arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-11-15 20:19:23 +00:00
Code Issues Releases Wiki Activity
9,712 Commits 341 Branches 206 Tags 195 MiB
7abe70e484
Commit Graph

1324 Commits

Author SHA1 Message Date
Andrew Kozlik
99f01cd316 core/sign_tx: Check script_pubkeys of inputs. 2020-07-03 11:17:19 +02:00
Andrew Kozlik
cc655575c8 common: Add witness field to TxInputType. 2020-07-03 11:17:19 +02:00
Andrew Kozlik
872768928b core/crypto: Fix endianity in DER length encoding. 2020-07-03 11:17:19 +02:00
Andrew Kozlik
e7f230d66e core/sign_tx: Use varint length encoding for witness stack items. 2020-07-03 11:17:19 +02:00
Tomas Susanka
3a3e5739b0 core, legacy: update changelogs 2020-07-02 09:09:34 +00:00
Tomas Susanka
fc9eb63114 core: add previous commit to changelog 2020-07-01 17:37:47 +00:00
Tomas Susanka
0f9a2459d3 core: make QR code smaller for Monero 2020-07-01 17:20:04 +00:00
Tomas Susanka
ca3dd2bfb9 common: skip deprecated fields during generation; deprecate overwintered field in Zcash 2020-06-30 16:02:21 +02:00
matejcik
e6e3043096 all: implement support for pre-overwinter prevtx (fixes #1030) 2020-06-30 15:19:31 +02:00
Andrew Kozlik
f382f77c89 core/ui: Fix repaint bug in QR code rendering #1067. 2020-06-25 12:25:41 +02:00
Tomas Susanka
e534ae3ad7 legacy, core: rename Features.pin_cached to unlocked and unify 2020-06-19 21:26:36 +02:00
Tomas Susanka
b6c8cbc24c core: add 'initialized' to changelog 2020-06-16 11:31:29 +02:00
Tomas Susanka
a6acefbdf5 core: wipe before reset and recovery; introduce 'intialized' field 2020-06-16 11:31:29 +02:00
Andrey
1eeaa1e5cf Enable extra_data for Zcoin. Changed coininfo.py 2020-06-15 09:53:00 +02:00
Tomas Susanka
b67be7dd9e core: forbid all settings if not initialized 2020-06-11 18:47:01 +02:00
Tomas Susanka
f8b2f0bb7b changelogs: change also bootloader changelogs to the new format 2020-06-11 15:48:38 +00:00
Tomas Susanka
9979af3cd2 changelogs: start using more detailed changelog 2020-06-11 17:43:40 +02:00
Tomas Susanka
981d079d7f core/signverify: add failsafe for an empty message header 2020-06-11 09:08:50 +02:00
Tomas Susanka
56fe5adcfc Merge branch 'release/2020-06' 2020-06-10 06:51:18 +00:00
Andrew Kozlik
d1690f4317 core/tools: fix pixel-perfect mode for centered text in dialog-designer 2020-06-09 13:31:42 +02:00
Pavol Rusnak
179645e3ad core: unify usage of TREZOR_MODEL 2020-06-06 21:06:15 +02:00
Ondrej Mikle
c877dc8dd6 core: port storage to T1 2020-06-06 21:06:15 +02:00
Pavol Rusnak
2815b62838
core/tools: implement "pixel-perfect" mode for dialog-designer tool 2020-06-05 14:11:59 +00:00
Pavol Rusnak
5262ef84cf common/defs/fido: add aws and tutanota 2020-06-05 14:53:13 +02:00
Andrew Kozlik
9c61257e8e core: Use the Lock icon in the PIN entry dialog only when the device is actually locked. 2020-06-05 11:52:56 +02:00
Pavol Rusnak
5ed64a0736
core/tools: refactor dialog-designer tool 2020-06-04 21:39:47 +02:00
Pavol Rusnak
d9d5511858
core/tools: add quick'n'dirty dialog-designer tool 2020-06-04 19:56:42 +02:00
matejcik
7579ac5274 core: fix rendering issues in homescreens 2020-06-04 16:18:46 +02:00
matejcik
9df7c84c56 core/ui: lower lockscreen brightness 2020-06-04 16:18:46 +02:00
matejcik
8fa7684a9c core: set a scheduler-safe maximum for autolock 2020-06-04 16:18:46 +02:00
matejcik
872e0fb0e0 core: lower scheduler resolution to milliseconds 
This avoids problems with large timeouts causing the scheduler queue to
think the time counter has overflown, and ordering the autolock task before
immediate tasks.

The maximum reasonable time difference is 0x20000000, which in
microseconds is ~8 minutes, but in milliseconds a more reasonable ~6
days.
 2020-06-04 16:18:46 +02:00
matejcik
847691798b core: simplify homescreen and lockscreen implementations 2020-06-04 16:18:46 +02:00
matejcik
4bc865794f core: only unlock storage if it is locked (solves determinism issue in tests) 2020-06-04 16:18:46 +02:00
matejcik
ffa7790ed5 core: start USB after booting apps 
This prevents a race condition where sometimes an Initialize message
could arrive before the homescreen was fully booted -- and Recovery
homescreen would cancel it as part of its bootup sequence.
 2020-06-04 16:18:46 +02:00
matejcik
70f67883c5 core: fix artifacts in click-based UI tests 2020-06-04 16:18:46 +02:00
matejcik
a9d8fd3992 core: debuglink interface avoids workflow management 
This will have unintended consequences if you call a wirelink function
on the debulink interface. TT allows this ... and will behave badly.
 2020-06-04 16:18:46 +02:00
matejcik
bc9247e18d core: add Cancel to a list of allowed messages while locked 2020-06-04 16:18:46 +02:00
matejcik
f32c2f9e23 core: replace workflow.kill_default with workflow.close_others 2020-06-04 16:18:46 +02:00
matejcik
01832d5ae9 core: call close_others() in place of ButtonRequest 
this makes sense, really: close_others() requests UI exclusivity, and
that is something that generally happens at the same places we emit a
ButtonRequest
 2020-06-04 16:18:46 +02:00
matejcik
6f53ca0ac6 core: rework wait_layout() 
The original wait_layout was unreliable, because there are no guarantees
re order of arrival of the respective events. Still, TT's event handling
is basically deterministic, so as long as the host sent its messages
close enough to each other, the order worked out.

This is no longer the case with the introduction of loop.spawn: TT's
behavior is still deterministic, but now ButtonAck is processed *before*
the corresponding wait_layout, so the waiting side waits forever.

In the new process, the host must first register to receive layout
events, and then receives all of them (so the number of calls to
wait_layout must match the number of layout changes).

DebugLinkWatchLayout message must be version-gated, because of an
unfortunate collection of bugs in previous versions wrt unknown message
handling; and this interests us because upgrade-tests are using
wait_layout feature.
 2020-06-04 16:18:46 +02:00
matejcik
5d823ff5ea core: use ButtonRequestType.PinEntry for PIN entry 2020-06-04 16:18:46 +02:00
matejcik
bbfce4e303 common: introduce ButtonRequestType.PinEntry 2020-06-04 16:18:46 +02:00
matejcik
3dbd9c9eca core/loop: prevent finalizers from doing things when task is closed externally 2020-06-04 16:18:46 +02:00
matejcik
42e7c43c7c core: make sure that auto-lock shuts down running workflows 2020-06-04 16:18:46 +02:00
matejcik
2d0206c043 core: replace workflow.on_start/on_close with workflow.spawn 2020-06-04 16:18:46 +02:00
matejcik
02565f3bfb core/loop: introduce spawn syscall 2020-06-04 16:18:46 +02:00
matejcik
a4f47ddd21 core/lockscreen: ignore exception when user taps "unlock" and then cancels 2020-06-04 16:18:46 +02:00
matejcik
7ff1251ee1 core: dim lockscreen (fixes #974) 2020-06-04 16:18:46 +02:00
matejcik
4035aad51b core: implement auto-lock after a configurable timeout (fixes #75) 2020-06-04 16:18:46 +02:00
matejcik
67b723e4ca core: add a global idle timer 2020-06-04 16:18:46 +02:00
Andrew Kozlik
5469acfabf core/webauthn: Cache user verification for 3 minutes. 2020-06-04 16:18:46 +02:00
Andrew Kozlik
b867ac1d01 core/webauthn: Implement FIDO2 unlocking from softlock. 2020-06-04 16:18:46 +02:00
Andrew Kozlik
0f81886c9f core/webauthn: Allow confirm_dialog() to return a new state as an alternative to the user response. 2020-06-04 16:18:46 +02:00
Andrew Kozlik
c8ae5c157e core/webauthn: Implement U2F unlocking from softlock. 2020-06-04 16:18:46 +02:00
matejcik
06aed7135a core: do not prompt for PIN just to lock the device again 2020-06-04 16:18:46 +02:00
matejcik
2cedc687e6 core: disable trezor-crypto BIP32 cache 2020-06-04 16:18:46 +02:00
matejcik
246998910a core: refactor usage of input_signals 
this prevents a certain class of UI test failure. It also localizes the
use of debuglink signals into the layout classes instead of call sites,
which is a design we were already using for confirm_signals
 2020-06-04 16:18:46 +02:00
matejcik
afeeafd5cd core: hide some fields when softlocked 2020-06-04 16:18:46 +02:00
matejcik
b9bd9ea3d0 core: only softlock when PIN is set 2020-06-04 16:18:46 +02:00
matejcik
a9ddc2a8e2 core/boot: modify initial lockscreen label 2020-06-04 16:18:46 +02:00
matejcik
09af8aed4e core: consider lockscreen to be a separate homescreen 
this involves some changes to the workflow defaults:

* workflow.start_default() takes no arguments
* workflow.set_default() (originally replace_default) configures the
  default that will be started by next call to start_default().
  The intended usecase is to set_default() first and then start it
  separately.
* apps.base.set_homescreen() factors out the logic originally in
  main.py, that decides which homescreen should be launched. This uses
  set_default() call. start_default() is then used explicitly in main.py
 2020-06-04 16:18:46 +02:00
matejcik
d73480bc9d core: introduce PIN soft-locking 2020-06-04 16:18:46 +02:00
matejcik
04c8b2803d core: refactor homescreen app, include lockscreen in it 2020-06-04 16:18:46 +02:00
matejcik
9197623d83 core: factor out the decision whether to lock the device 2020-06-04 16:18:46 +02:00
matejcik
0600d87c8c common: rename ClearSession to LockDevice, introduce EndSession 2020-06-04 16:18:46 +02:00
matejcik
32fcc4ad9c core: make verify_user_pin accept a Context argument 2020-06-04 16:18:46 +02:00
matejcik
8ca7ffc3b8 core: use wire.PinCancelled/PinInvalid instead of custom versions 
also refactor show_pin_invalid and its usages so that it raises directly

note that we are now using PinCancelled instead of ActionCancelled where
appropriate
 2020-06-04 16:18:46 +02:00
matejcik
eabfcab9b9 core: add default messages to some error codes 2020-06-04 16:18:46 +02:00
matejcik
341c5b7d10 core/wire: make handler lookup pluggable 2020-06-04 16:18:46 +02:00
matejcik
837c4df61f core: expose storage_is_unlocked() as config.is_unlocked() 2020-06-04 16:18:46 +02:00
matejcik
87433995b0 core: add BITCOIN_ONLY to mock file 2020-06-04 16:18:46 +02:00
matejcik
d5e45c02bb core: move base functions from "homescreen" app to "base" 2020-06-04 16:18:46 +02:00
Tomas Susanka
8859d103f4 core, legacy: bump versions 2020-06-03 15:39:25 +00:00
Tomas Susanka
e2629eb921 core, legacy: update Changelogs to reflect the release 2020-06-03 15:35:30 +00:00
matejcik
bd5b3a3f21 common: drop Theta and VeChain ERC tokens, refresh market caps 
fixes #1022
fixes #1023
 2020-05-29 12:12:30 +02:00
matejcik
5209804fc3 core: relax path checks on GetPublicKey 
(cherry picked from commit 554d8949f5)
 2020-05-27 06:58:30 +00:00
matejcik
554d8949f5 core: relax path checks on GetPublicKey 2020-05-27 08:56:50 +02:00
matejcik
d59ffe553f make gen 2020-05-25 16:14:05 +02:00
Ondřej Vejpustek
24ceb0ab6b crypto/bignum: change limb size to 29, add tests 2020-05-24 14:36:38 +00:00
Andrew Kozlik
cb32ae2e4b core/tests: add request_meta queries to unit tests (needed for transaction streaming) 2020-05-24 14:36:38 +00:00
Andrew Kozlik
42eddf8e04 core/sign_tx: validate prevout amount in all cases 2020-05-24 14:36:38 +00:00
Andrew Kozlik
7db3e930d4 core/sign_tx: Add further message sanitization checks. 2020-05-24 14:36:37 +00:00
matejcik
72ef86d79a all: enable extra_data for komodo 2020-05-24 14:36:37 +00:00
matejcik
7a3637d5b0 core/sign_tx: add checks for version_group_id and branch_id fields 2020-05-24 14:36:37 +00:00
Ondrej Mikle
b01b24f090 core: change startup firmware file from .s to .S which enables preprocessing and fixes TT boot 2020-05-24 12:28:38 +02:00
Tomas Susanka
675ff459db core, legacy: update changelogs 2020-05-22 11:55:55 +00:00
Tomas Susanka
9dfc08ca61 core/bitcoin: drop decred_script_version 2020-05-21 19:14:39 +02:00
matejcik
eeb46eabca common: refresh token list 2020-05-21 13:29:13 +02:00
matejcik
2f665c8f84 core: add exception to GetPublicKey for PSBT master fingerprint (fixes #999) 2020-05-21 13:26:53 +02:00
Ondrej Mikle
10f0f107e0 core: Adds T1 core port FW flashing options for for openocd and jlink 2020-05-21 10:05:12 +02:00
Ondrej Mikle
0d65d684f0 core: T1 port can run on T1 bootloader with MEMORY_PROTECT=0 2020-05-21 08:49:59 +02:00
Tomas Susanka
a2f790167d core/bitcoin: fix step 1 and 2 comments in signing 2020-05-19 12:58:45 +00:00
Tomas Susanka
1ac0f60550 core: update isort config to place relative imports last 2020-05-18 14:31:51 +02:00
Tomas Susanka
aa115b6320 core: move decred writers to decred.py 2020-05-18 14:31:51 +02:00
Tomas Susanka
3084ee1eed core/bitcoin: move write_bitcoin_varint to common writers 2020-05-18 14:31:51 +02:00
Tomas Susanka
445f56d387 core/bitcoin: finalize bitcoin refactor 
- core/bitcoin: move common files to the app's root
- core/bitcoin: use require_confirm instead of confirm
- core: move bitcoin unrelated functions from 'bitcoin' to a new 'misc' app
- core/bitcoin: use relative imports inside the app
- core: rename wallet app to bitcoin
- core/wallet: replace SigningErrors and the other exception classes with wire.Errors
 2020-05-18 14:31:51 +02:00
matejcik
aa52fc3903 core/extmod: drop unused rfc6979 module 2020-05-18 14:31:00 +02:00
matejcik
050936d0d7 core: enable finalizers on extmod classes 2020-05-18 14:31:00 +02:00
matejcik
123b07e3ad core: drop support for pre-registering keychain namespaces 2020-05-15 16:30:41 +02:00
matejcik
3e06f4779a core/tests: add new keychain tests 2020-05-15 14:08:29 +02:00
matejcik
de9e73dcbc core/tests: update unit tests for new keychain API 2020-05-15 14:08:29 +02:00
matejcik
f3f6e2101a core/cardano: explanation about seed derivation 2020-05-15 14:08:29 +02:00
matejcik
a31b2cd1bc core/wallet: implement keychain for apps.wallet 2020-05-15 14:08:29 +02:00
matejcik
0dff3853a7 core/ethereum: introduce custom keychain decorators 2020-05-15 14:08:29 +02:00
matejcik
b594248ac2 core: use new keychain decorators where appropriate 2020-05-15 14:08:29 +02:00
matejcik
fd9e945308 core/cardano: use caching decorators and new Keychain API for Cardano as well 2020-05-15 14:08:29 +02:00
matejcik
7541d529a3 core: refactor keychain API, introduce SLIP44 decorator 2020-05-15 14:08:29 +02:00
matejcik
8c4cb58098 core: introduce caching decorators 2020-05-15 14:08:29 +02:00
matejcik
63dfcb17a7 core: make mypy happy about importing fatfs 2020-05-15 14:08:29 +02:00
matejcik
7f2e7b0003 core: add Ethereum constants to mocks 2020-05-15 14:08:29 +02:00
Pavol Rusnak
6704ed86a1
Merge pull request #995 from trezor/omikle/t1-core-port 
core port to Trezor One
 2020-05-14 16:48:18 +02:00
Ondrej Mikle
7eddafe487 core: better formatting for common parts of T1 and TT header 2020-05-14 16:10:42 +02:00
Ondrej Mikle
c4c341b3f9 core: setup stack when running core on T1 2020-05-14 12:46:25 +02:00
Dusan Klinec
6b8fc9c894
xmr: major protocol upgrade, CLSAG support added 
- CLSAG signature scheme added
  - type hints added

xmr: optimize protocol, send only required data
  - real_out_additional_tx_keys contains only one element as nothing more is needed during signature
  - only src_entr.outputs[index] is HMACed and always present. Other outputs are present only if needed which reduces comm and CPU overhead.
  - getting rid of subaddresses dictionary (memory requirements), now subaddr indices are present per source entry so keys are computed when needed

xmr: prepare for permutation sending removal, specify index
  - specify source entry ordering index prior sorting by key images as original HMAC keys are generated based on these.
  - permutation checked just by valid HMACs, size of the set, key image sort order
  - sending permutation is now deprecated, will be removed in the following protocol versions
  - more strict state transition checks, guard strict check with respect to steps ordering
 2020-05-13 11:13:19 +02:00
Tomas Susanka
25d2d130a0 tests: use maxfail option for fido2 tests 2020-05-12 09:48:23 +00:00
Ondrej Mikle
fb5a220b46 core: use legacy sign script for T1 core port binary to be flashable 2020-05-11 18:05:46 +02:00
Ondrej Mikle
e429085e96 core: copy firmware header for T1 port into final binary 2020-05-11 17:33:47 +02:00
Ondrej Mikle
d8115a7992 core: firmware header for T1 port 2020-05-11 15:43:43 +02:00
Tomas Susanka
53c43ac305 core/tests: initialize emu with slip14 before running fido2 test suite 2020-05-06 14:36:04 +00:00
Andrew Kozlik
3de565c33c core/sign_tx: In write_tx_header() rename has_segwit parameter to witness_marker and clarify usage. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
846116a666 core/sign_tx: Improve comments. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
7370077d0c core/sign_tx: Get rid of internal TxOutputBinType messages. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
9f9618944a core/sign_tx: Explicitly pass script to write_tx_input() instead of setting it in txi. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
04bdf1dc6c core/sign_tx: Remove unused index parameters. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
c9814e50ba core/sign_tx: Set decred_script_version to 0 by default for decred coins. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
dccf415e0b core/sign_tx: Add write_tx_output() to signer class and override it in Decred. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
bdd1d25979 core/sign_tx: Require change-outputs to be for a non-zero amount. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
d5faeb3f51 core/sign_tx: Clarify sign_nonsegwit_input(). 2020-05-06 13:18:32 +02:00
matejcik
9005093435 core/sign_tx: improve documentation on MatchCheckers 2020-05-06 13:18:32 +02:00
matejcik
0209768ff2 core/sign_tx: improve type hints 2020-05-06 13:18:32 +02:00
matejcik
ff41e5c304 core/sign_tx: improve signer selection readability 2020-05-06 13:18:32 +02:00
Andrew Kozlik
8b89a30955 core/sign_tx: Remove get_prevouts_hash(), get_sequence_hash(), get_outputs_hash() methods from signer classes, because they are only used internally. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
22933587be core/sign_tx: Merge bip143 classes into signer classes. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
6ad3baeab2 core/sign_tx: Refactor BIP-143 signing. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
d58cd3987b core/sign_tx: Minor updates based on code review. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
be39f271b0 core/sign_tx: Rework transaction footer writing. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
b60f267da9 core/sign_tx: Rework transaction header writing. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
c1effcc374 core/sign_tx: Updates based on code review. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
c2a0f83558 core/sign_tx: Move script derivation to scripts module. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
d0b80bddc8 core/tests: Fix unit tests after sign_tx refactor. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
be7e98aa47 core/sign_tx: Move Bitcoin class to bitcoin.py. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
a07e125793 core/sign_tx: Consolidate wallet path and multisig fingerprint checking. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
27e6720f3d core/sign_tx: cleanup 2020-05-06 13:18:32 +02:00
Andrew Kozlik
987b70f1f5 core/sign_tx: Move header prepending up by one level. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
2ceb091d68 core/sign_tx: Use a preallocated buffer for transaction serialization. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
555259d6a9 core/sign_tx: Remove last_output_bytes in Decred, which is no longer needed. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
f1801764a1 core/sign_tx: Fix segwit/non-segwit input interleaving bug. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
514f2ac649 core/sign_tx: Refactor to use template method. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
95fad83024 core/sign_tx: Derive Zip143 and DecredPrefixHasher from Bip143. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
e9900df18d core/sign_tx: Move Overwintered class to zcash. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
60dbec95ac core/sign_tx: Reuse get_prevtx_output_value() in Decred. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
2b74513e49 core: Fix mypy. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
50c08274b9 core/sign_tx: Move overwintered functionality to separate class. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
c190eed7fc core/sign_tx: Move non-Bitcoin functionality to Bitcoinlike class. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
613c81ea66 core/sign_tx: Refactor wallet_path functions and input_check_multisig_fingerprint. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
0d9984671e core/sign_tx: Fix typing. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
79c60615de core: Fix typing. 2020-05-06 13:18:32 +02:00
Andrew Kozlik
ba8b34b2d7 core: Refactor signing. 2020-05-06 13:18:32 +02:00
Pavol Rusnak
066866488b
core: add temporary "src1" folder 2020-05-04 16:00:29 +00:00
matejcik
a623799a11 core: remove f-strings from headertool (python 3.5 compatibility) 2020-05-04 11:29:03 +02:00
Pavol Rusnak
25cc836660
core/extmod: fix build of modtrezorui when TREZOR_MODEL is set to '1' 2020-04-30 15:07:26 +00:00
Tomas Susanka
20d66adddd core: disable passphrase_always_on_device when turning off passphrase 2020-04-28 14:54:18 +02:00
Tomas Susanka
47f104bceb core, legacy: bump versions 2020-04-24 17:12:20 +00:00
Pavol Rusnak
4b5a84eab7
core+legacy: update changelogs 2020-04-16 14:20:18 +02:00
Ondřej Vejpustek
c461692f3a core: implement random delay interrupts 2020-04-16 11:51:28 +02:00
Ondřej Vejpustek
d5bfe6b32f crypto: add chacha_drbg 2020-04-16 11:51:28 +02:00
matejcik
72cde5a57d core: disallow parsing options after command (fixes #951) 2020-04-16 11:24:15 +02:00
matejcik
5885978c83 Merge branch 'release/2020-04' 2020-04-15 15:00:23 +02:00
Andrew Kozlik
9e4a8ca785 core/webauthn: Improve error codes for uninitialized device. Return ERR_OPERATION_DENIED only upon user decline or timeout, otherwise it cancels the operation on all connected authenticators. 2020-04-14 12:24:17 +02:00
matejcik
2ccebd3175 core: raise SystemExit when exitting emulator (now that sys.exit is removed) 2020-04-14 10:17:37 +02:00
matejcik
4bddeefea0 core: unify mpconfigports for emulator and board 
Changes in firmware/mpconfigport.h are minimal:

 * $VFS_FAT is dropped because it is irrelevant without $VFS
 * $REVERSE_SPECIAL_METHODS is added, to push down on code size
 * $THREAD is disabled unconditionally

unix/mpconfigport.h is reordered and modified to match
firmware/mpconfigport.h as much as possible, while selectively enabling
some needed features.

Notably, $USE_READLINE is enabled unconditionally
 2020-04-14 10:17:37 +02:00
matejcik
d0f709b8cc core: fix and use MAKEMODULEDEFS instead of explicit registration 2020-04-14 10:17:37 +02:00
matejcik
a6976355c3 core: remove readline from built firmware 2020-04-14 10:17:37 +02:00
Dusan Klinec
25b6e9058f xmr: proto - add fields for protocol optimization 2020-04-13 22:19:56 +02:00
Andrew Kozlik
bc4e8eaa16 core/webauth: Update readme with Ed25519 algorithm and certificates. 2020-04-09 21:05:28 +02:00
Pavol Rusnak
197218338a
Merge pull request #936 from trezor/rework-serialize-deserialize 
crypto: rework serialize/deserialize API
 2020-04-09 09:53:23 +02:00
matejcik
eec0615444 core: drop sys.pyi from mocks (fixes #934) 
A change introduced in mypy 0.770 disallows overriding some system
modules, including `sys`.

We only need the override for `sys.print_exception`, and the simplest
solution is to make mypy ignore that particular call.
 2020-04-08 11:19:26 +02:00
Andrew Kozlik
c57bc62a05 core/tools: Add attestation certificate generator for FIDO2. 2020-04-06 18:29:05 +02:00
Andrew Kozlik
fca92d7344 core/webauthn: Update attestation certificate to comply with WebAuthn requirements. 2020-04-06 18:29:05 +02:00
Pavol Rusnak
a7806d08d7
core/crypto: remove unused bip32.deserialize function 2020-04-06 18:04:24 +02:00
Pavol Rusnak
1695228d80
core/crypto: remove unused serialize_private function 2020-04-06 15:49:36 +00:00
Pavol Rusnak
f07ff17fad
core/crypto: add missing field to Blake2b constructor 2020-04-06 12:28:36 +00:00
Andrew Kozlik
25a39ea729 core/webauthn: Fix handling of interleaving frames to comply with the U2F HID specification. 2020-04-06 09:53:42 +02:00
jagdeep sidhu
e58c5f63d5
common/defs: update SYS (#928) 2020-04-02 00:22:47 +02:00
Tomas Susanka
0b7a8449f8 core: style 2020-03-30 16:04:05 +00:00
Tomas Susanka
bf20537f41 core: add option to omit cancel button in HoldToConfirm; add it to reset 2020-03-30 16:00:12 +00:00
Pavol Rusnak
336a417233 core/bootloader: distinguish between a vendor change and downgrade with wipe 2020-03-25 15:15:12 +01:00
Andrew Kozlik
8ae0535e69 core/webauthn: Fix attestation statement format to use a list in the x5c field. 2020-03-24 16:18:37 +01:00
Tomas Susanka
aa71c20f2c core: require hold to confirm 2020-03-24 09:20:10 +00:00
Ondrej Mikle
634ed5aabc
core: commands for flashing via JLink (#911) 2020-03-23 10:40:06 +01:00
Tomas Susanka
025436db47 core/changelog: add FIDO2's Ed25519 2020-03-23 08:00:31 +00:00
Tomas Susanka
f786d75a6f core: drop obsolete check for ANYONECANSPEND segwit outputs 2020-03-20 14:19:31 +00:00
Tomas Susanka
d0d41c884e legacy: move script type checks to separate functions and unify with core 2020-03-20 14:19:31 +00:00
matejcik
bd9e15bb8c core/tests: add unit tests for prevhash writers 2020-03-20 14:19:31 +00:00
matejcik
a9faa4d4ab core/tests: fix inline variant of assertRaises 
otherwise code like the following would fail:

>>> self.assertRaises(AssertionError, ensure, False)

because the AssertionError raised internally by `ensure` would be
conflated with the AssertionError raised by the tested function
 2020-03-20 14:19:31 +00:00
matejcik
da89a17ce5 all: add checks for prev_hash size 2020-03-20 14:19:31 +00:00
matejcik
c15519f707 core/sign_tx: modify get_tx_header to avoid writing unchecked bytes 2020-03-20 14:19:31 +00:00
matejcik
9cab61fbd3 core/sign_tx: remove write_bytes_unchecked where appropriate 2020-03-20 14:19:31 +00:00
matejcik
27f6306e1d core: introduce safer write_bytes functions 2020-03-20 14:19:30 +00:00
matejcik
9a5f6b025a core/tezos: factor out writing Michelson instructions 2020-03-20 14:19:30 +00:00
matejcik
694f714719 core/ripple: rename write_bytes to avoid name collision 2020-03-20 14:19:30 +00:00
Tomas Susanka
64584e271c legacy, core: add and unify validation checks 2020-03-20 14:19:30 +00:00
matejcik
ffdb299c61 all: drop Capricoin support [NO BACKPORT] 2020-03-20 14:19:30 +00:00
matejcik
adea7d6b35 all: make timestamp mandatory on timestamp-enabled coins 2020-03-20 14:19:07 +00:00
matejcik
e2035b4972 all: drop Horizen and BIP-115 support [NO BACKPORT] 2020-03-20 14:19:07 +00:00
matejcik
6f9c6361ea core: remove negative_fee and cashaddr_prefix from bitcoin-only fw 2020-03-20 14:18:27 +00:00
matejcik
7d5771911c core: flip condition for force_bip143 
this should be equivalent because Bitcoin does not have force_bip143 set
 2020-03-20 14:18:27 +00:00
matejcik
ed464f3d47 all: ensure expiry, timestamp and extra_data are blocked as appropriate 2020-03-20 14:18:27 +00:00
matejcik
27803ee8c1 all: drop overwintered field from transaction 2020-03-20 14:18:27 +00:00
matejcik
c9fd3f77a5 all: add overwintered field to coin specification 2020-03-20 14:18:27 +00:00
Pavol Rusnak
817b922850 all: add extra_data and timestamp fields to coin specification 2020-03-20 14:18:27 +00:00
matejcik
136307bcae core: propagate coin info to all sanitize functions 2020-03-20 14:17:44 +00:00
matejcik
303c05aba7 core/sign_tx: check if prev_tx has enough outputs to match prev_index 2020-03-20 14:17:44 +00:00
Andrew Kozlik
a34637c0f2 core/sign_tx: Check multisig fingerprint before signing inputs. 2020-03-20 14:17:44 +00:00
Tomas Susanka
163220e4b7 core/wallet: properly check decred input 2020-03-20 14:17:44 +00:00
Ondřej Vejpustek
6274cfdf8b core: remove unreachable zcash code 2020-03-20 14:17:44 +00:00
Ondřej Vejpustek
d61181d7e8 core: fix transaction header for mixed segwit inputs 2020-03-20 14:17:44 +00:00
Tomas Susanka
f0a39df75d core/wallet: check inputs and outputs right after receiving them 2020-03-20 14:17:44 +00:00
Tomas Susanka
0903159d9b core, legacy: make sure OPRETURN ouput is not marked as change 2020-03-20 14:17:44 +00:00
Tomas Susanka
4af9aa547e core: forbid unnecessary fields in OPRETURN output 2020-03-20 14:17:44 +00:00
Andrew Kozlik
d800fcbf9f core/sign_tx: If there is a non-multisig input, then change output cannot be multisig. 
(cherry picked from commit 8eb6ce0899)
 2020-03-20 14:17:44 +00:00
Andrew Kozlik
b3cd760df0 core/webauthn: Disable CTAPHID_WINK function. 2020-03-20 15:07:06 +01:00
Andrew Kozlik
e5008eb332 core/webauthn: Remove indistinguishable credentials from the allow list. 2020-03-20 15:07:06 +01:00
Andrew Kozlik
cda9de8dd1 core/webauthn: Add maxCredentialCountInList and maxCredentialIdLength to authenticatorGetInfo response. 2020-03-20 15:07:06 +01:00
Andrew Kozlik
0af0e06d5b core/webauthn: Truncate names in credential data to at most 100 bytes. 2020-03-20 15:07:06 +01:00
matejcik
ccffefd667 core/boot: do not catch OSError in boot wait 2020-03-20 14:03:28 +01:00
matejcik
f6f041e269 core/sdcard: also catch OSError in the formatting phase 2020-03-20 14:03:28 +01:00
matejcik
3a71a5a05c core/sdcard: show "Wrong SD card" when unlocking SD protect with unformatted card 2020-03-20 14:03:28 +01:00
matejcik
3789a3372b core/sdcard: modify exception handling in fatfs 
expose ff.c constants, raise them as arguments to FatFSError

introduce NotMounted and NoFilesystem as subclasses of FatFSError with
the appropriate error code set
 2020-03-20 14:03:28 +01:00
Andrew Kozlik
8ee0026637 core: Allow PIN entry even when SD protect is enabled and the card is not present. 2020-03-19 15:04:33 +01:00
Andrew Kozlik
bfd834d1de storage: Add storage_ensure_not_wipe_code(). 2020-03-19 15:04:33 +01:00
Konnor Klashinsky
70a1f957ed
Fix BackupDevice layout on 18-word seed wallets 2020-03-13 13:41:04 +13:00
Andrew Kozlik
2f905a1157 core/webauthn: Add algorithm and curve to WebAuthnListResidentCredentials response. 2020-03-12 15:45:26 +01:00
Andrew Kozlik
f610787f8d core/webauthn: Clean up bytes/bytearray typing around uctypes. 2020-03-12 15:45:26 +01:00
Andrew Kozlik
e378820f7f core/webauthn: Implement support for Ed25519 signatures in FIDO2. 2020-03-12 15:45:26 +01:00
Pavol Rusnak
624b639ba8
Merge pull request #886 from trezor/onvej-sl/monero-optimizations-squashed 
xmr/bp: memory optimizations and improvements, fixed style
 2020-03-02 17:54:30 +01:00
Tomas Susanka
f8de140271 core: add cancel to hold to confirm dialogs 2020-03-02 13:58:41 +00:00
Dusan Klinec
2658e253fa xmr/bp: memory optimizations and improvements 
- different approach to vector manipulation - more on the fly operations. Prepared for fully offloaded operations, BP on Trezor with constant memory.
- memory requirements reduced from (4MN + const) to (2MN + const)
- more raw methods to avoid unnecessary encoding/decoding
- chunking improved, chunk size set as a constant, changed from 64 to 32, missing pieces implemented to cover also BP 16
- proof_v8 support discontinued, old hardfork, not needed anymore
- get_exponent register clash fixed (for large vectors)
- reduced heap fragmentation by removing some temporary allocations
- hashing with len and offset to reduce heap fragmentation by creating a sliced arrays
- use to() wherever possible to avoid allocations and return of mutable private object
- global functions start with _ prefix, reduce import footprint
- use __slots__ in classes to minimize footprint
 2020-03-02 12:17:03 +01:00
Tomas Susanka
21676a0662 ore/tezos: better wording in delegation cancel 2020-03-02 08:49:34 +00:00
matejcik
7f91bc571c core: ensure default task restarts after a passphrase workflow (fixes #883) 2020-02-28 15:55:40 +01:00
Tomas Susanka
5ee6e56f56
Merge pull request #880 from trezor/tsusanka/sign-verify-ui 
Unify sign/verify message dialogs and fix text overflow
 2020-02-28 15:47:48 +01:00
matejcik
bd9663af79 common/defs: update token reference, add new tokens to 2.3.0/1.9.0, regenerate coins_details 2020-02-27 19:13:17 +01:00
Tomas Susanka
86b010a18b
Merge pull request #878 from trezor/matejcik/fatfs-corruption 
FatFS API rework
 2020-02-27 15:58:38 +01:00
Tomas Susanka
c8b7d3fb56 core/changelog: SD card protection is part of 2.3.0 2020-02-27 13:57:48 +00:00
Tomas Susanka
a63e6fc4ef core+legacy: update changelogs 2020-02-27 13:21:17 +00:00
Tomas Susanka
a8af9feebe core: fix text overflow in some dialogs 2020-02-27 12:43:33 +00:00
Tomas Susanka
744c32991f core: unify sign/verify functions 
The UI records are modified because of two changes:
- Added a coin name to the Sign/Verify screen (ETH/Lisk).
- Unified to use mono.
 2020-02-27 12:43:33 +00:00
Tomas Susanka
b317613d63
Merge pull request #874 from trezor/tsusanka/test 
Use wire errors where applicable
 2020-02-27 13:38:30 +01:00
Tomas Susanka
495a59c282 core: use wire errors instead of ValueErrors where applicable 2020-02-27 10:46:01 +00:00
matejcik
18ac4fc9ca core: update Python facing APIs 2020-02-27 10:56:23 +01:00
matejcik
9ab84d2455 core/tests: thoroughly test modified APIs 2020-02-27 10:56:23 +01:00
matejcik
b24411b900 core/sdcard: unmount instance when powering off sdcard 2020-02-27 10:56:23 +01:00
matejcik
c81be584fb core/fatfs: ensure functions can only be called on a mounted filesystem 
ff.c has a lazy-mounting feature, where any filesystem call will mount
the volume if it can. This messes with predictability of the mounted
state, so all (except mount/unmount/mkfs) Python functions will first
check if the fs is mounted.
 2020-02-27 10:56:23 +01:00
matejcik
fa746e2990 core/fatfs: rework low-level FatFS API 
Instead of having possibly multiple FatFS objects, each with its own
`fs` struct, there is one global static fs_instance. This is to match
the mode of operation of ff.c, which assumes a global list of mounts,
and all functions operate on the global based on path.

Methods of FatFS were converted to functions on the fatfs module.

fatfs.unmount() does not call ff.c's unmount, but simply invalidates
fs_instance. This is basically what ff.c would do, except without
messing with ff.c's global list of mounts.
 2020-02-26 14:18:41 +01:00
Pavol Rusnak
c896f02eb3
core/boardloader: use SRAM as SD card read buffer 
because DMA can't access the CCMRAM
 2020-02-25 17:59:16 +01:00
Andrew Kozlik
2133f7cf29 core: Prevent data loss when writing to USB VCP. 2020-02-25 12:08:07 +01:00
matejcik
b916072389 common: restore PassphraseAck.state 2020-02-24 15:15:09 +01:00
matejcik
d7b9582386 core/sdcard: add ensure_filesystem option (fixes #868) 
It is possible to call `ensure_sdcard` in a way that requires only SD
card be inserted, but not necessarily formatted.

This is useful for SD-protect and possibly other use-cases where the SD
card is read-only, and "not formatted" is identical to "not containing
the right files".
 2020-02-24 13:28:44 +01:00
matejcik
e9c275c24f core/sdcard: fix invalid state when filesystem mounting fails 2020-02-24 13:28:44 +01:00
Pavol Rusnak
39ce100608
Merge pull request #864 from trezor/prusnak/bootloader-text-break 
core/bootloader: split long vendor string
 2020-02-21 18:39:20 +01:00
Tomas Susanka
6c47bf8230 core: store multiple sessions/caches at the same time 2020-02-21 14:40:42 +01:00
Pavol Rusnak
562671401e
Merge pull request #860 from trezor/prusnak/multisig-show-yours-others 
core: show yours/others in get_address for multisig
 2020-02-20 13:49:13 +01:00
matejcik
918603ad5c core: add unit test for sdcard wrapper 2020-02-20 12:51:48 +01:00
matejcik
7983fd34d6 core: fix unit tests 2020-02-20 12:51:48 +01:00
matejcik
4ed6487a19 core/sdcard: add out-of-bounds checks to emulator 2020-02-20 12:51:48 +01:00
matejcik
ddee77ecb6 core: add SD clearing via debuglink 2020-02-20 12:51:48 +01:00
matejcik
d0b1b171f1 core/sdcard: ensure emulator initializes the SD card when first needed 2020-02-20 12:51:48 +01:00
matejcik
5bd8d9b5bb core/sdcard: make allocating new SD card for emulator fast 2020-02-20 12:51:48 +01:00
matejcik
1e9352b9e0 core: add SD format dialog, generalize sdcard usage 2020-02-20 12:51:48 +01:00
matejcik
5bac85f260 core: use filesystem wrapper instead of the ensure_filesystem decorator 2020-02-20 12:51:48 +01:00
matejcik
d08942be4a core: introduce filesystem wrapper 2020-02-20 12:51:48 +01:00
matejcik
b2084a19be core/trezorio: move sdcard functions to a submodule 2020-02-20 12:51:48 +01:00
matejcik
30529d218d core/sdcard: change SDCard methods to plain functions 2020-02-20 12:51:48 +01:00
matejcik
06b89c57c5 core/sdcard: return proper disk status flags to fatfs 2020-02-20 12:51:48 +01:00
Tomas Susanka
ff1bb67abc common: return the PasshraseType button request 2020-02-20 08:04:35 +00:00
Pavol Rusnak
dc66bbe3d5
core/bootloader: split long vendor string 2020-02-19 21:40:28 +00:00
Pavol Rusnak
74802a107e
core/modtrezorui: add display_text_split 2020-02-19 21:40:28 +00:00
Pavol Rusnak
c4babd3c0b
Merge pull request #846 from trezor/bootloader-read-retry 
core/bootloader: make read more benevolent and read error more helpful
 2020-02-19 19:45:34 +01:00
Pavol Rusnak
581e46ff87
Merge pull request #845 from trezor/prusnak/webusb-popup 
Don't show WebUSB popup in firmware, in bootloader only if no firmware present
 2020-02-19 18:18:01 +01:00
Pavol Rusnak
7944c1a837
core/monero: add confirmation dialog for unlock_time 2020-02-19 14:31:45 +00:00
Pavol Rusnak
a808cc9190
core/apps: await require_confirm should be called without return 2020-02-19 14:31:45 +00:00
Pavol Rusnak
b9486c0b33
core: show yours/others in get_address for multisig 2020-02-18 22:39:55 +00:00
Tomas Susanka
577daf09fe tests: introduce --ui-check-missing to test/remove missing tests 2020-02-18 09:33:21 +01:00
matejcik
1d41141a1f core/emulator: properly ignore inotify problems (fixes #854) 2020-02-17 12:33:38 +01:00
Pavol Rusnak
2958a97c87
Merge pull request #830 from trezor/tsusanka/fw-upgrade 
FW Update: Request a small chunk first to make the UI smoother
 2020-02-15 13:08:33 +01:00
matejcik
e61b7d28e9 all: do not send state in PassphraseAck (not needed for compatibility) 2020-02-13 15:44:50 +01:00
Pavol Rusnak
63dfd6c6ab
core/bootloader: make read more benevolent and read error more helpful 2020-02-12 22:05:29 +01:00
Pavol Rusnak
07cd73ce57
core: show webusb popup only in bootloader and only if firmware is not installed 2020-02-12 20:47:05 +00:00
matejcik
4c8c96272c emu: fix flag options with defaults 
Click REALLY INSISTS you provide on/off switches for your options.
You can use is_flag, but then the presence of the option changes based
on the default value.

Which makes sense, really:
@option("-f", "foobar", is_flag=True, default=False)
you would expect `./cli -f` to have `foobar is True`

whereas with
@option("-f", "foobar", is_flag=True, default=True)
you would expect `./cli -f` to have `foobar is False`, otherwise it's a
no-op

this becomes fun with `default=os.environ.get("SOMETHING")`, because
then the effect of the option CHANGES with a value of environment
variable!

there's two ways around this:
a) don't use defaults, update the flag explicitly, like:
   foobar = foobar or os.environ.get("FOOBAR") == "1"
b) forget about is_flag and specify an on/off switch, where the default
   value works as intended

since the latter is also technically speaking more correct, i'm doing it
 2020-02-12 13:32:05 +01:00
matejcik
271da3fa39 python: add detailed logging to emulator runner 2020-02-12 13:31:58 +01:00
matejcik
c14429c445 all: shut down emulator on error_shutdown 2020-02-12 13:31:31 +01:00
matejcik
d3b88a37be core: do not catch SystemExit in handle_session (#826) 2020-02-12 10:36:42 +01:00
Tomas Susanka
f947fe97cc core: fix style 2020-02-11 16:41:43 +01:00
Tomas Susanka
0a13f7a441 core: properly limit passphrase to 50 bytes 2020-02-11 15:39:08 +00:00
Tomas Susanka
2c0504ad1c
Merge pull request #803 from trezor/passphrase 
Passphrase Redesign
 2020-02-11 16:01:59 +01:00
matejcik
05a1d6f771 core/debug: add "show arbitrary screen" capability, for easier prototyping 2020-02-11 11:53:34 +01:00
matejcik
c01d04f26e common/protob: drop a default field declaration 
which triggers nanopb bug https://github.com/nanopb/nanopb/issues/487
 2020-02-11 11:53:34 +01:00
matejcik
741c0c8888 core: improve stability of Monero test runner 2020-02-11 11:16:28 +01:00
matejcik
4c9689d7a7 common: return deprecated fields to protobuf, to allow cross-version compatible code 2020-02-10 12:35:28 +01:00
Pavol Rusnak
e58225fe02
core/boot: don't call mkfs in emulator 2020-02-07 15:30:21 +00:00