trezor-firmware/core/src/apps/base.py

import storage
import storage.device
import storage.recovery
import storage.sd_salt
from storage import cache
from trezor import config, sdcard, utils, wire, workflow
from trezor.messages import Capability, MessageType
from trezor.messages.Features import Features
from trezor.messages.Success import Success

from apps.common import mnemonic
from apps.common.request_pin import verify_user_pin

if False:
    import protobuf
    from typing import Optional, NoReturn
    from trezor.messages.Initialize import Initialize
    from trezor.messages.GetFeatures import GetFeatures
    from trezor.messages.Cancel import Cancel
    from trezor.messages.LockDevice import LockDevice
    from trezor.messages.Ping import Ping


def get_features() -> Features:
    f = Features()
    f.vendor = "trezor.io"
    f.language = "en-US"
    f.major_version = utils.VERSION_MAJOR
    f.minor_version = utils.VERSION_MINOR
    f.patch_version = utils.VERSION_PATCH
    f.revision = utils.GITREV.encode()
    f.model = utils.MODEL
    f.device_id = storage.device.get_device_id()
    f.label = storage.device.get_label()
    f.pin_protection = config.has_pin()
    f.unlocked = config.is_unlocked()
    f.passphrase_protection = storage.device.is_passphrase_enabled()

    if utils.BITCOIN_ONLY:
        f.capabilities = [
            Capability.Bitcoin,
            Capability.Crypto,
            Capability.Shamir,
            Capability.ShamirGroups,
            Capability.PassphraseEntry,
        ]
    else:
        f.capabilities = [
            Capability.Bitcoin,
            Capability.Bitcoin_like,
            Capability.Binance,
            Capability.Cardano,
            Capability.Crypto,
            Capability.EOS,
            Capability.Ethereum,
            Capability.Lisk,
            Capability.Monero,
            Capability.NEM,
            Capability.Ripple,
            Capability.Stellar,
            Capability.Tezos,
            Capability.U2F,
            Capability.Shamir,
            Capability.ShamirGroups,
            Capability.PassphraseEntry,
        ]
    f.sd_card_present = sdcard.is_present()
    f.initialized = storage.device.is_initialized()

    # private fields:
    if config.is_unlocked():

        f.needs_backup = storage.device.needs_backup()
        f.unfinished_backup = storage.device.unfinished_backup()
        f.no_backup = storage.device.no_backup()
        f.flags = storage.device.get_flags()
        f.recovery_mode = storage.recovery.is_in_progress()
        f.backup_type = mnemonic.get_type()
        f.sd_protection = storage.sd_salt.is_enabled()
        f.wipe_code_protection = config.has_wipe_code()
        f.passphrase_always_on_device = storage.device.get_passphrase_always_on_device()

    return f


async def handle_Initialize(ctx: wire.Context, msg: Initialize) -> Features:
    features = get_features()
    if msg.session_id:
        msg.session_id = bytes(msg.session_id)
    features.session_id = cache.start_session(msg.session_id)
    return features


async def handle_GetFeatures(ctx: wire.Context, msg: GetFeatures) -> Features:
    return get_features()


async def handle_Cancel(ctx: wire.Context, msg: Cancel) -> NoReturn:
    raise wire.ActionCancelled


async def handle_LockDevice(ctx: wire.Context, msg: LockDevice) -> Success:
    lock_device()
    return Success()


async def handle_Ping(ctx: wire.Context, msg: Ping) -> Success:
    if msg.button_protection:
        from apps.common.confirm import require_confirm
        from trezor.messages.ButtonRequestType import ProtectCall
        from trezor.ui.text import Text

        await require_confirm(ctx, Text("Confirm"), ProtectCall)
    return Success(message=msg.message)


ALLOW_WHILE_LOCKED = (
    MessageType.Initialize,
    MessageType.GetFeatures,
    MessageType.Cancel,
    MessageType.LockDevice,
    MessageType.WipeDevice,
)


def set_homescreen() -> None:
    if not config.is_unlocked():
        from apps.homescreen.lockscreen import lockscreen

        workflow.set_default(lockscreen)

    elif storage.recovery.is_in_progress():
        from apps.management.recovery_device.homescreen import recovery_homescreen

        workflow.set_default(recovery_homescreen)

    else:
        from apps.homescreen.homescreen import homescreen

        workflow.set_default(homescreen)


def lock_device() -> None:
    if config.has_pin():
        config.lock()
        wire.find_handler = get_pinlocked_handler
        set_homescreen()
        workflow.close_others()


async def unlock_device(ctx: wire.GenericContext = wire.DUMMY_CONTEXT) -> None:
    """Ensure the device is in unlocked state.

    If the storage is locked, attempt to unlock it. Reset the homescreen and the wire
    handler.
    """
    if not config.is_unlocked():
        # verify_user_pin will raise if the PIN was invalid
        await verify_user_pin(ctx)

    set_homescreen()
    wire.find_handler = wire.find_registered_workflow_handler


def get_pinlocked_handler(
    iface: wire.WireInterface, msg_type: int
) -> Optional[wire.Handler[wire.Msg]]:
    orig_handler = wire.find_registered_workflow_handler(iface, msg_type)
    if orig_handler is None:
        return None

    if __debug__:
        import usb

        if iface is usb.iface_debug:
            return orig_handler

    if msg_type in ALLOW_WHILE_LOCKED:
        return orig_handler

    async def wrapper(ctx: wire.Context, msg: wire.Msg) -> protobuf.MessageType:
        # mypy limitation: orig_handler is not recognized as non-None
        assert orig_handler is not None
        await unlock_device(ctx)
        return await orig_handler(ctx, msg)

    return wrapper


def boot() -> None:
    wire.register(MessageType.Initialize, handle_Initialize)
    wire.register(MessageType.GetFeatures, handle_GetFeatures)
    wire.register(MessageType.Cancel, handle_Cancel)
    wire.register(MessageType.LockDevice, handle_LockDevice)
    wire.register(MessageType.Ping, handle_Ping)

    workflow.idle_timer.set(storage.device.get_autolock_delay_ms(), lock_device)
core: create top-level storage module This is to avoid including app-specific functionality in storage and avoid circular imports. The following policy is now in effect: modules from `storage` namespace must not import from `apps` namespace. In most files, the change only involves changing import paths. A minor refactor was needed in case of webauthn: basic get/set/delete functionality was left in storage.webauthn, and more advanced logic on top of it was moved to apps.webauthn.resident_credentials. A significant refactor was needed for sd_salt, where application (and UI) logic was tightly coupled with the IO code. This is now separated, and storage.sd_salt deals exclusively with the IO side, while the app/UI logic is implemented on top of it in apps.common.sd_salt and apps.management.sd_protect. 2019-10-25 15:43:55 +00:00			`import storage`
			`import storage.device`
			`import storage.recovery`
			`import storage.sd_salt`
			`from storage import cache`
core: introduce PIN soft-locking 2020-04-21 13:49:37 +00:00			`from trezor import config, sdcard, utils, wire, workflow`
common: rename Features.features to Features.capabilities 2019-08-28 10:42:33 +00:00			`from trezor.messages import Capability, MessageType`
src/apps: cleanup workflow modules 2018-02-27 15:35:21 +00:00			`from trezor.messages.Features import Features`
			`from trezor.messages.Success import Success`

core: create top-level storage module This is to avoid including app-specific functionality in storage and avoid circular imports. The following policy is now in effect: modules from `storage` namespace must not import from `apps` namespace. In most files, the change only involves changing import paths. A minor refactor was needed in case of webauthn: basic get/set/delete functionality was left in storage.webauthn, and more advanced logic on top of it was moved to apps.webauthn.resident_credentials. A significant refactor was needed for sd_salt, where application (and UI) logic was tightly coupled with the IO code. This is now separated, and storage.sd_salt deals exclusively with the IO side, while the app/UI logic is implemented on top of it in apps.common.sd_salt and apps.management.sd_protect. 2019-10-25 15:43:55 +00:00			`from apps.common import mnemonic`
core: introduce PIN soft-locking 2020-04-21 13:49:37 +00:00			`from apps.common.request_pin import verify_user_pin`
add touch event rotation, msg dispatcher, wallet app 2016-05-25 12:27:22 +00:00
core/typing: add annotations 2019-07-03 13:07:04 +00:00			`if False:`
core: introduce PIN soft-locking 2020-04-21 13:49:37 +00:00			`import protobuf`
			`from typing import Optional, NoReturn`
core/typing: add annotations 2019-07-03 13:07:04 +00:00			`from trezor.messages.Initialize import Initialize`
			`from trezor.messages.GetFeatures import GetFeatures`
			`from trezor.messages.Cancel import Cancel`
core: introduce PIN soft-locking 2020-04-21 13:49:37 +00:00			`from trezor.messages.LockDevice import LockDevice`
core/typing: add annotations 2019-07-03 13:07:04 +00:00			`from trezor.messages.Ping import Ping`
add touch event rotation, msg dispatcher, wallet app 2016-05-25 12:27:22 +00:00
core/typing: add annotations 2019-07-03 13:07:04 +00:00
			`def get_features() -> Features:`
apps.homescreen: respond with ~correct data, handle GetFeatures 2016-10-20 13:12:25 +00:00			`f = Features()`
src: run black 2018-07-03 14:20:58 +00:00			`f.vendor = "trezor.io"`
common: change language field to IETF BCP 47 language tag 2019-12-07 11:11:51 +00:00			`f.language = "en-US"`
embed/extmod/modtrezorutils: remove utils.symbol, use constants directly 2018-08-31 14:52:56 +00:00			`f.major_version = utils.VERSION_MAJOR`
			`f.minor_version = utils.VERSION_MINOR`
			`f.patch_version = utils.VERSION_PATCH`
core: add final mypy fixes! 2019-10-02 12:40:25 +00:00			`f.revision = utils.GITREV.encode()`
embed/extmod/modtrezorutils: remove utils.symbol, use constants directly 2018-08-31 14:52:56 +00:00			`f.model = utils.MODEL`
core: create top-level storage module This is to avoid including app-specific functionality in storage and avoid circular imports. The following policy is now in effect: modules from `storage` namespace must not import from `apps` namespace. In most files, the change only involves changing import paths. A minor refactor was needed in case of webauthn: basic get/set/delete functionality was left in storage.webauthn, and more advanced logic on top of it was moved to apps.webauthn.resident_credentials. A significant refactor was needed for sd_salt, where application (and UI) logic was tightly coupled with the IO code. This is now separated, and storage.sd_salt deals exclusively with the IO side, while the app/UI logic is implemented on top of it in apps.common.sd_salt and apps.management.sd_protect. 2019-10-25 15:43:55 +00:00			`f.device_id = storage.device.get_device_id()`
			`f.label = storage.device.get_label()`
apps/homescreen: handle Initialize.skip_passphrase TODO: tests 2018-05-28 13:20:31 +00:00			`f.pin_protection = config.has_pin()`
legacy, core: rename Features.pin_cached to unlocked and unify 2020-06-19 14:04:24 +00:00			`f.unlocked = config.is_unlocked()`
all: rework passphrase The `on_device` field is being moved to PassphraseAck, State messages are removed. Features newly contain `session_id`. 2019-11-08 08:43:32 +00:00			`f.passphrase_protection = storage.device.is_passphrase_enabled()`
core: hide some fields when softlocked 2020-04-27 11:15:56 +00:00
core: fill in Features.features 2019-08-22 18:16:18 +00:00			`if utils.BITCOIN_ONLY:`
common: rename Features.features to Features.capabilities 2019-08-28 10:42:33 +00:00			`f.capabilities = [`
			`Capability.Bitcoin,`
			`Capability.Crypto,`
			`Capability.Shamir,`
			`Capability.ShamirGroups,`
common, core: add passphrase entry capability 2019-11-21 09:43:57 +00:00			`Capability.PassphraseEntry,`
common: add Feature.ShamirGroups to features 2019-08-28 07:25:11 +00:00			`]`
core: fill in Features.features 2019-08-22 18:16:18 +00:00			`else:`
common: rename Features.features to Features.capabilities 2019-08-28 10:42:33 +00:00			`f.capabilities = [`
			`Capability.Bitcoin,`
			`Capability.Bitcoin_like,`
			`Capability.Binance,`
			`Capability.Cardano,`
			`Capability.Crypto,`
			`Capability.EOS,`
			`Capability.Ethereum,`
			`Capability.Lisk,`
			`Capability.Monero,`
			`Capability.NEM,`
			`Capability.Ripple,`
			`Capability.Stellar,`
			`Capability.Tezos,`
			`Capability.U2F,`
			`Capability.Shamir,`
			`Capability.ShamirGroups,`
common, core: add passphrase entry capability 2019-11-21 09:43:57 +00:00			`Capability.PassphraseEntry,`
core: fill in Features.features 2019-08-22 18:16:18 +00:00			`]`
core: add SD format dialog, generalize sdcard usage 2020-02-17 14:51:39 +00:00			`f.sd_card_present = sdcard.is_present()`
core: wipe before reset and recovery; introduce 'intialized' field 2020-06-16 07:20:06 +00:00			`f.initialized = storage.device.is_initialized()`
core: hide some fields when softlocked 2020-04-27 11:15:56 +00:00
			`# private fields:`
			`if config.is_unlocked():`

			`f.needs_backup = storage.device.needs_backup()`
			`f.unfinished_backup = storage.device.unfinished_backup()`
			`f.no_backup = storage.device.no_backup()`
			`f.flags = storage.device.get_flags()`
			`f.recovery_mode = storage.recovery.is_in_progress()`
			`f.backup_type = mnemonic.get_type()`
			`f.sd_protection = storage.sd_salt.is_enabled()`
			`f.wipe_code_protection = config.has_wipe_code()`
			`f.passphrase_always_on_device = storage.device.get_passphrase_always_on_device()`

apps.homescreen: cleanup 2016-11-15 10:51:28 +00:00			`return f`
First apps - homepage, playground 2016-04-28 21:43:34 +00:00

core/typing: add annotations 2019-07-03 13:07:04 +00:00			`async def handle_Initialize(ctx: wire.Context, msg: Initialize) -> Features:`
core: store multiple sessions/caches at the same time 2020-02-13 09:19:07 +00:00			`features = get_features()`
			`if msg.session_id:`
			`msg.session_id = bytes(msg.session_id)`
			`features.session_id = cache.start_session(msg.session_id)`
			`return features`
apps/homescreen: handle Initialize.skip_passphrase TODO: tests 2018-05-28 13:20:31 +00:00

core/typing: add annotations 2019-07-03 13:07:04 +00:00			`async def handle_GetFeatures(ctx: wire.Context, msg: GetFeatures) -> Features:`
apps/homescreen: handle Initialize.skip_passphrase TODO: tests 2018-05-28 13:20:31 +00:00			`return get_features()`


core/typing: add annotations 2019-07-03 13:07:04 +00:00			`async def handle_Cancel(ctx: wire.Context, msg: Cancel) -> NoReturn:`
core: add default messages to some error codes 2020-04-21 12:18:53 +00:00			`raise wire.ActionCancelled`
src/apps/homescreen: handle Cancel 2018-06-06 15:23:27 +00:00

core: introduce PIN soft-locking 2020-04-21 13:49:37 +00:00			`async def handle_LockDevice(ctx: wire.Context, msg: LockDevice) -> Success:`
			`lock_device()`
core: do not clear cache on ClearSession 2020-02-03 15:28:08 +00:00			`return Success()`
src/apps: cleanup workflow modules 2018-02-27 15:35:21 +00:00

core/typing: add annotations 2019-07-03 13:07:04 +00:00			`async def handle_Ping(ctx: wire.Context, msg: Ping) -> Success:`
apps/homescreen: implement PIng.button_protection 2017-09-06 20:53:36 +00:00			`if msg.button_protection:`
			`from apps.common.confirm import require_confirm`
			`from trezor.messages.ButtonRequestType import ProtectCall`
			`from trezor.ui.text import Text`
src: run black 2018-07-03 14:20:58 +00:00
			`await require_confirm(ctx, Text("Confirm"), ProtectCall)`
src/apps/homescreen: fix typo in Ping response (#129) 2018-02-28 16:04:09 +00:00			`return Success(message=msg.message)`
src/apps/homescreen: implement {Initialize,Features}.state field, implement ClearSession handling 2018-02-09 17:07:47 +00:00

core: hide some fields when softlocked 2020-04-27 11:15:56 +00:00			`ALLOW_WHILE_LOCKED = (`
			`MessageType.Initialize,`
			`MessageType.GetFeatures,`
core: add Cancel to a list of allowed messages while locked 2020-05-25 13:20:43 +00:00			`MessageType.Cancel,`
core: do not prompt for PIN just to lock the device again 2020-04-29 10:05:08 +00:00			`MessageType.LockDevice,`
core: hide some fields when softlocked 2020-04-27 11:15:56 +00:00			`MessageType.WipeDevice,`
			`)`
core: introduce PIN soft-locking 2020-04-21 13:49:37 +00:00

core: consider lockscreen to be a separate homescreen this involves some changes to the workflow defaults: * workflow.start_default() takes no arguments * workflow.set_default() (originally replace_default) configures the default that will be started by next call to start_default(). The intended usecase is to set_default() first and then start it separately. * apps.base.set_homescreen() factors out the logic originally in main.py, that decides which homescreen should be launched. This uses set_default() call. start_default() is then used explicitly in main.py 2020-04-22 08:58:24 +00:00			`def set_homescreen() -> None:`
			`if not config.is_unlocked():`
			`from apps.homescreen.lockscreen import lockscreen`

			`workflow.set_default(lockscreen)`

			`elif storage.recovery.is_in_progress():`
			`from apps.management.recovery_device.homescreen import recovery_homescreen`

			`workflow.set_default(recovery_homescreen)`

			`else:`
			`from apps.homescreen.homescreen import homescreen`

			`workflow.set_default(homescreen)`


core: introduce PIN soft-locking 2020-04-21 13:49:37 +00:00			`def lock_device() -> None:`
core: only softlock when PIN is set 2020-04-24 10:16:32 +00:00			`if config.has_pin():`
			`config.lock()`
			`wire.find_handler = get_pinlocked_handler`
core: make sure that auto-lock shuts down running workflows 2020-05-19 12:56:22 +00:00			`set_homescreen()`
			`workflow.close_others()`
core: introduce PIN soft-locking 2020-04-21 13:49:37 +00:00

			`async def unlock_device(ctx: wire.GenericContext = wire.DUMMY_CONTEXT) -> None:`
core: only unlock storage if it is locked (solves determinism issue in tests) 2020-05-28 09:57:04 +00:00			`"""Ensure the device is in unlocked state.`

			`If the storage is locked, attempt to unlock it. Reset the homescreen and the wire`
			`handler.`
			`"""`
			`if not config.is_unlocked():`
			`# verify_user_pin will raise if the PIN was invalid`
			`await verify_user_pin(ctx)`

core: consider lockscreen to be a separate homescreen this involves some changes to the workflow defaults: * workflow.start_default() takes no arguments * workflow.set_default() (originally replace_default) configures the default that will be started by next call to start_default(). The intended usecase is to set_default() first and then start it separately. * apps.base.set_homescreen() factors out the logic originally in main.py, that decides which homescreen should be launched. This uses set_default() call. start_default() is then used explicitly in main.py 2020-04-22 08:58:24 +00:00			`set_homescreen()`
core: introduce PIN soft-locking 2020-04-21 13:49:37 +00:00			`wire.find_handler = wire.find_registered_workflow_handler`


			`def get_pinlocked_handler(`
			`iface: wire.WireInterface, msg_type: int`
			`) -> Optional[wire.Handler[wire.Msg]]:`
			`orig_handler = wire.find_registered_workflow_handler(iface, msg_type)`
			`if orig_handler is None:`
			`return None`

			`if __debug__:`
			`import usb`

			`if iface is usb.iface_debug:`
			`return orig_handler`

			`if msg_type in ALLOW_WHILE_LOCKED:`
			`return orig_handler`

			`async def wrapper(ctx: wire.Context, msg: wire.Msg) -> protobuf.MessageType:`
			`# mypy limitation: orig_handler is not recognized as non-None`
			`assert orig_handler is not None`
			`await unlock_device(ctx)`
			`return await orig_handler(ctx, msg)`

			`return wrapper`


core: remove persistence boot and set recovery as a default workflow 2019-10-31 09:27:59 +00:00			`def boot() -> None:`
core: introduce PIN soft-locking 2020-04-21 13:49:37 +00:00			`wire.register(MessageType.Initialize, handle_Initialize)`
			`wire.register(MessageType.GetFeatures, handle_GetFeatures)`
			`wire.register(MessageType.Cancel, handle_Cancel)`
			`wire.register(MessageType.LockDevice, handle_LockDevice)`
			`wire.register(MessageType.Ping, handle_Ping)`
core: implement auto-lock after a configurable timeout (fixes #75) 2020-05-18 12:59:58 +00:00
			`workflow.idle_timer.set(storage.device.get_autolock_delay_ms(), lock_device)`