Feat/ldg 428 support new transaction type cip64

Makefile

@@ -29,6 +29,9 @@ APPVERSION=$(APPVERSION_M).$(APPVERSION_N).$(APPVERSION_P)
 
 # Celo
 APP_LOAD_PARAMS += --path "44'/52752'"
+# Ethereum path
+APP_LOAD_PARAMS += --path "44'/60'/0'/0/0" --path "44'/60'/0'" --path "44'/60'/0'/0"
+
 APPNAME = "Celo"
 APP_LOAD_FLAGS=--appFlags 0
 ifeq ($(TARGET_NAME),$(filter $(TARGET_NAME),TARGET_NANOX TARGET_STAX))
@@ -133,7 +136,7 @@ endif
 
 CC       := $(CLANGPATH)clang
 
-#CFLAGS   += -O0
+# CFLAGS   += -O0
 CFLAGS   += -O3 -Os
 
 AS     := $(GCCPATH)arm-none-eabi-gcc

apdu.md

@@ -0,0 +1,23 @@
+        ## ISO/IEC 7816-4 (2005) APDU errors (SW1/SW2)
+
+        | Error Code | Error Description                            |
+        |------------|---------------------------------------------|
+        | 0x6700     | wrong length (general error)                 |
+        | 0x6900     | command not allowed (general error)          |
+        | 0x6981     | command incompatible with file structure     |
+        | 0x6982     | security status not satisfied                |
+        | 0x6A00     | wrong parameters p1/p2 (general error)       |
+        | 0x6A80     | incorrect parameters in command data field   |
+        | 0x6A81     | function not supported                       |
+        | 0x6A82     | file or application not found                |
+        | 0x6A83     | record not found                             |
+        | 0x6A84     | not enough memory space in the file          |
+        | 0x6A85     | command length inconsistent with TLV structure |
+        | 0x6A86     | incorrect parameters p1/p2                   |
+        | 0x6A87     | command length inconsistent with p1/p2       |
+        | 0x6A88     | referenced data or reference data not found  |
+        | 0x6A89     | file already exists                          |
+        | 0x6A8A     | file name already exists                     |
+        |-------------------Personalized status word ---------------|
+        | 0x6A8B     | error while hashing                          |
+        | 0x6A8C     | error while deriving path                    |

doc/ethapp.asc

@@ -353,6 +353,7 @@ The following standard Status Words are returned for all APDUs - some specific S
 [width="80%"]
 |===============================================================================================
 | *SW*     | *Description*
+|   6501   | TransactionType not supported
 |   6700   | Incorrect length
 |   6982   | Security status not satisfied (Canceled by user)
 |   6A80   | Invalid data

src/celo.c

@@ -111,7 +111,9 @@ static uint32_t splitBinaryParameterPart(char *result, uint8_t *parameter) {
 }
 
 customStatus_e customProcessor(txContext_t *context) {
-    if ((context->currentField == TX_RLP_DATA) &&
+    if (((context->txType == CELO_LEGACY && context->currentField == CELO_LEGACY_RLP_DATA) ||
+         (context->txType == CIP64 && context->currentField == CIP64_RLP_DATA) ||
+         (context->txType == EIP1559 && context->currentField == EIP1559_RLP_DATA)) &&
         (context->currentFieldLength != 0)) {
         dataPresent = true;
         // If handling a new contract rather than a function call, abort immediately
@@ -232,15 +234,16 @@ customStatus_e customProcessor(txContext_t *context) {
                     copyTxData(context,
                         dataContext.withdrawContext.data + context->currentFieldPos,
                         copySize);
+                    break;
                   case PROVISION_RELOCK:
                     copyTxData(context,
                         dataContext.relockContext.data + context->currentFieldPos,
                         copySize);
+                    break;
                   case PROVISION_CREATE_ACCOUNT:
                     copyTxData(context,
                         dataContext.createAccountContext.data + context->currentFieldPos,
                         copySize);
-
                     break;
                   default:
                     break;
@@ -331,8 +334,8 @@ void finalizeParsing(bool direct) {
   uint32_t i;
   uint8_t decimals = WEI_TO_ETHER;
   uint8_t feeDecimals = WEI_TO_ETHER;
-  char *ticker = CHAINID_COINNAME " ";
-  char *feeTicker = CHAINID_COINNAME " ";
+  const char *ticker = CHAINID_COINNAME " ";
+  const char *feeTicker = CHAINID_COINNAME " ";
   uint8_t tickerOffset = 0;
 
   // Display correct currency if fee currency field sent
@@ -356,7 +359,12 @@ void finalizeParsing(bool direct) {
   }
 
   // Store the hash
-  cx_hash((cx_hash_t *)&sha3, CX_LAST, tmpCtx.transactionContext.hash, 0, tmpCtx.transactionContext.hash, 32);
+  CX_THROW(cx_hash_no_throw((cx_hash_t *) &sha3,
+                        CX_LAST,
+                        tmpCtx.transactionContext.hash,
+                        0,
+                        tmpCtx.transactionContext.hash,
+                        32));
     // If there is a token to process, check if it is well known
     if (provisionType == PROVISION_TOKEN) {
         tokenDefinition_t *currentToken = getKnownToken(tmpContent.txContent.destination);

src/main.c

@@ -168,10 +168,10 @@ void handleGetWalletId(volatile unsigned int *tx) {
   cx_ecfp_256_private_key_t priv;
   cx_ecfp_256_public_key_t pub;
   // seed => priv key
-  os_perso_derive_node_bip32(CX_CURVE_256K1, U_os_perso_seed_cookie, 2, t, NULL);
+  CX_THROW(os_derive_bip32_no_throw(CX_CURVE_256K1, U_os_perso_seed_cookie, 2, t, NULL));
   // priv key => pubkey
-  cx_ecdsa_init_private_key(CX_CURVE_256K1, t, 32, &priv);
-  cx_ecfp_generate_pair(CX_CURVE_256K1, &pub, &priv, 1);
+  CX_THROW(cx_ecdsa_init_private_key(CX_CURVE_256K1, t, 32, &priv));
+  CX_THROW(cx_ecfp_generate_pair_no_throw(CX_CURVE_256K1, &pub, &priv, 1));
   // pubkey -> sha512
   cx_hash_sha512(pub.W, sizeof(pub.W), t, sizeof(t));
   // ! cookie !
@@ -184,7 +184,7 @@ void handleGetWalletId(volatile unsigned int *tx) {
 
 void handleGetPublicKey(uint8_t p1, uint8_t p2, uint8_t *dataBuffer, uint16_t dataLength, volatile unsigned int *flags, volatile unsigned int *tx) {
   UNUSED(dataLength);
-  uint8_t privateKeyData[32];
+  uint8_t privateKeyData[64];
   bip32Path_t derivationPath;
   cx_ecfp_private_key_t privateKey;
 
@@ -203,10 +203,16 @@ void handleGetPublicKey(uint8_t p1, uint8_t p2, uint8_t *dataBuffer, uint16_t da
 
   tmpCtx.publicKeyContext.getChaincode = (p2 == P2_CHAINCODE);
   io_seproxyhal_io_heartbeat();
-  os_perso_derive_node_bip32(CX_CURVE_256K1, derivationPath.path, derivationPath.len, privateKeyData, (tmpCtx.publicKeyContext.getChaincode ? tmpCtx.publicKeyContext.chainCode : NULL));
-  cx_ecfp_init_private_key(CX_CURVE_256K1, privateKeyData, 32, &privateKey);
+  CX_THROW(os_derive_bip32_no_throw(
+                                CX_CURVE_256K1,
+                                derivationPath.path,
+                                derivationPath.len,
+                                privateKeyData,
+                                (tmpCtx.publicKeyContext.getChaincode ? tmpCtx.publicKeyContext.chainCode : NULL)));
+
+  CX_THROW(cx_ecfp_init_private_key_no_throw(CX_CURVE_256K1, privateKeyData, 32, &privateKey));
   io_seproxyhal_io_heartbeat();
-  cx_ecfp_generate_pair(CX_CURVE_256K1, &tmpCtx.publicKeyContext.publicKey, &privateKey, 1);
+  CX_THROW(cx_ecfp_generate_pair_no_throw(CX_CURVE_256K1, &tmpCtx.publicKeyContext.publicKey, &privateKey, 1));
   explicit_bzero(&privateKey, sizeof(privateKey));
   explicit_bzero(privateKeyData, sizeof(privateKeyData));
   io_seproxyhal_io_heartbeat();
@@ -272,8 +278,8 @@ void handleProvideErc20TokenInformation(uint8_t p1, uint8_t p2, uint8_t *workBuf
   // Skip chainId
   offset += 4;
   dataLength -= 4;
-  cx_ecfp_init_public_key(CX_CURVE_256K1, TOKEN_SIGNATURE_PUBLIC_KEY, sizeof(TOKEN_SIGNATURE_PUBLIC_KEY), &tokenKey);
-  if (!cx_ecdsa_verify(&tokenKey, CX_LAST, CX_SHA256, hash, 32, workBuffer + offset, dataLength)) {
+  CX_THROW(cx_ecfp_init_public_key_no_throw(CX_CURVE_256K1, TOKEN_SIGNATURE_PUBLIC_KEY, sizeof(TOKEN_SIGNATURE_PUBLIC_KEY), &tokenKey));
+  if (!cx_ecdsa_verify_no_throw(&tokenKey, hash, 32, workBuffer + offset, dataLength)) {
     PRINTF("Invalid token signature\n");
     THROW(0x6A80);
   }
@@ -299,11 +305,24 @@ void handleSign(uint8_t p1, uint8_t p2, const uint8_t *workBuffer, uint16_t data
     appState = APP_STATE_SIGNING_TX;
     dataPresent = false;
     provisionType = PROVISION_NONE;
-    //0x8000003c is the Ethereum path
     initTx(&txContext, &sha3, &tmpContent.txContent, customProcessor, NULL);
+    // Extract and validate the transaction type
+    uint8_t txType = *workBuffer;
+    if (txType == EIP1559 || txType == CIP64) {
+      // Initialize the SHA3 hashing with the transaction type
+      CX_THROW(cx_hash_no_throw((cx_hash_t *) &sha3, 0, workBuffer, 1, NULL, 0));
+      // Save the transaction type
+      txContext.txType = txType;
+      workBuffer++;
+      dataLength--;
+    }
+    else {
+      txContext.txType = CELO_LEGACY;
+    }
+
+
   }
-  else
-  if (p1 != P1_MORE) {
+  else if (p1 != P1_MORE) {
     THROW(0x6B00);
   }
   if (p2 != 0) {
@@ -313,7 +332,7 @@ void handleSign(uint8_t p1, uint8_t p2, const uint8_t *workBuffer, uint16_t data
     PRINTF("Signature not initialized\n");
     THROW(0x6985);
   }
-  if (txContext.currentField == TX_RLP_NONE) {
+  if (txContext.currentField == RLP_NONE) {
     PRINTF("Parser not initialized\n");
     THROW(0x6985);
   }
@@ -398,16 +417,24 @@ void handleSignPersonalMessage(uint8_t p1, uint8_t p2, uint8_t *workBuffer, uint
     workBuffer += 4;
     dataLength -= 4;
     // Initialize message header + length
-    cx_keccak_init(&sha3, 256);
-    cx_hash((cx_hash_t *)&sha3, 0, (uint8_t*)SIGN_MAGIC, sizeof(SIGN_MAGIC) - 1, NULL, 0);
+    CX_THROW(cx_keccak_init_no_throw(&sha3, 256));
+    CX_THROW(cx_hash_no_throw((cx_hash_t *)&sha3,
+                         0,
+                         (uint8_t*)SIGN_MAGIC,
+                         sizeof(SIGN_MAGIC) - 1,
+                         NULL,
+                         0));
+
     for (i = 1; (((i * base) <= tmpCtx.messageSigningContext.remainingLength) &&
                          (((i * base) / base) == i));
              i *= base);
     for (; i; i /= base) {
       tmp[pos++] = '0' + ((tmpCtx.messageSigningContext.remainingLength / i) % base);
     }
     tmp[pos] = '\0';
-    cx_hash((cx_hash_t *)&sha3, 0, (uint8_t*)tmp, pos, NULL, 0);
+
+    CX_THROW(cx_hash_no_throw((cx_hash_t *) &sha3, 0, (uint8_t*)tmp, pos, NULL, 0));
+
     cx_sha256_init(&tmpContent.sha2);
   }
   else if (p1 != P1_MORE) {
@@ -423,14 +450,14 @@ void handleSignPersonalMessage(uint8_t p1, uint8_t p2, uint8_t *workBuffer, uint
   if (dataLength > tmpCtx.messageSigningContext.remainingLength) {
       THROW(0x6A80);
   }
-  cx_hash((cx_hash_t *)&sha3, 0, workBuffer, dataLength, NULL, 0);
-  cx_hash((cx_hash_t *)&tmpContent.sha2, 0, workBuffer, dataLength, NULL, 0);
+  CX_THROW(cx_hash_no_throw((cx_hash_t *)&sha3, 0, workBuffer, dataLength, NULL, 0));
+  CX_THROW(cx_hash_no_throw((cx_hash_t *)&tmpContent.sha2, 0, workBuffer, dataLength, NULL, 0));
   tmpCtx.messageSigningContext.remainingLength -= dataLength;
   if (tmpCtx.messageSigningContext.remainingLength == 0) {
     uint8_t hashMessage[32];
 
-    cx_hash((cx_hash_t *)&sha3, CX_LAST, workBuffer, 0, tmpCtx.messageSigningContext.hash, 32);
-    cx_hash((cx_hash_t *)&tmpContent.sha2, CX_LAST, workBuffer, 0, hashMessage, 32);
+  CX_THROW(cx_hash_no_throw((cx_hash_t *)&sha3, CX_LAST, workBuffer, 0, tmpCtx.messageSigningContext.hash, 32));
+  CX_THROW(cx_hash_no_throw((cx_hash_t *)&tmpContent.sha2, CX_LAST, workBuffer, 0, hashMessage, 32));
 
 #ifdef HAVE_BAGL
 #define HASH_LENGTH 4
@@ -648,6 +675,8 @@ unsigned char io_event(unsigned char channel) {
          THROW(EXCEPTION_IO_RESET);
         }
         // no break is intentional
+        __attribute__((fallthrough)); // ignore fall-through warning
+
     default:
         UX_DEFAULT_EVENT();
         break;

src/ui_common.c

@@ -86,23 +86,24 @@ unsigned int io_seproxyhal_touch_address_cancel(void) {
 }
 
 unsigned int io_seproxyhal_touch_tx_ok(void) {
-    uint8_t privateKeyData[32];
+    uint8_t privateKeyData[64];
     uint8_t signature[100];
     cx_ecfp_private_key_t privateKey;
     uint32_t tx = 0;
     uint32_t v = getV(&tmpContent.txContent);
     io_seproxyhal_io_heartbeat();
-    os_perso_derive_node_bip32(CX_CURVE_256K1, tmpCtx.transactionContext.derivationPath.path,
+    CX_THROW(os_derive_bip32_no_throw(CX_CURVE_256K1, tmpCtx.transactionContext.derivationPath.path,
                                tmpCtx.transactionContext.derivationPath.len,
-                               privateKeyData, NULL);
-    cx_ecfp_init_private_key(CX_CURVE_256K1, privateKeyData, 32,
-                                 &privateKey);
+                               privateKeyData, NULL));
+    CX_THROW(cx_ecfp_init_private_key_no_throw(CX_CURVE_256K1, privateKeyData, 32,
+                                 &privateKey));
     explicit_bzero(privateKeyData, sizeof(privateKeyData));
     unsigned int info = 0;
+    size_t sig_len = sizeof(signature);
     io_seproxyhal_io_heartbeat();
-    cx_ecdsa_sign(&privateKey, CX_RND_RFC6979 | CX_LAST, CX_SHA256,
+    CX_THROW(cx_ecdsa_sign_no_throw(&privateKey, CX_RND_RFC6979 | CX_LAST, CX_SHA256,
                   tmpCtx.transactionContext.hash,
-                  sizeof(tmpCtx.transactionContext.hash), signature, sizeof(signature), &info);
+                  sizeof(tmpCtx.transactionContext.hash), signature, &sig_len, &info));
     explicit_bzero(&privateKey, sizeof(privateKey));
     // Parity is present in the sequence tag in the legacy API
     if (tmpContent.txContent.vLength == 0) {
@@ -148,22 +149,24 @@ unsigned int io_seproxyhal_touch_tx_cancel(void) {
 }
 
 unsigned int io_seproxyhal_touch_signMessage_ok(void) {
-    uint8_t privateKeyData[32];
+    uint8_t privateKeyData[64];
     uint8_t signature[100];
     cx_ecfp_private_key_t privateKey;
     uint32_t tx = 0;
     io_seproxyhal_io_heartbeat();
-    os_perso_derive_node_bip32(
-        CX_CURVE_256K1, tmpCtx.messageSigningContext.derivationPath.path,
-        tmpCtx.messageSigningContext.derivationPath.len, privateKeyData, NULL);
+    CX_THROW(os_derive_bip32_no_throw(
+                                CX_CURVE_256K1, tmpCtx.messageSigningContext.derivationPath.path,
+                                tmpCtx.messageSigningContext.derivationPath.len, privateKeyData, NULL));
+
     io_seproxyhal_io_heartbeat();
-    cx_ecfp_init_private_key(CX_CURVE_256K1, privateKeyData, 32, &privateKey);
+    CX_THROW(cx_ecfp_init_private_key_no_throw(CX_CURVE_256K1, privateKeyData, 32, &privateKey));
     explicit_bzero(privateKeyData, sizeof(privateKeyData));
     unsigned int info = 0;
+    size_t sig_len = sizeof(signature);
     io_seproxyhal_io_heartbeat();
-    cx_ecdsa_sign(&privateKey, CX_RND_RFC6979 | CX_LAST, CX_SHA256,
+    CX_THROW(cx_ecdsa_sign_no_throw(&privateKey, CX_RND_RFC6979 | CX_LAST, CX_SHA256,
                   tmpCtx.messageSigningContext.hash,
-                  sizeof(tmpCtx.messageSigningContext.hash), signature, sizeof(signature), &info);
+                  sizeof(tmpCtx.messageSigningContext.hash), signature, &sig_len, &info));
     explicit_bzero(&privateKey, sizeof(privateKey));
     G_io_apdu_buffer[0] = 27;
     if (info & CX_ECCINFO_PARITY_ODD) {