def get_tz_priv(coin, path):
session_id = bytes.fromhex(environ.get('TZ_SESSIONID', ''))
if trezor and len(session_id) == 32:
device = get_transport()
client = TrezorClient(transport=device,
ui=ClickUI(),
session_id=session_id)
n_path = parse_path(
"m/10065'/0'") # Logical path for BIP0065 operation
info = get_public_node(client, n_path, coin_name=coin)
side, pubkey = (info.node.public_key[0], info.node.public_key[1:])
left = True if side == 2 else False
print("seed", b2x(pubkey), side)
priv = encrypt_keyvalue(client,
n_path,
path,
pubkey,
ask_on_decrypt=side,
ask_on_encrypt=False)
client.close()
print("priv", b2x(priv), left)
is_valid(priv)
return CBitcoinSecret.from_secret_bytes(priv)
else:
print("trezorlib must be available")
print("see: https://pypi.org/project/trezor/")
print("TZ_SESSIONID enviroinment variable required")
print("See: trezorctl get-session --help")
sys.exit(2)
def encrypt(ctrl, hw_session: HwSessionInfo, bip32_path_n: List[int], label: str,
value: bytearray):
ctrl.dlg_config_fun(dlg_title="Data encryption", show_progress_bar=False)
ctrl.display_msg_fun(f'<b>Encrypting \'{label}\'...</b>'
f'<br><br>Enter the hardware wallet PIN/passphrase (if needed) to encrypt data.<br><br>'
f'<b>Note:</b> encryption passphrase is independent from the wallet passphrase <br>'
f'and can vary for each encrypted file.')
if hw_session.hw_type == HWType.trezor:
from trezorlib import misc, btc
client = hw_session.hw_client
data = misc.encrypt_keyvalue(client, bip32_path_n, label, value, ask_on_encrypt, ask_on_decrypt)
pub_key = btc.get_public_node(client, bip32_path_n).node.public_key
return data, pub_key
elif hw_session.hw_type == HWType.keepkey:
client = hw_session.hw_client
data = client.encrypt_keyvalue(bip32_path_n, label, value, ask_on_encrypt, ask_on_decrypt)
pub_key = client.get_public_node(bip32_path_n).node.public_key
return data, pub_key
elif hw_session.hw_type == HWType.ledger_nano_s:
raise Exception('Feature not available for Ledger Nano S.')
else:
raise Exception('Invalid HW type: ' + str(hw_session))
def encrypt(type, domain, secret):
transport = get_transport()
client = TrezorClient(transport, ClickUI())
dom = type.upper() + ": " + domain
enc = encrypt_keyvalue(client, BIP32_PATH, dom, secret.encode(), False, True)
client.close()
return enc.hex()
def getMasterKey(client: TrezorClient) -> str:
bip32_path = BIP32_PATH
ENC_KEY = "Activate TREZOR Password Manager?"
ENC_VALUE = bytes.fromhex(
"2d650551248d792eabf628f451200d7f51cb63e46aadcbb1038aacb05e8c8aee2d650551248d792eabf628f451200d7f51cb63e46aadcbb1038aacb05e8c8aee"
)
key = misc.encrypt_keyvalue(client, bip32_path, ENC_KEY, ENC_VALUE, True, True)
return key.hex()
def encrypt(type, domain, secret):
transport = get_transport()
client = TrezorClient(transport, ClickUI())
dom = type.upper() + ": " + domain
enc = encrypt_keyvalue(client, BIP32_PATH, dom, secret.encode(), False,
True)
client.close()
return enc.hex()
def __decryptMasterKey(self):
self.__getClient()
ENC_KEY = 'Activate TREZOR Password Manager?'
ENC_VALUE = bytes.fromhex(
'2d650551248d792eabf628f451200d7f51cb63e46aadcbb1038aacb05e8c8aee2d650551248d792eabf628f451200d7f51cb63e46aadcbb1038aacb05e8c8aee'
)
key = misc.encrypt_keyvalue(self.client, BIP32_PATH, ENC_KEY,
ENC_VALUE, True, True)
return key.hex()
def getMasterKey(client):
bip32_path = BIP32_PATH
ENC_KEY = 'Activate TREZOR Password Manager?'
ENC_VALUE = bytes.fromhex('2d650551248d792eabf628f451200d7f51cb63e46aadcbb1038aacb05e8c8aee2d650551248d792eabf628f451200d7f51cb63e46aadcbb1038aacb05e8c8aee')
key = misc.encrypt_keyvalue(
client,
bip32_path,
ENC_KEY,
ENC_VALUE,
True,
True
)
return key.hex()
def getEncryptedNonce(self, entry, entropy):
self.__getClient()
if 'item' in entry:
item = entry['item']
else:
item = entry['title']
pr = urlparse(item)
if pr.scheme and pr.netloc:
item = pr.netloc
ENC_KEY = 'Unlock %s for user %s?' % (item, entry['username'])
ENC_VALUE = hashlib.sha256(entropy).digest()
encrypted_nonce = misc.encrypt_keyvalue(self.client, BIP32_PATH,
ENC_KEY,
bytes.fromhex(ENC_VALUE.hex()),
False, True)
return encrypted_nonce.hex()
def encrypt_item(self, key, value):
u"""Encrypt the given value using the connected Trezor."""
trezor = self.find_trezor()
address_n = tools.parse_path(self.BIP_ADDRESS)
nonce = os.urandom(self.ITEM_NONCE_SIZE)
nonce_key = 'Decrypt key {}?'.format(key)
encrypted_nonce = bytes(
misc.encrypt_keyvalue(trezor,
address_n,
nonce_key,
nonce,
ask_on_encrypt=False,
ask_on_decrypt=True))
encrypted_value = aes_gcm_encrypt(nonce, value.encode())
trezor.close()
return encrypted_nonce, encrypted_value
def _generate_master_key(self):
"""Returns the key for aes file encryption.
To generate a unique and deterministic encryption key, we simply
encrypt a constant value using the Trezor.
"""
trezor = self.find_trezor()
address_n = tools.parse_path(self.BIP_ADDRESS)
key = bytes(
misc.encrypt_keyvalue(trezor,
address_n,
self.MASTER_ENC_KEY,
self.MASTER_ENC_VAL,
ask_on_encrypt=True,
ask_on_decrypt=True))
return key
def test_encrypt(client: Client):
res = misc.encrypt_keyvalue(
client,
[0, 1, 2],
"test",
b"testing message!",
ask_on_encrypt=True,
ask_on_decrypt=True,
)
assert res.hex() == "676faf8f13272af601776bc31bc14e8f"
res = misc.encrypt_keyvalue(
client,
[0, 1, 2],
"test",
b"testing message!",
ask_on_encrypt=True,
ask_on_decrypt=False,
)
assert res.hex() == "5aa0fbcb9d7fa669880745479d80c622"
res = misc.encrypt_keyvalue(
client,
[0, 1, 2],
"test",
b"testing message!",
ask_on_encrypt=False,
ask_on_decrypt=True,
)
assert res.hex() == "958d4f63269b61044aaedc900c8d6208"
res = misc.encrypt_keyvalue(
client,
[0, 1, 2],
"test",
b"testing message!",
ask_on_encrypt=False,
ask_on_decrypt=False,
)
assert res.hex() == "e0cf0eb0425947000eb546cc3994bc6c"
# different key
res = misc.encrypt_keyvalue(
client,
[0, 1, 2],
"test2",
b"testing message!",
ask_on_encrypt=True,
ask_on_decrypt=True,
)
assert res.hex() == "de247a6aa6be77a134bb3f3f925f13af"
# different message
res = misc.encrypt_keyvalue(
client,
[0, 1, 2],
"test",
b"testing message! it is different",
ask_on_encrypt=True,
ask_on_decrypt=True,
)
assert (res.hex() ==
"676faf8f13272af601776bc31bc14e8f3ae1c88536bf18f1b44f1e4c2c4a613d")
# different path
res = misc.encrypt_keyvalue(
client,
[0, 1, 3],
"test",
b"testing message!",
ask_on_encrypt=True,
ask_on_decrypt=True,
)
assert res.hex() == "b4811a9d492f5355a5186ddbfccaae7b"
def test_encrypt_badlen(client: Client):
with pytest.raises(Exception):
misc.encrypt_keyvalue(client, [0, 1, 2], "test", b"testing")
def test_encrypt_badlen(self):
self.setup_mnemonic_nopin_nopassphrase()
with pytest.raises(Exception):
misc.encrypt_keyvalue(self.client, [0, 1, 2], b"test", b"testing")
def test_encrypt(self):
self.setup_mnemonic_nopin_nopassphrase()
# different ask values
res = misc.encrypt_keyvalue(
self.client,
[0, 1, 2],
b"test",
b"testing message!",
ask_on_encrypt=True,
ask_on_decrypt=True,
)
assert res.hex() == "676faf8f13272af601776bc31bc14e8f"
res = misc.encrypt_keyvalue(
self.client,
[0, 1, 2],
b"test",
b"testing message!",
ask_on_encrypt=True,
ask_on_decrypt=False,
)
assert res.hex() == "5aa0fbcb9d7fa669880745479d80c622"
res = misc.encrypt_keyvalue(
self.client,
[0, 1, 2],
b"test",
b"testing message!",
ask_on_encrypt=False,
ask_on_decrypt=True,
)
assert res.hex() == "958d4f63269b61044aaedc900c8d6208"
res = misc.encrypt_keyvalue(
self.client,
[0, 1, 2],
b"test",
b"testing message!",
ask_on_encrypt=False,
ask_on_decrypt=False,
)
assert res.hex() == "e0cf0eb0425947000eb546cc3994bc6c"
# different key
res = misc.encrypt_keyvalue(
self.client,
[0, 1, 2],
b"test2",
b"testing message!",
ask_on_encrypt=True,
ask_on_decrypt=True,
)
assert res.hex() == "de247a6aa6be77a134bb3f3f925f13af"
# different message
res = misc.encrypt_keyvalue(
self.client,
[0, 1, 2],
b"test",
b"testing message! it is different",
ask_on_encrypt=True,
ask_on_decrypt=True,
)
assert (
res.hex()
== "676faf8f13272af601776bc31bc14e8f3ae1c88536bf18f1b44f1e4c2c4a613d"
)
# different path
res = misc.encrypt_keyvalue(
self.client,
[0, 1, 3],
b"test",
b"testing message!",
ask_on_encrypt=True,
ask_on_decrypt=True,
)
assert res.hex() == "b4811a9d492f5355a5186ddbfccaae7b"
def test_encrypt_badlen(self):
self.setup_mnemonic_nopin_nopassphrase()
with pytest.raises(Exception):
misc.encrypt_keyvalue(self.client, [0, 1, 2], b"test", b"testing")
def encrypt(key, value):
addr = [0,1,2]
enc = misc.encrypt_keyvalue(client, addr, key, value, ask_on_encrypt=True, ask_on_decrypt=True)
return enc
def test_encrypt(self):
self.setup_mnemonic_nopin_nopassphrase()
# different ask values
res = misc.encrypt_keyvalue(
self.client,
[0, 1, 2],
b"test",
b"testing message!",
ask_on_encrypt=True,
ask_on_decrypt=True,
)
assert hexlify(res) == b"676faf8f13272af601776bc31bc14e8f"
res = misc.encrypt_keyvalue(
self.client,
[0, 1, 2],
b"test",
b"testing message!",
ask_on_encrypt=True,
ask_on_decrypt=False,
)
assert hexlify(res) == b"5aa0fbcb9d7fa669880745479d80c622"
res = misc.encrypt_keyvalue(
self.client,
[0, 1, 2],
b"test",
b"testing message!",
ask_on_encrypt=False,
ask_on_decrypt=True,
)
assert hexlify(res) == b"958d4f63269b61044aaedc900c8d6208"
res = misc.encrypt_keyvalue(
self.client,
[0, 1, 2],
b"test",
b"testing message!",
ask_on_encrypt=False,
ask_on_decrypt=False,
)
assert hexlify(res) == b"e0cf0eb0425947000eb546cc3994bc6c"
# different key
res = misc.encrypt_keyvalue(
self.client,
[0, 1, 2],
b"test2",
b"testing message!",
ask_on_encrypt=True,
ask_on_decrypt=True,
)
assert hexlify(res) == b"de247a6aa6be77a134bb3f3f925f13af"
# different message
res = misc.encrypt_keyvalue(
self.client,
[0, 1, 2],
b"test",
b"testing message! it is different",
ask_on_encrypt=True,
ask_on_decrypt=True,
)
assert (
hexlify(res) ==
b"676faf8f13272af601776bc31bc14e8f3ae1c88536bf18f1b44f1e4c2c4a613d"
)
# different path
res = misc.encrypt_keyvalue(
self.client,
[0, 1, 3],
b"test",
b"testing message!",
ask_on_encrypt=True,
ask_on_decrypt=True,
)
assert hexlify(res) == b"b4811a9d492f5355a5186ddbfccaae7b"
