1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-01 20:08:26 +00:00

fixup! fix(core): disallow per-node paths in getaddress

This commit is contained in:
Ondřej Vejpustek 2024-11-27 15:38:03 +01:00
parent 3a1904983f
commit edd0fcab3d
2 changed files with 14 additions and 3 deletions

View File

@ -267,8 +267,11 @@ def descriptor_checksum(desc: str) -> str:
def multisig_uses_single_path(multisig: MultisigRedeemScriptType) -> bool: def multisig_uses_single_path(multisig: MultisigRedeemScriptType) -> bool:
if multisig.pubkeys is not None: if not multisig.pubkeys:
# Pubkeys are specified by multisig.nodes and multisig.address_n, in this case all the pubkeys use the same path
return True
else:
# Pubkeys are specified by multisig.pubkeys, in this case we check that all the pubkeys use the same path
return all( return all(
[hd.address_n == multisig.pubkeys[0].address_n for hd in multisig.pubkeys] [hd.address_n == multisig.pubkeys[0].address_n for hd in multisig.pubkeys]
) )
return True

View File

@ -114,7 +114,15 @@ async def get_address(msg: GetAddress, keychain: Keychain, coin: CoinInfo) -> Ad
await confirm_multisig_warning() await confirm_multisig_warning()
# An addresss that uses different derivation paths for different xpubs could be difficult to discover # An address that uses different derivation paths for different xpubs
# could be difficult to discover if the user did not note all the paths.
# The reason is that each path ends with an address index, which can have
# 1,000,000 possible values. If the address is a t-out-of-n multisig, the
# total number of possible paths is 1,000,000^n. This can be exploited by
# an attacker who has compromised the user's computer. The attacker could
# randomize the address indices and then demand a ransom from the user to
# reveal the paths. To prevent this, we require that all xpubs use the
# same derivation path.
if not multisig_uses_single_path(multisig): if not multisig_uses_single_path(multisig):
if safety_checks.is_strict(): if safety_checks.is_strict():
raise ValueError( raise ValueError(