Legacy firmware support for Unchained paths #4324
Conversation
chore: add changelog
Shadouts
force-pushed
the
unchained-p2wsh-paths-legacy-support
branch
from
a8c9a64
to
f160812
Compare
|
I found two differences to how this is implemented in core:
Is it intentional? |
Yes. Unchained does not support p2pkh spends. Also, how would a spend ever be |
|
I'm not entirely sure, but I believe that if However, my point is not that this is incorrect. The point is that I think the behaviour implemented in this pull request for the legacy firmware differs from the behaviour implemented here. I am uncertain whether the difference is intentional. |
|
@onvej-sl I've pushed a change which I think restores the logic from previous, however, it's still not clear to me how this pathway would ever evaluate to true if |
|
so i'm curious: the PR says "support unchained paths", but you seem to be adding restrictions here. Previously the same paths on a Trezor One would be supported on any script type, now we're discussing which script types to keep allowed? |
It depends on what you mean by "supported". If "supported" means you can use the path with safety checks enabled and no warning is displayed, then the paths weren't previously supported for all script types. If "supported" means you can use the path with safety checks turned off or you don't care about the warning, then this pull request restricts the paths to |
|
What restrictions are being added? This increases the scope of the Unchained paths check to include The only conditional difference is on line 577 where |
|
yeah, my bad. i didn't notice that there was a common "if full" block in the previous version.
again, callers are explicitly allowed to use |
|
A got a bit lost in this discussion. I would like to ask @Shadouts, whether you want to allow the use of I'm asking because it is allowed in core but not in this pull request. |
|
@onvej-sl To answer your question, Unchained has no use for singlesig at those paths. Our only concern is with multisig. But, I don't see how it differs from core. Both conditions are checking |
Please see #4382:
The test succeeds in core, while it fails with "Forbidden key path" in legacy. |
Maybe there is a confusion on terminology here. In this context, what does Unchained only utilizes |
|
yes, we'd consider "singlesig" to be "p2wpkh". what @onvej-sl is pointing at is that if you use p2wpkh with the unchained path, it is allowed on core but disallowed on legacy. that said, i'm surprised the above test is passing. that seems to be a bug, seeing as the if condition specifies |
|
ah, the test "passes" but the warning is there, hidden by the ConfirmAllWarnings input flow. It seems to me that we can merge this PR regardless of the above. |
| @@ -0,0 +1,2 @@ | |||
|
|
|||
There was a problem hiding this comment.
drop the leading empty line please
There was a problem hiding this comment.
Removed in 8ae3a80
Sorry for the confusion. The test I created generated a p2wsh address but I believe the result will be the same if I use p2wpkh.
This is the difference I'm talking about. However, I believe legacy is able to make this distinction, please read this comment. Only thing that we need to do for it is to remove this line. |
Line removed in 8e12441. That was a check that did not exist in the original validation. I most likely added it to ensure that it was a transaction specifically for Unchained application. I suppose making it operate similar to core is no problem, but again, we don't really care about singlesig at these paths. |
|
ACK from me |
This change supports new Unchained paths for p2wsh addresses on legacy devices.