New release

.github/workflows/cflite_batch.yml

@@ -1,33 +1,53 @@
-name: ClusterFuzzLite batch fuzzing
+name: ClusterFuzzLite cron tasks
 on:
   workflow_dispatch:
+    inputs:
+      fuzz-seconds:
+        description: "Number of seconds to run fuzzers"
+        required: false
+        default: "600"
+  push:
+    branches:
+      - develop # Use your actual default branch here.
   schedule:
     - cron: "0 8 * * 1" # At 08:00 on Monday.
 permissions: read-all
 jobs:
-  BatchFuzzing:
+  Fuzzing:
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false
       matrix:
-        sanitizer: [address, undefined, memory]
+        include:
+          - mode: batch
+            sanitizer: address
+          - mode: batch
+            sanitizer: undefined
+          - mode: batch
+            sanitizer: memory
+          - mode: prune
+            sanitizer: address
+          - mode: coverage
+            sanitizer: coverage
     steps:
-      - name: Build Fuzzers (${{ matrix.sanitizer }})
+      - name: Build Fuzzers (${{ matrix.mode }} - ${{ matrix.sanitizer }})
         id: build
         uses: google/clusterfuzzlite/actions/build_fuzzers@v1
         with:
-          language: c++
+          language: c # Change this to the language you are fuzzing.
+          github-token: ${{ secrets.GITHUB_TOKEN }}
           sanitizer: ${{ matrix.sanitizer }}
-      - name: Run Fuzzers (${{ matrix.sanitizer }})
+          storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/lightsail-network/app-stellar-fuzz-corpus
+          storage-repo-branch: main
+          storage-repo-branch-coverage: gh-pages
+      - name: Run Fuzzers (${{ matrix.mode }} - ${{ matrix.sanitizer }})
         id: run
         uses: google/clusterfuzzlite/actions/run_fuzzers@v1
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
-          fuzz-seconds: 3600 # 1 hour
-          mode: "batch"
+          fuzz-seconds: ${{ github.event.inputs.fuzz-seconds || '600' }} # Defaults to 10 minutes
+          mode: ${{ matrix.mode }}
           sanitizer: ${{ matrix.sanitizer }}
-          # Optional but recommended: For storing certain artifacts from fuzzing.
-          # See later section on "Git repo for storage".
-          #storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/LedgerHQ/fuzzers-corpus.git
-          #storage-repo-branch: main   # Optional. Defaults to "main"
-          #storage-repo-branch-coverage: gh-pages  # Optional. Defaults to "gh-pages".
+          storage-repo: ${{ secrets.PERSONAL_ACCESS_TOKEN && format('https://{0}@github.com/lightsail-network/app-stellar-fuzz-corpus', secrets.PERSONAL_ACCESS_TOKEN) || '' }}
+          storage-repo-branch: ${{ secrets.PERSONAL_ACCESS_TOKEN && 'main' || '' }}
+          storage-repo-branch-coverage: ${{ secrets.PERSONAL_ACCESS_TOKEN && 'gh-pages' || '' }}

.github/workflows/cflite_pr.yml

@@ -13,32 +13,27 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        sanitizer: [address, undefined, memory]
+        sanitizer: [address, undefined, memory] # Override this with the sanitizers you want.
     steps:
       - name: Build Fuzzers (${{ matrix.sanitizer }})
         id: build
         uses: google/clusterfuzzlite/actions/build_fuzzers@v1
         with:
-          language: c++
+          language: c # Change this to the language you are fuzzing.
           github-token: ${{ secrets.GITHUB_TOKEN }}
           sanitizer: ${{ matrix.sanitizer }}
-          # Optional but recommended: used to only run fuzzers that are affected
-          # by the PR.
-          # See later section on "Git repo for storage".
-          #storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/LedgerHQ/fuzzers-corpus.git
-          #storage-repo-branch: main   # Optional. Defaults to "main"
-          #storage-repo-branch-coverage: gh-pages  # Optional. Defaults to "gh-pages".
+          storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/lightsail-network/app-stellar-fuzz-corpus
+          storage-repo-branch: main
+          storage-repo-branch-coverage: gh-pages
       - name: Run Fuzzers (${{ matrix.sanitizer }})
         id: run
         uses: google/clusterfuzzlite/actions/run_fuzzers@v1
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
-          fuzz-seconds: 600 # 10 minutes
+          fuzz-seconds: 300 # 5 minutes
           mode: "code-change"
           sanitizer: ${{ matrix.sanitizer }}
-          # Optional but recommended: used to download the corpus produced by
-          # batch fuzzing.
-          # See later section on "Git repo for storage".
-          #storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/LedgerHQ/fuzzers-corpus.git
-          #storage-repo-branch: main   # Optional. Defaults to "main"
-          #storage-repo-branch-coverage: gh-pages  # Optional. Defaults to "gh-pages".
+          output-sarif: true
+          storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/lightsail-network/app-stellar-fuzz-corpus
+          storage-repo-branch: main
+          storage-repo-branch-coverage: gh-pages

.github/workflows/ci-workflow.yml

@@ -61,7 +61,7 @@ jobs:
     name: Stellar e2e tests
     strategy:
       matrix:
-        device: ["nanos", "nanox", "nanosp", "stax"]
+        device: ["nanos", "nanox", "nanosp", "stax", "flex"]
       fail-fast: false
     needs:
       - build_application

Makefile

@@ -30,8 +30,8 @@ APPNAME = "Stellar"
 
 # Application version
 APPVERSION_M = 5
-APPVERSION_N = 4
-APPVERSION_P = 1
+APPVERSION_N = 5
+APPVERSION_P = 0
 APPVERSION = "$(APPVERSION_M).$(APPVERSION_N).$(APPVERSION_P)"
 
 # Application source files

README.md

@@ -5,7 +5,7 @@
 
 ## Introduction
 
-This is the wallet app for the [Ledger Nano S](https://shop.ledger.com/products/ledger-nano-s), [Ledger Nano S Plus](https://shop.ledger.com/pages/ledger-nano-s-plus) and [Ledger Nano X](https://shop.ledger.com/pages/ledger-nano-x) that makes it possible to store [Stellar](https://www.stellar.org/)-based assets on those devices and generally sign any transaction for the Stellar network.
+This is the wallet app for the [Ledger hardware wallets](https://www.ledger.com/) that makes it possible to store [Stellar](https://www.stellar.org/)-based assets on those devices and generally sign any transaction for the Stellar network.
 
 ## Documentation
 
@@ -44,7 +44,7 @@ make delete
 
 ## Testing
 
-This project provides unit tests, integration tests and end-to-end tests, unit tests are located under the [`./tests_unit`](./tests_unit) folder, and the integration tests and end-to-end tests are located under the [`./tests_zemu`](./tests_zemu) folder. 
+This project provides unit tests, integration tests and end-to-end tests, unit tests are located under the [`./tests_unit`](./tests_unit) folder, and the integration tests and end-to-end tests are located under the [`./tests_zemu`](./tests_zemu) folder.
 
 During development, we recommend that you run the unit test first, as it takes less time to run, and then run the other tests after the unit test has run successfully.
 
@@ -67,9 +67,10 @@ make tests-unit
 ```
 
 ### Integration testing and end-to-end testing
+
 Testing is done via the open-source framework [zemu](https://github.com/Zondax/zemu).
 
-In order to run these tests, you need to install [Docker](https://www.docker.com/) in addition to the dependencies mentioned in *Unit testing*.
+In order to run these tests, you need to install [Docker](https://www.docker.com/) in addition to the dependencies mentioned in _Unit testing_.
 
 To build and execute the tests, run the following commands:
 

build_elfs.sh

@@ -7,9 +7,10 @@ set -e
 # NANOSP_SDK=
 # NANOX_SDK=
 # STAX_SDK=
+# FLEX_SDK=
 
 # list of SDKS
-DEVICE_SDKS=("$NANOS_SDK" "$NANOSP_SDK" "$NANOX_SDK" "$STAX_SDK")
+DEVICE_SDKS=("$NANOS_SDK" "$NANOSP_SDK" "$NANOX_SDK" "$STAX_SDK" "$FLEX_SDK")
 
 # Do it only now since before the cd command, we might not have been inside the repository
 GIT_REPO_ROOT=$(git rev-parse --show-toplevel)

docs/COMMANDS.md

@@ -82,22 +82,20 @@
 
 
 ## Status Words
-
-| SW     | SW name                               | Description                                             |
-| ------ | ------------------------------------- | ------------------------------------------------------- |
-| 0x6125 | `SW_FORMATTING_FAIL`                  | Failed to format the data                               |
-| 0x6985 | `SW_DENY`                             | Rejected by user                                        |
-| 0x6A87 | `SW_WRONG_DATA_LENGTH`                | `Lc` or minimum APDU lenght is incorrect                |
-| 0x6B00 | `SW_WRONG_P1P2`                       | Either `P1` or `P2` is incorrect                        |
-| 0x6C66 | `SW_HASH_SIGNING_MODE_NOT_ENABLED`    | Hash signing model not enabled                          |
-| 0x6D00 | `SW_INS_NOT_SUPPORTED`                | No command exists with `INS`                            |
-| 0x6E00 | `SW_CLA_NOT_SUPPORTED`                | Bad `CLA` used for this application                     |
-| 0xB002 | `SW_DISPLAY_ADDRESS_FAIL`             | Failed to display address                               |
-| 0xB003 | `SW_DISPLAY_TRANSACTION_HASH_FAIL`    | Failed to display transaction hash                      |
-| 0xB004 | `SW_DATA_TOO_LARGE`                   | The data is too large to be processed                   |
-| 0xB005 | `SW_DATA_PARSING_FAIL`                | Failed to parse raw data                                |
-| 0xB006 | `SW_DATA_HASH_FAIL`                   | Failed to compute hash digest of raw data               |
-| 0xB007 | `SW_BAD_STATE`                        | Security issue with bad state                           |
-| 0xB008 | `SW_SIGNATURE_FAIL`                   | Generating signature failed                             |
-| 0xB009 | `SW_SWAP_CHECKING_FAIL`               | Failed to check swap params (maybe the data is invalid) |
-| 0x9000 | `SW_OK`                               | Success                                                 |
+| SW     | SW name                                    | Description                                               |
+| ------ | ------------------------------------------ | --------------------------------------------------------- |
+| 0x6125 | `SW_FORMATTING_FAIL`                       | Failed to format the data                                 |
+| 0x6985 | `SW_DENY`                                  | Rejected by user                                          |
+| 0x6A87 | `SW_WRONG_DATA_LENGTH`                     | `Lc` or minimum APDU lenght is incorrect                  |
+| 0x6B00 | `SW_WRONG_P1P2`                            | Either `P1` or `P2` is incorrect                          |
+| 0x6D00 | `SW_INS_NOT_SUPPORTED`                     | No command exists with `INS`                              |
+| 0x6E00 | `SW_CLA_NOT_SUPPORTED`                     | Bad `CLA` used for this application                       |
+| 0xB002 | `SW_DISPLAY_ADDRESS_FAIL`                  | Failed to display address                                 |
+| 0xB003 | `SW_DISPLAY_TRANSACTION_HASH_FAIL`         | Failed to display transaction hash                        |
+| 0xB004 | `SW_DATA_TOO_LARGE`                        | The data is too large to be processed                     |
+| 0xB005 | `SW_DATA_PARSING_FAIL`                     | Failed to parse raw data                                  |
+| 0xB006 | `SW_DATA_HASH_FAIL`                        | Failed to compute hash digest of raw data                 |
+| 0xB007 | `SW_BAD_STATE`                             | Security issue with bad state                             |
+| 0xB008 | `SW_SIGNATURE_FAIL`                        | Generating signature failed                               |
+| 0xB009 | `SW_SWAP_CHECKING_FAIL`                    | Failed to check swap params (maybe the data is invalid)   |
+| 0x9000 | `SW_OK`                                    | Success                                                   |

fuzz/CMakeLists.txt

@@ -19,6 +19,12 @@ if (NOT CMAKE_C_COMPILER_ID MATCHES "Clang")
     message(FATAL_ERROR "Fuzzer needs to be built with Clang")
 endif ()
 
+# Build with code coverage generation
+if(CODE_COVERAGE)
+    add_compile_options(-fprofile-instr-generate -fcoverage-mapping)
+    add_link_options(-fprofile-instr-generate -fcoverage-mapping)
+endif()
+
 include(CTest)
 ENABLE_TESTING()
 

fuzz/fuzz_tx.c

@@ -9,6 +9,17 @@
 #define DETAIL_CAPTION_MAX_LENGTH 21
 #define DETAIL_VALUE_MAX_LENGTH   105
 
+static bool plugin_check_presence(const uint8_t *contract_address);
+static stellar_plugin_result_t plugin_init_contract(const uint8_t *contract_address);
+static stellar_plugin_result_t plugin_query_data_pair_count(const uint8_t *contract_address,
+                                                            uint8_t *data_pair_count);
+static stellar_plugin_result_t plugin_query_data_pair(const uint8_t *contract_address,
+                                                      uint8_t data_pair_index,
+                                                      char *caption,
+                                                      uint8_t caption_len,
+                                                      char *value,
+                                                      uint8_t value_len);
+
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
     envelope_t envelope;
     bool data_exists = true;
@@ -57,6 +68,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
             .caption_len = DETAIL_CAPTION_MAX_LENGTH,
             .value_len = DETAIL_VALUE_MAX_LENGTH,
             .display_sequence = true,
+            .plugin_check_presence = &plugin_check_presence,
+            .plugin_init_contract = &plugin_init_contract,
+            .plugin_query_data_pair_count = &plugin_query_data_pair_count,
+            .plugin_query_data_pair = &plugin_query_data_pair,
         };
 
         reset_formatter();
@@ -74,3 +89,56 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
 
     return 0;
 }
+
+static bool plugin_check_presence(const uint8_t *contract_address) {
+    uint8_t expected[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                          0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                          0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
+    return memcmp(contract_address, expected, 32) == 0;
+}
+
+stellar_plugin_result_t plugin_init_contract(const uint8_t *contract_address) {
+    // Build-in token plugin
+    if (plugin_check_presence(contract_address)) {
+        return STELLAR_PLUGIN_RESULT_OK;
+    }
+    return STELLAR_PLUGIN_RESULT_UNAVAILABLE;
+}
+
+stellar_plugin_result_t plugin_query_data_pair_count(const uint8_t *contract_address,
+                                                     uint8_t *data_pair_count) {
+    // Build-in token plugin
+    if (plugin_check_presence(contract_address)) {
+        *data_pair_count = 3;
+        return STELLAR_PLUGIN_RESULT_OK;
+    }
+    return STELLAR_PLUGIN_RESULT_UNAVAILABLE;
+}
+
+stellar_plugin_result_t plugin_query_data_pair(const uint8_t *contract_address,
+                                               uint8_t data_pair_index,
+                                               char *caption,
+                                               uint8_t caption_len,
+                                               char *value,
+                                               uint8_t value_len) {
+    if (!plugin_check_presence(contract_address)) {
+        return STELLAR_PLUGIN_RESULT_UNAVAILABLE;
+    }
+    switch (data_pair_index) {
+        case 0:
+            strncpy(caption, "caption 0", caption_len);
+            strncpy(value, "value 0", value_len);
+            break;
+        case 1:
+            strncpy(caption, "caption 1", caption_len);
+            strncpy(value, "value 1", value_len);
+            break;
+        case 2:
+            strncpy(caption, "caption 2", caption_len);
+            strncpy(value, "value 2", value_len);
+            break;
+        default:
+            return STELLAR_PLUGIN_RESULT_ERROR;
+    }
+    return STELLAR_PLUGIN_RESULT_OK;
+}

fuzz/run.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+set -e
+
+SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
+BUILDDIR="$SCRIPTDIR/cmake-build-fuzz-coverage"
+CORPUSDIR="$SCRIPTDIR/corpus"
+HTMLCOVDIR="$SCRIPTDIR/html-coverage"
+
+# Compile the fuzzer with code coverage support
+rm -rf "$BUILDDIR" "$HTMLCOVDIR"
+cmake -DBOLOS_SDK=/opt/ledger-secure-sdk -DCMAKE_C_COMPILER=clang -DCODE_COVERAGE=1 -B"$BUILDDIR" -H.
+cmake --build "$BUILDDIR" --target fuzz_tx
+
+# Run the fuzzer on the corpus files
+export LLVM_PROFILE_FILE="$BUILDDIR/fuzz_tx.%p.profraw"
+# "$BUILDDIR/fuzz_tx" "$CORPUSDIR"/*
+"$BUILDDIR/fuzz_tx" -rss_limit_mb=1024 -max_len=20000 -max_total_time=600 -print_final_stats=1 "$CORPUSDIR" -jobs=4 -workers=4
+llvm-profdata merge --sparse "$BUILDDIR"/fuzz_tx.*.profraw -o "$BUILDDIR/fuzz_tx.profdata"
+
+# Exclude lib_standard_app directory, base32 and base64 code from coverage report
+llvm-cov show "$BUILDDIR/fuzz_tx" -instr-profile="$BUILDDIR/fuzz_tx.profdata" -show-line-counts-or-regions -output-dir="$HTMLCOVDIR" -format=html -ignore-filename-regex="(.*lib_standard_app.*)|(.*libstellar/base64\.c.*)|(.*libstellar/base32\.c.*)"
+llvm-cov report "$BUILDDIR/fuzz_tx" -instr-profile="$BUILDDIR/fuzz_tx.profdata" -ignore-filename-regex="(.*lib_standard_app.*)|(.*libstellar/base64\.c.*)|(.*libstellar/base32\.c.*)"

libstellar/formatter.c

@@ -911,6 +911,7 @@ static bool format_manage_sell_offer(formatter_data_t *fdata) {
                 fdata->value_len))
         } else {
             STRLCPY(fdata->caption, "Create Offer", fdata->caption_len);
+            STRLCPY(fdata->value, "New Offer", fdata->value_len);
         }
         FORMATTER_CHECK(push_to_formatter_stack(&format_manage_sell_offer_buy))
     }
@@ -965,6 +966,7 @@ static bool format_manage_buy_offer(formatter_data_t *fdata) {
             FORMATTER_CHECK(print_uint64_num(op->offer_id, fdata->value, fdata->value_len))
         } else {
             STRLCPY(fdata->caption, "Create Offer", fdata->caption_len);
+            STRLCPY(fdata->value, "New Offer", fdata->value_len);
         }
         FORMATTER_CHECK(push_to_formatter_stack(&format_manage_buy_offer_sell))
     }
@@ -2261,17 +2263,14 @@ static const format_function_t formatters[] = {&format_create_account,
 
 static bool format_confirm_operation(formatter_data_t *fdata) {
     if (fdata->envelope->tx_details.tx.operations_count > 1) {
-        size_t length;
-        STRLCPY(fdata->caption, "Operation ", fdata->caption_len);
-        length = strlen(fdata->caption);
+        STRLCPY(fdata->caption, "Operation", fdata->caption_len);
         FORMATTER_CHECK(print_uint64_num(fdata->envelope->tx_details.tx.operation_index + 1,
-                                         fdata->caption + length,
-                                         fdata->caption_len - length))
-        STRLCAT(fdata->caption, " of ", fdata->caption_len);
-        length = strlen(fdata->caption);
+                                         fdata->value,
+                                         fdata->value_len))
+        STRLCAT(fdata->value, " of ", fdata->value_len)
         FORMATTER_CHECK(print_uint64_num(fdata->envelope->tx_details.tx.operations_count,
-                                         fdata->caption + length,
-                                         fdata->caption_len - length))
+                                         fdata->value + strlen(fdata->value),
+                                         fdata->value_len - strlen(fdata->value)))
 
         FORMATTER_CHECK(push_to_formatter_stack(
             ((format_function_t) PIC(formatters[fdata->envelope->tx_details.tx.op_details.type]))));