def encrypt_shard(passphrase, unencrypted_shard):
(identifier, iteration_exponent, group_index, group_threshold, groups, member_index, member_threshold, value) = unencrypted_shard
encrypted_value = value
# If there was not passphrase given, do not actually encrypt anything
if passphrase is not None:
encrypted_value = _encrypt(value, passphrase, iteration_exponent, identifier)
return (identifier, iteration_exponent, group_index, group_threshold, groups, member_index, member_threshold, encrypted_value)
def backup_flow_slip39_advanced(client):
mnemonics = []
def input_flow():
# 1. Confirm Reset
# 2. shares info
# 3. Set & Confirm number of groups
# 4. threshold info
# 5. Set & confirm group threshold value
# 6-15: for each of 5 groups:
# 1. Set & Confirm number of shares
# 2. Set & confirm share threshold value
# 16. Confirm show seeds
yield from click_through(client.debug, screens=16, code=B.ResetDevice)
# show & confirm shares for all groups
for _ in range(5):
for _ in range(5):
# mnemonic phrases
btn_code = yield
assert btn_code == B.ResetDevice
mnemonic = read_and_confirm_mnemonic(client.debug, words=20)
mnemonics.append(mnemonic)
# Confirm continue to next share
btn_code = yield
assert btn_code == B.Success
client.debug.press_yes()
# safety warning
btn_code = yield
assert btn_code == B.Success
client.debug.press_yes()
with client:
client.set_input_flow(input_flow)
client.set_expected_responses(
[messages.ButtonRequest(code=B.ResetDevice)] * 6 # intro screens
+ [
messages.ButtonRequest(code=B.ResetDevice),
messages.ButtonRequest(code=B.ResetDevice),
] * 5 # group thresholds
+ [
messages.ButtonRequest(code=B.ResetDevice),
messages.ButtonRequest(code=B.Success),
] * 25 # individual shares
+ [
messages.ButtonRequest(code=B.Success),
messages.Success(),
messages.Features(),
])
device.backup(client)
mnemonics = mnemonics[0:3] + mnemonics[5:8] + mnemonics[10:13]
ms = shamir.combine_mnemonics(mnemonics)
identifier, iteration_exponent, _, _, _ = shamir._decode_mnemonics(
mnemonics)
secret = shamir._encrypt(ms, b"", iteration_exponent, identifier)
return secret
def validate_mnemonics(mnemonics, expected_ems):
# We expect these combinations to recreate the secret properly
# In case of click tests the mnemonics are always XofX so no need for combinations
ms = shamir.combine_mnemonics(mnemonics)
identifier, iteration_exponent, _, _, _ = shamir._decode_mnemonics(
mnemonics)
ems = shamir._encrypt(ms, b"", iteration_exponent, identifier)
assert ems == expected_ems
def validate_mnemonics(mnemonics, threshold, expected_ems):
# 3of5 shares 3of5 groups
# TODO: test all possible group+share combinations?
test_combination = mnemonics[0:3] + mnemonics[5:8] + mnemonics[10:13]
ms = shamir.combine_mnemonics(test_combination)
identifier, iteration_exponent, _, _, _ = shamir._decode_mnemonics(test_combination)
ems = shamir._encrypt(ms, b"", iteration_exponent, identifier)
assert ems == expected_ems
def validate_mnemonics(mnemonics, threshold, expected_ems):
# We expect these combinations to recreate the secret properly
for test_group in combinations(mnemonics, threshold):
# TODO: HOTFIX, we should fix this properly by modifying and unifying the python-shamir-mnemonic API
ms = shamir.combine_mnemonics(test_group)
identifier, iteration_exponent, _, _, _ = shamir._decode_mnemonics(test_group)
ems = shamir._encrypt(ms, b"", iteration_exponent, identifier)
assert ems == expected_ems
# We expect these combinations to raise MnemonicError
for test_group in combinations(mnemonics, threshold - 1):
with pytest.raises(
MnemonicError, match=r".*Expected {} mnemonics.*".format(threshold)
):
shamir.combine_mnemonics(test_group)
def backup_flow_slip39_basic(client):
mnemonics = []
def input_flow():
# 1. Checklist
# 2. Number of shares (5)
# 3. Checklist
# 4. Threshold (3)
# 5. Checklist
# 6. Confirm show seeds
yield from click_through(client.debug, screens=6, code=B.ResetDevice)
# Mnemonic phrases
for _ in range(5):
yield # Phrase screen
mnemonic = read_and_confirm_mnemonic(client.debug, words=20)
mnemonics.append(mnemonic)
yield # Confirm continue to next
client.debug.press_yes()
# Confirm backup
yield
client.debug.press_yes()
with client:
client.set_input_flow(input_flow)
client.set_expected_responses(
[messages.ButtonRequest(code=B.ResetDevice)] * 6 # intro screens
+ [
messages.ButtonRequest(code=B.ResetDevice),
messages.ButtonRequest(code=B.Success),
] * 5 # individual shares
+ [
messages.ButtonRequest(code=B.Success),
messages.Success(),
messages.Features(),
])
device.backup(client)
mnemonics = mnemonics[:3]
ms = shamir.combine_mnemonics(mnemonics)
identifier, iteration_exponent, _, _, _ = shamir._decode_mnemonics(
mnemonics)
secret = shamir._encrypt(ms, b"", iteration_exponent, identifier)
return secret
def encrypt_shard(passphrase, unencrypted_shard):
(identifier, iteration_exponent, group_index, group_threshold, groups, member_index, member_threshold, value) = unencrypted_shard
encrypted_value = _encrypt(value, passphrase, iteration_exponent, identifier)
return (identifier, iteration_exponent, group_index, group_threshold, groups, member_index, member_threshold, encrypted_value)
