Update swap utils to handle network config

cedelavergne-ledger · cedelavergne-ledger · commit 786f2c1d5844 · 2025-12-05T11:11:20.000+01:00
diff --git a/src/eth_swap_utils.c b/src/eth_swap_utils.c
@@ -23,46 +23,182 @@
 #include "utils.h"
 #include "swap_error_code_helpers.h"
 #include "feature_signTx.h"
+#include "network.h"
 
+// Global flag indicating whether swap parameters have been verified
 bool G_swap_checked;
 
-bool parse_swap_config(const uint8_t *config,
-                       uint8_t config_len,
-                       char *ticker,
-                       uint8_t *decimals,
-                       uint64_t *chain_id) {
-    uint8_t ticker_len, offset = 0;
+/**
+ * Helper function to parse a token info (ticker + decimals) from config buffer
+ *
+ * @param config Pointer to the current position in config buffer
+ * @param config_len Total length of the config buffer
+ * @param info Output structure to store parsed token info
+ * @param offset Pointer to current offset (updated after parsing)
+ * @return true if parsing succeeds, false otherwise
+ */
+static bool parse_token_info(const uint8_t *config,
+                             uint8_t config_len,
+                             swap_info_t *info,
+                             uint8_t *offset) {
+    uint8_t ticker_len;
 
-    if ((config == NULL) || (config_len == 0) || (ticker == NULL) || (decimals == NULL)) {
+    // Check if we have enough data for ticker length
+    if (*offset >= config_len) {
+        PRINTF("Not enough data for ticker length\n");
         return false;
     }
-    ticker_len = config[offset];
-    offset += sizeof(ticker_len);
-    if ((ticker_len == 0) || (ticker_len > (MAX_TICKER_LEN - 2)) ||
-        ((config_len - offset) < (ticker_len))) {
+
+    // Read ticker length
+    ticker_len = config[*offset];
+    (*offset)++;
+
+    // Validate ticker length
+    if ((ticker_len == 0) || (ticker_len > (MAX_TICKER_LEN - 2))) {
+        PRINTF("Ticker length is invalid (%d)\n", ticker_len);
         return false;
     }
-    memcpy(ticker, config + offset, ticker_len);
-    offset += ticker_len;
-    ticker[ticker_len] = '\0';
 
-    if ((config_len - offset) < 1) {
+    // Check if we have enough data for ticker
+    if ((*offset + ticker_len) > config_len) {
+        PRINTF("Not enough data for ticker\n");
         return false;
     }
-    *decimals = config[offset];
-    offset += sizeof(*decimals);
 
-    // the chain ID was adder later to the CAL swap subconfig
-    // so it is optional for retro-compatibility (as it might not be present)
-    if ((chain_id != NULL) && ((config_len - offset) >= sizeof(*chain_id))) {
-        PRINTF("Chain ID from the swap subconfig = 0x%.*h\n", sizeof(*chain_id), &config[offset]);
-        *chain_id = u64_from_BE(config + offset, sizeof(*chain_id));
+    // Copy ticker and add null terminator
+    memcpy(info->ticker, config + *offset, ticker_len);
+    info->ticker[ticker_len] = '\0';
+    *offset += ticker_len;
+
+    // Check if we have enough data for decimals
+    if (*offset >= config_len) {
+        PRINTF("Not enough data for decimals\n");
+        return false;
     }
+
+    // Read decimals
+    info->decimals = config[*offset];
+    (*offset)++;
+
     return true;
 }
 
-/* Local implementation of strncasecmp, workaround of the segfaulting base implem on return value
- * Remove once strncasecmp is fixed
+/**
+ * Parse swap configuration from CAL (Crypto Asset Library)
+ *
+ * @param config Buffer containing the configuration to parse
+ * @param config_len Length of the configuration buffer
+ * @param context Output structure to store all parsed swap information
+ * @return true if parsing succeeds, false otherwise
+ *
+ * @note Configuration buffer format (app-specific):
+ * @code
+ * +---------+--------------------+----------+--------------------------+
+ * | Offset  | Field              | Size     | Description              |
+ * +---------+--------------------+----------+--------------------------+
+ * | 0       | asset_ticker_len   | 1 byte   | Length of asset_ticker   |
+ * | 1       | asset_ticker       | n bytes  | Asset symbol             |
+ * | 1+n     | asset_decimals     | 1 byte   | Asset decimal places     |
+ * | 2+n     | chain_id           | 8 bytes  | Chain ID (BE)            |
+ * | 2+n+8   | network_ticker_len | 1 byte   | Length of network_ticker |
+ * | 2+n+9   | network_ticker     | m bytes  | Network symbol           |
+ * | 2+n+9+m | network_decimals   | 1 byte   | Network decimal places   |
+ * +---------+--------------------+----------+--------------------------+
+ * @endcode
+ *
+ * @note The chain ID and network fields are optional (backward compatibility)
+ */
+bool parse_swap_config(const uint8_t *config, uint8_t config_len, swap_context_t *context) {
+    uint8_t offset = 0;
+    uint8_t chainid_len = sizeof(context->chain_id);
+
+    // Validate input parameters
+    if ((config == NULL) || (config_len == 0) || (context == NULL)) {
+        PRINTF("Invalid input parameters to parse_swap_config\n");
+        return false;
+    }
+
+    // Initialize defaults
+    context->asset_info.ticker[0] = '\0';
+    context->network_info.ticker[0] = '\0';
+    context->network_info.decimals = WEI_TO_ETHER;  // Default to ETH decimals
+    context->chain_id = 0;
+
+    // Parse asset token info
+    if (!parse_token_info(config, config_len, &context->asset_info, &offset)) {
+        PRINTF("Failed to parse asset info\n");
+        return false;
+    }
+
+    // Parse chain ID (optional)
+    if ((config_len - offset) < chainid_len) {
+        PRINTF("No chain ID is present\n");
+        return true;
+    }
+    // Read chain ID (big-endian)
+    PRINTF("Chain ID from the swap subconfig = 0x%.*h\n", chainid_len, &config[offset]);
+    context->chain_id = u64_from_BE(config + offset, chainid_len);
+    offset += chainid_len;
+
+    // Parse network token info (optional, for retrocompatibility)
+    if (offset >= config_len) {
+        PRINTF("No network info is present\n");
+        return true;
+    }
+
+    if (!parse_token_info(config, config_len, &context->network_info, &offset)) {
+        PRINTF("Failed to parse network info\n");
+        return false;
+    }
+
+    return true;
+}
+
+/**
+ * Parse swap configuration from CAL (Crypto Asset Library)
+ *
+ * @param is_fee Indicates if the amount is a fee
+ * @param context Output structure to store all parsed swap information
+ * @param config Chain configuration for fallback mechanisms
+ * @param ticker Output pointer to store the resolved ticker
+ * @param decimals Output pointer to store the resolved decimals (can be NULL)
+ */
+void parse_network_config(bool is_fee,
+                          swap_context_t *context,
+                          chain_config_t *config,
+                          char **ticker,
+                          uint8_t *decimals) {
+    // If the amount is a fee, the ticker should be the chain's native currency
+    if (is_fee) {
+        if (context->network_info.ticker[0] == '\0') {
+            // fallback mechanism in the absence of network ticker in swap config
+            if (context->chain_id == 0) {
+                // fallback mechanism in the absence of chain ID in swap config
+                context->chain_id = config->chainId;
+            }
+            PRINTF("chain_id = %d\n", (uint32_t) context->chain_id);
+            *ticker = (char *) get_displayable_ticker(&context->chain_id, config, false);
+        } else {
+            *ticker = context->network_info.ticker;
+        }
+        if (decimals != NULL) {
+            *decimals = context->network_info.decimals;
+        }
+    } else {
+        *ticker = context->asset_info.ticker;
+        if (decimals != NULL) {
+            *decimals = context->asset_info.decimals;
+        }
+    }
+}
+
+/**
+ * Local implementation of strcasecmp, workaround for the segfaulting base implementation
+ * on return value. Remove once strcasecmp is fixed.
+ *
+ * @param str1 First string to compare
+ * @param str2 Second string to compare
+ * @return 0 if strings are equal (case-insensitive), difference otherwise
  */
 static int strcasecmp_workaround(const char *str1, const char *str2) {
     unsigned char c1, c2;
@@ -79,6 +215,12 @@ static int strcasecmp_workaround(const char *str1, const char *str2) {
     return 0;
 }
 
+/**
+ * Verify that the destination address matches the previously validated one
+ *
+ * @param destination Destination address to verify
+ * @return true if destination matches, false otherwise (exits app on failure)
+ */
 bool swap_check_destination(const char *destination) {
     if (destination == NULL) {
         return false;
@@ -99,6 +241,12 @@ bool swap_check_destination(const char *destination) {
     return true;
 }
 
+/**
+ * Verify that the amount matches the previously validated one
+ *
+ * @param amount Amount to verify
+ * @return true if amount matches, false otherwise (exits app on failure)
+ */
 bool swap_check_amount(const char *amount) {
     if (amount == NULL) {
         return false;
@@ -119,6 +267,12 @@ bool swap_check_amount(const char *amount) {
     return true;
 }
 
+/**
+ * Verify that the fee matches the previously validated one
+ *
+ * @param fee Fee to verify
+ * @return true if fee matches, false otherwise (exits app on failure)
+ */
 bool swap_check_fee(const char *fee) {
     if (fee == NULL) {
         return false;
diff --git a/src/eth_swap_utils.h b/src/eth_swap_utils.h
@@ -25,6 +25,17 @@
 
 extern bool G_swap_checked;
 
+typedef struct {
+    char ticker[MAX_TICKER_LEN];
+    uint8_t decimals;
+} swap_info_t;
+
+typedef struct {
+    swap_info_t asset_info;
+    swap_info_t network_info;
+    uint64_t chain_id;
+} swap_context_t;
+
 typedef struct eth_libargs_s {
     unsigned int id;
     unsigned int command;
@@ -37,11 +48,13 @@ typedef struct eth_libargs_s {
     };
 } eth_libargs_t;
 
-bool parse_swap_config(const uint8_t *config,
-                       uint8_t config_len,
-                       char *ticker,
-                       uint8_t *decimals,
-                       uint64_t *chain_id);
+bool parse_swap_config(const uint8_t *config, uint8_t config_len, swap_context_t *context);
+void parse_network_config(bool is_fee,
+                          swap_context_t *context,
+                          chain_config_t *config,
+                          char **ticker,
+                          uint8_t *decimals);
+
 bool swap_check_destination(const char *destination);
 bool swap_check_amount(const char *amount);
 bool swap_check_fee(const char *fee);
diff --git a/src/handle_get_printable_amount.c b/src/handle_get_printable_amount.c
@@ -1,13 +1,12 @@
 #include "os.h"
 #include "eth_swap_utils.h"
-#include "network.h"
 #include "apdu_constants.h"
 
 uint16_t handle_get_printable_amount(get_printable_amount_parameters_t* params,
                                      chain_config_t* config) {
-    char ticker[MAX_TICKER_LEN];
-    uint8_t decimals;
-    uint64_t chain_id = 0;
+    swap_context_t context = {0};
+    char* ticker = NULL;
+    uint8_t decimals = 0;
 
     memset(params->printable_amount, 0, sizeof(params->printable_amount));
     if (params->amount_length > 32) {
@@ -17,21 +16,12 @@ uint16_t handle_get_printable_amount(get_printable_amount_parameters_t* params,
 
     if (!parse_swap_config(params->coin_configuration,
                            params->coin_configuration_length,
-                           ticker,
-                           &decimals,
-                           &chain_id)) {
+                           &context)) {
         PRINTF("Error while parsing config\n");
         return SWO_INCORRECT_DATA;
     }
     // If the amount is a fee, the ticker should be the chain's native currency
-    if (params->is_fee) {
-        // fallback mechanism in the absence of chain ID in swap config
-        if (chain_id == 0) {
-            chain_id = config->chainId;
-        }
-        strlcpy(ticker, get_displayable_ticker(&chain_id, config, false), sizeof(ticker));
-        decimals = WEI_TO_ETHER;
-    }
+    parse_network_config(params->is_fee, &context, config, &ticker, &decimals);
 
     if (!amountToString(params->amount,
                         params->amount_length,
diff --git a/src/handle_swap_sign_transaction.c b/src/handle_swap_sign_transaction.c
@@ -1,6 +1,5 @@
 #include "eth_swap_utils.h"
 #include "shared_context.h"
-#include "network.h"
 #include "cmd_setPlugin.h"
 #include "nbgl_use_case.h"
 #include "mem.h"
@@ -70,55 +69,46 @@ bool copy_transaction_parameters(create_transaction_parameters_t* sign_transacti
             swap_mode = SWAP_MODE_ERROR;
     }
 
-    char asset_ticker[MAX_TICKER_LEN];
-    uint8_t asset_decimals;
-    uint64_t chain_id = 0;
+    swap_context_t context = {0};
+    char* ticker = NULL;
 
     if (!parse_swap_config(sign_transaction_params->coin_configuration,
                            sign_transaction_params->coin_configuration_length,
-                           asset_ticker,
-                           &asset_decimals,
-                           &chain_id)) {
+                           &context)) {
         PRINTF("Error while parsing config\n");
         return false;
     }
 
-    // fallback mechanism in the absence of chain ID in swap config
-    if (chain_id == 0) {
-        chain_id = config->chainId;
-    }
-    PRINTF("chain_id = %d\n", (uint32_t) chain_id);
-
     // If the amount is a fee, its value is nominated in NATIVE even if we're doing an ERC20 swap
-    const char* native_ticker = get_displayable_ticker(&chain_id, config, false);
-    uint8_t native_decimals = WEI_TO_ETHER;
+    parse_network_config(true, &context, (chain_config_t*) config, &ticker, NULL);
+
     if (!amountToString(sign_transaction_params->fee_amount,
                         sign_transaction_params->fee_amount_length,
-                        native_decimals,
-                        native_ticker,
+                        context.network_info.decimals,
+                        ticker,
                         stack_data.maxFee,
                         sizeof(stack_data.maxFee))) {
         return false;
     }
     PRINTF("Expecting fees %s\n", stack_data.maxFee);
 
     if (swap_mode == SWAP_MODE_CROSSCHAIN_PENDING_CHECK &&
-        strcmp(native_ticker, asset_ticker) != 0) {
+        strcmp(ticker, context.asset_info.ticker) != 0) {
         // Special case: crosschain swap of non native assets (tokens)
         uint8_t zero_amount = 0;
         if (!amountToString(&zero_amount,
                             1,
-                            native_decimals,
-                            native_ticker,
+                            context.network_info.decimals,
+                            ticker,
                             stack_data.fullAmount,
                             sizeof(stack_data.fullAmount))) {
             return false;
         }
     } else {
         if (!amountToString(sign_transaction_params->amount,
                             sign_transaction_params->amount_length,
-                            asset_decimals,
-                            asset_ticker,
+                            context.asset_info.decimals,
+                            context.asset_info.ticker,
                             stack_data.fullAmount,
                             sizeof(stack_data.fullAmount))) {
             return false;
