1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-11 17:08:15 +00:00
Commit Graph

982 Commits

Author SHA1 Message Date
gabrielkerekes
6f59892824 refactor(core/cardano): introduce derive_public_key to simplify pub key derivation 2021-04-23 11:09:29 +02:00
gabrielkerekes
905970fd6a refactor(core/cardano): generalise _paginate_lines 2021-04-23 11:09:29 +02:00
gabrielkerekes
2313293477 feat(core/cardano): add support for catalyst voting registration 2021-04-23 11:09:29 +02:00
Pavol Rusnak
2852b947ec
chore(core): regenerate coins 2021-04-08 14:17:43 +02:00
Martin Milata
ac711fb8ee style(core): use more recent type annotation syntax
https://www.python.org/dev/peps/pep-0585/ - Type Hinting Generics In Standard Collections
https://www.python.org/dev/peps/pep-0604/ - Allow writing union types as X | Y
2021-04-01 11:12:30 +02:00
Martin Milata
8b3ac659a0 style(core): mypy: disable implicit Optional for function arguments
https://www.python.org/dev/peps/pep-0484/#union-types
2021-04-01 11:12:30 +02:00
Martin Milata
da72482c2f refactor(core/ui): get rid of confirm_wipe 2021-03-30 22:34:01 +02:00
Martin Milata
c0174ff217 refactor(core/ui): raise exception on dialog cancel by default 2021-03-30 22:34:01 +02:00
Martin Milata
2b6ea25712 refactor(core): convert rest of apps.bitcoin to layouts 2021-03-30 22:34:01 +02:00
Martin Milata
b1e38fe382 refactor(core): no implicit spaces in render_text 2021-03-30 22:34:01 +02:00
Martin Milata
2a5f5c1c20 refactor(core): convert parts of apps.monero to layouts 2021-03-30 22:34:01 +02:00
Martin Milata
6668921a4f refactor(core): convert apps.common.request_pin to layouts 2021-03-30 22:34:01 +02:00
Martin Milata
01900b8536 refactor(core): convert parts of apps.webauthn to layouts 2021-03-30 22:34:01 +02:00
Martin Milata
ffe6d65f72 refactor(core): convert parts of apps.management to layouts 2021-03-30 22:34:01 +02:00
Martin Milata
c09a142e2a refactor(core): convert apps.misc.* to layouts 2021-03-30 22:34:01 +02:00
Martin Milata
6ded531f8f refactor(core): convert apps.common.sdcard to layouts 2021-03-30 22:34:01 +02:00
Rafael Korbas
a9b8b0e119 feat(core/cardano): chunked serialization of signed transaction 2021-03-26 11:15:19 +01:00
gabrielkerekes
3cb686d452 fix(core/cardano): make witnesses order deterministic 2021-03-26 11:15:19 +01:00
Andrew Kozlik
3084d1196d feat(core): Support 50 digit PIN and wipe code. 2021-03-25 14:24:41 +01:00
Pavol Rusnak
da7214d82f
fix(common): update support.json to include Firo 2021-03-25 13:39:59 +01:00
matejcik
cb7152542d feat: drop DebugLinkShowText functionality 2021-03-18 10:59:51 +01:00
Rafael Korbas
74ed5b7018 feat(core/cardano): Implement bech32 asset ids based on CIP-0014 2021-03-18 09:53:33 +01:00
Rafael Korbas
bd4512b53a fix(core/cardano): Allow stake pool registrations with zero margin 2021-03-18 09:35:08 +01:00
Andrew Kozlik
b10acbe153 feat(core): Allow decreasing output amount in RBF transactions. 2021-03-17 15:15:50 +01:00
Andrew Kozlik
6de20a7dcd chore(core/bitcoin): Add DecredApprover. 2021-03-17 12:16:08 +01:00
Andrew Kozlik
523b1051c5 chore(core/bitcoin): Add stricter script_type checks in sanitizers. 2021-03-17 12:16:08 +01:00
Andrew Kozlik
6e8eebfc9c chore(core/bitcoin): Separate Decred-specific scripts from Bitcoin scripts. 2021-03-17 12:16:08 +01:00
JoeGruff
e3ea32a986 multi: Add decred staking.
Add two new input and four output script types.

Decred ticket purchases consist of a stake submission, op returns, and
change addresses. Although change addresses are allowed by consensus,
they are no longer used in practice and so have been given the
restrictions of a null pubkey and no value. Stake scripts are almost
identical to p2pkh or p2sh except for an extra opcode in front. Inputs
are currently only used in the form of one input three outputs with the
first output, or stake submission, paying to a public key hash, or with
two inputs and five outputs with the stake submission paying to a
multisig script hash. The op returns are directed to the user in the
case of one and the voting service provider and user in the case of two.

One of the sstx commitment for a ticket must pay back to the trezor
wallet. This is checked and an error is thrown if we don't find the
expected public key hash.

Because this adds the ability to create new types of outputs once the
ticket votes, two new input script types are also needed. A successful
vote will lead to a stake generation script that must be spent, and an
unsuccessful vote will lead to a revocation script that must be spent.
If we allowed stake change scripts to have a valid pubkey, that too
would require another op code, but we disallow those for output.
2021-03-17 12:16:08 +01:00
Pavol Rusnak
6c11bc60d7
common/defs/fido: add namecheap 2021-03-15 17:22:12 +01:00
Andrew Kozlik
850aa56691 docs(core): Add references to SLIPs in the code. 2021-03-09 20:01:59 +01:00
Roman Zeyde
7ce4e13bcf feat(core): add public_key to ECDHSessionKey 2021-03-08 15:59:00 +01:00
matejcik
ed0ac98970 fix(common/tools): strip "mainnet" from Ethereum network names 2021-03-01 12:05:54 +01:00
Pavol Rusnak
17fa6ab4ec chore(common): update chains+tokens 2021-03-01 12:05:54 +01:00
Rafael Korbas
ceea21ec1f feat(cardano): Format stake pool ids as bech32 instead of hex 2021-02-25 16:49:19 +01:00
Rafael Korbas
3197741795 fix(core/Cardano): account index validation in _should_hide_output() 2021-02-25 16:41:12 +01:00
Rafael Korbas
cf871ee754 fix(core/Cardano): do not show change output in byron-shelley transfers 2021-02-25 16:41:12 +01:00
Martin Milata
c28763c169 refactor(core): use reload_settings_from_storage on boot 2021-02-24 00:10:10 +01:00
Martin Milata
9b60cc0098 feat(core): restart loader from current position
On "hold to confirm" dialogs, when you hold your finger, lift it, and
quickly hold again, the progress bar jumps to the beginning. This commit
changes the behavior so the progress continues from its current position
of the reverse animation.
2021-02-24 00:10:10 +01:00
Martin Milata
06b9d1314d fix(core): do not autolock when already locked
Gets rid of unnecessary screen redraw.
2021-02-24 00:10:10 +01:00
Martin Milata
192d0dcf87 feat(core): hold homescreen to lock 2021-02-24 00:10:10 +01:00
Buck Perley
682298d7bb
fix(core): add exceptions for unchained capital paths 2021-02-12 21:56:03 +01:00
gabrielkerekes
d4dcd7bff9 fix(core/cardano): allow staking accounts beyond 100' 2021-02-11 09:55:23 +01:00
Andrew Kozlik
e5741ac308 chore(core): Use BufferReader for CBOR decoding. 2021-02-10 23:20:56 +01:00
Andrew Kozlik
ac939c94aa fix(core/tezos): Implement strict length checking.
(cherry picked from commit e7f44ebee8)
2021-02-10 16:37:26 +01:00
matejcik
6fd355756c fix(core/stellar): review usages of write_bytes_unchecked
(cherry picked from commit 781e9f4db8)
2021-02-10 16:37:26 +01:00
matejcik
08edbca428 fix(core/eos): review usages of write_bytes_unchecked
(cherry picked from commit 5b5ed8cce1)
2021-02-10 16:37:26 +01:00
Andrew Kozlik
78a2ff16d4 fix(core): In apps.bitcoin ensure that get_address() fails for multisig if user's public key is not included.
(cherry picked from commit 77f5e90466)
2021-02-10 16:37:26 +01:00
Martin Milata
391602ae99 refactor(core): turn show_address, show_pubkey, show_xpub into layouts 2021-02-10 13:57:19 +01:00
Martin Milata
03699f5639 refactor(core): turn show_success, show_warning into layouts 2021-02-10 13:57:19 +01:00
Martin Milata
f38abf9d89 refactor(core): introduce layouts
Layouts can be used by the application code to interact with user using
small number of dialogs or other groups of UI components. Each layout is
identified by name and takes some parameters. Most layouts will have an
implementation for each hardware model, mechanism is provided to import
the correct version so that application code can be oblivious to the
model.

This commit introduces the layout concept and converts a couple of
dialogs to use it.
2021-02-10 13:57:19 +01:00
Martin Milata
f1382bf892 refactor(core): model-dependent UI component directories
They now live under trezor.ui.components.tt. Later
trezor.ui.components.t1 will be added and application code will be
rewritten to not use them directly in order to work on both TT and T1.
2021-02-10 13:57:19 +01:00
matejcik
73a28e12f2 fix(core): create protobuf messages correctly 2021-02-10 10:56:52 +01:00
matejcik
bf562cfd4b feat(core/misc): enable typing for misc app 2021-02-10 10:56:52 +01:00
matejcik
ccd241fe55 feat(core/cardano): enable typing for Cardano app 2021-02-10 10:56:52 +01:00
Pavol Rusnak
18b51b856b
common/fido: update icons for github, mojeid and slushpool (#1456) 2021-02-08 16:51:49 +01:00
Rafael Korbas
e4c406822c Add multiasset sending and min validity to Cardano transactions 2021-01-27 18:26:40 +01:00
Andrew Kozlik
79fad70b05 fix: Improve wording when showing multisig XPUBS. 2021-01-26 15:09:37 +01:00
Rafael Korbas
44c7d23741 Cardano: map account paths to account numbers 2021-01-22 14:45:29 +01:00
Pavol Rusnak
7f0e939359 feat(core): implement amount_unit for AuthorizeCoinJoin and SignTx 2021-01-22 14:07:36 +01:00
Pavol Rusnak
e85ed74f8f core: implement GetAddress.ignore_xpub_magic 2021-01-21 23:46:29 +01:00
Pavol Rusnak
4ed714ba47 common/defs: add xpub_magic_multisig_segwit_{native,p2sh} fields to coins 2021-01-21 23:46:29 +01:00
Rafael Korbas
3a7a8e4d77 Disable "at least one output" restriction for Cardano, warn instead 2021-01-20 16:00:30 +01:00
mcudev
b8ffcadf94
common/defs/fido: add gemini webauthn (#1416) 2021-01-19 14:15:19 +01:00
matejcik
ed628ac4ba feat(core): make usb endpoints registration nicer 2021-01-12 14:18:13 +01:00
matejcik
fc4e15fe77 feat(core): introduce and enforce limit on label length (fixes #1399) 2021-01-12 11:22:58 +01:00
matejcik
e4b113b4bb fix(core/monero): make sure to pass strings to rendering 2021-01-11 16:47:59 +01:00
matejcik
fd502f122f feat(core): implement pagination for sign/verify 2021-01-11 16:47:59 +01:00
matejcik
bbef9c650b refactor(core): improve render_text behavior
* use less memory due to copy-less rendering
* implement linebreaking on embedded \n
2021-01-11 16:47:59 +01:00
Martin Milata
fa2e672f98 chore(core): monero: drop extraneous async/await 2021-01-11 12:14:13 +01:00
Pavol Rusnak
5728f54b78 core: return root_fingerprint in PublicKey 2021-01-08 14:17:09 +01:00
Pavol Rusnak
92452d54e5 feat(core): implement GetPublicKey.ignore_xpub_magic behaviour 2021-01-08 14:17:09 +01:00
Pavol Rusnak
e660a518c6 fix(core): show xpub instead of pubkey in GetPublicKey dialog 2021-01-08 14:17:09 +01:00
Andrew Kozlik
a609eb5e90 docs(core): Add comment about "Invalid original TXID" message. 2020-12-17 16:33:33 +01:00
Andrew Kozlik
06ce14096c chore(core): Reject replacement transactions which involve negative
fees.
2020-12-17 16:33:33 +01:00
Andrew Kozlik
aeb021b159 chore(core): Improve naming of SLIP39's T9 mask lookup. 2020-12-15 13:41:42 +01:00
Pavol Rusnak
1e8673bf5f style(core/apps): use new syntax for typing 2020-12-01 15:52:29 +01:00
Martin Milata
ee64b65b26 refactor(core): call super().__init__() in subclasses 2020-11-30 14:48:08 +01:00
Martin Milata
fa1566cb71 refactor(core): call super().__init__() in Component and Layout subclasses 2020-11-30 14:48:08 +01:00
Pavol Rusnak
952adc5961
style(core): use PEP515 Underscores in Numeric Literals 2020-11-23 14:30:16 +01:00
matejcik
58387a5f04 fix(common): drop Zilliqa token (fixes #1318) 2020-11-20 18:55:35 +01:00
matejcik
a89494f60c chore(core): regenerate network and tokens lists 2020-11-20 18:55:35 +01:00
matejcik
4628c774aa feat(core): re-allow unknown Ethereum networks, using Ethereum or Testnet paths (fixes #1335) 2020-11-20 18:55:35 +01:00
matejcik
7abe70e484 feat(core): improve ethereum tokens ui (fixes #800) 2020-11-20 18:55:35 +01:00
Rafael Korbas
b311bd4d4a Add displaying of TTL to cardano transaction, align url validation with Ledger 2020-11-20 15:58:50 +01:00
Rafael Korbas
b261f789f3 Add support for stakepool registration to Cardano 2020-11-20 15:58:50 +01:00
Andrew Kozlik
f421a213fd feat(core): Inform user about transaction finalization in Bitcoin replacement transactions. 2020-11-20 13:52:48 +01:00
Pavol Rusnak
c6e78e525a
fix: remove PIVX (#1359) 2020-11-20 12:12:42 +01:00
matejcik
e6a1bf840f fix(core): do not subclass range
micropython on real hw dislikes it for some reason

also it's completely unnecessary
2020-11-13 16:01:35 +01:00
Pavol Rusnak
50fdd183c2
ci: enable editorconfig checks, fix whitespace issues 2020-11-11 14:43:50 +01:00
matejcik
37d3bf56fa fix(core): make sure run-time settings are reset after wipe (fixes #1322) 2020-11-05 15:33:38 +01:00
matejcik
50e648636f doc(core): add references to schema specifications, add Purpose48 document 2020-11-05 14:30:11 +01:00
matejcik
665abe1e02 fix(core/bitcoin): validate path before asking to sign message (which could otherwise fail) 2020-11-05 14:30:11 +01:00
matejcik
f10084117b feat(core/bitcoin): do not show path warning when GetAddress is called silently (fixes #1206) 2020-11-05 14:30:11 +01:00
matejcik
5a97a5111b feat(core/ethereum): add SEP5 path schema as well as the compat schema 2020-11-05 14:30:11 +01:00
matejcik
a367426480 feat(core/bitcoin): use path schemas 2020-11-05 14:30:11 +01:00
matejcik
c0879f8625 feat(core/cardano): use path schemas 2020-11-05 14:30:11 +01:00
matejcik
f5c8138df6 feat(core): update most apps to use path schemas 2020-11-05 14:30:11 +01:00
matejcik
4ca8f7b0d6 style(core): use relative imports everywhere
except Monero, which has a rather complex structure and I don't want to
search&replace mess with it in case some of the things break memory
layout
2020-11-05 14:30:11 +01:00
matejcik
7fe5c804ff feat(core): implement BIP-32 path schemas 2020-11-05 14:30:11 +01:00
Andrew Kozlik
70975008cd chore (core): In apps.bitcoin skip confirmation of fee in PayJoin if the user is not increasing their contribution. 2020-10-23 15:07:15 +02:00
Andrew Kozlik
b213a55428 chore(core): In apps.bitcoin move h_inputs back to bitcoin class. 2020-10-23 15:07:15 +02:00
Andrew Kozlik
4a0c5c371a feat(core): In apps.bitcoin implement replacement transaction flow. 2020-10-23 15:07:15 +02:00
Andrew Kozlik
bd3fe1d789 chore(core): In apps.bitcoin create a separate class for transaction information. 2020-10-23 15:07:15 +02:00
Andrew Kozlik
469c131678 chore(core): In apps.bitcoin add confirm_replacement and confirm_modify_fee layouts. 2020-10-23 15:07:15 +02:00
Andrew Kozlik
7c2d690e45 chore(core): In apps.bitcoin allow get_tx_digest() to be used for original transactions. 2020-10-23 15:07:15 +02:00
Andrew Kozlik
5fc491c597 chore(core): In apps.bitcoin move BIP143 hashing back to a separate class. 2020-10-23 15:07:15 +02:00
Andrew Kozlik
9a594f4784 fix(core): Fix CoinJoin anonymity gain check in bitcoin approver. 2020-10-16 19:16:37 +02:00
Martin Milata
830592f2d9 feat(core): add experimental_features setting
The setting is off by default. When it is enabled protobuf messages
marked UNSTABLE are rejected after decoding.
2020-10-16 13:53:31 +02:00
Pavol Rusnak
d8534b5ee6
perf(core/extmod): replace HMAC Python implementation with C
We keep Python implementation of HMAC for Monero in
core/src/apps/monero/xmr/crypto/__init__.py
2020-10-12 16:33:13 +02:00
Martin Milata
542f32d3b1 feat(core): add auto_lock_delay and display_rotation to Features 2020-10-02 11:06:16 +02:00
matejcik
e4785d47e0 style: apply black 20.8b1 2020-09-29 11:30:40 +02:00
Rafael Korbas
2173ad97bc Refactor t<page number> to page<page_number> in cardano get_address call 2020-09-29 08:55:28 +02:00
Rafael Korbas
66dbdc2462 Enforce network id/protocol magic consistency for cardano show address 2020-09-29 08:55:28 +02:00
Juraj Muravsky
638977db7d Swap path with address type on screen in cardano get address 2020-09-29 08:55:28 +02:00
matejcik
0eed360037 chore: make tx type names shorter
as suggested by @andrewkozlik:
TxAckInputType -> TxInput
TxAckOutputType -> TxOutput
TxAckPrevTxType -> PrevTx
TxAckPrevInputType -> PrevInput
TxAckPrevOutputType -> PrevOutput
2020-09-23 16:00:10 +02:00
matejcik
244b264b47 chore(core): fix typing and kwargs usage 2020-09-23 16:00:10 +02:00
matejcik
37025e2a84 feat(core): use specialized protobufs in apps.bitcoin, enable typing 2020-09-23 16:00:10 +02:00
matejcik
6ba08526e1 fix(core): fix type annotations on CoinInfo 2020-09-23 16:00:10 +02:00
Pavol Rusnak
f8489f16e4 fix(common/defs): remove FSN, ICX which migrated to mainnet 2020-09-23 11:31:09 +02:00
Martin Milata
cff4955f93 core: implement SafetyChecks.PromptTemporarily
Also reword safety checks confirmation dialogs.
2020-09-18 09:02:40 +02:00
Martin Milata
9d2ad96ad4 core: add SafetyCheckLevel to Features 2020-09-18 09:02:40 +02:00
Andrew Kozlik
295710c37d core/bitcoin: Check ownership proofs using the provided commitment data. 2020-09-08 19:36:10 +02:00
Dusan Klinec
9d7b0bf50c xmr: fix new transaction type for CLSAG, HF=13 2020-09-07 17:50:38 +02:00
Andrew Kozlik
dad2852db9 core/bitcoin: Stream prev_tx after confirmation. 2020-09-04 14:36:39 +02:00
Tomas Susanka
ebc99435ab Revert "core: remove ownership messages from the public api for now"
This reverts commit 0d5f00668f.
2020-09-03 14:56:27 +02:00
Tomas Susanka
b99b8b3df3 Merge remote-tracking branch 'origin/release/2020-09' 2020-09-03 13:17:23 +02:00
Tomas Susanka
19461398d7 core/cardano: reuse derived Shamir seed (fixes #1007) 2020-09-01 16:14:41 +02:00
Tomas Susanka
0d5f00668f
core: remove ownership messages from the public api for now 2020-09-01 15:56:57 +02:00
matejcik
4909821f35 core: implement EndSession 2020-08-28 15:37:06 +02:00
Martin Milata
df5421e7d6 common/defs: update maxfee_kb to 10USD/tx
Except bitcoin.

(cherry picked from commit f51fac3410)
2020-08-25 18:06:54 +02:00
Martin Milata
f51fac3410 common/defs: update maxfee_kb to 10USD/tx
Except bitcoin.
2020-08-25 18:05:29 +02:00
Pavol Rusnak
41f5237967
common/defs: enable extra_data for FLO
(cherry picked from commit 534695313c)
2020-08-24 11:08:02 +02:00
Pavol Rusnak
534695313c
common/defs: enable extra_data for FLO 2020-08-24 11:06:12 +02:00
Andrew Kozlik
f2d669ecdc core/bitcoin: Use dynamic dispatch for confirmation dialogs in sign_tx. 2020-08-21 21:30:15 +02:00
Andrew Kozlik
02da5b7593 core/bitcoin: Show warning if nLockTime is set but ineffective due to all nSequence values being 0xffffffff. 2020-08-21 21:30:15 +02:00
Pavol Rusnak
cdf0f68bb0 core: show passphrase on device 2020-08-21 21:30:15 +02:00
Martin Milata
1b982659c4
core: fix boot loop after uploading invalid homescreen (#1205) 2020-08-21 12:00:42 +02:00
Pavol Rusnak
0620911e46 core: allow spending coins from Bitcoin paths if the coin ...
has implemented strong replay protection via SIGHASH_FORKID
2020-08-21 11:49:03 +02:00
Alexis Hernandez
96c38315df
common/defs: enable extra_data for XSN (#1208) 2020-08-20 20:40:30 +02:00
gabrielkerekes
431a25b119 Add Cardano README.md 2020-08-20 16:02:10 +02:00
Pavol Rusnak
c3ce9de3ea core: regenerate coins+tokens 2020-08-19 19:29:18 +02:00
Martin Milata
3f21e8f400 core: display coin name when signing message
Also when verifying message.
2020-08-18 13:45:49 +02:00
Martin Milata
927ee0812b core: add hard limit for transaction fees
The hard limit is set to 10*fee_warning_threshold. The limit is not
enforced when `safety_checks` is set to "Prompt".
2020-08-17 16:12:33 +02:00
Tomas Susanka
c9dc38c9f3 core: allow 49/x not 49/x' for Casa 2020-08-17 08:54:08 +02:00
Pavol Rusnak
4e11735d22 core/modtrezorui: remove prefill from text functions
use display.bar where needed to prefill the areas
2020-08-07 15:08:14 +02:00
matejcik
51ea8ccecd common: update token support 2020-08-07 11:49:26 +02:00
matejcik
cea634158a core: make sure Homescreen is properly initialized (fixes #1095) 2020-08-05 14:22:06 +02:00
Tomas Susanka
16827c3135 core: make templates 2020-08-05 13:55:36 +02:00
gabrielkerekes
afa26e7560 Use correct paths for Cardano Byron witnesses 2020-08-04 20:35:13 +02:00
Andrew Kozlik
292d909235 core/base: Implement CancelAuthorization message. 2020-08-04 17:32:44 +02:00
matejcik
cd86f9f477 core/bitcoin: make change check more robust against short paths 2020-08-04 17:32:44 +02:00
Andrew Kozlik
07d9b780a6 core/bitcoin: Change CoinJoin round ID length to 32 bytes and remove rate limiting. 2020-08-04 17:32:44 +02:00
Andrew Kozlik
377bff68f4 core/bitcoin: Implement DoPreauthorized message. 2020-08-04 17:32:44 +02:00
Andrew Kozlik
b9cfecb8b8 core/bitcoin: Support preauthorization in SignTx message for CoinJoin. 2020-08-04 17:32:44 +02:00
Andrew Kozlik
97fc9b74ab core/bitcoin: Implement CoinJoinApprover. 2020-08-04 17:32:44 +02:00
Andrew Kozlik
d6ee542deb core/bitcoin: Move transaction confirmation logic from Bitcoin to BasicApprover class. 2020-08-04 17:32:44 +02:00
Andrew Kozlik
00258f2d4d core/bitcoin: Support preauthorization in GetOwnershipProof message. 2020-08-04 17:32:44 +02:00
Andrew Kozlik
c772de9d3c core/bitcoin: Support preauthorization in @with_keychain decorator. 2020-08-04 17:32:44 +02:00
Andrew Kozlik
208283e13e core/bitcoin: Implement AuthorizeCoinJoin message. 2020-08-04 17:32:44 +02:00
Andrew Kozlik
48a331aa1d core/bitcoin: Add CoinJoinAuthorization class. 2020-08-04 17:32:44 +02:00
Andrew Kozlik
dc32a17335 core/bitcoin: Move BIP32_WALLET_DEPTH to common. 2020-08-04 17:32:44 +02:00
gabrielkerekes
683d7420ff Fix Cardano Shelley public key validation
In Shelley Cardano started using the purpose 1852'. Unfortunately,
we completely missed that the public key path validation fuction checks
for purpose 44' explicitly, which means that the user is shown a warning
when deriving public key with the purpose 1852'. Which is always when
"logging in" to a wallet. This commit should fix that.

I've also updated type hinting in get_public_key.
2020-08-04 13:03:57 +02:00
Gabriel Kerekeš
c0eba979c6 Fix bare 'except' style error - catch Exception instead
Co-authored-by: Pavol Rusnak <pavol@rusnak.io>
2020-07-30 17:17:03 +02:00
gabrielkerekes
7a1e773b49 Validate transaction metadata 2020-07-30 17:17:03 +02:00
gabrielkerekes
f2ee450410 Include metadata in transaction signing 2020-07-30 17:17:03 +02:00
gabrielkerekes
0438f318b4 Bring back cbor.Raw - to be used for metadata 2020-07-30 17:17:03 +02:00
gabrielkerekes
1ed8b56b7c Include Byron witness once for each input path 2020-07-30 17:17:03 +02:00
gabrielkerekes
7bf5cab840 Update sign_tx
Add certificates, withdrawals and metadata hash
2020-07-30 17:17:03 +02:00
gabrielkerekes
a25444efd1 Move to_account_path() to utils 2020-07-30 17:17:03 +02:00
Andrew Kozlik
7d07161efe common/fido: Unify application labeling between U2F and FIDO2. 2020-07-30 15:29:54 +02:00
Martin Milata
d955e3f1e5 core: rename class Overwintered to Zcashlike 2020-07-30 15:14:18 +02:00
Martin Milata
10387e1869 core: drop zcash v3 tx signing support 2020-07-30 15:14:18 +02:00
gabrielkerekes
6d02aa23d9 Raise wire.DataError when deriving invalid address type 2020-07-30 14:43:32 +02:00
gabrielkerekes
b5f3511c1c Add support for script addresses in tx outputs 2020-07-30 14:43:32 +02:00
gabrielkerekes
f1b6056edb Fix staking key hash message
When deriving an address with a foreign staking key Trezor would crash
due to forgotten `decode()` on hexlified staking key hash which was to
be displayed.

This wasn't discovered while testing because it weirdly would pass with
a `aaff00` string, but not with longer ones.
2020-07-30 14:43:32 +02:00
matejcik
c008600d08 core/debug: fail if wait_layout is sent without watch_layout 2020-07-29 11:50:47 +02:00
Martin Milata
3021233eaf core: remove unimports from bitcoin sign_tx layouts 2020-07-28 10:51:28 +02:00
Pavol Rusnak
cec87bba50
core: remove mono bold font variant (not used anywhere) 2020-07-27 23:22:34 +02:00
matejcik
4eb5b927c0 core/cardano: simplify keychain implementation 2020-07-27 13:24:51 +02:00
Gabriel Kerekeš
d2c1624602 Cardano shelley update 2/3 (#1112) 2020-07-27 13:11:23 +02:00
gabrielkerekes
e1615e60ec Update Cardano to support Shelley era 1/3
Update protobuf

- Previous transactions don't need to be sent anymore, because fee is
  included in the transaction now. Thus transactions_count can be
  removed from CardanoSignTx message and the CardanoTxAck and
  CardanoTxRequest messages can be removed altogether.
- CardanoTxInputType.type is unused so remove it

Add NULL (None type) serialisation to CBOR

- Transaction metada must either have a valid structure or CBOR NULL
  must be used (if metadata is empty) - it can't be simply left out.

Add protocol_magics file

- Just to have a nicer way of representing protocol magics

Update transaction signing

- Previous transactions no longer need to be requested
- Output building is simplified, since fee doesn't need to be calculated
- Remove transaction class since it is no longer needed (only functions
  remained)
- Reorder functions so it reads top to bottom

Add protocol magic to byron address on testnet

- This has always been a part of the spec, but it hasn't been
  implemented before, because it wasn't really needed.

Update trezorlib

Update tests

- Transaction messages are no longer required
- Expected values are different since tx format changed
- Common values in test cases have been extracted

Remove unused file

- Progress was used when receiving previous transactions

Add CRC check to output address validation
2020-07-27 13:04:49 +02:00
matejcik
fdcb64ac24 all: rename protobuf unsafe_prompts to safety_checks 2020-07-24 16:37:58 +02:00
matejcik
19ad1dae8b core/bitcoin: allow compatibility namespaces for Casa/Greenaddress 2020-07-24 16:37:58 +02:00
matejcik
b741560997 core/bitcoin: drop unused validate_path_for_bitcoin_public_key 2020-07-24 16:37:58 +02:00
matejcik
407375b0c4 core/bitcoin: move BITCOIN_NAMES to common 2020-07-24 16:37:58 +02:00
matejcik
fd8cb0e061 core/keychain: differentiate error message for ed25519 derivation 2020-07-24 16:37:58 +02:00
matejcik
57b08c98ed core: raise error on setting passphrase-on-device without passphrase 2020-07-24 16:37:58 +02:00
matejcik
c85d768b81 core: update references to keychain everywhere 2020-07-24 16:37:58 +02:00
matejcik
ff4ec2185e core: refactor keychain to only support one curve at a time
also make a cleaner distinction between keychain, seed, path

This enables using `unsafe_prompts`, because with the original code, if
there was no namespace match, we wouldn't know which curve to use.

For ease of implementation, we use a LRU cache for derived keys,
instead of the original design "one cache entry per namespace".

SLIP21 is now treated completely separately, via `slip21_namespaces` and
`derive_slip21` method.
If more slip21-like things come in the future, we can instead hang them
on the keychain: put a per-curve Keychain object accessible by
`keychain[curve_name].derive()`, and the majority usecase will just pass
around `keychain[curve_name]` instead of having to specify the curve in
every `derive()` call.

Or alternately we'll just specify the curve in every `derive()` call,
whichever seems more appropriate.
2020-07-24 16:37:58 +02:00
matejcik
8e44132d3c core: replace load_settings with individual setters 2020-07-24 16:37:58 +02:00
matejcik
1109250dcf core: add option to allow unsafe prompts 2020-07-24 16:37:58 +02:00
Martin Milata
03f2dab6bc core: reduce gc.collect calls during bitcon sign_tx 2020-07-24 15:35:09 +02:00
matejcik
5e7fd3aea6 core: use utils.BufferReader instead of apps.common.BytearrayReader 2020-07-24 14:09:31 +02:00
matejcik
a000ea5ec8 core/monero: update Monero app to use synchronous protobuf 2020-07-24 14:09:31 +02:00
matejcik
d568afa80d core: improve protobuf field caching 2020-07-24 14:09:31 +02:00
Martin Milata
fd117a0c9f core: raise error on auto-lock value out of range 2020-07-22 21:38:42 +02:00
matejcik
051763575d core: touch idle timer in keyboards (fixes #1099) 2020-07-10 14:05:52 +02:00
Andrew Kozlik
eb28998f98 core/bitcoin: Support multiple change-outputs. 2020-07-09 15:51:23 +02:00
Andrew Kozlik
37f4dcc7e5 core/bitcoin: Rename witness_p2wsh() to witness_multisig(). 2020-07-03 11:17:19 +02:00
Andrew Kozlik
9cd600f79e core/bitcoin: Add special confirmation screen for transactions with external inputs. 2020-07-03 11:17:19 +02:00
Andrew Kozlik
64d9350de2 core/bitcoin: Implement GetOwnershipId message. 2020-07-03 11:17:19 +02:00
Andrew Kozlik
712ec68c1b core/bitcoin: Add support for external inputs with proof of non-ownership. 2020-07-03 11:17:19 +02:00
Andrew Kozlik
d4317d1536 core/bitcoin: Implement generation and verification of SLIP-0019 proofs of ownership. 2020-07-03 11:17:19 +02:00
Andrew Kozlik
d52de28704 core/bitcoin: Implement BIP-322 SignatureProof container. 2020-07-03 11:17:19 +02:00
Andrew Kozlik
d48a372ca7 core/sign_tx: Implement support for signed external inputs. 2020-07-03 11:17:19 +02:00
Andrew Kozlik
78f14d286e core/sign_tx: Factor out get_legacy_tx_digest() from sign_nonsegwit_input(). 2020-07-03 11:17:19 +02:00
Andrew Kozlik
61e2d4d5e5 core/bitcoin: Implement signature verifier. 2020-07-03 11:17:19 +02:00
Andrew Kozlik
5378e12ba2 core/bitcoin: Clarify hash_type vs. sighash_type terminology. 2020-07-03 11:17:19 +02:00
Andrew Kozlik
d1e043f417 core/bitcoin: Implement parsing of scripts and witnesses for signature verification. 2020-07-03 11:17:19 +02:00
Andrew Kozlik
173bb7ed13 core/bitcoin: Replace TxInputType parameter in input_derive_script. 2020-07-03 11:17:19 +02:00
Andrew Kozlik
a901573ea2 core/bitcoin: Move script types from helpers to common. 2020-07-03 11:17:19 +02:00
Andrew Kozlik
3b6c1e5e6b core/crypto: Add functions for verifying DER encoded signatures. 2020-07-03 11:17:19 +02:00
Andrew Kozlik
9459c5a5c2 core/common: Add BytearrayReader and basic reader functions. 2020-07-03 11:17:19 +02:00
Andrew Kozlik
99f01cd316 core/sign_tx: Check script_pubkeys of inputs. 2020-07-03 11:17:19 +02:00
Andrew Kozlik
e7f230d66e core/sign_tx: Use varint length encoding for witness stack items. 2020-07-03 11:17:19 +02:00
Tomas Susanka
0f9a2459d3 core: make QR code smaller for Monero 2020-07-01 17:20:04 +00:00
matejcik
e6e3043096 all: implement support for pre-overwinter prevtx (fixes #1030) 2020-06-30 15:19:31 +02:00
Tomas Susanka
e534ae3ad7 legacy, core: rename Features.pin_cached to unlocked and unify 2020-06-19 21:26:36 +02:00
Tomas Susanka
a6acefbdf5 core: wipe before reset and recovery; introduce 'intialized' field 2020-06-16 11:31:29 +02:00
Andrey
1eeaa1e5cf Enable extra_data for Zcoin. Changed coininfo.py 2020-06-15 09:53:00 +02:00
Tomas Susanka
b67be7dd9e core: forbid all settings if not initialized 2020-06-11 18:47:01 +02:00
Tomas Susanka
981d079d7f core/signverify: add failsafe for an empty message header 2020-06-11 09:08:50 +02:00
Tomas Susanka
56fe5adcfc Merge branch 'release/2020-06' 2020-06-10 06:51:18 +00:00
Pavol Rusnak
5262ef84cf common/defs/fido: add aws and tutanota 2020-06-05 14:53:13 +02:00
matejcik
7579ac5274 core: fix rendering issues in homescreens 2020-06-04 16:18:46 +02:00
matejcik
872e0fb0e0 core: lower scheduler resolution to milliseconds
This avoids problems with large timeouts causing the scheduler queue to
think the time counter has overflown, and ordering the autolock task before
immediate tasks.

The maximum reasonable time difference is 0x20000000, which in
microseconds is ~8 minutes, but in milliseconds a more reasonable ~6
days.
2020-06-04 16:18:46 +02:00
matejcik
847691798b core: simplify homescreen and lockscreen implementations 2020-06-04 16:18:46 +02:00
matejcik
4bc865794f core: only unlock storage if it is locked (solves determinism issue in tests) 2020-06-04 16:18:46 +02:00
matejcik
70f67883c5 core: fix artifacts in click-based UI tests 2020-06-04 16:18:46 +02:00
matejcik
bc9247e18d core: add Cancel to a list of allowed messages while locked 2020-06-04 16:18:46 +02:00
matejcik
f32c2f9e23 core: replace workflow.kill_default with workflow.close_others 2020-06-04 16:18:46 +02:00
matejcik
01832d5ae9 core: call close_others() in place of ButtonRequest
this makes sense, really: close_others() requests UI exclusivity, and
that is something that generally happens at the same places we emit a
ButtonRequest
2020-06-04 16:18:46 +02:00
matejcik
6f53ca0ac6 core: rework wait_layout()
The original wait_layout was unreliable, because there are no guarantees
re order of arrival of the respective events. Still, TT's event handling
is basically deterministic, so as long as the host sent its messages
close enough to each other, the order worked out.

This is no longer the case with the introduction of loop.spawn: TT's
behavior is still deterministic, but now ButtonAck is processed *before*
the corresponding wait_layout, so the waiting side waits forever.

In the new process, the host must first register to receive layout
events, and then receives all of them (so the number of calls to
wait_layout must match the number of layout changes).

DebugLinkWatchLayout message must be version-gated, because of an
unfortunate collection of bugs in previous versions wrt unknown message
handling; and this interests us because upgrade-tests are using
wait_layout feature.
2020-06-04 16:18:46 +02:00
matejcik
5d823ff5ea core: use ButtonRequestType.PinEntry for PIN entry 2020-06-04 16:18:46 +02:00
matejcik
42e7c43c7c core: make sure that auto-lock shuts down running workflows 2020-06-04 16:18:46 +02:00
matejcik
2d0206c043 core: replace workflow.on_start/on_close with workflow.spawn 2020-06-04 16:18:46 +02:00
matejcik
a4f47ddd21 core/lockscreen: ignore exception when user taps "unlock" and then cancels 2020-06-04 16:18:46 +02:00
matejcik
7ff1251ee1 core: dim lockscreen (fixes #974) 2020-06-04 16:18:46 +02:00
matejcik
4035aad51b core: implement auto-lock after a configurable timeout (fixes #75) 2020-06-04 16:18:46 +02:00
Andrew Kozlik
5469acfabf core/webauthn: Cache user verification for 3 minutes. 2020-06-04 16:18:46 +02:00
Andrew Kozlik
b867ac1d01 core/webauthn: Implement FIDO2 unlocking from softlock. 2020-06-04 16:18:46 +02:00
Andrew Kozlik
0f81886c9f core/webauthn: Allow confirm_dialog() to return a new state as an alternative to the user response. 2020-06-04 16:18:46 +02:00
Andrew Kozlik
c8ae5c157e core/webauthn: Implement U2F unlocking from softlock. 2020-06-04 16:18:46 +02:00
matejcik
06aed7135a core: do not prompt for PIN just to lock the device again 2020-06-04 16:18:46 +02:00
matejcik
246998910a core: refactor usage of input_signals
this prevents a certain class of UI test failure. It also localizes the
use of debuglink signals into the layout classes instead of call sites,
which is a design we were already using for confirm_signals
2020-06-04 16:18:46 +02:00
matejcik
afeeafd5cd core: hide some fields when softlocked 2020-06-04 16:18:46 +02:00
matejcik
b9bd9ea3d0 core: only softlock when PIN is set 2020-06-04 16:18:46 +02:00
matejcik
a9ddc2a8e2 core/boot: modify initial lockscreen label 2020-06-04 16:18:46 +02:00
matejcik
09af8aed4e core: consider lockscreen to be a separate homescreen
this involves some changes to the workflow defaults:

* workflow.start_default() takes no arguments
* workflow.set_default() (originally replace_default) configures the
  default that will be started by next call to start_default().
  The intended usecase is to set_default() first and then start it
  separately.
* apps.base.set_homescreen() factors out the logic originally in
  main.py, that decides which homescreen should be launched. This uses
  set_default() call. start_default() is then used explicitly in main.py
2020-06-04 16:18:46 +02:00
matejcik
d73480bc9d core: introduce PIN soft-locking 2020-06-04 16:18:46 +02:00