search

trezor / trezor-crypto

:lock: Don't use this repo, use the new monorepo instead:
https://github.com/trezor/trezor-firmware
MIT License
501 stars 201 forks source link

[bip32] array size of public_key is 33 but the size of uncompressed key is 64 #199

Closed KimiWu123 closed 5 years ago

KimiWu123 commented 5 years ago

in bip32.h, public key size is 33, uint8_t public_key[33]; as following,

typedef struct {
    uint32_t depth;
    uint32_t child_num;
    uint8_t chain_code[32];

    uint8_t private_key[32];
    uint8_t private_key_extension[32];

    uint8_t public_key[33];
    const curve_info *curve;
} HDNode;

If we follow the following path, hdnode_get_address -- > ecdsa_get_address --> ecdsa_get_address_raw --> ecdsa_get_pubkeyhash 

// function ecdsa_get_pubkeyhash
    if (pub_key[0] == 0x04) {  // uncompressed format
        hasher_Raw(hasher_pubkey, pub_key, 65, h);
    }

the input public key of ecdsa_get_address is node->public_key which is 33 bytes, but in the above case, memory out of 33 bytes (index of 33 to 63) may be touched. It may cause program crash...

prusnak commented 5 years ago

It won't be touched, because the first byte will never be 0x04.

KimiWu123 commented 5 years ago

Hi @prusnak ,

Sure, I know the prefix of compressed public key will never be 0x04. What if users input incorrect key accidentally?

prusnak commented 5 years ago

The key in the HDNode is always computed, never entered directly from an user.