messaging: no need to pass buffer when replying with bytestring

The length of the bytestring is passed, so the buffer size can be
inferred.
Uses a stack buffer for small messages, allocating for larger replies.

Author: Jamie C. Driver

main/process.c

@@ -42,6 +42,9 @@ extern uint8_t macid[6];
 // The 'id' we make using that mac-id
 static char jade_id[16];
 
+#define JADE_MSG_REPLY_LEN 256
+#define JADE_MSG_REPLY_OVERHEAD 64
+
 #ifdef CONFIG_HEAP_TRACING
 
 #include <esp_heap_trace.h>
@@ -603,16 +606,26 @@ void jade_process_reject_message_ex(const cbor_msg_t ctx, int code, const char*
 void jade_process_reject_message(jade_process_t* process, int code, const char* message)
 {
     if (HAS_CURRENT_MESSAGE(process)) {
-        uint8_t buf[256];
+        uint8_t buf[JADE_MSG_REPLY_LEN];
         jade_process_reject_message_ex(process->ctx, code, message, NULL, 0, buf, sizeof(buf));
     } else {
         JADE_LOGW("Ignoring attempt to reject 'no-message'");
     }
 }
 
-void jade_process_reply_to_message_bytes(
-    cbor_msg_t ctx, const uint8_t* data, const size_t datalen, uint8_t* buffer, const size_t buflen)
+void jade_process_reply_to_message_bytes(const cbor_msg_t ctx, const uint8_t* data, const size_t datalen)
 {
+    // Avoid allocating for small replies
+    uint8_t buf[JADE_MSG_REPLY_LEN];
+    uint8_t* buffer = buf;
+    size_t buflen = sizeof(buf);
+
+    if (datalen > JADE_MSG_REPLY_LEN - JADE_MSG_REPLY_OVERHEAD) {
+        buflen = datalen + JADE_MSG_REPLY_OVERHEAD;
+        JADE_ASSERT(buflen > sizeof(buf));
+        buffer = JADE_MALLOC(buflen);
+    }
+
     CborEncoder root_encoder;
     cbor_encoder_init(&root_encoder, buffer, buflen, 0);
 
@@ -631,9 +644,14 @@ void jade_process_reply_to_message_bytes(
     cberr = cbor_encoder_close_container(&root_encoder, &root_map_encoder);
     JADE_ASSERT(cberr == CborNoError);
     jade_process_push_out_message(buffer, cbor_encoder_get_buffer_size(&root_encoder, buffer), ctx.source);
+
+    if (buffer != buf) {
+        // Allocated buffer
+        free(buffer);
+    }
 }
 
-void jade_process_reply_to_message_bytes_sequence(cbor_msg_t ctx, const size_t seqnum, const size_t seqlen,
+void jade_process_reply_to_message_bytes_sequence(const cbor_msg_t ctx, const size_t seqnum, const size_t seqlen,
     const uint8_t* data, const size_t datalen, uint8_t* buffer, const size_t buflen)
 {
     CborEncoder root_encoder;

main/process.h

@@ -96,7 +96,7 @@ void jade_process_push_out_message(const uint8_t* data, size_t length, jade_msg_
 void jade_process_reply_to_message_result_with_id(const char* id, uint8_t* output, size_t output_size,
     jade_msg_source_t source, const void* cbctx, cbor_encoder_fn_t cb);
 void jade_process_reply_to_message_result(
-    const cbor_msg_t ctx, uint8_t* output, size_t output_size, const void* cbctx, cbor_encoder_fn_t cb);
+    cbor_msg_t ctx, uint8_t* output, size_t output_size, const void* cbctx, cbor_encoder_fn_t cb);
 void jade_process_reply_to_message_ok(jade_process_t* process);
 void jade_process_reply_to_message_fail(jade_process_t* process);
 void jade_process_reply_to_message_ex(jade_msg_source_t source, const uint8_t* reply_payload, size_t payload_len);
@@ -116,8 +116,7 @@ void cbor_result_string_cb(const void* ctx, CborEncoder* container);
 void cbor_result_boolean_cb(const void* ctx, CborEncoder* container);
 void cbor_result_uint64_cb(const void* ctx, CborEncoder* container);
 
-void jade_process_reply_to_message_bytes(
-    cbor_msg_t ctx, const uint8_t* data, size_t datalen, uint8_t* buffer, size_t buflen);
+void jade_process_reply_to_message_bytes(cbor_msg_t ctx, const uint8_t* data, size_t datalen);
 void jade_process_reply_to_message_bytes_sequence(cbor_msg_t ctx, const size_t seqnum, const size_t seqlen,
     const uint8_t* data, const size_t datalen, uint8_t* buffer, const size_t buflen);
 

main/process/debug_scan_qr.c

@@ -10,8 +10,6 @@
 
 #ifdef CONFIG_DEBUG_MODE
 
-static const size_t QR_CBOR_OVERHEAD = 64;
-
 typedef struct {
     jade_process_t* process;
     bool check_qr; // check captured image is a valid qr code
@@ -96,11 +94,7 @@ static bool return_image_data(const size_t width, const size_t height, const uin
     }
 
     // All good, reply with the compressed image data
-    const size_t buflen = compressed_len + QR_CBOR_OVERHEAD;
-    uint8_t* buffer = JADE_MALLOC_PREFER_SPIRAM(buflen);
-    JADE_LOGI("Trying to send compressed captured image data, message buffer len: %u", buflen);
-    jade_process_reply_to_message_bytes(info->process->ctx, compressed, compressed_len, buffer, buflen);
-    free(buffer);
+    jade_process_reply_to_message_bytes(info->process->ctx, compressed, compressed_len);
 
     // Free the input message (to signal that we have been called and sent the reply)
     jade_process_free_current_message(info->process);
@@ -184,9 +178,7 @@ void debug_scan_qr_process(void* process_ptr)
     }
 
     // Reply with the decoded data (empty if failed)
-    uint8_t buf[512]; // sufficient for all existing test cases
-    const bytes_info_t bytes_info = { .data = qr_data.data, .size = qr_data.len };
-    jade_process_reply_to_message_result(process->ctx, buf, sizeof(buf), &bytes_info, cbor_result_bytes_cb);
+    jade_process_reply_to_message_bytes(process->ctx, qr_data.data, qr_data.len);
     JADE_LOGI("Success");
 
 cleanup:

main/process/get_blinding_factor.c

@@ -64,8 +64,7 @@ void get_blinding_factor_process(void* process_ptr)
         goto cleanup;
     }
 
-    uint8_t buffer[256];
-    jade_process_reply_to_message_bytes(process->ctx, blinding_factor, bf_len, buffer, sizeof(buffer));
+    jade_process_reply_to_message_bytes(process->ctx, blinding_factor, bf_len);
     JADE_LOGI("Success");
 
 cleanup:

main/process/get_blinding_key.c

@@ -40,9 +40,7 @@ void get_blinding_key_process(void* process_ptr)
         goto cleanup;
     }
 
-    uint8_t buffer[256];
-    jade_process_reply_to_message_bytes(
-        process->ctx, public_blinding_key, sizeof(public_blinding_key), buffer, sizeof(buffer));
+    jade_process_reply_to_message_bytes(process->ctx, public_blinding_key, sizeof(public_blinding_key));
     JADE_LOGI("Success");
 
 cleanup:

main/process/get_identity_pubkey.c

@@ -59,8 +59,7 @@ void get_identity_pubkey_process(void* process_ptr)
     }
 
     // Return pubkey to caller
-    uint8_t buffer[256];
-    jade_process_reply_to_message_bytes(process->ctx, pubkey, sizeof(pubkey), buffer, sizeof(buffer));
+    jade_process_reply_to_message_bytes(process->ctx, pubkey, sizeof(pubkey));
 
     JADE_LOGI("Success");
 

main/process/get_identity_shared_key.c

@@ -58,8 +58,7 @@ void get_identity_shared_key_process(void* process_ptr)
     }
 
     // Return pubkey to caller
-    uint8_t buffer[256];
-    jade_process_reply_to_message_bytes(process->ctx, shared_key, sizeof(shared_key), buffer, sizeof(buffer));
+    jade_process_reply_to_message_bytes(process->ctx, shared_key, sizeof(shared_key));
 
     JADE_LOGI("Success");
 

main/process/get_master_blinding_key.c

@@ -43,9 +43,8 @@ void get_master_blinding_key_process(void* process_ptr)
     // So we only return the relevant slice of the data.
     JADE_STATIC_ASSERT(sizeof(keychain_get()->master_unblinding_key) == HMAC_SHA512_LEN);
 
-    uint8_t buffer[256];
-    jade_process_reply_to_message_bytes(process->ctx, keychain_get()->master_unblinding_key + HMAC_SHA512_LEN / 2,
-        HMAC_SHA512_LEN / 2, buffer, sizeof(buffer));
+    jade_process_reply_to_message_bytes(
+        process->ctx, keychain_get()->master_unblinding_key + HMAC_SHA512_LEN / 2, HMAC_SHA512_LEN / 2);
     JADE_LOGI("Success");
 
 cleanup:

main/process/get_shared_nonce.c

@@ -107,8 +107,7 @@ void get_shared_nonce_process(void* process_ptr)
         jade_process_reply_to_message_result(process->ctx, buf, sizeof(buf), &data, reply_nonce_and_pubkey);
     } else {
         // Just shared blinding nonce alone (default/legacy behaviour)
-        uint8_t buf[128];
-        jade_process_reply_to_message_bytes(process->ctx, shared_nonce, sizeof(shared_nonce), buf, sizeof(buf));
+        jade_process_reply_to_message_bytes(process->ctx, shared_nonce, sizeof(shared_nonce));
     }
     JADE_LOGI("Success");
 

main/process/sign_message.c

@@ -253,7 +253,6 @@ void sign_message_process(void* process_ptr)
     // convert normal EC signatures to use the new/improved message flow.
     size_t ae_host_entropy_len = 0;
     const uint8_t* ae_host_entropy = NULL;
-    uint8_t buf[256];
     if (use_ae_signatures) {
         JADE_ASSERT(ae_host_commitment);
         JADE_ASSERT(ae_host_commitment_len == WALLY_HOST_COMMITMENT_LEN);
@@ -271,8 +270,7 @@ void sign_message_process(void* process_ptr)
         }
 
         // Return signer commitment to caller
-        jade_process_reply_to_message_bytes(
-            process->ctx, ae_signer_commitment, sizeof(ae_signer_commitment), buf, sizeof(buf));
+        jade_process_reply_to_message_bytes(process->ctx, ae_signer_commitment, sizeof(ae_signer_commitment));
 
         // Await 'get_signature' message containing host entropy
         jade_process_load_in_message(process, true);
@@ -303,6 +301,8 @@ void sign_message_process(void* process_ptr)
     }
     JADE_ASSERT(written < sizeof(sig_output));
     JADE_ASSERT(sig_output[written - 1] == '\0');
+
+    uint8_t buf[256];
     jade_process_reply_to_message_result(
         process->ctx, buf, sizeof(buf), (const char*)sig_output, cbor_result_string_cb);