needs testing - incremental hashing for non-json payloads

Zondax · Sep 4, 2024 · 6395e79 · 6395e79 · github-actions · Sep 4, 2024
1 parent 46fdf3e
commit 6395e79
Show file tree

Hide file tree

Showing 12 changed files with 461 additions and 492 deletions.
diff --git a/app/src/common/actions.h b/app/src/common/actions.h
@@ -71,8 +71,8 @@ __Z_INLINE void app_sign_hash() {
 }
 
 __Z_INLINE void app_sign_json_template() {
-    const uint8_t *message = (uint8_t *)tx_get_json_template_buffer();
-    const uint16_t messageLength = tx_get_json_template_buffer_len();
+    const uint8_t *message = (uint8_t *)tx_get_json_template_hash();
+    const uint16_t messageLength = tx_get_json_template_hash_len();
 
     const zxerr_t err = crypto_sign(G_io_apdu_buffer, IO_APDU_BUFFER_SIZE - 3, message, messageLength, tx_type_transaction);
 

diff --git a/app/src/common/parser.h b/app/src/common/parser.h
@@ -22,8 +22,8 @@ extern "C" {
 
 #include "parser_impl.h"
 
-char *parser_get_json_template_buffer();
-uint16_t parser_get_json_template_buffer_len();
+char *parser_get_json_inc_hash();
+uint16_t parser_get_json_inc_hash_len();
 
 const char *parser_getErrorDescription(parser_error_t err);
 const char *parser_getMsgPackTypeDescription(uint8_t type);

diff --git a/app/src/common/tx.c b/app/src/common/tx.c
@@ -54,9 +54,9 @@ void tx_reset() { buffering_reset(); }
 
 uint32_t tx_append(unsigned char *buffer, uint32_t length) { return buffering_append(buffer, length); }
 
-char *tx_get_json_template_buffer() { return parser_get_json_template_buffer(); }
+char *tx_get_json_template_hash() { return parser_get_json_inc_hash(); }
 
-uint16_t tx_get_json_template_buffer_len() { return parser_get_json_template_buffer_len(); }
+uint16_t tx_get_json_template_hash_len() { return parser_get_json_inc_hash_len(); }
 
 uint32_t tx_get_buffer_length() { return buffering_get_buffer()->pos; }
 

diff --git a/app/src/common/tx.h b/app/src/common/tx.h
@@ -34,11 +34,11 @@ uint32_t tx_append(unsigned char *buffer, uint32_t length);
 
 /// Returns a pointer to the JSON template buffer
 /// \return Pointer to the JSON template buffer
-char *tx_get_json_template_buffer();
+char *tx_get_json_template_hash();
 
 /// Returns the length of the JSON template buffer
 /// \return Length of the JSON template buffer
-uint16_t tx_get_json_template_buffer_len();
+uint16_t tx_get_json_template_hash_len();
 
 /// Returns size of the raw json transaction buffer
 /// \return

diff --git a/app/src/crypto.c b/app/src/crypto.c
@@ -73,7 +73,7 @@ zxerr_t crypto_sign(uint8_t *signature, uint16_t signatureMaxlen, const uint8_t
     uint8_t privateKeyData[SK_LEN_25519] = {0};
 
     uint8_t hash[BLAKE2B_HASH_SIZE] = {0};
-    if (tx_type == tx_type_hash) {
+    if (tx_type == tx_type_hash || tx_type == tx_type_transaction) {
         memcpy(hash, message, BLAKE2B_HASH_SIZE);
     } else {
         if (blake2b_hash((uint8_t *)message, messageLen, hash) != zxerr_ok) {

diff --git a/app/src/crypto_helper.c b/app/src/crypto_helper.c
@@ -18,7 +18,6 @@
 
 #if defined(TARGET_NANOS) || defined(TARGET_NANOX) || defined(TARGET_NANOS2) || defined(TARGET_STAX) || defined(TARGET_FLEX)
 #include "cx.h"
-
 zxerr_t blake2b_hash(const unsigned char *in, unsigned int inLen, unsigned char *out) {
     cx_blake2b_t ctx;
     if (cx_blake2b_init2_no_throw(&ctx, BLAKE2B_OUTPUT_LEN, NULL, 0, NULL, 0) != CX_OK ||
@@ -29,6 +28,29 @@ zxerr_t blake2b_hash(const unsigned char *in, unsigned int inLen, unsigned char
     return zxerr_ok;
 }
 
+zxerr_t blake2b_incremental(const unsigned char *in, unsigned int inLen, unsigned char *out, bool isNew, bool isLast) {
+    zemu_log("blake2b_incremental\n");
+    static cx_blake2b_t ctx;
+
+    if (isNew) {
+        if (cx_blake2b_init2_no_throw(&ctx, BLAKE2B_OUTPUT_LEN, NULL, 0, NULL, 0) != CX_OK) {
+            return zxerr_invalid_crypto_settings;
+        }
+    }
+
+    if (cx_hash_update(&ctx.header, in, inLen) != CX_OK) {
+        return zxerr_invalid_crypto_settings;
+    }
+
+    if (isLast) {
+        if (cx_hash_final(&ctx.header, out) != CX_OK) {
+            return zxerr_invalid_crypto_settings;
+        }
+    }
+
+    return zxerr_ok;
+}
+
 #else
 
 #include "blake2.h"

diff --git a/app/src/crypto_helper.h b/app/src/crypto_helper.h
@@ -37,7 +37,7 @@ extern "C" {
 #define BLAKE2B_HASH_SIZE 32
 
 zxerr_t blake2b_hash(const unsigned char *in, unsigned int inLen, unsigned char *out);
-
+zxerr_t blake2b_incremental(const unsigned char *in, unsigned int inLen, unsigned char *out, bool isNew, bool isLast);
 #ifdef __cplusplus
 }
 #endif