mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-12-01 20:08:26 +00:00
fixup! fix(core): disallow per-node paths in getaddress
This commit is contained in:
parent
3a1904983f
commit
edd0fcab3d
@ -267,8 +267,11 @@ def descriptor_checksum(desc: str) -> str:
|
|||||||
|
|
||||||
|
|
||||||
def multisig_uses_single_path(multisig: MultisigRedeemScriptType) -> bool:
|
def multisig_uses_single_path(multisig: MultisigRedeemScriptType) -> bool:
|
||||||
if multisig.pubkeys is not None:
|
if not multisig.pubkeys:
|
||||||
|
# Pubkeys are specified by multisig.nodes and multisig.address_n, in this case all the pubkeys use the same path
|
||||||
|
return True
|
||||||
|
else:
|
||||||
|
# Pubkeys are specified by multisig.pubkeys, in this case we check that all the pubkeys use the same path
|
||||||
return all(
|
return all(
|
||||||
[hd.address_n == multisig.pubkeys[0].address_n for hd in multisig.pubkeys]
|
[hd.address_n == multisig.pubkeys[0].address_n for hd in multisig.pubkeys]
|
||||||
)
|
)
|
||||||
return True
|
|
||||||
|
@ -114,7 +114,15 @@ async def get_address(msg: GetAddress, keychain: Keychain, coin: CoinInfo) -> Ad
|
|||||||
|
|
||||||
await confirm_multisig_warning()
|
await confirm_multisig_warning()
|
||||||
|
|
||||||
# An addresss that uses different derivation paths for different xpubs could be difficult to discover
|
# An address that uses different derivation paths for different xpubs
|
||||||
|
# could be difficult to discover if the user did not note all the paths.
|
||||||
|
# The reason is that each path ends with an address index, which can have
|
||||||
|
# 1,000,000 possible values. If the address is a t-out-of-n multisig, the
|
||||||
|
# total number of possible paths is 1,000,000^n. This can be exploited by
|
||||||
|
# an attacker who has compromised the user's computer. The attacker could
|
||||||
|
# randomize the address indices and then demand a ransom from the user to
|
||||||
|
# reveal the paths. To prevent this, we require that all xpubs use the
|
||||||
|
# same derivation path.
|
||||||
if not multisig_uses_single_path(multisig):
|
if not multisig_uses_single_path(multisig):
|
||||||
if safety_checks.is_strict():
|
if safety_checks.is_strict():
|
||||||
raise ValueError(
|
raise ValueError(
|
||||||
|
Loading…
Reference in New Issue
Block a user