2018-11-08 17:15:49 +00:00
|
|
|
# This file is part of the Trezor project.
|
|
|
|
#
|
2021-11-26 14:50:43 +00:00
|
|
|
# Copyright (C) 2012-2022 SatoshiLabs and contributors
|
2018-11-08 17:15:49 +00:00
|
|
|
#
|
|
|
|
# This library is free software: you can redistribute it and/or modify
|
|
|
|
# it under the terms of the GNU Lesser General Public License version 3
|
|
|
|
# as published by the Free Software Foundation.
|
|
|
|
#
|
|
|
|
# This library is distributed in the hope that it will be useful,
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
# GNU Lesser General Public License for more details.
|
|
|
|
#
|
|
|
|
# You should have received a copy of the License along with this library.
|
|
|
|
# If not, see <https://www.gnu.org/licenses/lgpl-3.0.html>.
|
|
|
|
|
2018-10-12 13:58:55 +00:00
|
|
|
import hashlib
|
|
|
|
from enum import Enum
|
2021-11-15 12:23:18 +00:00
|
|
|
from hashlib import blake2s
|
feat(python): add full type information
WIP - typing the trezorctl apps
typing functions trezorlib/cli
addressing most of mypy issue for trezorlib apps and _internal folder
fixing broken device tests by changing asserts in debuglink.py
addressing most of mypy issues in trezorlib/cli folder
adding types to some untyped functions, mypy section in setup.cfg
typing what can be typed, some mypy fixes, resolving circular import issues
importing type objects in "if TYPE_CHECKING:" branch
fixing CI by removing assert in emulator, better ignore comments
CI assert fix, style fixes, new config options
fixup! CI assert fix, style fixes, new config options
type fixes after rebasing on master
fixing python3.6 and 3.7 unittests by importing Literal from typing_extensions
couple mypy and style fixes
fixes and improvements from code review
silencing all but one mypy issues
trial of typing the tools.expect function
fixup! trial of typing the tools.expect function
@expect and @session decorators correctly type-checked
Optional args in CLI where relevant, not using general list/tuple/dict where possible
python/Makefile commands, adding them into CI, ignoring last mypy issue
documenting overload for expect decorator, two mypy fixes coming from that
black style fix
improved typing of decorators, pyright config file
addressing or ignoring pyright errors, replacing mypy in CI by pyright
fixing incomplete assert causing device tests to fail
pyright issue that showed in CI but not locally, printing pyright version in CI
fixup! pyright issue that showed in CI but not locally, printing pyright version in CI
unifying type:ignore statements for pyright usage
resolving PIL.Image issues, pyrightconfig not excluding anything
replacing couple asserts with TypeGuard on safe_issubclass
better error handling of usb1 import for webusb
better error handling of hid import
small typing details found out by strict pyright mode
improvements from code review
chore(python): changing List to Sequence for protobuf messages
small code changes to reflect the protobuf change to Sequence
importing TypedDict from typing_extensions to support 3.6 and 3.7
simplify _format_access_list function
fixup! simplify _format_access_list function
typing tools folder
typing helper-scripts folder
some click typing
enforcing all functions to have typed arguments
reverting the changed argument name in tools
replacing TransportType with Transport
making PinMatrixRequest.type protobuf attribute required
reverting the protobuf change, making argument into get_pin Optional
small fixes in asserts
solving the session decorator type issues
fixup! solving the session decorator type issues
improvements from code review
fixing new pyright errors introduced after version increase
changing -> Iterable to -> Sequence in enumerate_devices, change in wait_for_devices
style change in debuglink.py
chore(python): adding type annotation to Sequences in messages.py
better "self and cls" types on Transport
fixup! better "self and cls" types on Transport
fixing some easy things from strict pyright run
2021-11-03 22:12:53 +00:00
|
|
|
from typing import TYPE_CHECKING, Any, Callable, List, Optional, Tuple
|
2018-10-12 13:58:55 +00:00
|
|
|
|
2018-06-13 17:04:18 +00:00
|
|
|
import construct as c
|
2018-10-12 13:58:55 +00:00
|
|
|
import ecdsa
|
2018-06-13 17:04:18 +00:00
|
|
|
|
2022-05-03 11:32:39 +00:00
|
|
|
from . import cosi, exceptions, messages
|
2022-04-22 22:19:07 +00:00
|
|
|
from .tools import expect, session
|
feat(python): add full type information
WIP - typing the trezorctl apps
typing functions trezorlib/cli
addressing most of mypy issue for trezorlib apps and _internal folder
fixing broken device tests by changing asserts in debuglink.py
addressing most of mypy issues in trezorlib/cli folder
adding types to some untyped functions, mypy section in setup.cfg
typing what can be typed, some mypy fixes, resolving circular import issues
importing type objects in "if TYPE_CHECKING:" branch
fixing CI by removing assert in emulator, better ignore comments
CI assert fix, style fixes, new config options
fixup! CI assert fix, style fixes, new config options
type fixes after rebasing on master
fixing python3.6 and 3.7 unittests by importing Literal from typing_extensions
couple mypy and style fixes
fixes and improvements from code review
silencing all but one mypy issues
trial of typing the tools.expect function
fixup! trial of typing the tools.expect function
@expect and @session decorators correctly type-checked
Optional args in CLI where relevant, not using general list/tuple/dict where possible
python/Makefile commands, adding them into CI, ignoring last mypy issue
documenting overload for expect decorator, two mypy fixes coming from that
black style fix
improved typing of decorators, pyright config file
addressing or ignoring pyright errors, replacing mypy in CI by pyright
fixing incomplete assert causing device tests to fail
pyright issue that showed in CI but not locally, printing pyright version in CI
fixup! pyright issue that showed in CI but not locally, printing pyright version in CI
unifying type:ignore statements for pyright usage
resolving PIL.Image issues, pyrightconfig not excluding anything
replacing couple asserts with TypeGuard on safe_issubclass
better error handling of usb1 import for webusb
better error handling of hid import
small typing details found out by strict pyright mode
improvements from code review
chore(python): changing List to Sequence for protobuf messages
small code changes to reflect the protobuf change to Sequence
importing TypedDict from typing_extensions to support 3.6 and 3.7
simplify _format_access_list function
fixup! simplify _format_access_list function
typing tools folder
typing helper-scripts folder
some click typing
enforcing all functions to have typed arguments
reverting the changed argument name in tools
replacing TransportType with Transport
making PinMatrixRequest.type protobuf attribute required
reverting the protobuf change, making argument into get_pin Optional
small fixes in asserts
solving the session decorator type issues
fixup! solving the session decorator type issues
improvements from code review
fixing new pyright errors introduced after version increase
changing -> Iterable to -> Sequence in enumerate_devices, change in wait_for_devices
style change in debuglink.py
chore(python): adding type annotation to Sequences in messages.py
better "self and cls" types on Transport
fixup! better "self and cls" types on Transport
fixing some easy things from strict pyright run
2021-11-03 22:12:53 +00:00
|
|
|
|
|
|
|
if TYPE_CHECKING:
|
|
|
|
from .client import TrezorClient
|
2018-10-12 13:58:55 +00:00
|
|
|
|
|
|
|
V1_SIGNATURE_SLOTS = 3
|
2019-12-18 12:12:07 +00:00
|
|
|
V1_BOOTLOADER_KEYS = [
|
|
|
|
bytes.fromhex(key)
|
|
|
|
for key in (
|
|
|
|
"04d571b7f148c5e4232c3814f777d8faeaf1a84216c78d569b71041ffc768a5b2d810fc3bb134dd026b57e65005275aedef43e155f48fc11a32ec790a93312bd58",
|
|
|
|
"0463279c0c0866e50c05c799d32bd6bab0188b6de06536d1109d2ed9ce76cb335c490e55aee10cc901215132e853097d5432eda06b792073bd7740c94ce4516cb1",
|
|
|
|
"0443aedbb6f7e71c563f8ed2ef64ec9981482519e7ef4f4aa98b27854e8c49126d4956d300ab45fdc34cd26bc8710de0a31dbdf6de7435fd0b492be70ac75fde58",
|
|
|
|
"04877c39fd7c62237e038235e9c075dab261630f78eeb8edb92487159fffedfdf6046c6f8b881fa407c4a4ce6c28de0b19c1f4e29f1fcbc5a58ffd1432a3e0938a",
|
|
|
|
"047384c51ae81add0a523adbb186c91b906ffb64c2c765802bf26dbd13bdf12c319e80c2213a136c8ee03d7874fd22b70d68e7dee469decfbbb510ee9a460cda45",
|
|
|
|
)
|
|
|
|
]
|
2018-10-12 13:58:55 +00:00
|
|
|
|
2019-12-20 12:48:59 +00:00
|
|
|
V2_BOARDLOADER_KEYS = [
|
|
|
|
bytes.fromhex(key)
|
|
|
|
for key in (
|
|
|
|
"0eb9856be9ba7e972c7f34eac1ed9b6fd0efd172ec00faf0c589759da4ddfba0",
|
|
|
|
"ac8ab40b32c98655798fd5da5e192be27a22306ea05c6d277cdff4a3f4125cd8",
|
|
|
|
"ce0fcd12543ef5936cf2804982136707863d17295faced72af171d6e6513ff06",
|
|
|
|
)
|
|
|
|
]
|
|
|
|
|
|
|
|
V2_BOARDLOADER_DEV_KEYS = [
|
|
|
|
bytes.fromhex(key)
|
|
|
|
for key in (
|
|
|
|
"db995fe25169d141cab9bbba92baa01f9f2e1ece7df4cb2ac05190f37fcc1f9d",
|
|
|
|
"2152f8d19b791d24453242e15f2eab6cb7cffa7b6a5ed30097960e069881db12",
|
|
|
|
"22fc297792f0b6ffc0bfcfdb7edb0c0aa14e025a365ec0e342e86e3829cb74b6",
|
|
|
|
)
|
|
|
|
]
|
|
|
|
|
2018-10-12 13:58:55 +00:00
|
|
|
V2_BOOTLOADER_KEYS = [
|
2019-12-18 12:12:07 +00:00
|
|
|
bytes.fromhex(key)
|
|
|
|
for key in (
|
|
|
|
"c2c87a49c5a3460977fbb2ec9dfe60f06bd694db8244bd4981fe3b7a26307f3f",
|
|
|
|
"80d036b08739b846f4cb77593078deb25dc9487aedcf52e30b4fb7cd7024178a",
|
|
|
|
"b8307a71f552c60a4cbb317ff48b82cdbf6b6bb5f04c920fec7badf017883751",
|
|
|
|
)
|
2018-10-12 13:58:55 +00:00
|
|
|
]
|
2019-12-20 12:45:41 +00:00
|
|
|
|
|
|
|
V2_SIGS_REQUIRED = 2
|
2018-08-13 16:21:24 +00:00
|
|
|
|
2019-02-25 18:35:39 +00:00
|
|
|
ONEV2_CHUNK_SIZE = 1024 * 64
|
2018-10-12 13:58:55 +00:00
|
|
|
V2_CHUNK_SIZE = 1024 * 128
|
2018-06-13 17:04:18 +00:00
|
|
|
|
2018-10-12 13:58:55 +00:00
|
|
|
|
2018-11-01 17:03:15 +00:00
|
|
|
def _transform_vendor_trust(data: bytes) -> bytes:
|
|
|
|
"""Byte-swap and bit-invert the VendorTrust field.
|
|
|
|
|
|
|
|
Vendor trust is interpreted as a bitmask in a 16-bit little-endian integer,
|
|
|
|
with the added twist that 0 means set and 1 means unset.
|
|
|
|
We feed it to a `BitStruct` that expects a big-endian sequence where bits have
|
|
|
|
the traditional meaning. We must therefore do a bitwise negation of each byte,
|
|
|
|
and return them in reverse order. This is the same transformation both ways,
|
|
|
|
fortunately, so we don't need two separate functions.
|
|
|
|
"""
|
|
|
|
return bytes(~b & 0xFF for b in data)[::-1]
|
2018-06-13 17:04:18 +00:00
|
|
|
|
2018-08-13 16:21:24 +00:00
|
|
|
|
2019-02-25 18:35:39 +00:00
|
|
|
class FirmwareIntegrityError(Exception):
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
|
|
class InvalidSignatureError(FirmwareIntegrityError):
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
|
|
class Unsigned(FirmwareIntegrityError):
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
2019-11-28 13:44:00 +00:00
|
|
|
class ToifMode(Enum):
|
|
|
|
full_color = b"f"
|
|
|
|
grayscale = b"g"
|
|
|
|
|
|
|
|
|
2019-12-18 12:14:44 +00:00
|
|
|
class HeaderType(Enum):
|
|
|
|
FIRMWARE = b"TRZF"
|
|
|
|
BOOTLOADER = b"TRZB"
|
|
|
|
|
|
|
|
|
2019-11-28 13:44:00 +00:00
|
|
|
class EnumAdapter(c.Adapter):
|
feat(python): add full type information
WIP - typing the trezorctl apps
typing functions trezorlib/cli
addressing most of mypy issue for trezorlib apps and _internal folder
fixing broken device tests by changing asserts in debuglink.py
addressing most of mypy issues in trezorlib/cli folder
adding types to some untyped functions, mypy section in setup.cfg
typing what can be typed, some mypy fixes, resolving circular import issues
importing type objects in "if TYPE_CHECKING:" branch
fixing CI by removing assert in emulator, better ignore comments
CI assert fix, style fixes, new config options
fixup! CI assert fix, style fixes, new config options
type fixes after rebasing on master
fixing python3.6 and 3.7 unittests by importing Literal from typing_extensions
couple mypy and style fixes
fixes and improvements from code review
silencing all but one mypy issues
trial of typing the tools.expect function
fixup! trial of typing the tools.expect function
@expect and @session decorators correctly type-checked
Optional args in CLI where relevant, not using general list/tuple/dict where possible
python/Makefile commands, adding them into CI, ignoring last mypy issue
documenting overload for expect decorator, two mypy fixes coming from that
black style fix
improved typing of decorators, pyright config file
addressing or ignoring pyright errors, replacing mypy in CI by pyright
fixing incomplete assert causing device tests to fail
pyright issue that showed in CI but not locally, printing pyright version in CI
fixup! pyright issue that showed in CI but not locally, printing pyright version in CI
unifying type:ignore statements for pyright usage
resolving PIL.Image issues, pyrightconfig not excluding anything
replacing couple asserts with TypeGuard on safe_issubclass
better error handling of usb1 import for webusb
better error handling of hid import
small typing details found out by strict pyright mode
improvements from code review
chore(python): changing List to Sequence for protobuf messages
small code changes to reflect the protobuf change to Sequence
importing TypedDict from typing_extensions to support 3.6 and 3.7
simplify _format_access_list function
fixup! simplify _format_access_list function
typing tools folder
typing helper-scripts folder
some click typing
enforcing all functions to have typed arguments
reverting the changed argument name in tools
replacing TransportType with Transport
making PinMatrixRequest.type protobuf attribute required
reverting the protobuf change, making argument into get_pin Optional
small fixes in asserts
solving the session decorator type issues
fixup! solving the session decorator type issues
improvements from code review
fixing new pyright errors introduced after version increase
changing -> Iterable to -> Sequence in enumerate_devices, change in wait_for_devices
style change in debuglink.py
chore(python): adding type annotation to Sequences in messages.py
better "self and cls" types on Transport
fixup! better "self and cls" types on Transport
fixing some easy things from strict pyright run
2021-11-03 22:12:53 +00:00
|
|
|
def __init__(self, subcon: Any, enum: Any) -> None:
|
2019-11-28 13:44:00 +00:00
|
|
|
self.enum = enum
|
|
|
|
super().__init__(subcon)
|
|
|
|
|
feat(python): add full type information
WIP - typing the trezorctl apps
typing functions trezorlib/cli
addressing most of mypy issue for trezorlib apps and _internal folder
fixing broken device tests by changing asserts in debuglink.py
addressing most of mypy issues in trezorlib/cli folder
adding types to some untyped functions, mypy section in setup.cfg
typing what can be typed, some mypy fixes, resolving circular import issues
importing type objects in "if TYPE_CHECKING:" branch
fixing CI by removing assert in emulator, better ignore comments
CI assert fix, style fixes, new config options
fixup! CI assert fix, style fixes, new config options
type fixes after rebasing on master
fixing python3.6 and 3.7 unittests by importing Literal from typing_extensions
couple mypy and style fixes
fixes and improvements from code review
silencing all but one mypy issues
trial of typing the tools.expect function
fixup! trial of typing the tools.expect function
@expect and @session decorators correctly type-checked
Optional args in CLI where relevant, not using general list/tuple/dict where possible
python/Makefile commands, adding them into CI, ignoring last mypy issue
documenting overload for expect decorator, two mypy fixes coming from that
black style fix
improved typing of decorators, pyright config file
addressing or ignoring pyright errors, replacing mypy in CI by pyright
fixing incomplete assert causing device tests to fail
pyright issue that showed in CI but not locally, printing pyright version in CI
fixup! pyright issue that showed in CI but not locally, printing pyright version in CI
unifying type:ignore statements for pyright usage
resolving PIL.Image issues, pyrightconfig not excluding anything
replacing couple asserts with TypeGuard on safe_issubclass
better error handling of usb1 import for webusb
better error handling of hid import
small typing details found out by strict pyright mode
improvements from code review
chore(python): changing List to Sequence for protobuf messages
small code changes to reflect the protobuf change to Sequence
importing TypedDict from typing_extensions to support 3.6 and 3.7
simplify _format_access_list function
fixup! simplify _format_access_list function
typing tools folder
typing helper-scripts folder
some click typing
enforcing all functions to have typed arguments
reverting the changed argument name in tools
replacing TransportType with Transport
making PinMatrixRequest.type protobuf attribute required
reverting the protobuf change, making argument into get_pin Optional
small fixes in asserts
solving the session decorator type issues
fixup! solving the session decorator type issues
improvements from code review
fixing new pyright errors introduced after version increase
changing -> Iterable to -> Sequence in enumerate_devices, change in wait_for_devices
style change in debuglink.py
chore(python): adding type annotation to Sequences in messages.py
better "self and cls" types on Transport
fixup! better "self and cls" types on Transport
fixing some easy things from strict pyright run
2021-11-03 22:12:53 +00:00
|
|
|
def _encode(self, obj: Any, ctx: Any, path: Any):
|
2019-11-28 13:44:00 +00:00
|
|
|
return obj.value
|
|
|
|
|
feat(python): add full type information
WIP - typing the trezorctl apps
typing functions trezorlib/cli
addressing most of mypy issue for trezorlib apps and _internal folder
fixing broken device tests by changing asserts in debuglink.py
addressing most of mypy issues in trezorlib/cli folder
adding types to some untyped functions, mypy section in setup.cfg
typing what can be typed, some mypy fixes, resolving circular import issues
importing type objects in "if TYPE_CHECKING:" branch
fixing CI by removing assert in emulator, better ignore comments
CI assert fix, style fixes, new config options
fixup! CI assert fix, style fixes, new config options
type fixes after rebasing on master
fixing python3.6 and 3.7 unittests by importing Literal from typing_extensions
couple mypy and style fixes
fixes and improvements from code review
silencing all but one mypy issues
trial of typing the tools.expect function
fixup! trial of typing the tools.expect function
@expect and @session decorators correctly type-checked
Optional args in CLI where relevant, not using general list/tuple/dict where possible
python/Makefile commands, adding them into CI, ignoring last mypy issue
documenting overload for expect decorator, two mypy fixes coming from that
black style fix
improved typing of decorators, pyright config file
addressing or ignoring pyright errors, replacing mypy in CI by pyright
fixing incomplete assert causing device tests to fail
pyright issue that showed in CI but not locally, printing pyright version in CI
fixup! pyright issue that showed in CI but not locally, printing pyright version in CI
unifying type:ignore statements for pyright usage
resolving PIL.Image issues, pyrightconfig not excluding anything
replacing couple asserts with TypeGuard on safe_issubclass
better error handling of usb1 import for webusb
better error handling of hid import
small typing details found out by strict pyright mode
improvements from code review
chore(python): changing List to Sequence for protobuf messages
small code changes to reflect the protobuf change to Sequence
importing TypedDict from typing_extensions to support 3.6 and 3.7
simplify _format_access_list function
fixup! simplify _format_access_list function
typing tools folder
typing helper-scripts folder
some click typing
enforcing all functions to have typed arguments
reverting the changed argument name in tools
replacing TransportType with Transport
making PinMatrixRequest.type protobuf attribute required
reverting the protobuf change, making argument into get_pin Optional
small fixes in asserts
solving the session decorator type issues
fixup! solving the session decorator type issues
improvements from code review
fixing new pyright errors introduced after version increase
changing -> Iterable to -> Sequence in enumerate_devices, change in wait_for_devices
style change in debuglink.py
chore(python): adding type annotation to Sequences in messages.py
better "self and cls" types on Transport
fixup! better "self and cls" types on Transport
fixing some easy things from strict pyright run
2021-11-03 22:12:53 +00:00
|
|
|
def _decode(self, obj: Any, ctx: Any, path: Any):
|
2019-11-28 13:44:00 +00:00
|
|
|
try:
|
|
|
|
return self.enum(obj)
|
|
|
|
except ValueError:
|
|
|
|
return obj
|
|
|
|
|
|
|
|
|
2018-08-13 16:21:24 +00:00
|
|
|
# fmt: off
|
2018-06-13 17:04:18 +00:00
|
|
|
Toif = c.Struct(
|
|
|
|
"magic" / c.Const(b"TOI"),
|
2019-11-28 13:44:00 +00:00
|
|
|
"format" / EnumAdapter(c.Bytes(1), ToifMode),
|
2018-06-13 17:04:18 +00:00
|
|
|
"width" / c.Int16ul,
|
|
|
|
"height" / c.Int16ul,
|
|
|
|
"data" / c.Prefixed(c.Int32ul, c.GreedyBytes),
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
VendorTrust = c.Transformed(c.BitStruct(
|
2019-12-18 12:13:32 +00:00
|
|
|
"_reserved" / c.Default(c.BitsInteger(9), 0),
|
2018-06-13 17:04:18 +00:00
|
|
|
"show_vendor_string" / c.Flag,
|
|
|
|
"require_user_click" / c.Flag,
|
|
|
|
"red_background" / c.Flag,
|
|
|
|
"delay" / c.BitsInteger(4),
|
2018-11-01 17:03:15 +00:00
|
|
|
), _transform_vendor_trust, 2, _transform_vendor_trust, 2)
|
2018-06-13 17:04:18 +00:00
|
|
|
|
|
|
|
|
|
|
|
VendorHeader = c.Struct(
|
|
|
|
"_start_offset" / c.Tell,
|
|
|
|
"magic" / c.Const(b"TRZV"),
|
2020-02-05 11:23:34 +00:00
|
|
|
"header_len" / c.Int32ul,
|
2018-06-13 17:04:18 +00:00
|
|
|
"expiry" / c.Int32ul,
|
|
|
|
"version" / c.Struct(
|
|
|
|
"major" / c.Int8ul,
|
|
|
|
"minor" / c.Int8ul,
|
|
|
|
),
|
2019-12-20 12:50:44 +00:00
|
|
|
"sig_m" / c.Int8ul,
|
|
|
|
"sig_n" / c.Rebuild(c.Int8ul, c.len_(c.this.pubkeys)),
|
|
|
|
"trust" / VendorTrust,
|
2019-12-18 12:13:32 +00:00
|
|
|
"_reserved" / c.Padding(14),
|
2019-12-20 12:50:44 +00:00
|
|
|
"pubkeys" / c.Bytes(32)[c.this.sig_n],
|
|
|
|
"text" / c.Aligned(4, c.PascalString(c.Int8ul, "utf-8")),
|
|
|
|
"image" / Toif,
|
2020-02-05 11:23:34 +00:00
|
|
|
"_end_offset" / c.Tell,
|
|
|
|
|
|
|
|
"_min_header_len" / c.Check(c.this.header_len > (c.this._end_offset - c.this._start_offset) + 65),
|
|
|
|
"_header_len_aligned" / c.Check(c.this.header_len % 512 == 0),
|
2018-06-13 17:04:18 +00:00
|
|
|
|
2020-02-05 11:23:34 +00:00
|
|
|
c.Padding(c.this.header_len - c.this._end_offset + c.this._start_offset - 65),
|
2018-06-13 17:04:18 +00:00
|
|
|
"sigmask" / c.Byte,
|
|
|
|
"signature" / c.Bytes(64),
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
VersionLong = c.Struct(
|
|
|
|
"major" / c.Int8ul,
|
|
|
|
"minor" / c.Int8ul,
|
|
|
|
"patch" / c.Int8ul,
|
|
|
|
"build" / c.Int8ul,
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
FirmwareHeader = c.Struct(
|
|
|
|
"_start_offset" / c.Tell,
|
2019-12-18 12:14:44 +00:00
|
|
|
"magic" / EnumAdapter(c.Bytes(4), HeaderType),
|
2019-02-25 18:35:39 +00:00
|
|
|
"header_len" / c.Int32ul,
|
2018-06-13 17:04:18 +00:00
|
|
|
"expiry" / c.Int32ul,
|
|
|
|
"code_length" / c.Rebuild(
|
|
|
|
c.Int32ul,
|
|
|
|
lambda this:
|
|
|
|
len(this._.code) if "code" in this._
|
2018-10-12 13:58:55 +00:00
|
|
|
else (this.code_length or 0)
|
|
|
|
),
|
2018-06-13 17:04:18 +00:00
|
|
|
"version" / VersionLong,
|
|
|
|
"fix_version" / VersionLong,
|
2019-12-18 12:13:32 +00:00
|
|
|
"_reserved" / c.Padding(8),
|
2018-06-13 17:04:18 +00:00
|
|
|
"hashes" / c.Bytes(32)[16],
|
|
|
|
|
2019-02-25 18:35:39 +00:00
|
|
|
"v1_signatures" / c.Bytes(64)[V1_SIGNATURE_SLOTS],
|
|
|
|
"v1_key_indexes" / c.Int8ul[V1_SIGNATURE_SLOTS], # pylint: disable=E1136
|
|
|
|
|
2019-12-18 12:13:32 +00:00
|
|
|
"_reserved" / c.Padding(220),
|
2018-06-13 17:04:18 +00:00
|
|
|
"sigmask" / c.Byte,
|
|
|
|
"signature" / c.Bytes(64),
|
|
|
|
|
|
|
|
"_end_offset" / c.Tell,
|
2019-02-25 18:35:39 +00:00
|
|
|
|
|
|
|
"_rebuild_header_len" / c.If(
|
|
|
|
c.this.version.major > 1,
|
|
|
|
c.Pointer(
|
|
|
|
c.this._start_offset + 4,
|
|
|
|
c.Rebuild(c.Int32ul, c.this._end_offset - c.this._start_offset)
|
|
|
|
),
|
2018-08-13 16:21:24 +00:00
|
|
|
),
|
2018-06-13 17:04:18 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
2019-12-18 14:44:51 +00:00
|
|
|
"""Raw firmware image.
|
|
|
|
|
|
|
|
Consists of firmware header and code block.
|
|
|
|
This is the expected format of firmware binaries for Trezor One, or bootloader images
|
|
|
|
for Trezor T."""
|
|
|
|
FirmwareImage = c.Struct(
|
|
|
|
"header" / FirmwareHeader,
|
2018-10-12 13:58:55 +00:00
|
|
|
"_code_offset" / c.Tell,
|
2019-12-18 14:44:51 +00:00
|
|
|
"code" / c.Bytes(c.this.header.code_length),
|
2018-06-13 17:04:18 +00:00
|
|
|
c.Terminated,
|
|
|
|
)
|
2018-10-12 13:58:55 +00:00
|
|
|
|
|
|
|
|
2019-12-18 14:44:51 +00:00
|
|
|
"""Firmware image prefixed by a vendor header.
|
|
|
|
|
|
|
|
This is the expected format of firmware binaries for Trezor T."""
|
|
|
|
VendorFirmware = c.Struct(
|
|
|
|
"vendor_header" / VendorHeader,
|
|
|
|
"image" / FirmwareImage,
|
2019-02-25 18:35:39 +00:00
|
|
|
c.Terminated,
|
|
|
|
)
|
|
|
|
|
|
|
|
|
2019-12-18 14:44:51 +00:00
|
|
|
"""Legacy firmware image.
|
|
|
|
Consists of a custom header and code block.
|
|
|
|
This is the expected format of firmware binaries for Trezor One pre-1.8.0.
|
|
|
|
|
|
|
|
The code block can optionally be interpreted as a new-style firmware image. That is the
|
|
|
|
expected format of firmware binary for Trezor One version 1.8.0, which can be installed
|
|
|
|
by both the older and the newer bootloader."""
|
|
|
|
LegacyFirmware = c.Struct(
|
2018-10-12 13:58:55 +00:00
|
|
|
"magic" / c.Const(b"TRZR"),
|
|
|
|
"code_length" / c.Rebuild(c.Int32ul, c.len_(c.this.code)),
|
|
|
|
"key_indexes" / c.Int8ul[V1_SIGNATURE_SLOTS], # pylint: disable=E1136
|
|
|
|
"flags" / c.BitStruct(
|
|
|
|
c.Padding(7),
|
|
|
|
"restore_storage" / c.Flag,
|
|
|
|
),
|
2019-12-18 12:13:32 +00:00
|
|
|
"_reserved" / c.Padding(52),
|
2018-10-12 13:58:55 +00:00
|
|
|
"signatures" / c.Bytes(64)[V1_SIGNATURE_SLOTS],
|
|
|
|
"code" / c.Bytes(c.this.code_length),
|
|
|
|
c.Terminated,
|
2019-02-25 18:35:39 +00:00
|
|
|
|
2019-12-18 14:44:51 +00:00
|
|
|
"embedded_onev2" / c.RestreamData(c.this.code, c.Optional(FirmwareImage)),
|
2018-10-12 13:58:55 +00:00
|
|
|
)
|
|
|
|
|
2018-08-13 16:21:24 +00:00
|
|
|
# fmt: on
|
2018-06-13 17:04:18 +00:00
|
|
|
|
|
|
|
|
2018-10-12 13:58:55 +00:00
|
|
|
class FirmwareFormat(Enum):
|
|
|
|
TREZOR_ONE = 1
|
|
|
|
TREZOR_T = 2
|
2019-02-25 18:35:39 +00:00
|
|
|
TREZOR_ONE_V2 = 3
|
2018-10-12 13:58:55 +00:00
|
|
|
|
|
|
|
|
2019-12-18 14:44:51 +00:00
|
|
|
ParsedFirmware = Tuple[FirmwareFormat, c.Container]
|
2018-10-12 13:58:55 +00:00
|
|
|
|
|
|
|
|
|
|
|
def parse(data: bytes) -> ParsedFirmware:
|
|
|
|
if data[:4] == b"TRZR":
|
|
|
|
version = FirmwareFormat.TREZOR_ONE
|
2019-12-18 14:44:51 +00:00
|
|
|
cls = LegacyFirmware
|
2018-10-12 13:58:55 +00:00
|
|
|
elif data[:4] == b"TRZV":
|
|
|
|
version = FirmwareFormat.TREZOR_T
|
2019-12-18 14:44:51 +00:00
|
|
|
cls = VendorFirmware
|
2019-02-25 18:35:39 +00:00
|
|
|
elif data[:4] == b"TRZF":
|
|
|
|
version = FirmwareFormat.TREZOR_ONE_V2
|
2019-12-18 14:44:51 +00:00
|
|
|
cls = FirmwareImage
|
2018-10-12 13:58:55 +00:00
|
|
|
else:
|
|
|
|
raise ValueError("Unrecognized firmware image type")
|
2018-06-13 17:04:18 +00:00
|
|
|
|
|
|
|
try:
|
2018-10-12 13:58:55 +00:00
|
|
|
fw = cls.parse(data)
|
2018-06-13 17:04:18 +00:00
|
|
|
except Exception as e:
|
2019-02-25 18:35:39 +00:00
|
|
|
raise FirmwareIntegrityError("Invalid firmware image") from e
|
2019-12-18 14:44:51 +00:00
|
|
|
return version, fw
|
2018-06-13 17:04:18 +00:00
|
|
|
|
|
|
|
|
2019-12-18 14:44:51 +00:00
|
|
|
def digest_onev1(fw: c.Container) -> bytes:
|
2018-10-12 13:58:55 +00:00
|
|
|
return hashlib.sha256(fw.code).digest()
|
|
|
|
|
|
|
|
|
2019-02-25 18:35:39 +00:00
|
|
|
def check_sig_v1(
|
|
|
|
digest: bytes, key_indexes: List[int], signatures: List[bytes]
|
|
|
|
) -> None:
|
|
|
|
distinct_key_indexes = set(i for i in key_indexes if i != 0)
|
|
|
|
if not distinct_key_indexes:
|
|
|
|
raise Unsigned
|
2018-10-12 13:58:55 +00:00
|
|
|
|
2019-02-25 18:35:39 +00:00
|
|
|
if len(distinct_key_indexes) < len(key_indexes):
|
|
|
|
raise InvalidSignatureError(
|
2021-09-27 10:13:51 +00:00
|
|
|
f"Not enough distinct signatures (found {len(distinct_key_indexes)}, need {len(key_indexes)})"
|
2019-02-25 18:35:39 +00:00
|
|
|
)
|
2018-10-12 13:58:55 +00:00
|
|
|
|
2019-02-25 18:35:39 +00:00
|
|
|
for i in range(len(key_indexes)):
|
2019-12-18 12:12:07 +00:00
|
|
|
key_idx = key_indexes[i] - 1
|
2019-02-25 18:35:39 +00:00
|
|
|
signature = signatures[i]
|
2018-10-12 13:58:55 +00:00
|
|
|
|
2019-12-18 14:44:51 +00:00
|
|
|
if key_idx >= len(V1_BOOTLOADER_KEYS):
|
2019-02-25 18:35:39 +00:00
|
|
|
# unknown pubkey
|
2021-09-27 10:13:51 +00:00
|
|
|
raise InvalidSignatureError(f"Unknown key in slot {i}")
|
2019-02-25 18:35:39 +00:00
|
|
|
|
2019-12-18 12:12:07 +00:00
|
|
|
pubkey = V1_BOOTLOADER_KEYS[key_idx][1:]
|
2019-02-25 18:35:39 +00:00
|
|
|
verify = ecdsa.VerifyingKey.from_string(pubkey, curve=ecdsa.curves.SECP256k1)
|
|
|
|
try:
|
|
|
|
verify.verify_digest(signature, digest)
|
|
|
|
except ecdsa.BadSignatureError as e:
|
2021-09-27 10:13:51 +00:00
|
|
|
raise InvalidSignatureError(f"Invalid signature in slot {i}") from e
|
2018-10-12 13:58:55 +00:00
|
|
|
|
2018-06-13 17:04:18 +00:00
|
|
|
|
2019-12-20 12:49:35 +00:00
|
|
|
def header_digest(header: c.Container, hash_function: Callable = blake2s) -> bytes:
|
2018-06-13 17:04:18 +00:00
|
|
|
stripped_header = header.copy()
|
|
|
|
stripped_header.sigmask = 0
|
2018-08-13 16:21:24 +00:00
|
|
|
stripped_header.signature = b"\0" * 64
|
2019-02-25 18:35:39 +00:00
|
|
|
stripped_header.v1_key_indexes = [0, 0, 0]
|
|
|
|
stripped_header.v1_signatures = [b"\0" * 64] * 3
|
2019-12-20 12:49:35 +00:00
|
|
|
if header.magic == b"TRZV":
|
|
|
|
header_type = VendorHeader
|
|
|
|
else:
|
|
|
|
header_type = FirmwareHeader
|
2018-10-12 13:58:55 +00:00
|
|
|
header_bytes = header_type.build(stripped_header)
|
2019-02-25 18:35:39 +00:00
|
|
|
return hash_function(header_bytes).digest()
|
|
|
|
|
|
|
|
|
2019-12-18 14:44:51 +00:00
|
|
|
def digest_v2(fw: c.Container) -> bytes:
|
2019-12-20 12:49:35 +00:00
|
|
|
return header_digest(fw.image.header, blake2s)
|
2019-02-25 18:35:39 +00:00
|
|
|
|
|
|
|
|
2019-12-18 14:44:51 +00:00
|
|
|
def digest_onev2(fw: c.Container) -> bytes:
|
2019-12-20 12:49:35 +00:00
|
|
|
return header_digest(fw.header, hashlib.sha256)
|
2018-06-13 17:04:18 +00:00
|
|
|
|
|
|
|
|
2019-12-18 14:44:51 +00:00
|
|
|
def calculate_code_hashes(
|
|
|
|
code: bytes,
|
|
|
|
code_offset: int,
|
2019-08-09 12:10:28 +00:00
|
|
|
hash_function: Callable = blake2s,
|
2019-02-25 18:35:39 +00:00
|
|
|
chunk_size: int = V2_CHUNK_SIZE,
|
feat(python): add full type information
WIP - typing the trezorctl apps
typing functions trezorlib/cli
addressing most of mypy issue for trezorlib apps and _internal folder
fixing broken device tests by changing asserts in debuglink.py
addressing most of mypy issues in trezorlib/cli folder
adding types to some untyped functions, mypy section in setup.cfg
typing what can be typed, some mypy fixes, resolving circular import issues
importing type objects in "if TYPE_CHECKING:" branch
fixing CI by removing assert in emulator, better ignore comments
CI assert fix, style fixes, new config options
fixup! CI assert fix, style fixes, new config options
type fixes after rebasing on master
fixing python3.6 and 3.7 unittests by importing Literal from typing_extensions
couple mypy and style fixes
fixes and improvements from code review
silencing all but one mypy issues
trial of typing the tools.expect function
fixup! trial of typing the tools.expect function
@expect and @session decorators correctly type-checked
Optional args in CLI where relevant, not using general list/tuple/dict where possible
python/Makefile commands, adding them into CI, ignoring last mypy issue
documenting overload for expect decorator, two mypy fixes coming from that
black style fix
improved typing of decorators, pyright config file
addressing or ignoring pyright errors, replacing mypy in CI by pyright
fixing incomplete assert causing device tests to fail
pyright issue that showed in CI but not locally, printing pyright version in CI
fixup! pyright issue that showed in CI but not locally, printing pyright version in CI
unifying type:ignore statements for pyright usage
resolving PIL.Image issues, pyrightconfig not excluding anything
replacing couple asserts with TypeGuard on safe_issubclass
better error handling of usb1 import for webusb
better error handling of hid import
small typing details found out by strict pyright mode
improvements from code review
chore(python): changing List to Sequence for protobuf messages
small code changes to reflect the protobuf change to Sequence
importing TypedDict from typing_extensions to support 3.6 and 3.7
simplify _format_access_list function
fixup! simplify _format_access_list function
typing tools folder
typing helper-scripts folder
some click typing
enforcing all functions to have typed arguments
reverting the changed argument name in tools
replacing TransportType with Transport
making PinMatrixRequest.type protobuf attribute required
reverting the protobuf change, making argument into get_pin Optional
small fixes in asserts
solving the session decorator type issues
fixup! solving the session decorator type issues
improvements from code review
fixing new pyright errors introduced after version increase
changing -> Iterable to -> Sequence in enumerate_devices, change in wait_for_devices
style change in debuglink.py
chore(python): adding type annotation to Sequences in messages.py
better "self and cls" types on Transport
fixup! better "self and cls" types on Transport
fixing some easy things from strict pyright run
2021-11-03 22:12:53 +00:00
|
|
|
padding_byte: Optional[bytes] = None,
|
|
|
|
) -> List[bytes]:
|
2019-12-18 14:44:51 +00:00
|
|
|
hashes = []
|
2019-12-20 12:50:24 +00:00
|
|
|
# End offset for each chunk. Normally this would be (i+1)*chunk_size for i-th chunk,
|
|
|
|
# but the first chunk is shorter by code_offset, so all end offsets are shifted.
|
|
|
|
ends = [(i + 1) * chunk_size - code_offset for i in range(16)]
|
|
|
|
start = 0
|
|
|
|
for end in ends:
|
|
|
|
chunk = code[start:end]
|
|
|
|
# padding for last non-empty chunk
|
|
|
|
if padding_byte is not None and start < len(code) and end > len(code):
|
2020-06-25 09:23:26 +00:00
|
|
|
chunk += padding_byte[0:1] * (end - start - len(chunk))
|
2019-02-25 18:35:39 +00:00
|
|
|
|
2019-12-18 14:44:51 +00:00
|
|
|
if not chunk:
|
|
|
|
hashes.append(b"\0" * 32)
|
|
|
|
else:
|
|
|
|
hashes.append(hash_function(chunk).digest())
|
|
|
|
|
2019-12-20 12:50:24 +00:00
|
|
|
start = end
|
|
|
|
|
2019-12-18 14:44:51 +00:00
|
|
|
return hashes
|
|
|
|
|
2019-02-25 18:35:39 +00:00
|
|
|
|
2019-12-18 14:44:51 +00:00
|
|
|
def validate_code_hashes(fw: c.Container, version: FirmwareFormat) -> None:
|
feat(python): add full type information
WIP - typing the trezorctl apps
typing functions trezorlib/cli
addressing most of mypy issue for trezorlib apps and _internal folder
fixing broken device tests by changing asserts in debuglink.py
addressing most of mypy issues in trezorlib/cli folder
adding types to some untyped functions, mypy section in setup.cfg
typing what can be typed, some mypy fixes, resolving circular import issues
importing type objects in "if TYPE_CHECKING:" branch
fixing CI by removing assert in emulator, better ignore comments
CI assert fix, style fixes, new config options
fixup! CI assert fix, style fixes, new config options
type fixes after rebasing on master
fixing python3.6 and 3.7 unittests by importing Literal from typing_extensions
couple mypy and style fixes
fixes and improvements from code review
silencing all but one mypy issues
trial of typing the tools.expect function
fixup! trial of typing the tools.expect function
@expect and @session decorators correctly type-checked
Optional args in CLI where relevant, not using general list/tuple/dict where possible
python/Makefile commands, adding them into CI, ignoring last mypy issue
documenting overload for expect decorator, two mypy fixes coming from that
black style fix
improved typing of decorators, pyright config file
addressing or ignoring pyright errors, replacing mypy in CI by pyright
fixing incomplete assert causing device tests to fail
pyright issue that showed in CI but not locally, printing pyright version in CI
fixup! pyright issue that showed in CI but not locally, printing pyright version in CI
unifying type:ignore statements for pyright usage
resolving PIL.Image issues, pyrightconfig not excluding anything
replacing couple asserts with TypeGuard on safe_issubclass
better error handling of usb1 import for webusb
better error handling of hid import
small typing details found out by strict pyright mode
improvements from code review
chore(python): changing List to Sequence for protobuf messages
small code changes to reflect the protobuf change to Sequence
importing TypedDict from typing_extensions to support 3.6 and 3.7
simplify _format_access_list function
fixup! simplify _format_access_list function
typing tools folder
typing helper-scripts folder
some click typing
enforcing all functions to have typed arguments
reverting the changed argument name in tools
replacing TransportType with Transport
making PinMatrixRequest.type protobuf attribute required
reverting the protobuf change, making argument into get_pin Optional
small fixes in asserts
solving the session decorator type issues
fixup! solving the session decorator type issues
improvements from code review
fixing new pyright errors introduced after version increase
changing -> Iterable to -> Sequence in enumerate_devices, change in wait_for_devices
style change in debuglink.py
chore(python): adding type annotation to Sequences in messages.py
better "self and cls" types on Transport
fixup! better "self and cls" types on Transport
fixing some easy things from strict pyright run
2021-11-03 22:12:53 +00:00
|
|
|
hash_function: Callable
|
|
|
|
padding_byte: Optional[bytes]
|
2019-12-18 14:44:51 +00:00
|
|
|
if version == FirmwareFormat.TREZOR_ONE_V2:
|
|
|
|
image = fw
|
|
|
|
hash_function = hashlib.sha256
|
|
|
|
chunk_size = ONEV2_CHUNK_SIZE
|
|
|
|
padding_byte = b"\xff"
|
|
|
|
else:
|
|
|
|
image = fw.image
|
|
|
|
hash_function = blake2s
|
|
|
|
chunk_size = V2_CHUNK_SIZE
|
|
|
|
padding_byte = None
|
2019-02-25 18:35:39 +00:00
|
|
|
|
2019-12-18 14:44:51 +00:00
|
|
|
expected_hashes = calculate_code_hashes(
|
|
|
|
image.code, image._code_offset, hash_function, chunk_size, padding_byte
|
|
|
|
)
|
|
|
|
if expected_hashes != image.header.hashes:
|
|
|
|
raise FirmwareIntegrityError("Invalid firmware data.")
|
|
|
|
|
|
|
|
|
|
|
|
def validate_onev2(fw: c.Container, allow_unsigned: bool = False) -> None:
|
2019-02-25 18:35:39 +00:00
|
|
|
try:
|
|
|
|
check_sig_v1(
|
2020-09-25 11:59:16 +00:00
|
|
|
digest_onev2(fw),
|
|
|
|
fw.header.v1_key_indexes,
|
|
|
|
fw.header.v1_signatures,
|
2019-02-25 18:35:39 +00:00
|
|
|
)
|
|
|
|
except Unsigned:
|
|
|
|
if not allow_unsigned:
|
|
|
|
raise
|
|
|
|
|
2019-12-18 14:44:51 +00:00
|
|
|
validate_code_hashes(fw, FirmwareFormat.TREZOR_ONE_V2)
|
2018-10-12 13:58:55 +00:00
|
|
|
|
|
|
|
|
2019-12-18 14:44:51 +00:00
|
|
|
def validate_onev1(fw: c.Container, allow_unsigned: bool = False) -> None:
|
2019-02-25 18:35:39 +00:00
|
|
|
try:
|
|
|
|
check_sig_v1(digest_onev1(fw), fw.key_indexes, fw.signatures)
|
|
|
|
except Unsigned:
|
|
|
|
if not allow_unsigned:
|
|
|
|
raise
|
|
|
|
if fw.embedded_onev2:
|
|
|
|
validate_onev2(fw.embedded_onev2, allow_unsigned)
|
|
|
|
|
|
|
|
|
2019-12-18 14:44:51 +00:00
|
|
|
def validate_v2(fw: c.Container, skip_vendor_header: bool = False) -> None:
|
2019-12-20 12:49:35 +00:00
|
|
|
vendor_fingerprint = header_digest(fw.vendor_header)
|
2019-02-25 18:35:39 +00:00
|
|
|
fingerprint = digest_v2(fw)
|
2018-10-12 13:58:55 +00:00
|
|
|
|
|
|
|
if not skip_vendor_header:
|
|
|
|
try:
|
2018-10-12 14:05:50 +00:00
|
|
|
# if you want to validate a custom vendor header, you can modify
|
|
|
|
# the global variables to match your keys and m-of-n scheme
|
2019-12-20 12:45:41 +00:00
|
|
|
cosi.verify(
|
2018-10-12 13:58:55 +00:00
|
|
|
fw.vendor_header.signature,
|
|
|
|
vendor_fingerprint,
|
2019-12-20 12:45:41 +00:00
|
|
|
V2_SIGS_REQUIRED,
|
2018-10-12 13:58:55 +00:00
|
|
|
V2_BOOTLOADER_KEYS,
|
2019-12-20 12:45:41 +00:00
|
|
|
fw.vendor_header.sigmask,
|
2018-10-12 13:58:55 +00:00
|
|
|
)
|
|
|
|
except Exception:
|
2019-02-25 18:35:39 +00:00
|
|
|
raise InvalidSignatureError("Invalid vendor header signature.")
|
2018-10-12 13:58:55 +00:00
|
|
|
|
|
|
|
# XXX expiry is not used now
|
|
|
|
# now = time.gmtime()
|
|
|
|
# if time.gmtime(fw.vendor_header.expiry) < now:
|
|
|
|
# raise ValueError("Vendor header expired.")
|
2018-06-13 17:04:18 +00:00
|
|
|
|
|
|
|
try:
|
2019-12-20 12:45:41 +00:00
|
|
|
cosi.verify(
|
2019-12-18 14:44:51 +00:00
|
|
|
fw.image.header.signature,
|
2018-10-12 13:58:55 +00:00
|
|
|
fingerprint,
|
2019-12-20 12:50:44 +00:00
|
|
|
fw.vendor_header.sig_m,
|
2018-10-12 13:58:55 +00:00
|
|
|
fw.vendor_header.pubkeys,
|
2019-12-20 12:45:41 +00:00
|
|
|
fw.image.header.sigmask,
|
2018-10-12 13:58:55 +00:00
|
|
|
)
|
2018-08-10 14:05:14 +00:00
|
|
|
except Exception:
|
2019-02-25 18:35:39 +00:00
|
|
|
raise InvalidSignatureError("Invalid firmware signature.")
|
2018-10-12 13:58:55 +00:00
|
|
|
|
|
|
|
# XXX expiry is not used now
|
2019-12-18 14:44:51 +00:00
|
|
|
# if time.gmtime(fw.image.header.expiry) < now:
|
2018-10-12 13:58:55 +00:00
|
|
|
# raise ValueError("Firmware header expired.")
|
2019-12-18 14:44:51 +00:00
|
|
|
validate_code_hashes(fw, FirmwareFormat.TREZOR_T)
|
2018-10-12 13:58:55 +00:00
|
|
|
|
|
|
|
|
2019-12-18 14:44:51 +00:00
|
|
|
def digest(version: FirmwareFormat, fw: c.Container) -> bytes:
|
2019-02-25 18:35:39 +00:00
|
|
|
if version == FirmwareFormat.TREZOR_ONE:
|
2019-02-26 13:06:56 +00:00
|
|
|
return digest_onev1(fw)
|
2019-02-25 18:35:39 +00:00
|
|
|
elif version == FirmwareFormat.TREZOR_ONE_V2:
|
|
|
|
return digest_onev2(fw)
|
|
|
|
elif version == FirmwareFormat.TREZOR_T:
|
|
|
|
return digest_v2(fw)
|
|
|
|
else:
|
|
|
|
raise ValueError("Unrecognized firmware version")
|
|
|
|
|
|
|
|
|
|
|
|
def validate(
|
2019-12-18 14:44:51 +00:00
|
|
|
version: FirmwareFormat, fw: c.Container, allow_unsigned: bool = False
|
2019-02-25 18:35:39 +00:00
|
|
|
) -> None:
|
|
|
|
if version == FirmwareFormat.TREZOR_ONE:
|
|
|
|
return validate_onev1(fw, allow_unsigned)
|
|
|
|
elif version == FirmwareFormat.TREZOR_ONE_V2:
|
|
|
|
return validate_onev2(fw, allow_unsigned)
|
|
|
|
elif version == FirmwareFormat.TREZOR_T:
|
|
|
|
return validate_v2(fw)
|
|
|
|
else:
|
|
|
|
raise ValueError("Unrecognized firmware version")
|
2018-06-13 17:04:18 +00:00
|
|
|
|
|
|
|
|
2018-08-10 14:05:14 +00:00
|
|
|
# ====== Client functions ====== #
|
2018-06-13 17:04:18 +00:00
|
|
|
|
|
|
|
|
feat(python): add full type information
WIP - typing the trezorctl apps
typing functions trezorlib/cli
addressing most of mypy issue for trezorlib apps and _internal folder
fixing broken device tests by changing asserts in debuglink.py
addressing most of mypy issues in trezorlib/cli folder
adding types to some untyped functions, mypy section in setup.cfg
typing what can be typed, some mypy fixes, resolving circular import issues
importing type objects in "if TYPE_CHECKING:" branch
fixing CI by removing assert in emulator, better ignore comments
CI assert fix, style fixes, new config options
fixup! CI assert fix, style fixes, new config options
type fixes after rebasing on master
fixing python3.6 and 3.7 unittests by importing Literal from typing_extensions
couple mypy and style fixes
fixes and improvements from code review
silencing all but one mypy issues
trial of typing the tools.expect function
fixup! trial of typing the tools.expect function
@expect and @session decorators correctly type-checked
Optional args in CLI where relevant, not using general list/tuple/dict where possible
python/Makefile commands, adding them into CI, ignoring last mypy issue
documenting overload for expect decorator, two mypy fixes coming from that
black style fix
improved typing of decorators, pyright config file
addressing or ignoring pyright errors, replacing mypy in CI by pyright
fixing incomplete assert causing device tests to fail
pyright issue that showed in CI but not locally, printing pyright version in CI
fixup! pyright issue that showed in CI but not locally, printing pyright version in CI
unifying type:ignore statements for pyright usage
resolving PIL.Image issues, pyrightconfig not excluding anything
replacing couple asserts with TypeGuard on safe_issubclass
better error handling of usb1 import for webusb
better error handling of hid import
small typing details found out by strict pyright mode
improvements from code review
chore(python): changing List to Sequence for protobuf messages
small code changes to reflect the protobuf change to Sequence
importing TypedDict from typing_extensions to support 3.6 and 3.7
simplify _format_access_list function
fixup! simplify _format_access_list function
typing tools folder
typing helper-scripts folder
some click typing
enforcing all functions to have typed arguments
reverting the changed argument name in tools
replacing TransportType with Transport
making PinMatrixRequest.type protobuf attribute required
reverting the protobuf change, making argument into get_pin Optional
small fixes in asserts
solving the session decorator type issues
fixup! solving the session decorator type issues
improvements from code review
fixing new pyright errors introduced after version increase
changing -> Iterable to -> Sequence in enumerate_devices, change in wait_for_devices
style change in debuglink.py
chore(python): adding type annotation to Sequences in messages.py
better "self and cls" types on Transport
fixup! better "self and cls" types on Transport
fixing some easy things from strict pyright run
2021-11-03 22:12:53 +00:00
|
|
|
@session
|
2021-02-09 12:38:42 +00:00
|
|
|
def update(
|
|
|
|
client: "TrezorClient",
|
|
|
|
data: bytes,
|
|
|
|
progress_update: Callable[[int], Any] = lambda _: None,
|
|
|
|
):
|
2018-06-13 17:04:18 +00:00
|
|
|
if client.features.bootloader_mode is False:
|
|
|
|
raise RuntimeError("Device must be in bootloader mode")
|
|
|
|
|
2018-10-12 13:58:55 +00:00
|
|
|
resp = client.call(messages.FirmwareErase(length=len(data)))
|
2018-06-13 17:04:18 +00:00
|
|
|
|
|
|
|
# TREZORv1 method
|
2018-10-12 13:58:55 +00:00
|
|
|
if isinstance(resp, messages.Success):
|
|
|
|
resp = client.call(messages.FirmwareUpload(payload=data))
|
2021-02-09 12:38:42 +00:00
|
|
|
progress_update(len(data))
|
2018-10-12 13:58:55 +00:00
|
|
|
if isinstance(resp, messages.Success):
|
|
|
|
return
|
|
|
|
else:
|
2021-09-27 10:13:51 +00:00
|
|
|
raise RuntimeError(f"Unexpected result {resp}")
|
2018-06-13 17:04:18 +00:00
|
|
|
|
2018-10-12 13:58:55 +00:00
|
|
|
# TREZORv2 method
|
|
|
|
while isinstance(resp, messages.FirmwareRequest):
|
feat(python): add full type information
WIP - typing the trezorctl apps
typing functions trezorlib/cli
addressing most of mypy issue for trezorlib apps and _internal folder
fixing broken device tests by changing asserts in debuglink.py
addressing most of mypy issues in trezorlib/cli folder
adding types to some untyped functions, mypy section in setup.cfg
typing what can be typed, some mypy fixes, resolving circular import issues
importing type objects in "if TYPE_CHECKING:" branch
fixing CI by removing assert in emulator, better ignore comments
CI assert fix, style fixes, new config options
fixup! CI assert fix, style fixes, new config options
type fixes after rebasing on master
fixing python3.6 and 3.7 unittests by importing Literal from typing_extensions
couple mypy and style fixes
fixes and improvements from code review
silencing all but one mypy issues
trial of typing the tools.expect function
fixup! trial of typing the tools.expect function
@expect and @session decorators correctly type-checked
Optional args in CLI where relevant, not using general list/tuple/dict where possible
python/Makefile commands, adding them into CI, ignoring last mypy issue
documenting overload for expect decorator, two mypy fixes coming from that
black style fix
improved typing of decorators, pyright config file
addressing or ignoring pyright errors, replacing mypy in CI by pyright
fixing incomplete assert causing device tests to fail
pyright issue that showed in CI but not locally, printing pyright version in CI
fixup! pyright issue that showed in CI but not locally, printing pyright version in CI
unifying type:ignore statements for pyright usage
resolving PIL.Image issues, pyrightconfig not excluding anything
replacing couple asserts with TypeGuard on safe_issubclass
better error handling of usb1 import for webusb
better error handling of hid import
small typing details found out by strict pyright mode
improvements from code review
chore(python): changing List to Sequence for protobuf messages
small code changes to reflect the protobuf change to Sequence
importing TypedDict from typing_extensions to support 3.6 and 3.7
simplify _format_access_list function
fixup! simplify _format_access_list function
typing tools folder
typing helper-scripts folder
some click typing
enforcing all functions to have typed arguments
reverting the changed argument name in tools
replacing TransportType with Transport
making PinMatrixRequest.type protobuf attribute required
reverting the protobuf change, making argument into get_pin Optional
small fixes in asserts
solving the session decorator type issues
fixup! solving the session decorator type issues
improvements from code review
fixing new pyright errors introduced after version increase
changing -> Iterable to -> Sequence in enumerate_devices, change in wait_for_devices
style change in debuglink.py
chore(python): adding type annotation to Sequences in messages.py
better "self and cls" types on Transport
fixup! better "self and cls" types on Transport
fixing some easy things from strict pyright run
2021-11-03 22:12:53 +00:00
|
|
|
assert resp.offset is not None
|
|
|
|
assert resp.length is not None
|
2021-02-09 12:38:42 +00:00
|
|
|
length = resp.length
|
|
|
|
payload = data[resp.offset : resp.offset + length]
|
2019-08-09 12:10:28 +00:00
|
|
|
digest = blake2s(payload).digest()
|
2018-10-12 13:58:55 +00:00
|
|
|
resp = client.call(messages.FirmwareUpload(payload=payload, hash=digest))
|
2021-02-09 12:38:42 +00:00
|
|
|
progress_update(length)
|
2018-10-12 13:58:55 +00:00
|
|
|
|
|
|
|
if isinstance(resp, messages.Success):
|
|
|
|
return
|
|
|
|
else:
|
2021-09-27 10:13:51 +00:00
|
|
|
raise RuntimeError(f"Unexpected message {resp}")
|
2022-04-22 22:19:07 +00:00
|
|
|
|
|
|
|
|
|
|
|
@expect(messages.FirmwareHash, field="hash", ret_type=bytes)
|
|
|
|
def get_hash(client: "TrezorClient", challenge: Optional[bytes]):
|
|
|
|
return client.call(messages.GetFirmwareHash(challenge=challenge))
|
2022-05-03 11:32:39 +00:00
|
|
|
|
|
|
|
|
|
|
|
@session
|
|
|
|
def get_firmware(
|
|
|
|
client: "TrezorClient", progress_update: Callable[[int], Any] = lambda _: None
|
|
|
|
) -> bytes:
|
|
|
|
resp = client.call(messages.GetFirmware())
|
|
|
|
result = bytearray()
|
|
|
|
while isinstance(resp, messages.FirmwareChunk):
|
|
|
|
result.extend(resp.chunk)
|
|
|
|
progress_update(len(resp.chunk))
|
|
|
|
resp = client.call(messages.FirmwareChunkAck())
|
|
|
|
|
|
|
|
if not isinstance(resp, messages.Success):
|
|
|
|
raise exceptions.TrezorException(f"Unexpected message {resp}")
|
|
|
|
return bytes(result)
|