Merge pull request #27 from cosmos/main

Textual mode

.github/workflows/check_version.yml

@@ -3,6 +3,9 @@ name: Verify PRs to main
 on:
   workflow_dispatch:
   pull_request:
+    paths:
+      - app/**
+      - deps/**
     branches:
       - main
       - develop

.github/workflows/sonarcloud.yml

@@ -0,0 +1,57 @@
+name: Sonarcloud
+
+on:
+  push:
+    branches:
+      - disable
+  pull_request:
+    branches:
+      - disable
+    types: [opened, synchronize, reopened]
+
+jobs:
+  build:
+    name: SonarQube analyze
+    runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder@sha256:877adc3ff619222aaf03a490d546ea9001f02faa0c6ac7c06c876c99584f9cdb
+    env:
+      SONAR_SCANNER_VERSION: 4.7.0.2747
+      SONAR_SERVER_URL: "https://sonarcloud.io"
+      BUILD_WRAPPER_OUT_DIR: build_wrapper_output_directory # Directory where build-wrapper output will be placed
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          submodules: true      
+      - name: Set up JDK 11
+        uses: actions/setup-java@v1
+        with:
+          java-version: 11
+      - name: Download and set up sonar-scanner
+        env:
+          SONAR_SCANNER_DOWNLOAD_URL: https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${{ env.SONAR_SCANNER_VERSION }}-linux.zip
+        run: |
+          apt-get update -y
+          apt-get upgrade -y
+          curl -sL https://deb.nodesource.com/setup_16.x | bash -
+          apt-get install -y gcovr nodejs unzip
+          mkdir -p $HOME/.sonar
+          curl -sSLo $HOME/.sonar/sonar-scanner.zip ${{ env.SONAR_SCANNER_DOWNLOAD_URL }}
+          unzip -o $HOME/.sonar/sonar-scanner.zip -d $HOME/.sonar/
+          echo "$HOME/.sonar/sonar-scanner-${{ env.SONAR_SCANNER_VERSION }}-linux/bin" >> $GITHUB_PATH
+      - name: Download and set up build-wrapper
+        env:
+          BUILD_WRAPPER_DOWNLOAD_URL: ${{ env.SONAR_SERVER_URL }}/static/cpp/build-wrapper-linux-x86.zip
+        run: |
+          curl -sSLo $HOME/.sonar/build-wrapper-linux-x86.zip ${{ env.BUILD_WRAPPER_DOWNLOAD_URL }}
+          unzip -o $HOME/.sonar/build-wrapper-linux-x86.zip -d $HOME/.sonar/
+          echo "$HOME/.sonar/build-wrapper-linux-x86" >> $GITHUB_PATH
+      - name: Run build-wrapper
+        run: |
+          build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} make clean all
+      - name: Run sonar-scanner
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        run: |
+          sonar-scanner --define sonar.host.url="${{ env.SONAR_SERVER_URL }}" --define sonar.cfamily.build-wrapper-output="${{ env.BUILD_WRAPPER_OUT_DIR }}"

.gitignore

@@ -82,6 +82,7 @@ cmake-build-fuzz/
 !\deps/nanox-secure-sdk
 !\deps/ledger-zxlib
 !\deps/tinycbor
+!\deps/tinycbor-ledger
 !\deps/BLAKE
 
 app/src/glyphs.c

.sonarcloud.properties

@@ -0,0 +1,17 @@
+# Path to sources
+# sonar.sources=
+# sonar.exclusions=
+# sonar.inclusions=
+
+# Path to tests
+# sonar.tests=
+# sonar.test.exclusions=
+# sonar.test.inclusions=
+
+# Source encoding
+# sonar.sourceEncoding=
+
+# Exclusions for copy-paste detection
+# sonar.cpd.exclusions=
+# Python version (for python projects only)
+# sonar.python.version=

CMakeLists.txt

@@ -81,7 +81,11 @@ string(APPEND CMAKE_LINKER_FLAGS " -fsanitize=address -fno-omit-frame-pointer")
 ##############################################################
 #  static libs
 file(GLOB_RECURSE JSMN_SRC
-        deps/jsmn/src/jsmn.c
+        ${CMAKE_CURRENT_SOURCE_DIR}/deps/jsmn/src/jsmn.c
+        )
+file(GLOB_RECURSE TINYCBOR_SRC
+        ${CMAKE_CURRENT_SOURCE_DIR}/deps/tinycbor/src/cborparser.c
+        ${CMAKE_CURRENT_SOURCE_DIR}/deps/tinycbor/src/cborvalidation.c
         )
 
 file(GLOB_RECURSE LIB_SRC
@@ -98,6 +102,7 @@ file(GLOB_RECURSE LIB_SRC
         ${CMAKE_CURRENT_SOURCE_DIR}/app/src/formatting.c
         ${CMAKE_CURRENT_SOURCE_DIR}/app/src/parser_impl.c
         ${CMAKE_CURRENT_SOURCE_DIR}/app/src/json/json_parser.c
+        ${CMAKE_CURRENT_SOURCE_DIR}/app/src/cbor/cbor_parser_helper.c
         ${CMAKE_CURRENT_SOURCE_DIR}/app/src/tx_parser.c
         ${CMAKE_CURRENT_SOURCE_DIR}/app/src/tx_display.c
         ${CMAKE_CURRENT_SOURCE_DIR}/app/src/tx_validate.c
@@ -107,6 +112,7 @@ file(GLOB_RECURSE LIB_SRC
 add_library(app_lib STATIC
         ${LIB_SRC}
         ${JSMN_SRC}
+        ${TINYCBOR_SRC}
         )
 
 target_include_directories(app_lib PUBLIC
@@ -115,7 +121,8 @@ target_include_directories(app_lib PUBLIC
         ${CMAKE_CURRENT_SOURCE_DIR}/app/src
         ${CMAKE_CURRENT_SOURCE_DIR}/app/src/common
         ${CMAKE_CURRENT_SOURCE_DIR}/deps/ledger-zxlib/app/common
-        ${CMAKE_CURRENT_SOURCE_DIR}/deps/tinykeccak
+        ${CMAKE_CURRENT_SOURCE_DIR}/deps/tinycbor/src
+        ${CMAKE_CURRENT_SOURCE_DIR}/deps/tinykeccak/
         )
 
 target_link_libraries(app_lib PUBLIC)
@@ -133,6 +140,7 @@ target_include_directories(unittests PRIVATE
         ${CONAN_INCLUDE_DIRS_FMT}
         ${CONAN_INCLUDE_DIRS_JSONCPP}
         ${CMAKE_CURRENT_SOURCE_DIR}/deps/jsmn/src
+        ${CMAKE_CURRENT_SOURCE_DIR}/deps/tinycbor/src
         )
 
 target_link_libraries(unittests PRIVATE

README.md

@@ -4,7 +4,8 @@
 
 ---
 
-![zondax](docs/zondax.jpg)
+![zondax_light](docs/zondax_light.png#gh-light-mode-only)
+![zondax_dark](docs/zondax_dark.png#gh-dark-mode-only)
 
 _Please visit our website at [zondax.ch](zondax.ch)_
 

SECURITY.md

@@ -0,0 +1,79 @@
+# Coordinated Vulnerability Disclosure Policy
+
+The Cosmos ecosystem believes that strong security is a blend of highly
+technical security researchers who care about security and the forward
+progression of the ecosystem and the attentiveness and openness of Cosmos core
+contributors to help continually secure our operations.
+
+> **IMPORTANT**: *DO NOT* open public issues on this repository for security
+> vulnerabilities.
+
+## Scope
+
+| Scope                 |
+|-----------------------|
+| last release (tagged) |
+| main branch           |
+
+The latest **release tag** of this repository is supported for security updates
+as well as the **main** branch. Security vulnerabilities should be reported if
+the vulnerability can be reproduced on either one of those.
+
+## Reporting a Vulnerability
+
+| Reporting methods                                             |
+|---------------------------------------------------------------|
+| [GitHub Private Vulnerability Reporting][gh-private-advisory] |
+| [HackerOne bug bounty program][h1]                            |
+
+All security vulnerabilities can be reported under GitHub's [Private
+vulnerability reporting][gh-private-advisory] system. This will open a private
+issue for the developers. Try to fill in as much of the questions as possible.
+If you are not familiar with the CVSS system for assessing vulnerabilities, just
+use the Low/High/Critical severity ratings. A partially filled in report for a
+critical vulnerability is still better than no report at all.
+
+Vulnerabilities associated with the **Go, Rust or Protobuf code** of the
+repository may be eligible for a [bug bounty][h1]. Please see the bug bounty
+page for more details on submissions and rewards. If you think the vulnerability
+is eligible for a payout, **report on HackerOne first**.
+
+Vulnerabilities in services and their source codes (JavaScript, web page, Google
+Workspace) are not in scope for the bug bounty program, but they are welcome to
+be reported in GitHub.
+
+### Guidelines
+
+We require that all researchers:
+
+* Abide by this policy to disclose vulnerabilities, and avoid posting
+  vulnerability information in public places, including GitHub, Discord,
+  Telegram, and Twitter.
+* Make every effort to avoid privacy violations, degradation of user experience,
+  disruption to production systems (including but not limited to the Cosmos
+  Hub), and destruction of data.
+* Keep any information about vulnerabilities that you’ve discovered confidential
+  between yourself and the Cosmos engineering team until the issue has been
+  resolved and disclosed.
+* Avoid posting personally identifiable information, privately or publicly.
+
+If you follow these guidelines when reporting an issue to us, we commit to:
+
+* Not pursue or support any legal action related to your research on this
+  vulnerability
+* Work with you to understand, resolve and ultimately disclose the issue in a
+  timely fashion
+
+### More information
+
+* See [TIMELINE.md] for an example timeline of a disclosure.
+* See [DISCLOSURE.md] to see more into the inner workings of the disclosure
+  process.
+* See [EXAMPLES.md] for some of the examples that we are interested in for the
+  bug bounty program.
+
+[gh-private-advisory]: /../../security/advisories/new
+[h1]: https://hackerone.com/cosmos
+[TIMELINE.md]: https://github.com/cosmos/security/blob/main/TIMELINE.md
+[DISCLOSURE.md]: https://github.com/cosmos/security/blob/main/DISCLOSURE.md
+[EXAMPLES.md]: https://github.com/cosmos/security/blob/main/EXAMPLES.md

app/Makefile

@@ -52,7 +52,7 @@ endif
 
 APP_LOAD_PARAMS = --curve secp256k1 $(COMMON_LOAD_PARAMS) --path $(APPPATH)
 
-NANOS_STACK_SIZE := 1890
+NANOS_STACK_SIZE:=1815
 include $(CURDIR)/../deps/ledger-zxlib/makefiles/Makefile.devices
 
 $(info TARGET_NAME  = [$(TARGET_NAME)])
@@ -63,8 +63,9 @@ $(error ICONNAME is not set)
 endif
 
 include $(CURDIR)/../deps/ledger-zxlib/makefiles/Makefile.platform
-
 DEFINES += HAVE_HASH HAVE_BLAKE2 HAVE_SHA256 HAVE_SHA512
+CFLAGS += -I$(MY_DIR)/../deps/tinycbor/src
+APP_SOURCE_PATH += $(MY_DIR)/../deps/tinycbor-ledger
 APP_SOURCE_PATH += $(MY_DIR)/../deps/jsmn/src
 
 .PHONY: rust

app/Makefile.version

@@ -1,6 +1,6 @@
 # This is the `transaction_version` field of `Runtime`
 APPVERSION_M=2
 # This is the `spec_version` field of `Runtime`
-APPVERSION_N=34
+APPVERSION_N=35
 # This is the patch version of this release
-APPVERSION_P=12
+APPVERSION_P=13

app/src/addr.h

@@ -15,6 +15,7 @@
 ********************************************************************************/
 
 #pragma once
+#include "zxerror.h"
 
 #ifdef __cplusplus
 extern "C" {
@@ -29,8 +30,6 @@ zxerr_t addr_getItem(int8_t displayIdx,
                      char *outValue, uint16_t outValueLen,
                      uint8_t pageIdx, uint8_t *pageCount);
 
-zxerr_t addr_to_textual(char *s, uint16_t max, const char *text, uint16_t textLen);
-
 #ifdef __cplusplus
 }
 #endif

app/src/apdu_handler.c

@@ -23,6 +23,7 @@
 #include <ux.h>
 
 #include "view.h"
+#include "view_internal.h"
 #include "actions.h"
 #include "tx.h"
 #include "addr.h"
@@ -62,6 +63,7 @@ __Z_INLINE void handle_getversion(__Z_UNUSED volatile uint32_t *flags, volatile
 }
 
 __Z_INLINE uint8_t extractHRP(uint32_t rx, uint32_t offset) {
+    uint8_t hrp_len = 0;
     if (rx < offset + 1) {
         THROW(APDU_CODE_DATA_INVALID);
     }
@@ -76,10 +78,15 @@ __Z_INLINE uint8_t extractHRP(uint32_t rx, uint32_t offset) {
     memcpy(bech32_hrp, G_io_apdu_buffer + offset + 1, bech32_hrp_len);
     bech32_hrp[bech32_hrp_len] = 0;     // zero terminate
 
-    return bech32_hrp_len;
+    hrp_len = bech32_hrp_len;
+    return hrp_len;
 }
 
 __Z_INLINE void extractHDPath(uint32_t rx, uint32_t offset) {
+    if (rx < offset + 1) {
+        THROW(APDU_CODE_DATA_INVALID);
+    }
+
     if ((rx - offset) < sizeof(uint32_t) * HDPATH_LEN_DEFAULT) {
         THROW(APDU_CODE_WRONG_LENGTH);
     }
@@ -109,8 +116,8 @@ static void extractHDPath_HRP(uint32_t rx, uint32_t offset) {
 
     // Check if HRP was sent
     if ((rx - offset) > sizeof(uint32_t) * HDPATH_LEN_DEFAULT) {
-        extractHRP(rx, offset + sizeof(uint32_t) * HDPATH_LEN_DEFAULT);
-        encoding = checkChainConfig(hdPath[1], bech32_hrp, bech32_hrp_len);
+        uint8_t hrp_bech32_len = extractHRP(rx, offset + sizeof(uint32_t) * HDPATH_LEN_DEFAULT);
+        encoding = checkChainConfig(hdPath[1], bech32_hrp, hrp_bech32_len);
         if (encoding == UNSUPPORTED) {
             ZEMU_LOGF(50, "Chain config not supported for: %s\n", bech32_hrp)
             THROW(APDU_CODE_COMMAND_NOT_ALLOWED);
@@ -125,10 +132,6 @@ static bool process_chunk(volatile uint32_t *tx, uint32_t rx) {
 
     const uint8_t payloadType = G_io_apdu_buffer[OFFSET_PAYLOAD_TYPE];
 
-    if (G_io_apdu_buffer[OFFSET_P2] != 0) {
-        THROW(APDU_CODE_INVALIDP1P2);
-    }
-
     if (rx < OFFSET_DATA) {
         THROW(APDU_CODE_WRONG_LENGTH);
     }
@@ -139,7 +142,6 @@ static bool process_chunk(volatile uint32_t *tx, uint32_t rx) {
             tx_initialize();
             tx_reset();
             extractHDPath_HRP(rx, OFFSET_DATA);
-
             return false;
         case P1_ADD:
             added = tx_append(&(G_io_apdu_buffer[OFFSET_DATA]), rx - OFFSET_DATA);
@@ -187,26 +189,29 @@ __Z_INLINE void handleGetAddrSecp256K1(volatile uint32_t *flags, volatile uint32
     THROW(APDU_CODE_OK);
 }
 
-__Z_INLINE void handleSignSecp256K1(volatile uint32_t *flags, volatile uint32_t *tx, uint32_t rx) {
+__Z_INLINE void handleSign(volatile uint32_t *flags, volatile uint32_t *tx, uint32_t rx) {
     if (!process_chunk(tx, rx)) {
         THROW(APDU_CODE_OK);
     }
 
+    // Let grab P2 value and if it's not valid, the parser should reject it
+    const tx_type_e sign_type = (tx_type_e) G_io_apdu_buffer[OFFSET_P2];
+
     if ((hdPath[1] == HDPATH_ETH_1_DEFAULT) && !app_mode_expert()) {
         *flags |= IO_ASYNCH_REPLY;
         view_custom_error_show(PIC(msg_error1),PIC(msg_error2));
         THROW(APDU_CODE_DATA_INVALID);
     }
 
-
     // Put address in output buffer, we will use it to confirm source address
     zxerr_t zxerr = app_fill_address();
     if (zxerr != zxerr_ok) {
         *tx = 0;
         THROW(APDU_CODE_DATA_INVALID);
     }
-    parser_tx_obj.own_addr = (const char *) (G_io_apdu_buffer + VIEW_ADDRESS_OFFSET_SECP256K1);
-    const char *error_msg = tx_parse();
+
+    parser_tx_obj.tx_json.own_addr = (const char *) (G_io_apdu_buffer + VIEW_ADDRESS_OFFSET_SECP256K1);
+    const char *error_msg = tx_parse(sign_type);
 
     if (error_msg != NULL) {
         int error_msg_length = strlen(error_msg);
@@ -250,7 +255,7 @@ void handleApdu(volatile uint32_t *flags, volatile uint32_t *tx, uint32_t rx) {
 
                 case INS_SIGN_SECP256K1: {
                     CHECK_PIN_VALIDATED()
-                    handleSignSecp256K1(flags, tx, rx);
+                    handleSign(flags, tx, rx);
                     break;
                 }