Home Explore Help
Sign In
mmgen
/
mmgen-wallet
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: f05858a01f
Branches Tags
mmgen-wallet
/
mmgen
/
bip39.py

bip39.py 4.4 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140 
  1. #!/usr/bin/env python3
    2. 

  2. #
    3. 

  3. # MMGen Wallet, a terminal-based cryptocurrency wallet
    4. 

  4. # Copyright (C)2013-2025 The MMGen Project <mmgen@tuta.io>
    5. 

  5. #
    6. 

  6. # This program is free software: you can redistribute it and/or modify
    7. 

  7. # it under the terms of the GNU General Public License as published by
    8. 

  8. # the Free Software Foundation, either version 3 of the License, or
    9. 

  9. # (at your option) any later version.
    10. 

  10. #
    11. 

  11. # This program is distributed in the hope that it will be useful,
    12. 

  12. # but WITHOUT ANY WARRANTY; without even the implied warranty of
    13. 

  13. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    14. 

  14. # GNU General Public License for more details.
    15. 

  15. #
    16. 

  16. # You should have received a copy of the GNU General Public License
    17. 

  17. # along with this program.  If not, see <http://www.gnu.org/licenses/>.
    18. 

  18. 

  19. """
    20. 

  20. bip39.py - Data and routines for BIP39 mnemonic seed phrases
    21. 

  21. """
    22. 

  22. 

  23. from hashlib import sha256
    24. 

  24. 

  25. from .baseconv import baseconv
    26. 

  26. from .util import is_hex_str, die
    27. 

  27. 

  28. def is_bip39_mnemonic(s):
    29. 

  29. 	return bool(bip39().tohex(s.split()))
    30. 

  30. 

  31. # implements a subset of the baseconv API
    32. 

  32. class bip39(baseconv):
    33. 

  33. 

  34. 	desc            = baseconv.dt('BIP39 mnemonic', 'BIP39 mnemonic seed phrase')
    35. 

  35. 	wl_chksum       = 'f18b9a84'
    36. 

  36. 	seedlen_map     = {16:12, 24:18, 32:24}
    37. 

  37. 	seedlen_map_rev = {12:16, 18:24, 24:32}
    38. 

  38. 

  39. 	from collections import namedtuple
    40. 

  40. 	bc = namedtuple('bip39_constants', ['chk_len', 'mn_len'])
    41. 

  41. 	#    ENT   CS  MS
    42. 

  42. 	constants = {
    43. 

  43. 		128: bc(4, 12),
    44. 

  44. 		160: bc(5, 15),
    45. 

  45. 		192: bc(6, 18),
    46. 

  46. 		224: bc(7, 21),
    47. 

  47. 		256: bc(8, 24)}
    48. 

  48. 

  49. 	def __init__(self, wl_id='bip39'):
    50. 

  50. 		assert wl_id == 'bip39', "initialize with 'bip39' for compatibility with baseconv API"
    51. 

  51. 		from .wordlist.bip39 import words
    52. 

  52. 		self.digits = words
    53. 

  53. 		self.wl_id = 'bip39'
    54. 

  54. 

  55. 	@classmethod
    56. 

  56. 	def nwords2seedlen(cls, nwords, /, *, in_bytes=False, in_hex=False):
    57. 

  57. 		for k, v in cls.constants.items():
    58. 

  58. 			if v.mn_len == nwords:
    59. 

  59. 				return k//8 if in_bytes else k//4 if in_hex else k
    60. 

  60. 		die('MnemonicError', f'{nwords!r}: invalid word length for BIP39 mnemonic')
    61. 

  61. 

  62. 	@classmethod
    63. 

  63. 	def seedlen2nwords(cls, seed_len, /, *, in_bytes=False, in_hex=False):
    64. 

  64. 		seed_bits = seed_len * 8 if in_bytes else seed_len * 4 if in_hex else seed_len
    65. 

  65. 		try:
    66. 

  66. 			return cls.constants[seed_bits].mn_len
    67. 

  67. 		except Exception as e:
    68. 

  68. 			raise ValueError(f'{seed_bits!r}: invalid seed length for BIP39 mnemonic') from e
    69. 

  69. 

  70. 	def tohex(self, words_arg, /, *, pad=None):
    71. 

  71. 		return self.tobytes(words_arg, pad=pad).hex()
    72. 

  72. 

  73. 	def tobytes(self, words_arg, /, *, pad=None):
    74. 

  74. 		assert isinstance(words_arg, list | tuple), 'words_arg must be list or tuple'
    75. 

  75. 		assert pad in (None, 'seed'), f"{pad}: invalid 'pad' argument (must be None or 'seed')"
    76. 

  76. 

  77. 		wl = self.digits
    78. 

  78. 

  79. 		for n, w in enumerate(words_arg):
    80. 

  80. 			if w not in wl:
    81. 

  81. 				die('MnemonicError', f'word #{n+1} is not in the BIP39 word list')
    82. 

  82. 

  83. 		res = ''.join(f'{wl.index(w):011b}' for w in words_arg)
    84. 

  84. 

  85. 		for k, v in self.constants.items():
    86. 

  86. 			if len(words_arg) == v.mn_len:
    87. 

  87. 				bitlen = k
    88. 

  88. 				break
    89. 

  89. 		else:
    90. 

  90. 			die('MnemonicError', f'{len(words_arg)}: invalid BIP39 seed phrase length')
    91. 

  91. 

  92. 		seed_bin = res[:bitlen]
    93. 

  93. 		chk_bin = res[bitlen:]
    94. 

  94. 

  95. 		seed_hex = f'{int(seed_bin, 2):0{bitlen//4}x}'
    96. 

  96. 		seed_bytes = bytes.fromhex(seed_hex)
    97. 

  97. 

  98. 		chk_len = self.constants[bitlen].chk_len
    99. 

  99. 		chk_hex_chk = sha256(seed_bytes).hexdigest()
    100. 

  100. 		chk_bin_chk = f'{int(chk_hex_chk, 16):0256b}'[:chk_len]
    101. 

  101. 

  102. 		if chk_bin != chk_bin_chk:
    103. 

  103. 			die('MnemonicError', f'invalid BIP39 seed phrase checksum ({chk_bin} != {chk_bin_chk})')
    104. 

  104. 

  105. 		return seed_bytes
    106. 

  106. 

  107. 	def fromhex(self, hexstr, /, *, pad=None, tostr=False):
    108. 

  108. 		assert is_hex_str(hexstr), 'seed data not a hexadecimal string'
    109. 

  109. 		return self.frombytes(bytes.fromhex(hexstr), pad=pad, tostr=tostr)
    110. 

  110. 

  111. 	def frombytes(self, seed_bytes, /, *, pad=None, tostr=False):
    112. 

  112. 		assert tostr is False, "'tostr' must be False for 'bip39'"
    113. 

  113. 		assert pad in (None, 'seed'), f"{pad}: invalid 'pad' argument (must be None or 'seed')"
    114. 

  114. 

  115. 		wl = self.digits
    116. 

  116. 		bitlen = len(seed_bytes) * 8
    117. 

  117. 

  118. 		assert bitlen in self.constants, f'{bitlen}: invalid seed bit length'
    119. 

  119. 		c = self.constants[bitlen]
    120. 

  120. 

  121. 		chk_hex = sha256(seed_bytes).hexdigest()
    122. 

  122. 

  123. 		seed_bin = f'{int(seed_bytes.hex(), 16):0{bitlen}b}'
    124. 

  124. 		chk_bin  = f'{int(chk_hex, 16):0256b}'
    125. 

  125. 

  126. 		res = seed_bin + chk_bin
    127. 

  127. 

  128. 		return tuple(wl[int(res[i*11:(i+1)*11], 2)] for i in range(c.mn_len))
    129. 

  129. 

  130. 	def generate_seed(self, words_arg, /, *, passwd=''):
    131. 

  131. 

  132. 		self.tohex(words_arg) # validate
    133. 

  133. 

  134. 		from hashlib import pbkdf2_hmac
    135. 

  135. 		return pbkdf2_hmac(
    136. 

  136. 			hash_name  = 'sha512',
    137. 

  137. 			password   = ' '.join(words_arg).encode(),
    138. 

  138. 			salt       = b'mnemonic' + passwd.encode(),
    139. 

  139. 			iterations = 2048,
    140. 

  140. 			dklen      = 64)
    141.