Enforce that public key verification messages start with prefix "dumm…

…y-message:" This is to further ensure that no meaningful data can be blindly signed.
nimiq · Oct 15, 2024 · d8290e0 · d8290e0
1 parent d7f7dc7
commit d8290e0
Showing 1 changed file with 9 additions and 1 deletion.
diff --git a/src/main.c b/src/main.c
@@ -359,7 +359,8 @@ sw_t handle_get_public_key(uint8_t p1, uint8_t p2, uint8_t *data_buffer, uint16_
 
     // Optionally create a signature with which the public key can be verified. We only allow signing messages up to 31
     // bytes, as we're blind signing here, and longer data could be Nimiq messages, which are 32 byte Sha256 digests, or
-    // transactions, which have varying sizes but larger than 32 bytes.
+    // transactions, which have varying sizes but larger than 32 bytes. Additionally, the message must start with the
+    // suffix "dummy-message:", to ensure even further that no meaningful data could be signed.
     uint8_t msgLength;
     uint8_t *msg = NULL;
     if (ctx.req.pk.returnSignature) {
@@ -377,6 +378,13 @@ sw_t handle_get_public_key(uint8_t p1, uint8_t p2, uint8_t *data_buffer, uint16_
             sw,
             SW_WRONG_DATA_LENGTH
         );
+        GOTO_ON_ERROR(
+            !memcmp(msg, "dummy-message:", sizeof("dummy-message:") - /* exclude string terminator */ 1),
+            end,
+            sw,
+            SW_INCORRECT_DATA,
+            "Verification message to sign must start with prefix \"dummy-message:\"\n"
+        );
     }
 
     GOTO_ON_ERROR(