1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-18 04:18:10 +00:00

feat(python/trezorctl): support prompt configuration for encrypt/decrypt keyvalue

fixes #2608
This commit is contained in:
matejcik 2023-04-24 12:37:41 +02:00
parent cc2314d89d
commit 09de7ce4f2
2 changed files with 68 additions and 8 deletions

View File

@ -0,0 +1 @@
trezorctl: Support prompt configuration for `encrypt-keyvalue` / `decrypt-keyvalue`.

View File

@ -14,17 +14,27 @@
# You should have received a copy of the License along with this library.
# If not, see <https://www.gnu.org/licenses/lgpl-3.0.html>.
from typing import TYPE_CHECKING
from typing import TYPE_CHECKING, Tuple
import click
from .. import misc, tools
from . import with_client
from . import ChoiceType, with_client
if TYPE_CHECKING:
from ..client import TrezorClient
PROMPT_TYPE = ChoiceType(
{
"always": (True, True),
"never": (False, False),
"decrypt": (False, True),
"encrypt": (True, False),
}
)
@click.group(name="crypto")
def cli() -> None:
"""Miscellaneous cryptography features."""
@ -40,23 +50,72 @@ def get_entropy(client: "TrezorClient", size: int) -> str:
@cli.command()
@click.option("-n", "--address", required=True, help="BIP-32 path, e.g. m/10016'/0")
@click.option(
"-p", "--prompt", type=PROMPT_TYPE, default="always", help="Prompt for passphrase"
)
@click.argument("key")
@click.argument("value")
@with_client
def encrypt_keyvalue(client: "TrezorClient", address: str, key: str, value: str) -> str:
"""Encrypt value by given key and path."""
def encrypt_keyvalue(
client: "TrezorClient",
address: str,
key: str,
value: str,
prompt: Tuple[bool, bool],
) -> str:
"""Encrypt value by given key and path.
The `prompt` option controls whether the device will prompt for confirmation on
encrypting and decrypting the value. The default is to prompt for both encryption
and decryption.
You must provide the same `prompt` option to the `decrypt-keyvalue` command,
otherwise the decryption will fail.
"""
ask_on_encrypt, ask_on_decrypt = prompt
address_n = tools.parse_path(address)
return misc.encrypt_keyvalue(client, address_n, key, value.encode()).hex()
return misc.encrypt_keyvalue(
client,
address_n,
key,
value.encode(),
ask_on_encrypt=ask_on_encrypt,
ask_on_decrypt=ask_on_decrypt,
).hex()
@cli.command()
@click.option("-n", "--address", required=True, help="BIP-32 path, e.g. m/10016'/0")
@click.option(
"-p", "--prompt", type=PROMPT_TYPE, default="always", help="Prompt for passphrase"
)
@click.argument("key")
@click.argument("value")
@with_client
def decrypt_keyvalue(
client: "TrezorClient", address: str, key: str, value: str
client: "TrezorClient",
address: str,
key: str,
value: str,
prompt: Tuple[bool, bool],
) -> bytes:
"""Decrypt value by given key and path."""
"""Decrypt value by given key and path.
The `prompt` option controls whether the device will prompt for confirmation on
encrypting and decrypting the value. The default is to prompt for both encryption
and decryption.
You must use the same `prompt` value that you used for encryption, otherwise the
decryption will fail. I.e., it is not possible to encrypt with "--prompt=decrypt"
and decrypt with "--prompt=never".
"""
ask_on_encrypt, ask_on_decrypt = prompt
address_n = tools.parse_path(address)
return misc.decrypt_keyvalue(client, address_n, key, bytes.fromhex(value))
return misc.decrypt_keyvalue(
client,
address_n,
key,
bytes.fromhex(value),
ask_on_encrypt=ask_on_encrypt,
ask_on_decrypt=ask_on_decrypt,
)