From 0531a115bf56a80332c8f8f0bf5dd5ae1d4d453b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Palmer?= Date: Mon, 25 Sep 2023 12:06:59 +0200 Subject: [PATCH] Swap: check swap transaction validity --- app/src/apdu_sign.c | 18 +++++++++++++++++- app/src/handle_swap.c | 26 ++++++++++++++++++++++++++ app/src/handle_swap.h | 25 +++++++++++++++++++++++++ 3 files changed, 68 insertions(+), 1 deletion(-) create mode 100644 app/src/handle_swap.h diff --git a/app/src/apdu_sign.c b/app/src/apdu_sign.c index 8abb0ec96..5d4fca289 100644 --- a/app/src/apdu_sign.c +++ b/app/src/apdu_sign.c @@ -40,6 +40,11 @@ #include "parser/parser_state.h" #include "parser/operation_parser.h" +#ifdef HAVE_SWAP +#include "swap.h" +#include "handle_swap.h" +#endif // HAVE_SWAP + #ifdef HAVE_NBGL #include "nbgl_use_case.h" #endif @@ -235,7 +240,18 @@ stream_cb(tz_ui_cb_type_t type) // clang-format off switch (type) { - case TZ_UI_STREAM_CB_ACCEPT: return sign_packet(); + case TZ_UI_STREAM_CB_ACCEPT: +#ifdef HAVE_SWAP + if (G_called_from_swap) { + if (G_swap_response_ready) + os_sched_exit(-1); + else + G_swap_response_ready = true; + + TZ_CHECK(swap_check_validity()); + } +#endif // HAVE_SWAP + return sign_packet(); case TZ_UI_STREAM_CB_REFILL: return refill(); case TZ_UI_STREAM_CB_REJECT: return send_reject(); case TZ_UI_STREAM_CB_CANCEL: return send_cancel(); diff --git a/app/src/handle_swap.c b/app/src/handle_swap.c index 5bce824b1..0f32ba5b5 100644 --- a/app/src/handle_swap.c +++ b/app/src/handle_swap.c @@ -22,7 +22,9 @@ #ifdef HAVE_SWAP +#include "compat.h" #include "format.h" +#include "handle_swap.h" #include "keys.h" #include "swap.h" #include "utils.h" @@ -207,6 +209,30 @@ swap_copy_transaction_parameters(create_transaction_parameters_t *params) return false; } +void +swap_check_validity(void) +{ + tz_operation_state *op = &global.apdu.sign.u.clear.parser_state.operation; + char dstaddr[ADDRESS_MAX_SIZE]; + TZ_PREAMBLE(("")); + + PRINTF("[DEBUG] batch_index = %u, tag=%d\n", op->batch_index, + op->last_tag); + TZ_ASSERT(EXC_REJECT, op->batch_index == 1); + TZ_ASSERT(EXC_REJECT, op->last_tag == TZ_OPERATION_TAG_TRANSACTION); + TZ_ASSERT(EXC_REJECT, op->last_amount == G_swap_params.amount); + TZ_ASSERT(EXC_REJECT, op->last_fee == G_swap_params.fee); + + tz_format_address(op->destination, 22, dstaddr, sizeof(dstaddr)); + + PRINTF("[DEBUG] dstaddr=\"%s\"\n", dstaddr); + PRINTF("[DEBUG] G...dstaddr=\"%s\"\n", G_swap_params.destination_address); + TZ_ASSERT(EXC_REJECT, + !strcmp(dstaddr, G_swap_params.destination_address)); + + TZ_POSTAMBLE; +} + /* Set create_transaction.result and call os_lib_end(). * * Doesn't return */ diff --git a/app/src/handle_swap.h b/app/src/handle_swap.h new file mode 100644 index 000000000..f3974c657 --- /dev/null +++ b/app/src/handle_swap.h @@ -0,0 +1,25 @@ +/* Tezos Ledger application - Swap requirement + + Copyright 2023 Nomadic Labs + Copyright 2023 TriliTech + Copyright 2023 Functori + + With code excerpts from: + - Legacy Tezos app, Copyright 2019 Obsidian Systems + - Ledger Blue sample apps, Copyright 2016 Ledger + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. */ + +#ifdef HAVE_SWAP +void swap_check_validity(void); +#endif // HAVE_SWAP