Operation: check source right after get it

In order to check source also for reveals
trilitech · Feb 6, 2024 · c8ce789 · c8ce789
1 parent ea4beb3
commit c8ce789
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 17 deletions.
diff --git a/src/operations.c b/src/operations.c
@@ -468,6 +468,13 @@ static inline bool parse_byte(uint8_t byte,
                     PARSE_ERROR();
             }
 
+            // If the source is an implicit contract,...
+            if (out->operation.source.originated == 0) {
+                // ... it had better match our key, otherwise why are we signing it?
+                if (COMPARE(&out->operation.source, &out->signing) != 0) PARSE_ERROR();
+            }
+            // OK, it passes muster.
+
             OP_JMPIF(STEP_AFTER_MANAGER_FIELDS,
                      (state->tag == OPERATION_TAG_PROPOSAL || state->tag == OPERATION_TAG_BALLOT));
 
@@ -493,9 +500,6 @@ static inline bool parse_byte(uint8_t byte,
             // We know this is a reveal
 
             // Public key up next! Ensure it matches signing key.
-            // Ignore source :-) and do not parse it from hdr.
-            // We don't much care about reveals, they have very little in the way of bad security
-            // implications and any fees have already been accounted for
             {
                 raw_tezos_header_signature_type_t const *const sig_type =
                     NEXT_TYPE(raw_tezos_header_signature_type_t);
@@ -530,13 +534,6 @@ static inline bool parse_byte(uint8_t byte,
 
             out->operation.tag = (uint8_t) state->tag;
 
-            // If the source is an implicit contract,...
-            if (out->operation.source.originated == 0) {
-                // ... it had better match our key, otherwise why are we signing it?
-                if (COMPARE(&out->operation.source, &out->signing) != 0) PARSE_ERROR();
-            }
-            // OK, it passes muster.
-
             // This should by default be blanked out
             out->operation.delegate.signature_type = SIGNATURE_TYPE_UNSET;
             out->operation.delegate.originated = 0;

diff --git a/test/python/test_instructions.py b/test/python/test_instructions.py
@@ -727,23 +727,22 @@ def test_sign_reveal(
         account.check_signature(signature, bytes(reveal))
 
 
+# Warning: operation PARSE_ERROR are not available on DEBUG-mode
 PARAMETERS_SIGN_REVEAL_CONSTRAINTS = [
     (
         DEFAULT_ACCOUNT_2, DEFAULT_ACCOUNT, DEFAULT_ACCOUNT, DEFAULT_ACCOUNT,
         StatusCode.SECURITY
     ),
     (
         DEFAULT_ACCOUNT, DEFAULT_ACCOUNT_2, DEFAULT_ACCOUNT, DEFAULT_ACCOUNT,
-        # Warning: operation PARSE_ERROR are not available on DEBUG-mode
         StatusCode.PARSE_ERROR
     ),
     (
         DEFAULT_ACCOUNT, DEFAULT_ACCOUNT, DEFAULT_ACCOUNT_2, DEFAULT_ACCOUNT,
-        StatusCode.SECURITY
+        StatusCode.PARSE_ERROR
     ),
     (
         DEFAULT_ACCOUNT, DEFAULT_ACCOUNT, DEFAULT_ACCOUNT, DEFAULT_ACCOUNT_2,
-        # Warning: operation PARSE_ERROR are not available on DEBUG-mode
         StatusCode.PARSE_ERROR
     )
 ]
@@ -893,12 +892,12 @@ def build_bad_delegation_2(account: Account) -> Delegation:
     (build_delegation,   build_reveal,           None,              True,  StatusCode.OK         ),
     (build_reveal,       build_delegation,       build_reveal,      True,  StatusCode.OK         ),
 ] + [
-    (build_bad_reveal_1, build_reveal,           None,              False, StatusCode.OK         ),
-    (build_bad_reveal_1, build_delegation,       None,              True,  StatusCode.OK         ),
+    (build_bad_reveal_1, build_reveal,           None,              False, StatusCode.PARSE_ERROR),
+    (build_bad_reveal_1, build_delegation,       None,              True,  StatusCode.PARSE_ERROR),
     (build_bad_reveal_2, build_reveal,           None,              False, StatusCode.PARSE_ERROR),
     (build_bad_reveal_2, build_delegation,       None,              True,  StatusCode.PARSE_ERROR),
-    (build_reveal,       build_bad_reveal_1,     None,              False, StatusCode.SECURITY   ),
-    (build_delegation,   build_bad_reveal_1,     None,              True,  StatusCode.SECURITY   ),
+    (build_reveal,       build_bad_reveal_1,     None,              False, StatusCode.PARSE_ERROR),
+    (build_delegation,   build_bad_reveal_1,     None,              True,  StatusCode.PARSE_ERROR),
     (build_reveal,       build_bad_reveal_2,     None,              False, StatusCode.PARSE_ERROR),
     (build_delegation,   build_bad_reveal_2,     None,              True,  StatusCode.PARSE_ERROR),
     (build_reveal,       build_bad_delegation_1, None,              True,  StatusCode.PARSE_ERROR),