fix(core): disallow per-node paths in change outputs

2024-11-25 17:09:44 +00:00 · 2024-10-23 16:47:15 +02:00 · 2024-10-23 16:47:15 +02:00 · cae49da30e
commit cae49da30e
parent d99fea38d7
3 changed files with 41 additions and 0 deletions
--- a/core/.changelog.d/4351.changed.3
+++ b/core/.changelog.d/4351.changed.3
@ -0,0 +1 @@
 Forbidden per-node paths in multisig.
--- a/core/src/apps/bitcoin/sign_tx/change_detector.py
+++ b/core/src/apps/bitcoin/sign_tx/change_detector.py
@ -62,6 +62,9 @@ class ChangeDetector:
            if not (
                self.pubkeys_order.output_matches(txo)
                and self.multisig_fingerprint.output_matches(txo)
                and common.multisig_uses_single_path(
                    txo.multisig
                )  # An output that uses different derivation paths for different xpubs could be difficult to discover
            ):
                return False
--- a/tests/device_tests/bitcoin/test_multisig_change.py
+++ b/tests/device_tests/bitcoin/test_multisig_change.py
@ -406,6 +406,43 @@ def test_multisig_mismatch_multisig_change(client: Client):
        )
 # inputs match, change mismatches (second tries to be change but isn't)
@pytest.mark.models(skip="legacy", reason="Not fixed")
 def test_multisig_mismatch_multisig_change_different_paths(client: Client):
    multisig_out2 = messages.MultisigRedeemScriptType(
        pubkeys=[
            messages.HDNodePathType(node=NODE_EXT1, address_n=[1, 0]),
            messages.HDNodePathType(node=NODE_EXT2, address_n=[1, 1]),
            messages.HDNodePathType(node=NODE_INT, address_n=[1, 2]),
        ],
        signatures=[b"", b"", b""],
        m=2,
    )
    out1 = messages.TxOutputType(
        address="3B23k4kFBRtu49zvpG3Z9xuFzfpHvxBcwt",
        amount=40_000_000,
        script_type=messages.OutputScriptType.PAYTOADDRESS,
    )
    out2 = messages.TxOutputType(
        address_n=[H_(45), 0, 1, 2],
        multisig=multisig_out2,
        amount=44_000_000,
        script_type=messages.OutputScriptType.PAYTOMULTISIG,
    )
    with client:
        client.set_expected_responses(_responses(client, INP1, INP2))
        btc.sign_tx(
            client,
            "Bitcoin",
            [INP1, INP2],
            [out1, out2],
            prev_txes=TX_API,
        )
 # inputs mismatch, change matches with first input
 def test_multisig_mismatch_inputs(client: Client):
    multisig_out1 = messages.MultisigRedeemScriptType(