1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-01-26 23:32:03 +00:00

Merge pull request #280 from trezor/andrewkozlik/slip-0021

Add SLIP-0021 implementation and tests.
This commit is contained in:
Andrew Kozlik 2019-08-06 14:26:34 +02:00 committed by GitHub
commit 0a594ea1e9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 94 additions and 11 deletions

View File

@ -54,7 +54,7 @@ STATIC mp_obj_t mod_trezorcrypto_Sha512_make_new(const mp_obj_type_t *type,
return MP_OBJ_FROM_PTR(o); return MP_OBJ_FROM_PTR(o);
} }
/// def hash(self, data: bytes) -> None: /// def update(self, data: bytes) -> None:
/// """ /// """
/// Update the hash context with hashed data. /// Update the hash context with hashed data.
/// """ /// """

View File

@ -358,7 +358,7 @@ class sha512:
Creates a hash context object. Creates a hash context object.
""" """
def hash(self, data: bytes) -> None: def update(self, data: bytes) -> None:
""" """
Update the hash context with hashed data. Update the hash context with hashed data.
""" """

View File

@ -1,11 +1,36 @@
from trezor import wire from trezor import wire
from trezor.crypto import bip32 from trezor.crypto import bip32, hashlib, hmac
from apps.common import HARDENED, cache, mnemonic, storage from apps.common import HARDENED, cache, mnemonic, storage
from apps.common.request_passphrase import protect_by_passphrase from apps.common.request_passphrase import protect_by_passphrase
if False: if False:
from typing import List, Optional from typing import List, Union
class Slip21Node:
def __init__(self, seed: bytes = None) -> None:
if seed is not None:
self.data = hmac.new(b"Symmetric key seed", seed, hashlib.sha512).digest()
else:
self.data = b""
def __del__(self) -> None:
del self.data
def derive_path(self, path: list) -> None:
for label in path:
h = hmac.new(self.data[0:32], b"\x00", hashlib.sha512)
h.update(label)
self.data = h.digest()
def key(self) -> bytes:
return self.data[32:64]
def clone(self) -> "Slip21Node":
node = Slip21Node()
node.data = self.data
return node
class Keychain: class Keychain:
@ -17,7 +42,9 @@ class Keychain:
def __init__(self, seed: bytes, namespaces: list): def __init__(self, seed: bytes, namespaces: list):
self.seed = seed self.seed = seed
self.namespaces = namespaces self.namespaces = namespaces
self.roots = [None] * len(namespaces) # type: List[Optional[bip32.HDNode]] self.roots = [None] * len(
namespaces
) # type: List[Union[bip32.HDNode, Slip21Node, None]]
def __del__(self) -> None: def __del__(self) -> None:
for root in self.roots: for root in self.roots:
@ -34,7 +61,12 @@ class Keychain:
return return
raise wire.DataError("Forbidden key path") raise wire.DataError("Forbidden key path")
def derive(self, node_path: list, curve_name: str = "secp256k1") -> bip32.HDNode: def derive(
self, node_path: list, curve_name: str = "secp256k1"
) -> Union[bip32.HDNode, Slip21Node]:
if "ed25519" in curve_name and not _path_hardened(node_path):
raise wire.DataError("Forbidden key path")
# find the root node index # find the root node index
root_index = 0 root_index = 0
for curve, *path in self.namespaces: for curve, *path in self.namespaces:
@ -49,11 +81,13 @@ class Keychain:
# create the root node if not cached # create the root node if not cached
root = self.roots[root_index] root = self.roots[root_index]
if root is None: if root is None:
root = bip32.from_seed(self.seed, curve_name) if curve_name != "slip21":
root = bip32.from_seed(self.seed, curve_name)
else:
root = Slip21Node(self.seed)
root.derive_path(path) root.derive_path(path)
self.roots[root_index] = root self.roots[root_index] = root
# TODO check for ed25519?
# derive child node from the root # derive child node from the root
node = root.clone() node = root.clone()
node.derive_path(suffix) node.derive_path(suffix)
@ -86,6 +120,15 @@ def derive_node_without_passphrase(
return node return node
def derive_slip21_node_without_passphrase(path: list) -> Slip21Node:
if not storage.is_initialized():
raise Exception("Device is not initialized")
seed = mnemonic.get_seed(progress_bar=False)
node = Slip21Node(seed)
node.derive_path(path)
return node
def remove_ed25519_prefix(pubkey: bytes) -> bytes: def remove_ed25519_prefix(pubkey: bytes) -> bytes:
# 0x01 prefix is not part of the actual public key, hence removed # 0x01 prefix is not part of the actual public key, hence removed
return pubkey[1:] return pubkey[1:]

View File

@ -1,7 +1,8 @@
from common import * from common import *
from apps.common import HARDENED from apps.common import HARDENED
from apps.common.seed import Keychain, _path_hardened from apps.common.seed import Keychain, Slip21Node, _path_hardened
from trezor import wire from trezor import wire
from trezor.crypto import bip39
class TestKeychain(unittest.TestCase): class TestKeychain(unittest.TestCase):
@ -75,5 +76,45 @@ class TestKeychain(unittest.TestCase):
self.assertFalse(_path_hardened([0, ])) self.assertFalse(_path_hardened([0, ]))
self.assertFalse(_path_hardened([44 | HARDENED, 1 | HARDENED, 0 | HARDENED, 0 | HARDENED, 0])) self.assertFalse(_path_hardened([44 | HARDENED, 1 | HARDENED, 0 | HARDENED, 0 | HARDENED, 0]))
def test_slip21(self):
seed = bip39.seed(' '.join(['all'] * 12), '')
node1 = Slip21Node(seed)
node2 = node1.clone()
keychain = Keychain(seed, [["slip21", b"SLIP-0021"]])
# Key(m)
KEY_M = unhexlify(b"dbf12b44133eaab506a740f6565cc117228cbf1dd70635cfa8ddfdc9af734756")
self.assertEqual(node1.key(), KEY_M)
# Key(m/"SLIP-0021")
KEY_M_SLIP0021 = unhexlify(b"1d065e3ac1bbe5c7fad32cf2305f7d709dc070d672044a19e610c77cdf33de0d")
node1.derive_path([b"SLIP-0021"])
self.assertEqual(node1.key(), KEY_M_SLIP0021)
self.assertIsNone(keychain.validate_path([b"SLIP-0021"], "slip21"))
self.assertEqual(keychain.derive([b"SLIP-0021"], "slip21").key(), KEY_M_SLIP0021)
# Key(m/"SLIP-0021"/"Master encryption key")
KEY_M_SLIP0021_MEK = unhexlify(b"ea163130e35bbafdf5ddee97a17b39cef2be4b4f390180d65b54cf05c6a82fde")
node1.derive_path([b"Master encryption key"])
self.assertEqual(node1.key(), KEY_M_SLIP0021_MEK)
self.assertIsNone(keychain.validate_path([b"SLIP-0021", b"Master encryption key"], "slip21"))
self.assertEqual(keychain.derive([b"SLIP-0021", b"Master encryption key"], "slip21").key(), KEY_M_SLIP0021_MEK)
# Key(m/"SLIP-0021"/"Authentication key")
KEY_M_SLIP0021_AK = unhexlify(b"47194e938ab24cc82bfa25f6486ed54bebe79c40ae2a5a32ea6db294d81861a6")
node2.derive_path([b"SLIP-0021", b"Authentication key"])
self.assertEqual(node2.key(), KEY_M_SLIP0021_AK)
self.assertIsNone(keychain.validate_path([b"SLIP-0021", b"Authentication key"], "slip21"))
self.assertEqual(keychain.derive([b"SLIP-0021", b"Authentication key"], "slip21").key(), KEY_M_SLIP0021_AK)
# Forbidden paths.
with self.assertRaises(wire.DataError):
self.assertFalse(keychain.validate_path([], "slip21"))
with self.assertRaises(wire.DataError):
self.assertFalse(keychain.validate_path([b"SLIP-9999", b"Authentication key"], "slip21"))
with self.assertRaises(wire.DataError):
keychain.derive([b"SLIP-9999", b"Authentication key"], "slip21").key()
if __name__ == '__main__': if __name__ == '__main__':
unittest.main() unittest.main()

View File

@ -156,9 +156,8 @@ class TestSignTxFeeThreshold(unittest.TestCase):
] ]
seed = bip39.seed('alcohol woman abuse must during monitor noble actual mixed trade anger aisle', '') seed = bip39.seed('alcohol woman abuse must during monitor noble actual mixed trade anger aisle', '')
root = bip32.from_seed(seed, 'secp256k1')
keychain = Keychain([[coin_bitcoin.curve_name]], [root]) keychain = Keychain(seed, [[coin_bitcoin.curve_name]])
signer = signing.sign_tx(tx, keychain) signer = signing.sign_tx(tx, keychain)
for request, response in chunks(messages, 2): for request, response in chunks(messages, 2):
self.assertEqual(signer.send(request), response) self.assertEqual(signer.send(request), response)