arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-11 17:08:15 +00:00
Code Issues Releases Wiki Activity
9,472 Commits 364 Branches 206 Tags 247 MiB
431a25b119
Commit Graph

643 Commits

Author SHA1 Message Date
Andrew Kozlik
5469acfabf core/webauthn: Cache user verification for 3 minutes. 2020-06-04 16:18:46 +02:00
Andrew Kozlik
b867ac1d01 core/webauthn: Implement FIDO2 unlocking from softlock. 2020-06-04 16:18:46 +02:00
Andrew Kozlik
0f81886c9f core/webauthn: Allow confirm_dialog() to return a new state as an alternative to the user response. 2020-06-04 16:18:46 +02:00
Andrew Kozlik
c8ae5c157e core/webauthn: Implement U2F unlocking from softlock. 2020-06-04 16:18:46 +02:00
matejcik
06aed7135a core: do not prompt for PIN just to lock the device again 2020-06-04 16:18:46 +02:00
matejcik
246998910a core: refactor usage of input_signals 
this prevents a certain class of UI test failure. It also localizes the
use of debuglink signals into the layout classes instead of call sites,
which is a design we were already using for confirm_signals
 2020-06-04 16:18:46 +02:00
matejcik
afeeafd5cd core: hide some fields when softlocked 2020-06-04 16:18:46 +02:00
matejcik
b9bd9ea3d0 core: only softlock when PIN is set 2020-06-04 16:18:46 +02:00
matejcik
a9ddc2a8e2 core/boot: modify initial lockscreen label 2020-06-04 16:18:46 +02:00
matejcik
09af8aed4e core: consider lockscreen to be a separate homescreen 
this involves some changes to the workflow defaults:

* workflow.start_default() takes no arguments
* workflow.set_default() (originally replace_default) configures the
  default that will be started by next call to start_default().
  The intended usecase is to set_default() first and then start it
  separately.
* apps.base.set_homescreen() factors out the logic originally in
  main.py, that decides which homescreen should be launched. This uses
  set_default() call. start_default() is then used explicitly in main.py
 2020-06-04 16:18:46 +02:00
matejcik
d73480bc9d core: introduce PIN soft-locking 2020-06-04 16:18:46 +02:00
matejcik
04c8b2803d core: refactor homescreen app, include lockscreen in it 2020-06-04 16:18:46 +02:00
matejcik
9197623d83 core: factor out the decision whether to lock the device 2020-06-04 16:18:46 +02:00
matejcik
32fcc4ad9c core: make verify_user_pin accept a Context argument 2020-06-04 16:18:46 +02:00
matejcik
8ca7ffc3b8 core: use wire.PinCancelled/PinInvalid instead of custom versions 
also refactor show_pin_invalid and its usages so that it raises directly

note that we are now using PinCancelled instead of ActionCancelled where
appropriate
 2020-06-04 16:18:46 +02:00
matejcik
eabfcab9b9 core: add default messages to some error codes 2020-06-04 16:18:46 +02:00
matejcik
341c5b7d10 core/wire: make handler lookup pluggable 2020-06-04 16:18:46 +02:00
matejcik
d5e45c02bb core: move base functions from "homescreen" app to "base" 2020-06-04 16:18:46 +02:00
matejcik
bd5b3a3f21 common: drop Theta and VeChain ERC tokens, refresh market caps 
fixes #1022
fixes #1023
 2020-05-29 12:12:30 +02:00
matejcik
5209804fc3 core: relax path checks on GetPublicKey 
(cherry picked from commit 554d8949f5)
 2020-05-27 06:58:30 +00:00
matejcik
554d8949f5 core: relax path checks on GetPublicKey 2020-05-27 08:56:50 +02:00
matejcik
d59ffe553f make gen 2020-05-25 16:14:05 +02:00
Andrew Kozlik
42eddf8e04 core/sign_tx: validate prevout amount in all cases 2020-05-24 14:36:38 +00:00
Andrew Kozlik
7db3e930d4 core/sign_tx: Add further message sanitization checks. 2020-05-24 14:36:37 +00:00
matejcik
72ef86d79a all: enable extra_data for komodo 2020-05-24 14:36:37 +00:00
matejcik
7a3637d5b0 core/sign_tx: add checks for version_group_id and branch_id fields 2020-05-24 14:36:37 +00:00
Tomas Susanka
9dfc08ca61 core/bitcoin: drop decred_script_version 2020-05-21 19:14:39 +02:00
matejcik
eeb46eabca common: refresh token list 2020-05-21 13:29:13 +02:00
matejcik
2f665c8f84 core: add exception to GetPublicKey for PSBT master fingerprint (fixes #999) 2020-05-21 13:26:53 +02:00
Tomas Susanka
a2f790167d core/bitcoin: fix step 1 and 2 comments in signing 2020-05-19 12:58:45 +00:00
Tomas Susanka
1ac0f60550 core: update isort config to place relative imports last 2020-05-18 14:31:51 +02:00
Tomas Susanka
aa115b6320 core: move decred writers to decred.py 2020-05-18 14:31:51 +02:00
Tomas Susanka
3084ee1eed core/bitcoin: move write_bitcoin_varint to common writers 2020-05-18 14:31:51 +02:00
Tomas Susanka
445f56d387 core/bitcoin: finalize bitcoin refactor 
- core/bitcoin: move common files to the app's root
- core/bitcoin: use require_confirm instead of confirm
- core: move bitcoin unrelated functions from 'bitcoin' to a new 'misc' app
- core/bitcoin: use relative imports inside the app
- core: rename wallet app to bitcoin
- core/wallet: replace SigningErrors and the other exception classes with wire.Errors
 2020-05-18 14:31:51 +02:00
matejcik
de9e73dcbc core/tests: update unit tests for new keychain API 2020-05-15 14:08:29 +02:00
matejcik
f3f6e2101a core/cardano: explanation about seed derivation 2020-05-15 14:08:29 +02:00
matejcik
a31b2cd1bc core/wallet: implement keychain for apps.wallet 2020-05-15 14:08:29 +02:00
matejcik
0dff3853a7 core/ethereum: introduce custom keychain decorators 2020-05-15 14:08:29 +02:00
matejcik
b594248ac2 core: use new keychain decorators where appropriate 2020-05-15 14:08:29 +02:00
matejcik
fd9e945308 core/cardano: use caching decorators and new Keychain API for Cardano as well 2020-05-15 14:08:29 +02:00
matejcik
7541d529a3 core: refactor keychain API, introduce SLIP44 decorator 2020-05-15 14:08:29 +02:00
Dusan Klinec
6b8fc9c894
xmr: major protocol upgrade, CLSAG support added 
- CLSAG signature scheme added
  - type hints added

xmr: optimize protocol, send only required data
  - real_out_additional_tx_keys contains only one element as nothing more is needed during signature
  - only src_entr.outputs[index] is HMACed and always present. Other outputs are present only if needed which reduces comm and CPU overhead.
  - getting rid of subaddresses dictionary (memory requirements), now subaddr indices are present per source entry so keys are computed when needed

xmr: prepare for permutation sending removal, specify index
  - specify source entry ordering index prior sorting by key images as original HMAC keys are generated based on these.
  - permutation checked just by valid HMACs, size of the set, key image sort order
  - sending permutation is now deprecated, will be removed in the following protocol versions
  - more strict state transition checks, guard strict check with respect to steps ordering
 2020-05-13 11:13:19 +02:00
Andrew Kozlik
3de565c33c core/sign_tx: In write_tx_header() rename has_segwit parameter to witness_marker and clarify usage. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
846116a666 core/sign_tx: Improve comments. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
7370077d0c core/sign_tx: Get rid of internal TxOutputBinType messages. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
9f9618944a core/sign_tx: Explicitly pass script to write_tx_input() instead of setting it in txi. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
04bdf1dc6c core/sign_tx: Remove unused index parameters. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
c9814e50ba core/sign_tx: Set decred_script_version to 0 by default for decred coins. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
dccf415e0b core/sign_tx: Add write_tx_output() to signer class and override it in Decred. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
bdd1d25979 core/sign_tx: Require change-outputs to be for a non-zero amount. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
d5faeb3f51 core/sign_tx: Clarify sign_nonsegwit_input(). 2020-05-06 13:18:32 +02:00
matejcik
9005093435 core/sign_tx: improve documentation on MatchCheckers 2020-05-06 13:18:32 +02:00
matejcik
0209768ff2 core/sign_tx: improve type hints 2020-05-06 13:18:32 +02:00
matejcik
ff41e5c304 core/sign_tx: improve signer selection readability 2020-05-06 13:18:32 +02:00
Andrew Kozlik
8b89a30955 core/sign_tx: Remove get_prevouts_hash(), get_sequence_hash(), get_outputs_hash() methods from signer classes, because they are only used internally. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
22933587be core/sign_tx: Merge bip143 classes into signer classes. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
6ad3baeab2 core/sign_tx: Refactor BIP-143 signing. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
d58cd3987b core/sign_tx: Minor updates based on code review. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
be39f271b0 core/sign_tx: Rework transaction footer writing. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
b60f267da9 core/sign_tx: Rework transaction header writing. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
c1effcc374 core/sign_tx: Updates based on code review. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
c2a0f83558 core/sign_tx: Move script derivation to scripts module. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
be7e98aa47 core/sign_tx: Move Bitcoin class to bitcoin.py. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
a07e125793 core/sign_tx: Consolidate wallet path and multisig fingerprint checking. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
27e6720f3d core/sign_tx: cleanup 2020-05-06 13:18:32 +02:00
Andrew Kozlik
987b70f1f5 core/sign_tx: Move header prepending up by one level. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
2ceb091d68 core/sign_tx: Use a preallocated buffer for transaction serialization. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
555259d6a9 core/sign_tx: Remove last_output_bytes in Decred, which is no longer needed. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
f1801764a1 core/sign_tx: Fix segwit/non-segwit input interleaving bug. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
514f2ac649 core/sign_tx: Refactor to use template method. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
95fad83024 core/sign_tx: Derive Zip143 and DecredPrefixHasher from Bip143. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
e9900df18d core/sign_tx: Move Overwintered class to zcash. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
60dbec95ac core/sign_tx: Reuse get_prevtx_output_value() in Decred. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
2b74513e49 core: Fix mypy. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
50c08274b9 core/sign_tx: Move overwintered functionality to separate class. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
c190eed7fc core/sign_tx: Move non-Bitcoin functionality to Bitcoinlike class. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
613c81ea66 core/sign_tx: Refactor wallet_path functions and input_check_multisig_fingerprint. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
0d9984671e core/sign_tx: Fix typing. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
79c60615de core: Fix typing. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
ba8b34b2d7 core: Refactor signing. 2020-05-06 13:18:32 +02:00
matejcik
5885978c83 Merge branch 'release/2020-04' 2020-04-15 15:00:23 +02:00
Andrew Kozlik
9e4a8ca785 core/webauthn: Improve error codes for uninitialized device. Return ERR_OPERATION_DENIED only upon user decline or timeout, otherwise it cancels the operation on all connected authenticators. 2020-04-14 12:24:17 +02:00
Andrew Kozlik
bc4e8eaa16 core/webauth: Update readme with Ed25519 algorithm and certificates. 2020-04-09 21:05:28 +02:00
Andrew Kozlik
fca92d7344 core/webauthn: Update attestation certificate to comply with WebAuthn requirements. 2020-04-06 18:29:05 +02:00
Andrew Kozlik
25a39ea729 core/webauthn: Fix handling of interleaving frames to comply with the U2F HID specification. 2020-04-06 09:53:42 +02:00
jagdeep sidhu
e58c5f63d5
common/defs: update SYS (#928) 2020-04-02 00:22:47 +02:00
Tomas Susanka
0b7a8449f8 core: style 2020-03-30 16:04:05 +00:00
Tomas Susanka
bf20537f41 core: add option to omit cancel button in HoldToConfirm; add it to reset 2020-03-30 16:00:12 +00:00
Andrew Kozlik
8ae0535e69 core/webauthn: Fix attestation statement format to use a list in the x5c field. 2020-03-24 16:18:37 +01:00
Tomas Susanka
aa71c20f2c core: require hold to confirm 2020-03-24 09:20:10 +00:00
Tomas Susanka
f786d75a6f core: drop obsolete check for ANYONECANSPEND segwit outputs 2020-03-20 14:19:31 +00:00
Tomas Susanka
d0d41c884e legacy: move script type checks to separate functions and unify with core 2020-03-20 14:19:31 +00:00
matejcik
da89a17ce5 all: add checks for prev_hash size 2020-03-20 14:19:31 +00:00
matejcik
c15519f707 core/sign_tx: modify get_tx_header to avoid writing unchecked bytes 2020-03-20 14:19:31 +00:00
matejcik
9cab61fbd3 core/sign_tx: remove write_bytes_unchecked where appropriate 2020-03-20 14:19:31 +00:00
matejcik
27f6306e1d core: introduce safer write_bytes functions 2020-03-20 14:19:30 +00:00
matejcik
9a5f6b025a core/tezos: factor out writing Michelson instructions 2020-03-20 14:19:30 +00:00
matejcik
694f714719 core/ripple: rename write_bytes to avoid name collision 2020-03-20 14:19:30 +00:00
Tomas Susanka
64584e271c legacy, core: add and unify validation checks 2020-03-20 14:19:30 +00:00
matejcik
ffdb299c61 all: drop Capricoin support [NO BACKPORT] 2020-03-20 14:19:30 +00:00
matejcik
adea7d6b35 all: make timestamp mandatory on timestamp-enabled coins 2020-03-20 14:19:07 +00:00
matejcik
e2035b4972 all: drop Horizen and BIP-115 support [NO BACKPORT] 2020-03-20 14:19:07 +00:00
matejcik
6f9c6361ea core: remove negative_fee and cashaddr_prefix from bitcoin-only fw 2020-03-20 14:18:27 +00:00
matejcik
7d5771911c core: flip condition for force_bip143 
this should be equivalent because Bitcoin does not have force_bip143 set
 2020-03-20 14:18:27 +00:00
matejcik
ed464f3d47 all: ensure expiry, timestamp and extra_data are blocked as appropriate 2020-03-20 14:18:27 +00:00
matejcik
27803ee8c1 all: drop overwintered field from transaction 2020-03-20 14:18:27 +00:00
matejcik
c9fd3f77a5 all: add overwintered field to coin specification 2020-03-20 14:18:27 +00:00
Pavol Rusnak
817b922850 all: add extra_data and timestamp fields to coin specification 2020-03-20 14:18:27 +00:00
matejcik
136307bcae core: propagate coin info to all sanitize functions 2020-03-20 14:17:44 +00:00
matejcik
303c05aba7 core/sign_tx: check if prev_tx has enough outputs to match prev_index 2020-03-20 14:17:44 +00:00
Andrew Kozlik
a34637c0f2 core/sign_tx: Check multisig fingerprint before signing inputs. 2020-03-20 14:17:44 +00:00
Tomas Susanka
163220e4b7 core/wallet: properly check decred input 2020-03-20 14:17:44 +00:00
Ondřej Vejpustek
6274cfdf8b core: remove unreachable zcash code 2020-03-20 14:17:44 +00:00
Ondřej Vejpustek
d61181d7e8 core: fix transaction header for mixed segwit inputs 2020-03-20 14:17:44 +00:00
Tomas Susanka
f0a39df75d core/wallet: check inputs and outputs right after receiving them 2020-03-20 14:17:44 +00:00
Tomas Susanka
0903159d9b core, legacy: make sure OPRETURN ouput is not marked as change 2020-03-20 14:17:44 +00:00
Tomas Susanka
4af9aa547e core: forbid unnecessary fields in OPRETURN output 2020-03-20 14:17:44 +00:00
Andrew Kozlik
d800fcbf9f core/sign_tx: If there is a non-multisig input, then change output cannot be multisig. 
(cherry picked from commit 8eb6ce0899)
 2020-03-20 14:17:44 +00:00
Andrew Kozlik
b3cd760df0 core/webauthn: Disable CTAPHID_WINK function. 2020-03-20 15:07:06 +01:00
Andrew Kozlik
e5008eb332 core/webauthn: Remove indistinguishable credentials from the allow list. 2020-03-20 15:07:06 +01:00
Andrew Kozlik
cda9de8dd1 core/webauthn: Add maxCredentialCountInList and maxCredentialIdLength to authenticatorGetInfo response. 2020-03-20 15:07:06 +01:00
Andrew Kozlik
0af0e06d5b core/webauthn: Truncate names in credential data to at most 100 bytes. 2020-03-20 15:07:06 +01:00
matejcik
f6f041e269 core/sdcard: also catch OSError in the formatting phase 2020-03-20 14:03:28 +01:00
matejcik
3a71a5a05c core/sdcard: show "Wrong SD card" when unlocking SD protect with unformatted card 2020-03-20 14:03:28 +01:00
matejcik
3789a3372b core/sdcard: modify exception handling in fatfs 
expose ff.c constants, raise them as arguments to FatFSError

introduce NotMounted and NoFilesystem as subclasses of FatFSError with
the appropriate error code set
 2020-03-20 14:03:28 +01:00
Andrew Kozlik
8ee0026637 core: Allow PIN entry even when SD protect is enabled and the card is not present. 2020-03-19 15:04:33 +01:00
Konnor Klashinsky
70a1f957ed
Fix BackupDevice layout on 18-word seed wallets 2020-03-13 13:41:04 +13:00
Andrew Kozlik
2f905a1157 core/webauthn: Add algorithm and curve to WebAuthnListResidentCredentials response. 2020-03-12 15:45:26 +01:00
Andrew Kozlik
f610787f8d core/webauthn: Clean up bytes/bytearray typing around uctypes. 2020-03-12 15:45:26 +01:00
Andrew Kozlik
e378820f7f core/webauthn: Implement support for Ed25519 signatures in FIDO2. 2020-03-12 15:45:26 +01:00
Dusan Klinec
2658e253fa xmr/bp: memory optimizations and improvements 
- different approach to vector manipulation - more on the fly operations. Prepared for fully offloaded operations, BP on Trezor with constant memory.
- memory requirements reduced from (4MN + const) to (2MN + const)
- more raw methods to avoid unnecessary encoding/decoding
- chunking improved, chunk size set as a constant, changed from 64 to 32, missing pieces implemented to cover also BP 16
- proof_v8 support discontinued, old hardfork, not needed anymore
- get_exponent register clash fixed (for large vectors)
- reduced heap fragmentation by removing some temporary allocations
- hashing with len and offset to reduce heap fragmentation by creating a sliced arrays
- use to() wherever possible to avoid allocations and return of mutable private object
- global functions start with _ prefix, reduce import footprint
- use __slots__ in classes to minimize footprint
 2020-03-02 12:17:03 +01:00
Tomas Susanka
21676a0662 ore/tezos: better wording in delegation cancel 2020-03-02 08:49:34 +00:00
matejcik
7f91bc571c core: ensure default task restarts after a passphrase workflow (fixes #883) 2020-02-28 15:55:40 +01:00
Tomas Susanka
5ee6e56f56
Merge pull request #880 from trezor/tsusanka/sign-verify-ui 
Unify sign/verify message dialogs and fix text overflow
 2020-02-28 15:47:48 +01:00
matejcik
bd9663af79 common/defs: update token reference, add new tokens to 2.3.0/1.9.0, regenerate coins_details 2020-02-27 19:13:17 +01:00
Tomas Susanka
86b010a18b
Merge pull request #878 from trezor/matejcik/fatfs-corruption 
FatFS API rework
 2020-02-27 15:58:38 +01:00
Tomas Susanka
a8af9feebe core: fix text overflow in some dialogs 2020-02-27 12:43:33 +00:00
Tomas Susanka
744c32991f core: unify sign/verify functions 
The UI records are modified because of two changes:
- Added a coin name to the Sign/Verify screen (ETH/Lisk).
- Unified to use mono.
 2020-02-27 12:43:33 +00:00
Tomas Susanka
495a59c282 core: use wire errors instead of ValueErrors where applicable 2020-02-27 10:46:01 +00:00
matejcik
18ac4fc9ca core: update Python facing APIs 2020-02-27 10:56:23 +01:00
matejcik
d7b9582386 core/sdcard: add ensure_filesystem option (fixes #868) 
It is possible to call `ensure_sdcard` in a way that requires only SD
card be inserted, but not necessarily formatted.

This is useful for SD-protect and possibly other use-cases where the SD
card is read-only, and "not formatted" is identical to "not containing
the right files".
 2020-02-24 13:28:44 +01:00
Tomas Susanka
6c47bf8230 core: store multiple sessions/caches at the same time 2020-02-21 14:40:42 +01:00
Pavol Rusnak
562671401e
Merge pull request #860 from trezor/prusnak/multisig-show-yours-others 
core: show yours/others in get_address for multisig
 2020-02-20 13:49:13 +01:00
matejcik
ddee77ecb6 core: add SD clearing via debuglink 2020-02-20 12:51:48 +01:00
matejcik
1e9352b9e0 core: add SD format dialog, generalize sdcard usage 2020-02-20 12:51:48 +01:00
Pavol Rusnak
7944c1a837
core/monero: add confirmation dialog for unlock_time 2020-02-19 14:31:45 +00:00
Pavol Rusnak
a808cc9190
core/apps: await require_confirm should be called without return 2020-02-19 14:31:45 +00:00
Pavol Rusnak
b9486c0b33
core: show yours/others in get_address for multisig 2020-02-18 22:39:55 +00:00
Tomas Susanka
f947fe97cc core: fix style 2020-02-11 16:41:43 +01:00
Tomas Susanka
0a13f7a441 core: properly limit passphrase to 50 bytes 2020-02-11 15:39:08 +00:00