improve API

[matejcik]

This is my second attempt at API rework, this time with a big refactor.

Summary:

• Most functions have been moved to submodules of shamir_mnemonic
• The high-level API, i.e. encrypt, decrypt, combine_mnemonics and generate_mnemonics was not changed; see the diff for test_shamir.py
• new functions split_ems and recover_ems perform the functionality that is done in trezor-core. If we agree on naming, I'll rename and modify the API in trezor-core too.

Details:

Constants now live in a separate file constants.py.

rs1024-polymod has its own file rs1024.py.

The cipher has its own file cipher.py. encrypt and decrypt are exported into the main shamir_mnemonic module.

Loading wordlist and converting mnemonics to/from indices was moved to wordlist.py.

Converting individual shares to/from mnemonic representation was moved to share.py, and share info is now handled in a Share class, similar to what trezor-core does.

The meat-and-potatoes of the functionality was moved to shamir.py. The main functions combine_mnemonics, generate_mnemonics, split_ems and recover_ems are exported to the top-level module. New functions:

• split_ems takes group threshold, groups definitions, identifier, iteration exponent, and EMS, and returns a collection of mnemonics
• recover_ems takes a collection of mnemonics and returns identifier, iteration exponent and EMS

combine_mnemonics was reformulated to use recover_ems internally, and generate_mnemonics was reformulated to use split_ems internally.

generate_mnemonics_random was removed. Its function is rather specific, and in most usecases the caller will need to have the Master Secret (e.g. to save it in storage) as well as the set of shares.

[matejcik]

I fixed some comments, regularized the Share API, and added checks to encrypt/decrypt.

The rest is pending further discussion.

I also regenerated the vectors, because the default iteration exponent was changed to 1 to match trezor-core. Please check if this is what we want and if the vectors are OK. We can also:

• revert the iteration exponent default
• or explicitly use zero in generate_vectors

[andrewkozlik]

This is so weird, I thought I left a comment here about the test vectors last week, but now I can't find it anywhere. Anyway, in generate_vectors.py use iteration exponent 0 explicitly. There is no reason to change the test vectors if the specification didn't change.

[matejcik]

generate_vectors were modified, so that the original vectors are produced with the new code.

documentation for split_ems and recover_ems was changed, with details of the "deferred" mode to be described in trezor-core

all previous comments should be addressed now