1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-01-07 14:00:57 +00:00
Commit Graph

852 Commits

Author SHA1 Message Date
matejcik
85b85c67b3 trezorlib: reentrant session handling
This fixes the breakage introduced by transport reshuffles.
It's still not great and I'd love to see context manager based sessions.
But it's good enough for now.
2018-11-12 12:22:32 +01:00
matejcik
daf97afb37 bridge: refactor after merging old changes 2018-11-12 12:22:32 +01:00
matejcik
aac7726824 trezorlib: transport/protocol reshuffle
This commit breaks session handling (which matters with Bridge) and
regresses Bridge to an older code state. Both of these issues will be
rectified in subsequent commits.

Explanation of this big API reshuffle follows:

* protocols are moved to trezorlib.transport, and to a single common file.
* there is a cleaner definition of Transport and Protocol API (see below)
* fully valid mypy type hinting
* session handle counters and open handle counters mostly went away. Transports
  and Protocols are meant to be "raw" APIs; TrezorClient will implement
  context-handler-based sessions, session tracking, etc.

I'm calling this a "reshuffle" because it involved very small number of
code changes. Most of it is moving things around where they sit better.

The API changes are as follows.

Transport is now a thing that can:
* open and close sessions
* read and write protobuf messages
* enumerate and find devices

Some transports (all except bridge) are technically bytes-based and need
a separate protocol implementation (because we have two existing protocols,
although only the first one is actually used). Hence a protocol superclass.

Protocol is a thing that *also* can:
* open and close sessions
* read and write protobuf messages
For that, it requires a `handle`.

Handle is a physical layer for a protocol. It can:
* open and close some sort of device connection
  (this is distinct from session! Connection is a channel over which you can
  send data. Session is a logical arrangement on top of that; you can have
  multiple sessions on a single connection.)
* read and write 64-byte chunks of data

With that, we introduce ProtocolBasedTransport, which simply delegates
the appropriate Transport functionality to respective Protocol methods.

hid and webusb transports are ProtocolBasedTransport-s that provide separate
device handles. HidHandle and WebUsbHandle existed before, but the distinction
of functionality between a Transport and its Handle was unclear. Some methods
were moved and now the handles implement the Handle API, while the transports
provide the enumeration parts of the Transport API, as well as glue between
the respective Protocols and Handles.

udp transport is also a ProtocolBasedTransport, but it acts as its own handle.
(That might be changed. For now, I went with the pre-existing structure.)

In addition, session_begin/end is renamed to begin/end_session to keep
consistent verb_noun naming.
2018-11-12 12:22:26 +01:00
matejcik
560a5215c5 client: do not coerce self.features.vendor to string
There is no good reason to do that and it hides situations when
the field mistakenly doesn't exist.

Added comment explains that missing "vendor" field might by caused
by trezor-common mismatch, which fixes #328
2018-11-06 14:16:53 +01:00
matejcik
ca345e9766 cardano: clean up test case 2018-11-06 13:38:13 +01:00
matejcik
81c55c1c5f device_tests: fix remaining use of btc.sign_tx 2018-11-06 13:38:09 +01:00
matejcik
99278f7d08 client: PassphraseState is not mandatory (missing on T1 in fact) 2018-11-06 13:36:25 +01:00
matejcik
1233feb358 style: fix imports 2018-11-06 13:36:25 +01:00
matejcik
601d3b49c3 trezorlib: add some utility features 2018-11-06 13:36:25 +01:00
matejcik
c269d67cde trezorlib: finalize BTC API changes
- drop set_tx_api method and its usage from trezorctl
- drop _prepare_sign_tx which is not used anymore
- adapt trezorctl to new signing API
- make trezorctl signing smarter, ahead of moving it elsewhere
2018-11-06 13:36:25 +01:00
matejcik
620e48e4d0 tests: adapt tests to new APIs 2018-11-06 13:36:25 +01:00
matejcik
9caea6d413 tx_api: rework API, separate caching functionality to test support 2018-11-06 13:36:25 +01:00
matejcik
3239d53bc0 debuglink: add support for arbitrary message filters
(this replaces `debug_processor` from sign_tx)
2018-11-06 13:36:25 +01:00
matejcik
5087f30a69 firmware: fix byte order for VendorTrust field, reproduce reserved field
this fixes a problem when checking signature (and therefore
reconstructing) of a vendor header that doesn't have a VendorTrust of
all zeroes, e.g., the vendor header for test builds
2018-11-06 13:36:25 +01:00
matejcik
c248946b3d protobuf: make MessageType more dict-like, drop _add_ and _extend_
so that SignTx(**tx) works

_add_x and _extend_x methods are left-overs from google protobuf
and shouldn't be used anymore
2018-11-06 13:36:25 +01:00
matejcik
e5e0759dc8 btc: refactor and cleanup sign_tx api & flow 2018-11-06 13:36:25 +01:00
matejcik
ea675f1e58 client: inline PassphraseState flow into Passphrase flow 2018-11-06 13:36:25 +01:00
Pavol Rusnak
1218a487f6
fix style 2018-11-04 16:06:21 +01:00
Pavol Rusnak
b4e34b98fc
trezorlib: add monero getaddress/getwatchkey + tests 2018-11-04 15:27:45 +01:00
matejcik
de981febc7 ui: switch ClickUI to use stderr 2018-10-25 12:47:14 +02:00
Tibor Arpas
e9b540e6b6 altcoin: Capricoin support tests and minor trezorctl addition. (#325) 2018-10-24 15:05:59 +02:00
Tibor Arpas
f78885af5a Closes #326 : tx_api.get_tx incompatible with current blockbook (#327)
This makes ./trezorctl fetching of previous transactions compatible with current blockbook. re #326
2018-10-24 14:13:52 +02:00
Pavol Rusnak
57f1dddc2f
fix style 2018-10-23 15:30:31 +02:00
Pavol Rusnak
45265cdcb7
tests: enable Stellar tests for T1 2018-10-23 14:13:55 +02:00
Pavol Rusnak
7e9501e816
tests: fix test_protection_levels (add buttonrequest to reset workflow) 2018-10-23 12:26:10 +02:00
Pavol Rusnak
ac0731300e
fix style 2018-10-23 12:24:10 +02:00
Pavol Rusnak
0aa6e45eec
tests: add tests for missing multisig 2018-10-22 15:59:07 +02:00
Pavol Rusnak
43b7ca4fd6
tests: fix style 2018-10-22 15:41:27 +02:00
Pavol Rusnak
1397c3b4d9
tests: update T1+T2 reset+recovery tests to reflect new Confirm dialog 2018-10-22 14:44:36 +02:00
Pavol Rusnak
5e259ab2c3
tests: fix test for Zcash Sapling test 2018-10-17 16:59:11 +02:00
matejcik
00a3f24731 device_tests: raise timeout in TestMsgResetDeviceT2
because swipe_down action is slow and it might not finish
in time for reading reset_words, so you read the same reset_words twice
2018-10-16 17:17:08 +02:00
Pavol Rusnak
685f24b454
tests: add test for Zcash Sapling 2018-10-16 10:58:12 +02:00
Pavol Rusnak
837781eb55
vendor: update trezor-common, use Tx.version_group_id where possible 2018-10-15 17:52:11 +02:00
matejcik
3f92683bc6 firmware: update forgotten comment 2018-10-12 16:05:50 +02:00
matejcik
e1efd493fd trezorctl: updated firmware update flow
We can now locally verify firmware signatures and hashes. We also
recognize min_firmware_version, so this resolves #308

This also helps with #273, as trezorlib is now mostly usable for signing
firmware images.
2018-10-12 15:58:55 +02:00
matejcik
3e7b26b454 exceptions: smarter, nicer exceptions from Failures 2018-10-12 15:49:17 +02:00
matejcik
eb2b58e1f4 cosi: tests for new verify_m_of_n method 2018-10-12 12:58:49 +02:00
matejcik
ba365b5486 cosi: replace slow djb implementation of ed25519 with an optimized one
from https://github.com/pyca/ed25519

This makes the calculations several orders of magnitude faster, which
allows us to run the CoSi test in Travis. It also doesn't stop firmware
update for several seconds while we validate the CoSi signatures.

It's still essentially the same insecure implementation, fallible to all
the same timing attacks, and it shouldn't be used for anything except
validating public signatures of public data. But now it also takes about
as much time as it should on modern hardware.
2018-10-12 12:58:44 +02:00
Pavol Rusnak
3d5fa7a2f6
tests: refactor test_msg_resetdevice_skipbackup 2018-10-11 17:26:20 +02:00
Pavol Rusnak
16d9d58ee1
tests: add test in resetdevice for combination of display_random and skip_backup 2018-10-11 15:29:30 +02:00
Pavol Rusnak
a1ba9db744
tests: re-enable Decred test for T2 2018-10-10 13:44:36 +02:00
Matheus Degiovani
688e885903 decred: Add sign message tests (#318) 2018-10-10 13:35:31 +02:00
matejcik
88988172b9 bridge: perform HTTP request in read, not write
This allows us to return early from a `write`, which we need in cases
where we want to perform an operation inbetween `read` and `write` -
namely, callback for ButtonRequest should technically be invoked after
returning ButtonAck but before waiting for device's response.

Of course that doesn't really work. The callback will actually be
invoked _before_ ButtonAck, so there's still the condition that it must
return immediately or the device gets stuck with a black screen.

But doing this allows us to write code *as if* it worked, which lets the
other transports run free and wild, by which I mean, do the Right Thing
2018-10-10 13:15:28 +02:00
matejcik
2d7c74c535 switch to click 7.0 2018-10-10 13:15:28 +02:00
matejcik
8618f44272 tests: fix signature of device.recover in expect-to-fail tests 2018-10-10 13:15:28 +02:00
matejcik
1d3fa77ab6 debuglink: allow with-block without expected_responses 2018-10-10 13:15:28 +02:00
matejcik
ffff11a462 style: isort & autopep 2018-10-10 13:15:28 +02:00
matejcik
886d4f18f4 device_tests: sample usage of input_flow 2018-10-10 13:15:28 +02:00
matejcik
0f7f694914 debug: fix test_msg_applysettings 2018-10-10 13:15:28 +02:00
matejcik
c37bc9c38e debug: improve infrastructure and expected message reporting 2018-10-10 13:15:28 +02:00
matejcik
fc7a76e2f3 tests: use stdlib mock instead of the third-party one 2018-10-10 13:15:28 +02:00
matejcik
a5abd70619 trezorlib: drop TrezorClientDebugLink from client.py 2018-10-10 13:15:28 +02:00
matejcik
06927e003e trezorlib: get rid of TextUIMixin
This also moves DebugLinkMixin to debuglink.py and converts the mixin to
a subclass of TrezorClient (which is finally becoming a
reasonable-looking class). This takes advantage of the new UI protocol
and is ready for further improvements, namely, queuing input for tests
that require swipes.

The ui.py module contains a Click-based implementation of the UI
protocol. Use of callback_* methods has been limited and will probably
be cleaned up further (The contract has changed so we'll try to make
third party code fail noisily. It is unclear whether a backwards
compatible approach will be possible).

Furthermore, device.recovery() now takes a callback as an argument. This
way we can get rid of WordRequest callbacks, which are only used in the
recovery flow.
2018-10-10 13:15:28 +02:00
Matheus Degiovani
6d9157c4a5 decred: Return tree and version in insight api (#319) 2018-10-10 12:44:54 +02:00
Pavol Rusnak
00ebbbb1f3
tests: add test in resetdevice for combination of display_random and no_backup 2018-10-08 15:54:28 +02:00
Pavol Rusnak
cd006026dd
Revert "tests: enable Decred tests for T2"
This reverts commit d49a38d80f.
2018-10-08 14:34:26 +02:00
Pavol Rusnak
c395501d2d
trezorctl: add no-backup option to reset-device 2018-10-08 14:17:07 +02:00
Pavol Rusnak
d49a38d80f
tests: enable Decred tests for T2 2018-10-06 13:50:37 +02:00
Pavol Rusnak
0f62c817d5
tests: fix warnings in test_msg_resetdevice_nobackup.py 2018-10-04 18:04:37 +02:00
Jochen Hoenicke
b4c5b996a1 Fix Qt5/4 import strategy.
- Try Qt5 before Qt4.
- Handle all exceptions (a ValueError is thrown if the wrong Qt was
  imported earlier)
2018-10-04 17:42:59 +02:00
Pavol Rusnak
3424f01ae7
tests: nitpicks in resetdevice_skipbackup, add resetdevice_nobackup 2018-10-04 17:40:53 +02:00
matejcik
d859fe36f7 coins: pick correct field name for TxApi 2018-10-04 17:14:46 +02:00
matejcik
dbcc903e52 cardano: fix tests broken after binascii removal 2018-10-02 16:51:53 +02:00
matejcik
a66cf99b74 cosi: fix bug in signing code, make tests pass 2018-10-02 16:11:20 +02:00
matejcik
4fb3acb029 style: uppercase hex constants to conform with black 18.9b0 style 2018-10-01 14:01:33 +02:00
matejcik
15d3b0c722 cosi: clarify convoluted parts of local signing code 2018-09-27 16:53:57 +02:00
Pavol Rusnak
4a0ca873eb trezorlib+tools: remove usage of binascii 2018-09-27 16:52:28 +02:00
Pavol Rusnak
7f55847ab1 tests: remove usage of binascii 2018-09-27 16:52:28 +02:00
Dusan Klinec
61de49fae5
protob test fix after migration to get_fields() 2018-09-20 14:35:47 +02:00
Dusan Klinec
6b32e33c58
protobuf.py uses get_fields() 2018-09-20 13:57:26 +02:00
Tomas Susanka
7e35dfa51e tests: style fix 2018-09-18 10:36:31 +02:00
ZuluCrypto
0d5fc9bddd
Stellar - failing test when an asset type of native is explicitly specified (instead of just left blank) 2018-09-17 19:13:24 -06:00
Pavol Rusnak
73c8a1c11f
tests: cleanup lisk tests 2018-09-14 12:23:38 +02:00
Pavol Rusnak
3831ddd5a9
tests: fix missing import in lisk tests 2018-09-14 11:37:42 +02:00
Aleksey Popov
144c8c1f5b
lisk: enable tests for t1 (xfail) 2018-09-14 11:26:07 +02:00
Tomas Susanka
f968d68651 tests: tezos is not xfailed anymore 2018-09-13 15:12:42 +02:00
Pavol Rusnak
045c078a50
tests: reduce test_protect_call.py duration from 26 seconds to 5 2018-09-12 20:37:12 +02:00
Pavol Rusnak
6074903d6b
tests: regenerate decred signing tests
because decred people wanted to change bip32_name
in 0b0f01fb59
2018-09-12 19:33:15 +02:00
Adrián Matejov
15df848b05 added Tezos support (#302)
* also added device tests for tezos

Signed-off-by: Adrian Matejov <adrian.matejov@simplestaking.com>

We also pushed signed operations to betanet network and they got accepted.
Here's the list of them
* transaction tz1 http://tzscan.io/ong8MQBX595Ld4dteHCbPqd6uzmEorEft6ZvfiX5vQMX4WHRh7K
* transaction tz2 http://tzscan.io/ooHZ2vbFX1M1fmr9KpLPWQ8r6oZB2RikpGBXsoQSZfbV1hWVjCP
* transaction tz3 http://tzscan.io/op79uLwaFqNB6SgcaAaJtoHFBQk3mL5bC1BQTvYzwX2DVSr8RJG

* origination tz1 http://tzscan.io/ooJg7qXtUjh16AtdSvv5kgaQnxjtAiBysFkG3EaG5qPAuDT1Cym contract http://tzscan.io/KT1VakcExcig27ZAuoLTExgGXtvUsykQSf5R
* origination tz2 http://tzscan.io/opDrUvCGUwKeu86b7GbRLeVzAkyKkdfnV9aSGAzGDLYYS11m6Qr contract http://tzscan.io/KT1LdQeHBSpvvzdRH495qHmtagavZcZ9Z5GW
* origination tz3 http://tzscan.io/opVWtfwvSvHzC6hsSGG31G23Q6nBov8SSvmA2nYXBNc5fWGk3Bg contract http://tzscan.io/KT1VfKfsgKFEfZ5vZUaZNaZyGrQf1gr1MEqr

* delegation tz1 http://tzscan.io/onws37YkYRnUvwYiPqYATZFtBVhBwbS2rdPkQjFGbAfLzt82MGa
* delegation tz2 http://tzscan.io/oocKfbotJwN5Zvmoybhb9LUJ6VhmeS42G2oZHaXQ2mXm98Rzx8r
* delegation tz3 http://tzscan.io/ooFQBcoMzwseJHnFgQ9fEPxAXhtgifuvvEH1CtmyAtnK5R7Drik

* transaction+reveal tz2 http://tzscan.io/ooEyN4FxP8RYh98RJgQxposDUuWHLWT8fUzWawNRCsMGxaNAN9c
* transaction+reveal tz3 http://tzscan.io/ooLaWQzZj1cbkMjZAifV71QCu5bdbMtET5CabrzLWQmnGMMhwmE
2018-09-10 16:40:31 +02:00
matejcik
cb4c366ce9 device_tests: add signtx expected responses generator 2018-09-10 16:02:17 +02:00
Pavol Rusnak
51f178ef1a
tests: cleanup CardanoGetPublicKey test 2018-09-07 19:22:57 +02:00
Tomas Susanka
ea77deeaed tests: xfail marks removed 2018-09-07 17:21:41 +02:00
Tomas Susanka
5fadcb6b06 tests/ontology redundant swipe removed
This bug caused other tests (resetdevice_t2 in particular) to fail. This
is because the test made one more swipe than was supposed to. This led to
a failure in resetdevice tests, which do swipes as well and read data
returned, which did not fit due to the redundant swipe.
2018-09-07 16:33:16 +02:00
Pavol Rusnak
949438f4c5
tests: add script_type test to getpublickey test 2018-09-06 19:05:53 +02:00
Dušan Plavák
bd6bcf7dfa Add network param to cardano sign tx (#306) 2018-09-06 17:25:55 +02:00
matejcik
305cb55d02 style: reformat client.py 2018-09-06 17:09:37 +02:00
Pavol Rusnak
434f279069
use implicit encoding in encode/decode 2018-09-06 16:22:38 +02:00
Matus Zamborsky
21326d3a41 add Ontology support (#301)
* add Ontology support

Signed-off-by: Matus Zamborsky <zamborsky@gmail.com>
2018-09-06 15:36:44 +02:00
Tomas Susanka
4f572f9e15 cardano: remove sign/verify functions 2018-09-06 14:54:06 +02:00
matejcik
351c017583 style: more known_third_party modules
because frankly, isort's detection is a huge mess
2018-09-05 15:43:29 +02:00
Pavol Rusnak
555bb62e3f
btc: add script_type to get_public_node 2018-09-05 15:21:11 +02:00
Dušan Plavák
fb22b894ba Add cardano support to trezorctl and some tests (#300)
Add cardano support to trezorctl and some tests
2018-09-05 14:56:31 +02:00
Tomas Susanka
6c15a41514 tests: ripple fix 2018-09-05 10:42:32 +02:00
matejcik
80766ca6b3 tests: xfail Stellar on T1 until we re-enable it 2018-09-04 16:14:29 +02:00
matejcik
d235875e5e build: support new tooling in trezor-common 2018-09-04 15:51:38 +02:00
matejcik
e5c2329b80 client: drop stellar_get_public_key from compatibility links 2018-09-04 15:51:38 +02:00
matejcik
1de1ff2823 tx_api: fix issue on python < 3.5 2018-09-03 14:59:39 +02:00
matejcik
0f71cbcc44 tx_api: update to assume "/api" path again, let blockHash request be
cached
2018-09-03 14:59:29 +02:00
Tomas Susanka
88a02822d3 stellar: public key methods removed 2018-09-03 14:57:10 +02:00
Pavol Rusnak
3c48f906b2 tests: fix eip155 test 2018-09-03 14:53:53 +02:00