From 833adf2bf6d698446c9148219d5b19a4bc9acb42 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?dj8yf0=CE=BCl?= Date: Thu, 7 Mar 2024 18:45:13 +0200 Subject: [PATCH] chore: bump `ledger_device_sdk` to 1.7.1; remove dependency on `ledger_device_sdk_sys` --- Cargo.lock | 5 +- Cargo.toml | 3 +- src/handlers/common/action/delegate.rs | 2 +- src/handlers/common/finalize_sign.rs | 7 +- src/handlers/common/validate_public_key.rs | 5 +- src/handlers/get_public_key.rs | 3 +- src/handlers/get_wallet_id.rs | 3 +- src/handlers/sign_nep366_delegate.rs | 2 +- src/handlers/sign_nep413_msg.rs | 2 +- src/handlers/sign_tx.rs | 2 +- src/main.rs | 2 +- src/parsing/transaction_stream_reader/mod.rs | 68 +++++--------------- src/utils/crypto/public_key.rs | 25 +------ 13 files changed, 37 insertions(+), 92 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 9362806..02e65b2 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -21,7 +21,6 @@ dependencies = [ "hex", "include_gif", "ledger_device_sdk", - "ledger_secure_sdk_sys", "near_gas", "near_token", "numtoa", @@ -197,9 +196,9 @@ checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" [[package]] name = "ledger_device_sdk" -version = "1.6.0" +version = "1.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1550be327df93ffeb0c079429febb6a148c03139d0171e7d0e7fe09f85e6f830" +checksum = "8c119b704c1240c3e21fcaff94ea8cdc110ac949eb118c5e6e5dbc9c7a61ebe2" dependencies = [ "include_gif", "ledger_secure_sdk_sys", diff --git a/Cargo.toml b/Cargo.toml index e403369..6a043b0 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -5,8 +5,7 @@ authors = ["yhql", "agrojean-ledger", "dj8yf0μl"] edition = "2021" [dependencies] -ledger_device_sdk = "1.6.0" -ledger_secure_sdk_sys = "1.2.0" +ledger_device_sdk = "1.7.1" include_gif = "1.0.1" hex = { version = "0.4.3", default-features = false, features = ["serde"] } bs58 = { version = "0.5.0", default-features = false } diff --git a/src/handlers/common/action/delegate.rs b/src/handlers/common/action/delegate.rs index 7365168..7d2d6d9 100644 --- a/src/handlers/common/action/delegate.rs +++ b/src/handlers/common/action/delegate.rs @@ -1,5 +1,5 @@ +use ledger_device_sdk::buttons::ButtonEvent; use ledger_device_sdk::io::Event; -use ledger_secure_sdk_sys::buttons::ButtonEvent; use crate::{ parsing::{HashingStream, SingleTxStream}, diff --git a/src/handlers/common/finalize_sign.rs b/src/handlers/common/finalize_sign.rs index 34994d3..275af26 100644 --- a/src/handlers/common/finalize_sign.rs +++ b/src/handlers/common/finalize_sign.rs @@ -1,14 +1,15 @@ use crate::{ parsing::{HashingStream, SingleTxStream}, - utils::crypto::{self, PathBip32}, + utils::crypto::PathBip32, AppSW, }; use borsh::io::{ErrorKind, Read}; +use ledger_device_sdk::ecc::Ed25519; pub struct Signature(pub [u8; 64]); pub fn end( - stream: &mut HashingStream>, + mut stream: HashingStream>, path: &PathBip32, ) -> Result { // test no redundant bytes left in stream @@ -21,7 +22,7 @@ pub fn end( let digest = stream.finalize()?; - let private_key = crypto::bip32_derive(&path.0); + let private_key = Ed25519::derive_from_path_slip10(&path.0); let (sig, _len) = private_key.sign(&digest.0).map_err(|_| AppSW::TxSignFail)?; Ok(Signature(sig)) diff --git a/src/handlers/common/validate_public_key.rs b/src/handlers/common/validate_public_key.rs index 96bbaab..eb4ba10 100644 --- a/src/handlers/common/validate_public_key.rs +++ b/src/handlers/common/validate_public_key.rs @@ -1,10 +1,11 @@ +use ledger_device_sdk::ecc::Ed25519; use ledger_device_sdk::ui::{ bitmaps::{CROSSMARK, EYE}, gadgets::{Field, MultiFieldReview}, }; use crate::{ - utils::crypto::{self, public_key::NoSecpAllowed, PathBip32, PublicKeyBe}, + utils::crypto::{public_key::NoSecpAllowed, PathBip32, PublicKeyBe}, AppSW, }; use fmt_buffer::Buffer; @@ -14,7 +15,7 @@ pub fn validate( path: &PathBip32, ) -> Result<(), AppSW> { let matching_private_key = { - let pk = crypto::bip32_derive(&path.0) + let pk = Ed25519::derive_from_path_slip10(&path.0) .public_key() .map_err(|_| AppSW::KeyDeriveFail)?; PublicKeyBe::from_little_endian(pk) diff --git a/src/handlers/get_public_key.rs b/src/handlers/get_public_key.rs index 9d75537..5f2efc7 100644 --- a/src/handlers/get_public_key.rs +++ b/src/handlers/get_public_key.rs @@ -18,13 +18,14 @@ use crate::app_ui::address; use crate::utils::crypto; use crate::AppSW; +use ledger_device_sdk::ecc::Ed25519; use ledger_device_sdk::io::Comm; pub fn handler(comm: &mut Comm, display: bool) -> Result<(), AppSW> { let data = comm.get_data().map_err(|_| AppSW::WrongApduLength)?; let path = crypto::PathBip32::parse(data).map_err(|_| AppSW::Bip32PathParsingFail)?; - let pk = crypto::bip32_derive(&path.0) + let pk = Ed25519::derive_from_path_slip10(&path.0) .public_key() .map_err(|_| AppSW::KeyDeriveFail)?; diff --git a/src/handlers/get_wallet_id.rs b/src/handlers/get_wallet_id.rs index a547b63..b0b1d6a 100644 --- a/src/handlers/get_wallet_id.rs +++ b/src/handlers/get_wallet_id.rs @@ -1,13 +1,14 @@ use crate::app_ui::address; use crate::utils::crypto; use crate::AppSW; +use ledger_device_sdk::ecc::Ed25519; use ledger_device_sdk::io::Comm; pub fn handler(comm: &mut Comm) -> Result<(), AppSW> { let data = comm.get_data().map_err(|_| AppSW::WrongApduLength)?; let path = crypto::PathBip32::parse(data).map_err(|_| AppSW::Bip32PathParsingFail)?; - let pk = crypto::bip32_derive(&path.0) + let pk = Ed25519::derive_from_path_slip10(&path.0) .public_key() .map_err(|_| AppSW::KeyDeriveFail)?; diff --git a/src/handlers/sign_nep366_delegate.rs b/src/handlers/sign_nep366_delegate.rs index 75107f2..aa5412f 100644 --- a/src/handlers/sign_nep366_delegate.rs +++ b/src/handlers/sign_nep366_delegate.rs @@ -35,7 +35,7 @@ pub fn handler(mut stream: SingleTxStream<'_>) -> Result { let delegate_ac_pub_key_prevalidation = handle_delegate_action(&mut stream)?; validate_public_key::validate(delegate_ac_pub_key_prevalidation, &path)?; - finalize_sign::end(&mut stream, &path) + finalize_sign::end(stream, &path) } pub fn handle_delegate_action( diff --git a/src/handlers/sign_nep413_msg.rs b/src/handlers/sign_nep413_msg.rs index a52c67c..7e7cd5b 100644 --- a/src/handlers/sign_nep413_msg.rs +++ b/src/handlers/sign_nep413_msg.rs @@ -34,5 +34,5 @@ pub fn handler(mut stream: SingleTxStream<'_>) -> Result { return Err(AppSW::Deny); } - finalize_sign::end(&mut stream, &path) + finalize_sign::end(stream, &path) } diff --git a/src/handlers/sign_tx.rs b/src/handlers/sign_tx.rs index 1590d5d..229878a 100644 --- a/src/handlers/sign_tx.rs +++ b/src/handlers/sign_tx.rs @@ -75,5 +75,5 @@ pub fn handler(mut stream: SingleTxStream<'_>) -> Result { handle_action(&mut stream, params)?; } - finalize_sign::end(&mut stream, &path) + finalize_sign::end(stream, &path) } diff --git a/src/main.rs b/src/main.rs index 689744f..4301ddf 100644 --- a/src/main.rs +++ b/src/main.rs @@ -25,7 +25,7 @@ mod utils { pub mod public_key; pub use path::PathBip32; - pub use public_key::{bip32_derive, PublicKeyBe}; + pub use public_key::PublicKeyBe; } pub mod types { pub mod base58_buf; diff --git a/src/parsing/transaction_stream_reader/mod.rs b/src/parsing/transaction_stream_reader/mod.rs index 3c08bb9..7bdbe6f 100644 --- a/src/parsing/transaction_stream_reader/mod.rs +++ b/src/parsing/transaction_stream_reader/mod.rs @@ -3,14 +3,11 @@ use ledger_device_sdk::{ io::{Comm, Event}, }; +use ledger_device_sdk::hash::sha2::Sha2_256; +use ledger_device_sdk::hash::HashInit; + use crate::{AppSW, Instruction, SignMode}; use borsh::io::{self}; -use ledger_secure_sdk_sys::{ - cx_hash_final, cx_hash_t, cx_hash_update, cx_sha256_init_no_throw, cx_sha256_t, CX_OK, -}; - -#[cfg(feature = "speculos")] -use ledger_device_sdk::testing; pub struct SingleTxStream<'a> { pub comm: &'a mut Comm, @@ -35,52 +32,30 @@ pub struct Sha256Digest(pub [u8; 32]); pub struct HashingStream { pub reader: R, - sha256_ctx: cx_sha256_t, + sha256: Sha2_256, } impl HashingStream { pub fn new(reader: R) -> Result { - let mut sha256_ctx = Default::default(); - unsafe { - if cx_sha256_init_no_throw(&mut sha256_ctx) != CX_OK { - return Err(AppSW::TxHashFail); - } - } - let res = Self { reader, sha256_ctx }; + let sha256 = Sha2_256::new(); + let res = Self { reader, sha256 }; Ok(res) } - pub fn finalize(&mut self) -> Result { + pub fn finalize(self) -> Result { let mut array = [0u8; 32]; - unsafe { - if cx_hash_final( - &mut self.sha256_ctx.header as *mut cx_hash_t, - array.as_mut_ptr(), - ) != CX_OK - { - #[cfg(feature = "speculos")] - testing::debug_print("`cx_hash_final` error encountered \n"); - return Err(AppSW::TxHashFinalizeFail); - } - } + + self.sha256 + .finalize(&mut array) + .map_err(|_err| AppSW::TxHashFinalizeFail)?; Ok(Sha256Digest(array)) } } impl HashingStream { pub fn feed_slice(&mut self, input: &[u8]) -> io::Result<()> { - unsafe { - if cx_hash_update( - &mut self.sha256_ctx.header as *mut cx_hash_t, - input.as_ptr(), - input.len(), - ) != CX_OK - { - #[cfg(feature = "speculos")] - testing::debug_print("`cx_hash_update` error encountered \n"); - return Err(io::Error::from(io::ErrorKind::OutOfMemory)); - } - } - Ok(()) + self.sha256 + .update(input) + .map_err(|_err| io::Error::from(io::ErrorKind::OutOfMemory)) } } @@ -92,18 +67,9 @@ impl io::Read for HashingStream { // update hash on each chunk passing through if n > 0 { let data = &buf[0..n]; - unsafe { - if cx_hash_update( - &mut self.sha256_ctx.header as *mut cx_hash_t, - data.as_ptr(), - data.len(), - ) != CX_OK - { - #[cfg(feature = "speculos")] - testing::debug_print("`cx_hash_update` error encountered \n"); - return Err(io::Error::from(io::ErrorKind::OutOfMemory)); - } - } + self.sha256 + .update(data) + .map_err(|_err| io::Error::from(io::ErrorKind::OutOfMemory))?; } return Ok(n); } diff --git a/src/utils/crypto/public_key.rs b/src/utils/crypto/public_key.rs index 7bc6ca5..8dd3562 100644 --- a/src/utils/crypto/public_key.rs +++ b/src/utils/crypto/public_key.rs @@ -1,5 +1,4 @@ -use ledger_device_sdk::ecc::{CurvesId, ECPrivateKey, ECPublicKey, Ed25519, Secret}; -use ledger_secure_sdk_sys::os_perso_derive_node_with_seed_key; +use ledger_device_sdk::ecc::ECPublicKey; use crate::AppSW; @@ -10,31 +9,9 @@ use fmt_buffer::Buffer; const PUBLIC_KEY_BIG_ENDIAN_LEN: usize = 32; const PUBLIC_KEY_LITTLE_ENDIAN_LEN: usize = 65; -const HDW_ED25519_SLIP10: u32 = 1; - #[derive(PartialEq, Eq)] pub struct PublicKeyBe(pub [u8; PUBLIC_KEY_BIG_ENDIAN_LEN]); -pub fn bip32_derive(path: &[u32]) -> ECPrivateKey<32, 'E'> { - let mut tmp = Secret::<32>::new(); - let curve = CurvesId::Ed25519; - - unsafe { - os_perso_derive_node_with_seed_key( - HDW_ED25519_SLIP10, - curve as u8, - path.as_ptr(), - path.len() as u32, - tmp.as_mut().as_mut_ptr(), - core::ptr::null_mut(), // chain - core::ptr::null_mut(), // seed_key - 0u32, // seed_key_length - ) - }; - - Ed25519::from(tmp.as_ref()) -} - pub struct NoSecpAllowed; impl TryFrom for PublicKeyBe {