Prevent derivation of unserializable extended keys #23669
+29
−0
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
BIP32 serializes the `depth` of an extended key as a single byte. Thus, extended keys that are of depth greater than 255 are not possible to be serialized (in the BIP32 specified format). This commit introduces backwards-incompatible change that prevents a key of depth 256 and greater to be derived. For more information, see bitcoin/bitcoin#32201
Author
|
I have noticed that your implementation originates from https://github.com/bitcoinjs/bip32/, thus it might be relevant to directly mention the upstream author's viewpoint (i.e., won't fix now), see bitcoinjs/bip32#92. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
It's possible to derive unserializable, as defined by BIP32, extended keys.
Description
BIP32 serializes the
depthof an extended key as a single byte. Thus, extended keys that are of depth greater than 255 are not possible to be serialized (in the BIP32 specified format). This commit introduces backwards-incompatible change that prevents a key of depth 256 and greater to be derived.Notes for QA
Two tests (one for private -> private and another for public -> public derivation) were added, even though they are covered by the same fix. If there are other parts of the code base that do extended key derivation, these should be verified for similar overflow as well.
The changes are backwards-incompatible - however, as long as one has the original seed, any keys, even the unserializable, can be still derived.
Related Issue
trezor-firmwarePrevent derivation of unserializable extended keys trezor-firmware#6219