_args \
         --rm \
-        -it \
         speculos \
             --apdu-port 9999 \
             --display headless \

src/iota/abstraction.c

@@ -20,8 +20,6 @@
 #pragma GCC diagnostic error "-Wextra"
 #pragma GCC diagnostic error "-Wmissing-prototypes"
 
-extern API_CTX api;
-
 const uint8_t *get_output_address_ptr(const API_CTX *api, uint8_t index)
 {
     MUST(index < api->essence.outputs_count);
@@ -74,22 +72,23 @@ uint64_t get_output_amount(const API_CTX *api, uint8_t index)
     return amount;
 }
 
-uint8_t address_encode_bech32(const uint8_t *addr_with_type, char *bech32,
-                              uint32_t bech32_max_length)
+uint8_t address_encode_bech32(const API_CTX *api, const uint8_t *addr_with_type,
+                              char *bech32, uint32_t bech32_max_length)
 {
-    switch (api.coin) {
+    switch (api->coin) {
     case COIN_IOTA: {
         MUST(address_encode_bech32_hrp(
             addr_with_type, bech32, bech32_max_length,
-            (api.app_mode & 0x80) ? COIN_HRP_IOTA_TESTNET : COIN_HRP_IOTA,
+            (api->app_mode & 0x80) ? COIN_HRP_IOTA_TESTNET : COIN_HRP_IOTA,
             strlen(COIN_HRP_IOTA))); // strlen valid because HRP has the same
                                      // length in testnet
         break;
     }
     case COIN_SHIMMER: {
         MUST(address_encode_bech32_hrp(
             addr_with_type, bech32, bech32_max_length,
-            (api.app_mode & 0x80) ? COIN_HRP_SHIMMER_TESTNET : COIN_HRP_SHIMMER,
+            (api->app_mode & 0x80) ? COIN_HRP_SHIMMER_TESTNET
+                                   : COIN_HRP_SHIMMER,
             strlen(COIN_HRP_SHIMMER))); // strlen valid because HRP has the same
                                         // length in testnet
         break;
@@ -130,15 +129,21 @@ uint8_t get_amount(const API_CTX *api, int index, char *dst, size_t dst_len,
 
     switch (api->coin) {
     case COIN_IOTA: {
-        // show IOTA in full or short mode
-        if (full) { // full
-            // max supply is 2779530283277761 - this fits nicely in one line
-            // on the Ledger nano s always cut after the 16th char to not
-            // make a page with a single 'i'.
-            format_value_full(dst, dst_len, amount);
+        // IOTA + Chrysalis uses metric units
+        if (api->protocol == PROTOCOL_CHRYSALIS) {
+            // show IOTA in full or short mode
+            if (full) { // full
+                // max supply is 2779530283277761 - this fits nicely in one line
+                // on the Ledger nano s always cut after the 16th char to not
+                // make a page with a single 'i'.
+                format_value_full(dst, dst_len, amount);
+            }
+            else { // short
+                format_value_short(dst, dst_len, amount);
+            }
         }
-        else { // short
-            format_value_short(dst, dst_len, amount);
+        else {
+            format_value_full_decimals(dst, dst_len, amount);
         }
         break;
     }

src/iota/abstraction.h

@@ -8,8 +8,8 @@ const uint8_t *get_output_address_ptr(const API_CTX *api, uint8_t index);
 
 uint64_t get_output_amount(const API_CTX *api, uint8_t index);
 
-uint8_t address_encode_bech32(const uint8_t *addr_with_type, char *bech32,
-                              uint32_t bech32_max_length);
+uint8_t address_encode_bech32(const API_CTX *api, const uint8_t *addr_with_type,
+                              char *bech32, uint32_t bech32_max_length);
 
 uint8_t essence_parse_and_validate(API_CTX *api);
 

src/iota/address.c

@@ -14,12 +14,13 @@
 #include "address.h"
 #include "ed25519.h"
 #include "macros.h"
+#include "lib_standard_app/crypto_helpers.h"
 
 #pragma GCC diagnostic error "-Wall"
 #pragma GCC diagnostic error "-Wextra"
 #pragma GCC diagnostic error "-Wmissing-prototypes"
 
-#include "debugprintf.h"
+//#include "debugprintf.h"
 
 uint8_t address_encode_bech32_hrp(const uint8_t *addr_with_type, char *bech32,
                                   uint32_t bech32_max_length, const char *hrp,
@@ -51,34 +52,28 @@ uint8_t address_encode_bech32_hrp(const uint8_t *addr_with_type, char *bech32,
 uint8_t address_generate(uint32_t *bip32_path, uint32_t bip32_path_length,
                          uint8_t *addr)
 {
-    cx_ecfp_private_key_t pk;
-    cx_ecfp_public_key_t pub;
+    uint8_t raw_pubkey[65];
 
-    uint8_t ret = 0;
-
-    ret = ed25519_get_key_pair(bip32_path, bip32_path_length, &pk, &pub);
-
-    // always delete from stack
-    explicit_bzero(&pk, sizeof(pk));
-
-    // ed25519_get_key_pair must succeed
-    MUST(ret);
+    MUST(bip32_derive_with_seed_get_pubkey_256(
+             HDW_ED25519_SLIP10, CX_CURVE_Ed25519, bip32_path,
+             bip32_path_length, raw_pubkey, NULL, CX_SHA512, NULL, 0) == CX_OK);
 
     // convert Ledger pubkey to pubkey bytes
     uint8_t pubkey_bytes[PUBKEY_SIZE_BYTES];
 
-    ret = ed25519_public_key_to_bytes(&pub, pubkey_bytes);
-    MUST(ret);
+    MUST(ed25519_public_key_to_bytes(raw_pubkey, pubkey_bytes));
 
     //	debug_print_hex(pubkey_bytes, 32, 16);
 
     // set ed25519 address_type
     addr[0] = ADDRESS_TYPE_ED25519;
 
     cx_blake2b_t blake2b;
-    cx_blake2b_init(&blake2b, BLAKE2B_SIZE_BYTES * 8);
-    cx_hash(&blake2b.header, CX_LAST, pubkey_bytes, PUBKEY_SIZE_BYTES, &addr[1],
-            ADDRESS_SIZE_BYTES);
 
+    MUST(cx_blake2b_init_no_throw(&blake2b, BLAKE2B_SIZE_BYTES * 8) == CX_OK);
+
+    MUST(cx_hash_no_throw(&blake2b.header, CX_LAST, pubkey_bytes,
+                          PUBKEY_SIZE_BYTES, &addr[1],
+                          ADDRESS_SIZE_BYTES) == CX_OK);
     return 1;
 }

src/iota/ed25519.c

@@ -3,6 +3,7 @@
 #include "os.h"
 #include "cx.h"
 
+#include "macros.h"
 #include "ed25519.h"
 
 #include "constants.h"
@@ -13,91 +14,14 @@
 #pragma GCC diagnostic error "-Wextra"
 #pragma GCC diagnostic error "-Wmissing-prototypes"
 
-
-// bip-path
-// 		0x2c'/coin_type'/account'/change'/index'
-
-
-uint8_t ed25519_get_key_pair(uint32_t *bip32_path, uint32_t bip32_path_length,
-                             cx_ecfp_private_key_t *pk,
-                             cx_ecfp_public_key_t *pub)
-{
-    uint8_t keySeed[32];
-    uint8_t ret = 1;
-
-    // getting the seed to derive and configuring it with SLIP10
-    os_perso_derive_node_bip32_seed_key(
-        HDW_ED25519_SLIP10, CX_CURVE_Ed25519, bip32_path, bip32_path_length,
-        keySeed, NULL, (unsigned char *)"ed25519 seed", 12);
-
-    BEGIN_TRY
-    {
-        TRY
-        {
-            // initializing the private key and public key instance
-            // with selected curve ED25519
-            cx_ecfp_init_private_key(CX_CURVE_Ed25519, keySeed, sizeof(keySeed),
-                                     pk);
-            cx_ecfp_init_public_key(CX_CURVE_Ed25519, NULL, 0, pub);
-
-            // generating the key pair
-            cx_ecfp_generate_pair(CX_CURVE_Ed25519, pub, pk, 1);
-        }
-        CATCH_ALL
-        {
-            ret = 0;
-        }
-        FINALLY
-        {
-            // resetting the variables to avoid leak
-            explicit_bzero(keySeed, sizeof(keySeed));
-        }
-    }
-    END_TRY;
-
-    return ret;
-}
-
 // reversing the public key and changing the last byte
-uint8_t ed25519_public_key_to_bytes(cx_ecfp_public_key_t *pub, uint8_t *output)
+uint8_t ed25519_public_key_to_bytes(uint8_t raw_pubkey[65], uint8_t output[32])
 {
     for (int i = 0; i < 32; i++) {
-        output[i] = pub->W[64 - i];
+        output[i] = raw_pubkey[64 - i];
     }
-    if (pub->W[32] & 1) {
+    if (raw_pubkey[32] & 1) {
         output[31] |= 0x80;
     }
     return 1;
 }
-
-uint8_t ed25519_sign(cx_ecfp_private_key_t *privateKey, const uint8_t *msg,
-                     uint32_t msg_length, unsigned char *output,
-                     uint32_t *output_length)
-{
-    uint8_t ret = 1;
-
-    BEGIN_TRY
-    {
-        TRY
-        {
-            *output_length =
-                cx_eddsa_sign(privateKey, 0, CX_SHA512, msg, msg_length, NULL,
-                              0, output, CX_SHA512_SIZE, NULL);
-        }
-        CATCH_ALL
-        {
-            ret = 0;
-        }
-        FINALLY
-        {
-        }
-    }
-    END_TRY;
-
-
-    if (*output_length != SIGNATURE_SIZE_BYTES) {
-        ret = 0;
-    }
-
-    return ret;
-}

src/iota/ed25519.h

@@ -2,10 +2,4 @@
 
 #include "os.h"
 
-uint8_t ed25519_public_key_to_bytes(cx_ecfp_public_key_t *pub, uint8_t *output);
-uint8_t ed25519_get_key_pair(uint32_t *bip32_path, uint32_t bip32_path_length,
-                             cx_ecfp_private_key_t *pk,
-                             cx_ecfp_public_key_t *pub);
-uint8_t ed25519_sign(cx_ecfp_private_key_t *privateKey, const uint8_t *msg,
-                     uint32_t msg_length, unsigned char *output,
-                     uint32_t *output_length);
+uint8_t ed25519_public_key_to_bytes(uint8_t raw_pubkey[65], uint8_t output[32]);

src/iota/essence_chrysalis.c

@@ -28,7 +28,6 @@
 #pragma GCC diagnostic error "-Wextra"
 #pragma GCC diagnostic error "-Wmissing-prototypes"
 
-
 static inline uint8_t get_uint32(const uint8_t *data, uint32_t *idx,
                                  uint32_t *v)
 {
@@ -284,17 +283,19 @@ static uint8_t essence_verify_remainder_address(
     return 1;
 }
 
-static void essence_hash(API_CTX *api)
+static uint8_t essence_hash(API_CTX *api)
 {
     // Block below cannot be fuzzed without going through crypto APIs
 #ifndef FUZZING
     cx_blake2b_t blake2b;
-    cx_blake2b_init(&blake2b, BLAKE2B_SIZE_BYTES * 8);
-    cx_hash(&blake2b.header, CX_LAST, api->data.buffer, api->essence.length,
-            api->essence.hash, ADDRESS_SIZE_BYTES);
+    MUST(cx_blake2b_init_no_throw(&blake2b, BLAKE2B_SIZE_BYTES * 8) == CX_OK);
+    MUST(cx_hash_no_throw(&blake2b.header, CX_LAST, api->data.buffer,
+                          api->essence.length, api->essence.hash,
+                          ADDRESS_SIZE_BYTES) == CX_OK);
 #else
     (void)api;
 #endif
+    return 1;
 }
 
 uint8_t essence_parse_and_validate_chryslis(API_CTX *api)
@@ -357,7 +358,7 @@ uint8_t essence_parse_and_validate_chryslis(API_CTX *api)
         api->essence.outputs_count));
 
     // everything fine - calculate the hash
-    essence_hash(api);
+    MUST(essence_hash(api));
 
     // check if it's a sweeping transaction
     if (check_for_internal_transfer(api)) {