Feat/m2 parser #1

chcmedeiros · 2023-12-28T12:35:39Z

No description provided.

github-advanced-security · 2023-12-28T12:35:40Z

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

app/src/apdu_handler.c

app/src/parser_impl.c

app/src/parser_print_common.c

app/src/tx_cchain.c

app/src/tx_pchain.c

docs/APDUSPEC.md

app/src/tx_cchain.c

app/src/tx_pchain.c

ftheirs · 2023-12-29T14:41:33Z

app/src/parser_impl.c

+
+static parser_error_t parser_verify_codec(parser_context_t *ctx) {
+    uint16_t codec = 0;
+    read_u16(ctx, &codec);


missing CHECK_ERROR here

ftheirs · 2023-12-29T14:46:17Z

app/src/parser_print_common.c

+#include "zxformat.h"
+#include "zxmacros.h"
+
+#define ALPHABET_ENCODE "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"


I think that this is not used

ftheirs · 2023-12-29T14:49:18Z

app/src/parser_print_common.c

+    const char *hrp = "";
+    switch (network_id) {
+        case songbird:
+            hrp = " song";


is the space part of the HRP?

ftheirs · 2023-12-29T14:49:26Z

app/src/parser_print_common.c

+            hrp = " song";
+            break;
+        case coston:
+            hrp = " costwo";


same as above

ftheirs · 2023-12-29T14:51:31Z

app/src/parser_print_common.c

+    // Calculate SHA256 checksum
+    uint8_t checksum[CX_SHA256_SIZE] = {0};
+#if defined(TARGET_NANOS) || defined(TARGET_NANOS2) || defined(TARGET_NANOX) || defined(TARGET_STAX)
+    cx_hash_sha256(nodeId, NODE_ID_LEN, checksum, CX_SHA256_SIZE);


missing check that return code is CX_OK

ftheirs · 2023-12-29T14:56:18Z

app/src/tx_cchain.c

+
+static parser_error_t parser_handle_cchain_export(parser_context_t *c, parser_tx_t *v) {
+    // Get destination chain
+    v->tx.c_export_tx.destination_chain = c->buffer + c->offset;


check that c->offset + BLOCKCHAIN_ID_LEN <= c->bufferLen

ftheirs · 2023-12-29T14:57:23Z

app/src/tx_cchain.c

+    }
+
+    // Pointer to inputs
+    v->tx.c_export_tx.evm_inputs.ins = c->buffer + c->offset;


similar that above. Check that c->offset < c->bufferLen

ftheirs · 2023-12-29T14:58:23Z

app/src/tx_cchain.c

+
+    // Pointer to outputs
+    if (v->tx.c_export_tx.secp_outs.n_outs > 0) {
+        v->tx.c_export_tx.secp_outs.outs = c->buffer + c->offset;


same as above

ftheirs · 2023-12-29T15:02:43Z

app/src/tx_cchain.c

+
+static parser_error_t parser_handle_cchain_import(parser_context_t *c, parser_tx_t *v) {
+    // Get source chain
+    v->tx.c_import_tx.source_chain = c->buffer + c->offset;


Same checks mentioned for parser_handle_cchain_export

ftheirs · 2023-12-29T15:07:26Z

app/src/tx_pchain.c

+
+    // Pointer to outputs
+    if (outputs->n_outs > 0) {
+        outputs->outs = c->buffer + c->offset;


Check that c->offset < c->bufferLen

ftheirs · 2023-12-29T15:07:33Z

app/src/tx_pchain.c

+
+    // Pointer to inputs
+    if (inputs->n_ins > 0) {
+        inputs->ins = c->buffer + c->offset;


Check that c->offset < c->bufferLen

ftheirs · 2023-12-29T15:08:11Z

app/src/tx_pchain.c

+    CHECK_ERROR(parser_base_tx(c, &v->tx.p_export_tx.base_secp_ins, &v->tx.p_export_tx.base_secp_outs));
+
+    // Get destination chain
+    v->tx.p_export_tx.destination_chain = c->buffer + c->offset;


Same checks mentioned for parser_handle_cchain_export

ftheirs · 2023-12-29T15:08:23Z

app/src/tx_pchain.c

+    CHECK_ERROR(parser_base_tx(c, &v->tx.p_import_tx.base_secp_ins, &v->tx.p_import_tx.base_secp_outs));
+
+    // Get source chain
+    v->tx.p_import_tx.source_chain = c->buffer + c->offset;


Same checks mentioned for parser_handle_cchain_export

ftheirs · 2023-12-29T15:08:59Z

app/src/tx_pchain.c

+    CHECK_ERROR(parser_base_tx(c, &v->tx.add_del_val_tx.base_secp_ins, &v->tx.add_del_val_tx.base_secp_outs));
+
+    // Node ID
+    v->tx.add_del_val_tx.node_id = c->buffer + c->offset;


Check that c->offset < c->bufferLen

ftheirs · 2023-12-29T15:09:15Z

app/src/tx_pchain.c

+    }
+
+    // Pointer to outputs
+    v->tx.add_del_val_tx.staked_outs.outs = c->buffer + c->offset;


Check that c->offset < c->bufferLen

ftheirs · 2023-12-29T15:10:57Z

docs/APDUSPEC.md

-| Path[2] | byte (4) | Derivation Path Data      | ?          |
-| Path[3] | byte (4) | Derivation Path Data      | ?          |
-| Path[4] | byte (4) | Derivation Path Data      | ?          |
+| L     | byte (1) | Bytes in payload       | 0x0      |


L should be variable or ???

ftheirs

This looks really good! Just minor checks that might be found by the fuzzer 🚀

chcmedeiros · 2023-12-29T15:23:44Z

@ftheirs just added an extra context verification macro and two verification functions to use throughout the code

app/src/crypto_helper.c

app/src/parser_print_common.c

chcmedeiros added 3 commits December 27, 2023 15:39

add parser tx support

35c20a5

update zemu

c199b45

update apduspec

fbcd06b

chcmedeiros requested a review from ftheirs December 28, 2023 12:35

chcmedeiros marked this pull request as ready for review December 28, 2023 12:38