1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-11-22 15:38:11 +00:00
Commit Graph

719 Commits

Author SHA1 Message Date
Pavol Rusnak
57bbcc754a storage: make storage accessible only via functions
add calls also for debug build and use them in fsm
2017-12-12 16:28:42 +01:00
Pavol Rusnak
41901a8056 firmware: rework protectChangePin
bootloader: wait for flash operation to finish
2017-12-12 12:51:08 +01:00
Pavol Rusnak
36f3b7fe09 firmware: mark usb buffer variables confidential 2017-12-12 12:51:08 +01:00
Jochen Hoenicke
2387f71813 bootloader: Check that erasing flash worked 2017-12-12 12:51:08 +01:00
Jochen Hoenicke
b4a61d60c3 bootloader: Delay flashing firmware magic.
Only flash firmware magic at the end.  Also simplified the code a bit.
2017-12-12 12:51:08 +01:00
Pavol Rusnak
6deb9fde32 setup: avoid usb host mode 2017-12-12 12:51:08 +01:00
Pavol Rusnak
14d15dab99
fsm: refactor path checking code into path_mismatch function 2017-12-12 01:48:07 +01:00
Pavol Rusnak
d822e1f19e
fix typo 2017-12-10 23:40:47 +01:00
Pavol Rusnak
8c02b50414
add installation info to readme 2017-12-10 23:40:06 +01:00
Saleem Rashid
7cd9945905 fsm: Use coin->curve_name 2017-12-10 20:53:44 +01:00
Saleem Rashid
6e25e0b363 coins: Use curve_info instead of HasherType 2017-12-10 20:53:44 +01:00
Saleem Rashid
268e7de109 Update trezor-crypto 2017-12-10 20:53:44 +01:00
Saleem Rashid
dc781725c6 hasher: Move to trezor-crypto
This reverts commit dd7b21a6ca.
2017-12-10 20:53:44 +01:00
Saleem Rashid
0e60ba54b7 crypto: Use Hasher for message signing 2017-12-10 20:53:44 +01:00
Saleem Rashid
a1e911aa4c transaction: Do not hardcode HASHER_SHA2 2017-12-10 20:53:44 +01:00
Saleem Rashid
54b0869535 signing: Use Hasher instead of SHA256_CTX 2017-12-09 16:28:40 +01:00
Saleem Rashid
dd7b21a6ca hasher: Initial commit 2017-12-09 16:28:40 +01:00
Pavol Rusnak
bc7c66aa76
add Features.model field (set to "1") 2017-12-04 22:30:11 +01:00
Pavol Rusnak
f44635a9ca
vendor: update trezor-common 2017-11-29 23:04:59 +01:00
Tomas Susanka
a82bbbb30d layout: encode -> encrypt typo
updates #252
2017-11-29 13:48:29 +01:00
Tomas Susanka
cfe8a98c68 signing segwit change output typo 2017-11-25 01:06:46 +01:00
Pavol Rusnak
723cf295a7
device label -> device name 2017-11-16 20:03:26 +01:00
Pavol Rusnak
4770df8912
update version to 1.6.0 2017-11-16 19:50:42 +01:00
Pavol Rusnak
3386b16a1c
GetAddress: detect mismatched coin and path, show warning 2017-11-16 19:22:55 +01:00
Pavol Rusnak
a713fca857
layout: recognize known bip44/bip49 paths in GetAddress dialog 2017-11-16 18:34:59 +01:00
Pavol Rusnak
cc0896c334
add bip44 coin_type to CoinInfo 2017-11-16 18:34:50 +01:00
Pavol Rusnak
54659d49d8
layout: op_return now requires confirmation by user 2017-11-15 15:42:56 +01:00
Pavol Rusnak
de3b78bd0b
layout: print bip32 path in GetAddress dialog 2017-11-14 17:53:17 +01:00
Pavol Rusnak
61044b3fc3
u2f: add u2f.bin.coffee 2017-11-14 14:29:46 +01:00
Saleem Rashid
e3460b9f00 reset: Call storage_commit after initialization
Fixes #230
2017-11-14 13:42:44 +01:00
Jochen Hoenicke
e1fa7af1da Byte-precise size estimate for fees
Fixes issue #232.

It assumes largest possible signature size for all inputs.  For segwit
multisig it can be .25 bytes off due to difference between segwit
encoding (varint) vs. non-segwit encoding (op_push) of the multisig script.
2017-11-14 13:39:17 +01:00
Pavol Rusnak
a4d46b7ae1
vendor: update trezor-common, increase coins count 2017-11-13 22:32:11 +01:00
Jochen Hoenicke
b8bca1c444 Fix segwit forkid signatures 2017-11-13 22:20:08 +01:00
Jochen Hoenicke
8da2770051 Increase coin count 2017-11-13 22:20:08 +01:00
Jochen Hoenicke
a8bc3cb6bd Remove add_hash_type fields.
The 4 byte hash_type/forkid is part of the signed message, but not
part of the transaction.  Instead of hacking it into the transaction,
add it after the transaction when computing the signature.
2017-11-13 22:20:08 +01:00
Saleem Rashid
d39e4be1c8 signing: Use force_bip143 instead of has_forkid 2017-11-13 22:20:08 +01:00
Saleem Rashid
c6246b5fba coins: Add force_bip143 2017-11-13 22:20:08 +01:00
Saleem Rashid
b6f11c9f93 signing: Add signing_hash_type function
This also enables SIGHASH_FORKID for SegWit
2017-11-13 22:20:08 +01:00
Pavol Rusnak
892bb8501a
fsm: ignore case for NEM addresses 2017-11-05 19:30:33 +01:00
Jochen Hoenicke
600c61b3dc
Updated trezor-crypto. 2017-11-05 19:28:07 +01:00
Jochen Hoenicke
bbf6b1b097
Implemented VerifyMessage for bech32 2017-11-05 19:28:07 +01:00
Jochen Hoenicke
0f50b816e6
Wrap long addresses in three lines 2017-11-05 19:28:07 +01:00
Jochen Hoenicke
97581928de
Enable Segwit Bech32 addresses
Increase the size of the addresses in protobuf.
Fix layout2.c to handle longer addresses.
Add a field bech32_prefix to coins.h
Adapted the coins-gen script.
Added bech32 support in signing.c and transaction.c
2017-11-05 19:28:07 +01:00
Jochen Hoenicke
cf3dc6051c Omit leading space in shortcut in GetFeatures 2017-11-05 19:23:34 +01:00
Jochen Hoenicke
1566631023 Improved backwards compatibility of GetFeatures
Set all CoinType fields except signed_message_header.
Move static assert into the function where it is needed.
2017-11-05 19:23:34 +01:00
Jochen Hoenicke
b5fa8a266a New CoinInfo separated from protobuf structures
Having CoinType using the protobuf structures has several disadvantages.
- We always need to change trezor-common if we need a new field (like
  bech32 prefix)
- Every time Trezor initializes it sends all this information out and
  nobody cares.
- The protobuf structures add storage overhead due to their fixed size.

I also removed most of the `has_` fields except for forkid:
- `has_segwit` was merged with segwit
- `has_coin_shortcut` can be replaced by test for NULL if necessary.

The fields were reordered for better padding.
2017-11-05 19:23:34 +01:00
Pavol Rusnak
18d8cb3c56
add project website (trezor.io) to license header 2017-11-05 17:47:23 +01:00
Jochen Hoenicke
a24e8a0484 Remove magic constants
Use defines for wallet depth and change chain.  Updated some comments
to clarify what is checked.
2017-11-03 19:12:41 +01:00
Jochen Hoenicke
4805f27e8c Fix checking change address
There was a signed/unsigned problem: size_t is unsigned, but we use
-1 to indicate mismatch.  The problem was that when checking the input
address path, it still did this unintentionally when a mismatch was
detected, forbidding to sign with mismatched inputs, even when there
is no change address.

We now use 1 for mismatch.  Also we don't allow change address anymore
if the inputs have a path of length 1.  This simplifies the code a bit.
2017-11-03 19:12:41 +01:00
Jochen Hoenicke
5e98b0ffd6 Added U2F entry for Bitfinex (#237) 2017-11-03 18:57:50 +01:00