1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-01-05 04:50:57 +00:00
trezor-firmware/python/src/trezorlib/client.py

421 lines
15 KiB
Python
Raw Normal View History

# This file is part of the Trezor project.
2016-11-25 21:53:55 +00:00
#
2019-05-29 16:44:09 +00:00
# Copyright (C) 2012-2019 SatoshiLabs and contributors
2016-11-25 21:53:55 +00:00
#
# This library is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License version 3
# as published by the Free Software Foundation.
2016-11-25 21:53:55 +00:00
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the License along with this library.
# If not, see <https://www.gnu.org/licenses/lgpl-3.0.html>.
2016-11-25 21:53:55 +00:00
2018-05-11 13:24:24 +00:00
import logging
import os
import sys
import warnings
from types import SimpleNamespace
from mnemonic import Mnemonic
from . import MINIMUM_FIRMWARE_VERSION, exceptions, messages, tools
from .messages import Capability
2017-06-23 19:31:42 +00:00
if sys.version_info.major < 3:
2018-02-27 15:30:32 +00:00
raise Exception("Trezorlib does not support Python 2 anymore.")
2018-05-11 13:24:24 +00:00
LOG = logging.getLogger(__name__)
2018-11-14 13:44:05 +00:00
VENDORS = ("bitcointrezor.com", "trezor.io")
MAX_PASSPHRASE_LENGTH = 50
PASSPHRASE_ON_DEVICE = object()
2020-02-10 15:14:21 +00:00
PASSPHRASE_TEST_PATH = tools.parse_path("44h/1h/19h/0/1337")
DEPRECATION_ERROR = """
Incompatible Trezor library detected.
(Original error: {})
""".strip()
OUTDATED_FIRMWARE_ERROR = """
Your Trezor firmware is out of date. Update it with the following command:
trezorctl firmware-update
Or visit https://wallet.trezor.io/
""".strip()
2017-06-23 19:31:42 +00:00
def _no_ui_selected(*args, **kwargs):
raise RuntimeError(
"You did not supply a UI object. You were warned that this would crash soon. "
"That's what happened now.\n "
"You need to supply a UI object to TrezorClient constructor."
)
_NO_UI_OBJECT = SimpleNamespace(
button_request=_no_ui_selected,
get_passphrase=_no_ui_selected,
get_pin=_no_ui_selected,
)
2014-02-13 15:46:21 +00:00
def get_buttonrequest_value(code):
# Converts integer code to its string representation of ButtonRequestType
2018-08-13 16:21:24 +00:00
return [
k
2018-11-13 15:17:04 +00:00
for k in dir(messages.ButtonRequestType)
if getattr(messages.ButtonRequestType, k) == code
2018-08-13 16:21:24 +00:00
][0]
2017-06-23 19:31:42 +00:00
2014-02-02 17:27:44 +00:00
def get_default_client(path=None, ui=None, **kwargs):
"""Get a client for a connected Trezor device.
Returns a TrezorClient instance with minimum fuss.
If path is specified, does a prefix-search for the specified device. Otherwise, uses
the value of TREZOR_PATH env variable, or finds first connected Trezor.
If no UI is supplied, instantiates the default CLI UI.
"""
from .transport import get_transport
from .ui import ClickUI
if path is None:
path = os.getenv("TREZOR_PATH")
transport = get_transport(path, prefix_search=True)
if ui is None:
ui = ClickUI()
return TrezorClient(transport, ui, **kwargs)
class TrezorClient:
2018-11-14 13:44:05 +00:00
"""Trezor client, a connection to a Trezor device.
This class allows you to manage connection state, send and receive protobuf
messages, handle user interactions, and perform some generic tasks
(send a cancel message, initialize or clear a session, ping the device).
You have to provide a transport, i.e., a raw connection to the device. You can use
`trezorlib.transport.get_transport` to find one.
You have to provide an UI implementation for the three kinds of interaction:
- button request (notify the user that their interaction is needed)
- PIN request (on T1, ask the user to input numbers for a PIN matrix)
- passphrase request (ask the user to enter a passphrase)
See `trezorlib.ui` for details.
You can supply a `session_id` you might have saved in the previous session.
If you do, the user might not need to enter their passphrase again.
2018-11-14 13:44:05 +00:00
"""
def __init__(
self, transport, ui=_NO_UI_OBJECT, session_id=None,
):
LOG.info("creating client instance for device: {}".format(transport.get_path()))
2017-09-04 11:36:08 +00:00
self.transport = transport
self.ui = ui
self.session_id = session_id
# XXX remove when old Electrum has been cycled out.
# explanation: We changed the API in 0.11 and this broke older versions
# of Electrum (incl. all its forks). We want to display an intelligent error
# message instead of crashing for no reason (see DEPRECATION_ERROR and MovedTo),
# so we are not allowed to crash in constructor.
# I'd keep this until, say, end of 2019 (or version 0.12), and then drop
# the default value for `ui` argument and all related functionality.
if ui is _NO_UI_OBJECT:
warnings.warn("UI object not supplied. This will probably crash soon.")
self.session_counter = 0
self.init_device()
def open(self):
if self.session_counter == 0:
self.transport.begin_session()
self.session_counter += 1
def close(self):
self.session_counter = max(self.session_counter - 1, 0)
if self.session_counter == 0:
self.transport.end_session()
2016-02-10 15:46:58 +00:00
def cancel(self):
2018-11-13 15:17:04 +00:00
self._raw_write(messages.Cancel())
2016-02-10 15:46:58 +00:00
def call_raw(self, msg):
__tracebackhide__ = True # for pytest # pylint: disable=W0612
self._raw_write(msg)
return self._raw_read()
def _raw_write(self, msg):
2018-08-13 16:21:24 +00:00
__tracebackhide__ = True # for pytest # pylint: disable=W0612
2017-09-04 11:36:08 +00:00
self.transport.write(msg)
def _raw_read(self):
__tracebackhide__ = True # for pytest # pylint: disable=W0612
2017-09-04 11:36:08 +00:00
return self.transport.read()
def _callback_pin(self, msg):
try:
pin = self.ui.get_pin(msg.type)
except exceptions.Cancelled:
self.call_raw(messages.Cancel())
raise
if any(d not in "123456789" for d in pin) or not (1 <= len(pin) <= 9):
self.call_raw(messages.Cancel())
raise ValueError("Invalid PIN provided")
2014-02-13 15:46:21 +00:00
2018-11-13 15:17:04 +00:00
resp = self.call_raw(messages.PinMatrixAck(pin=pin))
if isinstance(resp, messages.Failure) and resp.code in (
messages.FailureType.PinInvalid,
messages.FailureType.PinCancelled,
messages.FailureType.PinExpected,
2018-08-13 16:21:24 +00:00
):
raise exceptions.PinException(resp.code, resp.message)
2014-03-28 15:26:48 +00:00
else:
return resp
2014-02-13 15:46:21 +00:00
def _callback_passphrase(self, msg: messages.PassphraseRequest):
available_on_device = Capability.PassphraseEntry in self.features.capabilities
def send_passphrase(passphrase=None, on_device=None):
msg = messages.PassphraseAck(passphrase=passphrase, on_device=on_device)
resp = self.call_raw(msg)
if isinstance(resp, messages.Deprecated_PassphraseStateRequest):
self.session_id = resp.state
resp = self.call_raw(messages.Deprecated_PassphraseStateAck())
return resp
# short-circuit old style entry
if msg._on_device is True:
return send_passphrase(None, None)
try:
passphrase = self.ui.get_passphrase(available_on_device=available_on_device)
except exceptions.Cancelled:
self.call_raw(messages.Cancel())
raise
2014-02-13 15:46:21 +00:00
if passphrase is PASSPHRASE_ON_DEVICE:
if not available_on_device:
self.call_raw(messages.Cancel())
raise RuntimeError("Device is not capable of entering passphrase")
else:
return send_passphrase(on_device=True)
# else process host-entered passphrase
passphrase = Mnemonic.normalize_string(passphrase)
if len(passphrase) > MAX_PASSPHRASE_LENGTH:
self.call_raw(messages.Cancel())
raise ValueError("Passphrase too long")
return send_passphrase(passphrase, on_device=False)
2016-01-12 23:17:38 +00:00
def _callback_button(self, msg):
__tracebackhide__ = True # for pytest # pylint: disable=W0612
# do this raw - send ButtonAck first, notify UI later
2018-11-13 15:17:04 +00:00
self._raw_write(messages.ButtonAck())
self.ui.button_request(msg.code)
return self._raw_read()
2014-02-13 15:46:21 +00:00
@tools.session
def call(self, msg):
self.check_firmware_version()
resp = self.call_raw(msg)
while True:
2018-11-13 15:17:04 +00:00
if isinstance(resp, messages.PinMatrixRequest):
resp = self._callback_pin(resp)
2018-11-13 15:17:04 +00:00
elif isinstance(resp, messages.PassphraseRequest):
resp = self._callback_passphrase(resp)
2018-11-13 15:17:04 +00:00
elif isinstance(resp, messages.ButtonRequest):
resp = self._callback_button(resp)
2018-11-13 15:17:04 +00:00
elif isinstance(resp, messages.Failure):
if resp.code == messages.FailureType.ActionCancelled:
raise exceptions.Cancelled
raise exceptions.TrezorFailure(resp)
else:
return resp
2014-02-13 15:46:21 +00:00
@tools.session
2014-02-13 15:46:21 +00:00
def init_device(self):
resp = self.call_raw(messages.Initialize(session_id=self.session_id))
2018-11-13 15:17:04 +00:00
if not isinstance(resp, messages.Features):
raise exceptions.TrezorException("Unexpected initial response")
else:
self.features = resp
2018-11-14 13:44:05 +00:00
if self.features.vendor not in VENDORS:
raise RuntimeError("Unsupported device")
# A side-effect of this is a sanity check for broken protobuf definitions.
# If the `vendor` field doesn't exist, you probably have a mismatched
# checkout of trezor-common.
self.version = (
self.features.major_version,
self.features.minor_version,
self.features.patch_version,
)
self.check_firmware_version(warn_only=True)
if self.features.session_id is not None:
self.session_id = self.features.session_id
def is_outdated(self):
if self.features.bootloader_mode:
return False
model = self.features.model or "1"
required_version = MINIMUM_FIRMWARE_VERSION[model]
return self.version < required_version
def check_firmware_version(self, warn_only=False):
if self.is_outdated():
if warn_only:
warnings.warn(OUTDATED_FIRMWARE_ERROR, stacklevel=2)
else:
raise exceptions.OutdatedFirmwareError(OUTDATED_FIRMWARE_ERROR)
2018-11-13 15:17:04 +00:00
@tools.expect(messages.Success, field="message")
2018-08-13 16:21:24 +00:00
def ping(
2020-01-21 09:05:48 +00:00
self, msg, button_protection=False,
2018-08-13 16:21:24 +00:00
):
# We would like ping to work on any valid TrezorClient instance, but
# due to the protection modes, we need to go through self.call, and that will
# raise an exception if the firmware is too old.
# So we short-circuit the simplest variant of ping with call_raw.
2020-01-21 09:05:48 +00:00
if not button_protection:
# XXX this should be: `with self:`
try:
self.open()
return self.call_raw(messages.Ping(message=msg))
finally:
self.close()
2020-01-21 09:05:48 +00:00
msg = messages.Ping(message=msg, button_protection=button_protection,)
2014-02-13 15:46:21 +00:00
return self.call(msg)
2013-10-08 18:33:39 +00:00
def get_device_id(self):
return self.features.device_id
@tools.session
def clear_session(self):
resp = self.call_raw(messages.ClearSession())
if isinstance(resp, messages.Success):
self.session_id = None
self.init_device()
return resp.message
else:
return resp
def MovedTo(where):
def moved_to(*args, **kwargs):
msg = "Function has been moved to " + where
raise RuntimeError(DEPRECATION_ERROR.format(msg))
return moved_to
class ProtocolMixin(object):
"""Fake mixin for old-style software that constructed TrezorClient class
from separate mixins.
Now it only simulates existence of original attributes to prevent some early
crashes, and raises errors when any of the attributes are actually called.
"""
def __init__(self, *args, **kwargs):
warnings.warn("TrezorClient mixins are not supported anymore")
self.tx_api = None # Electrum checks that this attribute exists
super().__init__(*args, **kwargs)
def set_tx_api(self, tx_api):
warnings.warn("set_tx_api is deprecated, use new arguments to sign_tx")
@staticmethod
def expand_path(n):
warnings.warn(
"expand_path is deprecated, use tools.parse_path",
DeprecationWarning,
stacklevel=2,
)
return tools.parse_path(n)
# Device functionality
wipe_device = MovedTo("device.wipe")
recovery_device = MovedTo("device.recover")
reset_device = MovedTo("device.reset")
backup_device = MovedTo("device.backup")
set_u2f_counter = MovedTo("fido.set_counter")
apply_settings = MovedTo("device.apply_settings")
apply_flags = MovedTo("device.apply_flags")
change_pin = MovedTo("device.change_pin")
# Firmware functionality
firmware_update = MovedTo("firmware.update")
# BTC-like functionality
get_public_node = MovedTo("btc.get_public_node")
get_address = MovedTo("btc.get_address")
sign_tx = MovedTo("btc.sign_tx")
sign_message = MovedTo("btc.sign_message")
verify_message = MovedTo("btc.verify_message")
# CoSi functionality
cosi_commit = MovedTo("cosi.commit")
cosi_sign = MovedTo("cosi.sign")
# Ethereum functionality
ethereum_get_address = MovedTo("ethereum.get_address")
ethereum_sign_tx = MovedTo("ethereum.sign_tx")
ethereum_sign_message = MovedTo("ethereum.sign_message")
ethereum_verify_message = MovedTo("ethereum.verify_message")
# Lisk functionality
lisk_get_address = MovedTo("lisk.get_address")
lisk_get_public_key = MovedTo("lisk.get_public_key")
lisk_sign_message = MovedTo("lisk.sign_message")
lisk_verify_message = MovedTo("lisk.verify_message")
lisk_sign_tx = MovedTo("lisk.sign_tx")
# NEM functionality
nem_get_address = MovedTo("nem.get_address")
nem_sign_tx = MovedTo("nem.sign_tx")
# Stellar functionality
stellar_get_address = MovedTo("stellar.get_address")
stellar_sign_transaction = MovedTo("stellar.sign_tx")
2018-06-13 17:35:01 +00:00
# Miscellaneous cryptographic functionality
get_entropy = MovedTo("misc.get_entropy")
sign_identity = MovedTo("misc.sign_identity")
get_ecdh_session_key = MovedTo("misc.get_ecdh_session_key")
encrypt_keyvalue = MovedTo("misc.encrypt_keyvalue")
decrypt_keyvalue = MovedTo("misc.decrypt_keyvalue")
# Debug device functionality
load_device_by_mnemonic = MovedTo("debuglink.load_device")
2018-04-04 01:50:22 +00:00
class BaseClient:
"""Compatibility proxy for original BaseClient class.
Prevents early crash in Electrum forks and possibly other software.
"""
def __init__(self, *args, **kwargs):
warnings.warn("TrezorClient mixins are not supported anymore")
self.trezor_client = TrezorClient(*args, **kwargs)
2017-06-23 19:31:42 +00:00
def __getattr__(self, key):
return getattr(self.trezor_client, key)
# further Electrum compatibility
proto = None