Merge branch 'release-2.2.1'

Author: sleepdefic1t

CHANGELOG.md

@@ -5,6 +5,14 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## [2.2.1] - 2020-12-11
+
+### Added
+-   merged LedgerHQ downstream changes ([#102])
+
+### Fixed
+-   various bounds checking, value handling, and safety improvements ([#cb7f1ef])
+
 ## [2.2.0] - 2020-11-06
 
 ### Added
@@ -59,3 +67,6 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 [#94]: https://github.com/ArkEcosystem/ledger/pull/94
 [#97]: https://github.com/ArkEcosystem/ledger/pull/97
 [2.2.0]: https://github.com/ArkEcosystem/ledger/compare/2.1.0...2.2.0
+[#102]: https://github.com/ArkEcosystem/ledger/pull/102
+[#cb7f1ef]: https://github.com/ArkEcosystem/ledger/compare/7ed7885605453bd67af14e62bce17c2ca6f17a26...cb7f1efc5a362fe618731e122afc728da53370ba
+[2.2.1]: https://github.com/ArkEcosystem/ledger/compare/2.2.0...2.2.1

Makefile

@@ -52,7 +52,7 @@ APP_LOAD_PARAMS=--appFlags 0x240 --curve secp256k1 --path "44'/111'" --path "44'
 
 APPVERSION_M=2
 APPVERSION_N=2
-APPVERSION_P=0
+APPVERSION_P=1
 APPVERSION=$(APPVERSION_M).$(APPVERSION_N).$(APPVERSION_P)
 
 ifeq ($(TARGET_NAME),TARGET_BLUE)
@@ -81,7 +81,7 @@ DEFINES     += HAVE_BOLOS_SDK
 
 DEFINES     += OS_IO_SEPROXYHAL
 DEFINES     += HAVE_BAGL HAVE_SPRINTF
-DEFINES     += HAVE_IO_USB HAVE_L4_USBLIB IO_USB_MAX_ENDPOINTS=6 IO_HID_EP_LENGTH=64 HAVE_USB_APDU
+DEFINES     += HAVE_IO_USB HAVE_L4_USBLIB IO_USB_MAX_ENDPOINTS=4 IO_HID_EP_LENGTH=64 HAVE_USB_APDU
 DEFINES     += LEDGER_MAJOR_VERSION=$(APPVERSION_M) LEDGER_MINOR_VERSION=$(APPVERSION_N) LEDGER_PATCH_VERSION=$(APPVERSION_P)
 DEFINES     += COMPLIANCE_UX_160
 DEFINES     += HAVE_UX_FLOW
@@ -94,8 +94,9 @@ DEFINES     += U2F_PROXY_MAGIC=\"w0w\"
 DEFINES     += UNUSED\(x\)=\(void\)x
 DEFINES     += APPVERSION=\"$(APPVERSION)\"
 
-WEBUSB_URL  = www.ledgerwallet.com
-DEFINES     += HAVE_WEBUSB WEBUSB_URL_SIZE_B=$(shell echo -n $(WEBUSB_URL) | wc -c) WEBUSB_URL=$(shell echo -n $(WEBUSB_URL) | sed -e "s/./\\\'\0\\\',/g")
+#WEBUSB_URL  = www.ledgerwallet.com
+#DEFINES     += HAVE_WEBUSB WEBUSB_URL_SIZE_B=$(shell echo -n $(WEBUSB_URL) | wc -c) WEBUSB_URL=$(shell echo -n $(WEBUSB_URL) | sed -e "s/./\\\'\0\\\',/g")
+DEFINES   += HAVE_WEBUSB WEBUSB_URL_SIZE_B=0 WEBUSB_URL=""
 
 # Nano X Defines
 ifeq ($(TARGET_NAME),TARGET_NANOX)

ark.png

@@ -75,32 +75,39 @@ unsigned int ioApprove(const bagl_element_t *e) {
     uint8_t                 privateKeyData[HASH_32_LEN];
     cx_ecfp_private_key_t   privateKey;
 
-    os_perso_derive_node_bip32(CX_CURVE_256K1,
-                               tmpCtx.signing.bip32Path,
-                               tmpCtx.signing.pathLength,
-                               privateKeyData,
-                               NULL);
-
-    cx_ecfp_init_private_key(tmpCtx.signing.curve,
-                             privateKeyData,
-                             HASH_32_LEN,
-                             &privateKey);
-
-    MEMSET_BZERO(privateKeyData, sizeof(privateKeyData));
-
-    if (tmpCtx.signing.curve == CX_CURVE_256K1) {
-        uint8_t hash[CX_SHA256_SIZE];
-        hash256(tmpCtx.signing.data,
-                tmpCtx.signing.dataLength,
-                hash);
-
-        tx = tmpCtx.signing.isSchnorr
-            ? signSchnorr(&privateKey, hash, G_io_apdu_buffer)
-            : signEcdsa(&privateKey, hash, G_io_apdu_buffer, SIG_ECDSA_MAX_LEN);
+    BEGIN_TRY {
+        TRY {
+            os_perso_derive_node_bip32(CX_CURVE_256K1,
+                                    tmpCtx.signing.bip32Path,
+                                    tmpCtx.signing.pathLength,
+                                    privateKeyData,
+                                    NULL);
+
+            cx_ecfp_init_private_key(tmpCtx.signing.curve,
+                                    privateKeyData,
+                                    HASH_32_LEN,
+                                    &privateKey);
+
+            if (tmpCtx.signing.curve == CX_CURVE_256K1) {
+                uint8_t hash[CX_SHA256_SIZE];
+                hash256(tmpCtx.signing.data,
+                        tmpCtx.signing.dataLength,
+                        hash);
+
+                tx = tmpCtx.signing.isSchnorr
+                    ? signSchnorr(&privateKey, hash, G_io_apdu_buffer)
+                    : signEcdsa(&privateKey, hash,
+                                G_io_apdu_buffer, SIG_ECDSA_MAX_LEN);
+            }
+        }
+
+        FINALLY {
+            MEMSET_BZERO(privateKeyData, sizeof(privateKeyData));
+            MEMSET_TYPE_BZERO(&privateKey, cx_ecfp_private_key_t);
+            MEMSET_BZERO(&tmpCtx, sizeof(tmpCtx));
+        }
     }
-
-    MEMSET_TYPE_BZERO(&privateKey, cx_ecfp_private_key_t);
-    MEMSET_BZERO(&tmpCtx, sizeof(tmpCtx));
+    END_TRY;
 
     G_io_apdu_buffer[tx++] = 0x90;
     G_io_apdu_buffer[tx++] = 0x00;

nanox_app_ark.gif

@@ -73,13 +73,8 @@ static const size_t SIG_ECDSA_MIN_LEN   = 64;
 static const size_t SIG_ECDSA_MAX_LEN   = 72;
 static const size_t SIG_SCHNORR_LEN     = HASH_64_LEN;
 
-////////////////////////////////////////////////////////////////////////////////
-// Strings
-static const size_t UINT64_MAX_STRING_SIZE = 20U;
-
 ////////////////////////////////////////////////////////////////////////////////
 // Token
-static const size_t TOKEN_AMOUNT_MAX_CHARS  = 25U;
 static const size_t TOKEN_DECIMALS          = 8U;
 static const char *const TOKEN_NAME         = "ARK";
 static const size_t TOKEN_NAME_LEN          = 3U;       // strlen("ARK")
@@ -93,4 +88,7 @@ static const uint8_t TRANSACTION_VERSION_LEGACY     = 0;
 static const uint8_t TRANSACTION_VERSION_TYPE_1     = 1;
 static const uint8_t TRANSACTION_VERSION_TYPE_2     = 2;
 
+static const uint8_t VENDORFIELD_V1_MAX_LEN = 64;
+static const uint8_t VENDORFIELD_V2_MAX_LEN = 255;
+
 #endif  // #define ARK_CONSTANTS_H

src/approval.c

@@ -129,6 +129,11 @@ __attribute__((section(".boot"))) int main(void) {
             TRY {
                 io_seproxyhal_init();
 
+                #ifdef TARGET_NANOX
+                    // grab the current plane mode setting
+                    G_io_app.plane_mode = os_setting_get(OS_SETTING_PLANEMODE, NULL, 0);
+                #endif // TARGET_NANOX
+
                 USB_power(0U);
                 USB_power(1U);
 

src/constants.h

@@ -145,22 +145,29 @@ static void handlePublicKeyContext(volatile unsigned int *tx) {
 
     tmpCtx.publicKey.needsChainCode = (p2Chain == P2_CHAINCODE);
 
-    // Derive the privateKey using the HD path.
-    os_perso_derive_node_bip32(curve,
-                               bip32Path,
-                               bip32PathLength,
-                               privateKeyData,
-                               (tmpCtx.publicKey.needsChainCode
-                                        ? tmpCtx.publicKey.chainCode
-                                        : NULL));
-
-    // Initialize the privateKey to generate the publicKey,
-    // clearing the private data sources after each respective use.
-    cx_ecfp_init_private_key(curve, privateKeyData, HASH_32_LEN, &privateKey);
-    MEMSET_BZERO(&privateKeyData, sizeof(privateKeyData));
-
-    cx_ecfp_generate_pair(curve, &publicKey, &privateKey, 1U);
-    MEMSET_TYPE_BZERO(&privateKey, cx_ecfp_private_key_t);
+    BEGIN_TRY {
+        TRY {
+            // Derive the privateKey using the HD path.
+            os_perso_derive_node_bip32(curve,
+                                       bip32Path, bip32PathLength,
+                                       privateKeyData,
+                                       (tmpCtx.publicKey.needsChainCode
+                                                ? tmpCtx.publicKey.chainCode
+                                                : NULL));
+
+            // Initialize the privateKey to generate the publicKey,
+            cx_ecfp_init_private_key(curve,
+                                     privateKeyData, HASH_32_LEN,
+                                     &privateKey);
+            cx_ecfp_generate_pair(curve, &publicKey, &privateKey, 1U);
+        }
+
+        FINALLY {
+            MEMSET_BZERO(&privateKeyData, sizeof(privateKeyData));
+            MEMSET_TYPE_BZERO(&privateKey, cx_ecfp_private_key_t);
+        }
+    }
+    END_TRY;
 
     // Compress and write the publicKey to the APDU buffer.
     // (compressedPublicKeyLength(33) + publicKey)
@@ -200,6 +207,10 @@ static void handleSigningContext() {
     // - Set the curve-type.
     if (p1 == P1_FIRST) {
         // Set and check the path length.
+        if (dataLength < 1) {
+            // Not enough data
+            THROW(0x6A80);
+        }
         tmpCtx.signing.pathLength = workBuffer[0];
         if (tmpCtx.signing.pathLength < 1 ||
             tmpCtx.signing.pathLength > ADDRESS_MAX_BIP32_PATH) {
@@ -212,6 +223,10 @@ static void handleSigningContext() {
 
         // Unpack the path.
         for (uint32_t i = 0U; i < tmpCtx.signing.pathLength; ++i) {
+            if (dataLength < 4) {
+                // Not enough data
+                THROW(0x6A80);
+            }
             tmpCtx.signing.bip32Path[i] = U4BE(workBuffer, 0U);
             workBuffer += 4U;
             dataLength -= 4U;
@@ -232,6 +247,9 @@ static void handleSigningContext() {
 
     // Iff first payload, copy to the signing context data.
     if (p1 == P1_FIRST) {
+        if (dataLength > MAX_RAW_OPERATION) {
+            THROW(0x6A80);
+        }
         tmpCtx.signing.dataLength = dataLength;
         MEMCOPY(tmpCtx.signing.data, workBuffer, dataLength);
     }

src/main.c

@@ -69,7 +69,11 @@ bool handleMessage(const uint8_t *buffer, size_t length) {
     UintToString(length, displayCtx.text[0], sizeof(displayCtx.text[0]));
 
     // Message Text
-    SNPRINTF(displayCtx.text_ext, length + 1, "%s", buffer);
+    if (!IsPrintableAscii((const char*)buffer, length, false)) {
+        return false;
+    }
+
+    SNPRINTF(displayCtx.text_ext, length + 1, "%.*s", (int)length, buffer);
 
     SetUxDisplay(UX_MESSAGE_STEPS, true);