def test_passphrase(self):
identifier = slip39.generate_random_identifier()
mnemonics = slip39.generate_mnemonics_from_data(self.MS, identifier, 1, [(3, 5)], b"TREZOR")
mnemonics = mnemonics[0]
identifier, exponent, ems = slip39.combine_mnemonics(mnemonics[1:4])
self.assertEqual(slip39.decrypt(identifier, exponent, ems, b"TREZOR"), self.MS)
self.assertNotEqual(slip39.decrypt(identifier, exponent, ems, b""), self.MS)
def test_group_sharing(self):
group_threshold = 2
group_sizes = (5, 3, 5, 1)
member_thresholds = (3, 2, 2, 1)
identifier = slip39.generate_random_identifier()
mnemonics = slip39.generate_mnemonics_from_data(
self.MS, identifier, group_threshold, list(zip(member_thresholds, group_sizes))
)
# Test all valid combinations of mnemonics.
for groups in combinations(zip(mnemonics, member_thresholds), group_threshold):
for group1_subset in combinations(groups[0][0], groups[0][1]):
for group2_subset in combinations(groups[1][0], groups[1][1]):
mnemonic_subset = list(group1_subset + group2_subset)
random.shuffle(mnemonic_subset)
identifier, exponent, ems = slip39.combine_mnemonics(mnemonic_subset)
self.assertEqual(slip39.decrypt(identifier, exponent, ems, b""), self.MS)
# Minimal sets of mnemonics.
identifier, exponent, ems = slip39.combine_mnemonics([mnemonics[2][0], mnemonics[2][2], mnemonics[3][0]])
self.assertEqual(slip39.decrypt(identifier, exponent, ems, b""), self.MS)
self.assertEqual(slip39.combine_mnemonics([mnemonics[2][3], mnemonics[3][0], mnemonics[2][4]])[2], ems)
# One complete group and one incomplete group out of two groups required.
with self.assertRaises(slip39.MnemonicError):
slip39.combine_mnemonics(mnemonics[0][2:] + [mnemonics[1][0]])
# One group of two required.
with self.assertRaises(slip39.MnemonicError):
slip39.combine_mnemonics(mnemonics[0][1:4])
def test_passphrase(self):
mnemonics = slip39.generate_mnemonics(1, [(3, 5)], self.MS,
b"TREZOR")[0]
identifier, exponent, ems = slip39.combine_mnemonics(mnemonics[1:4])
self.assertEqual(slip39.decrypt(identifier, exponent, ems, b"TREZOR"),
self.MS)
self.assertNotEqual(slip39.decrypt(identifier, exponent, ems, b""),
self.MS)
def get_seed(passphrase: str = "", progress_bar: bool = True) -> bytes:
mnemonic_secret, mnemonic_type = get()
if mnemonic_secret is None:
raise ValueError("Mnemonic not set")
render_func = None
if progress_bar:
_start_progress()
render_func = _render_progress
if mnemonic_type == TYPE_BIP39:
seed = bip39.seed(mnemonic_secret.decode(), passphrase, render_func)
elif mnemonic_type == TYPE_SLIP39:
identifier = storage.device.get_slip39_identifier()
iteration_exponent = storage.device.get_slip39_iteration_exponent()
if identifier is None or iteration_exponent is None:
# Identifier or exponent expected but not found
raise RuntimeError
seed = slip39.decrypt(identifier, iteration_exponent, mnemonic_secret,
passphrase.encode())
if progress_bar:
_stop_progress()
return seed
def get_seed(passphrase: str = "", progress_bar: bool = True) -> bytes:
mnemonic_secret = get_secret()
if mnemonic_secret is None:
raise ValueError("Mnemonic not set")
render_func = None
if progress_bar and not utils.DISABLE_ANIMATION:
_start_progress()
render_func = _render_progress
if is_bip39():
from trezor.crypto import bip39
seed = bip39.seed(mnemonic_secret.decode(), passphrase, render_func)
else: # SLIP-39
from trezor.crypto import slip39
identifier = storage.device.get_slip39_identifier()
iteration_exponent = storage.device.get_slip39_iteration_exponent()
if identifier is None or iteration_exponent is None:
# Identifier or exponent expected but not found
raise RuntimeError
seed = slip39.decrypt(mnemonic_secret, passphrase.encode(),
iteration_exponent, identifier)
return seed
def test_basic_sharing_fixed(self):
mnemonics = slip39.generate_mnemonics(1, [(3, 5)], self.MS)[0]
identifier, exponent, ems = slip39.combine_mnemonics(mnemonics[:3])
self.assertEqual(slip39.decrypt(identifier, exponent, ems, b""), self.MS)
self.assertEqual(slip39.combine_mnemonics(mnemonics[1:4])[2], ems)
with self.assertRaises(slip39.MnemonicError):
slip39.combine_mnemonics(mnemonics[1:3])
def test_vectors(self):
for mnemonics, secret in vectors:
if secret:
identifier, exponent, ems = slip39.combine_mnemonics(mnemonics)
self.assertEqual(slip39.decrypt(identifier, exponent, ems, b"TREZOR"), unhexlify(secret))
else:
with self.assertRaises(slip39.MnemonicError):
slip39.combine_mnemonics(mnemonics)
def get_seed(encrypted_master_secret: bytes, passphrase: str):
mnemonic._start_progress()
identifier = storage.get_slip39_identifier()
iteration_exponent = storage.get_slip39_iteration_exponent()
master_secret = slip39.decrypt(identifier, iteration_exponent,
encrypted_master_secret, passphrase)
mnemonic._stop_progress()
return master_secret
def test_iteration_exponent(self):
_, mnemonics = slip39.generate_mnemonics_from_data(
self.MS, 1, [(3, 5)], b"TREZOR", 1)
mnemonics = mnemonics[0]
identifier, exponent, ems = slip39.combine_mnemonics(mnemonics[1:4])
self.assertEqual(slip39.decrypt(identifier, exponent, ems, b"TREZOR"),
self.MS)
self.assertNotEqual(slip39.decrypt(identifier, exponent, ems, b""),
self.MS)
_, mnemonics = slip39.generate_mnemonics_from_data(
self.MS, 1, [(3, 5)], b"TREZOR", 2)
mnemonics = mnemonics[0]
identifier, exponent, ems = slip39.combine_mnemonics(mnemonics[1:4])
self.assertEqual(slip39.decrypt(identifier, exponent, ems, b"TREZOR"),
self.MS)
self.assertNotEqual(slip39.decrypt(identifier, exponent, ems, b""),
self.MS)
def test_basic_sharing_fixed(self):
generated_identifier = slip39.generate_random_identifier()
mnemonics = slip39.generate_mnemonics_from_data(self.MS, generated_identifier, 1, [(3, 5)])
mnemonics = mnemonics[0]
identifier, exponent, ems = slip39.combine_mnemonics(mnemonics[:3])
self.assertEqual(slip39.decrypt(identifier, exponent, ems, b""), self.MS)
self.assertEqual(generated_identifier, identifier)
self.assertEqual(slip39.combine_mnemonics(mnemonics[1:4])[2], ems)
with self.assertRaises(slip39.MnemonicError):
slip39.combine_mnemonics(mnemonics[1:3])
def get_seed(encrypted_master_secret: bytes,
passphrase: str,
progress_bar: bool = True) -> bytes:
if progress_bar:
mnemonic._start_progress()
identifier = storage.slip39.get_identifier()
iteration_exponent = storage.slip39.get_iteration_exponent()
master_secret = slip39.decrypt(identifier, iteration_exponent,
encrypted_master_secret, passphrase)
if progress_bar:
mnemonic._stop_progress()
return master_secret
def test_slip39_128(self):
mnemonics = [
"extra extend academic bishop cricket bundle tofu goat apart victim "
"enlarge program behavior permit course armed jerky faint language modern",
"extra extend academic acne away best indicate impact square oasis "
"prospect painting voting guest either argue username racism enemy eclipse",
"extra extend academic arcade born dive legal hush gross briefing "
"talent drug much home firefly toxic analysis idea umbrella slice"
]
passphrase = b"TREZOR"
identifier, exponent, ems = slip39.recover_ems(mnemonics)
master_secret = slip39.decrypt(ems, passphrase, exponent, identifier)
node = bip32.from_seed(master_secret, "ed25519 cardano seed")
node.derive_cardano(0x80000000 | 44)
node.derive_cardano(0x80000000 | 1815)
keychain = Keychain([0x80000000 | 44, 0x80000000 | 1815], node)
# 44'/1815'/0'/0/i
derivation_paths = [
[0x80000000 | 44, 0x80000000 | 1815, 0x80000000, 0, 0],
[0x80000000 | 44, 0x80000000 | 1815, 0x80000000, 0, 1],
[0x80000000 | 44, 0x80000000 | 1815, 0x80000000, 0, 2]
]
public_keys = [
b'bc043d84b8b891d49890edb6aced6f2d78395f255c5b6aea8878b913f83e8579',
b'24c4fe188a39103db88818bc191fd8571eae7b284ebcbdf2462bde97b058a95c',
b'831a63d381a8dab1e6e1ee991a4300fc70687aae5f97f4fcf92ed1b6c2bd99de'
]
chain_codes = [
b"dc3f0d2b5cccb822335ef6213fd133f4ca934151ec44a6000aee43b8a101078c",
b"6f7a744035f4b3ddb8f861c18446169643cc3ae85e271b4b4f0eda05cf84c65b",
b"672d6af4707aba201b7940231e83dd357f92f8851b3dfdc224ef311e1b64cdeb"
]
xpub_keys = [
"bc043d84b8b891d49890edb6aced6f2d78395f255c5b6aea8878b913f83e8579dc3f0d2b5cccb822335ef6213fd133f4ca934151ec44a6000aee43b8a101078c",
"24c4fe188a39103db88818bc191fd8571eae7b284ebcbdf2462bde97b058a95c6f7a744035f4b3ddb8f861c18446169643cc3ae85e271b4b4f0eda05cf84c65b",
"831a63d381a8dab1e6e1ee991a4300fc70687aae5f97f4fcf92ed1b6c2bd99de672d6af4707aba201b7940231e83dd357f92f8851b3dfdc224ef311e1b64cdeb"
]
for index, derivation_path in enumerate(derivation_paths):
key = _get_public_key(keychain, derivation_path)
self.assertEqual(hexlify(key.node.public_key), public_keys[index])
self.assertEqual(hexlify(key.node.chain_code), chain_codes[index])
self.assertEqual(key.xpub, xpub_keys[index])
def test_slip39_256(self):
mnemonics = [
"hobo romp academic axis august founder knife legal recover alien expect "
"emphasis loan kitchen involve teacher capture rebuild trial numb spider forward "
"ladle lying voter typical security quantity hawk legs idle leaves gasoline",
"hobo romp academic agency ancestor industry argue sister scene midst graduate "
"profile numb paid headset airport daisy flame express scene usual welcome "
"quick silent downtown oral critical step remove says rhythm venture aunt"
]
passphrase = b"TREZOR"
identifier, exponent, ems = slip39.recover_ems(mnemonics)
master_secret = slip39.decrypt(ems, passphrase, exponent, identifier)
node = bip32.from_seed(master_secret, "ed25519 cardano seed")
node.derive_cardano(0x80000000 | 44)
node.derive_cardano(0x80000000 | 1815)
keychain = Keychain([0x80000000 | 44, 0x80000000 | 1815], node)
# 44'/1815'/0'/0/i
derivation_paths = [
[0x80000000 | 44, 0x80000000 | 1815, 0x80000000, 0, 0],
[0x80000000 | 44, 0x80000000 | 1815, 0x80000000, 0, 1],
[0x80000000 | 44, 0x80000000 | 1815, 0x80000000, 0, 2]
]
public_keys = [
b"967a9a041ad1379e31c2c7f2aa4bc2b3f7769341c0ea89ccfb12a904f2e10877",
b"6f3805bbc1b7a75afa95dffec331671f3c4662800615e80d2ec1202a9d874c86",
b"7f145b50ef07fb9accc40ee07a01fe93ceb6fa07d5a9f20fc3c8a48246dd4d02",
]
chain_codes = [
b"7b15d8d9006afe3cd7e04f375a1126a8c7c7c07c59a6f0c5b0310f4245f4edbb",
b"44baf30fd549e6a1e05f99c2a2c8971aea8894ee8d9c5fc2c5ae6ee839a56b2d",
b"e67d2864614ada5eec8fb8ee1225a94a6fb0a1b3c347c854ec3037351c6a0fc7",
]
xpub_keys = [
"967a9a041ad1379e31c2c7f2aa4bc2b3f7769341c0ea89ccfb12a904f2e108777b15d8d9006afe3cd7e04f375a1126a8c7c7c07c59a6f0c5b0310f4245f4edbb",
"6f3805bbc1b7a75afa95dffec331671f3c4662800615e80d2ec1202a9d874c8644baf30fd549e6a1e05f99c2a2c8971aea8894ee8d9c5fc2c5ae6ee839a56b2d",
"7f145b50ef07fb9accc40ee07a01fe93ceb6fa07d5a9f20fc3c8a48246dd4d02e67d2864614ada5eec8fb8ee1225a94a6fb0a1b3c347c854ec3037351c6a0fc7",
]
for index, derivation_path in enumerate(derivation_paths):
key = _get_public_key(keychain, derivation_path)
self.assertEqual(hexlify(key.node.public_key), public_keys[index])
self.assertEqual(hexlify(key.node.chain_code), chain_codes[index])
self.assertEqual(key.xpub, xpub_keys[index])
def test_group_sharing_threshold_1(self):
group_threshold = 1
group_sizes = (5, 3, 5, 1)
member_thresholds = (3, 2, 2, 1)
mnemonics = slip39.generate_mnemonics(
group_threshold, list(zip(member_thresholds, group_sizes)), self.MS
)
# Test all valid combinations of mnemonics.
for group, threshold in zip(mnemonics, member_thresholds):
for group_subset in combinations(group, threshold):
mnemonic_subset = list(group_subset)
random.shuffle(mnemonic_subset)
identifier, exponent, ems = slip39.combine_mnemonics(mnemonic_subset)
self.assertEqual(slip39.decrypt(identifier, exponent, ems, b""), self.MS)
def get_seed(passphrase: str = "", progress_bar: bool = True) -> bytes:
mnemonic_secret, mnemonic_type = get()
render_func = None
if progress_bar:
_start_progress()
render_func = _render_progress
if mnemonic_type == TYPE_BIP39:
seed = bip39.seed(mnemonic_secret.decode(), passphrase, render_func)
elif mnemonic_type == TYPE_SLIP39:
identifier = storage.device.get_slip39_identifier()
iteration_exponent = storage.device.get_slip39_iteration_exponent()
seed = slip39.decrypt(
identifier, iteration_exponent, mnemonic_secret, passphrase
)
if progress_bar:
_stop_progress()
return seed
def test_slip39_256(self):
mnemonics = [
"hobo romp academic axis august founder knife legal recover alien expect "
"emphasis loan kitchen involve teacher capture rebuild trial numb spider forward "
"ladle lying voter typical security quantity hawk legs idle leaves gasoline",
"hobo romp academic agency ancestor industry argue sister scene midst graduate "
"profile numb paid headset airport daisy flame express scene usual welcome "
"quick silent downtown oral critical step remove says rhythm venture aunt"
]
passphrase = b"TREZOR"
identifier, exponent, ems = slip39.recover_ems(mnemonics)
master_secret = slip39.decrypt(ems, passphrase, exponent, identifier)
node = bip32.from_seed(master_secret, "ed25519 cardano seed")
# Check root node.
root_priv = b"90633724b5daf770a8b420b8658e7d8bc21e066b60ec8cd4d5730681cc294e4f"
root_ext = b"f9d99bf3cd9c7e12663e8646afa40cb3aecf15d91f2abc15d21056c6bccb3414"
root_pub = b"eea170f0ef97b59d22907cb429888029721ed67d3e7a1b56b81731086ab7db64"
root_chain = b"04f1de750b62725fcc1ae1b93ca4063acb53c486b959cadaa100ebd7828e5460"
self.assertEqual(hexlify(node.private_key()), root_priv)
self.assertEqual(hexlify(node.private_key_ext()), root_ext)
self.assertEqual(hexlify(seed.remove_ed25519_prefix(node.public_key())), root_pub)
self.assertEqual(hexlify(node.chain_code()), root_chain)
# Check derived nodes and addresses.
node.derive_cardano(0x80000000 | 44)
node.derive_cardano(0x80000000 | 1815)
keychain = Keychain([0x80000000 | 44, 0x80000000 | 1815], node)
nodes = [
(
"Ae2tdPwUPEYyDD1C2FbVJFAE3FuAxLspfMYt29TJ1urnSKr57cVhEcioSCC",
b"38e8a4b17ca07b6a309f1cee83f87593e34a1fc3a289785ea451ef65df294e4f",
b"405d10ef71c2b0019250d11837de8db825d8556bf1e57f8866920af6d8c90002",
b"967a9a041ad1379e31c2c7f2aa4bc2b3f7769341c0ea89ccfb12a904f2e10877",
b"7b15d8d9006afe3cd7e04f375a1126a8c7c7c07c59a6f0c5b0310f4245f4edbb",
),
(
"Ae2tdPwUPEZHJGtyz47F6wD7qAegt1JNRJWuiE36QLvFzeqJPBZ2EBvhr8M",
b"a09f90e3f76a7bdb7f8721cc0c142dbd6398fd704b83455e123fa886dc294e4f",
b"917e4166bb404def9f12634e84ecbcb98afdea051ba7c38745e208178a9e9baf",
b"6f3805bbc1b7a75afa95dffec331671f3c4662800615e80d2ec1202a9d874c86",
b"44baf30fd549e6a1e05f99c2a2c8971aea8894ee8d9c5fc2c5ae6ee839a56b2d",
),
(
"Ae2tdPwUPEYxD9xNPBJTzYmtFVVWEPB6KW4TCDijQ4pDwU11wt5621PyCi4",
b"78dd824aea33bed5c1502d1a17f11a4adbe923aac1cd1f7ae98c9506db294e4f",
b"ddfe7f27e2894b983df773d8ac2a07973fc37ff36e93a2f2d71fb7327d4e18f4",
b"7f145b50ef07fb9accc40ee07a01fe93ceb6fa07d5a9f20fc3c8a48246dd4d02",
b"e67d2864614ada5eec8fb8ee1225a94a6fb0a1b3c347c854ec3037351c6a0fc7",
)
]
for i, (address, priv, ext, pub, chain) in enumerate(nodes):
# 44'/1815'/0'/0/i
a, n = derive_address_and_node(keychain, [0x80000000 | 44, 0x80000000 | 1815, 0x80000000, 0, i])
self.assertEqual(a, address)
self.assertEqual(hexlify(n.private_key()), priv)
self.assertEqual(hexlify(n.private_key_ext()), ext)
self.assertEqual(hexlify(seed.remove_ed25519_prefix(n.public_key())), pub)
self.assertEqual(hexlify(n.chain_code()), chain)
def test_slip39_128(self):
mnemonics = [
"extra extend academic bishop cricket bundle tofu goat apart victim "
"enlarge program behavior permit course armed jerky faint language modern",
"extra extend academic acne away best indicate impact square oasis "
"prospect painting voting guest either argue username racism enemy eclipse",
"extra extend academic arcade born dive legal hush gross briefing "
"talent drug much home firefly toxic analysis idea umbrella slice"
]
passphrase = b"TREZOR"
identifier, exponent, ems = slip39.recover_ems(mnemonics)
master_secret = slip39.decrypt(ems, passphrase, exponent, identifier)
node = bip32.from_seed(master_secret, "ed25519 cardano seed")
# Check root node.
root_priv = b"c0fe4a6973df4de06262693fc9186f71faf292960350882d49456bf108d13954"
root_ext = b"4064253ffefc4127489bce1b825a47329010c5afb4d21154ef949ef786204405"
root_pub = b"83e3ecaf57f90f022c45e10d1b8cb78499c30819515ad9a81ad82139fdb12a90"
root_chain = b"22c12755afdd192742613b3062069390743ea232bc1b366c8f41e37292af9305"
self.assertEqual(hexlify(node.private_key()), root_priv)
self.assertEqual(hexlify(node.private_key_ext()), root_ext)
self.assertEqual(hexlify(seed.remove_ed25519_prefix(node.public_key())), root_pub)
self.assertEqual(hexlify(node.chain_code()), root_chain)
# Check derived nodes and addresses.
node.derive_cardano(0x80000000 | 44)
node.derive_cardano(0x80000000 | 1815)
keychain = Keychain([0x80000000 | 44, 0x80000000 | 1815], node)
nodes = [
(
"Ae2tdPwUPEYxF9NAMNdd3v2LZoMeWp7gCZiDb6bZzFQeeVASzoP7HC4V9s6",
b"e0acfe234aa6e1219ce7d3d8d91853e0808bab92ecb8a0ff0f345ff31ad13954",
b"ff89dc71365c4b67bb7bb75d566e65b8a95f16e4d70cce51c25937db15614530",
b"bc043d84b8b891d49890edb6aced6f2d78395f255c5b6aea8878b913f83e8579",
b"dc3f0d2b5cccb822335ef6213fd133f4ca934151ec44a6000aee43b8a101078c",
),
(
"Ae2tdPwUPEZ1TjYcvfkWAbiHtGVxv4byEHHZoSyQXjPJ362DifCe1ykgqgy",
b"d0ce3e7a6445bc91801319b9bbaf47fdfca9364257295fb13bc5046a20d13954",
b"c800359abdc875944754ae7368bab7ef75184d48816c368f5a28af4bcf1d1ee8",
b"24c4fe188a39103db88818bc191fd8571eae7b284ebcbdf2462bde97b058a95c",
b"6f7a744035f4b3ddb8f861c18446169643cc3ae85e271b4b4f0eda05cf84c65b",
),
(
"Ae2tdPwUPEZGXmSbda1kBNfyhRQGRcQxJFdk7mhWZXAGnapyejv2b2U3aRb",
b"e8320644cce22a6e9fc33865fc5a598b1cda061c47a548aead3af4ed1cd13954",
b"9e2ece5d7fe8119cb76090009be926a84fc5d3b95855b5962ffe2f880836cf09",
b"831a63d381a8dab1e6e1ee991a4300fc70687aae5f97f4fcf92ed1b6c2bd99de",
b"672d6af4707aba201b7940231e83dd357f92f8851b3dfdc224ef311e1b64cdeb"
)
]
for i, (address, priv, ext, pub, chain) in enumerate(nodes):
# 44'/1815'/0'/0/i
a, n = derive_address_and_node(keychain, [0x80000000 | 44, 0x80000000 | 1815, 0x80000000, 0, i])
self.assertEqual(a, address)
self.assertEqual(hexlify(n.private_key()), priv)
self.assertEqual(hexlify(n.private_key_ext()), ext)
self.assertEqual(hexlify(seed.remove_ed25519_prefix(n.public_key())), pub)
self.assertEqual(hexlify(n.chain_code()), chain)
