From 877998fa1a044a86ff0fdd3a996f8da93c578156 Mon Sep 17 00:00:00 2001
From: Tomas Susanka <tsusanka@gmail.com>
Date: Tue, 20 Mar 2018 15:12:18 +0100
Subject: [PATCH] bip32/nem: IV is copied before encryption

---
 bip32.c | 6 +++++-
 bip32.h | 2 +-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/bip32.c b/bip32.c
index 4ecfd6e611..4a565704c0 100644
--- a/bip32.c
+++ b/bip32.c
@@ -490,7 +490,7 @@ int hdnode_get_nem_shared_key(const HDNode *node, const ed25519_public_key peer_
 	return 1;
 }
 
-int hdnode_nem_encrypt(const HDNode *node, const ed25519_public_key public_key, uint8_t *iv, const uint8_t *salt, const uint8_t *payload, size_t size, uint8_t *buffer) {
+int hdnode_nem_encrypt(const HDNode *node, const ed25519_public_key public_key, const uint8_t *iv_immut, const uint8_t *salt, const uint8_t *payload, size_t size, uint8_t *buffer) {
 	uint8_t last_block[AES_BLOCK_SIZE];
 	uint8_t remainder = size % AES_BLOCK_SIZE;
 
@@ -501,6 +501,10 @@ int hdnode_nem_encrypt(const HDNode *node, const ed25519_public_key public_key,
 	// Pad new last block with number of missing bytes
 	memset(&last_block[remainder], AES_BLOCK_SIZE - remainder, AES_BLOCK_SIZE - remainder);
 
+	// the IV gets mutated, so we make a copy not to touch the original
+	uint8_t iv[AES_BLOCK_SIZE];
+	memcpy(iv, iv_immut, AES_BLOCK_SIZE);
+
 	uint8_t shared_key[SHA3_256_DIGEST_LENGTH];
 	if (!hdnode_get_nem_shared_key(node, public_key, salt, NULL, shared_key)) {
 		return 0;
diff --git a/bip32.h b/bip32.h
index 0816398420..5398ec3cd9 100644
--- a/bip32.h
+++ b/bip32.h
@@ -81,7 +81,7 @@ int hdnode_get_ethereum_pubkeyhash(const HDNode *node, uint8_t *pubkeyhash);
 #if USE_NEM
 int hdnode_get_nem_address(HDNode *node, uint8_t version, char *address);
 int hdnode_get_nem_shared_key(const HDNode *node, const ed25519_public_key peer_public_key, const uint8_t *salt, ed25519_public_key mul, uint8_t *shared_key);
-int hdnode_nem_encrypt(const HDNode *node, const ed25519_public_key public_key, uint8_t *iv, const uint8_t *salt, const uint8_t *payload, size_t size, uint8_t *buffer);
+int hdnode_nem_encrypt(const HDNode *node, const ed25519_public_key public_key, const uint8_t *iv, const uint8_t *salt, const uint8_t *payload, size_t size, uint8_t *buffer);
 int hdnode_nem_decrypt(const HDNode *node, const ed25519_public_key public_key, uint8_t *iv, const uint8_t *salt, const uint8_t *payload, size_t size, uint8_t *buffer);
 #endif