When doing Ethereum signTypedData, and the primaryType="EIP712Domain",
we completely ignore the "message" part and only sign the domain.
According to the community, this is technically allowed by the spec,
and may be used by ETH smart contracts to save on gas.
Test case generated by @MetaMask/eth-sig-util's library.
See: https://ethereum-magicians.org/t/eip-712-standards-clarification-primarytype-as-domaintype/3286
Using `__`-prefixed names seems to be a convention for specifying
position-only arguments before Python 3.8. Pyright respects this
convention and in fact requires it since version 1.1.192.
This keeps information about vendors and USB IDs in one place, and
allows us to extend with model-specific information later.
By default, this should be backwards-compatible -- TrezorClient can
optionally accept model information, and if not, it will try to guess
based on Features.
It is possible to specify which models to look for in transport
enumeration. Bridge and UDP transports ignore the parameter, because
they can't know what model is on the other side.
supersedes #1448 and #1449
If the device asks for a tx_hash which is not present in prev_txes,
raise a ValueError with some more detailed messaging about the missing
hash rather than the default dictionary lookup failure of KeyError.
WIP - typing the trezorctl apps
typing functions trezorlib/cli
addressing most of mypy issue for trezorlib apps and _internal folder
fixing broken device tests by changing asserts in debuglink.py
addressing most of mypy issues in trezorlib/cli folder
adding types to some untyped functions, mypy section in setup.cfg
typing what can be typed, some mypy fixes, resolving circular import issues
importing type objects in "if TYPE_CHECKING:" branch
fixing CI by removing assert in emulator, better ignore comments
CI assert fix, style fixes, new config options
fixup! CI assert fix, style fixes, new config options
type fixes after rebasing on master
fixing python3.6 and 3.7 unittests by importing Literal from typing_extensions
couple mypy and style fixes
fixes and improvements from code review
silencing all but one mypy issues
trial of typing the tools.expect function
fixup! trial of typing the tools.expect function
@expect and @session decorators correctly type-checked
Optional args in CLI where relevant, not using general list/tuple/dict where possible
python/Makefile commands, adding them into CI, ignoring last mypy issue
documenting overload for expect decorator, two mypy fixes coming from that
black style fix
improved typing of decorators, pyright config file
addressing or ignoring pyright errors, replacing mypy in CI by pyright
fixing incomplete assert causing device tests to fail
pyright issue that showed in CI but not locally, printing pyright version in CI
fixup! pyright issue that showed in CI but not locally, printing pyright version in CI
unifying type:ignore statements for pyright usage
resolving PIL.Image issues, pyrightconfig not excluding anything
replacing couple asserts with TypeGuard on safe_issubclass
better error handling of usb1 import for webusb
better error handling of hid import
small typing details found out by strict pyright mode
improvements from code review
chore(python): changing List to Sequence for protobuf messages
small code changes to reflect the protobuf change to Sequence
importing TypedDict from typing_extensions to support 3.6 and 3.7
simplify _format_access_list function
fixup! simplify _format_access_list function
typing tools folder
typing helper-scripts folder
some click typing
enforcing all functions to have typed arguments
reverting the changed argument name in tools
replacing TransportType with Transport
making PinMatrixRequest.type protobuf attribute required
reverting the protobuf change, making argument into get_pin Optional
small fixes in asserts
solving the session decorator type issues
fixup! solving the session decorator type issues
improvements from code review
fixing new pyright errors introduced after version increase
changing -> Iterable to -> Sequence in enumerate_devices, change in wait_for_devices
style change in debuglink.py
chore(python): adding type annotation to Sequences in messages.py
better "self and cls" types on Transport
fixup! better "self and cls" types on Transport
fixing some easy things from strict pyright run
This was broken by the previous commit removing f-strings. For this
reason, `format()` was renamed to `to_string` to make it clearer that
it's not the `str.format` method.
Based on original contribution by Max Kupriianov <xlab@hey.com>
Implemented EIP-712 typed data signatures in Ethereum app.
Add eth_abi into pyproject deps
device test for EIP 712
fixed hex decoding for address
fixup! fixed hex decoding for address
code quality, more pythonic code, removing unused imports
running black and isort on changed files
trezorctl file input for EIP 712 data signing
fixup! code quality, more pythonic code, removing unused imports
fixup! fixup! code quality, more pythonic code, removing unused imports
necessary changes after rebase to master
unit tests for sign_typed_data.py
new protobuf messages, working for nonarray types
simplified and verified solution for our simple data
support for simple arrays, without their confirmation
reverting protobuf value messages to bytes, appropriate changes
showing arrays in Trezor, code quality improvements
data validation on Trezor, minor improvements
using custom types for storing type data instead of dicts, addressing feedback from review
moving helper functions to its own file, tests for decode_data
additional overall tests
support for arrays of structs
adding support for metamask_v4_compat variable
using HashWriter object to collect the final hash continously
minor improvements in code quality
validate_field_type function
streaming values from client without saving them, missing UI
prototype of streamed UI using confirm_properties
accounting for bytes in data, more data types in integration tests
rebase on master, using f-strings
minor fixes and improvements from code review
StructHasher class for the whole hashing process
mypy and style changes
asking users whether to show structs and arrays
protobuf descriptions to fix make defs_check
unifying comments, mypy fix
unit tests for StructHasher class
UI fixtures, skipping device tests for T1
addressing majority of code review comments about code quality and structure
changing file structure - layouts, helpers, sign_typed_data
decode_data renaming and docstring, renaming unit test file
using tuples instead of lists in elifs
layout improvements
excluding core/src/apps/common/confirm.py file from the PR
True/False returning layout with Show more button
code review layout improvements
forgotten br_type argument to should_show_more
BREAKING CHANGE: StellarAssetType is renamed to StellarAsset.
The name StellarAssetType is reused for the corresponding enum.
Enums are introduced in several other places. Their values correspond to
allowed values of (previously int) fields so this should not pose a
compatibility problem.
Many fields are now required. We believe that this should not pose a
compatibility problem, because all known interfaces to Stellar signing
actually accept Stellar XDR on input, whose required fields match the
protobuf schema.
* Changes from original PR
* Now that we are rejecting chain_ids of 0, we need to have the tests set the chain_ids to at least 1.
* Ran 'make gen' and uploaded changed files.
* Ran make style_check and fixed reported errors
* Added changelog files
* Reverted changes concerning chain_id 0 being rejected.
* Adds tests for MAX_CHAIN_ID and MAX_CHAIN_ID+1. Also reverts MAX_CHAIN_ID to the previous value.
* Added missing whitespace around arithmetic operator.
Co-authored-by: Michael Hatton <michaelhatton@Michaels-Mini.fios-router.home>
Initial EIP1559 implementation
Fix a few small issues
Progress on Python lib implementation and firmware
Fix RLP length
Start fixing tests
Fix legacy transactions
Simplify API and logic
Add EIP1559 tests
Fix access list formatting
Fix UI visiblity issue
Fix commented out code
fix: correct linting issues
Fix access_list protobuf formatting
Remove unneeded code
Remove dead code
Check tx_type bounds for EIP 2718
Reduce code duplication
Prefer eip2718_type over re-using tx_type
Add more tests
Simplify format_access_list
Simplify sign_tx slightly
Change Access List format and add logic to encode it
Fix a bunch of small PR comments
Fix a linting issue
Move tests out of class and regenerate
Remove copy-pasted comments
Add access list to CLI
Simplify _parse_access_list_item
Fix small mistakes following rebase
Fix linting
Refactor to use a separate message for EIP 1559 tx
Simplify changed legacy code
Fix a few small PR comments
Fix linting
fix(legacy): recognize SignTxEIP1559 on legacy build
Fix PR comments
There's two udp calls in `UdpTransport._ping()`:
- socket.sendall(b"PINGPING") -> this will be instanteous, AND it will
raise if the receiving side is not listening.
- socket.recv() -> this will wait for SOCKET_TIMEOUT seconds, but only
in case the sendall() succeeded. This means that receiving side exists
and we are now waiting until it's awake enough to respond.
In conclusion, we avoid hammering emulator with PINGPINGs with a timeout
so short we don't see an answer. This should avoid the problem
occasionally seen in CI and described in #1668
API-compatibility with the original one is retained.
Now that we don't need to keep code parity with core, we could do some
changes that make life easier.
All generated classes are now in one file. This makes github diffs more
readable, at the cost of somewhat complicating inspecting individual
classes; however, that is something we shouldn't be doing anyway.
Enums are now implemented as enum.IntEnum.
The original class-level FIELDS member was restored.
Each field is now defined via protobuf.Field, which is easier to work
with in the codec, AND we're not stuffing defaults and flags into the
same field.
Add two new input and four output script types.
Decred ticket purchases consist of a stake submission, op returns, and
change addresses. Although change addresses are allowed by consensus,
they are no longer used in practice and so have been given the
restrictions of a null pubkey and no value. Stake scripts are almost
identical to p2pkh or p2sh except for an extra opcode in front. Inputs
are currently only used in the form of one input three outputs with the
first output, or stake submission, paying to a public key hash, or with
two inputs and five outputs with the stake submission paying to a
multisig script hash. The op returns are directed to the user in the
case of one and the voting service provider and user in the case of two.
One of the sstx commitment for a ticket must pay back to the trezor
wallet. This is checked and an error is thrown if we don't find the
expected public key hash.
Because this adds the ability to create new types of outputs once the
ticket votes, two new input script types are also needed. A successful
vote will lead to a stake generation script that must be spent, and an
unsuccessful vote will lead to a revocation script that must be spent.
If we allowed stake change scripts to have a valid pubkey, that too
would require another op code, but we disallow those for output.
Because we can't pass SignTx anymore because it has required fields and
the caller is not supposed to fill out those.
Instead you can send arbitrary kwargs that match signtx fields.
BREAKING CHANGE: argument `details: SignTx` is no longer accepted.
init_device() should be used to initialize a session. Reuses existing
session if available.
end_session() explicitly closes any existing session and requests a new
one
lock() enables soft-lock
clear_session() is the equivalent of lock() + end_session()
A new function ensure_unlocked() can be used to open a session and
prompt for PIN and passphrase before further operations.
Update protobuf
- Previous transactions don't need to be sent anymore, because fee is
included in the transaction now. Thus transactions_count can be
removed from CardanoSignTx message and the CardanoTxAck and
CardanoTxRequest messages can be removed altogether.
- CardanoTxInputType.type is unused so remove it
Add NULL (None type) serialisation to CBOR
- Transaction metada must either have a valid structure or CBOR NULL
must be used (if metadata is empty) - it can't be simply left out.
Add protocol_magics file
- Just to have a nicer way of representing protocol magics
Update transaction signing
- Previous transactions no longer need to be requested
- Output building is simplified, since fee doesn't need to be calculated
- Remove transaction class since it is no longer needed (only functions
remained)
- Reorder functions so it reads top to bottom
Add protocol magic to byron address on testnet
- This has always been a part of the spec, but it hasn't been
implemented before, because it wasn't really needed.
Update trezorlib
Update tests
- Transaction messages are no longer required
- Expected values are different since tx format changed
- Common values in test cases have been extracted
Remove unused file
- Progress was used when receiving previous transactions
Add CRC check to output address validation
The original wait_layout was unreliable, because there are no guarantees
re order of arrival of the respective events. Still, TT's event handling
is basically deterministic, so as long as the host sent its messages
close enough to each other, the order worked out.
This is no longer the case with the introduction of loop.spawn: TT's
behavior is still deterministic, but now ButtonAck is processed *before*
the corresponding wait_layout, so the waiting side waits forever.
In the new process, the host must first register to receive layout
events, and then receives all of them (so the number of calls to
wait_layout must match the number of layout changes).
DebugLinkWatchLayout message must be version-gated, because of an
unfortunate collection of bugs in previous versions wrt unknown message
handling; and this interests us because upgrade-tests are using
wait_layout feature.
Protobuf encoding now happens in TrezorClient, and transports get encoded blobs
to (chunkify and) send. This is a better design because transports don't need
to know about protobuf.
It also lays groundwork for sending raw bytes feature (#116)
This commit also removes all vestiges of ProtocolV2 which was never used and
will probably need to be redesigned from the ground up anyway. The code is
still ready for protocol flexibility.
this fixes a problem in upgrade-test, when one emulator fails to come up
and then blocks all other tests.
the CI task will still be failed, but at least we'll know at a glance
that it is a timeout problem
cosi.verify was renamed to verify_combined, because it is pretty much
ed25519.verify, and the new name implies what it does in terms of the
CoSi scheme: verify a signature with already-combined public keys.
cosi.verify_m_of_n signature was simplified by not requiring the `n`
parameter, which is not important for verification. The updated function
was renamed to cosi.verify, because this is the standard CoSi
verification operation: given signature, digest, required number of
signatures, sigmask, and a list of public keys, verify that enough
signatures are indicated and that they sign the digest.