Apply review comments, TLV format for APDU data

Author: btchip

client/src/ledger_app_clients/ethereum/client.py

@@ -17,6 +17,7 @@
 from .tlv import format_tlv, FieldTag
 from .response_parser import pk_addr
 from .tx_simu import TxSimu
+from .tx_auth_7702 import TxAuth7702
 
 
 class StatusWord(IntEnum):
@@ -679,12 +680,8 @@ def provide_proxy_info(self, payload: bytes) -> RAPDU:
             self._exchange(chunk)
         return self._exchange(chunks[-1])
 
-    def sign_eip7702_authorization(self,
-                                   bip32_path: str,
-                                   delegate: bytes,
-                                   nonce: int,
-                                   chain_id: Optional[int] = None) -> RAPDU:
-        return self._exchange_async(self._cmd_builder.sign_eip7702_authorization(bip32_path,
-                                                                                 delegate,
-                                                                                 nonce,
-                                                                                 chain_id))
+    def sign_eip7702_authorization(self, auth_params: TxAuth7702) -> RAPDU:
+        chunks = self._cmd_builder.sign_eip7702_authorization(auth_params.serialize())
+        for chunk in chunks[:-1]:
+            self._exchange(chunk)
+        return self._exchange_async(chunks[-1])

client/src/ledger_app_clients/ethereum/command_builder.py

@@ -463,23 +463,8 @@ def provide_network_information(self,
                 p1 = P1Type.FOLLOWING_CHUNK
         return chunks
 
-    def sign_eip7702_authorization(self,
-                                   bip32_path: str,
-                                   delegate: bytes,
-                                   nonce: int,
-                                   chain_id: Optional[int]) -> bytes:
-        data = pack_derivation_path(bip32_path)
-        data += delegate
-        if chain_id is None:
-            chain_id = 0
-        tmp = self._intToBytes(chain_id)
-        data += struct.pack(">B", len(tmp)) + tmp
-        tmp = self._intToBytes(nonce)
-        data += struct.pack(">B", len(tmp)) + tmp
-        return self._serialize(InsType.SIGN_EIP7702_AUTHORIZATION,
-                               0x00,
-                               0x00,
-                               data)
+    def sign_eip7702_authorization(self, tlv_payload: bytes) -> list[bytes]:
+        return self.common_tlv_serialize(InsType.SIGN_EIP7702_AUTHORIZATION, tlv_payload)
 
     def provide_enum_value(self, tlv_payload: bytes) -> list[bytes]:
         return self.common_tlv_serialize(InsType.PROVIDE_ENUM_VALUE, tlv_payload)

client/src/ledger_app_clients/ethereum/tx_auth_7702.py

@@ -0,0 +1,50 @@
+from typing import Optional
+from enum import IntEnum
+
+from bip_utils import Bip32Utils
+
+from .tlv import TlvSerializable
+
+
+class FieldTag(IntEnum):
+    STRUCT_VERSION = 0x00
+    DERIVATION_IDX = 0x01
+    DELEGATE_ADDR = 0x02
+    CHAIN_ID = 0x03
+    NONCE = 0x04
+
+
+class TxAuth7702(TlvSerializable):
+    bip32_path: str
+    delegate: bytes
+    nonce: int
+    chain_id: Optional[int] = 0
+
+    def __init__(self,
+                 bip32_path: str,
+                 delegate: bytes,
+                 nonce: int,
+                 chain_id: Optional[int] = 0) -> None:
+        self.bip32_path = bip32_path
+        self.delegate = delegate
+        self.nonce = nonce
+        self.chain_id = chain_id
+
+    def serialize(self) -> bytes:
+        payload: bytes = self.serialize_field(FieldTag.STRUCT_VERSION, 1)
+        split = self.bip32_path.split("/")
+        if split[0] != "m":
+            raise ValueError("Error master expected in bip32 path")
+        for value in split[1:]:
+            if value == "":
+                raise ValueError(f'Error missing value in split bip 32 path list "{split}"')
+            if value.endswith('\''):
+                payload += self.serialize_field(FieldTag.DERIVATION_IDX,
+                                                Bip32Utils.HardenIndex(int(value[:-1])).to_bytes(4, byteorder='big'))
+            else:
+                payload += self.serialize_field(FieldTag.DERIVATION_IDX,
+                                                int(value).to_bytes(4, byteorder='big'))
+        payload += self.serialize_field(FieldTag.DELEGATE_ADDR, self.delegate)
+        payload += self.serialize_field(FieldTag.NONCE, self.nonce.to_bytes(8, 'big'))
+        payload += self.serialize_field(FieldTag.CHAIN_ID, self.chain_id.to_bytes(8, 'big'))
+        return payload

doc/ethapp.adoc

@@ -1470,24 +1470,30 @@ _Command_
 [width="80%"]
 |==============================================================
 | *CLA* | *INS*  | *P1*               | *P2*       | *LC*
-|   E0  |   34   | 00                 | 00         | 00
+|   E0  |   34   | 01 : first chunk
+
+                   00 : following chunk
+                                      | 00         | 00
 |==============================================================
 
 _Input data_
 
+##### If P1 == first chunk
+
 [width="80%"]
-|==========================================
-| *Description*         | *Length (byte)*
-| Number of BIP 32 derivations to perform (max 10)                                  | 1
-| First derivation index (big endian)                                               | 4
-| ...                                                                               | 4
-| Last derivation index (big endian)                                                | 4
-| Delegate address                                                                  | 20
-| Length of Chain ID (max 32)                                                       | 1
-| Chain ID (smallest big endian encoding)                                           | variable
-| Length of Nonce (max 8)                                                           | 1
-| Nonce (smallest big endian encoding)                                              | variable
-|==========================================
+|====================================================================
+| *Description*                                     | *Length (byte)*
+| struct size (BE)                                  | 2
+| link:tlv_structs.md#auth_7702[AUTH_7702 struct] | variable
+|====================================================================
+
+##### If P1 == following chunk
+
+[width="80%"]
+|====================================================================
+| *Description*                                     | *Length (byte)*
+| link:tlv_structs.md#auth_7702[AUTH_7702 struct] | variable
+|====================================================================
 
 _Output data_
 

doc/tlv_structs.md

@@ -312,3 +312,13 @@ In version 1 of the protocol:
 | SELECTOR       | 0x28 | uint[4]         | function selector               | x        |
 | IMPL_ADDRESS   | 0x29 | uint8[20]       | implementation contract address |          |
 | SIGNATURE      | 0x15 | uint8[]         | signature of the structure      |          |
+
+## AUTH_7702
+
+| Name           | Tag  | Payload type    | Description                     | Optional |
+|----------------|------|-----------------|---------------------------------|----------|
+| STRUCT_VERSION | 0x00 | uint8           | structure version (currently 1) |          |
+| DERIVATION_IDX | 0x01 | uint32          | BIP32 derivation path item      |          |
+| DELEGATE_ADDR  | 0x02 | uint8[20]       | delegate address                |          |
+| CHAIN_ID       | 0x03 | uint64          | Chain ID (00 for no restriction)|          |
+| NONCE          | 0x04 | uint64          | nonce                           |          |

src/main.c

@@ -278,7 +278,7 @@ static uint16_t handleApdu(command_t *cmd, uint32_t *flags, uint32_t *tx) {
 
 #ifdef HAVE_EIP7702
         case INS_SIGN_EIP7702_AUTHORIZATION:
-            sw = handleSignEIP7702Authorization(cmd->data, cmd->lc, flags);
+            sw = handleSignEIP7702Authorization(cmd->p1, cmd->data, cmd->lc, flags);
             break;
 #endif  // HAVE_EIP7702
 

src_features/signAuthorizationEIP7702/auth_7702.c

@@ -0,0 +1,108 @@
+#ifdef HAVE_EIP7702
+
+#include "auth_7702.h"
+#include "utils.h"
+#include "read.h"
+
+enum {
+    TAG_STRUCT_VERSION = 0x00,
+    TAG_DERIVATION_IDX = 0x01,
+    TAG_DELEGATE_ADDR = 0x02,
+    TAG_CHAIN_ID = 0x03,
+    TAG_NONCE = 0x04,
+};
+
+enum {
+    BIT_VERSION,
+    BIT_DERIVATION_IDX,
+    BIT_DELEGATE_ADDR,
+    BIT_CHAIN_ID,
+    BIT_NONCE,
+};
+
+#define STRUCT_VERSION 0x01
+#define MASK_ALL                                                                       \
+    (SET_BIT(BIT_VERSION) | SET_BIT(BIT_DERIVATION_IDX) | SET_BIT(BIT_DELEGATE_ADDR) | \
+     SET_BIT(BIT_CHAIN_ID) | SET_BIT(BIT_NONCE))
+
+static bool handle_version(const s_tlv_data *data, s_auth_7702_ctx *context) {
+    if (data->length != sizeof(uint8_t)) {
+        return false;
+    }
+    context->mask_parsed |= SET_BIT(BIT_VERSION);
+    return (data->value[0] == STRUCT_VERSION);
+}
+
+static bool handle_derivation_idx(const s_tlv_data *data, s_auth_7702_ctx *context) {
+    uint32_t idx;
+    if (data->length != sizeof(uint32_t)) {
+        return false;
+    }
+    if (context->auth_7702.bip32.length == MAX_BIP32_PATH) {
+        return false;
+    }
+    idx = read_u32_be(data->value, 0);
+    context->auth_7702.bip32.path[context->auth_7702.bip32.length] = idx;
+    context->auth_7702.bip32.length++;
+    context->mask_parsed |= SET_BIT(BIT_DERIVATION_IDX);
+    return true;
+}
+
+static bool handle_delegate_addr(const s_tlv_data *data, s_auth_7702_ctx *context) {
+    if (data->length != sizeof(context->auth_7702.delegate)) {
+        return false;
+    }
+    memmove(context->auth_7702.delegate, data->value, sizeof(context->auth_7702.delegate));
+    context->mask_parsed |= SET_BIT(BIT_DELEGATE_ADDR);
+    return true;
+}
+
+static bool handle_chain_id(const s_tlv_data *data, s_auth_7702_ctx *context) {
+    if (data->length != sizeof(uint64_t)) {
+        return false;
+    }
+    context->auth_7702.chainId = read_u64_be(data->value, 0);
+    context->mask_parsed |= SET_BIT(BIT_CHAIN_ID);
+    return true;
+}
+
+static bool handle_nonce(const s_tlv_data *data, s_auth_7702_ctx *context) {
+    if (data->length != sizeof(uint64_t)) {
+        return false;
+    }
+    context->auth_7702.nonce = read_u64_be(data->value, 0);
+    context->mask_parsed |= SET_BIT(BIT_NONCE);
+    return true;
+}
+
+bool handle_auth_7702_struct(const s_tlv_data *data, s_auth_7702_ctx *context) {
+    bool ret;
+
+    switch (data->tag) {
+        case TAG_STRUCT_VERSION:
+            ret = handle_version(data, context);
+            break;
+        case TAG_DERIVATION_IDX:
+            ret = handle_derivation_idx(data, context);
+            break;
+        case TAG_DELEGATE_ADDR:
+            ret = handle_delegate_addr(data, context);
+            break;
+        case TAG_CHAIN_ID:
+            ret = handle_chain_id(data, context);
+            break;
+        case TAG_NONCE:
+            ret = handle_nonce(data, context);
+            break;
+        default:
+            PRINTF(TLV_TAG_ERROR_MSG, data->tag);
+            ret = false;
+    }
+    return ret;
+}
+
+bool verify_auth_7702_struct(s_auth_7702_ctx *context) {
+    return ((context->mask_parsed & MASK_ALL) == MASK_ALL);
+}
+
+#endif  // HAVE_EIP7702

src_features/signAuthorizationEIP7702/auth_7702.h

@@ -0,0 +1,21 @@
+#pragma once
+
+#include <stdint.h>
+#include "bip32_utils.h"
+#include "common_utils.h"
+#include "tlv.h"
+
+typedef struct {
+    bip32_path_t bip32;
+    uint64_t chainId;
+    uint64_t nonce;
+    uint8_t delegate[20];
+} s_auth_7702;
+
+typedef struct {
+    s_auth_7702 auth_7702;
+    uint8_t mask_parsed;
+} s_auth_7702_ctx;
+
+bool handle_auth_7702_struct(const s_tlv_data *data, s_auth_7702_ctx *context);
+bool verify_auth_7702_struct(s_auth_7702_ctx *context);