Home Explore Help
Sign In
mmgen
/
mmgen-wallet
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 17ae5a49c3
Branches Tags
mmgen-wallet
/
mmgen
/
bip39.py

bip39.py 4.5 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142 
  1. #!/usr/bin/env python3
    2. 

  2. #
    3. 

  3. # MMGen Wallet, a terminal-based cryptocurrency wallet
    4. 

  4. # Copyright (C)2013-2025 The MMGen Project <mmgen@tuta.io>
    5. 

  5. #
    6. 

  6. # This program is free software: you can redistribute it and/or modify
    7. 

  7. # it under the terms of the GNU General Public License as published by
    8. 

  8. # the Free Software Foundation, either version 3 of the License, or
    9. 

  9. # (at your option) any later version.
    10. 

  10. #
    11. 

  11. # This program is distributed in the hope that it will be useful,
    12. 

  12. # but WITHOUT ANY WARRANTY; without even the implied warranty of
    13. 

  13. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    14. 

  14. # GNU General Public License for more details.
    15. 

  15. #
    16. 

  16. # You should have received a copy of the GNU General Public License
    17. 

  17. # along with this program.  If not, see <http://www.gnu.org/licenses/>.
    18. 

  18. 

  19. """
    20. 

  20. bip39.py - Data and routines for BIP39 mnemonic seed phrases
    21. 

  21. """
    22. 

  22. 

  23. from hashlib import sha256
    24. 

  24. 

  25. from .baseconv import baseconv
    26. 

  26. from .util import is_hex_str, die
    27. 

  27. 

  28. def is_bip39_mnemonic(s):
    29. 

  29. 	return bool(bip39().tohex(s.split()))
    30. 

  30. 

  31. # implements a subset of the baseconv API
    32. 

  32. class bip39(baseconv):
    33. 

  33. 

  34. 	desc            = baseconv.dt('BIP39 mnemonic', 'BIP39 mnemonic seed phrase')
    35. 

  35. 	wl_chksum       = 'f18b9a84'
    36. 

  36. 	seedlen_map     = {16:12, 24:18, 32:24}
    37. 

  37. 	seedlen_map_rev = {12:16, 18:24, 24:32}
    38. 

  38. 

  39. 	from collections import namedtuple
    40. 

  40. 	bc = namedtuple('bip39_constants', ['chk_len', 'mn_len'])
    41. 

  41. 	#    ENT   CS  MS
    42. 

  42. 	constants = {
    43. 

  43. 		128: bc(4, 12),
    44. 

  44. 		160: bc(5, 15),
    45. 

  45. 		192: bc(6, 18),
    46. 

  46. 		224: bc(7, 21),
    47. 

  47. 		256: bc(8, 24),
    48. 

  48. 	}
    49. 

  49. 

  50. 	def __init__(self, wl_id='bip39'):
    51. 

  51. 		assert wl_id == 'bip39', "initialize with 'bip39' for compatibility with baseconv API"
    52. 

  52. 		from .wordlist.bip39 import words
    53. 

  53. 		self.digits = words
    54. 

  54. 		self.wl_id = 'bip39'
    55. 

  55. 

  56. 	@classmethod
    57. 

  57. 	def nwords2seedlen(cls, nwords, /, *, in_bytes=False, in_hex=False):
    58. 

  58. 		for k, v in cls.constants.items():
    59. 

  59. 			if v.mn_len == nwords:
    60. 

  60. 				return k//8 if in_bytes else k//4 if in_hex else k
    61. 

  61. 		die('MnemonicError', f'{nwords!r}: invalid word length for BIP39 mnemonic')
    62. 

  62. 

  63. 	@classmethod
    64. 

  64. 	def seedlen2nwords(cls, seed_len, /, *, in_bytes=False, in_hex=False):
    65. 

  65. 		seed_bits = seed_len * 8 if in_bytes else seed_len * 4 if in_hex else seed_len
    66. 

  66. 		try:
    67. 

  67. 			return cls.constants[seed_bits].mn_len
    68. 

  68. 		except Exception as e:
    69. 

  69. 			raise ValueError(f'{seed_bits!r}: invalid seed length for BIP39 mnemonic') from e
    70. 

  70. 

  71. 	def tohex(self, words_arg, /, *, pad=None):
    72. 

  72. 		return self.tobytes(words_arg, pad=pad).hex()
    73. 

  73. 

  74. 	def tobytes(self, words_arg, /, *, pad=None):
    75. 

  75. 		assert isinstance(words_arg, (list, tuple)), 'words_arg must be list or tuple'
    76. 

  76. 		assert pad in (None, 'seed'), f"{pad}: invalid 'pad' argument (must be None or 'seed')"
    77. 

  77. 

  78. 		wl = self.digits
    79. 

  79. 

  80. 		for n, w in enumerate(words_arg):
    81. 

  81. 			if w not in wl:
    82. 

  82. 				die('MnemonicError', f'word #{n+1} is not in the BIP39 word list')
    83. 

  83. 

  84. 		res = ''.join(f'{wl.index(w):011b}' for w in words_arg)
    85. 

  85. 

  86. 		for k, v in self.constants.items():
    87. 

  87. 			if len(words_arg) == v.mn_len:
    88. 

  88. 				bitlen = k
    89. 

  89. 				break
    90. 

  90. 		else:
    91. 

  91. 			die('MnemonicError', f'{len(words_arg)}: invalid BIP39 seed phrase length')
    92. 

  92. 

  93. 		seed_bin = res[:bitlen]
    94. 

  94. 		chk_bin = res[bitlen:]
    95. 

  95. 

  96. 		seed_hex = f'{int(seed_bin, 2):0{bitlen//4}x}'
    97. 

  97. 		seed_bytes = bytes.fromhex(seed_hex)
    98. 

  98. 

  99. 		chk_len = self.constants[bitlen].chk_len
    100. 

  100. 		chk_hex_chk = sha256(seed_bytes).hexdigest()
    101. 

  101. 		chk_bin_chk = f'{int(chk_hex_chk, 16):0256b}'[:chk_len]
    102. 

  102. 

  103. 		if chk_bin != chk_bin_chk:
    104. 

  104. 			die('MnemonicError', f'invalid BIP39 seed phrase checksum ({chk_bin} != {chk_bin_chk})')
    105. 

  105. 

  106. 		return seed_bytes
    107. 

  107. 

  108. 	def fromhex(self, hexstr, /, *, pad=None, tostr=False):
    109. 

  109. 		assert is_hex_str(hexstr), 'seed data not a hexadecimal string'
    110. 

  110. 		return self.frombytes(bytes.fromhex(hexstr), pad=pad, tostr=tostr)
    111. 

  111. 

  112. 	def frombytes(self, seed_bytes, /, *, pad=None, tostr=False):
    113. 

  113. 		assert tostr is False, "'tostr' must be False for 'bip39'"
    114. 

  114. 		assert pad in (None, 'seed'), f"{pad}: invalid 'pad' argument (must be None or 'seed')"
    115. 

  115. 

  116. 		wl = self.digits
    117. 

  117. 		bitlen = len(seed_bytes) * 8
    118. 

  118. 

  119. 		assert bitlen in self.constants, f'{bitlen}: invalid seed bit length'
    120. 

  120. 		c = self.constants[bitlen]
    121. 

  121. 

  122. 		chk_hex = sha256(seed_bytes).hexdigest()
    123. 

  123. 

  124. 		seed_bin = f'{int(seed_bytes.hex(), 16):0{bitlen}b}'
    125. 

  125. 		chk_bin  = f'{int(chk_hex, 16):0256b}'
    126. 

  126. 

  127. 		res = seed_bin + chk_bin
    128. 

  128. 

  129. 		return tuple(wl[int(res[i*11:(i+1)*11], 2)] for i in range(c.mn_len))
    130. 

  130. 

  131. 	def generate_seed(self, words_arg, /, *, passwd=''):
    132. 

  132. 

  133. 		self.tohex(words_arg) # validate
    134. 

  134. 

  135. 		from cryptography.hazmat.primitives import hashes
    136. 

  136. 		from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
    137. 

  137. 		return PBKDF2HMAC(
    138. 

  138. 			algorithm  = hashes.SHA512(),
    139. 

  139. 			length     = 64,
    140. 

  140. 			salt       = b'mnemonic' + passwd.encode(),
    141. 

  141. 			iterations = 2048
    142. 

  142. 		).derive(' '.join(words_arg).encode())
    143.