introduce network id transaction body element

src/addressUtilsShelley.c

@@ -76,7 +76,7 @@ uint8_t getNetworkId(uint8_t addressHeader)
 
 bool isValidNetworkId(uint8_t networkId)
 {
-	return networkId <= 0b1111;
+	return networkId <= MAXIMUM_NETWORK_ID;
 }
 
 bool isValidStakingChoice(staking_data_source_t stakingDataSource)

src/cardano.h

@@ -48,6 +48,8 @@ STATIC_ASSERT(LOVELACE_MAX_SUPPLY < LOVELACE_INVALID, "bad LOVELACE_INVALID");
 
 #define TESTNET_NETWORK_ID 0
 
+#define MAXIMUM_NETWORK_ID 0b1111
+
 
 typedef enum {
 	KEY_REFERENCE_PATH = 1,

src/securityPolicy.c

@@ -276,9 +276,11 @@ security_policy_t policyForSignTxInit(
 		ASSERT(false);
 	}
 
-	WARN_IF(!is_tx_network_verifiable(numOutputs, numWithdrawals, txSigningMode));
+	DENY_UNLESS(isValidNetworkId(networkId));
 
-	WARN_IF(networkId != MAINNET_NETWORK_ID);
+	WARN_UNLESS(is_tx_network_verifiable(numOutputs, numWithdrawals, txSigningMode));
+
+	WARN_IF(networkId != MAINNET_NETWORK_ID && networkId != TESTNET_NETWORK_ID);
 	WARN_IF(protocolMagic != MAINNET_PROTOCOL_MAGIC);
 
 	// Could be switched to POLICY_ALLOW_WITHOUT_PROMPT to skip initial "new transaction" question

src/signTx.c

@@ -197,6 +197,7 @@ static inline void advanceStage()
 
 	case SIGN_STAGE_CONFIRM:
 		ctx->stage = SIGN_STAGE_WITNESSES;
+		txHashBuilder_addNetworkId(&BODY_CTX->txHashBuilder, ctx->commonTxData.networkId);
 		initTxWitnessCtx();
 
 		break;

src/txHashBuilder.c

@@ -108,7 +108,10 @@ void txHashBuilder_init(
 		builder->includeMint = includeMint;
 		if (includeMint) numItems++;
 
-		ASSERT((3 <= numItems) && (numItems <= 9));
+		// network id always included
+		numItems++;
+
+		ASSERT((4 <= numItems) && (numItems <= 10));
 
 		_TRACE("Serializing tx body with %u items", numItems);
 		BUILDER_APPEND_CBOR(CBOR_TYPE_MAP, numItems);
@@ -1180,10 +1183,46 @@ static void txHashBuilder_assertCanLeaveMint(tx_hash_builder_t* builder)
 	ASSERT(builder->multiassetData.remainingTokens == 0);
 }
 
+void txHashBuilder_addNetworkId(tx_hash_builder_t* builder, uint8_t networkId)
+{
+	_TRACE("state = %d", builder->state);
+
+	txHashBuilder_assertCanLeaveMint(builder);
+
+	// add network id item into the main tx body map
+	BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, TX_BODY_KEY_NETWORK_ID);
+	BUILDER_APPEND_CBOR(CBOR_TYPE_UNSIGNED, networkId);
+
+	builder->state = TX_HASH_BUILDER_IN_NETWORK_ID;
+}
+
+static void txHashBuilder_assertCanLeaveNetworkId(tx_hash_builder_t* builder)
+{
+	_TRACE("state = %d", builder->state);
+
+	switch (builder->state) {
+	case TX_HASH_BUILDER_IN_NETWORK_ID:
+		break;
+
+	case TX_HASH_BUILDER_IN_MINT:
+	case TX_HASH_BUILDER_IN_VALIDITY_INTERVAL_START:
+	case TX_HASH_BUILDER_IN_AUX_DATA:
+	case TX_HASH_BUILDER_IN_WITHDRAWALS:
+	case TX_HASH_BUILDER_IN_CERTIFICATES:
+	case TX_HASH_BUILDER_IN_TTL:
+	case TX_HASH_BUILDER_IN_FEE:
+		txHashBuilder_assertCanLeaveMint(builder);
+		ASSERT(!builder->includeValidityIntervalStart);
+		break;
+
+	default:
+		ASSERT(false);
+	}
+}
 
 void txHashBuilder_finalize(tx_hash_builder_t* builder, uint8_t* outBuffer, size_t outSize)
 {
-	txHashBuilder_assertCanLeaveMint(builder);
+	txHashBuilder_assertCanLeaveNetworkId(builder);
 
 	ASSERT(outSize == TX_HASH_LENGTH);
 	{

src/txHashBuilder.h

@@ -15,6 +15,7 @@ enum {
 	TX_BODY_KEY_AUX_DATA = 7,
 	TX_BODY_KEY_VALIDITY_INTERVAL_START = 8,
 	TX_BODY_KEY_MINT = 9,
+	TX_BODY_KEY_NETWORK_ID = 15,
 };
 
 /* The state machine of the tx hash builder is driven by user calls.
@@ -52,7 +53,8 @@ typedef enum {
 	TX_HASH_BUILDER_IN_MINT_TOP_LEVEL_DATA = 1010,
 	TX_HASH_BUILDER_IN_MINT_ASSET_GROUP = 1011,
 	TX_HASH_BUILDER_IN_MINT_TOKEN = 1012,
-	TX_HASH_BUILDER_FINISHED = 1100,
+	TX_HASH_BUILDER_IN_NETWORK_ID = 1100,
+	TX_HASH_BUILDER_FINISHED = 1200,
 } tx_hash_builder_state_t;
 
 typedef struct {
@@ -214,6 +216,8 @@ void txHashBuilder_addMint_token(
         int64_t amount
 );
 
+void txHashBuilder_addNetworkId(tx_hash_builder_t* builder, uint8_t networkId);
+
 void txHashBuilder_finalize(
         tx_hash_builder_t* builder,
         uint8_t* outBuffer, size_t outSize