feat(legacy): Check presence of multisig parameters in coin_known_path_check() for consistency with core checks.

legacy/firmware/crypto.c

@@ -539,7 +539,7 @@ static bool check_cointype(const CoinInfo *coin, uint32_t slip44, bool full) {
 
 bool coin_known_path_check(const CoinInfo *coin, InputScriptType script_type,
                            uint32_t address_n_count, const uint32_t *address_n,
-                           bool full) {
+                           bool has_multisig, bool full) {
   // If full == true, this function checks that the path is a recognized path
   // for the given coin. Used by GetAddress to prevent ransom attacks where a
   // user could be coerced to use an address with an unenumerable path.
@@ -560,6 +560,7 @@ bool coin_known_path_check(const CoinInfo *coin, InputScriptType script_type,
     valid = valid && check_cointype(coin, address_n[1], full);
     if (full) {
       valid = valid && (script_type == InputScriptType_SPENDADDRESS);
+      valid = valid && (!has_multisig);
       valid = valid && ((address_n[2] & 0x80000000) == 0x80000000);
       valid = valid && ((address_n[2] & 0x7fffffff) <= PATH_MAX_ACCOUNT);
       valid = valid && (address_n[3] <= PATH_MAX_CHANGE);
@@ -588,6 +589,7 @@ bool coin_known_path_check(const CoinInfo *coin, InputScriptType script_type,
     }
 
     if (full) {
+      valid = valid && has_multisig;
       if (address_n_count == 4) {
         valid = valid && (script_type == InputScriptType_SPENDMULTISIG);
         valid = valid && (address_n[1] <= 100);
@@ -628,6 +630,7 @@ bool coin_known_path_check(const CoinInfo *coin, InputScriptType script_type,
     }
     valid = valid && check_cointype(coin, address_n[1], full);
     if (full) {
+      valid = valid && has_multisig;
       valid = valid && (script_type == InputScriptType_SPENDMULTISIG ||
                         script_type == InputScriptType_SPENDP2SHWITNESS ||
                         script_type == InputScriptType_SPENDWITNESS);

legacy/firmware/crypto.h

@@ -84,6 +84,6 @@ int cryptoIdentityFingerprint(const IdentityType *identity, uint8_t *hash);
 
 bool coin_known_path_check(const CoinInfo *coin, InputScriptType script_type,
                            uint32_t address_n_count, const uint32_t *address_n,
-                           bool full);
+                           bool has_multisig, bool full);
 
 #endif

legacy/firmware/fsm_msg_coin.h

@@ -184,8 +184,10 @@ void fsm_msgGetAddress(const GetAddress *msg) {
     }
 
     if (!coin_known_path_check(coin, msg->script_type, msg->address_n_count,
-                               msg->address_n, true)) {
-      if (config_getSafetyCheckLevel() == SafetyCheckLevel_Strict) {
+                               msg->address_n, msg->has_multisig, true)) {
+      if (config_getSafetyCheckLevel() == SafetyCheckLevel_Strict &&
+          !coin_known_path_check(coin, msg->script_type, msg->address_n_count,
+                                 msg->address_n, msg->has_multisig, false)) {
         fsm_sendFailure(FailureType_Failure_DataError, _("Forbidden key path"));
         layoutHome();
         return;

legacy/firmware/signing.c

@@ -686,7 +686,7 @@ bool compile_input_script_sig(TxInputType *tinput) {
     }
   }
   if (!coin_known_path_check(coin, tinput->script_type, tinput->address_n_count,
-                             tinput->address_n, false)) {
+                             tinput->address_n, tinput->has_multisig, false)) {
     if (config_getSafetyCheckLevel() == SafetyCheckLevel_Strict) {
       return false;
     }