1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-24 23:38:09 +00:00
trezor-firmware/python/trezorlib/debuglink.py

489 lines
15 KiB
Python
Raw Normal View History

# This file is part of the Trezor project.
2016-11-25 21:53:55 +00:00
#
2019-05-29 16:44:09 +00:00
# Copyright (C) 2012-2019 SatoshiLabs and contributors
2016-11-25 21:53:55 +00:00
#
# This library is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License version 3
# as published by the Free Software Foundation.
2016-11-25 21:53:55 +00:00
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the License along with this library.
# If not, see <https://www.gnu.org/licenses/lgpl-3.0.html>.
from copy import deepcopy
from mnemonic import Mnemonic
2016-05-20 20:27:20 +00:00
2018-11-02 16:12:41 +00:00
from . import messages as proto, protobuf, tools
from .client import TrezorClient
2018-10-02 15:37:03 +00:00
from .tools import expect
2017-06-23 19:31:42 +00:00
EXPECTED_RESPONSES_CONTEXT_LINES = 3
2012-12-13 19:05:04 +00:00
class DebugLink:
def __init__(self, transport, auto_interact=True):
self.transport = transport
self.allow_interactions = auto_interact
def open(self):
trezorlib: transport/protocol reshuffle This commit breaks session handling (which matters with Bridge) and regresses Bridge to an older code state. Both of these issues will be rectified in subsequent commits. Explanation of this big API reshuffle follows: * protocols are moved to trezorlib.transport, and to a single common file. * there is a cleaner definition of Transport and Protocol API (see below) * fully valid mypy type hinting * session handle counters and open handle counters mostly went away. Transports and Protocols are meant to be "raw" APIs; TrezorClient will implement context-handler-based sessions, session tracking, etc. I'm calling this a "reshuffle" because it involved very small number of code changes. Most of it is moving things around where they sit better. The API changes are as follows. Transport is now a thing that can: * open and close sessions * read and write protobuf messages * enumerate and find devices Some transports (all except bridge) are technically bytes-based and need a separate protocol implementation (because we have two existing protocols, although only the first one is actually used). Hence a protocol superclass. Protocol is a thing that *also* can: * open and close sessions * read and write protobuf messages For that, it requires a `handle`. Handle is a physical layer for a protocol. It can: * open and close some sort of device connection (this is distinct from session! Connection is a channel over which you can send data. Session is a logical arrangement on top of that; you can have multiple sessions on a single connection.) * read and write 64-byte chunks of data With that, we introduce ProtocolBasedTransport, which simply delegates the appropriate Transport functionality to respective Protocol methods. hid and webusb transports are ProtocolBasedTransport-s that provide separate device handles. HidHandle and WebUsbHandle existed before, but the distinction of functionality between a Transport and its Handle was unclear. Some methods were moved and now the handles implement the Handle API, while the transports provide the enumeration parts of the Transport API, as well as glue between the respective Protocols and Handles. udp transport is also a ProtocolBasedTransport, but it acts as its own handle. (That might be changed. For now, I went with the pre-existing structure.) In addition, session_begin/end is renamed to begin/end_session to keep consistent verb_noun naming.
2018-11-08 14:24:28 +00:00
self.transport.begin_session()
2012-12-13 19:05:04 +00:00
2014-02-13 15:46:21 +00:00
def close(self):
trezorlib: transport/protocol reshuffle This commit breaks session handling (which matters with Bridge) and regresses Bridge to an older code state. Both of these issues will be rectified in subsequent commits. Explanation of this big API reshuffle follows: * protocols are moved to trezorlib.transport, and to a single common file. * there is a cleaner definition of Transport and Protocol API (see below) * fully valid mypy type hinting * session handle counters and open handle counters mostly went away. Transports and Protocols are meant to be "raw" APIs; TrezorClient will implement context-handler-based sessions, session tracking, etc. I'm calling this a "reshuffle" because it involved very small number of code changes. Most of it is moving things around where they sit better. The API changes are as follows. Transport is now a thing that can: * open and close sessions * read and write protobuf messages * enumerate and find devices Some transports (all except bridge) are technically bytes-based and need a separate protocol implementation (because we have two existing protocols, although only the first one is actually used). Hence a protocol superclass. Protocol is a thing that *also* can: * open and close sessions * read and write protobuf messages For that, it requires a `handle`. Handle is a physical layer for a protocol. It can: * open and close some sort of device connection (this is distinct from session! Connection is a channel over which you can send data. Session is a logical arrangement on top of that; you can have multiple sessions on a single connection.) * read and write 64-byte chunks of data With that, we introduce ProtocolBasedTransport, which simply delegates the appropriate Transport functionality to respective Protocol methods. hid and webusb transports are ProtocolBasedTransport-s that provide separate device handles. HidHandle and WebUsbHandle existed before, but the distinction of functionality between a Transport and its Handle was unclear. Some methods were moved and now the handles implement the Handle API, while the transports provide the enumeration parts of the Transport API, as well as glue between the respective Protocols and Handles. udp transport is also a ProtocolBasedTransport, but it acts as its own handle. (That might be changed. For now, I went with the pre-existing structure.) In addition, session_begin/end is renamed to begin/end_session to keep consistent verb_noun naming.
2018-11-08 14:24:28 +00:00
self.transport.end_session()
2016-01-12 23:17:38 +00:00
def _call(self, msg, nowait=False):
self.transport.write(msg)
if nowait:
return None
ret = self.transport.read()
return ret
def state(self):
return self._call(proto.DebugLinkGetState())
2014-02-06 22:34:13 +00:00
def read_pin(self):
state = self.state()
return state.pin, state.matrix
2014-02-06 22:34:13 +00:00
2013-09-01 01:34:36 +00:00
def read_pin_encoded(self):
return self.encode_pin(*self.read_pin())
2014-02-20 18:15:43 +00:00
def encode_pin(self, pin, matrix=None):
"""Transform correct PIN according to the displayed matrix."""
if matrix is None:
_, matrix = self.read_pin()
return "".join([str(matrix.index(p) + 1) for p in pin])
2016-01-12 23:17:38 +00:00
2019-03-07 15:28:24 +00:00
def read_mnemonic_secret(self):
obj = self._call(proto.DebugLinkGetState())
2019-03-07 15:28:24 +00:00
return obj.mnemonic_secret
2014-02-06 22:34:13 +00:00
def read_recovery_word(self):
obj = self._call(proto.DebugLinkGetState())
return (obj.recovery_fake_word, obj.recovery_word_pos)
2014-02-20 18:15:43 +00:00
def read_reset_word(self):
obj = self._call(proto.DebugLinkGetState(wait_word_list=True))
return obj.reset_word
2018-03-20 15:46:53 +00:00
def read_reset_word_pos(self):
obj = self._call(proto.DebugLinkGetState(wait_word_pos=True))
2018-03-20 15:46:53 +00:00
return obj.reset_word_pos
def read_reset_entropy(self):
obj = self._call(proto.DebugLinkGetState())
return obj.reset_entropy
2014-02-20 18:15:43 +00:00
def read_passphrase_protection(self):
obj = self._call(proto.DebugLinkGetState())
return obj.passphrase_protection
def input(self, word=None, button=None, swipe=None):
if not self.allow_interactions:
return
args = sum(a is not None for a in (word, button, swipe))
if args != 1:
raise ValueError("Invalid input - must use one of word, button, swipe")
decision = proto.DebugLinkDecision(yes_no=button, up_down=swipe, input=word)
self._call(decision, nowait=True)
2012-12-13 19:05:04 +00:00
def press_yes(self):
self.input(button=True)
2014-02-06 22:34:13 +00:00
def press_no(self):
self.input(button=False)
2018-03-20 15:46:53 +00:00
def swipe_up(self):
self.input(swipe=True)
2018-03-20 15:46:53 +00:00
def swipe_down(self):
self.input(swipe=False)
2018-03-20 15:46:53 +00:00
def stop(self):
self._call(proto.DebugLinkStop(), nowait=True)
2016-05-26 18:46:40 +00:00
@expect(proto.DebugLinkMemory, field="memory")
2016-05-26 18:46:40 +00:00
def memory_read(self, address, length):
return self._call(proto.DebugLinkMemoryRead(address=address, length=length))
2016-05-26 18:46:40 +00:00
def memory_write(self, address, memory, flash=False):
2018-08-13 16:21:24 +00:00
self._call(
proto.DebugLinkMemoryWrite(address=address, memory=memory, flash=flash),
nowait=True,
)
2016-05-26 18:46:40 +00:00
def flash_erase(self, sector):
2017-06-23 19:31:42 +00:00
self._call(proto.DebugLinkFlashErase(sector=sector), nowait=True)
class NullDebugLink(DebugLink):
def __init__(self):
super().__init__(None)
def open(self):
pass
def close(self):
pass
def _call(self, msg, nowait=False):
if not nowait:
if isinstance(msg, proto.DebugLinkGetState):
return proto.DebugLinkState()
else:
raise RuntimeError("unexpected call to a fake debuglink")
class DebugUI:
INPUT_FLOW_DONE = object()
def __init__(self, debuglink: DebugLink):
self.debuglink = debuglink
self.pin = None
self.passphrase = "sphinx of black quartz, judge my wov"
self.input_flow = None
def button_request(self, code):
if self.input_flow is None:
self.debuglink.press_yes()
elif self.input_flow is self.INPUT_FLOW_DONE:
raise AssertionError("input flow ended prematurely")
else:
try:
self.input_flow.send(code)
except StopIteration:
self.input_flow = self.INPUT_FLOW_DONE
def get_pin(self, code=None):
if self.pin:
return self.pin
else:
return self.debuglink.read_pin_encoded()
def get_passphrase(self):
return self.passphrase
class TrezorClientDebugLink(TrezorClient):
# This class implements automatic responses
# and other functionality for unit tests
# for various callbacks, created in order
# to automatically pass unit tests.
#
# This mixing should be used only for purposes
# of unit testing, because it will fail to work
# without special DebugLink interface provided
# by the device.
def __init__(self, transport, auto_interact=True):
try:
debug_transport = transport.find_debug()
self.debug = DebugLink(debug_transport, auto_interact)
# try to open debuglink, see if it works
self.debug.open()
self.debug.close()
except Exception:
if not auto_interact:
self.debug = NullDebugLink()
else:
raise
self.ui = DebugUI(self.debug)
self.in_with_statement = 0
self.screenshot_id = 0
self.filters = {}
# Always press Yes and provide correct pin
self.setup_debuglink(True, True)
# Do not expect any specific response from device
self.expected_responses = None
self.current_response = None
# Use blank passphrase
self.set_passphrase("")
super().__init__(transport, ui=self.ui)
def open(self):
super().open()
self.debug.open()
def close(self):
self.debug.close()
super().close()
def set_filter(self, message_type, callback):
self.filters[message_type] = callback
def _filter_message(self, msg):
message_type = msg.__class__
callback = self.filters.get(message_type)
if callable(callback):
return callback(deepcopy(msg))
else:
return msg
def set_input_flow(self, input_flow):
if input_flow is None:
self.ui.input_flow = None
return
if callable(input_flow):
input_flow = input_flow()
if not hasattr(input_flow, "send"):
raise RuntimeError("input_flow should be a generator function")
self.ui.input_flow = input_flow
next(input_flow) # can't send before first yield
def __enter__(self):
# For usage in with/expected_responses
self.in_with_statement += 1
return self
def __exit__(self, _type, value, traceback):
self.in_with_statement -= 1
if _type is not None:
# Another exception raised
return False
if self.expected_responses is None:
# no need to check anything else
return False
# return isinstance(value, TypeError)
# Evaluate missed responses in 'with' statement
if self.current_response < len(self.expected_responses):
self._raise_unexpected_response(None)
# Cleanup
self.expected_responses = None
self.current_response = None
return False
def set_expected_responses(self, expected):
if not self.in_with_statement:
raise RuntimeError("Must be called inside 'with' statement")
self.expected_responses = expected
self.current_response = 0
def setup_debuglink(self, button, pin_correct):
# self.button = button # True -> YES button, False -> NO button
if pin_correct:
self.ui.pin = None
else:
self.ui.pin = "444222"
def set_passphrase(self, passphrase):
self.ui.passphrase = Mnemonic.normalize_string(passphrase)
def set_mnemonic(self, mnemonic):
self.mnemonic = Mnemonic.normalize_string(mnemonic).split(" ")
def _raw_read(self):
__tracebackhide__ = True # for pytest # pylint: disable=W0612
# if SCREENSHOT and self.debug:
# from PIL import Image
# layout = self.debug.state().layout
# im = Image.new("RGB", (128, 64))
# pix = im.load()
# for x in range(128):
# for y in range(64):
# rx, ry = 127 - x, 63 - y
# if (ord(layout[rx + (ry / 8) * 128]) & (1 << (ry % 8))) > 0:
# pix[x, y] = (255, 255, 255)
# im.save("scr%05d.png" % self.screenshot_id)
# self.screenshot_id += 1
resp = super()._raw_read()
resp = self._filter_message(resp)
self._check_request(resp)
return resp
def _raw_write(self, msg):
return super()._raw_write(self._filter_message(msg))
def _raise_unexpected_response(self, msg):
__tracebackhide__ = True # for pytest # pylint: disable=W0612
start_at = max(self.current_response - EXPECTED_RESPONSES_CONTEXT_LINES, 0)
stop_at = min(
self.current_response + EXPECTED_RESPONSES_CONTEXT_LINES + 1,
len(self.expected_responses),
)
output = []
output.append("Expected responses:")
if start_at > 0:
output.append(" (...{} previous responses omitted)".format(start_at))
for i in range(start_at, stop_at):
exp = self.expected_responses[i]
prefix = " " if i != self.current_response else ">>> "
set_fields = {
key: value
for key, value in exp.__dict__.items()
if value is not None and value != []
}
oneline_str = ", ".join("{}={!r}".format(*i) for i in set_fields.items())
if len(oneline_str) < 60:
output.append(
"{}{}({})".format(prefix, exp.__class__.__name__, oneline_str)
)
else:
item = []
item.append("{}{}(".format(prefix, exp.__class__.__name__))
for key, value in set_fields.items():
item.append("{} {}={!r}".format(prefix, key, value))
item.append("{})".format(prefix))
output.append("\n".join(item))
if stop_at < len(self.expected_responses):
omitted = len(self.expected_responses) - stop_at
output.append(" (...{} following responses omitted)".format(omitted))
output.append("")
if msg is not None:
output.append("Actually received:")
output.append(protobuf.format_message(msg))
else:
output.append("This message was never received.")
raise AssertionError("\n".join(output))
def _check_request(self, msg):
__tracebackhide__ = True # for pytest # pylint: disable=W0612
if self.expected_responses is None:
return
if self.current_response >= len(self.expected_responses):
raise AssertionError(
"No more messages were expected, but we got:\n"
+ protobuf.format_message(msg)
)
expected = self.expected_responses[self.current_response]
if msg.__class__ != expected.__class__:
self._raise_unexpected_response(msg)
for field, value in expected.__dict__.items():
if value is None or value == []:
continue
if getattr(msg, field) != value:
self._raise_unexpected_response(msg)
self.current_response += 1
def mnemonic_callback(self, _):
word, pos = self.debug.read_recovery_word()
if word != "":
return word
if pos != 0:
return self.mnemonic[pos - 1]
raise RuntimeError("Unexpected call")
@expect(proto.Success, field="message")
2018-08-13 16:21:24 +00:00
def load_device_by_mnemonic(
client,
mnemonic,
pin,
passphrase_protection,
label,
language="english",
skip_checksum=False,
):
if not isinstance(mnemonic, (list, tuple)):
mnemonic = [mnemonic]
mnemonics = [Mnemonic.normalize_string(m) for m in mnemonic]
if client.features.initialized:
2018-08-13 16:21:24 +00:00
raise RuntimeError(
"Device is initialized already. Call device.wipe() and try again."
2018-08-13 16:21:24 +00:00
)
resp = client.call(
proto.LoadDevice(
mnemonics=mnemonics,
2018-08-13 16:21:24 +00:00
pin=pin,
passphrase_protection=passphrase_protection,
language=language,
label=label,
skip_checksum=skip_checksum,
)
)
client.init_device()
return resp
@expect(proto.Success, field="message")
def load_device_by_xprv(client, xprv, pin, passphrase_protection, label, language):
if client.features.initialized:
2018-08-13 16:21:24 +00:00
raise RuntimeError(
"Device is initialized already. Call wipe_device() and try again."
)
2018-08-13 16:21:24 +00:00
if xprv[0:4] not in ("xprv", "tprv"):
raise ValueError("Unknown type of xprv")
if not 100 < len(xprv) < 112: # yes this is correct in Python
raise ValueError("Invalid length of xprv")
node = proto.HDNodeType()
data = tools.b58decode(xprv, None).hex()
if data[90:92] != "00":
raise ValueError("Contain invalid private key")
checksum = (tools.btc_hash(bytes.fromhex(data[:156]))[:4]).hex()
if checksum != data[156:]:
raise ValueError("Checksum doesn't match")
# version 0488ade4
# depth 00
# fingerprint 00000000
# child_num 00000000
# chaincode 873dff81c02f525623fd1fe5167eac3a55a049de3d314bb42ee227ffed37d508
# privkey 00e8f32e723decf4051aefac8e2c93c9c5b214313817cdb01a1494b917c8436b35
# checksum e77e9d71
node.depth = int(data[8:10], 16)
node.fingerprint = int(data[10:18], 16)
node.child_num = int(data[18:26], 16)
node.chain_code = bytes.fromhex(data[26:90])
node.private_key = bytes.fromhex(data[92:156]) # skip 0x00 indicating privkey
2018-08-13 16:21:24 +00:00
resp = client.call(
proto.LoadDevice(
node=node,
pin=pin,
passphrase_protection=passphrase_protection,
language=language,
label=label,
)
)
client.init_device()
return resp
@expect(proto.Success, field="message")
def self_test(client):
if client.features.bootloader_mode is not True:
raise RuntimeError("Device must be in bootloader mode")
2018-08-13 16:21:24 +00:00
return client.call(
proto.SelfTest(
payload=b"\x00\xFF\x55\xAA\x66\x99\x33\xCCABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!\x00\xFF\x55\xAA\x66\x99\x33\xCC"
)
)