mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-12-26 16:18:22 +00:00
seed: use lazy seed derivation, wipe after the workflow ends
This commit is contained in:
parent
a0df8c74d5
commit
7730533dde
@ -13,14 +13,22 @@ class Keychain:
|
||||
key-spaces.
|
||||
"""
|
||||
|
||||
def __init__(self, paths: list, roots: list):
|
||||
self.paths = paths
|
||||
self.roots = roots
|
||||
def __init__(self, seed: bytes, namespaces: list):
|
||||
self.seed = seed
|
||||
self.namespaces = namespaces
|
||||
self.roots = [None] * len(namespaces)
|
||||
|
||||
def __del__(self):
|
||||
for root in self.roots:
|
||||
if root is not None:
|
||||
root.__del__()
|
||||
del self.roots
|
||||
del self.seed
|
||||
|
||||
def derive(self, node_path: list, curve_name: str = "secp256k1") -> bip32.HDNode:
|
||||
# find the root node
|
||||
# find the root node index
|
||||
root_index = 0
|
||||
for curve, *path in self.paths:
|
||||
for curve, *path in self.namespaces:
|
||||
prefix = node_path[: len(path)]
|
||||
suffix = node_path[len(path) :]
|
||||
if curve == curve_name and path == prefix:
|
||||
@ -28,13 +36,21 @@ class Keychain:
|
||||
root_index += 1
|
||||
else:
|
||||
raise wire.DataError("Forbidden key path")
|
||||
|
||||
# create the root node if not cached
|
||||
root = self.roots[root_index]
|
||||
if root is None:
|
||||
root = bip32.from_seed(self.seed, curve_name)
|
||||
root.derive_path(path)
|
||||
self.roots[root_index] = root
|
||||
|
||||
# derive child node from the root
|
||||
node = self.roots[root_index].clone()
|
||||
node = root.clone()
|
||||
node.derive_path(suffix)
|
||||
return node
|
||||
|
||||
|
||||
async def get_keychain(ctx: wire.Context, paths: list) -> Keychain:
|
||||
async def get_keychain(ctx: wire.Context, namespaces: list) -> Keychain:
|
||||
if not storage.is_initialized():
|
||||
raise wire.ProcessError("Device is not initialized")
|
||||
|
||||
@ -48,14 +64,7 @@ async def get_keychain(ctx: wire.Context, paths: list) -> Keychain:
|
||||
seed = bip39.seed(storage.get_mnemonic(), passphrase)
|
||||
cache.set_seed(seed)
|
||||
|
||||
# derive namespaced root nodes
|
||||
roots = []
|
||||
for curve, *path in paths:
|
||||
node = bip32.from_seed(seed, curve)
|
||||
node.derive_path(path)
|
||||
roots.append(node)
|
||||
|
||||
keychain = Keychain(paths, roots)
|
||||
keychain = Keychain(seed, namespaces)
|
||||
return keychain
|
||||
|
||||
|
||||
|
@ -184,7 +184,10 @@ async def protobuf_workflow(ctx, reader, handler, *args):
|
||||
async def keychain_workflow(ctx, req, namespace, handler, *args):
|
||||
keychain = await seed.get_keychain(ctx, namespace)
|
||||
args += (keychain,)
|
||||
return await handler(ctx, req, *args)
|
||||
try:
|
||||
return await handler(ctx, req, *args)
|
||||
finally:
|
||||
keychain.__del__()
|
||||
|
||||
|
||||
def import_workflow(ctx, req, pkgname, modname, *args):
|
||||
|
@ -1,7 +1,7 @@
|
||||
from common import *
|
||||
|
||||
from trezor.utils import chunks
|
||||
from trezor.crypto import bip32, bip39
|
||||
from trezor.crypto import bip39
|
||||
from trezor.messages.SignTx import SignTx
|
||||
from trezor.messages.TxInputType import TxInputType
|
||||
from trezor.messages.TxOutputType import TxOutputType
|
||||
@ -25,9 +25,7 @@ class TestSignSegwitTxNativeP2WPKH(unittest.TestCase):
|
||||
def test_send_native_p2wpkh(self):
|
||||
|
||||
coin = coins.by_name('Testnet')
|
||||
|
||||
seed = bip39.seed(' '.join(['all'] * 12), '')
|
||||
root = bip32.from_seed(seed, 'secp256k1')
|
||||
|
||||
inp1 = TxInputType(
|
||||
# 49'/1'/0'/0/0" - tb1qqzv60m9ajw8drqulta4ld4gfx0rdh82un5s65s
|
||||
@ -114,7 +112,7 @@ class TestSignSegwitTxNativeP2WPKH(unittest.TestCase):
|
||||
)),
|
||||
]
|
||||
|
||||
keychain = Keychain([[coin.curve_name]], [root])
|
||||
keychain = Keychain(seed, [[coin.curve_name]])
|
||||
signer = signing.sign_tx(tx, keychain)
|
||||
for request, response in chunks(messages, 2):
|
||||
self.assertEqual(signer.send(request), response)
|
||||
@ -124,9 +122,7 @@ class TestSignSegwitTxNativeP2WPKH(unittest.TestCase):
|
||||
def test_send_native_p2wpkh_change(self):
|
||||
|
||||
coin = coins.by_name('Testnet')
|
||||
|
||||
seed = bip39.seed(' '.join(['all'] * 12), '')
|
||||
root = bip32.from_seed(seed, 'secp256k1')
|
||||
|
||||
inp1 = TxInputType(
|
||||
# 49'/1'/0'/0/0" - tb1qqzv60m9ajw8drqulta4ld4gfx0rdh82un5s65s
|
||||
@ -211,7 +207,7 @@ class TestSignSegwitTxNativeP2WPKH(unittest.TestCase):
|
||||
)),
|
||||
]
|
||||
|
||||
keychain = Keychain([[coin.curve_name]], [root])
|
||||
keychain = Keychain(seed, [[coin.curve_name]])
|
||||
signer = signing.sign_tx(tx, keychain)
|
||||
for request, response in chunks(messages, 2):
|
||||
self.assertEqual(signer.send(request), response)
|
||||
|
@ -1,7 +1,7 @@
|
||||
from common import *
|
||||
|
||||
from trezor.utils import chunks
|
||||
from trezor.crypto import bip32, bip39
|
||||
from trezor.crypto import bip39
|
||||
from trezor.messages.SignTx import SignTx
|
||||
from trezor.messages.TxInputType import TxInputType
|
||||
from trezor.messages.TxOutputType import TxOutputType
|
||||
@ -25,9 +25,7 @@ class TestSignSegwitTxNativeP2WPKH_GRS(unittest.TestCase):
|
||||
def test_send_native_p2wpkh(self):
|
||||
|
||||
coin = coins.by_name('Groestlcoin Testnet')
|
||||
|
||||
seed = bip39.seed(' '.join(['all'] * 12), '')
|
||||
root = bip32.from_seed(seed, coin.curve_name)
|
||||
|
||||
inp1 = TxInputType(
|
||||
# 84'/1'/0'/0/0" - tgrs1qkvwu9g3k2pdxewfqr7syz89r3gj557l3ued7ja
|
||||
@ -111,7 +109,7 @@ class TestSignSegwitTxNativeP2WPKH_GRS(unittest.TestCase):
|
||||
)),
|
||||
]
|
||||
|
||||
keychain = Keychain([[coin.curve_name]], [root])
|
||||
keychain = Keychain(seed, [[coin.curve_name]])
|
||||
signer = signing.sign_tx(tx, keychain)
|
||||
for request, response in chunks(messages, 2):
|
||||
self.assertEqual(signer.send(request), response)
|
||||
@ -121,9 +119,7 @@ class TestSignSegwitTxNativeP2WPKH_GRS(unittest.TestCase):
|
||||
def test_send_native_p2wpkh_change(self):
|
||||
|
||||
coin = coins.by_name('Groestlcoin Testnet')
|
||||
|
||||
seed = bip39.seed(' '.join(['all'] * 12), '')
|
||||
root = bip32.from_seed(seed, coin.curve_name)
|
||||
|
||||
inp1 = TxInputType(
|
||||
# 84'/1'/0'/0/0" - tgrs1qkvwu9g3k2pdxewfqr7syz89r3gj557l3ued7ja
|
||||
@ -205,7 +201,7 @@ class TestSignSegwitTxNativeP2WPKH_GRS(unittest.TestCase):
|
||||
)),
|
||||
]
|
||||
|
||||
keychain = Keychain([[coin.curve_name]], [root])
|
||||
keychain = Keychain(seed, [[coin.curve_name]])
|
||||
signer = signing.sign_tx(tx, keychain)
|
||||
for request, response in chunks(messages, 2):
|
||||
self.assertEqual(signer.send(request), response)
|
||||
|
@ -1,7 +1,7 @@
|
||||
from common import *
|
||||
|
||||
from trezor.utils import chunks
|
||||
from trezor.crypto import bip32, bip39
|
||||
from trezor.crypto import bip39
|
||||
from trezor.messages.SignTx import SignTx
|
||||
from trezor.messages.TxInputType import TxInputType
|
||||
from trezor.messages.TxOutputType import TxOutputType
|
||||
@ -25,9 +25,7 @@ class TestSignSegwitTxP2WPKHInP2SH(unittest.TestCase):
|
||||
def test_send_p2wpkh_in_p2sh(self):
|
||||
|
||||
coin = coins.by_name('Testnet')
|
||||
|
||||
seed = bip39.seed(' '.join(['all'] * 12), '')
|
||||
root = bip32.from_seed(seed, 'secp256k1')
|
||||
|
||||
inp1 = TxInputType(
|
||||
# 49'/1'/0'/1/0" - 2N1LGaGg836mqSQqiuUBLfcyGBhyZbremDX
|
||||
@ -111,7 +109,7 @@ class TestSignSegwitTxP2WPKHInP2SH(unittest.TestCase):
|
||||
)),
|
||||
]
|
||||
|
||||
keychain = Keychain([[coin.curve_name]], [root])
|
||||
keychain = Keychain(seed, [[coin.curve_name]])
|
||||
signer = signing.sign_tx(tx, keychain)
|
||||
for request, response in chunks(messages, 2):
|
||||
self.assertEqual(signer.send(request), response)
|
||||
@ -121,9 +119,7 @@ class TestSignSegwitTxP2WPKHInP2SH(unittest.TestCase):
|
||||
def test_send_p2wpkh_in_p2sh_change(self):
|
||||
|
||||
coin = coins.by_name('Testnet')
|
||||
|
||||
seed = bip39.seed(' '.join(['all'] * 12), '')
|
||||
root = bip32.from_seed(seed, 'secp256k1')
|
||||
|
||||
inp1 = TxInputType(
|
||||
# 49'/1'/0'/1/0" - 2N1LGaGg836mqSQqiuUBLfcyGBhyZbremDX
|
||||
@ -215,7 +211,7 @@ class TestSignSegwitTxP2WPKHInP2SH(unittest.TestCase):
|
||||
)),
|
||||
]
|
||||
|
||||
keychain = Keychain([[coin.curve_name]], [root])
|
||||
keychain = Keychain(seed, [[coin.curve_name]])
|
||||
signer = signing.sign_tx(tx, keychain)
|
||||
for request, response in chunks(messages, 2):
|
||||
self.assertEqual(signer.send(request), response)
|
||||
@ -227,9 +223,7 @@ class TestSignSegwitTxP2WPKHInP2SH(unittest.TestCase):
|
||||
def test_send_p2wpkh_in_p2sh_attack_amount(self):
|
||||
|
||||
coin = coins.by_name('Testnet')
|
||||
|
||||
seed = bip39.seed(' '.join(['all'] * 12), '')
|
||||
root = bip32.from_seed(seed, 'secp256k1')
|
||||
|
||||
inp1 = TxInputType(
|
||||
# 49'/1'/0'/1/0" - 2N1LGaGg836mqSQqiuUBLfcyGBhyZbremDX
|
||||
@ -325,7 +319,7 @@ class TestSignSegwitTxP2WPKHInP2SH(unittest.TestCase):
|
||||
TxRequest(request_type=TXFINISHED, details=None)
|
||||
]
|
||||
|
||||
keychain = Keychain([[coin.curve_name]], [root])
|
||||
keychain = Keychain(seed, [[coin.curve_name]])
|
||||
signer = signing.sign_tx(tx, keychain)
|
||||
i = 0
|
||||
messages_count = int(len(messages) / 2)
|
||||
|
@ -1,7 +1,7 @@
|
||||
from common import *
|
||||
|
||||
from trezor.utils import chunks
|
||||
from trezor.crypto import bip32, bip39
|
||||
from trezor.crypto import bip39
|
||||
from trezor.messages.SignTx import SignTx
|
||||
from trezor.messages.TxInputType import TxInputType
|
||||
from trezor.messages.TxOutputType import TxOutputType
|
||||
@ -25,9 +25,7 @@ class TestSignSegwitTxP2WPKHInP2SH_GRS(unittest.TestCase):
|
||||
def test_send_p2wpkh_in_p2sh(self):
|
||||
|
||||
coin = coins.by_name('Groestlcoin Testnet')
|
||||
|
||||
seed = bip39.seed(' '.join(['all'] * 12), '')
|
||||
root = bip32.from_seed(seed, coin.curve_name)
|
||||
|
||||
inp1 = TxInputType(
|
||||
# 49'/1'/0'/1/0" - 2N1LGaGg836mqSQqiuUBLfcyGBhyZYBtBZ7
|
||||
@ -111,7 +109,7 @@ class TestSignSegwitTxP2WPKHInP2SH_GRS(unittest.TestCase):
|
||||
)),
|
||||
]
|
||||
|
||||
keychain = Keychain([[coin.curve_name]], [root])
|
||||
keychain = Keychain(seed, [[coin.curve_name]])
|
||||
signer = signing.sign_tx(tx, keychain)
|
||||
for request, response in chunks(messages, 2):
|
||||
self.assertEqual(signer.send(request), response)
|
||||
@ -121,9 +119,7 @@ class TestSignSegwitTxP2WPKHInP2SH_GRS(unittest.TestCase):
|
||||
def test_send_p2wpkh_in_p2sh_change(self):
|
||||
|
||||
coin = coins.by_name('Groestlcoin Testnet')
|
||||
|
||||
seed = bip39.seed(' '.join(['all'] * 12), '')
|
||||
root = bip32.from_seed(seed, coin.curve_name)
|
||||
|
||||
inp1 = TxInputType(
|
||||
# 49'/1'/0'/1/0" - 2N1LGaGg836mqSQqiuUBLfcyGBhyZYBtBZ7
|
||||
@ -214,7 +210,7 @@ class TestSignSegwitTxP2WPKHInP2SH_GRS(unittest.TestCase):
|
||||
)),
|
||||
]
|
||||
|
||||
keychain = Keychain([[coin.curve_name]], [root])
|
||||
keychain = Keychain(seed, [[coin.curve_name]])
|
||||
signer = signing.sign_tx(tx, keychain)
|
||||
for request, response in chunks(messages, 2):
|
||||
self.assertEqual(signer.send(request), response)
|
||||
|
@ -97,9 +97,7 @@ class TestSignTx(unittest.TestCase):
|
||||
]
|
||||
|
||||
seed = bip39.seed('alcohol woman abuse must during monitor noble actual mixed trade anger aisle', '')
|
||||
root = bip32.from_seed(seed, 'secp256k1')
|
||||
|
||||
keychain = Keychain([[coin_bitcoin.curve_name]], [root])
|
||||
keychain = Keychain(seed, [[coin_bitcoin.curve_name]])
|
||||
signer = signing.sign_tx(tx, keychain)
|
||||
|
||||
for request, response in chunks(messages, 2):
|
||||
|
@ -1,7 +1,7 @@
|
||||
from common import *
|
||||
|
||||
from trezor.utils import chunks
|
||||
from trezor.crypto import bip32, bip39
|
||||
from trezor.crypto import bip39
|
||||
from trezor.messages.SignTx import SignTx
|
||||
from trezor.messages.TxInputType import TxInputType
|
||||
from trezor.messages.TxOutputType import TxOutputType
|
||||
@ -86,9 +86,7 @@ class TestSignTx_GRS(unittest.TestCase):
|
||||
]
|
||||
|
||||
seed = bip39.seed(' '.join(['all'] * 12), '')
|
||||
root = bip32.from_seed(seed, coin.curve_name)
|
||||
|
||||
keychain = Keychain([[coin.curve_name]], [root])
|
||||
keychain = Keychain(seed, [[coin.curve_name]])
|
||||
signer = signing.sign_tx(tx, keychain)
|
||||
for request, response in chunks(messages, 2):
|
||||
self.assertEqual(signer.send(request), response)
|
||||
|
Loading…
Reference in New Issue
Block a user