trezor-firmware/core/src/apps/cardano/seed.py

from storage import cache, device
from trezor import wire
from trezor.crypto import bip32

from apps.common import mnemonic
from apps.common.passphrase import get as get_passphrase

from .helpers import seed_namespaces

if False:
    from apps.common.paths import Bip32Path
    from apps.common.keychain import MsgIn, MsgOut, Handler, HandlerWithKeychain


class Keychain:
    """Cardano keychain hard-coded to Byron and Shelley seed namespaces."""

    def __init__(self, root: bip32.HDNode) -> None:
        self.root = root
        self.byron_root = self._create_namespace_root(seed_namespaces.BYRON)
        self.shelley_root = self._create_namespace_root(seed_namespaces.SHELLEY)

    def verify_path(self, path: Bip32Path) -> None:
        if not is_byron_path(path) and not is_shelley_path(path):
            raise wire.DataError("Forbidden key path")

    def _create_namespace_root(self, namespace: list):
        new_root = self.root.clone()
        for i in namespace:
            new_root.derive_cardano(i)

        return new_root

    def _get_path_root(self, path: list):
        if is_byron_path(path):
            return self.byron_root
        elif is_shelley_path(path):
            return self.shelley_root
        else:
            raise wire.DataError("Forbidden key path")

    def derive(self, node_path: Bip32Path) -> bip32.HDNode:
        self.verify_path(node_path)
        path_root = self._get_path_root(node_path)

        # this is true now, so for simplicity we don't branch on path type
        assert len(seed_namespaces.BYRON) == len(seed_namespaces.SHELLEY)
        suffix = node_path[len(seed_namespaces.SHELLEY) :]

        # derive child node from the root
        node = path_root.clone()
        for i in suffix:
            node.derive_cardano(i)
        return node

    # XXX the root node remains in session cache so we should not delete it
    # def __del__(self) -> None:
    #     self.root.__del__()


def is_byron_path(path: Bip32Path):
    return path[: len(seed_namespaces.BYRON)] == seed_namespaces.BYRON


def is_shelley_path(path: Bip32Path):
    return path[: len(seed_namespaces.SHELLEY)] == seed_namespaces.SHELLEY


@cache.stored_async(cache.APP_CARDANO_ROOT)
async def get_keychain(ctx: wire.Context) -> Keychain:
    if not device.is_initialized():
        raise wire.NotInitialized("Device is not initialized")

    passphrase = await get_passphrase(ctx)
    if mnemonic.is_bip39():
        # derive the root node from mnemonic and passphrase via Cardano Icarus algorithm
        root = bip32.from_mnemonic_cardano(mnemonic.get_secret().decode(), passphrase)
    else:
        # derive the root node via SLIP-0023
        seed = mnemonic.get_seed(passphrase)
        root = bip32.from_seed(seed, "ed25519 cardano seed")

    keychain = Keychain(root)
    return keychain


def with_keychain(func: HandlerWithKeychain[MsgIn, MsgOut]) -> Handler[MsgIn, MsgOut]:
    async def wrapper(ctx: wire.Context, msg: MsgIn) -> MsgOut:
        keychain = await get_keychain(ctx)
        return await func(ctx, msg, keychain)

    return wrapper
core: wipe before reset and recovery; introduce 'intialized' field 4 years ago			`from storage import cache, device`
apps: introduce Keychain API 6 years ago			`from trezor import wire`
			`from trezor.crypto import bip32`

core: create top-level storage module This is to avoid including app-specific functionality in storage and avoid circular imports. The following policy is now in effect: modules from `storage` namespace must not import from `apps` namespace. In most files, the change only involves changing import paths. A minor refactor was needed in case of webauthn: basic get/set/delete functionality was left in storage.webauthn, and more advanced logic on top of it was moved to apps.webauthn.resident_credentials. A significant refactor was needed for sd_salt, where application (and UI) logic was tightly coupled with the IO code. This is now separated, and storage.sd_salt deals exclusively with the IO side, while the app/UI logic is implemented on top of it in apps.common.sd_salt and apps.management.sd_protect. 5 years ago			`from apps.common import mnemonic`
all: rework passphrase The `on_device` field is being moved to PassphraseAck, State messages are removed. Features newly contain `session_id`. 5 years ago			`from apps.common.passphrase import get as get_passphrase`

Cardano shelley update 2/3 (#1112) 4 years ago			`from .helpers import seed_namespaces`
Update Cardano to support Shelley era 1/3 Update protobuf - Previous transactions don't need to be sent anymore, because fee is included in the transaction now. Thus transactions_count can be removed from CardanoSignTx message and the CardanoTxAck and CardanoTxRequest messages can be removed altogether. - CardanoTxInputType.type is unused so remove it Add NULL (None type) serialisation to CBOR - Transaction metada must either have a valid structure or CBOR NULL must be used (if metadata is empty) - it can't be simply left out. Add protocol_magics file - Just to have a nicer way of representing protocol magics Update transaction signing - Previous transactions no longer need to be requested - Output building is simplified, since fee doesn't need to be calculated - Remove transaction class since it is no longer needed (only functions remained) - Reorder functions so it reads top to bottom Add protocol magic to byron address on testnet - This has always been a part of the spec, but it hasn't been implemented before, because it wasn't really needed. Update trezorlib Update tests - Transaction messages are no longer required - Expected values are different since tx format changed - Common values in test cases have been extracted Remove unused file - Progress was used when receiving previous transactions Add CRC check to output address validation 4 years ago
core/cardano: use caching decorators and new Keychain API for Cardano as well 4 years ago			`if False:`
core: update references to keychain everywhere 4 years ago			`from apps.common.paths import Bip32Path`
			`from apps.common.keychain import MsgIn, MsgOut, Handler, HandlerWithKeychain`
core/cardano: use caching decorators and new Keychain API for Cardano as well 4 years ago
apps: introduce Keychain API 6 years ago
			`class Keychain:`
Cardano shelley update 2/3 (#1112) 4 years ago			`"""Cardano keychain hard-coded to Byron and Shelley seed namespaces."""`
core/cardano: use caching decorators and new Keychain API for Cardano as well 4 years ago
			`def __init__(self, root: bip32.HDNode) -> None:`
apps: introduce Keychain API 6 years ago			`self.root = root`
Cardano shelley update 2/3 (#1112) 4 years ago			`self.byron_root = self._create_namespace_root(seed_namespaces.BYRON)`
			`self.shelley_root = self._create_namespace_root(seed_namespaces.SHELLEY)`
apps: introduce Keychain API 6 years ago
core: refactor keychain to only support one curve at a time also make a cleaner distinction between keychain, seed, path This enables using `unsafe_prompts`, because with the original code, if there was no namespace match, we wouldn't know which curve to use. For ease of implementation, we use a LRU cache for derived keys, instead of the original design "one cache entry per namespace". SLIP21 is now treated completely separately, via `slip21_namespaces` and `derive_slip21` method. If more slip21-like things come in the future, we can instead hang them on the keychain: put a per-curve Keychain object accessible by `keychain[curve_name].derive()`, and the majority usecase will just pass around `keychain[curve_name]` instead of having to specify the curve in every `derive()` call. Or alternately we'll just specify the curve in every `derive()` call, whichever seems more appropriate. 4 years ago			`def verify_path(self, path: Bip32Path) -> None:`
Cardano shelley update 2/3 (#1112) 4 years ago			`if not is_byron_path(path) and not is_shelley_path(path):`
			`raise wire.DataError("Forbidden key path")`

			`def _create_namespace_root(self, namespace: list):`
			`new_root = self.root.clone()`
			`for i in namespace:`
			`new_root.derive_cardano(i)`

			`return new_root`

			`def _get_path_root(self, path: list):`
			`if is_byron_path(path):`
			`return self.byron_root`
			`elif is_shelley_path(path):`
			`return self.shelley_root`
			`else:`
common: pass Keychain to path validation function closes #519 5 years ago			`raise wire.DataError("Forbidden key path")`

core/cardano: use caching decorators and new Keychain API for Cardano as well 4 years ago			`def derive(self, node_path: Bip32Path) -> bip32.HDNode:`
Cardano shelley update 2/3 (#1112) 4 years ago			`self.verify_path(node_path)`
			`path_root = self._get_path_root(node_path)`

			`# this is true now, so for simplicity we don't branch on path type`
			`assert len(seed_namespaces.BYRON) == len(seed_namespaces.SHELLEY)`
			`suffix = node_path[len(seed_namespaces.SHELLEY) :]`

seed: add support for key namespaces 6 years ago			`# derive child node from the root`
Cardano shelley update 2/3 (#1112) 4 years ago			`node = path_root.clone()`
seed: add support for key namespaces 6 years ago			`for i in suffix:`
apps: introduce Keychain API 6 years ago			`node.derive_cardano(i)`
			`return node`

core/cardano: use caching decorators and new Keychain API for Cardano as well 4 years ago			`# XXX the root node remains in session cache so we should not delete it`
			`# def __del__(self) -> None:`
			`# self.root.__del__()`
apps: introduce Keychain API 6 years ago
all: rework passphrase The `on_device` field is being moved to PassphraseAck, State messages are removed. Features newly contain `session_id`. 5 years ago
Cardano shelley update 2/3 (#1112) 4 years ago			`def is_byron_path(path: Bip32Path):`
			`return path[: len(seed_namespaces.BYRON)] == seed_namespaces.BYRON`


			`def is_shelley_path(path: Bip32Path):`
			`return path[: len(seed_namespaces.SHELLEY)] == seed_namespaces.SHELLEY`


core/cardano: use caching decorators and new Keychain API for Cardano as well 4 years ago			`@cache.stored_async(cache.APP_CARDANO_ROOT)`
			`async def get_keychain(ctx: wire.Context) -> Keychain:`
core: wipe before reset and recovery; introduce 'intialized' field 4 years ago			`if not device.is_initialized():`
core, legacy: Don't allow change_pin if device is not initialized. 5 years ago			`raise wire.NotInitialized("Device is not initialized")`
cardano: Implement SLIP-0023 and add SLIP-0039 support for Cardano. 5 years ago
core/cardano: use caching decorators and new Keychain API for Cardano as well 4 years ago			`passphrase = await get_passphrase(ctx)`
			`if mnemonic.is_bip39():`
core/cardano: explanation about seed derivation 4 years ago			`# derive the root node from mnemonic and passphrase via Cardano Icarus algorithm`
core/cardano: use caching decorators and new Keychain API for Cardano as well 4 years ago			`root = bip32.from_mnemonic_cardano(mnemonic.get_secret().decode(), passphrase)`
			`else:`
core/cardano: explanation about seed derivation 4 years ago			`# derive the root node via SLIP-0023`
core/cardano: use caching decorators and new Keychain API for Cardano as well 4 years ago			`seed = mnemonic.get_seed(passphrase)`
			`root = bip32.from_seed(seed, "ed25519 cardano seed")`

			`keychain = Keychain(root)`
apps: introduce Keychain API 6 years ago			`return keychain`
core/cardano: use caching decorators and new Keychain API for Cardano as well 4 years ago

			`def with_keychain(func: HandlerWithKeychain[MsgIn, MsgOut]) -> Handler[MsgIn, MsgOut]:`
			`async def wrapper(ctx: wire.Context, msg: MsgIn) -> MsgOut:`
			`keychain = await get_keychain(ctx)`
			`return await func(ctx, msg, keychain)`

			`return wrapper`