trezor-firmware/core/src/apps/common/seed.py

from trezor import ui, wire
from trezor.crypto import bip32

from apps.common import HARDENED, cache, mnemonic, storage
from apps.common.request_passphrase import protect_by_passphrase

allow = list


class Keychain:
    """
    Keychain provides an API for deriving HD keys from previously allowed
    key-spaces.
    """

    def __init__(self, seed: bytes, namespaces: list):
        self.seed = seed
        self.namespaces = namespaces
        self.roots = [None] * len(namespaces)

    def __del__(self):
        for root in self.roots:
            if root is not None:
                root.__del__()
        del self.roots
        del self.seed

    def validate_path(self, checked_path: list, checked_curve: str):
        for curve, *path in self.namespaces:
            if path == checked_path[: len(path)] and curve == checked_curve:
                if "ed25519" in curve and not _path_hardened(checked_path):
                    break
                return
        raise wire.DataError("Forbidden key path")

    def derive(self, node_path: list, curve_name: str = "secp256k1") -> bip32.HDNode:
        # find the root node index
        root_index = 0
        for curve, *path in self.namespaces:
            prefix = node_path[: len(path)]
            suffix = node_path[len(path) :]
            if curve == curve_name and path == prefix:
                break
            root_index += 1
        else:
            raise wire.DataError("Forbidden key path")

        # create the root node if not cached
        root = self.roots[root_index]
        if root is None:
            root = bip32.from_seed(self.seed, curve_name)
            root.derive_path(path)
            self.roots[root_index] = root

        # TODO check for ed25519?
        # derive child node from the root
        node = root.clone()
        node.derive_path(suffix)
        return node


async def get_keychain(ctx: wire.Context, namespaces: list) -> Keychain:
    if not storage.is_initialized():
        raise wire.ProcessError("Device is not initialized")
    seed = cache.get_seed()
    if seed is None:
        seed = await _compute_seed(ctx)
    keychain = Keychain(seed, namespaces)
    return keychain


def _path_hardened(path: list) -> bool:
    # TODO: move to paths.py after #538 is fixed
    for i in path:
        if not (i & HARDENED):
            return False
    return True


@ui.layout_no_slide
async def _compute_seed(ctx: wire.Context) -> bytes:
    passphrase = cache.get_passphrase()
    if passphrase is None:
        passphrase = await protect_by_passphrase(ctx)
        cache.set_passphrase(passphrase)
    seed = mnemonic.get_seed(passphrase)
    cache.set_seed(seed)
    return seed


def derive_node_without_passphrase(
    path: list, curve_name: str = "secp256k1"
) -> bip32.HDNode:
    if not storage.is_initialized():
        raise Exception("Device is not initialized")
    seed = mnemonic.get_seed(progress_bar=False)
    node = bip32.from_seed(seed, curve_name)
    node.derive_path(path)
    return node


def remove_ed25519_prefix(pubkey: bytes) -> bytes:
    # 0x01 prefix is not part of the actual public key, hence removed
    return pubkey[1:]
seed: show a waiting screen before bip39 derivation 2019-01-10 13:32:28 +00:00			`from trezor import ui, wire`
common: introduce mnemonic module To provide another layer between seed and mnemonic. First step to introduce SLIP-39 2019-03-07 13:49:23 +00:00			`from trezor.crypto import bip32`
src: run isort 2018-07-03 14:20:26 +00:00
paths: validate curve as well 2019-04-05 09:23:06 +00:00			`from apps.common import HARDENED, cache, mnemonic, storage`
src/apps: cleanup workflow modules 2018-02-27 15:35:21 +00:00			`from apps.common.request_passphrase import protect_by_passphrase`
add seed module, GetPublicKey now works 2016-10-06 13:04:38 +00:00
seed: add support for key namespaces 2018-11-14 18:58:07 +00:00			`allow = list`
add seed module, GetPublicKey now works 2016-10-06 13:04:38 +00:00

apps: introduce Keychain API 2018-11-13 16:09:52 +00:00			`class Keychain:`
seed: add support for key namespaces 2018-11-14 18:58:07 +00:00			`"""`
			`Keychain provides an API for deriving HD keys from previously allowed`
			`key-spaces.`
			`"""`
apps: introduce Keychain API 2018-11-13 16:09:52 +00:00
seed: use lazy seed derivation, wipe after the workflow ends 2018-12-13 12:53:53 +00:00			`def __init__(self, seed: bytes, namespaces: list):`
			`self.seed = seed`
			`self.namespaces = namespaces`
			`self.roots = [None] * len(namespaces)`

			`def __del__(self):`
			`for root in self.roots:`
			`if root is not None:`
			`root.__del__()`
			`del self.roots`
			`del self.seed`
seed: add support for key namespaces 2018-11-14 18:58:07 +00:00
paths: validate curve as well 2019-04-05 09:23:06 +00:00			`def validate_path(self, checked_path: list, checked_curve: str):`
seed: simplify Keychain.validate_path 2019-04-04 09:41:23 +00:00			`for curve, *path in self.namespaces:`
paths: validate curve as well 2019-04-05 09:23:06 +00:00			`if path == checked_path[: len(path)] and curve == checked_curve:`
paths: disallow special ed25519 curves 2019-04-09 14:32:52 +00:00			`if "ed25519" in curve and not _path_hardened(checked_path):`
paths: validate curve as well 2019-04-05 09:23:06 +00:00			`break`
seed: simplify Keychain.validate_path 2019-04-04 09:41:23 +00:00			`return`
			`raise wire.DataError("Forbidden key path")`
common: pass Keychain to path validation function closes #519 2019-04-02 14:00:51 +00:00
seed: add support for key namespaces 2018-11-14 18:58:07 +00:00			`def derive(self, node_path: list, curve_name: str = "secp256k1") -> bip32.HDNode:`
seed: use lazy seed derivation, wipe after the workflow ends 2018-12-13 12:53:53 +00:00			`# find the root node index`
seed: add support for key namespaces 2018-11-14 18:58:07 +00:00			`root_index = 0`
seed: use lazy seed derivation, wipe after the workflow ends 2018-12-13 12:53:53 +00:00			`for curve, *path in self.namespaces:`
seed: add support for key namespaces 2018-11-14 18:58:07 +00:00			`prefix = node_path[: len(path)]`
			`suffix = node_path[len(path) :]`
			`if curve == curve_name and path == prefix:`
			`break`
			`root_index += 1`
			`else:`
			`raise wire.DataError("Forbidden key path")`
seed: use lazy seed derivation, wipe after the workflow ends 2018-12-13 12:53:53 +00:00
			`# create the root node if not cached`
			`root = self.roots[root_index]`
			`if root is None:`
			`root = bip32.from_seed(self.seed, curve_name)`
			`root.derive_path(path)`
			`self.roots[root_index] = root`

common: pass Keychain to path validation function closes #519 2019-04-02 14:00:51 +00:00			`# TODO check for ed25519?`
seed: add support for key namespaces 2018-11-14 18:58:07 +00:00			`# derive child node from the root`
seed: use lazy seed derivation, wipe after the workflow ends 2018-12-13 12:53:53 +00:00			`node = root.clone()`
seed: add support for key namespaces 2018-11-14 18:58:07 +00:00			`node.derive_path(suffix)`
apps: introduce Keychain API 2018-11-13 16:09:52 +00:00			`return node`
add seed module, GetPublicKey now works 2016-10-06 13:04:38 +00:00

seed: use lazy seed derivation, wipe after the workflow ends 2018-12-13 12:53:53 +00:00			`async def get_keychain(ctx: wire.Context, namespaces: list) -> Keychain:`
apps/homescreen: handle Initialize.skip_passphrase TODO: tests 2018-05-28 13:20:31 +00:00			`if not storage.is_initialized():`
src: run black 2018-07-03 14:20:58 +00:00			`raise wire.ProcessError("Device is not initialized")`
apps: introduce Keychain API 2018-11-13 16:09:52 +00:00			`seed = cache.get_seed()`
			`if seed is None:`
seed: render the waiting screen in layout 2019-01-17 15:54:35 +00:00			`seed = await _compute_seed(ctx)`
seed: use lazy seed derivation, wipe after the workflow ends 2018-12-13 12:53:53 +00:00			`keychain = Keychain(seed, namespaces)`
apps: introduce Keychain API 2018-11-13 16:09:52 +00:00			`return keychain`
apps.common.seed: add get_root_without_passphrase TODO: decomplect storage/seed/workflows after introducing storage classes (session/request/persistent) 2017-05-23 10:44:36 +00:00

paths: validate curve as well 2019-04-05 09:23:06 +00:00			`def _path_hardened(path: list) -> bool:`
			`# TODO: move to paths.py after #538 is fixed`
			`for i in path:`
			`if not (i & HARDENED):`
			`return False`
			`return True`


seed: use sync backlight sliding 2019-02-21 12:22:57 +00:00			`@ui.layout_no_slide`
seed: render the waiting screen in layout 2019-01-17 15:54:35 +00:00			`async def _compute_seed(ctx: wire.Context) -> bytes:`
			`passphrase = cache.get_passphrase()`
			`if passphrase is None:`
			`passphrase = await protect_by_passphrase(ctx)`
			`cache.set_passphrase(passphrase)`
common: introduce mnemonic module To provide another layer between seed and mnemonic. First step to introduce SLIP-39 2019-03-07 13:49:23 +00:00			`seed = mnemonic.get_seed(passphrase)`
seed: render the waiting screen in layout 2019-01-17 15:54:35 +00:00			`cache.set_seed(seed)`
			`return seed`


src: run black 2018-07-03 14:20:58 +00:00			`def derive_node_without_passphrase(`
seed: add support for key namespaces 2018-11-14 18:58:07 +00:00			`path: list, curve_name: str = "secp256k1"`
src: run black 2018-07-03 14:20:58 +00:00			`) -> bip32.HDNode:`
apps.common.seed: add get_root_without_passphrase TODO: decomplect storage/seed/workflows after introducing storage classes (session/request/persistent) 2017-05-23 10:44:36 +00:00			`if not storage.is_initialized():`
src: run black 2018-07-03 14:20:58 +00:00			`raise Exception("Device is not initialized")`
mnemonic: do not use progress bar for U2F fixes #523 2019-03-29 13:23:46 +00:00			`seed = mnemonic.get_seed(progress_bar=False)`
apps/common/seed: refactor methods usage 2018-02-06 13:28:22 +00:00			`node = bip32.from_seed(seed, curve_name)`
			`node.derive_path(path)`
			`return node`
stellar: init; get public key 2018-05-11 13:31:53 +00:00

apps: move ed25519 prefix common function 2018-06-18 12:23:33 +00:00			`def remove_ed25519_prefix(pubkey: bytes) -> bytes:`
stellar: init; get public key 2018-05-11 13:31:53 +00:00			`# 0x01 prefix is not part of the actual public key, hence removed`
			`return pubkey[1:]`