Started using files from the SDK (1st step) #418
Conversation
…ard and test_get_extended_pubkey_nonstandard_nodisplay tests (for derivation)
…e stack consumption
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## develop #418 +/- ##
===========================================
- Coverage 84.58% 84.19% -0.39%
===========================================
Files 17 10 -7
Lines 2231 1829 -402
===========================================
- Hits 1887 1540 -347
+ Misses 344 289 -55
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
|
|
||
|
|
||
| #define MAX_BIP44_ACCOUNT_RECOMMENDED 100 | ||
| #define MAX_BIP44_ADDRESS_INDEX_RECOMMENDED 50000 |
There was a problem hiding this comment.
Since we have a constants.h file, that seems like a good place for these, so this file can be deleted altogether.
| $(warning Using semihosted PRINTF. Only run with speculos!) | ||
| DEFINES += HAVE_PRINTF HAVE_SEMIHOSTED_PRINTF PRINTF=semihosted_printf | ||
| endif | ||
|
|
There was a problem hiding this comment.
Typo usigng in commit message
| * Note: BIP32 allows up to 256 derivation steps - but only 5 or 6 are used in most cases. | ||
| */ | ||
| #define MAX_BIP32_PATH_STEPS 8 | ||
| #define MAX_BIP32_PATH_STEPS MAX_BIP32_PATH |
There was a problem hiding this comment.
Not sure about this change.
- I think
lib_standard_app/bip32shouldn't have an opinion about the number of derivation steps - that's a decision of apps. IMHOMAX_BIP32_PATHshould actually be deleted fromlib_standard_app. - There is a reason there are (or were) two constants
MAX_BIP32_PATH_STEPSandMAX_BIP32_PATH: one indicates how many derivation steps are OK for a path used in a wallet policy. But the actual keys (for example as they appear in the PSBT) will have 2 more derivation steps (because of the additional/change/addr_indexpart. So there is the need of distinguishing these two quantities.
The name of the constants was indeed not great, and the bigger one should be computer as "smaller one + 2", and moved in the same place.
There was a problem hiding this comment.
Pull request overview
This PR migrates the Bitcoin app to use standard SDK modules from lib_standard_app instead of maintaining duplicated implementations, representing the first step in a broader SDK integration effort. The changes remove redundant code, reorganize header file structure following a standardized pattern, and align the codebase with SDK conventions.
Changes:
- Removed local implementations of utilities (bip32, base58, buffer, format, read, write, varint, apdu_parser) now provided by SDK
- Created
_extvariants (buffer_ext, bip32_ext, parser_ext) for app-specific extensions beyond SDK functionality - Reorganized all header includes with standard pattern: C system headers, unit header, SDK headers, local headers (all alphabetically sorted)
- Updated MAX_BIP32_PATH_STEPS from 8 to 10 to align with SDK's MAX_BIP32_PATH
- Removed duplicate unit tests now covered by SDK, added new tests for TR musig scenarios
Reviewed changes
Copilot reviewed 118 out of 118 changed files in this pull request and generated 10 comments.
Show a summary per file
| File | Description |
|---|---|
| src/common/buffer.c/h | Removed - now using SDK's buffer implementation |
| src/common/read.c/h | Removed - now using SDK's read utilities |
| src/common/write.c/h | Removed - now using SDK's write utilities |
| src/common/varint.c/h | Removed - now using SDK's varint implementation |
| src/common/format.c/h | Removed - now using SDK's format utilities |
| src/common/bip32.c/h | Removed - now using SDK's BIP32 implementation |
| src/common/base58.c/h | Removed - now using SDK's base58 encoding |
| src/common/buffer_ext.c/h | New file providing app-specific buffer extensions with const-cast workarounds |
| src/common/bip32_ext.h | New file providing app-specific BIP32 constants (MAX_BIP32_PATH_STEPS, etc) |
| src/common/parser_ext.c/h | Renamed from parser.c/h, provides app-specific parser extensions |
| src/boilerplate/apdu_parser.c/h | Removed - functionality moved to parser.h from SDK |
| src/boilerplate/constants.h | Removed - constants moved to src/constants.h |
| src/boilerplate/offsets.h | Removed - no longer needed |
| src/swap/swap_lib_calls.h | Removed - now using SDK's version |
| unit-tests/test_*.c | Removed duplicate tests (write, format, bip32, base58, apdu_parser) covered by SDK |
| unit-tests/test_wallet.c | Added tests for TR musig scriptpath and keypath scenarios |
| unit-tests/CMakeLists.txt | Updated to use SDK paths and removed duplicate test executables |
| Makefile | Added SDK source files to build configuration |
| src/**/*.c/h | Comprehensive header reorganization following new standard pattern with SDK vs local header separation |
Comments suppressed due to low confidence (1)
src/common/parser_ext.c:121
- These casts to (uint8_t *) are needed because the SDK's buffer_t.ptr changed to const uint8_t *. However, these lines use memmove to write to the buffer, which violates the const correctness. This could lead to undefined behavior if the buffer is actually const. Verify that buffers[0]->ptr is mutable in this context, or consider using a different approach that respects const-ness.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| @@ -1,5 +1,7 @@ | |||
| #pragma once | |||
|
|
|||
|
|
|||
There was a problem hiding this comment.
Extra blank line between pragma once and the Local headers comment. According to the header organization guidelines stated in the PR description, there should be no leading empty lines.
|
|
||
|
|
There was a problem hiding this comment.
Extra blank line between #include <stdbool.h> and the Local headers comment. According to the header organization guidelines stated in the PR description, there should be no leading empty lines.
|
|
||
|
|
||
| /* Local headers */ |
There was a problem hiding this comment.
Extra blank lines between #include directives and the Local headers comment. According to the header organization guidelines stated in the PR description, there should be no leading empty lines.
|
|
||
| size_t data_len = data->size - data->offset; | ||
| uint8_t *data_start_ptr = data->ptr + data->offset; | ||
| uint8_t *data_start_ptr = (uint8_t *) data->ptr + data->offset; |
There was a problem hiding this comment.
This cast to (uint8_t *) is added because buffer_t.ptr changed from uint8_t * to const uint8_t * in the SDK. However, data_start_ptr is used later to write to this memory (in crypto_hash_update). If buffer_t.ptr is truly const in the SDK, this cast-away-const could lead to undefined behavior. Verify that the SDK's buffer_t.ptr is not actually const, or that this usage pattern is safe.
| return false; | ||
| } | ||
|
|
||
| memmove((uint8_t *) (buffer->ptr + buffer->offset), data, n); |
There was a problem hiding this comment.
This cast away const is problematic. The buffer is being written to via the cast pointer. If the SDK's buffer_t.ptr is truly const, this violates const correctness and could lead to undefined behavior. Consider verifying that buffer->ptr is mutable in write contexts, or redesign the buffer API to handle const-ness properly.
| @@ -1,5 +1,7 @@ | |||
| #pragma once | |||
|
|
|||
|
|
|||
There was a problem hiding this comment.
Extra blank line between pragma once and the Local headers comment. According to the header organization guidelines stated in the PR description, there should be no leading empty lines.
| @@ -1,5 +1,7 @@ | |||
| #pragma once | |||
|
|
|||
|
|
|||
There was a problem hiding this comment.
Extra blank line between pragma once and the Local headers comment. According to the header organization guidelines stated in the PR description, there should be no leading empty lines.
| ((uint8_t *) buffer->ptr)[buffer->offset] = value; | ||
| buffer_seek_cur(buffer, 1); | ||
|
|
||
| return true; | ||
| } | ||
|
|
||
| bool buffer_write_u16(buffer_t *buffer, uint16_t value, endianness_t endianness) { | ||
| if (!buffer_can_read(buffer, 2)) { | ||
| return false; | ||
| } | ||
|
|
||
| if (endianness == BE) { | ||
| write_u16_be((uint8_t *) buffer->ptr, buffer->offset, value); |
There was a problem hiding this comment.
Cast away const on buffer->ptr. This function writes to the buffer via the cast pointer. If the SDK's buffer_t.ptr is const uint8_t *, this violates const correctness. Verify that buffer->ptr is mutable in write contexts.
| write_u32_be((uint8_t *) buffer->ptr, buffer->offset, value); | ||
| } else { | ||
| write_u32_le((uint8_t *) buffer->ptr, buffer->offset, value); | ||
| } | ||
| buffer_seek_cur(buffer, 4); | ||
|
|
||
| return true; | ||
| } | ||
|
|
||
| bool buffer_write_u64(buffer_t *buffer, uint64_t value, endianness_t endianness) { | ||
| if (!buffer_can_read(buffer, 8)) { | ||
| return false; | ||
| } | ||
|
|
||
| if (endianness == BE) { | ||
| write_u64_be((uint8_t *) buffer->ptr, buffer->offset, value); |
There was a problem hiding this comment.
Cast away const on buffer->ptr. This function writes to the buffer via the cast pointer. If the SDK's buffer_t.ptr is const uint8_t *, this violates const correctness. Verify that buffer->ptr is mutable in write contexts.
| /* SDK headers */ | ||
| /* SDK headers */ |
There was a problem hiding this comment.
Duplicate "/* SDK headers */" comment on consecutive lines. Remove one of them.
_extMAX_BIP32_PATH_STEPS (was 8)set toMAX_BIP32_PATH == 10to aligned with the SDK. In any case that was not clean with the swapMAX_BIP32_PATHvalue that was already 10 = > it may led to an additional stack consumptionm.datasize is not impacted5758b0f