src: change password functionality

This commit adds changing password feature. The feature can only be used when the device is initialized. It shares a lot of the functionality with set password feature, but it requires the user to enter the old password correctly, and also does some seed handling to not cause any data loss. Signed-off-by: asi345 <[email protected]>
BitBoxSwiss · Feb 5, 2025 · 3670302 · 3670302
1 parent be2ea72
commit 3670302
Show file tree

Hide file tree

Showing 17 changed files with 199 additions and 17 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -11,6 +11,7 @@ customers cannot upgrade their bootloader, its changes are recorded separately.
 - Ethereum: remove deprecated Goerli network
 - SD card: solve backup bug when sd card is re-inserted
 - Cardano: allow serialization using 258-tagged sets
+- Add change password functionality
 
 ### 9.21.0
 - Bitcoin: add support for sending to silent payment (BIP-352) addresses

diff --git a/messages/bitbox02_system.proto b/messages/bitbox02_system.proto
@@ -56,3 +56,6 @@ message SetDeviceNameRequest {
 message SetPasswordRequest {
     bytes entropy = 1;
 }
+
+message ChangePasswordRequest {
+}
diff --git a/messages/hww.proto b/messages/hww.proto
@@ -67,6 +67,7 @@ message Request {
         ElectrumEncryptionKeyRequest electrum_encryption_key = 26;
         CardanoRequest cardano = 27;
         BIP85Request bip85 = 28;
+        ChangePasswordRequest change_password = 29;
     }
 }
 

diff --git a/py/bitbox02/bitbox02/bitbox02/bitbox02.py b/py/bitbox02/bitbox02/bitbox02/bitbox02.py
@@ -190,6 +190,17 @@ def set_password(self, entropy_size: int = 32) -> bool:
             raise
         return True
 
+    def change_password(self) -> bool:
+        request = hww.Request()
+        request.change_password.CopyFrom(bitbox02_system.ChangePasswordRequest())
+        try:
+            self._msg_query(request, expected_response="success")
+        except Bitbox02Exception as err:
+            if err.code == ERR_GENERIC:
+                return False
+            raise
+        return True
+
     def create_backup(self) -> bool:
         """
         Returns True if the backup was created successfully.

diff --git a/py/bitbox02/bitbox02/communication/generated/bitbox02_system_pb2.py b/py/bitbox02/bitbox02/communication/generated/bitbox02_system_pb2.py
diff --git a/py/bitbox02/bitbox02/communication/generated/bitbox02_system_pb2.pyi b/py/bitbox02/bitbox02/communication/generated/bitbox02_system_pb2.pyi
@@ -124,3 +124,9 @@ class SetPasswordRequest(google.protobuf.message.Message):
         ) -> None: ...
     def ClearField(self, field_name: typing_extensions.Literal["entropy",b"entropy"]) -> None: ...
 global___SetPasswordRequest = SetPasswordRequest
+
+class ChangePasswordRequest(google.protobuf.message.Message):
+    DESCRIPTOR: google.protobuf.descriptor.Descriptor
+    def __init__(self,
+        ) -> None: ...
+global___ChangePasswordRequest = ChangePasswordRequest
diff --git a/py/bitbox02/bitbox02/communication/generated/hww_pb2.py b/py/bitbox02/bitbox02/communication/generated/hww_pb2.py
diff --git a/py/bitbox02/bitbox02/communication/generated/hww_pb2.pyi b/py/bitbox02/bitbox02/communication/generated/hww_pb2.pyi
@@ -68,6 +68,7 @@ class Request(google.protobuf.message.Message):
     ELECTRUM_ENCRYPTION_KEY_FIELD_NUMBER: builtins.int
     CARDANO_FIELD_NUMBER: builtins.int
     BIP85_FIELD_NUMBER: builtins.int
+    CHANGE_PASSWORD_FIELD_NUMBER: builtins.int
     @property
     def device_name(self) -> bitbox02_system_pb2.SetDeviceNameRequest:
         """removed: RandomNumberRequest random_number = 1;"""
@@ -124,6 +125,8 @@ class Request(google.protobuf.message.Message):
     def cardano(self) -> cardano_pb2.CardanoRequest: ...
     @property
     def bip85(self) -> keystore_pb2.BIP85Request: ...
+    @property
+    def change_password(self) -> bitbox02_system_pb2.ChangePasswordRequest: ...
     def __init__(self,
         *,
         device_name: typing.Optional[bitbox02_system_pb2.SetDeviceNameRequest] = ...,
@@ -152,10 +155,11 @@ class Request(google.protobuf.message.Message):
         electrum_encryption_key: typing.Optional[keystore_pb2.ElectrumEncryptionKeyRequest] = ...,
         cardano: typing.Optional[cardano_pb2.CardanoRequest] = ...,
         bip85: typing.Optional[keystore_pb2.BIP85Request] = ...,
+        change_password: typing.Optional[bitbox02_system_pb2.ChangePasswordRequest] = ...,
         ) -> None: ...
-    def HasField(self, field_name: typing_extensions.Literal["bip85",b"bip85","btc",b"btc","btc_pub",b"btc_pub","btc_sign_init",b"btc_sign_init","btc_sign_input",b"btc_sign_input","btc_sign_output",b"btc_sign_output","cardano",b"cardano","check_backup",b"check_backup","check_sdcard",b"check_sdcard","create_backup",b"create_backup","device_info",b"device_info","device_language",b"device_language","device_name",b"device_name","electrum_encryption_key",b"electrum_encryption_key","eth",b"eth","fingerprint",b"fingerprint","insert_remove_sdcard",b"insert_remove_sdcard","list_backups",b"list_backups","perform_attestation",b"perform_attestation","reboot",b"reboot","request",b"request","reset",b"reset","restore_backup",b"restore_backup","restore_from_mnemonic",b"restore_from_mnemonic","set_mnemonic_passphrase_enabled",b"set_mnemonic_passphrase_enabled","set_password",b"set_password","show_mnemonic",b"show_mnemonic"]) -> builtins.bool: ...
-    def ClearField(self, field_name: typing_extensions.Literal["bip85",b"bip85","btc",b"btc","btc_pub",b"btc_pub","btc_sign_init",b"btc_sign_init","btc_sign_input",b"btc_sign_input","btc_sign_output",b"btc_sign_output","cardano",b"cardano","check_backup",b"check_backup","check_sdcard",b"check_sdcard","create_backup",b"create_backup","device_info",b"device_info","device_language",b"device_language","device_name",b"device_name","electrum_encryption_key",b"electrum_encryption_key","eth",b"eth","fingerprint",b"fingerprint","insert_remove_sdcard",b"insert_remove_sdcard","list_backups",b"list_backups","perform_attestation",b"perform_attestation","reboot",b"reboot","request",b"request","reset",b"reset","restore_backup",b"restore_backup","restore_from_mnemonic",b"restore_from_mnemonic","set_mnemonic_passphrase_enabled",b"set_mnemonic_passphrase_enabled","set_password",b"set_password","show_mnemonic",b"show_mnemonic"]) -> None: ...
-    def WhichOneof(self, oneof_group: typing_extensions.Literal["request",b"request"]) -> typing.Optional[typing_extensions.Literal["device_name","device_language","device_info","set_password","create_backup","show_mnemonic","btc_pub","btc_sign_init","btc_sign_input","btc_sign_output","insert_remove_sdcard","check_sdcard","set_mnemonic_passphrase_enabled","list_backups","restore_backup","perform_attestation","reboot","check_backup","eth","reset","restore_from_mnemonic","fingerprint","btc","electrum_encryption_key","cardano","bip85"]]: ...
+    def HasField(self, field_name: typing_extensions.Literal["bip85",b"bip85","btc",b"btc","btc_pub",b"btc_pub","btc_sign_init",b"btc_sign_init","btc_sign_input",b"btc_sign_input","btc_sign_output",b"btc_sign_output","cardano",b"cardano","change_password",b"change_password","check_backup",b"check_backup","check_sdcard",b"check_sdcard","create_backup",b"create_backup","device_info",b"device_info","device_language",b"device_language","device_name",b"device_name","electrum_encryption_key",b"electrum_encryption_key","eth",b"eth","fingerprint",b"fingerprint","insert_remove_sdcard",b"insert_remove_sdcard","list_backups",b"list_backups","perform_attestation",b"perform_attestation","reboot",b"reboot","request",b"request","reset",b"reset","restore_backup",b"restore_backup","restore_from_mnemonic",b"restore_from_mnemonic","set_mnemonic_passphrase_enabled",b"set_mnemonic_passphrase_enabled","set_password",b"set_password","show_mnemonic",b"show_mnemonic"]) -> builtins.bool: ...
+    def ClearField(self, field_name: typing_extensions.Literal["bip85",b"bip85","btc",b"btc","btc_pub",b"btc_pub","btc_sign_init",b"btc_sign_init","btc_sign_input",b"btc_sign_input","btc_sign_output",b"btc_sign_output","cardano",b"cardano","change_password",b"change_password","check_backup",b"check_backup","check_sdcard",b"check_sdcard","create_backup",b"create_backup","device_info",b"device_info","device_language",b"device_language","device_name",b"device_name","electrum_encryption_key",b"electrum_encryption_key","eth",b"eth","fingerprint",b"fingerprint","insert_remove_sdcard",b"insert_remove_sdcard","list_backups",b"list_backups","perform_attestation",b"perform_attestation","reboot",b"reboot","request",b"request","reset",b"reset","restore_backup",b"restore_backup","restore_from_mnemonic",b"restore_from_mnemonic","set_mnemonic_passphrase_enabled",b"set_mnemonic_passphrase_enabled","set_password",b"set_password","show_mnemonic",b"show_mnemonic"]) -> None: ...
+    def WhichOneof(self, oneof_group: typing_extensions.Literal["request",b"request"]) -> typing.Optional[typing_extensions.Literal["device_name","device_language","device_info","set_password","create_backup","show_mnemonic","btc_pub","btc_sign_init","btc_sign_input","btc_sign_output","insert_remove_sdcard","check_sdcard","set_mnemonic_passphrase_enabled","list_backups","restore_backup","perform_attestation","reboot","check_backup","eth","reset","restore_from_mnemonic","fingerprint","btc","electrum_encryption_key","cardano","bip85","change_password"]]: ...
 global___Request = Request
 
 class Response(google.protobuf.message.Message):