localized recovery phrases, user supplied phrases now verified against masterpubkey

Author: voisine

BreadWallet.xcodeproj/project.pbxproj

@@ -33,7 +33,6 @@
 		752E28EA19234DA200DB5A3C /* NSMutableData+Bitcoin.m in Sources */ = {isa = PBXBuildFile; fileRef = 752E28E419234DA200DB5A3C /* NSMutableData+Bitcoin.m */; };
 		752E28EB19234DA200DB5A3C /* NSString+Bitcoin.m in Sources */ = {isa = PBXBuildFile; fileRef = 752E28E619234DA200DB5A3C /* NSString+Bitcoin.m */; };
 		752E28F119234E8100DB5A3C /* Reachability.m in Sources */ = {isa = PBXBuildFile; fileRef = 752E28F019234E8100DB5A3C /* Reachability.m */; settings = {COMPILER_FLAGS = "-w"; }; };
-		752E28F619235B3000DB5A3C /* BIP39EnglishWords.plist in Resources */ = {isa = PBXBuildFile; fileRef = 752E28F419235B3000DB5A3C /* BIP39EnglishWords.plist */; };
 		752E28F719235B3000DB5A3C /* FixedPeers.plist in Resources */ = {isa = PBXBuildFile; fileRef = 752E28F519235B3000DB5A3C /* FixedPeers.plist */; };
 		7548CF3719556FD700EF827F /* BRCopyLabel.m in Sources */ = {isa = PBXBuildFile; fileRef = 7548CF3619556FD700EF827F /* BRCopyLabel.m */; };
 		75767C421A0EC6F9003E7DE9 /* UIImage+Blur.m in Sources */ = {isa = PBXBuildFile; fileRef = 75767C411A0EC6F9003E7DE9 /* UIImage+Blur.m */; };
@@ -51,6 +50,7 @@
 		759FBB36193290F600AB4465 /* BRRootViewController.m in Sources */ = {isa = PBXBuildFile; fileRef = 759FBB33193290F600AB4465 /* BRRootViewController.m */; };
 		759FBB37193290F600AB4465 /* BRSendViewController.m in Sources */ = {isa = PBXBuildFile; fileRef = 759FBB35193290F600AB4465 /* BRSendViewController.m */; };
 		75AA5F55194143D5003F23BD /* BRBouncyBurgerButton.m in Sources */ = {isa = PBXBuildFile; fileRef = 75AA5F54194143D5003F23BD /* BRBouncyBurgerButton.m */; };
+		75C0E3BF1B1BA294007BC531 /* BIP39Words.plist in Resources */ = {isa = PBXBuildFile; fileRef = 75C0E3C11B1BA294007BC531 /* BIP39Words.plist */; };
 		75D5F3C2191EC270004AB296 /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 75D5F3C1191EC270004AB296 /* Foundation.framework */; };
 		75D5F3C4191EC270004AB296 /* CoreGraphics.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 75D5F3C3191EC270004AB296 /* CoreGraphics.framework */; };
 		75D5F3C6191EC270004AB296 /* UIKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 75D5F3C5191EC270004AB296 /* UIKit.framework */; };
@@ -182,7 +182,6 @@
 		752E28E619234DA200DB5A3C /* NSString+Bitcoin.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "NSString+Bitcoin.m"; sourceTree = "<group>"; };
 		752E28EF19234E8100DB5A3C /* Reachability.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Reachability.h; sourceTree = SOURCE_ROOT; };
 		752E28F019234E8100DB5A3C /* Reachability.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = Reachability.m; sourceTree = SOURCE_ROOT; };
-		752E28F419235B3000DB5A3C /* BIP39EnglishWords.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = BIP39EnglishWords.plist; sourceTree = "<group>"; };
 		752E28F519235B3000DB5A3C /* FixedPeers.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = FixedPeers.plist; sourceTree = "<group>"; };
 		7548CF3519556FD700EF827F /* BRCopyLabel.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = BRCopyLabel.h; sourceTree = "<group>"; };
 		7548CF3619556FD700EF827F /* BRCopyLabel.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = BRCopyLabel.m; sourceTree = "<group>"; };
@@ -243,6 +242,11 @@
 		75AA5F53194143D5003F23BD /* BRBouncyBurgerButton.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = BRBouncyBurgerButton.h; sourceTree = "<group>"; };
 		75AA5F54194143D5003F23BD /* BRBouncyBurgerButton.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = BRBouncyBurgerButton.m; sourceTree = "<group>"; };
 		75BCC59A1946520700EC1A64 /* BreadWalletTests.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = BreadWalletTests.h; sourceTree = "<group>"; };
+		75C0E3C71B1D333F007BC531 /* en */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; name = en; path = en.lproj/BIP39Words.plist; sourceTree = "<group>"; };
+		75C0E3C21B1BA29D007BC531 /* fr */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; name = fr; path = fr.lproj/BIP39Words.plist; sourceTree = "<group>"; };
+		75C0E3C31B1BA29F007BC531 /* ja */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; name = ja; path = ja.lproj/BIP39Words.plist; sourceTree = "<group>"; };
+		75C0E3C41B1BA2A5007BC531 /* es */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; name = es; path = es.lproj/BIP39Words.plist; sourceTree = "<group>"; };
+		75C0E3C51B1BA2AE007BC531 /* zh-Hans */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; name = "zh-Hans"; path = "zh-Hans.lproj/BIP39Words.plist"; sourceTree = "<group>"; };
 		75D5F3BE191EC270004AB296 /* breadwallet.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = breadwallet.app; sourceTree = BUILT_PRODUCTS_DIR; };
 		75D5F3C1191EC270004AB296 /* Foundation.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Foundation.framework; path = System/Library/Frameworks/Foundation.framework; sourceTree = SDKROOT; };
 		75D5F3C3191EC270004AB296 /* CoreGraphics.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CoreGraphics.framework; path = System/Library/Frameworks/CoreGraphics.framework; sourceTree = SDKROOT; };
@@ -529,7 +533,7 @@
 				75D5F3DF191EC270004AB296 /* Images.xcassets */,
 				75D5F3DC191EC270004AB296 /* Main.storyboard */,
 				752E2898192349CE00DB5A3C /* BreadWallet.xcdatamodeld */,
-				752E28F419235B3000DB5A3C /* BIP39EnglishWords.plist */,
+				75C0E3C11B1BA294007BC531 /* BIP39Words.plist */,
 				752E28F519235B3000DB5A3C /* FixedPeers.plist */,
 				7579F7FE19231D4600CA56F4 /* ThirdParty */,
 				75D5F3C8191EC270004AB296 /* Supporting Files */,
@@ -696,7 +700,7 @@
 			files = (
 				75D5F3E0191EC270004AB296 /* Images.xcassets in Resources */,
 				757E09991ADB8EEB006FD352 /* Localizable.strings in Resources */,
-				752E28F619235B3000DB5A3C /* BIP39EnglishWords.plist in Resources */,
+				75C0E3BF1B1BA294007BC531 /* BIP39Words.plist in Resources */,
 				75D5F3CC191EC270004AB296 /* InfoPlist.strings in Resources */,
 				752E28F719235B3000DB5A3C /* FixedPeers.plist in Resources */,
 				75D5F3DE191EC270004AB296 /* Main.storyboard in Resources */,
@@ -812,6 +816,18 @@
 			name = Localizable.strings;
 			sourceTree = "<group>";
 		};
+		75C0E3C11B1BA294007BC531 /* BIP39Words.plist */ = {
+			isa = PBXVariantGroup;
+			children = (
+				75C0E3C71B1D333F007BC531 /* en */,
+				75C0E3C21B1BA29D007BC531 /* fr */,
+				75C0E3C31B1BA29F007BC531 /* ja */,
+				75C0E3C41B1BA2A5007BC531 /* es */,
+				75C0E3C51B1BA2AE007BC531 /* zh-Hans */,
+			);
+			name = BIP39Words.plist;
+			sourceTree = "<group>";
+		};
 		75D5F3CA191EC270004AB296 /* InfoPlist.strings */ = {
 			isa = PBXVariantGroup;
 			children = (

BreadWallet/BRBIP39Mnemonic.m

@@ -29,7 +29,7 @@
 #import "ccMemory.h"
 #import <CommonCrypto/CommonKeyDerivation.h>
 
-#define WORDS @"BIP39EnglishWords"
+#define WORDS @"BIP39Words"
 
 // BIP39 is method for generating a deterministic wallet seed from a mnemonic phrase
 // https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki

BreadWallet/BRRestoreViewController.m

@@ -30,13 +30,14 @@
 #import "NSMutableData+Bitcoin.h"
 
 #define PHRASE_LENGTH 12
-#define WORDS         @"BIP39EnglishWords"
+#define WORDS         @"BIP39Words"
 
 @interface BRRestoreViewController ()
 
 @property (nonatomic, strong) IBOutlet UITextView *textView;
 @property (nonatomic, strong) IBOutlet NSLayoutConstraint *textViewYBottom;
 @property (nonatomic, strong) NSArray *words;
+@property (nonatomic, strong) NSMutableSet *allWords;
 @property (nonatomic, strong) id keyboardObserver;
 
 @end
@@ -48,8 +49,14 @@ - (void)viewDidLoad
     [super viewDidLoad];
     // Do any additional setup after loading the view.
 
-     self.words = [NSArray arrayWithContentsOfFile:[[NSBundle mainBundle] pathForResource:WORDS ofType:@"plist"]];
-     
+    self.words = [NSArray arrayWithContentsOfFile:[[NSBundle mainBundle] pathForResource:WORDS ofType:@"plist"]];
+    self.allWords = [NSMutableSet set];
+    
+    for (NSString *lang in [[NSBundle mainBundle] localizations]) {
+        [self.allWords addObjectsFromArray:[NSArray arrayWithContentsOfFile:[[NSBundle mainBundle]
+         pathForResource:WORDS ofType:@"plist" inDirectory:nil forLocalization:lang]]];
+    }
+    
     // TODO: create secure versions of keyboard and UILabel and use in place of UITextView
     // TODO: autocomplete based on 4 letter prefixes of mnemonic words
 
@@ -87,14 +94,17 @@ - (void)dealloc
 - (void)wipeWithPhrase:(NSString *)phrase
 {
     @autoreleasepool {
-        NSString *seedPhrase = [[BRWalletManager sharedInstance] seedPhrase];
+        BRWalletManager *m = [BRWalletManager sharedInstance];
+        
+        if ([phrase isEqual:@"wipe"]) phrase = [m seedPhraseWithPrompt:nil];
 
-        if (seedPhrase && ([phrase isEqual:seedPhrase] || [phrase isEqual:@"wipe"])) {
+        if ([[m.sequence masterPublicKeyFromSeed:[m.mnemonic deriveKeyFromPhrase:phrase withPassphrase:nil]]
+             isEqual:m.masterPublicKey]) {
             [[[UIActionSheet alloc] initWithTitle:nil delegate:self cancelButtonTitle:NSLocalizedString(@"cancel", nil)
               destructiveButtonTitle:NSLocalizedString(@"wipe", nil) otherButtonTitles:nil]
              showInView:[[UIApplication sharedApplication] keyWindow]];
         }
-        else if (seedPhrase) {
+        else if (phrase) {
             [[[UIAlertView alloc] initWithTitle:@"" message:NSLocalizedString(@"recovery phrase doesn't match", nil)
               delegate:nil cancelButtonTitle:NSLocalizedString(@"ok", nil) otherButtonTitles:nil] show];
         }
@@ -152,19 +162,21 @@ - (void)textViewDidChange:(UITextView *)textView
 
         if (! done) return;
 
+        BOOL isLocal = YES;
         NSString *phrase = [m.mnemonic normalizePhrase:s], *incorrect = nil;
         NSArray *a = CFBridgingRelease(CFStringCreateArrayBySeparatingStrings(SecureAllocator(), (CFStringRef)phrase,
                                                                               CFSTR(" ")));
 
         for (NSString *word in a) {
-            if ([self.words containsObject:word]) continue;
+            if (! [self.words containsObject:word]) isLocal = NO;
+            if ([self.allWords containsObject:word]) continue;
             incorrect = word;
             break;
         }
 
-        if ([s isEqual:@"wipe"]) { // shortcut word to force the wipe option to appear
+        if ([phrase isEqual:@"wipe"]) { // shortcut word to force the wipe option to appear
             [self.textView resignFirstResponder];
-            [self performSelector:@selector(wipeWithPhrase:) withObject:s afterDelay:0.0];
+            [self performSelector:@selector(wipeWithPhrase:) withObject:phrase afterDelay:0.0];
         }
         else if (incorrect) {
             textView.selectedRange = [[textView.text lowercaseString] rangeOfString:incorrect];
@@ -180,7 +192,7 @@ - (void)textViewDidChange:(UITextView *)textView
                        PHRASE_LENGTH] delegate:nil cancelButtonTitle:NSLocalizedString(@"ok", nil)
               otherButtonTitles:nil] show];
         }
-        else if (! [m.mnemonic phraseIsValid:phrase]) {
+        else if (isLocal && ! [m.mnemonic phraseIsValid:phrase]) {
             [[[UIAlertView alloc] initWithTitle:@"" message:NSLocalizedString(@"bad recovery phrase", nil) delegate:nil
               cancelButtonTitle:NSLocalizedString(@"ok", nil) otherButtonTitles:nil] show];
         }

BreadWallet/BRWalletManager.m

@@ -257,9 +257,14 @@ - (BRWallet *)wallet
     if (_wallet) return _wallet;
 
     if (getKeychainData(SEED_KEY, nil)) { // upgrade from old keychain scheme
-        NSLog(@"upgrading to authenticated keychain scheme");
-        if (! setKeychainData([self.sequence masterPublicKeyFromSeed:self.seed], MASTER_PUBKEY_KEY, NO)) return _wallet;
-        if (setKeychainData(getKeychainData(MNEMONIC_KEY, nil), MNEMONIC_KEY, YES)) setKeychainData(nil, SEED_KEY, NO);
+        @autoreleasepool {
+            NSString *seedPhrase = getKeychainString(MNEMONIC_KEY, nil);
+
+            NSLog(@"upgrading to authenticated keychain scheme");
+            if (! setKeychainData([self.sequence masterPublicKeyFromSeed:[self.mnemonic deriveKeyFromPhrase:seedPhrase
+                                   withPassphrase:nil]], MASTER_PUBKEY_KEY, NO)) return _wallet;
+            if (setKeychainString(seedPhrase, MNEMONIC_KEY, YES)) setKeychainData(nil, SEED_KEY, NO);
+        }
     }
 
     if (! self.masterPublicKey) return _wallet;
@@ -323,16 +328,6 @@ - (NSData *)masterPublicKey
     return getKeychainData(MASTER_PUBKEY_KEY, nil);
 }
 
-- (NSData *)seed
-{
-    @autoreleasepool {
-        NSString *phrase = getKeychainString(MNEMONIC_KEY, nil);
-        
-        if (phrase.length == 0) return nil;
-        return [self.mnemonic deriveKeyFromPhrase:phrase withPassphrase:nil];
-    }
-}
-
 // requesting seedPhrase will trigger authentication
 - (NSString *)seedPhrase
 {
@@ -342,7 +337,7 @@ - (NSString *)seedPhrase
 - (void)setSeedPhrase:(NSString *)seedPhrase
 {
     @autoreleasepool { // @autoreleasepool ensures sensitive data will be dealocated immediately
-        if (seedPhrase) seedPhrase = [self.mnemonic encodePhrase:[self.mnemonic decodePhrase:seedPhrase]];
+        if (seedPhrase) seedPhrase = [self.mnemonic normalizePhrase:seedPhrase];
 
         [[NSManagedObject context] performBlockAndWait:^{
             [BRAddressEntity deleteObjects:[BRAddressEntity allObjects]];
@@ -449,7 +444,13 @@ - (NSData *)seedWithPrompt:(NSString *)authprompt forAmount:(uint64_t)amount
 
     // BUG: if user manually chooses to enter pin, spending limit is reset without including the tx being authorized
     if (! touchid) setKeychainInt(self.wallet.totalSent + amount + self.spendingLimit, SPEND_LIMIT_KEY, NO);
-    return self.seed;
+
+    @autoreleasepool {
+        NSString *seedPhrase = getKeychainString(MNEMONIC_KEY, nil);
+        
+        if (seedPhrase.length == 0) return nil;
+        return [self.mnemonic deriveKeyFromPhrase:seedPhrase withPassphrase:nil];
+    }
 }
 
 // authenticates user and returns seedPhrase
@@ -1083,12 +1084,8 @@ - (void)textViewDidChange:(UITextView *)textView
         if ([textView.text rangeOfString:@"\n"].location != NSNotFound) {
             textView.text = [self.mnemonic normalizePhrase:textView.text];
 
-            if (! [self.mnemonic phraseIsValid:[self.mnemonic normalizePhrase:textView.text]]) {
-                self.alertView.title = NSLocalizedString(@"bad recovery phrase", nil);
-                [self.alertView performSelector:@selector(setTitle:)
-                 withObject:NSLocalizedString(@"recovery phrase", nil) afterDelay:3.0];
-            }
-            else if (! [[self.mnemonic normalizePhrase:textView.text] isEqual:getKeychainString(MNEMONIC_KEY, nil)]) {
+            if (! [[self.sequence masterPublicKeyFromSeed:[self.mnemonic deriveKeyFromPhrase:textView.text
+                                                           withPassphrase:nil]] isEqual:self.masterPublicKey]) {
                 self.alertView.title = NSLocalizedString(@"recovery phrase doesn't match", nil);
                 [self.alertView performSelector:@selector(setTitle:)
                  withObject:NSLocalizedString(@"recovery phrase", nil) afterDelay:3.0];