1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-11-30 03:18:20 +00:00
Commit Graph

881 Commits

Author SHA1 Message Date
matejcik
3362f66724 client: make sure proto exists in client
because old Electrum imports it

also make sure it doesn't work anymore
2018-12-04 17:42:54 +01:00
matejcik
db1a5adee7 device_tests: style 2018-11-26 17:02:00 +01:00
Tomas Susanka
0d01298f71 tests/eth: add invalid signature test for verify 2018-11-26 16:30:34 +01:00
matejcik
4982fd1cf5 client: wrap clear_session in a session
because it's a different kind of session...
2018-11-26 16:06:56 +01:00
matejcik
c7c5653231 trezorlib: bump version (not releasing yet though) 2018-11-26 16:02:19 +01:00
matejcik
1ded85c746 tests/unit_tests: update test_transport 2018-11-26 15:58:19 +01:00
matejcik
36a81fd9e7 trezorlib: update CallException to match the old one
which is now TrezorFailure
2018-11-26 15:30:42 +01:00
matejcik
1f2db3666b ui: smarter ClickUI prompts only once
This also fixes #331 by moving the PIN matrix from trezorctl into the UI
class
2018-11-26 15:30:42 +01:00
matejcik
eb50d54ec2 device: add reasonable defaults for reset/recovery 2018-11-26 15:30:42 +01:00
matejcik
40eaa1fa36 transport/hid: reload serial when closing
because device.wipe() causes the device to change serial, which breaks
the connection unnecessarily.
2018-11-26 15:30:42 +01:00
matejcik
f3a13f50e0 transport/hid: check serial number when opening device
This fixes the problem where the user disconnects a device, connects a
different one, and the library doesn't notice because opening the same
HID path worked fine. (see https://github.com/spesmilo/electrum/issues/4806 )
2018-11-26 15:30:42 +01:00
matejcik
082adfd15d transport: derive TransportException from TrezorException 2018-11-26 15:30:42 +01:00
matejcik
69ef1f0acd transport: cleaner Transport list instantiation
Previously if an import of a dependent module (usb1, hid) failed, import
of the whole transport module would fail. This was resolved by catching
ImportErrors in the all_transports method.

This had two drawbacks:
- if something other than ImportError happened - e.g., libusb would
raise OSError if it couldn't find libusb.so - all_transports would crash
anyway
- at the same time, if a legitimately needed dependency
(typing_extensions) was missing, this would be masked by the ImportError
handling.

Instead, we unconditionally import the modules, and inside each one,
wrap dependencies in a try-except.

As an added benefit, it is now possible to disable a transport just by
setting SomeTransport.ENABLED = False
2018-11-26 15:30:42 +01:00
matejcik
f04458d6ea client: allow canceling pin/passphrase entry 2018-11-26 15:30:42 +01:00
matejcik
11e56a7e1b client: clean up constants 2018-11-26 15:30:42 +01:00
matejcik
3dda5e6534 client: proto -> messages 2018-11-26 15:30:42 +01:00
matejcik
4f9bdff564 client: simplify MovedTo now that we only need it to raise an error
this also removes most of client's imports, which will FINALLY let us
import client where it is needed without circular dependencies
2018-11-26 15:30:42 +01:00
matejcik
ef46bd38ef client: finish the move away from mixins
move all methods that are still relevant to TrezorClient (originally
BaseClient)

modify ProtocolMixin to be a compatibility shim

modify BaseClient to be a compatibility shim with a proxy to original
actual TrezorClient - this prevents early failures in Electrum for long
enough to show an error message
2018-11-26 15:30:42 +01:00
matejcik
f3f521b028 client: convert generic classname-based dispatch to a static list
Only a limited number of messages should be dispatched to handlers
that can be inserted anywhere in the protocol flow. Having a fixed list
of interjecting handlers makes this clearer and prevents hard-to-find
bugs.
2018-11-26 15:30:42 +01:00
Tomas Susanka
786bccfa34 tests/lisk: all all all seed 2018-11-21 17:08:18 +01:00
Tomas Susanka
29d3a21d84 tests/eth: all all all seed 2018-11-21 17:08:18 +01:00
Tomas Susanka
f5af12c043 paths: compatibility for derivation paths checks 2018-11-21 17:08:18 +01:00
Pavol Rusnak
da3223d703
tests: change flags for test_msg_signtx_capricoin.py 2018-11-14 17:36:19 +01:00
strmci
252f946f40 Add a test case for segwit inputs/outputs with very high amounts (#337)
Add a test case for segwit inputs/outputs with very high amount, fixes #332
2018-11-12 16:27:56 +01:00
matejcik
5bb7dc39b8 transport: consolidate USB-based transports
remove Trezor 2 support from HID transport, which never worked

use ProtocolV1 explicitly everywhere, as V2 doesn't exist in practice

move USB IDs and UDEV warning string to a common place

fix a bug where HID would return a list instead of bytes
2018-11-12 12:22:32 +01:00
matejcik
d3534a15c9 transport: fix typing after autoflake treatment
autoflake will remove all unused imports when `make style` is invoked,
but can't recognize typing names that are only used in comments.

this fixes it.
2018-11-12 12:22:32 +01:00
matejcik
bfb56451e8 bridge: support bridge 2.0.25+
which can do read/write separately and supports debuglink
2018-11-12 12:22:32 +01:00
matejcik
ed473e2e42 trezorlib: add licence headers where missing 2018-11-12 12:22:32 +01:00
matejcik
93d84539bd transport: fit log messages to lines 2018-11-12 12:22:32 +01:00
matejcik
85b85c67b3 trezorlib: reentrant session handling
This fixes the breakage introduced by transport reshuffles.
It's still not great and I'd love to see context manager based sessions.
But it's good enough for now.
2018-11-12 12:22:32 +01:00
matejcik
daf97afb37 bridge: refactor after merging old changes 2018-11-12 12:22:32 +01:00
matejcik
aac7726824 trezorlib: transport/protocol reshuffle
This commit breaks session handling (which matters with Bridge) and
regresses Bridge to an older code state. Both of these issues will be
rectified in subsequent commits.

Explanation of this big API reshuffle follows:

* protocols are moved to trezorlib.transport, and to a single common file.
* there is a cleaner definition of Transport and Protocol API (see below)
* fully valid mypy type hinting
* session handle counters and open handle counters mostly went away. Transports
  and Protocols are meant to be "raw" APIs; TrezorClient will implement
  context-handler-based sessions, session tracking, etc.

I'm calling this a "reshuffle" because it involved very small number of
code changes. Most of it is moving things around where they sit better.

The API changes are as follows.

Transport is now a thing that can:
* open and close sessions
* read and write protobuf messages
* enumerate and find devices

Some transports (all except bridge) are technically bytes-based and need
a separate protocol implementation (because we have two existing protocols,
although only the first one is actually used). Hence a protocol superclass.

Protocol is a thing that *also* can:
* open and close sessions
* read and write protobuf messages
For that, it requires a `handle`.

Handle is a physical layer for a protocol. It can:
* open and close some sort of device connection
  (this is distinct from session! Connection is a channel over which you can
  send data. Session is a logical arrangement on top of that; you can have
  multiple sessions on a single connection.)
* read and write 64-byte chunks of data

With that, we introduce ProtocolBasedTransport, which simply delegates
the appropriate Transport functionality to respective Protocol methods.

hid and webusb transports are ProtocolBasedTransport-s that provide separate
device handles. HidHandle and WebUsbHandle existed before, but the distinction
of functionality between a Transport and its Handle was unclear. Some methods
were moved and now the handles implement the Handle API, while the transports
provide the enumeration parts of the Transport API, as well as glue between
the respective Protocols and Handles.

udp transport is also a ProtocolBasedTransport, but it acts as its own handle.
(That might be changed. For now, I went with the pre-existing structure.)

In addition, session_begin/end is renamed to begin/end_session to keep
consistent verb_noun naming.
2018-11-12 12:22:26 +01:00
matejcik
560a5215c5 client: do not coerce self.features.vendor to string
There is no good reason to do that and it hides situations when
the field mistakenly doesn't exist.

Added comment explains that missing "vendor" field might by caused
by trezor-common mismatch, which fixes #328
2018-11-06 14:16:53 +01:00
matejcik
ca345e9766 cardano: clean up test case 2018-11-06 13:38:13 +01:00
matejcik
81c55c1c5f device_tests: fix remaining use of btc.sign_tx 2018-11-06 13:38:09 +01:00
matejcik
99278f7d08 client: PassphraseState is not mandatory (missing on T1 in fact) 2018-11-06 13:36:25 +01:00
matejcik
1233feb358 style: fix imports 2018-11-06 13:36:25 +01:00
matejcik
601d3b49c3 trezorlib: add some utility features 2018-11-06 13:36:25 +01:00
matejcik
c269d67cde trezorlib: finalize BTC API changes
- drop set_tx_api method and its usage from trezorctl
- drop _prepare_sign_tx which is not used anymore
- adapt trezorctl to new signing API
- make trezorctl signing smarter, ahead of moving it elsewhere
2018-11-06 13:36:25 +01:00
matejcik
620e48e4d0 tests: adapt tests to new APIs 2018-11-06 13:36:25 +01:00
matejcik
9caea6d413 tx_api: rework API, separate caching functionality to test support 2018-11-06 13:36:25 +01:00
matejcik
3239d53bc0 debuglink: add support for arbitrary message filters
(this replaces `debug_processor` from sign_tx)
2018-11-06 13:36:25 +01:00
matejcik
5087f30a69 firmware: fix byte order for VendorTrust field, reproduce reserved field
this fixes a problem when checking signature (and therefore
reconstructing) of a vendor header that doesn't have a VendorTrust of
all zeroes, e.g., the vendor header for test builds
2018-11-06 13:36:25 +01:00
matejcik
c248946b3d protobuf: make MessageType more dict-like, drop _add_ and _extend_
so that SignTx(**tx) works

_add_x and _extend_x methods are left-overs from google protobuf
and shouldn't be used anymore
2018-11-06 13:36:25 +01:00
matejcik
e5e0759dc8 btc: refactor and cleanup sign_tx api & flow 2018-11-06 13:36:25 +01:00
matejcik
ea675f1e58 client: inline PassphraseState flow into Passphrase flow 2018-11-06 13:36:25 +01:00
Pavol Rusnak
1218a487f6
fix style 2018-11-04 16:06:21 +01:00
Pavol Rusnak
b4e34b98fc
trezorlib: add monero getaddress/getwatchkey + tests 2018-11-04 15:27:45 +01:00
matejcik
de981febc7 ui: switch ClickUI to use stderr 2018-10-25 12:47:14 +02:00
Tibor Arpas
e9b540e6b6 altcoin: Capricoin support tests and minor trezorctl addition. (#325) 2018-10-24 15:05:59 +02:00
Tibor Arpas
f78885af5a Closes #326 : tx_api.get_tx incompatible with current blockbook (#327)
This makes ./trezorctl fetching of previous transactions compatible with current blockbook. re #326
2018-10-24 14:13:52 +02:00
Pavol Rusnak
57f1dddc2f
fix style 2018-10-23 15:30:31 +02:00
Pavol Rusnak
45265cdcb7
tests: enable Stellar tests for T1 2018-10-23 14:13:55 +02:00
Pavol Rusnak
7e9501e816
tests: fix test_protection_levels (add buttonrequest to reset workflow) 2018-10-23 12:26:10 +02:00
Pavol Rusnak
ac0731300e
fix style 2018-10-23 12:24:10 +02:00
Pavol Rusnak
0aa6e45eec
tests: add tests for missing multisig 2018-10-22 15:59:07 +02:00
Pavol Rusnak
43b7ca4fd6
tests: fix style 2018-10-22 15:41:27 +02:00
Pavol Rusnak
1397c3b4d9
tests: update T1+T2 reset+recovery tests to reflect new Confirm dialog 2018-10-22 14:44:36 +02:00
Pavol Rusnak
5e259ab2c3
tests: fix test for Zcash Sapling test 2018-10-17 16:59:11 +02:00
matejcik
00a3f24731 device_tests: raise timeout in TestMsgResetDeviceT2
because swipe_down action is slow and it might not finish
in time for reading reset_words, so you read the same reset_words twice
2018-10-16 17:17:08 +02:00
Pavol Rusnak
685f24b454
tests: add test for Zcash Sapling 2018-10-16 10:58:12 +02:00
Pavol Rusnak
837781eb55
vendor: update trezor-common, use Tx.version_group_id where possible 2018-10-15 17:52:11 +02:00
matejcik
3f92683bc6 firmware: update forgotten comment 2018-10-12 16:05:50 +02:00
matejcik
e1efd493fd trezorctl: updated firmware update flow
We can now locally verify firmware signatures and hashes. We also
recognize min_firmware_version, so this resolves #308

This also helps with #273, as trezorlib is now mostly usable for signing
firmware images.
2018-10-12 15:58:55 +02:00
matejcik
3e7b26b454 exceptions: smarter, nicer exceptions from Failures 2018-10-12 15:49:17 +02:00
matejcik
eb2b58e1f4 cosi: tests for new verify_m_of_n method 2018-10-12 12:58:49 +02:00
matejcik
ba365b5486 cosi: replace slow djb implementation of ed25519 with an optimized one
from https://github.com/pyca/ed25519

This makes the calculations several orders of magnitude faster, which
allows us to run the CoSi test in Travis. It also doesn't stop firmware
update for several seconds while we validate the CoSi signatures.

It's still essentially the same insecure implementation, fallible to all
the same timing attacks, and it shouldn't be used for anything except
validating public signatures of public data. But now it also takes about
as much time as it should on modern hardware.
2018-10-12 12:58:44 +02:00
Pavol Rusnak
3d5fa7a2f6
tests: refactor test_msg_resetdevice_skipbackup 2018-10-11 17:26:20 +02:00
Pavol Rusnak
16d9d58ee1
tests: add test in resetdevice for combination of display_random and skip_backup 2018-10-11 15:29:30 +02:00
Pavol Rusnak
a1ba9db744
tests: re-enable Decred test for T2 2018-10-10 13:44:36 +02:00
Matheus Degiovani
688e885903 decred: Add sign message tests (#318) 2018-10-10 13:35:31 +02:00
matejcik
88988172b9 bridge: perform HTTP request in read, not write
This allows us to return early from a `write`, which we need in cases
where we want to perform an operation inbetween `read` and `write` -
namely, callback for ButtonRequest should technically be invoked after
returning ButtonAck but before waiting for device's response.

Of course that doesn't really work. The callback will actually be
invoked _before_ ButtonAck, so there's still the condition that it must
return immediately or the device gets stuck with a black screen.

But doing this allows us to write code *as if* it worked, which lets the
other transports run free and wild, by which I mean, do the Right Thing
2018-10-10 13:15:28 +02:00
matejcik
2d7c74c535 switch to click 7.0 2018-10-10 13:15:28 +02:00
matejcik
8618f44272 tests: fix signature of device.recover in expect-to-fail tests 2018-10-10 13:15:28 +02:00
matejcik
1d3fa77ab6 debuglink: allow with-block without expected_responses 2018-10-10 13:15:28 +02:00
matejcik
ffff11a462 style: isort & autopep 2018-10-10 13:15:28 +02:00
matejcik
886d4f18f4 device_tests: sample usage of input_flow 2018-10-10 13:15:28 +02:00
matejcik
0f7f694914 debug: fix test_msg_applysettings 2018-10-10 13:15:28 +02:00
matejcik
c37bc9c38e debug: improve infrastructure and expected message reporting 2018-10-10 13:15:28 +02:00
matejcik
fc7a76e2f3 tests: use stdlib mock instead of the third-party one 2018-10-10 13:15:28 +02:00
matejcik
a5abd70619 trezorlib: drop TrezorClientDebugLink from client.py 2018-10-10 13:15:28 +02:00
matejcik
06927e003e trezorlib: get rid of TextUIMixin
This also moves DebugLinkMixin to debuglink.py and converts the mixin to
a subclass of TrezorClient (which is finally becoming a
reasonable-looking class). This takes advantage of the new UI protocol
and is ready for further improvements, namely, queuing input for tests
that require swipes.

The ui.py module contains a Click-based implementation of the UI
protocol. Use of callback_* methods has been limited and will probably
be cleaned up further (The contract has changed so we'll try to make
third party code fail noisily. It is unclear whether a backwards
compatible approach will be possible).

Furthermore, device.recovery() now takes a callback as an argument. This
way we can get rid of WordRequest callbacks, which are only used in the
recovery flow.
2018-10-10 13:15:28 +02:00
Matheus Degiovani
6d9157c4a5 decred: Return tree and version in insight api (#319) 2018-10-10 12:44:54 +02:00
Pavol Rusnak
00ebbbb1f3
tests: add test in resetdevice for combination of display_random and no_backup 2018-10-08 15:54:28 +02:00
Pavol Rusnak
cd006026dd
Revert "tests: enable Decred tests for T2"
This reverts commit d49a38d80f.
2018-10-08 14:34:26 +02:00
Pavol Rusnak
c395501d2d
trezorctl: add no-backup option to reset-device 2018-10-08 14:17:07 +02:00
Pavol Rusnak
d49a38d80f
tests: enable Decred tests for T2 2018-10-06 13:50:37 +02:00
Pavol Rusnak
0f62c817d5
tests: fix warnings in test_msg_resetdevice_nobackup.py 2018-10-04 18:04:37 +02:00
Jochen Hoenicke
b4c5b996a1 Fix Qt5/4 import strategy.
- Try Qt5 before Qt4.
- Handle all exceptions (a ValueError is thrown if the wrong Qt was
  imported earlier)
2018-10-04 17:42:59 +02:00
Pavol Rusnak
3424f01ae7
tests: nitpicks in resetdevice_skipbackup, add resetdevice_nobackup 2018-10-04 17:40:53 +02:00
matejcik
d859fe36f7 coins: pick correct field name for TxApi 2018-10-04 17:14:46 +02:00
matejcik
dbcc903e52 cardano: fix tests broken after binascii removal 2018-10-02 16:51:53 +02:00
matejcik
a66cf99b74 cosi: fix bug in signing code, make tests pass 2018-10-02 16:11:20 +02:00
matejcik
4fb3acb029 style: uppercase hex constants to conform with black 18.9b0 style 2018-10-01 14:01:33 +02:00
matejcik
15d3b0c722 cosi: clarify convoluted parts of local signing code 2018-09-27 16:53:57 +02:00
Pavol Rusnak
4a0ca873eb trezorlib+tools: remove usage of binascii 2018-09-27 16:52:28 +02:00
Pavol Rusnak
7f55847ab1 tests: remove usage of binascii 2018-09-27 16:52:28 +02:00
Dusan Klinec
61de49fae5
protob test fix after migration to get_fields() 2018-09-20 14:35:47 +02:00
Dusan Klinec
6b32e33c58
protobuf.py uses get_fields() 2018-09-20 13:57:26 +02:00
Tomas Susanka
7e35dfa51e tests: style fix 2018-09-18 10:36:31 +02:00