Using swap infrastructure from the SDK

Author: iartemov-ledger

src/boilerplate/dispatcher.h

@@ -3,9 +3,11 @@
 /* SDK headers */
 #include "buffer.h"
 #include "os.h"
+#include "swap_error_code_helpers.h"
 
 /* Local headers */
 #include "parser.h"
+#include "sw.h"
 
 // Forward declaration
 struct dispatcher_context_s;
@@ -49,6 +51,12 @@ static inline void SEND_RESPONSE(struct dispatcher_context_s *dc,
 }
 
 static inline void SEND_SW_EC(struct dispatcher_context_s *dc, uint16_t sw, uint16_t error_code) {
+    if (sw == SW_FAIL_SWAP) {
+        send_swap_error_simple(SW_FAIL_SWAP, (error_code >> 8) & 0xFF, (error_code & 0xFF));
+        // unreachable
+        os_sched_exit(0);
+    }
+
     uint8_t error_code_buf[2];
     error_code_buf[0] = (error_code >> 8) & 0xFF;
     error_code_buf[1] = error_code & 0xFF;

src/error_codes.h

@@ -1,5 +1,8 @@
 #pragma once
 
+/* SDK headers */
+#include "swap_error_code_helpers.h"
+
 /**
  * REGISTER_WALLET
  */
@@ -68,46 +71,88 @@
 
 // Internal application error, forward to the firmware team for analysis.
 #define EC_SWAP_ERROR_INTERNAL 0x0000
+_Static_assert((EC_SWAP_ERROR_INTERNAL >> 8) == SWAP_EC_ERROR_INTERNAL,
+               "SWAP error code value does not match the SDK one");
 
 // The amount does not match the one validated in Exchange.
 #define EC_SWAP_ERROR_WRONG_AMOUNT 0x0100
+_Static_assert((EC_SWAP_ERROR_WRONG_AMOUNT >> 8) == SWAP_EC_ERROR_WRONG_AMOUNT,
+               "SWAP error code value does not match the SDK one");
 
 // The destination address does not match the one validated in Exchange.
 #define EC_SWAP_ERROR_WRONG_DESTINATION 0x0200
+_Static_assert((EC_SWAP_ERROR_WRONG_DESTINATION >> 8) == SWAP_EC_ERROR_WRONG_DESTINATION,
+               "SWAP error code value does not match the SDK one");
 
 // The fees are different from what was validated in Exchange.
 #define EC_SWAP_ERROR_WRONG_FEES 0x0300
+_Static_assert((EC_SWAP_ERROR_WRONG_FEES >> 8) == SWAP_EC_ERROR_WRONG_FEES,
+               "SWAP error code value does not match the SDK one");
 
 // The method used is invalid in Exchange context.
 #define EC_SWAP_ERROR_WRONG_METHOD 0x0400
+_Static_assert((EC_SWAP_ERROR_WRONG_METHOD >> 8) == SWAP_EC_ERROR_WRONG_METHOD,
+               "SWAP error code value does not match the SDK one");
 // Only default wallet policies can be used in swaps.
 #define EC_SWAP_ERROR_WRONG_METHOD_NONDEFAULT_POLICY 0x0401
+_Static_assert((EC_SWAP_ERROR_WRONG_METHOD_NONDEFAULT_POLICY >> 8) == SWAP_EC_ERROR_WRONG_METHOD,
+               "SWAP error code value does not match the SDK one");
 // No external inputs allowed in swap transactions.
 #define EC_SWAP_ERROR_WRONG_METHOD_EXTERNAL_INPUTS 0x0402
+_Static_assert((EC_SWAP_ERROR_WRONG_METHOD_EXTERNAL_INPUTS >> 8) == SWAP_EC_ERROR_WRONG_METHOD,
+               "SWAP error code value does not match the SDK one");
 // Segwit transaction in swap must have the non-witness UTXO in the PSBT.
 #define EC_SWAP_ERROR_WRONG_METHOD_MISSING_NONWITNESSUTXO 0x0403
+_Static_assert((EC_SWAP_ERROR_WRONG_METHOD_MISSING_NONWITNESSUTXO >> 8) ==
+                   SWAP_EC_ERROR_WRONG_METHOD,
+               "SWAP error code value does not match the SDK one");
 // Standard swap transaction must have exactly 1 external output.
 #define EC_SWAP_ERROR_WRONG_METHOD_WRONG_N_OF_OUTPUTS 0x0404
+_Static_assert((EC_SWAP_ERROR_WRONG_METHOD_WRONG_N_OF_OUTPUTS >> 8) == SWAP_EC_ERROR_WRONG_METHOD,
+               "SWAP error code value does not match the SDK one");
 // Invalid or unsupported script for external output.
 #define EC_SWAP_ERROR_WRONG_METHOD_WRONG_UNSUPPORTED_OUTPUT 0x0405
+_Static_assert((EC_SWAP_ERROR_WRONG_METHOD_WRONG_UNSUPPORTED_OUTPUT >> 8) ==
+                   SWAP_EC_ERROR_WRONG_METHOD,
+               "SWAP error code value does not match the SDK one");
 
 // The mode used for the cross-chain hash validation is not supported.
 #define EC_SWAP_ERROR_CROSSCHAIN_WRONG_MODE 0x0500
+_Static_assert((EC_SWAP_ERROR_CROSSCHAIN_WRONG_MODE >> 8) == SWAP_EC_ERROR_CROSSCHAIN_WRONG_MODE,
+               "SWAP error code value does not match the SDK one");
 
 // The method used is invalid in cross-chain Exchange context.
 #define EC_SWAP_ERROR_CROSSCHAIN_WRONG_METHOD 0x0600
+_Static_assert((EC_SWAP_ERROR_CROSSCHAIN_WRONG_METHOD >> 8) ==
+                   SWAP_EC_ERROR_CROSSCHAIN_WRONG_METHOD,
+               "SWAP error code value does not match the SDK one");
 // The first output must be OP_RETURN <data> for a cross-chain swap.
 #define EC_SWAP_ERROR_CROSSCHAIN_WRONG_METHOD_INVALID_FIRST_OUTPUT 0x0601
+_Static_assert((EC_SWAP_ERROR_CROSSCHAIN_WRONG_METHOD_INVALID_FIRST_OUTPUT >> 8) ==
+                   SWAP_EC_ERROR_CROSSCHAIN_WRONG_METHOD,
+               "SWAP error code value does not match the SDK one");
 // OP_RETURN with non-zero value is not supported.
 #define EC_SWAP_ERROR_CROSSCHAIN_WRONG_METHOD_NONZERO_AMOUNT 0x0602
+_Static_assert((EC_SWAP_ERROR_CROSSCHAIN_WRONG_METHOD_NONZERO_AMOUNT >> 8) ==
+                   SWAP_EC_ERROR_CROSSCHAIN_WRONG_METHOD,
+               "SWAP error code value does not match the SDK one");
 
 // The hash for the cross-chain transaction does not match the validated value.
 #define EC_SWAP_ERROR_CROSSCHAIN_WRONG_HASH 0x0700
+_Static_assert((EC_SWAP_ERROR_CROSSCHAIN_WRONG_HASH >> 8) == SWAP_EC_ERROR_CROSSCHAIN_WRONG_HASH,
+               "SWAP error code value does not match the SDK one");
 
 // A generic or unspecified error not covered by the specific error codes above. Refer to the
 // remaining bytes for further details on the error.
 #define EC_SWAP_ERROR_GENERIC 0xFF00
+_Static_assert((EC_SWAP_ERROR_GENERIC >> 8) == SWAP_EC_ERROR_GENERIC,
+               "SWAP error code value does not match the SDK one");
 // Unknown swap mode.
 #define EC_SWAP_ERROR_GENERIC_UNKNOWN_MODE 0xFF01
+_Static_assert((EC_SWAP_ERROR_GENERIC_UNKNOWN_MODE >> 8) == SWAP_EC_ERROR_GENERIC,
+               "SWAP error code value does not match the SDK one");
 // handle_swap_sign_transaction.c::copy_transaction_parameters failed.
 #define EC_SWAP_ERROR_GENERIC_COPY_TRANSACTION_PARAMETERS_FAILED 0xFF02
+_Static_assert((EC_SWAP_ERROR_GENERIC_COPY_TRANSACTION_PARAMETERS_FAILED >> 8) ==
+                   SWAP_EC_ERROR_GENERIC,
+               "SWAP error code value does not match the SDK one");

src/handler/get_wallet_address.c

@@ -33,7 +33,6 @@
 #include "error_codes.h"
 #include "get_merkle_leaf_element.h"
 #include "get_preimage.h"
-#include "handle_swap_sign_transaction.h"
 #include "handlers.h"
 #include "io_ext.h"
 #include "menu.h"
@@ -159,7 +158,6 @@ void handler_get_wallet_address(dispatcher_context_t *dc, uint8_t protocol_versi
     if (G_called_from_swap && !is_wallet_default) {
         PRINTF("Must be a default wallet policy for swap feature\n");
         SEND_SW_EC(dc, SW_FAIL_SWAP, EC_SWAP_ERROR_WRONG_METHOD_NONDEFAULT_POLICY);
-        finalize_exchange_sign_transaction(false);
     }
 
     {

src/handler/sign_psbt.c

@@ -44,7 +44,6 @@
 #include "get_merkleized_map.h"
 #include "get_merkleized_map_value.h"
 #include "get_preimage.h"
-#include "handle_swap_sign_transaction.h"
 #include "handlers.h"
 #include "menu.h"
 #include "merkle.h"
@@ -1029,22 +1028,19 @@ execute_swap_checks(dispatcher_context_t *dc, sign_psbt_state_t *st) {
     if (!st->is_wallet_default) {
         PRINTF("Must be a default wallet policy for swap feature\n");
         SEND_SW_EC(dc, SW_FAIL_SWAP, EC_SWAP_ERROR_WRONG_METHOD_NONDEFAULT_POLICY);
-        finalize_exchange_sign_transaction(false);
     }
 
     // No external inputs allowed
     if (st->n_external_inputs > 0) {
         PRINTF("External inputs not allowed in swap transactions\n");
         SEND_SW_EC(dc, SW_FAIL_SWAP, EC_SWAP_ERROR_WRONG_METHOD_EXTERNAL_INPUTS);
-        finalize_exchange_sign_transaction(false);
     }
 
     if (st->warnings.missing_nonwitnessutxo || st->warnings.non_default_sighash) {
         // Do not allow transactions with missing non-witness utxos or non-default sighash flags
         PRINTF(
             "Missing non-witness utxo or non-default sighash flags are not allowed during swaps\n");
         SEND_SW_EC(dc, SW_FAIL_SWAP, EC_SWAP_ERROR_WRONG_METHOD_MISSING_NONWITNESSUTXO);
-        finalize_exchange_sign_transaction(false);
     }
 
     uint64_t fee = st->inputs_total_amount - st->outputs.total_amount;
@@ -1060,7 +1056,6 @@ execute_swap_checks(dispatcher_context_t *dc, sign_psbt_state_t *st) {
         if (st->n_external_outputs != 1) {
             PRINTF("Standard swap transaction must have exactly 1 external output\n");
             SEND_SW_EC(dc, SW_FAIL_SWAP, EC_SWAP_ERROR_WRONG_METHOD_WRONG_N_OF_OUTPUTS);
-            finalize_exchange_sign_transaction(false);
         }
     } else if (G_swap_state.mode == SWAP_MODE_CROSSCHAIN) {
         // There must be exactly 2 external outputs; the first is the OP_RETURN
@@ -1070,7 +1065,6 @@ execute_swap_checks(dispatcher_context_t *dc, sign_psbt_state_t *st) {
         if (st->n_external_outputs != 2) {
             PRINTF("Cross-chain swap transaction must have exactly 2 external outputs\n");
             SEND_SW_EC(dc, SW_FAIL_SWAP, EC_SWAP_ERROR_WRONG_METHOD_WRONG_N_OF_OUTPUTS);
-            finalize_exchange_sign_transaction(false);
         }
 
         uint8_t *opreturn_script = st->outputs.output_scripts[0];
@@ -1081,12 +1075,11 @@ execute_swap_checks(dispatcher_context_t *dc, sign_psbt_state_t *st) {
             SEND_SW_EC(dc,
                        SW_FAIL_SWAP,
                        EC_SWAP_ERROR_CROSSCHAIN_WRONG_METHOD_INVALID_FIRST_OUTPUT);
-            finalize_exchange_sign_transaction(false);
         }
 
         uint8_t second_byte = opreturn_script[1];
-        size_t push_opcode_size;  // the length of the push opcode (1 or 2 bytes)
-        size_t data_size;         // the length of the actual data embedded in the OP_RETURN output
+        size_t push_opcode_size = 0;  // the length of the push opcode (1 or 2 bytes)
+        size_t data_size = 0;  // the length of the actual data embedded in the OP_RETURN output
         if (2 <= second_byte && second_byte <= 75) {
             push_opcode_size = 1;
             data_size = second_byte;
@@ -1100,21 +1093,18 @@ execute_swap_checks(dispatcher_context_t *dc, sign_psbt_state_t *st) {
             // so we don't bother parsing.
             PRINTF("Unsupported or invalid OP_RETURN Script in cross-chain swap\n");
             SEND_SW_EC(dc, SW_FAIL_SWAP, EC_SWAP_ERROR_CROSSCHAIN_WRONG_METHOD);
-            finalize_exchange_sign_transaction(false);
         }
 
         // Make sure there is a singla data push
         if (opreturn_script_len != 1 + push_opcode_size + data_size) {
             PRINTF("Invalid OP_RETURN Script length in cross-chain swap\n");
             SEND_SW_EC(dc, SW_FAIL_SWAP, EC_SWAP_ERROR_CROSSCHAIN_WRONG_METHOD);
-            finalize_exchange_sign_transaction(false);
         }
 
         // Make sure the output's value is 0
         if (opreturn_amount != 0) {
             PRINTF("OP_RETURN with non-zero value during cross-chain swap\n");
             SEND_SW_EC(dc, SW_FAIL_SWAP, EC_SWAP_ERROR_CROSSCHAIN_WRONG_METHOD_NONZERO_AMOUNT);
-            finalize_exchange_sign_transaction(false);
         }
 
         // verify the hash in the data payload is the expected one
@@ -1125,18 +1115,15 @@ execute_swap_checks(dispatcher_context_t *dc, sign_psbt_state_t *st) {
                    sizeof(expected_payin_hash)) != 0) {
             PRINTF("Mismatching payin hash in cross-chain swap\n");
             SEND_SW_EC(dc, SW_FAIL_SWAP, EC_SWAP_ERROR_CROSSCHAIN_WRONG_HASH);
-            finalize_exchange_sign_transaction(false);
         }
     } else if (G_swap_state.mode == SWAP_MODE_ERROR) {
         // an error was detected in handle_swap_sign_transaction.c::copy_transaction_parameters
         // special case only to improve error reporting in debug mode
         PRINTF("Invalid parameters for swap feature\n");
         SEND_SW_EC(dc, SW_FAIL_SWAP, EC_SWAP_ERROR_GENERIC_COPY_TRANSACTION_PARAMETERS_FAILED);
-        finalize_exchange_sign_transaction(false);
     } else {
         PRINTF("Unknown swap mode: %d\n", G_swap_state.mode);
         SEND_SW_EC(dc, SW_FAIL_SWAP, EC_SWAP_ERROR_GENERIC_UNKNOWN_MODE);
-        finalize_exchange_sign_transaction(false);
     }
 
     LEDGER_ASSERT(0 <= swap_dest_idx && swap_dest_idx < N_CACHED_EXTERNAL_OUTPUTS,
@@ -1146,14 +1133,12 @@ execute_swap_checks(dispatcher_context_t *dc, sign_psbt_state_t *st) {
     if (fee != G_swap_state.fees) {
         PRINTF("Mismatching fee for swap\n");
         SEND_SW_EC(dc, SW_FAIL_SWAP, EC_SWAP_ERROR_WRONG_FEES);
-        finalize_exchange_sign_transaction(false);
     }
 
     uint64_t spent_amount = st->outputs.total_amount - st->outputs.change_total_amount;
     if (spent_amount != G_swap_state.amount) {
         PRINTF("Mismatching spent amount for swap\n");
         SEND_SW_EC(dc, SW_FAIL_SWAP, EC_SWAP_ERROR_WRONG_AMOUNT);
-        finalize_exchange_sign_transaction(false);
     }
 
     // Compute this output's address
@@ -1164,7 +1149,6 @@ execute_swap_checks(dispatcher_context_t *dc, sign_psbt_state_t *st) {
                        output_description)) {
         PRINTF("Invalid or unsupported script for external output\n");
         SEND_SW_EC(dc, SW_FAIL_SWAP, EC_SWAP_ERROR_WRONG_METHOD_WRONG_UNSUPPORTED_OUTPUT);
-        finalize_exchange_sign_transaction(false);
     }
 
     char output_description_len = strlen(output_description);
@@ -1187,7 +1171,6 @@ execute_swap_checks(dispatcher_context_t *dc, sign_psbt_state_t *st) {
         }
         PRINTF("\n");
         SEND_SW_EC(dc, SW_FAIL_SWAP, EC_SWAP_ERROR_WRONG_DESTINATION);
-        finalize_exchange_sign_transaction(false);
     }
 
     return true;
@@ -2204,11 +2187,6 @@ void handler_sign_psbt(dispatcher_context_t *dc, uint8_t protocol_version) {
         if (!sign_result) {
             return;
         }
-
-        // Only if called from swap, the app should terminate after sending the response
-        if (G_called_from_swap) {
-            G_swap_state.should_exit = true;
-        }
     }
 
     // MuSig2: if there is an active session at the end of round 1, we move it to persistent

src/main.c

@@ -31,7 +31,6 @@
 #include "constants.h"
 #include "debug.h"
 #include "dispatcher.h"
-#include "handle_swap_sign_transaction.h"
 #include "handlers.h"
 #include "io_ext.h"
 #include "menu.h"
@@ -86,12 +85,6 @@ const command_descriptor_t COMMAND_DESCRIPTORS[] = {
 
 static void initialize_app_globals() {
     ioe_reset_timeouts();
-
-    // We only zero out should_exit field and not the entire G_swap_state, as
-    // we need the globals initialization to happen _after_ calling copy_transaction_parameters when
-    // processing a SIGN_TRANSACTION request from the swap app (which initializes the other fields
-    // of G_swap_state).
-    G_swap_state.should_exit = false;
 }
 
 /**
@@ -168,9 +161,5 @@ void app_main() {
                         sizeof(COMMAND_DESCRIPTORS) / sizeof(COMMAND_DESCRIPTORS[0]),
                         ui_menu_main,
                         &cmd);
-        if (G_called_from_swap && G_swap_state.should_exit) {
-            // Bitcoin app will keep listening as long as it does not receive a valid TX
-            finalize_exchange_sign_transaction(true);
-        }
     }
 }

src/swap/handle_swap_sign_transaction.c

@@ -1,7 +1,5 @@
 #include <assert.h>
 
-#include "handle_swap_sign_transaction.h"
-
 /* SDK headers */
 #include "os.h"
 #include "read.h"
@@ -13,9 +11,6 @@
 #include "swap_globals.h"
 #include "usbd_core.h"
 
-// Save the BSS address where we will write the return value when finished
-static uint8_t* G_swap_sign_return_value_address;
-
 bool swap_copy_transaction_parameters(create_transaction_parameters_t* sign_transaction_params) {
     char destination_address[65];
     uint8_t destination_address_extra_data[33];
@@ -56,7 +51,6 @@ bool swap_copy_transaction_parameters(create_transaction_parameters_t* sign_tran
            sign_transaction_params->fee_amount_length);
 
     os_explicit_zero_BSS_segment();
-    G_swap_sign_return_value_address = &sign_transaction_params->result;
 
     G_swap_state.amount = read_u64_be(amount, 0);
     G_swap_state.fees = read_u64_be(fees, 0);
@@ -89,8 +83,3 @@ bool swap_copy_transaction_parameters(create_transaction_parameters_t* sign_tran
 
     return true;
 }
-
-void __attribute__((noreturn)) finalize_exchange_sign_transaction(bool is_success) {
-    *G_swap_sign_return_value_address = is_success;
-    os_lib_end();
-}

src/swap/handle_swap_sign_transaction.h

@@ -12,7 +12,6 @@ typedef struct swap_globals_s {
     uint64_t amount;
     uint64_t fees;
     char destination_address[65];
-    unsigned char should_exit;
     unsigned char mode;
     uint8_t payin_extra_id[1 + 32];
 } swap_globals_t;