1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-01-10 23:40:58 +00:00

feat(core): Do not store identifier for SLIP-39 extendable shares.

This commit is contained in:
Andrew Kozlik 2024-05-23 18:19:11 +02:00 committed by Andrew Kozlik
parent 040c1f5f8c
commit d4953e4af3
5 changed files with 22 additions and 11 deletions

View File

@ -53,8 +53,8 @@ def get_seed(passphrase: str = "", progress_bar: bool = True) -> bytes:
identifier = storage_device.get_slip39_identifier() identifier = storage_device.get_slip39_identifier()
extendable = backup_types.is_extendable_backup_type(get_type()) extendable = backup_types.is_extendable_backup_type(get_type())
iteration_exponent = storage_device.get_slip39_iteration_exponent() iteration_exponent = storage_device.get_slip39_iteration_exponent()
if identifier is None or iteration_exponent is None: if iteration_exponent is None:
# Identifier or exponent expected but not found # Exponent expected but not found
raise RuntimeError raise RuntimeError
seed = slip39.decrypt( seed = slip39.decrypt(
mnemonic_secret, mnemonic_secret,

View File

@ -56,6 +56,7 @@ async def load_device(msg: LoadDevice) -> Success:
# this must succeed if the recover_ems call succeeded # this must succeed if the recover_ems call succeeded
share = slip39.decode_mnemonic(mnemonics[0]) share = slip39.decode_mnemonic(mnemonics[0])
backup_type = backup_types.infer_backup_type(is_slip39, share) backup_type = backup_types.infer_backup_type(is_slip39, share)
if not extendable:
storage_device.set_slip39_identifier(identifier) storage_device.set_slip39_identifier(identifier)
storage_device.set_slip39_iteration_exponent(iteration_exponent) storage_device.set_slip39_iteration_exponent(iteration_exponent)

View File

@ -152,12 +152,17 @@ async def _finish_recovery(secret: bytes, backup_type: BackupType) -> Success:
secret, backup_type, needs_backup=False, no_backup=False secret, backup_type, needs_backup=False, no_backup=False
) )
if backup_types.is_slip39_backup_type(backup_type): if backup_types.is_slip39_backup_type(backup_type):
if not backup_types.is_extendable_backup_type(backup_type):
identifier = storage_recovery.get_slip39_identifier() identifier = storage_recovery.get_slip39_identifier()
exponent = storage_recovery.get_slip39_iteration_exponent() if identifier is None:
if identifier is None or exponent is None: # The identifier needs to be stored in storage at this point
# Identifier and exponent need to be stored in storage at this point
raise RuntimeError raise RuntimeError
storage_device.set_slip39_identifier(identifier) storage_device.set_slip39_identifier(identifier)
exponent = storage_recovery.get_slip39_iteration_exponent()
if exponent is None:
# The iteration exponent needs to be stored in storage at this point
raise RuntimeError
storage_device.set_slip39_iteration_exponent(exponent) storage_device.set_slip39_iteration_exponent(exponent)
storage_recovery.end_progress() storage_recovery.end_progress()

View File

@ -84,7 +84,6 @@ async def reset_device(msg: ResetDevice) -> Success:
secret = bip39.from_data(secret).encode() secret = bip39.from_data(secret).encode()
elif backup_types.is_slip39_backup_type(backup_type): elif backup_types.is_slip39_backup_type(backup_type):
# generate and set SLIP39 parameters # generate and set SLIP39 parameters
storage_device.set_slip39_identifier(slip39.generate_random_identifier())
storage_device.set_slip39_iteration_exponent(slip39.DEFAULT_ITERATION_EXPONENT) storage_device.set_slip39_iteration_exponent(slip39.DEFAULT_ITERATION_EXPONENT)
else: else:
# Unknown backup type. # Unknown backup type.
@ -214,7 +213,11 @@ def _get_slip39_mnemonics(
groups: Sequence[tuple[int, int]], groups: Sequence[tuple[int, int]],
extendable: bool, extendable: bool,
): ):
if extendable:
identifier = slip39.generate_random_identifier()
else:
identifier = storage_device.get_slip39_identifier() identifier = storage_device.get_slip39_identifier()
iteration_exponent = storage_device.get_slip39_iteration_exponent() iteration_exponent = storage_device.get_slip39_iteration_exponent()
if identifier is None or iteration_exponent is None: if identifier is None or iteration_exponent is None:
raise ValueError raise ValueError

View File

@ -156,7 +156,7 @@ def decrypt(
encrypted_master_secret: bytes, encrypted_master_secret: bytes,
passphrase: bytes, passphrase: bytes,
iteration_exponent: int, iteration_exponent: int,
identifier: int, identifier: int | None,
extendable: bool, extendable: bool,
progress_callback: Callable[[int, int], None] | None = None, progress_callback: Callable[[int, int], None] | None = None,
) -> bytes: ) -> bytes:
@ -440,10 +440,12 @@ def _round_function(i: int, passphrase: bytes, e: int, salt: bytes, r: bytes) ->
).key()[: len(r)] ).key()[: len(r)]
def _get_salt(identifier: int, extendable: bool) -> bytes: def _get_salt(identifier: int | None, extendable: bool) -> bytes:
if extendable: if extendable:
return bytes() return bytes()
else: else:
if identifier is None:
raise RuntimeError
return _CUSTOMIZATION_STRING_ORIG + identifier.to_bytes( return _CUSTOMIZATION_STRING_ORIG + identifier.to_bytes(
_bits_to_bytes(_ID_LENGTH_BITS), "big" _bits_to_bytes(_ID_LENGTH_BITS), "big"
) )