Home Explore Help
Sign In
mmgen
/
mmgen-wallet
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: cbe952a774
Branches Tags
mmgen-wallet
/
mmgen
/
bip39.py

bip39.py 4.5 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143 
  1. #!/usr/bin/env python3
    2. 

  2. #
    3. 

  3. # mmgen = Multi-Mode GENerator, command-line Bitcoin cold storage solution
    4. 

  4. # Copyright (C)2013-2023 The MMGen Project <mmgen@tuta.io>
    5. 

  5. #
    6. 

  6. # This program is free software: you can redistribute it and/or modify
    7. 

  7. # it under the terms of the GNU General Public License as published by
    8. 

  8. # the Free Software Foundation, either version 3 of the License, or
    9. 

  9. # (at your option) any later version.
    10. 

  10. #
    11. 

  11. # This program is distributed in the hope that it will be useful,
    12. 

  12. # but WITHOUT ANY WARRANTY; without even the implied warranty of
    13. 

  13. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    14. 

  14. # GNU General Public License for more details.
    15. 

  15. #
    16. 

  16. # You should have received a copy of the GNU General Public License
    17. 

  17. # along with this program.  If not, see <http://www.gnu.org/licenses/>.
    18. 

  18. 

  19. """
    20. 

  20. bip39.py - Data and routines for BIP39 mnemonic seed phrases
    21. 

  21. """
    22. 

  22. 

  23. from hashlib import sha256
    24. 

  24. 

  25. from .baseconv import baseconv
    26. 

  26. from .util import is_hex_str,die
    27. 

  27. 

  28. def is_bip39_mnemonic(s):
    29. 

  29. 	return bool( bip39().tohex(s.split()) )
    30. 

  30. 

  31. # implements a subset of the baseconv API
    32. 

  32. class bip39(baseconv):
    33. 

  33. 

  34. 	desc            = baseconv.dt('BIP39 mnemonic', 'BIP39 mnemonic seed phrase')
    35. 

  35. 	wl_chksum       = 'f18b9a84'
    36. 

  36. 	seedlen_map     = { 16:12, 24:18, 32:24 }
    37. 

  37. 	seedlen_map_rev = { 12:16, 18:24, 24:32 }
    38. 

  38. 

  39. 	from collections import namedtuple
    40. 

  40. 	bc = namedtuple('bip39_constants',['chk_len','mn_len'])
    41. 

  41. 	#    ENT   CS  MS
    42. 

  42. 	constants = {
    43. 

  43. 		128: bc(4, 12),
    44. 

  44. 		160: bc(5, 15),
    45. 

  45. 		192: bc(6, 18),
    46. 

  46. 		224: bc(7, 21),
    47. 

  47. 		256: bc(8, 24),
    48. 

  48. 	}
    49. 

  49. 

  50. 	def __init__(self,wl_id='bip39'):
    51. 

  51. 		assert wl_id == 'bip39', "initialize with 'bip39' for compatibility with baseconv API"
    52. 

  52. 		from .wordlist.bip39 import words
    53. 

  53. 		self.digits = words
    54. 

  54. 		self.wl_id = 'bip39'
    55. 

  55. 

  56. 	@classmethod
    57. 

  57. 	def nwords2seedlen(cls,nwords,in_bytes=False,in_hex=False):
    58. 

  58. 		for k,v in cls.constants.items():
    59. 

  59. 			if v.mn_len == nwords:
    60. 

  60. 				return k//8 if in_bytes else k//4 if in_hex else k
    61. 

  61. 		die( 'MnemonicError', f'{nwords!r}: invalid word length for BIP39 mnemonic' )
    62. 

  62. 

  63. 	@classmethod
    64. 

  64. 	def seedlen2nwords(cls,seed_len,in_bytes=False,in_hex=False):
    65. 

  65. 		seed_bits = seed_len * 8 if in_bytes else seed_len * 4 if in_hex else seed_len
    66. 

  66. 		try:
    67. 

  67. 			return cls.constants[seed_bits].mn_len
    68. 

  68. 		except Exception as e:
    69. 

  69. 			raise ValueError(f'{seed_bits!r}: invalid seed length for BIP39 mnemonic') from e
    70. 

  70. 

  71. 	def tobytes(self,*args,**kwargs):
    72. 

  72. 		raise NotImplementedError('Method not supported')
    73. 

  73. 

  74. 	def frombytes(self,*args,**kwargs):
    75. 

  75. 		raise NotImplementedError('Method not supported')
    76. 

  76. 

  77. 	def tohex(self,words_arg,pad=None):
    78. 

  78. 		assert isinstance(words_arg,(list,tuple)),'words_arg must be list or tuple'
    79. 

  79. 		assert pad in (None,'seed'), f"{pad}: invalid 'pad' argument (must be None or 'seed')"
    80. 

  80. 

  81. 		wl = self.digits
    82. 

  82. 

  83. 		for n,w in enumerate(words_arg):
    84. 

  84. 			if w not in wl:
    85. 

  85. 				die( 'MnemonicError', f'word #{n+1} is not in the BIP39 word list' )
    86. 

  86. 

  87. 		res = ''.join(f'{wl.index(w):011b}' for w in words_arg)
    88. 

  88. 

  89. 		for k,v in self.constants.items():
    90. 

  90. 			if len(words_arg) == v.mn_len:
    91. 

  91. 				bitlen = k
    92. 

  92. 				break
    93. 

  93. 		else:
    94. 

  94. 			die( 'MnemonicError', f'{len(words_arg)}: invalid BIP39 seed phrase length' )
    95. 

  95. 

  96. 		seed_bin = res[:bitlen]
    97. 

  97. 		chk_bin = res[bitlen:]
    98. 

  98. 

  99. 		seed_hex = f'{int(seed_bin,2):0{bitlen//4}x}'
    100. 

  100. 		seed_bytes = bytes.fromhex(seed_hex)
    101. 

  101. 

  102. 		chk_len = self.constants[bitlen].chk_len
    103. 

  103. 		chk_hex_chk = sha256(seed_bytes).hexdigest()
    104. 

  104. 		chk_bin_chk = f'{int(chk_hex_chk,16):0256b}'[:chk_len]
    105. 

  105. 

  106. 		if chk_bin != chk_bin_chk:
    107. 

  107. 			die( 'MnemonicError', f'invalid BIP39 seed phrase checksum ({chk_bin} != {chk_bin_chk})' )
    108. 

  108. 

  109. 		return seed_hex
    110. 

  110. 

  111. 	def fromhex(self,hexstr,pad=None,tostr=False):
    112. 

  112. 		assert is_hex_str(hexstr),'seed data not a hexadecimal string'
    113. 

  113. 		assert tostr is False,"'tostr' must be False for 'bip39'"
    114. 

  114. 		assert pad in (None,'seed'), f"{pad}: invalid 'pad' argument (must be None or 'seed')"
    115. 

  115. 

  116. 		wl = self.digits
    117. 

  117. 		seed_bytes = bytes.fromhex(hexstr)
    118. 

  118. 		bitlen = len(seed_bytes) * 8
    119. 

  119. 

  120. 		assert bitlen in self.constants, f'{bitlen}: invalid seed bit length'
    121. 

  121. 		c = self.constants[bitlen]
    122. 

  122. 

  123. 		chk_hex = sha256(seed_bytes).hexdigest()
    124. 

  124. 

  125. 		seed_bin = f'{int(hexstr,16):0{bitlen}b}'
    126. 

  126. 		chk_bin  = f'{int(chk_hex,16):0256b}'
    127. 

  127. 

  128. 		res = seed_bin + chk_bin
    129. 

  129. 

  130. 		return tuple(wl[int(res[i*11:(i+1)*11],2)] for i in range(c.mn_len))
    131. 

  131. 

  132. 	def generate_seed(self,words_arg,passwd=''):
    133. 

  133. 

  134. 		self.tohex(words_arg) # validate
    135. 

  135. 

  136. 		from cryptography.hazmat.primitives import hashes
    137. 

  137. 		from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
    138. 

  138. 		return PBKDF2HMAC(
    139. 

  139. 			algorithm  = hashes.SHA512(),
    140. 

  140. 			length     = 64,
    141. 

  141. 			salt       = b'mnemonic' + passwd.encode(),
    142. 

  142. 			iterations = 2048
    143. 

  143. 		).derive(' '.join(words_arg).encode())
    144.