mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-12-18 04:18:10 +00:00
feat(python/trezorctl): support prompt configuration for encrypt/decrypt keyvalue
fixes #2608
This commit is contained in:
parent
cc2314d89d
commit
09de7ce4f2
1
python/.changelog.d/2608.added
Normal file
1
python/.changelog.d/2608.added
Normal file
@ -0,0 +1 @@
|
||||
trezorctl: Support prompt configuration for `encrypt-keyvalue` / `decrypt-keyvalue`.
|
@ -14,17 +14,27 @@
|
||||
# You should have received a copy of the License along with this library.
|
||||
# If not, see <https://www.gnu.org/licenses/lgpl-3.0.html>.
|
||||
|
||||
from typing import TYPE_CHECKING
|
||||
from typing import TYPE_CHECKING, Tuple
|
||||
|
||||
import click
|
||||
|
||||
from .. import misc, tools
|
||||
from . import with_client
|
||||
from . import ChoiceType, with_client
|
||||
|
||||
if TYPE_CHECKING:
|
||||
from ..client import TrezorClient
|
||||
|
||||
|
||||
PROMPT_TYPE = ChoiceType(
|
||||
{
|
||||
"always": (True, True),
|
||||
"never": (False, False),
|
||||
"decrypt": (False, True),
|
||||
"encrypt": (True, False),
|
||||
}
|
||||
)
|
||||
|
||||
|
||||
@click.group(name="crypto")
|
||||
def cli() -> None:
|
||||
"""Miscellaneous cryptography features."""
|
||||
@ -40,23 +50,72 @@ def get_entropy(client: "TrezorClient", size: int) -> str:
|
||||
|
||||
@cli.command()
|
||||
@click.option("-n", "--address", required=True, help="BIP-32 path, e.g. m/10016'/0")
|
||||
@click.option(
|
||||
"-p", "--prompt", type=PROMPT_TYPE, default="always", help="Prompt for passphrase"
|
||||
)
|
||||
@click.argument("key")
|
||||
@click.argument("value")
|
||||
@with_client
|
||||
def encrypt_keyvalue(client: "TrezorClient", address: str, key: str, value: str) -> str:
|
||||
"""Encrypt value by given key and path."""
|
||||
def encrypt_keyvalue(
|
||||
client: "TrezorClient",
|
||||
address: str,
|
||||
key: str,
|
||||
value: str,
|
||||
prompt: Tuple[bool, bool],
|
||||
) -> str:
|
||||
"""Encrypt value by given key and path.
|
||||
|
||||
The `prompt` option controls whether the device will prompt for confirmation on
|
||||
encrypting and decrypting the value. The default is to prompt for both encryption
|
||||
and decryption.
|
||||
|
||||
You must provide the same `prompt` option to the `decrypt-keyvalue` command,
|
||||
otherwise the decryption will fail.
|
||||
"""
|
||||
ask_on_encrypt, ask_on_decrypt = prompt
|
||||
address_n = tools.parse_path(address)
|
||||
return misc.encrypt_keyvalue(client, address_n, key, value.encode()).hex()
|
||||
return misc.encrypt_keyvalue(
|
||||
client,
|
||||
address_n,
|
||||
key,
|
||||
value.encode(),
|
||||
ask_on_encrypt=ask_on_encrypt,
|
||||
ask_on_decrypt=ask_on_decrypt,
|
||||
).hex()
|
||||
|
||||
|
||||
@cli.command()
|
||||
@click.option("-n", "--address", required=True, help="BIP-32 path, e.g. m/10016'/0")
|
||||
@click.option(
|
||||
"-p", "--prompt", type=PROMPT_TYPE, default="always", help="Prompt for passphrase"
|
||||
)
|
||||
@click.argument("key")
|
||||
@click.argument("value")
|
||||
@with_client
|
||||
def decrypt_keyvalue(
|
||||
client: "TrezorClient", address: str, key: str, value: str
|
||||
client: "TrezorClient",
|
||||
address: str,
|
||||
key: str,
|
||||
value: str,
|
||||
prompt: Tuple[bool, bool],
|
||||
) -> bytes:
|
||||
"""Decrypt value by given key and path."""
|
||||
"""Decrypt value by given key and path.
|
||||
|
||||
The `prompt` option controls whether the device will prompt for confirmation on
|
||||
encrypting and decrypting the value. The default is to prompt for both encryption
|
||||
and decryption.
|
||||
|
||||
You must use the same `prompt` value that you used for encryption, otherwise the
|
||||
decryption will fail. I.e., it is not possible to encrypt with "--prompt=decrypt"
|
||||
and decrypt with "--prompt=never".
|
||||
"""
|
||||
ask_on_encrypt, ask_on_decrypt = prompt
|
||||
address_n = tools.parse_path(address)
|
||||
return misc.decrypt_keyvalue(client, address_n, key, bytes.fromhex(value))
|
||||
return misc.decrypt_keyvalue(
|
||||
client,
|
||||
address_n,
|
||||
key,
|
||||
bytes.fromhex(value),
|
||||
ask_on_encrypt=ask_on_encrypt,
|
||||
ask_on_decrypt=ask_on_decrypt,
|
||||
)
|
||||
|
Loading…
Reference in New Issue
Block a user