Return in Exchange after a swap

src/boot.c

@@ -5,6 +5,7 @@
 #include "cx.h"
 
 #include "swap/swap_lib_calls.h"
+#include "handle_swap_commands.h"
 
 #include "globals.h"
 
@@ -19,7 +20,7 @@ __attribute__((section(".boot"))) int main(arg0) {
 
     if (arg0 != 0) {
         // Called as library from another app
-        struct libargs_s *args = (struct libargs_s *) arg0;
+        libargs_t *args = (libargs_t *) arg0;
         if (args->id == 0x100) {
             library_main(args);
         } else {
@@ -83,4 +84,4 @@ __attribute__((section(".boot"))) int main(arg0) {
 #else
     exit_app();
 #endif
-}
+}

src/swap/handle_get_printable_amount.c

@@ -3,6 +3,7 @@
 #include "to_string.h"
 
 #include "swap_lib_calls.h"
+#include "swap_utils.h"
 
 /* return 0 on error, 1 otherwise */
 int handle_get_printable_amount(get_printable_amount_parameters_t* params) {

src/swap/handle_swap_commands.h

@@ -0,0 +1,14 @@
+#pragma once
+
+#include "swap_lib_calls.h"
+
+int handle_check_address(const check_address_parameters_t *params);
+int handle_get_printable_amount(get_printable_amount_parameters_t *params);
+bool copy_transaction_parameters(const create_transaction_parameters_t *params);
+void handle_swap_sign_transaction(void);
+bool is_safe_to_swap();
+
+void app_main(void);
+void library_main(struct libargs_s *args);
+
+void __attribute__((noreturn)) finalize_exchange_sign_transaction(bool is_success);

src/swap/handle_swap_sign_transaction.c

@@ -1,8 +1,16 @@
 #include "os_io_seproxyhal.h"
-#include "swap_lib_calls.h"
 #include "ux.h"
 #include "globals.h"
 #include "os.h"
+#include "swap_lib_calls.h"
+#include "swap_utils.h"
+
+#ifdef HAVE_NBGL
+#include "nbgl_use_case.h"
+#endif
+
+// Save the BSS address where we will write the return value when finished
+static uint8_t* G_swap_sign_return_value_address;
 
 bool copy_transaction_parameters(const create_transaction_parameters_t* params) {
     // first copy parameters to stack, and then to global data.
@@ -23,7 +31,11 @@ bool copy_transaction_parameters(const create_transaction_parameters_t* params)
         return false;
     }
 
+    // Full reset the global variables
     os_explicit_zero_BSS_segment();
+    // Keep the address at which we'll reply the signing status
+    G_swap_sign_return_value_address = &params->result;
+    // Commit the values read from exchange to the clean global space
     memcpy(&swap_values, &stack_data, sizeof(stack_data));
 
     return true;
@@ -32,6 +44,10 @@ bool copy_transaction_parameters(const create_transaction_parameters_t* params)
 void handle_swap_sign_transaction(void) {
     init_globals();
     called_from_swap = true;
+    UX_INIT();
+#ifdef HAVE_NBGL
+    nbgl_useCaseSpinner("Signing");
+#endif  // HAVE_BAGL
     io_seproxyhal_init();
     USB_power(0);
     USB_power(1);
@@ -44,3 +60,8 @@ void handle_swap_sign_transaction(void) {
 #endif  // HAVE_BLE
     app_main();
 }
+
+void __attribute__((noreturn)) finalize_exchange_sign_transaction(bool is_success) {
+    *G_swap_sign_return_value_address = is_success;
+    os_lib_end();
+}

src/swap/swap_lib_calls.h

@@ -1,23 +1,41 @@
 #pragma once
 
-#include <stddef.h>
-#include <stdbool.h>
-#include <stdint.h>
-#include "types.h"
+/* This file is the shared API between Exchange and the apps started in Library mode for Exchange
+ *
+ * DO NOT MODIFY THIS FILE IN APPLICATIONS OTHER THAN EXCHANGE
+ * On modification in Exchange, forward the changes to all applications supporting Exchange
+ */
+
+#include "stdbool.h"
+#include "stdint.h"
+
+#define RUN_APPLICATION 1
+
+#define SIGN_TRANSACTION 2
+
+#define CHECK_ADDRESS 3
 
-#define SIGN_TRANSACTION     2
-#define CHECK_ADDRESS        3
 #define GET_PRINTABLE_AMOUNT 4
 
-// structure that should be sent to specific coin application to get address
+/*
+ * Amounts are stored as bytes, with a max size of 16 (see protobuf
+ * specifications). Max 16B integer is 340282366920938463463374607431768211455
+ * in decimal, which is a 32-long char string.
+ * The printable amount also contains spaces, the ticker symbol (with variable
+ * size, up to 12 in Ethereum for instance) and a terminating null byte, so 50
+ * bytes total should be a fair maximum.
+ */
+#define MAX_PRINTABLE_AMOUNT_SIZE 50
+
+// structure that should be send to specific coin application to get address
 typedef struct check_address_parameters_s {
     // IN
-    unsigned char *coin_configuration;
-    unsigned char coin_configuration_length;
+    uint8_t *coin_configuration;
+    uint8_t coin_configuration_length;
     // serialized path, segwit, version prefix, hash used, dictionary etc.
     // fields and serialization format depends on specific coin app
-    unsigned char *address_parameters;
-    unsigned char address_parameters_length;
+    uint8_t *address_parameters;
+    uint8_t address_parameters_length;
     char *address_to_check;
     char *extra_id_to_check;
     // OUT
@@ -27,27 +45,30 @@ typedef struct check_address_parameters_s {
 // structure that should be send to specific coin application to get printable amount
 typedef struct get_printable_amount_parameters_s {
     // IN
-    unsigned char *coin_configuration;
-    unsigned char coin_configuration_length;
-    unsigned char *amount;
-    unsigned char amount_length;
+    uint8_t *coin_configuration;
+    uint8_t coin_configuration_length;
+    uint8_t *amount;
+    uint8_t amount_length;
     bool is_fee;
     // OUT
-    char printable_amount[30];
+    char printable_amount[MAX_PRINTABLE_AMOUNT_SIZE];
 } get_printable_amount_parameters_t;
 
 typedef struct create_transaction_parameters_s {
-    unsigned char *coin_configuration;
-    unsigned char coin_configuration_length;
-    unsigned char *amount;
-    unsigned char amount_length;
-    unsigned char *fee_amount;
-    unsigned char fee_amount_length;
+    // IN
+    uint8_t *coin_configuration;
+    uint8_t coin_configuration_length;
+    uint8_t *amount;
+    uint8_t amount_length;
+    uint8_t *fee_amount;
+    uint8_t fee_amount_length;
     char *destination_address;
     char *destination_address_extra_id;
+    // OUT
+    uint8_t result;
 } create_transaction_parameters_t;
 
-struct libargs_s {
+typedef struct libargs_s {
     unsigned int id;
     unsigned int command;
     unsigned int unused;
@@ -56,14 +77,4 @@ struct libargs_s {
         create_transaction_parameters_t *create_transaction;
         get_printable_amount_parameters_t *get_printable_amount;
     };
-};
-
-int handle_check_address(const check_address_parameters_t *params);
-int handle_get_printable_amount(get_printable_amount_parameters_t *params);
-bool copy_transaction_parameters(const create_transaction_parameters_t *params);
-void handle_swap_sign_transaction(void);
-bool is_safe_to_swap();
-bool swap_str_to_u64(const uint8_t *src, size_t length, uint64_t *result);
-
-void app_main(void);
-void library_main(struct libargs_s *args);
+} libargs_t;

src/swap/swap_main.c

@@ -1,7 +1,8 @@
 #include "swap_lib_calls.h"
 #include "os.h"
+#include "handle_swap_commands.h"
 
-static void library_main_helper(struct libargs_s *args) {
+static void library_main_helper(libargs_t *args) {
     check_api_level(CX_COMPAT_APILEVEL);
     PRINTF("Inside library \n");
     switch (args->command) {
@@ -24,7 +25,7 @@ static void library_main_helper(struct libargs_s *args) {
     }
 }
 
-void library_main(struct libargs_s *args) {
+void library_main(libargs_t *args) {
     bool end = false;
     /* This loop ensures that library_main_helper and os_lib_end are called
      * within a try context, even if an exception is thrown */
@@ -42,4 +43,4 @@ void library_main(struct libargs_s *args) {
         }
         END_TRY;
     }
-}
+}

src/swap/swap_lib_calls.c → src/swap/swap_utils.c

@@ -1,4 +1,6 @@
-#include "swap_lib_calls.h"
+#include <stdbool.h>
+
+#include "swap_utils.h"
 
 bool swap_str_to_u64(const uint8_t* src, size_t length, uint64_t* result) {
     if (length > sizeof(uint64_t)) {

src/swap/swap_utils.h

@@ -0,0 +1,6 @@
+#pragma once
+
+#include <stddef.h>
+#include <stdint.h>
+
+bool swap_str_to_u64(const uint8_t *src, size_t length, uint64_t *result);

src/ui_sign_bagl.c

@@ -11,6 +11,7 @@
 #include "to_string.h"
 #include "ui.h"
 #include "swap/swap_lib_calls.h"
+#include "swap/handle_swap_commands.h"
 
 #include "cx.h"
 
@@ -74,19 +75,17 @@ bool prompt_transaction(struct parsed_operation_group const *const ops,
     check_null(key);
 
     if (called_from_swap) {
-        if (is_safe_to_swap() == true) {
+        bool valid = is_safe_to_swap();
+        if (valid) {
             // We're called from swap and we've verified that the data is correct. Sign it.
             ok();
             // Clear all data.
             clear_data();
-            // Exit properly.
-            os_sched_exit(0);
         } else {
             // Send the error message back in response.
             cxl();
-            // Exit with error code.
-            os_sched_exit(1);
         }
+        finalize_exchange_sign_transaction(valid);
     }
 
     switch (ops->operation.tag) {

src/ui_sign_nbgl.c

@@ -12,6 +12,7 @@
 #include "to_string.h"
 #include "ui.h"
 #include "swap/swap_lib_calls.h"
+#include "swap/handle_swap_commands.h"
 
 #include "cx.h"
 
@@ -159,17 +160,15 @@ bool prompt_transaction(struct parsed_operation_group const *const ops,
     check_null(key);
 
     if (called_from_swap) {
-        if (is_safe_to_swap() == true) {
+        bool valid = is_safe_to_swap();
+        if (valid) {
             // We're called from swap and we've verified that the data is correct. Sign it.
             ok();
-            // Exit properly.
-            os_sched_exit(0);
         } else {
             // Send the error message back in response.
             cxl();
-            // Exit with error code.
-            os_sched_exit(1);
         }
+        finalize_exchange_sign_transaction(valid);
     }
 
     switch (ops->operation.tag) {