move chain code outside pubkey

keycard-tech · Nov 4, 2022 · a3aba74 · a3aba74
1 parent f3e8342
commit a3aba74
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 21 deletions.
diff --git a/src/main/java/im/status/keycard/KeycardApplet.java b/src/main/java/im/status/keycard/KeycardApplet.java
@@ -1199,14 +1199,17 @@ private void exportKey(APDU apdu) {
       apduBuffer[off++] = TLV_PUB_KEY;
       off++;
       len = secp256k1.derivePublicKey(derivationOutput, (short) 0, apduBuffer, off);
-
-      if (extendedPublic) {
-        Util.arrayCopyNonAtomic(derivationOutput, Crypto.KEY_SECRET_SIZE, apduBuffer, (short) (off + len), CHAIN_CODE_SIZE);
-        len += CHAIN_CODE_SIZE;
-      }
-
       apduBuffer[(short) (off - 1)] = (byte) len;
       off += len;
+
+      if (extendedPublic) {
+        apduBuffer[off++] = TLV_CHAIN_CODE;  
+        off++;      
+        Util.arrayCopyNonAtomic(derivationOutput, Crypto.KEY_SECRET_SIZE, apduBuffer, off, CHAIN_CODE_SIZE);
+        len = CHAIN_CODE_SIZE;
+        apduBuffer[(short) (off - 1)] = (byte) len;
+        off += len;        
+      }
     } else {
       apduBuffer[off++] = TLV_PRIV_KEY;
       off++;

diff --git a/src/test/java/im/status/keycard/KeycardTest.java b/src/test/java/im/status/keycard/KeycardTest.java
@@ -1687,30 +1687,30 @@ private void verifyExportedKey(byte[] keyTemplate, KeyPair keyPair, byte[] chain
       return;
     }
 
+    System.out.println(Hex.toHexString(keyTemplate));
     DeterministicKey dk = deriveKey(keyPair, chainCode, path);
     ECKey key = dk.decompress();
     assertEquals(KeycardApplet.TLV_KEY_TEMPLATE, keyTemplate[0]);
-    int pubKeyLen = 0;
-
+
     if (publicOnly) {
       assertEquals(KeycardApplet.TLV_PUB_KEY, keyTemplate[2]);
       byte[] pubKey = Arrays.copyOfRange(keyTemplate, 4, 4 + keyTemplate[3]);
-      byte[] correctPub = key.getPubKey();
 
-      if (extendedPublic) {
-        byte[] chain = dk.getChainCode();
-        int len = correctPub.length;
-        correctPub = Arrays.copyOf(correctPub, len + chain.length);
-        System.arraycopy(chain, 0, correctPub, len, chain.length);
-      }
+      assertArrayEquals(key.getPubKey(), pubKey);
+      int templateLen = 2 + pubKey.length;
 
-      assertArrayEquals(correctPub, pubKey);
-      pubKeyLen = 2 + pubKey.length;
-      assertEquals(pubKeyLen, keyTemplate[1]);
-      assertEquals(pubKeyLen + 2, keyTemplate.length);
+      if (extendedPublic) {
+        byte[] chain = Arrays.copyOfRange(keyTemplate, templateLen + 4, templateLen + 4 + keyTemplate[3 + templateLen]);
+        assertEquals(KeycardApplet.TLV_CHAIN_CODE, keyTemplate[2 + templateLen]);        
+        assertArrayEquals(dk.getChainCode(), chain);
+        templateLen += 2 + chain.length;
+      }      
+
+      assertEquals(templateLen, keyTemplate[1]);
+      assertEquals(templateLen + 2, keyTemplate.length);
     } else {
-      assertEquals(KeycardApplet.TLV_PRIV_KEY, keyTemplate[2 + pubKeyLen]);
-      byte[] privateKey = Arrays.copyOfRange(keyTemplate, 4 + pubKeyLen, 4 + pubKeyLen + keyTemplate[3 + pubKeyLen]);
+      assertEquals(KeycardApplet.TLV_PRIV_KEY, keyTemplate[2]);
+      byte[] privateKey = Arrays.copyOfRange(keyTemplate, 4, 4 + keyTemplate[3]);
 
       byte[] tPrivKey = key.getPrivKey().toByteArray();