extend datum hash policies

vacuumlabs · Oct 12, 2021 · 1102f55 · 1102f55
1 parent a54130a
commit 1102f55
Show file tree

Hide file tree

Showing 5 changed files with 48 additions and 6 deletions.
diff --git a/src/addressUtilsShelley.c b/src/addressUtilsShelley.c
@@ -131,6 +131,33 @@ bool isStakingInfoConsistentWithAddressType(const addressParams_t* addressParams
 #undef CONSISTENT_WITH
 }
 
+staking_data_source_t determineStakingChoide(address_type_t addressType)
+{
+	switch (addressType) {
+	case BASE_PAYMENT_KEY_STAKE_KEY:
+	case BASE_PAYMENT_SCRIPT_STAKE_KEY:
+	case REWARD_KEY:
+		return STAKING_KEY_HASH;
+
+	case BASE_PAYMENT_KEY_STAKE_SCRIPT:
+	case BASE_PAYMENT_SCRIPT_STAKE_SCRIPT:
+	case REWARD_SCRIPT:
+		return STAKING_SCRIPT_HASH;
+
+	case POINTER_KEY:
+	case POINTER_SCRIPT:
+		return BLOCKCHAIN_POINTER;
+
+	case ENTERPRISE_KEY:
+	case ENTERPRISE_SCRIPT:
+	case BYRON:
+		return NO_STAKING;
+
+	default:
+		ASSERT(false);
+	}
+}
+
 __noinline_due_to_stack__
 static size_t view_appendAddressPublicKeyHash(write_view_t* view, const bip44_path_t* keyDerivationPath)
 {

diff --git a/src/addressUtilsShelley.h b/src/addressUtilsShelley.h
@@ -87,6 +87,7 @@ typedef struct {
 } addressParams_t;
 
 bool isStakingInfoConsistentWithAddressType(const addressParams_t* addressParams);
+staking_data_source_t determineStakingChoide(address_type_t addressType);
 
 size_t deriveAddress(const addressParams_t* addressParams, uint8_t* outBuffer, size_t outSize);
 

diff --git a/src/securityPolicy.c b/src/securityPolicy.c
@@ -273,16 +273,22 @@ security_policy_t policyForSignTxInput()
 security_policy_t policyForSignTxOutputAddressBytes(
         sign_tx_signingmode_t txSigningMode,
         const uint8_t* rawAddressBuffer, size_t rawAddressSize,
-        const uint8_t networkId, const uint32_t protocolMagic
+        const uint8_t networkId, const uint32_t protocolMagic,
+        bool includeDatumHash
 )
 {
+
 	ASSERT(rawAddressSize < BUFFER_SIZE_PARANOIA);
 
 	// address type and network identification
 	ASSERT(rawAddressSize >= 1);
 	const address_type_t addressType = getAddressType(rawAddressBuffer[0]);
 	const uint8_t addressNetworkId = getNetworkId(rawAddressBuffer[0]);
 
+	if (includeDatumHash) {
+		DENY_UNLESS(determineSpendingChoice(addressType) == SPENDING_SCRIPT_HASH || determineStakingChoide(addressType) == STAKING_SCRIPT_HASH);
+	}
+
 	switch (addressType) {
 
 	case BYRON:
@@ -324,10 +330,14 @@ security_policy_t policyForSignTxOutputAddressBytes(
 security_policy_t policyForSignTxOutputAddressParams(
         sign_tx_signingmode_t txSigningMode,
         const addressParams_t* params,
-        const uint8_t networkId, const uint32_t protocolMagic
+        const uint8_t networkId, const uint32_t protocolMagic,
+        bool includeDatumHash
 )
 {
 	DENY_UNLESS(isValidAddressParams(params));
+	if (includeDatumHash) {
+		DENY_UNLESS(determineSpendingChoice(params->type) == SPENDING_SCRIPT_HASH || params->stakingDataSource == STAKING_SCRIPT_HASH);
+	}
 
 	// address type and network identification
 	switch (params->type) {

diff --git a/src/securityPolicy.h b/src/securityPolicy.h
@@ -33,12 +33,14 @@ security_policy_t policyForSignTxInput();
 security_policy_t policyForSignTxOutputAddressBytes(
         sign_tx_signingmode_t txSigningMode,
         const uint8_t* rawAddressBuffer, size_t rawAddressSize,
-        const uint8_t networkId, const uint32_t protocolMagic
+        const uint8_t networkId, const uint32_t protocolMagic,
+        bool includeDatumHash
 );
 security_policy_t policyForSignTxOutputAddressParams(
         sign_tx_signingmode_t txSigningMode,
         const addressParams_t* params,
-        const uint8_t networkId, const uint32_t protocolMagic
+        const uint8_t networkId, const uint32_t protocolMagic,
+        bool includeDatumHash
 );
 security_policy_t policyForSignTxOutputConfirm(
         security_policy_t addressPolicy,

diff --git a/src/signTxOutput.c b/src/signTxOutput.c
@@ -162,7 +162,8 @@ static void signTx_handleOutput_addressBytes()
 	security_policy_t policy = policyForSignTxOutputAddressBytes(
 	                                   commonTxData->txSigningMode,
 	                                   subctx->stateData.output.address.buffer, subctx->stateData.output.address.size,
-	                                   commonTxData->networkId, commonTxData->protocolMagic
+	                                   commonTxData->networkId, commonTxData->protocolMagic,
+	                                   subctx->includeDatumHash
 	                           );
 	TRACE("Policy: %d", (int) policy);
 	ENSURE_NOT_DENIED(policy);
@@ -250,7 +251,8 @@ static void signTx_handleOutput_addressParams()
 	security_policy_t policy = policyForSignTxOutputAddressParams(
 	                                   commonTxData->txSigningMode,
 	                                   &subctx->stateData.output.params,
-	                                   commonTxData->networkId, commonTxData->protocolMagic
+	                                   commonTxData->networkId, commonTxData->protocolMagic,
+	                                   subctx->includeDatumHash
 	                           );
 	TRACE("Policy: %d", (int) policy);
 	ENSURE_NOT_DENIED(policy);