From b1723fef5bf16ea54a9bb847aea9e002654558bd Mon Sep 17 00:00:00 2001 From: Pavol Rusnak Date: Mon, 9 Jan 2017 15:55:46 +0100 Subject: [PATCH 01/23] change binary name of nanopb generator (to follow upstream name) --- firmware/protob/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/firmware/protob/Makefile b/firmware/protob/Makefile index f9dd9c718a..5b8d69e038 100644 --- a/firmware/protob/Makefile +++ b/firmware/protob/Makefile @@ -1,7 +1,7 @@ all: messages.pb.c storage.pb.c types.pb.c %.pb.c: %.pb %.options - nanopb $< -L '#include "%s"' -T + nanopb_generator.py $< -L '#include "%s"' -T %.pb: %.proto protoc -I/usr/include -I. $< -o $@ From 1e297c68fa0e70d00167005edf408fa93a95ef2b Mon Sep 17 00:00:00 2001 From: Pavol Rusnak Date: Tue, 10 Jan 2017 14:58:28 +0100 Subject: [PATCH 02/23] cosmetic changes to matrix recovery --- Makefile.include | 2 +- firmware/recovery.c | 9 +++++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/Makefile.include b/Makefile.include index 7651370950..84406a8d8a 100644 --- a/Makefile.include +++ b/Makefile.include @@ -91,7 +91,7 @@ flash2: $(NAME).hex -c "shutdown" upload: - ../../python-trezor/trezorctl firmware_update -f $(NAME).bin + trezorctl firmware_update -f $(NAME).bin sign: $(NAME).bin ../bootloader/firmware_sign.py -f $(NAME).bin diff --git a/firmware/recovery.c b/firmware/recovery.c index 17e68385f7..41083dd23e 100644 --- a/firmware/recovery.c +++ b/firmware/recovery.c @@ -214,7 +214,7 @@ static void display_choices(bool twoColumn, char choices[9][12], int num) format_number(desc, nr); layoutDialogSwipe(&bmp_icon_info, NULL, NULL, NULL, "Please enter the", (nr < 10 ? desc + 1 : desc), "of your mnemonic", NULL, NULL, NULL); } else { - oledBox(0, 18, 127, 63, false); + oledBox(0, 27, 127, 63, false); } for (row = 0; row < 3; row ++) { @@ -224,6 +224,11 @@ static void display_choices(bool twoColumn, char choices[9][12], int num) int choice = word_matrix[nColumns*row + col]; const char *text = choice < num ? choices[choice] : "-"; oledDrawString(x - oledStringWidth(text)/2, y, text); + if (twoColumn) { + oledInvert(x - 32 + 1, y - 1, x - 32 + 63 - 1, y + 8); + } else { + oledInvert(x - 22 + 1, y - 1, x - 22 + 41 - 1, y + 8); + } } } oledRefresh(); @@ -324,7 +329,7 @@ static void recovery_digit(const char digit) { /* received final word */ int y = 54 - ((digit - '1')/3)*11; int x = 64 * (((digit - '1') % 3) > 0); - oledInvert(x, y, x + 63, y + 9); + oledInvert(x + 1, y, x + 62, y + 9); oledRefresh(); usbSleep(250); From ab006262e865b9c1bf3ccde4a27496d89ca7bd70 Mon Sep 17 00:00:00 2001 From: Pavol Rusnak Date: Tue, 10 Jan 2017 15:08:08 +0100 Subject: [PATCH 03/23] mytrezor.com -> trezor.io/start --- bootloader/bootloader.c | 2 +- bootloader/usb.c | 2 +- firmware/layout2.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/bootloader/bootloader.c b/bootloader/bootloader.c index cf1e7d1e0e..a87135917a 100644 --- a/bootloader/bootloader.c +++ b/bootloader/bootloader.c @@ -50,7 +50,7 @@ void layoutFirmwareHash(uint8_t *hash) void show_halt(void) { - layoutDialog(&bmp_icon_error, NULL, NULL, NULL, "Unofficial firmware", "aborted.", NULL, "Unplug your TREZOR", "and see our support", "page at mytrezor.com"); + layoutDialog(&bmp_icon_error, NULL, NULL, NULL, "Unofficial firmware", "aborted.", NULL, "Unplug your TREZOR", "contact our support.", NULL); system_halt(); } diff --git a/bootloader/usb.c b/bootloader/usb.c index de9373a901..e4dc998e36 100644 --- a/bootloader/usb.c +++ b/bootloader/usb.c @@ -335,7 +335,7 @@ static void hid_rx_callback(usbd_device *dev, uint8_t ep) if (flash_len > FLASH_TOTAL_SIZE + FLASH_META_DESC_LEN - (FLASH_APP_START - FLASH_ORIGIN)) { // firmware is too big send_msg_failure(dev); flash_state = STATE_END; - layoutDialog(&bmp_icon_error, NULL, NULL, NULL, "Firmware is too big.", NULL, "Get official firmware", "from mytrezor.com", NULL, NULL); + layoutDialog(&bmp_icon_error, NULL, NULL, NULL, "Firmware is too big.", NULL, "Get official firmware", "from trezor.io/start", NULL, NULL); return; } sha256_Init(&ctx); diff --git a/firmware/layout2.c b/firmware/layout2.c index cac754c6b8..ca20dbbcce 100644 --- a/firmware/layout2.c +++ b/firmware/layout2.c @@ -65,7 +65,7 @@ void layoutHome(void) oledSwipeLeft(); } layoutLast = layoutHome; - const char *label = storage_isInitialized() ? storage_getLabel() : "Go to mytrezor.com"; + const char *label = storage_isInitialized() ? storage_getLabel() : "Go to trezor.io/start"; const uint8_t *homescreen = storage_getHomescreen(); if (homescreen) { BITMAP b; From cc01b86ab72c1b0801e057c8271863bd665db3a7 Mon Sep 17 00:00:00 2001 From: Pavol Rusnak Date: Tue, 10 Jan 2017 15:14:29 +0100 Subject: [PATCH 04/23] update readme --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index e198cd421e..0b1c82d7a9 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ [![Build Status](https://travis-ci.org/trezor/trezor-mcu.svg?branch=master)](https://travis-ci.org/trezor/trezor-mcu) [![gitter](https://badges.gitter.im/trezor/community.svg)](https://gitter.im/trezor/community) -http://bitcointrezor.com/ +https://trezor.io/ ## How to build TREZOR firmware? @@ -24,8 +24,8 @@ This creates file `output/bootloader.bin` and prints its fingerprint and size at ## How to get fingerprint of firmware signed and distributed by SatoshiLabs? -1. Pick version of firmware binary listed on https://wallet.mytrezor.com/data/firmware/releases.json -2. Download it: `wget -O trezor.signed.bin https://wallet.mytrezor.com/data/firmware/trezor-1.3.6.bin` +1. Pick version of firmware binary listed on https://wallet.trezor.io/data/firmware/releases.json +2. Download it: `wget -O trezor.signed.bin https://wallet.trezor.io/data/firmware/trezor-1.3.6.bin` 3. `./firmware-fingerprint.sh trezor.signed.bin` Step 3 should produce the same sha256 fingerprint like your local build (for the same version tag). From 1cceec0ae2fd8324b97e0908c292b92a0e0d4aab Mon Sep 17 00:00:00 2001 From: Jochen Hoenicke Date: Tue, 10 Jan 2017 21:51:57 +0100 Subject: [PATCH 05/23] Check that U2F key only uses hardened derivation (#139) We generate only U2F keys with hardened derivation. However, we didn't check incoming keys if they used hardened derivation. This patch fixes this. --- firmware/u2f.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/firmware/u2f.c b/firmware/u2f.c index ddf560209e..6c246175c7 100644 --- a/firmware/u2f.c +++ b/firmware/u2f.c @@ -505,6 +505,12 @@ const HDNode *validateKeyHandle(const uint8_t app_id[], const uint8_t key_handle uint32_t key_path[KEY_PATH_ENTRIES]; key_path[0] = U2F_KEY_PATH; memcpy(&key_path[1], key_handle, KEY_PATH_LEN); + for (unsigned int i = 1; i < KEY_PATH_ENTRIES; i++) { + // check high bit for hardened keys + if (! (key_path[i] & 0x80000000)) { + return NULL; + } + } const HDNode *node = getDerivedNode(key_path, KEY_PATH_ENTRIES); if (!node) From 2dcef5cf045ee546995a421108f59f429809dac2 Mon Sep 17 00:00:00 2001 From: Saleem Rashid Date: Fri, 13 Jan 2017 18:04:59 +0000 Subject: [PATCH 06/23] Makefile: Build and sign before uploading (#140) --- Makefile.include | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.include b/Makefile.include index 84406a8d8a..87eeeb643b 100644 --- a/Makefile.include +++ b/Makefile.include @@ -90,7 +90,7 @@ flash2: $(NAME).hex -c "reset" \ -c "shutdown" -upload: +upload: sign trezorctl firmware_update -f $(NAME).bin sign: $(NAME).bin From 466155270ba0b356ffb1938f5bcccbaf1a6f7e20 Mon Sep 17 00:00:00 2001 From: Roman Zeyde Date: Sat, 26 Nov 2016 21:16:15 +0200 Subject: [PATCH 07/23] layout: split "First Last " GPG user ID for readability --- firmware/layout2.c | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/firmware/layout2.c b/firmware/layout2.c index ca20dbbcce..971b7f9f9b 100644 --- a/firmware/layout2.c +++ b/firmware/layout2.c @@ -305,10 +305,12 @@ void layoutSignIdentity(const IdentityType *identity, const char *challenge) char row_hostport[64 + 6 + 1]; char row_user[64 + 8 + 1]; + bool is_gpg = (strcmp(identity->proto, "gpg") == 0); + if (identity->has_proto && identity->proto[0]) { if (strcmp(identity->proto, "https") == 0) { strlcpy(row_proto, "Web sign in to:", sizeof(row_proto)); - } else if (strcmp(identity->proto, "gpg") == 0) { + } else if (is_gpg) { strlcpy(row_proto, "GPG sign for:", sizeof(row_proto)); } else { strlcpy(row_proto, identity->proto, sizeof(row_proto)); @@ -337,6 +339,21 @@ void layoutSignIdentity(const IdentityType *identity, const char *challenge) row_user[0] = 0; } + if (is_gpg) { + // Split "First Last " into 2 lines: + // "First Last" + // "first@last.com" + char *email_start = strchr(row_hostport, '<'); + if (email_start) { + strlcpy(row_user, email_start + 1, sizeof(row_user)); + *email_start = 0; + char *email_end = strchr(row_user, '>'); + if (email_end) { + *email_end = 0; + } + } + } + layoutDialogSwipe(&bmp_icon_question, "Cancel", "Confirm", "Do you want to sign in?", row_proto[0] ? row_proto : NULL, From 11d37c87cd2ede9e227582eca34d607428384473 Mon Sep 17 00:00:00 2001 From: Saleem Rashid Date: Sun, 15 Jan 2017 13:49:36 +0000 Subject: [PATCH 08/23] Makefile: Generate dependency files (#141) --- Makefile.include | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Makefile.include b/Makefile.include index 87eeeb643b..7f4d4f1ed9 100644 --- a/Makefile.include +++ b/Makefile.include @@ -118,10 +118,10 @@ $(NAME).elf: $(OBJS) $(LDSCRIPT) $(TOOLCHAIN_DIR)/lib/libopencm3_stm32f2.a $(TOP $(LD) -o $(NAME).elf $(OBJS) -ltrezor -lopencm3_stm32f2 $(LDFLAGS) %.o: %.c Makefile - $(CC) $(CFLAGS) -o $@ -c $< + $(CC) $(CFLAGS) -MMD -o $@ -c $< %.small.o: %.c Makefile - $(CC) $(CFLAGS) -o $@ -c $< + $(CC) $(CFLAGS) -MMD -o $@ -c $< clean: rm -f $(OBJS) @@ -133,3 +133,5 @@ clean: rm -f *.list rm -f *.log rm -f *.srec + +-include $(OBJS:.o=.d) From 3b109581133c0b62c75149c6188599bf2cded7cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Karel=20B=C3=ADlek?= Date: Tue, 17 Jan 2017 16:22:11 +0100 Subject: [PATCH 09/23] Correcting 1.3.3 changelog --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 8e2842eb8d..f6ffc0571d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -36,7 +36,7 @@ Version 1.3.4 * Updated maxfee per kb for coins Version 1.3.3 -* Stable release, optional update +* Stable release, required update * Ask for PIN on GetAddress and GetPublicKey * Signing speed improved From 505df38a84b157d1f4d893db303a19cbe8926f32 Mon Sep 17 00:00:00 2001 From: Pavol Rusnak Date: Thu, 19 Jan 2017 16:16:57 +0100 Subject: [PATCH 10/23] fix when oled triangle is shown --- firmware/trezor.c | 5 +---- oled.c | 10 +++++----- oled.h | 2 +- 3 files changed, 7 insertions(+), 10 deletions(-) diff --git a/firmware/trezor.c b/firmware/trezor.c index 6e491691a7..56c74d491a 100644 --- a/firmware/trezor.c +++ b/firmware/trezor.c @@ -99,11 +99,8 @@ int main(void) timer_init(); -#if DEBUG_LOG - oledSetDebug(1); -#endif - #if DEBUG_LINK + oledSetDebugLink(1); storage_reset(); // wipe storage if debug link storage_reset_uuid(); storage_commit(); diff --git a/oled.c b/oled.c index 926428e775..095bb02fda 100644 --- a/oled.c +++ b/oled.c @@ -74,7 +74,7 @@ #define OLED_BUFTGL(X,Y) _oledbuffer[OLED_BUFSIZE - 1 - (X) - ((Y)/8)*OLED_WIDTH] ^= (1 << (7 - (Y)%8)) static uint8_t _oledbuffer[OLED_BUFSIZE]; -static bool is_debug_mode = 0; +static bool is_debug_link = 0; /* * Send a block of data via the SPI bus. @@ -161,7 +161,7 @@ void oledRefresh() static uint8_t s[3] = {OLED_SETLOWCOLUMN | 0x00, OLED_SETHIGHCOLUMN | 0x00, OLED_SETSTARTLINE | 0x00}; // draw triangle in upper right corner - if (is_debug_mode) { + if (is_debug_link) { OLED_BUFTGL(OLED_WIDTH - 5, 0); OLED_BUFTGL(OLED_WIDTH - 4, 0); OLED_BUFTGL(OLED_WIDTH - 3, 0); OLED_BUFTGL(OLED_WIDTH - 2, 0); OLED_BUFTGL(OLED_WIDTH - 1, 0); OLED_BUFTGL(OLED_WIDTH - 4, 1); OLED_BUFTGL(OLED_WIDTH - 3, 1); OLED_BUFTGL(OLED_WIDTH - 2, 1); OLED_BUFTGL(OLED_WIDTH - 1, 1); OLED_BUFTGL(OLED_WIDTH - 3, 2); OLED_BUFTGL(OLED_WIDTH - 2, 2); OLED_BUFTGL(OLED_WIDTH - 1, 2); @@ -180,7 +180,7 @@ void oledRefresh() gpio_clear(OLED_DC_PORT, OLED_DC_PIN); // set to CMD // return it back - if (is_debug_mode) { + if (is_debug_link) { OLED_BUFTGL(OLED_WIDTH - 5, 0); OLED_BUFTGL(OLED_WIDTH - 4, 0); OLED_BUFTGL(OLED_WIDTH - 3, 0); OLED_BUFTGL(OLED_WIDTH - 2, 0); OLED_BUFTGL(OLED_WIDTH - 1, 0); OLED_BUFTGL(OLED_WIDTH - 4, 1); OLED_BUFTGL(OLED_WIDTH - 3, 1); OLED_BUFTGL(OLED_WIDTH - 2, 1); OLED_BUFTGL(OLED_WIDTH - 1, 1); OLED_BUFTGL(OLED_WIDTH - 3, 2); OLED_BUFTGL(OLED_WIDTH - 2, 2); OLED_BUFTGL(OLED_WIDTH - 1, 2); @@ -194,9 +194,9 @@ const uint8_t *oledGetBuffer() return _oledbuffer; } -void oledSetDebug(bool set) +void oledSetDebugLink(bool set) { - is_debug_mode = set; + is_debug_link = set; oledRefresh(); } diff --git a/oled.h b/oled.h index 6fccc363ad..05b8b0b376 100644 --- a/oled.h +++ b/oled.h @@ -34,7 +34,7 @@ void oledInit(void); void oledClear(void); void oledRefresh(void); -void oledSetDebug(bool set); +void oledSetDebugLink(bool set); void oledSetBuffer(uint8_t *buf); const uint8_t *oledGetBuffer(void); void oledDrawPixel(int x, int y); From f36cf5c10c26e610f31cb1206df2d7d3e34022b1 Mon Sep 17 00:00:00 2001 From: Jochen Hoenicke Date: Sat, 21 Jan 2017 18:00:01 +0100 Subject: [PATCH 11/23] Handle edge cases for ethereum txs. Treat the case where a field is omitted identical to the case where an empty array is given. In particular - data_length == 0 is allowed now and identical to giving no data. - nonce can be omitted to indicate nonce value 0. I still do not allow to omit gas_limit and gas_price; gas_limit cannot be zero and transactions with zero gas_price will not be mined. You can still set it explicitly to zero by giving the empty array, though. See trezor/trezor-mcu#143. --- firmware/ethereum.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/firmware/ethereum.c b/firmware/ethereum.c index 5284795b84..654fdcdef5 100644 --- a/firmware/ethereum.c +++ b/firmware/ethereum.c @@ -383,7 +383,7 @@ static void layoutEthereumFee(const uint8_t *value, uint32_t value_len, static bool ethereum_signing_check(EthereumSignTx *msg) { - if (!msg->has_nonce || !msg->has_gas_price || !msg->has_gas_limit) { + if (!msg->has_gas_price || !msg->has_gas_limit) { return false; } @@ -418,13 +418,10 @@ void ethereum_signing_init(EthereumSignTx *msg, const HDNode *node) msg->data_initial_chunk.size = 0; if (!msg->has_to) msg->to.size = 0; + if (!msg->has_nonce) + msg->nonce.size = 0; - if (msg->has_data_length) { - if (msg->data_length == 0) { - fsm_sendFailure(FailureType_Failure_Other, "Invalid data length provided"); - ethereum_signing_abort(); - return; - } + if (msg->has_data_length && msg->data_length > 0) { if (!msg->has_data_initial_chunk || msg->data_initial_chunk.size == 0) { fsm_sendFailure(FailureType_Failure_Other, "Data length provided, but no initial chunk"); ethereum_signing_abort(); From 5b40f6d90b8ebe7d8ccc0a369aba5e35ecc60aa4 Mon Sep 17 00:00:00 2001 From: Jochen Hoenicke Date: Sun, 22 Jan 2017 17:52:33 +0100 Subject: [PATCH 12/23] Updated trezor-common --- firmware/protob/messages.pb.c | 3 ++- firmware/protob/messages.pb.h | 11 +++++++---- vendor/trezor-common | 2 +- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/firmware/protob/messages.pb.c b/firmware/protob/messages.pb.c index 7decf55dc0..7011ece5d2 100644 --- a/firmware/protob/messages.pb.c +++ b/firmware/protob/messages.pb.c @@ -336,7 +336,7 @@ const pb_field_t TxAck_fields[2] = { PB_LAST_FIELD }; -const pb_field_t EthereumSignTx_fields[9] = { +const pb_field_t EthereumSignTx_fields[10] = { PB_FIELD2( 1, UINT32 , REPEATED, STATIC , FIRST, EthereumSignTx, address_n, address_n, 0), PB_FIELD2( 2, BYTES , OPTIONAL, STATIC , OTHER, EthereumSignTx, nonce, address_n, 0), PB_FIELD2( 3, BYTES , OPTIONAL, STATIC , OTHER, EthereumSignTx, gas_price, nonce, 0), @@ -345,6 +345,7 @@ const pb_field_t EthereumSignTx_fields[9] = { PB_FIELD2( 6, BYTES , OPTIONAL, STATIC , OTHER, EthereumSignTx, value, to, 0), PB_FIELD2( 7, BYTES , OPTIONAL, STATIC , OTHER, EthereumSignTx, data_initial_chunk, value, 0), PB_FIELD2( 8, UINT32 , OPTIONAL, STATIC , OTHER, EthereumSignTx, data_length, data_initial_chunk, 0), + PB_FIELD2( 9, UINT32 , OPTIONAL, STATIC , OTHER, EthereumSignTx, chain_id, data_length, 0), PB_LAST_FIELD }; diff --git a/firmware/protob/messages.pb.h b/firmware/protob/messages.pb.h index 55950650ac..f5b5893b61 100644 --- a/firmware/protob/messages.pb.h +++ b/firmware/protob/messages.pb.h @@ -460,6 +460,8 @@ typedef struct _EthereumSignTx { EthereumSignTx_data_initial_chunk_t data_initial_chunk; bool has_data_length; uint32_t data_length; + bool has_chain_id; + uint32_t chain_id; } EthereumSignTx; typedef struct { @@ -894,7 +896,7 @@ extern const uint32_t SimpleSignTx_lock_time_default; #define SimpleSignTx_init_default {0, {}, 0, {}, 0, {}, false, "Bitcoin", false, 1u, false, 0u} #define TxRequest_init_default {false, (RequestType)0, false, TxRequestDetailsType_init_default, false, TxRequestSerializedType_init_default} #define TxAck_init_default {false, TransactionType_init_default} -#define EthereumSignTx_init_default {0, {0, 0, 0, 0, 0, 0, 0, 0}, false, {0, {0}}, false, {0, {0}}, false, {0, {0}}, false, {0, {0}}, false, {0, {0}}, false, {0, {0}}, false, 0} +#define EthereumSignTx_init_default {0, {0, 0, 0, 0, 0, 0, 0, 0}, false, {0, {0}}, false, {0, {0}}, false, {0, {0}}, false, {0, {0}}, false, {0, {0}}, false, {0, {0}}, false, 0, false, 0} #define EthereumTxRequest_init_default {false, 0, false, 0, false, {0, {0}}, false, {0, {0}}} #define EthereumTxAck_init_default {false, {0, {0}}} #define SignIdentity_init_default {false, IdentityType_init_default, false, {0, {0}}, false, "", false, ""} @@ -960,7 +962,7 @@ extern const uint32_t SimpleSignTx_lock_time_default; #define SimpleSignTx_init_zero {0, {}, 0, {}, 0, {}, false, "", false, 0, false, 0} #define TxRequest_init_zero {false, (RequestType)0, false, TxRequestDetailsType_init_zero, false, TxRequestSerializedType_init_zero} #define TxAck_init_zero {false, TransactionType_init_zero} -#define EthereumSignTx_init_zero {0, {0, 0, 0, 0, 0, 0, 0, 0}, false, {0, {0}}, false, {0, {0}}, false, {0, {0}}, false, {0, {0}}, false, {0, {0}}, false, {0, {0}}, false, 0} +#define EthereumSignTx_init_zero {0, {0, 0, 0, 0, 0, 0, 0, 0}, false, {0, {0}}, false, {0, {0}}, false, {0, {0}}, false, {0, {0}}, false, {0, {0}}, false, {0, {0}}, false, 0, false, 0} #define EthereumTxRequest_init_zero {false, 0, false, 0, false, {0, {0}}, false, {0, {0}}} #define EthereumTxAck_init_zero {false, {0, {0}}} #define SignIdentity_init_zero {false, IdentityType_init_zero, false, {0, {0}}, false, "", false, ""} @@ -1049,6 +1051,7 @@ extern const uint32_t SimpleSignTx_lock_time_default; #define EthereumSignTx_value_tag 6 #define EthereumSignTx_data_initial_chunk_tag 7 #define EthereumSignTx_data_length_tag 8 +#define EthereumSignTx_chain_id_tag 9 #define EthereumTxAck_data_chunk_tag 1 #define EthereumTxRequest_data_length_tag 1 #define EthereumTxRequest_signature_v_tag 2 @@ -1204,7 +1207,7 @@ extern const pb_field_t SignTx_fields[6]; extern const pb_field_t SimpleSignTx_fields[7]; extern const pb_field_t TxRequest_fields[4]; extern const pb_field_t TxAck_fields[2]; -extern const pb_field_t EthereumSignTx_fields[9]; +extern const pb_field_t EthereumSignTx_fields[10]; extern const pb_field_t EthereumTxRequest_fields[5]; extern const pb_field_t EthereumTxAck_fields[2]; extern const pb_field_t SignIdentity_fields[5]; @@ -1272,7 +1275,7 @@ extern const pb_field_t DebugLinkFlashErase_fields[2]; #define SimpleSignTx_size (31 + 0*TxInputType_size + 0*TxOutputType_size + 0*TransactionType_size) #define TxRequest_size (18 + TxRequestDetailsType_size + TxRequestSerializedType_size) #define TxAck_size (6 + TransactionType_size) -#define EthereumSignTx_size 1239 +#define EthereumSignTx_size 1245 #define EthereumTxRequest_size 80 #define EthereumTxAck_size 1027 #define SignIdentity_size (558 + IdentityType_size) diff --git a/vendor/trezor-common b/vendor/trezor-common index 61af3d5e93..9d2ab7318d 160000 --- a/vendor/trezor-common +++ b/vendor/trezor-common @@ -1 +1 @@ -Subproject commit 61af3d5e931ab41f0b81f462fbdc626d6bbec4f4 +Subproject commit 9d2ab7318db08a47b35588b0593fb66129214f8d From 32fb7e96cca591f7d1cbb98bf79ad8cf3a58b627 Mon Sep 17 00:00:00 2001 From: Jochen Hoenicke Date: Sun, 22 Jan 2017 17:53:48 +0100 Subject: [PATCH 13/23] Ethereum EIP-155 replay protection Added chain_id field in sign transaction. If chain_id is set use hashing as specified in EIP-155. --- firmware/ethereum.c | 33 ++++++++++++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) diff --git a/firmware/ethereum.c b/firmware/ethereum.c index 654fdcdef5..50deb8df95 100644 --- a/firmware/ethereum.c +++ b/firmware/ethereum.c @@ -35,6 +35,7 @@ static bool ethereum_signing = false; static uint32_t data_total, data_left; static EthereumTxRequest resp; static uint8_t privkey[32]; +static uint8_t chain_id; struct SHA3_CTX keccak_ctx; static inline void hash_data(const uint8_t *buf, size_t size) @@ -150,6 +151,15 @@ static void send_signature(void) uint8_t hash[32], sig[64]; uint8_t v; layoutProgress("Signing", 1000); + + /* eip-155 replay protection */ + if (chain_id != 0) { + /* hash v=chain_id, r=0, s=0 */ + hash_rlp_field(&chain_id, 1); + hash_rlp_length(0, 0); + hash_rlp_length(0, 0); + } + keccak_Final(&keccak_ctx, hash); if (ecdsa_sign_digest(&secp256k1, privkey, hash, sig, &v, ethereum_is_canonic) != 0) { fsm_sendFailure(FailureType_Failure_Other, "Signing failed"); @@ -163,7 +173,11 @@ static void send_signature(void) resp.has_data_length = false; resp.has_signature_v = true; - resp.signature_v = v + 27; + if (chain_id) { + resp.signature_v = v + 2*chain_id + 35; + } else { + resp.signature_v = v + 27; + } resp.has_signature_r = true; resp.signature_r.size = 32; @@ -421,6 +435,18 @@ void ethereum_signing_init(EthereumSignTx *msg, const HDNode *node) if (!msg->has_nonce) msg->nonce.size = 0; + /* eip-155 chain id */ + if (msg->has_chain_id) { + if (msg->chain_id < 1 || msg->chain_id > 109) { + fsm_sendFailure(FailureType_Failure_Other, "Chain Id out of bounds"); + ethereum_signing_abort(); + return; + } + chain_id = (uint8_t) msg->chain_id; + } else { + chain_id = 0; + } + if (msg->has_data_length && msg->data_length > 0) { if (!msg->has_data_initial_chunk || msg->data_initial_chunk.size == 0) { fsm_sendFailure(FailureType_Failure_Other, "Data length provided, but no initial chunk"); @@ -488,6 +514,11 @@ void ethereum_signing_init(EthereumSignTx *msg, const HDNode *node) rlp_length += rlp_calculate_length(msg->to.size, msg->to.bytes[0]); rlp_length += rlp_calculate_length(msg->value.size, msg->value.bytes[0]); rlp_length += rlp_calculate_length(data_total, msg->data_initial_chunk.bytes[0]); + if (chain_id) { + rlp_length += rlp_calculate_length(1, chain_id); + rlp_length += rlp_calculate_length(0, 0); + rlp_length += rlp_calculate_length(0, 0); + } /* Stage 2: Store header fields */ hash_rlp_list_length(rlp_length); From a3a05ae248cbe1a9057de606f0663384c2b3f8b6 Mon Sep 17 00:00:00 2001 From: Pavol Rusnak Date: Tue, 24 Jan 2017 15:17:02 +0100 Subject: [PATCH 14/23] add changelog --- ChangeLog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ChangeLog b/ChangeLog index f6ffc0571d..9627710d08 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +Version 1.4.2 +* Stable release, optional update +* New Matrix-based recovery method +* Minor Ethereum fixes (including EIP-155 replay protection) +* Minor USB, U2F and GPG fixes + Version 1.4.1 * Stable release, optional update * Support for Zcash JoinSplit transactions From 323e7443a43711fe3234a8dd747cebac98ad9ecc Mon Sep 17 00:00:00 2001 From: Pavol Rusnak Date: Tue, 24 Jan 2017 15:19:15 +0100 Subject: [PATCH 15/23] add _attic to gitignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index e0baf9ab7d..02982714d0 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ +_attic/ *.o *.a *.d From 5c54edf54e4fcaebb5552e04d76088038c7e9fa9 Mon Sep 17 00:00:00 2001 From: Pavol Rusnak Date: Tue, 24 Jan 2017 17:27:11 +0100 Subject: [PATCH 16/23] differentiate between ETH and ETC using chain_id --- firmware/ethereum.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/firmware/ethereum.c b/firmware/ethereum.c index 50deb8df95..a7342391ad 100644 --- a/firmware/ethereum.c +++ b/firmware/ethereum.c @@ -174,7 +174,7 @@ static void send_signature(void) resp.has_signature_v = true; if (chain_id) { - resp.signature_v = v + 2*chain_id + 35; + resp.signature_v = v + 2 * chain_id + 35; } else { resp.signature_v = v + 27; } @@ -242,7 +242,11 @@ static void ethereumFormatAmount(bignum256 *val, char buffer[25]) // remove trailing dot. if (value_ptr[-1] == '.') value_ptr--; - strcpy(value_ptr, " ETH"); + if (chain_id == 61 || chain_id == 62) { + strcpy(value_ptr, " ETC"); + } else { + strcpy(value_ptr, " ETH"); + } // value is at most 16 + 4 + 1 characters long } else { // value is bigger than 1e9 ETH => won't fit on display (probably won't happen unless you are Vitalik) From 14399f100e862608c24a7e214e9ce971c4d32457 Mon Sep 17 00:00:00 2001 From: Pavol Rusnak Date: Wed, 25 Jan 2017 14:04:20 +0100 Subject: [PATCH 17/23] bump version --- firmware/trezor.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/firmware/trezor.h b/firmware/trezor.h index 72cc0fb9ce..4303afc601 100644 --- a/firmware/trezor.h +++ b/firmware/trezor.h @@ -22,7 +22,7 @@ #define VERSION_MAJOR 1 #define VERSION_MINOR 4 -#define VERSION_PATCH 1 +#define VERSION_PATCH 2 #define STR(X) #X #define VERSTR(X) STR(X) From 228a109e5f98ca01b15142f594fa40c9c5f2eb22 Mon Sep 17 00:00:00 2001 From: mruddy Date: Thu, 26 Jan 2017 10:07:45 -0500 Subject: [PATCH 18/23] memory protection: do not write reserved bits (#138) --- memory.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/memory.c b/memory.c index c9ed483a6f..f779c2037c 100644 --- a/memory.c +++ b/memory.c @@ -27,13 +27,23 @@ void memory_protect(void) { + // Reference STM32F205 Flash programming manual revision 5 http://www.st.com/resource/en/programming_manual/cd00233952.pdf + // Section 2.6 Option bytes // set RDP level 2 WRP for sectors 0 and 1 - if ((((*OPTION_BYTES_1) & 0xFFFF) == 0xCCFF) && (((*OPTION_BYTES_2) & 0xFFFF) == 0xFFFC)) { + if ((((*OPTION_BYTES_1) & 0xFFEC) == 0xCCEC) && (((*OPTION_BYTES_2) & 0xFFF) == 0xFFC)) { return; // already set up correctly - bail out } flash_unlock_option_bytes(); - // WRP + RDP - flash_program_option_bytes(0xFFFC0000 + 0xCCFF); + // Section 2.8.6 Flash option control register (FLASH_OPTCR) + // Bits 31:28 Reserved, must be kept cleared. + // Bits 27:16 nWRP: Not write protect: write protect bootloader code in flash main memory sectors 0 and 1 (Section 2.3; table 2) + // Bits 15:8 RDP: Read protect: level 2 chip read protection active + // Bits 7:5 USER: User option bytes: no reset on standby, no reset on stop, software watchdog + // Bit 4 Reserved, must be kept cleared. + // Bits 3:2 BOR_LEV: BOR reset Level: BOR off + // Bit 1 OPTSTRT: Option start: ignored by flash_program_option_bytes + // Bit 0 OPTLOCK: Option lock: ignored by flash_program_option_bytes + flash_program_option_bytes(0x0FFCCCEC); flash_lock_option_bytes(); } From 0c039b3e14963744ea6cef00e91836ffc0ad87e9 Mon Sep 17 00:00:00 2001 From: Saleem Rashid Date: Sun, 29 Jan 2017 18:05:36 +0000 Subject: [PATCH 19/23] USB: Compile-time USB string checking Generate `enum` for USB string indexes, this is far more robust --- firmware/usb.c | 32 ++++++++++++++++++++++---------- 1 file changed, 22 insertions(+), 10 deletions(-) diff --git a/firmware/usb.c b/firmware/usb.c index 77576e48e8..39a528c0a2 100644 --- a/firmware/usb.c +++ b/firmware/usb.c @@ -44,6 +44,24 @@ #define ENDPOINT_ADDRESS_U2F_IN (0x83) #define ENDPOINT_ADDRESS_U2F_OUT (0x03) +#define USB_STRINGS \ + X(MANUFACTURER, "SatoshiLabs") \ + X(PRODUCT, "TREZOR") \ + X(SERIAL_NUMBER, storage_uuid_str) + +#define X(name, value) USB_STRING_##name, +enum { + USB_STRING_LANGID_CODES, // LANGID code array + USB_STRINGS +}; +#undef X + +#define X(name, value) value, +static const char *usb_strings[] = { + USB_STRINGS +}; +#undef X + static const struct usb_device_descriptor dev_descr = { .bLength = USB_DT_DEVICE_SIZE, .bDescriptorType = USB_DT_DEVICE, @@ -55,9 +73,9 @@ static const struct usb_device_descriptor dev_descr = { .idVendor = 0x534c, .idProduct = 0x0001, .bcdDevice = 0x0100, - .iManufacturer = 1, - .iProduct = 2, - .iSerialNumber = 3, + .iManufacturer = USB_STRING_MANUFACTURER, + .iProduct = USB_STRING_PRODUCT, + .iSerialNumber = USB_STRING_SERIAL_NUMBER, .bNumConfigurations = 1, }; @@ -285,12 +303,6 @@ static const struct usb_config_descriptor config = { .interface = ifaces, }; -static const char *usb_strings[] = { - "SatoshiLabs", - "TREZOR", - (const char *)storage_uuid_str, -}; - static int hid_control_request(usbd_device *dev, struct usb_setup_data *req, uint8_t **buf, uint16_t *len, usbd_control_complete_callback *complete) { (void)complete; @@ -388,7 +400,7 @@ static uint8_t usbd_control_buffer[128]; void usbInit(void) { - usbd_dev = usbd_init(&otgfs_usb_driver, &dev_descr, &config, usb_strings, 3, usbd_control_buffer, sizeof(usbd_control_buffer)); + usbd_dev = usbd_init(&otgfs_usb_driver, &dev_descr, &config, usb_strings, sizeof(usb_strings) / sizeof(*usb_strings), usbd_control_buffer, sizeof(usbd_control_buffer)); usbd_register_set_config_callback(usbd_dev, hid_set_config); } From bd167dcdf202f8c4ae4cb419a9e13d7551d36ae7 Mon Sep 17 00:00:00 2001 From: Saleem Rashid Date: Sun, 29 Jan 2017 18:30:06 +0000 Subject: [PATCH 20/23] USB: Annotate USB interfaces with iInterface --- firmware/usb.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/firmware/usb.c b/firmware/usb.c index 39a528c0a2..0bd7aed821 100644 --- a/firmware/usb.c +++ b/firmware/usb.c @@ -47,7 +47,10 @@ #define USB_STRINGS \ X(MANUFACTURER, "SatoshiLabs") \ X(PRODUCT, "TREZOR") \ - X(SERIAL_NUMBER, storage_uuid_str) + X(SERIAL_NUMBER, storage_uuid_str) \ + X(INTERFACE_MAIN, "TREZOR Interface") \ + X(INTERFACE_DEBUG, "TREZOR Debug Link Interface") \ + X(INTERFACE_U2F, "U2F Interface") #define X(name, value) USB_STRING_##name, enum { @@ -204,7 +207,7 @@ static const struct usb_interface_descriptor hid_iface[] = {{ .bInterfaceClass = USB_CLASS_HID, .bInterfaceSubClass = 0, .bInterfaceProtocol = 0, - .iInterface = 0, + .iInterface = USB_STRING_INTERFACE_MAIN, .endpoint = hid_endpoints, .extra = &hid_function, .extralen = sizeof(hid_function), @@ -235,7 +238,7 @@ static const struct usb_interface_descriptor hid_iface_u2f[] = {{ .bInterfaceClass = USB_CLASS_HID, .bInterfaceSubClass = 0, .bInterfaceProtocol = 0, - .iInterface = 0, + .iInterface = USB_STRING_INTERFACE_U2F, .endpoint = hid_endpoints_u2f, .extra = &hid_function_u2f, .extralen = sizeof(hid_function_u2f), @@ -267,7 +270,7 @@ static const struct usb_interface_descriptor hid_iface_debug[] = {{ .bInterfaceClass = USB_CLASS_HID, .bInterfaceSubClass = 0, .bInterfaceProtocol = 0, - .iInterface = 0, + .iInterface = USB_STRING_INTERFACE_DEBUG, .endpoint = hid_endpoints_debug, .extra = &hid_function, .extralen = sizeof(hid_function), From 1943d840e3a2ec531075dca1d82de3924a87166e Mon Sep 17 00:00:00 2001 From: Pavol Rusnak Date: Wed, 1 Feb 2017 14:50:16 +0100 Subject: [PATCH 21/23] add ChangeLog for bootloader, move firmware ChangeLog --- bootloader/ChangeLog | 19 +++++++++++++++++++ ChangeLog => firmware/ChangeLog | 0 2 files changed, 19 insertions(+) create mode 100644 bootloader/ChangeLog rename ChangeLog => firmware/ChangeLog (100%) diff --git a/bootloader/ChangeLog b/bootloader/ChangeLog new file mode 100644 index 0000000000..15453e7ac1 --- /dev/null +++ b/bootloader/ChangeLog @@ -0,0 +1,19 @@ +Version 1.3.1 +* Fix button testing so it does not break USB communication + +Version 1.3.0 +* Add test for buttons +* Clean USB descriptor +* Return firmware_present in Features response +* Don't halt on broken firware, stay in bootloader + +Version 1.2.7 +* Optimize speed of firmware update + +Version 1.2.6 +* Show hash of unofficial firmware +* Use stack protector +* Clean USB descriptor + +Version 1.2.5 +* Initial import of code diff --git a/ChangeLog b/firmware/ChangeLog similarity index 100% rename from ChangeLog rename to firmware/ChangeLog From 801ca6e64454cc6f94808e964e5f0167dd38e0d2 Mon Sep 17 00:00:00 2001 From: Pavol Rusnak Date: Wed, 1 Feb 2017 18:07:47 +0100 Subject: [PATCH 22/23] adapt python scripts to Python3 --- bootloader/firmware_align.py | 2 +- bootloader/firmware_sign.py | 71 +++++++++++++++++-------------- bootloader/firmware_sign_split.py | 26 ++++++----- gen/bitmaps/generate.py | 7 +-- gen/fonts/generate.py | 9 ++-- gen/handlers/handlers.py | 4 +- 6 files changed, 68 insertions(+), 51 deletions(-) diff --git a/bootloader/firmware_align.py b/bootloader/firmware_align.py index d0376784fa..5be6e7163d 100755 --- a/bootloader/firmware_align.py +++ b/bootloader/firmware_align.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python2 +#!/usr/bin/env python import sys import os diff --git a/bootloader/firmware_sign.py b/bootloader/firmware_sign.py index 7ccd8e99a3..09650a6ab7 100755 --- a/bootloader/firmware_sign.py +++ b/bootloader/firmware_sign.py @@ -1,10 +1,16 @@ -#!/usr/bin/env python2 +#!/usr/bin/python +from __future__ import print_function import argparse import hashlib import struct import binascii import ecdsa +try: + raw_input +except: + raw_input = input + SLOTS = 3 pubkeys = { @@ -31,17 +37,17 @@ def prepare(data): # Takes raw OR signed firmware and clean out metadata structure # This produces 'clean' data for signing - meta = 'TRZR' # magic - if data[:4] == 'TRZR': + meta = b'TRZR' # magic + if data[:4] == b'TRZR': meta += data[4:4 + struct.calcsize(' 384 and '1' or '0') for x in img] - for i in range(len(img) / 8): + for i in range(len(img) // 8): c = ''.join(img[i * 8 : i * 8 + 8]) r += '0x%02x, ' % int(c, 2) return r cnt = 0 for fn in sorted(glob.glob('*.png')): - print 'Processing:', fn + print('Processing:', fn) im = Image.open(fn) name = os.path.splitext(fn)[0] w, h = im.size diff --git a/gen/fonts/generate.py b/gen/fonts/generate.py index 8f166f82a7..ec8b0aa4bf 100755 --- a/gen/fonts/generate.py +++ b/gen/fonts/generate.py @@ -1,4 +1,5 @@ -#!/usr/bin/env python2 +#!/usr/bin/env python +from __future__ import print_function from PIL import Image class Img(object): @@ -23,12 +24,12 @@ cur = '' for i in range(256): x = (i % 16) * 10 - y = (i / 16) * 10 + y = (i // 16) * 10 cur = '' while img.pixel(x, y) != None: val = ''.join(img.pixel(x, y + j) for j in range(8)) x += 1 cur += '\\x%02x' % int(val, 2) - cur = '\\x%02x' % (len(cur) / 4) + cur + cur = '\\x%02x' % (len(cur) // 4) + cur ch = chr(i) if i >= 32 and i <= 126 else '_' - print '\t/* 0x%02x %c */ (uint8_t *)"%s",' % (i, ch , cur) + print('\t/* 0x%02x %c */ (uint8_t *)"%s",' % (i, ch , cur)) diff --git a/gen/handlers/handlers.py b/gen/handlers/handlers.py index ae1635b5f5..5e79610675 100755 --- a/gen/handlers/handlers.py +++ b/gen/handlers/handlers.py @@ -1,4 +1,6 @@ -#!/usr/bin/env python2 +#!/usr/bin/env python +from __future__ import print_function + handlers = [ 'hard_fault_handler', 'mem_manage_handler', From 2a22d9f0ede6794174fcf8ce326bcf5c7963dc63 Mon Sep 17 00:00:00 2001 From: Pavol Rusnak Date: Sat, 4 Feb 2017 11:20:58 +0100 Subject: [PATCH 23/23] fix combine/prepare script for python3 --- bootloader/combine/prepare.py | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/bootloader/combine/prepare.py b/bootloader/combine/prepare.py index 0d463117c2..eb073e9820 100755 --- a/bootloader/combine/prepare.py +++ b/bootloader/combine/prepare.py @@ -1,10 +1,12 @@ -#!/usr/bin/env python2 +#!/usr/bin/env python +from __future__ import print_function + bl = open('bl.bin').read() fw = open('fw.bin').read() combined = bl + fw[:256] + (32768-256)*'\x00' + fw[256:] open('combined.bin', 'w').write(combined) -print 'bootloader : %d bytes' % len(bl) -print 'firmware : %d bytes' % len(fw) -print 'combined : %d bytes' % len(combined) +print('bootloader : %d bytes' % len(bl)) +print('firmware : %d bytes' % len(fw)) +print('combined : %d bytes' % len(combined))