test: Ensure that GetAddress and GetOwnershipId fail for multisig if user's public key is not included.

tests/device_tests/test_msg_getaddress.py

@@ -145,30 +145,42 @@ class TestMsgGetaddress:
             )
 
     @pytest.mark.multisig
-    def test_multisig_missing(self, client):
-        xpubs = []
-        for n in range(1, 4):
-            # shift account numbers by 10 to create valid multisig,
-            # but not containing the keys used below
-            n = n + 10
-            node = btc.get_public_node(client, parse_path("44'/0'/%d'" % n))
-            xpubs.append(node.xpub)
-        for nr in range(1, 4):
+    @pytest.mark.parametrize("show_display", (True, False))
+    def test_multisig_missing(self, client, show_display):
+        # Multisig with global suffix specification.
+        # Use account numbers 1, 2 and 3 to create a valid multisig,
+        # but not containing the keys from account 0 used below.
+        nodes = [
+            btc.get_public_node(client, parse_path("44'/0'/%d'" % i)).node
+            for i in range(1, 4)
+        ]
+        multisig1 = messages.MultisigRedeemScriptType(
+            nodes=nodes, address_n=[0, 0], signatures=[b"", b"", b""], m=2
+        )
+
+        # Multisig with per-node suffix specification.
+        node = btc.get_public_node(
+            client, parse_path("44h/0h/0h/0"), coin_name="Bitcoin"
+        ).node
+
+        multisig2 = messages.MultisigRedeemScriptType(
+            pubkeys=[
+                messages.HDNodePathType(node=node, address_n=[1]),
+                messages.HDNodePathType(node=node, address_n=[2]),
+                messages.HDNodePathType(node=node, address_n=[3]),
+            ],
+            signatures=[b"", b"", b""],
+            m=2,
+        )
+
+        for multisig in (multisig1, multisig2):
             with pytest.raises(TrezorFailure):
                 btc.get_address(
                     client,
                     "Bitcoin",
-                    parse_path("44'/0'/%d'/0/0" % nr),
-                    show_display=(nr == 1),
-                    multisig=getmultisig(0, 0, xpubs=xpubs),
-                )
-            with pytest.raises(TrezorFailure):
-                btc.get_address(
-                    client,
-                    "Bitcoin",
-                    parse_path("44'/0'/%d'/1/0" % nr),
-                    show_display=(nr == 1),
-                    multisig=getmultisig(1, 0, xpubs=xpubs),
+                    parse_path("44'/0'/0'/0/0"),
+                    show_display=show_display,
+                    multisig=multisig,
                 )
 
     @pytest.mark.altcoin

tests/device_tests/test_msg_getaddress_segwit.py

@@ -17,6 +17,7 @@
 import pytest
 
 from trezorlib import btc, messages as proto
+from trezorlib.exceptions import TrezorFailure
 from trezorlib.tools import parse_path
 
 
@@ -121,3 +122,42 @@ class TestMsgGetaddressSegwit:
                 )
                 == "2MwuUwUzPG17wiKQpfXmzfxJEoe7RXZDRad"
             )
+
+    @pytest.mark.multisig
+    @pytest.mark.parametrize("show_display", (True, False))
+    def test_multisig_missing(self, client, show_display):
+        # Multisig with global suffix specification.
+        # Use account numbers 1, 2 and 3 to create a valid multisig,
+        # but not containing the keys from account 0 used below.
+        nodes = [
+            btc.get_public_node(client, parse_path("49'/0'/%d'" % i)).node
+            for i in range(1, 4)
+        ]
+        multisig1 = proto.MultisigRedeemScriptType(
+            nodes=nodes, address_n=[0, 0], signatures=[b"", b"", b""], m=2
+        )
+
+        # Multisig with per-node suffix specification.
+        node = btc.get_public_node(
+            client, parse_path("49h/0h/0h/0"), coin_name="Bitcoin"
+        ).node
+        multisig2 = proto.MultisigRedeemScriptType(
+            pubkeys=[
+                proto.HDNodePathType(node=node, address_n=[1]),
+                proto.HDNodePathType(node=node, address_n=[2]),
+                proto.HDNodePathType(node=node, address_n=[3]),
+            ],
+            signatures=[b"", b"", b""],
+            m=2,
+        )
+
+        for multisig in (multisig1, multisig2):
+            with pytest.raises(TrezorFailure):
+                btc.get_address(
+                    client,
+                    "Bitcoin",
+                    parse_path("49'/0'/0'/0/0"),
+                    show_display=show_display,
+                    multisig=multisig,
+                    script_type=proto.InputScriptType.SPENDP2SHWITNESS,
+                )

tests/device_tests/test_msg_getaddress_segwit_native.py

@@ -17,6 +17,7 @@
 import pytest
 
 from trezorlib import btc, messages as proto
+from trezorlib.exceptions import TrezorFailure
 from trezorlib.tools import parse_path
 
 
@@ -129,3 +130,42 @@ class TestMsgGetaddressSegwitNative:
                 )
                 == "tb1qgvn67p4twmpqhs8c39tukmu9geamtf7x0z3flwf9rrw4ff3h6d2qt0czq3"
             )
+
+    @pytest.mark.multisig
+    @pytest.mark.parametrize("show_display", (True, False))
+    def test_multisig_missing(self, client, show_display):
+        # Multisig with global suffix specification.
+        # Use account numbers 1, 2 and 3 to create a valid multisig,
+        # but not containing the keys from account 0 used below.
+        nodes = [
+            btc.get_public_node(client, parse_path("84'/0'/%d'" % i)).node
+            for i in range(1, 4)
+        ]
+        multisig1 = proto.MultisigRedeemScriptType(
+            nodes=nodes, address_n=[0, 0], signatures=[b"", b"", b""], m=2
+        )
+
+        # Multisig with per-node suffix specification.
+        node = btc.get_public_node(
+            client, parse_path("84h/0h/0h/0"), coin_name="Bitcoin"
+        ).node
+        multisig2 = proto.MultisigRedeemScriptType(
+            pubkeys=[
+                proto.HDNodePathType(node=node, address_n=[1]),
+                proto.HDNodePathType(node=node, address_n=[2]),
+                proto.HDNodePathType(node=node, address_n=[3]),
+            ],
+            signatures=[b"", b"", b""],
+            m=2,
+        )
+
+        for multisig in (multisig1, multisig2):
+            with pytest.raises(TrezorFailure):
+                btc.get_address(
+                    client,
+                    "Bitcoin",
+                    parse_path("84'/0'/0'/0/0"),
+                    show_display=show_display,
+                    multisig=multisig,
+                    script_type=proto.InputScriptType.SPENDWITNESS,
+                )

tests/device_tests/test_msg_getownershipproof.py

@@ -37,6 +37,44 @@ def test_ownership_id(client):
     )
 
 
+@pytest.mark.skip_ui
+def test_attack_ownership_id(client):
+    # Multisig with global suffix specification.
+    # Use account numbers 1, 2 and 3 to create a valid multisig,
+    # but not containing the keys from account 0 used below.
+    nodes = [
+        btc.get_public_node(client, parse_path("84'/0'/%d'" % i)).node
+        for i in range(1, 4)
+    ]
+    multisig1 = messages.MultisigRedeemScriptType(
+        nodes=nodes, address_n=[0, 0], signatures=[b"", b"", b""], m=2
+    )
+
+    # Multisig with per-node suffix specification.
+    node = btc.get_public_node(
+        client, parse_path("84h/0h/0h/0"), coin_name="Bitcoin"
+    ).node
+    multisig2 = messages.MultisigRedeemScriptType(
+        pubkeys=[
+            messages.HDNodePathType(node=node, address_n=[1]),
+            messages.HDNodePathType(node=node, address_n=[2]),
+            messages.HDNodePathType(node=node, address_n=[3]),
+        ],
+        signatures=[b"", b"", b""],
+        m=2,
+    )
+
+    for multisig in (multisig1, multisig2):
+        with pytest.raises(TrezorFailure):
+            btc.get_ownership_id(
+                client,
+                "Bitcoin",
+                parse_path("84'/0'/0'/0/0"),
+                multisig=multisig,
+                script_type=messages.InputScriptType.SPENDWITNESS,
+            )
+
+
 @pytest.mark.skip_ui
 def test_p2wpkh_ownership_proof(client):
     ownership_proof, _ = btc.get_ownership_proof(

tests/ui_tests/fixtures.json

@@ -167,9 +167,13 @@
 "test_msg_ethereum_verifymessage.py-test_verify": "da70ac961dc8ff548943498f42ad9436d3e2591f42793e37c8ec4cda9ea7835e",
 "test_msg_ethereum_verifymessage.py-test_verify_invalid": "5a80508a71a9ef64f94762b07636f90e464832f0f4a3102af8fa1a8c69e94586",
 "test_msg_getaddress.py::test_unknown_path_tt": "0f6e15d265d012a341811965b72e75fbe0e76a17091f0bb2e89caa4a75c550a0",
+"test_msg_getaddress_segwit.py-test_multisig_missing[False]": "5a80508a71a9ef64f94762b07636f90e464832f0f4a3102af8fa1a8c69e94586",
+"test_msg_getaddress_segwit.py-test_multisig_missing[True]": "5a80508a71a9ef64f94762b07636f90e464832f0f4a3102af8fa1a8c69e94586",
 "test_msg_getaddress_segwit.py-test_show_multisig_3": "5a80508a71a9ef64f94762b07636f90e464832f0f4a3102af8fa1a8c69e94586",
 "test_msg_getaddress_segwit.py-test_show_segwit": "329134e85a7cc76eaf776c92b7fc3932946d411249661bf9a2d9ce314fcf27f8",
 "test_msg_getaddress_segwit.py-test_show_segwit_altcoin": "5a80508a71a9ef64f94762b07636f90e464832f0f4a3102af8fa1a8c69e94586",
+"test_msg_getaddress_segwit_native.py-test_multisig_missing[False]": "5a80508a71a9ef64f94762b07636f90e464832f0f4a3102af8fa1a8c69e94586",
+"test_msg_getaddress_segwit_native.py-test_multisig_missing[True]": "5a80508a71a9ef64f94762b07636f90e464832f0f4a3102af8fa1a8c69e94586",
 "test_msg_getaddress_segwit_native.py-test_show_multisig_3": "5a80508a71a9ef64f94762b07636f90e464832f0f4a3102af8fa1a8c69e94586",
 "test_msg_getaddress_segwit_native.py-test_show_segwit": "e6b8007c78b6d375635ff5a1b3047bfe57727b9a449a3c19d2ebf64648ac3946",
 "test_msg_getaddress_segwit_native.py-test_show_segwit_altcoin": "5a80508a71a9ef64f94762b07636f90e464832f0f4a3102af8fa1a8c69e94586",