async def _finish_recovery_dry_run(
ctx: wire.Context, secret: bytes, mnemonic_type: int
) -> Success:
digest_input = sha256(secret).digest()
stored = mnemonic.get_secret()
digest_stored = sha256(stored).digest()
result = utils.consteq(digest_stored, digest_input)
# Check that the identifier and iteration exponent match as well
if mnemonic_type == mnemonic.TYPE_SLIP39:
result &= (
storage.device.get_slip39_identifier()
== storage.recovery.get_slip39_identifier()
)
result &= (
storage.device.get_slip39_iteration_exponent()
== storage.recovery.get_slip39_iteration_exponent()
)
await layout.show_dry_run_result(ctx, result, mnemonic_type)
storage.recovery.end_progress()
if result:
return Success("The seed is valid and matches the one in the device")
else:
raise wire.ProcessError("The seed does not match the one in the device")
async def _finish_recovery_dry_run(ctx: wire.GenericContext, secret: bytes,
backup_type: BackupType) -> Success:
if backup_type is None:
raise RuntimeError
digest_input = sha256(secret).digest()
stored = mnemonic.get_secret()
digest_stored = sha256(stored).digest()
result = utils.consteq(digest_stored, digest_input)
is_slip39 = backup_types.is_slip39_backup_type(backup_type)
# Check that the identifier and iteration exponent match as well
if is_slip39:
result &= (storage.device.get_slip39_identifier() ==
storage.recovery.get_slip39_identifier())
result &= (storage.device.get_slip39_iteration_exponent() ==
storage.recovery.get_slip39_iteration_exponent())
storage.recovery.end_progress()
await layout.show_dry_run_result(ctx, result, is_slip39)
if result:
return Success(
message="The seed is valid and matches the one in the device")
else:
raise wire.ProcessError(
"The seed does not match the one in the device")
async def dispatch_DebugLinkGetState(
ctx: wire.Context,
msg: DebugLinkGetState) -> DebugLinkState | None:
from trezor.messages import DebugLinkState
from apps.common import mnemonic, passphrase
m = DebugLinkState()
m.mnemonic_secret = mnemonic.get_secret()
m.mnemonic_type = mnemonic.get_type()
m.passphrase_protection = passphrase.is_enabled()
m.reset_entropy = storage.reset_internal_entropy
if msg.wait_layout:
if not storage.watch_layout_changes:
raise wire.ProcessError("Layout is not watched")
storage.layout_watcher = LAYOUT_WATCHER_STATE
loop.schedule(return_layout_change())
return None
else:
m.layout_lines = storage.current_content
if msg.wait_word_pos:
m.reset_word_pos = await reset_word_index.take()
if msg.wait_word_list:
m.reset_word = " ".join(await reset_current_words.take())
return m
async def _get_keychain_bip39(ctx: wire.Context) -> Keychain:
if not device.is_initialized():
raise wire.NotInitialized("Device is not initialized")
# ask for passphrase, loading from cache if necessary
passphrase = await _get_passphrase(ctx)
# derive the root node from mnemonic and passphrase via Cardano Icarus algorithm
secret_bytes = mnemonic.get_secret()
assert secret_bytes is not None
root = bip32.from_mnemonic_cardano(secret_bytes.decode(), passphrase.decode())
return Keychain(root)
async def dispatch_DebugLinkGetState(
ctx: wire.Context, msg: DebugLinkGetState) -> DebugLinkState:
from trezor.messages.DebugLinkState import DebugLinkState
from apps.common import storage, mnemonic
m = DebugLinkState()
m.mnemonic_secret = mnemonic.get_secret()
m.mnemonic_type = mnemonic.get_type()
m.passphrase_protection = storage.device.has_passphrase()
m.reset_word_pos = reset_word_index
m.reset_entropy = reset_internal_entropy
if reset_current_words:
m.reset_word = " ".join(reset_current_words)
return m
async def get_keychain(ctx: wire.Context) -> Keychain:
if not device.is_initialized():
raise wire.NotInitialized("Device is not initialized")
passphrase = await get_passphrase(ctx)
if mnemonic.is_bip39():
# derive the root node from mnemonic and passphrase via Cardano Icarus algorithm
root = bip32.from_mnemonic_cardano(mnemonic.get_secret().decode(), passphrase)
else:
# derive the root node via SLIP-0023
seed = mnemonic.get_seed(passphrase)
root = bip32.from_seed(seed, "ed25519 cardano seed")
keychain = Keychain(root)
return keychain
async def get_keychain(ctx: wire.Context) -> Keychain:
if not device.is_initialized():
raise wire.NotInitialized("Device is not initialized")
if mnemonic.is_bip39():
passphrase = await get_passphrase(ctx)
# derive the root node from mnemonic and passphrase via Cardano Icarus algorithm
secret_bytes = mnemonic.get_secret()
assert secret_bytes is not None
root = bip32.from_mnemonic_cardano(secret_bytes.decode(), passphrase)
else:
# derive the root node via SLIP-0023 https://github.com/satoshilabs/slips/blob/master/slip-0022.md
seed = await get_seed(ctx)
root = bip32.from_seed(seed, "ed25519 cardano seed")
keychain = Keychain(root)
return keychain
async def dispatch_DebugLinkGetState(
ctx: wire.Context, msg: DebugLinkGetState
) -> DebugLinkState:
from trezor.messages.DebugLinkState import DebugLinkState
from apps.common import mnemonic
from apps.common.storage.device import has_passphrase
m = DebugLinkState()
m.mnemonic_secret = mnemonic.get_secret()
m.mnemonic_type = mnemonic.get_type()
m.passphrase_protection = has_passphrase()
m.reset_entropy = reset_internal_entropy
if msg.wait_word_pos:
m.reset_word_pos = await reset_word_index.take()
if msg.wait_word_list:
m.reset_word = " ".join(await reset_current_words.take())
return m
async def dispatch_DebugLinkGetState(
ctx: wire.Context, msg: DebugLinkGetState) -> DebugLinkState:
from trezor.messages.DebugLinkState import DebugLinkState
from apps.common import mnemonic, passphrase
m = DebugLinkState()
m.mnemonic_secret = mnemonic.get_secret()
m.mnemonic_type = mnemonic.get_type()
m.passphrase_protection = passphrase.is_enabled()
m.reset_entropy = reset_internal_entropy
if msg.wait_layout or current_content is None:
m.layout_lines = await layout_change_chan.take()
else:
m.layout_lines = current_content
if msg.wait_word_pos:
m.reset_word_pos = await reset_word_index.take()
if msg.wait_word_list:
m.reset_word = " ".join(await reset_current_words.take())
return m
async def get_keychain(ctx: wire.Context) -> Keychain:
if not storage.is_initialized():
raise wire.NotInitialized("Device is not initialized")
if mnemonic.is_bip39():
# derive the root node from mnemonic and passphrase
passphrase = await _get_passphrase(ctx)
root = bip32.from_mnemonic_cardano(mnemonic.get_secret().decode(), passphrase)
else:
seed = storage.cache.get_seed()
if seed is None:
passphrase = await _get_passphrase(ctx)
seed = mnemonic.get_seed(passphrase)
storage.cache.set_seed(seed)
root = bip32.from_seed(seed, "ed25519 cardano seed")
# derive the namespaced root node
for i in SEED_NAMESPACE:
root.derive_cardano(i)
keychain = Keychain(SEED_NAMESPACE, root)
return keychain
def derive_and_store_secrets(passphrase: str) -> None:
assert device.is_initialized()
assert cache.get(cache.APP_COMMON_DERIVE_CARDANO)
if not mnemonic.is_bip39():
# nothing to do for SLIP-39, where we can derive the root from the main seed
return
icarus_secret = mnemonic.derive_cardano_icarus(passphrase,
trezor_derivation=False)
words = mnemonic.get_secret()
assert words is not None, "Mnemonic is not set"
# count ASCII spaces, add 1 to get number of words
words_count = sum(c == 0x20 for c in words) + 1
if words_count == 24:
icarus_trezor_secret = mnemonic.derive_cardano_icarus(
passphrase, trezor_derivation=True)
else:
icarus_trezor_secret = icarus_secret
cache.set(cache.APP_CARDANO_ICARUS_SECRET, icarus_secret)
cache.set(cache.APP_CARDANO_ICARUS_TREZOR_SECRET, icarus_trezor_secret)
async def get_keychain(ctx: wire.Context) -> Keychain:
if not storage.is_initialized():
raise wire.ProcessError("Device is not initialized")
if (mnemonic.get_type() == mnemonic.TYPE_SLIP39
or mnemonic.get_type() == mnemonic.TYPE_SLIP39_GROUP):
seed = cache.get_seed()
if seed is None:
passphrase = await _get_passphrase(ctx)
seed = mnemonic.get_seed(passphrase)
cache.set_seed(seed)
root = bip32.from_seed(seed, "ed25519 cardano seed")
else:
# derive the root node from mnemonic and passphrase
passphrase = await _get_passphrase(ctx)
root = bip32.from_mnemonic_cardano(mnemonic.get_secret().decode(),
passphrase)
# derive the namespaced root node
for i in SEED_NAMESPACE:
root.derive_cardano(i)
keychain = Keychain(SEED_NAMESPACE, root)
return keychain
