Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

prompt address: only derive PK once #108

Closed
emturner opened this issue Nov 1, 2023 · 1 comment · Fixed by #113
Closed

prompt address: only derive PK once #108

emturner opened this issue Nov 1, 2023 · 1 comment · Fixed by #113
Assignees
@ajinkyaraj-23
Labels
app::wallet issues relating to the wallet app
Milestone
Wallet: v3.0.3 - ...

Comments

@emturner
Copy link
Collaborator

emturner commented Nov 1, 2023
edited
Loading

Goal

When handling INS_PROMPT_PUBLIC_KEY, we should only derive the public key once.

Context

          One thing spotted: we derive pk twice in the prompt flow!

Originally posted by @emturner in #106 (comment)
@emturner emturner added the app::wallet issues relating to the wallet app label Nov 1, 2023
@ajinkyaraj-23
Copy link
Collaborator

PK is derived twice in promt flow because

  1. To show on the device screen the derivation of the PK, we need to derive pk and then create hash. The pk is stored in local variable and the hash is passed along as variable to be displayed on the screen. After which both the hash and pk are not present in memory.
  2. After receiving Accept, the pk is derived again and sent to I/O.

Effectively the solution is to store the PK in global memory when we derive it for the first time. Then if we get Accept we send the pk in global memory via I/O after which we clear the pk in global memory for security purposes. Similarly if the user presses reject, we immediately clear the pk in global memory.
Does that sound proper approach. Can we reuse some global memory buffer for this?

@ajinkyaraj-23 ajinkyaraj-23 mentioned this issue Nov 3, 2023
Merged
@ajinkyaraj-23 ajinkyaraj-23 linked a pull request Nov 3, 2023 that will close this issue
wallet: Add public key to globals #113
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ajinkyaraj-23 ajinkyaraj-23

Labels
app::wallet issues relating to the wallet app
Projects
None yet
Milestone
Wallet: v3.0.3 - security audit
Development

Successfully merging a pull request may close this issue.

wallet: Add public key to globals trilitech/ledger-app-tezos-wallet
2 participants
@emturner @ajinkyaraj-23