mirror of
https://github.com/trezor/trezor-firmware.git
synced 2025-01-12 08:20:56 +00:00
747 lines
26 KiB
Python
747 lines
26 KiB
Python
# This file is part of the Trezor project.
|
|
#
|
|
# Copyright (C) 2020 SatoshiLabs and contributors
|
|
#
|
|
# This library is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU Lesser General Public License version 3
|
|
# as published by the Free Software Foundation.
|
|
#
|
|
# This library is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU Lesser General Public License for more details.
|
|
#
|
|
# You should have received a copy of the License along with this library.
|
|
# If not, see <https://www.gnu.org/licenses/lgpl-3.0.html>.
|
|
|
|
import time
|
|
|
|
import pytest
|
|
|
|
from trezorlib import btc, device, messages
|
|
from trezorlib.debuglink import TrezorClientDebugLink as Client
|
|
from trezorlib.exceptions import TrezorFailure
|
|
from trezorlib.tools import parse_path
|
|
|
|
from ...tx_cache import TxCache
|
|
from .payment_req import make_payment_request
|
|
from .signtx import request_finished, request_input, request_output, request_payment_req
|
|
|
|
B = messages.ButtonRequestType
|
|
|
|
TX_CACHE_TESTNET = TxCache("Testnet")
|
|
TX_CACHE_MAINNET = TxCache("Bitcoin")
|
|
|
|
FAKE_TXHASH_e5b7e2 = bytes.fromhex(
|
|
"e5b7e21b5ba720e81efd6bfa9f854ababdcddc75a43bfa60bf0fe069cfd1bb8a"
|
|
)
|
|
FAKE_TXHASH_f982c0 = bytes.fromhex(
|
|
"f982c0a283bd65a59aa89eded9e48f2a3319cb80361dfab4cf6192a03badb60a"
|
|
)
|
|
|
|
PIN = "1234"
|
|
ROUND_ID_LEN = 32
|
|
SLIP25_PATH = parse_path("m/10025h")
|
|
|
|
pytestmark = pytest.mark.skip_t1
|
|
|
|
|
|
@pytest.mark.setup_client(pin=PIN)
|
|
def test_sign_tx(client: Client):
|
|
# NOTE: FAKE input tx
|
|
|
|
commitment_data = b"\x0fwww.example.com" + (1).to_bytes(ROUND_ID_LEN, "big")
|
|
|
|
with client:
|
|
client.use_pin_sequence([PIN])
|
|
btc.authorize_coinjoin(
|
|
client,
|
|
coordinator="www.example.com",
|
|
max_rounds=2,
|
|
max_coordinator_fee_rate=50_000_000, # 0.5 %
|
|
max_fee_per_kvbyte=3500,
|
|
n=parse_path("m/10025h/1h/0h/1h"),
|
|
coin_name="Testnet",
|
|
script_type=messages.InputScriptType.SPENDTAPROOT,
|
|
)
|
|
|
|
client.call(messages.LockDevice())
|
|
|
|
with client:
|
|
client.set_expected_responses(
|
|
[messages.PreauthorizedRequest, messages.OwnershipProof]
|
|
)
|
|
btc.get_ownership_proof(
|
|
client,
|
|
"Testnet",
|
|
parse_path("m/10025h/1h/0h/1h/1/0"),
|
|
script_type=messages.InputScriptType.SPENDTAPROOT,
|
|
user_confirmation=True,
|
|
commitment_data=commitment_data,
|
|
preauthorized=True,
|
|
)
|
|
|
|
with client:
|
|
client.set_expected_responses(
|
|
[messages.PreauthorizedRequest, messages.OwnershipProof]
|
|
)
|
|
btc.get_ownership_proof(
|
|
client,
|
|
"Testnet",
|
|
parse_path("m/10025h/1h/0h/1h/1/5"),
|
|
script_type=messages.InputScriptType.SPENDTAPROOT,
|
|
user_confirmation=True,
|
|
commitment_data=commitment_data,
|
|
preauthorized=True,
|
|
)
|
|
|
|
inputs = [
|
|
messages.TxInputType(
|
|
# seed "alcohol woman abuse must during monitor noble actual mixed trade anger aisle"
|
|
# m/10025h/1h/0h/1h/0/0
|
|
# tb1pkw382r3plt8vx6e22mtkejnqrxl4z7jugh3w4rjmfmgezzg0xqpsdaww8z
|
|
amount=100_000,
|
|
prev_hash=FAKE_TXHASH_e5b7e2,
|
|
prev_index=0,
|
|
script_type=messages.InputScriptType.EXTERNAL,
|
|
script_pubkey=bytes.fromhex(
|
|
"5120b3a2750e21facec36b2a56d76cca6019bf517a5c45e2ea8e5b4ed191090f3003"
|
|
),
|
|
ownership_proof=bytearray.fromhex(
|
|
"534c001901019cf1b0ad730100bd7a69e987d55348bb798e2b2096a6a5713e9517655bd2021300014052d479f48d34f1ca6872d4571413660040c3e98841ab23a2c5c1f37399b71bfa6f56364b79717ee90552076a872da68129694e1b4fb0e0651373dcf56db123c5"
|
|
),
|
|
commitment_data=commitment_data,
|
|
),
|
|
messages.TxInputType(
|
|
address_n=parse_path("m/10025h/1h/0h/1h/1/0"),
|
|
amount=7_289_000,
|
|
prev_hash=FAKE_TXHASH_f982c0,
|
|
prev_index=1,
|
|
script_type=messages.InputScriptType.SPENDTAPROOT,
|
|
),
|
|
]
|
|
|
|
outputs = [
|
|
# Other's coinjoined output.
|
|
messages.TxOutputType(
|
|
# seed "alcohol woman abuse must during monitor noble actual mixed trade anger aisle"
|
|
# m/10025h/1h/0h/1h/1/0
|
|
address="tb1pupzczx9cpgyqgtvycncr2mvxscl790luqd8g88qkdt2w3kn7ymhsrdueu2",
|
|
amount=50_000,
|
|
script_type=messages.OutputScriptType.PAYTOADDRESS,
|
|
payment_req_index=0,
|
|
),
|
|
# Our coinjoined output.
|
|
messages.TxOutputType(
|
|
# tb1phkcspf88hge86djxgtwx2wu7ddghsw77d6sd7txtcxncu0xpx22shcydyf
|
|
address_n=parse_path("m/10025h/1h/0h/1h/1/1"),
|
|
amount=50_000,
|
|
script_type=messages.OutputScriptType.PAYTOTAPROOT,
|
|
payment_req_index=0,
|
|
),
|
|
# Our change output.
|
|
messages.TxOutputType(
|
|
# tb1pchruvduckkwuzm5hmytqz85emften5dnmkqu9uhfxwfywaqhuu0qjggqyp
|
|
address_n=parse_path("m/10025h/1h/0h/1h/1/2"),
|
|
amount=7_289_000 - 50_000 - 36_445 - 490,
|
|
script_type=messages.OutputScriptType.PAYTOTAPROOT,
|
|
payment_req_index=0,
|
|
),
|
|
# Other's change output.
|
|
messages.TxOutputType(
|
|
# seed "alcohol woman abuse must during monitor noble actual mixed trade anger aisle"
|
|
# m/10025h/1h/0h/1h/1/1
|
|
address="tb1pvt7lzserh8xd5m6mq0zu9s5wxkpe5wgf5ts56v44jhrr6578hz8saxup5m",
|
|
amount=100_000 - 50_000 - 500 - 490,
|
|
script_type=messages.OutputScriptType.PAYTOADDRESS,
|
|
payment_req_index=0,
|
|
),
|
|
# Coordinator's output.
|
|
messages.TxOutputType(
|
|
address="mvbu1Gdy8SUjTenqerxUaZyYjmveZvt33q",
|
|
amount=36_945,
|
|
script_type=messages.OutputScriptType.PAYTOADDRESS,
|
|
payment_req_index=0,
|
|
),
|
|
]
|
|
|
|
payment_req = make_payment_request(
|
|
client,
|
|
recipient_name="www.example.com",
|
|
outputs=outputs,
|
|
change_addresses=[
|
|
"tb1phkcspf88hge86djxgtwx2wu7ddghsw77d6sd7txtcxncu0xpx22shcydyf",
|
|
"tb1pchruvduckkwuzm5hmytqz85emften5dnmkqu9uhfxwfywaqhuu0qjggqyp",
|
|
],
|
|
)
|
|
payment_req.amount = None
|
|
|
|
with client:
|
|
client.set_expected_responses(
|
|
[
|
|
messages.PreauthorizedRequest(),
|
|
request_input(0),
|
|
request_input(1),
|
|
request_output(0),
|
|
request_payment_req(0),
|
|
request_output(1),
|
|
request_output(2),
|
|
request_output(3),
|
|
request_output(4),
|
|
request_input(1),
|
|
request_finished(),
|
|
]
|
|
)
|
|
signatures, serialized_tx = btc.sign_tx(
|
|
client,
|
|
"Testnet",
|
|
inputs,
|
|
outputs,
|
|
prev_txes=TX_CACHE_TESTNET,
|
|
payment_reqs=[payment_req],
|
|
preauthorized=True,
|
|
serialize=False,
|
|
)
|
|
|
|
assert serialized_tx == b""
|
|
assert len(signatures) == 2
|
|
assert signatures[0] is None
|
|
assert (
|
|
signatures[1].hex()
|
|
== "c017fce789fa8db54a2ae032012d2dd6d7c76cc1c1a6f00e29b86acbf93022da8aa559009a574792c7b09b2535d288d6e03c6ed169902ed8c4c97626a83fbc11"
|
|
)
|
|
|
|
# Test for a second time.
|
|
btc.sign_tx(
|
|
client,
|
|
"Testnet",
|
|
inputs,
|
|
outputs,
|
|
prev_txes=TX_CACHE_TESTNET,
|
|
payment_reqs=[payment_req],
|
|
preauthorized=True,
|
|
)
|
|
|
|
# Test for a third time, number of rounds should be exceeded.
|
|
with pytest.raises(TrezorFailure, match="Exceeded number of CoinJoin rounds"):
|
|
btc.sign_tx(
|
|
client,
|
|
"Testnet",
|
|
inputs,
|
|
outputs,
|
|
prev_txes=TX_CACHE_TESTNET,
|
|
payment_reqs=[payment_req],
|
|
preauthorized=True,
|
|
)
|
|
|
|
|
|
def test_sign_tx_large(client: Client):
|
|
# NOTE: FAKE input tx
|
|
|
|
commitment_data = b"\x0fwww.example.com" + (1).to_bytes(ROUND_ID_LEN, "big")
|
|
own_input_count = 10
|
|
total_input_count = 400
|
|
own_output_count = 30
|
|
total_output_count = 1200
|
|
output_denom = 10_000 # sats
|
|
max_expected_delay = 60 # seconds
|
|
|
|
with client:
|
|
btc.authorize_coinjoin(
|
|
client,
|
|
coordinator="www.example.com",
|
|
max_rounds=2,
|
|
max_coordinator_fee_rate=50_000_000, # 0.5 %
|
|
max_fee_per_kvbyte=3500,
|
|
n=parse_path("m/10025h/1h/0h/1h"),
|
|
coin_name="Testnet",
|
|
script_type=messages.InputScriptType.SPENDTAPROOT,
|
|
)
|
|
|
|
# INPUTS.
|
|
|
|
external_input = messages.TxInputType(
|
|
# seed "alcohol woman abuse must during monitor noble actual mixed trade anger aisle"
|
|
# m/10025h/1h/0h/1h/0/0
|
|
# tb1pkw382r3plt8vx6e22mtkejnqrxl4z7jugh3w4rjmfmgezzg0xqpsdaww8z
|
|
amount=output_denom * total_output_count // total_input_count,
|
|
prev_hash=FAKE_TXHASH_e5b7e2,
|
|
prev_index=0,
|
|
script_type=messages.InputScriptType.EXTERNAL,
|
|
script_pubkey=bytes.fromhex(
|
|
"5120b3a2750e21facec36b2a56d76cca6019bf517a5c45e2ea8e5b4ed191090f3003"
|
|
),
|
|
ownership_proof=bytearray.fromhex(
|
|
"534c001901019cf1b0ad730100bd7a69e987d55348bb798e2b2096a6a5713e9517655bd2021300014052d479f48d34f1ca6872d4571413660040c3e98841ab23a2c5c1f37399b71bfa6f56364b79717ee90552076a872da68129694e1b4fb0e0651373dcf56db123c5"
|
|
),
|
|
commitment_data=commitment_data,
|
|
)
|
|
|
|
internal_input = messages.TxInputType(
|
|
address_n=parse_path("m/10025h/1h/0h/1h/1/0"),
|
|
amount=output_denom * own_output_count // own_input_count,
|
|
prev_hash=FAKE_TXHASH_f982c0,
|
|
prev_index=1,
|
|
script_type=messages.InputScriptType.SPENDTAPROOT,
|
|
)
|
|
|
|
inputs = [internal_input] * own_input_count + [external_input] * (
|
|
total_input_count - own_input_count
|
|
)
|
|
|
|
# OUTPUTS.
|
|
|
|
external_output = messages.TxOutputType(
|
|
# seed "alcohol woman abuse must during monitor noble actual mixed trade anger aisle"
|
|
# m/10025h/1h/0h/1h/1/0
|
|
address="tb1pupzczx9cpgyqgtvycncr2mvxscl790luqd8g88qkdt2w3kn7ymhsrdueu2",
|
|
amount=output_denom,
|
|
script_type=messages.OutputScriptType.PAYTOADDRESS,
|
|
payment_req_index=0,
|
|
)
|
|
|
|
internal_output = messages.TxOutputType(
|
|
# tb1phkcspf88hge86djxgtwx2wu7ddghsw77d6sd7txtcxncu0xpx22shcydyf
|
|
address_n=parse_path("m/10025h/1h/0h/1h/1/1"),
|
|
amount=output_denom,
|
|
script_type=messages.OutputScriptType.PAYTOTAPROOT,
|
|
payment_req_index=0,
|
|
)
|
|
|
|
outputs = [internal_output] * own_output_count + [external_output] * (
|
|
total_output_count - own_output_count
|
|
)
|
|
|
|
payment_req = make_payment_request(
|
|
client,
|
|
recipient_name="www.example.com",
|
|
outputs=outputs,
|
|
change_addresses=[
|
|
"tb1phkcspf88hge86djxgtwx2wu7ddghsw77d6sd7txtcxncu0xpx22shcydyf"
|
|
]
|
|
* own_output_count,
|
|
)
|
|
payment_req.amount = None
|
|
|
|
start = time.time()
|
|
with client:
|
|
btc.sign_tx(
|
|
client,
|
|
"Testnet",
|
|
inputs,
|
|
outputs,
|
|
prev_txes=TX_CACHE_TESTNET,
|
|
payment_reqs=[payment_req],
|
|
preauthorized=True,
|
|
serialize=False,
|
|
)
|
|
delay = time.time() - start
|
|
assert delay <= max_expected_delay
|
|
|
|
|
|
def test_sign_tx_spend(client: Client):
|
|
# NOTE: FAKE input tx
|
|
|
|
inputs = [
|
|
messages.TxInputType(
|
|
address_n=parse_path("m/10025h/1h/0h/1h/1/0"),
|
|
amount=7_289_000,
|
|
prev_hash=FAKE_TXHASH_f982c0,
|
|
prev_index=1,
|
|
script_type=messages.InputScriptType.SPENDTAPROOT,
|
|
),
|
|
]
|
|
|
|
outputs = [
|
|
# Our change output.
|
|
messages.TxOutputType(
|
|
# tb1pchruvduckkwuzm5hmytqz85emften5dnmkqu9uhfxwfywaqhuu0qjggqyp
|
|
address_n=parse_path("m/10025h/1h/0h/1h/1/2"),
|
|
amount=7_289_000 - 50_000 - 400,
|
|
script_type=messages.OutputScriptType.PAYTOTAPROOT,
|
|
),
|
|
# Payment output.
|
|
messages.TxOutputType(
|
|
address="mvbu1Gdy8SUjTenqerxUaZyYjmveZvt33q",
|
|
amount=50_000,
|
|
script_type=messages.OutputScriptType.PAYTOADDRESS,
|
|
),
|
|
]
|
|
|
|
# Ensure that Trezor refuses to spend from CoinJoin without user authorization.
|
|
with pytest.raises(TrezorFailure, match="Forbidden key path"):
|
|
_, serialized_tx = btc.sign_tx(
|
|
client,
|
|
"Testnet",
|
|
inputs,
|
|
outputs,
|
|
prev_txes=TX_CACHE_TESTNET,
|
|
)
|
|
|
|
with client:
|
|
client.set_expected_responses(
|
|
[
|
|
messages.ButtonRequest(code=B.Other),
|
|
messages.UnlockedPathRequest(),
|
|
request_input(0),
|
|
request_output(0),
|
|
request_output(1),
|
|
messages.ButtonRequest(code=B.ConfirmOutput),
|
|
messages.ButtonRequest(code=B.SignTx),
|
|
request_input(0),
|
|
request_output(0),
|
|
request_output(1),
|
|
request_input(0),
|
|
request_finished(),
|
|
]
|
|
)
|
|
_, serialized_tx = btc.sign_tx(
|
|
client,
|
|
"Testnet",
|
|
inputs,
|
|
outputs,
|
|
prev_txes=TX_CACHE_TESTNET,
|
|
unlock_path=SLIP25_PATH,
|
|
)
|
|
|
|
# Transaction does not exist on the blockchain, not using assert_tx_matches()
|
|
assert (
|
|
serialized_tx.hex()
|
|
== "010000000001010ab6ad3ba09261cfb4fa1d3680cb19332a8fe4d9de9ea89aa565bd83a2c082f90100000000ffffffff02c8736e0000000000225120c5c7c63798b59dc16e97d916011e99da5799d1b3dd81c2f2e93392477417e71e50c30000000000001976a914a579388225827d9f2fe9014add644487808c695d88ac014006bc29900d39570fca291c038551817430965ac6aa26f286483559e692a14a82cfaf8e57610eae12a5af05ee1e9600acb31de4757349c0e3066701aa78f65d2a00000000"
|
|
)
|
|
|
|
|
|
def test_wrong_coordinator(client: Client):
|
|
# Ensure that a preauthorized GetOwnershipProof fails if the commitment_data doesn't match the coordinator.
|
|
|
|
btc.authorize_coinjoin(
|
|
client,
|
|
coordinator="www.example.com",
|
|
max_rounds=10,
|
|
max_coordinator_fee_rate=50_000_000, # 0.5 %
|
|
max_fee_per_kvbyte=3500,
|
|
n=parse_path("m/10025h/1h/0h/1h"),
|
|
coin_name="Testnet",
|
|
script_type=messages.InputScriptType.SPENDTAPROOT,
|
|
)
|
|
|
|
with pytest.raises(TrezorFailure, match="Unauthorized operation"):
|
|
btc.get_ownership_proof(
|
|
client,
|
|
"Testnet",
|
|
parse_path("m/10025h/1h/0h/1h/1/0"),
|
|
script_type=messages.InputScriptType.SPENDTAPROOT,
|
|
user_confirmation=True,
|
|
commitment_data=b"\x0fwww.example.org" + (1).to_bytes(ROUND_ID_LEN, "big"),
|
|
preauthorized=True,
|
|
)
|
|
|
|
|
|
def test_wrong_account_type(client: Client):
|
|
params = {
|
|
"client": client,
|
|
"coordinator": "www.example.com",
|
|
"max_rounds": 10,
|
|
"max_coordinator_fee_rate": 50_000_000, # 0.5 %
|
|
"max_fee_per_kvbyte": 3500,
|
|
"coin_name": "Testnet",
|
|
}
|
|
|
|
# Ensure that Trezor accepts CoinJoin authorizations only for SLIP-0025 paths.
|
|
with pytest.raises(TrezorFailure, match="Forbidden key path"):
|
|
btc.authorize_coinjoin(
|
|
**params,
|
|
n=parse_path("m/86h/1h/0h"),
|
|
script_type=messages.InputScriptType.SPENDTAPROOT,
|
|
)
|
|
|
|
# Ensure that correct parameters succeed.
|
|
btc.authorize_coinjoin(
|
|
**params,
|
|
n=parse_path("m/10025h/1h/0h/1h"),
|
|
script_type=messages.InputScriptType.SPENDTAPROOT,
|
|
)
|
|
|
|
|
|
def test_cancel_authorization(client: Client):
|
|
# Ensure that a preauthorized GetOwnershipProof fails if the commitment_data doesn't match the coordinator.
|
|
|
|
btc.authorize_coinjoin(
|
|
client,
|
|
coordinator="www.example.com",
|
|
max_rounds=10,
|
|
max_coordinator_fee_rate=50_000_000, # 0.5 %
|
|
max_fee_per_kvbyte=3500,
|
|
n=parse_path("m/10025h/1h/0h/1h"),
|
|
coin_name="Testnet",
|
|
script_type=messages.InputScriptType.SPENDTAPROOT,
|
|
)
|
|
|
|
device.cancel_authorization(client)
|
|
|
|
with pytest.raises(TrezorFailure, match="No preauthorized operation"):
|
|
btc.get_ownership_proof(
|
|
client,
|
|
"Testnet",
|
|
parse_path("m/10025h/1h/0h/1h/1/0"),
|
|
script_type=messages.InputScriptType.SPENDTAPROOT,
|
|
user_confirmation=True,
|
|
commitment_data=b"\x0fwww.example.com" + (1).to_bytes(ROUND_ID_LEN, "big"),
|
|
preauthorized=True,
|
|
)
|
|
|
|
|
|
def test_get_public_key(client: Client):
|
|
ACCOUNT_PATH = parse_path("m/10025h/1h/0h/1h")
|
|
EXPECTED_XPUB = "tpubDEMKm4M3S2Grx5DHTfbX9et5HQb9KhdjDCkUYdH9gvVofvPTE6yb2MH52P9uc4mx6eFohUmfN1f4hhHNK28GaZnWRXr3b8KkfFcySo1SmXU"
|
|
|
|
# Ensure that user cannot access SLIP-25 path without UnlockPath.
|
|
with pytest.raises(TrezorFailure, match="Forbidden key path"):
|
|
resp = btc.get_public_node(
|
|
client,
|
|
ACCOUNT_PATH,
|
|
coin_name="Testnet",
|
|
script_type=messages.InputScriptType.SPENDTAPROOT,
|
|
)
|
|
|
|
# Get unlock path MAC.
|
|
with client:
|
|
client.set_expected_responses(
|
|
[
|
|
messages.ButtonRequest(code=B.Other),
|
|
messages.UnlockedPathRequest,
|
|
messages.Failure(code=messages.FailureType.ActionCancelled),
|
|
]
|
|
)
|
|
unlock_path_mac = device.unlock_path(client, n=SLIP25_PATH)
|
|
|
|
# Ensure that UnlockPath fails with invalid MAC.
|
|
invalid_unlock_path_mac = bytes([unlock_path_mac[0] ^ 1]) + unlock_path_mac[1:]
|
|
with pytest.raises(TrezorFailure, match="Invalid MAC"):
|
|
resp = btc.get_public_node(
|
|
client,
|
|
ACCOUNT_PATH,
|
|
coin_name="Testnet",
|
|
script_type=messages.InputScriptType.SPENDTAPROOT,
|
|
unlock_path=SLIP25_PATH,
|
|
unlock_path_mac=invalid_unlock_path_mac,
|
|
)
|
|
|
|
# Ensure that user does not need to confirm access when path unlock is requested with MAC.
|
|
with client:
|
|
client.set_expected_responses(
|
|
[
|
|
messages.UnlockedPathRequest,
|
|
messages.PublicKey,
|
|
]
|
|
)
|
|
resp = btc.get_public_node(
|
|
client,
|
|
ACCOUNT_PATH,
|
|
coin_name="Testnet",
|
|
script_type=messages.InputScriptType.SPENDTAPROOT,
|
|
unlock_path=SLIP25_PATH,
|
|
unlock_path_mac=unlock_path_mac,
|
|
)
|
|
assert resp.xpub == EXPECTED_XPUB
|
|
|
|
|
|
def test_get_address(client: Client):
|
|
# Ensure that the SLIP-0025 external chain is inaccessible without user confirmation.
|
|
with pytest.raises(TrezorFailure, match="Forbidden key path"):
|
|
btc.get_address(
|
|
client,
|
|
"Testnet",
|
|
parse_path("m/10025h/1h/0h/1h/0/0"),
|
|
script_type=messages.InputScriptType.SPENDTAPROOT,
|
|
show_display=True,
|
|
)
|
|
|
|
# Unlock CoinJoin path.
|
|
with client:
|
|
client.set_expected_responses(
|
|
[
|
|
messages.ButtonRequest(code=B.Other),
|
|
messages.UnlockedPathRequest,
|
|
messages.Failure(code=messages.FailureType.ActionCancelled),
|
|
]
|
|
)
|
|
unlock_path_mac = device.unlock_path(client, SLIP25_PATH)
|
|
|
|
# Ensure that the SLIP-0025 external chain is accessible after user confirmation.
|
|
resp = btc.get_address(
|
|
client,
|
|
"Testnet",
|
|
parse_path("m/10025h/1h/0h/1h/0/0"),
|
|
script_type=messages.InputScriptType.SPENDTAPROOT,
|
|
show_display=True,
|
|
unlock_path=SLIP25_PATH,
|
|
unlock_path_mac=unlock_path_mac,
|
|
)
|
|
assert resp == "tb1pl3y9gf7xk2ryvmav5ar66ra0d2hk7lhh9mmusx3qvn0n09kmaghqh32ru7"
|
|
|
|
resp = btc.get_address(
|
|
client,
|
|
"Testnet",
|
|
parse_path("m/10025h/1h/0h/1h/0/1"),
|
|
script_type=messages.InputScriptType.SPENDTAPROOT,
|
|
show_display=False,
|
|
unlock_path=SLIP25_PATH,
|
|
unlock_path_mac=unlock_path_mac,
|
|
)
|
|
assert resp == "tb1p64rqq64rtt7eq6p0htegalcjl2nkjz64ur8xsclc59s5845jty7skp2843"
|
|
|
|
# Ensure that the SLIP-0025 internal chain is inaccessible even with user authorization.
|
|
with pytest.raises(TrezorFailure, match="Forbidden key path"):
|
|
btc.get_address(
|
|
client,
|
|
"Testnet",
|
|
parse_path("m/10025h/1h/0h/1h/1/0"),
|
|
script_type=messages.InputScriptType.SPENDTAPROOT,
|
|
show_display=True,
|
|
unlock_path=SLIP25_PATH,
|
|
unlock_path_mac=unlock_path_mac,
|
|
)
|
|
|
|
with pytest.raises(TrezorFailure, match="Forbidden key path"):
|
|
btc.get_address(
|
|
client,
|
|
"Testnet",
|
|
parse_path("m/10025h/1h/0h/1h/1/1"),
|
|
script_type=messages.InputScriptType.SPENDTAPROOT,
|
|
show_display=False,
|
|
unlock_path=SLIP25_PATH,
|
|
unlock_path_mac=unlock_path_mac,
|
|
)
|
|
|
|
# Ensure that another SLIP-0025 account is inaccessible with the same MAC.
|
|
with pytest.raises(TrezorFailure, match="Forbidden key path"):
|
|
btc.get_address(
|
|
client,
|
|
"Testnet",
|
|
parse_path("m/10025h/1h/1h/1h/0/0"),
|
|
script_type=messages.InputScriptType.SPENDTAPROOT,
|
|
show_display=True,
|
|
unlock_path=SLIP25_PATH,
|
|
unlock_path_mac=unlock_path_mac,
|
|
)
|
|
|
|
|
|
def test_multisession_authorization(client: Client):
|
|
# Authorize CoinJoin with www.example1.com in session 1.
|
|
btc.authorize_coinjoin(
|
|
client,
|
|
coordinator="www.example1.com",
|
|
max_rounds=10,
|
|
max_coordinator_fee_rate=50_000_000, # 0.5 %
|
|
max_fee_per_kvbyte=3500,
|
|
n=parse_path("m/10025h/1h/0h/1h"),
|
|
coin_name="Testnet",
|
|
script_type=messages.InputScriptType.SPENDTAPROOT,
|
|
)
|
|
|
|
# Open a second session.
|
|
session_id1 = client.session_id
|
|
client.init_device(new_session=True)
|
|
|
|
# Authorize CoinJoin with www.example2.com in session 2.
|
|
btc.authorize_coinjoin(
|
|
client,
|
|
coordinator="www.example2.com",
|
|
max_rounds=10,
|
|
max_coordinator_fee_rate=50_000_000, # 0.5 %
|
|
max_fee_per_kvbyte=3500,
|
|
n=parse_path("m/10025h/1h/0h/1h"),
|
|
coin_name="Testnet",
|
|
script_type=messages.InputScriptType.SPENDTAPROOT,
|
|
)
|
|
|
|
# Requesting a preauthorized ownership proof for www.example1.com should fail in session 2.
|
|
with pytest.raises(TrezorFailure, match="Unauthorized operation"):
|
|
ownership_proof, _ = btc.get_ownership_proof(
|
|
client,
|
|
"Testnet",
|
|
parse_path("m/10025h/1h/0h/1h/1/0"),
|
|
script_type=messages.InputScriptType.SPENDTAPROOT,
|
|
user_confirmation=True,
|
|
commitment_data=b"\x10www.example1.com" + (1).to_bytes(ROUND_ID_LEN, "big"),
|
|
preauthorized=True,
|
|
)
|
|
|
|
# Requesting a preauthorized ownership proof for www.example2.com should succeed in session 2.
|
|
ownership_proof, _ = btc.get_ownership_proof(
|
|
client,
|
|
"Testnet",
|
|
parse_path("m/10025h/1h/0h/1h/1/0"),
|
|
script_type=messages.InputScriptType.SPENDTAPROOT,
|
|
user_confirmation=True,
|
|
commitment_data=b"\x10www.example2.com" + (1).to_bytes(ROUND_ID_LEN, "big"),
|
|
preauthorized=True,
|
|
)
|
|
|
|
assert (
|
|
ownership_proof.hex()
|
|
== "534c0019010169d0c751442f4c9adacbd42987121d75b36e3932db217e5bb3784f368f5a4c5d00014097bb2f1f87aea1e809756a6f2ef84109613ccf1bf9b96ffb9305b6193b3942510a8650693ca8af74f0f63401baa384d0c0f7188f1d2df56b91362646c82223a8"
|
|
)
|
|
|
|
# Switch back to the first session.
|
|
session_id2 = client.session_id
|
|
client.init_device(session_id=session_id1)
|
|
|
|
# Requesting a preauthorized ownership proof for www.example1.com should succeed in session 1.
|
|
ownership_proof, _ = btc.get_ownership_proof(
|
|
client,
|
|
"Testnet",
|
|
parse_path("m/10025h/1h/0h/1h/1/0"),
|
|
script_type=messages.InputScriptType.SPENDTAPROOT,
|
|
user_confirmation=True,
|
|
commitment_data=b"\x10www.example1.com" + (1).to_bytes(ROUND_ID_LEN, "big"),
|
|
preauthorized=True,
|
|
)
|
|
|
|
assert (
|
|
ownership_proof.hex()
|
|
== "534c0019010169d0c751442f4c9adacbd42987121d75b36e3932db217e5bb3784f368f5a4c5d00014078fefa8243283cd575c885f97fd2e3405c934ab4d3e415ff5fe27d49f347bbb592e03ff6195f46c94a592799748c8dd7daea8b3fc4b2011b7e58a74ee296853b"
|
|
)
|
|
|
|
# Requesting a preauthorized ownership proof for www.example2.com should fail in session 1.
|
|
with pytest.raises(TrezorFailure, match="Unauthorized operation"):
|
|
ownership_proof, _ = btc.get_ownership_proof(
|
|
client,
|
|
"Testnet",
|
|
parse_path("m/10025h/1h/0h/1h/1/0"),
|
|
script_type=messages.InputScriptType.SPENDTAPROOT,
|
|
user_confirmation=True,
|
|
commitment_data=b"\x10www.example2.com" + (1).to_bytes(ROUND_ID_LEN, "big"),
|
|
preauthorized=True,
|
|
)
|
|
|
|
# Cancel the authorization in session 1.
|
|
device.cancel_authorization(client)
|
|
|
|
# Requesting a preauthorized ownership proof should fail now.
|
|
with pytest.raises(TrezorFailure, match="No preauthorized operation"):
|
|
ownership_proof, _ = btc.get_ownership_proof(
|
|
client,
|
|
"Testnet",
|
|
parse_path("m/10025h/1h/0h/1h/1/0"),
|
|
script_type=messages.InputScriptType.SPENDTAPROOT,
|
|
user_confirmation=True,
|
|
commitment_data=b"\x10www.example1.com" + (1).to_bytes(ROUND_ID_LEN, "big"),
|
|
preauthorized=True,
|
|
)
|
|
|
|
# Switch to the second session.
|
|
client.init_device(session_id=session_id2)
|
|
|
|
# Requesting a preauthorized ownership proof for www.example2.com should still succeed in session 2.
|
|
ownership_proof, _ = btc.get_ownership_proof(
|
|
client,
|
|
"Testnet",
|
|
parse_path("m/10025h/1h/0h/1h/1/0"),
|
|
script_type=messages.InputScriptType.SPENDTAPROOT,
|
|
user_confirmation=True,
|
|
commitment_data=b"\x10www.example2.com" + (1).to_bytes(ROUND_ID_LEN, "big"),
|
|
preauthorized=True,
|
|
)
|