this fixes a problem when checking signature (and therefore
reconstructing) of a vendor header that doesn't have a VendorTrust of
all zeroes, e.g., the vendor header for test builds
We can now locally verify firmware signatures and hashes. We also
recognize min_firmware_version, so this resolves#308
This also helps with #273, as trezorlib is now mostly usable for signing
firmware images.
from https://github.com/pyca/ed25519
This makes the calculations several orders of magnitude faster, which
allows us to run the CoSi test in Travis. It also doesn't stop firmware
update for several seconds while we validate the CoSi signatures.
It's still essentially the same insecure implementation, fallible to all
the same timing attacks, and it shouldn't be used for anything except
validating public signatures of public data. But now it also takes about
as much time as it should on modern hardware.
This allows us to return early from a `write`, which we need in cases
where we want to perform an operation inbetween `read` and `write` -
namely, callback for ButtonRequest should technically be invoked after
returning ButtonAck but before waiting for device's response.
Of course that doesn't really work. The callback will actually be
invoked _before_ ButtonAck, so there's still the condition that it must
return immediately or the device gets stuck with a black screen.
But doing this allows us to write code *as if* it worked, which lets the
other transports run free and wild, by which I mean, do the Right Thing
This also moves DebugLinkMixin to debuglink.py and converts the mixin to
a subclass of TrezorClient (which is finally becoming a
reasonable-looking class). This takes advantage of the new UI protocol
and is ready for further improvements, namely, queuing input for tests
that require swipes.
The ui.py module contains a Click-based implementation of the UI
protocol. Use of callback_* methods has been limited and will probably
be cleaned up further (The contract has changed so we'll try to make
third party code fail noisily. It is unclear whether a backwards
compatible approach will be possible).
Furthermore, device.recovery() now takes a callback as an argument. This
way we can get rid of WordRequest callbacks, which are only used in the
recovery flow.