seed: pass keychain to workflows, add namespaces

src/apps/cardano/__init__.py

@@ -1,6 +1,10 @@
 from trezor import wire
 from trezor.messages import MessageType
 
+from apps.common import HARDENED
+
+SEED_NAMESPACE = [[HARDENED | 44, HARDENED | 1815]]
+
 
 def boot():
     wire.add(MessageType.CardanoGetAddress, __name__, "get_address")

src/apps/cardano/seed.py

@@ -1,7 +1,8 @@
 from trezor import wire
 from trezor.crypto import bip32
 
-from apps.common import HARDENED, cache, storage
+from apps.cardano import SEED_NAMESPACE
+from apps.common import cache, storage
 from apps.common.request_passphrase import protect_by_passphrase
 
 
@@ -34,11 +35,9 @@ async def get_keychain(ctx: wire.Context) -> Keychain:
         cache.set_passphrase(passphrase)
     root = bip32.from_mnemonic_cardano(storage.get_mnemonic(), passphrase)
 
-    path = [HARDENED | 44, HARDENED | 1815]
-
     # derive the namespaced root node
-    for i in path:
+    for i in SEED_NAMESPACE[0]:
         root.derive_cardano(i)
 
-    keychain = Keychain(path, root)
+    keychain = Keychain(SEED_NAMESPACE[0], root)
     return keychain

src/apps/common/seed.py

@@ -34,7 +34,7 @@ class Keychain:
         return node
 
 
-async def get_keychain(ctx: wire.Context, paths: list = None) -> Keychain:
+async def get_keychain(ctx: wire.Context, paths: list) -> Keychain:
     if not storage.is_initialized():
         raise wire.ProcessError("Device is not initialized")
 
@@ -48,19 +48,6 @@ async def get_keychain(ctx: wire.Context, paths: list = None) -> Keychain:
         seed = bip39.seed(storage.get_mnemonic(), passphrase)
         cache.set_seed(seed)
 
-    if paths is None:
-        # allow the whole keyspace by default
-        paths = [
-            ["curve25519"],
-            ["ed25519"],
-            ["ed25519-keccak"],
-            ["nist256p1"],
-            ["secp256k1"],
-            ["secp256k1-decred"],
-            ["secp256k1-groestl"],
-            ["secp256k1-smart"],
-        ]
-
     # derive namespaced root nodes
     roots = []
     for curve, *path in paths:

src/apps/ethereum/__init__.py

@@ -1,9 +1,12 @@
 from trezor import wire
 from trezor.messages import MessageType
 
+from apps.common import HARDENED
+
 
 def boot():
-    wire.add(MessageType.EthereumGetAddress, __name__, "get_address")
+    ns = [["secp256k1", HARDENED | 44, HARDENED | 60]]
-    wire.add(MessageType.EthereumSignTx, __name__, "sign_tx")
+    wire.add(MessageType.EthereumGetAddress, __name__, "get_address", ns)
-    wire.add(MessageType.EthereumSignMessage, __name__, "sign_message")
+    wire.add(MessageType.EthereumSignTx, __name__, "sign_tx", ns)
+    wire.add(MessageType.EthereumSignMessage, __name__, "sign_message", ns)
     wire.add(MessageType.EthereumVerifyMessage, __name__, "verify_message")

src/apps/ethereum/get_address.py

@@ -2,15 +2,13 @@ from trezor.crypto.curve import secp256k1
 from trezor.crypto.hashlib import sha3_256
 from trezor.messages.EthereumAddress import EthereumAddress
 
-from apps.common import paths, seed
+from apps.common import paths
 from apps.common.layout import address_n_to_str, show_address, show_qr
 from apps.ethereum import networks
 from apps.ethereum.address import ethereum_address_hex, validate_full_path
 
 
-async def get_address(ctx, msg):
+async def get_address(ctx, msg, keychain):
-    keychain = await seed.get_keychain(ctx)
-
     await paths.validate_path(ctx, validate_full_path, path=msg.address_n)
 
     node = keychain.derive(msg.address_n)

src/apps/ethereum/sign_message.py

@@ -4,11 +4,10 @@ from trezor.messages.EthereumMessageSignature import EthereumMessageSignature
 from trezor.ui.text import Text
 from trezor.utils import HashWriter
 
-from .address import validate_full_path
+from apps.common import paths
-
-from apps.common import paths, seed
 from apps.common.confirm import require_confirm
 from apps.common.signverify import split_message
+from apps.ethereum.address import validate_full_path
 
 
 def message_digest(message):
@@ -20,9 +19,7 @@ def message_digest(message):
     return h.get_digest()
 
 
-async def sign_message(ctx, msg):
+async def sign_message(ctx, msg, keychain):
-    keychain = await seed.get_keychain(ctx)
-
     await paths.validate_path(ctx, validate_full_path, path=msg.address_n)
     await require_confirm_sign_message(ctx, msg.message)
 

src/apps/ethereum/sign_tx.py

@@ -7,10 +7,9 @@ from trezor.messages.EthereumTxRequest import EthereumTxRequest
 from trezor.messages.MessageType import EthereumTxAck
 from trezor.utils import HashWriter
 
-from .address import validate_full_path
+from apps.common import paths
-
-from apps.common import paths, seed
 from apps.ethereum import tokens
+from apps.ethereum.address import validate_full_path
 from apps.ethereum.layout import (
     require_confirm_data,
     require_confirm_fee,
@@ -21,7 +20,7 @@ from apps.ethereum.layout import (
 MAX_CHAIN_ID = 2147483629
 
 
-async def sign_tx(ctx, msg):
+async def sign_tx(ctx, msg, keychain):
     msg = sanitize(msg)
     check(msg)
     await paths.validate_path(ctx, validate_full_path, path=msg.address_n)
@@ -91,7 +90,9 @@ async def sign_tx(ctx, msg):
         sha.extend(rlp.encode(0))
 
     digest = sha.get_digest()
-    return await send_signature(ctx, msg, digest)
+    result = sign_digest(msg, keychain, digest)
+
+    return result
 
 
 def get_total_length(msg: EthereumSignTx, data_total: int) -> int:
@@ -130,9 +131,7 @@ async def send_request_chunk(ctx, data_left: int):
     return await ctx.call(req, EthereumTxAck)
 
 
-async def send_signature(ctx, msg: EthereumSignTx, digest):
+def sign_digest(msg: EthereumSignTx, keychain, digest):
-    keychain = await seed.get_keychain(ctx)
-
     node = keychain.derive(msg.address_n)
     signature = secp256k1.sign(
         node.private_key(), digest, False, secp256k1.CANONICAL_SIG_ETHEREUM

src/apps/lisk/__init__.py

@@ -1,10 +1,13 @@
 from trezor import wire
 from trezor.messages import MessageType
 
+from apps.common import HARDENED
+
 
 def boot():
-    wire.add(MessageType.LiskGetPublicKey, __name__, "get_public_key")
+    ns = [["ed25519", HARDENED | 44, HARDENED | 134]]
-    wire.add(MessageType.LiskGetAddress, __name__, "get_address")
+    wire.add(MessageType.LiskGetPublicKey, __name__, "get_public_key", ns)
-    wire.add(MessageType.LiskSignMessage, __name__, "sign_message")
+    wire.add(MessageType.LiskGetAddress, __name__, "get_address", ns)
+    wire.add(MessageType.LiskSignTx, __name__, "sign_tx", ns)
+    wire.add(MessageType.LiskSignMessage, __name__, "sign_message", ns)
     wire.add(MessageType.LiskVerifyMessage, __name__, "verify_message")
-    wire.add(MessageType.LiskSignTx, __name__, "sign_tx")

src/apps/lisk/get_address.py

@@ -2,13 +2,11 @@ from trezor.messages.LiskAddress import LiskAddress
 
 from .helpers import LISK_CURVE, get_address_from_public_key, validate_full_path
 
-from apps.common import paths, seed
+from apps.common import paths
 from apps.common.layout import address_n_to_str, show_address, show_qr
 
 
-async def get_address(ctx, msg):
+async def get_address(ctx, msg, keychain):
-    keychain = await seed.get_keychain(ctx)
-
     await paths.validate_path(ctx, validate_full_path, path=msg.address_n)
 
     node = keychain.derive(msg.address_n, LISK_CURVE)

src/apps/lisk/get_public_key.py

@@ -2,12 +2,10 @@ from trezor.messages.LiskPublicKey import LiskPublicKey
 
 from .helpers import LISK_CURVE, validate_full_path
 
-from apps.common import layout, paths, seed
+from apps.common import layout, paths
 
 
-async def get_public_key(ctx, msg):
+async def get_public_key(ctx, msg, keychain):
-    keychain = await seed.get_keychain(ctx)
-
     await paths.validate_path(ctx, validate_full_path, path=msg.address_n)
 
     node = keychain.derive(msg.address_n, LISK_CURVE)

src/apps/lisk/sign_message.py

@@ -6,7 +6,7 @@ from trezor.utils import HashWriter
 
 from .helpers import LISK_CURVE, validate_full_path
 
-from apps.common import paths, seed
+from apps.common import paths
 from apps.common.confirm import require_confirm
 from apps.common.signverify import split_message
 from apps.wallet.sign_tx.writers import write_varint
@@ -22,9 +22,7 @@ def message_digest(message):
     return sha256(h.get_digest()).digest()
 
 
-async def sign_message(ctx, msg):
+async def sign_message(ctx, msg, keychain):
-    keychain = await seed.get_keychain(ctx)
-
     await paths.validate_path(ctx, validate_full_path, path=msg.address_n)
     await require_confirm_sign_message(ctx, msg.message)
 

src/apps/lisk/sign_tx.py

@@ -7,15 +7,16 @@ from trezor.messages import LiskTransactionType
 from trezor.messages.LiskSignedTx import LiskSignedTx
 from trezor.utils import HashWriter
 
-from . import layout
+from apps.common import paths
-from .helpers import LISK_CURVE, get_address_from_public_key, validate_full_path
+from apps.lisk import layout
+from apps.lisk.helpers import (
+    LISK_CURVE,
+    get_address_from_public_key,
+    validate_full_path,
+)
 
-from apps.common import paths, seed
-
-
-async def sign_tx(ctx, msg):
-    keychain = await seed.get_keychain(ctx)
 
+async def sign_tx(ctx, msg, keychain):
     await paths.validate_path(ctx, validate_full_path, path=msg.address_n)
 
     pubkey, seckey = _get_keys(keychain, msg)

src/apps/monero/__init__.py

@@ -1,12 +1,20 @@
 from trezor import wire
 from trezor.messages import MessageType
 
+from apps.common import HARDENED
+
 
 def boot():
-    wire.add(MessageType.MoneroGetAddress, __name__, "get_address")
+    ns = [
-    wire.add(MessageType.MoneroGetWatchKey, __name__, "get_watch_only")
+        ["secp256k1", HARDENED | 44, HARDENED | 128],
-    wire.add(MessageType.MoneroTransactionInitRequest, __name__, "sign_tx")
+        ["ed25519", HARDENED | 44, HARDENED | 128],
-    wire.add(MessageType.MoneroKeyImageExportInitRequest, __name__, "key_image_sync")
+    ]
+    wire.add(MessageType.MoneroGetAddress, __name__, "get_address", ns)
+    wire.add(MessageType.MoneroGetWatchKey, __name__, "get_watch_only", ns)
+    wire.add(MessageType.MoneroTransactionInitRequest, __name__, "sign_tx", ns)
+    wire.add(
+        MessageType.MoneroKeyImageExportInitRequest, __name__, "key_image_sync", ns
+    )
 
     if __debug__ and hasattr(MessageType, "DebugMoneroDiagRequest"):
         wire.add(MessageType.DebugMoneroDiagRequest, __name__, "diag")

src/apps/monero/get_address.py

@@ -5,10 +5,10 @@ from apps.common.layout import address_n_to_str, show_address, show_qr
 from apps.monero import misc
 
 
-async def get_address(ctx, msg):
+async def get_address(ctx, msg, keychain):
     await paths.validate_path(ctx, misc.validate_full_path, path=msg.address_n)
 
-    creds = await misc.get_creds(ctx, msg.address_n, msg.network_type)
+    creds = misc.get_creds(keychain, msg.address_n, msg.network_type)
 
     if msg.show_display:
         desc = address_n_to_str(msg.address_n)

src/apps/monero/get_watch_only.py

@@ -7,12 +7,12 @@ from apps.monero.layout import confirms
 from apps.monero.xmr import crypto
 
 
-async def get_watch_only(ctx, msg: MoneroGetWatchKey):
+async def get_watch_only(ctx, msg: MoneroGetWatchKey, keychain):
     await paths.validate_path(ctx, misc.validate_full_path, path=msg.address_n)
 
     await confirms.require_confirm_watchkey(ctx)
 
-    creds = await misc.get_creds(ctx, msg.address_n, msg.network_type)
+    creds = misc.get_creds(keychain, msg.address_n, msg.network_type)
     address = creds.address
     watch_key = crypto.encodeint(creds.view_key_private)
 

src/apps/monero/key_image_sync.py

@@ -14,10 +14,10 @@ from apps.monero.xmr import crypto, key_image, monero
 from apps.monero.xmr.crypto import chacha_poly
 
 
-async def key_image_sync(ctx, msg):
+async def key_image_sync(ctx, msg, keychain):
     state = KeyImageSync()
 
-    res = await _init_step(state, ctx, msg)
+    res = await _init_step(state, ctx, msg, keychain)
     while True:
         msg = await ctx.call(
             res,
@@ -46,10 +46,10 @@ class KeyImageSync:
         self.hasher = crypto.get_keccak()
 
 
-async def _init_step(s, ctx, msg):
+async def _init_step(s, ctx, msg, keychain):
     await paths.validate_path(ctx, misc.validate_full_path, path=msg.address_n)
 
-    s.creds = await misc.get_creds(ctx, msg.address_n, msg.network_type)
+    s.creds = misc.get_creds(keychain, msg.address_n, msg.network_type)
 
     await confirms.require_confirm_keyimage_sync(ctx)
 

src/apps/monero/misc.py

@@ -1,8 +1,7 @@
 from apps.common import HARDENED
 
 
-async def get_creds(ctx, address_n=None, network_type=None):
+def get_creds(keychain, address_n=None, network_type=None):
-    from apps.common import seed
     from apps.monero.xmr import crypto, monero
     from apps.monero.xmr.credentials import AccountCreds
 
@@ -12,8 +11,6 @@ async def get_creds(ctx, address_n=None, network_type=None):
         curve = "ed25519"
     else:
         curve = "secp256k1"
-
-    keychain = await seed.get_keychain(ctx)
     node = keychain.derive(address_n, curve)
 
     if use_slip0010:

src/apps/monero/sign_tx.py

@@ -6,7 +6,7 @@ from trezor.messages import MessageType
 from apps.monero.signing.state import State
 
 
-async def sign_tx(ctx, received_msg):
+async def sign_tx(ctx, received_msg, keychain):
     state = State(ctx)
     mods = utils.unimport_begin()
 
@@ -18,7 +18,7 @@ async def sign_tx(ctx, received_msg):
         gc.collect()
         gc.threshold(gc.mem_free() // 4 + gc.mem_alloc())
 
-        result_msg, accept_msgs = await sign_tx_dispatch(state, received_msg)
+        result_msg, accept_msgs = await sign_tx_dispatch(state, received_msg, keychain)
         if accept_msgs is None:
             break
 
@@ -32,13 +32,13 @@ async def sign_tx(ctx, received_msg):
     return result_msg
 
 
-async def sign_tx_dispatch(state, msg):
+async def sign_tx_dispatch(state, msg, keychain):
     if msg.MESSAGE_WIRE_TYPE == MessageType.MoneroTransactionInitRequest:
         from apps.monero.signing import step_01_init_transaction
 
         return (
             await step_01_init_transaction.init_transaction(
-                state, msg.address_n, msg.network_type, msg.tsx_data
+                state, msg.address_n, msg.network_type, msg.tsx_data, keychain
             ),
             (MessageType.MoneroTransactionSetInputRequest,),
         )

src/apps/monero/signing/step_01_init_transaction.py

@@ -16,14 +16,18 @@ if False:
 
 
 async def init_transaction(
-    state: State, address_n: list, network_type: int, tsx_data: MoneroTransactionData
+    state: State,
+    address_n: list,
+    network_type: int,
+    tsx_data: MoneroTransactionData,
+    keychain,
 ):
     from apps.monero.signing import offloading_keys
     from apps.common import paths
 
     await paths.validate_path(state.ctx, misc.validate_full_path, path=address_n)
 
-    state.creds = await misc.get_creds(state.ctx, address_n, network_type)
+    state.creds = misc.get_creds(keychain, address_n, network_type)
     state.fee = state.fee if state.fee > 0 else 0
     state.tx_priv = crypto.random_scalar()
     state.tx_pub = crypto.scalarmult_base(state.tx_priv)

src/apps/nem/__init__.py

@@ -1,7 +1,13 @@
 from trezor import wire
 from trezor.messages import MessageType
 
+from apps.common import HARDENED
+
 
 def boot():
-    wire.add(MessageType.NEMGetAddress, __name__, "get_address")
+    ns = [
-    wire.add(MessageType.NEMSignTx, __name__, "sign_tx")
+        ["ed25519-keccak", HARDENED | 44, HARDENED | 43],
+        ["ed25519-keccak", HARDENED | 44, HARDENED | 1],
+    ]
+    wire.add(MessageType.NEMGetAddress, __name__, "get_address", ns)
+    wire.add(MessageType.NEMSignTx, __name__, "sign_tx", ns)

src/apps/nem/get_address.py

@@ -3,14 +3,11 @@ from trezor.messages.NEMAddress import NEMAddress
 from .helpers import NEM_CURVE, check_path, get_network_str
 from .validators import validate_network
 
-from apps.common import seed
 from apps.common.layout import address_n_to_str, show_address, show_qr
 from apps.common.paths import validate_path
 
 
-async def get_address(ctx, msg):
+async def get_address(ctx, msg, keychain):
-    keychain = await seed.get_keychain(ctx)
-
     network = validate_network(msg.network)
     await validate_path(ctx, check_path, path=msg.address_n, network=network)
 

src/apps/nem/sign_tx.py

@@ -2,17 +2,14 @@ from trezor.crypto.curve import ed25519
 from trezor.messages.NEMSignedTx import NEMSignedTx
 from trezor.messages.NEMSignTx import NEMSignTx
 
-from . import mosaic, multisig, namespace, transfer
-from .helpers import NEM_CURVE, NEM_HASH_ALG, check_path
-from .validators import validate
-
 from apps.common import seed
 from apps.common.paths import validate_path
+from apps.nem import mosaic, multisig, namespace, transfer
+from apps.nem.helpers import NEM_CURVE, NEM_HASH_ALG, check_path
+from apps.nem.validators import validate
 
 
-async def sign_tx(ctx, msg: NEMSignTx):
+async def sign_tx(ctx, msg: NEMSignTx, keychain):
-    keychain = await seed.get_keychain(ctx)
-
     validate(msg)
 
     await validate_path(

src/apps/ripple/__init__.py

@@ -1,7 +1,10 @@
 from trezor import wire
 from trezor.messages import MessageType
 
+from apps.common import HARDENED
+
 
 def boot():
-    wire.add(MessageType.RippleGetAddress, __name__, "get_address")
+    ns = [["secp256k1", HARDENED | 44, HARDENED | 144]]
-    wire.add(MessageType.RippleSignTx, __name__, "sign_tx")
+    wire.add(MessageType.RippleGetAddress, __name__, "get_address", ns)
+    wire.add(MessageType.RippleSignTx, __name__, "sign_tx", ns)

src/apps/ripple/get_address.py

@@ -1,15 +1,12 @@
 from trezor.messages.RippleAddress import RippleAddress
 from trezor.messages.RippleGetAddress import RippleGetAddress
 
-from . import helpers
+from apps.common import paths
-
-from apps.common import paths, seed
 from apps.common.layout import address_n_to_str, show_address, show_qr
+from apps.ripple import helpers
 
 
-async def get_address(ctx, msg: RippleGetAddress):
+async def get_address(ctx, msg: RippleGetAddress, keychain):
-    keychain = await seed.get_keychain(ctx)
-
     await paths.validate_path(ctx, helpers.validate_full_path, path=msg.address_n)
 
     node = keychain.derive(msg.address_n)

src/apps/ripple/sign_tx.py

@@ -5,15 +5,12 @@ from trezor.messages.RippleSignedTx import RippleSignedTx
 from trezor.messages.RippleSignTx import RippleSignTx
 from trezor.wire import ProcessError
 
-from . import helpers, layout
+from apps.common import paths
-from .serialize import serialize
+from apps.ripple import helpers, layout
+from apps.ripple.serialize import serialize
 
-from apps.common import paths, seed
-
-
-async def sign_tx(ctx, msg: RippleSignTx):
-    keychain = await seed.get_keychain(ctx)
 
+async def sign_tx(ctx, msg: RippleSignTx, keychain):
     validate(msg)
 
     await paths.validate_path(ctx, helpers.validate_full_path, path=msg.address_n)

src/apps/stellar/__init__.py

@@ -1,7 +1,10 @@
 from trezor import wire
 from trezor.messages import MessageType
 
+from apps.common import HARDENED
+
 
 def boot():
-    wire.add(MessageType.StellarGetAddress, __name__, "get_address")
+    ns = [["ed25519", HARDENED | 44, HARDENED | 148]]
-    wire.add(MessageType.StellarSignTx, __name__, "sign_tx")
+    wire.add(MessageType.StellarGetAddress, __name__, "get_address", ns)
+    wire.add(MessageType.StellarSignTx, __name__, "sign_tx", ns)

src/apps/stellar/get_address.py

@@ -6,9 +6,7 @@ from apps.common.layout import address_n_to_str, show_address, show_qr
 from apps.stellar import helpers
 
 
-async def get_address(ctx, msg: StellarGetAddress):
+async def get_address(ctx, msg: StellarGetAddress, keychain):
-    keychain = await seed.get_keychain(ctx)
-
     await paths.validate_path(ctx, helpers.validate_full_path, path=msg.address_n)
 
     node = keychain.derive(msg.address_n, helpers.STELLAR_CURVE)

src/apps/stellar/sign_tx.py

@@ -12,9 +12,7 @@ from apps.stellar import consts, helpers, layout, writers
 from apps.stellar.operations import process_operation
 
 
-async def sign_tx(ctx, msg: StellarSignTx):
+async def sign_tx(ctx, msg: StellarSignTx, keychain):
-    keychain = await seed.get_keychain(ctx)
-
     await paths.validate_path(ctx, helpers.validate_full_path, path=msg.address_n)
 
     node = keychain.derive(msg.address_n, consts.STELLAR_CURVE)

src/apps/tezos/__init__.py

@@ -1,8 +1,11 @@
 from trezor import wire
 from trezor.messages import MessageType
 
+from apps.common import HARDENED
+
 
 def boot():
-    wire.add(MessageType.TezosGetAddress, __name__, "get_address")
+    ns = [["ed25519", HARDENED | 44, HARDENED | 1729]]
-    wire.add(MessageType.TezosSignTx, __name__, "sign_tx")
+    wire.add(MessageType.TezosGetAddress, __name__, "get_address", ns)
-    wire.add(MessageType.TezosGetPublicKey, __name__, "get_public_key")
+    wire.add(MessageType.TezosSignTx, __name__, "sign_tx", ns)
+    wire.add(MessageType.TezosGetPublicKey, __name__, "get_public_key", ns)

src/apps/tezos/get_address.py

@@ -6,9 +6,7 @@ from apps.common.layout import address_n_to_str, show_address, show_qr
 from apps.tezos import helpers
 
 
-async def get_address(ctx, msg):
+async def get_address(ctx, msg, keychain):
-    keychain = await seed.get_keychain(ctx)
-
     await paths.validate_path(ctx, helpers.validate_full_path, path=msg.address_n)
 
     node = keychain.derive(msg.address_n, helpers.TEZOS_CURVE)

src/apps/tezos/get_public_key.py

@@ -9,9 +9,7 @@ from apps.common.confirm import require_confirm
 from apps.tezos import helpers
 
 
-async def get_public_key(ctx, msg):
+async def get_public_key(ctx, msg, keychain):
-    keychain = await seed.get_keychain(ctx)
-
     await paths.validate_path(ctx, helpers.validate_full_path, path=msg.address_n)
 
     node = keychain.derive(msg.address_n, helpers.TEZOS_CURVE)

src/apps/tezos/sign_tx.py

@@ -4,14 +4,12 @@ from trezor.crypto.curve import ed25519
 from trezor.messages import TezosContractType
 from trezor.messages.TezosSignedTx import TezosSignedTx
 
-from apps.common import paths, seed
+from apps.common import paths
 from apps.common.writers import write_bytes, write_uint8
 from apps.tezos import helpers, layout
 
 
-async def sign_tx(ctx, msg):
+async def sign_tx(ctx, msg, keychain):
-    keychain = await seed.get_keychain(ctx)
-
     await paths.validate_path(ctx, helpers.validate_full_path, path=msg.address_n)
 
     node = keychain.derive(msg.address_n, helpers.TEZOS_CURVE)

src/apps/wallet/__init__.py

@@ -3,12 +3,22 @@ from trezor.messages import MessageType
 
 
 def boot():
-    wire.add(MessageType.GetPublicKey, __name__, "get_public_key")
+    ns = [
-    wire.add(MessageType.GetAddress, __name__, "get_address")
+        ["curve25519"],
+        ["ed25519"],
+        ["ed25519-keccak"],
+        ["nist256p1"],
+        ["secp256k1"],
+        ["secp256k1-decred"],
+        ["secp256k1-groestl"],
+        ["secp256k1-smart"],
+    ]
+    wire.add(MessageType.GetPublicKey, __name__, "get_public_key", ns)
+    wire.add(MessageType.GetAddress, __name__, "get_address", ns)
     wire.add(MessageType.GetEntropy, __name__, "get_entropy")
-    wire.add(MessageType.SignTx, __name__, "sign_tx")
+    wire.add(MessageType.SignTx, __name__, "sign_tx", ns)
-    wire.add(MessageType.SignMessage, __name__, "sign_message")
+    wire.add(MessageType.SignMessage, __name__, "sign_message", ns)
     wire.add(MessageType.VerifyMessage, __name__, "verify_message")
-    wire.add(MessageType.SignIdentity, __name__, "sign_identity")
+    wire.add(MessageType.SignIdentity, __name__, "sign_identity", ns)
-    wire.add(MessageType.GetECDHSessionKey, __name__, "get_ecdh_session_key")
+    wire.add(MessageType.GetECDHSessionKey, __name__, "get_ecdh_session_key", ns)
-    wire.add(MessageType.CipherKeyValue, __name__, "cipher_key_value")
+    wire.add(MessageType.CipherKeyValue, __name__, "cipher_key_value", ns)

src/apps/wallet/cipher_key_value.py

@@ -4,13 +4,10 @@ from trezor.crypto.hashlib import sha512
 from trezor.messages.CipheredKeyValue import CipheredKeyValue
 from trezor.ui.text import Text
 
-from apps.common import seed
 from apps.common.confirm import require_confirm
 
 
-async def cipher_key_value(ctx, msg):
+async def cipher_key_value(ctx, msg, keychain):
-    keychain = await seed.get_keychain(ctx)
-
     if len(msg.value) % 16 > 0:
         raise wire.DataError("Value length must be a multiple of 16")
 

src/apps/wallet/get_address.py

@@ -1,15 +1,13 @@
 from trezor.messages import InputScriptType
 from trezor.messages.Address import Address
 
-from apps.common import coins, seed
+from apps.common import coins
 from apps.common.layout import address_n_to_str, show_address, show_qr
 from apps.common.paths import validate_path
 from apps.wallet.sign_tx import addresses
 
 
-async def get_address(ctx, msg):
+async def get_address(ctx, msg, keychain):
-    keychain = await seed.get_keychain(ctx)
-
     coin_name = msg.coin_name or "Bitcoin"
     coin = coins.by_name(coin_name)
 

src/apps/wallet/get_ecdh_session_key.py

@@ -5,7 +5,7 @@ from trezor.messages.ECDHSessionKey import ECDHSessionKey
 from trezor.ui.text import Text
 from trezor.utils import chunks
 
-from apps.common import HARDENED, seed
+from apps.common import HARDENED
 from apps.common.confirm import require_confirm
 from apps.wallet.sign_identity import (
     serialize_identity,
@@ -13,9 +13,7 @@ from apps.wallet.sign_identity import (
 )
 
 
-async def get_ecdh_session_key(ctx, msg):
+async def get_ecdh_session_key(ctx, msg, keychain):
-    keychain = await seed.get_keychain(ctx)
-
     if msg.ecdsa_curve_name is None:
         msg.ecdsa_curve_name = "secp256k1"
 

src/apps/wallet/get_entropy.py

@@ -7,7 +7,6 @@ from apps.common.confirm import require_confirm
 
 
 async def get_entropy(ctx, msg):
-
     text = Text("Confirm entropy")
     text.bold("Do you really want", "to send entropy?")
     text.normal("Continue only if you", "know what you are doing!")

src/apps/wallet/get_public_key.py

@@ -3,12 +3,10 @@ from trezor.messages import InputScriptType
 from trezor.messages.HDNodeType import HDNodeType
 from trezor.messages.PublicKey import PublicKey
 
-from apps.common import coins, layout, seed
+from apps.common import coins, layout
 
 
-async def get_public_key(ctx, msg):
+async def get_public_key(ctx, msg, keychain):
-    keychain = await seed.get_keychain(ctx)
-
     coin_name = msg.coin_name or "Bitcoin"
     coin = coins.by_name(coin_name)
     curve_name = msg.ecdsa_curve_name or coin.curve_name

src/apps/wallet/sign_identity.py

@@ -6,13 +6,11 @@ from trezor.messages.SignedIdentity import SignedIdentity
 from trezor.ui.text import Text
 from trezor.utils import chunks
 
-from apps.common import HARDENED, coins, seed
+from apps.common import HARDENED, coins
 from apps.common.confirm import require_confirm
 
 
-async def sign_identity(ctx, msg):
+async def sign_identity(ctx, msg, keychain):
-    keychain = await seed.get_keychain(ctx)
-
     if msg.ecdsa_curve_name is None:
         msg.ecdsa_curve_name = "secp256k1"
 

src/apps/wallet/sign_message.py

@@ -4,16 +4,14 @@ from trezor.messages.InputScriptType import SPENDADDRESS, SPENDP2SHWITNESS, SPEN
 from trezor.messages.MessageSignature import MessageSignature
 from trezor.ui.text import Text
 
-from apps.common import coins, seed
+from apps.common import coins
 from apps.common.confirm import require_confirm
 from apps.common.paths import validate_path
 from apps.common.signverify import message_digest, split_message
 from apps.wallet.sign_tx.addresses import get_address, validate_full_path
 
 
-async def sign_message(ctx, msg):
+async def sign_message(ctx, msg, keychain):
-    keychain = await seed.get_keychain(ctx)
-
     message = msg.message
     address_n = msg.address_n
     coin_name = msg.coin_name or "Bitcoin"

src/apps/wallet/sign_tx/__init__.py

@@ -3,7 +3,7 @@ from trezor.messages.MessageType import TxAck
 from trezor.messages.RequestType import TXFINISHED
 from trezor.messages.TxRequest import TxRequest
 
-from apps.common import paths, seed
+from apps.common import paths
 from apps.wallet.sign_tx import (
     addresses,
     helpers,
@@ -17,8 +17,7 @@ from apps.wallet.sign_tx import (
 
 
 @ui.layout
-async def sign_tx(ctx, msg):
+async def sign_tx(ctx, msg, keychain):
-    keychain = await seed.get_keychain(ctx)
     signer = signing.sign_tx(msg, keychain)
 
     res = None

src/trezor/wire/__init__.py

@@ -3,12 +3,25 @@ from trezor import log, loop, messages, utils, workflow
 from trezor.wire import codec_v1
 from trezor.wire.errors import *
 
+from apps.common import seed
+
 workflow_handlers = {}
 
 
-def add(mtype, pkgname, modname, *args):
+def add(mtype, pkgname, modname, namespace=None):
     """Shortcut for registering a dynamically-imported Protobuf workflow."""
-    register(mtype, protobuf_workflow, import_workflow, pkgname, modname, *args)
+    if namespace is not None:
+        register(
+            mtype,
+            protobuf_workflow,
+            keychain_workflow,
+            namespace,
+            import_workflow,
+            pkgname,
+            modname,
+        )
+    else:
+        register(mtype, protobuf_workflow, import_workflow, pkgname, modname)
 
 
 def register(mtype, handler, *args):
@@ -133,10 +146,12 @@ async def session_handler(iface, sid):
             continue
         except Error as exc:
             # we log wire.Error as warning, not as exception
-            log.warning(__name__, "failure: %s", exc.message)
+            if __debug__:
+                log.warning(__name__, "failure: %s", exc.message)
         except Exception as exc:
             # sessions are never closed by raised exceptions
-            log.exception(__name__, exc)
+            if __debug__:
+                log.exception(__name__, exc)
 
         # read new message in next iteration
         reader = None
@@ -155,7 +170,7 @@ async def protobuf_workflow(ctx, reader, handler, *args):
         # respond with specific code and message
         await ctx.write(Failure(code=exc.code, message=exc.message))
         raise
-    except Exception:  # as exc:
+    except Exception:
         # respond with a generic code and message
         await ctx.write(
             Failure(code=FailureType.FirmwareError, message="Firmware error")
@@ -166,6 +181,12 @@ async def protobuf_workflow(ctx, reader, handler, *args):
         await ctx.write(res)
 
 
+async def keychain_workflow(ctx, req, namespace, handler, *args):
+    keychain = await seed.get_keychain(ctx, namespace)
+    args += (keychain,)
+    return await handler(ctx, req, *args)
+
+
 def import_workflow(ctx, req, pkgname, modname, *args):
     modpath = "%s.%s" % (pkgname, modname)
     module = __import__(modpath, None, None, (modname,), 0)