diff --git a/core/src/apps/cardano/helpers/paths.py b/core/src/apps/cardano/helpers/paths.py index 1a23472d3..c2d1744c0 100644 --- a/core/src/apps/cardano/helpers/paths.py +++ b/core/src/apps/cardano/helpers/paths.py @@ -18,8 +18,8 @@ SCHEMA_STAKING_ANY_ACCOUNT = PathSchema("m/1852'/coin_type'/[0-%s]'/2/0" % (HARD # the maximum allowed change address. this should be large enough for normal # use and still allow to quickly brute-force the correct bip32 path -MAX_CHANGE_ADDRESS_INDEX = const(1_000_000) -MAX_ACCOUNT_INDEX = const(100) +MAX_SAFE_CHANGE_ADDRESS_INDEX = const(1_000_000) +MAX_SAFE_ACCOUNT_INDEX = const(100) | HARDENED ACCOUNT_PATH_INDEX = const(2) BIP_PATH_LENGTH = const(5) diff --git a/core/src/apps/cardano/sign_tx.py b/core/src/apps/cardano/sign_tx.py index 13bcfb4da..be5891a27 100644 --- a/core/src/apps/cardano/sign_tx.py +++ b/core/src/apps/cardano/sign_tx.py @@ -35,8 +35,8 @@ from .helpers.paths import ( CERTIFICATE_PATH_NAME, CHANGE_OUTPUT_PATH_NAME, CHANGE_OUTPUT_STAKING_PATH_NAME, - MAX_ACCOUNT_INDEX, - MAX_CHANGE_ADDRESS_INDEX, + MAX_SAFE_ACCOUNT_INDEX, + MAX_SAFE_CHANGE_ADDRESS_INDEX, POOL_OWNER_STAKING_PATH_NAME, SCHEMA_ADDRESS, SCHEMA_STAKING, @@ -726,9 +726,9 @@ def _should_hide_output(output: List[int], inputs: List[CardanoTxInputType]) -> if ( len(output) != BIP_PATH_LENGTH or output[ACCOUNT_PATH_INDEX] != inp[ACCOUNT_PATH_INDEX] - or output[(ACCOUNT_PATH_INDEX + 1)] > MAX_ACCOUNT_INDEX + or output[ACCOUNT_PATH_INDEX] > MAX_SAFE_ACCOUNT_INDEX or output[-2] >= 2 - or output[-1] >= MAX_CHANGE_ADDRESS_INDEX + or output[-1] >= MAX_SAFE_CHANGE_ADDRESS_INDEX ): return False return True diff --git a/core/tests/test_apps.cardano.sign_tx.py b/core/tests/test_apps.cardano.sign_tx.py index e7ddce2a0..0e4e22b8f 100644 --- a/core/tests/test_apps.cardano.sign_tx.py +++ b/core/tests/test_apps.cardano.sign_tx.py @@ -9,7 +9,7 @@ if not utils.BITCOIN_ONLY: @unittest.skipUnless(not utils.BITCOIN_ONLY, "altcoin") class TestCardanoSignTransaction(unittest.TestCase): def test_should_show_outputs(self): - outputs_to_show = [ + outputs_to_hide = [ # output is from the same address as input ( [44 | HARDENED, 1815 | HARDENED, 0 | HARDENED, 0, 0], @@ -33,8 +33,23 @@ class TestCardanoSignTransaction(unittest.TestCase): [44 | HARDENED, 1815 | HARDENED, 2 | HARDENED, 0, 2], ], ), + # byron input and shelley output + ( + [1852 | HARDENED, 1815 | HARDENED, 0 | HARDENED, 0, 0], + [ + [44 | HARDENED, 1815 | HARDENED, 0 | HARDENED, 0, 0], + ], + ), + # mixed byron and shelley inputs + ( + [1852 | HARDENED, 1815 | HARDENED, 0 | HARDENED, 0, 0], + [ + [1852 | HARDENED, 1815 | HARDENED, 0 | HARDENED, 0, 0], + [44 | HARDENED, 1815 | HARDENED, 0 | HARDENED, 0, 0], + ], + ), ] - outputs_to_hide = [ + outputs_to_show = [ # output is from different account ( [44 | HARDENED, 1815 | HARDENED, 2 | HARDENED, 0, 0], @@ -68,15 +83,22 @@ class TestCardanoSignTransaction(unittest.TestCase): [44 | HARDENED, 1815 | HARDENED, 0 | HARDENED, 0, 1000001], [[44 | HARDENED, 1815 | HARDENED, 0 | HARDENED, 0, 0]], ), + # max safe account number exceeded + ( + [1852 | HARDENED, 1815 | HARDENED, 101 | HARDENED, 0, 0], + [ + [1852 | HARDENED, 1815 | HARDENED, 101 | HARDENED, 0, 0] + ], + ), ] - for output_path, input_paths in outputs_to_show: + for output_path, input_paths in outputs_to_hide: inputs = [ CardanoTxInputType(address_n=input_path, prev_hash=b"", prev_index=0) for input_path in input_paths ] self.assertTrue(_should_hide_output(output_path, inputs)) - for output_path, input_paths in outputs_to_hide: + for output_path, input_paths in outputs_to_show: inputs = [ CardanoTxInputType(address_n=input_path, prev_hash=b"", prev_index=0) for input_path in input_paths ]