Merge pull request #772 from LedgerHQ/feat/apa/7702_changes

EIP-7702 changes

Author: apaillier-ledger

.github/workflows/build_and_functional_tests.yml

@@ -32,7 +32,7 @@ jobs:
     uses: LedgerHQ/ledger-app-workflows/.github/workflows/reusable_build.yml@v1
     with:
       upload_app_binaries_artifact: "ragger_elfs"
-      flags: "CAL_TEST_KEY=1 TRUSTED_NAME_TEST_KEY=1 SET_PLUGIN_TEST_KEY=1 NFT_TEST_KEY=1"
+      flags: "CAL_TEST_KEY=1 TRUSTED_NAME_TEST_KEY=1 SET_PLUGIN_TEST_KEY=1 NFT_TEST_KEY=1 EIP7702_TEST_WHITELIST=1"
 
   ragger_tests:
     name: Run ragger tests using the reusable workflow

client/src/ledger_app_clients/ethereum/client.py

@@ -680,8 +680,8 @@ def provide_proxy_info(self, payload: bytes) -> RAPDU:
             self._exchange(chunk)
         return self._exchange(chunks[-1])
 
-    def sign_eip7702_authorization(self, auth_params: TxAuth7702) -> RAPDU:
-        chunks = self._cmd_builder.sign_eip7702_authorization(auth_params.serialize())
+    def sign_eip7702_authorization(self, bip32_path: str, auth_params: TxAuth7702) -> RAPDU:
+        chunks = self._cmd_builder.sign_eip7702_authorization(bip32_path, auth_params.serialize())
         for chunk in chunks[:-1]:
             self._exchange(chunk)
         return self._exchange_async(chunks[-1])

client/src/ledger_app_clients/ethereum/command_builder.py

@@ -426,11 +426,12 @@ def common_tlv_serialize(self,
                              ins: InsType,
                              tlv_payload: bytes,
                              p1l: list[int] = [0x01, 0x00],
-                             p2l: list[int] = [0x00]) -> list[bytes]:
+                             p2l: list[int] = [0x00],
+                             payload: bytes = bytes()) -> list[bytes]:
         assert len(p1l) in [1, 2]
         assert len(p2l) in [1, 2]
         chunks = []
-        payload = struct.pack(">H", len(tlv_payload))
+        payload += struct.pack(">H", len(tlv_payload))
         payload += tlv_payload
         p1 = p1l[0]
         p2 = p2l[0]
@@ -463,8 +464,10 @@ def provide_network_information(self,
                 p1 = P1Type.FOLLOWING_CHUNK
         return chunks
 
-    def sign_eip7702_authorization(self, tlv_payload: bytes) -> list[bytes]:
-        return self.common_tlv_serialize(InsType.SIGN_EIP7702_AUTHORIZATION, tlv_payload)
+    def sign_eip7702_authorization(self, bip32_path: str, tlv_payload: bytes) -> list[bytes]:
+        return self.common_tlv_serialize(InsType.SIGN_EIP7702_AUTHORIZATION,
+                                         tlv_payload,
+                                         payload=pack_derivation_path(bip32_path))
 
     def provide_enum_value(self, tlv_payload: bytes) -> list[bytes]:
         return self.common_tlv_serialize(InsType.PROVIDE_ENUM_VALUE, tlv_payload)

client/src/ledger_app_clients/ethereum/tx_auth_7702.py

@@ -1,31 +1,24 @@
 from typing import Optional
 from enum import IntEnum
-
-from bip_utils import Bip32Utils
-
 from .tlv import TlvSerializable
 
 
 class FieldTag(IntEnum):
     STRUCT_VERSION = 0x00
-    DERIVATION_IDX = 0x01
-    DELEGATE_ADDR = 0x02
-    CHAIN_ID = 0x03
-    NONCE = 0x04
+    DELEGATE_ADDR = 0x01
+    CHAIN_ID = 0x02
+    NONCE = 0x03
 
 
 class TxAuth7702(TlvSerializable):
-    bip32_path: str
     delegate: bytes
     nonce: int
     chain_id: int
 
     def __init__(self,
-                 bip32_path: str,
                  delegate: bytes,
                  nonce: int,
                  chain_id: Optional[int]) -> None:
-        self.bip32_path = bip32_path
         self.delegate = delegate
         self.nonce = nonce
         if chain_id is None:
@@ -35,19 +28,7 @@ def __init__(self,
 
     def serialize(self) -> bytes:
         payload: bytes = self.serialize_field(FieldTag.STRUCT_VERSION, 1)
-        split = self.bip32_path.split("/")
-        if split[0] != "m":
-            raise ValueError("Error master expected in bip32 path")
-        for value in split[1:]:
-            if value == "":
-                raise ValueError(f'Error missing value in split bip 32 path list "{split}"')
-            if value.endswith('\''):
-                payload += self.serialize_field(FieldTag.DERIVATION_IDX,
-                                                Bip32Utils.HardenIndex(int(value[:-1])).to_bytes(4, byteorder='big'))
-            else:
-                payload += self.serialize_field(FieldTag.DERIVATION_IDX,
-                                                int(value).to_bytes(4, byteorder='big'))
         payload += self.serialize_field(FieldTag.DELEGATE_ADDR, self.delegate)
-        payload += self.serialize_field(FieldTag.NONCE, self.nonce.to_bytes(8, 'big'))
-        payload += self.serialize_field(FieldTag.CHAIN_ID, self.chain_id.to_bytes(8, 'big'))
+        payload += self.serialize_field(FieldTag.CHAIN_ID, self.chain_id)
+        payload += self.serialize_field(FieldTag.NONCE, self.nonce)
         return payload

doc/ethapp.adoc

@@ -1483,15 +1483,19 @@ _Input data_
 [width="80%"]
 |====================================================================
 | *Description*                                     | *Length (byte)*
+| Number of BIP 32 derivations to perform (max 10)  | 1
+| First derivation index (BE)                       | 4
+| ...                                               | 4
+| Last derivation index (BE)                        | 4
 | struct size (BE)                                  | 2
-| link:tlv_structs.md#auth_7702[AUTH_7702 struct] | variable
+| link:tlv_structs.md#auth_7702[AUTH_7702 struct]   | variable
 |====================================================================
 
 ##### If P1 == following chunk
 
 [width="80%"]
 |====================================================================
-| *Description*                                     | *Length (byte)*
+| *Description*                                   | *Length (byte)*
 | link:tlv_structs.md#auth_7702[AUTH_7702 struct] | variable
 |====================================================================
 

doc/tlv_structs.md

@@ -318,7 +318,6 @@ In version 1 of the protocol:
 | Name           | Tag  | Payload type    | Description                     | Optional |
 |----------------|------|-----------------|---------------------------------|----------|
 | STRUCT_VERSION | 0x00 | uint8           | structure version (currently 1) |          |
-| DERIVATION_IDX | 0x01 | uint32          | BIP32 derivation path item      |          |
-| DELEGATE_ADDR  | 0x02 | uint8[20]       | delegate address                |          |
-| CHAIN_ID       | 0x03 | uint64          | Chain ID (00 for no restriction)|          |
-| NONCE          | 0x04 | uint64          | nonce                           |          |
+| DELEGATE_ADDR  | 0x01 | uint8[20]       | delegate address                |          |
+| CHAIN_ID       | 0x02 | uint64          | chain ID (0 for no restriction) |          |
+| NONCE          | 0x03 | uint64          | nonce                           |          |

examples/signAuthorizationEIP7702.py

@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python3
 """
 *******************************************************************************
 *   Ledger Ethereum App
@@ -20,32 +20,31 @@
 from __future__ import print_function
 
 from ledgerblue.comm import getDongle
-from ledgerblue.commException import CommException
 import argparse
 import struct
 import binascii
-import math
 import rlp
 
 
-
 def der_encode(value):
     value_bytes = value.to_bytes(max(1, (value.bit_length() + 7) // 8), 'big')
     if value >= 0x80:
         value_bytes = (0x80 | len(value_bytes)).to_bytes(1, 'big') + value_bytes
     return value_bytes
 
+
 def tlv_encode(tag, value):
     return der_encode(tag) + der_encode(len(value)) + value
 
-def parse_bip32_path(path):
+
+def parse_bip32_path(path: str):
     if len(path) == 0:
         return b""
     result = b""
     elements = path.split('/')
+    result += len(elements).to_bytes(1, "big")
     for pathElement in elements:
         element = pathElement.split('\'')
-        result = result + der_encode(0x01) + der_encode(0x04)
         if len(element) == 1:
             result = result + struct.pack(">I", int(element[0]))
         else:
@@ -54,23 +53,19 @@ def parse_bip32_path(path):
 
 
 parser = argparse.ArgumentParser()
-parser.add_argument('--path', help="BIP 32 path to retrieve")
+parser.add_argument('--path', help="BIP 32 path to retrieve", default="44'/60'/0'/0/0")
 parser.add_argument('--chainid', help="Chain ID", type=int, required=True)
 parser.add_argument('--nonce', help="Account Nonce", type=int, required=True)
 parser.add_argument('--delegate', help="Delegate address", type=str, required=True)
 args = parser.parse_args()
 
-if args.path == None:
-    args.path = "44'/60'/0'/0/0"
-
 tmp = tlv_encode(0x00, struct.pack(">B", 0x01))
-tmp += parse_bip32_path(args.path)
 data = binascii.unhexlify(args.delegate[2:])
-tmp += tlv_encode(0x02, data)
-tmp += tlv_encode(0x03, struct.pack(">Q", args.chainid))
-tmp += tlv_encode(0x04, struct.pack(">Q", args.nonce))
+tmp += tlv_encode(0x01, data)
+tmp += tlv_encode(0x02, struct.pack(">Q", args.chainid))
+tmp += tlv_encode(0x03, struct.pack(">Q", args.nonce))
 
-tmp = struct.pack(">H", len(tmp)) + tmp
+tmp = parse_bip32_path(args.path) + struct.pack(">H", len(tmp)) + tmp
 
 apdu = bytearray.fromhex("e0340100")
 apdu += struct.pack(">B", len(tmp))
@@ -80,12 +75,12 @@ def parse_bip32_path(path):
 result = dongle.exchange(bytes(apdu))
 
 v = result[0]
-r = result[1 : 1 + 32]
-s = result[1 + 32 :]
+r = result[1:1 + 32]
+s = result[1 + 32:]
 
 print("v = " + str(v))
 print("r = " + binascii.hexlify(r).decode('utf-8'))
 print("s = " + binascii.hexlify(s).decode('utf-8'))
 
-rlpData = [ args.chainid, binascii.unhexlify(args.delegate[2:]), args.nonce, v, r, s ]
+rlpData = [args.chainid, binascii.unhexlify(args.delegate[2:]), args.nonce, v, r, s]
 print(binascii.hexlify(rlp.encode(rlpData)).decode('utf-8'))

ledger_app.toml

@@ -4,8 +4,8 @@ sdk = "C"
 devices = ["nanos", "nanox", "nanos+", "stax", "flex"]
 
 [use_cases]
-use_test_keys = "CAL_TEST_KEY=1 TRUSTED_NAME_TEST_KEY=1 SET_PLUGIN_TEST_KEY=1 NFT_TEST_KEY=1"
-dbg_use_test_keys = "DEBUG=1 CAL_TEST_KEY=1 TRUSTED_NAME_TEST_KEY=1 SET_PLUGIN_TEST_KEY=1 NFT_TEST_KEY=1"
+use_test_keys = "CAL_TEST_KEY=1 TRUSTED_NAME_TEST_KEY=1 SET_PLUGIN_TEST_KEY=1 NFT_TEST_KEY=1 EIP7702_TEST_WHITELIST=1"
+dbg_use_test_keys = "DEBUG=1 CAL_TEST_KEY=1 TRUSTED_NAME_TEST_KEY=1 SET_PLUGIN_TEST_KEY=1 NFT_TEST_KEY=1 EIP7702_TEST_WHITELIST=1"
 cal_bypass = "BYPASS_SIGNATURES=1"
 dbg_cal_bypass = "DEBUG=1 BYPASS_SIGNATURES=1"
 

makefile_conf/features.mk

@@ -78,8 +78,11 @@ endif
 ifneq ($(TARGET_NAME),TARGET_NANOS)
     DEFINES += HAVE_EIP7702
     DEFINES += HAVE_EIP7702_WHITELIST
-    # Test mode
-    DEFINES += HAVE_EIP7702_WHITELIST_TEST
+
+    EIP7702_TEST_WHITELIST ?= 0
+    ifneq ($(EIP7702_TEST_WHITELIST),0)
+        DEFINES += HAVE_EIP7702_WHITELIST_TEST
+    endif
 endif
 
 # Check features incompatibilities

src_features/signAuthorizationEIP7702/auth_7702.c

@@ -6,71 +6,63 @@
 
 enum {
     TAG_STRUCT_VERSION = 0x00,
-    TAG_DERIVATION_IDX = 0x01,
-    TAG_DELEGATE_ADDR = 0x02,
-    TAG_CHAIN_ID = 0x03,
-    TAG_NONCE = 0x04,
+    TAG_DELEGATE_ADDR = 0x01,
+    TAG_CHAIN_ID = 0x02,
+    TAG_NONCE = 0x03,
 };
 
 enum {
     BIT_VERSION,
-    BIT_DERIVATION_IDX,
     BIT_DELEGATE_ADDR,
     BIT_CHAIN_ID,
     BIT_NONCE,
 };
 
 #define STRUCT_VERSION 0x01
-#define MASK_ALL                                                                       \
-    (SET_BIT(BIT_VERSION) | SET_BIT(BIT_DERIVATION_IDX) | SET_BIT(BIT_DELEGATE_ADDR) | \
-     SET_BIT(BIT_CHAIN_ID) | SET_BIT(BIT_NONCE))
+#define MASK_ALL \
+    (SET_BIT(BIT_VERSION) | SET_BIT(BIT_DELEGATE_ADDR) | SET_BIT(BIT_CHAIN_ID) | SET_BIT(BIT_NONCE))
 
 static bool handle_version(const s_tlv_data *data, s_auth_7702_ctx *context) {
     if (data->length != sizeof(uint8_t)) {
         return false;
     }
     context->mask_parsed |= SET_BIT(BIT_VERSION);
-    return (data->value[0] == STRUCT_VERSION);
-}
-
-static bool handle_derivation_idx(const s_tlv_data *data, s_auth_7702_ctx *context) {
-    uint32_t idx;
-    if (data->length != sizeof(uint32_t)) {
-        return false;
-    }
-    if (context->auth_7702.bip32.length == MAX_BIP32_PATH) {
-        return false;
-    }
-    idx = read_u32_be(data->value, 0);
-    context->auth_7702.bip32.path[context->auth_7702.bip32.length] = idx;
-    context->auth_7702.bip32.length++;
-    context->mask_parsed |= SET_BIT(BIT_DERIVATION_IDX);
+    context->version = data->value[0];
     return true;
 }
 
 static bool handle_delegate_addr(const s_tlv_data *data, s_auth_7702_ctx *context) {
-    if (data->length != sizeof(context->auth_7702.delegate)) {
+    uint8_t buf[sizeof(context->auth_7702.delegate)];
+
+    if (data->length > sizeof(buf)) {
         return false;
     }
-    memmove(context->auth_7702.delegate, data->value, sizeof(context->auth_7702.delegate));
+    buf_shrink_expand(data->value, data->length, buf, sizeof(buf));
+    memmove(context->auth_7702.delegate, buf, sizeof(buf));
     context->mask_parsed |= SET_BIT(BIT_DELEGATE_ADDR);
     return true;
 }
 
 static bool handle_chain_id(const s_tlv_data *data, s_auth_7702_ctx *context) {
-    if (data->length != sizeof(uint64_t)) {
+    uint8_t buf[sizeof(context->auth_7702.chainId)];
+
+    if (data->length > sizeof(buf)) {
         return false;
     }
-    context->auth_7702.chainId = read_u64_be(data->value, 0);
+    buf_shrink_expand(data->value, data->length, buf, sizeof(buf));
+    context->auth_7702.chainId = read_u64_be(buf, 0);
     context->mask_parsed |= SET_BIT(BIT_CHAIN_ID);
     return true;
 }
 
 static bool handle_nonce(const s_tlv_data *data, s_auth_7702_ctx *context) {
-    if (data->length != sizeof(uint64_t)) {
+    uint8_t buf[sizeof(context->auth_7702.nonce)];
+
+    if (data->length > sizeof(buf)) {
         return false;
     }
-    context->auth_7702.nonce = read_u64_be(data->value, 0);
+    buf_shrink_expand(data->value, data->length, buf, sizeof(buf));
+    context->auth_7702.nonce = read_u64_be(buf, 0);
     context->mask_parsed |= SET_BIT(BIT_NONCE);
     return true;
 }
@@ -82,9 +74,6 @@ bool handle_auth_7702_struct(const s_tlv_data *data, s_auth_7702_ctx *context) {
         case TAG_STRUCT_VERSION:
             ret = handle_version(data, context);
             break;
-        case TAG_DERIVATION_IDX:
-            ret = handle_derivation_idx(data, context);
-            break;
         case TAG_DELEGATE_ADDR:
             ret = handle_delegate_addr(data, context);
             break;
@@ -101,8 +90,8 @@ bool handle_auth_7702_struct(const s_tlv_data *data, s_auth_7702_ctx *context) {
     return ret;
 }
 
-bool verify_auth_7702_struct(s_auth_7702_ctx *context) {
-    return ((context->mask_parsed & MASK_ALL) == MASK_ALL);
+bool verify_auth_7702_struct(const s_auth_7702_ctx *context) {
+    return ((context->mask_parsed & MASK_ALL) == MASK_ALL) && (context->version == STRUCT_VERSION);
 }
 
-#endif  // HAVE_EIP7702
+#endif  // HAVE_EIP7702