From ee660317aab000bf945b76084ec177a1898e6d73 Mon Sep 17 00:00:00 2001
From: Alexandre Paillier <alexandre.paillier@ledger.fr>
Date: Wed, 29 Jun 2022 15:08:43 +0200
Subject: [PATCH] EIP712 signatures now computed on schema hash

---
 doc/ethapp.adoc                             | 10 +++++++---
 src_features/signMessageEIP712/entrypoint.c | 16 ++++++++++++++++
 2 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/doc/ethapp.adoc b/doc/ethapp.adoc
index 6db1f4a..fe5ce5e 100644
--- a/doc/ethapp.adoc
+++ b/doc/ethapp.adoc
@@ -792,6 +792,11 @@ This command provides a trusted way of deciding what information from the JSON d
 
 This mode can be overriden by the in-app setting to fully clear-sign EIP-712 messages.
 
+For the signatures :
+
+* The chain ID used for the signature must be 8 bytes wide.
+* The schema hash = sha224sum of the value of _types_ at the root of the JSON data (stripped of all spaces and newlines)
+
 ##### Activation
 
 Full filtering is disabled by default and has to be changed with this APDU (default behaviour is basic filtering handled by the app itself).
@@ -804,11 +809,10 @@ If activated, fields will be by default hidden unless they receive a field name
 
 Name substitution commands should come right after the contract address from the domain has been sent with a *SEND STRUCT IMPLEMENTATION*.
 Perfect moment to do it is when the domain implementation has been sent, just before sending the message implementation.
-The chain ID used for the signature must be 8 bytes wide.
 
 The signature is computed on :
 
-chain ID (BE) || contract address || display name length || display name
+chain ID (BE) || contract address || schema hash || display name length || display name
 
 
 ##### Field name substitution
@@ -817,7 +821,7 @@ Name substitution commands should come before the corresponding *SEND STRUCT IMP
 
 The signature is computed on :
 
-chain ID (BE) || contract address || json key length || json key || display name length || display name
+chain ID (BE) || contract address || schema hash || json key length || json key || display name length || display name
 
 #### Coding
 
diff --git a/src_features/signMessageEIP712/entrypoint.c b/src_features/signMessageEIP712/entrypoint.c
index 2bf6f18..a11d055 100644
--- a/src_features/signMessageEIP712/entrypoint.c
+++ b/src_features/signMessageEIP712/entrypoint.c
@@ -509,6 +509,14 @@ static bool verify_contract_name_signature(uint8_t dname_length,
             NULL,
             0);
 
+    // Schema hash
+    cx_hash((cx_hash_t*)&hash_ctx,
+            0,
+            eip712_context->schema_hash,
+            sizeof(eip712_context->schema_hash),
+            NULL,
+            0);
+
     // Display name length
     cx_hash((cx_hash_t*)&hash_ctx,
             0,
@@ -590,6 +598,14 @@ static bool verify_field_name_signature(uint8_t dname_length,
             NULL,
             0);
 
+    // Schema hash
+    cx_hash((cx_hash_t*)&hash_ctx,
+            0,
+            eip712_context->schema_hash,
+            sizeof(eip712_context->schema_hash),
+            NULL,
+            0);
+
     if ((field_ptr = path_get_field()) == NULL)
     {
         return false;