review improvements

Author: chcmedeiros

app/src/crypto.c

@@ -540,8 +540,8 @@ __Z_INLINE zxerr_t copyKeys(keys_t *saplingKeys, key_kind_e requestedKeys, uint8
     return zxerr_ok;
 }
 
-zxerr_t crypto_computeSaplingSeed(uint8_t *sk) {
-    if (sk == NULL) {
+zxerr_t crypto_computeSaplingSeed(uint8_t spendingKey[static KEY_LENGTH]) {
+    if (spendingKey == NULL ) {
         return zxerr_no_data;
     }
 
@@ -552,10 +552,11 @@ zxerr_t crypto_computeSaplingSeed(uint8_t *sk) {
                                                      HDPATH_LEN_DEFAULT,
                                                      privateKeyData,
                                                      NULL, NULL, 0));
-    memcpy(sk, privateKeyData, KEY_LENGTH);
+    memcpy(spendingKey, privateKeyData, KEY_LENGTH);
 
 catch_cx_error:
     MEMZERO(privateKeyData, sizeof(privateKeyData));
+    MEMZERO(spendingKey, KEY_LENGTH);
     return zxerr_ok;
 }
 
@@ -570,16 +571,16 @@ zxerr_t crypto_generateSaplingKeys(uint8_t *output, uint16_t outputLen, key_kind
     keys_t saplingKeys = {0};
     uint8_t sk[KEY_LENGTH] = {0};
     CHECK_ZXERR(crypto_computeSaplingSeed(sk))
-    CHECK_PARSER_OK(computeMasterFromSeed(sk, saplingKeys.spendingKey));
+    CHECK_PARSER_OK(computeMasterFromSeed((const uint8_t*) sk, saplingKeys.spendingKey));
 
     error = computeKeys(&saplingKeys);
 
     // Copy keys
     if (error == zxerr_ok) {
         error = copyKeys(&saplingKeys, requestedKey, output, outputLen);
     } else {
-    MEMZERO(sk, sizeof(sk));
-    MEMZERO(&saplingKeys, sizeof(saplingKeys));
+        MEMZERO(sk, sizeof(sk));
+        MEMZERO(&saplingKeys, sizeof(saplingKeys));
     }
 
     return error;
@@ -638,7 +639,7 @@ static parser_error_t h_star(uint8_t *a, uint16_t a_len, uint8_t *b, uint16_t b_
 
     return parser_ok;
 }
-static zxerr_t sign_sapling_spend(keys_t *keys, uint8_t *alpha, uint8_t *sign_hash ,uint8_t *signature) {
+static zxerr_t sign_sapling_spend(keys_t *keys, uint8_t alpha[static KEY_LENGTH], uint8_t sign_hash[static KEY_LENGTH], uint8_t *signature) {
     if (alpha == NULL || sign_hash == NULL || signature == NULL) {
         return zxerr_no_data;
     }
@@ -679,7 +680,7 @@ static zxerr_t sign_sapling_spend(keys_t *keys, uint8_t *alpha, uint8_t *sign_ha
     return zxerr_ok;
 }
 
-zxerr_t crypto_sign_spends_sapling(const parser_tx_t *txObj, uint8_t *output, uint16_t outputLen, uint16_t *responseLen) {
+zxerr_t crypto_sign_spends_sapling(const parser_tx_t *txObj, keys_t *keys, uint8_t *output, uint16_t outputLen, uint16_t *responseLen) {
     zemu_log_stack("crypto_signspends_sapling");
     if (txObj->transaction.sections.maspTx.data.sapling_bundle.n_shielded_spends == 0) {
         return zxerr_ok;
@@ -690,13 +691,6 @@ zxerr_t crypto_sign_spends_sapling(const parser_tx_t *txObj, uint8_t *output, ui
     uint8_t sign_hash[HASH_LEN] = {0};
     signature_hash(txObj, sign_hash);
 
-    // Get keys to use ask
-    uint8_t sapling_seed[KEY_LENGTH] = {0};
-    keys_t keys = {0};
-    CHECK_ZXERR(crypto_computeSaplingSeed(sapling_seed));
-    CHECK_PARSER_OK(computeMasterFromSeed(sapling_seed, keys.spendingKey));
-    CHECK_ZXERR(computeKeys(&keys));
-
     uint8_t signature[2 * HASH_LEN] = {0};
     uint8_t alpha[KEY_LENGTH] = {0};
     const uint8_t *spend = txObj->transaction.sections.maspBuilder.builder.sapling_builder.spends.ptr;
@@ -707,7 +701,7 @@ zxerr_t crypto_sign_spends_sapling(const parser_tx_t *txObj, uint8_t *output, ui
         spend += spendLen;
         MEMCPY(alpha, spend + ALPHA_OFFSET, KEY_LENGTH);
 
-        CHECK_ZXERR(sign_sapling_spend(&keys, alpha, sign_hash, signature));
+        CHECK_ZXERR(sign_sapling_spend(keys, alpha, sign_hash, signature));
 
         // Copy signature to output
         MEMCPY(output + i * MASP_SIG_LEN, signature, MASP_SIG_LEN);
@@ -807,21 +801,15 @@ zxerr_t checkConverts(const parser_tx_t *txObj) {
     return zxerr_ok;
 }
 
-zxerr_t crypto_check_masp(const parser_tx_t *txObj) {
-    if (txObj == NULL) {
+zxerr_t crypto_check_masp(const parser_tx_t *txObj, keys_t *keys) {
+    if (txObj == NULL || keys == NULL) {
         return zxerr_unknown;
     }
-    // Get keys to use ask
-    uint8_t sapling_seed[KEY_LENGTH] = {0};
-    keys_t keys = {0};
-    CHECK_ZXERR(crypto_computeSaplingSeed(sapling_seed));
-    CHECK_PARSER_OK(computeMasterFromSeed(sapling_seed, keys.spendingKey));
-    CHECK_ZXERR(computeKeys(&keys));
 
 #if !defined(LEDGER_SPECIFIC)
     // For now verify cv and rk https://github.com/anoma/masp/blob/main/masp_proofs/src/sapling/prover.rs#L278    
     // Check Spends
-    CHECK_ZXERR(checkSpends(txObj, &keys));
+    CHECK_ZXERR(checkSpends(txObj, keys));
 
     // Check outputs
     CHECK_ZXERR(checkOutputs(txObj));
@@ -837,11 +825,23 @@ zxerr_t crypto_sign_masp(const parser_tx_t *txObj, uint8_t *output, uint16_t out
         return zxerr_unknown;
     }
 
-    CHECK_ZXERR(crypto_check_masp(txObj));
+    // Get keys
+    uint8_t sapling_seed[KEY_LENGTH] = {0};
+    keys_t keys = {0};
+    CHECK_ZXERR(crypto_computeSaplingSeed(sapling_seed));
+    CHECK_PARSER_OK(computeMasterFromSeed(sapling_seed, keys.spendingKey));
+
+    if (computeKeys(&keys) != zxerr_ok || crypto_check_masp(txObj, &keys) != zxerr_ok) {
+        MEMZERO(sapling_seed, sizeof(sapling_seed));
+        MEMZERO(&keys, sizeof(keys));
+        return zxerr_invalid_crypto_settings;
+    }
 
     // Sign Sapling spends
-    CHECK_ZXERR(crypto_sign_spends_sapling(txObj, output, outputLen, responseLen));
+    CHECK_ZXERR(crypto_sign_spends_sapling(txObj, &keys, output, outputLen, responseLen));
 
+    MEMZERO(sapling_seed, sizeof(sapling_seed));
+    MEMZERO(&keys, sizeof(keys));
     return zxerr_ok;
 }
 
@@ -863,10 +863,10 @@ zxerr_t crypto_computeRandomness(const uint8_t *buffer, uint16_t bufferLen, uint
     }
     MEMZERO(out, outLen);
     zemu_log_stack("crypto_computeRandomness");
-    uint8_t spend_len = buffer[0];
-    uint8_t output_len = buffer[1];
-    uint8_t convert_len = buffer[2];
-    uint8_t tmp_rnd[32] = {0};
+    const uint8_t spend_len = buffer[0];
+    const uint8_t output_len = buffer[1];
+    const uint8_t convert_len = buffer[2];
+    uint8_t tmp_rnd[KEY_LENGTH] = {0};
 
     zemu_log_stack("crypto_computeRandomness");
     transaction_add_sizes(spend_len, output_len, convert_len);

app/src/crypto_helper.c

@@ -19,6 +19,7 @@
 #include "zxformat.h"
 #include "leb128.h"
 #include "zxmacros.h"
+#include "bech32_encoding.h"
 
 #include "keys_personalizations.h"
 #include "rslib.h"
@@ -33,6 +34,9 @@
 #define TESTNET_ADDRESS_T_HRP "testtnam"
 #define TESTNET_PUBKEY_T_HRP "testtpknam"
 
+#define MAINNET_EXT_FULL_VIEWING_KEY_HRP "zvknam"
+#define MAINNET_PAYMENT_ADDR_HRP "znam"
+
 #if defined(TARGET_NANOS) || defined(TARGET_NANOS2) || defined(TARGET_NANOX) || defined(TARGET_STAX)
     #include "cx.h"
     #include "cx_sha256.h"
@@ -136,6 +140,22 @@ zxerr_t crypto_encodeAddress(const uint8_t *pubkey, uint16_t pubkeyLen, uint8_t
     return zxerr_ok;
 }
 
+parser_error_t crypto_encodeLargeBech32(const uint8_t *address, size_t addressLen, uint8_t *output, size_t outputLen, bool paymentAddr) {
+    if (output == NULL || address == NULL) {
+        return parser_unexpected_value;
+    }
+
+    char HRP[10] = MAINNET_PAYMENT_ADDR_HRP;
+    if (!paymentAddr) {
+        strcpy(HRP, MAINNET_EXT_FULL_VIEWING_KEY_HRP);
+    }
+
+    if(bech32EncodeFromLargeBytes((char *)output, outputLen, HRP, (uint8_t*) address, addressLen, 1, BECH32_ENCODING_BECH32M) != zxerr_ok) {
+        return parser_unexpected_value;
+    };
+    return parser_ok;
+}
+
 zxerr_t crypto_sha256(const uint8_t *input, uint16_t inputLen, uint8_t *output, uint16_t outputLen) {
     if (input == NULL || output == NULL || outputLen < CX_SHA256_SIZE) {
         return zxerr_encoding_failed;

app/src/crypto_helper.h

@@ -66,6 +66,7 @@ parser_error_t computeDiversifier(const uint8_t dk[KEY_LENGTH], uint8_t start_in
 parser_error_t computePkd(const uint8_t ivk[KEY_LENGTH], const uint8_t diversifier[DIVERSIFIER_LENGTH], uint8_t pk_d[KEY_LENGTH]);
 parser_error_t computeValueCommitment(uint64_t value, uint8_t *rcv, uint8_t *identifier, uint8_t *cv);
 parser_error_t computeRk(keys_t *keys, uint8_t *alpha, uint8_t *rk);
+parser_error_t crypto_encodeLargeBech32( const uint8_t *address, size_t addressLen, uint8_t *output, size_t outputLen, bool paymentAddr);
 #ifdef __cplusplus
 }
 #endif

app/src/parser_print_txn.c

@@ -23,6 +23,7 @@
 #include "bech32.h"
 #include "parser_address.h"
 #include "bech32_encoding.h"
+#include "crypto_helper.h"
 
 #include "txn_delegation.h"
 
@@ -308,14 +309,7 @@ static parser_error_t printMaspTransferTxn( const parser_context_t *ctx,
             if (ctx->tx_obj->transfer.source_address.tag != 2) {
                 CHECK_ERROR(printAddressAlt(&ctx->tx_obj->transfer.source_address, outVal, outValLen, pageIdx, pageCount))
             } else {
-                const char *hrp = "zvknam";
-                bech32EncodeFromLargeBytes(tmp_buf,
-                            sizeof(tmp_buf),
-                            hrp,
-                            (uint8_t*) spend.ptr,
-                            EXTENDED_FVK_LEN,
-                            1,
-                            BECH32_ENCODING_BECH32M);
+                CHECK_ERROR(crypto_encodeLargeBech32(spend.ptr, EXTENDED_FVK_LEN, (uint8_t*) tmp_buf, sizeof(tmp_buf), 0));
                 pageString(outVal, outValLen, (const char*) tmp_buf, pageIdx, pageCount);
             }
 
@@ -348,14 +342,7 @@ static parser_error_t printMaspTransferTxn( const parser_context_t *ctx,
             if(ctx->tx_obj->transfer.target_address.tag != 2) {
                 CHECK_ERROR(printAddressAlt(&ctx->tx_obj->transfer.target_address, outVal, outValLen, pageIdx, pageCount))
             } else {
-                const char *hrp = "znam";
-                bech32EncodeFromLargeBytes(tmp_buf,
-                            sizeof(tmp_buf),
-                            hrp,
-                            (uint8_t*) out.ptr,
-                            PAYMENT_ADDR_LEN + DIVERSIFIER_LEN + 1,
-                            1,
-                            BECH32_ENCODING_BECH32M);
+                CHECK_ERROR(crypto_encodeLargeBech32(out.ptr, PAYMENT_ADDR_LEN + DIVERSIFIER_LEN + 1, (uint8_t*) tmp_buf, sizeof(tmp_buf), 1));
                 pageString(outVal, outValLen, (const char*) tmp_buf, pageIdx, pageCount);
             }
             break;

app/src/tx_hash.c

@@ -58,7 +58,7 @@ zxerr_t tx_hash_transparent_inputs(const parser_tx_t *txObj, uint8_t *output) {
 
     const uint8_t *vin = txObj->transaction.sections.maspTx.data.transparent_bundle.vin.ptr;
 
-    for(uint64_t i = 0; i < txObj->transaction.sections.maspTx.data.transparent_bundle.n_vin; i++, vin += VOUT_LEN){
+    for(uint64_t i = 0; i < txObj->transaction.sections.maspTx.data.transparent_bundle.n_vin; i++, vin += VIN_LEN){
         CHECK_CX_OK(cx_hash_no_throw(&ctx.header, 0, vin, ASSET_ID_LEN, NULL, 0));
         CHECK_CX_OK(cx_hash_no_throw(&ctx.header, 0, vin + VIN_VALUE_OFFSET, sizeof(uint64_t), NULL, 0));
         CHECK_CX_OK(cx_hash_no_throw(&ctx.header, 0, vin + VIN_ADDR_OFFSET, IMPLICIT_ADDR_LEN, NULL, 0));

js/src/processResponses.ts

@@ -106,17 +106,17 @@ export function processGetKeysResponse(response: Buffer, keyType: NamadaKeys): K
       const viewKey = Buffer.from(response.subarray(0, 2 * KEY_LENGTH))
       response = response.subarray(2 * KEY_LENGTH)
 
-      const ivk = Buffer.from(response.subarray(0, KEY_LENGTH))
+      const ovk = Buffer.from(response.subarray(0, KEY_LENGTH))
       response = response.subarray(KEY_LENGTH)
 
-      const ovk = Buffer.from(response.subarray(0, KEY_LENGTH))
+      const ivk = Buffer.from(response.subarray(0, KEY_LENGTH))
       response = response.subarray(KEY_LENGTH)
 
       requestedKey = {
         ...requestedKey,
         viewKey,
-        ivk,
         ovk,
+        ivk,
       }
       break
     }