Skip to content

Commit

Permalink
Add const qualifiers, and asserts guarding against overflows
Browse files Browse the repository at this point in the history
  • Loading branch information
bigspider committed Oct 9, 2024
1 parent 8f518c3 commit f1edc5c
Show file tree
Hide file tree
Showing 2 changed files with 40 additions and 31 deletions.
22 changes: 12 additions & 10 deletions src/handler/lib/policy.c
Original file line number Diff line number Diff line change
Expand Up @@ -468,8 +468,8 @@ __attribute__((warn_unused_result)) static int get_derived_pubkey(
return -1;
}
} else if (key_expr->type == KEY_EXPRESSION_MUSIG) {
musig_aggr_key_info_t *musig_info = r_musig_aggr_key_info(&key_expr->m.musig_info);
uint16_t *key_indexes = r_uint16(&musig_info->key_indexes);
const musig_aggr_key_info_t *musig_info = r_musig_aggr_key_info(&key_expr->m.musig_info);
const uint16_t *key_indexes = r_uint16(&musig_info->key_indexes);
plain_pk_t keys[MAX_PUBKEYS_PER_MUSIG];
for (int i = 0; i < musig_info->n; i++) {
// we use ext_pubkey as a temporary variable; will overwrite later
Expand Down Expand Up @@ -1772,9 +1772,9 @@ int count_distinct_keys_info(const policy_node_t *policy) {
if (key_expression_ptr->type == KEY_EXPRESSION_NORMAL) {
ret = MAX(ret, key_expression_ptr->k.key_index + 1);
} else if (key_expression_ptr->type == KEY_EXPRESSION_MUSIG) {
musig_aggr_key_info_t *musig_info =
const musig_aggr_key_info_t *musig_info =
r_musig_aggr_key_info(&key_expression_ptr->m.musig_info);
uint16_t *key_indexes = r_uint16(&musig_info->key_indexes);
const uint16_t *key_indexes = r_uint16(&musig_info->key_indexes);
for (int i = 0; i < musig_info->n; i++) {
ret = MAX(ret, key_indexes[i] + 1);
}
Expand Down Expand Up @@ -1981,8 +1981,8 @@ int is_policy_sane(dispatcher_context_t *dispatcher_context,
return WITH_ERROR(-1, "Unexpected error retrieving key expressions from the policy");
}
if (kp_i->type == KEY_EXPRESSION_MUSIG) {
musig_aggr_key_info_t *musig_info_i = r_musig_aggr_key_info(&kp_i->m.musig_info);
uint16_t *key_indexes_i = r_uint16(&musig_info_i->key_indexes);
const musig_aggr_key_info_t *musig_info_i = r_musig_aggr_key_info(&kp_i->m.musig_info);
const uint16_t *key_indexes_i = r_uint16(&musig_info_i->key_indexes);

uint16_t key_indexes_i_sorted[MAX_PUBKEYS_PER_MUSIG];
memcpy(key_indexes_i_sorted, key_indexes_i, musig_info_i->n * sizeof(uint16_t));
Expand Down Expand Up @@ -2030,10 +2030,12 @@ int is_policy_sane(dispatcher_context_t *dispatcher_context,
}
}
} else if (kp_i->type == KEY_EXPRESSION_MUSIG && kp_j->type == KEY_EXPRESSION_MUSIG) {
musig_aggr_key_info_t *musig_info_i = r_musig_aggr_key_info(&kp_i->m.musig_info);
uint16_t *key_indexes_i = r_uint16(&musig_info_i->key_indexes);
musig_aggr_key_info_t *musig_info_j = r_musig_aggr_key_info(&kp_j->m.musig_info);
uint16_t *key_indexes_j = r_uint16(&musig_info_j->key_indexes);
const musig_aggr_key_info_t *musig_info_i =
r_musig_aggr_key_info(&kp_i->m.musig_info);
const uint16_t *key_indexes_i = r_uint16(&musig_info_i->key_indexes);
const musig_aggr_key_info_t *musig_info_j =
r_musig_aggr_key_info(&kp_j->m.musig_info);
const uint16_t *key_indexes_j = r_uint16(&musig_info_j->key_indexes);
// if two musigs have exactly the same set of keys, then the derivation options must
// be disjoint

Expand Down
49 changes: 28 additions & 21 deletions src/handler/sign_psbt.c
Original file line number Diff line number Diff line change
Expand Up @@ -397,7 +397,7 @@ static int get_amount_scriptpubkey_from_psbt(
// PSBT_{IN|OUT}_{TAP}?_BIP32_DERIVATION fields.
static int read_change_and_index_from_psbt_bip32_derivation(
dispatcher_context_t *dc,
keyexpr_info_t *keyexpr_info,
const keyexpr_info_t *keyexpr_info,
in_out_info_t *in_out,
sign_psbt_cache_t *sign_psbt_cache,
int psbt_key_type,
Expand Down Expand Up @@ -766,14 +766,17 @@ static bool fill_keyexpr_info_if_internal(dispatcher_context_t *dc,
return result;
} else if (keyexpr_info->key_expression_ptr->type == KEY_EXPRESSION_MUSIG) {
// iterate through the keys of the musig() placeholder to find if a key is internal
musig_aggr_key_info_t *musig_info =
const musig_aggr_key_info_t *musig_info =
r_musig_aggr_key_info(&keyexpr_info->key_expression_ptr->m.musig_info);
uint16_t *key_indexes = r_uint16(&musig_info->key_indexes);
const uint16_t *key_indexes = r_uint16(&musig_info->key_indexes);

bool has_internal_key = false;

// collect the keys of the musig, and fill the info related to the internal key (if any)
uint8_t keys[MAX_PUBKEYS_PER_MUSIG][33];

LEDGER_ASSERT(musig_info->n <= MAX_PUBKEYS_PER_MUSIG, "Too many keys in musig placeholder");

for (int idx_in_musig = 0; idx_in_musig < musig_info->n; idx_in_musig++) {
if (get_and_verify_key_info(dc, st, key_indexes[idx_in_musig], &tmp_keyexpr_info)) {
memcpy(keyexpr_info->key_derivation,
Expand Down Expand Up @@ -1890,7 +1893,7 @@ static bool __attribute__((noinline)) compute_sighash_legacy(dispatcher_context_

static bool __attribute__((noinline)) compute_sighash_segwitv0(dispatcher_context_t *dc,
sign_psbt_state_t *st,
tx_hashes_t *hashes,
const tx_hashes_t *hashes,
input_info_t *input,
unsigned int cur_input_index,
uint8_t sighash[static 32]) {
Expand Down Expand Up @@ -2075,10 +2078,10 @@ static bool __attribute__((noinline)) compute_sighash_segwitv0(dispatcher_contex

static bool __attribute__((noinline)) compute_sighash_segwitv1(dispatcher_context_t *dc,
sign_psbt_state_t *st,
tx_hashes_t *hashes,
const tx_hashes_t *hashes,
input_info_t *input,
unsigned int cur_input_index,
keyexpr_info_t *keyexpr_info,
const keyexpr_info_t *keyexpr_info,
uint8_t sighash[static 32]) {
LOG_PROCESSOR(__FILE__, __LINE__, __func__);

Expand Down Expand Up @@ -2251,12 +2254,13 @@ static bool __attribute__((noinline)) yield_signature(dispatcher_context_t *dc,
return true;
}

static bool __attribute__((noinline)) sign_sighash_ecdsa_and_yield(dispatcher_context_t *dc,
sign_psbt_state_t *st,
keyexpr_info_t *keyexpr_info,
input_info_t *input,
unsigned int cur_input_index,
uint8_t sighash[static 32]) {
static bool __attribute__((noinline))
sign_sighash_ecdsa_and_yield(dispatcher_context_t *dc,
sign_psbt_state_t *st,
const keyexpr_info_t *keyexpr_info,
input_info_t *input,
unsigned int cur_input_index,
uint8_t sighash[static 32]) {
LOG_PROCESSOR(__FILE__, __LINE__, __func__);

uint32_t sign_path[MAX_BIP32_PATH_STEPS];
Expand Down Expand Up @@ -2510,13 +2514,14 @@ static bool yield_musig_partial_signature(dispatcher_context_t *dc,
tapleaf_hash);
}

static bool __attribute__((noinline)) sign_sighash_musig_and_yield(dispatcher_context_t *dc,
sign_psbt_state_t *st,
signing_state_t *signing_state,
keyexpr_info_t *keyexpr_info,
input_info_t *input,
unsigned int cur_input_index,
uint8_t sighash[static 32]) {
static bool __attribute__((noinline))
sign_sighash_musig_and_yield(dispatcher_context_t *dc,
sign_psbt_state_t *st,
signing_state_t *signing_state,
const keyexpr_info_t *keyexpr_info,
const input_info_t *input,
unsigned int cur_input_index,
uint8_t sighash[static 32]) {
LOG_PROCESSOR(__FILE__, __LINE__, __func__);

if (st->wallet_policy_map->type != TOKEN_TR) {
Expand Down Expand Up @@ -2550,9 +2555,11 @@ static bool __attribute__((noinline)) sign_sighash_musig_and_yield(dispatcher_co
serialized_extended_pubkey_t ext_pubkey;

const policy_node_keyexpr_t *key_expr = keyexpr_info->key_expression_ptr;
musig_aggr_key_info_t *musig_info = r_musig_aggr_key_info(&key_expr->m.musig_info);
uint16_t *key_indexes = r_uint16(&musig_info->key_indexes);
const musig_aggr_key_info_t *musig_info = r_musig_aggr_key_info(&key_expr->m.musig_info);
const uint16_t *key_indexes = r_uint16(&musig_info->key_indexes);
plain_pk_t keys[MAX_PUBKEYS_PER_MUSIG];

LEDGER_ASSERT(musig_info->n <= MAX_PUBKEYS_PER_MUSIG, "Too many keys in musig key expression");
for (int i = 0; i < musig_info->n; i++) {
// we use ext_pubkey as a temporary variable; will overwrite later
if (0 > get_extended_pubkey(dc, &wdi, key_indexes[i], &ext_pubkey)) {
Expand Down

0 comments on commit f1edc5c

Please sign in to comment.