1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-23 06:48:16 +00:00

fix(core/Cardano): account index validation in _should_hide_output()

This commit is contained in:
Rafael Korbas 2021-02-11 13:52:45 +01:00 committed by matejcik
parent cf871ee754
commit 3197741795
3 changed files with 32 additions and 10 deletions

View File

@ -18,8 +18,8 @@ SCHEMA_STAKING_ANY_ACCOUNT = PathSchema("m/1852'/coin_type'/[0-%s]'/2/0" % (HARD
# the maximum allowed change address. this should be large enough for normal
# use and still allow to quickly brute-force the correct bip32 path
MAX_CHANGE_ADDRESS_INDEX = const(1_000_000)
MAX_ACCOUNT_INDEX = const(100)
MAX_SAFE_CHANGE_ADDRESS_INDEX = const(1_000_000)
MAX_SAFE_ACCOUNT_INDEX = const(100) | HARDENED
ACCOUNT_PATH_INDEX = const(2)
BIP_PATH_LENGTH = const(5)

View File

@ -35,8 +35,8 @@ from .helpers.paths import (
CERTIFICATE_PATH_NAME,
CHANGE_OUTPUT_PATH_NAME,
CHANGE_OUTPUT_STAKING_PATH_NAME,
MAX_ACCOUNT_INDEX,
MAX_CHANGE_ADDRESS_INDEX,
MAX_SAFE_ACCOUNT_INDEX,
MAX_SAFE_CHANGE_ADDRESS_INDEX,
POOL_OWNER_STAKING_PATH_NAME,
SCHEMA_ADDRESS,
SCHEMA_STAKING,
@ -726,9 +726,9 @@ def _should_hide_output(output: List[int], inputs: List[CardanoTxInputType]) ->
if (
len(output) != BIP_PATH_LENGTH
or output[ACCOUNT_PATH_INDEX] != inp[ACCOUNT_PATH_INDEX]
or output[(ACCOUNT_PATH_INDEX + 1)] > MAX_ACCOUNT_INDEX
or output[ACCOUNT_PATH_INDEX] > MAX_SAFE_ACCOUNT_INDEX
or output[-2] >= 2
or output[-1] >= MAX_CHANGE_ADDRESS_INDEX
or output[-1] >= MAX_SAFE_CHANGE_ADDRESS_INDEX
):
return False
return True

View File

@ -9,7 +9,7 @@ if not utils.BITCOIN_ONLY:
@unittest.skipUnless(not utils.BITCOIN_ONLY, "altcoin")
class TestCardanoSignTransaction(unittest.TestCase):
def test_should_show_outputs(self):
outputs_to_show = [
outputs_to_hide = [
# output is from the same address as input
(
[44 | HARDENED, 1815 | HARDENED, 0 | HARDENED, 0, 0],
@ -33,8 +33,23 @@ class TestCardanoSignTransaction(unittest.TestCase):
[44 | HARDENED, 1815 | HARDENED, 2 | HARDENED, 0, 2],
],
),
# byron input and shelley output
(
[1852 | HARDENED, 1815 | HARDENED, 0 | HARDENED, 0, 0],
[
[44 | HARDENED, 1815 | HARDENED, 0 | HARDENED, 0, 0],
],
),
# mixed byron and shelley inputs
(
[1852 | HARDENED, 1815 | HARDENED, 0 | HARDENED, 0, 0],
[
[1852 | HARDENED, 1815 | HARDENED, 0 | HARDENED, 0, 0],
[44 | HARDENED, 1815 | HARDENED, 0 | HARDENED, 0, 0],
],
),
]
outputs_to_hide = [
outputs_to_show = [
# output is from different account
(
[44 | HARDENED, 1815 | HARDENED, 2 | HARDENED, 0, 0],
@ -68,15 +83,22 @@ class TestCardanoSignTransaction(unittest.TestCase):
[44 | HARDENED, 1815 | HARDENED, 0 | HARDENED, 0, 1000001],
[[44 | HARDENED, 1815 | HARDENED, 0 | HARDENED, 0, 0]],
),
# max safe account number exceeded
(
[1852 | HARDENED, 1815 | HARDENED, 101 | HARDENED, 0, 0],
[
[1852 | HARDENED, 1815 | HARDENED, 101 | HARDENED, 0, 0]
],
),
]
for output_path, input_paths in outputs_to_show:
for output_path, input_paths in outputs_to_hide:
inputs = [
CardanoTxInputType(address_n=input_path, prev_hash=b"", prev_index=0) for input_path in input_paths
]
self.assertTrue(_should_hide_output(output_path, inputs))
for output_path, input_paths in outputs_to_hide:
for output_path, input_paths in outputs_to_show:
inputs = [
CardanoTxInputType(address_n=input_path, prev_hash=b"", prev_index=0) for input_path in input_paths
]