def hid_send_encrypt(self, msg): sha256_byte_len = 32 reply = "" try: encryption_key, authentication_key = derive_keys(self.password) msg = EncodeAES_bytes(encryption_key, msg) hmac_digest = hmac_oneshot(authentication_key, msg, hashlib.sha256) authenticated_msg = base64.b64encode(msg + hmac_digest) reply = self.hid_send_plain(authenticated_msg) if 'ciphertext' in reply: b64_unencoded = bytes( base64.b64decode(''.join(reply["ciphertext"]))) reply_hmac = b64_unencoded[-sha256_byte_len:] hmac_calculated = hmac_oneshot( authentication_key, b64_unencoded[:-sha256_byte_len], hashlib.sha256) if not hmac.compare_digest(reply_hmac, hmac_calculated): raise Exception("Failed to validate HMAC") reply = DecodeAES_bytes(encryption_key, b64_unencoded[:-sha256_byte_len]) reply = to_string(reply, 'utf8') reply = json.loads(reply) if 'error' in reply: self.password = None except Exception as e: print_error('Exception caught ' + repr(e)) return reply
def verify_connection(self, expected_xfp, expected_xpub): ex = (expected_xfp, expected_xpub) if self._expected_device == ex: # all is as expected return if ((self._expected_device is not None) or (self.dev.master_fingerprint != expected_xfp) or (self.dev.master_xpub != expected_xpub)): # probably indicating programing error, not hacking print_error( "[coldcard]", f"xpubs. reported by device: {self.dev.master_xpub}. " f"stored in file: {expected_xpub}") raise RuntimeError( "Expecting 0x%08x but that's not whats connected?!" % expected_xfp) # check signature over session key # - mitm might have lied about xfp and xpub up to here # - important that we use value capture at wallet creation time, not some value # we read over USB today self.dev.check_mitm(expected_xpub=expected_xpub) self._expected_device = ex print_error("[coldcard]", "Successfully verified against MiTM")
def give_error(self, message, clear_client=False): print_error(message) if not self.signing: self.handler.show_error(message) else: self.signing = False if clear_client: self.client = None raise UserFacingException(message)
def give_error(self, message, clear_client=False): print_error(message) if not self.ux_busy: self.handler.show_error(message) else: self.ux_busy = False if clear_client: self.client = None raise Exception(message)
def load_theme(self): """Load theme retrieved from wallet file.""" try: theme_prefix, theme_path = self.themes[self.theme_name] except KeyError: util.print_error("Theme not found!", self.theme_name) return full_theme_path = "%s/%s/style.css" % (theme_prefix, theme_path) with open(full_theme_path) as style_file: qApp.setStyleSheet(style_file.read())
def get_xpub(self, bip32_path, xtype): assert xtype in ColdcardPlugin.SUPPORTED_XTYPES print_error('[coldcard]', 'Derive xtype = %r' % xtype) xpub = self.dev.send_recv(CCProtocolPacker.get_xpub(bip32_path), timeout=5000) # TODO handle timeout? # change type of xpub to the requested type try: __, depth, fingerprint, child_number, c, cK = deserialize_xpub(xpub) except InvalidMasterKeyVersionBytes: raise Exception(_('Invalid xpub magic. Make sure your {} device is set to the correct chain.') .format(self.device)) from None if xtype != 'standard': xpub = serialize_xpub(xtype, c, cK, depth, fingerprint, child_number) return xpub
def set_dark_theme_if_needed(self): use_dark_theme = self.config.get('qt_gui_color_theme', 'default') == 'dark' if use_dark_theme: try: import qdarkstyle self.app.setStyleSheet(qdarkstyle.load_stylesheet_pyqt5()) except BaseException as e: use_dark_theme = False print_error('Error setting dark theme: {}'.format(e)) # Even if we ourselves don't set the dark theme, # the OS/window manager/etc might set *a dark theme*. # Hence, try to choose colors accordingly: ColorScheme.update_from_widget(QWidget(), force_dark=use_dark_theme)
def hid_send_encrypt(self, msg): reply = "" try: secret = Hash(self.password) msg = EncodeAES(secret, msg) reply = self.hid_send_plain(msg) if 'ciphertext' in reply: reply = DecodeAES(secret, ''.join(reply["ciphertext"])) reply = to_string(reply, 'utf8') reply = json.loads(reply) if 'error' in reply: self.password = None except Exception as e: print_error('Exception caught ' + str(e)) return reply
def get_xpub(self, bip32_path, xtype): assert xtype in ColdcardPlugin.SUPPORTED_XTYPES print_error('[coldcard]', 'Derive xtype = %r' % xtype) xpub = self.dev.send_recv(CCProtocolPacker.get_xpub(bip32_path), timeout=5000) # TODO handle timeout? # change type of xpub to the requested type try: node = BIP32Node.from_xkey(xpub) except InvalidMasterKeyVersionBytes: raise UserFacingException( _('Invalid xpub magic. Make sure your {} device is set to the correct chain.' ).format(self.device)) from None if xtype != 'standard': xpub = node._replace(xtype=xtype).to_xpub() return xpub
def sign_transaction(self, tx, password): # Build a PSBT in memory, upload it for signing. # - we can also work offline (without paired device present) if tx.is_complete(): return client = self.get_client() assert client.dev.master_fingerprint == self.ckcc_xfp raw_psbt = self.build_psbt(tx) #open('debug.psbt', 'wb').write(out_fd.getvalue()) try: try: self.handler.show_message("Authorize Transaction...") client.sign_transaction_start(raw_psbt, True) while 1: # How to kill some time, without locking UI? time.sleep(0.250) resp = client.sign_transaction_poll() if resp is not None: break rlen, rsha = resp # download the resulting txn. new_raw = client.download_file(rlen, rsha) finally: self.handler.finished() except (CCUserRefused, CCBusyError) as exc: print_error('[coldcard]', 'Did not sign:', str(exc)) self.handler.show_error(str(exc)) return except BaseException as e: traceback.print_exc(file=sys.stderr) self.give_error(e, True) return # trust the coldcard to re-searilize final product right? tx.update(bh2u(new_raw))
def use_tor_proxy(self, use_it): if not use_it: self.proxy_cb.setChecked(False) else: socks5_mode_index = self.proxy_mode.findText('SOCKS5') if socks5_mode_index == -1: print_error("[network_dialog] can't find proxy_mode 'SOCKS5'") return self.proxy_mode.setCurrentIndex(socks5_mode_index) self.proxy_host.setText("127.0.0.1") self.proxy_port.setText(str(self.tor_proxy[1])) self.proxy_user.setText("") self.proxy_password.setText("") self.tor_cb.setChecked(True) self.proxy_cb.setChecked(True) self.check_disable_proxy(use_it) self.set_proxy()
def hid_send_plain(self, msg): reply = "" try: serial_number = self.dbb_hid.get_serial_number_string() if "v2.0." in serial_number or "v1." in serial_number: hidBufSize = 4096 self.dbb_hid.write('\0' + msg + '\0' * (hidBufSize - len(msg))) r = bytearray() while len(r) < hidBufSize: r += bytearray(self.dbb_hid.read(hidBufSize)) else: self.hid_send_frame(msg) r = self.hid_read_frame() r = r.rstrip(b' \t\r\n\0') r = r.replace(b"\0", b'') r = to_string(r, 'utf8') reply = json.loads(r) except Exception as e: print_error('Exception caught ' + repr(e)) return reply
def comserver_post_notification(self, payload): assert self.is_mobile_paired(), "unexpected mobile pairing error" url = 'https://digitalbitbox.com/smartverification/index.php' key_s = base64.b64decode( self.digitalbitbox_config[ENCRYPTION_PRIVKEY_KEY]) args = 'c=data&s=0&dt=0&uuid=%s&pl=%s' % ( self.digitalbitbox_config[CHANNEL_ID_KEY], EncodeAES_base64( key_s, json.dumps(payload).encode('ascii')).decode('ascii'), ) try: text = Network.send_http_on_proxy( 'post', url, body=args.encode('ascii'), headers={'content-type': 'application/x-www-form-urlencoded'}) print_error('digitalbitbox reply from server', text) except Exception as e: self.handler.show_error( repr(e)) # repr because str(Exception()) == ''
def update_status(self, b): print_error('hw device status', b)
def show_error(self, msg, blocking=False): print_error(msg)
def sign_transaction(self, tx, password): if tx.is_complete(): return try: p2pkhTransaction = True derivations = self.get_tx_derivations(tx) inputhasharray = [] hasharray = [] pubkeyarray = [] # Build hasharray from inputs for i, txin in enumerate(tx.inputs()): if txin['type'] == 'coinbase': self.give_error( "Coinbase not supported") # should never happen if txin['type'] != 'p2pkh': p2pkhTransaction = False for x_pubkey in txin['x_pubkeys']: if x_pubkey in derivations: index = derivations.get(x_pubkey) inputPath = "%s/%d/%d" % (self.get_derivation(), index[0], index[1]) inputHash = sha256d( binascii.unhexlify(tx.serialize_preimage(i))) hasharray_i = { 'hash': to_hexstr(inputHash), 'keypath': inputPath } hasharray.append(hasharray_i) inputhasharray.append(inputHash) break else: self.give_error("No matching x_key for sign_transaction" ) # should never happen # Build pubkeyarray from outputs for o in tx.outputs(): assert o.type == TYPE_ADDRESS info = tx.output_info.get(o.address) if info is not None: index = info.address_index changePath = self.get_derivation() + "/%d/%d" % index changePubkey = self.derive_pubkey(index[0], index[1]) pubkeyarray_i = { 'pubkey': changePubkey, 'keypath': changePath } pubkeyarray.append(pubkeyarray_i) # Special serialization of the unsigned transaction for # the mobile verification app. # At the moment, verification only works for p2pkh transactions. if p2pkhTransaction: class CustomTXSerialization(Transaction): @classmethod def input_script(self, txin, estimate_size=False): if txin['type'] == 'p2pkh': return Transaction.get_preimage_script(txin) if txin['type'] == 'p2sh': # Multisig verification has partial support, but is disabled. This is the # expected serialization though, so we leave it here until we activate it. return '00' + push_script( Transaction.get_preimage_script(txin)) raise Exception("unsupported type %s" % txin['type']) tx_dbb_serialized = CustomTXSerialization( tx.serialize()).serialize_to_network() else: # We only need this for the signing echo / verification. tx_dbb_serialized = None # Build sign command dbb_signatures = [] steps = math.ceil(1.0 * len(hasharray) / self.maxInputs) for step in range(int(steps)): hashes = hasharray[step * self.maxInputs:(step + 1) * self.maxInputs] msg = { "sign": { "data": hashes, "checkpub": pubkeyarray, }, } if tx_dbb_serialized is not None: msg["sign"]["meta"] = to_hexstr(sha256d(tx_dbb_serialized)) msg = json.dumps(msg).encode('ascii') dbb_client = self.plugin.get_client(self) if not dbb_client.is_paired(): raise Exception("Could not sign transaction.") reply = dbb_client.hid_send_encrypt(msg) if 'error' in reply: raise Exception(reply['error']['message']) if 'echo' not in reply: raise Exception("Could not sign transaction.") if self.plugin.is_mobile_paired( ) and tx_dbb_serialized is not None: reply['tx'] = tx_dbb_serialized self.plugin.comserver_post_notification(reply) if steps > 1: self.handler.show_message( _("Signing large transaction. Please be patient ...") + "\n\n" + _("To continue, touch the Digital Bitbox's blinking light for 3 seconds." ) + " " + _("(Touch {} of {})").format((step + 1), steps) + "\n\n" + _("To cancel, briefly touch the blinking light or wait for the timeout." ) + "\n\n") else: self.handler.show_message( _("Signing transaction...") + "\n\n" + _("To continue, touch the Digital Bitbox's blinking light for 3 seconds." ) + "\n\n" + _("To cancel, briefly touch the blinking light or wait for the timeout." )) # Send twice, first returns an echo for smart verification reply = dbb_client.hid_send_encrypt(msg) self.handler.finished() if 'error' in reply: if reply["error"].get('code') in (600, 601): # aborted via LED short touch or timeout raise UserCancelled() raise Exception(reply['error']['message']) if 'sign' not in reply: raise Exception("Could not sign transaction.") dbb_signatures.extend(reply['sign']) # Fill signatures if len(dbb_signatures) != len(tx.inputs()): raise Exception("Incorrect number of transactions signed." ) # Should never occur for i, txin in enumerate(tx.inputs()): num = txin['num_sig'] for pubkey in txin['pubkeys']: signatures = list(filter(None, txin['signatures'])) if len(signatures) == num: break # txin is complete ii = txin['pubkeys'].index(pubkey) signed = dbb_signatures[i] if 'recid' in signed: # firmware > v2.1.1 recid = int(signed['recid'], 16) s = binascii.unhexlify(signed['sig']) h = inputhasharray[i] pk = ecc.ECPubkey.from_sig_string(s, recid, h) pk = pk.get_public_key_hex(compressed=True) elif 'pubkey' in signed: # firmware <= v2.1.1 pk = signed['pubkey'] if pk != pubkey: continue sig_r = int(signed['sig'][:64], 16) sig_s = int(signed['sig'][64:], 16) sig = ecc.der_sig_from_r_and_s(sig_r, sig_s) sig = to_hexstr(sig) + '01' tx.add_signature_to_txin(i, ii, sig) except UserCancelled: raise except BaseException as e: self.give_error(e, True) else: print_error("Transaction is_complete", tx.is_complete()) tx.raw = tx.serialize()
def start_new_window(self, path, uri, app_is_starting=False): '''Raises the window for the wallet if it is open. Otherwise opens the wallet and creates a new window for it''' try: wallet = self.daemon.load_wallet(path, None) except BaseException as e: traceback.print_exc(file=sys.stdout) d = QMessageBox(QMessageBox.Warning, _('Error'), _('Cannot load wallet') + ' (1):\n' + str(e)) d.exec_() if app_is_starting: # do not return so that the wizard can appear wallet = None else: return if not wallet: storage = WalletStorage(path, manual_upgrades=True) wizard = InstallWizard(self.config, self.app, self.plugins, storage) try: wallet = wizard.run_and_get_wallet(self.daemon.get_wallet) except UserCancelled: pass except GoBack as e: print_error('[start_new_window] Exception caught (GoBack)', e) except (WalletFileException, BitcoinException) as e: traceback.print_exc(file=sys.stderr) d = QMessageBox(QMessageBox.Warning, _('Error'), _('Cannot load wallet') + ' (2):\n' + str(e)) d.exec_() return finally: wizard.terminate() if not wallet: return if not self.daemon.get_wallet(wallet.storage.path): # wallet was not in memory wallet.start_threads(self.daemon.network) self.daemon.add_wallet(wallet) try: for w in self.windows: if w.wallet.storage.path == wallet.storage.path: w.bring_to_top() return w = self.create_window_for_wallet(wallet) except BaseException as e: traceback.print_exc(file=sys.stdout) d = QMessageBox( QMessageBox.Warning, _('Error'), _('Cannot create window for wallet') + ':\n' + str(e)) d.exec_() return if uri: w.pay_to_URI(uri) w.bring_to_top() w.setWindowState(w.windowState() & ~QtCore.Qt.WindowMinimized | QtCore.Qt.WindowActive) # this will activate the window w.activateWindow() return w
def run(self, action): if action == 'new': action, wallet_type = self.restore_or_create() if wallet_type == 'multisig': wallet_type = self.choice(_("Multi Signature Wallet"), 'Select wallet type', [('2of2', _("2 of 2")), ('2of3', _("2 of 3"))]) if not wallet_type: return elif wallet_type == 'hardware': hardware_wallets = map( lambda x: (x[1], x[2]), filter(lambda x: x[0] == 'hardware', electrum_nmc.wallet.wallet_types)) wallet_type = self.choice(_("Hardware Wallet"), 'Select your hardware wallet', hardware_wallets) if not wallet_type: return elif wallet_type == 'twofactor': wallet_type = '2fa' if action == 'create': self.storage.put('wallet_type', wallet_type, False) if action is None: return if action == 'restore': wallet = self.restore(wallet_type) if not wallet: return action = None else: wallet = Wallet(self.storage) action = wallet.get_action() # fixme: password is only needed for multiple accounts password = None while action is not None: util.print_error("installwizard:", wallet, action) if action == 'create_seed': seed = wallet.make_seed() if not self.show_seed(seed, None): return if not self.verify_seed(seed, None): return password = self.password_dialog() wallet.add_seed(seed, password) wallet.create_master_keys(password) elif action == 'add_cosigner': xpub1 = wallet.master_public_keys.get("x1/") r = self.multi_mpk_dialog(xpub1, 1) if not r: return xpub2 = r[0] wallet.add_master_public_key("x2/", xpub2) elif action == 'add_two_cosigners': xpub1 = wallet.master_public_keys.get("x1/") r = self.multi_mpk_dialog(xpub1, 2) if not r: return xpub2, xpub3 = r wallet.add_master_public_key("x2/", xpub2) wallet.add_master_public_key("x3/", xpub3) elif action == 'create_accounts': wallet.create_main_account(password) self.waiting_dialog(wallet.synchronize) else: f = run_hook('get_wizard_action', self, wallet, action) if not f: raise BaseException('unknown wizard action', action) r = f(wallet, self) if not r: return # next action action = wallet.get_action() if self.network: if self.network.interfaces: self.network_dialog() else: QMessageBox.information(None, _('Warning'), _('You are offline'), _('OK')) self.network.stop() self.network = None # start wallet threads wallet.start_threads(self.network) if action == 'restore': self.waiting_dialog( lambda: wallet.restore(self.waiting_label.setText)) if self.network: msg = _("Recovery successful") if wallet.is_found() else _( "No transactions found for this seed") else: msg = _( "This wallet was restored offline. It may contain more addresses than displayed." ) QMessageBox.information(None, _('Information'), msg, _('OK')) return wallet
from electrum_nmc.address_synchronizer import TX_HEIGHT_LOCAL from electrum_nmc.i18n import _ from electrum_nmc.util import (block_explorer_URL, profiler, print_error, TxMinedInfo, OrderedDictWithIndex, PrintError, timestamp_to_datetime) from .util import (read_QIcon, MONOSPACE_FONT, Buttons, CancelButton, OkButton, filename_field, MyTreeView, AcceptFileDragDrop, WindowModalDialog, CloseButton) if TYPE_CHECKING: from electrum_nmc.wallet import Abstract_Wallet try: from electrum_nmc.plot import plot_history, NothingToPlotException except: print_error("qt/history_list: could not import electrum_nmc.plot. This feature needs matplotlib to be installed.") plot_history = None # note: this list needs to be kept in sync with another in kivy TX_ICONS = [ "unconfirmed.png", "warning.png", "unconfirmed.png", "offline_tx.png", "clock1.png", "clock2.png", "clock3.png", "clock4.png", "clock5.png", "confirmed.png", ]
import platform from electrum_nmc.plugins import BasePlugin, hook from electrum_nmc_gui.qt.util import WaitingDialog, EnterButton, WindowModalDialog from electrum_nmc.util import print_msg, print_error from electrum_nmc.i18n import _ from PyQt5.QtGui import * from PyQt5.QtCore import * from PyQt5.QtWidgets import (QComboBox, QGridLayout, QLabel, QPushButton) try: import amodem.audio import amodem.main import amodem.config print_error('Audio MODEM is available.') amodem.log.addHandler(amodem.logging.StreamHandler(sys.stderr)) amodem.log.setLevel(amodem.logging.INFO) except ImportError: amodem = None print_error('Audio MODEM is not found.') class Plugin(BasePlugin): def __init__(self, parent, config, name): BasePlugin.__init__(self, parent, config, name) if self.is_available(): self.modem_config = amodem.config.slowest() self.library_name = { 'Linux': 'libportaudio.so'