Skip to content

feat:EOS and Cosmos applications migrated to the secp256k1 applet functionality[IBIZ-647] #163

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
xiaoguang1010 wants to merge 8 commits into
base: main
Choose a base branch
from
Open

feat:EOS and Cosmos applications migrated to the secp256k1 applet functionality[IBIZ-647] #163

xiaoguang1010 wants to merge 8 commits into from

Conversation

@xiaoguang1010
Copy link
Contributor

@xiaoguang1010 xiaoguang1010 commented Sep 8, 2025

Summary of Changes

EOS and Cosmos applications migrated to the secp256k1 applet

Motivation and Context

How Has This Been Tested? (Test Plan)

Other information

Screenshots (if appropriate):

Final checklist

  • Did you test both iOS and Android(if applicable)?
  • Is a security review needed(consenlabs/security)?

Security checklist (only for leader check)

  • No backdoor risk
    • Check for unknown network request urls, and script/shell files with unclear purposes,
    • The backend service cannot expose leaked data interfaces for various reasons (even for testing purposes)
  • No network communication protocol risk
    • Check whether to introduce unsafe network calls such as http/ws
  • No import potentially risk 3rd library
    • Check whether 3rd dependent library is import
    • Don't use an unknown third-party library
    • Check the 3rd library sources are fetched from normal sources, such as npm, gomodule, maven, cocoapod, Do not use unknown sources
    • Check github Dependabot alerts, Whether to add new issues
  • Private data not exposed
    • Check whether there are exclusive ApiKey, privatekey and other private information uploaded to git
    • Check if the packaged keystore has been uploaded to git

@xiaoguang1010 xiaoguang1010 requested a review from XuNeal September 8, 2025 08:40
@XuNeal
Copy link
Collaborator

XuNeal commented Sep 9, 2025

可以看一下下面的 Review 结果

⏺ ⚠️ Critical Issues

  1. Security Concerns:
  - Code Duplication: Extensive code duplication between *_for_eos/*_for_cosmos and *_for_k1 methods
  - Error Handling: Inconsistent error propagation in version detection
  - Private Key Usage: Multiple KEY_MANAGER.lock() calls - potential deadlock risk

  2. Potential Bugs:
  // imkey-core/ikc-wallet/coin-eos/src/transaction.rs:249
  trans_multi_signs.push(sign_result.clone()); // Wrong placement - pushes same result for each pubkey

  3. Version Detection Issues:
  - get_apple_version() failures aren't handled gracefully
  - No fallback mechanism if version detection fails

⏺ 🔄 Compatibility & Migration

  Positive:
  - Backward compatibility maintained through version detection
  - Gradual migration strategy allows testing both paths

  Concerns:
  - Hard-coded versions: "1.0.00" and "0.0.1" are magic strings
  - No migration tests: Missing validation that both old and new paths work
  - Deployment risk: If version detection fails, unclear which path executes

⏺ 📋 Recommendations

  🚨 High Priority:
  1. Fix the bug in coin-eos/src/transaction.rs:249 - move trans_multi_signs.push() outside the pubkey loop
  2. Add error handling for get_apple_version() failures with sensible defaults
  3. Extract common code to reduce duplication between legacy and k1 methods

  🔧 Medium Priority:
  4. Constants for versions: Replace magic strings with named constants
  5. Add comprehensive tests for both legacy and secp256k1 paths
  6. Document migration strategy in code comments

@xiaoguang1010
refactor: fix EOS/Cosmos signing bugs and improve version handling
c8ec701 
- Fix trans_multi_signs.push() bug in pubkey loops
- Add separate version constants for EOS (0.0.1) and Cosmos (1.0.00)
- Extract common code to reduce duplication
- Improve error handling and documentation
- Remove unused constants and fix compiler warnings
- Update version to 2.8.2
@xiaoguang1010 xiaoguang1010 reopened this Sep 17, 2025
@xiaoguang1010
fix(eos): use compact signature format for secp256k1 verification
e7f8934 
- Fix signature verification by using sign_source_val[2..130] instead of sign_result[2..130]
- sign_result contains DER format signature (128 bytes) which is incompatible with Signature::from_compact()
- sign_source_val contains compact signature format (64 bytes) expected by secp256k1 library
- Align with CKB/Tron implementation pattern for consistent signature handling
- Remove debug println statement for cleaner code
- Add signature assertions in tests to verify correct signature generation

This resolves the issue where EOS signature verification would fail in the new secp256k1 workflow
due to incorrect signature format being passed to Signature::from_compact().
@kaichen
Copy link
Member

kaichen commented Sep 18, 2025

@codex review

chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Sep 18, 2025
View reviewed changes
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Codex Review: Here are some suggestions.

About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you open a pull request for review, mark a draft as ready, or comment "@codex review". If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex fix this CI failure" or "@codex address that feedback".

imkey-core/ikc-wallet/coin-eos/src/transaction.rs
Comment on lines 244 to 263
let select_apdu = Apdu::select_applet(EOS_AID);
let select_result = send_apdu(select_apdu)?;
ApduCheck::check_response(&select_result)?;

let key_manager_obj = KEY_MANAGER.lock();
let path_signature =
secp256k1_sign(&key_manager_obj.pri_key, &sign_param.path.as_bytes())?;
let mut path_pack: Vec<u8> = vec![];
path_pack.push(0x00);
path_pack.push(path_signature.len() as u8);
path_pack.extend(path_signature.as_slice());
path_pack.push(0x01);
path_pack.push(sign_param.path.as_bytes().len() as u8);
path_pack.extend(sign_param.path.as_bytes());

let msg_pubkey = Secp256k1Apdu::get_xpub(&path_pack);
let res_msg_pubkey = send_apdu(msg_pubkey)?;
let pubkey_raw = hex::decode(&res_msg_pubkey[..130]).unwrap();
let comprs_pubkey = utility::uncompress_pubkey_2_compress(&res_msg_pubkey);
let mut comprs_pubkey_slice = hex::decode(comprs_pubkey)?;
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot Sep 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[P1] Check EOS xpub response before decoding

The secp256k1 signing path fetches the device public key and immediately slices res_msg_pubkey[..130] without validating the APDU response. If the call to Secp256k1Apdu::get_xpub fails (e.g. invalid derivation path or transport error), the response length may be shorter or contain only a status word, causing hex::decode to panic or decode garbage. The legacy implementation checked ApduCheck::check_response before decoding. Add a status check on res_msg_pubkey and surface a proper error before decoding or using the bytes.

Useful? React with 👍 / 👎.

Copy link
Contributor Author

@xiaoguang1010 xiaoguang1010 Sep 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

已优化

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

@XuNeal XuNeal XuNeal approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@xiaoguang1010 @XuNeal @kaichen