Merge pull request #5284

9d505eb1 Fix computation of ephemeral destination address with multiple output destination (cslashm)
241f6080 Add application version compatibility check. (cslashm)
This commit is contained in:
Riccardo Spagni 2019-03-21 15:27:56 +02:00
commit 8039b8d95d
No known key found for this signature in database
GPG Key ID: 55432DF31CCD4FCD
2 changed files with 50 additions and 33 deletions

View File

@ -304,6 +304,16 @@ namespace hw {
this->buffer_send[4] = offset-5; this->buffer_send[4] = offset-5;
this->length_send = offset; this->length_send = offset;
this->exchange(); this->exchange();
ASSERT_X(this->length_recv>=3, "Communication error, less than three bytes received. Check your application version.");
unsigned int device_version = 0;
device_version = VERSION(this->buffer_recv[0], this->buffer_recv[1], this->buffer_recv[2]);
ASSERT_X (device_version >= MINIMAL_APP_VERSION,
"Unsupported device application version: " << VERSION_MAJOR(device_version)<<"."<<VERSION_MINOR(device_version)<<"."<<VERSION_MICRO(device_version) <<
" At least " << MINIMAL_APP_VERSION_MAJOR<<"."<<MINIMAL_APP_VERSION_MINOR<<"."<<MINIMAL_APP_VERSION_MICRO<<" is required.");
return true; return true;
} }
@ -1184,32 +1194,15 @@ namespace hw {
additional_tx_public_keys_x, amount_keys_x, out_eph_public_key_x); additional_tx_public_keys_x, amount_keys_x, out_eph_public_key_x);
#endif #endif
ASSERT_X(tx_version > 1, "TX version not supported"<<tx_version);
// make additional tx pubkey if necessary // make additional tx pubkey if necessary
cryptonote::keypair additional_txkey; cryptonote::keypair additional_txkey;
if (need_additional_txkeys) { if (need_additional_txkeys) {
additional_txkey.sec = additional_tx_keys[output_index]; additional_txkey.sec = additional_tx_keys[output_index];
} }
//compute derivation, out_eph_public_key, and amount key in one shot on device, to ensure checkable link
const crypto::secret_key *sec;
bool is_change;
if (change_addr && dst_entr.addr == *change_addr)
{
// sending change to yourself; derivation = a*R
is_change = true;
sec = &sender_account_keys.m_view_secret_key;
}
else
{
is_change = false;
if (dst_entr.is_subaddress && need_additional_txkeys) {
sec = &additional_txkey.sec;
} else {
sec = &tx_key;
}
}
int offset = set_command_header_noopt(INS_GEN_TXOUT_KEYS); int offset = set_command_header_noopt(INS_GEN_TXOUT_KEYS);
//tx_version //tx_version
this->buffer_send[offset+0] = tx_version>>24; this->buffer_send[offset+0] = tx_version>>24;
@ -1217,10 +1210,10 @@ namespace hw {
this->buffer_send[offset+2] = tx_version>>8; this->buffer_send[offset+2] = tx_version>>8;
this->buffer_send[offset+3] = tx_version>>0; this->buffer_send[offset+3] = tx_version>>0;
offset += 4; offset += 4;
//tx_sec //tx_key
memmove(&this->buffer_send[offset], sec->data, 32); memmove(&this->buffer_send[offset], tx_key.data, 32);
offset += 32; offset += 32;
//tx_pub //txkey_pub
memmove(&this->buffer_send[offset], txkey_pub.data, 32); memmove(&this->buffer_send[offset], txkey_pub.data, 32);
offset += 32; offset += 32;
//Aout //Aout
@ -1236,6 +1229,7 @@ namespace hw {
this->buffer_send[offset+3] = output_index>>0; this->buffer_send[offset+3] = output_index>>0;
offset += 4; offset += 4;
//is_change, //is_change,
bool is_change = (change_addr && dst_entr.addr == *change_addr);
this->buffer_send[offset] = is_change; this->buffer_send[offset] = is_change;
offset++; offset++;
//is_subaddress //is_subaddress
@ -1244,6 +1238,13 @@ namespace hw {
//need_additional_key //need_additional_key
this->buffer_send[offset] = need_additional_txkeys; this->buffer_send[offset] = need_additional_txkeys;
offset++; offset++;
//additional_tx_key
if (need_additional_txkeys) {
memmove(&this->buffer_send[offset], additional_txkey.sec.data, 32);
} else {
memset(&this->buffer_send[offset], 0, 32);
}
offset += 32;
this->buffer_send[4] = offset-5; this->buffer_send[4] = offset-5;
this->length_send = offset; this->length_send = offset;
@ -1251,15 +1252,8 @@ namespace hw {
offset = 0; offset = 0;
unsigned int recv_len = this->length_recv; unsigned int recv_len = this->length_recv;
if (need_additional_txkeys)
{ //if (tx_version > 1)
ASSERT_X(recv_len>=32, "Not enought data from device");
memmove(additional_txkey.pub.data, &this->buffer_recv[offset], 32);
additional_tx_public_keys.push_back(additional_txkey.pub);
offset += 32;
recv_len -= 32;
}
if (tx_version > 1)
{ {
ASSERT_X(recv_len>=32, "Not enought data from device"); ASSERT_X(recv_len>=32, "Not enought data from device");
crypto::secret_key scalar1; crypto::secret_key scalar1;
@ -1271,6 +1265,16 @@ namespace hw {
ASSERT_X(recv_len>=32, "Not enought data from device"); ASSERT_X(recv_len>=32, "Not enought data from device");
memmove(out_eph_public_key.data, &this->buffer_recv[offset], 32); memmove(out_eph_public_key.data, &this->buffer_recv[offset], 32);
recv_len -= 32; recv_len -= 32;
offset += 32;
if (need_additional_txkeys)
{
ASSERT_X(recv_len>=32, "Not enought data from device");
memmove(additional_txkey.pub.data, &this->buffer_recv[offset], 32);
additional_tx_public_keys.push_back(additional_txkey.pub);
offset += 32;
recv_len -= 32;
}
// add ABPkeys // add ABPkeys
this->add_output_key_mapping(dst_entr.addr.m_view_public_key, dst_entr.addr.m_spend_public_key, dst_entr.is_subaddress, is_change, this->add_output_key_mapping(dst_entr.addr.m_view_public_key, dst_entr.addr.m_spend_public_key, dst_entr.is_subaddress, is_change,
@ -1278,6 +1282,7 @@ namespace hw {
amount_keys.back(), out_eph_public_key); amount_keys.back(), out_eph_public_key);
#ifdef DEBUG_HWDEVICE #ifdef DEBUG_HWDEVICE
log_hexbuffer("generate_output_ephemeral_keys: clear amount_key", (const char*)hw::ledger::decrypt(amount_keys.back()).bytes, 32);
hw::ledger::check32("generate_output_ephemeral_keys", "amount_key", (const char*)amount_keys_x.back().bytes, (const char*)hw::ledger::decrypt(amount_keys.back()).bytes); hw::ledger::check32("generate_output_ephemeral_keys", "amount_key", (const char*)amount_keys_x.back().bytes, (const char*)hw::ledger::decrypt(amount_keys.back()).bytes);
if (need_additional_txkeys) { if (need_additional_txkeys) {
hw::ledger::check32("generate_output_ephemeral_keys", "additional_tx_key", additional_tx_public_keys_x.back().data, additional_tx_public_keys.back().data); hw::ledger::check32("generate_output_ephemeral_keys", "additional_tx_key", additional_tx_public_keys_x.back().data, additional_tx_public_keys.back().data);

View File

@ -41,6 +41,18 @@ namespace hw {
namespace ledger { namespace ledger {
/* Minimal supported version */
#define MINIMAL_APP_VERSION_MAJOR 1
#define MINIMAL_APP_VERSION_MINOR 3
#define MINIMAL_APP_VERSION_MICRO 0
#define VERSION(M,m,u) ((M)<<16|(m)<<8|(u))
#define VERSION_MAJOR(v) (((v)>>16)&0xFF)
#define VERSION_MINOR(v) (((v)>>8)&0xFF)
#define VERSION_MICRO(v) (((v)>>0)&0xFF)
#define MINIMAL_APP_VERSION VERSION(MINIMAL_APP_VERSION_MAJOR, MINIMAL_APP_VERSION_MINOR, MINIMAL_APP_VERSION_MICRO)
void register_all(std::map<std::string, std::unique_ptr<device>> &registry); void register_all(std::map<std::string, std::unique_ptr<device>> &registry);
#ifdef WITH_DEVICE_LEDGER #ifdef WITH_DEVICE_LEDGER