seed: pass keychain to workflows, add namespaces

2024-12-17 11:58:13 +00:00 · 2018-12-07 14:26:59 +01:00 · 2018-12-07 14:26:59 +01:00 · e3c0f8e8ad
commit e3c0f8e8ad
parent 931e549c92
42 changed files with 177 additions and 174 deletions
--- a/src/apps/cardano/init.py
+++ b/src/apps/cardano/init.py
@ -1,6 +1,10 @@
 from trezor import wire
 from trezor.messages import MessageType
 from apps.common import HARDENED
 SEED_NAMESPACE = [[HARDENED | 44, HARDENED | 1815]]
 def boot():
    wire.add(MessageType.CardanoGetAddress, __name__, "get_address")
--- a/src/apps/cardano/seed.py
+++ b/src/apps/cardano/seed.py
@ -1,7 +1,8 @@
 from trezor import wire
 from trezor.crypto import bip32
-from apps.common import HARDENED, cache, storage
+from apps.cardano import SEED_NAMESPACE
 from apps.common import cache, storage
 from apps.common.request_passphrase import protect_by_passphrase
@ -34,11 +35,9 @@ async def get_keychain(ctx: wire.Context) -> Keychain:
        cache.set_passphrase(passphrase)
    root = bip32.from_mnemonic_cardano(storage.get_mnemonic(), passphrase)
    path = [HARDENED | 44, HARDENED | 1815]
    # derive the namespaced root node
-    for i in path:
+    for i in SEED_NAMESPACE[0]:
        root.derive_cardano(i)
-    keychain = Keychain(path, root)
+    keychain = Keychain(SEED_NAMESPACE[0], root)
    return keychain
--- a/src/apps/common/seed.py
+++ b/src/apps/common/seed.py
@ -34,7 +34,7 @@ class Keychain:
        return node
-async def get_keychain(ctx: wire.Context, paths: list = None) -> Keychain:
+async def get_keychain(ctx: wire.Context, paths: list) -> Keychain:
    if not storage.is_initialized():
        raise wire.ProcessError("Device is not initialized")
@ -48,19 +48,6 @@ async def get_keychain(ctx: wire.Context, paths: list = None) -> Keychain:
        seed = bip39.seed(storage.get_mnemonic(), passphrase)
        cache.set_seed(seed)
    if paths is None:
        # allow the whole keyspace by default
        paths = [
            ["curve25519"],
            ["ed25519"],
            ["ed25519-keccak"],
            ["nist256p1"],
            ["secp256k1"],
            ["secp256k1-decred"],
            ["secp256k1-groestl"],
            ["secp256k1-smart"],
        ]
    # derive namespaced root nodes
    roots = []
    for curve, *path in paths:
--- a/src/apps/ethereum/init.py
+++ b/src/apps/ethereum/init.py
@ -1,9 +1,12 @@
 from trezor import wire
 from trezor.messages import MessageType
 from apps.common import HARDENED
 def boot():
-    wire.add(MessageType.EthereumGetAddress, __name__, "get_address")
+    ns = [["secp256k1", HARDENED | 44, HARDENED | 60]]
-    wire.add(MessageType.EthereumSignTx, __name__, "sign_tx")
+    wire.add(MessageType.EthereumGetAddress, __name__, "get_address", ns)
-    wire.add(MessageType.EthereumSignMessage, __name__, "sign_message")
+    wire.add(MessageType.EthereumSignTx, __name__, "sign_tx", ns)
    wire.add(MessageType.EthereumSignMessage, __name__, "sign_message", ns)
    wire.add(MessageType.EthereumVerifyMessage, __name__, "verify_message")
--- a/src/apps/ethereum/get_address.py
+++ b/src/apps/ethereum/get_address.py
@ -2,15 +2,13 @@ from trezor.crypto.curve import secp256k1
 from trezor.crypto.hashlib import sha3_256
 from trezor.messages.EthereumAddress import EthereumAddress
-from apps.common import paths, seed
+from apps.common import paths
 from apps.common.layout import address_n_to_str, show_address, show_qr
 from apps.ethereum import networks
 from apps.ethereum.address import ethereum_address_hex, validate_full_path
-async def get_address(ctx, msg):
+async def get_address(ctx, msg, keychain):
    keychain = await seed.get_keychain(ctx)
    await paths.validate_path(ctx, validate_full_path, path=msg.address_n)
    node = keychain.derive(msg.address_n)
--- a/src/apps/ethereum/sign_message.py
+++ b/src/apps/ethereum/sign_message.py
@ -4,11 +4,10 @@ from trezor.messages.EthereumMessageSignature import EthereumMessageSignature
 from trezor.ui.text import Text
 from trezor.utils import HashWriter
-from .address import validate_full_path
+from apps.common import paths
 from apps.common import paths, seed
 from apps.common.confirm import require_confirm
 from apps.common.signverify import split_message
 from apps.ethereum.address import validate_full_path
 def message_digest(message):
@ -20,9 +19,7 @@ def message_digest(message):
    return h.get_digest()
-async def sign_message(ctx, msg):
+async def sign_message(ctx, msg, keychain):
    keychain = await seed.get_keychain(ctx)
    await paths.validate_path(ctx, validate_full_path, path=msg.address_n)
    await require_confirm_sign_message(ctx, msg.message)
--- a/src/apps/ethereum/sign_tx.py
+++ b/src/apps/ethereum/sign_tx.py
@ -7,10 +7,9 @@ from trezor.messages.EthereumTxRequest import EthereumTxRequest
 from trezor.messages.MessageType import EthereumTxAck
 from trezor.utils import HashWriter
-from .address import validate_full_path
+from apps.common import paths
 from apps.common import paths, seed
 from apps.ethereum import tokens
 from apps.ethereum.address import validate_full_path
 from apps.ethereum.layout import (
    require_confirm_data,
    require_confirm_fee,
@ -21,7 +20,7 @@ from apps.ethereum.layout import (
 MAX_CHAIN_ID = 2147483629
-async def sign_tx(ctx, msg):
+async def sign_tx(ctx, msg, keychain):
    msg = sanitize(msg)
    check(msg)
    await paths.validate_path(ctx, validate_full_path, path=msg.address_n)
@ -91,7 +90,9 @@ async def sign_tx(ctx, msg):
        sha.extend(rlp.encode(0))
    digest = sha.get_digest()
-    return await send_signature(ctx, msg, digest)
+    result = sign_digest(msg, keychain, digest)
    return result
 def get_total_length(msg: EthereumSignTx, data_total: int) -> int:
@ -130,9 +131,7 @@ async def send_request_chunk(ctx, data_left: int):
    return await ctx.call(req, EthereumTxAck)
-async def send_signature(ctx, msg: EthereumSignTx, digest):
+def sign_digest(msg: EthereumSignTx, keychain, digest):
    keychain = await seed.get_keychain(ctx)
    node = keychain.derive(msg.address_n)
    signature = secp256k1.sign(
        node.private_key(), digest, False, secp256k1.CANONICAL_SIG_ETHEREUM
--- a/src/apps/lisk/init.py
+++ b/src/apps/lisk/init.py
@ -1,10 +1,13 @@
 from trezor import wire
 from trezor.messages import MessageType
 from apps.common import HARDENED
 def boot():
-    wire.add(MessageType.LiskGetPublicKey, __name__, "get_public_key")
+    ns = [["ed25519", HARDENED | 44, HARDENED | 134]]
-    wire.add(MessageType.LiskGetAddress, __name__, "get_address")
+    wire.add(MessageType.LiskGetPublicKey, __name__, "get_public_key", ns)
-    wire.add(MessageType.LiskSignMessage, __name__, "sign_message")
+    wire.add(MessageType.LiskGetAddress, __name__, "get_address", ns)
    wire.add(MessageType.LiskSignTx, __name__, "sign_tx", ns)
    wire.add(MessageType.LiskSignMessage, __name__, "sign_message", ns)
    wire.add(MessageType.LiskVerifyMessage, __name__, "verify_message")
    wire.add(MessageType.LiskSignTx, __name__, "sign_tx")
--- a/src/apps/lisk/get_address.py
+++ b/src/apps/lisk/get_address.py
@ -2,13 +2,11 @@ from trezor.messages.LiskAddress import LiskAddress
 from .helpers import LISK_CURVE, get_address_from_public_key, validate_full_path
-from apps.common import paths, seed
+from apps.common import paths
 from apps.common.layout import address_n_to_str, show_address, show_qr
-async def get_address(ctx, msg):
+async def get_address(ctx, msg, keychain):
    keychain = await seed.get_keychain(ctx)
    await paths.validate_path(ctx, validate_full_path, path=msg.address_n)
    node = keychain.derive(msg.address_n, LISK_CURVE)
--- a/src/apps/lisk/get_public_key.py
+++ b/src/apps/lisk/get_public_key.py
@ -2,12 +2,10 @@ from trezor.messages.LiskPublicKey import LiskPublicKey
 from .helpers import LISK_CURVE, validate_full_path
-from apps.common import layout, paths, seed
+from apps.common import layout, paths
-async def get_public_key(ctx, msg):
+async def get_public_key(ctx, msg, keychain):
    keychain = await seed.get_keychain(ctx)
    await paths.validate_path(ctx, validate_full_path, path=msg.address_n)
    node = keychain.derive(msg.address_n, LISK_CURVE)
--- a/src/apps/lisk/sign_message.py
+++ b/src/apps/lisk/sign_message.py
@ -6,7 +6,7 @@ from trezor.utils import HashWriter
 from .helpers import LISK_CURVE, validate_full_path
-from apps.common import paths, seed
+from apps.common import paths
 from apps.common.confirm import require_confirm
 from apps.common.signverify import split_message
 from apps.wallet.sign_tx.writers import write_varint
@ -22,9 +22,7 @@ def message_digest(message):
    return sha256(h.get_digest()).digest()
-async def sign_message(ctx, msg):
+async def sign_message(ctx, msg, keychain):
    keychain = await seed.get_keychain(ctx)
    await paths.validate_path(ctx, validate_full_path, path=msg.address_n)
    await require_confirm_sign_message(ctx, msg.message)
--- a/src/apps/lisk/sign_tx.py
+++ b/src/apps/lisk/sign_tx.py
@ -7,15 +7,16 @@ from trezor.messages import LiskTransactionType
 from trezor.messages.LiskSignedTx import LiskSignedTx
 from trezor.utils import HashWriter
-from . import layout
+from apps.common import paths
-from .helpers import LISK_CURVE, get_address_from_public_key, validate_full_path
+from apps.lisk import layout
-
+from apps.lisk.helpers import (
-from apps.common import paths, seed
+    LISK_CURVE,
    get_address_from_public_key,
    validate_full_path,
 )
-async def sign_tx(ctx, msg):
+async def sign_tx(ctx, msg, keychain):
    keychain = await seed.get_keychain(ctx)
    await paths.validate_path(ctx, validate_full_path, path=msg.address_n)
    pubkey, seckey = _get_keys(keychain, msg)
--- a/src/apps/monero/init.py
+++ b/src/apps/monero/init.py
@ -1,12 +1,20 @@
 from trezor import wire
 from trezor.messages import MessageType
 from apps.common import HARDENED
 def boot():
-    wire.add(MessageType.MoneroGetAddress, __name__, "get_address")
+    ns = [
-    wire.add(MessageType.MoneroGetWatchKey, __name__, "get_watch_only")
+        ["secp256k1", HARDENED | 44, HARDENED | 128],
-    wire.add(MessageType.MoneroTransactionInitRequest, __name__, "sign_tx")
+        ["ed25519", HARDENED | 44, HARDENED | 128],
-    wire.add(MessageType.MoneroKeyImageExportInitRequest, __name__, "key_image_sync")
+    ]
    wire.add(MessageType.MoneroGetAddress, __name__, "get_address", ns)
    wire.add(MessageType.MoneroGetWatchKey, __name__, "get_watch_only", ns)
    wire.add(MessageType.MoneroTransactionInitRequest, __name__, "sign_tx", ns)
    wire.add(
        MessageType.MoneroKeyImageExportInitRequest, __name__, "key_image_sync", ns
    )
    if __debug__ and hasattr(MessageType, "DebugMoneroDiagRequest"):
        wire.add(MessageType.DebugMoneroDiagRequest, __name__, "diag")
--- a/src/apps/monero/get_address.py
+++ b/src/apps/monero/get_address.py
@ -5,10 +5,10 @@ from apps.common.layout import address_n_to_str, show_address, show_qr
 from apps.monero import misc
-async def get_address(ctx, msg):
+async def get_address(ctx, msg, keychain):
    await paths.validate_path(ctx, misc.validate_full_path, path=msg.address_n)
-    creds = await misc.get_creds(ctx, msg.address_n, msg.network_type)
+    creds = misc.get_creds(keychain, msg.address_n, msg.network_type)
    if msg.show_display:
        desc = address_n_to_str(msg.address_n)
--- a/src/apps/monero/get_watch_only.py
+++ b/src/apps/monero/get_watch_only.py
@ -7,12 +7,12 @@ from apps.monero.layout import confirms
 from apps.monero.xmr import crypto
-async def get_watch_only(ctx, msg: MoneroGetWatchKey):
+async def get_watch_only(ctx, msg: MoneroGetWatchKey, keychain):
    await paths.validate_path(ctx, misc.validate_full_path, path=msg.address_n)
    await confirms.require_confirm_watchkey(ctx)
-    creds = await misc.get_creds(ctx, msg.address_n, msg.network_type)
+    creds = misc.get_creds(keychain, msg.address_n, msg.network_type)
    address = creds.address
    watch_key = crypto.encodeint(creds.view_key_private)
--- a/src/apps/monero/key_image_sync.py
+++ b/src/apps/monero/key_image_sync.py
@ -14,10 +14,10 @@ from apps.monero.xmr import crypto, key_image, monero
 from apps.monero.xmr.crypto import chacha_poly
-async def key_image_sync(ctx, msg):
+async def key_image_sync(ctx, msg, keychain):
    state = KeyImageSync()
-    res = await _init_step(state, ctx, msg)
+    res = await _init_step(state, ctx, msg, keychain)
    while True:
        msg = await ctx.call(
            res,
@ -46,10 +46,10 @@ class KeyImageSync:
        self.hasher = crypto.get_keccak()
-async def _init_step(s, ctx, msg):
+async def _init_step(s, ctx, msg, keychain):
    await paths.validate_path(ctx, misc.validate_full_path, path=msg.address_n)
-    s.creds = await misc.get_creds(ctx, msg.address_n, msg.network_type)
+    s.creds = misc.get_creds(keychain, msg.address_n, msg.network_type)
    await confirms.require_confirm_keyimage_sync(ctx)
--- a/src/apps/monero/misc.py
+++ b/src/apps/monero/misc.py
@ -1,8 +1,7 @@
 from apps.common import HARDENED
-async def get_creds(ctx, address_n=None, network_type=None):
+def get_creds(keychain, address_n=None, network_type=None):
    from apps.common import seed
    from apps.monero.xmr import crypto, monero
    from apps.monero.xmr.credentials import AccountCreds
@ -12,8 +11,6 @@ async def get_creds(ctx, address_n=None, network_type=None):
        curve = "ed25519"
    else:
        curve = "secp256k1"
    keychain = await seed.get_keychain(ctx)
    node = keychain.derive(address_n, curve)
    if use_slip0010:
--- a/src/apps/monero/sign_tx.py
+++ b/src/apps/monero/sign_tx.py
@ -6,7 +6,7 @@ from trezor.messages import MessageType
 from apps.monero.signing.state import State
-async def sign_tx(ctx, received_msg):
+async def sign_tx(ctx, received_msg, keychain):
    state = State(ctx)
    mods = utils.unimport_begin()
@ -18,7 +18,7 @@ async def sign_tx(ctx, received_msg):
        gc.collect()
        gc.threshold(gc.mem_free() // 4 + gc.mem_alloc())
-        result_msg, accept_msgs = await sign_tx_dispatch(state, received_msg)
+        result_msg, accept_msgs = await sign_tx_dispatch(state, received_msg, keychain)
        if accept_msgs is None:
            break
@ -32,13 +32,13 @@ async def sign_tx(ctx, received_msg):
    return result_msg
-async def sign_tx_dispatch(state, msg):
+async def sign_tx_dispatch(state, msg, keychain):
    if msg.MESSAGE_WIRE_TYPE == MessageType.MoneroTransactionInitRequest:
        from apps.monero.signing import step_01_init_transaction
        return (
            await step_01_init_transaction.init_transaction(
-                state, msg.address_n, msg.network_type, msg.tsx_data
+                state, msg.address_n, msg.network_type, msg.tsx_data, keychain
            ),
            (MessageType.MoneroTransactionSetInputRequest,),
        )
--- a/src/apps/monero/signing/step_01_init_transaction.py
+++ b/src/apps/monero/signing/step_01_init_transaction.py
@ -16,14 +16,18 @@ if False:
 async def init_transaction(
-    state: State, address_n: list, network_type: int, tsx_data: MoneroTransactionData
+    state: State,
    address_n: list,
    network_type: int,
    tsx_data: MoneroTransactionData,
    keychain,
 ):
    from apps.monero.signing import offloading_keys
    from apps.common import paths
    await paths.validate_path(state.ctx, misc.validate_full_path, path=address_n)
-    state.creds = await misc.get_creds(state.ctx, address_n, network_type)
+    state.creds = misc.get_creds(keychain, address_n, network_type)
    state.fee = state.fee if state.fee > 0 else 0
    state.tx_priv = crypto.random_scalar()
    state.tx_pub = crypto.scalarmult_base(state.tx_priv)
--- a/src/apps/nem/init.py
+++ b/src/apps/nem/init.py
@ -1,7 +1,13 @@
 from trezor import wire
 from trezor.messages import MessageType
 from apps.common import HARDENED
 def boot():
-    wire.add(MessageType.NEMGetAddress, __name__, "get_address")
+    ns = [
-    wire.add(MessageType.NEMSignTx, __name__, "sign_tx")
+        ["ed25519-keccak", HARDENED | 44, HARDENED | 43],
        ["ed25519-keccak", HARDENED | 44, HARDENED | 1],
    ]
    wire.add(MessageType.NEMGetAddress, __name__, "get_address", ns)
    wire.add(MessageType.NEMSignTx, __name__, "sign_tx", ns)
--- a/src/apps/nem/get_address.py
+++ b/src/apps/nem/get_address.py
@ -3,14 +3,11 @@ from trezor.messages.NEMAddress import NEMAddress
 from .helpers import NEM_CURVE, check_path, get_network_str
 from .validators import validate_network
 from apps.common import seed
 from apps.common.layout import address_n_to_str, show_address, show_qr
 from apps.common.paths import validate_path
-async def get_address(ctx, msg):
+async def get_address(ctx, msg, keychain):
    keychain = await seed.get_keychain(ctx)
    network = validate_network(msg.network)
    await validate_path(ctx, check_path, path=msg.address_n, network=network)
--- a/src/apps/nem/sign_tx.py
+++ b/src/apps/nem/sign_tx.py
@ -2,17 +2,14 @@ from trezor.crypto.curve import ed25519
 from trezor.messages.NEMSignedTx import NEMSignedTx
 from trezor.messages.NEMSignTx import NEMSignTx
 from . import mosaic, multisig, namespace, transfer
 from .helpers import NEM_CURVE, NEM_HASH_ALG, check_path
 from .validators import validate
 from apps.common import seed
 from apps.common.paths import validate_path
 from apps.nem import mosaic, multisig, namespace, transfer
 from apps.nem.helpers import NEM_CURVE, NEM_HASH_ALG, check_path
 from apps.nem.validators import validate
-async def sign_tx(ctx, msg: NEMSignTx):
+async def sign_tx(ctx, msg: NEMSignTx, keychain):
    keychain = await seed.get_keychain(ctx)
    validate(msg)
    await validate_path(
--- a/src/apps/ripple/init.py
+++ b/src/apps/ripple/init.py
@ -1,7 +1,10 @@
 from trezor import wire
 from trezor.messages import MessageType
 from apps.common import HARDENED
 def boot():
-    wire.add(MessageType.RippleGetAddress, __name__, "get_address")
+    ns = [["secp256k1", HARDENED | 44, HARDENED | 144]]
-    wire.add(MessageType.RippleSignTx, __name__, "sign_tx")
+    wire.add(MessageType.RippleGetAddress, __name__, "get_address", ns)
    wire.add(MessageType.RippleSignTx, __name__, "sign_tx", ns)
--- a/src/apps/ripple/get_address.py
+++ b/src/apps/ripple/get_address.py
@ -1,15 +1,12 @@
 from trezor.messages.RippleAddress import RippleAddress
 from trezor.messages.RippleGetAddress import RippleGetAddress
-from . import helpers
+from apps.common import paths
 from apps.common import paths, seed
 from apps.common.layout import address_n_to_str, show_address, show_qr
 from apps.ripple import helpers
-async def get_address(ctx, msg: RippleGetAddress):
+async def get_address(ctx, msg: RippleGetAddress, keychain):
    keychain = await seed.get_keychain(ctx)
    await paths.validate_path(ctx, helpers.validate_full_path, path=msg.address_n)
    node = keychain.derive(msg.address_n)
--- a/src/apps/ripple/sign_tx.py
+++ b/src/apps/ripple/sign_tx.py
@ -5,15 +5,12 @@ from trezor.messages.RippleSignedTx import RippleSignedTx
 from trezor.messages.RippleSignTx import RippleSignTx
 from trezor.wire import ProcessError
-from . import helpers, layout
+from apps.common import paths
-from .serialize import serialize
+from apps.ripple import helpers, layout
-
+from apps.ripple.serialize import serialize
 from apps.common import paths, seed
-async def sign_tx(ctx, msg: RippleSignTx):
+async def sign_tx(ctx, msg: RippleSignTx, keychain):
    keychain = await seed.get_keychain(ctx)
    validate(msg)
    await paths.validate_path(ctx, helpers.validate_full_path, path=msg.address_n)
--- a/src/apps/stellar/init.py
+++ b/src/apps/stellar/init.py
@ -1,7 +1,10 @@
 from trezor import wire
 from trezor.messages import MessageType
 from apps.common import HARDENED
 def boot():
-    wire.add(MessageType.StellarGetAddress, __name__, "get_address")
+    ns = [["ed25519", HARDENED | 44, HARDENED | 148]]
-    wire.add(MessageType.StellarSignTx, __name__, "sign_tx")
+    wire.add(MessageType.StellarGetAddress, __name__, "get_address", ns)
    wire.add(MessageType.StellarSignTx, __name__, "sign_tx", ns)
--- a/src/apps/stellar/get_address.py
+++ b/src/apps/stellar/get_address.py
@ -6,9 +6,7 @@ from apps.common.layout import address_n_to_str, show_address, show_qr
 from apps.stellar import helpers
-async def get_address(ctx, msg: StellarGetAddress):
+async def get_address(ctx, msg: StellarGetAddress, keychain):
    keychain = await seed.get_keychain(ctx)
    await paths.validate_path(ctx, helpers.validate_full_path, path=msg.address_n)
    node = keychain.derive(msg.address_n, helpers.STELLAR_CURVE)
--- a/src/apps/stellar/sign_tx.py
+++ b/src/apps/stellar/sign_tx.py
@ -12,9 +12,7 @@ from apps.stellar import consts, helpers, layout, writers
 from apps.stellar.operations import process_operation
-async def sign_tx(ctx, msg: StellarSignTx):
+async def sign_tx(ctx, msg: StellarSignTx, keychain):
    keychain = await seed.get_keychain(ctx)
    await paths.validate_path(ctx, helpers.validate_full_path, path=msg.address_n)
    node = keychain.derive(msg.address_n, consts.STELLAR_CURVE)
--- a/src/apps/tezos/init.py
+++ b/src/apps/tezos/init.py
@ -1,8 +1,11 @@
 from trezor import wire
 from trezor.messages import MessageType
 from apps.common import HARDENED
 def boot():
-    wire.add(MessageType.TezosGetAddress, __name__, "get_address")
+    ns = [["ed25519", HARDENED | 44, HARDENED | 1729]]
-    wire.add(MessageType.TezosSignTx, __name__, "sign_tx")
+    wire.add(MessageType.TezosGetAddress, __name__, "get_address", ns)
-    wire.add(MessageType.TezosGetPublicKey, __name__, "get_public_key")
+    wire.add(MessageType.TezosSignTx, __name__, "sign_tx", ns)
    wire.add(MessageType.TezosGetPublicKey, __name__, "get_public_key", ns)
--- a/src/apps/tezos/get_address.py
+++ b/src/apps/tezos/get_address.py
@ -6,9 +6,7 @@ from apps.common.layout import address_n_to_str, show_address, show_qr
 from apps.tezos import helpers
-async def get_address(ctx, msg):
+async def get_address(ctx, msg, keychain):
    keychain = await seed.get_keychain(ctx)
    await paths.validate_path(ctx, helpers.validate_full_path, path=msg.address_n)
    node = keychain.derive(msg.address_n, helpers.TEZOS_CURVE)
--- a/src/apps/tezos/get_public_key.py
+++ b/src/apps/tezos/get_public_key.py
@ -9,9 +9,7 @@ from apps.common.confirm import require_confirm
 from apps.tezos import helpers
-async def get_public_key(ctx, msg):
+async def get_public_key(ctx, msg, keychain):
    keychain = await seed.get_keychain(ctx)
    await paths.validate_path(ctx, helpers.validate_full_path, path=msg.address_n)
    node = keychain.derive(msg.address_n, helpers.TEZOS_CURVE)
--- a/src/apps/tezos/sign_tx.py
+++ b/src/apps/tezos/sign_tx.py
@ -4,14 +4,12 @@ from trezor.crypto.curve import ed25519
 from trezor.messages import TezosContractType
 from trezor.messages.TezosSignedTx import TezosSignedTx
-from apps.common import paths, seed
+from apps.common import paths
 from apps.common.writers import write_bytes, write_uint8
 from apps.tezos import helpers, layout
-async def sign_tx(ctx, msg):
+async def sign_tx(ctx, msg, keychain):
    keychain = await seed.get_keychain(ctx)
    await paths.validate_path(ctx, helpers.validate_full_path, path=msg.address_n)
    node = keychain.derive(msg.address_n, helpers.TEZOS_CURVE)
--- a/src/apps/wallet/init.py
+++ b/src/apps/wallet/init.py
@ -3,12 +3,22 @@ from trezor.messages import MessageType
 def boot():
-    wire.add(MessageType.GetPublicKey, __name__, "get_public_key")
+    ns = [
-    wire.add(MessageType.GetAddress, __name__, "get_address")
+        ["curve25519"],
        ["ed25519"],
        ["ed25519-keccak"],
        ["nist256p1"],
        ["secp256k1"],
        ["secp256k1-decred"],
        ["secp256k1-groestl"],
        ["secp256k1-smart"],
    ]
    wire.add(MessageType.GetPublicKey, __name__, "get_public_key", ns)
    wire.add(MessageType.GetAddress, __name__, "get_address", ns)
    wire.add(MessageType.GetEntropy, __name__, "get_entropy")
-    wire.add(MessageType.SignTx, __name__, "sign_tx")
+    wire.add(MessageType.SignTx, __name__, "sign_tx", ns)
-    wire.add(MessageType.SignMessage, __name__, "sign_message")
+    wire.add(MessageType.SignMessage, __name__, "sign_message", ns)
    wire.add(MessageType.VerifyMessage, __name__, "verify_message")
-    wire.add(MessageType.SignIdentity, __name__, "sign_identity")
+    wire.add(MessageType.SignIdentity, __name__, "sign_identity", ns)
-    wire.add(MessageType.GetECDHSessionKey, __name__, "get_ecdh_session_key")
+    wire.add(MessageType.GetECDHSessionKey, __name__, "get_ecdh_session_key", ns)
-    wire.add(MessageType.CipherKeyValue, __name__, "cipher_key_value")
+    wire.add(MessageType.CipherKeyValue, __name__, "cipher_key_value", ns)
--- a/src/apps/wallet/cipher_key_value.py
+++ b/src/apps/wallet/cipher_key_value.py
@ -4,13 +4,10 @@ from trezor.crypto.hashlib import sha512
 from trezor.messages.CipheredKeyValue import CipheredKeyValue
 from trezor.ui.text import Text
 from apps.common import seed
 from apps.common.confirm import require_confirm
-async def cipher_key_value(ctx, msg):
+async def cipher_key_value(ctx, msg, keychain):
    keychain = await seed.get_keychain(ctx)
    if len(msg.value) % 16 > 0:
        raise wire.DataError("Value length must be a multiple of 16")
--- a/src/apps/wallet/get_address.py
+++ b/src/apps/wallet/get_address.py
@ -1,15 +1,13 @@
 from trezor.messages import InputScriptType
 from trezor.messages.Address import Address
-from apps.common import coins, seed
+from apps.common import coins
 from apps.common.layout import address_n_to_str, show_address, show_qr
 from apps.common.paths import validate_path
 from apps.wallet.sign_tx import addresses
-async def get_address(ctx, msg):
+async def get_address(ctx, msg, keychain):
    keychain = await seed.get_keychain(ctx)
    coin_name = msg.coin_name or "Bitcoin"
    coin = coins.by_name(coin_name)
--- a/src/apps/wallet/get_ecdh_session_key.py
+++ b/src/apps/wallet/get_ecdh_session_key.py
@ -5,7 +5,7 @@ from trezor.messages.ECDHSessionKey import ECDHSessionKey
 from trezor.ui.text import Text
 from trezor.utils import chunks
-from apps.common import HARDENED, seed
+from apps.common import HARDENED
 from apps.common.confirm import require_confirm
 from apps.wallet.sign_identity import (
    serialize_identity,
@ -13,9 +13,7 @@ from apps.wallet.sign_identity import (
 )
-async def get_ecdh_session_key(ctx, msg):
+async def get_ecdh_session_key(ctx, msg, keychain):
    keychain = await seed.get_keychain(ctx)
    if msg.ecdsa_curve_name is None:
        msg.ecdsa_curve_name = "secp256k1"
--- a/src/apps/wallet/get_entropy.py
+++ b/src/apps/wallet/get_entropy.py
@ -7,7 +7,6 @@ from apps.common.confirm import require_confirm
 async def get_entropy(ctx, msg):
    text = Text("Confirm entropy")
    text.bold("Do you really want", "to send entropy?")
    text.normal("Continue only if you", "know what you are doing!")
--- a/src/apps/wallet/get_public_key.py
+++ b/src/apps/wallet/get_public_key.py
@ -3,12 +3,10 @@ from trezor.messages import InputScriptType
 from trezor.messages.HDNodeType import HDNodeType
 from trezor.messages.PublicKey import PublicKey
-from apps.common import coins, layout, seed
+from apps.common import coins, layout
-async def get_public_key(ctx, msg):
+async def get_public_key(ctx, msg, keychain):
    keychain = await seed.get_keychain(ctx)
    coin_name = msg.coin_name or "Bitcoin"
    coin = coins.by_name(coin_name)
    curve_name = msg.ecdsa_curve_name or coin.curve_name
--- a/src/apps/wallet/sign_identity.py
+++ b/src/apps/wallet/sign_identity.py
@ -6,13 +6,11 @@ from trezor.messages.SignedIdentity import SignedIdentity
 from trezor.ui.text import Text
 from trezor.utils import chunks
-from apps.common import HARDENED, coins, seed
+from apps.common import HARDENED, coins
 from apps.common.confirm import require_confirm
-async def sign_identity(ctx, msg):
+async def sign_identity(ctx, msg, keychain):
    keychain = await seed.get_keychain(ctx)
    if msg.ecdsa_curve_name is None:
        msg.ecdsa_curve_name = "secp256k1"
--- a/src/apps/wallet/sign_message.py
+++ b/src/apps/wallet/sign_message.py
@ -4,16 +4,14 @@ from trezor.messages.InputScriptType import SPENDADDRESS, SPENDP2SHWITNESS, SPEN
 from trezor.messages.MessageSignature import MessageSignature
 from trezor.ui.text import Text
-from apps.common import coins, seed
+from apps.common import coins
 from apps.common.confirm import require_confirm
 from apps.common.paths import validate_path
 from apps.common.signverify import message_digest, split_message
 from apps.wallet.sign_tx.addresses import get_address, validate_full_path
-async def sign_message(ctx, msg):
+async def sign_message(ctx, msg, keychain):
    keychain = await seed.get_keychain(ctx)
    message = msg.message
    address_n = msg.address_n
    coin_name = msg.coin_name or "Bitcoin"
--- a/src/apps/wallet/sign_tx/init.py
+++ b/src/apps/wallet/sign_tx/init.py
@ -3,7 +3,7 @@ from trezor.messages.MessageType import TxAck
 from trezor.messages.RequestType import TXFINISHED
 from trezor.messages.TxRequest import TxRequest
-from apps.common import paths, seed
+from apps.common import paths
 from apps.wallet.sign_tx import (
    addresses,
    helpers,
@ -17,8 +17,7 @@ from apps.wallet.sign_tx import (
@ui.layout
-async def sign_tx(ctx, msg):
+async def sign_tx(ctx, msg, keychain):
    keychain = await seed.get_keychain(ctx)
    signer = signing.sign_tx(msg, keychain)
    res = None
--- a/src/trezor/wire/init.py
+++ b/src/trezor/wire/init.py
@ -3,12 +3,25 @@ from trezor import log, loop, messages, utils, workflow
 from trezor.wire import codec_v1
 from trezor.wire.errors import *
 from apps.common import seed
 workflow_handlers = {}
-def add(mtype, pkgname, modname, *args):
+def add(mtype, pkgname, modname, namespace=None):
    """Shortcut for registering a dynamically-imported Protobuf workflow."""
-    register(mtype, protobuf_workflow, import_workflow, pkgname, modname, *args)
+    if namespace is not None:
        register(
            mtype,
            protobuf_workflow,
            keychain_workflow,
            namespace,
            import_workflow,
            pkgname,
            modname,
        )
    else:
        register(mtype, protobuf_workflow, import_workflow, pkgname, modname)
 def register(mtype, handler, *args):
@ -133,10 +146,12 @@ async def session_handler(iface, sid):
            continue
        except Error as exc:
            # we log wire.Error as warning, not as exception
-            log.warning(__name__, "failure: %s", exc.message)
+            if __debug__:
                log.warning(__name__, "failure: %s", exc.message)
        except Exception as exc:
            # sessions are never closed by raised exceptions
-            log.exception(__name__, exc)
+            if __debug__:
                log.exception(__name__, exc)
        # read new message in next iteration
        reader = None
@ -155,7 +170,7 @@ async def protobuf_workflow(ctx, reader, handler, *args):
        # respond with specific code and message
        await ctx.write(Failure(code=exc.code, message=exc.message))
        raise
-    except Exception:  # as exc:
+    except Exception:
        # respond with a generic code and message
        await ctx.write(
            Failure(code=FailureType.FirmwareError, message="Firmware error")
@ -166,6 +181,12 @@ async def protobuf_workflow(ctx, reader, handler, *args):
        await ctx.write(res)
 async def keychain_workflow(ctx, req, namespace, handler, *args):
    keychain = await seed.get_keychain(ctx, namespace)
    args += (keychain,)
    return await handler(ctx, req, *args)
 def import_workflow(ctx, req, pkgname, modname, *args):
    modpath = "%s.%s" % (pkgname, modname)
    module = __import__(modpath, None, None, (modname,), 0)