From e3c0f8e8ad2f3e33d4c9062110d261bdcfb1227f Mon Sep 17 00:00:00 2001 From: Jan Pochyla Date: Fri, 7 Dec 2018 14:26:59 +0100 Subject: [PATCH] seed: pass keychain to workflows, add namespaces --- src/apps/cardano/__init__.py | 4 +++ src/apps/cardano/seed.py | 9 +++--- src/apps/common/seed.py | 15 +-------- src/apps/ethereum/__init__.py | 9 ++++-- src/apps/ethereum/get_address.py | 6 ++-- src/apps/ethereum/sign_message.py | 9 ++---- src/apps/ethereum/sign_tx.py | 15 +++++---- src/apps/lisk/__init__.py | 11 ++++--- src/apps/lisk/get_address.py | 6 ++-- src/apps/lisk/get_public_key.py | 6 ++-- src/apps/lisk/sign_message.py | 6 ++-- src/apps/lisk/sign_tx.py | 15 ++++----- src/apps/monero/__init__.py | 16 +++++++--- src/apps/monero/get_address.py | 4 +-- src/apps/monero/get_watch_only.py | 4 +-- src/apps/monero/key_image_sync.py | 8 ++--- src/apps/monero/misc.py | 5 +-- src/apps/monero/sign_tx.py | 8 ++--- .../signing/step_01_init_transaction.py | 8 +++-- src/apps/nem/__init__.py | 10 ++++-- src/apps/nem/get_address.py | 5 +-- src/apps/nem/sign_tx.py | 11 +++---- src/apps/ripple/__init__.py | 7 +++-- src/apps/ripple/get_address.py | 9 ++---- src/apps/ripple/sign_tx.py | 11 +++---- src/apps/stellar/__init__.py | 7 +++-- src/apps/stellar/get_address.py | 4 +-- src/apps/stellar/sign_tx.py | 4 +-- src/apps/tezos/__init__.py | 9 ++++-- src/apps/tezos/get_address.py | 4 +-- src/apps/tezos/get_public_key.py | 4 +-- src/apps/tezos/sign_tx.py | 6 ++-- src/apps/wallet/__init__.py | 24 +++++++++----- src/apps/wallet/cipher_key_value.py | 5 +-- src/apps/wallet/get_address.py | 6 ++-- src/apps/wallet/get_ecdh_session_key.py | 6 ++-- src/apps/wallet/get_entropy.py | 1 - src/apps/wallet/get_public_key.py | 6 ++-- src/apps/wallet/sign_identity.py | 6 ++-- src/apps/wallet/sign_message.py | 6 ++-- src/apps/wallet/sign_tx/__init__.py | 5 ++- src/trezor/wire/__init__.py | 31 ++++++++++++++++--- 42 files changed, 177 insertions(+), 174 deletions(-) diff --git a/src/apps/cardano/__init__.py b/src/apps/cardano/__init__.py index 022a12f19..dcfa3b5f4 100644 --- a/src/apps/cardano/__init__.py +++ b/src/apps/cardano/__init__.py @@ -1,6 +1,10 @@ from trezor import wire from trezor.messages import MessageType +from apps.common import HARDENED + +SEED_NAMESPACE = [[HARDENED | 44, HARDENED | 1815]] + def boot(): wire.add(MessageType.CardanoGetAddress, __name__, "get_address") diff --git a/src/apps/cardano/seed.py b/src/apps/cardano/seed.py index 00f342fd4..102c19b69 100644 --- a/src/apps/cardano/seed.py +++ b/src/apps/cardano/seed.py @@ -1,7 +1,8 @@ from trezor import wire from trezor.crypto import bip32 -from apps.common import HARDENED, cache, storage +from apps.cardano import SEED_NAMESPACE +from apps.common import cache, storage from apps.common.request_passphrase import protect_by_passphrase @@ -34,11 +35,9 @@ async def get_keychain(ctx: wire.Context) -> Keychain: cache.set_passphrase(passphrase) root = bip32.from_mnemonic_cardano(storage.get_mnemonic(), passphrase) - path = [HARDENED | 44, HARDENED | 1815] - # derive the namespaced root node - for i in path: + for i in SEED_NAMESPACE[0]: root.derive_cardano(i) - keychain = Keychain(path, root) + keychain = Keychain(SEED_NAMESPACE[0], root) return keychain diff --git a/src/apps/common/seed.py b/src/apps/common/seed.py index ea6fa96d2..8927096f5 100644 --- a/src/apps/common/seed.py +++ b/src/apps/common/seed.py @@ -34,7 +34,7 @@ class Keychain: return node -async def get_keychain(ctx: wire.Context, paths: list = None) -> Keychain: +async def get_keychain(ctx: wire.Context, paths: list) -> Keychain: if not storage.is_initialized(): raise wire.ProcessError("Device is not initialized") @@ -48,19 +48,6 @@ async def get_keychain(ctx: wire.Context, paths: list = None) -> Keychain: seed = bip39.seed(storage.get_mnemonic(), passphrase) cache.set_seed(seed) - if paths is None: - # allow the whole keyspace by default - paths = [ - ["curve25519"], - ["ed25519"], - ["ed25519-keccak"], - ["nist256p1"], - ["secp256k1"], - ["secp256k1-decred"], - ["secp256k1-groestl"], - ["secp256k1-smart"], - ] - # derive namespaced root nodes roots = [] for curve, *path in paths: diff --git a/src/apps/ethereum/__init__.py b/src/apps/ethereum/__init__.py index f0b0ff939..04b07a773 100644 --- a/src/apps/ethereum/__init__.py +++ b/src/apps/ethereum/__init__.py @@ -1,9 +1,12 @@ from trezor import wire from trezor.messages import MessageType +from apps.common import HARDENED + def boot(): - wire.add(MessageType.EthereumGetAddress, __name__, "get_address") - wire.add(MessageType.EthereumSignTx, __name__, "sign_tx") - wire.add(MessageType.EthereumSignMessage, __name__, "sign_message") + ns = [["secp256k1", HARDENED | 44, HARDENED | 60]] + wire.add(MessageType.EthereumGetAddress, __name__, "get_address", ns) + wire.add(MessageType.EthereumSignTx, __name__, "sign_tx", ns) + wire.add(MessageType.EthereumSignMessage, __name__, "sign_message", ns) wire.add(MessageType.EthereumVerifyMessage, __name__, "verify_message") diff --git a/src/apps/ethereum/get_address.py b/src/apps/ethereum/get_address.py index 36b903ed5..39c7bacb6 100644 --- a/src/apps/ethereum/get_address.py +++ b/src/apps/ethereum/get_address.py @@ -2,15 +2,13 @@ from trezor.crypto.curve import secp256k1 from trezor.crypto.hashlib import sha3_256 from trezor.messages.EthereumAddress import EthereumAddress -from apps.common import paths, seed +from apps.common import paths from apps.common.layout import address_n_to_str, show_address, show_qr from apps.ethereum import networks from apps.ethereum.address import ethereum_address_hex, validate_full_path -async def get_address(ctx, msg): - keychain = await seed.get_keychain(ctx) - +async def get_address(ctx, msg, keychain): await paths.validate_path(ctx, validate_full_path, path=msg.address_n) node = keychain.derive(msg.address_n) diff --git a/src/apps/ethereum/sign_message.py b/src/apps/ethereum/sign_message.py index 65435f651..ed6fe8dbe 100644 --- a/src/apps/ethereum/sign_message.py +++ b/src/apps/ethereum/sign_message.py @@ -4,11 +4,10 @@ from trezor.messages.EthereumMessageSignature import EthereumMessageSignature from trezor.ui.text import Text from trezor.utils import HashWriter -from .address import validate_full_path - -from apps.common import paths, seed +from apps.common import paths from apps.common.confirm import require_confirm from apps.common.signverify import split_message +from apps.ethereum.address import validate_full_path def message_digest(message): @@ -20,9 +19,7 @@ def message_digest(message): return h.get_digest() -async def sign_message(ctx, msg): - keychain = await seed.get_keychain(ctx) - +async def sign_message(ctx, msg, keychain): await paths.validate_path(ctx, validate_full_path, path=msg.address_n) await require_confirm_sign_message(ctx, msg.message) diff --git a/src/apps/ethereum/sign_tx.py b/src/apps/ethereum/sign_tx.py index 153b6629b..8f94f819c 100644 --- a/src/apps/ethereum/sign_tx.py +++ b/src/apps/ethereum/sign_tx.py @@ -7,10 +7,9 @@ from trezor.messages.EthereumTxRequest import EthereumTxRequest from trezor.messages.MessageType import EthereumTxAck from trezor.utils import HashWriter -from .address import validate_full_path - -from apps.common import paths, seed +from apps.common import paths from apps.ethereum import tokens +from apps.ethereum.address import validate_full_path from apps.ethereum.layout import ( require_confirm_data, require_confirm_fee, @@ -21,7 +20,7 @@ from apps.ethereum.layout import ( MAX_CHAIN_ID = 2147483629 -async def sign_tx(ctx, msg): +async def sign_tx(ctx, msg, keychain): msg = sanitize(msg) check(msg) await paths.validate_path(ctx, validate_full_path, path=msg.address_n) @@ -91,7 +90,9 @@ async def sign_tx(ctx, msg): sha.extend(rlp.encode(0)) digest = sha.get_digest() - return await send_signature(ctx, msg, digest) + result = sign_digest(msg, keychain, digest) + + return result def get_total_length(msg: EthereumSignTx, data_total: int) -> int: @@ -130,9 +131,7 @@ async def send_request_chunk(ctx, data_left: int): return await ctx.call(req, EthereumTxAck) -async def send_signature(ctx, msg: EthereumSignTx, digest): - keychain = await seed.get_keychain(ctx) - +def sign_digest(msg: EthereumSignTx, keychain, digest): node = keychain.derive(msg.address_n) signature = secp256k1.sign( node.private_key(), digest, False, secp256k1.CANONICAL_SIG_ETHEREUM diff --git a/src/apps/lisk/__init__.py b/src/apps/lisk/__init__.py index acef4dd9d..f4a092cec 100644 --- a/src/apps/lisk/__init__.py +++ b/src/apps/lisk/__init__.py @@ -1,10 +1,13 @@ from trezor import wire from trezor.messages import MessageType +from apps.common import HARDENED + def boot(): - wire.add(MessageType.LiskGetPublicKey, __name__, "get_public_key") - wire.add(MessageType.LiskGetAddress, __name__, "get_address") - wire.add(MessageType.LiskSignMessage, __name__, "sign_message") + ns = [["ed25519", HARDENED | 44, HARDENED | 134]] + wire.add(MessageType.LiskGetPublicKey, __name__, "get_public_key", ns) + wire.add(MessageType.LiskGetAddress, __name__, "get_address", ns) + wire.add(MessageType.LiskSignTx, __name__, "sign_tx", ns) + wire.add(MessageType.LiskSignMessage, __name__, "sign_message", ns) wire.add(MessageType.LiskVerifyMessage, __name__, "verify_message") - wire.add(MessageType.LiskSignTx, __name__, "sign_tx") diff --git a/src/apps/lisk/get_address.py b/src/apps/lisk/get_address.py index 58656e809..c77d0045b 100644 --- a/src/apps/lisk/get_address.py +++ b/src/apps/lisk/get_address.py @@ -2,13 +2,11 @@ from trezor.messages.LiskAddress import LiskAddress from .helpers import LISK_CURVE, get_address_from_public_key, validate_full_path -from apps.common import paths, seed +from apps.common import paths from apps.common.layout import address_n_to_str, show_address, show_qr -async def get_address(ctx, msg): - keychain = await seed.get_keychain(ctx) - +async def get_address(ctx, msg, keychain): await paths.validate_path(ctx, validate_full_path, path=msg.address_n) node = keychain.derive(msg.address_n, LISK_CURVE) diff --git a/src/apps/lisk/get_public_key.py b/src/apps/lisk/get_public_key.py index 35d976fb0..93e3907cf 100644 --- a/src/apps/lisk/get_public_key.py +++ b/src/apps/lisk/get_public_key.py @@ -2,12 +2,10 @@ from trezor.messages.LiskPublicKey import LiskPublicKey from .helpers import LISK_CURVE, validate_full_path -from apps.common import layout, paths, seed +from apps.common import layout, paths -async def get_public_key(ctx, msg): - keychain = await seed.get_keychain(ctx) - +async def get_public_key(ctx, msg, keychain): await paths.validate_path(ctx, validate_full_path, path=msg.address_n) node = keychain.derive(msg.address_n, LISK_CURVE) diff --git a/src/apps/lisk/sign_message.py b/src/apps/lisk/sign_message.py index 10a849ea5..9b1c99834 100644 --- a/src/apps/lisk/sign_message.py +++ b/src/apps/lisk/sign_message.py @@ -6,7 +6,7 @@ from trezor.utils import HashWriter from .helpers import LISK_CURVE, validate_full_path -from apps.common import paths, seed +from apps.common import paths from apps.common.confirm import require_confirm from apps.common.signverify import split_message from apps.wallet.sign_tx.writers import write_varint @@ -22,9 +22,7 @@ def message_digest(message): return sha256(h.get_digest()).digest() -async def sign_message(ctx, msg): - keychain = await seed.get_keychain(ctx) - +async def sign_message(ctx, msg, keychain): await paths.validate_path(ctx, validate_full_path, path=msg.address_n) await require_confirm_sign_message(ctx, msg.message) diff --git a/src/apps/lisk/sign_tx.py b/src/apps/lisk/sign_tx.py index 30d777338..0ae7c0e73 100644 --- a/src/apps/lisk/sign_tx.py +++ b/src/apps/lisk/sign_tx.py @@ -7,15 +7,16 @@ from trezor.messages import LiskTransactionType from trezor.messages.LiskSignedTx import LiskSignedTx from trezor.utils import HashWriter -from . import layout -from .helpers import LISK_CURVE, get_address_from_public_key, validate_full_path +from apps.common import paths +from apps.lisk import layout +from apps.lisk.helpers import ( + LISK_CURVE, + get_address_from_public_key, + validate_full_path, +) -from apps.common import paths, seed - - -async def sign_tx(ctx, msg): - keychain = await seed.get_keychain(ctx) +async def sign_tx(ctx, msg, keychain): await paths.validate_path(ctx, validate_full_path, path=msg.address_n) pubkey, seckey = _get_keys(keychain, msg) diff --git a/src/apps/monero/__init__.py b/src/apps/monero/__init__.py index c2a8364cd..d45314065 100644 --- a/src/apps/monero/__init__.py +++ b/src/apps/monero/__init__.py @@ -1,12 +1,20 @@ from trezor import wire from trezor.messages import MessageType +from apps.common import HARDENED + def boot(): - wire.add(MessageType.MoneroGetAddress, __name__, "get_address") - wire.add(MessageType.MoneroGetWatchKey, __name__, "get_watch_only") - wire.add(MessageType.MoneroTransactionInitRequest, __name__, "sign_tx") - wire.add(MessageType.MoneroKeyImageExportInitRequest, __name__, "key_image_sync") + ns = [ + ["secp256k1", HARDENED | 44, HARDENED | 128], + ["ed25519", HARDENED | 44, HARDENED | 128], + ] + wire.add(MessageType.MoneroGetAddress, __name__, "get_address", ns) + wire.add(MessageType.MoneroGetWatchKey, __name__, "get_watch_only", ns) + wire.add(MessageType.MoneroTransactionInitRequest, __name__, "sign_tx", ns) + wire.add( + MessageType.MoneroKeyImageExportInitRequest, __name__, "key_image_sync", ns + ) if __debug__ and hasattr(MessageType, "DebugMoneroDiagRequest"): wire.add(MessageType.DebugMoneroDiagRequest, __name__, "diag") diff --git a/src/apps/monero/get_address.py b/src/apps/monero/get_address.py index 873420d3c..aced5b7dc 100644 --- a/src/apps/monero/get_address.py +++ b/src/apps/monero/get_address.py @@ -5,10 +5,10 @@ from apps.common.layout import address_n_to_str, show_address, show_qr from apps.monero import misc -async def get_address(ctx, msg): +async def get_address(ctx, msg, keychain): await paths.validate_path(ctx, misc.validate_full_path, path=msg.address_n) - creds = await misc.get_creds(ctx, msg.address_n, msg.network_type) + creds = misc.get_creds(keychain, msg.address_n, msg.network_type) if msg.show_display: desc = address_n_to_str(msg.address_n) diff --git a/src/apps/monero/get_watch_only.py b/src/apps/monero/get_watch_only.py index 311a6fc8b..8a636a0a8 100644 --- a/src/apps/monero/get_watch_only.py +++ b/src/apps/monero/get_watch_only.py @@ -7,12 +7,12 @@ from apps.monero.layout import confirms from apps.monero.xmr import crypto -async def get_watch_only(ctx, msg: MoneroGetWatchKey): +async def get_watch_only(ctx, msg: MoneroGetWatchKey, keychain): await paths.validate_path(ctx, misc.validate_full_path, path=msg.address_n) await confirms.require_confirm_watchkey(ctx) - creds = await misc.get_creds(ctx, msg.address_n, msg.network_type) + creds = misc.get_creds(keychain, msg.address_n, msg.network_type) address = creds.address watch_key = crypto.encodeint(creds.view_key_private) diff --git a/src/apps/monero/key_image_sync.py b/src/apps/monero/key_image_sync.py index de265b8ea..e02564231 100644 --- a/src/apps/monero/key_image_sync.py +++ b/src/apps/monero/key_image_sync.py @@ -14,10 +14,10 @@ from apps.monero.xmr import crypto, key_image, monero from apps.monero.xmr.crypto import chacha_poly -async def key_image_sync(ctx, msg): +async def key_image_sync(ctx, msg, keychain): state = KeyImageSync() - res = await _init_step(state, ctx, msg) + res = await _init_step(state, ctx, msg, keychain) while True: msg = await ctx.call( res, @@ -46,10 +46,10 @@ class KeyImageSync: self.hasher = crypto.get_keccak() -async def _init_step(s, ctx, msg): +async def _init_step(s, ctx, msg, keychain): await paths.validate_path(ctx, misc.validate_full_path, path=msg.address_n) - s.creds = await misc.get_creds(ctx, msg.address_n, msg.network_type) + s.creds = misc.get_creds(keychain, msg.address_n, msg.network_type) await confirms.require_confirm_keyimage_sync(ctx) diff --git a/src/apps/monero/misc.py b/src/apps/monero/misc.py index 2634bbca7..2e5cd0474 100644 --- a/src/apps/monero/misc.py +++ b/src/apps/monero/misc.py @@ -1,8 +1,7 @@ from apps.common import HARDENED -async def get_creds(ctx, address_n=None, network_type=None): - from apps.common import seed +def get_creds(keychain, address_n=None, network_type=None): from apps.monero.xmr import crypto, monero from apps.monero.xmr.credentials import AccountCreds @@ -12,8 +11,6 @@ async def get_creds(ctx, address_n=None, network_type=None): curve = "ed25519" else: curve = "secp256k1" - - keychain = await seed.get_keychain(ctx) node = keychain.derive(address_n, curve) if use_slip0010: diff --git a/src/apps/monero/sign_tx.py b/src/apps/monero/sign_tx.py index c85118681..0382d28ac 100644 --- a/src/apps/monero/sign_tx.py +++ b/src/apps/monero/sign_tx.py @@ -6,7 +6,7 @@ from trezor.messages import MessageType from apps.monero.signing.state import State -async def sign_tx(ctx, received_msg): +async def sign_tx(ctx, received_msg, keychain): state = State(ctx) mods = utils.unimport_begin() @@ -18,7 +18,7 @@ async def sign_tx(ctx, received_msg): gc.collect() gc.threshold(gc.mem_free() // 4 + gc.mem_alloc()) - result_msg, accept_msgs = await sign_tx_dispatch(state, received_msg) + result_msg, accept_msgs = await sign_tx_dispatch(state, received_msg, keychain) if accept_msgs is None: break @@ -32,13 +32,13 @@ async def sign_tx(ctx, received_msg): return result_msg -async def sign_tx_dispatch(state, msg): +async def sign_tx_dispatch(state, msg, keychain): if msg.MESSAGE_WIRE_TYPE == MessageType.MoneroTransactionInitRequest: from apps.monero.signing import step_01_init_transaction return ( await step_01_init_transaction.init_transaction( - state, msg.address_n, msg.network_type, msg.tsx_data + state, msg.address_n, msg.network_type, msg.tsx_data, keychain ), (MessageType.MoneroTransactionSetInputRequest,), ) diff --git a/src/apps/monero/signing/step_01_init_transaction.py b/src/apps/monero/signing/step_01_init_transaction.py index df7496c1e..a5c25ea86 100644 --- a/src/apps/monero/signing/step_01_init_transaction.py +++ b/src/apps/monero/signing/step_01_init_transaction.py @@ -16,14 +16,18 @@ if False: async def init_transaction( - state: State, address_n: list, network_type: int, tsx_data: MoneroTransactionData + state: State, + address_n: list, + network_type: int, + tsx_data: MoneroTransactionData, + keychain, ): from apps.monero.signing import offloading_keys from apps.common import paths await paths.validate_path(state.ctx, misc.validate_full_path, path=address_n) - state.creds = await misc.get_creds(state.ctx, address_n, network_type) + state.creds = misc.get_creds(keychain, address_n, network_type) state.fee = state.fee if state.fee > 0 else 0 state.tx_priv = crypto.random_scalar() state.tx_pub = crypto.scalarmult_base(state.tx_priv) diff --git a/src/apps/nem/__init__.py b/src/apps/nem/__init__.py index f75b6ff3d..8433f2448 100644 --- a/src/apps/nem/__init__.py +++ b/src/apps/nem/__init__.py @@ -1,7 +1,13 @@ from trezor import wire from trezor.messages import MessageType +from apps.common import HARDENED + def boot(): - wire.add(MessageType.NEMGetAddress, __name__, "get_address") - wire.add(MessageType.NEMSignTx, __name__, "sign_tx") + ns = [ + ["ed25519-keccak", HARDENED | 44, HARDENED | 43], + ["ed25519-keccak", HARDENED | 44, HARDENED | 1], + ] + wire.add(MessageType.NEMGetAddress, __name__, "get_address", ns) + wire.add(MessageType.NEMSignTx, __name__, "sign_tx", ns) diff --git a/src/apps/nem/get_address.py b/src/apps/nem/get_address.py index ccccc8e45..676e43657 100644 --- a/src/apps/nem/get_address.py +++ b/src/apps/nem/get_address.py @@ -3,14 +3,11 @@ from trezor.messages.NEMAddress import NEMAddress from .helpers import NEM_CURVE, check_path, get_network_str from .validators import validate_network -from apps.common import seed from apps.common.layout import address_n_to_str, show_address, show_qr from apps.common.paths import validate_path -async def get_address(ctx, msg): - keychain = await seed.get_keychain(ctx) - +async def get_address(ctx, msg, keychain): network = validate_network(msg.network) await validate_path(ctx, check_path, path=msg.address_n, network=network) diff --git a/src/apps/nem/sign_tx.py b/src/apps/nem/sign_tx.py index 129a66e3b..1a76f163b 100644 --- a/src/apps/nem/sign_tx.py +++ b/src/apps/nem/sign_tx.py @@ -2,17 +2,14 @@ from trezor.crypto.curve import ed25519 from trezor.messages.NEMSignedTx import NEMSignedTx from trezor.messages.NEMSignTx import NEMSignTx -from . import mosaic, multisig, namespace, transfer -from .helpers import NEM_CURVE, NEM_HASH_ALG, check_path -from .validators import validate - from apps.common import seed from apps.common.paths import validate_path +from apps.nem import mosaic, multisig, namespace, transfer +from apps.nem.helpers import NEM_CURVE, NEM_HASH_ALG, check_path +from apps.nem.validators import validate -async def sign_tx(ctx, msg: NEMSignTx): - keychain = await seed.get_keychain(ctx) - +async def sign_tx(ctx, msg: NEMSignTx, keychain): validate(msg) await validate_path( diff --git a/src/apps/ripple/__init__.py b/src/apps/ripple/__init__.py index f4a863edb..2e24cf581 100644 --- a/src/apps/ripple/__init__.py +++ b/src/apps/ripple/__init__.py @@ -1,7 +1,10 @@ from trezor import wire from trezor.messages import MessageType +from apps.common import HARDENED + def boot(): - wire.add(MessageType.RippleGetAddress, __name__, "get_address") - wire.add(MessageType.RippleSignTx, __name__, "sign_tx") + ns = [["secp256k1", HARDENED | 44, HARDENED | 144]] + wire.add(MessageType.RippleGetAddress, __name__, "get_address", ns) + wire.add(MessageType.RippleSignTx, __name__, "sign_tx", ns) diff --git a/src/apps/ripple/get_address.py b/src/apps/ripple/get_address.py index 4a944a953..a5b26ba76 100644 --- a/src/apps/ripple/get_address.py +++ b/src/apps/ripple/get_address.py @@ -1,15 +1,12 @@ from trezor.messages.RippleAddress import RippleAddress from trezor.messages.RippleGetAddress import RippleGetAddress -from . import helpers - -from apps.common import paths, seed +from apps.common import paths from apps.common.layout import address_n_to_str, show_address, show_qr +from apps.ripple import helpers -async def get_address(ctx, msg: RippleGetAddress): - keychain = await seed.get_keychain(ctx) - +async def get_address(ctx, msg: RippleGetAddress, keychain): await paths.validate_path(ctx, helpers.validate_full_path, path=msg.address_n) node = keychain.derive(msg.address_n) diff --git a/src/apps/ripple/sign_tx.py b/src/apps/ripple/sign_tx.py index 5299edd8b..b3d0be7c6 100644 --- a/src/apps/ripple/sign_tx.py +++ b/src/apps/ripple/sign_tx.py @@ -5,15 +5,12 @@ from trezor.messages.RippleSignedTx import RippleSignedTx from trezor.messages.RippleSignTx import RippleSignTx from trezor.wire import ProcessError -from . import helpers, layout -from .serialize import serialize +from apps.common import paths +from apps.ripple import helpers, layout +from apps.ripple.serialize import serialize -from apps.common import paths, seed - - -async def sign_tx(ctx, msg: RippleSignTx): - keychain = await seed.get_keychain(ctx) +async def sign_tx(ctx, msg: RippleSignTx, keychain): validate(msg) await paths.validate_path(ctx, helpers.validate_full_path, path=msg.address_n) diff --git a/src/apps/stellar/__init__.py b/src/apps/stellar/__init__.py index 92fba60b0..ae5e40c88 100644 --- a/src/apps/stellar/__init__.py +++ b/src/apps/stellar/__init__.py @@ -1,7 +1,10 @@ from trezor import wire from trezor.messages import MessageType +from apps.common import HARDENED + def boot(): - wire.add(MessageType.StellarGetAddress, __name__, "get_address") - wire.add(MessageType.StellarSignTx, __name__, "sign_tx") + ns = [["ed25519", HARDENED | 44, HARDENED | 148]] + wire.add(MessageType.StellarGetAddress, __name__, "get_address", ns) + wire.add(MessageType.StellarSignTx, __name__, "sign_tx", ns) diff --git a/src/apps/stellar/get_address.py b/src/apps/stellar/get_address.py index a7f11ae69..8b87d34f8 100644 --- a/src/apps/stellar/get_address.py +++ b/src/apps/stellar/get_address.py @@ -6,9 +6,7 @@ from apps.common.layout import address_n_to_str, show_address, show_qr from apps.stellar import helpers -async def get_address(ctx, msg: StellarGetAddress): - keychain = await seed.get_keychain(ctx) - +async def get_address(ctx, msg: StellarGetAddress, keychain): await paths.validate_path(ctx, helpers.validate_full_path, path=msg.address_n) node = keychain.derive(msg.address_n, helpers.STELLAR_CURVE) diff --git a/src/apps/stellar/sign_tx.py b/src/apps/stellar/sign_tx.py index 56425db8c..55152348b 100644 --- a/src/apps/stellar/sign_tx.py +++ b/src/apps/stellar/sign_tx.py @@ -12,9 +12,7 @@ from apps.stellar import consts, helpers, layout, writers from apps.stellar.operations import process_operation -async def sign_tx(ctx, msg: StellarSignTx): - keychain = await seed.get_keychain(ctx) - +async def sign_tx(ctx, msg: StellarSignTx, keychain): await paths.validate_path(ctx, helpers.validate_full_path, path=msg.address_n) node = keychain.derive(msg.address_n, consts.STELLAR_CURVE) diff --git a/src/apps/tezos/__init__.py b/src/apps/tezos/__init__.py index ba29093bd..1c5aa3699 100644 --- a/src/apps/tezos/__init__.py +++ b/src/apps/tezos/__init__.py @@ -1,8 +1,11 @@ from trezor import wire from trezor.messages import MessageType +from apps.common import HARDENED + def boot(): - wire.add(MessageType.TezosGetAddress, __name__, "get_address") - wire.add(MessageType.TezosSignTx, __name__, "sign_tx") - wire.add(MessageType.TezosGetPublicKey, __name__, "get_public_key") + ns = [["ed25519", HARDENED | 44, HARDENED | 1729]] + wire.add(MessageType.TezosGetAddress, __name__, "get_address", ns) + wire.add(MessageType.TezosSignTx, __name__, "sign_tx", ns) + wire.add(MessageType.TezosGetPublicKey, __name__, "get_public_key", ns) diff --git a/src/apps/tezos/get_address.py b/src/apps/tezos/get_address.py index f19018ab7..4ff563512 100644 --- a/src/apps/tezos/get_address.py +++ b/src/apps/tezos/get_address.py @@ -6,9 +6,7 @@ from apps.common.layout import address_n_to_str, show_address, show_qr from apps.tezos import helpers -async def get_address(ctx, msg): - keychain = await seed.get_keychain(ctx) - +async def get_address(ctx, msg, keychain): await paths.validate_path(ctx, helpers.validate_full_path, path=msg.address_n) node = keychain.derive(msg.address_n, helpers.TEZOS_CURVE) diff --git a/src/apps/tezos/get_public_key.py b/src/apps/tezos/get_public_key.py index 2069f4dc5..c3f75ad97 100644 --- a/src/apps/tezos/get_public_key.py +++ b/src/apps/tezos/get_public_key.py @@ -9,9 +9,7 @@ from apps.common.confirm import require_confirm from apps.tezos import helpers -async def get_public_key(ctx, msg): - keychain = await seed.get_keychain(ctx) - +async def get_public_key(ctx, msg, keychain): await paths.validate_path(ctx, helpers.validate_full_path, path=msg.address_n) node = keychain.derive(msg.address_n, helpers.TEZOS_CURVE) diff --git a/src/apps/tezos/sign_tx.py b/src/apps/tezos/sign_tx.py index fdc432822..5cf0e11d3 100644 --- a/src/apps/tezos/sign_tx.py +++ b/src/apps/tezos/sign_tx.py @@ -4,14 +4,12 @@ from trezor.crypto.curve import ed25519 from trezor.messages import TezosContractType from trezor.messages.TezosSignedTx import TezosSignedTx -from apps.common import paths, seed +from apps.common import paths from apps.common.writers import write_bytes, write_uint8 from apps.tezos import helpers, layout -async def sign_tx(ctx, msg): - keychain = await seed.get_keychain(ctx) - +async def sign_tx(ctx, msg, keychain): await paths.validate_path(ctx, helpers.validate_full_path, path=msg.address_n) node = keychain.derive(msg.address_n, helpers.TEZOS_CURVE) diff --git a/src/apps/wallet/__init__.py b/src/apps/wallet/__init__.py index 7fbf9b397..fc70179cc 100644 --- a/src/apps/wallet/__init__.py +++ b/src/apps/wallet/__init__.py @@ -3,12 +3,22 @@ from trezor.messages import MessageType def boot(): - wire.add(MessageType.GetPublicKey, __name__, "get_public_key") - wire.add(MessageType.GetAddress, __name__, "get_address") + ns = [ + ["curve25519"], + ["ed25519"], + ["ed25519-keccak"], + ["nist256p1"], + ["secp256k1"], + ["secp256k1-decred"], + ["secp256k1-groestl"], + ["secp256k1-smart"], + ] + wire.add(MessageType.GetPublicKey, __name__, "get_public_key", ns) + wire.add(MessageType.GetAddress, __name__, "get_address", ns) wire.add(MessageType.GetEntropy, __name__, "get_entropy") - wire.add(MessageType.SignTx, __name__, "sign_tx") - wire.add(MessageType.SignMessage, __name__, "sign_message") + wire.add(MessageType.SignTx, __name__, "sign_tx", ns) + wire.add(MessageType.SignMessage, __name__, "sign_message", ns) wire.add(MessageType.VerifyMessage, __name__, "verify_message") - wire.add(MessageType.SignIdentity, __name__, "sign_identity") - wire.add(MessageType.GetECDHSessionKey, __name__, "get_ecdh_session_key") - wire.add(MessageType.CipherKeyValue, __name__, "cipher_key_value") + wire.add(MessageType.SignIdentity, __name__, "sign_identity", ns) + wire.add(MessageType.GetECDHSessionKey, __name__, "get_ecdh_session_key", ns) + wire.add(MessageType.CipherKeyValue, __name__, "cipher_key_value", ns) diff --git a/src/apps/wallet/cipher_key_value.py b/src/apps/wallet/cipher_key_value.py index 4bc1bf0df..b6c14663b 100644 --- a/src/apps/wallet/cipher_key_value.py +++ b/src/apps/wallet/cipher_key_value.py @@ -4,13 +4,10 @@ from trezor.crypto.hashlib import sha512 from trezor.messages.CipheredKeyValue import CipheredKeyValue from trezor.ui.text import Text -from apps.common import seed from apps.common.confirm import require_confirm -async def cipher_key_value(ctx, msg): - keychain = await seed.get_keychain(ctx) - +async def cipher_key_value(ctx, msg, keychain): if len(msg.value) % 16 > 0: raise wire.DataError("Value length must be a multiple of 16") diff --git a/src/apps/wallet/get_address.py b/src/apps/wallet/get_address.py index bbf406152..80096d37c 100644 --- a/src/apps/wallet/get_address.py +++ b/src/apps/wallet/get_address.py @@ -1,15 +1,13 @@ from trezor.messages import InputScriptType from trezor.messages.Address import Address -from apps.common import coins, seed +from apps.common import coins from apps.common.layout import address_n_to_str, show_address, show_qr from apps.common.paths import validate_path from apps.wallet.sign_tx import addresses -async def get_address(ctx, msg): - keychain = await seed.get_keychain(ctx) - +async def get_address(ctx, msg, keychain): coin_name = msg.coin_name or "Bitcoin" coin = coins.by_name(coin_name) diff --git a/src/apps/wallet/get_ecdh_session_key.py b/src/apps/wallet/get_ecdh_session_key.py index 518d4eace..22b5b6071 100644 --- a/src/apps/wallet/get_ecdh_session_key.py +++ b/src/apps/wallet/get_ecdh_session_key.py @@ -5,7 +5,7 @@ from trezor.messages.ECDHSessionKey import ECDHSessionKey from trezor.ui.text import Text from trezor.utils import chunks -from apps.common import HARDENED, seed +from apps.common import HARDENED from apps.common.confirm import require_confirm from apps.wallet.sign_identity import ( serialize_identity, @@ -13,9 +13,7 @@ from apps.wallet.sign_identity import ( ) -async def get_ecdh_session_key(ctx, msg): - keychain = await seed.get_keychain(ctx) - +async def get_ecdh_session_key(ctx, msg, keychain): if msg.ecdsa_curve_name is None: msg.ecdsa_curve_name = "secp256k1" diff --git a/src/apps/wallet/get_entropy.py b/src/apps/wallet/get_entropy.py index f95323586..e35878b07 100644 --- a/src/apps/wallet/get_entropy.py +++ b/src/apps/wallet/get_entropy.py @@ -7,7 +7,6 @@ from apps.common.confirm import require_confirm async def get_entropy(ctx, msg): - text = Text("Confirm entropy") text.bold("Do you really want", "to send entropy?") text.normal("Continue only if you", "know what you are doing!") diff --git a/src/apps/wallet/get_public_key.py b/src/apps/wallet/get_public_key.py index 8e94d3a3b..e779ff02d 100644 --- a/src/apps/wallet/get_public_key.py +++ b/src/apps/wallet/get_public_key.py @@ -3,12 +3,10 @@ from trezor.messages import InputScriptType from trezor.messages.HDNodeType import HDNodeType from trezor.messages.PublicKey import PublicKey -from apps.common import coins, layout, seed +from apps.common import coins, layout -async def get_public_key(ctx, msg): - keychain = await seed.get_keychain(ctx) - +async def get_public_key(ctx, msg, keychain): coin_name = msg.coin_name or "Bitcoin" coin = coins.by_name(coin_name) curve_name = msg.ecdsa_curve_name or coin.curve_name diff --git a/src/apps/wallet/sign_identity.py b/src/apps/wallet/sign_identity.py index 0c3d4edae..6c71390d6 100644 --- a/src/apps/wallet/sign_identity.py +++ b/src/apps/wallet/sign_identity.py @@ -6,13 +6,11 @@ from trezor.messages.SignedIdentity import SignedIdentity from trezor.ui.text import Text from trezor.utils import chunks -from apps.common import HARDENED, coins, seed +from apps.common import HARDENED, coins from apps.common.confirm import require_confirm -async def sign_identity(ctx, msg): - keychain = await seed.get_keychain(ctx) - +async def sign_identity(ctx, msg, keychain): if msg.ecdsa_curve_name is None: msg.ecdsa_curve_name = "secp256k1" diff --git a/src/apps/wallet/sign_message.py b/src/apps/wallet/sign_message.py index 20a44a900..ab9e58f87 100644 --- a/src/apps/wallet/sign_message.py +++ b/src/apps/wallet/sign_message.py @@ -4,16 +4,14 @@ from trezor.messages.InputScriptType import SPENDADDRESS, SPENDP2SHWITNESS, SPEN from trezor.messages.MessageSignature import MessageSignature from trezor.ui.text import Text -from apps.common import coins, seed +from apps.common import coins from apps.common.confirm import require_confirm from apps.common.paths import validate_path from apps.common.signverify import message_digest, split_message from apps.wallet.sign_tx.addresses import get_address, validate_full_path -async def sign_message(ctx, msg): - keychain = await seed.get_keychain(ctx) - +async def sign_message(ctx, msg, keychain): message = msg.message address_n = msg.address_n coin_name = msg.coin_name or "Bitcoin" diff --git a/src/apps/wallet/sign_tx/__init__.py b/src/apps/wallet/sign_tx/__init__.py index de198a25c..6bcc1aeeb 100644 --- a/src/apps/wallet/sign_tx/__init__.py +++ b/src/apps/wallet/sign_tx/__init__.py @@ -3,7 +3,7 @@ from trezor.messages.MessageType import TxAck from trezor.messages.RequestType import TXFINISHED from trezor.messages.TxRequest import TxRequest -from apps.common import paths, seed +from apps.common import paths from apps.wallet.sign_tx import ( addresses, helpers, @@ -17,8 +17,7 @@ from apps.wallet.sign_tx import ( @ui.layout -async def sign_tx(ctx, msg): - keychain = await seed.get_keychain(ctx) +async def sign_tx(ctx, msg, keychain): signer = signing.sign_tx(msg, keychain) res = None diff --git a/src/trezor/wire/__init__.py b/src/trezor/wire/__init__.py index f48046a9e..b1ffed40f 100644 --- a/src/trezor/wire/__init__.py +++ b/src/trezor/wire/__init__.py @@ -3,12 +3,25 @@ from trezor import log, loop, messages, utils, workflow from trezor.wire import codec_v1 from trezor.wire.errors import * +from apps.common import seed + workflow_handlers = {} -def add(mtype, pkgname, modname, *args): +def add(mtype, pkgname, modname, namespace=None): """Shortcut for registering a dynamically-imported Protobuf workflow.""" - register(mtype, protobuf_workflow, import_workflow, pkgname, modname, *args) + if namespace is not None: + register( + mtype, + protobuf_workflow, + keychain_workflow, + namespace, + import_workflow, + pkgname, + modname, + ) + else: + register(mtype, protobuf_workflow, import_workflow, pkgname, modname) def register(mtype, handler, *args): @@ -133,10 +146,12 @@ async def session_handler(iface, sid): continue except Error as exc: # we log wire.Error as warning, not as exception - log.warning(__name__, "failure: %s", exc.message) + if __debug__: + log.warning(__name__, "failure: %s", exc.message) except Exception as exc: # sessions are never closed by raised exceptions - log.exception(__name__, exc) + if __debug__: + log.exception(__name__, exc) # read new message in next iteration reader = None @@ -155,7 +170,7 @@ async def protobuf_workflow(ctx, reader, handler, *args): # respond with specific code and message await ctx.write(Failure(code=exc.code, message=exc.message)) raise - except Exception: # as exc: + except Exception: # respond with a generic code and message await ctx.write( Failure(code=FailureType.FirmwareError, message="Firmware error") @@ -166,6 +181,12 @@ async def protobuf_workflow(ctx, reader, handler, *args): await ctx.write(res) +async def keychain_workflow(ctx, req, namespace, handler, *args): + keychain = await seed.get_keychain(ctx, namespace) + args += (keychain,) + return await handler(ctx, req, *args) + + def import_workflow(ctx, req, pkgname, modname, *args): modpath = "%s.%s" % (pkgname, modname) module = __import__(modpath, None, None, (modname,), 0)