mirror of
https://github.com/trezor/trezor-firmware.git
synced 2025-01-10 23:40:58 +00:00
feat(core): Do not store identifier for SLIP-39 extendable shares.
This commit is contained in:
parent
040c1f5f8c
commit
d4953e4af3
@ -53,8 +53,8 @@ def get_seed(passphrase: str = "", progress_bar: bool = True) -> bytes:
|
|||||||
identifier = storage_device.get_slip39_identifier()
|
identifier = storage_device.get_slip39_identifier()
|
||||||
extendable = backup_types.is_extendable_backup_type(get_type())
|
extendable = backup_types.is_extendable_backup_type(get_type())
|
||||||
iteration_exponent = storage_device.get_slip39_iteration_exponent()
|
iteration_exponent = storage_device.get_slip39_iteration_exponent()
|
||||||
if identifier is None or iteration_exponent is None:
|
if iteration_exponent is None:
|
||||||
# Identifier or exponent expected but not found
|
# Exponent expected but not found
|
||||||
raise RuntimeError
|
raise RuntimeError
|
||||||
seed = slip39.decrypt(
|
seed = slip39.decrypt(
|
||||||
mnemonic_secret,
|
mnemonic_secret,
|
||||||
|
@ -56,6 +56,7 @@ async def load_device(msg: LoadDevice) -> Success:
|
|||||||
# this must succeed if the recover_ems call succeeded
|
# this must succeed if the recover_ems call succeeded
|
||||||
share = slip39.decode_mnemonic(mnemonics[0])
|
share = slip39.decode_mnemonic(mnemonics[0])
|
||||||
backup_type = backup_types.infer_backup_type(is_slip39, share)
|
backup_type = backup_types.infer_backup_type(is_slip39, share)
|
||||||
|
if not extendable:
|
||||||
storage_device.set_slip39_identifier(identifier)
|
storage_device.set_slip39_identifier(identifier)
|
||||||
storage_device.set_slip39_iteration_exponent(iteration_exponent)
|
storage_device.set_slip39_iteration_exponent(iteration_exponent)
|
||||||
|
|
||||||
|
@ -152,12 +152,17 @@ async def _finish_recovery(secret: bytes, backup_type: BackupType) -> Success:
|
|||||||
secret, backup_type, needs_backup=False, no_backup=False
|
secret, backup_type, needs_backup=False, no_backup=False
|
||||||
)
|
)
|
||||||
if backup_types.is_slip39_backup_type(backup_type):
|
if backup_types.is_slip39_backup_type(backup_type):
|
||||||
|
if not backup_types.is_extendable_backup_type(backup_type):
|
||||||
identifier = storage_recovery.get_slip39_identifier()
|
identifier = storage_recovery.get_slip39_identifier()
|
||||||
exponent = storage_recovery.get_slip39_iteration_exponent()
|
if identifier is None:
|
||||||
if identifier is None or exponent is None:
|
# The identifier needs to be stored in storage at this point
|
||||||
# Identifier and exponent need to be stored in storage at this point
|
|
||||||
raise RuntimeError
|
raise RuntimeError
|
||||||
storage_device.set_slip39_identifier(identifier)
|
storage_device.set_slip39_identifier(identifier)
|
||||||
|
|
||||||
|
exponent = storage_recovery.get_slip39_iteration_exponent()
|
||||||
|
if exponent is None:
|
||||||
|
# The iteration exponent needs to be stored in storage at this point
|
||||||
|
raise RuntimeError
|
||||||
storage_device.set_slip39_iteration_exponent(exponent)
|
storage_device.set_slip39_iteration_exponent(exponent)
|
||||||
|
|
||||||
storage_recovery.end_progress()
|
storage_recovery.end_progress()
|
||||||
|
@ -84,7 +84,6 @@ async def reset_device(msg: ResetDevice) -> Success:
|
|||||||
secret = bip39.from_data(secret).encode()
|
secret = bip39.from_data(secret).encode()
|
||||||
elif backup_types.is_slip39_backup_type(backup_type):
|
elif backup_types.is_slip39_backup_type(backup_type):
|
||||||
# generate and set SLIP39 parameters
|
# generate and set SLIP39 parameters
|
||||||
storage_device.set_slip39_identifier(slip39.generate_random_identifier())
|
|
||||||
storage_device.set_slip39_iteration_exponent(slip39.DEFAULT_ITERATION_EXPONENT)
|
storage_device.set_slip39_iteration_exponent(slip39.DEFAULT_ITERATION_EXPONENT)
|
||||||
else:
|
else:
|
||||||
# Unknown backup type.
|
# Unknown backup type.
|
||||||
@ -214,7 +213,11 @@ def _get_slip39_mnemonics(
|
|||||||
groups: Sequence[tuple[int, int]],
|
groups: Sequence[tuple[int, int]],
|
||||||
extendable: bool,
|
extendable: bool,
|
||||||
):
|
):
|
||||||
|
if extendable:
|
||||||
|
identifier = slip39.generate_random_identifier()
|
||||||
|
else:
|
||||||
identifier = storage_device.get_slip39_identifier()
|
identifier = storage_device.get_slip39_identifier()
|
||||||
|
|
||||||
iteration_exponent = storage_device.get_slip39_iteration_exponent()
|
iteration_exponent = storage_device.get_slip39_iteration_exponent()
|
||||||
if identifier is None or iteration_exponent is None:
|
if identifier is None or iteration_exponent is None:
|
||||||
raise ValueError
|
raise ValueError
|
||||||
|
@ -156,7 +156,7 @@ def decrypt(
|
|||||||
encrypted_master_secret: bytes,
|
encrypted_master_secret: bytes,
|
||||||
passphrase: bytes,
|
passphrase: bytes,
|
||||||
iteration_exponent: int,
|
iteration_exponent: int,
|
||||||
identifier: int,
|
identifier: int | None,
|
||||||
extendable: bool,
|
extendable: bool,
|
||||||
progress_callback: Callable[[int, int], None] | None = None,
|
progress_callback: Callable[[int, int], None] | None = None,
|
||||||
) -> bytes:
|
) -> bytes:
|
||||||
@ -440,10 +440,12 @@ def _round_function(i: int, passphrase: bytes, e: int, salt: bytes, r: bytes) ->
|
|||||||
).key()[: len(r)]
|
).key()[: len(r)]
|
||||||
|
|
||||||
|
|
||||||
def _get_salt(identifier: int, extendable: bool) -> bytes:
|
def _get_salt(identifier: int | None, extendable: bool) -> bytes:
|
||||||
if extendable:
|
if extendable:
|
||||||
return bytes()
|
return bytes()
|
||||||
else:
|
else:
|
||||||
|
if identifier is None:
|
||||||
|
raise RuntimeError
|
||||||
return _CUSTOMIZATION_STRING_ORIG + identifier.to_bytes(
|
return _CUSTOMIZATION_STRING_ORIG + identifier.to_bytes(
|
||||||
_bits_to_bytes(_ID_LENGTH_BITS), "big"
|
_bits_to_bytes(_ID_LENGTH_BITS), "big"
|
||||||
)
|
)
|
||||||
|
Loading…
Reference in New Issue
Block a user