Add funcs to avoid tricking user when using plugin

Usually the length of an array is sent in a parameter. Most of the times the developer simply uses U2BE/U4BE to get this length. It is possible to forge a tx with a `length > sizeof(uint16_t/uint32_t)` and trick the user into signing something different from what is shown. For instance consider the following parameter: 00 ... 01 00 00 00 01 if the developer uses U2BE/U4BE, it is possible that this length is shown to the user and if it is, the user will see the length as 1.
2022-11-02 13:34:26 +01:00
parent 912c8afca6
commit ead85a0aaa
4 changed files with 35 additions and 1 deletions
--- a/doc/ethapp_plugins.adoc
+++ b/doc/ethapp_plugins.adoc
@@ -134,6 +134,17 @@ The following return codes are expected, any other will abort the signing proces
  * ETH_PLUGIN_RESULT_OK : if the plugin can be successfully initialized
  * ETH_PLUGIN_RESULT_FALLBACK : if the signing logic should fallback to the generic one

+There are already defined functions to extract data from a parameter:
+[source,C]
+----
+void copy_address(uint8_t* dst, const uint8_t* parameter, uint8_t dst_size);
+void copy_parameter(uint8_t* dst, const uint8_t* parameter, uint8_t dst_size);
+
+// Get the value from the beginning of the parameter (right to left) and check if the rest of it is zero
+bool U2BE_from_parameter(uint8_t* parameter, uint16_t* value);
+bool U4BE_from_parameter(uint8_t* parameter, uint32_t* value);
+----
+
 ### ETH_PLUGIN_FINALIZE

 [source,C]