fix: suggested fixes from ledger

Makefile

@@ -87,7 +87,6 @@ DEFINES   += BLE_SEGMENT_SIZE=32 #max MTU, min 20
 
 DEFINES   += HAVE_WEBUSB WEBUSB_URL_SIZE_B=0 WEBUSB_URL=""
 
-DEFINES   += UNUSED\(x\)=\(void\)x
 DEFINES   += APPVERSION=\"$(APPVERSION)\"
 
 
@@ -172,6 +171,9 @@ ifeq ($(TARGET_NAME),$(filter $(TARGET_NAME),TARGET_NANOX TARGET_STAX))
 SDK_SOURCE_PATH  += lib_blewbxx lib_blewbxx_impl
 endif
 
+# Allow usage of function from lib_standard_app/crypto_helpers.c
+APP_SOURCE_FILES += ${BOLOS_SDK}/lib_standard_app/crypto_helpers.c
+
 include vendor/nanopb/extra/nanopb.mk
 
 DEFINES   += PB_NO_ERRMSG=1

src/get_public_key.c

@@ -2,20 +2,24 @@
 
 get_public_key_context_t gpk_ctx;
 
-static void get_pk() {
+static bool get_pk() {
     // Derive Key
-    hedera_derive_keypair(gpk_ctx.key_index, NULL, &gpk_ctx.public);
+    if (!hedera_get_pubkey(gpk_ctx.key_index, gpk_ctx.raw_pubkey)) {
+        return false;
+    }
 
     if (sizeof(G_io_apdu_buffer) < 32) {
         THROW(EXCEPTION_INTERNAL);
     }
 
     // Put Key bytes in APDU buffer
-    public_key_to_bytes(G_io_apdu_buffer, &gpk_ctx.public);
+    public_key_to_bytes(G_io_apdu_buffer, gpk_ctx.raw_pubkey);
 
     // Populate Key Hex String
     bin2hex(gpk_ctx.full_key, G_io_apdu_buffer, KEY_SIZE);
     gpk_ctx.full_key[ KEY_SIZE ] = '\0';
+
+    return true;
 }
 
 void handle_get_public_key(uint8_t p1, uint8_t p2, uint8_t* buffer,
@@ -48,7 +52,9 @@ void handle_get_public_key(uint8_t p1, uint8_t p2, uint8_t* buffer,
     }
 
     // Populate context with PK
-    get_pk();
+    if (!get_pk()) {
+        io_exchange_with_code(EXCEPTION_INTERNAL, 0);
+    }
 
     if (p1 == 0) {
         ui_get_public_key();

src/get_public_key.h

@@ -17,7 +17,7 @@ typedef struct get_public_key_context_s {
     // Lines on the UI Screen
     char ui_approve_l2[ DISPLAY_SIZE + 1 ];
 
-    cx_ecfp_public_key_t public;
+    uint8_t raw_pubkey[65];
 
     // Public Key Compare
     uint8_t display_index;

src/hedera.c

@@ -4,84 +4,61 @@
 #include <os.h>
 #include <string.h>
 
+#include "lib_standard_app/crypto_helpers.h"
+
 #include "globals.h"
 #include "utils.h"
 
-bool hedera_derive_keypair(uint32_t index,
-                           /* out */ cx_ecfp_private_key_t* secret,
-                           /* out */ cx_ecfp_public_key_t* public) {
-    static uint8_t seed[ SEED_SIZE ];
-    static uint32_t path[ PATH_SIZE ];
-    static cx_ecfp_private_key_t pk;
-
+static void hedera_set_path(uint32_t index, uint32_t path[static 5]) {
     path[ 0 ] = PATH_ZERO;
     path[ 1 ] = PATH_ONE;
     path[ 2 ] = PATH_TWO;
     path[ 3 ] = PATH_THREE;
     path[ 4 ] = PATH_FOUR;
+}
 
-    os_perso_derive_node_bip32_seed_key(HDW_ED25519_SLIP10, CX_CURVE_Ed25519,
-                                        path, 5, seed, NULL, NULL, 0);
-
-    if (CX_OK != cx_ecfp_init_private_key_no_throw(CX_CURVE_Ed25519, seed,
-                                                   sizeof(seed), &pk)) {
-        MEMCLEAR(seed);
-        return false;
-    }
-
-    if (public) {
-        if (CX_OK != cx_ecfp_init_public_key_no_throw(CX_CURVE_Ed25519, NULL, 0,
-                                                      public)) {
-            MEMCLEAR(seed);
-            MEMCLEAR(pk);
-            return false;
-        }
+bool hedera_get_pubkey(uint32_t index, uint8_t raw_pubkey[static 65]) {
+    static uint32_t path[ 5 ];
 
-        if (CX_OK !=
-            cx_ecfp_generate_pair_no_throw(CX_CURVE_Ed25519, public, &pk, 1)) {
-            MEMCLEAR(seed);
-            MEMCLEAR(pk);
-            return false;
-        }
-    }
+    hedera_set_path(index, path);
 
-    if (secret) {
-        *secret = pk;
+    if (CX_OK != bip32_derive_with_seed_get_pubkey_256(HDW_ED25519_SLIP10,
+                                                       CX_CURVE_Ed25519,
+                                                       path,
+                                                       5,
+                                                       raw_pubkey,
+                                                       NULL,
+                                                       CX_SHA512,
+                                                       NULL,
+                                                       0)) {
+        return false;
     }
 
-    MEMCLEAR(seed);
-    MEMCLEAR(pk);
-
     return true;
 }
 
 bool hedera_sign(uint32_t index, const uint8_t* tx, uint8_t tx_len,
                  /* out */ uint8_t* result) {
-    static cx_ecfp_private_key_t pk;
 
-    // Get Keys
-    if (!hedera_derive_keypair(index, &pk, NULL)) {
-        return false;
-    }
+    static uint32_t path[ 5 ];
+    size_t sig_len = 64;
 
-    // Sign Transaction
-    // <cx.h> 2283
-    // Claims to want Hashes, but other apps use the message itself
-    // and complain that the documentation is wrong
-    if (CX_OK != cx_eddsa_sign_no_throw(
-                     &pk,       // private key
-                     CX_SHA512, // hashID
-                     tx,        // hash (really message)
-                     tx_len,    // hash length (really message length)
-                     result,    // signature
-                     64         // signature length
-                     )) {
-        MEMCLEAR(pk);
+    hedera_set_path(index, path);
+
+
+    if (CX_OK != bip32_derive_with_seed_eddsa_sign_hash_256(HDW_ED25519_SLIP10,
+                                                            CX_CURVE_Ed25519,
+                                                            path,
+                                                            5,
+                                                            CX_SHA512,
+                                                            tx,        // hash (really message)
+                                                            tx_len,    // hash length (really message length)
+                                                            result,    // signature
+                                                            &sig_len,
+                                                            NULL,
+                                                            0)) {
         return false;
     }
 
-    // Clear private key
-    MEMCLEAR(pk);
-
     return true;
 }

src/hedera.h

@@ -3,13 +3,7 @@
 #include <stdbool.h>
 #include <stdint.h>
 
-// Forward declare to avoid including os.h in a header file
-struct cx_ecfp_256_public_key_s;
-struct cx_ecfp_256_private_key_s;
-
-bool hedera_derive_keypair(uint32_t index,
-                           /* out */ struct cx_ecfp_256_private_key_s* secret,
-                           /* out */ struct cx_ecfp_256_public_key_s* public);
+bool hedera_get_pubkey(uint32_t index, uint8_t raw_pubkey[static 65]);
 
 bool hedera_sign(uint32_t index, const uint8_t* tx, uint8_t tx_len,
                  /* out */ uint8_t* result);

src/sign_transaction.h

@@ -43,8 +43,6 @@ enum TransactionType {
 
 /*
  * Supported Transactions:
- * // TODO: Refactor this into a generic dispatch
- *
  * Verify:
  * "Verify Account with Key #0?" (Summary) <--> "Account" (Senders) <--> Confirm
  * <--> Deny

src/ui/globals.h

@@ -14,8 +14,6 @@
 
 #define HBAR 100000000 // tinybar
 #define HBAR_BUF_SIZE 26
-#define SEED_SIZE 32
-#define PATH_SIZE 5
 
 #define PATH_ZERO 44 | 0x80000000
 #define PATH_ONE 3030 | 0x80000000

src/utils.c

@@ -1,16 +1,16 @@
 #include "utils.h"
 #include "globals.h"
 
-void public_key_to_bytes(unsigned char *dst, cx_ecfp_public_key_t *public) {
-    if (dst == NULL || public == NULL) {
+void public_key_to_bytes(unsigned char *dst, uint8_t raw_pubkey[static 65]) {
+    if (dst == NULL || raw_pubkey == NULL) {
         THROW(EXCEPTION_MALFORMED_APDU);
     }
 
     for (int i = 0; i < 32; i++) {
-        dst[ i ] = public->W[ 64 - i ];
+        dst[ i ] = raw_pubkey[ 64 - i ];
     }
 
-    if (public->W[ 32 ] & 1) {
+    if (raw_pubkey[ 32 ] & 1) {
         dst[ 31 ] |= 0x80;
     }
 }

src/utils.h

@@ -7,6 +7,6 @@
 
 #define ARRAY_COUNT(array) (sizeof(array) / sizeof(array[0]))
 
-void public_key_to_bytes(uint8_t *dst, cx_ecfp_public_key_t *public);
+void public_key_to_bytes(unsigned char *dst, uint8_t raw_pubkey[static 65]);
 
 void bin2hex(uint8_t *dst, uint8_t *data, uint64_t inlen);