error eip712 signature with nested fields (#905)

franco-gondi · franco-gondi · web-flow · commit 9efa84e20c42 · 2025-11-25T11:25:11.000+01:00
* error signature

* make test more explicit

* fix: hash ctx stack in arrays

* fix: build

* chore: removed whitespace

* fix: format

---------

Co-authored-by: franco-gondi &lt;franco@floridast.xyz&gt;
diff --git a/src/features/signMessageEIP712/path.c b/src/features/signMessageEIP712/path.c
@@ -156,6 +156,21 @@ cx_sha3_t *get_last_hash_ctx(void) {
     return &((s_hash_ctx *) hash_ctx)->hash;
 }
 
+/**
+ * Get the previous hashing context before the given one
+ *
+ * @return pointer to the hashing context
+ */
+cx_sha3_t *get_previous_hash_ctx(cx_sha3_t *hash_ctx) {
+    cx_sha3_t *prev_ctx = NULL;
+    // TODO: using a doubly-linked list would improve this
+    for (s_hash_ctx *tmp = g_hash_ctxs; &tmp->hash != hash_ctx;
+         tmp = (s_hash_ctx *) ((s_flist_node *) tmp)->next) {
+        prev_ctx = &tmp->hash;
+    }
+    return prev_ctx;
+}
+
 // to be used as a \ref f_list_node_del
 static void delete_hash_ctx(s_hash_ctx *ctx) {
     app_mem_free(ctx);
@@ -510,6 +525,7 @@ bool path_new_array_depth(const uint8_t *data, uint8_t length) {
     uint8_t array_size;
     uint8_t array_depth_count_bak;
     cx_err_t error = CX_INTERNAL_ERROR;
+    cx_sha3_t *start_hash_ctx = get_last_hash_ctx();
 
     if (path_struct == NULL) {
         apdu_response_code = SWO_INCORRECT_DATA;
@@ -561,22 +577,21 @@ bool path_new_array_depth(const uint8_t *data, uint8_t length) {
     }
     if (is_custom) {
         cx_sha3_t *hash_ctx = get_last_hash_ctx();
-        cx_sha3_t *old_ctx = NULL;
-
-        // TODO: using a doubly-linked list would improve this
-        for (s_hash_ctx *tmp = g_hash_ctxs; &tmp->hash != hash_ctx;
-             tmp = (s_hash_ctx *) ((s_flist_node *) tmp)->next) {
-            old_ctx = &tmp->hash;
-        }
+        cx_sha3_t *prev_ctx = get_previous_hash_ctx(hash_ctx);
+        while (prev_ctx != start_hash_ctx) {
+            if (prev_ctx == NULL) return false;
 
-        if (old_ctx == NULL) return false;
+            if (array_size > 0) {
+                memcpy(hash_ctx, prev_ctx, sizeof(*prev_ctx));
+            } else {
+                CX_CHECK(cx_keccak_init_no_throw(hash_ctx, 256));
+            }
+            CX_CHECK(cx_keccak_init_no_throw(prev_ctx, 256));
 
-        if (array_size > 0) {
-            memcpy(hash_ctx, old_ctx, sizeof(*old_ctx));
-        } else {
-            CX_CHECK(cx_keccak_init_no_throw(hash_ctx, 256));
+            hash_ctx = prev_ctx;
+            prev_ctx = get_previous_hash_ctx(hash_ctx);
         }
-        CX_CHECK(cx_keccak_init_no_throw(old_ctx, 256));
+        CX_CHECK(cx_keccak_init_no_throw(hash_ctx, 256));
     }
     if (array_size == 0) {
         do {
diff --git a/tests/ragger/test_eip712.py b/tests/ragger/test_eip712.py
@@ -791,3 +791,70 @@ def test_eip712_calldata_empty_send(scenario_navigator: NavigateWithScenario, te
 
 def test_eip712_calldata_no_param(scenario_navigator: NavigateWithScenario, test_name: str):
     eip712_calldata_common(scenario_navigator, test_name, "safe_calldata_no_param", gcs_handler_no_param)
+
+
+def test_eip712_payload(scenario_navigator: NavigateWithScenario):
+    """Test a basic EIP712 payload signature"""
+
+    # Enable blind signing for EIP712
+    settings_toggle(scenario_navigator.backend.device, scenario_navigator.navigator, [SettingID.BLIND_SIGNING])
+    
+    # Define a simple EIP712 payload
+    data = {
+        "types": {
+            "EIP712Domain": [
+                {
+                    "name": "name",
+                    "type": "string"
+                },
+                {
+                    "name": "version",
+                    "type": "string"
+                },
+                {
+                    "name": "chainId",
+                    "type": "uint256"
+                },
+                {
+                    "name": "verifyingContract",
+                    "type": "address"
+                }
+            ],
+            "Root": [
+                {
+                    "name": "child",
+                    "type": "Inner[]"
+                },
+            ],
+            "Inner": [
+                {
+                    "name": "child",
+                    "type": "Leaf"
+                },
+            ],
+            "Leaf": [
+                {
+                    "name": "value",
+                    "type": "uint256"
+                },
+            ],
+        },
+        "primaryType": "Root",
+        "domain": {
+            "name": "DOMAIN",
+            "version": "3.1",
+            "chainId": 31337,
+            "verifyingContract": "0x95401dc811bb5740090279ba06cfa8fcf6113778"
+        },
+        "message": {
+            "child": [
+                {
+                    "child": {
+                        "value": 2,
+                    },
+                }
+            ],
+        }
+    }
+    eip712_new_common(scenario_navigator, data, None, None, with_warning=True)
+    
