From c95aece5a3953cf4a89ae4f100b4ae430a14380c Mon Sep 17 00:00:00 2001 From: Jan Mazak Date: Sat, 16 Dec 2023 17:28:52 +0100 Subject: [PATCH] conway: review fixes --- src/bip44.c | 27 ++++++-- src/bip44.h | 4 +- src/getPublicKeys.c | 4 -- src/securityPolicy.c | 92 ++++++++++++++++++--------- src/securityPolicy.h | 4 +- src/signCVote.c | 10 +-- src/signTx.c | 35 +++++----- src/signTx.h | 6 +- src/signTxCVoteRegistration.c | 15 +---- src/signTxMint.c | 9 +-- src/signTxOutput.c | 11 ---- src/signTxPoolRegistration.c | 18 ------ src/signTx_ui.c | 32 +++++----- src/textUtils.c | 2 +- src/txHashBuilder.c | 116 ++++++++++++++++------------------ src/txHashBuilder.h | 24 +++---- src/utils.h | 1 - 17 files changed, 199 insertions(+), 211 deletions(-) diff --git a/src/bip44.c b/src/bip44.c index 90ffb775..875c1fcb 100644 --- a/src/bip44.c +++ b/src/bip44.c @@ -216,6 +216,20 @@ static bool bip44_hasReasonableAddress(const bip44_path_t* pathSpec) return (address <= MAX_REASONABLE_ADDRESS); } +static bool bip44_isConwayPathRecommended(const bip44_path_t* pathSpec) +{ + switch (bip44_classifyPath(pathSpec)) { + case PATH_DREP_KEY: + case PATH_COMMITTEE_COLD_KEY: + case PATH_COMMITTEE_HOT_KEY: + // strongly recommended in CIP-0105 to only use 0 as address + return (bip44_getAddressValue(pathSpec) == 0); + default: + ASSERT(false); + return false; + } +} + static bool bip44_containsMoreThanAddress(const bip44_path_t* pathSpec) { return (pathSpec->length > BIP44_I_ADDRESS + 1); @@ -263,7 +277,8 @@ bool bip44_isDRepKeyPath(const bip44_path_t* pathSpec) CHECK(bip44_hasShelleyPrefix(pathSpec)); CHECK(isHardened(bip44_getAccount(pathSpec))); CHECK(bip44_getChainTypeValue(pathSpec) == CARDANO_CHAIN_DREP_KEY); - CHECK(bip44_getAddressValue(pathSpec) == 0); // TODO allow other values and check for hardened only? + // is it strongly recommended (but not forbidden) to only use 0 as address + CHECK(!isHardened(bip44_getAddressValue(pathSpec))); return true; #undef CHECK } @@ -276,7 +291,8 @@ bool bip44_isCommitteeColdKeyPath(const bip44_path_t* pathSpec) CHECK(bip44_hasShelleyPrefix(pathSpec)); CHECK(isHardened(bip44_getAccount(pathSpec))); CHECK(bip44_getChainTypeValue(pathSpec) == CARDANO_CHAIN_COMMITTEE_COLD_KEY); - CHECK(bip44_getAddressValue(pathSpec) == 0); // TODO allow other values and check for hardened only? + // is it strongly recommended (but not forbidden) to only use 0 as address + CHECK(!isHardened(bip44_getAddressValue(pathSpec))); return true; #undef CHECK } @@ -289,7 +305,8 @@ bool bip44_isCommitteeHotKeyPath(const bip44_path_t* pathSpec) CHECK(bip44_hasShelleyPrefix(pathSpec)); CHECK(isHardened(bip44_getAccount(pathSpec))); CHECK(bip44_getChainTypeValue(pathSpec) == CARDANO_CHAIN_COMMITTEE_HOT_KEY); - CHECK(bip44_getAddressValue(pathSpec) == 0); // TODO allow other values and check for hardened only? + // is it strongly recommended (but not forbidden) to only use 0 as address + CHECK(!isHardened(bip44_getAddressValue(pathSpec))); return true; #undef CHECK } @@ -552,7 +569,9 @@ bool bip44_isPathReasonable(const bip44_path_t* pathSpec) case PATH_DREP_KEY: case PATH_COMMITTEE_COLD_KEY: case PATH_COMMITTEE_HOT_KEY: - return bip44_hasReasonableAccount(pathSpec) && bip44_hasReasonableAddress(pathSpec); + return bip44_hasReasonableAccount(pathSpec) + && bip44_hasReasonableAddress(pathSpec) + && bip44_isConwayPathRecommended(pathSpec); case PATH_MINT_KEY: return bip44_hasReasonableMintPolicy(pathSpec); diff --git a/src/bip44.h b/src/bip44.h index 6047e7db..038a0176 100644 --- a/src/bip44.h +++ b/src/bip44.h @@ -110,10 +110,10 @@ typedef enum { // m / 1852' / 1815' / account' / 3 / address_index PATH_DREP_KEY, - // constitutional committee hot key TODO not approved yet /~https://github.com/Ryun1/CIPs/blob/conway-keys/CIP-conway-keys/README.md + // constitutional committee hot key // m / 1852' / 1815' / account' / 4 / address_index PATH_COMMITTEE_COLD_KEY, - // constitutional committee cold key TODO not approved yet + // constitutional committee cold key // m / 1852' / 1815' / account' / 5 / address_index PATH_COMMITTEE_HOT_KEY, diff --git a/src/getPublicKeys.c b/src/getPublicKeys.c index dc2cee7f..182898c0 100644 --- a/src/getPublicKeys.c +++ b/src/getPublicKeys.c @@ -109,8 +109,6 @@ static void getPublicKeys_handleInitAPDU(const uint8_t* wireDataBuffer, size_t w { { CHECK_STAGE(GET_KEYS_STAGE_INIT); - - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } { // parse data @@ -186,8 +184,6 @@ void getPublicKeys_handleGetNextKeyAPDU( { CHECK_STAGE(GET_KEYS_STAGE_GET_KEYS); - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); - VALIDATE(ctx->currentPath < ctx->numPaths, ERR_INVALID_STATE); read_view_t view = make_read_view(wireDataBuffer, wireDataBuffer + wireDataSize); diff --git a/src/securityPolicy.c b/src/securityPolicy.c index db225ab3..f88663e1 100644 --- a/src/securityPolicy.c +++ b/src/securityPolicy.c @@ -892,6 +892,8 @@ security_policy_t policyForSignTxCollateralOutputAdaAmount( bool isTotalCollateralPresent ) { + // WARNING: policies for collateral inputs, collateral return output and total collateral are interdependent + if (outputPolicy == POLICY_ALLOW_WITHOUT_PROMPT) { // output not shown, so none of its elements should be shown ALLOW(); @@ -908,6 +910,8 @@ security_policy_t policyForSignTxCollateralOutputTokens( const tx_output_description_t* output ) { + // WARNING: policies for collateral inputs, collateral return output and total collateral are interdependent + if (outputPolicy == POLICY_ALLOW_WITHOUT_PROMPT) { // output not shown, so none of its elements should be shown ALLOW(); @@ -1028,7 +1032,7 @@ security_policy_t policyForSignTxCertificate( } // applicable to credentials that are witnessed in this tx -static bool forbiddenCredential( +static bool _forbiddenCredential( sign_tx_signingmode_t txSigningMode, const ext_credential_t* credential ) @@ -1042,8 +1046,10 @@ static bool forbiddenCredential( case EXT_CREDENTIAL_KEY_HASH: // everything is expected to be governed by native scripts return true; - default: + case EXT_CREDENTIAL_SCRIPT_HASH: break; + default: + ASSERT(false); } break; @@ -1060,15 +1066,16 @@ static bool forbiddenCredential( // if the hash corresponds to some of his keys, // and might inadvertently sign several certificates with a single witness return true; - default: + case EXT_CREDENTIAL_KEY_PATH: break; + default: + ASSERT(false); } break; default: // this should not be called in POOL_REGISTRATION signing modes ASSERT(false); - break; } return false; @@ -1079,17 +1086,20 @@ security_policy_t _policyForSignTxCertificateStakeCredential( const ext_credential_t* stakeCredential ) { - DENY_IF(forbiddenCredential(txSigningMode, stakeCredential)); + DENY_IF(_forbiddenCredential(txSigningMode, stakeCredential)); switch (stakeCredential->type) { case EXT_CREDENTIAL_KEY_PATH: DENY_UNLESS(bip44_isOrdinaryStakingKeyPath(&stakeCredential->keyPath)); DENY_IF(violatesSingleAccountOrStoreIt(&stakeCredential->keyPath)); break; - - default: + case EXT_CREDENTIAL_KEY_HASH: + case EXT_CREDENTIAL_SCRIPT_HASH: // the rest is OK, forbidden credentials have been dealt with above break; + + default: + ASSERT(false); } PROMPT(); @@ -1123,9 +1133,21 @@ security_policy_t policyForSignTxCertificateVoteDelegation( const ext_drep_t* drep ) { - // DRep can be anything, but if given by key path, it should be a valid path - if (drep->type == EXT_DREP_KEY_PATH) { + switch (drep->type) { + case EXT_DREP_KEY_PATH: + // DRep can be anything, but if given by key path, it should be a valid path DENY_UNLESS(bip44_isDRepKeyPath(&drep->keyPath)); + break; + + case EXT_DREP_KEY_HASH: + case EXT_DREP_SCRIPT_HASH: + case EXT_DREP_ABSTAIN: + case EXT_DREP_NO_CONFIDENCE: + // nothing to deny + break; + + default: + ASSERT(false); } return _policyForSignTxCertificateStakeCredential(txSigningMode, stakeCredential); @@ -1137,7 +1159,7 @@ security_policy_t policyForSignTxCertificateCommitteeAuth( const ext_credential_t* hotCredential ) { - DENY_IF(forbiddenCredential(txSigningMode, coldCredential)); + DENY_IF(_forbiddenCredential(txSigningMode, coldCredential)); switch (coldCredential->type) { case EXT_CREDENTIAL_KEY_PATH: @@ -1145,9 +1167,13 @@ security_policy_t policyForSignTxCertificateCommitteeAuth( DENY_IF(violatesSingleAccountOrStoreIt(&coldCredential->keyPath)); break; - default: + case EXT_CREDENTIAL_KEY_HASH: + case EXT_CREDENTIAL_SCRIPT_HASH: // the rest is OK, forbidden credentials have been dealt with above break; + + default: + ASSERT(false); } switch (hotCredential->type) { @@ -1173,7 +1199,7 @@ security_policy_t policyForSignTxCertificateCommitteeResign( const ext_credential_t* coldCredential ) { - DENY_IF(forbiddenCredential(txSigningMode, coldCredential)); + DENY_IF(_forbiddenCredential(txSigningMode, coldCredential)); switch (coldCredential->type) { case EXT_CREDENTIAL_KEY_PATH: @@ -1181,9 +1207,13 @@ security_policy_t policyForSignTxCertificateCommitteeResign( DENY_IF(violatesSingleAccountOrStoreIt(&coldCredential->keyPath)); break; - default: + case EXT_CREDENTIAL_KEY_HASH: + case EXT_CREDENTIAL_SCRIPT_HASH: // the rest is OK, forbidden credentials have been dealt with above break; + + default: + ASSERT(false); } PROMPT(); @@ -1194,7 +1224,7 @@ security_policy_t policyForSignTxCertificateDRep( const ext_credential_t* dRepCredential ) { - DENY_IF(forbiddenCredential(txSigningMode, dRepCredential)); + DENY_IF(_forbiddenCredential(txSigningMode, dRepCredential)); switch (dRepCredential->type) { case EXT_CREDENTIAL_KEY_PATH: @@ -1202,9 +1232,13 @@ security_policy_t policyForSignTxCertificateDRep( DENY_IF(violatesSingleAccountOrStoreIt(&dRepCredential->keyPath)); break; - default: + case EXT_CREDENTIAL_KEY_HASH: + case EXT_CREDENTIAL_SCRIPT_HASH: // the rest is OK, forbidden credentials have been dealt with above break; + + default: + ASSERT(false); } PROMPT(); @@ -1265,7 +1299,6 @@ security_policy_t policyForSignTxStakePoolRegistrationInit( default: ASSERT(false); - break; } DENY(); // should not be reached @@ -1439,7 +1472,6 @@ security_policy_t policyForSignTxWithdrawal( // in POOL_REGISTRATION signing modes, this certificate should have already been // reported as invalid (only pool registration certificate is allowed) ASSERT(false); - break; } break; @@ -1467,7 +1499,6 @@ security_policy_t policyForSignTxWithdrawal( // in POOL_REGISTRATION signing modes, this certificate should have already been // reported as invalid (only pool registration certificate is allowed) ASSERT(false); - break; } break; @@ -1488,7 +1519,6 @@ security_policy_t policyForSignTxWithdrawal( // in POOL_REGISTRATION signing modes, this certificate should have already been // reported as invalid (only pool registration certificate is allowed) ASSERT(false); - break; } break; @@ -1496,7 +1526,6 @@ security_policy_t policyForSignTxWithdrawal( // in POOL_REGISTRATION signing modes, non-zero number of withdrawals // should have already been reported as invalid ASSERT(false); - break; } DENY(); // should not be reached @@ -1521,8 +1550,10 @@ static inline security_policy_t _ordinaryWitnessPolicy(const bip44_path_t* path, case PATH_DREP_KEY: case PATH_COMMITTEE_COLD_KEY: case PATH_COMMITTEE_HOT_KEY: - // these have to be shown because the tx might contain - // an action proposal that cannot be fully shown on the device + // used to sign certificates and voting procedures + // these won't occur often, so little benefit from hiding them + // better to show them at least while they are new + // in the future, we might want to hide some of them in non-expert mode DENY_IF(violatesSingleAccountOrStoreIt(path)); WARN_UNLESS(bip44_isPathReasonable(path)); SHOW(); @@ -1664,8 +1695,6 @@ security_policy_t policyForSignTxWitness( const bip44_path_t* poolOwnerPath __attribute__((unused)) ) { - // TODO what about witnesses for voting procedures? - switch (txSigningMode) { case SIGN_TX_SIGNINGMODE_ORDINARY_TX: return _ordinaryWitnessPolicy(witnessPath, mintPresent); @@ -1955,7 +1984,7 @@ security_policy_t policyForSignTxVotingProcedure( break; default: - break; + ASSERT(false); } break; @@ -1971,8 +2000,13 @@ security_policy_t policyForSignTxVotingProcedure( DENY(); break; - default: + case EXT_VOTER_COMMITTEE_HOT_SCRIPT_HASH: + case EXT_VOTER_DREP_SCRIPT_HASH: + // scripts are OK break; + + default: + ASSERT(false); } break; @@ -1984,7 +2018,6 @@ security_policy_t policyForSignTxVotingProcedure( default: // this should not be called in POOL_REGISTRATION signing modes ASSERT(false); - break; } SHOW(); @@ -1993,7 +2026,7 @@ security_policy_t policyForSignTxVotingProcedure( // For treasury security_policy_t policyForSignTxTreasury( sign_tx_signingmode_t txSigningMode MARK_UNUSED, - uint64_t coin MARK_UNUSED + uint64_t treasury MARK_UNUSED ) { SHOW(); @@ -2002,7 +2035,7 @@ security_policy_t policyForSignTxTreasury( // For donation security_policy_t policyForSignTxDonation( sign_tx_signingmode_t txSigningMode MARK_UNUSED, - uint64_t coin MARK_UNUSED + uint64_t donation MARK_UNUSED ) { SHOW(); @@ -2081,7 +2114,6 @@ security_policy_t policyForCVoteRegistrationPaymentDestination( default: ASSERT(false); - break; } DENY(); // should not be reached diff --git a/src/securityPolicy.h b/src/securityPolicy.h index c29b0f91..b185ac2c 100644 --- a/src/securityPolicy.h +++ b/src/securityPolicy.h @@ -212,9 +212,9 @@ security_policy_t policyForSignTxVotingProcedure( ext_voter_t* voter ); -security_policy_t policyForSignTxTreasury(sign_tx_signingmode_t txSigningMode, uint64_t coin); +security_policy_t policyForSignTxTreasury(sign_tx_signingmode_t txSigningMode, uint64_t treasury); -security_policy_t policyForSignTxDonation(sign_tx_signingmode_t txSigningMode, uint64_t coin); +security_policy_t policyForSignTxDonation(sign_tx_signingmode_t txSigningMode, uint64_t donation); security_policy_t policyForSignTxConfirm(); diff --git a/src/signCVote.c b/src/signCVote.c index 5cdb7b70..c588b7e8 100644 --- a/src/signCVote.c +++ b/src/signCVote.c @@ -60,9 +60,8 @@ void signCVote_handleInitAPDU( ) { { - //sanity checks + // sanity checks CHECK_STAGE(VOTECAST_STAGE_INIT); - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } { TRACE_BUFFER(wireDataBuffer, wireDataSize); @@ -127,9 +126,8 @@ void signCVote_handleVotecastChunkAPDU( ) { { - //sanity checks + // sanity checks CHECK_STAGE(VOTECAST_STAGE_CHUNK); - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } { read_view_t view = make_read_view(wireDataBuffer, wireDataBuffer + wireDataSize); @@ -159,9 +157,8 @@ void signCVote_handleConfirmAPDU( { TRACE_STACK_USAGE(); { - //sanity checks + // sanity checks CHECK_STAGE(VOTECAST_STAGE_CONFIRM); - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } { // no data to receive @@ -207,7 +204,6 @@ void signCVote_handleWitnessAPDU( { // sanity checks CHECK_STAGE(VOTECAST_STAGE_WITNESS); - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } { diff --git a/src/signTx.c b/src/signTx.c index 81016c03..d50ff0cf 100644 --- a/src/signTx.c +++ b/src/signTx.c @@ -1016,8 +1016,8 @@ static void _parseDRep(read_view_t* view, ext_drep_t* drep) view_parseBuffer(drep->scriptHash, view, SIZEOF(drep->scriptHash)); break; } - case EXT_DREP_ALWAYS_ABSTAIN: - case EXT_DREP_ALWAYS_NO_CONFIDENCE: { + case EXT_DREP_ABSTAIN: + case EXT_DREP_NO_CONFIDENCE: { // nothing more to parse break; } @@ -1056,7 +1056,6 @@ static void _parseAnchor(read_view_t* view, anchor_t* anchor) static void _parseCertificateData(const uint8_t* wireDataBuffer, size_t wireDataSize, sign_tx_certificate_data_t* certificateData) { - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); TRACE_BUFFER(wireDataBuffer, wireDataSize); read_view_t view = make_read_view(wireDataBuffer, wireDataBuffer + wireDataSize); @@ -1073,12 +1072,11 @@ static void _parseCertificateData(const uint8_t* wireDataBuffer, size_t wireData case CERTIFICATE_STAKE_REGISTRATION_CONWAY: case CERTIFICATE_STAKE_DEREGISTRATION_CONWAY: _parseCredential(&view, &certificateData->stakeCredential); - certificateData->coin = parse_u8be(&view); + certificateData->deposit = parse_u8be(&view); break; case CERTIFICATE_STAKE_DELEGATION: _parseCredential(&view, &certificateData->stakeCredential); - // TODO change APDU to parse credential certificateData->poolCredential.type = EXT_CREDENTIAL_KEY_HASH; STATIC_ASSERT(SIZEOF(certificateData->poolCredential.keyHash) == POOL_KEY_HASH_LENGTH, "wrong poolKeyHash size"); view_parseBuffer(certificateData->poolCredential.keyHash, &view, POOL_KEY_HASH_LENGTH); @@ -1101,13 +1099,13 @@ static void _parseCertificateData(const uint8_t* wireDataBuffer, size_t wireData case CERTIFICATE_DREP_REGISTRATION: _parseCredential(&view, &certificateData->dRepCredential); - certificateData->coin = parse_u8be(&view); + certificateData->deposit = parse_u8be(&view); _parseAnchor(&view, &certificateData->anchor); break; case CERTIFICATE_DREP_DEREGISTRATION: _parseCredential(&view, &certificateData->dRepCredential); - certificateData->coin = parse_u8be(&view); + certificateData->deposit = parse_u8be(&view); break; case CERTIFICATE_DREP_UPDATE: @@ -1127,7 +1125,6 @@ static void _parseCertificateData(const uint8_t* wireDataBuffer, size_t wireData #ifdef APP_FEATURE_POOL_RETIREMENT case CERTIFICATE_STAKE_POOL_RETIREMENT: - // TODO refactor APDU serialization to parse credential certificateData->poolCredential.type = EXT_CREDENTIAL_KEY_PATH; _parsePathSpec(&view, &certificateData->poolCredential.keyPath); certificateData->epoch = parse_u8be(&view); @@ -1202,11 +1199,11 @@ static void _setDRep( memmove(drep->scriptHash, extDRep->scriptHash, SIZEOF(extDRep->scriptHash)); break; - case EXT_DREP_ALWAYS_ABSTAIN: + case EXT_DREP_ABSTAIN: drep->type = DREP_ALWAYS_ABSTAIN; break; - case EXT_DREP_ALWAYS_NO_CONFIDENCE: + case EXT_DREP_NO_CONFIDENCE: drep->type = DREP_ALWAYS_NO_CONFIDENCE; break; @@ -1247,7 +1244,7 @@ static void _addCertificateDataToTx( txHashBuilder, certificateData->type, &tmpCredential, - certificateData->coin + certificateData->deposit ); break; } @@ -1255,7 +1252,7 @@ static void _addCertificateDataToTx( case CERTIFICATE_STAKE_DELEGATION: { _setCredential(&tmpCredential, &certificateData->stakeCredential); ASSERT(certificateData->poolCredential.type == EXT_CREDENTIAL_KEY_HASH); - txHashBuilder_addCertificate_delegation( + txHashBuilder_addCertificate_stakeDelegation( txHashBuilder, &tmpCredential, certificateData->poolCredential.keyHash, SIZEOF(certificateData->poolCredential.keyHash) @@ -1267,7 +1264,7 @@ static void _addCertificateDataToTx( drep_t drep; _setCredential(&tmpCredential, &certificateData->stakeCredential); _setDRep(&drep, &certificateData->drep); - txHashBuilder_addCertificate_voteDeleg( + txHashBuilder_addCertificate_voteDelegation( txHashBuilder, &tmpCredential, &drep @@ -1279,7 +1276,7 @@ static void _addCertificateDataToTx( credential_t hotCredential; _setCredential(&tmpCredential, &certificateData->committeeColdCredential); _setCredential(&hotCredential, &certificateData->committeeHotCredential); - txHashBuilder_addCertificate_committeeAuth( + txHashBuilder_addCertificate_committeeAuthHot( txHashBuilder, &tmpCredential, &hotCredential @@ -1299,10 +1296,10 @@ static void _addCertificateDataToTx( case CERTIFICATE_DREP_REGISTRATION: { _setCredential(&tmpCredential, &certificateData->dRepCredential); - txHashBuilder_addCertificate_dRepReg( + txHashBuilder_addCertificate_dRepRegistration( txHashBuilder, &tmpCredential, - certificateData->coin, + certificateData->deposit, &certificateData->anchor ); break; @@ -1310,10 +1307,10 @@ static void _addCertificateDataToTx( case CERTIFICATE_DREP_DEREGISTRATION: { _setCredential(&tmpCredential, &certificateData->dRepCredential); - txHashBuilder_addCertificate_dRepUnreg( + txHashBuilder_addCertificate_dRepDeregistration( txHashBuilder, &tmpCredential, - certificateData->coin + certificateData->deposit ); break; } @@ -2242,6 +2239,8 @@ static void signTx_handleVotingProcedureAPDU(uint8_t p2, const uint8_t* wireData TRACE("Policy: %d", (int) policy); ENSURE_NOT_DENIED(policy); + // Note: if more than one voter is ever allowed, we need to check canonical ordering + // of voters and possibly canonical ordering of governance actions in the subordinated map { // add to tx TRACE("Adding voting procedure to tx hash"); diff --git a/src/signTx.h b/src/signTx.h index 707c5501..43fb07ac 100644 --- a/src/signTx.h +++ b/src/signTx.h @@ -107,8 +107,8 @@ typedef enum { EXT_DREP_KEY_HASH = 0, EXT_DREP_KEY_PATH = 0 + 100, EXT_DREP_SCRIPT_HASH = 1, - EXT_DREP_ALWAYS_ABSTAIN = 2, - EXT_DREP_ALWAYS_NO_CONFIDENCE = 3, + EXT_DREP_ABSTAIN = 2, + EXT_DREP_NO_CONFIDENCE = 3, } ext_drep_type_t; typedef struct { @@ -136,7 +136,7 @@ typedef struct { }; union { uint64_t epoch; // in pool retirement - uint64_t coin; // not in pool retirement; represents deposit in certs + uint64_t deposit; // not in pool retirement }; } sign_tx_certificate_data_t; diff --git a/src/signTxCVoteRegistration.c b/src/signTxCVoteRegistration.c index cb06ffb5..12112433 100644 --- a/src/signTxCVoteRegistration.c +++ b/src/signTxCVoteRegistration.c @@ -118,8 +118,6 @@ static void signTxCVoteRegistration_handleInitAPDU(const uint8_t* wireDataBuffer { { CHECK_STATE(STATE_CVOTE_REGISTRATION_INIT); - - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } cvote_registration_context_t* subctx = accessSubContext(); { @@ -229,8 +227,6 @@ static void signTxCVoteRegistration_handleVoteKeyAPDU(const uint8_t* wireDataBuf { { CHECK_STATE(STATE_CVOTE_REGISTRATION_VOTE_KEY); - - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } cvote_registration_context_t* subctx = accessSubContext(); { @@ -379,7 +375,6 @@ static void signTxCVoteRegistration_handleStakingKeyAPDU(const uint8_t* wireData { // sanity checks CHECK_STATE(STATE_CVOTE_REGISTRATION_STAKING_KEY); - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } cvote_registration_context_t* subctx = accessSubContext(); { @@ -472,8 +467,6 @@ static void signTxCVoteRegistration_handlePaymentAddressAPDU(const uint8_t* wire { // safety checks CHECK_STATE(STATE_CVOTE_REGISTRATION_PAYMENT_ADDRESS); - - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } cvote_registration_context_t* subctx = accessSubContext(); { @@ -535,8 +528,6 @@ static void signTxCVoteRegistration_handleNonceAPDU(const uint8_t* wireDataBuffe { // sanity checks CHECK_STATE(STATE_CVOTE_REGISTRATION_NONCE); - - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } cvote_registration_context_t* subctx = accessSubContext(); { @@ -583,8 +574,6 @@ static void signTxCVoteRegistration_handleVotingPurposeAPDU(const uint8_t* wireD { { CHECK_STATE(STATE_CVOTE_REGISTRATION_VOTING_PURPOSE); - - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } cvote_registration_context_t* subctx = accessSubContext(); { @@ -652,10 +641,8 @@ __noinline_due_to_stack__ static void signTxCVoteRegistration_handleConfirmAPDU(const uint8_t* wireDataBuffer MARK_UNUSED, size_t wireDataSize) { { - //sanity checks + // sanity checks CHECK_STATE(STATE_CVOTE_REGISTRATION_CONFIRM); - - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } cvote_registration_context_t* subctx = accessSubContext(); { diff --git a/src/signTxMint.c b/src/signTxMint.c index 88ca8bc5..5d6ebfe5 100644 --- a/src/signTxMint.c +++ b/src/signTxMint.c @@ -35,7 +35,6 @@ static void signTxMint_handleTopLevelDataAPDU(const uint8_t* wireDataBuffer, siz { // safety checks CHECK_STATE(STATE_MINT_TOP_LEVEL_DATA); - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } TRACE_BUFFER(wireDataBuffer, wireDataSize); mint_context_t* subctx = accessSubcontext(); @@ -67,8 +66,6 @@ static void signTxMint_handleAssetGroupAPDU(const uint8_t* wireDataBuffer, size_ { // sanity checks CHECK_STATE(STATE_MINT_ASSET_GROUP); - - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } mint_context_t* subctx = accessSubcontext(); { @@ -122,8 +119,6 @@ static void signTxMint_handleTokenAPDU(const uint8_t* wireDataBuffer, size_t wir { // sanity checks CHECK_STATE(STATE_MINT_TOKEN); - - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } mint_context_t* subctx = accessSubcontext(); { @@ -185,10 +180,8 @@ static void signTxMint_handleTokenAPDU(const uint8_t* wireDataBuffer, size_t wir static void signTxMint_handleConfirmAPDU(const uint8_t* wireDataBuffer MARK_UNUSED, size_t wireDataSize) { { - //sanity checks + // sanity checks CHECK_STATE(STATE_MINT_CONFIRM); - - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } { diff --git a/src/signTxOutput.c b/src/signTxOutput.c index 57954284..a412c65d 100644 --- a/src/signTxOutput.c +++ b/src/signTxOutput.c @@ -307,8 +307,6 @@ static void parseTopLevelData(const uint8_t* wireDataBuffer, size_t wireDataSize { // safety checks CHECK_STATE(STATE_OUTPUT_TOP_LEVEL_DATA); - - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } output_context_t* subctx = accessSubcontext(); @@ -398,7 +396,6 @@ static void handleCollateralOutput_addressBytes() .includeRefScript = subctx->includeRefScript, }; - // TODO maybe restrict to specific address types? we don't support datum in coll ret outputs security_policy_t policy = policyForSignTxCollateralOutputAddressBytes( &output, commonTxData->txSigningMode, @@ -545,8 +542,6 @@ static void handleAssetGroupAPDU(const uint8_t* wireDataBuffer, size_t wireDataS { // sanity checks CHECK_STATE(STATE_OUTPUT_ASSET_GROUP); - - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } output_context_t* subctx = accessSubcontext(); { @@ -621,8 +616,6 @@ static void handleTokenAPDU(const uint8_t* wireDataBuffer, size_t wireDataSize) { // sanity checks CHECK_STATE(STATE_OUTPUT_TOKEN); - - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } output_context_t* subctx = accessSubcontext(); { @@ -797,7 +790,6 @@ static void handleDatumAPDU(const uint8_t* wireDataBuffer, size_t wireDataSize) { // sanity checks CHECK_STATE(STATE_OUTPUT_DATUM); - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } output_context_t* subctx = accessSubcontext(); { @@ -829,7 +821,6 @@ static void handleDatumChunkAPDU(const uint8_t* wireDataBuffer, size_t wireDataS { // sanity checks CHECK_STATE(STATE_OUTPUT_DATUM_INLINE_CHUNKS); - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } output_context_t* subctx = accessSubcontext(); { @@ -871,7 +862,6 @@ static void handleRefScriptAPDU(const uint8_t* wireDataBuffer, size_t wireDataSi { // sanity checks CHECK_STATE(STATE_OUTPUT_REFERENCE_SCRIPT); - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } output_context_t* subctx = accessSubcontext(); { @@ -935,7 +925,6 @@ static void handleRefScriptChunkAPDU(const uint8_t* wireDataBuffer, size_t wireD { // sanity checks CHECK_STATE(STATE_OUTPUT_REFERENCE_SCRIPT_CHUNKS); - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } output_context_t* subctx = accessSubcontext(); { diff --git a/src/signTxPoolRegistration.c b/src/signTxPoolRegistration.c index d66f6f81..aed6c5d0 100644 --- a/src/signTxPoolRegistration.c +++ b/src/signTxPoolRegistration.c @@ -75,8 +75,6 @@ static void signTxPoolRegistration_handleInitAPDU(const uint8_t* wireDataBuffer, { // sanity checks CHECK_STATE(STAKE_POOL_REGISTRATION_INIT); - - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } pool_registration_context_t* subctx = accessSubcontext(); { @@ -185,8 +183,6 @@ static void signTxPoolRegistration_handlePoolKeyAPDU(const uint8_t* wireDataBuff { // sanity checks CHECK_STATE(STAKE_POOL_REGISTRATION_POOL_KEY); - - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } { // parse data @@ -258,8 +254,6 @@ static void signTxPoolRegistration_handleVrfKeyAPDU(const uint8_t* wireDataBuffe { // sanity checks CHECK_STATE(STAKE_POOL_REGISTRATION_VRF_KEY); - - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } pool_registration_context_t* subctx = accessSubcontext(); { @@ -313,8 +307,6 @@ static void signTxPoolRegistration_handlePoolFinancialsAPDU(const uint8_t* wireD { // sanity checks CHECK_STATE(STAKE_POOL_REGISTRATION_FINANCIALS); - - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } pool_registration_context_t* subctx = accessSubcontext(); { @@ -407,8 +399,6 @@ static void signTxPoolRegistration_handleRewardAccountAPDU(const uint8_t* wireDa { // sanity checks CHECK_STATE(STAKE_POOL_REGISTRATION_REWARD_ACCOUNT); - - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } { // parse data @@ -494,8 +484,6 @@ static void signTxPoolRegistration_handleOwnerAPDU(const uint8_t* wireDataBuffer { // sanity checks CHECK_STATE(STAKE_POOL_REGISTRATION_OWNERS); - - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } pool_registration_context_t* subctx = accessSubcontext(); @@ -638,8 +626,6 @@ static void signTxPoolRegistration_handleRelayAPDU(const uint8_t* wireDataBuffer { // sanity checks CHECK_STATE(STAKE_POOL_REGISTRATION_RELAYS); - - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } pool_relay_t* relay = &accessSubcontext()->stateData.relay; @@ -776,8 +762,6 @@ static void signTxPoolRegistration_handlePoolMetadataAPDU(const uint8_t* wireDat { // sanity checks CHECK_STATE(STAKE_POOL_REGISTRATION_METADATA); - - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } pool_registration_context_t* subctx = accessSubcontext(); @@ -857,8 +841,6 @@ static void signTxPoolRegistration_handleConfirmAPDU(const uint8_t* wireDataBuff { //sanity checks CHECK_STATE(STAKE_POOL_REGISTRATION_CONFIRM); - - ASSERT(wireDataSize < BUFFER_SIZE_PARANOIA); } { diff --git a/src/signTx_ui.c b/src/signTx_ui.c index 88b50c03..c475ec92 100644 --- a/src/signTx_ui.c +++ b/src/signTx_ui.c @@ -463,18 +463,18 @@ static void _displayCredential( static void _displayDeposit( ui_callback_fn_t* callback, - uint64_t coin + uint64_t deposit ) { #ifdef HAVE_BAGL ui_displayAdaAmountScreen( "Deposit", - coin, + deposit, callback ); #elif defined(HAVE_NBGL) char adaAmountStr[50] = {0}; - ui_getAdaAmountScreen(adaAmountStr, SIZEOF(adaAmountStr), coin); + ui_getAdaAmountScreen(adaAmountStr, SIZEOF(adaAmountStr), deposit); fill_and_display_if_required("Deposit", adaAmountStr, callback, respond_with_user_reject); #endif // HAVE_BAGL } @@ -630,7 +630,7 @@ void signTx_handleCertificateStaking_ui_runStep() case CERTIFICATE_STAKE_REGISTRATION_CONWAY: case CERTIFICATE_STAKE_DEREGISTRATION_CONWAY: - _displayDeposit(this_fn, cert->coin); + _displayDeposit(this_fn, cert->deposit); break; default: @@ -807,10 +807,10 @@ void signTx_handleCertificateCommitteeAuth_ui_runStep() _displayCredential( this_fn, &cert->committeeColdCredential, - "Comm. cold key", - "Comm. cold key hash", + "Cmte. cold key", + "Cmte. cold key hash", "cc_cold", - "Comm. cold script", + "Cmte. cold script", "cc_cold" ); } @@ -818,10 +818,10 @@ void signTx_handleCertificateCommitteeAuth_ui_runStep() _displayCredential( this_fn, &cert->committeeHotCredential, - "Comm. hot key", - "Comm. hot key hash", + "Cmte. hot key", + "Cmte. hot key hash", "cc_hot", - "Comm. hot script", + "Cmte. hot script", "cc_hot" ); } @@ -869,10 +869,10 @@ void signTx_handleCertificateCommitteeResign_ui_runStep() _displayCredential( this_fn, &cert->committeeColdCredential, - "Comm. cold key", - "Comm. cold key hash", + "Cmte. cold key", + "Cmte. cold key hash", "cc_cold", - "Comm. cold script", + "Cmte. cold script", "cc_cold" ); } @@ -985,7 +985,7 @@ void signTx_handleCertificateDRep_ui_runStep() case CERTIFICATE_DREP_REGISTRATION: case CERTIFICATE_DREP_DEREGISTRATION: - _displayDeposit(this_fn, cert->coin); + _displayDeposit(this_fn, cert->deposit); break; default: @@ -1534,11 +1534,11 @@ void signTx_handleTreasury_ui_runStep() UI_STEP(HANDLE_TREASURY_STEP_DISPLAY) { #ifdef HAVE_BAGL - ui_displayAdaAmountScreen("Treasury", BODY_CTX->stageData.treasury, this_fn); + ui_displayAdaAmountScreen("Treasury amount", BODY_CTX->stageData.treasury, this_fn); #elif defined(HAVE_NBGL) char adaAmountStr[50] = {0}; ui_getAdaAmountScreen(adaAmountStr, SIZEOF(adaAmountStr), BODY_CTX->stageData.treasury); - fill_and_display_if_required("Treasury", adaAmountStr, this_fn, respond_with_user_reject); + fill_and_display_if_required("Treasury amount", adaAmountStr, this_fn, respond_with_user_reject); #endif // HAVE_BAGL } UI_STEP(HANDLE_TREASURY_STEP_RESPOND) { diff --git a/src/textUtils.c b/src/textUtils.c index 9f0e42e2..892fafef 100644 --- a/src/textUtils.c +++ b/src/textUtils.c @@ -190,7 +190,7 @@ void str_traceInt64(int64_t number) #endif // DEVEL -// TODO: This is valid only for mainnet +// Note: This is valid only for mainnet static struct { uint64_t startSlotNumber; uint64_t startEpoch; diff --git a/src/txHashBuilder.c b/src/txHashBuilder.c index 5f53060b..4d79d758 100644 --- a/src/txHashBuilder.c +++ b/src/txHashBuilder.c @@ -176,7 +176,7 @@ static void processOutputTopLevel(tx_hash_builder_t* builder, const tx_output_de static void assertCanLeaveCurrentOutput(tx_hash_builder_t* builder) { - switch (builder->outputState) { + switch (builder->outputData.outputState) { case TX_OUTPUT_INIT: case TX_OUTPUT_TOP_LEVEL_DATA: // no tokens @@ -386,7 +386,7 @@ void txHashBuilder_enterOutputs(tx_hash_builder_t* builder) BUILDER_APPEND_CBOR(CBOR_TYPE_ARRAY, builder->remainingOutputs); } builder->state = TX_HASH_BUILDER_IN_OUTPUTS; - builder->outputState = TX_OUTPUT_INIT; + builder->outputData.outputState = TX_OUTPUT_INIT; } void txHashBuilder_addOutput_topLevelData( @@ -396,7 +396,7 @@ void txHashBuilder_addOutput_topLevelData( { _TRACE( "state = %d, outputState = %d, remainingOutputs = %u", - builder->state, builder->outputState, builder->remainingOutputs + builder->state, builder->outputData.outputState, builder->remainingOutputs ); ASSERT(builder->state == TX_HASH_BUILDER_IN_OUTPUTS); @@ -407,7 +407,7 @@ void txHashBuilder_addOutput_topLevelData( processOutputTopLevel(builder, output); - builder->outputState = TX_OUTPUT_TOP_LEVEL_DATA; + builder->outputData.outputState = TX_OUTPUT_TOP_LEVEL_DATA; } __noinline_due_to_stack__ @@ -419,10 +419,10 @@ static void addTokenGroup( { _TRACE( "state = %d, outputState = %d, remainingAssetGroups = %u", - builder->state, builder->outputState, builder->outputData.multiassetData.remainingAssetGroups + builder->state, builder->outputData.outputState, builder->outputData.multiassetData.remainingAssetGroups ); - switch (builder->outputState) { + switch (builder->outputData.outputState) { case TX_OUTPUT_ASSET_GROUP: // we have been adding tokens into the previous asset group ASSERT(builder->outputData.multiassetData.remainingTokens == 0); @@ -458,7 +458,7 @@ static void addTokenGroup( } } - builder->outputState = TX_OUTPUT_ASSET_GROUP; + builder->outputData.outputState = TX_OUTPUT_ASSET_GROUP; } __noinline_due_to_stack__ @@ -471,10 +471,10 @@ static void addToken( { _TRACE( "state = %d, outputState = %d, remainingTokens = %u", - builder->state, builder->outputState, builder->outputData.multiassetData.remainingTokens + builder->state, builder->outputData.outputState, builder->outputData.multiassetData.remainingTokens ); - switch (builder->outputState) { + switch (builder->outputData.outputState) { case TX_OUTPUT_ASSET_GROUP: // we have been adding tokens into an asset group break; @@ -500,7 +500,7 @@ static void addToken( } } - builder->outputState = TX_OUTPUT_ASSET_GROUP; + builder->outputData.outputState = TX_OUTPUT_ASSET_GROUP; } void txHashBuilder_addOutput_tokenGroup( @@ -533,9 +533,9 @@ void txHashBuilder_addOutput_datum( { ASSERT(builder->outputData.includeDatum); - TRACE("%d", builder->outputState); + TRACE("%d", builder->outputData.outputState); - switch (builder->outputState) { + switch (builder->outputData.outputState) { case TX_OUTPUT_TOP_LEVEL_DATA: // top level data has been added instantaneously // so we only check there are no asset groups left out @@ -579,7 +579,7 @@ void txHashBuilder_addOutput_datum( BUILDER_APPEND_DATA(buffer, bufferSize); } // Hash is transmitted in one chunk, and datumType stage is finished - builder->outputState = TX_OUTPUT_DATUM_HASH; + builder->outputData.outputState = TX_OUTPUT_DATUM_HASH; break; case DATUM_INLINE: @@ -593,7 +593,7 @@ void txHashBuilder_addOutput_datum( BUILDER_APPEND_CBOR(CBOR_TYPE_BYTES, bufferSize); // byte chunks will be added later } - builder->outputState = TX_OUTPUT_DATUM_INLINE; + builder->outputData.outputState = TX_OUTPUT_DATUM_INLINE; break; default: @@ -606,7 +606,7 @@ void txHashBuilder_addOutput_datum_inline_chunk( const uint8_t* buffer, size_t bufferSize ) { - ASSERT(builder->outputState == TX_OUTPUT_DATUM_INLINE); + ASSERT(builder->outputData.outputState == TX_OUTPUT_DATUM_INLINE); ASSERT(bufferSize <= builder->outputData.datumData.remainingBytes); builder->outputData.datumData.remainingBytes -= bufferSize; { @@ -618,7 +618,7 @@ void txHashBuilder_addOutput_referenceScript(tx_hash_builder_t* builder, size_t { ASSERT(builder->outputData.includeRefScript); - switch (builder->outputState) { + switch (builder->outputData.outputState) { case TX_OUTPUT_TOP_LEVEL_DATA: // top level data has been added instantaneously // so we only check there are no asset groups left out @@ -654,7 +654,7 @@ void txHashBuilder_addOutput_referenceScript(tx_hash_builder_t* builder, size_t // byte chunks will be added later } builder->outputData.referenceScriptData.remainingBytes = scriptSize; - builder->outputState = TX_OUTPUT_SCRIPT_REFERENCE_CHUNKS; + builder->outputData.outputState = TX_OUTPUT_SCRIPT_REFERENCE_CHUNKS; } void txHashBuilder_addOutput_referenceScript_dataChunk( @@ -662,7 +662,7 @@ void txHashBuilder_addOutput_referenceScript_dataChunk( const uint8_t* buffer, size_t bufferSize ) { - ASSERT(builder->outputState == TX_OUTPUT_SCRIPT_REFERENCE_CHUNKS); + ASSERT(builder->outputData.outputState == TX_OUTPUT_SCRIPT_REFERENCE_CHUNKS); { BUILDER_APPEND_DATA(buffer, bufferSize); } @@ -843,7 +843,7 @@ void txHashBuilder_addCertificate_staking( tx_hash_builder_t* builder, const certificate_type_t certificateType, const credential_t* stakeCredential, - uint64_t coin + uint64_t deposit ) { _initNewCertificate(builder); @@ -868,12 +868,12 @@ void txHashBuilder_addCertificate_staking( _appendCredential(builder, stakeCredential); } { - BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, coin); + BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, deposit); } } } -void txHashBuilder_addCertificate_delegation( +void txHashBuilder_addCertificate_stakeDelegation( tx_hash_builder_t* builder, const credential_t* stakeCredential, const uint8_t* poolKeyHash, size_t poolKeyHashSize @@ -894,7 +894,7 @@ void txHashBuilder_addCertificate_delegation( { BUILDER_APPEND_CBOR(CBOR_TYPE_ARRAY, 3); { - BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, 2); + BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, CERTIFICATE_STAKE_DELEGATION); } { _appendCredential(builder, stakeCredential); @@ -906,7 +906,7 @@ void txHashBuilder_addCertificate_delegation( } } -void txHashBuilder_addCertificate_voteDeleg( +void txHashBuilder_addCertificate_voteDelegation( tx_hash_builder_t* builder, const credential_t* stakeCredential, const drep_t* drep @@ -928,7 +928,7 @@ void txHashBuilder_addCertificate_voteDeleg( { BUILDER_APPEND_CBOR(CBOR_TYPE_ARRAY, 3); { - BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, 9); + BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, CERTIFICATE_VOTE_DELEGATION); } { _appendCredential(builder, stakeCredential); @@ -963,7 +963,7 @@ void txHashBuilder_addCertificate_voteDeleg( } } -void txHashBuilder_addCertificate_committeeAuth( +void txHashBuilder_addCertificate_committeeAuthHot( tx_hash_builder_t* builder, const credential_t* coldCredential, const credential_t* hotCredential @@ -985,7 +985,7 @@ void txHashBuilder_addCertificate_committeeAuth( { BUILDER_APPEND_CBOR(CBOR_TYPE_ARRAY, 3); { - BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, 14); + BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, CERTIFICATE_AUTHORIZE_COMMITTEE_HOT); } { _appendCredential(builder, coldCredential); @@ -1002,6 +1002,10 @@ static void _appendAnchor( ) { if (anchor->isIncluded) { + // Array(2)[ + // Tstr[url] + // Bytes[32] + // ] BUILDER_APPEND_CBOR(CBOR_TYPE_ARRAY, 2); { BUILDER_APPEND_CBOR(CBOR_TYPE_TEXT, anchor->urlLength); @@ -1012,6 +1016,7 @@ static void _appendAnchor( BUILDER_APPEND_DATA(anchor->hash, SIZEOF(anchor->hash)); } } else { + // Null BUILDER_APPEND_CBOR(CBOR_TYPE_NULL, 0); } } @@ -1030,15 +1035,12 @@ void txHashBuilder_addCertificate_committeeResign( // Unsigned[0 or 1] // Bytes[stakingKeyHash] // ] - // Array(2)[ - // Tstr[url] - // Bytes[32] - // ] + // Null / ...anchor // ] { BUILDER_APPEND_CBOR(CBOR_TYPE_ARRAY, 3); { - BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, 15); + BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, CERTIFICATE_RESIGN_COMMITTEE_COLD); } { _appendCredential(builder, coldCredential); @@ -1049,10 +1051,10 @@ void txHashBuilder_addCertificate_committeeResign( } } -void txHashBuilder_addCertificate_dRepReg( +void txHashBuilder_addCertificate_dRepRegistration( tx_hash_builder_t* builder, const credential_t* dRepCredential, - uint64_t coin, + uint64_t deposit, const anchor_t* anchor ) { @@ -1065,21 +1067,18 @@ void txHashBuilder_addCertificate_dRepReg( // Bytes[key/script hash] // ] // Unsigned[coin] - // Array(2)[ - // Tstr[url] - // Bytes[32] - // ] + // Null / ...anchor // ] { BUILDER_APPEND_CBOR(CBOR_TYPE_ARRAY, 3); { - BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, 16); + BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, CERTIFICATE_DREP_REGISTRATION); } { _appendCredential(builder, dRepCredential); } { - BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, coin); + BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, deposit); } { _appendAnchor(builder, anchor); @@ -1087,16 +1086,16 @@ void txHashBuilder_addCertificate_dRepReg( } } -void txHashBuilder_addCertificate_dRepUnreg( +void txHashBuilder_addCertificate_dRepDeregistration( tx_hash_builder_t* builder, const credential_t* dRepCredential, - uint64_t coin + uint64_t deposit ) { _initNewCertificate(builder); // Array(3)[ - // Unsigned[16] + // Unsigned[17] // Array(2)[ // Unsigned[0/1] // Bytes[key/script hash] @@ -1106,13 +1105,13 @@ void txHashBuilder_addCertificate_dRepUnreg( { BUILDER_APPEND_CBOR(CBOR_TYPE_ARRAY, 3); { - BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, 17); + BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, CERTIFICATE_DREP_DEREGISTRATION); } { _appendCredential(builder, dRepCredential); } { - BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, coin); + BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, deposit); } } } @@ -1126,20 +1125,17 @@ void txHashBuilder_addCertificate_dRepUpdate( _initNewCertificate(builder); // Array(3)[ - // Unsigned[16] + // Unsigned[18] // Array(2)[ // Unsigned[0/1] // Bytes[key/script hash] // ] - // Array(2)[ - // Tstr[url] - // Bytes[32] - // ] + // Null / ...anchor // ] { BUILDER_APPEND_CBOR(CBOR_TYPE_ARRAY, 3); { - BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, 16); + BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, CERTIFICATE_DREP_UPDATE); } { _appendCredential(builder, dRepCredential); @@ -1170,7 +1166,7 @@ void txHashBuilder_addCertificate_poolRetirement( { BUILDER_APPEND_CBOR(CBOR_TYPE_ARRAY, 3); { - BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, 4); + BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, CERTIFICATE_STAKE_POOL_RETIREMENT); } { BUILDER_APPEND_CBOR(CBOR_TYPE_BYTES, poolKeyHashSize); @@ -1202,7 +1198,7 @@ void txHashBuilder_poolRegistrationCertificate_enter( { BUILDER_APPEND_CBOR(CBOR_TYPE_ARRAY, 10); { - BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, 3); + BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, CERTIFICATE_STAKE_POOL_REGISTRATION); } } @@ -1762,7 +1758,7 @@ void txHashBuilder_addMint_topLevelData( // ] BUILDER_APPEND_CBOR(CBOR_TYPE_MAP, numAssetGroups); - builder->outputState = TX_OUTPUT_TOP_LEVEL_DATA; + builder->outputData.outputState = TX_OUTPUT_TOP_LEVEL_DATA; } void txHashBuilder_addMint_tokenGroup( @@ -1797,7 +1793,7 @@ static void txHashBuilder_assertCanLeaveMint(tx_hash_builder_t* builder) switch (builder->state) { case TX_HASH_BUILDER_IN_MINT: - ASSERT(builder->outputState == TX_OUTPUT_ASSET_GROUP); + ASSERT(builder->outputData.outputState == TX_OUTPUT_ASSET_GROUP); ASSERT(builder->outputData.multiassetData.remainingAssetGroups == 0); ASSERT(builder->outputData.multiassetData.remainingTokens == 0); break; @@ -2013,7 +2009,7 @@ void txHashBuilder_addCollateralOutput( } processOutputTopLevel(builder, output); - builder->outputState = TX_OUTPUT_TOP_LEVEL_DATA; + builder->outputData.outputState = TX_OUTPUT_TOP_LEVEL_DATA; builder->state = TX_HASH_BUILDER_IN_COLLATERAL_OUTPUT; } @@ -2230,7 +2226,7 @@ void txHashBuilder_addVotingProcedure( // voting procedure // Array(2)[ // Unsigned[vote] - // ...anchor + // Null / ...anchor // ] BUILDER_APPEND_CBOR(CBOR_TYPE_ARRAY, 2); { @@ -2266,7 +2262,7 @@ static void txHashBuilder_assertCanLeaveVotingProcedures(tx_hash_builder_t* buil // ============================== TREASURY ============================== -void txHashBuilder_addTreasury(tx_hash_builder_t* builder, uint64_t coin) +void txHashBuilder_addTreasury(tx_hash_builder_t* builder, uint64_t treasury) { _TRACE("state = %d", builder->state); @@ -2274,7 +2270,7 @@ void txHashBuilder_addTreasury(tx_hash_builder_t* builder, uint64_t coin) // add treasury item into the main tx body map BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, TX_BODY_KEY_TREASURY); - BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, coin); + BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, treasury); builder->state = TX_HASH_BUILDER_IN_TREASURY; } @@ -2299,7 +2295,7 @@ static void txHashBuilder_assertCanLeaveTreasury(tx_hash_builder_t* builder) // ============================== DONATION ============================== -void txHashBuilder_addDonation(tx_hash_builder_t* builder, uint64_t coin) +void txHashBuilder_addDonation(tx_hash_builder_t* builder, uint64_t donation) { _TRACE("state = %d", builder->state); @@ -2307,7 +2303,7 @@ void txHashBuilder_addDonation(tx_hash_builder_t* builder, uint64_t coin) // add donation item into the main tx body map BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, TX_BODY_KEY_DONATION); - BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, coin); + BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, donation); builder->state = TX_HASH_BUILDER_IN_DONATION; } diff --git a/src/txHashBuilder.h b/src/txHashBuilder.h index 1df51fd8..53e77017 100644 --- a/src/txHashBuilder.h +++ b/src/txHashBuilder.h @@ -222,6 +222,7 @@ typedef struct { } poolCertificateData; struct { + tx_hash_builder_output_state_t outputState; tx_output_serialization_format_t serializationFormat; bool includeDatum; bool includeRefScript; @@ -242,9 +243,8 @@ typedef struct { size_t remainingBytes; } referenceScriptData; }; - } outputData; // TODO rename to output? + } outputData; }; - tx_hash_builder_output_state_t outputState; // TODO move to outputData above tx_hash_builder_state_t state; @@ -340,22 +340,22 @@ void txHashBuilder_addCertificate_staking( tx_hash_builder_t* builder, const certificate_type_t certificateType, const credential_t* stakeCredential, - uint64_t coin + uint64_t deposit ); -void txHashBuilder_addCertificate_delegation( +void txHashBuilder_addCertificate_stakeDelegation( tx_hash_builder_t* builder, const credential_t* stakeCredential, const uint8_t* poolKeyHash, size_t poolKeyHashSize ); -void txHashBuilder_addCertificate_voteDeleg( +void txHashBuilder_addCertificate_voteDelegation( tx_hash_builder_t* builder, const credential_t* stakeCredential, const drep_t* drep ); -void txHashBuilder_addCertificate_committeeAuth( +void txHashBuilder_addCertificate_committeeAuthHot( tx_hash_builder_t* builder, const credential_t* coldCredential, const credential_t* hotCredential @@ -367,17 +367,17 @@ void txHashBuilder_addCertificate_committeeResign( const anchor_t* anchor ); -void txHashBuilder_addCertificate_dRepReg( +void txHashBuilder_addCertificate_dRepRegistration( tx_hash_builder_t* builder, const credential_t* dRepCredential, - uint64_t coin, + uint64_t deposit, const anchor_t* anchor ); -void txHashBuilder_addCertificate_dRepUnreg( +void txHashBuilder_addCertificate_dRepDeregistration( tx_hash_builder_t* builder, const credential_t* dRepCredential, - uint64_t coin + uint64_t deposit ); void txHashBuilder_addCertificate_dRepUpdate( @@ -543,9 +543,9 @@ void txHashBuilder_addVotingProcedure( voting_procedure_t* votingProcedure ); -void txHashBuilder_addTreasury(tx_hash_builder_t* builder, uint64_t coin); +void txHashBuilder_addTreasury(tx_hash_builder_t* builder, uint64_t treasury); -void txHashBuilder_addDonation(tx_hash_builder_t* builder, uint64_t coin); +void txHashBuilder_addDonation(tx_hash_builder_t* builder, uint64_t donation); void txHashBuilder_finalize( tx_hash_builder_t* builder, diff --git a/src/utils.h b/src/utils.h index 7d54ec09..beb5f1f9 100644 --- a/src/utils.h +++ b/src/utils.h @@ -48,7 +48,6 @@ } while(0) // Helper functions for ranges -// TODO(ppershing): make more type safe? #define BEGIN(buf) buf // Note: SIZEOF would not work if buf is not uin8_t* #define END(buf) (buf + ARRAY_LEN(buf))