add crc32 validation to UR

app/core/core.c

@@ -449,7 +449,7 @@ app_err_t core_eip4527_init_sign(struct eth_sign_request *qr_request) {
 void core_qr_run() {
   struct eth_sign_request qr_request;
 
-  if (ui_qrscan(&qr_request) != CORE_EVT_UI_OK) {
+  if (ui_qrscan(ETH_SIGN_REQUEST, &qr_request) != CORE_EVT_UI_OK) {
     return;
   }
 

app/crypto/crc32.c

@@ -58,3 +58,12 @@ void crc32_update(crc32_ctx_t* ctx, const uint8_t* data, size_t len) {
   }
 }
 
+uint32_t crc32(const uint8_t* data, size_t len) {
+  crc32_ctx_t ctx;
+  uint32_t out;
+  crc32_init(&ctx);
+  crc32_update(&ctx, data, len);
+  crc32_finish(&ctx, &out);
+  return out;
+}
+

app/crypto/crc32.h

@@ -29,4 +29,6 @@ static inline void crc32_finish(crc32_ctx_t* ctx, uint32_t* out) {
 
 void crc32_update(crc32_ctx_t* ctx, const uint8_t* data, size_t len);
 
+uint32_t crc32(const uint8_t* data, size_t len);
+
 #endif

app/qrcode/qrscan.c

@@ -1,12 +1,14 @@
-#include "camera/camera.h"
+#include "common.h"
+#include "error.h"
+#include "mem.h"
 #include "qrcode.h"
-#include "ur/ur.h"
-#include "ur/eip4527_decode.h"
+#include "camera/camera.h"
+#include "crypto/crc32.h"
 #include "screen/screen.h"
 #include "ui/theme.h"
 #include "ui/ui_internal.h"
-#include "error.h"
-#include "mem.h"
+#include "ur/ur.h"
+#include "ur/eip4527_decode.h"
 
 app_err_t qrscan_decode(struct quirc *qrctx, ur_t* ur) {
   struct quirc_code qrcode;
@@ -22,6 +24,29 @@ app_err_t qrscan_decode(struct quirc *qrctx, ur_t* ur) {
   return !err ? ur_process_part(ur, qrdata->payload, qrdata->payload_len) : ERR_RETRY;
 }
 
+app_err_t qrscan_deserialize(ur_t* ur) {
+  if (ur->type != g_ui_cmd.params.qrscan.type) {
+    return ERR_DATA;
+  }
+
+  if ((ur->crc != 0) && (crc32(ur->data, ur->data_len) != ur->crc)) {
+    return ERR_DATA;
+  }
+
+  app_err_t err;
+
+  switch(ur->type) {
+  case ETH_SIGN_REQUEST:
+    err = cbor_decode_eth_sign_request(ur->data, ur->data_len, g_ui_cmd.params.qrscan.out, NULL) == ZCBOR_SUCCESS ? ERR_OK : ERR_DATA;
+    break;
+  default:
+    err = ERR_DATA;
+    break;
+  }
+
+  return err;
+}
+
 app_err_t qrscan_scan() {
   struct quirc qrctx;
   app_err_t res = ERR_OK;
@@ -53,7 +78,7 @@ app_err_t qrscan_scan() {
     quirc_end(&qrctx);
 
     if (qrscan_decode(&qrctx, &ur) == ERR_OK) {
-      if ((ur.type == ETH_SIGN_REQUEST) && (cbor_decode_eth_sign_request(ur.data, ur.data_len, g_ui_cmd.params.qrscan.out, NULL) == ZCBOR_SUCCESS)) {
+      if (qrscan_deserialize(&ur) == ERR_OK) {
         screen_wait();
         goto end;
       } else {

app/ui/ui.c

@@ -9,9 +9,10 @@ static inline core_evt_t ui_signal_wait(uint8_t allow_usb) {
   return core_wait_event(allow_usb);
 }
 
-core_evt_t ui_qrscan(struct eth_sign_request* sign_request) {
+core_evt_t ui_qrscan(ur_type_t type, void* out) {
   g_ui_cmd.type = UI_CMD_QRSCAN;
-  g_ui_cmd.params.qrscan.out = sign_request;
+  g_ui_cmd.params.qrscan.out = out;
+  g_ui_cmd.params.qrscan.type = type;
   return ui_signal_wait(0);
 }
 

app/ui/ui.h

@@ -16,7 +16,7 @@ typedef enum {
   CORE_EVT_UI_OK
 } core_evt_t;
 
-core_evt_t ui_qrscan(struct eth_sign_request* sign_request);
+core_evt_t ui_qrscan(ur_type_t type, void* out);
 core_evt_t ui_menu(const menu_t* menu, i18n_str_id_t* selected);
 core_evt_t ui_display_tx(const txContent_t* tx);
 core_evt_t ui_display_msg(const uint8_t* msg, uint32_t len);

app/ui/ui_internal.h

@@ -58,7 +58,8 @@ struct cmd_menu {
 };
 
 struct cmd_qrscan {
-  struct eth_sign_request* out;
+  void* out;
+  ur_type_t type;
 };
 
 struct cmd_input_pin {

app/ur/ur.c

@@ -81,6 +81,7 @@ app_err_t ur_process_part(ur_t* ur, const uint8_t* in, size_t in_len) {
   }
 
   if (tmp == 1) {
+    ur->crc = 0;
     ur->data_len = part_len;
     return ERR_OK;
   }