Merge pull request #732 from LedgerHQ/feat/apa/contract_proxy

Proxy contract support

Author: apaillier-ledger

.gitignore

@@ -25,3 +25,6 @@ default.profdata
 fuzz-*.log
 crash-*
 report.html
+
+# LSP
+.cache/

client/src/ledger_app_clients/ethereum/client.py

@@ -570,6 +570,21 @@ def provide_network_information(self,
         assert response.status == StatusWord.OK
 
     def provide_enum_value(self, payload: bytes) -> RAPDU:
+        if self._pki_client is None:
+            print(f"Ledger-PKI Not supported on '{self._firmware.name}'")
+        else:
+            # pylint: disable=line-too-long
+            if self._firmware == Firmware.NANOSP:
+                cert_apdu = "01010102010211040000000212010013020002140101160400000000200863616C6C646174613002000831010B32012133210381C0821E2A14AC2546FB0B9852F37CA2789D7D76483D79217FB36F51DCE1E7B434010135010315463044022076DD2EAB72E69D440D6ED8290C8C37E39F54294C23FF0F8520F836E7BE07455C02201D9A8A75223C1ADA1D9D00966A12EBB919D0BBF2E66F144C83FADCAA23672566"  # noqa: E501
+            elif self._firmware == Firmware.NANOX:
+                cert_apdu = "01010102010211040000000212010013020002140101160400000000200863616C6C646174613002000831010B32012133210381C0821E2A14AC2546FB0B9852F37CA2789D7D76483D79217FB36F51DCE1E7B434010135010215463044022077FF9625006CB8A4AD41A4B04FF2112E92A732BD263CCE9B97D8E7D2536D04300220445B8EE3616FB907AA5E68359275E94D0A099C3E32A4FC8B3669C34083671F2F"  # noqa: E501
+            elif self._firmware == Firmware.STAX:
+                cert_apdu = "01010102010211040000000212010013020002140101160400000000200863616C6C646174613002000831010B32012133210381C0821E2A14AC2546FB0B9852F37CA2789D7D76483D79217FB36F51DCE1E7B434010135010415473045022100A88646AD72CA012D5FDAF8F6AE0B7EBEF079212768D57323CB5B57CADD9EB20D022005872F8EA06092C9783F01AF02C5510588FB60CBF4BA51FB382B39C1E060BB6B"  # noqa: E501
+            elif self._firmware == Firmware.FLEX:
+                cert_apdu = "01010102010211040000000212010013020002140101160400000000200863616C6C646174613002000831010B32012133210381C0821E2A14AC2546FB0B9852F37CA2789D7D76483D79217FB36F51DCE1E7B43401013501051546304402205305BDDDAD0284A2EAC2A9BE4CEF6604AE9415C5F46883448F5F6325026234A3022001ED743BCF33CCEB070FDD73C3D3FCC2CEE5AB30A5C3EB7D2A8D21C6F58D493F"  # noqa: E501
+            # pylint: enable=line-too-long
+            self._pki_client.send_certificate(PKIPubKeyUsage.PUBKEY_USAGE_CALLDATA, bytes.fromhex(cert_apdu))
+
         chunks = self._cmd_builder.provide_enum_value(payload)
         for chunk in chunks[:-1]:
             self._exchange(chunk)
@@ -636,3 +651,23 @@ def provide_tx_simulation(self, simu_params: TxSimu) -> RAPDU:
         for chunk in chunks[:-1]:
             self._exchange(chunk)
         return self._exchange(chunks[-1])
+
+    def provide_proxy_info(self, payload: bytes) -> RAPDU:
+        if self._pki_client is None:
+            print(f"Ledger-PKI Not supported on '{self._firmware.name}'")
+        else:
+            # pylint: disable=line-too-long
+            if self._firmware == Firmware.NANOSP:
+                cert_apdu = "01010102010211040000000212010013020002140101160400000000200863616C6C646174613002000831010B32012133210381C0821E2A14AC2546FB0B9852F37CA2789D7D76483D79217FB36F51DCE1E7B434010135010315463044022076DD2EAB72E69D440D6ED8290C8C37E39F54294C23FF0F8520F836E7BE07455C02201D9A8A75223C1ADA1D9D00966A12EBB919D0BBF2E66F144C83FADCAA23672566"  # noqa: E501
+            elif self._firmware == Firmware.NANOX:
+                cert_apdu = "01010102010211040000000212010013020002140101160400000000200863616C6C646174613002000831010B32012133210381C0821E2A14AC2546FB0B9852F37CA2789D7D76483D79217FB36F51DCE1E7B434010135010215463044022077FF9625006CB8A4AD41A4B04FF2112E92A732BD263CCE9B97D8E7D2536D04300220445B8EE3616FB907AA5E68359275E94D0A099C3E32A4FC8B3669C34083671F2F"  # noqa: E501
+            elif self._firmware == Firmware.STAX:
+                cert_apdu = "01010102010211040000000212010013020002140101160400000000200863616C6C646174613002000831010B32012133210381C0821E2A14AC2546FB0B9852F37CA2789D7D76483D79217FB36F51DCE1E7B434010135010415473045022100A88646AD72CA012D5FDAF8F6AE0B7EBEF079212768D57323CB5B57CADD9EB20D022005872F8EA06092C9783F01AF02C5510588FB60CBF4BA51FB382B39C1E060BB6B"  # noqa: E501
+            elif self._firmware == Firmware.FLEX:
+                cert_apdu = "01010102010211040000000212010013020002140101160400000000200863616C6C646174613002000831010B32012133210381C0821E2A14AC2546FB0B9852F37CA2789D7D76483D79217FB36F51DCE1E7B43401013501051546304402205305BDDDAD0284A2EAC2A9BE4CEF6604AE9415C5F46883448F5F6325026234A3022001ED743BCF33CCEB070FDD73C3D3FCC2CEE5AB30A5C3EB7D2A8D21C6F58D493F"  # noqa: E501
+            # pylint: enable=line-too-long
+            self._pki_client.send_certificate(PKIPubKeyUsage.PUBKEY_USAGE_CALLDATA, bytes.fromhex(cert_apdu))
+        chunks = self._cmd_builder.provide_proxy_info(payload)
+        for chunk in chunks[:-1]:
+            self._exchange(chunk)
+        return self._exchange(chunks[-1])

client/src/ledger_app_clients/ethereum/command_builder.py

@@ -28,6 +28,7 @@ class InsType(IntEnum):
     PROVIDE_TRUSTED_NAME = 0x22
     PROVIDE_ENUM_VALUE = 0x24
     PROVIDE_TRANSACTION_INFO = 0x26
+    PROVIDE_PROXY_INFO = 0x2a
     PROVIDE_NETWORK_INFORMATION = 0x30
     PROVIDE_TX_SIMULATION = 0x32
 
@@ -467,3 +468,6 @@ def opt_in_tx_simulation(self) -> bytes:
 
     def provide_tx_simulation(self, tlv_payload: bytes) -> list[bytes]:
         return self.common_tlv_serialize(InsType.PROVIDE_TX_SIMULATION, tlv_payload, p1l=[0x00], p2l=[0x01, 0x00])
+
+    def provide_proxy_info(self, tlv_payload: bytes) -> list[bytes]:
+        return self.common_tlv_serialize(InsType.PROVIDE_PROXY_INFO, tlv_payload)

client/src/ledger_app_clients/ethereum/eip712/InputData.py

@@ -406,9 +406,12 @@ def handle_optional_domain_values(domain):
         domain["verifyingContract"] = "0x0000000000000000000000000000000000000000"
 
 
-def init_signature_context(types, domain):
+def init_signature_context(types, domain, filters):
     handle_optional_domain_values(domain)
-    caddr = domain["verifyingContract"]
+    if "address" in filters:
+        caddr = filters["address"]
+    else:
+        caddr = domain["verifyingContract"]
     if caddr.startswith("0x"):
         caddr = caddr[2:]
     sig_ctx["caddr"] = bytearray.fromhex(caddr)
@@ -452,7 +455,9 @@ def process_data(aclient: EthAppClient,
     global app_client
     global autonext_handler
     global is_golden_run
+    global current_path
 
+    current_path = []
     # deepcopy because this function modifies the dict
     data_json = copy.deepcopy(data_json)
     app_client = aclient
@@ -469,7 +474,7 @@ def process_data(aclient: EthAppClient,
     is_golden_run = golden_run
 
     if filters:
-        init_signature_context(types, domain)
+        init_signature_context(types, domain, filters)
 
     # send types definition
     for key in types.keys():

client/src/ledger_app_clients/ethereum/enum_value.py

@@ -54,6 +54,6 @@ def serialize(self) -> bytes:
         payload += format_tlv(Tag.NAME, self.name)
         sig = self.signature
         if sig is None:
-            sig = sign_data(Key.CAL, payload)
+            sig = sign_data(Key.CALLDATA, payload)
         payload += format_tlv(Tag.SIGNATURE, sig)
         return payload

client/src/ledger_app_clients/ethereum/proxy_info.py

@@ -0,0 +1,54 @@
+from enum import IntEnum
+from typing import Optional
+from .tlv import format_tlv
+from .keychain import sign_data, Key
+
+
+class Tag(IntEnum):
+    STRUCT_TYPE = 0x01
+    STRUCT_VERSION = 0x02
+    CHALLENGE = 0x12
+    ADDRESS = 0x22
+    CHAIN_ID = 0x23
+    SELECTOR = 0x28
+    IMPL_ADDRESS = 0x29
+    SIGNATURE = 0x15
+
+
+class ProxyInfo:
+    challenge: int
+    address: bytes
+    chain_id: int
+    selector: Optional[bytes]
+    impl_address: bytes
+    signature: Optional[bytes]
+
+    def __init__(self,
+                 challenge: int,
+                 address: bytes,
+                 chain_id: int,
+                 impl_address: bytes,
+                 selector: Optional[bytes] = None,
+                 signature: Optional[bytes] = None):
+        self.challenge = challenge
+        self.address = address
+        self.chain_id = chain_id
+        self.selector = selector
+        self.impl_address = impl_address
+        self.signature = signature
+
+    def serialize(self) -> bytes:
+        payload = bytearray()
+        payload += format_tlv(Tag.STRUCT_TYPE, 0x26)
+        payload += format_tlv(Tag.STRUCT_VERSION, 1)
+        payload += format_tlv(Tag.CHALLENGE, self.challenge)
+        payload += format_tlv(Tag.ADDRESS, self.address)
+        payload += format_tlv(Tag.CHAIN_ID, self.chain_id)
+        if self.selector is not None:
+            payload += format_tlv(Tag.SELECTOR, self.selector)
+        payload += format_tlv(Tag.IMPL_ADDRESS, self.impl_address)
+        sig = self.signature
+        if sig is None:
+            sig = sign_data(Key.CALLDATA, payload)
+        payload += format_tlv(Tag.SIGNATURE, sig)
+        return payload

doc/ethapp.adoc

@@ -1122,6 +1122,9 @@ None
 
 ### TRANSACTION INFO
 
+#### Description
+#### Coding
+
 _Command_
 
 [width="80%"]
@@ -1159,6 +1162,9 @@ None
 
 ### TRANSACTION FIELD DESCRIPTION
 
+#### Description
+#### Coding
+
 _Command_
 
 [width="80%"]
@@ -1194,6 +1200,50 @@ _Output data_
 None
 
 
+### PROVIDE PROXY INFO
+
+#### Description
+
+This command provides the app with the knowledge that a contract address is a proxy to another contract on a specific chain.
+This can also (optionally) be restricted to a specific function within the contract.
+
+#### Coding
+
+_Command_
+
+[width="80%"]
+|==============================================================
+| *CLA* | *INS*  | *P1*               | *P2*       | *LC*
+|   E0  |   2A   | 01 : first chunk
+
+                   00 : following chunk
+                                      | 00         | 00
+|==============================================================
+
+_Input data_
+
+##### If P1 == first chunk
+
+[width="80%"]
+|==========================================
+| *Description*         | *Length (byte)*
+| Payload length        | 2
+| TLV payload           | variable
+|==========================================
+
+##### If P1 == following chunk
+
+[width="80%"]
+|==========================================
+| *Description*         | *Length (byte)*
+| TLV payload           | variable
+|==========================================
+
+_Output data_
+
+None
+
+
 ### PROVIDE NETWORK CONFIGURATION
 
 #### Description

src/apdu_constants.h

@@ -30,6 +30,7 @@
 #define INS_PROVIDE_ENUM_VALUE              0x24
 #define INS_GTP_TRANSACTION_INFO            0x26
 #define INS_GTP_FIELD                       0x28
+#define INS_PROVIDE_PROXY_INFO              0x2A
 #define INS_PROVIDE_NETWORK_CONFIGURATION   0x30
 #define INS_PROVIDE_TX_SIMULATION           0x32
 

src/main.c

@@ -44,6 +44,7 @@
 #include "cmd_tx_info.h"
 #include "cmd_field.h"
 #include "cmd_get_tx_simulation.h"
+#include "cmd_proxy_info.h"
 
 tmpCtx_t tmpCtx;
 txContext_t txContext;
@@ -256,6 +257,12 @@ static uint16_t handleApdu(command_t *cmd, uint32_t *flags, uint32_t *tx) {
             break;
 #endif  // HAVE_GENERIC_TX_PARSER
 
+#if defined(HAVE_EIP712_FULL_SUPPORT) || defined(HAVE_GENERIC_TX_PARSER)
+        case INS_PROVIDE_PROXY_INFO:
+            sw = handle_proxy_info(cmd->p1, cmd->p2, cmd->lc, cmd->data);
+            break;
+#endif
+
 #ifdef HAVE_DYNAMIC_NETWORKS
         case INS_PROVIDE_NETWORK_CONFIGURATION:
             sw = handle_network_info(cmd->p1, cmd->p2, cmd->data, cmd->lc, tx);

src/signature.h

@@ -0,0 +1,6 @@
+#ifndef SIGNATURE_H_
+#define SIGNATURE_H_
+
+#define ECDSA_SIGNATURE_MAX_LENGTH 73
+
+#endif  // SIGNATURE_H_