1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-01 20:08:26 +00:00

paths: disallow special ed25519 curves

This commit is contained in:
Tomas Susanka 2019-04-09 16:32:52 +02:00
parent 8aa60e6cfd
commit b84d0e8452
2 changed files with 20 additions and 1 deletions

View File

@ -28,7 +28,7 @@ class Keychain:
def validate_path(self, checked_path: list, checked_curve: str): def validate_path(self, checked_path: list, checked_curve: str):
for curve, *path in self.namespaces: for curve, *path in self.namespaces:
if path == checked_path[: len(path)] and curve == checked_curve: if path == checked_path[: len(path)] and curve == checked_curve:
if curve == "ed25519" and not _path_hardened(checked_path): if "ed25519" in curve and not _path_hardened(checked_path):
break break
return return
raise wire.DataError("Forbidden key path") raise wire.DataError("Forbidden key path")

View File

@ -33,6 +33,25 @@ class TestKeychain(unittest.TestCase):
with self.assertRaises(wire.DataError): with self.assertRaises(wire.DataError):
k.validate_path(*f) k.validate_path(*f)
def test_validate_path_special_ed25519(self):
n = [
["ed25519-keccak", 44 | HARDENED, 134 | HARDENED],
]
k = Keychain(b"", n)
correct = (
([44 | HARDENED, 134 | HARDENED], "ed25519-keccak"),
)
for c in correct:
self.assertEqual(None, k.validate_path(*c))
fails = [
([44 | HARDENED, 134 | HARDENED, 1], "ed25519-keccak"),
]
for f in fails:
with self.assertRaises(wire.DataError):
k.validate_path(*f)
def test_validate_path_empty_namespace(self): def test_validate_path_empty_namespace(self):
k = Keychain(b"", [["secp256k1"]]) k = Keychain(b"", [["secp256k1"]])
correct = ( correct = (