core/seed: Ensure ed25519 paths are hardened in Keychain.derive().

5 years ago · 58e06ba22c
parent 5f604b5fea
commit 58e06ba22c
1 changed files with 3 additions and 1 deletions
--- a/core/src/apps/common/seed.py
+++ b/core/src/apps/common/seed.py
@ -64,6 +64,9 @@ class Keychain:
    def derive(
        self, node_path: list, curve_name: str = "secp256k1"
    ) -> Union[bip32.HDNode, Slip21Node]:
+        if "ed25519" in curve_name and not _path_hardened(node_path):
+            raise wire.DataError("Forbidden key path")
+
        # find the root node index
        root_index = 0
        for curve, *path in self.namespaces:
@ -85,7 +88,6 @@ class Keychain:
            root.derive_path(path)
            self.roots[root_index] = root

-        # TODO check for ed25519?
        # derive child node from the root
        node = root.clone()
        node.derive_path(suffix)