Skip to content

Fully featured FIO app #12

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
relatko wants to merge 114 commits into
base: develop
Choose a base branch
from
Open

Fully featured FIO app #12

relatko wants to merge 114 commits into from

Conversation

@relatko
Copy link

@relatko relatko commented Jan 27, 2023

Main new features of the app:

  • The app now supports 25 various signTx actions instead of one.
    • Two actions contain Diffie-Hellman encrypted shared secret.
  • New Decode shared secret call

Tutorial for the new app is available at:
https://kb.fioprotocol.io/user-guides/ledger-fio-app-tutorial
The new features are only deployed on the beta site: https://beta-dashboard.fioprotocol.io

The folder /doc/security contains documentation for security review.

  • Contains detailed description of ledger app code changes.
  • Gives code modularization into smaller chunks. Besides this it gives suggested order in which to review the chunks. We made our review based on this order.
  • Contains app architecture description from security perspective.

relatko added 30 commits April 6, 2022 09:17
@relatko
Merge pull request #8 from vacuumlabs/merge_LedgerHQ_changes
6dccd52 
Merge ledger hq changes, change icons
@relatko
Add containerized build
7b115c3
@relatko
Make CI more continious
6cb7c7b
@relatko
Start and stop Speculos
1117cbb
@relatko
Makefile containing JS related goals
01eda26
@relatko
Infrastructure
0bf8219
@relatko
Speculos tests documentation + .gitignore
7c079db
@relatko
Remove unused files
bf361ab
@relatko
Ass Diffie-Hellman encryption support
569838c
@relatko
Merge pull request #9 from vacuumlabs/build_in_container
fcc4b96 
Build improvements, Speculos tests
@relatko
Fix formatting
62f3f1c
@relatko
Introduce NO_PULL option (for build and speculos)
7fc2d3d
@relatko
Add sign tx commands integrity checking tools
8efc041
@relatko
Update github workflows linter to 12
0c17bd3
@relatko
Refactor tx integrity functions
f1617fb 
They behave similar to hash functions
@relatko
INIT, APPEND_CONST_DATA, SHOW_MESSAGE, SHOW_MESAGE, FINISH calls
dbab988
@relatko
Counted section internals and unit tests
aec86f7
@relatko
Counted section commands
8280104
@relatko
Storage Commands
0b11271
@relatko
Transaction templates
d508b45 
The code now pases original integration tests
@relatko
Der. path is sent in INIT call instead of FINAL
cc7d25b 
This way derivation path is available for DH encoding
@relatko
DH commands
1e0b53b
@relatko
DH encryption now encodes the result with base64
aa81895
@relatko
Add Request funds transaction
f560dfb
@relatko
Integrity check in END DH command + minor chanes
b87abed 
Changing newfundsreq data content format, introduce error specific
to integrity checks.
@relatko
Add option to skip integrity check in DEVEL mode
39c4d04
@relatko
Simplifying js parsing
86f2999 
applying parse not validate as it is supposed
@relatko
Finish BE->LE transition
397daa0 
Derivation path is serializes LE
Remove unnecessary endian functions
@relatko
Recordobt transaction
d5b9493 
List of hashes for integrity check is not updated at the moment...
@relatko
New storage compare mode
2a8cb69
xchapron-ledger
xchapron-ledger reviewed May 25, 2023
View reviewed changes
MakefileLocal.mk
Copy link

@xchapron-ledger xchapron-ledger May 25, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This whole file could be simplified using up to date app-boilerplate/makefile as a reference.

src/keyDerivation.c
Copy link

@xchapron-ledger xchapron-ledger May 25, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TRY CATCH usage can be remove using _no_throw version of os_perso_derive_ and cx_ functions.
You could also use the helper from https://github.com/LedgerHQ/ledger-secure-sdk/blob/master/lib_standard_app/crypto_helpers.h.

Copy link
Author

@relatko relatko Oct 31, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I refactored all code handling intermediate (not to be returned) secrets into keyDerivation.c and diffieHellman.c (+ hash.h) files where errors are handled by returning error value.

src/main.c
Copy link

@xchapron-ledger xchapron-ledger May 25, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Many function can be removed if using the new standard_app lib from the SDK.
This improves the app code readability and helps removing some classical bugs.

@relatko
Copy link
Author

relatko commented Jun 10, 2023

Added guideline enforcer + fixed issues it found.
Bumped containers to most recent versions (build + speculos). Resolved breaking changes.

@relatko
Vulnerability fixes
9fddc72 
Fixed:
- Missing input value validation
- Potential missing secret wiping from stack after use
- String manipulation
- Pointer arithmetic on void pointer
- Trivial swich-case statements were removed
- Replaced certain other memset calls
@relatko relatko force-pushed the to_merge_with_LedgerHQ_1_0_5 branch from da25e74 to 9fddc72 Compare July 18, 2023 13:19
@tdejoigny-ledger
Copy link

tdejoigny-ledger commented Sep 4, 2023

hello @relatko, the CI checks shall be green to submit the PR. Please make the changes to have the CI green. Thank you.

xchapron-ledger
xchapron-ledger reviewed Oct 30, 2023
View reviewed changes
@xchapron-ledger xchapron-ledger mentioned this pull request Jan 17, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@xchapron-ledger xchapron-ledger xchapron-ledger left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@relatko @tdejoigny-ledger @xchapron-ledger @sgliner-ledger