Merge pull request #8 from blooo-io/fix/audit-fix

Fix vulnerability reported from the audit

.clang-format

@@ -12,9 +12,9 @@ SortIncludes: false
 SpaceAfterCStyleCast: true
 AllowShortCaseLabelsOnASingleLine: false
 AllowAllArgumentsOnNextLine: false
-AllowAllParametersOfDeclarationOnNextLine: false
 AllowShortBlocksOnASingleLine: Never
 AllowShortFunctionsOnASingleLine: None
 BinPackArguments: false
 BinPackParameters: false
 ---
+

Makefile

@@ -24,7 +24,7 @@ APP_LOAD_PARAMS= --curve secp256k1 $(COMMON_LOAD_PARAMS)
 
 APPVERSION_M=1
 APPVERSION_N=2
-APPVERSION_P=1
+APPVERSION_P=2
 APPVERSION=$(APPVERSION_M).$(APPVERSION_N).$(APPVERSION_P)
 
 # Celo

src/celo.c

@@ -345,10 +345,10 @@ void finalizeParsing(bool direct) {
       reset_app_context();
       PRINTF("Invalid fee currency");
       if (direct) {
-          THROW(0x6A80);
+          THROW(SW_ERROR_IN_DATA);
       }
       else {
-          io_seproxyhal_send_status(0x6A80);
+          io_seproxyhal_send_status(SW_ERROR_IN_DATA);
           ui_idle();
           return;
       }
@@ -401,10 +401,10 @@ void finalizeParsing(bool direct) {
           reset_app_context();
           PRINTF("Data field forbidden\n");
           if (direct) {
-            THROW(0x6A80);
+            THROW(SW_ERROR_IN_DATA);
           }
           else {
-            io_seproxyhal_send_status(0x6A80);
+            io_seproxyhal_send_status(SW_ERROR_IN_DATA);
             ui_idle();
             return;
           }

src/celo.h

@@ -1,25 +1,82 @@
+/**
+ * @file celo.h
+ * @brief Header file containing function declarations and definitions for the Celo application.
+ */
+
 #pragma once
 
 #include <stdint.h>
 #include "ethUstream.h"
 #include "tokens.h"
 
+/**
+ * @brief Sends the status code to the SE proxy hardware abstraction layer.
+ *
+ * @param sw The status code to be sent.
+ */
 void io_seproxyhal_send_status(uint32_t sw);
+
+/**
+ * @brief Formats the signature output.
+ *
+ * @param signature The signature to be formatted.
+ */
 void format_signature_out(const uint8_t* signature);
+
+/**
+ * @brief Sets the result and retrieves the public key.
+ *
+ * @return The status code for the operation.
+ */
 uint32_t set_result_get_publicKey();
+
+/**
+ * @brief Resets the application context.
+ */
 void reset_app_context();
 
+/**
+ * @brief Retrieves the known token based on the token address.
+ *
+ * @param tokenAddr The address of the token.
+ * @return A pointer to the token definition.
+ */
 tokenDefinition_t* getKnownToken(uint8_t *tokenAddr);
 
+/**
+ * @brief Custom processor for transaction context.
+ *
+ * @param context The transaction context.
+ * @return The custom status code.
+ */
 customStatus_e customProcessor(txContext_t *context);
+
+/**
+ * @brief Initializes the transaction context.
+ *
+ * @param context The transaction context.
+ * @param sha3 The SHA3 context.
+ * @param content The transaction content.
+ * @param customProcessor The custom processor function.
+ * @param extra Additional data for the custom processor.
+ */
 void initTx(txContext_t *context, cx_sha3_t *sha3, txContent_t *content, ustreamProcess_t customProcessor, void *extra);
+
+/**
+ * @brief Finalizes the parsing process.
+ *
+ * @param direct Flag indicating if the parsing is direct.
+ */
 void finalizeParsing(bool direct);
 
 // TODO: this should not be exposed
+/**
+ * @brief Enumeration representing the application state.
+ */
 typedef enum {
   APP_STATE_IDLE,
   APP_STATE_SIGNING_TX,
   APP_STATE_SIGNING_MESSAGE
 } app_state_t;
 
-extern volatile uint8_t appState;
+extern volatile uint8_t appState; /**< The application state. */

src/globals.h

@@ -8,6 +8,18 @@
 #define CHAINID_COINNAME "CELO"
 #define CHAIN_ID 0
 
+// RETURN CODES
+#define SW_TX_TYPE_NOT_SUPPORTED 0x6501
+#define SW_NO_APDU_RECEIVED 0x6982
+#define SW_INITIALIZATION_ERROR 0x6985
+#define SW_ERROR_IN_DATA 0x6A80
+#define SW_WRONG_P1_OR_P2 0x6b00
+#define SW_OK 0x9000
+#define SW_INS_NOT_SUPPORTED 0x6d00
+#define SW_CLA_NOT_SUPPORTED 0x6e00
+
+
+
 typedef union {
   txContent_t txContent;
   cx_sha256_t sha2;