From 3726456a9dad85fe5939c573cd5b9b1f1f71264c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Palmer?= Date: Tue, 6 Feb 2024 15:54:59 +0100 Subject: [PATCH] Operation: check source right after get it In order to check source also for reveals --- src/operations.c | 17 +++++++---------- test/python/test_instructions.py | 13 ++++++------- 2 files changed, 13 insertions(+), 17 deletions(-) diff --git a/src/operations.c b/src/operations.c index 1945c590..d6abe364 100644 --- a/src/operations.c +++ b/src/operations.c @@ -468,6 +468,13 @@ static inline bool parse_byte(uint8_t byte, PARSE_ERROR(); } + // If the source is an implicit contract,... + if (out->operation.source.originated == 0) { + // ... it had better match our key, otherwise why are we signing it? + if (COMPARE(&out->operation.source, &out->signing) != 0) PARSE_ERROR(); + } + // OK, it passes muster. + OP_JMPIF(STEP_AFTER_MANAGER_FIELDS, (state->tag == OPERATION_TAG_PROPOSAL || state->tag == OPERATION_TAG_BALLOT)); @@ -493,9 +500,6 @@ static inline bool parse_byte(uint8_t byte, // We know this is a reveal // Public key up next! Ensure it matches signing key. - // Ignore source :-) and do not parse it from hdr. - // We don't much care about reveals, they have very little in the way of bad security - // implications and any fees have already been accounted for { raw_tezos_header_signature_type_t const *const sig_type = NEXT_TYPE(raw_tezos_header_signature_type_t); @@ -530,13 +534,6 @@ static inline bool parse_byte(uint8_t byte, out->operation.tag = (uint8_t) state->tag; - // If the source is an implicit contract,... - if (out->operation.source.originated == 0) { - // ... it had better match our key, otherwise why are we signing it? - if (COMPARE(&out->operation.source, &out->signing) != 0) PARSE_ERROR(); - } - // OK, it passes muster. - // This should by default be blanked out out->operation.delegate.signature_type = SIGNATURE_TYPE_UNSET; out->operation.delegate.originated = 0; diff --git a/test/python/test_instructions.py b/test/python/test_instructions.py index be657d0e..5edc25dd 100644 --- a/test/python/test_instructions.py +++ b/test/python/test_instructions.py @@ -727,6 +727,7 @@ def test_sign_reveal( account.check_signature(signature, bytes(reveal)) +# Warning: operation PARSE_ERROR are not available on DEBUG-mode PARAMETERS_SIGN_REVEAL_CONSTRAINTS = [ ( DEFAULT_ACCOUNT_2, DEFAULT_ACCOUNT, DEFAULT_ACCOUNT, DEFAULT_ACCOUNT, @@ -734,16 +735,14 @@ def test_sign_reveal( ), ( DEFAULT_ACCOUNT, DEFAULT_ACCOUNT_2, DEFAULT_ACCOUNT, DEFAULT_ACCOUNT, - # Warning: operation PARSE_ERROR are not available on DEBUG-mode StatusCode.PARSE_ERROR ), ( DEFAULT_ACCOUNT, DEFAULT_ACCOUNT, DEFAULT_ACCOUNT_2, DEFAULT_ACCOUNT, - StatusCode.SECURITY + StatusCode.PARSE_ERROR ), ( DEFAULT_ACCOUNT, DEFAULT_ACCOUNT, DEFAULT_ACCOUNT, DEFAULT_ACCOUNT_2, - # Warning: operation PARSE_ERROR are not available on DEBUG-mode StatusCode.PARSE_ERROR ) ] @@ -893,12 +892,12 @@ def build_bad_delegation_2(account: Account) -> Delegation: (build_delegation, build_reveal, None, True, StatusCode.OK ), (build_reveal, build_delegation, build_reveal, True, StatusCode.OK ), ] + [ - (build_bad_reveal_1, build_reveal, None, False, StatusCode.OK ), - (build_bad_reveal_1, build_delegation, None, True, StatusCode.OK ), + (build_bad_reveal_1, build_reveal, None, False, StatusCode.PARSE_ERROR), + (build_bad_reveal_1, build_delegation, None, True, StatusCode.PARSE_ERROR), (build_bad_reveal_2, build_reveal, None, False, StatusCode.PARSE_ERROR), (build_bad_reveal_2, build_delegation, None, True, StatusCode.PARSE_ERROR), - (build_reveal, build_bad_reveal_1, None, False, StatusCode.SECURITY ), - (build_delegation, build_bad_reveal_1, None, True, StatusCode.SECURITY ), + (build_reveal, build_bad_reveal_1, None, False, StatusCode.PARSE_ERROR), + (build_delegation, build_bad_reveal_1, None, True, StatusCode.PARSE_ERROR), (build_reveal, build_bad_reveal_2, None, False, StatusCode.PARSE_ERROR), (build_delegation, build_bad_reveal_2, None, True, StatusCode.PARSE_ERROR), (build_reveal, build_bad_delegation_1, None, True, StatusCode.PARSE_ERROR),