Refactorings

src/common/merkle.c

@@ -24,7 +24,7 @@
 
 #include "merkle.h"
 
-#include "debug-helpers/debug.h"
+#include "../debug-helpers/debug.h"
 
 #include "ledger_assert.h"
 

src/crypto.c

@@ -35,7 +35,7 @@
 #include "common/read.h"
 #include "common/write.h"
 
-#include "debug-helpers/debug.h"
+#include "../debug-helpers/debug.h"
 
 #include "crypto.h"
 

src/crypto.h

@@ -30,6 +30,26 @@ typedef struct {
     uint8_t checksum[4];
 } serialized_extended_pubkey_check_t;
 
+/**
+ * Checks if the provided buffer is fully zeroed.
+ *
+ * It guarantees that the running time is constant for all the buffers of the same length,
+ * as a protection against timing attacks.
+ * However, it DOES leak the length of the buffer.
+ *
+ * @param[in] buffer       Pointer to the array.
+ * @param[in] buffer_len   The number of bytes in the array.
+ *
+ * @return true if the buffer is entirely zeroed, false otherwise.
+ */
+static inline bool is_array_all_zeros(const uint8_t buffer[], size_t buffer_len) {
+    uint8_t acc = 0;
+    for (size_t i = 0; i < buffer_len; i++) {
+        acc |= buffer[i];
+    }
+    return acc == 0;
+}
+
 /**
  * Generates the child extended public key, from a parent extended public key and non-hardened
  * index.

src/handler/get_wallet_address.c

@@ -121,13 +121,7 @@ void handler_get_wallet_address(dispatcher_context_t *dc, uint8_t protocol_versi
         }
     }
 
-    // the binary OR of all the hmac bytes (so == 0 iff the hmac is identically 0)
-    uint8_t hmac_or = 0;
-    for (int i = 0; i < 32; i++) {
-        hmac_or = hmac_or | wallet_hmac[i];
-    }
-
-    if (hmac_or == 0) {
+    if (is_array_all_zeros(wallet_hmac, sizeof(wallet_hmac))) {
         // No hmac, verify that the policy is indeed a default one
 
         if (!is_wallet_policy_standard(dc, &wallet_header, &wallet_policy_map.parsed)) {

src/handler/lib/get_merkle_leaf_hash.c

@@ -9,7 +9,7 @@
 #include "../../boilerplate/sw.h"
 #include "../client_commands.h"
 
-#include "debug-helpers/debug.h"
+#include "../../debug-helpers/debug.h"
 
 // Reads the inputs and sends the GET_MERKLE_LEAF_PROOF request.
 int call_get_merkle_leaf_hash(dispatcher_context_t *dc,

src/handler/lib/get_merkle_preimage.c

@@ -7,7 +7,7 @@
 #include "../../crypto.h"
 #include "../client_commands.h"
 
-#include "debug-helpers/debug.h"
+#include "../../debug-helpers/debug.h"
 
 // TODO: refactor common code with stream_preimage.c
 

src/handler/lib/policy.c

@@ -13,7 +13,7 @@
 #include "../../common/segwit_addr.h"
 #include "../../common/wallet.h"
 
-#include "debug-helpers/debug.h"
+#include "../../debug-helpers/debug.h"
 
 #include "ledger_assert.h"