[pk-derivation] do not derive pk if it has already been derived

Since `global.public_key` is the key associated to `global.path_with_curve`, if the `path_with_curve` to derive is equal to `global.path_with_curve`, then the key associated to the `path_with_curve` is `global.public_key`. There is no need to re-derive it again.
trilitech · Nov 6, 2024 · 1c55f5a · 1c55f5a
1 parent 9146ccf
commit 1c55f5a
Show file tree

Hide file tree

Showing 5 changed files with 39 additions and 14 deletions.
diff --git a/src/apdu.c b/src/apdu.c
@@ -39,14 +39,21 @@ tz_exc read_path_with_curve(derivation_type_t derivation_type,
                             cx_ecfp_public_key_t* pubkey) {
     tz_exc exc = SW_OK;
     cx_err_t error = CX_OK;
+    bip32_path_with_curve_t tmp_path_with_curve = {0};
 
     TZ_ASSERT_NOT_NULL(buf);
     TZ_ASSERT_NOT_NULL(path_with_curve);
-    TZ_ASSERT_NOT_NULL(pubkey);
 
-    path_with_curve->derivation_type = derivation_type;
-    TZ_ASSERT(read_bip32_path(buf, &path_with_curve->bip32_path), EXC_WRONG_VALUES);
-    CX_CHECK(generate_public_key(pubkey, path_with_curve));
+    tmp_path_with_curve.derivation_type = derivation_type;
+    TZ_ASSERT(read_bip32_path(buf, &tmp_path_with_curve.bip32_path), EXC_WRONG_VALUES);
+
+    // Do not derive the public key if the two path_with_curve are equal
+    if (!bip32_path_with_curve_eq(path_with_curve, &tmp_path_with_curve)) {
+        memmove(path_with_curve, &tmp_path_with_curve, sizeof(bip32_path_with_curve_t));
+        if (pubkey != NULL) {
+            CX_CHECK(generate_public_key(pubkey, path_with_curve));
+        }
+    }
 
 end:
     TZ_CONVERT_CX();

diff --git a/src/apdu.h b/src/apdu.h
@@ -89,11 +89,14 @@ static inline int io_send_apdu_err(uint16_t sw) {
 
 /**
  * @brief Reads a path with curve and derive the public key.
+ *        Set [pubkey] to NULL to not deriving the public key.
+ *        Will not derive the public key if the path with curve read
+ *        is the same as the one provided.
  *
- * @param[in]  derivation_type: Derivation type of the key.
- * @param[in]  buf: Buffer that should contains a bip32 path.
- * @param[out] path_with_curve: Buffer to store the path with curve.
- * @param[out] pubkey: Buffer to store the pubkey.
+ * @param[in]     derivation_type: Derivation type of the key.
+ * @param[in]     buf: Buffer that should contains a bip32 path.
+ * @param[in/out] path_with_curve: Buffer to store the path with curve.
+ * @param[out]    pubkey: Buffer to store the pubkey. Can be NULL
  * @return tz_exc: exception, SW_OK if none
  */
 tz_exc read_path_with_curve(derivation_type_t derivation_type,

diff --git a/src/apdu_pubkey.c b/src/apdu_pubkey.c
@@ -74,10 +74,13 @@ int handle_get_public_key(buffer_t *cdata,
     TZ_ASSERT_NOT_NULL(cdata);
 
     if ((cdata->size == 0u) && authorize) {
-        TZ_ASSERT(copy_bip32_path_with_curve(&global.path_with_curve, &(g_hwm.baking_key)),
-                  EXC_MEMORY_ERROR);
-        CX_CHECK(generate_public_key((cx_ecfp_public_key_t *) &global.public_key,
-                                     &global.path_with_curve));
+        // Do not derive the public key if the two path_with_curve are equal
+        if (!bip32_path_with_curve_eq(&global.path_with_curve, &g_hwm.baking_key)) {
+            TZ_ASSERT(copy_bip32_path_with_curve(&global.path_with_curve, &g_hwm.baking_key),
+                      EXC_MEMORY_ERROR);
+            CX_CHECK(generate_public_key((cx_ecfp_public_key_t *) &global.public_key,
+                                         &global.path_with_curve));
+        }
     } else {
         TZ_CHECK(read_path_with_curve(derivation_type,
                                       cdata,

diff --git a/src/ui_bagl.c b/src/ui_bagl.c
@@ -224,7 +224,13 @@ tz_exc calculate_idle_screen_authorized_key(void) {
                               "No Key Authorized"),
                   EXC_WRONG_LENGTH);
     } else {
-        CX_CHECK(generate_public_key(authorized_pk, &g_hwm.baking_key));
+        // Do not derive the public key if the two path_with_curve are equal
+        if (!bip32_path_with_curve_eq(&global.path_with_curve, &g_hwm.baking_key)) {
+            CX_CHECK(generate_public_key((cx_ecfp_public_key_t *) authorized_pk,
+                                         &global.path_with_curve));
+        } else {
+            memmove(authorized_pk, &global.public_key, sizeof(tz_ecfp_public_key_t));
+        }
 
         TZ_CHECK(pk_to_pkh_string(home_context.authorized_key,
                                   sizeof(home_context.authorized_key),

diff --git a/src/ui_nbgl.c b/src/ui_nbgl.c
@@ -85,7 +85,13 @@ static void initInfo(void) {
         TZ_ASSERT(copy_string(infoContentsBridge[PKH_IDX], MAX_LENGTH, "No Key Authorized"),
                   EXC_WRONG_LENGTH);
     } else {
-        CX_CHECK(generate_public_key(authorized_pk, &g_hwm.baking_key));
+        // Do not derive the public key if the two path_with_curve are equal
+        if (!bip32_path_with_curve_eq(&global.path_with_curve, &g_hwm.baking_key)) {
+            CX_CHECK(generate_public_key((cx_ecfp_public_key_t*) authorized_pk,
+                                         &global.path_with_curve));
+        } else {
+            memmove(authorized_pk, &global.public_key, sizeof(tz_ecfp_public_key_t));
+        }
 
         TZ_CHECK(pk_to_pkh_string(infoContentsBridge[PKH_IDX], MAX_LENGTH, authorized_pk));
     }