EIP-712 trusted name filtering source check + small refactoring

apaillier-ledger · apaillier-ledger · commit c4b2df3edb03 · 2024-12-13T18:27:51.000+01:00
diff --git a/src_features/signMessageEIP712/filtering.c b/src_features/signMessageEIP712/filtering.c
@@ -342,9 +342,9 @@ bool filtering_trusted_name(const uint8_t *payload,
                             uint32_t *path_crc) {
     uint8_t name_len;
     const char *name;
-    uint8_t types_count;
+    uint8_t type_count;
     e_name_type *types;
-    uint8_t sources_count;
+    uint8_t source_count;
     e_name_source *sources;
     uint8_t sig_len;
     const uint8_t *sig;
@@ -365,48 +365,30 @@ bool filtering_trusted_name(const uint8_t *payload,
     }
     name = (char *) &payload[offset];
     offset += name_len;
-    if ((offset + sizeof(types_count)) > length) {
+    if ((offset + sizeof(type_count)) > length) {
         return false;
     }
-    types_count = payload[offset++];
-    if ((offset + types_count) > length) {
+    type_count = payload[offset++];
+    if (type_count > TN_TYPE_COUNT) {
+        return false;
+    }
+    if ((offset + type_count) > length) {
         return false;
     }
     types = (e_name_type *) &payload[offset];
-    // sanity check
-    for (int i = 0; i < types_count; ++i) {
-        switch (types[i]) {
-            case TN_TYPE_ACCOUNT:
-            case TN_TYPE_CONTRACT:
-                break;
-            default:
-                return false;
-        }
+    offset += type_count;
+    if ((offset + sizeof(source_count)) > length) {
+        return false;
     }
-    offset += types_count;
-    if ((offset + sizeof(sources_count)) > length) {
+    source_count = payload[offset++];
+    if (source_count > TN_SOURCE_COUNT) {
         return false;
     }
-    sources_count = payload[offset++];
-    if ((offset + sources_count) > length) {
+    if ((offset + source_count) > length) {
         return false;
     }
     sources = (e_name_source *) &payload[offset];
-    // sanity check
-    for (int i = 0; i < sources_count; ++i) {
-        switch (sources[i]) {
-            case TN_SOURCE_LAB:
-            case TN_SOURCE_CAL:
-            case TN_SOURCE_ENS:
-            case TN_SOURCE_UD:
-            case TN_SOURCE_FN:
-            case TN_SOURCE_DNS:
-                break;
-            default:
-                return false;
-        }
-    }
-    offset += sources_count;
+    offset += source_count;
     //
     if ((offset + sizeof(sig_len)) > length) {
         return false;
@@ -424,8 +406,8 @@ bool filtering_trusted_name(const uint8_t *payload,
     }
     hash_filtering_path((cx_hash_t *) &hash_ctx, discarded, path_crc);
     hash_nbytes((uint8_t *) name, sizeof(char) * name_len, (cx_hash_t *) &hash_ctx);
-    hash_nbytes(types, types_count, (cx_hash_t *) &hash_ctx);
-    hash_nbytes(sources, sources_count, (cx_hash_t *) &hash_ctx);
+    hash_nbytes(types, type_count, (cx_hash_t *) &hash_ctx);
+    hash_nbytes(sources, source_count, (cx_hash_t *) &hash_ctx);
     if (!sig_verif_end(&hash_ctx, sig, sig_len)) {
         return false;
     }
@@ -438,7 +420,7 @@ bool filtering_trusted_name(const uint8_t *payload,
         ui_712_set_title(name, name_len);
     }
     ui_712_flag_field(true, name_len > 0, false, false, true);
-    ui_712_set_trusted_name_requirements(types_count, types);
+    ui_712_set_trusted_name_requirements(type_count, types, source_count, sources);
     return true;
 }
 #endif  // HAVE_TRUSTED_NAME
diff --git a/src_features/signMessageEIP712/ui_logic.c b/src_features/signMessageEIP712/ui_logic.c
@@ -65,7 +65,10 @@ typedef struct {
     uint8_t discarded_path_length;
     char discarded_path[255];
 #ifdef HAVE_TRUSTED_NAME
-    e_name_type name_types;
+    uint8_t tn_type_count;
+    uint8_t tn_source_count;
+    e_name_type tn_types[TN_TYPE_COUNT];
+    e_name_source tn_sources[TN_SOURCE_COUNT];
 #endif
 #ifdef SCREEN_SIZE_WALLET
     char ui_pairs_buffer[(SHARED_CTX_FIELD_1_SIZE + SHARED_CTX_FIELD_2_SIZE) * 2];
@@ -530,20 +533,15 @@ static bool update_amount_join(const uint8_t *data, uint8_t length) {
  * @return whether it was successful or not
  */
 static bool ui_712_format_trusted_name(const uint8_t *data, uint8_t length) {
-    uint8_t types_count = 0;
-    e_name_type types[8];
-    uint8_t types_bak = ui_ctx->name_types;
-
     if (length != ADDRESS_LENGTH) {
         return false;
     }
-    for (int i = 0; types_bak > 0; ++i) {
-        if (types_bak & 1) {
-            types[types_count++] = i;
-        }
-        types_bak >>= 1;
-    }
-    if (get_trusted_name(types_count, types, 0, NULL, &eip712_context->chain_id, data) != NULL) {
+    if (get_trusted_name(ui_ctx->tn_type_count,
+                         ui_ctx->tn_types,
+                         ui_ctx->tn_source_count,
+                         ui_ctx->tn_sources,
+                         &eip712_context->chain_id,
+                         data) != NULL) {
         strlcpy(strings.tmp.tmp, g_trusted_name, sizeof(strings.tmp.tmp));
     }
     return true;
@@ -924,12 +922,14 @@ const char *ui_712_get_discarded_path(uint8_t *length) {
 }
 
 #ifdef HAVE_TRUSTED_NAME
-void ui_712_set_trusted_name_requirements(uint8_t types_count, const e_name_type *types) {
-    // pack into one byte to save on space
-    ui_ctx->name_types = 0;
-    for (int i = 0; i < types_count; ++i) {
-        ui_ctx->name_types |= (1 << types[i]);
-    }
+void ui_712_set_trusted_name_requirements(uint8_t type_count,
+                                          const e_name_type *types,
+                                          uint8_t source_count,
+                                          const e_name_source *sources) {
+    ui_ctx->tn_type_count = type_count;
+    memcpy(ui_ctx->tn_types, types, type_count);
+    ui_ctx->tn_source_count = source_count;
+    memcpy(ui_ctx->tn_sources, sources, source_count);
 }
 #endif
 
diff --git a/src_features/signMessageEIP712/ui_logic.h b/src_features/signMessageEIP712/ui_logic.h
@@ -52,7 +52,10 @@ bool ui_712_push_new_filter_path(uint32_t path_crc);
 void ui_712_set_discarded_path(const char *path, uint8_t length);
 const char *ui_712_get_discarded_path(uint8_t *length);
 #ifdef HAVE_TRUSTED_NAME
-void ui_712_set_trusted_name_requirements(uint8_t types_count, const e_name_type *types);
+void ui_712_set_trusted_name_requirements(uint8_t type_count,
+                                          const e_name_type *types,
+                                          uint8_t source_count,
+                                          const e_name_source *sources);
 #endif
 #ifdef SCREEN_SIZE_WALLET
 char *get_ui_pairs_buffer(size_t *size);
diff --git a/tests/ragger/test_eip712.py b/tests/ragger/test_eip712.py
@@ -763,7 +763,7 @@ def test_eip712_advanced_trusted_name(firmware: Firmware,
                 "type": "trusted_name",
                 "name": "Validator",
                 "tn_type": filt_tn_types,
-                "tn_source": [TrustedNameSource.CAL],
+                "tn_source": [TrustedNameSource.CAL, TrustedNameSource.ENS],
             },
             "enable": {
                 "type": "raw",
