Merge pull request #581 from ivmaykov/const-readonly-pointers

[Cleanup] const read-only input pointers

core/include/init_wallet.h

@@ -7,4 +7,4 @@
 #include "config.h"
 
 Result mix_entropy(uint8_t wallet_entropy[static MASTER_SEED_SIZE],
-                   InternalCommandRequest *in);
+                   const InternalCommandRequest* const in);

core/include/protection.h

@@ -16,7 +16,7 @@ Result protect_pubkey(char xpub[static XPUB_SIZE],
 /**
  * Decrypt encrypted_pub_key with pubkey encryption key.
  */
-Result expose_pubkey(EncryptedPubKey *encrypted_pub_key,
+Result expose_pubkey(const EncryptedPubKey* const encrypted_pub_key,
                      char xpub[static XPUB_SIZE]);
 
 /**
@@ -31,5 +31,5 @@ Result protect_wallet(uint8_t master_seed[static MASTER_SEED_SIZE],
  * Decrypt master_seed with master_seed_encryption_key. In dev, we XOR with a
  * magic byte.
  */
-Result expose_wallet(EncryptedMasterSeed *encrypted_master_seed,
+Result expose_wallet(const EncryptedMasterSeed* const encrypted_master_seed,
                      uint8_t master_seed[static MASTER_SEED_SIZE]);

core/include/rpc.h

@@ -5,11 +5,13 @@
 
 void handle_incoming_message(pb_istream_t *input, pb_ostream_t *output);
 
-Result handle_init_wallet(InternalCommandRequest *,
-                          InternalCommandResponse_InitWalletResponse *);
+Result handle_init_wallet(
+    const InternalCommandRequest* const in,
+    InternalCommandResponse_InitWalletResponse *out);
 
-Result handle_finalize_wallet(InternalCommandRequest_FinalizeWalletRequest *,
-                              InternalCommandResponse_FinalizeWalletResponse *);
+Result handle_finalize_wallet(
+    const InternalCommandRequest_FinalizeWalletRequest* const in,
+    InternalCommandResponse_FinalizeWalletResponse *out);
 
-Result pre_execute_command(InternalCommandRequest *in);
+Result pre_execute_command(const InternalCommandRequest* const in);
 void post_execute_command(void);

core/include/sign.h

@@ -1,6 +1,7 @@
 #pragma once
 
-Result handle_sign_tx(InternalCommandRequest_SignTxRequest *,
-                      InternalCommandResponse_SignTxResponse *);
+Result handle_sign_tx(
+    const InternalCommandRequest_SignTxRequest* const request,
+    InternalCommandResponse_SignTxResponse *response);
 
-bool validate_fees(InternalCommandRequest_SignTxRequest *request);
+bool validate_fees(const InternalCommandRequest_SignTxRequest* const request);

core/src/dev/execute_command_hooks.c

@@ -2,7 +2,7 @@
 
 #include "rpc.h"
 
-Result pre_execute_command(InternalCommandRequest *in) {
+Result pre_execute_command(const InternalCommandRequest* const in) {
   (void)in;
   return Result_SUCCESS;
 }

core/src/dev/init_wallet.c

@@ -34,7 +34,7 @@
  *   - derive the pubkey
  *   - encrypt the master_seed and pubkey
  */
-Result handle_init_wallet(InternalCommandRequest *in,
+Result handle_init_wallet(const InternalCommandRequest* const in,
                           InternalCommandResponse_InitWalletResponse *out) {
 
   uint8_t entropy[MASTER_SEED_SIZE] = {0};

core/src/finalize_wallet.c

@@ -10,8 +10,9 @@
 #include "strlcpy.h"
 
 Result
-handle_finalize_wallet(InternalCommandRequest_FinalizeWalletRequest *in,
-                       InternalCommandResponse_FinalizeWalletResponse *out) {
+handle_finalize_wallet(
+    const InternalCommandRequest_FinalizeWalletRequest* const in,
+    InternalCommandResponse_FinalizeWalletResponse *out) {
   if (in->encrypted_pub_keys_count != MULTISIG_PARTS) {
     ERROR("expecting %d encrypted_pub_keys, received %d.", MULTISIG_PARTS,
           in->encrypted_pub_keys_count);

core/src/init_wallet.c

@@ -9,7 +9,7 @@
  * TODO(alok): replace with HMAC, which is slightly better.
  */
 Result mix_entropy(uint8_t master_seed[static MASTER_SEED_SIZE],
-                   InternalCommandRequest *in) {
+                   const InternalCommandRequest* const in) {
   if (in->command.InitWallet.random_bytes.size != MASTER_SEED_SIZE) {
     ERROR("unexpected random_bytes.size");
     return Result_INCORRECT_RANDOM_BYTES_SIZE;

core/src/ncipher/execute_command_hooks.c

@@ -29,7 +29,7 @@ extern M_KeyID pub_key_encryption_key;
 /**
  * Load keys using tickets.
  */
-Result pre_execute_command(InternalCommandRequest *in) {
+Result pre_execute_command(const InternalCommandRequest* const in) {
   DEBUG("in pre_execute_command");
 
   if (!in->has_master_seed_encryption_key_ticket) {

core/src/ncipher/init_wallet.c

@@ -41,7 +41,7 @@ static Result gen_random(uint8_t *buffer, uint32_t buffer_len);
  *   - derive the pubkey
  *   - encrypt the master_seed and pubkey
  */
-Result handle_init_wallet(InternalCommandRequest *in,
+Result handle_init_wallet(const InternalCommandRequest* const in,
                           InternalCommandResponse_InitWalletResponse *out) {
   DEBUG("in handle_init_wallet");
 

core/src/protect.c

@@ -47,7 +47,7 @@ Result protect_pubkey(char xpub[static XPUB_SIZE],
 /**
  * Decrypt encrypted_pub_key with pubkey encryption key.
  */
-Result expose_pubkey(EncryptedPubKey *encrypted_pub_key,
+Result expose_pubkey(const EncryptedPubKey* const encrypted_pub_key,
                      char xpub[static XPUB_SIZE]) {
   if (pub_key_encryption_key == 0) {
     ERROR("pub_key_encryption_key not initialized");
@@ -122,7 +122,7 @@ Result protect_wallet(uint8_t master_seed[static MASTER_SEED_SIZE],
 /**
  * Decrypt master_seed with master_seed_encryption_key.
  */
-Result expose_wallet(EncryptedMasterSeed *encrypted_master_seed,
+Result expose_wallet(const EncryptedMasterSeed* const encrypted_master_seed,
                      uint8_t master_seed[static MASTER_SEED_SIZE]) {
   if (master_seed_encryption_key == 0) {
     ERROR("master_seed_encryption_key not initialized");

core/src/rpc.c

@@ -12,10 +12,10 @@
 #include "sign.h"
 #include "qrsignatures.h"
 
-static void execute_command(InternalCommandRequest *,
-                            InternalCommandResponse *);
+static void execute_command(const InternalCommandRequest* const cmd,
+                            InternalCommandResponse *out);
 
-static int check_version(InternalCommandRequest *cmd) {
+static int check_version(const InternalCommandRequest* const cmd) {
   if (VERSION != cmd->version) {
     ERROR("Version mismatch. Expecting %d, got %d.", VERSION, cmd->version);
     return false;
@@ -129,7 +129,7 @@ void handle_incoming_message(pb_istream_t *input, pb_ostream_t *output) {
 }
 
 // execute command
-static void execute_command(InternalCommandRequest *cmd,
+static void execute_command(const InternalCommandRequest* const cmd,
                             InternalCommandResponse *out) {
   if (!check_version(cmd)) {
     out->which_response = InternalCommandResponse_Error_tag;

core/src/sign.c

@@ -20,18 +20,19 @@
 #include "sign.h"
 #include "memzero.h"
 
-static void compute_prevout_hash(TxInput *inputs, pb_size_t inputs_count,
+static void compute_prevout_hash(const TxInput* const inputs,
+                                 pb_size_t inputs_count,
                                  uint8_t hash[static HASHER_DIGEST_LENGTH]) {
   Hasher hasher;
   hasher_Init(&hasher, HASHER_SHA2D);
   for (int i = 0; i < inputs_count; i++) {
-    TxInput input = inputs[i];
+    const TxInput* const input = &inputs[i];
     DEBUG("Computing prevout hash, input %d", i);
-    hash_rev_bytes(&hasher, input.prev_hash, sizeof(input.prev_hash));
-    print_rev_bytes(input.prev_hash, sizeof(input.prev_hash));
+    hash_rev_bytes(&hasher, input->prev_hash, sizeof(input->prev_hash));
+    print_rev_bytes(input->prev_hash, sizeof(input->prev_hash));
 
-    hash_uint32(&hasher, input.prev_index);
-    print_uint32(input.prev_index);
+    hash_uint32(&hasher, input->prev_index);
+    print_uint32(input->prev_index);
     DEBUG_("\n");
   }
   hasher_Final(&hasher, hash);
@@ -52,7 +53,8 @@ static void compute_sequence_hash(uint32_t sequence, pb_size_t inputs_count,
  * Takes an (decrypted) extended public key and produces the public key derived
  * from the path specified.
  */
-static Result derive_public_key(const char *xpub, Path *path,
+static Result derive_public_key(const char *xpub,
+                                const Path* const path,
                                 uint8_t public_key[static COMPRESSED_PUBKEY_SIZE]) {
   HDNode node;
 
@@ -91,7 +93,8 @@ static Result derive_public_key(const char *xpub, Path *path,
  * at that path.
  */
 static Result derive_private_key(uint8_t seed[static SHA512_DIGEST_LENGTH],
-                                 Path *path, HDNode *out) {
+                                 const Path* const path,
+                                 HDNode *out) {
   if (hdnode_from_seed(seed, SHA512_DIGEST_LENGTH, SECP256K1_NAME, out) != 1) {
     ERROR("error: hdnode_from_seed failed.");
     return Result_DERIVE_PRIVATE_KEY_HDNODE_FROM_SEED_FAILURE;
@@ -145,7 +148,10 @@ static void sort_public_keys(
 /**
  * Returns the script (i.e. 2 [addr1] [addr2] [addr3] [addr4] 4 checkmultisig).
  */
-static Result multisig_script(script_t *script, char xpub[static MULTISIG_PARTS][XPUB_SIZE], Path *path) {
+static Result multisig_script(
+    script_t *script,
+    char xpub[static MULTISIG_PARTS][XPUB_SIZE],
+    const Path* const path) {
   // Derive addresses for this path
   uint8_t public_keys[MULTISIG_PARTS][COMPRESSED_PUBKEY_SIZE];
   for (int i = 0; i < MULTISIG_PARTS; i++) {
@@ -199,7 +205,7 @@ static Result multisig_script(script_t *script, char xpub[static MULTISIG_PARTS]
  * java module
  * @param request to validate fees for
  */
-bool validate_fees(InternalCommandRequest_SignTxRequest *request) {
+bool validate_fees(const InternalCommandRequest_SignTxRequest* const request) {
   // these are in satoshis
   uint64_t total = 0;
   uint64_t fee = 0;
@@ -232,7 +238,9 @@ bool validate_fees(InternalCommandRequest_SignTxRequest *request) {
 }
 
 static Result hash_input(char xpub[static MULTISIG_PARTS][XPUB_SIZE],
-                         TxInput *input, uint32_t sequence, uint32_t lock_time,
+                         const TxInput* const input,
+                         uint32_t sequence,
+                         uint32_t lock_time,
                          uint8_t prevoutsHash[static HASHER_DIGEST_LENGTH],
                          uint8_t seqHash[static HASHER_DIGEST_LENGTH],
                          uint8_t outputHash[static HASHER_DIGEST_LENGTH],
@@ -300,7 +308,10 @@ static Result hash_input(char xpub[static MULTISIG_PARTS][XPUB_SIZE],
 }
 
 // hash_p2pkh_address derives a P2PKH address and hashes it into hasher
-static Result hash_p2pkh_address(Hasher *hasher, const char *xpub, Path *path) {
+static Result hash_p2pkh_address(
+    Hasher *hasher,
+    const char *xpub,
+    const Path* const path) {
   uint8_t public_key[COMPRESSED_PUBKEY_SIZE];
   Result r = derive_public_key(xpub, path, public_key);
   if (r != Result_SUCCESS) {
@@ -357,7 +368,7 @@ static Result hash_p2pkh_address(Hasher *hasher, const char *xpub, Path *path) {
 // TODO: While this looks mostly right, it's untested.
 static Result hash_change_address(Hasher *hasher,
                                   char xpub[static MULTISIG_PARTS][XPUB_SIZE],
-                                  Path *path) {
+                                  const Path* const path) {
   // Here we need to generate a P2SH-P2WSH change transaction back to the
   // cold wallet
 
@@ -447,7 +458,8 @@ static Result hash_change_address(Hasher *hasher,
 // compute_output_hash iterates over all
 static Result
 compute_output_hash(char xpub[static MULTISIG_PARTS][XPUB_SIZE],
-                    TxOutput *outputs, pb_size_t outputs_count,
+                    const TxOutput* const outputs,
+                    pb_size_t outputs_count,
                     uint8_t output_hash[static HASHER_DIGEST_LENGTH]) {
 
   Hasher hasher;
@@ -486,7 +498,7 @@ compute_output_hash(char xpub[static MULTISIG_PARTS][XPUB_SIZE],
  * An effort has been made to zeroize them regardless of success or failure of this function.
  *
  */
-Result handle_sign_tx(InternalCommandRequest_SignTxRequest *request,
+Result handle_sign_tx(const InternalCommandRequest_SignTxRequest* const request,
                       InternalCommandResponse_SignTxResponse *response) {
   Result r = Result_SUCCESS;