feature: sign governance vote

vacuumlabs · Nov 30, 2022 · a4bb662 · a4bb662
1 parent 1763451
commit a4bb662
Show file tree

Hide file tree

Showing 15 changed files with 670 additions and 20 deletions.
diff --git a/src/deriveNativeScriptHash.c b/src/deriveNativeScriptHash.c
@@ -211,7 +211,7 @@ static void deriveScriptHash_display_ui_runStep()
 
 	UI_STEP(DISPLAY_UI_STEP_RESPOND) {
 		io_send_buf(SUCCESS, NULL, 0);
-		ui_displayBusy(); // displays dots, called after I/O to avoid freezing
+		ui_displayBusy(); // displays dots, called only after I/O to avoid freezing
 	}
 
 	UI_STEP_END(DISPLAY_UI_STEP_INVALID);

diff --git a/src/getPublicKeys.c b/src/getPublicKeys.c
@@ -12,6 +12,7 @@ static ins_get_keys_context_t* ctx = &(instructionState.getKeysContext);
 // it should be set to this value at the beginning and after a UI state machine is finished
 static int UI_STEP_NONE = 0;
 
+// this is supposed to be called at the beginning of each APDU handler
 static inline void CHECK_STAGE(get_keys_stage_t expected)
 {
 	TRACE("Checking stage... current one is %d, expected %d", ctx->stage, expected);
@@ -93,7 +94,7 @@ static void getPublicKeys_respondOneKey_ui_runStep()
 
 		io_send_buf(SUCCESS, (uint8_t*) &ctx->extPubKey, SIZEOF(ctx->extPubKey));
 		ctx->responseReadyMagic = 0; // just for safety
-		ui_displayBusy(); // displays dots, called after I/O to avoid freezing
+		ui_displayBusy(); // displays dots, called only after I/O to avoid freezing
 
 		ctx->currentPath++;
 		TRACE("Current path: %u / %u", ctx->currentPath, ctx->numPaths);

diff --git a/src/handlers.c b/src/handlers.c
@@ -13,6 +13,7 @@
 #include "deriveNativeScriptHash.h"
 #include "signTx.h"
 #include "signOpCert.h"
+#include "signGovernanceVote.h"
 
 // The APDU protocol uses a single-byte instruction code (INS) to specify
 // which command should be executed. We'll use this code to dispatch on a
@@ -33,6 +34,7 @@ handler_fn_t* lookupHandler(uint8_t ins)
 		// 0x2* -  signing related
 		CASE(0x21, signTx_handleAPDU);
 		CASE(0x22, signOpCert_handleAPDU);
+		CASE(0x23, signGovernanceVote_handleAPDU);
 
 		#ifdef DEVEL
 		// 0xF* -  debug_mode related

diff --git a/src/messageSigning.c b/src/messageSigning.c
@@ -62,15 +62,15 @@ static void signRawMessageWithPath(bip44_path_t* pathSpec,
 	} END_TRY;
 }
 
-void getTxWitness(bip44_path_t* pathSpec,
-                  const uint8_t* txHashBuffer, size_t txHashSize,
-                  uint8_t* outBuffer, size_t outSize)
+// sign the given hash by the private key derived according to the given path
+void getWitness(bip44_path_t* pathSpec,
+                const uint8_t* hashBuffer, size_t hashSize,
+                uint8_t* outBuffer, size_t outSize)
 {
-	ASSERT(txHashSize == TX_HASH_LENGTH);
 	ASSERT(outSize < BUFFER_SIZE_PARANOIA);
 
 	#ifndef FUZZING
-	signRawMessageWithPath(pathSpec, txHashBuffer, txHashSize, outBuffer, outSize);
+	signRawMessageWithPath(pathSpec, hashBuffer, hashSize, outBuffer, outSize);
 	#endif
 }
 

diff --git a/src/messageSigning.h b/src/messageSigning.h
@@ -3,9 +3,9 @@
 
 #include "bip44.h"
 
-void getTxWitness(bip44_path_t* pathSpec,
-                  const uint8_t* txHashBuffer, size_t txHashSize,
-                  uint8_t* outBuffer, size_t outSize);
+void getWitness(bip44_path_t* pathSpec,
+                const uint8_t* txHashBuffer, size_t txHashSize,
+                uint8_t* outBuffer, size_t outSize);
 
 void getGovernanceVotingRegistrationSignature(bip44_path_t* pathSpec,
         const uint8_t* payloadHashBuffer, size_t payloadHashSize,

diff --git a/src/securityPolicy.c b/src/securityPolicy.c
@@ -1868,3 +1868,28 @@ security_policy_t policyForSignOpCert(const bip44_path_t* poolColdKeyPathSpec)
 
 	DENY(); // should not be reached
 }
+
+security_policy_t policyForSignGovernanceVoteInit()
+{
+	PROMPT();
+}
+
+security_policy_t policyForSignGovernanceVoteConfirm()
+{
+	PROMPT();
+}
+
+security_policy_t policyForSignGovernanceVoteWitness(bip44_path_t* path)
+{
+	switch (bip44_classifyPath(path)) {
+	case PATH_GOVERNANCE_VOTING_KEY:
+		WARN_UNLESS(bip44_isPathReasonable(path));
+		SHOW();
+		break;
+
+
+	default:
+		DENY();
+		break;
+	}
+}
diff --git a/src/securityPolicy.h b/src/securityPolicy.h
@@ -203,4 +203,8 @@ security_policy_t policyForGovernanceVotingRegistrationNonce();
 security_policy_t policyForGovernanceVotingRegistrationVotingPurpose();
 security_policy_t policyForGovernanceVotingRegistrationConfirm();
 
+security_policy_t policyForSignGovernanceVoteInit();
+security_policy_t policyForSignGovernanceVoteConfirm();
+security_policy_t policyForSignGovernanceVoteWitness(bip44_path_t* path);
+
 #endif // H_CARDANO_APP_SECURITY_POLICY