Skip to content

Commit

Permalink
Operation: check source right after get it
Browse files Browse the repository at this point in the history
In order to check source also for reveals
  • Loading branch information
spalmer25 committed Feb 6, 2024
1 parent 33c384d commit e8f653a
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 17 deletions.
17 changes: 7 additions & 10 deletions src/operations.c
Original file line number Diff line number Diff line change
Expand Up @@ -468,6 +468,13 @@ static inline bool parse_byte(uint8_t byte,
PARSE_ERROR();
}

// If the source is an implicit contract,...
if (out->operation.source.originated == 0) {
// ... it had better match our key, otherwise why are we signing it?
if (COMPARE(&out->operation.source, &out->signing) != 0) PARSE_ERROR();
}
// OK, it passes muster.

OP_JMPIF(STEP_AFTER_MANAGER_FIELDS,
(state->tag == OPERATION_TAG_PROPOSAL || state->tag == OPERATION_TAG_BALLOT));

Expand All @@ -493,9 +500,6 @@ static inline bool parse_byte(uint8_t byte,
// We know this is a reveal

// Public key up next! Ensure it matches signing key.
// Ignore source :-) and do not parse it from hdr.
// We don't much care about reveals, they have very little in the way of bad security
// implications and any fees have already been accounted for
{
raw_tezos_header_signature_type_t const *const sig_type =
NEXT_TYPE(raw_tezos_header_signature_type_t);
Expand Down Expand Up @@ -530,13 +534,6 @@ static inline bool parse_byte(uint8_t byte,

out->operation.tag = (uint8_t) state->tag;

// If the source is an implicit contract,...
if (out->operation.source.originated == 0) {
// ... it had better match our key, otherwise why are we signing it?
if (COMPARE(&out->operation.source, &out->signing) != 0) PARSE_ERROR();
}
// OK, it passes muster.

// This should by default be blanked out
out->operation.delegate.signature_type = SIGNATURE_TYPE_UNSET;
out->operation.delegate.originated = 0;
Expand Down
13 changes: 6 additions & 7 deletions test/python/test_instructions.py
Original file line number Diff line number Diff line change
Expand Up @@ -727,23 +727,22 @@ def test_sign_reveal(
account.check_signature(signature, bytes(reveal))


# Warning: operation PARSE_ERROR are not available on DEBUG-mode
PARAMETERS_SIGN_REVEAL_CONSTRAINTS = [
(
DEFAULT_ACCOUNT_2, DEFAULT_ACCOUNT, DEFAULT_ACCOUNT, DEFAULT_ACCOUNT,
StatusCode.SECURITY
),
(
DEFAULT_ACCOUNT, DEFAULT_ACCOUNT_2, DEFAULT_ACCOUNT, DEFAULT_ACCOUNT,
# Warning: operation PARSE_ERROR are not available on DEBUG-mode
StatusCode.PARSE_ERROR
),
(
DEFAULT_ACCOUNT, DEFAULT_ACCOUNT, DEFAULT_ACCOUNT_2, DEFAULT_ACCOUNT,
StatusCode.SECURITY
StatusCode.PARSE_ERROR
),
(
DEFAULT_ACCOUNT, DEFAULT_ACCOUNT, DEFAULT_ACCOUNT, DEFAULT_ACCOUNT_2,
# Warning: operation PARSE_ERROR are not available on DEBUG-mode
StatusCode.PARSE_ERROR
)
]
Expand Down Expand Up @@ -893,12 +892,12 @@ def build_bad_delegation_2(account: Account) -> Delegation:
(build_delegation, build_reveal, None, True, StatusCode.OK ),
(build_reveal, build_delegation, build_reveal, True, StatusCode.OK ),
] + [
(build_bad_reveal_1, build_reveal, None, False, StatusCode.OK ),
(build_bad_reveal_1, build_delegation, None, True, StatusCode.OK ),
(build_bad_reveal_1, build_reveal, None, False, StatusCode.PARSE_ERROR),
(build_bad_reveal_1, build_delegation, None, True, StatusCode.PARSE_ERROR),
(build_bad_reveal_2, build_reveal, None, False, StatusCode.PARSE_ERROR),
(build_bad_reveal_2, build_delegation, None, True, StatusCode.PARSE_ERROR),
(build_reveal, build_bad_reveal_1, None, False, StatusCode.SECURITY ),
(build_delegation, build_bad_reveal_1, None, True, StatusCode.SECURITY ),
(build_reveal, build_bad_reveal_1, None, False, StatusCode.PARSE_ERROR),
(build_delegation, build_bad_reveal_1, None, True, StatusCode.PARSE_ERROR),
(build_reveal, build_bad_reveal_2, None, False, StatusCode.PARSE_ERROR),
(build_delegation, build_bad_reveal_2, None, True, StatusCode.PARSE_ERROR),
(build_reveal, build_bad_delegation_1, None, True, StatusCode.PARSE_ERROR),
Expand Down

0 comments on commit e8f653a

Please sign in to comment.