1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-24 23:38:09 +00:00

core: relax path checks on GetPublicKey

This commit is contained in:
matejcik 2020-05-26 15:37:06 +02:00 committed by Tomas Susanka
parent d59ffe553f
commit 554d8949f5
3 changed files with 6 additions and 40 deletions

View File

@ -3,50 +3,16 @@ from trezor.messages import InputScriptType
from trezor.messages.HDNodeType import HDNodeType
from trezor.messages.PublicKey import PublicKey
from apps.common import HARDENED, coins, layout, seed
from .keychain import get_keychain_for_coin
async def get_keychain_for_curve(ctx: wire.Context, curve_name: str) -> seed.Keychain:
"""Set up a keychain for SLIP-13 and SLIP-17 namespaces with a specified curve."""
namespaces = [
(curve_name, [13 | HARDENED]),
(curve_name, [17 | HARDENED]),
]
return await seed.get_keychain(ctx, namespaces)
from apps.common import coins, layout, seed
async def get_public_key(ctx, msg):
coin_name = msg.coin_name or "Bitcoin"
script_type = msg.script_type or InputScriptType.SPENDADDRESS
coin = coins.by_name(coin_name)
curve_name = msg.ecdsa_curve_name or coin.curve_name
if msg.ecdsa_curve_name is not None:
# If a curve name is provided, disallow coin-specific features.
if (
msg.coin_name is not None
or msg.script_type is not InputScriptType.SPENDADDRESS
):
raise wire.DataError(
"Cannot use coin_name or script_type with ecdsa_curve_name"
)
coin = coins.by_name("Bitcoin")
# only allow SLIP-13/17 namespaces
keychain = await get_keychain_for_curve(ctx, msg.ecdsa_curve_name)
elif (
coin_name == "Bitcoin"
and script_type is InputScriptType.SPENDADDRESS
and msg.address_n == [HARDENED]
):
# allow extracting PSBT master fingerprinty by calling GetPublicKey(m/0')
coin = coins.by_name("Bitcoin")
keychain = await seed.get_keychain(ctx, [("secp256k1", [HARDENED])])
else:
# select curve and namespaces based on the requested coin properties
keychain, coin = await get_keychain_for_coin(ctx, msg.coin_name)
keychain = await seed.get_keychain(ctx, [(curve_name, [])])
node = keychain.derive(msg.address_n)

View File

@ -116,7 +116,7 @@ def test_get_public_node(client, coin_name, xpub_magic, path, xpub):
assert bip32.serialize(res.node, xpub_magic) == xpub
@pytest.mark.skip_t1
@pytest.mark.xfail(reason="Currently path validation on get_public_node is disabled.")
@pytest.mark.parametrize("coin_name, path", VECTORS_INVALID)
def test_invalid_path(client, coin_name, path):
with pytest.raises(TrezorFailure, match="Forbidden key path"):

View File

@ -65,7 +65,7 @@ def test_ed25519_public(client):
btc.get_public_node(client, PATH_PUBLIC, ecdsa_curve_name="ed25519")
@pytest.mark.skip_t1
@pytest.mark.xfail(reason="Currently path validation on get_public_node is disabled.")
def test_coin_and_curve(client):
with pytest.raises(
TrezorFailure, match="Cannot use coin_name or script_type with ecdsa_curve_name"