mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-12-24 15:28:10 +00:00
core: relax path checks on GetPublicKey
(cherry picked from commit 554d8949f5
)
This commit is contained in:
parent
610dedca74
commit
5209804fc3
@ -3,50 +3,16 @@ from trezor.messages import InputScriptType
|
|||||||
from trezor.messages.HDNodeType import HDNodeType
|
from trezor.messages.HDNodeType import HDNodeType
|
||||||
from trezor.messages.PublicKey import PublicKey
|
from trezor.messages.PublicKey import PublicKey
|
||||||
|
|
||||||
from apps.common import HARDENED, coins, layout, seed
|
from apps.common import coins, layout, seed
|
||||||
|
|
||||||
from .keychain import get_keychain_for_coin
|
|
||||||
|
|
||||||
|
|
||||||
async def get_keychain_for_curve(ctx: wire.Context, curve_name: str) -> seed.Keychain:
|
|
||||||
"""Set up a keychain for SLIP-13 and SLIP-17 namespaces with a specified curve."""
|
|
||||||
namespaces = [
|
|
||||||
(curve_name, [13 | HARDENED]),
|
|
||||||
(curve_name, [17 | HARDENED]),
|
|
||||||
]
|
|
||||||
return await seed.get_keychain(ctx, namespaces)
|
|
||||||
|
|
||||||
|
|
||||||
async def get_public_key(ctx, msg):
|
async def get_public_key(ctx, msg):
|
||||||
coin_name = msg.coin_name or "Bitcoin"
|
coin_name = msg.coin_name or "Bitcoin"
|
||||||
script_type = msg.script_type or InputScriptType.SPENDADDRESS
|
script_type = msg.script_type or InputScriptType.SPENDADDRESS
|
||||||
|
coin = coins.by_name(coin_name)
|
||||||
|
curve_name = msg.ecdsa_curve_name or coin.curve_name
|
||||||
|
|
||||||
if msg.ecdsa_curve_name is not None:
|
keychain = await seed.get_keychain(ctx, [(curve_name, [])])
|
||||||
# If a curve name is provided, disallow coin-specific features.
|
|
||||||
if (
|
|
||||||
msg.coin_name is not None
|
|
||||||
or msg.script_type is not InputScriptType.SPENDADDRESS
|
|
||||||
):
|
|
||||||
raise wire.DataError(
|
|
||||||
"Cannot use coin_name or script_type with ecdsa_curve_name"
|
|
||||||
)
|
|
||||||
|
|
||||||
coin = coins.by_name("Bitcoin")
|
|
||||||
# only allow SLIP-13/17 namespaces
|
|
||||||
keychain = await get_keychain_for_curve(ctx, msg.ecdsa_curve_name)
|
|
||||||
|
|
||||||
elif (
|
|
||||||
coin_name == "Bitcoin"
|
|
||||||
and script_type is InputScriptType.SPENDADDRESS
|
|
||||||
and msg.address_n == [HARDENED]
|
|
||||||
):
|
|
||||||
# allow extracting PSBT master fingerprinty by calling GetPublicKey(m/0')
|
|
||||||
coin = coins.by_name("Bitcoin")
|
|
||||||
keychain = await seed.get_keychain(ctx, [("secp256k1", [HARDENED])])
|
|
||||||
|
|
||||||
else:
|
|
||||||
# select curve and namespaces based on the requested coin properties
|
|
||||||
keychain, coin = await get_keychain_for_coin(ctx, msg.coin_name)
|
|
||||||
|
|
||||||
node = keychain.derive(msg.address_n)
|
node = keychain.derive(msg.address_n)
|
||||||
|
|
||||||
|
@ -116,7 +116,7 @@ def test_get_public_node(client, coin_name, xpub_magic, path, xpub):
|
|||||||
assert bip32.serialize(res.node, xpub_magic) == xpub
|
assert bip32.serialize(res.node, xpub_magic) == xpub
|
||||||
|
|
||||||
|
|
||||||
@pytest.mark.skip_t1
|
@pytest.mark.xfail(reason="Currently path validation on get_public_node is disabled.")
|
||||||
@pytest.mark.parametrize("coin_name, path", VECTORS_INVALID)
|
@pytest.mark.parametrize("coin_name, path", VECTORS_INVALID)
|
||||||
def test_invalid_path(client, coin_name, path):
|
def test_invalid_path(client, coin_name, path):
|
||||||
with pytest.raises(TrezorFailure, match="Forbidden key path"):
|
with pytest.raises(TrezorFailure, match="Forbidden key path"):
|
||||||
|
@ -65,7 +65,7 @@ def test_ed25519_public(client):
|
|||||||
btc.get_public_node(client, PATH_PUBLIC, ecdsa_curve_name="ed25519")
|
btc.get_public_node(client, PATH_PUBLIC, ecdsa_curve_name="ed25519")
|
||||||
|
|
||||||
|
|
||||||
@pytest.mark.skip_t1
|
@pytest.mark.xfail(reason="Currently path validation on get_public_node is disabled.")
|
||||||
def test_coin_and_curve(client):
|
def test_coin_and_curve(client):
|
||||||
with pytest.raises(
|
with pytest.raises(
|
||||||
TrezorFailure, match="Cannot use coin_name or script_type with ecdsa_curve_name"
|
TrezorFailure, match="Cannot use coin_name or script_type with ecdsa_curve_name"
|
||||||
|
Loading…
Reference in New Issue
Block a user