Implement Ledger-PKI

- Update src code to adapt to new API 'os_pki_verify' - Support both Ledger-PKI and legacy method
2024-06-11 10:55:11 +02:00
parent 1ac75092da
commit 2008307c0c
8 changed files with 291 additions and 217 deletions
--- a/src_features/provideErc20TokenInformation/cmd_provideTokenInfo.c
+++ b/src_features/provideErc20TokenInformation/cmd_provideTokenInfo.c
@@ -5,6 +5,9 @@
 #include "os_io_seproxyhal.h"
 #include "network.h"
 #include "manage_asset_info.h"
+#ifdef HAVE_LEDGER_PKI
+#include "os_pki.h"
+#endif

 void handleProvideErc20TokenInformation(uint8_t p1,
                                        uint8_t p2,
@@ -20,22 +23,21 @@ void handleProvideErc20TokenInformation(uint8_t p1,
    uint8_t tickerLength;
    uint64_t chain_id;
    uint8_t hash[INT256_LENGTH];
-    cx_ecfp_public_key_t tokenKey;
-
    tokenDefinition_t *token = &get_current_asset_info()->token;
+    cx_err_t error = CX_INTERNAL_ERROR;

    PRINTF("Provisioning currentAssetIndex %d\n", tmpCtx.transactionContext.currentAssetIndex);

    if (dataLength < 1) {
-        THROW(0x6A80);
+        THROW(APDU_RESPONSE_INVALID_DATA);
    }
    tickerLength = workBuffer[offset++];
    dataLength--;
    if ((tickerLength + 1) > sizeof(token->ticker)) {
-        THROW(0x6A80);
+        THROW(APDU_RESPONSE_INVALID_DATA);
    }
    if (dataLength < tickerLength + 20 + 4 + 4) {
-        THROW(0x6A80);
+        THROW(APDU_RESPONSE_INVALID_DATA);
    }
    cx_hash_sha256(workBuffer + offset, tickerLength + 20 + 4 + 4, hash, 32);
    memmove(token->ticker, workBuffer + offset, tickerLength);
@@ -53,21 +55,26 @@ void handleProvideErc20TokenInformation(uint8_t p1,
    chain_id = U4BE(workBuffer, offset);
    if (!app_compatible_with_chain_id(&chain_id)) {
        UNSUPPORTED_CHAIN_ID_MSG(chain_id);
-        THROW(0x6A80);
+        THROW(APDU_RESPONSE_INVALID_DATA);
    }
    offset += 4;
    dataLength -= 4;

-    CX_ASSERT(cx_ecfp_init_public_key_no_throw(CX_CURVE_256K1,
-                                               LEDGER_SIGNATURE_PUBLIC_KEY,
-                                               sizeof(LEDGER_SIGNATURE_PUBLIC_KEY),
-                                               &tokenKey));
-    if (!cx_ecdsa_verify_no_throw(&tokenKey, hash, 32, workBuffer + offset, dataLength)) {
-#ifndef HAVE_BYPASS_SIGNATURES
-        PRINTF("Invalid token signature\n");
-        THROW(0x6A80);
+    error = check_signature_with_pubkey("ERC20 Token Info",
+                                        hash,
+                                        sizeof(hash),
+                                        LEDGER_SIGNATURE_PUBLIC_KEY,
+                                        sizeof(LEDGER_SIGNATURE_PUBLIC_KEY),
+#ifdef HAVE_LEDGER_PKI
+                                        CERTIFICATE_PUBLIC_KEY_USAGE_COIN_META,
 #endif
+                                        (uint8_t *) (workBuffer + offset),
+                                        dataLength);
+#ifndef HAVE_BYPASS_SIGNATURES
+    if (error != CX_OK) {
+        THROW(APDU_RESPONSE_INVALID_DATA);
    }
+#endif

    G_io_apdu_buffer[0] = tmpCtx.transactionContext.currentAssetIndex;
    validate_current_asset_info();