arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-06-17 21:48:47 +00:00
Code Issues Releases Wiki Activity

fix(legacy): Don't allow unknown paths in GetAddress.

Browse Source
This commit is contained in:
Andrew Kozlik 2021-06-23 17:28:50 +02:00 committed by Martin Milata
parent 3e9f8a32ac
commit 9b0e980c44
3 changed files with 23 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
legacy/firmware/.changelog.d/noissue.security Normal file
View File

@ -0,0 +1 @@
Don't show addresses that have an unrecognized path.

12
legacy/firmware/crypto.c
View File

@ -540,6 +540,14 @@ static bool check_cointype(const CoinInfo *coin, uint32_t slip44, bool full) {
bool coin_known_path_check(const CoinInfo *coin, InputScriptType script_type, bool coin_known_path_check(const CoinInfo *coin, InputScriptType script_type,
uint32_t address_n_count, const uint32_t *address_n, uint32_t address_n_count, const uint32_t *address_n,
bool full) { bool full) {
// If full == true, this function checks that the path is a recognized path
// for the given coin. Used by GetAddress to prevent ransom attacks where a
// user could be coerced to use an address with an unenumerable path.
// If full == false, this function checks that a coin without strong replay
// protection doesn't access paths that are known to be used by another coin.
// Used by SignTx to ensure that a user cannot be coerced into signing a
// testnet transaction or a Litecoin transaction which in fact spends Bitcoin.
bool valid = true; bool valid = true;
// m/44' : BIP44 Legacy // m/44' : BIP44 Legacy
// m / purpose' / coin_type' / account' / change / address_index // m / purpose' / coin_type' / account' / change / address_index
@ -740,6 +748,6 @@ bool coin_known_path_check(const CoinInfo *coin, InputScriptType script_type,
return valid; return valid;
} }
// we don't check unknown paths // we allow unknown paths when a full check is not required
return true; return !full;
} }

12
tests/device_tests/test_msg_getaddress_show.py
View File

@ -17,6 +17,7 @@
import pytest import pytest
from trezorlib import btc, messages, tools from trezorlib import btc, messages, tools
from trezorlib.exceptions import TrezorFailure
VECTORS = ( # path, script_type, address VECTORS = ( # path, script_type, address
( (
@ -51,6 +52,17 @@ def test_show(client, path, script_type, address):
) )
def test_show_unrecognized_path(client):
with pytest.raises(TrezorFailure):
btc.get_address(
client,
"Bitcoin",
tools.parse_path("m/24684621h/516582h/5156h/21/856"),
script_type=messages.InputScriptType.SPENDWITNESS,
show_display=True,
)
@pytest.mark.multisig @pytest.mark.multisig
def test_show_multisig_3(client): def test_show_multisig_3(client):
node = btc.get_public_node( node = btc.get_public_node(