BTCPrivate
/
trezor-mcu
mirror of https://github.com/BTCPrivate/trezor-mcu.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Check that U2F key only uses hardened derivation (#139) 

We generate only U2F keys with hardened derivation.  However, we
didn't check incoming keys if they used hardened derivation.
This patch fixes this.
This commit is contained in:
Jochen Hoenicke 2017-01-10 21:51:57 +01:00 committed by Pavol Rusnak
parent cc01b86ab7
commit 1cceec0ae2
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
firmware/u2f.c
View File

@ -505,6 +505,12 @@ const HDNode *validateKeyHandle(const uint8_t app_id[], const uint8_t key_handle
uint32_t key_path[KEY_PATH_ENTRIES]; uint32_t key_path[KEY_PATH_ENTRIES];
key_path[0] = U2F_KEY_PATH; key_path[0] = U2F_KEY_PATH;
memcpy(&key_path[1], key_handle, KEY_PATH_LEN); memcpy(&key_path[1], key_handle, KEY_PATH_LEN);
for (unsigned int i = 1; i < KEY_PATH_ENTRIES; i++) {
// check high bit for hardened keys
if (! (key_path[i] & 0x80000000)) {
return NULL;
}
}
const HDNode *node = getDerivedNode(key_path, KEY_PATH_ENTRIES); const HDNode *node = getDerivedNode(key_path, KEY_PATH_ENTRIES);
if (!node) if (!node)