From f8c5bfc9960e640a5aec829df0e19394feaf2809 Mon Sep 17 00:00:00 2001
From: 0xPxt <107792863+0xPxt@users.noreply.github.com>
Date: Thu, 21 Nov 2024 12:48:25 +0100
Subject: [PATCH] Sync dev and main (#6)

* Sync dev and main

* Drop use of deprecated SDK function
---
 .github/workflows/build_and_functional_tests.yml |  2 +-
 src/crypto.c                                     | 14 +++++++++++++-
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build_and_functional_tests.yml b/.github/workflows/build_and_functional_tests.yml
index c62f976..151e282 100644
--- a/.github/workflows/build_and_functional_tests.yml
+++ b/.github/workflows/build_and_functional_tests.yml
@@ -40,4 +40,4 @@ jobs:
     needs: build_application
     runs-on: ubuntu-latest
     steps:
-      - run: cd tests_zemu && yarn test
+      - run: cd tests_zemu && yarn test
\ No newline at end of file
diff --git a/src/crypto.c b/src/crypto.c
index 6d93123..a9e2eef 100644
--- a/src/crypto.c
+++ b/src/crypto.c
@@ -541,8 +541,20 @@ void generate_keypair(Keypair *keypair, const uint32_t account)
         0
     };
 
+    unsigned char raw_privkey[64] = {0};
+    
     // Generate private key
-    os_perso_derive_node_bip32(CX_CURVE_256K1, bip32_path, BIP32_PATH_LEN, keypair->priv, NULL);
+    if (CX_OK != os_derive_bip32_no_throw(CX_CURVE_256K1, bip32_path, BIP32_PATH_LEN, raw_privkey, NULL)) {
+        // Clear sensitive data from the stack
+        explicit_bzero(raw_privkey, sizeof(raw_privkey));
+        return;
+    }
+    
+    memmove(keypair->priv, raw_privkey, SCALAR_BYTES);
+    
+    // Clear sensitive data from the stack
+    explicit_bzero(raw_privkey, sizeof(raw_privkey));
+    
     scalar_from_bytes(keypair->priv);
 
     // Checking cached_keypair.pub is not NULL is a workaround for the linker.