mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-12-01 20:08:26 +00:00
paths: disallow special ed25519 curves
This commit is contained in:
parent
8aa60e6cfd
commit
b84d0e8452
@ -28,7 +28,7 @@ class Keychain:
|
|||||||
def validate_path(self, checked_path: list, checked_curve: str):
|
def validate_path(self, checked_path: list, checked_curve: str):
|
||||||
for curve, *path in self.namespaces:
|
for curve, *path in self.namespaces:
|
||||||
if path == checked_path[: len(path)] and curve == checked_curve:
|
if path == checked_path[: len(path)] and curve == checked_curve:
|
||||||
if curve == "ed25519" and not _path_hardened(checked_path):
|
if "ed25519" in curve and not _path_hardened(checked_path):
|
||||||
break
|
break
|
||||||
return
|
return
|
||||||
raise wire.DataError("Forbidden key path")
|
raise wire.DataError("Forbidden key path")
|
||||||
|
@ -33,6 +33,25 @@ class TestKeychain(unittest.TestCase):
|
|||||||
with self.assertRaises(wire.DataError):
|
with self.assertRaises(wire.DataError):
|
||||||
k.validate_path(*f)
|
k.validate_path(*f)
|
||||||
|
|
||||||
|
def test_validate_path_special_ed25519(self):
|
||||||
|
n = [
|
||||||
|
["ed25519-keccak", 44 | HARDENED, 134 | HARDENED],
|
||||||
|
]
|
||||||
|
k = Keychain(b"", n)
|
||||||
|
|
||||||
|
correct = (
|
||||||
|
([44 | HARDENED, 134 | HARDENED], "ed25519-keccak"),
|
||||||
|
)
|
||||||
|
for c in correct:
|
||||||
|
self.assertEqual(None, k.validate_path(*c))
|
||||||
|
|
||||||
|
fails = [
|
||||||
|
([44 | HARDENED, 134 | HARDENED, 1], "ed25519-keccak"),
|
||||||
|
]
|
||||||
|
for f in fails:
|
||||||
|
with self.assertRaises(wire.DataError):
|
||||||
|
k.validate_path(*f)
|
||||||
|
|
||||||
def test_validate_path_empty_namespace(self):
|
def test_validate_path_empty_namespace(self):
|
||||||
k = Keychain(b"", [["secp256k1"]])
|
k = Keychain(b"", [["secp256k1"]])
|
||||||
correct = (
|
correct = (
|
||||||
|
Loading…
Reference in New Issue
Block a user