2018-06-21 14:28:34 +00:00
|
|
|
# This file is part of the Trezor project.
|
2017-01-03 18:40:05 +00:00
|
|
|
#
|
2019-05-29 16:44:09 +00:00
|
|
|
# Copyright (C) 2012-2019 SatoshiLabs and contributors
|
2017-01-03 18:40:05 +00:00
|
|
|
#
|
|
|
|
# This library is free software: you can redistribute it and/or modify
|
2018-06-21 14:28:34 +00:00
|
|
|
# it under the terms of the GNU Lesser General Public License version 3
|
|
|
|
# as published by the Free Software Foundation.
|
2017-01-03 18:40:05 +00:00
|
|
|
#
|
|
|
|
# This library is distributed in the hope that it will be useful,
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
# GNU Lesser General Public License for more details.
|
|
|
|
#
|
2018-06-21 14:28:34 +00:00
|
|
|
# You should have received a copy of the License along with this library.
|
|
|
|
# If not, see <https://www.gnu.org/licenses/lgpl-3.0.html>.
|
2017-01-03 18:40:05 +00:00
|
|
|
|
2019-09-02 08:20:51 +00:00
|
|
|
from trezorlib.messages import ButtonRequestType as B
|
|
|
|
|
2019-08-27 12:48:16 +00:00
|
|
|
# fmt: off
|
|
|
|
# 1 2 3 4 5 6 7 8 9 10 11 12
|
|
|
|
MNEMONIC12 = "alcohol woman abuse must during monitor noble actual mixed trade anger aisle"
|
|
|
|
# fmt: on
|
|
|
|
|
2019-09-02 08:20:51 +00:00
|
|
|
MNEMONIC_SHAMIR_20_3of6 = [
|
|
|
|
"extra extend academic bishop cricket bundle tofu goat apart victim enlarge program behavior permit course armed jerky faint language modern",
|
|
|
|
"extra extend academic acne away best indicate impact square oasis prospect painting voting guest either argue username racism enemy eclipse",
|
|
|
|
"extra extend academic arcade born dive legal hush gross briefing talent drug much home firefly toxic analysis idea umbrella slice",
|
|
|
|
]
|
|
|
|
MNEMONIC_SHAMIR_20_2of3_2of3_GROUPS = [
|
|
|
|
"gesture negative ceramic leaf device fantasy style ceramic safari keyboard thumb total smug cage plunge aunt favorite lizard intend peanut",
|
|
|
|
"gesture negative acrobat leaf craft sidewalk adorn spider submit bumpy alcohol cards salon making prune decorate smoking image corner method",
|
|
|
|
"gesture negative acrobat lily bishop voting humidity rhyme parcel crunch elephant victim dish mailman triumph agree episode wealthy mayor beam",
|
|
|
|
"gesture negative beard leaf deadline stadium vegan employer armed marathon alien lunar broken edge justice military endorse diet sweater either",
|
|
|
|
"gesture negative beard lily desert belong speak realize explain bolt diet believe response counter medal luck wits glance remove ending",
|
|
|
|
]
|
|
|
|
|
2016-11-28 15:01:45 +00:00
|
|
|
|
2017-06-28 15:56:58 +00:00
|
|
|
def generate_entropy(strength, internal_entropy, external_entropy):
|
2018-08-13 16:21:24 +00:00
|
|
|
"""
|
2017-06-28 15:56:58 +00:00
|
|
|
strength - length of produced seed. One of 128, 192, 256
|
|
|
|
random - binary stream of random data from external HRNG
|
2018-08-13 16:21:24 +00:00
|
|
|
"""
|
2017-12-23 20:20:49 +00:00
|
|
|
import hashlib
|
|
|
|
|
2017-06-28 15:56:58 +00:00
|
|
|
if strength not in (128, 192, 256):
|
2017-11-06 10:09:54 +00:00
|
|
|
raise ValueError("Invalid strength")
|
2017-06-28 15:56:58 +00:00
|
|
|
|
|
|
|
if not internal_entropy:
|
2017-11-06 10:09:54 +00:00
|
|
|
raise ValueError("Internal entropy is not provided")
|
2017-06-28 15:56:58 +00:00
|
|
|
|
|
|
|
if len(internal_entropy) < 32:
|
2017-11-06 10:09:54 +00:00
|
|
|
raise ValueError("Internal entropy too short")
|
2017-06-28 15:56:58 +00:00
|
|
|
|
|
|
|
if not external_entropy:
|
2017-11-06 10:09:54 +00:00
|
|
|
raise ValueError("External entropy is not provided")
|
2017-06-28 15:56:58 +00:00
|
|
|
|
|
|
|
if len(external_entropy) < 32:
|
2017-11-06 10:09:54 +00:00
|
|
|
raise ValueError("External entropy too short")
|
2017-06-28 15:56:58 +00:00
|
|
|
|
|
|
|
entropy = hashlib.sha256(internal_entropy + external_entropy).digest()
|
2018-08-13 16:21:24 +00:00
|
|
|
entropy_stripped = entropy[: strength // 8]
|
2017-06-28 15:56:58 +00:00
|
|
|
|
|
|
|
if len(entropy_stripped) * 8 != strength:
|
2017-11-06 10:09:54 +00:00
|
|
|
raise ValueError("Entropy length mismatch")
|
2017-06-28 15:56:58 +00:00
|
|
|
|
|
|
|
return entropy_stripped
|
2019-09-02 08:20:51 +00:00
|
|
|
|
|
|
|
|
|
|
|
def recovery_enter_shares(debug, shares, groups=False):
|
2019-09-10 09:24:57 +00:00
|
|
|
"""Perform the recovery flow for a set of Shamir shares.
|
|
|
|
|
|
|
|
For use in an input flow function.
|
|
|
|
Example:
|
|
|
|
|
|
|
|
def input_flow():
|
|
|
|
yield # start recovery
|
|
|
|
client.debug.press_yes()
|
|
|
|
yield from recovery_enter_shares(client.debug, SOME_SHARES)
|
|
|
|
"""
|
2019-09-02 08:20:51 +00:00
|
|
|
word_count = len(shares[0].split(" "))
|
|
|
|
|
|
|
|
# Homescreen - proceed to word number selection
|
|
|
|
yield
|
|
|
|
debug.press_yes()
|
|
|
|
# Input word number
|
|
|
|
code = yield
|
|
|
|
assert code == B.MnemonicWordCount
|
|
|
|
debug.input(str(word_count))
|
|
|
|
# Homescreen - proceed to share entry
|
|
|
|
yield
|
|
|
|
debug.press_yes()
|
|
|
|
# Enter shares
|
|
|
|
for index, share in enumerate(shares):
|
|
|
|
if groups and index >= 1:
|
|
|
|
# confirm remaining shares
|
|
|
|
debug.swipe_down()
|
|
|
|
code = yield
|
|
|
|
assert code == B.Other
|
|
|
|
debug.press_yes()
|
|
|
|
|
|
|
|
code = yield
|
|
|
|
assert code == B.MnemonicInput
|
|
|
|
# Enter mnemonic words
|
|
|
|
for word in share.split(" "):
|
|
|
|
debug.input(word)
|
|
|
|
|
|
|
|
if groups:
|
|
|
|
# Confirm share entered
|
|
|
|
yield
|
|
|
|
debug.press_yes()
|
|
|
|
|
|
|
|
# Homescreen - continue
|
|
|
|
# or Homescreen - confirm success
|
|
|
|
yield
|
|
|
|
debug.press_yes()
|
2019-09-10 09:24:57 +00:00
|
|
|
|
|
|
|
|
|
|
|
def click_through(debug, screens, code=None):
|
|
|
|
"""Click through N dialog screens.
|
|
|
|
|
|
|
|
For use in an input flow function.
|
|
|
|
Example:
|
|
|
|
|
|
|
|
def input_flow():
|
|
|
|
# 1. Confirm reset
|
|
|
|
# 2. Backup your seed
|
|
|
|
# 3. Confirm warning
|
|
|
|
# 4. Shares info
|
|
|
|
yield from click_through(client.debug, screens=4, code=B.ResetDevice)
|
|
|
|
"""
|
|
|
|
for _ in range(screens):
|
|
|
|
received = yield
|
|
|
|
if code is not None:
|
|
|
|
assert received == code
|
|
|
|
debug.press_yes()
|
|
|
|
|
|
|
|
|
|
|
|
def read_and_confirm_mnemonic(debug, words):
|
|
|
|
"""Read a given number of mnemonic words from Trezor T screen and correctly
|
|
|
|
answer confirmation questions. Return the full mnemonic.
|
|
|
|
|
|
|
|
For use in an input flow function.
|
|
|
|
Example:
|
|
|
|
|
|
|
|
def input_flow():
|
|
|
|
yield from click_through(client.debug, screens=3)
|
|
|
|
|
|
|
|
yield # confirm mnemonic entry
|
|
|
|
mnemonic = read_and_confirm_mnemonic(client.debug, words=20)
|
|
|
|
"""
|
|
|
|
mnemonic = []
|
|
|
|
while True:
|
|
|
|
mnemonic.extend(debug.read_reset_word().split())
|
|
|
|
if len(mnemonic) < words:
|
|
|
|
debug.swipe_down()
|
|
|
|
else:
|
|
|
|
# last page is confirmation
|
|
|
|
debug.press_yes()
|
|
|
|
break
|
|
|
|
|
|
|
|
# check share
|
|
|
|
for _ in range(3):
|
|
|
|
index = debug.read_reset_word_pos()
|
|
|
|
debug.input(mnemonic[index])
|
|
|
|
|
|
|
|
return " ".join(mnemonic)
|