74 lines
2.2 KiB
C
74 lines
2.2 KiB
C
/*****************************************************************************
|
|
* Ledger Monero App.
|
|
* (c) 2017-2020 Cedric Mesnil <cslashm@gmail.com>, Ledger SAS.
|
|
* (c) 2020 Ledger SAS.
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*****************************************************************************/
|
|
|
|
#include "os.h"
|
|
#include "cx.h"
|
|
#include "monero_types.h"
|
|
#include "monero_api.h"
|
|
#include "monero_vars.h"
|
|
|
|
/* ----------------------------------------------------------------------- */
|
|
/* --- --- */
|
|
/* ----------------------------------------------------------------------- */
|
|
int monero_apdu_stealth() {
|
|
int i;
|
|
unsigned char pub[KEY_SIZE];
|
|
unsigned char sec[KEY_SIZE];
|
|
unsigned char drv[33];
|
|
unsigned char payID[8];
|
|
int err = 0;
|
|
|
|
// fetch pub
|
|
monero_io_fetch(pub, KEY_SIZE);
|
|
// fetch sec
|
|
err = monero_io_fetch_decrypt_key(sec, sizeof(sec));
|
|
if (err) {
|
|
explicit_bzero(sec, sizeof(sec));
|
|
return err;
|
|
}
|
|
// fetch paymentID
|
|
monero_io_fetch(payID, 8);
|
|
|
|
monero_io_discard(0);
|
|
|
|
// Compute Dout
|
|
err = monero_generate_key_derivation(drv, pub, sec, sizeof(drv), sizeof(pub), sizeof(sec));
|
|
if (err) {
|
|
explicit_bzero(sec, sizeof(sec));
|
|
return err;
|
|
}
|
|
|
|
// compute mask
|
|
drv[KEY_SIZE] = ENCRYPTED_PAYMENT_ID_TAIL;
|
|
err = monero_keccak_F(drv, 33, sec);
|
|
if (err) {
|
|
explicit_bzero(sec, sizeof(sec));
|
|
return err;
|
|
}
|
|
|
|
// stealth!
|
|
for (i = 0; i < 8; i++) {
|
|
payID[i] = payID[i] ^ sec[i];
|
|
}
|
|
|
|
monero_io_insert(payID, 8);
|
|
|
|
explicit_bzero(sec, sizeof(sec));
|
|
|
|
return SW_OK;
|
|
} |