Swap: check swap transaction validity

trilitech · Sep 25, 2023 · 9d8e2a2 · 9d8e2a2
1 parent a3c2f55
commit 9d8e2a2
Show file tree

Hide file tree

Showing 3 changed files with 68 additions and 1 deletion.
diff --git a/app/src/apdu_sign.c b/app/src/apdu_sign.c
@@ -40,6 +40,11 @@
 #include "parser/parser_state.h"
 #include "parser/operation_parser.h"
 
+#ifdef HAVE_SWAP
+#include "swap.h"
+#include "handle_swap.h"
+#endif  // HAVE_SWAP
+
 #ifdef HAVE_NBGL
 #include "nbgl_use_case.h"
 #endif
@@ -235,7 +240,18 @@ stream_cb(tz_ui_cb_type_t type)
 
     // clang-format off
     switch (type) {
-    case TZ_UI_STREAM_CB_ACCEPT: return sign_packet();
+    case TZ_UI_STREAM_CB_ACCEPT:
+#ifdef HAVE_SWAP
+        if (G_called_from_swap) {
+            if (G_swap_response_ready)
+                os_sched_exit(-1);
+            else
+                G_swap_response_ready = true;
+
+            TZ_CHECK(swap_check_validity());
+        }
+#endif  // HAVE_SWAP
+        return sign_packet();
     case TZ_UI_STREAM_CB_REFILL: return refill();
     case TZ_UI_STREAM_CB_REJECT: return send_reject();
     case TZ_UI_STREAM_CB_CANCEL: return send_cancel();

diff --git a/app/src/handle_swap.c b/app/src/handle_swap.c
@@ -22,6 +22,8 @@
 
 #ifdef HAVE_SWAP
 
+#include "compat.h"
+#include "handle_swap.h"
 #include "keys.h"
 #include "swap.h"
 #include "utils.h"
@@ -205,6 +207,30 @@ swap_copy_transaction_parameters(create_transaction_parameters_t *params)
     return false;
 }
 
+void
+swap_check_validity(void)
+{
+    tz_operation_state *op = &global.apdu.sign.u.clear.parser_state.operation;
+    char                dstaddr[ADDRESS_MAX_SIZE];
+    TZ_PREAMBLE((""));
+
+    PRINTF("[DEBUG] batch_index = %u, tag=%d\n", op->batch_index,
+           op->last_tag);
+    TZ_ASSERT(EXC_REJECT, op->batch_index == 1);
+    TZ_ASSERT(EXC_REJECT, op->last_tag == TZ_OPERATION_TAG_TRANSACTION);
+    TZ_ASSERT(EXC_REJECT, op->last_amount == G_swap_params.amount);
+    TZ_ASSERT(EXC_REJECT, op->last_fee == G_swap_params.fee);
+
+    tz_format_address(op->destination, 22, dstaddr, sizeof(dstaddr));
+
+    PRINTF("[DEBUG] dstaddr=\"%s\"\n", dstaddr);
+    PRINTF("[DEBUG] G...dstaddr=\"%s\"\n", G_swap_params.destination_address);
+    TZ_ASSERT(EXC_REJECT,
+              !strcmp(dstaddr, G_swap_params.destination_address));
+
+    TZ_POSTAMBLE;
+}
+
 /* Set create_transaction.result and call os_lib_end().
  *
  * Doesn't return */

diff --git a/app/src/handle_swap.h b/app/src/handle_swap.h
@@ -0,0 +1,25 @@
+/* Tezos Ledger application - Swap requirement
+
+   Copyright 2023 Nomadic Labs <[email protected]>
+   Copyright 2023 TriliTech <[email protected]>
+   Copyright 2023 Functori <[email protected]>
+
+   With code excerpts from:
+   - Legacy Tezos app, Copyright 2019 Obsidian Systems
+   - Ledger Blue sample apps, Copyright 2016 Ledger
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License. */
+
+#ifdef HAVE_SWAP
+void swap_check_validity(void);
+#endif  // HAVE_SWAP