From c9a74f70724796aeff87c34c5514d3a6a9a11d8e Mon Sep 17 00:00:00 2001 From: Jan Mazak Date: Sat, 16 Dec 2023 17:28:52 +0100 Subject: [PATCH] conway: review fixes --- src/getPublicKeys.c | 4 -- src/securityPolicy.c | 80 +++++++++++++++++++++++------------ src/securityPolicy.h | 4 +- src/signCVote.c | 10 ++--- src/signTx.c | 33 ++++++++------- src/signTx.h | 6 +-- src/signTxCVoteRegistration.c | 15 +------ src/signTxMint.c | 9 +--- src/signTxOutput.c | 10 ----- src/signTxPoolRegistration.c | 18 -------- src/signTx_ui.c | 28 ++++++------ src/txHashBuilder.c | 74 +++++++++++++++----------------- src/txHashBuilder.h | 20 ++++----- 13 files changed, 140 insertions(+), 171 deletions(-) diff --git a/src/getPublicKeys.c b/src/getPublicKeys.c index dc2cee7f..182898c0 100644 --- a/src/getPublicKeys.c +++ b/src/getPublicKeys.c @@ -109,8 +109,6 @@ static void getPublicKeys_handleInitAPDU(const uint8_t* wireDataBuffer, size_t w { { CHECK_STAGE(GET_KEYS_STAGE_INIT); - - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } { // parse data @@ -186,8 +184,6 @@ void getPublicKeys_handleGetNextKeyAPDU( { CHECK_STAGE(GET_KEYS_STAGE_GET_KEYS); - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); - VALIDATE(ctx->currentPath < ctx->numPaths, ERR_INVALID_STATE); read_view_t view = make_read_view(wireDataBuffer, wireDataBuffer + wireDataSize); diff --git a/src/securityPolicy.c b/src/securityPolicy.c index db225ab3..01c87648 100644 --- a/src/securityPolicy.c +++ b/src/securityPolicy.c @@ -1028,7 +1028,7 @@ security_policy_t policyForSignTxCertificate( } // applicable to credentials that are witnessed in this tx -static bool forbiddenCredential( +static bool _forbiddenCredential( sign_tx_signingmode_t txSigningMode, const ext_credential_t* credential ) @@ -1042,8 +1042,10 @@ static bool forbiddenCredential( case EXT_CREDENTIAL_KEY_HASH: // everything is expected to be governed by native scripts return true; - default: + case EXT_CREDENTIAL_SCRIPT_HASH: break; + default: + ASSERT(false); } break; @@ -1060,15 +1062,16 @@ static bool forbiddenCredential( // if the hash corresponds to some of his keys, // and might inadvertently sign several certificates with a single witness return true; - default: + case EXT_CREDENTIAL_KEY_PATH: break; + default: + ASSERT(false); } break; default: // this should not be called in POOL_REGISTRATION signing modes ASSERT(false); - break; } return false; @@ -1079,17 +1082,20 @@ security_policy_t _policyForSignTxCertificateStakeCredential( const ext_credential_t* stakeCredential ) { - DENY_IF(forbiddenCredential(txSigningMode, stakeCredential)); + DENY_IF(_forbiddenCredential(txSigningMode, stakeCredential)); switch (stakeCredential->type) { case EXT_CREDENTIAL_KEY_PATH: DENY_UNLESS(bip44_isOrdinaryStakingKeyPath(&stakeCredential->keyPath)); DENY_IF(violatesSingleAccountOrStoreIt(&stakeCredential->keyPath)); break; - - default: + case EXT_CREDENTIAL_KEY_HASH: + case EXT_CREDENTIAL_SCRIPT_HASH: // the rest is OK, forbidden credentials have been dealt with above break; + + default: + ASSERT(false); } PROMPT(); @@ -1123,9 +1129,21 @@ security_policy_t policyForSignTxCertificateVoteDelegation( const ext_drep_t* drep ) { - // DRep can be anything, but if given by key path, it should be a valid path - if (drep->type == EXT_DREP_KEY_PATH) { + switch (drep->type) { + case EXT_DREP_KEY_PATH: + // DRep can be anything, but if given by key path, it should be a valid path DENY_UNLESS(bip44_isDRepKeyPath(&drep->keyPath)); + break; + + case EXT_DREP_KEY_HASH: + case EXT_DREP_SCRIPT_HASH: + case EXT_DREP_ABSTAIN: + case EXT_DREP_NO_CONFIDENCE: + // nothing to deny + break; + + default: + ASSERT(false); } return _policyForSignTxCertificateStakeCredential(txSigningMode, stakeCredential); @@ -1137,7 +1155,7 @@ security_policy_t policyForSignTxCertificateCommitteeAuth( const ext_credential_t* hotCredential ) { - DENY_IF(forbiddenCredential(txSigningMode, coldCredential)); + DENY_IF(_forbiddenCredential(txSigningMode, coldCredential)); switch (coldCredential->type) { case EXT_CREDENTIAL_KEY_PATH: @@ -1145,9 +1163,13 @@ security_policy_t policyForSignTxCertificateCommitteeAuth( DENY_IF(violatesSingleAccountOrStoreIt(&coldCredential->keyPath)); break; - default: + case EXT_CREDENTIAL_KEY_HASH: + case EXT_CREDENTIAL_SCRIPT_HASH: // the rest is OK, forbidden credentials have been dealt with above break; + + default: + ASSERT(false); } switch (hotCredential->type) { @@ -1173,7 +1195,7 @@ security_policy_t policyForSignTxCertificateCommitteeResign( const ext_credential_t* coldCredential ) { - DENY_IF(forbiddenCredential(txSigningMode, coldCredential)); + DENY_IF(_forbiddenCredential(txSigningMode, coldCredential)); switch (coldCredential->type) { case EXT_CREDENTIAL_KEY_PATH: @@ -1181,9 +1203,13 @@ security_policy_t policyForSignTxCertificateCommitteeResign( DENY_IF(violatesSingleAccountOrStoreIt(&coldCredential->keyPath)); break; - default: + case EXT_CREDENTIAL_KEY_HASH: + case EXT_CREDENTIAL_SCRIPT_HASH: // the rest is OK, forbidden credentials have been dealt with above break; + + default: + ASSERT(false); } PROMPT(); @@ -1194,7 +1220,7 @@ security_policy_t policyForSignTxCertificateDRep( const ext_credential_t* dRepCredential ) { - DENY_IF(forbiddenCredential(txSigningMode, dRepCredential)); + DENY_IF(_forbiddenCredential(txSigningMode, dRepCredential)); switch (dRepCredential->type) { case EXT_CREDENTIAL_KEY_PATH: @@ -1202,9 +1228,13 @@ security_policy_t policyForSignTxCertificateDRep( DENY_IF(violatesSingleAccountOrStoreIt(&dRepCredential->keyPath)); break; - default: + case EXT_CREDENTIAL_KEY_HASH: + case EXT_CREDENTIAL_SCRIPT_HASH: // the rest is OK, forbidden credentials have been dealt with above break; + + default: + ASSERT(false); } PROMPT(); @@ -1265,7 +1295,6 @@ security_policy_t policyForSignTxStakePoolRegistrationInit( default: ASSERT(false); - break; } DENY(); // should not be reached @@ -1439,7 +1468,6 @@ security_policy_t policyForSignTxWithdrawal( // in POOL_REGISTRATION signing modes, this certificate should have already been // reported as invalid (only pool registration certificate is allowed) ASSERT(false); - break; } break; @@ -1467,7 +1495,6 @@ security_policy_t policyForSignTxWithdrawal( // in POOL_REGISTRATION signing modes, this certificate should have already been // reported as invalid (only pool registration certificate is allowed) ASSERT(false); - break; } break; @@ -1488,7 +1515,6 @@ security_policy_t policyForSignTxWithdrawal( // in POOL_REGISTRATION signing modes, this certificate should have already been // reported as invalid (only pool registration certificate is allowed) ASSERT(false); - break; } break; @@ -1496,7 +1522,6 @@ security_policy_t policyForSignTxWithdrawal( // in POOL_REGISTRATION signing modes, non-zero number of withdrawals // should have already been reported as invalid ASSERT(false); - break; } DENY(); // should not be reached @@ -1955,7 +1980,7 @@ security_policy_t policyForSignTxVotingProcedure( break; default: - break; + ASSERT(false); } break; @@ -1971,8 +1996,13 @@ security_policy_t policyForSignTxVotingProcedure( DENY(); break; - default: + case EXT_VOTER_COMMITTEE_HOT_SCRIPT_HASH: + case EXT_VOTER_DREP_SCRIPT_HASH: + // scripts are OK break; + + default: + ASSERT(false); } break; @@ -1984,7 +2014,6 @@ security_policy_t policyForSignTxVotingProcedure( default: // this should not be called in POOL_REGISTRATION signing modes ASSERT(false); - break; } SHOW(); @@ -1993,7 +2022,7 @@ security_policy_t policyForSignTxVotingProcedure( // For treasury security_policy_t policyForSignTxTreasury( sign_tx_signingmode_t txSigningMode MARK_UNUSED, - uint64_t coin MARK_UNUSED + uint64_t treasury MARK_UNUSED ) { SHOW(); @@ -2002,7 +2031,7 @@ security_policy_t policyForSignTxTreasury( // For donation security_policy_t policyForSignTxDonation( sign_tx_signingmode_t txSigningMode MARK_UNUSED, - uint64_t coin MARK_UNUSED + uint64_t donation MARK_UNUSED ) { SHOW(); @@ -2081,7 +2110,6 @@ security_policy_t policyForCVoteRegistrationPaymentDestination( default: ASSERT(false); - break; } DENY(); // should not be reached diff --git a/src/securityPolicy.h b/src/securityPolicy.h index c29b0f91..b185ac2c 100644 --- a/src/securityPolicy.h +++ b/src/securityPolicy.h @@ -212,9 +212,9 @@ security_policy_t policyForSignTxVotingProcedure( ext_voter_t* voter ); -security_policy_t policyForSignTxTreasury(sign_tx_signingmode_t txSigningMode, uint64_t coin); +security_policy_t policyForSignTxTreasury(sign_tx_signingmode_t txSigningMode, uint64_t treasury); -security_policy_t policyForSignTxDonation(sign_tx_signingmode_t txSigningMode, uint64_t coin); +security_policy_t policyForSignTxDonation(sign_tx_signingmode_t txSigningMode, uint64_t donation); security_policy_t policyForSignTxConfirm(); diff --git a/src/signCVote.c b/src/signCVote.c index 5cdb7b70..c588b7e8 100644 --- a/src/signCVote.c +++ b/src/signCVote.c @@ -60,9 +60,8 @@ void signCVote_handleInitAPDU( ) { { - //sanity checks + // sanity checks CHECK_STAGE(VOTECAST_STAGE_INIT); - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } { TRACE_BUFFER(wireDataBuffer, wireDataSize); @@ -127,9 +126,8 @@ void signCVote_handleVotecastChunkAPDU( ) { { - //sanity checks + // sanity checks CHECK_STAGE(VOTECAST_STAGE_CHUNK); - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } { read_view_t view = make_read_view(wireDataBuffer, wireDataBuffer + wireDataSize); @@ -159,9 +157,8 @@ void signCVote_handleConfirmAPDU( { TRACE_STACK_USAGE(); { - //sanity checks + // sanity checks CHECK_STAGE(VOTECAST_STAGE_CONFIRM); - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } { // no data to receive @@ -207,7 +204,6 @@ void signCVote_handleWitnessAPDU( { // sanity checks CHECK_STAGE(VOTECAST_STAGE_WITNESS); - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } { diff --git a/src/signTx.c b/src/signTx.c index 81016c03..9e0297af 100644 --- a/src/signTx.c +++ b/src/signTx.c @@ -1016,8 +1016,8 @@ static void _parseDRep(read_view_t* view, ext_drep_t* drep) view_parseBuffer(drep->scriptHash, view, SIZEOF(drep->scriptHash)); break; } - case EXT_DREP_ALWAYS_ABSTAIN: - case EXT_DREP_ALWAYS_NO_CONFIDENCE: { + case EXT_DREP_ABSTAIN: + case EXT_DREP_NO_CONFIDENCE: { // nothing more to parse break; } @@ -1056,7 +1056,6 @@ static void _parseAnchor(read_view_t* view, anchor_t* anchor) static void _parseCertificateData(const uint8_t* wireDataBuffer, size_t wireDataSize, sign_tx_certificate_data_t* certificateData) { - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); TRACE_BUFFER(wireDataBuffer, wireDataSize); read_view_t view = make_read_view(wireDataBuffer, wireDataBuffer + wireDataSize); @@ -1073,7 +1072,7 @@ static void _parseCertificateData(const uint8_t* wireDataBuffer, size_t wireData case CERTIFICATE_STAKE_REGISTRATION_CONWAY: case CERTIFICATE_STAKE_DEREGISTRATION_CONWAY: _parseCredential(&view, &certificateData->stakeCredential); - certificateData->coin = parse_u8be(&view); + certificateData->deposit = parse_u8be(&view); break; case CERTIFICATE_STAKE_DELEGATION: @@ -1101,13 +1100,13 @@ static void _parseCertificateData(const uint8_t* wireDataBuffer, size_t wireData case CERTIFICATE_DREP_REGISTRATION: _parseCredential(&view, &certificateData->dRepCredential); - certificateData->coin = parse_u8be(&view); + certificateData->deposit = parse_u8be(&view); _parseAnchor(&view, &certificateData->anchor); break; case CERTIFICATE_DREP_DEREGISTRATION: _parseCredential(&view, &certificateData->dRepCredential); - certificateData->coin = parse_u8be(&view); + certificateData->deposit = parse_u8be(&view); break; case CERTIFICATE_DREP_UPDATE: @@ -1202,11 +1201,11 @@ static void _setDRep( memmove(drep->scriptHash, extDRep->scriptHash, SIZEOF(extDRep->scriptHash)); break; - case EXT_DREP_ALWAYS_ABSTAIN: + case EXT_DREP_ABSTAIN: drep->type = DREP_ALWAYS_ABSTAIN; break; - case EXT_DREP_ALWAYS_NO_CONFIDENCE: + case EXT_DREP_NO_CONFIDENCE: drep->type = DREP_ALWAYS_NO_CONFIDENCE; break; @@ -1247,7 +1246,7 @@ static void _addCertificateDataToTx( txHashBuilder, certificateData->type, &tmpCredential, - certificateData->coin + certificateData->deposit ); break; } @@ -1255,7 +1254,7 @@ static void _addCertificateDataToTx( case CERTIFICATE_STAKE_DELEGATION: { _setCredential(&tmpCredential, &certificateData->stakeCredential); ASSERT(certificateData->poolCredential.type == EXT_CREDENTIAL_KEY_HASH); - txHashBuilder_addCertificate_delegation( + txHashBuilder_addCertificate_stakeDelegation( txHashBuilder, &tmpCredential, certificateData->poolCredential.keyHash, SIZEOF(certificateData->poolCredential.keyHash) @@ -1267,7 +1266,7 @@ static void _addCertificateDataToTx( drep_t drep; _setCredential(&tmpCredential, &certificateData->stakeCredential); _setDRep(&drep, &certificateData->drep); - txHashBuilder_addCertificate_voteDeleg( + txHashBuilder_addCertificate_voteDelegation( txHashBuilder, &tmpCredential, &drep @@ -1279,7 +1278,7 @@ static void _addCertificateDataToTx( credential_t hotCredential; _setCredential(&tmpCredential, &certificateData->committeeColdCredential); _setCredential(&hotCredential, &certificateData->committeeHotCredential); - txHashBuilder_addCertificate_committeeAuth( + txHashBuilder_addCertificate_committeeAuthHot( txHashBuilder, &tmpCredential, &hotCredential @@ -1299,10 +1298,10 @@ static void _addCertificateDataToTx( case CERTIFICATE_DREP_REGISTRATION: { _setCredential(&tmpCredential, &certificateData->dRepCredential); - txHashBuilder_addCertificate_dRepReg( + txHashBuilder_addCertificate_dRepRegistration( txHashBuilder, &tmpCredential, - certificateData->coin, + certificateData->deposit, &certificateData->anchor ); break; @@ -1310,10 +1309,10 @@ static void _addCertificateDataToTx( case CERTIFICATE_DREP_DEREGISTRATION: { _setCredential(&tmpCredential, &certificateData->dRepCredential); - txHashBuilder_addCertificate_dRepUnreg( + txHashBuilder_addCertificate_dRepDeregistration( txHashBuilder, &tmpCredential, - certificateData->coin + certificateData->deposit ); break; } @@ -2242,6 +2241,8 @@ static void signTx_handleVotingProcedureAPDU(uint8_t p2, const uint8_t* wireData TRACE("Policy: %d", (int) policy); ENSURE_NOT_DENIED(policy); + // Note: if more than one voter is ever allowed, we need to check canonical ordering + // of voters and possibly canonical ordering of governance actions in the subordinated map { // add to tx TRACE("Adding voting procedure to tx hash"); diff --git a/src/signTx.h b/src/signTx.h index 707c5501..43fb07ac 100644 --- a/src/signTx.h +++ b/src/signTx.h @@ -107,8 +107,8 @@ typedef enum { EXT_DREP_KEY_HASH = 0, EXT_DREP_KEY_PATH = 0 + 100, EXT_DREP_SCRIPT_HASH = 1, - EXT_DREP_ALWAYS_ABSTAIN = 2, - EXT_DREP_ALWAYS_NO_CONFIDENCE = 3, + EXT_DREP_ABSTAIN = 2, + EXT_DREP_NO_CONFIDENCE = 3, } ext_drep_type_t; typedef struct { @@ -136,7 +136,7 @@ typedef struct { }; union { uint64_t epoch; // in pool retirement - uint64_t coin; // not in pool retirement; represents deposit in certs + uint64_t deposit; // not in pool retirement }; } sign_tx_certificate_data_t; diff --git a/src/signTxCVoteRegistration.c b/src/signTxCVoteRegistration.c index cb06ffb5..12112433 100644 --- a/src/signTxCVoteRegistration.c +++ b/src/signTxCVoteRegistration.c @@ -118,8 +118,6 @@ static void signTxCVoteRegistration_handleInitAPDU(const uint8_t* wireDataBuffer { { CHECK_STATE(STATE_CVOTE_REGISTRATION_INIT); - - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } cvote_registration_context_t* subctx = accessSubContext(); { @@ -229,8 +227,6 @@ static void signTxCVoteRegistration_handleVoteKeyAPDU(const uint8_t* wireDataBuf { { CHECK_STATE(STATE_CVOTE_REGISTRATION_VOTE_KEY); - - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } cvote_registration_context_t* subctx = accessSubContext(); { @@ -379,7 +375,6 @@ static void signTxCVoteRegistration_handleStakingKeyAPDU(const uint8_t* wireData { // sanity checks CHECK_STATE(STATE_CVOTE_REGISTRATION_STAKING_KEY); - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } cvote_registration_context_t* subctx = accessSubContext(); { @@ -472,8 +467,6 @@ static void signTxCVoteRegistration_handlePaymentAddressAPDU(const uint8_t* wire { // safety checks CHECK_STATE(STATE_CVOTE_REGISTRATION_PAYMENT_ADDRESS); - - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } cvote_registration_context_t* subctx = accessSubContext(); { @@ -535,8 +528,6 @@ static void signTxCVoteRegistration_handleNonceAPDU(const uint8_t* wireDataBuffe { // sanity checks CHECK_STATE(STATE_CVOTE_REGISTRATION_NONCE); - - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } cvote_registration_context_t* subctx = accessSubContext(); { @@ -583,8 +574,6 @@ static void signTxCVoteRegistration_handleVotingPurposeAPDU(const uint8_t* wireD { { CHECK_STATE(STATE_CVOTE_REGISTRATION_VOTING_PURPOSE); - - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } cvote_registration_context_t* subctx = accessSubContext(); { @@ -652,10 +641,8 @@ __noinline_due_to_stack__ static void signTxCVoteRegistration_handleConfirmAPDU(const uint8_t* wireDataBuffer MARK_UNUSED, size_t wireDataSize) { { - //sanity checks + // sanity checks CHECK_STATE(STATE_CVOTE_REGISTRATION_CONFIRM); - - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } cvote_registration_context_t* subctx = accessSubContext(); { diff --git a/src/signTxMint.c b/src/signTxMint.c index 88ca8bc5..5d6ebfe5 100644 --- a/src/signTxMint.c +++ b/src/signTxMint.c @@ -35,7 +35,6 @@ static void signTxMint_handleTopLevelDataAPDU(const uint8_t* wireDataBuffer, siz { // safety checks CHECK_STATE(STATE_MINT_TOP_LEVEL_DATA); - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } TRACE_BUFFER(wireDataBuffer, wireDataSize); mint_context_t* subctx = accessSubcontext(); @@ -67,8 +66,6 @@ static void signTxMint_handleAssetGroupAPDU(const uint8_t* wireDataBuffer, size_ { // sanity checks CHECK_STATE(STATE_MINT_ASSET_GROUP); - - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } mint_context_t* subctx = accessSubcontext(); { @@ -122,8 +119,6 @@ static void signTxMint_handleTokenAPDU(const uint8_t* wireDataBuffer, size_t wir { // sanity checks CHECK_STATE(STATE_MINT_TOKEN); - - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } mint_context_t* subctx = accessSubcontext(); { @@ -185,10 +180,8 @@ static void signTxMint_handleTokenAPDU(const uint8_t* wireDataBuffer, size_t wir static void signTxMint_handleConfirmAPDU(const uint8_t* wireDataBuffer MARK_UNUSED, size_t wireDataSize) { { - //sanity checks + // sanity checks CHECK_STATE(STATE_MINT_CONFIRM); - - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } { diff --git a/src/signTxOutput.c b/src/signTxOutput.c index 57954284..a162c91f 100644 --- a/src/signTxOutput.c +++ b/src/signTxOutput.c @@ -307,8 +307,6 @@ static void parseTopLevelData(const uint8_t* wireDataBuffer, size_t wireDataSize { // safety checks CHECK_STATE(STATE_OUTPUT_TOP_LEVEL_DATA); - - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } output_context_t* subctx = accessSubcontext(); @@ -545,8 +543,6 @@ static void handleAssetGroupAPDU(const uint8_t* wireDataBuffer, size_t wireDataS { // sanity checks CHECK_STATE(STATE_OUTPUT_ASSET_GROUP); - - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } output_context_t* subctx = accessSubcontext(); { @@ -621,8 +617,6 @@ static void handleTokenAPDU(const uint8_t* wireDataBuffer, size_t wireDataSize) { // sanity checks CHECK_STATE(STATE_OUTPUT_TOKEN); - - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } output_context_t* subctx = accessSubcontext(); { @@ -797,7 +791,6 @@ static void handleDatumAPDU(const uint8_t* wireDataBuffer, size_t wireDataSize) { // sanity checks CHECK_STATE(STATE_OUTPUT_DATUM); - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } output_context_t* subctx = accessSubcontext(); { @@ -829,7 +822,6 @@ static void handleDatumChunkAPDU(const uint8_t* wireDataBuffer, size_t wireDataS { // sanity checks CHECK_STATE(STATE_OUTPUT_DATUM_INLINE_CHUNKS); - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } output_context_t* subctx = accessSubcontext(); { @@ -871,7 +863,6 @@ static void handleRefScriptAPDU(const uint8_t* wireDataBuffer, size_t wireDataSi { // sanity checks CHECK_STATE(STATE_OUTPUT_REFERENCE_SCRIPT); - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } output_context_t* subctx = accessSubcontext(); { @@ -935,7 +926,6 @@ static void handleRefScriptChunkAPDU(const uint8_t* wireDataBuffer, size_t wireD { // sanity checks CHECK_STATE(STATE_OUTPUT_REFERENCE_SCRIPT_CHUNKS); - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } output_context_t* subctx = accessSubcontext(); { diff --git a/src/signTxPoolRegistration.c b/src/signTxPoolRegistration.c index d66f6f81..aed6c5d0 100644 --- a/src/signTxPoolRegistration.c +++ b/src/signTxPoolRegistration.c @@ -75,8 +75,6 @@ static void signTxPoolRegistration_handleInitAPDU(const uint8_t* wireDataBuffer, { // sanity checks CHECK_STATE(STAKE_POOL_REGISTRATION_INIT); - - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } pool_registration_context_t* subctx = accessSubcontext(); { @@ -185,8 +183,6 @@ static void signTxPoolRegistration_handlePoolKeyAPDU(const uint8_t* wireDataBuff { // sanity checks CHECK_STATE(STAKE_POOL_REGISTRATION_POOL_KEY); - - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } { // parse data @@ -258,8 +254,6 @@ static void signTxPoolRegistration_handleVrfKeyAPDU(const uint8_t* wireDataBuffe { // sanity checks CHECK_STATE(STAKE_POOL_REGISTRATION_VRF_KEY); - - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } pool_registration_context_t* subctx = accessSubcontext(); { @@ -313,8 +307,6 @@ static void signTxPoolRegistration_handlePoolFinancialsAPDU(const uint8_t* wireD { // sanity checks CHECK_STATE(STAKE_POOL_REGISTRATION_FINANCIALS); - - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } pool_registration_context_t* subctx = accessSubcontext(); { @@ -407,8 +399,6 @@ static void signTxPoolRegistration_handleRewardAccountAPDU(const uint8_t* wireDa { // sanity checks CHECK_STATE(STAKE_POOL_REGISTRATION_REWARD_ACCOUNT); - - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } { // parse data @@ -494,8 +484,6 @@ static void signTxPoolRegistration_handleOwnerAPDU(const uint8_t* wireDataBuffer { // sanity checks CHECK_STATE(STAKE_POOL_REGISTRATION_OWNERS); - - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } pool_registration_context_t* subctx = accessSubcontext(); @@ -638,8 +626,6 @@ static void signTxPoolRegistration_handleRelayAPDU(const uint8_t* wireDataBuffer { // sanity checks CHECK_STATE(STAKE_POOL_REGISTRATION_RELAYS); - - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } pool_relay_t* relay = &accessSubcontext()->stateData.relay; @@ -776,8 +762,6 @@ static void signTxPoolRegistration_handlePoolMetadataAPDU(const uint8_t* wireDat { // sanity checks CHECK_STATE(STAKE_POOL_REGISTRATION_METADATA); - - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } pool_registration_context_t* subctx = accessSubcontext(); @@ -857,8 +841,6 @@ static void signTxPoolRegistration_handleConfirmAPDU(const uint8_t* wireDataBuff { //sanity checks CHECK_STATE(STAKE_POOL_REGISTRATION_CONFIRM); - - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } { diff --git a/src/signTx_ui.c b/src/signTx_ui.c index 88b50c03..bb4a7673 100644 --- a/src/signTx_ui.c +++ b/src/signTx_ui.c @@ -463,18 +463,18 @@ static void _displayCredential( static void _displayDeposit( ui_callback_fn_t* callback, - uint64_t coin + uint64_t deposit ) { #ifdef HAVE_BAGL ui_displayAdaAmountScreen( "Deposit", - coin, + deposit, callback ); #elif defined(HAVE_NBGL) char adaAmountStr[50] = {0}; - ui_getAdaAmountScreen(adaAmountStr, SIZEOF(adaAmountStr), coin); + ui_getAdaAmountScreen(adaAmountStr, SIZEOF(adaAmountStr), deposit); fill_and_display_if_required("Deposit", adaAmountStr, callback, respond_with_user_reject); #endif // HAVE_BAGL } @@ -630,7 +630,7 @@ void signTx_handleCertificateStaking_ui_runStep() case CERTIFICATE_STAKE_REGISTRATION_CONWAY: case CERTIFICATE_STAKE_DEREGISTRATION_CONWAY: - _displayDeposit(this_fn, cert->coin); + _displayDeposit(this_fn, cert->deposit); break; default: @@ -807,10 +807,10 @@ void signTx_handleCertificateCommitteeAuth_ui_runStep() _displayCredential( this_fn, &cert->committeeColdCredential, - "Comm. cold key", - "Comm. cold key hash", + "Cmte. cold key", + "Cmte. cold key hash", "cc_cold", - "Comm. cold script", + "Cmte. cold script", "cc_cold" ); } @@ -818,10 +818,10 @@ void signTx_handleCertificateCommitteeAuth_ui_runStep() _displayCredential( this_fn, &cert->committeeHotCredential, - "Comm. hot key", - "Comm. hot key hash", + "Cmte. hot key", + "Cmte. hot key hash", "cc_hot", - "Comm. hot script", + "Cmte. hot script", "cc_hot" ); } @@ -869,10 +869,10 @@ void signTx_handleCertificateCommitteeResign_ui_runStep() _displayCredential( this_fn, &cert->committeeColdCredential, - "Comm. cold key", - "Comm. cold key hash", + "Cmte. cold key", + "Cmte. cold key hash", "cc_cold", - "Comm. cold script", + "Cmte. cold script", "cc_cold" ); } @@ -985,7 +985,7 @@ void signTx_handleCertificateDRep_ui_runStep() case CERTIFICATE_DREP_REGISTRATION: case CERTIFICATE_DREP_DEREGISTRATION: - _displayDeposit(this_fn, cert->coin); + _displayDeposit(this_fn, cert->deposit); break; default: diff --git a/src/txHashBuilder.c b/src/txHashBuilder.c index 5f53060b..5f236d40 100644 --- a/src/txHashBuilder.c +++ b/src/txHashBuilder.c @@ -843,7 +843,7 @@ void txHashBuilder_addCertificate_staking( tx_hash_builder_t* builder, const certificate_type_t certificateType, const credential_t* stakeCredential, - uint64_t coin + uint64_t deposit ) { _initNewCertificate(builder); @@ -868,12 +868,12 @@ void txHashBuilder_addCertificate_staking( _appendCredential(builder, stakeCredential); } { - BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, coin); + BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, deposit); } } } -void txHashBuilder_addCertificate_delegation( +void txHashBuilder_addCertificate_stakeDelegation( tx_hash_builder_t* builder, const credential_t* stakeCredential, const uint8_t* poolKeyHash, size_t poolKeyHashSize @@ -894,7 +894,7 @@ void txHashBuilder_addCertificate_delegation( { BUILDER_APPEND_CBOR(CBOR_TYPE_ARRAY, 3); { - BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, 2); + BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, CERTIFICATE_STAKE_DELEGATION); } { _appendCredential(builder, stakeCredential); @@ -906,7 +906,7 @@ void txHashBuilder_addCertificate_delegation( } } -void txHashBuilder_addCertificate_voteDeleg( +void txHashBuilder_addCertificate_voteDelegation( tx_hash_builder_t* builder, const credential_t* stakeCredential, const drep_t* drep @@ -928,7 +928,7 @@ void txHashBuilder_addCertificate_voteDeleg( { BUILDER_APPEND_CBOR(CBOR_TYPE_ARRAY, 3); { - BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, 9); + BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, CERTIFICATE_VOTE_DELEGATION); } { _appendCredential(builder, stakeCredential); @@ -963,7 +963,7 @@ void txHashBuilder_addCertificate_voteDeleg( } } -void txHashBuilder_addCertificate_committeeAuth( +void txHashBuilder_addCertificate_committeeAuthHot( tx_hash_builder_t* builder, const credential_t* coldCredential, const credential_t* hotCredential @@ -985,7 +985,7 @@ void txHashBuilder_addCertificate_committeeAuth( { BUILDER_APPEND_CBOR(CBOR_TYPE_ARRAY, 3); { - BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, 14); + BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, CERTIFICATE_AUTHORIZE_COMMITTEE_HOT); } { _appendCredential(builder, coldCredential); @@ -1002,6 +1002,10 @@ static void _appendAnchor( ) { if (anchor->isIncluded) { + // Array(2)[ + // Tstr[url] + // Bytes[32] + // ] BUILDER_APPEND_CBOR(CBOR_TYPE_ARRAY, 2); { BUILDER_APPEND_CBOR(CBOR_TYPE_TEXT, anchor->urlLength); @@ -1012,6 +1016,7 @@ static void _appendAnchor( BUILDER_APPEND_DATA(anchor->hash, SIZEOF(anchor->hash)); } } else { + // Null BUILDER_APPEND_CBOR(CBOR_TYPE_NULL, 0); } } @@ -1030,15 +1035,12 @@ void txHashBuilder_addCertificate_committeeResign( // Unsigned[0 or 1] // Bytes[stakingKeyHash] // ] - // Array(2)[ - // Tstr[url] - // Bytes[32] - // ] + // Null / ...anchor // ] { BUILDER_APPEND_CBOR(CBOR_TYPE_ARRAY, 3); { - BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, 15); + BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, CERTIFICATE_RESIGN_COMMITTEE_COLD); } { _appendCredential(builder, coldCredential); @@ -1049,10 +1051,10 @@ void txHashBuilder_addCertificate_committeeResign( } } -void txHashBuilder_addCertificate_dRepReg( +void txHashBuilder_addCertificate_dRepRegistration( tx_hash_builder_t* builder, const credential_t* dRepCredential, - uint64_t coin, + uint64_t deposit, const anchor_t* anchor ) { @@ -1065,21 +1067,18 @@ void txHashBuilder_addCertificate_dRepReg( // Bytes[key/script hash] // ] // Unsigned[coin] - // Array(2)[ - // Tstr[url] - // Bytes[32] - // ] + // Null / ...anchor // ] { BUILDER_APPEND_CBOR(CBOR_TYPE_ARRAY, 3); { - BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, 16); + BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, CERTIFICATE_DREP_REGISTRATION); } { _appendCredential(builder, dRepCredential); } { - BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, coin); + BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, deposit); } { _appendAnchor(builder, anchor); @@ -1087,16 +1086,16 @@ void txHashBuilder_addCertificate_dRepReg( } } -void txHashBuilder_addCertificate_dRepUnreg( +void txHashBuilder_addCertificate_dRepDeregistration( tx_hash_builder_t* builder, const credential_t* dRepCredential, - uint64_t coin + uint64_t deposit ) { _initNewCertificate(builder); // Array(3)[ - // Unsigned[16] + // Unsigned[17] // Array(2)[ // Unsigned[0/1] // Bytes[key/script hash] @@ -1106,13 +1105,13 @@ void txHashBuilder_addCertificate_dRepUnreg( { BUILDER_APPEND_CBOR(CBOR_TYPE_ARRAY, 3); { - BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, 17); + BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, CERTIFICATE_DREP_DEREGISTRATION); } { _appendCredential(builder, dRepCredential); } { - BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, coin); + BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, deposit); } } } @@ -1126,20 +1125,17 @@ void txHashBuilder_addCertificate_dRepUpdate( _initNewCertificate(builder); // Array(3)[ - // Unsigned[16] + // Unsigned[18] // Array(2)[ // Unsigned[0/1] // Bytes[key/script hash] // ] - // Array(2)[ - // Tstr[url] - // Bytes[32] - // ] + // Null / ...anchor // ] { BUILDER_APPEND_CBOR(CBOR_TYPE_ARRAY, 3); { - BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, 16); + BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, CERTIFICATE_DREP_UPDATE); } { _appendCredential(builder, dRepCredential); @@ -1170,7 +1166,7 @@ void txHashBuilder_addCertificate_poolRetirement( { BUILDER_APPEND_CBOR(CBOR_TYPE_ARRAY, 3); { - BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, 4); + BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, CERTIFICATE_STAKE_POOL_RETIREMENT); } { BUILDER_APPEND_CBOR(CBOR_TYPE_BYTES, poolKeyHashSize); @@ -1202,7 +1198,7 @@ void txHashBuilder_poolRegistrationCertificate_enter( { BUILDER_APPEND_CBOR(CBOR_TYPE_ARRAY, 10); { - BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, 3); + BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, CERTIFICATE_STAKE_POOL_REGISTRATION); } } @@ -2230,7 +2226,7 @@ void txHashBuilder_addVotingProcedure( // voting procedure // Array(2)[ // Unsigned[vote] - // ...anchor + // Null / ...anchor // ] BUILDER_APPEND_CBOR(CBOR_TYPE_ARRAY, 2); { @@ -2266,7 +2262,7 @@ static void txHashBuilder_assertCanLeaveVotingProcedures(tx_hash_builder_t* buil // ============================== TREASURY ============================== -void txHashBuilder_addTreasury(tx_hash_builder_t* builder, uint64_t coin) +void txHashBuilder_addTreasury(tx_hash_builder_t* builder, uint64_t treasury) { _TRACE("state = %d", builder->state); @@ -2274,7 +2270,7 @@ void txHashBuilder_addTreasury(tx_hash_builder_t* builder, uint64_t coin) // add treasury item into the main tx body map BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, TX_BODY_KEY_TREASURY); - BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, coin); + BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, treasury); builder->state = TX_HASH_BUILDER_IN_TREASURY; } @@ -2299,7 +2295,7 @@ static void txHashBuilder_assertCanLeaveTreasury(tx_hash_builder_t* builder) // ============================== DONATION ============================== -void txHashBuilder_addDonation(tx_hash_builder_t* builder, uint64_t coin) +void txHashBuilder_addDonation(tx_hash_builder_t* builder, uint64_t donation) { _TRACE("state = %d", builder->state); @@ -2307,7 +2303,7 @@ void txHashBuilder_addDonation(tx_hash_builder_t* builder, uint64_t coin) // add donation item into the main tx body map BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, TX_BODY_KEY_DONATION); - BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, coin); + BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, donation); builder->state = TX_HASH_BUILDER_IN_DONATION; } diff --git a/src/txHashBuilder.h b/src/txHashBuilder.h index 1df51fd8..9155cdc4 100644 --- a/src/txHashBuilder.h +++ b/src/txHashBuilder.h @@ -340,22 +340,22 @@ void txHashBuilder_addCertificate_staking( tx_hash_builder_t* builder, const certificate_type_t certificateType, const credential_t* stakeCredential, - uint64_t coin + uint64_t deposit ); -void txHashBuilder_addCertificate_delegation( +void txHashBuilder_addCertificate_stakeDelegation( tx_hash_builder_t* builder, const credential_t* stakeCredential, const uint8_t* poolKeyHash, size_t poolKeyHashSize ); -void txHashBuilder_addCertificate_voteDeleg( +void txHashBuilder_addCertificate_voteDelegation( tx_hash_builder_t* builder, const credential_t* stakeCredential, const drep_t* drep ); -void txHashBuilder_addCertificate_committeeAuth( +void txHashBuilder_addCertificate_committeeAuthHot( tx_hash_builder_t* builder, const credential_t* coldCredential, const credential_t* hotCredential @@ -367,17 +367,17 @@ void txHashBuilder_addCertificate_committeeResign( const anchor_t* anchor ); -void txHashBuilder_addCertificate_dRepReg( +void txHashBuilder_addCertificate_dRepRegistration( tx_hash_builder_t* builder, const credential_t* dRepCredential, - uint64_t coin, + uint64_t deposit, const anchor_t* anchor ); -void txHashBuilder_addCertificate_dRepUnreg( +void txHashBuilder_addCertificate_dRepDeregistration( tx_hash_builder_t* builder, const credential_t* dRepCredential, - uint64_t coin + uint64_t deposit ); void txHashBuilder_addCertificate_dRepUpdate( @@ -543,9 +543,9 @@ void txHashBuilder_addVotingProcedure( voting_procedure_t* votingProcedure ); -void txHashBuilder_addTreasury(tx_hash_builder_t* builder, uint64_t coin); +void txHashBuilder_addTreasury(tx_hash_builder_t* builder, uint64_t treasury); -void txHashBuilder_addDonation(tx_hash_builder_t* builder, uint64_t coin); +void txHashBuilder_addDonation(tx_hash_builder_t* builder, uint64_t donation); void txHashBuilder_finalize( tx_hash_builder_t* builder,