bip32: a specific error for privkey-requiring derivation

The assertions one layer below will do the same, but it's not a nice
error for the caller.

Reported-by: Wladimir J. van der Laan <laanwj@protonmail.com>
Signed-off-by: Antoine Poinsot <darosior@protonmail.com>

Author: darosior

bip32/__init__.py

@@ -1,10 +1,11 @@
-from .bip32 import BIP32
+from .bip32 import BIP32, PrivateDerivationError
 from .utils import BIP32DerivationError, HARDENED_INDEX
 
 __version__ = "0.0.8"
 
 __all__ = [
     "BIP32",
     "BIP32DerivationError",
+    "PrivateDerivationError",
     "HARDENED_INDEX",
 ]

bip32/bip32.py

@@ -10,6 +10,13 @@
 )
 
 
+class PrivateDerivationError(ValueError):
+    """
+    Tried to use a derivation requiring private keys, without private keys.
+    """
+    pass
+
+
 class BIP32:
     def __init__(self, chaincode, privkey=None, pubkey=None, fingerprint=None,
                  depth=0, index=0, network="main"):
@@ -53,8 +60,12 @@ def get_extended_privkey_from_path(self, path):
                      m/x/x'/x notation. (e.g. m/0'/1/2'/2 or m/0H/1/2H/2).
         :return: chaincode (bytes), privkey (bytes)
         """
+        if self.master_privkey is None:
+            raise PrivateDerivationError
+
         if isinstance(path, str):
             path = _deriv_path_str_to_list(path)
+
         chaincode, privkey = self.master_chaincode, self.master_privkey
         for index in path:
             if index & HARDENED_INDEX:
@@ -63,6 +74,7 @@ def get_extended_privkey_from_path(self, path):
             else:
                 privkey, chaincode = \
                     _derive_unhardened_private_child(privkey, chaincode, index)
+
         return chaincode, privkey
 
     def get_privkey_from_path(self, path):
@@ -72,6 +84,9 @@ def get_privkey_from_path(self, path):
                      m/x/x'/x notation. (e.g. m/0'/1/2'/2 or m/0H/1/2H/2).
         :return: privkey (bytes)
         """
+        if self.master_privkey is None:
+            raise PrivateDerivationError
+
         return self.get_extended_privkey_from_path(path)[1]
 
     def get_extended_pubkey_from_path(self, path):
@@ -83,6 +98,10 @@ def get_extended_pubkey_from_path(self, path):
         """
         if isinstance(path, str):
             path = _deriv_path_str_to_list(path)
+
+        if _hardened_index_in_path(path) and self.master_privkey is None:
+            raise PrivateDerivationError
+
         chaincode, key = self.master_chaincode, self.master_privkey
         pubkey = self.master_pubkey
         # We'll need the private key at some point anyway, so let's derive
@@ -102,6 +121,7 @@ def get_extended_pubkey_from_path(self, path):
             for index in path:
                 pubkey, chaincode = \
                     _derive_public_child(pubkey, chaincode, index)
+
         return chaincode, pubkey
 
     def get_pubkey_from_path(self, path):
@@ -120,8 +140,12 @@ def get_xpriv_from_path(self, path):
                      m/x/x'/x notation. (e.g. m/0'/1/2'/2 or m/0H/1/2H/2).
         :return: The encoded extended pubkey as str.
         """
+        if self.master_privkey is None:
+            raise PrivateDerivationError
+
         if isinstance(path, str):
             path = _deriv_path_str_to_list(path)
+
         if len(path) == 0:
             return self.get_master_xpriv()
         elif len(path) == 1:
@@ -133,6 +157,7 @@ def get_xpriv_from_path(self, path):
                                                parent_pubkey,
                                                path[-1], chaincode,
                                                self.network)
+
         return base58.b58encode_check(extended_key).decode()
 
     def get_xpub_from_path(self, path):
@@ -144,6 +169,10 @@ def get_xpub_from_path(self, path):
         """
         if isinstance(path, str):
             path = _deriv_path_str_to_list(path)
+
+        if _hardened_index_in_path(path) and self.master_privkey is None:
+            raise PrivateDerivationError
+
         if len(path) == 0:
             return self.get_master_xpub()
         elif len(path) == 1:
@@ -155,10 +184,13 @@ def get_xpub_from_path(self, path):
                                                parent_pubkey,
                                                path[-1], chaincode,
                                                self.network)
+
         return base58.b58encode_check(extended_key).decode()
 
     def get_master_xpriv(self):
         """Get the encoded extended private key of the master private key"""
+        if self.master_privkey is None:
+            raise PrivateDerivationError
         extended_key = _serialize_extended_key(self.master_privkey, self.depth,
                                                self.parent_fingerprint,
                                                self.index,

tests/test_bip32.py

@@ -2,7 +2,7 @@
 import os
 import pytest
 
-from bip32 import BIP32, HARDENED_INDEX
+from bip32 import BIP32, HARDENED_INDEX, PrivateDerivationError
 
 
 def test_vector_1():
@@ -162,3 +162,15 @@ def test_sanity_checks():
     # But getting from "m'" does not make sense
     with pytest.raises(ValueError, match="invalid format"):
         bip32.get_pubkey_from_path("m'")
+
+    # We raise if we attempt to use a privkey without privkey access
+    bip32 = BIP32.from_xpub("xpub6C6zm7YgrLrnd7gXkyYDjQihT6F2ei9EYbNuSiDAjok7Ht56D5zbnv8WDoAJGg1RzKzK4i9U2FUwXG7TFGETFc35vpQ4sZBuYKntKMLshiq")
+    bip32.get_master_xpub()
+    bip32.get_pubkey_from_path("m/0/1")
+    bip32.get_xpub_from_path("m/10000/18")
+    with pytest.raises(PrivateDerivationError):
+        bip32.get_master_xpriv()
+        bip32.get_extended_privkey_from_path("m/0/1/2")
+        bip32.get_privkey_from_path([9, 8])
+        bip32.get_pubkey_from_path("m/0'/1")
+        bip32.get_xpub_from_path("m/10000'/18")