mirror of
https://github.com/trezor/trezor-firmware.git
synced 2025-01-12 00:10:58 +00:00
core: relax path checks on GetPublicKey
(cherry picked from commit 554d8949f5
)
This commit is contained in:
parent
610dedca74
commit
5209804fc3
@ -3,50 +3,16 @@ from trezor.messages import InputScriptType
|
||||
from trezor.messages.HDNodeType import HDNodeType
|
||||
from trezor.messages.PublicKey import PublicKey
|
||||
|
||||
from apps.common import HARDENED, coins, layout, seed
|
||||
|
||||
from .keychain import get_keychain_for_coin
|
||||
|
||||
|
||||
async def get_keychain_for_curve(ctx: wire.Context, curve_name: str) -> seed.Keychain:
|
||||
"""Set up a keychain for SLIP-13 and SLIP-17 namespaces with a specified curve."""
|
||||
namespaces = [
|
||||
(curve_name, [13 | HARDENED]),
|
||||
(curve_name, [17 | HARDENED]),
|
||||
]
|
||||
return await seed.get_keychain(ctx, namespaces)
|
||||
from apps.common import coins, layout, seed
|
||||
|
||||
|
||||
async def get_public_key(ctx, msg):
|
||||
coin_name = msg.coin_name or "Bitcoin"
|
||||
script_type = msg.script_type or InputScriptType.SPENDADDRESS
|
||||
coin = coins.by_name(coin_name)
|
||||
curve_name = msg.ecdsa_curve_name or coin.curve_name
|
||||
|
||||
if msg.ecdsa_curve_name is not None:
|
||||
# If a curve name is provided, disallow coin-specific features.
|
||||
if (
|
||||
msg.coin_name is not None
|
||||
or msg.script_type is not InputScriptType.SPENDADDRESS
|
||||
):
|
||||
raise wire.DataError(
|
||||
"Cannot use coin_name or script_type with ecdsa_curve_name"
|
||||
)
|
||||
|
||||
coin = coins.by_name("Bitcoin")
|
||||
# only allow SLIP-13/17 namespaces
|
||||
keychain = await get_keychain_for_curve(ctx, msg.ecdsa_curve_name)
|
||||
|
||||
elif (
|
||||
coin_name == "Bitcoin"
|
||||
and script_type is InputScriptType.SPENDADDRESS
|
||||
and msg.address_n == [HARDENED]
|
||||
):
|
||||
# allow extracting PSBT master fingerprinty by calling GetPublicKey(m/0')
|
||||
coin = coins.by_name("Bitcoin")
|
||||
keychain = await seed.get_keychain(ctx, [("secp256k1", [HARDENED])])
|
||||
|
||||
else:
|
||||
# select curve and namespaces based on the requested coin properties
|
||||
keychain, coin = await get_keychain_for_coin(ctx, msg.coin_name)
|
||||
keychain = await seed.get_keychain(ctx, [(curve_name, [])])
|
||||
|
||||
node = keychain.derive(msg.address_n)
|
||||
|
||||
|
@ -116,7 +116,7 @@ def test_get_public_node(client, coin_name, xpub_magic, path, xpub):
|
||||
assert bip32.serialize(res.node, xpub_magic) == xpub
|
||||
|
||||
|
||||
@pytest.mark.skip_t1
|
||||
@pytest.mark.xfail(reason="Currently path validation on get_public_node is disabled.")
|
||||
@pytest.mark.parametrize("coin_name, path", VECTORS_INVALID)
|
||||
def test_invalid_path(client, coin_name, path):
|
||||
with pytest.raises(TrezorFailure, match="Forbidden key path"):
|
||||
|
@ -65,7 +65,7 @@ def test_ed25519_public(client):
|
||||
btc.get_public_node(client, PATH_PUBLIC, ecdsa_curve_name="ed25519")
|
||||
|
||||
|
||||
@pytest.mark.skip_t1
|
||||
@pytest.mark.xfail(reason="Currently path validation on get_public_node is disabled.")
|
||||
def test_coin_and_curve(client):
|
||||
with pytest.raises(
|
||||
TrezorFailure, match="Cannot use coin_name or script_type with ecdsa_curve_name"
|
||||
|
Loading…
Reference in New Issue
Block a user