async def reset_device(ctx, msg):
if __debug__:
global internal_entropy
# validate parameters and device state
if msg.strength not in (128, 192, 256):
raise wire.FailureError(
FailureType.ProcessError,
'Invalid strength (has to be 128, 192 or 256 bits)')
if storage.is_initialized():
raise wire.FailureError(
FailureType.UnexpectedMessage,
'Already initialized')
if msg.pin_protection:
# request new PIN
newpin = await request_pin_confirm(ctx)
else:
# new PIN is empty
newpin = ''
# generate and display internal entropy
internal_entropy = random.bytes(32)
if msg.display_random:
await show_entropy(ctx, internal_entropy)
# request external entropy and compute mnemonic
ack = await ctx.call(EntropyRequest(), wire_types.EntropyAck)
mnemonic = generate_mnemonic(
msg.strength, internal_entropy, ack.entropy)
if msg.skip_backup:
# let user backup the mnemonic later
pass
else:
# warn user about mnemonic safety
await show_warning(ctx)
while True:
# show mnemonic and require confirmation of a random word
await show_mnemonic(ctx, mnemonic)
if await check_mnemonic(ctx, mnemonic):
break
await show_wrong_entry(ctx)
# write PIN into storage
if not config.change_pin(pin_to_int(''), pin_to_int(newpin), None):
raise wire.FailureError(
FailureType.ProcessError, 'Could not change PIN')
# write settings and mnemonic into storage
storage.load_settings(
label=msg.label, use_passphrase=msg.passphrase_protection)
storage.load_mnemonic(
mnemonic=mnemonic, needs_backup=msg.skip_backup)
# show success message
if not msg.skip_backup:
await show_success(ctx)
return Success(message='Initialized')
async def reset_device(ctx, msg):
# validate parameters and device state
if msg.strength not in (128, 192, 256):
raise wire.ProcessError(
"Invalid strength (has to be 128, 192 or 256 bits)")
if msg.display_random and (msg.skip_backup or msg.no_backup):
raise wire.ProcessError(
"Can't show internal entropy when backup is skipped")
if storage.is_initialized():
raise wire.UnexpectedMessage("Already initialized")
# request new PIN
if msg.pin_protection:
newpin = await request_pin_confirm(ctx)
else:
newpin = ""
# generate and display internal entropy
internal_ent = random.bytes(32)
if __debug__:
debug.reset_internal_entropy = internal_ent
if msg.display_random:
await show_entropy(ctx, internal_ent)
# request external entropy and compute mnemonic
ent_ack = await ctx.call(EntropyRequest(), MessageType.EntropyAck)
mnemonic = generate_mnemonic(msg.strength, internal_ent, ent_ack.entropy)
if not msg.skip_backup and not msg.no_backup:
# require confirmation of the mnemonic safety
await show_warning(ctx)
# show mnemonic and require confirmation of a random word
while True:
await show_mnemonic(ctx, mnemonic)
if await check_mnemonic(ctx, mnemonic):
break
await show_wrong_entry(ctx)
# write PIN into storage
if not config.change_pin(pin_to_int(""), pin_to_int(newpin), None):
raise wire.ProcessError("Could not change PIN")
# write settings and mnemonic into storage
storage.load_settings(label=msg.label,
use_passphrase=msg.passphrase_protection)
storage.load_mnemonic(mnemonic=mnemonic,
needs_backup=msg.skip_backup,
no_backup=msg.no_backup)
# show success message. if we skipped backup, it's possible that homescreen
# is still running, uninterrupted. restart it to pick up new label.
if not msg.skip_backup and not msg.no_backup:
await show_success(ctx)
else:
workflow.restartdefault()
return Success(message="Initialized")
async def layout_reset_device(session_id, msg):
from trezor.ui.text import Text
from trezor.crypto import hashlib, random, bip39
from trezor.messages.EntropyRequest import EntropyRequest
from trezor.messages.Success import Success
from trezor.messages import FailureType
from trezor.messages import ButtonRequestType
from trezor.messages.wire_types import EntropyAck
from apps.common.request_pin import request_pin_twice
from apps.common.confirm import require_confirm
from apps.common import storage
if __debug__:
global internal_entropy
if msg.strength not in (128, 192, 256):
raise wire.FailureError(
FailureType.Other,
'Invalid strength (has to be 128, 192 or 256 bits)')
if storage.is_initialized():
raise wire.FailureError(FailureType.UnexpectedMessage,
'Already initialized')
internal_entropy = random.bytes(32)
if msg.display_random:
entropy_lines = chunks(ubinascii.hexlify(internal_entropy), 16)
entropy_content = Text('Internal entropy', ui.ICON_RESET,
*entropy_lines)
await require_confirm(session_id, entropy_content,
ButtonRequestType.ResetDevice)
if msg.pin_protection:
pin = await request_pin_twice(session_id)
else:
pin = None
external_entropy_ack = await wire.call(session_id, EntropyRequest(),
EntropyAck)
ctx = hashlib.sha256()
ctx.update(internal_entropy)
ctx.update(external_entropy_ack.entropy)
entropy = ctx.digest()
mnemonic = bip39.from_data(entropy[:msg.strength // 8])
await show_mnemonic_by_word(session_id, mnemonic)
storage.load_mnemonic(mnemonic)
storage.load_settings(pin=pin,
passphrase_protection=msg.passphrase_protection,
language=msg.language,
label=msg.label)
return Success(message='Initialized')
async def reset_device(ctx: wire.Context, msg: ResetDevice) -> Success:
# validate parameters and device state
_validate_reset_device(msg)
# make sure user knows they're setting up a new wallet
if msg.backup_type == BackupType.Slip39_Basic:
prompt = "Create a new wallet\nwith Shamir Backup?"
elif msg.backup_type == BackupType.Slip39_Advanced:
prompt = "Create a new wallet\nwith Super Shamir?"
else:
prompt = "Do you want to create\na new wallet?"
await confirm_reset_device(ctx, prompt)
await LoadingAnimation()
# wipe storage to make sure the device is in a clear state
storage.reset()
# request and set new PIN
if msg.pin_protection:
newpin = await request_pin_confirm(ctx)
if not config.change_pin("", newpin, None, None):
raise wire.ProcessError("Failed to set PIN")
# generate and display internal entropy
int_entropy = random.bytes(32)
if __debug__:
debug.reset_internal_entropy = int_entropy
if msg.display_random:
await layout.show_internal_entropy(ctx, int_entropy)
# request external entropy and compute the master secret
entropy_ack = await ctx.call(EntropyRequest(), EntropyAck)
ext_entropy = entropy_ack.entropy
# For SLIP-39 this is the Encrypted Master Secret
secret = _compute_secret_from_entropy(int_entropy, ext_entropy, msg.strength)
# Check backup type, perform type-specific handling
if msg.backup_type == BackupType.Bip39:
# in BIP-39 we store mnemonic string instead of the secret
secret = bip39.from_data(secret).encode()
elif msg.backup_type in (BackupType.Slip39_Basic, BackupType.Slip39_Advanced):
# generate and set SLIP39 parameters
storage.device.set_slip39_identifier(slip39.generate_random_identifier())
storage.device.set_slip39_iteration_exponent(slip39.DEFAULT_ITERATION_EXPONENT)
else:
# Unknown backup type.
raise RuntimeError
# If either of skip_backup or no_backup is specified, we are not doing backup now.
# Otherwise, we try to do it.
perform_backup = not msg.no_backup and not msg.skip_backup
# If doing backup, ask the user to confirm.
if perform_backup:
perform_backup = await confirm_backup(ctx)
# generate and display backup information for the master secret
if perform_backup:
await backup_seed(ctx, msg.backup_type, secret)
# write settings and master secret into storage
if msg.label is not None:
storage.device.set_label(msg.label)
storage.device.set_passphrase_enabled(bool(msg.passphrase_protection))
storage.device.store_mnemonic_secret(
secret, # for SLIP-39, this is the EMS
msg.backup_type,
needs_backup=not perform_backup,
no_backup=msg.no_backup,
)
# if we backed up the wallet, show success message
if perform_backup:
await layout.show_backup_success(ctx)
return Success(message="Initialized")
async def reset_device(ctx: wire.Context, msg: ResetDevice) -> Success:
# validate parameters and device state
_validate_reset_device(msg)
is_slip39_simple = msg.backup_type == ResetDeviceBackupType.Slip39_Single_Group
# make sure user knows he's setting up a new wallet
await _show_reset_device_warning(ctx, is_slip39_simple)
# request new PIN
if msg.pin_protection:
newpin = await request_pin_confirm(ctx)
else:
newpin = ""
# generate and display internal entropy
int_entropy = random.bytes(32)
if __debug__:
debug.reset_internal_entropy = int_entropy
if msg.display_random:
await layout.show_internal_entropy(ctx, int_entropy)
# request external entropy and compute the master secret
entropy_ack = await ctx.call(EntropyRequest(), EntropyAck)
ext_entropy = entropy_ack.entropy
# For SLIP-39 this is the Encrypted Master Secret
secret = _compute_secret_from_entropy(int_entropy, ext_entropy,
msg.strength)
if is_slip39_simple:
storage.device.set_slip39_identifier(
slip39.generate_random_identifier())
storage.device.set_slip39_iteration_exponent(
slip39.DEFAULT_ITERATION_EXPONENT)
# should we back up the wallet now?
if not msg.no_backup and not msg.skip_backup:
if not await layout.confirm_backup(ctx):
if not await layout.confirm_backup_again(ctx):
msg.skip_backup = True
# generate and display backup information for the master secret
if not msg.no_backup and not msg.skip_backup:
if is_slip39_simple:
await backup_slip39_wallet(ctx, secret)
else:
await backup_bip39_wallet(ctx, secret)
# write PIN into storage
if not config.change_pin(pin_to_int(""), pin_to_int(newpin)):
raise wire.ProcessError("Could not change PIN")
# write settings and master secret into storage
storage.device.load_settings(label=msg.label,
use_passphrase=msg.passphrase_protection)
if is_slip39_simple:
storage.device.store_mnemonic_secret(
secret, # this is the EMS in SLIP-39 terminology
mnemonic.TYPE_SLIP39,
needs_backup=msg.skip_backup,
no_backup=msg.no_backup,
)
else:
# in BIP-39 we store mnemonic string instead of the secret
storage.device.store_mnemonic_secret(
bip39.from_data(secret).encode(),
mnemonic.TYPE_BIP39,
needs_backup=msg.skip_backup,
no_backup=msg.no_backup,
)
# if we backed up the wallet, show success message
if not msg.no_backup and not msg.skip_backup:
await layout.show_backup_success(ctx)
return Success(message="Initialized")
async def reset_device(ctx, msg):
# validate parameters and device state
if msg.strength not in (128, 192, 256):
raise wire.ProcessError(
"Invalid strength (has to be 128, 192 or 256 bits)")
if msg.display_random and (msg.skip_backup or msg.no_backup):
raise wire.ProcessError(
"Can't show internal entropy when backup is skipped")
if storage.is_initialized():
raise wire.UnexpectedMessage("Already initialized")
text = Text("Create a new wallet", ui.ICON_RESET, new_lines=False)
text.normal("Do you really want to")
text.br()
text.normal("create a new wallet?")
text.br()
text.br_half()
text.normal("By continuing you agree")
text.br()
text.normal("to")
text.bold("https://trezor.io/tos")
await require_confirm(ctx, text, code=ButtonRequestType.ResetDevice)
# request new PIN
if msg.pin_protection:
newpin = await request_pin_confirm(ctx)
else:
newpin = ""
# generate and display internal entropy
internal_ent = random.bytes(32)
if __debug__:
debug.reset_internal_entropy = internal_ent
if msg.display_random:
await show_entropy(ctx, internal_ent)
# request external entropy and compute mnemonic
ent_ack = await ctx.call(EntropyRequest(), MessageType.EntropyAck)
words = generate_mnemonic(msg.strength, internal_ent, ent_ack.entropy)
if not msg.skip_backup and not msg.no_backup:
# require confirmation of the mnemonic safety
await show_warning(ctx)
# show mnemonic and require confirmation of a random word
while True:
await show_mnemonic(ctx, words)
if await check_mnemonic(ctx, words):
break
await show_wrong_entry(ctx)
# write PIN into storage
if newpin:
if not config.change_pin(pin_to_int(""), pin_to_int(newpin)):
raise wire.ProcessError("Could not change PIN")
secret = mnemonic.process([words], mnemonic.TYPE_BIP39)
# write settings and mnemonic into storage
storage.load_settings(label=msg.label,
use_passphrase=msg.passphrase_protection)
storage.store_mnemonic(
secret=secret,
mnemonic_type=mnemonic.TYPE_BIP39,
needs_backup=msg.skip_backup,
no_backup=msg.no_backup,
)
# show success message. if we skipped backup, it's possible that homescreen
# is still running, uninterrupted. restart it to pick up new label.
if not msg.skip_backup and not msg.no_backup:
await show_success(ctx)
else:
workflow.restartdefault()
return Success(message="Initialized")
async def reset_device(ctx, msg):
from trezor.ui.text import Text
from trezor.crypto import hashlib, random, bip39
from trezor.ui.keyboard import MnemonicKeyboard
from trezor.messages.EntropyRequest import EntropyRequest
from trezor.messages.Success import Success
from trezor.messages import FailureType
from trezor.messages import ButtonRequestType
from trezor.messages.wire_types import EntropyAck
from apps.management.change_pin import request_pin_confirm
from apps.common.confirm import require_confirm
from apps.common import storage
if __debug__:
global internal_entropy
if msg.strength not in (128, 192, 256):
raise wire.FailureError(
FailureType.ProcessError,
'Invalid strength (has to be 128, 192 or 256 bits)')
if storage.is_initialized():
raise wire.FailureError(FailureType.UnexpectedMessage,
'Already initialized')
internal_entropy = random.bytes(32)
# display internal entropy
if msg.display_random:
entropy_lines = chunks(hexlify(internal_entropy).decode(), 16)
entropy_content = Text('Internal entropy', ui.ICON_RESET, ui.MONO,
*entropy_lines)
await require_confirm(ctx, entropy_content,
ButtonRequestType.ResetDevice)
# request new PIN
if msg.pin_protection:
curpin = ''
newpin = await request_pin_confirm(ctx)
else:
curpin = ''
newpin = ''
# request external entropy and compute mnemonic
external_entropy_ack = await ctx.call(EntropyRequest(), EntropyAck)
ehash = hashlib.sha256()
ehash.update(internal_entropy)
ehash.update(external_entropy_ack.entropy)
entropy = ehash.digest()
mnemonic = bip39.from_data(entropy[:msg.strength // 8])
# mnemonic safety warning
warning_content = Text('Backup your seed', ui.ICON_NOCOPY, ui.NORMAL,
'Never make a digital', 'copy of your recovery',
'seed and never upload', 'it online!')
await require_confirm(ctx,
warning_content,
ButtonRequestType.ResetDevice,
confirm='I understand',
cancel=None)
# ask to write down mnemonic
await show_mnemonic(mnemonic)
# ask for random word to check correctness
words = mnemonic.split()
index = random.uniform(len(words))
res = await MnemonicKeyboard('Type %s. word' % (index + 1))
if res != words[index]:
content = Text('Wrong entry!',
ui.ICON_CLEAR,
'You have entered',
'wrong seed word.',
'Please, reconnect',
'the device and try again.',
icon_color=ui.RED)
ui.display.clear()
await content
raise wire.FailureError(FailureType.DataError, 'Wrong entry')
# write into storage
if curpin != newpin:
config.change_pin(curpin, newpin)
storage.load_settings(label=msg.label,
use_passphrase=msg.passphrase_protection)
storage.load_mnemonic(mnemonic)
# show success message
content = Text('Backup is done!',
ui.ICON_CONFIRM,
'Never make a digital',
'copy of your recovery',
'seed and never upload',
'it online!',
icon_color=ui.GREEN)
await require_confirm(ctx,
content,
ButtonRequestType.ResetDevice,
confirm='Finish setup',
cancel=None)
return Success(message='Initialized')
async def reset_device(ctx, msg):
# validate parameters and device state
_validate_reset_device(msg)
# make sure user knows he's setting up a new wallet
await layout.show_reset_device_warning(ctx, msg.slip39)
# request new PIN
if msg.pin_protection:
newpin = await request_pin_confirm(ctx)
else:
newpin = ""
# generate and display internal entropy
int_entropy = random.bytes(32)
if __debug__:
debug.reset_internal_entropy = int_entropy
if msg.display_random:
await layout.show_internal_entropy(ctx, int_entropy)
# request external entropy and compute the master secret
entropy_ack = await ctx.call(EntropyRequest(), MessageType.EntropyAck)
ext_entropy = entropy_ack.entropy
secret = _compute_secret_from_entropy(int_entropy, ext_entropy, msg.strength)
# should we back up the wallet now?
if not msg.no_backup and not msg.skip_backup:
if not await layout.confirm_backup(ctx):
if not await layout.confirm_backup_again(ctx):
msg.skip_backup = True
# generate and display backup information for the master secret
if not msg.no_backup and not msg.skip_backup:
if msg.slip39:
await backup_slip39_wallet(ctx, secret)
else:
await backup_bip39_wallet(ctx, secret)
# write PIN into storage
if not config.change_pin(pin_to_int(""), pin_to_int(newpin)):
raise wire.ProcessError("Could not change PIN")
# write settings and master secret into storage
storage.load_settings(label=msg.label, use_passphrase=msg.passphrase_protection)
if msg.slip39:
mnemonic.slip39.store(
secret=secret, needs_backup=msg.skip_backup, no_backup=msg.no_backup
)
else:
# in BIP-39 we store mnemonic string instead of the secret
mnemonic.bip39.store(
secret=bip39.from_data(secret).encode(),
needs_backup=msg.skip_backup,
no_backup=msg.no_backup,
)
# if we backed up the wallet, show success message
if not msg.no_backup and not msg.skip_backup:
await layout.show_backup_success(ctx)
return Success(message="Initialized")
async def reset_device(ctx, msg):
# validate parameters and device state
if msg.strength not in (128, 192, 256):
raise wire.ProcessError(
"Invalid strength (has to be 128, 192 or 256 bits)")
if msg.display_random and (msg.skip_backup or msg.no_backup):
raise wire.ProcessError(
"Can't show internal entropy when backup is skipped")
if storage.is_initialized():
raise wire.UnexpectedMessage("Already initialized")
# make sure use knows he's setting up a new wallet
await show_reset_warning(ctx)
# request new PIN
if msg.pin_protection:
newpin = await request_pin_confirm(ctx)
else:
newpin = ""
# generate and display internal entropy
internal_ent = random.bytes(32)
if __debug__:
debug.reset_internal_entropy = internal_ent
if msg.display_random:
await show_entropy(ctx, internal_ent)
# request external entropy and compute mnemonic
ent_ack = await ctx.call(EntropyRequest(), MessageType.EntropyAck)
words = generate_mnemonic(msg.strength, internal_ent, ent_ack.entropy)
if not msg.skip_backup and not msg.no_backup:
# require confirmation of the mnemonic safety
await show_backup_warning(ctx)
# show mnemonic and require confirmation of a random word
while True:
await show_mnemonic(ctx, words)
if await check_mnemonic(ctx, words):
break
await show_wrong_entry(ctx)
# write PIN into storage
if newpin:
if not config.change_pin(pin_to_int(""), pin_to_int(newpin)):
raise wire.ProcessError("Could not change PIN")
secret = mnemonic.process([words], mnemonic.TYPE_BIP39)
# write settings and mnemonic into storage
storage.load_settings(label=msg.label,
use_passphrase=msg.passphrase_protection)
storage.store_mnemonic(
secret=secret,
mnemonic_type=mnemonic.TYPE_BIP39,
needs_backup=msg.skip_backup,
no_backup=msg.no_backup,
)
# show success message
if not msg.skip_backup and not msg.no_backup:
await show_success(ctx)
return Success(message="Initialized")
async def reset_device(ctx: wire.Context, msg: ResetDevice) -> Success:
# validate parameters and device state
_validate_reset_device(msg)
# make sure user knows they're setting up a new wallet
await layout.show_reset_device_warning(ctx, msg.backup_type)
# request new PIN
if msg.pin_protection:
newpin = await request_pin_confirm(ctx)
else:
newpin = ""
# generate and display internal entropy
int_entropy = random.bytes(32)
if __debug__:
debug.reset_internal_entropy = int_entropy
if msg.display_random:
await layout.show_internal_entropy(ctx, int_entropy)
# request external entropy and compute the master secret
entropy_ack = await ctx.call(EntropyRequest(), EntropyAck)
ext_entropy = entropy_ack.entropy
# For SLIP-39 this is the Encrypted Master Secret
secret = _compute_secret_from_entropy(int_entropy, ext_entropy,
msg.strength)
if msg.backup_type != BackupType.Bip39:
storage.device.set_slip39_identifier(
slip39.generate_random_identifier())
storage.device.set_slip39_iteration_exponent(
slip39.DEFAULT_ITERATION_EXPONENT)
# If either of skip_backup or no_backup is specified, we are not doing backup now.
# Otherwise, we try to do it.
perform_backup = not msg.no_backup and not msg.skip_backup
# If doing backup, ask the user to confirm.
if perform_backup:
perform_backup = await layout.confirm_backup(ctx)
# Check backup type, convert seed accordingly
if msg.backup_type == BackupType.Bip39:
# in BIP-39 we store mnemonic string instead of the secret
secret = bip39.from_data(secret).encode()
elif msg.backup_type not in (BackupType.Slip39_Basic,
BackupType.Slip39_Advanced):
# Unknown backup type.
# This check might seem superfluous, because we are checking
# in `_validate_reset_device` already, however, this is critical part,
# so just to make sure.
raise RuntimeError
# generate and display backup information for the master secret
if perform_backup:
await backup_seed(ctx, msg.backup_type, secret)
# write PIN into storage
if not config.change_pin(pin_to_int(""), pin_to_int(newpin), None, None):
raise wire.ProcessError("Could not change PIN")
# write settings and master secret into storage
storage.device.load_settings(label=msg.label,
use_passphrase=msg.passphrase_protection)
storage.device.store_mnemonic_secret(
secret, # for SLIP-39, this is the EMS
msg.backup_type,
needs_backup=not perform_backup,
no_backup=msg.no_backup,
)
# if we backed up the wallet, show success message
if perform_backup:
await layout.show_backup_success(ctx)
return Success(message="Initialized")