async def remember_bip39_passphrase():
# Compute current xprv and switch to using that as root secret.
import stash
from main import dis, pa
dis.fullscreen('Check...')
with stash.SensitiveValues() as sv:
if sv.mode != 'words':
# not a BIP39 derived secret, so cannot work.
await ux_show_story('''The wallet secret was not based on a seed phrase, so we cannot add a BIP39 passphrase at this time.''', title='Failed')
return
nv = SecretStash.encode(xprv=sv.node)
# Important: won't write new XFP to nvram if pw still set
stash.bip39_passphrase = ''
dis.fullscreen('Saving...')
pa.change(new_secret=nv)
# re-read settings since key is now different
# - also captures xfp, xpub at this point
pa.new_main_secret(nv)
# check and reload secret
pa.reset()
pa.login()
async def remember_bip39_passphrase():
# Compute current xprv and switch to using that as root secret.
import stash
from main import dis, pa
if not stash.bip39_passphrase:
if not await ux_confirm(
'''You do not have a BIP39 passphrase set right now, so this command does little except forget the seed words. It does not enhance security.'''
):
return
dis.fullscreen('Check...')
with stash.SensitiveValues() as sv:
if sv.mode != 'words':
# not a BIP39 derived secret, so cannot work.
await ux_show_story(
'''The wallet secret was not based on a seed phrase, so we cannot add a BIP39 passphrase at this time.''',
title='Failed')
return
nv = SecretStash.encode(xprv=sv.node)
dis.fullscreen('Saving...')
pa.change(new_secret=nv)
# re-read settings since key is now different
# - also captures xfp, xpub at this point
pa.new_main_secret(nv)
# check and reload secret
pa.reset()
pa.login()
def set_seed_value(words):
# Save the seed words into secure element, and reboot. BIP39 password
# is not set at this point (empty string)
ok = tcc.bip39.check(' '.join(words))
assert ok, "seed check: %r" % words
# map words to bip39 wordlist indices
data = [tcc.bip39.lookup_word(w) for w in words]
# map to packed binary representation.
val = 0
for v in data:
val <<= 11
val |= v
# remove the checksum part
vlen = (len(words) * 4) // 3
val >>= (len(words) // 3)
# convert to bytes
seed = val.to_bytes(vlen, 'big')
assert len(seed) == vlen
from main import dis, pa, settings
# encode it for our limited secret space
nv = SecretStash.encode(seed_phrase=seed)
dis.fullscreen('Applying...')
pa.change(new_secret=nv)
# re-read settings since key is now different
# - also captures xfp, xpub at this point
pa.new_main_secret(nv)
# check and reload secret
pa.reset()
pa.login()
async def remember_bip39_passphrase():
# Compute current xprv and switch to using that as root secret.
import stash
from main import dis, pa
dis.fullscreen('Check...')
with stash.SensitiveValues() as sv:
nv = SecretStash.encode(xprv=sv.node)
# Important: won't write new XFP to nvram if pw still set
stash.bip39_passphrase = ''
dis.fullscreen('Saving...')
pa.change(new_secret=nv)
# re-read settings since key is now different
# - also captures xfp, xpub at this point
pa.new_main_secret(nv)
# check and reload secret
pa.reset()
pa.login()
async def start_login_sequence():
# Boot up login sequence here.
#
from main import pa, settings, dis, loop, numpad
if pa.is_blank():
# Blank devices, with no PIN set all, can continue w/o login
# Do green-light set immediately after firmware upgrade
if version.is_fresh_version():
pa.greenlight_firmware()
dis.show()
goto_top_menu()
return
# maybe show a nickname before we do anything
nickname = settings.get('nick', None)
if nickname:
try:
await show_nickname(nickname)
except:
pass
# Allow impatient devs and crazy people to skip the PIN
guess = settings.get('_skip_pin', None)
if guess is not None:
try:
dis.fullscreen("(Skip PIN)")
pa.setup(guess)
pa.login()
except:
pass
# if that didn't work, or no skip defined, force
# them to login succefully.
while not pa.is_successful():
# always get a PIN and login first
await block_until_login()
# Must re-read settings after login
settings.set_key()
settings.load()
# implement "login countdown" feature
delay = settings.get('lgto', 0)
if delay:
pa.reset()
await login_countdown(delay)
await block_until_login()
# Restore a login preference or two
numpad.sensitivity = settings.get('sens', numpad.sensitivity)
# Do green-light set immediately after firmware upgrade
if not pa.is_secondary:
if version.is_fresh_version():
pa.greenlight_firmware()
dis.show()
# Populate xfp/xpub values, if missing.
# - can happen for first-time login of duress wallet
# - may indicate lost settings, which we can easily recover from
# - these values are important to USB protocol
if not (settings.get('xfp', 0)
and settings.get('xpub', 0)) and not pa.is_secret_blank():
try:
import stash
# Recalculate xfp/xpub values (depends both on secret and chain)
with stash.SensitiveValues() as sv:
sv.capture_xpub()
except Exception as exc:
# just in case, keep going; we're not useless and this
# is early in boot process
print("XFP save failed: %s" % exc)
# Allow USB protocol, now that we are auth'ed
from usb import enable_usb
enable_usb(loop, False)
goto_top_menu()
async def start_login_sequence():
# Boot up login sequence here.
#
from main import pa, settings, dis, loop, numpad
from ux import idle_logout
if pa.is_blank():
# Blank devices, with no PIN set all, can continue w/o login
# Do green-light set immediately after firmware upgrade
if version.is_fresh_version():
pa.greenlight_firmware()
dis.show()
goto_top_menu()
return
# maybe show a nickname before we do anything
nickname = settings.get('nick', None)
if nickname:
try:
await show_nickname(nickname)
except:
pass
# Allow impatient devs and crazy people to skip the PIN
guess = settings.get('_skip_pin', None)
if guess is not None:
try:
dis.fullscreen("(Skip PIN)")
pa.setup(guess)
pa.login()
except:
pass
# do they want a randomized (shuffled) keypad?
rnd_keypad = settings.get('rngk', 0)
# if that didn't work, or no skip defined, force
# them to login succefully.
while not pa.is_successful():
# always get a PIN and login first
await block_until_login(rnd_keypad)
# Must re-read settings after login
settings.set_key()
settings.load()
# implement "login countdown" feature
delay = settings.get('lgto', 0)
if delay:
pa.reset()
await login_countdown(delay)
await block_until_login(rnd_keypad)
# implement idle timeout now that we are logged-in
loop.create_task(idle_logout())
# Do green-light set immediately after firmware upgrade
if not pa.is_secondary:
if version.is_fresh_version():
pa.greenlight_firmware()
dis.show()
# Populate xfp/xpub values, if missing.
# - can happen for first-time login of duress wallet
# - may indicate lost settings, which we can easily recover from
# - these values are important to USB protocol
if not (settings.get('xfp', 0)
and settings.get('xpub', 0)) and not pa.is_secret_blank():
try:
import stash
# Recalculate xfp/xpub values (depends both on secret and chain)
with stash.SensitiveValues() as sv:
sv.capture_xpub()
except Exception as exc:
# just in case, keep going; we're not useless and this
# is early in boot process
print("XFP save failed: %s" % exc)
# If HSM policy file is available, offer to start that,
# **before** the USB is even enabled.
if version.has_fatram:
try:
import hsm, hsm_ux
if hsm.hsm_policy_available():
ar = await hsm_ux.start_hsm_approval(usb_mode=False,
startup_mode=True)
if ar:
await ar.interact()
except:
pass
# Allow USB protocol, now that we are auth'ed
from usb import enable_usb
enable_usb(loop, False)
goto_top_menu()
