async def backup_device(ctx, msg):
if not storage.is_initialized():
raise wire.ProcessError("Device is not initialized")
if not storage.needs_backup():
raise wire.ProcessError("Seed already backed up")
mnemonic_secret, mnemonic_type = mnemonic.get()
slip39 = mnemonic_type == mnemonic.TYPE_SLIP39
# warn user about mnemonic safety
await layout.show_backup_warning(ctx, "Back up your seed", "I understand",
slip39)
storage.set_unfinished_backup(True)
storage.set_backed_up()
if slip39:
await backup_slip39_wallet(ctx, mnemonic_secret)
else:
await layout.bip39_show_and_confirm_mnemonic(ctx,
mnemonic_secret.decode())
storage.set_unfinished_backup(False)
return Success(message="Seed successfully backed up")
async def dispatch_DebugLinkGetState(ctx, msg):
m = DebugLinkState()
m.mnemonic_secret, m.mnemonic_type = mnemonic.get()
m.passphrase_protection = storage.has_passphrase()
m.reset_word_pos = reset_word_index
m.reset_entropy = reset_internal_entropy
if reset_current_words:
m.reset_word = " ".join(reset_current_words)
return m
async def dispatch_DebugLinkGetState(
ctx: wire.Context, msg: DebugLinkGetState) -> DebugLinkState:
from trezor.messages.DebugLinkState import DebugLinkState
from apps.common import storage, mnemonic
m = DebugLinkState()
m.mnemonic_secret, m.mnemonic_type = mnemonic.get()
m.passphrase_protection = storage.device.has_passphrase()
m.reset_word_pos = reset_word_index
m.reset_entropy = reset_internal_entropy
if reset_current_words:
m.reset_word = " ".join(reset_current_words)
return m
async def backup_device(ctx, msg):
if not storage.is_initialized():
raise wire.NotInitialized("Device is not initialized")
if not storage.device.needs_backup():
raise wire.ProcessError("Seed already backed up")
mnemonic_secret, mnemonic_type = mnemonic.get()
storage.device.set_unfinished_backup(True)
storage.device.set_backed_up()
await backup_seed(ctx, mnemonic_type, mnemonic_secret)
storage.device.set_unfinished_backup(False)
await layout.show_backup_success(ctx)
return Success(message="Seed successfully backed up")
async def backup_device(ctx, msg):
if not storage.is_initialized():
raise wire.ProcessError("Device is not initialized")
if not storage.device.needs_backup():
raise wire.ProcessError("Seed already backed up")
mnemonic_secret, mnemonic_module = mnemonic.get()
slip39 = mnemonic_module == mnemonic.slip39
storage.device.set_unfinished_backup(True)
storage.device.set_backed_up()
if slip39:
await backup_slip39_wallet(ctx, mnemonic_secret)
else:
await layout.bip39_show_and_confirm_mnemonic(ctx,
mnemonic_secret.decode())
storage.device.set_unfinished_backup(False)
await layout.show_backup_success(ctx)
return Success(message="Seed successfully backed up")
async def _finish_recovery_dry_run(ctx: wire.Context, secret: bytes,
mnemonic_type: int) -> Success:
digest_input = sha256(secret).digest()
stored, _ = mnemonic.get()
digest_stored = sha256(stored).digest()
result = utils.consteq(digest_stored, digest_input)
# Check that the identifier and iteration exponent match as well
if mnemonic_type == mnemonic.TYPE_SLIP39:
result &= (storage.device.get_slip39_identifier() ==
storage.recovery.get_slip39_identifier())
result &= (storage.device.get_slip39_iteration_exponent() ==
storage.recovery.get_slip39_iteration_exponent())
await layout.show_dry_run_result(ctx, result)
storage.recovery.end_progress()
if result:
return Success("The seed is valid and matches the one in the device")
else:
raise wire.ProcessError(
"The seed does not match the one in the device")
async def get_keychain(ctx: wire.Context) -> Keychain:
if not storage.is_initialized():
raise wire.ProcessError("Device is not initialized")
# derive the root node from mnemonic and passphrase
passphrase = cache.get_passphrase()
if passphrase is None:
passphrase = await protect_by_passphrase(ctx)
cache.set_passphrase(passphrase)
# TODO fix for SLIP-39!
mnemonic_secret, mnemonic_module = mnemonic.get()
if mnemonic_module == mnemonic.slip39:
# TODO: we need to modify bip32.from_mnemonic_cardano to accept entropy directly
raise NotImplementedError("SLIP-39 currently does not support Cardano")
else:
root = bip32.from_mnemonic_cardano(mnemonic_secret.decode(),
passphrase)
# derive the namespaced root node
for i in SEED_NAMESPACE:
root.derive_cardano(i)
keychain = Keychain(SEED_NAMESPACE, root)
return keychain
async def recovery_device(ctx, msg):
"""
Recover BIP39 seed into empty device.
1. Ask for the number of words in recovered seed.
2. Let user type in the mnemonic words one by one.
3. Optionally check the seed validity.
4. Optionally ask for the PIN, with confirmation.
5. Save into storage.
"""
if not msg.dry_run and storage.is_initialized():
raise wire.UnexpectedMessage("Already initialized")
if not msg.dry_run:
title = "Device recovery"
text = Text(title, ui.ICON_RECOVERY)
text.normal("Do you really want to", "recover the device?", "")
else:
title = "Simulated recovery"
text = Text(title, ui.ICON_RECOVERY)
text.normal("Do you really want to", "check the recovery", "seed?")
await require_confirm(ctx, text, code=ProtectCall)
if msg.dry_run:
if config.has_pin():
curpin = await request_pin_ack(ctx, "Enter PIN",
config.get_pin_rem())
else:
curpin = ""
if not config.check_pin(pin_to_int(curpin)):
raise wire.PinInvalid("PIN invalid")
# ask for the number of words
wordcount = await request_wordcount(ctx, title)
# ask for mnemonic words one by one
words = await request_mnemonic(ctx, wordcount)
# check mnemonic validity
if msg.enforce_wordlist or msg.dry_run:
if not bip39.check(words):
raise wire.ProcessError("Mnemonic is not valid")
# ask for pin repeatedly
if msg.pin_protection:
newpin = await request_pin_confirm(ctx, cancellable=False)
else:
newpin = ""
secret = mnemonic.process([words], mnemonic.TYPE_BIP39)
# dry run
if msg.dry_run:
digest_input = sha256(secret).digest()
stored, _ = mnemonic.get()
digest_stored = sha256(stored).digest()
if consteq(digest_stored, digest_input):
return Success(
message="The seed is valid and matches the one in the device")
else:
raise wire.ProcessError(
"The seed is valid but does not match the one in the device")
# save into storage
if newpin:
config.change_pin(pin_to_int(""), pin_to_int(newpin))
storage.set_u2f_counter(msg.u2f_counter)
storage.load_settings(label=msg.label,
use_passphrase=msg.passphrase_protection)
storage.store_mnemonic(
secret=secret,
mnemonic_type=mnemonic.TYPE_BIP39,
needs_backup=False,
no_backup=False,
)
beam_nonce_seed = random.bytes(32)
create_master_nonce(beam_nonce_seed)
return Success(message="Device recovered")
