From 5209804fc384ad2c206ac6890760095226302cec Mon Sep 17 00:00:00 2001 From: matejcik Date: Tue, 26 May 2020 15:37:06 +0200 Subject: [PATCH] core: relax path checks on GetPublicKey (cherry picked from commit 554d8949f5660f994a5273dbf0a0cfb17b7951db) --- core/src/apps/bitcoin/get_public_key.py | 42 ++----------------- tests/device_tests/test_msg_getpublickey.py | 2 +- .../test_msg_getpublickey_curve.py | 2 +- 3 files changed, 6 insertions(+), 40 deletions(-) diff --git a/core/src/apps/bitcoin/get_public_key.py b/core/src/apps/bitcoin/get_public_key.py index 1cd98d5fad..2b007d59f9 100644 --- a/core/src/apps/bitcoin/get_public_key.py +++ b/core/src/apps/bitcoin/get_public_key.py @@ -3,50 +3,16 @@ from trezor.messages import InputScriptType from trezor.messages.HDNodeType import HDNodeType from trezor.messages.PublicKey import PublicKey -from apps.common import HARDENED, coins, layout, seed - -from .keychain import get_keychain_for_coin - - -async def get_keychain_for_curve(ctx: wire.Context, curve_name: str) -> seed.Keychain: - """Set up a keychain for SLIP-13 and SLIP-17 namespaces with a specified curve.""" - namespaces = [ - (curve_name, [13 | HARDENED]), - (curve_name, [17 | HARDENED]), - ] - return await seed.get_keychain(ctx, namespaces) +from apps.common import coins, layout, seed async def get_public_key(ctx, msg): coin_name = msg.coin_name or "Bitcoin" script_type = msg.script_type or InputScriptType.SPENDADDRESS + coin = coins.by_name(coin_name) + curve_name = msg.ecdsa_curve_name or coin.curve_name - if msg.ecdsa_curve_name is not None: - # If a curve name is provided, disallow coin-specific features. - if ( - msg.coin_name is not None - or msg.script_type is not InputScriptType.SPENDADDRESS - ): - raise wire.DataError( - "Cannot use coin_name or script_type with ecdsa_curve_name" - ) - - coin = coins.by_name("Bitcoin") - # only allow SLIP-13/17 namespaces - keychain = await get_keychain_for_curve(ctx, msg.ecdsa_curve_name) - - elif ( - coin_name == "Bitcoin" - and script_type is InputScriptType.SPENDADDRESS - and msg.address_n == [HARDENED] - ): - # allow extracting PSBT master fingerprinty by calling GetPublicKey(m/0') - coin = coins.by_name("Bitcoin") - keychain = await seed.get_keychain(ctx, [("secp256k1", [HARDENED])]) - - else: - # select curve and namespaces based on the requested coin properties - keychain, coin = await get_keychain_for_coin(ctx, msg.coin_name) + keychain = await seed.get_keychain(ctx, [(curve_name, [])]) node = keychain.derive(msg.address_n) diff --git a/tests/device_tests/test_msg_getpublickey.py b/tests/device_tests/test_msg_getpublickey.py index c23277b1ba..2286dda41b 100644 --- a/tests/device_tests/test_msg_getpublickey.py +++ b/tests/device_tests/test_msg_getpublickey.py @@ -116,7 +116,7 @@ def test_get_public_node(client, coin_name, xpub_magic, path, xpub): assert bip32.serialize(res.node, xpub_magic) == xpub -@pytest.mark.skip_t1 +@pytest.mark.xfail(reason="Currently path validation on get_public_node is disabled.") @pytest.mark.parametrize("coin_name, path", VECTORS_INVALID) def test_invalid_path(client, coin_name, path): with pytest.raises(TrezorFailure, match="Forbidden key path"): diff --git a/tests/device_tests/test_msg_getpublickey_curve.py b/tests/device_tests/test_msg_getpublickey_curve.py index 4f2f1594e7..3b034c6963 100644 --- a/tests/device_tests/test_msg_getpublickey_curve.py +++ b/tests/device_tests/test_msg_getpublickey_curve.py @@ -65,7 +65,7 @@ def test_ed25519_public(client): btc.get_public_node(client, PATH_PUBLIC, ecdsa_curve_name="ed25519") -@pytest.mark.skip_t1 +@pytest.mark.xfail(reason="Currently path validation on get_public_node is disabled.") def test_coin_and_curve(client): with pytest.raises( TrezorFailure, match="Cannot use coin_name or script_type with ecdsa_curve_name"