Keychain.derive and path validations

trezor / trezor-core

:lock: Don't use this repo, use the new monorepo instead:

https://github.com/trezor/trezor-firmware

GNU General Public License v3.0

353 stars 204 forks source link

Keychain.derive and path validations #519

Closed tsusanka closed 5 years ago

tsusanka commented 5 years ago

Currently, we first call paths.validate_path and prompt the user in case it is a non-standard path. If so and the user agrees it may happen that the Keychain throws failure: Forbidden key path if it is outside the app's namespace, which is quite unfriendly.

Do we want to deal with this? Maybe just swap those two operations?

You can reproduce this using trezorctl lisk_get_address -n "43". GIF

tsusanka commented 5 years ago

@jpochyla any opinions on this?

jpochyla commented 5 years ago

We might somehow pass the keychain into validate_path and throw exception there?