trezor-firmware

Commit Graph

Author	SHA1	Message	Date
grdddj	61277bd80a	feat(core/ui): implement webauthn layouts for UI2 [no changelog]	2 years ago
grdddj	0c3423b1c7	chore(core): decrease webauthn size by 1270 bytes	2 years ago
Martin Milata	2f987c3c5e	refactor(core/ui): remove dependencies on old layouts [no changelog]	2 years ago
grdddj	9fc5bb546b	style(core): full pyright-based type-checking Changes many fields to required -- as far as we were able to figure out, signing would fail if these fields aren't provided anyway, so this should not pose a compatibility problem. Co-authored-by: matejcik <ja@matejcik.cz>	2 years ago
amadejpapez	85ba7c12ba	style(all): use f-strings for formatting [no changelog]	3 years ago
Martin Milata	2a91052b02	refactor(core/ui): move altcoin and webauthn layouts to separate file Also fix types.	3 years ago
Martin Milata	875cc0cb1a	refactor(core): convert apps.webauthn to layouts	3 years ago
Andrew Kozlik	97ca1e3341	chore(core): Add offset parameter to cbor.decode().	3 years ago
matejcik	b1e4246b46	refactor(core/webauthn): make sure KEY_AGREEMENT_*KEY is generated once per power-up This is what the spec recommends and it has been the case before workflow-restarts, when `apps.webauthn.fido2` was imported exactly once per lifetime. With workflow-restarts, `fido2` is being imported repeatedly and the keys regenerated. This does not seem to be a problem per the spec -- a FIDO workflow will retain the same keys, and non-FIDO workflows can be seen as unplugs/replugs as far as the FIDO functionality is concerned. However, regenerating the keys is slow, which is a problem for the hardware-based unit tests. We can avoid the slowness by returning to the spec-mandated behavior and generating once per power-up.	3 years ago
Martin Milata	ac711fb8ee	style(core): use more recent type annotation syntax https://www.python.org/dev/peps/pep-0585/ - Type Hinting Generics In Standard Collections https://www.python.org/dev/peps/pep-0604/ - Allow writing union types as X \| Y	3 years ago
Martin Milata	f1382bf892	refactor(core): model-dependent UI component directories They now live under trezor.ui.components.tt. Later trezor.ui.components.t1 will be added and application code will be rewritten to not use them directly in order to work on both TT and T1.	3 years ago
Pavol Rusnak	1e8673bf5f	style(core/apps): use new syntax for typing	4 years ago
Martin Milata	ee64b65b26	refactor(core): call super().__init__() in subclasses	4 years ago
Pavol Rusnak	952adc5961	style(core): use PEP515 Underscores in Numeric Literals	4 years ago
matejcik	4ca8f7b0d6	style(core): use relative imports everywhere except Monero, which has a rather complex structure and I don't want to search&replace mess with it in case some of the things break memory layout	4 years ago
Pavol Rusnak	d8534b5ee6	perf(core/extmod): replace HMAC Python implementation with C We keep Python implementation of HMAC for Monero in core/src/apps/monero/xmr/crypto/__init__.py	4 years ago
Tomas Susanka	a6acefbdf5	core: wipe before reset and recovery; introduce 'intialized' field	4 years ago
matejcik	872e0fb0e0	core: lower scheduler resolution to milliseconds This avoids problems with large timeouts causing the scheduler queue to think the time counter has overflown, and ordering the autolock task before immediate tasks. The maximum reasonable time difference is 0x20000000, which in microseconds is ~8 minutes, but in milliseconds a more reasonable ~6 days.	4 years ago
matejcik	2d0206c043	core: replace workflow.on_start/on_close with workflow.spawn	4 years ago
Andrew Kozlik	5469acfabf	core/webauthn: Cache user verification for 3 minutes.	4 years ago
Andrew Kozlik	b867ac1d01	core/webauthn: Implement FIDO2 unlocking from softlock.	4 years ago
Andrew Kozlik	0f81886c9f	core/webauthn: Allow confirm_dialog() to return a new state as an alternative to the user response.	4 years ago
Andrew Kozlik	c8ae5c157e	core/webauthn: Implement U2F unlocking from softlock.	4 years ago
matejcik	8ca7ffc3b8	core: use wire.PinCancelled/PinInvalid instead of custom versions also refactor show_pin_invalid and its usages so that it raises directly note that we are now using PinCancelled instead of ActionCancelled where appropriate	4 years ago
Andrew Kozlik	9e4a8ca785	core/webauthn: Improve error codes for uninitialized device. Return ERR_OPERATION_DENIED only upon user decline or timeout, otherwise it cancels the operation on all connected authenticators.	4 years ago
Andrew Kozlik	fca92d7344	core/webauthn: Update attestation certificate to comply with WebAuthn requirements.	4 years ago
Andrew Kozlik	25a39ea729	core/webauthn: Fix handling of interleaving frames to comply with the U2F HID specification.	4 years ago
Andrew Kozlik	b3cd760df0	core/webauthn: Disable CTAPHID_WINK function.	4 years ago
Andrew Kozlik	e5008eb332	core/webauthn: Remove indistinguishable credentials from the allow list.	4 years ago
Andrew Kozlik	cda9de8dd1	core/webauthn: Add maxCredentialCountInList and maxCredentialIdLength to authenticatorGetInfo response.	4 years ago
Andrew Kozlik	0af0e06d5b	core/webauthn: Truncate names in credential data to at most 100 bytes.	4 years ago
Andrew Kozlik	f610787f8d	core/webauthn: Clean up bytes/bytearray typing around uctypes.	4 years ago
Andrew Kozlik	e378820f7f	core/webauthn: Implement support for Ed25519 signatures in FIDO2.	4 years ago
matejcik	a79279115e	core: move confirm_signal evaluation into concrete Layout implementations Apart from making the code more correct for its users in apps.common.confirm and elsewhere, this fixes a problem where the confirm_signal would be scheduled before the dialog is rendered. By making sure that handle_rendering is scheduled (i.e., listed in create_tasks) before confirm_signal, we can be sure to render at least once and thus appear in the UI test results.	4 years ago
Andrew Kozlik	289d8276eb	core/fido2: check for HID timeout in send_cmd() (#791 )	4 years ago
Andrew Kozlik	0432f5e801	webauthn: Add use_self_attestation flag to FIDO apps.	5 years ago
matejcik	67b2ba558b	core: auto-generate list of FIDO known apps and improve code for loading icons	5 years ago
Andrew Kozlik	420a4b8ba7	core/webauthn: Close U2F confirmation screen if browser stops polling for more than 3 seconds.	5 years ago
Andrew Kozlik	0b851d6959	core/webauthn: Reply with ERR_CHANNEL_BUSY once a U2F request has been declined to stop Chrome from polling.	5 years ago
Andrew Kozlik	4d3c634732	core/webauthn: Use different return code when user verification is requested but PIN is not set to get better browser behavior. Related to `cf6949332f`.	5 years ago
Andrew Kozlik	a63ff8f9b4	core/webauthn: Add bogus app ID used by Firefox to indicate error in U2F. Figure out which error to display based on past U2F_AUTHENTICATE check-only requests on the same channel.	5 years ago
Andrew Kozlik	a704bfe184	core/webauthn: Allow only one CTAPHID_WINK command at a time on any given channel ID to fix continuous display blinking with Android.	5 years ago
Andrew Kozlik	3a4e9bd25c	core/ui: Ignore any new alert requests if an alert is already in progress in order to avoid multiple alerts overlapping.	5 years ago
Andrew Kozlik	790178a442	fixup! core/webauthn: Allow new workflow to be set after a command response is sent, so that in device tests the next test doesn't fail with ERR_CHANNEL_BUSY while the previous workflow is closing.	5 years ago
Andrew Kozlik	203853faed	core/webauthn: Allow new workflow to be set after a command response is sent, so that in device tests the next test doesn't fail with ERR_CHANNEL_BUSY while the previous workflow is closing.	5 years ago
matejcik	1f6cc77dec	upgrade black to 19.10b0	5 years ago
matejcik	18ab677124	core/webauthn: rename storage.webauthn to storage.resident_credentials	5 years ago
matejcik	28d30ffd2f	core/webauthn: unify signatures of Credential.from_bytes and friends	5 years ago
matejcik	5c93ecd53a	core: create top-level storage module This is to avoid including app-specific functionality in storage and avoid circular imports. The following policy is now in effect: modules from `storage` namespace must not import from `apps` namespace. In most files, the change only involves changing import paths. A minor refactor was needed in case of webauthn: basic get/set/delete functionality was left in storage.webauthn, and more advanced logic on top of it was moved to apps.webauthn.resident_credentials. A significant refactor was needed for sd_salt, where application (and UI) logic was tightly coupled with the IO code. This is now separated, and storage.sd_salt deals exclusively with the IO side, while the app/UI logic is implemented on top of it in apps.common.sd_salt and apps.management.sd_protect.	5 years ago
Andrew Kozlik	710866074b	core/webauthn: Fix mypy warnings.	5 years ago

1 2

54 Commits (61277bd80ade99f7ea8b0564793fdcdf6f4f739e)