fix(core/Cardano): account index validation in _should_hide_output()

core/src/apps/cardano/helpers/paths.py

@@ -18,8 +18,8 @@ SCHEMA_STAKING_ANY_ACCOUNT = PathSchema("m/1852'/coin_type'/[0-%s]'/2/0" % (HARD
 
 # the maximum allowed change address.  this should be large enough for normal
 # use and still allow to quickly brute-force the correct bip32 path
-MAX_CHANGE_ADDRESS_INDEX = const(1_000_000)
-MAX_ACCOUNT_INDEX = const(100)
+MAX_SAFE_CHANGE_ADDRESS_INDEX = const(1_000_000)
+MAX_SAFE_ACCOUNT_INDEX = const(100) | HARDENED
 ACCOUNT_PATH_INDEX = const(2)
 BIP_PATH_LENGTH = const(5)
 

core/src/apps/cardano/sign_tx.py

@@ -35,8 +35,8 @@ from .helpers.paths import (
     CERTIFICATE_PATH_NAME,
     CHANGE_OUTPUT_PATH_NAME,
     CHANGE_OUTPUT_STAKING_PATH_NAME,
-    MAX_ACCOUNT_INDEX,
-    MAX_CHANGE_ADDRESS_INDEX,
+    MAX_SAFE_ACCOUNT_INDEX,
+    MAX_SAFE_CHANGE_ADDRESS_INDEX,
     POOL_OWNER_STAKING_PATH_NAME,
     SCHEMA_ADDRESS,
     SCHEMA_STAKING,
@@ -726,9 +726,9 @@ def _should_hide_output(output: List[int], inputs: List[CardanoTxInputType]) ->
         if (
             len(output) != BIP_PATH_LENGTH
             or output[ACCOUNT_PATH_INDEX] != inp[ACCOUNT_PATH_INDEX]
-            or output[(ACCOUNT_PATH_INDEX + 1)] > MAX_ACCOUNT_INDEX
+            or output[ACCOUNT_PATH_INDEX] > MAX_SAFE_ACCOUNT_INDEX
             or output[-2] >= 2
-            or output[-1] >= MAX_CHANGE_ADDRESS_INDEX
+            or output[-1] >= MAX_SAFE_CHANGE_ADDRESS_INDEX
         ):
             return False
     return True

core/tests/test_apps.cardano.sign_tx.py

@@ -9,7 +9,7 @@ if not utils.BITCOIN_ONLY:
 @unittest.skipUnless(not utils.BITCOIN_ONLY, "altcoin")
 class TestCardanoSignTransaction(unittest.TestCase):
     def test_should_show_outputs(self):
-        outputs_to_show = [
+        outputs_to_hide = [
             # output is from the same address as input
             (
                 [44 | HARDENED, 1815 | HARDENED, 0 | HARDENED, 0, 0],
@@ -33,8 +33,23 @@ class TestCardanoSignTransaction(unittest.TestCase):
                     [44 | HARDENED, 1815 | HARDENED, 2 | HARDENED, 0, 2],
                 ],
             ),
+            # byron input and shelley output
+            (
+                [1852 | HARDENED, 1815 | HARDENED, 0 | HARDENED, 0, 0],
+                [
+                    [44 | HARDENED, 1815 | HARDENED, 0 | HARDENED, 0, 0],
+                ],
+            ),
+            # mixed byron and shelley inputs
+            (
+                [1852 | HARDENED, 1815 | HARDENED, 0 | HARDENED, 0, 0],
+                [
+                    [1852 | HARDENED, 1815 | HARDENED, 0 | HARDENED, 0, 0],
+                    [44 | HARDENED, 1815 | HARDENED, 0 | HARDENED, 0, 0],
+                ],
+            ),
         ]
-        outputs_to_hide = [
+        outputs_to_show = [
             # output is from different account
             (
                 [44 | HARDENED, 1815 | HARDENED, 2 | HARDENED, 0, 0],
@@ -68,15 +83,22 @@ class TestCardanoSignTransaction(unittest.TestCase):
                 [44 | HARDENED, 1815 | HARDENED, 0 | HARDENED, 0, 1000001],
                 [[44 | HARDENED, 1815 | HARDENED, 0 | HARDENED, 0, 0]],
             ),
+            # max safe account number exceeded
+            (
+                [1852 | HARDENED, 1815 | HARDENED, 101 | HARDENED, 0, 0],
+                [
+                    [1852 | HARDENED, 1815 | HARDENED, 101 | HARDENED, 0, 0]
+                ],
+            ),
         ]
 
-        for output_path, input_paths in outputs_to_show:
+        for output_path, input_paths in outputs_to_hide:
             inputs = [
                 CardanoTxInputType(address_n=input_path, prev_hash=b"", prev_index=0) for input_path in input_paths
             ]
             self.assertTrue(_should_hide_output(output_path, inputs))
 
-        for output_path, input_paths in outputs_to_hide:
+        for output_path, input_paths in outputs_to_show:
             inputs = [
                 CardanoTxInputType(address_n=input_path, prev_hash=b"", prev_index=0) for input_path in input_paths
             ]