1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-11-30 03:18:20 +00:00
Commit Graph

807 Commits

Author SHA1 Message Date
matejcik
5bb7dc39b8 transport: consolidate USB-based transports
remove Trezor 2 support from HID transport, which never worked

use ProtocolV1 explicitly everywhere, as V2 doesn't exist in practice

move USB IDs and UDEV warning string to a common place

fix a bug where HID would return a list instead of bytes
2018-11-12 12:22:32 +01:00
matejcik
d3534a15c9 transport: fix typing after autoflake treatment
autoflake will remove all unused imports when `make style` is invoked,
but can't recognize typing names that are only used in comments.

this fixes it.
2018-11-12 12:22:32 +01:00
matejcik
bfb56451e8 bridge: support bridge 2.0.25+
which can do read/write separately and supports debuglink
2018-11-12 12:22:32 +01:00
matejcik
ed473e2e42 trezorlib: add licence headers where missing 2018-11-12 12:22:32 +01:00
matejcik
93d84539bd transport: fit log messages to lines 2018-11-12 12:22:32 +01:00
matejcik
85b85c67b3 trezorlib: reentrant session handling
This fixes the breakage introduced by transport reshuffles.
It's still not great and I'd love to see context manager based sessions.
But it's good enough for now.
2018-11-12 12:22:32 +01:00
matejcik
daf97afb37 bridge: refactor after merging old changes 2018-11-12 12:22:32 +01:00
matejcik
aac7726824 trezorlib: transport/protocol reshuffle
This commit breaks session handling (which matters with Bridge) and
regresses Bridge to an older code state. Both of these issues will be
rectified in subsequent commits.

Explanation of this big API reshuffle follows:

* protocols are moved to trezorlib.transport, and to a single common file.
* there is a cleaner definition of Transport and Protocol API (see below)
* fully valid mypy type hinting
* session handle counters and open handle counters mostly went away. Transports
  and Protocols are meant to be "raw" APIs; TrezorClient will implement
  context-handler-based sessions, session tracking, etc.

I'm calling this a "reshuffle" because it involved very small number of
code changes. Most of it is moving things around where they sit better.

The API changes are as follows.

Transport is now a thing that can:
* open and close sessions
* read and write protobuf messages
* enumerate and find devices

Some transports (all except bridge) are technically bytes-based and need
a separate protocol implementation (because we have two existing protocols,
although only the first one is actually used). Hence a protocol superclass.

Protocol is a thing that *also* can:
* open and close sessions
* read and write protobuf messages
For that, it requires a `handle`.

Handle is a physical layer for a protocol. It can:
* open and close some sort of device connection
  (this is distinct from session! Connection is a channel over which you can
  send data. Session is a logical arrangement on top of that; you can have
  multiple sessions on a single connection.)
* read and write 64-byte chunks of data

With that, we introduce ProtocolBasedTransport, which simply delegates
the appropriate Transport functionality to respective Protocol methods.

hid and webusb transports are ProtocolBasedTransport-s that provide separate
device handles. HidHandle and WebUsbHandle existed before, but the distinction
of functionality between a Transport and its Handle was unclear. Some methods
were moved and now the handles implement the Handle API, while the transports
provide the enumeration parts of the Transport API, as well as glue between
the respective Protocols and Handles.

udp transport is also a ProtocolBasedTransport, but it acts as its own handle.
(That might be changed. For now, I went with the pre-existing structure.)

In addition, session_begin/end is renamed to begin/end_session to keep
consistent verb_noun naming.
2018-11-12 12:22:26 +01:00
matejcik
560a5215c5 client: do not coerce self.features.vendor to string
There is no good reason to do that and it hides situations when
the field mistakenly doesn't exist.

Added comment explains that missing "vendor" field might by caused
by trezor-common mismatch, which fixes #328
2018-11-06 14:16:53 +01:00
matejcik
ca345e9766 cardano: clean up test case 2018-11-06 13:38:13 +01:00
matejcik
81c55c1c5f device_tests: fix remaining use of btc.sign_tx 2018-11-06 13:38:09 +01:00
matejcik
99278f7d08 client: PassphraseState is not mandatory (missing on T1 in fact) 2018-11-06 13:36:25 +01:00
matejcik
1233feb358 style: fix imports 2018-11-06 13:36:25 +01:00
matejcik
601d3b49c3 trezorlib: add some utility features 2018-11-06 13:36:25 +01:00
matejcik
c269d67cde trezorlib: finalize BTC API changes
- drop set_tx_api method and its usage from trezorctl
- drop _prepare_sign_tx which is not used anymore
- adapt trezorctl to new signing API
- make trezorctl signing smarter, ahead of moving it elsewhere
2018-11-06 13:36:25 +01:00
matejcik
620e48e4d0 tests: adapt tests to new APIs 2018-11-06 13:36:25 +01:00
matejcik
9caea6d413 tx_api: rework API, separate caching functionality to test support 2018-11-06 13:36:25 +01:00
matejcik
3239d53bc0 debuglink: add support for arbitrary message filters
(this replaces `debug_processor` from sign_tx)
2018-11-06 13:36:25 +01:00
matejcik
5087f30a69 firmware: fix byte order for VendorTrust field, reproduce reserved field
this fixes a problem when checking signature (and therefore
reconstructing) of a vendor header that doesn't have a VendorTrust of
all zeroes, e.g., the vendor header for test builds
2018-11-06 13:36:25 +01:00
matejcik
c248946b3d protobuf: make MessageType more dict-like, drop _add_ and _extend_
so that SignTx(**tx) works

_add_x and _extend_x methods are left-overs from google protobuf
and shouldn't be used anymore
2018-11-06 13:36:25 +01:00
matejcik
e5e0759dc8 btc: refactor and cleanup sign_tx api & flow 2018-11-06 13:36:25 +01:00
matejcik
ea675f1e58 client: inline PassphraseState flow into Passphrase flow 2018-11-06 13:36:25 +01:00
Pavol Rusnak
1218a487f6
fix style 2018-11-04 16:06:21 +01:00
Pavol Rusnak
b4e34b98fc
trezorlib: add monero getaddress/getwatchkey + tests 2018-11-04 15:27:45 +01:00
matejcik
de981febc7 ui: switch ClickUI to use stderr 2018-10-25 12:47:14 +02:00
Tibor Arpas
e9b540e6b6 altcoin: Capricoin support tests and minor trezorctl addition. (#325) 2018-10-24 15:05:59 +02:00
Tibor Arpas
f78885af5a Closes #326 : tx_api.get_tx incompatible with current blockbook (#327)
This makes ./trezorctl fetching of previous transactions compatible with current blockbook. re #326
2018-10-24 14:13:52 +02:00
Pavol Rusnak
57f1dddc2f
fix style 2018-10-23 15:30:31 +02:00
Pavol Rusnak
45265cdcb7
tests: enable Stellar tests for T1 2018-10-23 14:13:55 +02:00
Pavol Rusnak
7e9501e816
tests: fix test_protection_levels (add buttonrequest to reset workflow) 2018-10-23 12:26:10 +02:00
Pavol Rusnak
ac0731300e
fix style 2018-10-23 12:24:10 +02:00
Pavol Rusnak
0aa6e45eec
tests: add tests for missing multisig 2018-10-22 15:59:07 +02:00
Pavol Rusnak
43b7ca4fd6
tests: fix style 2018-10-22 15:41:27 +02:00
Pavol Rusnak
1397c3b4d9
tests: update T1+T2 reset+recovery tests to reflect new Confirm dialog 2018-10-22 14:44:36 +02:00
Pavol Rusnak
5e259ab2c3
tests: fix test for Zcash Sapling test 2018-10-17 16:59:11 +02:00
matejcik
00a3f24731 device_tests: raise timeout in TestMsgResetDeviceT2
because swipe_down action is slow and it might not finish
in time for reading reset_words, so you read the same reset_words twice
2018-10-16 17:17:08 +02:00
Pavol Rusnak
685f24b454
tests: add test for Zcash Sapling 2018-10-16 10:58:12 +02:00
Pavol Rusnak
837781eb55
vendor: update trezor-common, use Tx.version_group_id where possible 2018-10-15 17:52:11 +02:00
matejcik
3f92683bc6 firmware: update forgotten comment 2018-10-12 16:05:50 +02:00
matejcik
e1efd493fd trezorctl: updated firmware update flow
We can now locally verify firmware signatures and hashes. We also
recognize min_firmware_version, so this resolves #308

This also helps with #273, as trezorlib is now mostly usable for signing
firmware images.
2018-10-12 15:58:55 +02:00
matejcik
3e7b26b454 exceptions: smarter, nicer exceptions from Failures 2018-10-12 15:49:17 +02:00
matejcik
eb2b58e1f4 cosi: tests for new verify_m_of_n method 2018-10-12 12:58:49 +02:00
matejcik
ba365b5486 cosi: replace slow djb implementation of ed25519 with an optimized one
from https://github.com/pyca/ed25519

This makes the calculations several orders of magnitude faster, which
allows us to run the CoSi test in Travis. It also doesn't stop firmware
update for several seconds while we validate the CoSi signatures.

It's still essentially the same insecure implementation, fallible to all
the same timing attacks, and it shouldn't be used for anything except
validating public signatures of public data. But now it also takes about
as much time as it should on modern hardware.
2018-10-12 12:58:44 +02:00
Pavol Rusnak
3d5fa7a2f6
tests: refactor test_msg_resetdevice_skipbackup 2018-10-11 17:26:20 +02:00
Pavol Rusnak
16d9d58ee1
tests: add test in resetdevice for combination of display_random and skip_backup 2018-10-11 15:29:30 +02:00
Pavol Rusnak
a1ba9db744
tests: re-enable Decred test for T2 2018-10-10 13:44:36 +02:00
Matheus Degiovani
688e885903 decred: Add sign message tests (#318) 2018-10-10 13:35:31 +02:00
matejcik
88988172b9 bridge: perform HTTP request in read, not write
This allows us to return early from a `write`, which we need in cases
where we want to perform an operation inbetween `read` and `write` -
namely, callback for ButtonRequest should technically be invoked after
returning ButtonAck but before waiting for device's response.

Of course that doesn't really work. The callback will actually be
invoked _before_ ButtonAck, so there's still the condition that it must
return immediately or the device gets stuck with a black screen.

But doing this allows us to write code *as if* it worked, which lets the
other transports run free and wild, by which I mean, do the Right Thing
2018-10-10 13:15:28 +02:00
matejcik
2d7c74c535 switch to click 7.0 2018-10-10 13:15:28 +02:00
matejcik
8618f44272 tests: fix signature of device.recover in expect-to-fail tests 2018-10-10 13:15:28 +02:00