Fix transition check for INS_PREFIX_HASH - Githubissues

LedgerHQ / app-monero

Monero wallet application for Ledger Nano S & X

Apache License 2.0

273 stars 101 forks source link

Fix transition check for INS_PREFIX_HASH #59

Closed niooss-ledger closed 4 years ago

niooss-ledger commented 4 years ago

Protocol v3 introduced INS_PREFIX_HASH in order to verify the timelock on devices. This works by sending the following sequence of APDU:

INS=INS_PREFIX_HASH, P1=1, content={varint version, varint timelock}
INS=INS_PREFIX_HASH, P1=2, P2=1, content=1st chunk of data
INS=INS_PREFIX_HASH, P1=2, P2=2, content=2nd chunk of data
INS=INS_PREFIX_HASH, P1=2, P2=3, content=3rd chunk of data
...

(cf. function device_ledger::get_transaction_prefix_hash() from https://github.com/monero-project/monero/blob/77a008f71454ce4dd4bce033bc0319a49e2cec51/src/device/device_ledger.cpp#L1418)

Currently, the first 2 chunks of data are accepted but not the 3rd one: the device then returns SW=0x6981 = SW_SUBCOMMAND_NOT_ALLOWED.

This is because the dispatcher incorrectly compares P1-1 with the last P2, instead of P2-1. Fix this.

grydz commented 4 years ago

Thanks for the fix it has been tested successfully.