No UI when called from swap

LedgerHQ · Nov 15, 2024 · d4a7147 · d4a7147
1 parent bd3be45
commit d4a7147
Show file tree

Hide file tree

Showing 2 changed files with 144 additions and 50 deletions.
diff --git a/src/signTx/signTx.c b/src/signTx/signTx.c
@@ -15,6 +15,9 @@
 #include "bufView.h"
 #include "securityPolicy.h"
 #include "signTx_ui.h"
+#include "swap.h"
+#include "io_swap.h"
+#include "handle_sign_transaction.h"
 
 static ins_sign_tx_context_t* ctx = &(instructionState.signTxContext);
 
@@ -480,6 +483,21 @@ __noinline_due_to_stack__ static void signTx_handleInitAPDU(uint8_t p2,
         VALIDATE(p2 == P2_UNUSED, ERR_INVALID_REQUEST_PARAMETERS);
     }
 
+#ifdef HAVE_SWAP
+    if (G_called_from_swap) {
+        if (G_swap_response_ready) {
+            // Safety against trying to make the app sign multiple TX
+            // This code should never be triggered as the app is supposed to exit after
+            // sending the signed transaction
+            PRINTF("Safety against double signing triggered\n");
+            swap_finalize_exchange_sign_transaction(false);
+            os_sched_exit(-1);
+        }
+        // We will quit the app after this transaction, whether it succeeds or fails
+        PRINTF("Swap response is ready, the app will quit after the next send\n");
+        G_swap_response_ready = true;
+    }
+#endif
     {
         // parse data
 
@@ -602,8 +620,8 @@ __noinline_due_to_stack__ static void signTx_handleInitAPDU(uint8_t p2,
         ctx->numWitnesses = (uint16_t) u4be_read(wireHeader->numWitnesses);
 
         TRACE(
-            "num inputs, outputs, certificates, withdrawals, collateral inputs, required signers, "
-            "reference inputs, voting procedures, witnesses: %d %d %d %d %d %d %d %d %d",
+            "inputs: %d, outputs: %d, certificates: %d, withdrawals: %d, collateral inputs: %d,"
+            " required signers: %d, reference inputs: %d, voting procedures: %d, witnesses: %d",
             ctx->numInputs,
             ctx->numOutputs,
             ctx->numCertificates,
@@ -635,25 +653,33 @@ __noinline_due_to_stack__ static void signTx_handleInitAPDU(uint8_t p2,
         ctx->shouldDisplayTxid = false;
     }
 
-    security_policy_t policy = policyForSignTxInit(ctx->commonTxData.txSigningMode,
-                                                   ctx->commonTxData.networkId,
-                                                   ctx->commonTxData.protocolMagic,
-                                                   ctx->numOutputs,
-                                                   ctx->numCertificates,
-                                                   ctx->numWithdrawals,
-                                                   ctx->includeMint,
-                                                   ctx->includeScriptDataHash,
-                                                   ctx->numCollateralInputs,
-                                                   ctx->numRequiredSigners,
-                                                   ctx->includeNetworkId,
-                                                   ctx->includeCollateralOutput,
-                                                   ctx->includeTotalCollateral,
-                                                   ctx->numReferenceInputs,
-                                                   ctx->numVotingProcedures,
-                                                   ctx->includeTreasury,
-                                                   ctx->includeDonation);
-    TRACE("Policy: %d", (int) policy);
-    ENSURE_NOT_DENIED(policy);
+    security_policy_t policy = POLICY_DENY;
+#ifdef HAVE_SWAP
+    if (G_called_from_swap) {
+        policy = POLICY_ALLOW_WITHOUT_PROMPT;
+    } else
+#endif
+    {
+        policy = policyForSignTxInit(ctx->commonTxData.txSigningMode,
+                                     ctx->commonTxData.networkId,
+                                     ctx->commonTxData.protocolMagic,
+                                     ctx->numOutputs,
+                                     ctx->numCertificates,
+                                     ctx->numWithdrawals,
+                                     ctx->includeMint,
+                                     ctx->includeScriptDataHash,
+                                     ctx->numCollateralInputs,
+                                     ctx->numRequiredSigners,
+                                     ctx->includeNetworkId,
+                                     ctx->includeCollateralOutput,
+                                     ctx->includeTotalCollateral,
+                                     ctx->numReferenceInputs,
+                                     ctx->numVotingProcedures,
+                                     ctx->includeTreasury,
+                                     ctx->includeDonation);
+        TRACE("Policy: %d", (int) policy);
+        ENSURE_NOT_DENIED(policy);
+    }
     {
         // select UI steps
         switch (policy) {
@@ -899,11 +925,22 @@ __noinline_due_to_stack__ static void signTx_handleFeeAPDU(uint8_t p2,
         BODY_CTX->feeReceived = true;
     }
 
-    security_policy_t policy =
-        policyForSignTxFee(ctx->commonTxData.txSigningMode, BODY_CTX->stageData.fee);
-    TRACE("Policy: %d", (int) policy);
-    ENSURE_NOT_DENIED(policy);
-
+    security_policy_t policy = POLICY_DENY;
+#ifdef HAVE_SWAP
+    if (G_called_from_swap) {
+        if (!swap_check_fee_validity(BODY_CTX->stageData.fee)) {
+            send_swap_error(ERROR_WRONG_FEES, APP_CODE_DEFAULT, NULL);
+            // unreachable
+            os_sched_exit(0);
+        }
+        policy = POLICY_ALLOW_WITHOUT_PROMPT;
+    } else
+#endif
+    {
+        policy = policyForSignTxFee(ctx->commonTxData.txSigningMode, BODY_CTX->stageData.fee);
+        TRACE("Policy: %d", (int) policy);
+        ENSURE_NOT_DENIED(policy);
+    }
     {
         // add to tx
         TRACE("Adding fee to tx hash");
@@ -2401,10 +2438,17 @@ __noinline_due_to_stack__ static void signTx_handleConfirmAPDU(uint8_t p2,
         VALIDATE(wireDataSize == 0, ERR_INVALID_DATA);
     }
 
-    security_policy_t policy = policyForSignTxConfirm();
-    TRACE("Policy: %d", (int) policy);
-    ENSURE_NOT_DENIED(policy);
-
+    security_policy_t policy = POLICY_DENY;
+#ifdef HAVE_SWAP
+    if (G_called_from_swap) {
+        policy = POLICY_ALLOW_WITHOUT_PROMPT;
+    } else
+#endif
+    {
+        policy = policyForSignTxConfirm();
+        TRACE("Policy: %d", (int) policy);
+        ENSURE_NOT_DENIED(policy);
+    }
     {
         // compute txHash
         TRACE("Finalizing tx hash");
@@ -2463,14 +2507,20 @@ __noinline_due_to_stack__ static void signTx_handleWitnessAPDU(uint8_t p2,
         PRINTF("\n");
     }
 
-    security_policy_t policy =
-        policyForSignTxWitness(ctx->commonTxData.txSigningMode,
-                               &WITNESS_CTX->stageData.witness.path,
-                               ctx->includeMint,
-                               ctx->poolOwnerByPath ? &ctx->poolOwnerPath : NULL);
-    TRACE("Policy: %d", (int) policy);
-    ENSURE_NOT_DENIED(policy);
-
+    security_policy_t policy = POLICY_DENY;
+#ifdef HAVE_SWAP
+    if (G_called_from_swap) {
+        policy = POLICY_ALLOW_WITHOUT_PROMPT;
+    } else
+#endif
+    {
+        policy = policyForSignTxWitness(ctx->commonTxData.txSigningMode,
+                                        &WITNESS_CTX->stageData.witness.path,
+                                        ctx->includeMint,
+                                        ctx->poolOwnerByPath ? &ctx->poolOwnerPath : NULL);
+        TRACE("Policy: %d", (int) policy);
+        ENSURE_NOT_DENIED(policy);
+    }
     {
         // compute witness
         TRACE("getWitness");
@@ -2502,6 +2552,11 @@ __noinline_due_to_stack__ static void signTx_handleWitnessAPDU(uint8_t p2,
         }
     }
     signTx_handleWitness_ui_runStep();
+#ifdef HAVE_SWAP
+    if (G_called_from_swap) {
+        swap_finalize_exchange_sign_transaction(true);
+    }
+#endif
 }
 
 // ============================== MAIN HANDLER ==============================

diff --git a/src/signTx/signTxOutput.c b/src/signTx/signTxOutput.c
@@ -9,6 +9,9 @@
 #include "tokens.h"
 #include "hexUtils.h"
 #include "signTxOutput_ui.h"
+#include "swap.h"
+#include "handle_sign_transaction.h"
+#include "io_swap.h"
 
 static common_tx_data_t* commonTxData = &(instructionState.signTxContext.commonTxData);
 static ins_sign_tx_context_t* ctx = &(instructionState.signTxContext);
@@ -179,12 +182,30 @@ static void handleOutput_addressBytes() {
         .includeRefScript = subctx->includeRefScript,
     };
 
-    security_policy_t policy = policyForSignTxOutputAddressBytes(&output,
-                                                                 commonTxData->txSigningMode,
-                                                                 commonTxData->networkId,
-                                                                 commonTxData->protocolMagic);
-    TRACE("Policy: %d", (int) policy);
-    ENSURE_NOT_DENIED(policy);
+    security_policy_t policy = POLICY_DENY;
+#ifdef HAVE_SWAP
+    if (G_called_from_swap) {
+        if (!swap_check_destination_validity(&output.destination)) {
+            send_swap_error(ERROR_WRONG_DESTINATION, APP_CODE_DEFAULT, NULL);
+            // unreachable
+            os_sched_exit(0);
+        }
+        if (!swap_check_amount_validity(output.amount)) {
+            send_swap_error(ERROR_WRONG_AMOUNT, APP_CODE_DEFAULT, NULL);
+            // unreachable
+            os_sched_exit(0);
+        }
+        policy = POLICY_ALLOW_WITHOUT_PROMPT;
+    } else
+#endif
+    {
+        policy = policyForSignTxOutputAddressBytes(&output,
+                                                   commonTxData->txSigningMode,
+                                                   commonTxData->networkId,
+                                                   commonTxData->protocolMagic);
+        TRACE("Policy: %d", (int) policy);
+        ENSURE_NOT_DENIED(policy);
+    }
     subctx->outputSecurityPolicy = policy;
     subctx->outputTokensSecurityPolicy = policy;  // tokens shown iff output is shown
 
@@ -226,12 +247,30 @@ static void handleOutput_addressParams() {
         .includeRefScript = subctx->includeRefScript,
     };
 
-    security_policy_t policy = policyForSignTxOutputAddressParams(&output,
-                                                                  commonTxData->txSigningMode,
-                                                                  commonTxData->networkId,
-                                                                  commonTxData->protocolMagic);
-    TRACE("Policy: %d", (int) policy);
-    ENSURE_NOT_DENIED(policy);
+    security_policy_t policy = POLICY_DENY;
+#ifdef HAVE_SWAP
+    if (G_called_from_swap) {
+        if (!swap_check_destination_validity(&output.destination)) {
+            send_swap_error(ERROR_WRONG_DESTINATION, APP_CODE_DEFAULT, NULL);
+            // unreachable
+            os_sched_exit(0);
+        }
+        if (!swap_check_amount_validity(output.amount)) {
+            send_swap_error(ERROR_WRONG_AMOUNT, APP_CODE_DEFAULT, NULL);
+            // unreachable
+            os_sched_exit(0);
+        }
+        policy = POLICY_ALLOW_WITHOUT_PROMPT;
+    } else
+#endif
+    {
+        policy = policyForSignTxOutputAddressParams(&output,
+                                                    commonTxData->txSigningMode,
+                                                    commonTxData->networkId,
+                                                    commonTxData->protocolMagic);
+        TRACE("Policy: %d", (int) policy);
+        ENSURE_NOT_DENIED(policy);
+    }
     subctx->outputSecurityPolicy = policy;
     subctx->outputTokensSecurityPolicy = policy;  // tokens shown iff output is shown