refactor: fix naming for payment part

doc/ins_get_public_keys.md

@@ -6,7 +6,7 @@ Get an extended public key (i.e., public key + chain code) for a given BIP32 pat
 
 It is also possible to ask for a confirmation for exporting several keys (if the paths describing the keys are not suspicious, they won't be shown to the user and no further confirmation is required).
 
-The allowed derivation paths correspond to wallet keys (accounts, spending paths, staking paths) and pool cold keys, as described in
+The allowed derivation paths correspond to wallet keys (accounts, payment paths, staking paths) and pool cold keys, as described in
 - [CIP 1852 - HD Wallets for Cardano](https://cips.cardano.org/cips/cip1852/);
 - [CIP 1853 - HD Stake Pool Cold Keys for Cardano](https://cips.cardano.org/cips/cip1853/).
 

doc/ins_sign_tx.md

@@ -15,7 +15,7 @@ Due to Ledger constraints and potential security implications (parsing errors),
 **SignTx Limitations**
 
 - Output address size is limited to 128 bytes (single APDU). (Note: IOHK is fine with address size limit of 100 bytes)
-- Addresses that are not shown to the user are base addresses with spending path `m/1852'/1815'/account'/{0,1}/changeIndex` and the standard stake key `m/1852'/1815'/account'/2/0`, where values of `account` and `changeIndex` are limited (for now, `0 <= account <= 100` and `0 <= changeIndex <= 1 000 000`). This makes it feasible to brute-force all change addresses in case an attacker manages to modify change address(es). (As the user does not confirm change addresses, it is relatively easy to perform MITM attack).
+- Addresses that are not shown to the user are base addresses with payment key path `m/1852'/1815'/account'/{0,1}/changeIndex` and the standard stake key `m/1852'/1815'/account'/2/0`, where values of `account` and `changeIndex` are limited (for now, `0 <= account <= 100` and `0 <= changeIndex <= 1 000 000`). This makes it feasible to brute-force all change addresses in case an attacker manages to modify change address(es). (As the user does not confirm change addresses, it is relatively easy to perform MITM attack).
 - Only transactions with at least one input will be signed (this provides protection against certificate replays and transaction replays on different networks).
 
 **Communication protocol non-goals:**

src/addressUtilsShelley.c

@@ -200,17 +200,17 @@ static size_t deriveAddress_base(const addressParams_t* addressParams, uint8_t*
 		view_appendBuffer(&out, &header, 1);
 		++size;
 	}
-	STATIC_ASSERT(SIZEOF(addressParams->spendingScriptHash) == SCRIPT_HASH_LENGTH, "bad spending script hash size");
+	STATIC_ASSERT(SIZEOF(addressParams->paymentScriptHash) == SCRIPT_HASH_LENGTH, "bad payment script hash size");
 	switch (addressParams->type) {
 	case BASE_PAYMENT_KEY_STAKE_KEY:
 	case BASE_PAYMENT_KEY_STAKE_SCRIPT: {
-		view_appendAddressPublicKeyHash(&out, &addressParams->spendingKeyPath);
+		view_appendAddressPublicKeyHash(&out, &addressParams->paymentKeyPath);
 		size += ADDRESS_KEY_HASH_LENGTH;
 	}
 	break;
 	case BASE_PAYMENT_SCRIPT_STAKE_KEY:
 	case BASE_PAYMENT_SCRIPT_STAKE_SCRIPT: {
-		view_appendBuffer(&out, addressParams->spendingScriptHash, SCRIPT_HASH_LENGTH);
+		view_appendBuffer(&out, addressParams->paymentScriptHash, SCRIPT_HASH_LENGTH);
 		size += SCRIPT_HASH_LENGTH;
 	}
 	break;
@@ -296,9 +296,9 @@ static size_t deriveAddress_pointer(
 	}
 	{
 		if (addressType == POINTER_KEY) {
-			view_appendAddressPublicKeyHash(&out, &addressParams->spendingKeyPath);
+			view_appendAddressPublicKeyHash(&out, &addressParams->paymentKeyPath);
 		} else {
-			view_appendBuffer(&out, addressParams->spendingScriptHash, SCRIPT_HASH_LENGTH);
+			view_appendBuffer(&out, addressParams->paymentScriptHash, SCRIPT_HASH_LENGTH);
 		}
 
 		STATIC_ASSERT(SCRIPT_HASH_LENGTH == ADDRESS_KEY_HASH_LENGTH, "incompatible hash lengths");
@@ -332,9 +332,9 @@ static size_t deriveAddress_enterprise(
 	}
 	{
 		if (addressType == ENTERPRISE_KEY) {
-			view_appendAddressPublicKeyHash(&out, &addressParams->spendingKeyPath);
+			view_appendAddressPublicKeyHash(&out, &addressParams->paymentKeyPath);
 		} else {
-			view_appendBuffer(&out, addressParams->spendingScriptHash, SCRIPT_HASH_LENGTH);
+			view_appendBuffer(&out, addressParams->paymentScriptHash, SCRIPT_HASH_LENGTH);
 		}
 	}
 	{
@@ -365,7 +365,7 @@ static size_t deriveAddress_reward(
 		view_appendBuffer(&out, &addressHeader, 1);
 	}
 	{
-		// no spending data
+		// no payment data
 	}
 	{
 		if (addressType == REWARD_KEY) {
@@ -460,7 +460,7 @@ size_t deriveAddress(const addressParams_t* addressParams, uint8_t* outBuffer, s
 		#ifdef APP_FEATURE_BYRON_ADDRESS_DERIVATION
 	case BYRON:
 		return deriveAddress_byron(
-		               &addressParams->spendingKeyPath,
+		               &addressParams->paymentKeyPath,
 		               addressParams->protocolMagic,
 		               outBuffer, outSize
 		       );
@@ -541,7 +541,7 @@ size_t humanReadableAddress(const uint8_t* address, size_t addressSize, char* ou
  *     protocol magic 4B
  * else
  *     network id 1B
- * spending public key derivation path (1B for length + [0-10] x 4B)
+ * payment public key derivation path (1B for length + [0-10] x 4B)
  * staking choice 1B
  *     if NO_STAKING:
  *         nothing more
@@ -570,32 +570,32 @@ void view_parseAddressParams(read_view_t* view, addressParams_t* params)
 		TRACE("Network id: 0x%x", params->networkId);
 		VALIDATE(isValidNetworkId(params->networkId), ERR_INVALID_DATA);
 	}
-	// spending part
+	// payment part
 	switch (params->type) {
 	case BASE_PAYMENT_KEY_STAKE_KEY:
 	case BASE_PAYMENT_KEY_STAKE_SCRIPT:
 	case POINTER_KEY:
 	case ENTERPRISE_KEY:
 	case BYRON:
-		view_skipBytes(view, bip44_parseFromWire(&params->spendingKeyPath, VIEW_REMAINING_TO_TUPLE_BUF_SIZE(view)));
-		BIP44_PRINTF(&params->spendingKeyPath);
+		view_skipBytes(view, bip44_parseFromWire(&params->paymentKeyPath, VIEW_REMAINING_TO_TUPLE_BUF_SIZE(view)));
+		BIP44_PRINTF(&params->paymentKeyPath);
 		PRINTF("\n");
 		break;
 
 	case BASE_PAYMENT_SCRIPT_STAKE_KEY:
 	case BASE_PAYMENT_SCRIPT_STAKE_SCRIPT:
 	case POINTER_SCRIPT:
 	case ENTERPRISE_SCRIPT: {
-		STATIC_ASSERT(SIZEOF(params->spendingScriptHash) == SCRIPT_HASH_LENGTH, "Wrong address key hash length");
-		view_parseBuffer(params->spendingScriptHash, view, SCRIPT_HASH_LENGTH);
-		TRACE("Spending script hash: ");
-		TRACE_BUFFER(params->spendingScriptHash, SIZEOF(params->spendingScriptHash));
+		STATIC_ASSERT(SIZEOF(params->paymentScriptHash) == SCRIPT_HASH_LENGTH, "Wrong address key hash length");
+		view_parseBuffer(params->paymentScriptHash, view, SCRIPT_HASH_LENGTH);
+		TRACE("Payment script hash: ");
+		TRACE_BUFFER(params->paymentScriptHash, SIZEOF(params->paymentScriptHash));
 		break;
 	}
 
 	case REWARD_KEY:
 	case REWARD_SCRIPT:
-		// no spending info for reward address types
+		// no payment info for reward address types
 		break;
 
 	default:
@@ -664,21 +664,21 @@ static inline bool isValidStakingInfo(const addressParams_t* params)
 #undef CHECK
 }
 
-static inline bool isValidSpendingInfo(const addressParams_t* params)
+static inline bool isValidPaymentInfo(const addressParams_t* params)
 {
 #define CHECK(cond) if (!(cond)) return false
 	switch (params->type) {
 	case BYRON:
-		CHECK(bip44_classifyPath(&params->spendingKeyPath) == PATH_ORDINARY_SPENDING_KEY);
-		CHECK(bip44_hasByronPrefix(&params->spendingKeyPath));
+		CHECK(bip44_classifyPath(&params->paymentKeyPath) == PATH_ORDINARY_PAYMENT_KEY);
+		CHECK(bip44_hasByronPrefix(&params->paymentKeyPath));
 		break;
 
 	case BASE_PAYMENT_KEY_STAKE_KEY:
 	case BASE_PAYMENT_KEY_STAKE_SCRIPT:
 	case POINTER_KEY:
 	case ENTERPRISE_KEY:
-		CHECK(bip44_classifyPath(&params->spendingKeyPath) == PATH_ORDINARY_SPENDING_KEY);
-		CHECK(bip44_hasShelleyPrefix(&params->spendingKeyPath));
+		CHECK(bip44_classifyPath(&params->paymentKeyPath) == PATH_ORDINARY_PAYMENT_KEY);
+		CHECK(bip44_hasShelleyPrefix(&params->paymentKeyPath));
 		break;
 
 
@@ -713,13 +713,13 @@ bool isValidAddressParams(const addressParams_t* params)
 	}
 
 	CHECK(isValidStakingInfo(params));
-	CHECK(isValidSpendingInfo(params));
+	CHECK(isValidPaymentInfo(params));
 
 	return true;
 #undef CHECK
 }
 
-spending_choice_t determineSpendingChoice(address_type_t addressType)
+payment_choice_t determinePaymentChoice(address_type_t addressType)
 {
 	switch (addressType) {
 
@@ -728,19 +728,19 @@ spending_choice_t determineSpendingChoice(address_type_t addressType)
 	case POINTER_KEY:
 	case ENTERPRISE_KEY:
 	case BYRON:
-		return SPENDING_PATH;
+		return PAYMENT_PATH;
 
 	case BASE_PAYMENT_SCRIPT_STAKE_KEY:
 	case BASE_PAYMENT_SCRIPT_STAKE_SCRIPT:
 	case POINTER_SCRIPT:
 	case ENTERPRISE_SCRIPT:
-		return SPENDING_SCRIPT_HASH;
+		return PAYMENT_SCRIPT_HASH;
 
 	default:
 		ASSERT(false);
 		__attribute__((fallthrough));
 	case REWARD_KEY:
 	case REWARD_SCRIPT:
-		return SPENDING_NONE;
+		return PAYMENT_NONE;
 	}
 }

src/addressUtilsShelley.h

@@ -54,10 +54,10 @@ typedef enum {
 bool isValidStakingChoice(staking_data_source_t stakingDataSource);
 
 typedef enum {
-	SPENDING_PATH,
-	SPENDING_SCRIPT_HASH,
-	SPENDING_NONE,
-} spending_choice_t;
+	PAYMENT_PATH,
+	PAYMENT_SCRIPT_HASH,
+	PAYMENT_NONE,
+} payment_choice_t;
 
 typedef uint32_t blockchainIndex_t; // must be unsigned
 
@@ -74,8 +74,8 @@ typedef struct {
 		uint8_t networkId; // all the other types (i.e. Shelley)
 	};
 	union {
-		bip44_path_t spendingKeyPath;
-		uint8_t spendingScriptHash[SCRIPT_HASH_LENGTH];
+		bip44_path_t paymentKeyPath;
+		uint8_t paymentScriptHash[SCRIPT_HASH_LENGTH];
 	};
 	staking_data_source_t stakingDataSource;
 	union {
@@ -116,7 +116,7 @@ size_t humanReadableAddress(const uint8_t* address, size_t addressSize, char* ou
 void view_parseAddressParams(read_view_t* view, addressParams_t* params);
 
 bool isValidAddressParams(const addressParams_t* addressParams);
-spending_choice_t determineSpendingChoice(address_type_t addressType);
+payment_choice_t determinePaymentChoice(address_type_t addressType);
 
 #ifdef DEVEL
 void run_addressUtilsShelley_test();

src/addressUtilsShelley_test.c

@@ -17,7 +17,7 @@ static void pathSpec_init(bip44_path_t* pathSpec, const uint32_t* pathArray, uin
 
 // networkIdOrProtocolMagic is used as networkId for Shelley addresses and as protocol magic for Byron addresses
 static void testcase_deriveAddressShelley(
-        uint8_t type, uint32_t networkIdOrProtocolMagic, const uint32_t* spendingPathArray, size_t spendingPathLen,
+        uint8_t type, uint32_t networkIdOrProtocolMagic, const uint32_t* paymentPathArray, size_t paymentPathLen,
         uint8_t stakingDataSource, const uint32_t* stakingPathArray, size_t stakingPathLen,
         const char* stakingKeyHashHex, const blockchainPointer_t* stakingKeyBlockchainPointer,
         const char* expectedHex)
@@ -56,7 +56,7 @@ static void testcase_deriveAddressShelley(
 		};
 	}  // the rest of params is initialized to zero
 
-	pathSpec_init(&params.spendingKeyPath, spendingPathArray, spendingPathLen);
+	pathSpec_init(&params.paymentKeyPath, paymentPathArray, paymentPathLen);
 	if (stakingPathLen > 0)
 		pathSpec_init(&params.stakingKeyPath, stakingPathArray, stakingPathLen);
 	if (stakingKeyHashHex != NULL) {
@@ -73,7 +73,7 @@ static void testcase_deriveAddressShelley(
 		PRINTF("testcase_deriveAddressShelley 0x%02x ", constructShelleyAddressHeader(type, (uint8_t) networkIdOrProtocolMagic));
 	}
 
-	BIP44_PRINTF(&params.spendingKeyPath);
+	BIP44_PRINTF(&params.paymentKeyPath);
 	PRINTF("\n");
 
 	if (stakingDataSource == STAKING_KEY_PATH) {
@@ -104,16 +104,16 @@ static void testcase_deriveAddressShelley(
 }
 
 // test addresses for Shelley are generated by our Trezor implementation
-// (from public keys derived by Ledger from the given spending and staking paths)
+// (from public keys derived by Ledger from the given payment and staking paths)
 static void testAddressDerivation()
 {
 #define NO_STAKING_KEY_PATH ()
 #define NO_STAKING_KEY_HASH NULL
-#define TESTCASE(type_, networkIdOrProtocolMagic_, spendingPath_, stakingChoice_, stakingPath_, stakingKeyHashHex_, expected_) \
+#define TESTCASE(type_, networkIdOrProtocolMagic_, paymentPath_, stakingChoice_, stakingPath_, stakingKeyHashHex_, expected_) \
 	{ \
-		uint32_t spendingPath[] = { UNWRAP spendingPath_ }; \
+		uint32_t paymentPath[] = { UNWRAP paymentPath_ }; \
 		uint32_t stakingPath[] = { UNWRAP stakingPath_ }; \
-		testcase_deriveAddressShelley(type_, networkIdOrProtocolMagic_, spendingPath, ARRAY_LEN(spendingPath), stakingChoice_, stakingPath, ARRAY_LEN(stakingPath), stakingKeyHashHex_, NULL, expected_); \
+		testcase_deriveAddressShelley(type_, networkIdOrProtocolMagic_, paymentPath, ARRAY_LEN(paymentPath), stakingChoice_, stakingPath, ARRAY_LEN(stakingPath), stakingKeyHashHex_, NULL, expected_); \
 	}
 
 	TESTCASE(
@@ -168,11 +168,11 @@ static void testAddressDerivation()
 #undef NO_STAKING_KEY_PATH
 #undef NO_STAKING_KEY_HASH
 
-#define TESTCASE_POINTER(type_, networkId_, spendingPath_, stakingKeyBlockchainPointer_, expected_) \
+#define TESTCASE_POINTER(type_, networkId_, paymentPath_, stakingKeyBlockchainPointer_, expected_) \
 	{ \
-		uint32_t spendingPath[] = { UNWRAP spendingPath_ }; \
+		uint32_t paymentPath[] = { UNWRAP paymentPath_ }; \
 		blockchainPointer_t stakingKeyBlockchainPointer = { UNWRAP stakingKeyBlockchainPointer_ }; \
-		testcase_deriveAddressShelley(type_, networkId_, spendingPath, ARRAY_LEN(spendingPath), BLOCKCHAIN_POINTER, NULL, 0, NULL, &stakingKeyBlockchainPointer, expected_); \
+		testcase_deriveAddressShelley(type_, networkId_, paymentPath, ARRAY_LEN(paymentPath), BLOCKCHAIN_POINTER, NULL, 0, NULL, &stakingKeyBlockchainPointer, expected_); \
 	}
 
 	TESTCASE_POINTER(

src/bip44.c

@@ -419,7 +419,7 @@ static bip44_path_type_t bip44_classifyOrdinaryWalletPath(const bip44_path_t* pa
 			// so we don't want to make users' funds on such addresses unavailable.
 			// But such addresses are given a warning
 			// and are never hidden from users (see bip44_isPathReasonable).
-			return PATH_ORDINARY_SPENDING_KEY;
+			return PATH_ORDINARY_PAYMENT_KEY;
 
 		case CARDANO_CHAIN_STAKING_KEY:
 			return bip44_isOrdinaryStakingKeyPath(pathSpec) ?
@@ -475,7 +475,7 @@ static bip44_path_type_t bip44_classifyMultisigWalletPath(const bip44_path_t* pa
 				// address index must not be hardened (CIP 1854)
 				return PATH_INVALID;
 			}
-			return PATH_MULTISIG_SPENDING_KEY;
+			return PATH_MULTISIG_PAYMENT_KEY;
 
 		case CARDANO_CHAIN_STAKING_KEY:
 			return bip44_isMultisigStakingKeyPath(pathSpec) ?
@@ -558,8 +558,8 @@ bool bip44_isPathReasonable(const bip44_path_t* pathSpec)
 	case PATH_MULTISIG_ACCOUNT:
 		return bip44_hasReasonableAccount(pathSpec);
 
-	case PATH_ORDINARY_SPENDING_KEY:
-	case PATH_MULTISIG_SPENDING_KEY:
+	case PATH_ORDINARY_PAYMENT_KEY:
+	case PATH_MULTISIG_PAYMENT_KEY:
 		return bip44_hasReasonableAccount(pathSpec) && bip44_hasReasonableAddress(pathSpec);
 
 	case PATH_ORDINARY_STAKING_KEY:

src/bip44.h

@@ -99,8 +99,8 @@ typedef enum {
 	PATH_MULTISIG_ACCOUNT,
 
 	// hd wallet address (payment part in shelley)
-	PATH_ORDINARY_SPENDING_KEY,
-	PATH_MULTISIG_SPENDING_KEY,
+	PATH_ORDINARY_PAYMENT_KEY,
+	PATH_MULTISIG_PAYMENT_KEY,
 
 	// hd wallet reward address, withdrawal witness, pool owner
 	PATH_ORDINARY_STAKING_KEY,