diff --git a/src/apdu.c b/src/apdu.c index 5ed1c88f..3432b357 100644 --- a/src/apdu.c +++ b/src/apdu.c @@ -193,4 +193,4 @@ int apdu_handle_message(const uint8_t* apdu_message, apdu_command->state = ApduStatePayloadComplete; return 0; -} \ No newline at end of file +} diff --git a/src/globals.h b/src/globals.h index f4ac8b7e..92532b5f 100644 --- a/src/globals.h +++ b/src/globals.h @@ -53,6 +53,8 @@ typedef enum InstructionCode { } InstructionCode; extern volatile bool G_called_from_swap; +extern volatile bool G_swap_response_ready; + // display stepped screens extern unsigned int ux_step; diff --git a/src/main.c b/src/main.c index 3729e88f..82341491 100644 --- a/src/main.c +++ b/src/main.c @@ -31,6 +31,7 @@ ApduCommand G_command; unsigned char G_io_seproxyhal_spi_buffer[IO_SEPROXYHAL_BUFFER_SIZE_B]; volatile bool G_called_from_swap; +volatile bool G_swap_response_ready; static void reset_main_globals(void) { MEMCLEAR(G_command); @@ -105,7 +106,6 @@ void app_main(void) { // APDU injection faults. for (;;) { volatile unsigned short sw = 0; - BEGIN_TRY { TRY { rx = tx; @@ -114,6 +114,12 @@ void app_main(void) { rx = io_exchange(CHANNEL_APDU | flags, rx); flags = 0; + if (G_called_from_swap && G_swap_response_ready) { + PRINTF("Quitting app started in swap mode\n"); + // Quit app, we are in limited mode and our work is done + os_sched_exit(0); + } + // no apdu received, well, reset the session, and reset the // bootloader configuration if (rx == 0) { @@ -128,7 +134,6 @@ void app_main(void) { THROW(ApduReplySdkExceptionIoReset); } CATCH_OTHER(e) { - G_called_from_swap = false; switch (e & 0xF000) { case 0x6000: sw = e; @@ -316,6 +321,7 @@ void coin_main(void) { static void start_app_from_lib(void) { G_called_from_swap = true; + G_swap_response_ready = false; UX_INIT(); io_seproxyhal_init(); nv_app_state_init(); diff --git a/src/signMessage.c b/src/signMessage.c index aa64532a..5391adaa 100644 --- a/src/signMessage.c +++ b/src/signMessage.c @@ -139,12 +139,6 @@ void handle_sign_message_parse_message(volatile unsigned int *tx) { //*tx = set_result_sign_message(); // THROW(ApduReplySuccess); UNUSED(tx); - } - - if ((G_command.non_confirm || G_called_from_swap) && - !(G_command.non_confirm && G_called_from_swap)) { - // User validation bypass requested NOT in swap context - // Or user validation requested while in swap context THROW(ApduReplySdkNotSupported); } @@ -179,9 +173,8 @@ static bool check_swap_validity(const SummaryItemKind_t kinds[MAX_TRANSACTION_SU size_t num_summary_steps) { bool amount_ok = false; bool recipient_ok = false; - bool fee_payer_ok = false; - if (num_summary_steps != 3) { - PRINTF("3 steps expected for transaction in swap context, not %u\n", num_summary_steps); + if (num_summary_steps != 2) { + PRINTF("2 steps expected for transaction in swap context, not %u\n", num_summary_steps); return false; } for (size_t i = 0; i < num_summary_steps; ++i) { @@ -200,19 +193,17 @@ static bool check_swap_validity(const SummaryItemKind_t kinds[MAX_TRANSACTION_SU case SummaryItemPubkey: if (strcmp(G_transaction_summary_title, "Recipient") == 0) { recipient_ok = check_swap_recipient(G_transaction_summary_text); - } else if (strcmp(G_transaction_summary_title, "Fee payer") == 0) { - fee_payer_ok = check_swap_fee_payer(G_transaction_summary_text); } else { PRINTF("Refused field '%s'\n", G_transaction_summary_title); return false; } break; default: - PRINTF("Refused kind '%u'\n", SummaryItemAmount); + PRINTF("Refused kind '%u'\n", kinds[i]); return false; } } - return amount_ok && recipient_ok && fee_payer_ok; + return amount_ok && recipient_ok; } void handle_sign_message_ui(volatile unsigned int *flags) { @@ -223,12 +214,20 @@ void handle_sign_message_ui(volatile unsigned int *flags) { // If we are in swap context, do not redisplay the message data // Instead, ensure they are identitical with what was previously displayed if (G_called_from_swap) { + if (G_swap_response_ready) { + // Safety against trying to make the app sign multiple TX + PRINTF("Safety agains double signing triggered\n"); + os_sched_exit(-1); + } else { + // We will quit the app after this transaction, whether it succeeds or fails + PRINTF("Swap response is ready, the app will quit after the next send\n"); + G_swap_response_ready = true; + } if (check_swap_validity(summary_step_kinds, num_summary_steps)) { + PRINTF("Valid swap transaction signed\n"); send_result_sign_message(); - // Quit app, we are in limited mode and our work is done - os_sched_exit(0); } else { - PRINTF("Refused blind signing incorrect Swap transaction\n"); + PRINTF("Refused signing incorrect Swap transaction\n"); THROW(ApduReplySolanaSummaryFinalizeFailed); } } else { diff --git a/tests/python/apps/solana.py b/tests/python/apps/solana.py index ca06561f..d5b22431 100644 --- a/tests/python/apps/solana.py +++ b/tests/python/apps/solana.py @@ -2,8 +2,7 @@ from enum import IntEnum from contextlib import contextmanager -from ragger.backend import BackendInterface -from ragger.utils import RAPDU +from ragger.backend.interface import BackendInterface, RAPDU class INS(IntEnum): @@ -135,12 +134,12 @@ def send_blind_sign_message(self, derivation_path : bytes, message: bytes) -> RA # Send all chunks with P2_EXTEND except for the first chunk if len(message_splited_prefixed) > 1: final_p2 |= P2_EXTEND - self.send_first_message_batch(message_splited_prefixed[:-1], P1_NON_CONFIRM) + self.send_first_message_batch(message_splited_prefixed[:-1], P1_CONFIRM) else: final_p2 = 0 return self._client.exchange(CLA, INS.INS_SIGN_MESSAGE, - P1_NON_CONFIRM, + P1_CONFIRM, final_p2, message_splited_prefixed[-1]) diff --git a/tests/python/apps/solana_utils.py b/tests/python/apps/solana_utils.py index f18e624e..ec7be1e0 100644 --- a/tests/python/apps/solana_utils.py +++ b/tests/python/apps/solana_utils.py @@ -1,7 +1,7 @@ import base58 -from ragger.bip import pack_derivation_path from ragger.utils import create_currency_config +from ragger.bip import pack_derivation_path ### Some utilities functions for amounts conversions ###