Support recovery of seed from sources, extra seed entropy

Author: pjkundert

slip39/App/main.py

@@ -1,12 +1,15 @@
 import argparse
+import codecs
+import hashlib
 import logging
 import math
 import os
 
 import PySimpleGUI as sg
 
 from ..types		import Account
-from ..api		import create, group_parser
+from ..api		import create, group_parser, random_secret
+from ..recovery		import recover, recover_bip39
 from ..util		import log_level, log_cfg
 from ..layout		import write_pdfs
 from ..defaults		import GROUPS, GROUP_THRESHOLD_RATIO, CRYPTO_PATHS
@@ -24,13 +27,15 @@
 )
 B_kwds				= dict(
     font		= font,
+    enable_events	= True,
 )
 
 
 def groups_layout( names, group_threshold, groups, passphrase=None ):
     """Return a layout for the specified number of SLIP-39 groups.
 
     """
+
     group_body			= [
         sg.Frame(
             '#', [[ sg.Column( [
@@ -57,29 +62,96 @@ def groups_layout( names, group_threshold, groups, passphrase=None ):
             ], key='-GROUP-SIZES-' ) ]]
         ),
     ]
-    prefix			= (30,1)
-    layout			= [
+    prefix			= (32, 1)
+    inputs			= (32, 1)
+    bip39_sample		= "zoo zoo zoo zoo zoo zoo zoo zoo zoo zoo zoo wrong"
+    layout                      = [
+        [
+            sg.Frame( 'Seed Data Source', [
+                [
+                    sg.Radio( "128-bit Random", "SD",   key='-SD-128-RND-',     default=True,   **B_kwds ),
+                    sg.Radio( "256-bit Random", "SD",   key='-SD-256-RND-',     default=False,  **B_kwds ),
+                    sg.Radio( "512-bit Random", "SD",   key='-SD-512-RND-',     default=False,  **B_kwds ),
+                ],
+                [
+                    sg.Radio( "128-bit Fixed ", "SD",   key='-SD-128-FIX-',     default=False,  **B_kwds ),
+                    sg.Radio( "256-bit Fixed ", "SD",   key='-SD-256-FIX-',     default=False,  **B_kwds ),
+                    sg.Radio( "512-bit Fixed ", "SD",   key='-SD-512-FIX-',     default=False,  **B_kwds ),
+                ],
+                [
+                    sg.Radio( "BIP-39",         "SD",   key='-SD-BIP-',         default=False,  **B_kwds ),
+                    sg.Radio( "SLIP-39",        "SD",   key='-SD-SLIP-',        default=False,  **B_kwds ),
+                ],
+                [
+                    sg.Frame( 'From', [
+                        [
+                            sg.Text( "Mnemonic(s): ",   key='-SD-DATA-T-',      size=prefix,    **T_kwds ),
+                            sg.Multiline( bip39_sample, key='-SD-DATA-',        size=(128,1),   **I_kwds )
+                        ],
+                    ],                                  key='-SD-DATA-F-',      visible=False ),
+                ],
+                [
+                    sg.Frame( 'Pass', [
+                        [
+                            sg.Text( "Passphrase (decrypt): ",                  size=prefix,    **T_kwds ),
+                            sg.Input( "",               key='-SD-PASS-',                        **I_kwds )
+                        ],
+                    ],                                  key='-SD-PASS-F-',      visible=False ),
+                ],
+                [
+                    sg.Text( "Seed Data: ", size=prefix, **T_kwds ),
+                    sg.Text( f"",                       key='-SD-SEED-',        size=(128,1),   **T_kwds ),
+                ],
+            ] )
+        ],
+    ] + [
+        [
+            sg.Frame( '⊻ Seed Extra Entropy (eg. Die rolls, ...)', [
+                [
+                    sg.Radio( "Hex",             "SE",  key='-SE-HEX-',         default=True,   **B_kwds ),
+                    sg.Radio( "SHA-512 Stretch", "SE",  key='-SE-SHA-',         default=False,  **B_kwds ),
+                ],
+                [
+                    sg.Text( "Entropy: ",               key='-SE-DATA-T-',      size=prefix,    **T_kwds ),
+                    sg.Input( "",                       key='-SE-DATA-',        size=(128,1),   **I_kwds ),
+                ],
+                [
+                    sg.Text( "Seed Entropy: ",                                  size=prefix,    **T_kwds ),
+                    sg.Text( f"",                       key='-SE-SEED-',        size=(128,1),   **T_kwds ),
+                ],
+            ] ),
+        ]
+    ] + [
+        [
+            sg.Frame( 'Seed Master Secret', [
+                [
+                    sg.Text( "Seed: ",                                          size=prefix,    **T_kwds ),
+                    sg.Text( f"",                       key='-SEED-',           size=(128,1),   **T_kwds ),
+                ],
+            ] ),
+        ],
+    ] + [
         [
             sg.Text( "Save PDF to (ie. USB drive): ", size=prefix, **T_kwds ),
-            sg.Input( sg.user_settings_get_entry( "-target folder-", ""), k='-TARGET-', **I_kwds ),
-            sg.FolderBrowse( **B_kwds )
+            sg.Input( sg.user_settings_get_entry( "-target folder-", ""),  size=inputs, key='-TARGET-', **I_kwds ),
+            sg.FolderBrowse( **B_kwds ),
         ],
     ] + [
         [
             sg.Text( "Seed File Name(s): ", size=prefix, **T_kwds ),
-            sg.Input( f"{', '.join( names )}", key='-NAMES-', **I_kwds ),
+            sg.Input( f"{', '.join( names )}",  size=inputs, key='-NAMES-', **I_kwds ),
             sg.Text( "(optional; comma-separated)", **T_kwds ),
         ]
     ] + [
         [
-            sg.Text( "Requires recovery of at least: ", size=prefix, **T_kwds ),
-            sg.Input( f"{group_threshold}", key='-THRESHOLD-', **I_kwds ),
+            sg.Text( "Requires recovery of at least: ",        size=prefix, **T_kwds ),
+            sg.Input( f"{group_threshold}", key='-THRESHOLD-', size=inputs, **I_kwds ),
             sg.Text( f"(of {len(groups)} SLIP-39 Recovery Groups)", key='-RECOVERY-', **T_kwds ),
         ],
     ] + [
         [
-            sg.Text( "Passphrase to encrypt Seed: ", size=prefix, **T_kwds ),
-            sg.Input( f"{passphrase or ''}", key='-PASSPHRASE-', **I_kwds ),
+            sg.Text( "Passphrase (encrypt): ",		size=prefix, **T_kwds ),
+            sg.Input( f"{passphrase or ''}", key='-PASSPHRASE-', size=inputs, **I_kwds ),
             sg.Text( "(optional; must be remembered separately!!)", **T_kwds ),
         ],
     ] + [
@@ -146,6 +218,9 @@ def app(
     status			= None
     event			= False
     events_termination		= (sg.WIN_CLOSED, 'Exit',)
+    master_secret		= None		# default to produce randomly
+    seed_data			= None
+    seed_entr			= None
     while event not in events_termination:
         # Create window (for initial window.read()), or update status
         if window:
@@ -161,6 +236,7 @@ def app(
             continue
 
         if event == '+':
+            # Add a SLIP39 Groups row
             g			= len(groups)
             name		= f"Group {g+1}"
             needs		= (2,3)
@@ -170,6 +246,111 @@ def app(
             window.extend_layout( window['-GROUP-NEEDS-'],  [[ sg.Input( f"{needs[0]}", key=f"-G-NEED-{g}", **I_kwds ) ]] )  # noqa: 241
             window.extend_layout( window['-GROUP-SIZES-'],  [[ sg.Input( f"{needs[1]}", key=f"-G-SIZE-{g}", **I_kwds ) ]] )  # noqa: 241
 
+        # Respond to changes in the desired Seed Data source, and recover/generate and update the -SD-SEED-
+        for seed_data_source in [
+                '-SD-128-RND-',
+                '-SD-256-RND-',
+                '-SD-512-RND-',
+                '-SD-128-FIX-',
+                '-SD-256-FIX-',
+                '-SD-512-FIX-',
+                '-SD-BIP-',
+                '-SD-SLIP-',
+        ]:
+            if values.get( seed_data_source ) and seed_data != seed_data_source:
+                seed_data	= seed_data_source
+                # Changed Seed Data source!
+                if 'FIX' in seed_data:
+                    window['-SD-DATA-T-'].update( f"Hex data: " )
+                    window['-SD-DATA-F-'].update( visible=True  )
+                    window['-SD-PASS-F-'].update( visible=False )
+                elif 'RND' in seed_data:
+                    window['-SD-DATA-F-'].update( visible=False )
+                    window['-SD-PASS-F-'].update( visible=False )
+                elif 'BIP' in seed_data:
+                    window['-SD-DATA-T-'].update( f"BIP-39 Mnemonic: " )
+                    window['-SD-DATA-F-'].update( visible=True )
+                    window['-SD-PASS-F-'].update( visible=True )
+                elif 'SLIP' in seed_data:
+                    window['-SD-DATA-T-'].update( f"SLIP-39 Mnemonics: " )
+                    window['-SD-DATA-F-'].update( visible=True )
+                    window['-SD-PASS-F-'].update( visible=True )
+        if 'FIX' in seed_data:
+            bits		= int( seed_data.split( '-' )[2] )
+            try:
+                # 0-fill and truncate any supplied hex data to the desired bit length
+                data		= f"{values['-SD-DATA-']:<0{bits//4}.{bits//4}}"
+                master_secret = codecs.decode( data, 'hex_codec' )
+            except Exception as exc:
+                status		= f"Invalid Hex for {bits}-bit fixed seed: {exc}"
+                continue
+        elif 'BIP' in seed_data:
+            try:
+                master_secret	= recover_bip39(
+                    mnemonic	= values['-SD-DATA-'].strip(),
+                    passphrase	= values['-SD-PASS-'].strip().encode( 'UTF-8' )
+                )
+            except Exception as exc:
+                status	= f"Invalid BIP-39 recovery mnemonic: {exc}"
+                continue
+        elif 'SLIP' in seed_data:
+            try:
+                master_secret	= recover(
+                    mnemonics	= values['-SD-DATA-'].strip().split( '\n' ),
+                    passphrase	= values['-SD-PASS-'].strip().encode( 'UTF-8' )
+                )
+            except Exception as exc:
+                status	= f"Invalid SLIP-39 recovery mnemonics: {exc}"
+                continue
+        else: # Random.  Regenerated each time through.
+            bits		= int( seed_data.split( '-' )[2] )
+            master_secret	= random_secret( bits // 8 )
+
+        # Compute the Seed Data as hex.  Will be 128-, 256- or 512-bit hex data.
+        window['-SD-SEED-'].update( codecs.encode( master_secret, 'hex_codec' ).decode( 'ascii' ))
+
+        # Respond to changes in the Seed Entropy, and recover/generate the -SE-SEED-.  It is
+        # expected to be exactly the same size as the -SD-SEED- data.
+        for seed_entr_source in [
+            '-SE-HEX-',
+            '-SE-SHA-',
+        ]:
+            if values.get( seed_entr_source ) and seed_entr != seed_entr_source:
+                seed_entr	= seed_entr_source
+                # Changed Seed Entropy source!
+                if 'HEX' in seed_entr:
+                    window['-SE-DATA-T-'].update( f"Entropy (hex): " )
+                else:
+                    window['-SE-DATA-T-'].update( f"Entropy (die rolls, etc.): " )
+
+        bits			= len( window['-SD-SEED-'].get() ) * 4
+        if 'HEX' in seed_entr:
+            try:
+                # 0-fill and truncate any supplied hex data to the desired bit length
+                data		= f"{values['-SE-DATA-']:<0{bits//4}.{bits//4}}"
+                master_entropy	= codecs.decode( data, 'hex_codec' )
+            except Exception as exc:
+                status		= f"Invalid Hex for {bits}-bit extra seed entropy: {exc}"
+                continue
+        else:
+            try:
+                # SHA-512 stretch and possibly truncate
+                stretch		= hashlib.sha512()
+                stretch.update( values['-SE-DATA-'].encode( 'UTF-8' ))
+                master_entropy	= stretch.digest()[:bits//8]
+            except Exception as exc:
+                status		= f"Invalid data for {bits}-bit extra seed entropy: {exc}"
+                continue
+
+        # Compute the Seed Entropy as hex.  Will be 128-, 256- or 512-bit hex data.
+        window['-SE-SEED-'].update( codecs.encode( master_entropy, 'hex_codec' ).decode( 'ascii' ))
+
+        # Compute the Master Secret Seed, from the supplied Seed Data and any extra Seed Entropy
+        data			= codecs.decode( window['-SD-SEED-'].get(), 'hex_codec' )
+        entr			= codecs.decode( window['-SE-SEED-'].get(), 'hex_codec' )
+        seed			= bytes( d ^ e for d,e in zip( data, entr ) )
+        window['-SEED-'].update( codecs.encode( seed, 'hex_codec' ).decode( 'ascii' ))
+
         # A target directory must be selected; use it.  This is where any output will be written.
         # It should usually be a removable volume, but we do not check for this.
         try:
@@ -264,7 +445,18 @@ def app(
 def main( argv=None ):
     ap				= argparse.ArgumentParser(
         description = "Create and output SLIP39 encoded Ethereum wallet(s) to a PDF file.",
-        epilog = "" )
+        formatter_class = argparse.RawDescriptionHelpFormatter,
+        epilog = """\
+
+A GUI App for creating SLIP-39 Mnemonic encoded cryptocurrency wallet seeds, either from secure
+randomness, or from pre-existing seed entropy, or recovered from prior SLIP-39 or BIP-39 encoded
+seed Mnemonics.
+
+This can be useful for converting existing BIP-39 Mnemonic encoded seeds to more secure and
+recoverable SLIP-39 Mnemonic encoding.
+
+"""
+    )
     ap.add_argument( '-v', '--verbose', action="count",
                      default=0,
                      help="Display logging information." )

slip39/version.py

@@ -1,2 +1,2 @@
-__version_info__		= ( 5, 2, 0 )
+__version_info__		= ( 5, 3, 0 )
 __version__			= '.'.join( map( str, __version_info__ ))