Add funcs to avoid tricking user when using plugin

Usually the length of an array is sent in a parameter. Most of the times the developer simply uses U2BE/U4BE to get this length. It is possible to forge a tx with a `length > sizeof(uint16_t/uint32_t)` and trick the user into signing something different from what is shown. For instance consider the following parameter: 00 ... 01 00 00 00 01 if the developer uses U2BE/U4BE, it is possible that this length is shown to the user and if it is, the user will see the length as 1.
2022-11-02 13:34:26 +01:00
parent 912c8afca6
commit ead85a0aaa
4 changed files with 35 additions and 1 deletions
--- a/src/eth_plugin_internal.c
+++ b/src/eth_plugin_internal.c
@@ -1,5 +1,6 @@
 #include <string.h>
 #include "eth_plugin_internal.h"
+#include "ethUtils.h" // allzeroes

 bool erc20_plugin_available_check(void);

@@ -15,6 +16,24 @@ void copy_parameter(uint8_t* dst, const uint8_t* parameter, uint8_t dst_size) {
    memmove(dst, parameter, copy_size);
 }

+bool U2BE_from_parameter(uint8_t* parameter, uint16_t* value) {
+    if (allzeroes(parameter, PARAMETER_LENGTH - sizeof(uint16_t))) {
+        *value = U2BE(parameter, PARAMETER_LENGTH - sizeof(uint16_t));
+        return true;
+    }
+
+    return false;
+}
+
+bool U4BE_from_parameter(uint8_t* parameter, uint32_t* value) {
+    if (allzeroes(parameter, PARAMETER_LENGTH - sizeof(uint32_t))) {
+        *value = U4BE(parameter, PARAMETER_LENGTH - sizeof(uint32_t));
+        return true;
+    }
+
+    return false;
+}
+
 #ifdef HAVE_STARKWARE
 void starkware_plugin_call(int message, void* parameters);
 #endif