EIP712 signatures now computed on schema hash

2022-06-29 15:08:43 +02:00
parent 188a75ffff
commit ee660317aa
2 changed files with 23 additions and 3 deletions
--- a/doc/ethapp.adoc
+++ b/doc/ethapp.adoc
@@ -792,6 +792,11 @@ This command provides a trusted way of deciding what information from the JSON d

 This mode can be overriden by the in-app setting to fully clear-sign EIP-712 messages.

+For the signatures :
+
+* The chain ID used for the signature must be 8 bytes wide.
+* The schema hash = sha224sum of the value of _types_ at the root of the JSON data (stripped of all spaces and newlines)
+
 ##### Activation

 Full filtering is disabled by default and has to be changed with this APDU (default behaviour is basic filtering handled by the app itself).
@@ -804,11 +809,10 @@ If activated, fields will be by default hidden unless they receive a field name

 Name substitution commands should come right after the contract address from the domain has been sent with a *SEND STRUCT IMPLEMENTATION*.
 Perfect moment to do it is when the domain implementation has been sent, just before sending the message implementation.
-The chain ID used for the signature must be 8 bytes wide.

 The signature is computed on :

-chain ID (BE) || contract address || display name length || display name
+chain ID (BE) || contract address || schema hash || display name length || display name


 ##### Field name substitution
@@ -817,7 +821,7 @@ Name substitution commands should come before the corresponding *SEND STRUCT IMP

 The signature is computed on :

-chain ID (BE) || contract address || json key length || json key || display name length || display name
+chain ID (BE) || contract address || schema hash || json key length || json key || display name length || display name

 #### Coding

--- a/src_features/signMessageEIP712/entrypoint.c
+++ b/src_features/signMessageEIP712/entrypoint.c
@@ -509,6 +509,14 @@ static bool verify_contract_name_signature(uint8_t dname_length,
            NULL,
            0);

+    // Schema hash
+    cx_hash((cx_hash_t*)&hash_ctx,
+            0,
+            eip712_context->schema_hash,
+            sizeof(eip712_context->schema_hash),
+            NULL,
+            0);
+
    // Display name length
    cx_hash((cx_hash_t*)&hash_ctx,
            0,
@@ -590,6 +598,14 @@ static bool verify_field_name_signature(uint8_t dname_length,
            NULL,
            0);

+    // Schema hash
+    cx_hash((cx_hash_t*)&hash_ctx,
+            0,
+            eip712_context->schema_hash,
+            sizeof(eip712_context->schema_hash),
+            NULL,
+            0);
+
    if ((field_ptr = path_get_field()) == NULL)
    {
        return false;