1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-22 22:38:08 +00:00

feat(core): Do not store identifier for SLIP-39 extendable shares.

This commit is contained in:
Andrew Kozlik 2024-05-23 18:19:11 +02:00 committed by Andrew Kozlik
parent 040c1f5f8c
commit d4953e4af3
5 changed files with 22 additions and 11 deletions

View File

@ -53,8 +53,8 @@ def get_seed(passphrase: str = "", progress_bar: bool = True) -> bytes:
identifier = storage_device.get_slip39_identifier()
extendable = backup_types.is_extendable_backup_type(get_type())
iteration_exponent = storage_device.get_slip39_iteration_exponent()
if identifier is None or iteration_exponent is None:
# Identifier or exponent expected but not found
if iteration_exponent is None:
# Exponent expected but not found
raise RuntimeError
seed = slip39.decrypt(
mnemonic_secret,

View File

@ -56,7 +56,8 @@ async def load_device(msg: LoadDevice) -> Success:
# this must succeed if the recover_ems call succeeded
share = slip39.decode_mnemonic(mnemonics[0])
backup_type = backup_types.infer_backup_type(is_slip39, share)
storage_device.set_slip39_identifier(identifier)
if not extendable:
storage_device.set_slip39_identifier(identifier)
storage_device.set_slip39_iteration_exponent(iteration_exponent)
storage_device.store_mnemonic_secret(

View File

@ -152,12 +152,17 @@ async def _finish_recovery(secret: bytes, backup_type: BackupType) -> Success:
secret, backup_type, needs_backup=False, no_backup=False
)
if backup_types.is_slip39_backup_type(backup_type):
identifier = storage_recovery.get_slip39_identifier()
if not backup_types.is_extendable_backup_type(backup_type):
identifier = storage_recovery.get_slip39_identifier()
if identifier is None:
# The identifier needs to be stored in storage at this point
raise RuntimeError
storage_device.set_slip39_identifier(identifier)
exponent = storage_recovery.get_slip39_iteration_exponent()
if identifier is None or exponent is None:
# Identifier and exponent need to be stored in storage at this point
if exponent is None:
# The iteration exponent needs to be stored in storage at this point
raise RuntimeError
storage_device.set_slip39_identifier(identifier)
storage_device.set_slip39_iteration_exponent(exponent)
storage_recovery.end_progress()

View File

@ -84,7 +84,6 @@ async def reset_device(msg: ResetDevice) -> Success:
secret = bip39.from_data(secret).encode()
elif backup_types.is_slip39_backup_type(backup_type):
# generate and set SLIP39 parameters
storage_device.set_slip39_identifier(slip39.generate_random_identifier())
storage_device.set_slip39_iteration_exponent(slip39.DEFAULT_ITERATION_EXPONENT)
else:
# Unknown backup type.
@ -214,7 +213,11 @@ def _get_slip39_mnemonics(
groups: Sequence[tuple[int, int]],
extendable: bool,
):
identifier = storage_device.get_slip39_identifier()
if extendable:
identifier = slip39.generate_random_identifier()
else:
identifier = storage_device.get_slip39_identifier()
iteration_exponent = storage_device.get_slip39_iteration_exponent()
if identifier is None or iteration_exponent is None:
raise ValueError

View File

@ -156,7 +156,7 @@ def decrypt(
encrypted_master_secret: bytes,
passphrase: bytes,
iteration_exponent: int,
identifier: int,
identifier: int | None,
extendable: bool,
progress_callback: Callable[[int, int], None] | None = None,
) -> bytes:
@ -440,10 +440,12 @@ def _round_function(i: int, passphrase: bytes, e: int, salt: bytes, r: bytes) ->
).key()[: len(r)]
def _get_salt(identifier: int, extendable: bool) -> bytes:
def _get_salt(identifier: int | None, extendable: bool) -> bytes:
if extendable:
return bytes()
else:
if identifier is None:
raise RuntimeError
return _CUSTOMIZATION_STRING_ORIG + identifier.to_bytes(
_bits_to_bytes(_ID_LENGTH_BITS), "big"
)