diff --git a/src_features/provideDynamicNetwork/network_dynamic.c b/src_features/provideDynamicNetwork/network_dynamic.c index 233072d752..45f5474ad2 100644 --- a/src_features/provideDynamicNetwork/network_dynamic.c +++ b/src_features/provideDynamicNetwork/network_dynamic.c @@ -379,6 +379,12 @@ static uint16_t handle_next_icon_chunk(const uint8_t *data, uint8_t length) { */ static uint16_t handle_icon_chunks(uint8_t p1, const uint8_t *data, uint8_t length) { uint16_t sw = APDU_RESPONSE_UNKNOWN; + uint8_t hash[CX_SHA256_SIZE] = {0}; + + if (memcmp(g_network_icon[g_current_slot].hash, hash, CX_SHA256_SIZE) == 0) { + PRINTF("Error: Icon hash not set!\n"); + return APDU_RESPONSE_INVALID_DATA; + } // Check the received chunk index if (p1 == P1_FIRST_CHUNK) { @@ -435,16 +441,24 @@ static bool verify_signature(s_sig_ctx *sig_ctx) { CX_CHECK( cx_hash_no_throw((cx_hash_t *) &sig_ctx->hash_ctx, CX_LAST, NULL, 0, hash, INT256_LENGTH)); +#ifdef HAVE_LEDGER_PKI CX_CHECK(check_signature_with_pubkey("Dynamic Network", hash, sizeof(hash), LEDGER_SIGNATURE_PUBLIC_KEY, sizeof(LEDGER_SIGNATURE_PUBLIC_KEY), -#ifdef HAVE_LEDGER_PKI CERTIFICATE_PUBLIC_KEY_USAGE_COIN_META, -#endif (uint8_t *) (sig_ctx->sig), sig_ctx->sig_size)); +#else + CX_CHECK(check_signature_with_pubkey("Dynamic Network", + hash, + sizeof(hash), + LEDGER_SIGNATURE_PUBLIC_KEY, + sizeof(LEDGER_SIGNATURE_PUBLIC_KEY), + (uint8_t *) (sig_ctx->sig), + sig_ctx->sig_size)); +#endif ret_code = true; end: