1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-23 14:58:09 +00:00

test: Ensure that GetAddress and GetOwnershipId fail for multisig if user's public key is not included.

This commit is contained in:
Andrew Kozlik 2020-10-26 16:35:55 +01:00 committed by Tomas Susanka
parent 77f5e90466
commit e9c227f623
5 changed files with 154 additions and 20 deletions

View File

@ -145,30 +145,42 @@ class TestMsgGetaddress:
)
@pytest.mark.multisig
def test_multisig_missing(self, client):
xpubs = []
for n in range(1, 4):
# shift account numbers by 10 to create valid multisig,
# but not containing the keys used below
n = n + 10
node = btc.get_public_node(client, parse_path("44'/0'/%d'" % n))
xpubs.append(node.xpub)
for nr in range(1, 4):
@pytest.mark.parametrize("show_display", (True, False))
def test_multisig_missing(self, client, show_display):
# Multisig with global suffix specification.
# Use account numbers 1, 2 and 3 to create a valid multisig,
# but not containing the keys from account 0 used below.
nodes = [
btc.get_public_node(client, parse_path("44'/0'/%d'" % i)).node
for i in range(1, 4)
]
multisig1 = messages.MultisigRedeemScriptType(
nodes=nodes, address_n=[0, 0], signatures=[b"", b"", b""], m=2
)
# Multisig with per-node suffix specification.
node = btc.get_public_node(
client, parse_path("44h/0h/0h/0"), coin_name="Bitcoin"
).node
multisig2 = messages.MultisigRedeemScriptType(
pubkeys=[
messages.HDNodePathType(node=node, address_n=[1]),
messages.HDNodePathType(node=node, address_n=[2]),
messages.HDNodePathType(node=node, address_n=[3]),
],
signatures=[b"", b"", b""],
m=2,
)
for multisig in (multisig1, multisig2):
with pytest.raises(TrezorFailure):
btc.get_address(
client,
"Bitcoin",
parse_path("44'/0'/%d'/0/0" % nr),
show_display=(nr == 1),
multisig=getmultisig(0, 0, xpubs=xpubs),
)
with pytest.raises(TrezorFailure):
btc.get_address(
client,
"Bitcoin",
parse_path("44'/0'/%d'/1/0" % nr),
show_display=(nr == 1),
multisig=getmultisig(1, 0, xpubs=xpubs),
parse_path("44'/0'/0'/0/0"),
show_display=show_display,
multisig=multisig,
)
@pytest.mark.altcoin

View File

@ -17,6 +17,7 @@
import pytest
from trezorlib import btc, messages as proto
from trezorlib.exceptions import TrezorFailure
from trezorlib.tools import parse_path
@ -121,3 +122,42 @@ class TestMsgGetaddressSegwit:
)
== "2MwuUwUzPG17wiKQpfXmzfxJEoe7RXZDRad"
)
@pytest.mark.multisig
@pytest.mark.parametrize("show_display", (True, False))
def test_multisig_missing(self, client, show_display):
# Multisig with global suffix specification.
# Use account numbers 1, 2 and 3 to create a valid multisig,
# but not containing the keys from account 0 used below.
nodes = [
btc.get_public_node(client, parse_path("49'/0'/%d'" % i)).node
for i in range(1, 4)
]
multisig1 = proto.MultisigRedeemScriptType(
nodes=nodes, address_n=[0, 0], signatures=[b"", b"", b""], m=2
)
# Multisig with per-node suffix specification.
node = btc.get_public_node(
client, parse_path("49h/0h/0h/0"), coin_name="Bitcoin"
).node
multisig2 = proto.MultisigRedeemScriptType(
pubkeys=[
proto.HDNodePathType(node=node, address_n=[1]),
proto.HDNodePathType(node=node, address_n=[2]),
proto.HDNodePathType(node=node, address_n=[3]),
],
signatures=[b"", b"", b""],
m=2,
)
for multisig in (multisig1, multisig2):
with pytest.raises(TrezorFailure):
btc.get_address(
client,
"Bitcoin",
parse_path("49'/0'/0'/0/0"),
show_display=show_display,
multisig=multisig,
script_type=proto.InputScriptType.SPENDP2SHWITNESS,
)

View File

@ -17,6 +17,7 @@
import pytest
from trezorlib import btc, messages as proto
from trezorlib.exceptions import TrezorFailure
from trezorlib.tools import parse_path
@ -129,3 +130,42 @@ class TestMsgGetaddressSegwitNative:
)
== "tb1qgvn67p4twmpqhs8c39tukmu9geamtf7x0z3flwf9rrw4ff3h6d2qt0czq3"
)
@pytest.mark.multisig
@pytest.mark.parametrize("show_display", (True, False))
def test_multisig_missing(self, client, show_display):
# Multisig with global suffix specification.
# Use account numbers 1, 2 and 3 to create a valid multisig,
# but not containing the keys from account 0 used below.
nodes = [
btc.get_public_node(client, parse_path("84'/0'/%d'" % i)).node
for i in range(1, 4)
]
multisig1 = proto.MultisigRedeemScriptType(
nodes=nodes, address_n=[0, 0], signatures=[b"", b"", b""], m=2
)
# Multisig with per-node suffix specification.
node = btc.get_public_node(
client, parse_path("84h/0h/0h/0"), coin_name="Bitcoin"
).node
multisig2 = proto.MultisigRedeemScriptType(
pubkeys=[
proto.HDNodePathType(node=node, address_n=[1]),
proto.HDNodePathType(node=node, address_n=[2]),
proto.HDNodePathType(node=node, address_n=[3]),
],
signatures=[b"", b"", b""],
m=2,
)
for multisig in (multisig1, multisig2):
with pytest.raises(TrezorFailure):
btc.get_address(
client,
"Bitcoin",
parse_path("84'/0'/0'/0/0"),
show_display=show_display,
multisig=multisig,
script_type=proto.InputScriptType.SPENDWITNESS,
)

View File

@ -37,6 +37,44 @@ def test_ownership_id(client):
)
@pytest.mark.skip_ui
def test_attack_ownership_id(client):
# Multisig with global suffix specification.
# Use account numbers 1, 2 and 3 to create a valid multisig,
# but not containing the keys from account 0 used below.
nodes = [
btc.get_public_node(client, parse_path("84'/0'/%d'" % i)).node
for i in range(1, 4)
]
multisig1 = messages.MultisigRedeemScriptType(
nodes=nodes, address_n=[0, 0], signatures=[b"", b"", b""], m=2
)
# Multisig with per-node suffix specification.
node = btc.get_public_node(
client, parse_path("84h/0h/0h/0"), coin_name="Bitcoin"
).node
multisig2 = messages.MultisigRedeemScriptType(
pubkeys=[
messages.HDNodePathType(node=node, address_n=[1]),
messages.HDNodePathType(node=node, address_n=[2]),
messages.HDNodePathType(node=node, address_n=[3]),
],
signatures=[b"", b"", b""],
m=2,
)
for multisig in (multisig1, multisig2):
with pytest.raises(TrezorFailure):
btc.get_ownership_id(
client,
"Bitcoin",
parse_path("84'/0'/0'/0/0"),
multisig=multisig,
script_type=messages.InputScriptType.SPENDWITNESS,
)
@pytest.mark.skip_ui
def test_p2wpkh_ownership_proof(client):
ownership_proof, _ = btc.get_ownership_proof(

View File

@ -167,9 +167,13 @@
"test_msg_ethereum_verifymessage.py-test_verify": "da70ac961dc8ff548943498f42ad9436d3e2591f42793e37c8ec4cda9ea7835e",
"test_msg_ethereum_verifymessage.py-test_verify_invalid": "5a80508a71a9ef64f94762b07636f90e464832f0f4a3102af8fa1a8c69e94586",
"test_msg_getaddress.py::test_unknown_path_tt": "0f6e15d265d012a341811965b72e75fbe0e76a17091f0bb2e89caa4a75c550a0",
"test_msg_getaddress_segwit.py-test_multisig_missing[False]": "5a80508a71a9ef64f94762b07636f90e464832f0f4a3102af8fa1a8c69e94586",
"test_msg_getaddress_segwit.py-test_multisig_missing[True]": "5a80508a71a9ef64f94762b07636f90e464832f0f4a3102af8fa1a8c69e94586",
"test_msg_getaddress_segwit.py-test_show_multisig_3": "5a80508a71a9ef64f94762b07636f90e464832f0f4a3102af8fa1a8c69e94586",
"test_msg_getaddress_segwit.py-test_show_segwit": "329134e85a7cc76eaf776c92b7fc3932946d411249661bf9a2d9ce314fcf27f8",
"test_msg_getaddress_segwit.py-test_show_segwit_altcoin": "5a80508a71a9ef64f94762b07636f90e464832f0f4a3102af8fa1a8c69e94586",
"test_msg_getaddress_segwit_native.py-test_multisig_missing[False]": "5a80508a71a9ef64f94762b07636f90e464832f0f4a3102af8fa1a8c69e94586",
"test_msg_getaddress_segwit_native.py-test_multisig_missing[True]": "5a80508a71a9ef64f94762b07636f90e464832f0f4a3102af8fa1a8c69e94586",
"test_msg_getaddress_segwit_native.py-test_show_multisig_3": "5a80508a71a9ef64f94762b07636f90e464832f0f4a3102af8fa1a8c69e94586",
"test_msg_getaddress_segwit_native.py-test_show_segwit": "e6b8007c78b6d375635ff5a1b3047bfe57727b9a449a3c19d2ebf64648ac3946",
"test_msg_getaddress_segwit_native.py-test_show_segwit_altcoin": "5a80508a71a9ef64f94762b07636f90e464832f0f4a3102af8fa1a8c69e94586",