LedgerHQ · cedelavergne-ledger · Apr 7, 2025 · Apr 7, 2025 · Apr 7, 2025 · Apr 7, 2025
@@ -271,7 +271,7 @@ static uint16_t handleApdu(command_t *cmd, uint32_t *flags, uint32_t *tx) {
 
 #ifdef HAVE_WEB3_CHECKS
         case INS_PROVIDE_TX_SIMULATION:
-            sw = handleTxSimulation(cmd->p1, cmd->p2, cmd->data, cmd->lc, flags);
+            sw = handle_tx_simulation(cmd->p1, cmd->p2, cmd->data, cmd->lc, flags);
             break;
 #endif
 

@@ -1,3 +1,4 @@
+#include <ctype.h>
 #include <string.h>
 #include "utils.h"
 
@@ -29,3 +30,20 @@ void str_cpy_explicit_trunc(const char *src, size_t src_size, char *dst, size_t
         memcpy(&dst[off], trunc_marker, sizeof(trunc_marker));
     }
 }
+
+/**
+ * @brief Check the name is printable.
+ *
+ * @param[in] data buffer received
+ * @param[in] name Name to check
+ * @param[in] len Length of the name
+ * @return True/False
+ */
+bool check_name(const uint8_t *name, uint16_t len) {
+    for (uint16_t i = 0; i < len; i++) {
+        if (!isprint(name[i])) {
+            return false;
+        }
+    }
+    return true;
+}
@@ -2,10 +2,12 @@
 #define UTILS_H_
 
 #include <stdint.h>
+#include <stdbool.h>
 
 #define SET_BIT(a) (1 << a)
 
 void buf_shrink_expand(const uint8_t *src, size_t src_size, uint8_t *dst, size_t dst_size);
 void str_cpy_explicit_trunc(const char *src, size_t src_size, char *dst, size_t dst_size);
+bool check_name(const uint8_t *name, uint16_t len);
 
 #endif  // !UTILS_H_
@@ -1,6 +1,5 @@
 #ifdef HAVE_DYNAMIC_NETWORKS
 
-#include <ctype.h>
 #include "network_info.h"
 #include "utils.h"
 #include "read.h"
@@ -109,23 +108,6 @@ static bool handle_chain_id(const s_tlv_data *data, s_network_info_ctx *context)
     return true;
 }
 
-/**
- * @brief Check the name is printable.
- *
- * @param[in] data buffer received
- * @param[in] name Name to check
- * @param[in] len Length of the name
- * @return True/False
- */
-static bool check_name(const uint8_t *name, uint16_t len) {
-    for (uint16_t i = 0; i < len; i++) {
-        if (!isprint(name[i])) {
-            return false;
-        }
-    }
-    return true;
-}
-
 /**
  * @brief Parse the NETWORK_NAME value.
  *

@@ -1,6 +1,5 @@
 #ifdef HAVE_WEB3_CHECKS
 
-#include <ctype.h>
 #include "cmd_get_tx_simulation.h"
 #include "apdu_constants.h"
 #include "hash_bytes.h"
@@ -108,23 +107,6 @@ tx_simulation_t TX_SIMULATION = {0};
         memmove((void *) field, data->value, data->length); \
     } while (0)
 
-/**
- * @brief Check the name is printable.
- *
- * @param[in] data buffer received
- * @param[in] name Name to check
- * @param[in] len Length of the name
- * @return True/False
- */
-static bool check_name(const uint8_t *name, uint16_t len) {
-    for (uint16_t i = 0; i < len; i++) {
-        if (!isprint(name[i])) {
-            return false;
-        }
-    }
-    return true;
-}
-
 /**
  * @brief Parse the STRUCTURE_TYPE value.
  *
@@ -379,18 +361,25 @@ static bool verify_signature(s_tx_simu_ctx *context) {
  *
  * Check the mandatory fields are present
  *
- * @param[in] rcv_bit indicates received fields
+ * @param[in] context TX Simu context
  * @return whether it was successful
  */
-static bool verify_fields(uint32_t rcv_bit) {
+static bool verify_fields(s_tx_simu_ctx *context) {
     uint32_t expected_fields;
 
     expected_fields = (1 << BIT_STRUCTURE_TYPE) | (1 << BIT_STRUCTURE_VERSION) |
                       (1 << BIT_TX_HASH) | (1 << BIT_ADDRESS) | (1 << BIT_W3C_NORMALIZED_RISK) |
                       (1 << BIT_W3C_NORMALIZED_CATEGORY) | (1 << BIT_W3C_TINY_URL) |
                       (1 << BIT_W3C_SIMU_TYPE) | (1 << BIT_DER_SIGNATURE);
 
-    return ((rcv_bit & expected_fields) == expected_fields);
+    if (context->simu->type == SIMU_TYPE_TRANSACTION) {
+        expected_fields |= (1 << BIT_CHAIN_ID);
+    }
+    if (context->simu->type == SIMU_TYPE_TYPED_DATA) {
+        expected_fields |= (1 << BIT_DOMAIN_HASH);
+    }
+
+    return ((context->rcv_flags & expected_fields) == expected_fields);
 }
 
 /**
@@ -411,8 +400,10 @@ static void print_simulation_info(s_tx_simu_ctx *context) {
         u64_to_string(context->simu->chain_id, chain_str, sizeof(chain_str));
         PRINTF("[TX SIMU] -    ChainID: %s\n", chain_str);
     }
-    PRINTF("[TX SIMU] -    Risk: %d -> %s\n", context->simu->risk, getTxSimuRiskStr());
-    PRINTF("[TX SIMU] -    Category: %d -> %s\n", context->simu->category, getTxSimuCategoryStr());
+    PRINTF("[TX SIMU] -    Risk: %d -> %s\n", context->simu->risk, get_tx_simulation_risk_str());
+    PRINTF("[TX SIMU] -    Category: %d -> %s\n",
+           context->simu->category,
+           get_tx_simulation_category_str());
     PRINTF("[TX SIMU] -    Provider Msg: %s\n", context->simu->provider_msg);
     PRINTF("[TX SIMU] -    Tiny URL: %s\n", context->simu->tiny_url);
 }
@@ -489,14 +480,14 @@ static bool handle_tlv_payload(const uint8_t *payload, uint16_t size, bool to_fr
 
     ctx.simu = &TX_SIMULATION;
     // Reset the structures
-    explicit_bzero(&TX_SIMULATION, sizeof(tx_simulation_t));
+    explicit_bzero(&TX_SIMULATION, sizeof(TX_SIMULATION));
     // Initialize the hash context
     cx_sha256_init(&ctx.hash_ctx);
 
     parsing_ret = tlv_parse(payload, size, (f_tlv_data_handler) &handle_tx_simu_tlv, &ctx);
     if (to_free) mem_dealloc(size);
-    if (!parsing_ret || !verify_fields(ctx.rcv_flags) || !verify_signature(&ctx)) {
-        explicit_bzero(&TX_SIMULATION, sizeof(tx_simulation_t));
+    if (!parsing_ret || !verify_fields(&ctx) || !verify_signature(&ctx)) {
+        explicit_bzero(&TX_SIMULATION, sizeof(TX_SIMULATION));
         explicit_bzero(&ctx, sizeof(s_tx_simu_ctx));
         return false;
     }
@@ -513,7 +504,7 @@ static bool handle_tlv_payload(const uint8_t *payload, uint16_t size, bool to_fr
  *
  * @param[in] response_expected indicates if a response is expected
  */
-void handleTxSimulationOptIn(bool response_expected) {
+void handle_tx_simulation_opt_in(bool response_expected) {
     if (N_storage.w3c_opt_in) {
         // Web3 Checks already Opt-In
         PRINTF("Web3 Checks already Opt-in!\n");
@@ -530,16 +521,17 @@ void handleTxSimulationOptIn(bool response_expected) {
 /**
  * @brief Handle Tx Simulation APDU.
  *
- * @param[in] p1 APDU parameter 1
+ * @param[in] p1 APDU parameter 1 (indicates Data payload or Opt-In request)
+ * @param[in] p2 APDU parameter 2 (indicates if the payload is the first chunk)
  * @param[in] data buffer received
  * @param[in] length of the buffer
  * @return APDU Response code
  */
-uint16_t handleTxSimulation(uint8_t p1,
-                            uint8_t p2,
-                            const uint8_t *data,
-                            uint8_t length,
-                            unsigned int *flags) {
+uint16_t handle_tx_simulation(uint8_t p1,
+                              uint8_t p2,
+                              const uint8_t *data,
+                              uint8_t length,
+                              unsigned int *flags) {
     uint16_t sw = APDU_RESPONSE_INTERNAL_ERROR;
 
     switch (p1) {
@@ -558,7 +550,7 @@ uint16_t handleTxSimulation(uint8_t p1,
             break;
         case 0x01:
             // TX Simulation Opt-In
-            handleTxSimulationOptIn(true);
+            handle_tx_simulation_opt_in(true);
             *flags |= IO_ASYNCH_REPLY;
             sw = APDU_NO_RESPONSE;
             break;
@@ -574,8 +566,8 @@ uint16_t handleTxSimulation(uint8_t p1,
  * @brief Clear the TX Simulation parameters.
  *
  */
-void clearTxSimulation(void) {
-    explicit_bzero(&TX_SIMULATION, sizeof(tx_simulation_t));
+void clear_tx_simulation(void) {
+    explicit_bzero(&TX_SIMULATION, sizeof(TX_SIMULATION));
 }
 
 /**
@@ -585,7 +577,7 @@ void clearTxSimulation(void) {
  * @param[in] checkFromAddr flag to check the FROM address
  * @return whether it was successful
  */
-bool checkTxSimulationParams(bool checkTxHash, bool checkFromAddr) {
+bool check_tx_simulation_params(bool checkTxHash, bool checkFromAddr) {
     uint8_t msg_sender[ADDRESS_LENGTH] = {0};
     uint64_t chain_id = get_tx_chain_id();
     uint8_t *hash = NULL;
@@ -703,13 +695,13 @@ bool checkTxSimulationParams(bool checkTxHash, bool checkFromAddr) {
  * @param[in] checkTxHash flag to check the TX_HASH
  * @param[in] checkFromAddr flag to check the FROM address
  */
-void setTxSimuWarning(nbgl_warning_t *p_warning, bool checkTxHash, bool checkFromAddr) {
+void set_tx_simulation_warning(nbgl_warning_t *p_warning, bool checkTxHash, bool checkFromAddr) {
     if (!N_storage.w3c_enable) {
         // W3Checks disabled
         return;
     }
     // W3Checks enabled => Verify parameters of the Transaction
-    checkTxSimulationParams(checkTxHash, checkFromAddr);
+    check_tx_simulation_params(checkTxHash, checkFromAddr);
     switch (TX_SIMULATION.risk) {
         case RISK_UNKNOWN:
             p_warning->predefinedSet |= SET_BIT(W3C_ISSUE_WARN);
@@ -727,7 +719,7 @@ void setTxSimuWarning(nbgl_warning_t *p_warning, bool checkTxHash, bool checkFro
             break;
     }
     p_warning->reportProvider = PIC(TX_SIMULATION.partner);
-    p_warning->providerMessage = getTxSimuCategoryStr();
+    p_warning->providerMessage = get_tx_simulation_category_str();
     p_warning->reportUrl = PIC(TX_SIMULATION.tiny_url);
 }
 
@@ -736,7 +728,7 @@ void setTxSimuWarning(nbgl_warning_t *p_warning, bool checkTxHash, bool checkFro
  *
  * @return risk as a string
  */
-const char *getTxSimuRiskStr(void) {
+const char *get_tx_simulation_risk_str(void) {
     switch (TX_SIMULATION.risk) {
         case RISK_UNKNOWN:
             return "UNKNOWN (W3C Issue)";
@@ -757,7 +749,7 @@ const char *getTxSimuRiskStr(void) {
  *
  * @return category string
  */
-const char *getTxSimuCategoryStr(void) {
+const char *get_tx_simulation_category_str(void) {
     // Unknown category string
     switch (TX_SIMULATION.risk) {
         case RISK_UNKNOWN:

@@ -6,6 +6,9 @@
 #include <stdbool.h>
 #include "common_utils.h"
 #include "nbgl_use_case.h"
+#ifdef HAVE_LEDGER_PKI
+#include "os_pki.h"
+#endif
 
 #define HASH_SIZE    32
 #define MSG_SIZE     25
@@ -41,24 +44,27 @@ typedef struct tx_simu_s {
     uint8_t category;
 } tx_simulation_t;
 
+_Static_assert(CERTIFICATE_TRUSTED_NAME_MAXLEN > PARTNER_SIZE - 1,
+               "Partner size is too big to get the trusted name");
+
 // Global structure to store the tx simultion parameters
 extern tx_simulation_t TX_SIMULATION;
 
-uint16_t handleTxSimulation(uint8_t p1,
-                            uint8_t p2,
-                            const uint8_t *data,
-                            uint8_t length,
-                            unsigned int *flags);
-void handleTxSimulationOptIn(bool response_expected);
+uint16_t handle_tx_simulation(uint8_t p1,
+                              uint8_t p2,
+                              const uint8_t *data,
+                              uint8_t length,
+                              unsigned int *flags);
+void handle_tx_simulation_opt_in(bool response_expected);
 void ui_tx_simulation_error(nbgl_choiceCallback_t callback);
 void ui_tx_simulation_opt_in(bool response_expected);
 
-void clearTxSimulation(void);
-bool checkTxSimulationParams(bool checkTxHash, bool checkFromAddr);
-void setTxSimuWarning(nbgl_warning_t *p_warning, bool checkTxHash, bool checkFromAddr);
+void clear_tx_simulation(void);
+bool check_tx_simulation_params(bool checkTxHash, bool checkFromAddr);
+void set_tx_simulation_warning(nbgl_warning_t *p_warning, bool checkTxHash, bool checkFromAddr);
 
-const char *getTxSimuRiskStr(void);
-const char *getTxSimuCategoryStr(void);
+const char *get_tx_simulation_risk_str(void);
+const char *get_tx_simulation_category_str(void);
 
 #endif  // HAVE_WEB3_CHECKS
 

@@ -44,7 +44,7 @@ static void reviewChoice(bool confirm) {
         nbgl_useCaseReviewStatus(STATUS_TYPE_TRANSACTION_REJECTED, ui_idle);
     }
 #ifdef HAVE_WEB3_CHECKS
-    clearTxSimulation();
+    clear_tx_simulation();
 #endif
 }
 
@@ -210,7 +210,7 @@ void ux_approve_tx(bool fromPlugin) {
         warning.predefinedSet |= SET_BIT(BLIND_SIGNING_WARN);
     }
 #ifdef HAVE_WEB3_CHECKS
-    setTxSimuWarning(&warning, true, true);
+    set_tx_simulation_warning(&warning, true, true);
 #endif
 
     if (tx_approval_context.fromPlugin) {

@@ -157,7 +157,7 @@ bool ui_gcs(void) {
 
     explicit_bzero(&warning, sizeof(nbgl_warning_t));
 #ifdef HAVE_WEB3_CHECKS
-    setTxSimuWarning(&warning, true, true);
+    set_tx_simulation_warning(&warning, true, true);
 #endif
 
     snprintf(tmp_buf, tmp_buf_size, "Review transaction to %s", get_operation_type());

@@ -64,7 +64,7 @@ static void setting_toggle_callback(int token, uint8_t index, int page) {
     switch (token) {
 #ifdef HAVE_WEB3_CHECKS
         case WEB3_CHECK_TOKEN:
-            handleTxSimulationOptIn(false);
+            handle_tx_simulation_opt_in(false);
             value = !N_storage.w3c_enable;
             switches[WEB3_CHECK_ID].initState = (nbgl_state_t) value;
             nvm_write((void *) &N_storage.w3c_enable, (void *) &value, sizeof(value));

@@ -90,7 +90,7 @@ static void ui_712_start_common(void) {
     appState = APP_STATE_SIGNING_EIP712;
     explicit_bzero(&warning, sizeof(nbgl_warning_t));
 #ifdef HAVE_WEB3_CHECKS
-    setTxSimuWarning(&warning, false, false);
+    set_tx_simulation_warning(&warning, false, false);
 #endif
 }
 
@@ -150,7 +150,7 @@ void ui_712_switch_to_sign(void) {
         nbgl_useCaseReviewStreamingContinueExt(&pairs_list, message_progress, review_skip);
     } else {
 #ifdef HAVE_WEB3_CHECKS
-        if (checkTxSimulationParams(true, true) == false) {
+        if (check_tx_simulation_params(true, true) == false) {
             ui_tx_simulation_error(ui_712_w3c_cb);
             return;
         }

@@ -31,9 +31,13 @@ void ui_sign_712_v0(void) {
     pairs_list.pairs = pairs;
     pairs_list.nbMaxLinesForValue = 0;
 
+    if (appState != APP_STATE_IDLE) {
+        reset_app_context();
+    }
+    appState = APP_STATE_SIGNING_EIP712;
     explicit_bzero(&warning, sizeof(nbgl_warning_t));
 #ifdef HAVE_WEB3_CHECKS
-    setTxSimuWarning(&warning, true, true);
+    set_tx_simulation_warning(&warning, true, true);
 #endif
     warning.predefinedSet |= SET_BIT(BLIND_SIGNING_WARN);