def test_cancel_authorization(client):
# Ensure that a preauthorized GetOwnershipProof fails if the commitment_data doesn't match the coordinator.
btc.authorize_coinjoin(
client,
max_total_fee=50000,
coordinator="www.example.com",
n=parse_path("m/84'/1'/0'"),
coin_name="Testnet",
script_type=messages.InputScriptType.SPENDWITNESS,
)
device.cancel_authorization(client)
with pytest.raises(TrezorFailure, match="No preauthorized operation"):
ownership_proof, _ = btc.get_ownership_proof(
client,
"Testnet",
parse_path("84'/1'/0'/1/0"),
script_type=messages.InputScriptType.SPENDWITNESS,
user_confirmation=True,
commitment_data=b"www.example.com" +
(1).to_bytes(ROUND_ID_LEN, "big"),
preauthorized=True,
)
def test_cancel_authorization(client: Client):
# Ensure that a preauthorized GetOwnershipProof fails if the commitment_data doesn't match the coordinator.
btc.authorize_coinjoin(
client,
coordinator="www.example.com",
max_rounds=10,
max_coordinator_fee_rate=50_000_000, # 0.5 %
max_fee_per_kvbyte=3500,
n=parse_path("m/84h/1h/0h"),
coin_name="Testnet",
script_type=messages.InputScriptType.SPENDWITNESS,
)
device.cancel_authorization(client)
with pytest.raises(TrezorFailure, match="No preauthorized operation"):
btc.get_ownership_proof(
client,
"Testnet",
parse_path("m/84h/1h/0h/1/0"),
script_type=messages.InputScriptType.SPENDWITNESS,
user_confirmation=True,
commitment_data=b"\x0fwww.example.com" + (1).to_bytes(ROUND_ID_LEN, "big"),
preauthorized=True,
)
def test_multisession_authorization(client):
# Authorize CoinJoin with www.example1.com in session 1.
btc.authorize_coinjoin(
client,
max_total_fee=50000,
coordinator="www.example1.com",
n=parse_path("m/84'/1'/0'"),
coin_name="Testnet",
script_type=messages.InputScriptType.SPENDWITNESS,
)
# Open a second session.
session_id1 = client.session_id
client.init_device(new_session=True)
# Authorize CoinJoin with www.example2.com in session 2.
btc.authorize_coinjoin(
client,
max_total_fee=50000,
coordinator="www.example2.com",
n=parse_path("m/84'/1'/0'"),
coin_name="Testnet",
script_type=messages.InputScriptType.SPENDWITNESS,
)
# Requesting a preauthorized ownership proof for www.example1.com should fail in session 2.
with pytest.raises(TrezorFailure, match="Unauthorized operation"):
ownership_proof, _ = btc.get_ownership_proof(
client,
"Testnet",
parse_path("84'/1'/0'/1/0"),
script_type=messages.InputScriptType.SPENDWITNESS,
user_confirmation=True,
commitment_data=b"www.example1.com" + (1).to_bytes(ROUND_ID_LEN, "big"),
preauthorized=True,
)
# Requesting a preauthorized ownership proof for www.example2.com should succeed in session 2.
ownership_proof, _ = btc.get_ownership_proof(
client,
"Testnet",
parse_path("84'/1'/0'/1/0"),
script_type=messages.InputScriptType.SPENDWITNESS,
user_confirmation=True,
commitment_data=b"www.example2.com" + (1).to_bytes(ROUND_ID_LEN, "big"),
preauthorized=True,
)
assert (
ownership_proof.hex()
== "534c00190101f3ce2cb33599634353452b60b38e311282b6fca743eb6147d3d492066c8963de0002483045022100ff4df2485a3206642ce7053902da16f26f0084faa2eb6288a1c27e389f057f4f02202268e0f4e253bd1387230b1ff3de315794e0b426f9cc9624e9c34fa73451164c012103505647c017ff2156eb6da20fae72173d3b681a1d0a629f95f49e884db300689f"
)
# Switch back to the first session.
session_id2 = client.session_id
client.init_device(session_id=session_id1)
# Requesting a preauthorized ownership proof for www.example1.com should succeed in session 1.
ownership_proof, _ = btc.get_ownership_proof(
client,
"Testnet",
parse_path("84'/1'/0'/1/0"),
script_type=messages.InputScriptType.SPENDWITNESS,
user_confirmation=True,
commitment_data=b"www.example1.com" + (1).to_bytes(ROUND_ID_LEN, "big"),
preauthorized=True,
)
assert (
ownership_proof.hex()
== "534c00190101f3ce2cb33599634353452b60b38e311282b6fca743eb6147d3d492066c8963de000247304402203b098674577c55c8d9151335c9e73ed74649fa01c461bd8390717bfca48167af02205ac35def1b0d7019fc492acb9bbd9914cf55e08e4f1a7e6d4f6f65cbc88b0bd2012103505647c017ff2156eb6da20fae72173d3b681a1d0a629f95f49e884db300689f"
)
# Requesting a preauthorized ownership proof for www.example2.com should fail in session 1.
with pytest.raises(TrezorFailure, match="Unauthorized operation"):
ownership_proof, _ = btc.get_ownership_proof(
client,
"Testnet",
parse_path("84'/1'/0'/1/0"),
script_type=messages.InputScriptType.SPENDWITNESS,
user_confirmation=True,
commitment_data=b"www.example2.com" + (1).to_bytes(ROUND_ID_LEN, "big"),
preauthorized=True,
)
# Cancel the authorization in session 1.
device.cancel_authorization(client)
# Requesting a preauthorized ownership proof should fail now.
with pytest.raises(TrezorFailure, match="No preauthorized operation"):
ownership_proof, _ = btc.get_ownership_proof(
client,
"Testnet",
parse_path("84'/1'/0'/1/0"),
script_type=messages.InputScriptType.SPENDWITNESS,
user_confirmation=True,
commitment_data=b"www.example1.com" + (1).to_bytes(ROUND_ID_LEN, "big"),
preauthorized=True,
)
# Switch to the second session.
client.init_device(session_id=session_id2)
# Requesting a preauthorized ownership proof for www.example2.com should still succeed in session 2.
ownership_proof, _ = btc.get_ownership_proof(
client,
"Testnet",
parse_path("84'/1'/0'/1/0"),
script_type=messages.InputScriptType.SPENDWITNESS,
user_confirmation=True,
commitment_data=b"www.example2.com" + (1).to_bytes(ROUND_ID_LEN, "big"),
preauthorized=True,
)
def test_multisession_authorization(client):
# Authorize CoinJoin with www.example1.com in session 1.
btc.authorize_coinjoin(
client,
max_total_fee=50000,
coordinator="www.example1.com",
n=parse_path("m/84'/1'/0'"),
coin_name="Testnet",
script_type=messages.InputScriptType.SPENDWITNESS,
)
# Open a second session.
session_id1 = client.session_id
client.init_device(new_session=True)
# Authorize CoinJoin with www.example2.com in session 2.
btc.authorize_coinjoin(
client,
max_total_fee=50000,
coordinator="www.example2.com",
n=parse_path("m/84'/1'/0'"),
coin_name="Testnet",
script_type=messages.InputScriptType.SPENDWITNESS,
)
# Requesting a preauthorized ownership proof for www.example1.com should fail in session 2.
with pytest.raises(TrezorFailure, match="Unauthorized operation"):
ownership_proof, _ = btc.get_ownership_proof(
client,
"Testnet",
parse_path("84'/1'/0'/1/0"),
script_type=messages.InputScriptType.SPENDWITNESS,
user_confirmation=True,
commitment_data=b"www.example1.com" + (1).to_bytes(ROUND_ID_LEN, "big"),
preauthorized=True,
)
# Requesting a preauthorized ownership proof for www.example2.com should succeed in session 2.
ownership_proof, _ = btc.get_ownership_proof(
client,
"Testnet",
parse_path("84'/1'/0'/1/0"),
script_type=messages.InputScriptType.SPENDWITNESS,
user_confirmation=True,
commitment_data=b"www.example2.com" + (1).to_bytes(ROUND_ID_LEN, "big"),
preauthorized=True,
)
assert (
ownership_proof.hex()
== "534c00190101f3ce2cb33599634353452b60b38e311282b6fca743eb6147d3d492066c8963de00024830450221008adf2a7396dc4b73a60930942a29d3452a046310af5ef7d3b6815ad3a2e1666d0220255839c04f6926d85a14aa69fc06e84e85e7e527bc5ce500b6905832ff778828012103505647c017ff2156eb6da20fae72173d3b681a1d0a629f95f49e884db300689f"
)
# Switch back to the first session.
session_id2 = client.session_id
client.init_device(session_id=session_id1)
# Requesting a preauthorized ownership proof for www.example1.com should succeed in session 1.
ownership_proof, _ = btc.get_ownership_proof(
client,
"Testnet",
parse_path("84'/1'/0'/1/0"),
script_type=messages.InputScriptType.SPENDWITNESS,
user_confirmation=True,
commitment_data=b"www.example1.com" + (1).to_bytes(ROUND_ID_LEN, "big"),
preauthorized=True,
)
assert (
ownership_proof.hex()
== "534c00190101f3ce2cb33599634353452b60b38e311282b6fca743eb6147d3d492066c8963de0002483045022100b85411a7c87986b2dc032eb100f4aa7c79102b4aa066c85e86df7de688d04e0f02203cc45917a99f9d1313c51deb5cf8d2930b2308ac22bcf06dbded5872b8538da4012103505647c017ff2156eb6da20fae72173d3b681a1d0a629f95f49e884db300689f"
)
# Requesting a preauthorized ownership proof for www.example2.com should fail in session 1.
with pytest.raises(TrezorFailure, match="Unauthorized operation"):
ownership_proof, _ = btc.get_ownership_proof(
client,
"Testnet",
parse_path("84'/1'/0'/1/0"),
script_type=messages.InputScriptType.SPENDWITNESS,
user_confirmation=True,
commitment_data=b"www.example2.com" + (1).to_bytes(ROUND_ID_LEN, "big"),
preauthorized=True,
)
# Cancel the authorization in session 1.
device.cancel_authorization(client)
# Requesting a preauthorized ownership proof should fail now.
with pytest.raises(TrezorFailure, match="No preauthorized operation"):
ownership_proof, _ = btc.get_ownership_proof(
client,
"Testnet",
parse_path("84'/1'/0'/1/0"),
script_type=messages.InputScriptType.SPENDWITNESS,
user_confirmation=True,
commitment_data=b"www.example1.com" + (1).to_bytes(ROUND_ID_LEN, "big"),
preauthorized=True,
)
# Switch to the second session.
client.init_device(session_id=session_id2)
# Requesting a preauthorized ownership proof for www.example2.com should still succeed in session 2.
ownership_proof, _ = btc.get_ownership_proof(
client,
"Testnet",
parse_path("84'/1'/0'/1/0"),
script_type=messages.InputScriptType.SPENDWITNESS,
user_confirmation=True,
commitment_data=b"www.example2.com" + (1).to_bytes(ROUND_ID_LEN, "big"),
preauthorized=True,
)
def test_multisession_authorization(client: Client):
# Authorize CoinJoin with www.example1.com in session 1.
btc.authorize_coinjoin(
client,
coordinator="www.example1.com",
max_rounds=10,
max_coordinator_fee_rate=50_000_000, # 0.5 %
max_fee_per_kvbyte=3500,
n=parse_path("m/84h/1h/0h"),
coin_name="Testnet",
script_type=messages.InputScriptType.SPENDWITNESS,
)
# Open a second session.
session_id1 = client.session_id
client.init_device(new_session=True)
# Authorize CoinJoin with www.example2.com in session 2.
btc.authorize_coinjoin(
client,
coordinator="www.example2.com",
max_rounds=10,
max_coordinator_fee_rate=50_000_000, # 0.5 %
max_fee_per_kvbyte=3500,
n=parse_path("m/84h/1h/0h"),
coin_name="Testnet",
script_type=messages.InputScriptType.SPENDWITNESS,
)
# Requesting a preauthorized ownership proof for www.example1.com should fail in session 2.
with pytest.raises(TrezorFailure, match="Unauthorized operation"):
ownership_proof, _ = btc.get_ownership_proof(
client,
"Testnet",
parse_path("m/84h/1h/0h/1/0"),
script_type=messages.InputScriptType.SPENDWITNESS,
user_confirmation=True,
commitment_data=b"\x10www.example1.com" + (1).to_bytes(ROUND_ID_LEN, "big"),
preauthorized=True,
)
# Requesting a preauthorized ownership proof for www.example2.com should succeed in session 2.
ownership_proof, _ = btc.get_ownership_proof(
client,
"Testnet",
parse_path("m/84h/1h/0h/1/0"),
script_type=messages.InputScriptType.SPENDWITNESS,
user_confirmation=True,
commitment_data=b"\x10www.example2.com" + (1).to_bytes(ROUND_ID_LEN, "big"),
preauthorized=True,
)
assert (
ownership_proof.hex()
== "534c00190101f3ce2cb33599634353452b60b38e311282b6fca743eb6147d3d492066c8963de0002483045022100e09d9c43108841930e5cb0b0336d022684ded53c7b76e2a8e037eab0950f62ae02205409788b59624c75d2af48cd0da4ab2c1814e719b6036baf2df946d9cc68b488012103505647c017ff2156eb6da20fae72173d3b681a1d0a629f95f49e884db300689f"
)
# Switch back to the first session.
session_id2 = client.session_id
client.init_device(session_id=session_id1)
# Requesting a preauthorized ownership proof for www.example1.com should succeed in session 1.
ownership_proof, _ = btc.get_ownership_proof(
client,
"Testnet",
parse_path("m/84h/1h/0h/1/0"),
script_type=messages.InputScriptType.SPENDWITNESS,
user_confirmation=True,
commitment_data=b"\x10www.example1.com" + (1).to_bytes(ROUND_ID_LEN, "big"),
preauthorized=True,
)
assert (
ownership_proof.hex()
== "534c00190101f3ce2cb33599634353452b60b38e311282b6fca743eb6147d3d492066c8963de000247304402203522d44da76232481ae7f045cddec4a2aa3f3e4e46f7a54ffe456702b6f7185b02203c95860358a703c7497f5e22c9e4506114de5d7257af651ccff1bb6cf50b80cb012103505647c017ff2156eb6da20fae72173d3b681a1d0a629f95f49e884db300689f"
)
# Requesting a preauthorized ownership proof for www.example2.com should fail in session 1.
with pytest.raises(TrezorFailure, match="Unauthorized operation"):
ownership_proof, _ = btc.get_ownership_proof(
client,
"Testnet",
parse_path("m/84h/1h/0h/1/0"),
script_type=messages.InputScriptType.SPENDWITNESS,
user_confirmation=True,
commitment_data=b"\x10www.example2.com" + (1).to_bytes(ROUND_ID_LEN, "big"),
preauthorized=True,
)
# Cancel the authorization in session 1.
device.cancel_authorization(client)
# Requesting a preauthorized ownership proof should fail now.
with pytest.raises(TrezorFailure, match="No preauthorized operation"):
ownership_proof, _ = btc.get_ownership_proof(
client,
"Testnet",
parse_path("m/84h/1h/0h/1/0"),
script_type=messages.InputScriptType.SPENDWITNESS,
user_confirmation=True,
commitment_data=b"\x10www.example1.com" + (1).to_bytes(ROUND_ID_LEN, "big"),
preauthorized=True,
)
# Switch to the second session.
client.init_device(session_id=session_id2)
# Requesting a preauthorized ownership proof for www.example2.com should still succeed in session 2.
ownership_proof, _ = btc.get_ownership_proof(
client,
"Testnet",
parse_path("m/84h/1h/0h/1/0"),
script_type=messages.InputScriptType.SPENDWITNESS,
user_confirmation=True,
commitment_data=b"\x10www.example2.com" + (1).to_bytes(ROUND_ID_LEN, "big"),
preauthorized=True,
)