1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-23 14:58:09 +00:00

feat(core): Allow coinjoin request debugging key for testnets.

[no changelog]
This commit is contained in:
Andrew Kozlik 2023-01-18 15:28:11 +01:00 committed by matejcik
parent 96b2d05d47
commit 2f9483f994
2 changed files with 21 additions and 19 deletions

View File

@ -88,10 +88,10 @@ PATTERN_UNCHAINED_DEPRECATED = "m/45'/coin_type'/account'/[0-1000000]/address_in
PATTERN_SLIP26_T1_FW = "m/10026'/49'/2'/0'"
# SLIP-44 coin type for Bitcoin
_SLIP44_BITCOIN = const(0)
SLIP44_BITCOIN = const(0)
# SLIP-44 coin type for all Testnet coins
_SLIP44_TESTNET = const(1)
SLIP44_TESTNET = const(1)
def validate_path_against_script_type(
@ -118,7 +118,7 @@ def validate_path_against_script_type(
if script_type == InputScriptType.SPENDADDRESS and not multisig:
append(PATTERN_BIP44)
if slip44 == _SLIP44_BITCOIN:
if slip44 == SLIP44_BITCOIN:
append(PATTERN_GREENADDRESS_A)
append(PATTERN_GREENADDRESS_B)
@ -127,11 +127,11 @@ def validate_path_against_script_type(
and multisig
):
append(PATTERN_BIP48_RAW)
if slip44 == _SLIP44_BITCOIN or (
coin.fork_id is not None and slip44 != _SLIP44_TESTNET
if slip44 == SLIP44_BITCOIN or (
coin.fork_id is not None and slip44 != SLIP44_TESTNET
):
append(PATTERN_BIP45)
if slip44 == _SLIP44_BITCOIN:
if slip44 == SLIP44_BITCOIN:
append(PATTERN_GREENADDRESS_A)
append(PATTERN_GREENADDRESS_B)
if coin.coin_name in BITCOIN_NAMES:
@ -144,7 +144,7 @@ def validate_path_against_script_type(
append(PATTERN_CASA)
if multisig:
append(PATTERN_BIP48_P2SHSEGWIT)
if slip44 == _SLIP44_BITCOIN:
if slip44 == SLIP44_BITCOIN:
append(PATTERN_GREENADDRESS_A)
append(PATTERN_GREENADDRESS_B)
if coin.coin_name in BITCOIN_NAMES:
@ -154,7 +154,7 @@ def validate_path_against_script_type(
append(PATTERN_BIP84)
if multisig:
append(PATTERN_BIP48_SEGWIT)
if slip44 == _SLIP44_BITCOIN:
if slip44 == SLIP44_BITCOIN:
append(PATTERN_GREENADDRESS_A)
append(PATTERN_GREENADDRESS_B)
@ -183,12 +183,12 @@ def _get_schemas_for_coin(
]
# patterns without coin_type field must be treated as if coin_type == 0
if coin.slip44 == _SLIP44_BITCOIN or (
coin.fork_id is not None and coin.slip44 != _SLIP44_TESTNET
if coin.slip44 == SLIP44_BITCOIN or (
coin.fork_id is not None and coin.slip44 != SLIP44_TESTNET
):
patterns.append(PATTERN_BIP45)
if coin.slip44 == _SLIP44_BITCOIN:
if coin.slip44 == SLIP44_BITCOIN:
patterns.extend(
(
PATTERN_GREENADDRESS_A,
@ -243,9 +243,9 @@ def get_schemas_from_patterns(
# cannot allow spending any testnet coins from Bitcoin paths, because
# otherwise an attacker could trick the user into spending BCH on a Bitcoin
# path by signing a seemingly harmless BCH Testnet transaction.
if coin.fork_id is not None and coin.slip44 != _SLIP44_TESTNET:
if coin.fork_id is not None and coin.slip44 != SLIP44_TESTNET:
schemas.extend(
PathSchema.parse(pattern, _SLIP44_BITCOIN) for pattern in patterns
PathSchema.parse(pattern, SLIP44_BITCOIN) for pattern in patterns
)
return schemas

View File

@ -10,7 +10,7 @@ from apps.common import safety_checks
from .. import writers
from ..common import input_is_external_unverified
from ..keychain import validate_path_against_script_type
from ..keychain import SLIP44_TESTNET, validate_path_against_script_type
from . import helpers, tx_weight
from .sig_hasher import BitcoinSigHasher
from .tx_info import OriginalTxInfo
@ -347,10 +347,12 @@ class CoinJoinApprover(Approver):
COINJOIN_FLAGS_SIGNABLE = const(0x01)
COINJOIN_FLAGS_NO_FEE = const(0x02)
# The public key used for verifying coinjoin requests in production on mainnet.
COINJOIN_REQ_PUBKEY = b"\x02W\x03\xbb\xe1[\xb0\x8e\x98!\xfed\xaf\xf6\xb2\xef\x1a1`\xe3y\x9d\xd8\xf0\xce\xbf,y\xe8g\xdd\x12]"
if __debug__:
# secp256k1 public key of m/0h for "all all ... all" seed.
COINJOIN_REQ_PUBKEY_DEBUG = b"\x03\x0f\xdf^(\x9bZ\xefSb\x90\x95:\xe8\x1c\xe6\x0e\x84\x1f\xf9V\xf3f\xac\x12?\xa6\x9d\xb3\xc7\x9f!\xb0"
# The public key used for verifying coinjoin requests on testnet and in debug mode.
# secp256k1 public key of m/0h for "all all ... all" seed.
COINJOIN_REQ_PUBKEY_TEST = b"\x03\x0f\xdf^(\x9bZ\xefSb\x90\x95:\xe8\x1c\xe6\x0e\x84\x1f\xf9V\xf3f\xac\x12?\xa6\x9d\xb3\xc7\x9f!\xb0"
def __init__(
self,
@ -454,9 +456,9 @@ class CoinJoinApprover(Approver):
)
# Verify the CoinJoin request signature.
if __debug__:
if __debug__ or self.coin.slip44 == SLIP44_TESTNET:
if secp256k1.verify(
self.COINJOIN_REQ_PUBKEY_DEBUG,
self.COINJOIN_REQ_PUBKEY_TEST,
self.request.signature,
self.h_request.get_digest(),
):