feat(error-handling): improve error messages granularity

.clang-format

@@ -12,7 +12,6 @@ SortIncludes: false
 SpaceAfterCStyleCast: true
 AllowShortCaseLabelsOnASingleLine: false
 AllowAllArgumentsOnNextLine: false
-AllowAllParametersOfDeclarationOnNextLine: false
 AllowShortBlocksOnASingleLine: Never
 AllowShortFunctionsOnASingleLine: None
 BinPackArguments: false

Makefile

@@ -47,7 +47,7 @@ ICON_FLEX = icons/app_concordium_40px.gif
 # Possibles curves are: secp256k1, secp256r1, ed25519 and bls12381g1
 # If your app needs it, you can specify multiple curves by using:
 # `CURVE_APP_LOAD_PARAMS = <curve1> <curve2>`
-CURVE_APP_LOAD_PARAMS = secp256k1
+CURVE_APP_LOAD_PARAMS = ed25519
 
 # Application allowed derivation paths.
 # You should request a specific path for your app.

src/handler/verify_address.c

@@ -134,19 +134,28 @@ int handler_verify_address(buffer_t *cdata, bool is_new_address) {
                                      LEGACY_PRF_KEY | HARDENED_OFFSET};
     }
 
+    // Initialize credential ID and PRF key
     uint8_t credential_id[CREDENTIAL_ID_LEN];
     uint8_t prf_key[32];
 
-    if (get_bls_private_key(prf_key_path, prf_key_path_len, prf_key, sizeof(prf_key)) == -1) {
-        return io_send_sw(SW_VERIFY_ADDRESS_FAIL);
+    int rtn = get_bls_private_key(prf_key_path, prf_key_path_len, prf_key, sizeof(prf_key));
+    switch (rtn) {
+        case -1:  // derivation path error
+            return io_send_sw(SW_DERIVATION_PATH_FAIL);
+        case -2:  // key initialization error
+            return io_send_sw(SW_KEY_INIT_FAIL);
+        case -3:  // BLS key generation error
+            return io_send_sw(SW_BLS_KEY_GEN_FAIL);
+        default:
+            break;
     }
 
     if (get_credential_id(prf_key,
                           sizeof(prf_key),
                           G_context.verify_address_info.credential_counter,
                           credential_id,
                           sizeof(credential_id)) != CX_OK) {
-        return io_send_sw(SW_VERIFY_ADDRESS_FAIL);
+        return io_send_sw(SW_CREDENTIAL_ID_GEN_FAIL);
     }
 
     // Empty prf_key
@@ -158,12 +167,12 @@ int handler_verify_address(buffer_t *cdata, bool is_new_address) {
     size_t address_len = sizeof(G_context.verify_address_info.address);
 
     // This function will return the number of bytes encoded, or -1 on error.
-    int rtn = address_to_base58(account_address,
-                                sizeof(account_address),
-                                G_context.verify_address_info.address,
-                                address_len);
+    rtn = address_to_base58(account_address,
+                            sizeof(account_address),
+                            G_context.verify_address_info.address,
+                            address_len);
     if (rtn < 0) {
-        return io_send_sw(SW_VERIFY_ADDRESS_FAIL);
+        return io_send_sw(SW_ADDRESS_ENCODING_FAIL);
     }
 
     return ui_display_verify_address();

src/helper/util.c

@@ -55,7 +55,7 @@
     if (rtn == 0 &&
         cx_ecfp_init_private_key_no_throw(CX_CURVE_Ed25519, private_key_data, 32, private_key) !=
             CX_OK) {
-        rtn = -1;
+        rtn = -2;
     }
     explicit_bzero(private_key_data, sizeof(private_key_data));
     return rtn;
@@ -113,16 +113,25 @@
                         size_t private_key_len) {
     cx_ecfp_private_key_t private_key_seed;
 
-    if (get_private_key_from_path(path, path_len, &private_key_seed) == -1) {
-        return -1;
+    int rtn = get_private_key_from_path(path, path_len, &private_key_seed);
+    switch (rtn) {
+        case -1:  // derivation path error
+            return -1;
+        case -2:  // key initialization error
+            return -2;
+        default:
+            break;
     }
-
-    if (bls_key_gen_from_seed(private_key_seed.d,
-                              sizeof(private_key_seed.d),
-                              private_key,
-                              private_key_len) == -1) {
-        return -1;
+    rtn = bls_key_gen_from_seed(private_key_seed.d,
+                                sizeof(private_key_seed.d),
+                                private_key,
+                                private_key_len);
+    switch (rtn) {
+        case -1:  // BLS key generation error
+            return -3;
+        default:
+            break;
     }
 
     explicit_bzero(&private_key_seed, sizeof(private_key_seed));
     return 0;

src/helper/util.h

@@ -19,7 +19,16 @@ static const uint8_t r[32] = {0x73, 0xed, 0xa7, 0x53, 0x29, 0x9d, 0x7d, 0x48, 0x
 int get_identity_index_account_display();
 
 /**
- * Get the BLS private key from the path.
+ * Derive a BLS private key from a BIP32 path by first deriving an Ed25519 seed
+ * and then converting it to a BLS key.
+ *
+ * @param[in] path              Pointer to the BIP32 path
+ * @param[in] path_len          Length of the BIP32 path
+ * @param[out] private_key      Buffer to store the derived BLS private key
+ * @param[in] private_key_len   Length of the private key buffer
+ *
+ * @return 0 on success, -1 on derivation path error, -2 on key initialization error,
+ *         -3 on BLS key generation error
  */
 int get_bls_private_key(uint32_t *path,
                         size_t path_len,
@@ -35,13 +44,13 @@ int address_to_base58(const uint8_t *address,
                       size_t encoded_address_len);
 
 /**
- * Derive a private key from a BIP32 path.
+ * Derive an Ed25519 private key from a BIP32 path using SLIP-0010 derivation.
  *
  * @param[in] path          Pointer to the BIP32 path
  * @param[in] path_len      Length of the BIP32 path
- * @param[out] private_key  Pointer to the private key
+ * @param[out] private_key  Pointer to store the derived private key
  *
- * @return 0 on success, -1 on error
+ * @return 0 on success, -1 on derivation error, -2 on key initialization error
  */
 int get_private_key_from_path(uint32_t *path, size_t path_len, cx_ecfp_private_key_t *private_key);
 

src/sw.h

@@ -64,3 +64,9 @@
  * Status word for error in verify address.
  */
 #define SW_VERIFY_ADDRESS_FAIL 0xB009
+
+#define SW_BLS_KEY_GEN_FAIL       0xB00A
+#define SW_KEY_INIT_FAIL          0xB00B
+#define SW_CREDENTIAL_ID_GEN_FAIL 0xB00C
+#define SW_ADDRESS_ENCODING_FAIL  0xB00D
+#define SW_DERIVATION_PATH_FAIL   0xB00E

src/ui/action/validate.c

@@ -61,7 +61,7 @@ static int crypto_sign_message(void) {
     PRINTF("Signature: %.*H\n", sig_len, G_context.tx_info.signature);
 
     G_context.tx_info.signature_len = sig_len;
-    G_context.tx_info.v = (uint8_t)(info & CX_ECCINFO_PARITY_ODD);
+    G_context.tx_info.v = (uint8_t) (info & CX_ECCINFO_PARITY_ODD);
 
     return 0;
 }