Merge pull request #79 from LedgerHQ/revert-75-pubkey_privacy

Revert "Add a privacy preserving feature for public key exports"
LedgerHQ · Nov 12, 2018 · 992a2f4 · 992a2f4
2 parents 5cb04e2 + 9759619
commit 992a2f4
Show file tree

Hide file tree

Showing 5 changed files with 5 additions and 469 deletions.
diff --git a/doc/btc.asc b/doc/btc.asc
@@ -20,8 +20,6 @@ application. It is based on the HW.1 firmware specification detailed on https://
 ==== Description
 
 This command returns the public key and Base58 encoded address for the given BIP 32 path.
-The Base58 encoded address can be displayed on the device screen. 
-This call might trigger a user validation (with or without token) if the device has the public key protection setting enabled.
 
 ==== Coding
 
@@ -34,8 +32,6 @@ This call might trigger a user validation (with or without token) if the device
 
                     01 : display the address
 
-                    02 : display a validation token
-
                  |   00 : return a legacy address
 
                            01 : return a P2SH-P2WPKH address
@@ -52,7 +48,6 @@ This call might trigger a user validation (with or without token) if the device
 | First derivation index (big endian)                                               | 4
 | ...                                                                               | 4
 | Last derivation index (big endian)                                                | 4
-| Optional Validation token (big endian)                                            | 4
 |==============================================================================================================================
 
 'Output data'

diff --git a/include/btchip_filesystem.h b/include/btchip_filesystem.h
@@ -68,8 +68,6 @@ typedef struct btchip_storage_s {
 
     unsigned char fidoTransport;
 
-    uint8_t pubKeyRequestRestriction;
-
 } btchip_storage_t;
 
 // the global nvram memory variable

diff --git a/src/btchip_apdu_get_wallet_public_key.c b/src/btchip_apdu_get_wallet_public_key.c
@@ -25,7 +25,6 @@
 
 #define P1_NO_DISPLAY 0x00
 #define P1_DISPLAY 0x01
-#define P1_REQUEST_TOKEN 0x02
 
 #define P2_LEGACY 0x00
 #define P2_SEGWIT 0x01
@@ -37,19 +36,15 @@ unsigned short btchip_apdu_get_wallet_public_key() {
     unsigned char uncompressedPublicKeys =
         ((N_btchip.bkp.config.options & BTCHIP_OPTION_UNCOMPRESSED_KEYS) != 0);
     unsigned char keyPath[MAX_BIP32_PATH_LENGTH];
-    uint32_t request_token;
     unsigned char chainCode[32];
     bool display = (G_io_apdu_buffer[ISO_OFFSET_P1] == P1_DISPLAY);
-    bool display_request_token = N_btchip.pubKeyRequestRestriction && (G_io_apdu_buffer[ISO_OFFSET_P1] == P1_REQUEST_TOKEN) && G_io_apdu_media == IO_APDU_MEDIA_U2F;
-    bool require_user_approval = N_btchip.pubKeyRequestRestriction && !(display_request_token || display) && G_io_apdu_media == IO_APDU_MEDIA_U2F;
     bool segwit = (G_io_apdu_buffer[ISO_OFFSET_P2] == P2_SEGWIT);
     bool nativeSegwit = (G_io_apdu_buffer[ISO_OFFSET_P2] == P2_NATIVE_SEGWIT);
     bool cashAddr = (G_io_apdu_buffer[ISO_OFFSET_P2] == P2_CASHADDR);
 
     switch (G_io_apdu_buffer[ISO_OFFSET_P1]) {
     case P1_NO_DISPLAY:
     case P1_DISPLAY:
-    case P1_REQUEST_TOKEN:
         break;
     default:
         return BTCHIP_SW_INCORRECT_P1_P2;
@@ -78,11 +73,6 @@ unsigned short btchip_apdu_get_wallet_public_key() {
     os_memmove(keyPath, G_io_apdu_buffer + ISO_OFFSET_CDATA,
                MAX_BIP32_PATH_LENGTH);
 
-    if(display_request_token){
-        uint8_t request_token_offset = ISO_OFFSET_CDATA + G_io_apdu_buffer[ISO_OFFSET_CDATA]*4 + 1;
-        request_token = btchip_read_u32(G_io_apdu_buffer + request_token_offset, true, true);
-    }
-
     SB_CHECK(N_btchip.bkp.config.operationMode);
     switch (SB_GET(N_btchip.bkp.config.operationMode)) {
     case BTCHIP_MODE_WALLET:
@@ -179,27 +169,6 @@ unsigned short btchip_apdu_get_wallet_public_key() {
             return BTCHIP_SW_INCORRECT_DATA;
         }
     }
-    else if(display_request_token)
-    {
-        // Hax, avoid wasting space
-        snprintf(G_io_apdu_buffer + 200, 9, "%02x", request_token);
-        G_io_apdu_buffer[200 + 8] = '\0';
-        btchip_context_D.io_flags |= IO_ASYNCH_REPLY;
-        if (!btchip_bagl_display_token()) {
-            btchip_context_D.io_flags &= ~IO_ASYNCH_REPLY;
-            btchip_context_D.outLength = 0;
-            return BTCHIP_SW_INCORRECT_DATA;
-        }
-    }
-    else if(require_user_approval)
-    {
-        btchip_context_D.io_flags |= IO_ASYNCH_REPLY;
-        if (!btchip_bagl_request_pubkey_approval()) {
-            btchip_context_D.io_flags &= ~IO_ASYNCH_REPLY;
-            btchip_context_D.outLength = 0;
-            return BTCHIP_SW_INCORRECT_DATA;
-        }
-    }
 
     return BTCHIP_SW_OK;
 }

diff --git a/src/btchip_context.c b/src/btchip_context.c
@@ -72,9 +72,8 @@ void btchip_context_init() {
         SB_CHECK(N_btchip.bkp.config.operationMode);
     }
     if (!N_btchip.storageInitialized) {
-        unsigned char initialized = 1, denied=0;
+        unsigned char initialized = 1;
 
-        nvm_write((void *)&N_btchip.pubKeyRequestRestriction, &denied, 1);
         nvm_write((void *)&N_btchip.storageInitialized, &initialized, 1);
     }
 }