slip39: Add RS1024 error locator function.

5 years ago · 84d3723ee9
parent 8a94aef1b0
commit 84d3723ee9
2 changed files with 38 additions and 0 deletions
--- a/core/src/trezor/crypto/slip39.py
+++ b/core/src/trezor/crypto/slip39.py
@ -135,6 +135,33 @@ def rs1024_verify_checksum(data):
    return _rs1024_polymod(tuple(_CUSTOMIZATION_STRING) + data) == 1


+def rs1024_error_index(data):
+    GEN = (
+        0x91F9F87,
+        0x122F1F07,
+        0x244E1E07,
+        0x81C1C07,
+        0x10281C0E,
+        0x20401C1C,
+        0x103838,
+        0x207070,
+        0x40E0E0,
+        0x81C1C0,
+    )
+    chk = _rs1024_polymod(tuple(_CUSTOMIZATION_STRING) + data) ^ 1
+    if chk == 0:
+        return None
+
+    for i in reversed(range(len(data))):
+        b = chk & 0x3FF
+        chk >>= 10
+        if chk == 0:
+            return i
+        for j in range(10):
+            chk ^= GEN[j] if ((b >> j) & 1) else 0
+    return None
+
+
 def xor(a, b):
    return bytes(x ^ y for x, y in zip(a, b))

--- a/core/tests/test_trezor.crypto.slip39.py
+++ b/core/tests/test_trezor.crypto.slip39.py
@ -114,6 +114,7 @@ class TestCryptoSlip39(unittest.TestCase):
            self.assertEqual(len(mnemonics), 5)
            self.assertEqual(len(sum(mnemonics, [])), 19)

+
    def test_invalid_sharing(self):
        # Short master secret.
        with self.assertRaises(ValueError):
@ -154,5 +155,15 @@ class TestCryptoSlip39(unittest.TestCase):
                    slip39.combine_mnemonics(mnemonics)


+    def test_error_location(self):
+        mnemonics = ["duckling enlarge academic academic agency result length solution fridge kidney coal piece deal husband erode duke ajar critical decision keyboard", "theory painting academic academic armed sweater year military elder discuss acne wildlife boring employer fused large satoshi bundle carbon diagnose anatomy hamster leaves tracks paces beyond phantom capital marvel lips brave detect luck"]
+        for mnemonic in mnemonics:
+            data = tuple(slip39.mnemonic_to_indices(mnemonic))
+            self.assertEqual(slip39.rs1024_error_index(data), None)
+            for i in range(len(data)):
+                error_data = data[:i] + (data[i]^1,) + data[i+1:]
+                self.assertEqual(slip39.rs1024_error_index(error_data), i)
+
+
 if __name__ == '__main__':
    unittest.main()