diff --git a/core/include/init_wallet.h b/core/include/init_wallet.h index fd078e47..135df584 100644 --- a/core/include/init_wallet.h +++ b/core/include/init_wallet.h @@ -7,4 +7,4 @@ #include "config.h" Result mix_entropy(uint8_t wallet_entropy[static MASTER_SEED_SIZE], - InternalCommandRequest *in); + const InternalCommandRequest* const in); diff --git a/core/include/protection.h b/core/include/protection.h index 797aadf3..407c9c4a 100644 --- a/core/include/protection.h +++ b/core/include/protection.h @@ -16,7 +16,7 @@ Result protect_pubkey(char xpub[static XPUB_SIZE], /** * Decrypt encrypted_pub_key with pubkey encryption key. */ -Result expose_pubkey(EncryptedPubKey *encrypted_pub_key, +Result expose_pubkey(const EncryptedPubKey* const encrypted_pub_key, char xpub[static XPUB_SIZE]); /** @@ -31,5 +31,5 @@ Result protect_wallet(uint8_t master_seed[static MASTER_SEED_SIZE], * Decrypt master_seed with master_seed_encryption_key. In dev, we XOR with a * magic byte. */ -Result expose_wallet(EncryptedMasterSeed *encrypted_master_seed, +Result expose_wallet(const EncryptedMasterSeed* const encrypted_master_seed, uint8_t master_seed[static MASTER_SEED_SIZE]); diff --git a/core/include/rpc.h b/core/include/rpc.h index 1ec4cdd9..29ba8338 100644 --- a/core/include/rpc.h +++ b/core/include/rpc.h @@ -5,11 +5,13 @@ void handle_incoming_message(pb_istream_t *input, pb_ostream_t *output); -Result handle_init_wallet(InternalCommandRequest *, - InternalCommandResponse_InitWalletResponse *); +Result handle_init_wallet( + const InternalCommandRequest* const in, + InternalCommandResponse_InitWalletResponse *out); -Result handle_finalize_wallet(InternalCommandRequest_FinalizeWalletRequest *, - InternalCommandResponse_FinalizeWalletResponse *); +Result handle_finalize_wallet( + const InternalCommandRequest_FinalizeWalletRequest* const in, + InternalCommandResponse_FinalizeWalletResponse *out); -Result pre_execute_command(InternalCommandRequest *in); +Result pre_execute_command(const InternalCommandRequest* const in); void post_execute_command(void); diff --git a/core/include/sign.h b/core/include/sign.h index 215afd25..1f64300a 100644 --- a/core/include/sign.h +++ b/core/include/sign.h @@ -1,6 +1,7 @@ #pragma once -Result handle_sign_tx(InternalCommandRequest_SignTxRequest *, - InternalCommandResponse_SignTxResponse *); +Result handle_sign_tx( + const InternalCommandRequest_SignTxRequest* const request, + InternalCommandResponse_SignTxResponse *response); -bool validate_fees(InternalCommandRequest_SignTxRequest *request); +bool validate_fees(const InternalCommandRequest_SignTxRequest* const request); diff --git a/core/src/dev/execute_command_hooks.c b/core/src/dev/execute_command_hooks.c index 19c3038e..a0e123ab 100644 --- a/core/src/dev/execute_command_hooks.c +++ b/core/src/dev/execute_command_hooks.c @@ -2,7 +2,7 @@ #include "rpc.h" -Result pre_execute_command(InternalCommandRequest *in) { +Result pre_execute_command(const InternalCommandRequest* const in) { (void)in; return Result_SUCCESS; } diff --git a/core/src/dev/init_wallet.c b/core/src/dev/init_wallet.c index 25e5b114..2dfabe30 100644 --- a/core/src/dev/init_wallet.c +++ b/core/src/dev/init_wallet.c @@ -34,7 +34,7 @@ * - derive the pubkey * - encrypt the master_seed and pubkey */ -Result handle_init_wallet(InternalCommandRequest *in, +Result handle_init_wallet(const InternalCommandRequest* const in, InternalCommandResponse_InitWalletResponse *out) { uint8_t entropy[MASTER_SEED_SIZE] = {0}; diff --git a/core/src/finalize_wallet.c b/core/src/finalize_wallet.c index 8c6567ba..00fdfa48 100644 --- a/core/src/finalize_wallet.c +++ b/core/src/finalize_wallet.c @@ -10,8 +10,9 @@ #include "strlcpy.h" Result -handle_finalize_wallet(InternalCommandRequest_FinalizeWalletRequest *in, - InternalCommandResponse_FinalizeWalletResponse *out) { +handle_finalize_wallet( + const InternalCommandRequest_FinalizeWalletRequest* const in, + InternalCommandResponse_FinalizeWalletResponse *out) { if (in->encrypted_pub_keys_count != MULTISIG_PARTS) { ERROR("expecting %d encrypted_pub_keys, received %d.", MULTISIG_PARTS, in->encrypted_pub_keys_count); diff --git a/core/src/init_wallet.c b/core/src/init_wallet.c index 370f1c3d..764ec8c8 100644 --- a/core/src/init_wallet.c +++ b/core/src/init_wallet.c @@ -9,7 +9,7 @@ * TODO(alok): replace with HMAC, which is slightly better. */ Result mix_entropy(uint8_t master_seed[static MASTER_SEED_SIZE], - InternalCommandRequest *in) { + const InternalCommandRequest* const in) { if (in->command.InitWallet.random_bytes.size != MASTER_SEED_SIZE) { ERROR("unexpected random_bytes.size"); return Result_INCORRECT_RANDOM_BYTES_SIZE; diff --git a/core/src/ncipher/execute_command_hooks.c b/core/src/ncipher/execute_command_hooks.c index b3534b28..05810aa1 100644 --- a/core/src/ncipher/execute_command_hooks.c +++ b/core/src/ncipher/execute_command_hooks.c @@ -29,7 +29,7 @@ extern M_KeyID pub_key_encryption_key; /** * Load keys using tickets. */ -Result pre_execute_command(InternalCommandRequest *in) { +Result pre_execute_command(const InternalCommandRequest* const in) { DEBUG("in pre_execute_command"); if (!in->has_master_seed_encryption_key_ticket) { diff --git a/core/src/ncipher/init_wallet.c b/core/src/ncipher/init_wallet.c index 9d4da262..14375d34 100644 --- a/core/src/ncipher/init_wallet.c +++ b/core/src/ncipher/init_wallet.c @@ -41,7 +41,7 @@ static Result gen_random(uint8_t *buffer, uint32_t buffer_len); * - derive the pubkey * - encrypt the master_seed and pubkey */ -Result handle_init_wallet(InternalCommandRequest *in, +Result handle_init_wallet(const InternalCommandRequest* const in, InternalCommandResponse_InitWalletResponse *out) { DEBUG("in handle_init_wallet"); diff --git a/core/src/protect.c b/core/src/protect.c index c46896ca..05b72b98 100644 --- a/core/src/protect.c +++ b/core/src/protect.c @@ -47,7 +47,7 @@ Result protect_pubkey(char xpub[static XPUB_SIZE], /** * Decrypt encrypted_pub_key with pubkey encryption key. */ -Result expose_pubkey(EncryptedPubKey *encrypted_pub_key, +Result expose_pubkey(const EncryptedPubKey* const encrypted_pub_key, char xpub[static XPUB_SIZE]) { if (pub_key_encryption_key == 0) { ERROR("pub_key_encryption_key not initialized"); @@ -122,7 +122,7 @@ Result protect_wallet(uint8_t master_seed[static MASTER_SEED_SIZE], /** * Decrypt master_seed with master_seed_encryption_key. */ -Result expose_wallet(EncryptedMasterSeed *encrypted_master_seed, +Result expose_wallet(const EncryptedMasterSeed* const encrypted_master_seed, uint8_t master_seed[static MASTER_SEED_SIZE]) { if (master_seed_encryption_key == 0) { ERROR("master_seed_encryption_key not initialized"); diff --git a/core/src/rpc.c b/core/src/rpc.c index 61ca1ee1..7006babb 100644 --- a/core/src/rpc.c +++ b/core/src/rpc.c @@ -12,10 +12,10 @@ #include "sign.h" #include "qrsignatures.h" -static void execute_command(InternalCommandRequest *, - InternalCommandResponse *); +static void execute_command(const InternalCommandRequest* const cmd, + InternalCommandResponse *out); -static int check_version(InternalCommandRequest *cmd) { +static int check_version(const InternalCommandRequest* const cmd) { if (VERSION != cmd->version) { ERROR("Version mismatch. Expecting %d, got %d.", VERSION, cmd->version); return false; @@ -129,7 +129,7 @@ void handle_incoming_message(pb_istream_t *input, pb_ostream_t *output) { } // execute command -static void execute_command(InternalCommandRequest *cmd, +static void execute_command(const InternalCommandRequest* const cmd, InternalCommandResponse *out) { if (!check_version(cmd)) { out->which_response = InternalCommandResponse_Error_tag; diff --git a/core/src/sign.c b/core/src/sign.c index 446a151a..cca6c0a9 100644 --- a/core/src/sign.c +++ b/core/src/sign.c @@ -20,18 +20,19 @@ #include "sign.h" #include "memzero.h" -static void compute_prevout_hash(TxInput *inputs, pb_size_t inputs_count, +static void compute_prevout_hash(const TxInput* const inputs, + pb_size_t inputs_count, uint8_t hash[static HASHER_DIGEST_LENGTH]) { Hasher hasher; hasher_Init(&hasher, HASHER_SHA2D); for (int i = 0; i < inputs_count; i++) { - TxInput input = inputs[i]; + const TxInput* const input = &inputs[i]; DEBUG("Computing prevout hash, input %d", i); - hash_rev_bytes(&hasher, input.prev_hash, sizeof(input.prev_hash)); - print_rev_bytes(input.prev_hash, sizeof(input.prev_hash)); + hash_rev_bytes(&hasher, input->prev_hash, sizeof(input->prev_hash)); + print_rev_bytes(input->prev_hash, sizeof(input->prev_hash)); - hash_uint32(&hasher, input.prev_index); - print_uint32(input.prev_index); + hash_uint32(&hasher, input->prev_index); + print_uint32(input->prev_index); DEBUG_("\n"); } hasher_Final(&hasher, hash); @@ -52,7 +53,8 @@ static void compute_sequence_hash(uint32_t sequence, pb_size_t inputs_count, * Takes an (decrypted) extended public key and produces the public key derived * from the path specified. */ -static Result derive_public_key(const char *xpub, Path *path, +static Result derive_public_key(const char *xpub, + const Path* const path, uint8_t public_key[static COMPRESSED_PUBKEY_SIZE]) { HDNode node; @@ -91,7 +93,8 @@ static Result derive_public_key(const char *xpub, Path *path, * at that path. */ static Result derive_private_key(uint8_t seed[static SHA512_DIGEST_LENGTH], - Path *path, HDNode *out) { + const Path* const path, + HDNode *out) { if (hdnode_from_seed(seed, SHA512_DIGEST_LENGTH, SECP256K1_NAME, out) != 1) { ERROR("error: hdnode_from_seed failed."); return Result_DERIVE_PRIVATE_KEY_HDNODE_FROM_SEED_FAILURE; @@ -145,7 +148,10 @@ static void sort_public_keys( /** * Returns the script (i.e. 2 [addr1] [addr2] [addr3] [addr4] 4 checkmultisig). */ -static Result multisig_script(script_t *script, char xpub[static MULTISIG_PARTS][XPUB_SIZE], Path *path) { +static Result multisig_script( + script_t *script, + char xpub[static MULTISIG_PARTS][XPUB_SIZE], + const Path* const path) { // Derive addresses for this path uint8_t public_keys[MULTISIG_PARTS][COMPRESSED_PUBKEY_SIZE]; for (int i = 0; i < MULTISIG_PARTS; i++) { @@ -199,7 +205,7 @@ static Result multisig_script(script_t *script, char xpub[static MULTISIG_PARTS] * java module * @param request to validate fees for */ -bool validate_fees(InternalCommandRequest_SignTxRequest *request) { +bool validate_fees(const InternalCommandRequest_SignTxRequest* const request) { // these are in satoshis uint64_t total = 0; uint64_t fee = 0; @@ -232,7 +238,9 @@ bool validate_fees(InternalCommandRequest_SignTxRequest *request) { } static Result hash_input(char xpub[static MULTISIG_PARTS][XPUB_SIZE], - TxInput *input, uint32_t sequence, uint32_t lock_time, + const TxInput* const input, + uint32_t sequence, + uint32_t lock_time, uint8_t prevoutsHash[static HASHER_DIGEST_LENGTH], uint8_t seqHash[static HASHER_DIGEST_LENGTH], uint8_t outputHash[static HASHER_DIGEST_LENGTH], @@ -300,7 +308,10 @@ static Result hash_input(char xpub[static MULTISIG_PARTS][XPUB_SIZE], } // hash_p2pkh_address derives a P2PKH address and hashes it into hasher -static Result hash_p2pkh_address(Hasher *hasher, const char *xpub, Path *path) { +static Result hash_p2pkh_address( + Hasher *hasher, + const char *xpub, + const Path* const path) { uint8_t public_key[COMPRESSED_PUBKEY_SIZE]; Result r = derive_public_key(xpub, path, public_key); if (r != Result_SUCCESS) { @@ -357,7 +368,7 @@ static Result hash_p2pkh_address(Hasher *hasher, const char *xpub, Path *path) { // TODO: While this looks mostly right, it's untested. static Result hash_change_address(Hasher *hasher, char xpub[static MULTISIG_PARTS][XPUB_SIZE], - Path *path) { + const Path* const path) { // Here we need to generate a P2SH-P2WSH change transaction back to the // cold wallet @@ -447,7 +458,8 @@ static Result hash_change_address(Hasher *hasher, // compute_output_hash iterates over all static Result compute_output_hash(char xpub[static MULTISIG_PARTS][XPUB_SIZE], - TxOutput *outputs, pb_size_t outputs_count, + const TxOutput* const outputs, + pb_size_t outputs_count, uint8_t output_hash[static HASHER_DIGEST_LENGTH]) { Hasher hasher; @@ -486,7 +498,7 @@ compute_output_hash(char xpub[static MULTISIG_PARTS][XPUB_SIZE], * An effort has been made to zeroize them regardless of success or failure of this function. * */ -Result handle_sign_tx(InternalCommandRequest_SignTxRequest *request, +Result handle_sign_tx(const InternalCommandRequest_SignTxRequest* const request, InternalCommandResponse_SignTxResponse *response) { Result r = Result_SUCCESS;