python-bip32 icon indicating copy to clipboard operation
python-bip32 copied to clipboard
verified publisher icon darosior

Library allows too-large path indices

Open jamesob opened this issue 10 months ago • 1 comments

This library allows derivation of unhardened path indices that are greater than 2**31 - 1.

For example:

b = bip32.BIP32.from_seed(b'00000000000000000000000000000000')
b.get_privkey_from_path(f'm/{2**31}')
# returns b'\xa5\xfbs\x87\x1e}\xda\xec\xc2\x9a\xb6\xd0h\xe3\x08e>\x1d\x87\x02Q\x97\xeb\x11\x12\xb3\xccI\xd0W\x95-'

While the BIP32 spec is not very clear about this, the Core implementation (https://github.com/bitcoin/bitcoin/blob/1172bc4157eefe80d1aaf0b56459857ec651e535/src/util/bip32.cpp) will specifically error if an unhardened path component that large is passed.

Found while cross-implementation fuzzing for https://github.com/jamesob/cbip32.

jamesob avatar Feb 03 '25 14:02 jamesob

Technically there no "too large indices", those are just the hardened indices. This would fail if the BIP32 object is created from a public key. I think i did this on purpose since i saw no reason to prevent users from deriving hardened indices from the raw index number. Thanks for pointing the difference in behavior with the Core wallet.

darosior avatar Feb 03 '25 14:02 darosior