1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-01-07 22:10:57 +00:00
Commit Graph

739 Commits

Author SHA1 Message Date
Pavol Rusnak
aa6405e23c
firmware: reintroduce dep into Makefile 2018-05-03 17:42:47 +02:00
Pavol Rusnak
fb3e468ea2
fsm: split fsm_msg functions into various topic include files 2018-05-03 16:48:47 +02:00
Tomas Susanka
c4beba839b nem: mosaics are generated from nem_mosaics.json in trezor-common
closes #344
2018-05-02 17:32:47 +02:00
Peter van Mourik
78ece6631f Wanchain support (#313) 2018-05-02 15:33:22 +01:00
Pavol Rusnak
a1cde6e0ce
vendor: update trezor-common (disable Lisk messages for now) 2018-05-02 15:24:37 +01:00
ZuluCrypto
8e8749dc68 Add support for Stellar 2018-05-02 15:19:05 +01:00
Pavol Rusnak
2c56c4de1b
firmware: use -Os except for crypto/nanopb parts 2018-05-02 13:15:12 +01:00
Pavol Rusnak
783f1c0323
storage: refactor default/minimum lock storage, change default values 2018-04-10 23:46:41 +02:00
mcudev
e907cb87bc check_bootloader: depend on MEMORY_PROTECT 2018-04-10 14:19:27 +02:00
mcudev
56ff88a08f update bootloader padding/alignment and integrate build process for bootloader and firmware 2018-04-10 14:19:27 +02:00
Saleem Rashid
63a549aefb coin_info: Prepend space to coin_shortcut 2018-04-09 12:43:26 +02:00
Pavol Rusnak
27702ea26a
fix build after cashaddr merge 2018-04-05 11:56:25 +02:00
Jochen Hoenicke
059555039c
cashaddr: Don't show coin prefix on the display.
While technically part of the address, the coin prefix, e.g., bitcoincash:
is implicit and doesn't need to be checked by the user.  We still
include it in the QR-code though.

Also set case-insensitive flag for QR-code.
2018-04-05 11:28:06 +02:00
Jochen Hoenicke
1e91f92271
Increased address size to 130. 2018-04-05 11:28:06 +02:00
Jochen Hoenicke
cb6022ce04
Added support for cashaddr. 2018-04-05 11:28:05 +02:00
Jochen Hoenicke
e1ad1512d0 Avoid division by zero.
Check that there is no overflow in `inputs_count + outputs_count`.
Check that previous transaction contains at least the spent output.
2018-04-05 09:23:23 +02:00
Jochen Hoenicke
f216328987 Fix initialisation of word_pincode 2018-04-05 09:23:23 +02:00
Pavol Rusnak
9c9b4bf5cb
messages: code cleanup after emulator change 2018-04-04 16:49:04 +02:00
matejcik
8851863f81
emulator: open a second socket for debuglink, same as T2 2018-04-04 16:21:43 +02:00
Pavol Rusnak
5633207a43
bump bootloader version to 1.5.0, firmware version to 1.7.0 2018-04-04 15:04:46 +02:00
Tomas Susanka
7b1b9d3069 nem: IV is not copied
The IV copy was moved to trezor-crypto
(https://github.com/trezor/trezor-crypto/pull/140) so it is not needed
in trezor-mcu anymore
2018-04-04 15:02:39 +02:00
Pavol Rusnak
399706ae22
storage: implement unfinished_backup flag 2018-04-04 12:42:52 +02:00
Pavol Rusnak
27443a06c8
protob: add limit for DebugLinkDecision.input 2018-04-04 01:13:19 +02:00
Pavol Rusnak
3a908d7c7d
fsm: update storage after ApplyFlags 2018-04-04 01:08:39 +02:00
Roman Zeyde
159df8d24f
fsm: allow auto-lock delay configuration 2018-04-04 01:06:47 +02:00
Roman Zeyde
987b686f63
storage: allow auto-lock delay configuration 2018-04-04 01:06:26 +02:00
Saleem Rashid
8bdf338f32 coins-gen: Remove obsolete script 2018-04-03 18:40:41 +02:00
Saleem Rashid
95e5f15bde vendor: Update trezor-crypto 2018-04-03 18:40:41 +02:00
Saleem Rashid
0df9404054 signing: Check decred_script_version for txinput 2018-04-03 18:40:41 +02:00
Saleem Rashid
f0875285b2 transaction: Fix Decred multisig 2018-04-03 18:40:41 +02:00
Saleem Rashid
e7703a16fe crypto: Remove hardcoded instances of secp256k1 2018-04-03 18:40:41 +02:00
Saleem Rashid
77e76542bc signing: Compute tx_weight for Decred 2018-04-03 18:40:41 +02:00
Saleem Rashid
d63e294c0b signing: Document Decred signing 2018-04-03 18:40:41 +02:00
Saleem Rashid
057ec1227d signing: Add Decred support 2018-04-03 18:40:41 +02:00
Saleem Rashid
3f51bc3628 signing: Use SignTx in signing_init 2018-04-03 18:40:41 +02:00
Saleem Rashid
9849321883 coins: Add Decred support 2018-04-03 18:40:41 +02:00
Saleem Rashid
b3f1d79821 coin_info: Refactor coins-gen.py 2018-04-02 21:47:15 +02:00
Saleem Rashid
69356e5f56 messages_map: Fix Flake8 warnings 2018-04-02 21:47:15 +02:00
Saleem Rashid
88230e33c4 nem_mosaics: Fix Flake8 warnings 2018-04-02 21:47:15 +02:00
Saleem Rashid
7092951a40 Makefile: Add GENERATE_CODE function
Fixes #281
2018-04-02 21:47:15 +02:00
Tomas Susanka
519c117e30 nem: SignTx instead of ConfirmOutput in mosaic creation 2018-03-30 14:01:59 +02:00
Jochen Hoenicke
ed7a8bfa6c
Fixes for emulator 2018-03-29 01:30:40 +02:00
Jochen Hoenicke
25e824aaa3
Supervisor Calls
Add Supervise interrupts to allow to do privileged operations like
flashing from application code.
2018-03-29 01:30:40 +02:00
Jochen Hoenicke
068f013bc6 Force size fields in storage to be 32 bit
Better storage compatibility between 64 bit and 32 bit builds.
2018-03-29 01:16:46 +02:00
Jochen Hoenicke
0127c1a374 Add function storage_getPinWait 2018-03-29 01:16:46 +02:00
Jochen Hoenicke
c09590b54d Cleaner flash handling using FLASH_PTR
Use `FLASH_PTR` macro to convert a flash address to a const pointer.
For real hardware it is just a cast, for emulator we subtract the
`FLASH_ORIGIN` and use it as index into the memory mapped flash file.

Make write access to flash with volatile pointers

Also use FLASH_PTR in DebugMemory* for now.  This allows for reading and
writing the flash in the emulator or just crash it by reading outside
the flash...
2018-03-29 01:16:46 +02:00
Jochen Hoenicke
2587e49843 Disable fastflash.
It doesn't make sense any more and doesn't work with newer bootloaders.
2018-03-29 01:03:58 +02:00
Jochen Hoenicke
4ebbe8c274 Fix compilation problems 2018-03-29 01:03:58 +02:00
Jochen Hoenicke
a7158f39a5 fix out-of-bounds read (for debug_link)
Pinmatrix should always be null-terminated for debug-link.
The memset overwrote the terminating nul character.
2018-03-27 15:00:25 +02:00
Jochen Hoenicke
c4e1c5953e Fix shift overflow
Avoid undefined behavior by casting uint8_t to uint32_t before shifting
by 24 bits.
2018-03-27 15:00:25 +02:00
Pavol Rusnak
ceced152a8
docs: update changelogs 2018-03-21 12:29:38 +01:00
Pavol Rusnak
95dd254094
util: use shutdown from trezor-core instead of system_halt 2018-03-21 12:18:36 +01:00
Pavol Rusnak
9588e8f273
update bootloader to 1.4.0 via firmware, run unsigned firmware in unprivileged mode 2018-03-20 15:44:20 +01:00
Jochen Hoenicke
d6f41dba9e
messages: fix size of msg_tiny and add static_assert 2018-03-20 15:42:53 +01:00
Pavol Rusnak
559a700fb0
fsm: add for button before Recovery device 2018-03-20 15:41:16 +01:00
Pavol Rusnak
5ae04c17c5
firmware: set version to 1.6.1 2018-03-19 15:18:54 +01:00
Pavol Rusnak
b20336e82d
Revert WinUSB feature
This reverts the following range of commits:
68168393b9ea61328f4bb43bc3059ab32c4be2e9..ab76828e16b552c82f468e5d89f1af0645258995

Revert "update usb descriptors"
This reverts commit ab76828e16.

Revert "trezorhal: reply with winusb guid just for the main interface (0)"
This reverts commit 6acfc5d1b3.

Revert "winusb: fix WINUSB_EXTRA_STRING"
This reverts commit 966d8cb4ce.

Revert "winusb: cleanup DeviceInterfaceGUIDs usage"
This reverts commit 56c5a46095.

Revert "make winusb_string_descriptor const"
This reverts commit 132cc4b474.

Revert "webusb: remove unused constants"
This reverts commit 38b4d507bc.

Revert "bootloader: remove debug"
This reverts commit 56d3cbe2e9.

Revert "Bootloader - Switch from HID to WebUSB"
This reverts commit a22abfe90b.

Revert "Switch from HID to WebUSB"
This reverts commit cb067bd14c.

Revert "Add WinUSB, WebUSB, USB2.1 to build"
This reverts commit 05e218bcb8.

Revert "Add WebUSB descriptors"
This reverts commit a062127cef.

Revert "Add WinUSB (WebUSB preparation)"
This reverts commit e6981e85cd.
2018-03-14 00:37:08 +01:00
Roman Zeyde
e444dadbb2 storage: next firmware version would be 1.7.0 2018-03-13 21:49:29 +01:00
Pavol Rusnak
2a4a298d58
firmware: refactor fsm_getDerivedNode to include fingerprint 2018-03-07 14:04:37 +01:00
Jochen Hoenicke
d5e49556c5 Indicate own dest address in send dialog
If the destination address is controlled by the TREZOR (the wallet set
the address_n field), show the path to the address on the confirm output
dialog in the same format as the "show on Trezor" dialog indicates the
path.
2018-03-03 22:25:20 +01:00
Pavol Rusnak
e460c4fe17
session: rework get_state 2018-03-03 22:22:45 +01:00
Pavol Rusnak
7834eaba26
protect: passphrase is optional 2018-02-27 15:41:02 +01:00
Pavol Rusnak
7fa8ae136f
firmware: implement behaviour of state (still missing in PassphraseAck) 2018-02-24 17:26:57 +01:00
Pavol Rusnak
d7de064bde
bump version to 1.7.0; update firmware changelog 2018-02-21 15:40:56 +01:00
Pavol Rusnak
ab76828e16
update usb descriptors 2018-02-20 19:13:39 +01:00
Karel Bilek
cb067bd14c
Switch from HID to WebUSB
Also renaming varions functions from hid_ to webusb_ to actually reflect what they are doing
2018-02-20 19:13:38 +01:00
Jochen Hoenicke
c574c0a497
Updated confirmOutput dialog
Build it manually (to allow not indenting the address and using a
different font).
2018-02-20 18:23:14 +01:00
Jochen Hoenicke
63c6f95400
Fit 21 characters per line 2018-02-20 18:23:14 +01:00
Jochen Hoenicke
b9b36e0768
Remove duplicated code 2018-02-20 18:22:47 +01:00
Jochen Hoenicke
83a69a0334
Added fixed-width font and multi-font support 2018-02-20 18:22:47 +01:00
Pavol Rusnak
fc7189f801
use Failure_PinMismatch where it makes sense (ChangePin, ResetDevice, RecoveryDevice) 2018-02-20 17:48:19 +01:00
Pavol Rusnak
909f158c84
vendor: update trezor-common 2018-02-20 17:31:45 +01:00
Saleem Rashid
e019ab5557 fsm: Abort layoutAddress on Initialize or Cancel
Fixes #247
2018-02-20 17:19:41 +01:00
Jochen Hoenicke
1bc1bb1e77 Less paranoid change outputs.
- Allow change to be on the main chain (see spesmilo/electrum#3920).
- Allow more than one output to the Trezor, but don't treat it as change.
2018-02-20 16:39:16 +01:00
Saleem Rashid
e3a0b6e7b4 setup: Switch to unprivileged execution 2018-02-13 19:31:36 +01:00
Saleem Rashid
1f8f08d48a setup: Enable MPU
Disable code execution from SRAM and reconfiguration of the MPU.

Prevents almost all code execution attacks.
2018-02-13 15:48:42 +01:00
Wampum
2391beb6f4 expand description of multisig label (#294) 2018-01-31 17:12:52 +01:00
Pavol Rusnak
bd660655ee
introduce and use memzero instead of explicit_bzero 2018-01-18 15:21:48 +01:00
Pavol Rusnak
4a2d68acb9
use explicit_bzero where possible; update trezor-crypto 2018-01-16 19:49:47 +01:00
Pavol Rusnak
cd763b979b
layout: fix last commit 2018-01-15 18:56:57 +01:00
Pavol Rusnak
f70772fb58
rework ConfirmOutput layout (fixes #289) 2018-01-15 18:40:54 +01:00
Pavol Rusnak
c4e3596803
update trezor-crypto, adapt firmware to to changes 2018-01-13 15:20:10 +01:00
Pavol Rusnak
7e382fb790
update to python3 2018-01-12 00:03:55 +01:00
Pavol Rusnak
94fcc8c9a4
add bip84 (native segwit) 2018-01-04 22:30:40 +01:00
Saleem Rashid
6a2b92c49e storage: Fix for Clang 2017-12-20 15:04:43 +01:00
Saleem Rashid
58d2079b56 transaction: Fix uninitialized read in compile_output 2017-12-20 15:04:43 +01:00
Saleem Rashid
fd57b89902 Makefile: Use $PYTHON 2017-12-19 14:11:51 +01:00
Saleem Rashid
bab8db9191 vendor: Update Nanopb to 0.3.9 2017-12-19 14:11:51 +01:00
Saleem Rashid
045ef22d98 storage: Do not use Nanopb 2017-12-19 14:11:51 +01:00
Saleem Rashid
b92a0d24b0 fsm: Include file and line in fsm_sendFailure for DEBUG_LINK 2017-12-18 20:13:00 +01:00
Saleem Rashid
ba5b44d0c5 emulator: Initial commit 2017-12-18 20:09:59 +01:00
Saleem Rashid
36eac04e61 protob: Increase Features.coins max_count 2017-12-18 19:43:19 +01:00
Pavol Rusnak
9732825e24
move ethereum_tokens-gen.py to trezor-common 2017-12-18 18:36:17 +01:00
Saleem Rashid
83a34ff925
util: Add MIN and MAX macros 2017-12-17 03:12:37 +01:00
Saleem Rashid
9401d2805a protob: Increase NEM payload max_size
See NemProject/NanoWallet#362
2017-12-16 21:26:32 +01:00
Saleem Rashid
f17a0a85e0 fsm: Add NEMDecryptMessage 2017-12-16 21:26:32 +01:00
Jochen Hoenicke
810443f197 Fix NULL pointer access
Fixes #269
2017-12-16 15:26:25 +01:00
Jochen Hoenicke
ded41c484c storage: Padding to multiple of 4 bytes 2017-12-15 14:22:17 +01:00
Saleem Rashid
cfc5fda603 storage: Compact old_storage_size logic 2017-12-15 14:22:17 +01:00
Saleem Rashid
a304b76d34 storage: Clean up old_storage_size
Note that OLD_STORAGE_SIZE(imported) != 460, because
OLD_STORAGE_SIZE does not include end padding
2017-12-15 14:22:17 +01:00
Jochen Hoenicke
5812f9865d
Fix size of version 9 storage 2017-12-14 19:31:29 +01:00
Pavol Rusnak
2c63d51580
u2f: avoid using hdnode_private_ckd_cached in order not to constantly invalidate cache 2017-12-13 18:04:22 +01:00
Pavol Rusnak
106642bd44
fix last commit 2017-12-13 17:56:46 +01:00
Jochen Hoenicke
73edc7cb74 Added U2F root key to storage.
Fixes #251.
2017-12-13 17:54:27 +01:00
Jochen Hoenicke
88563ebaa5 Fix compile problem, fix clearing single byte 2017-12-12 19:36:34 +01:00
Pavol Rusnak
f22c849767 storage: rework storage_commit into storage_update 2017-12-12 16:28:42 +01:00
Pavol Rusnak
70843c9059 storage: introduce storageRam and storageRom 2017-12-12 16:28:42 +01:00
Pavol Rusnak
57bbcc754a storage: make storage accessible only via functions
add calls also for debug build and use them in fsm
2017-12-12 16:28:42 +01:00
Pavol Rusnak
41901a8056 firmware: rework protectChangePin
bootloader: wait for flash operation to finish
2017-12-12 12:51:08 +01:00
Pavol Rusnak
36f3b7fe09 firmware: mark usb buffer variables confidential 2017-12-12 12:51:08 +01:00
Pavol Rusnak
14d15dab99
fsm: refactor path checking code into path_mismatch function 2017-12-12 01:48:07 +01:00
Saleem Rashid
7cd9945905 fsm: Use coin->curve_name 2017-12-10 20:53:44 +01:00
Saleem Rashid
6e25e0b363 coins: Use curve_info instead of HasherType 2017-12-10 20:53:44 +01:00
Saleem Rashid
268e7de109 Update trezor-crypto 2017-12-10 20:53:44 +01:00
Saleem Rashid
dc781725c6 hasher: Move to trezor-crypto
This reverts commit dd7b21a6ca.
2017-12-10 20:53:44 +01:00
Saleem Rashid
0e60ba54b7 crypto: Use Hasher for message signing 2017-12-10 20:53:44 +01:00
Saleem Rashid
a1e911aa4c transaction: Do not hardcode HASHER_SHA2 2017-12-10 20:53:44 +01:00
Saleem Rashid
54b0869535 signing: Use Hasher instead of SHA256_CTX 2017-12-09 16:28:40 +01:00
Saleem Rashid
dd7b21a6ca hasher: Initial commit 2017-12-09 16:28:40 +01:00
Pavol Rusnak
bc7c66aa76
add Features.model field (set to "1") 2017-12-04 22:30:11 +01:00
Pavol Rusnak
f44635a9ca
vendor: update trezor-common 2017-11-29 23:04:59 +01:00
Tomas Susanka
a82bbbb30d layout: encode -> encrypt typo
updates #252
2017-11-29 13:48:29 +01:00
Tomas Susanka
cfe8a98c68 signing segwit change output typo 2017-11-25 01:06:46 +01:00
Pavol Rusnak
723cf295a7
device label -> device name 2017-11-16 20:03:26 +01:00
Pavol Rusnak
4770df8912
update version to 1.6.0 2017-11-16 19:50:42 +01:00
Pavol Rusnak
3386b16a1c
GetAddress: detect mismatched coin and path, show warning 2017-11-16 19:22:55 +01:00
Pavol Rusnak
a713fca857
layout: recognize known bip44/bip49 paths in GetAddress dialog 2017-11-16 18:34:59 +01:00
Pavol Rusnak
cc0896c334
add bip44 coin_type to CoinInfo 2017-11-16 18:34:50 +01:00
Pavol Rusnak
54659d49d8
layout: op_return now requires confirmation by user 2017-11-15 15:42:56 +01:00
Pavol Rusnak
de3b78bd0b
layout: print bip32 path in GetAddress dialog 2017-11-14 17:53:17 +01:00
Pavol Rusnak
61044b3fc3
u2f: add u2f.bin.coffee 2017-11-14 14:29:46 +01:00
Saleem Rashid
e3460b9f00 reset: Call storage_commit after initialization
Fixes #230
2017-11-14 13:42:44 +01:00
Jochen Hoenicke
e1fa7af1da Byte-precise size estimate for fees
Fixes issue #232.

It assumes largest possible signature size for all inputs.  For segwit
multisig it can be .25 bytes off due to difference between segwit
encoding (varint) vs. non-segwit encoding (op_push) of the multisig script.
2017-11-14 13:39:17 +01:00
Pavol Rusnak
a4d46b7ae1
vendor: update trezor-common, increase coins count 2017-11-13 22:32:11 +01:00
Jochen Hoenicke
b8bca1c444 Fix segwit forkid signatures 2017-11-13 22:20:08 +01:00
Jochen Hoenicke
8da2770051 Increase coin count 2017-11-13 22:20:08 +01:00
Jochen Hoenicke
a8bc3cb6bd Remove add_hash_type fields.
The 4 byte hash_type/forkid is part of the signed message, but not
part of the transaction.  Instead of hacking it into the transaction,
add it after the transaction when computing the signature.
2017-11-13 22:20:08 +01:00
Saleem Rashid
d39e4be1c8 signing: Use force_bip143 instead of has_forkid 2017-11-13 22:20:08 +01:00
Saleem Rashid
c6246b5fba coins: Add force_bip143 2017-11-13 22:20:08 +01:00
Saleem Rashid
b6f11c9f93 signing: Add signing_hash_type function
This also enables SIGHASH_FORKID for SegWit
2017-11-13 22:20:08 +01:00
Pavol Rusnak
892bb8501a
fsm: ignore case for NEM addresses 2017-11-05 19:30:33 +01:00
Jochen Hoenicke
bbf6b1b097
Implemented VerifyMessage for bech32 2017-11-05 19:28:07 +01:00
Jochen Hoenicke
0f50b816e6
Wrap long addresses in three lines 2017-11-05 19:28:07 +01:00
Jochen Hoenicke
97581928de
Enable Segwit Bech32 addresses
Increase the size of the addresses in protobuf.
Fix layout2.c to handle longer addresses.
Add a field bech32_prefix to coins.h
Adapted the coins-gen script.
Added bech32 support in signing.c and transaction.c
2017-11-05 19:28:07 +01:00
Jochen Hoenicke
cf3dc6051c Omit leading space in shortcut in GetFeatures 2017-11-05 19:23:34 +01:00
Jochen Hoenicke
1566631023 Improved backwards compatibility of GetFeatures
Set all CoinType fields except signed_message_header.
Move static assert into the function where it is needed.
2017-11-05 19:23:34 +01:00
Jochen Hoenicke
b5fa8a266a New CoinInfo separated from protobuf structures
Having CoinType using the protobuf structures has several disadvantages.
- We always need to change trezor-common if we need a new field (like
  bech32 prefix)
- Every time Trezor initializes it sends all this information out and
  nobody cares.
- The protobuf structures add storage overhead due to their fixed size.

I also removed most of the `has_` fields except for forkid:
- `has_segwit` was merged with segwit
- `has_coin_shortcut` can be replaced by test for NULL if necessary.

The fields were reordered for better padding.
2017-11-05 19:23:34 +01:00
Pavol Rusnak
18d8cb3c56
add project website (trezor.io) to license header 2017-11-05 17:47:23 +01:00
Jochen Hoenicke
a24e8a0484 Remove magic constants
Use defines for wallet depth and change chain.  Updated some comments
to clarify what is checked.
2017-11-03 19:12:41 +01:00
Jochen Hoenicke
4805f27e8c Fix checking change address
There was a signed/unsigned problem: size_t is unsigned, but we use
-1 to indicate mismatch.  The problem was that when checking the input
address path, it still did this unintentionally when a mismatch was
detected, forbidding to sign with mismatched inputs, even when there
is no change address.

We now use 1 for mismatch.  Also we don't allow change address anymore
if the inputs have a path of length 1.  This simplifies the code a bit.
2017-11-03 19:12:41 +01:00