1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-24 23:38:09 +00:00

core: relax path checks on GetPublicKey

(cherry picked from commit 554d8949f5)
This commit is contained in:
matejcik 2020-05-26 15:37:06 +02:00 committed by Tomas Susanka
parent 610dedca74
commit 5209804fc3
3 changed files with 6 additions and 40 deletions

View File

@ -3,50 +3,16 @@ from trezor.messages import InputScriptType
from trezor.messages.HDNodeType import HDNodeType from trezor.messages.HDNodeType import HDNodeType
from trezor.messages.PublicKey import PublicKey from trezor.messages.PublicKey import PublicKey
from apps.common import HARDENED, coins, layout, seed from apps.common import coins, layout, seed
from .keychain import get_keychain_for_coin
async def get_keychain_for_curve(ctx: wire.Context, curve_name: str) -> seed.Keychain:
"""Set up a keychain for SLIP-13 and SLIP-17 namespaces with a specified curve."""
namespaces = [
(curve_name, [13 | HARDENED]),
(curve_name, [17 | HARDENED]),
]
return await seed.get_keychain(ctx, namespaces)
async def get_public_key(ctx, msg): async def get_public_key(ctx, msg):
coin_name = msg.coin_name or "Bitcoin" coin_name = msg.coin_name or "Bitcoin"
script_type = msg.script_type or InputScriptType.SPENDADDRESS script_type = msg.script_type or InputScriptType.SPENDADDRESS
coin = coins.by_name(coin_name)
curve_name = msg.ecdsa_curve_name or coin.curve_name
if msg.ecdsa_curve_name is not None: keychain = await seed.get_keychain(ctx, [(curve_name, [])])
# If a curve name is provided, disallow coin-specific features.
if (
msg.coin_name is not None
or msg.script_type is not InputScriptType.SPENDADDRESS
):
raise wire.DataError(
"Cannot use coin_name or script_type with ecdsa_curve_name"
)
coin = coins.by_name("Bitcoin")
# only allow SLIP-13/17 namespaces
keychain = await get_keychain_for_curve(ctx, msg.ecdsa_curve_name)
elif (
coin_name == "Bitcoin"
and script_type is InputScriptType.SPENDADDRESS
and msg.address_n == [HARDENED]
):
# allow extracting PSBT master fingerprinty by calling GetPublicKey(m/0')
coin = coins.by_name("Bitcoin")
keychain = await seed.get_keychain(ctx, [("secp256k1", [HARDENED])])
else:
# select curve and namespaces based on the requested coin properties
keychain, coin = await get_keychain_for_coin(ctx, msg.coin_name)
node = keychain.derive(msg.address_n) node = keychain.derive(msg.address_n)

View File

@ -116,7 +116,7 @@ def test_get_public_node(client, coin_name, xpub_magic, path, xpub):
assert bip32.serialize(res.node, xpub_magic) == xpub assert bip32.serialize(res.node, xpub_magic) == xpub
@pytest.mark.skip_t1 @pytest.mark.xfail(reason="Currently path validation on get_public_node is disabled.")
@pytest.mark.parametrize("coin_name, path", VECTORS_INVALID) @pytest.mark.parametrize("coin_name, path", VECTORS_INVALID)
def test_invalid_path(client, coin_name, path): def test_invalid_path(client, coin_name, path):
with pytest.raises(TrezorFailure, match="Forbidden key path"): with pytest.raises(TrezorFailure, match="Forbidden key path"):

View File

@ -65,7 +65,7 @@ def test_ed25519_public(client):
btc.get_public_node(client, PATH_PUBLIC, ecdsa_curve_name="ed25519") btc.get_public_node(client, PATH_PUBLIC, ecdsa_curve_name="ed25519")
@pytest.mark.skip_t1 @pytest.mark.xfail(reason="Currently path validation on get_public_node is disabled.")
def test_coin_and_curve(client): def test_coin_and_curve(client):
with pytest.raises( with pytest.raises(
TrezorFailure, match="Cannot use coin_name or script_type with ecdsa_curve_name" TrezorFailure, match="Cannot use coin_name or script_type with ecdsa_curve_name"