1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-30 18:10:56 +00:00
Commit Graph

667 Commits

Author SHA1 Message Date
Pavol Rusnak
317363f84c
enable mixing of segwit and non-segwit inputs 2017-05-19 17:40:57 +02:00
Pavol Rusnak
57a91c7160
update litecoin maxfee/kb 2017-05-19 16:54:16 +02:00
Pavol Rusnak
d424829333
add chain_id to erc20 tokens 2017-05-19 14:28:35 +02:00
Pavol Rusnak
766a6c1189
add space before coin shortcut because of how new formatter works 2017-05-19 11:29:44 +02:00
Pavol Rusnak
652a40c3e6
use bn_format from trezor-crypto where possible 2017-05-18 16:20:28 +02:00
Pavol Rusnak
ba9aae143e
ethereum: support for ERC-20 tokens 2017-05-17 02:53:11 +02:00
Pavol Rusnak
391e3940e5
refactor fee computation, but keep ceil logic 2017-05-15 12:08:54 +02:00
Pavol Rusnak
c8dc17341c
bump bitcoin maxfee 2017-05-13 01:29:12 +02:00
Pavol Rusnak
24ac52079f
disable native segwit for now 2017-05-13 01:05:10 +02:00
Pavol Rusnak
49f44d296c
refactor signing_check_output 2017-05-13 00:45:11 +02:00
Pavol Rusnak
06304c2378
update coins 2017-05-12 23:00:42 +02:00
Pavol Rusnak
f4e3d7ae1e
bump version to 1.5.0 2017-05-10 00:12:23 +02:00
Pavol Rusnak
6d0d2348cf
usb: whitespace cleanup 2017-05-09 23:49:05 +02:00
Pavol Rusnak
f1db85948e
Merge branch 'segwit' 2017-05-09 23:28:52 +02:00
Pavol Rusnak
1ecbca8338
signing: add option to enable/disable mixing of segwit/non-segwit inputs 2017-05-09 23:26:18 +02:00
Pavol Rusnak
5faee8149f
update trezor-crypto 2017-05-08 17:16:20 +02:00
Pavol Rusnak
261b8d5e41
multisig: allow mismatched change addresses, show them as non-change 2017-05-06 19:52:49 +02:00
Pavol Rusnak
4343d0eaeb
show progressbar layout in GetAddress 2017-05-05 15:45:58 +02:00
Pavol Rusnak
e31e55e505
simplify bip32 change logic 2017-05-05 15:12:47 +02:00
Pavol Rusnak
b1995bb8d1
remove segwit warning, don't enable segwit on coins that don't have segwit=true in definition 2017-05-04 18:54:54 +02:00
Pavol Rusnak
4183b6cbbc
update logic for change addresses (address_n length 1 is allowed now) 2017-05-04 18:16:45 +02:00
Pavol Rusnak
cb14b98213
ethereum: add new chain_ids 2017-05-04 15:12:24 +02:00
Pavol Rusnak
38970cbd68
transaction: fix compile_output for OP_RETURN 2017-05-03 18:57:47 +02:00
Pavol Rusnak
8e017526ab
Merge branch 'master' into segwit 2017-05-03 17:16:30 +02:00
Pavol Rusnak
13f03d3880
Revert "ethereum: add EthereumSignTx.prefix"
This reverts commit 2866e6fe88.
2017-04-30 03:26:57 +02:00
Pavol Rusnak
aafd61ec8b
update trezor-common, add cointype.segwit bool 2017-04-26 15:43:57 +02:00
Pavol Rusnak
2866e6fe88
ethereum: add EthereumSignTx.prefix 2017-04-24 20:34:13 +02:00
Pavol Rusnak
258d3eaddd
GetPublicKey: use Bitcoin as default coin if not provided
disable SimpleSignTx and Firmware messages
update submodules
2017-04-21 14:08:09 +02:00
Peter Banik
d4cc4a48b8 Added altcoin support to GetPublicKey (#161) 2017-04-21 12:51:13 +02:00
Pavol Rusnak
300b09badc
Merge branch 'master' into segwit 2017-04-20 18:45:49 +02:00
Pavol Rusnak
dcceec806d
fix call to protectButton while showing segwit warning 2017-04-11 14:05:19 +02:00
Jochen Hoenicke
d70ac623a4 Small bugfixes in signing
Segwit progress bar fixed.
Call `signing_abort` instead of `layoutHome` on all errors
The second `compile_output` does not work for user button and cannot
return -1.
2017-04-08 22:39:49 +02:00
Jochen Hoenicke
420471889d Refactored signing method.
Put larger pieces of codes into functions of their own.
No changes to this code.
2017-04-08 21:59:51 +02:00
Jochen Hoenicke
9d9377438c Fix missing returns after signing_abort 2017-04-08 20:33:27 +02:00
Jochen Hoenicke
e5c9b361d3 Better error message for segwit without amount 2017-04-08 20:29:58 +02:00
Jochen Hoenicke
99fc6d31d1
[refactor] Use compute_address in msgGetAddress. 2017-03-29 20:59:23 +02:00
Jochen Hoenicke
7b1381766f
Change address support for segwit.
Rewrote change address support for segwit.
Also checks the bip32 path of change address.
2017-03-29 20:59:01 +02:00
Pavol Rusnak
d7d3d0490e
update trezor-crypto 2017-03-28 23:19:59 +02:00
Pavol Rusnak
d03356fab1
raising the maxfee 2017-02-27 21:01:00 +01:00
mruddy
c8c85424b6
fix usage of RNG before setup (#150/#151) 2017-02-17 13:19:05 +01:00
Pavol Rusnak
97a061244e
Merge branch 'master' into segwit 2017-02-08 01:06:45 +01:00
Pavol Rusnak
1943d840e3
add ChangeLog for bootloader, move firmware ChangeLog 2017-02-01 14:57:59 +01:00
Saleem Rashid
bd167dcdf2 USB: Annotate USB interfaces with iInterface 2017-01-30 16:32:38 +01:00
Saleem Rashid
0c039b3e14 USB: Compile-time USB string checking
Generate `enum` for USB string indexes, this is far more robust
2017-01-30 16:32:38 +01:00
Pavol Rusnak
14399f100e
bump version 2017-01-25 14:04:20 +01:00
Pavol Rusnak
5c54edf54e
differentiate between ETH and ETC using chain_id 2017-01-24 17:27:11 +01:00
Jochen Hoenicke
32fb7e96cc Ethereum EIP-155 replay protection
Added chain_id field in sign transaction.
If chain_id is set use hashing as specified in EIP-155.
2017-01-22 19:09:07 +01:00
Jochen Hoenicke
5b40f6d90b Updated trezor-common 2017-01-22 19:09:07 +01:00
Jochen Hoenicke
f36cf5c10c Handle edge cases for ethereum txs.
Treat the case where a field is omitted identical to the case
where an empty array is given.  In particular
- data_length == 0 is allowed now and identical to giving no data.
- nonce can be omitted to indicate nonce value 0.

I still do not allow to omit gas_limit and gas_price; gas_limit
cannot be zero and transactions with zero gas_price will not be
mined.  You can still set it explicitly to zero by giving the
empty array, though.
See trezor/trezor-mcu#143.
2017-01-22 19:09:07 +01:00
Pavol Rusnak
505df38a84
fix when oled triangle is shown 2017-01-19 16:16:57 +01:00
Roman Zeyde
466155270b layout: split "First Last <first@last.com>" GPG user ID for readability 2017-01-14 18:34:29 +01:00
Jochen Hoenicke
1cceec0ae2 Check that U2F key only uses hardened derivation (#139)
We generate only U2F keys with hardened derivation.  However, we
didn't check incoming keys if they used hardened derivation.
This patch fixes this.
2017-01-10 21:51:57 +01:00
Pavol Rusnak
ab006262e8
mytrezor.com -> trezor.io/start 2017-01-10 15:08:08 +01:00
Pavol Rusnak
1e297c68fa
cosmetic changes to matrix recovery 2017-01-10 14:58:28 +01:00
Pavol Rusnak
b1723fef5b
change binary name of nanopb generator (to follow upstream name) 2017-01-09 15:55:57 +01:00
Jochen Hoenicke
8e84a6716c Merge master into segwit 2017-01-06 16:55:12 +01:00
Jochen Hoenicke
e9eaad2fcf
Segwit: Show multisig segwit address
changed layout for very large addresses.
2017-01-06 16:22:01 +01:00
Jochen Hoenicke
f9a203431e
Display SegWit address on Trezor 2017-01-04 18:56:08 +01:00
Jochen Hoenicke
e67f13ef4b
Multi-byte address prefixes for segwit 2017-01-04 18:55:42 +01:00
Pavol Rusnak
32f3c54cc4
fix whitespace 2017-01-04 18:52:55 +01:00
Jochen Hoenicke
52da2fc5e7
Segwit: Fix problems introduced by rebase 2017-01-04 18:41:26 +01:00
Roman Zeyde
9eb87245ba usb: exclude hid_report_descriptor_debug from non-debug build (#135) 2017-01-02 13:12:48 +01:00
Pavol Rusnak
1763a5b647
use new hdnode_private_ckd_cached API 2016-12-12 12:17:48 +01:00
Saleem Rashid
5f203d0a0c debug: Improve debugging API (#134)
* Allow DEBUG_LOG without DEBUG_LINK
* Move debugInt() to debug.c
2016-12-04 23:24:01 +01:00
Saleem Rashid
5c00b24307 trezor: Fix screen timeout (#131) 2016-11-26 13:48:04 +01:00
Saleem Rashid
b4eaf7dbaf timer: Fix non-critical integer overflow (#129)
Every 4294967295 milliseconds (2 ^ 32 - 1), system_millis will overflow.
This means that every 49.71 days, system_millis will reset to zero.
Comparisons like `system_millis < (system_millis + 1)` would fail if the
latter had overflown and the former had not.

This is non-critical because the worst case is that one second could be
skipped or the screen could lock early.

This poses no threat to the exponential backoff used for protection
against brute force.
2016-11-23 20:22:28 +01:00
Pavol Rusnak
15fcda21ce
update protobuf 2016-11-23 13:21:31 +01:00
Jochen Hoenicke
acfdb714ff
New Matrix-based recovery 2016-11-23 13:21:18 +01:00
Pavol Rusnak
14aa486fa6
partially revert 4ce4cc5605 for smoother merge 2016-11-23 13:19:25 +01:00
Pavol Rusnak
c4d144a82e
extract CHECK_PARAM 2016-11-22 22:04:09 +01:00
Pavol Rusnak
a122615663
extract CHECK_PIN and CHECK_PIN_UNCACHED 2016-11-22 21:06:39 +01:00
Pavol Rusnak
0ef70164a5
extract CHECK_INITIALIZED and CHECK_NOT_INITIALIZED macros 2016-11-22 20:57:45 +01:00
Pavol Rusnak
27a4e41707
refactor forgotten disabled coinByName usage 2016-11-22 20:00:22 +01:00
Saleem Rashid
0ec32a6146 timer: Replace screen timeout with SysTick
This provides an incredibly accurate screen timeout and removes the
superfluous screen timeout counter
2016-11-17 02:07:46 +01:00
Saleem Rashid
25b9bfd97b timer: Use Cortex-M3 SysTick timers
Removed `usbDelay(uint32_t cycles)`, added `usbSleep(uint32_t millis)`

The same method signature could cause silent code breakage at runtime,
as opposed to noisy code breakage at compile time which is the better
kind.
2016-11-17 02:07:46 +01:00
Pavol Rusnak
3cede26fbc
add yubico u2f demo to u2f known apps 2016-11-15 18:51:29 +01:00
Pavol Rusnak
f45454b5ce
u2f: add fastmail to known providers 2016-11-10 13:46:41 +01:00
Jochen Hoenicke
9287dd7e04
Poll USB during BIP39 derivation.
This patch adds calls to usbPoll in the progress callback.  This
should address #98.

We call usbDelay instead of Poll, to call usbd_poll several times.
Otherwise it would only handle one event instead of handling all
events that were pending so far.  The ugly magic number 5 is a guess.

Note that we also need to set usbTiny, so that we don't recursively
process messages.  Since we don't know whether usbTiny is set, we
need to store the old value (especially true for u2f).

This fix also relies on another fix in libopencm3.
2016-11-09 16:17:50 +01:00
Pavol Rusnak
4ce4cc5605
halt the device when encountered an invalid mnemonic (skip if device loaded or recovered without enforced wordlist) 2016-11-09 16:06:50 +01:00
Pavol Rusnak
810d478f4c
check return values of ecdsa_sign calls 2016-11-08 15:48:44 +01:00
Jochen Hoenicke
2950588271
Fix segwit multisig.
Tested, see f41cbedd8becee05a830f418d13aa665125464547db5c7a6cd28f21639fe1228
and c9348040bbc2024e12dcb4a0b4806b0398646b91acf314da028c3f03dd0179fc
on testnet
2016-11-05 22:47:21 +01:00
Jochen Hoenicke
895da908e0
Simplified InputScriptType
Distinguish between single signature and multisig via has_multisig.
2016-11-05 22:47:21 +01:00
Jochen Hoenicke
388750f2d1
Support for P2SH compatible segwit 2016-11-05 22:47:21 +01:00
Jochen Hoenicke
b7b9891cb4
Signing for Segnet Transaction works
see segnet4 txid:
aa434a6ef4fcf350e319bacbd725fa7446f797cb3ed0cd0582826a49d3351ffa
2016-11-05 22:47:21 +01:00
Jochen Hoenicke
e5000fb196
segwit sign (completely untested) 2016-11-05 22:47:18 +01:00
Jochen Hoenicke
5c60be9854
hashes for segwit signature 2016-11-05 22:37:01 +01:00
Jochen Hoenicke
1bd4b99f95
Allow SegWit addresses
New output scripts for segwit addresses in accordance to BIP-142 and BIP-141.
This allows Trezor to pay to segwit users, but it doesn't enable segwit for
Trezor itself.
2016-11-05 22:35:32 +01:00
Pavol Rusnak
71890e4edf
implement u2f_counter in LoadDevice, Recoverydevice and ResetDevice messages 2016-10-31 16:20:15 +01:00
Pavol Rusnak
4471c6e0e6
show different dialog when U2F client uses bogus appid 2016-10-31 11:56:11 +01:00
Pavol Rusnak
ae37ea8a9a
bump version, add changelog 2016-10-26 18:06:13 +02:00
Pavol Rusnak
592f3c9afe
lock screen after 10 minutes of inactivity 2016-10-25 17:45:30 +02:00
Pavol Rusnak
f8ad9fc742
fix Verify (by introducing coinExtractAddressType) 2016-10-25 17:02:02 +02:00
Saleem Rashid
0b51d060d8
allow ClearSession purely via confirm button
Holding confirm button at home screen asks user whether they wish to
lock the TREZOR (clear the cached PIN and passphrase and show the
screensaver). This is identical behaviour to the ClearSession message.
2016-10-25 15:21:56 +02:00
Pavol Rusnak
ea35b4bfe7
update trezor-crypto 2016-10-24 20:55:45 +02:00
Roman Zeyde
0bb7f16b78 crypto: allow Ed25519 signing larger digests (#124) 2016-10-24 12:41:10 +02:00
Pavol Rusnak
e9f0706c2e
fix prevtx hashing when input count is 0 2016-10-21 13:20:57 +02:00
Pavol Rusnak
2daab8cf02
add coins-gen.py script and generate coins.c using that script 2016-10-20 15:27:34 +02:00
Pavol Rusnak
c288a0e328
implement TXEXTRADATA transaction RequestType 2016-10-20 13:25:40 +02:00
Roman Zeyde
68a1bcc908 Add specific layout for GPG signature (#122)
Following ECDH usage of layoutDecryptIdentity (which shows "GPG decrypt for:")
this commit adds a specific case for layoutSignIdentity, showing "GPG sign for:",
instead of "GPG login to:" (which is less appropriate in the GPG context).
2016-10-17 18:08:02 +02:00
Pavol Rusnak
771a0c014b
update protobuf 2016-10-16 02:06:49 +02:00
Pavol Rusnak
f0b93b44f5
multibyte addresses can be 40 chars long 2016-10-16 02:05:03 +02:00
Roman Zeyde
b57c0ff430
Use trezor-crypto ECDH, adding Curve25519 support 2016-10-16 01:34:02 +02:00
Karel Bílek
dfc543c955 Switching address types (#119)
Address_type and address_type_p2sh were switched
2016-10-13 11:39:35 +02:00
Pavol Rusnak
7ddccdb7f4
Revert "simplify cryptoMessageVerify call"
This reverts commit 3a42032c63.
2016-10-10 17:42:42 +02:00
Pavol Rusnak
c0181b1aec
extract address related stuff into trezor-crypto 2016-10-10 11:26:52 +02:00
Pavol Rusnak
e70900d49e
don't tie message verification with P2PKH addresses 2016-10-10 10:17:51 +02:00
Pavol Rusnak
3a42032c63
simplify cryptoMessageVerify call 2016-10-10 00:18:57 +02:00
Daira Hopwood
6bfe487f19
Update address prefixes for Zcash. 2016-10-10 00:05:51 +02:00
Daira Hopwood
69d99d202d
Add support for multi-byte address prefixes. 2016-10-10 00:05:45 +02:00
Jochen Hoenicke
a0ade6343e Reworked rfc6979 signing. (#116)
New parameter is_canonical that allows for generating signatures that
have additional requirements.
2016-10-06 16:58:05 +02:00
Jochen Hoenicke
d767e52055 Confirm to change U2F counter (#114) 2016-09-27 23:33:28 +02:00
bitcartel
e0e190b3dc
Update coins.c for Zcash mainnet (#111) 2016-08-31 14:02:53 +02:00
Pavol Rusnak
8d7c1ec543 Merge pull request #110 from jhoenicke/master
More alignment fixes
2016-08-30 12:55:37 +02:00
Jochen Hoenicke
6d65551b82
More alignment fixes 2016-08-30 12:39:37 +02:00
Pavol Rusnak
dec9484a17
update version 2016-08-30 10:33:13 +02:00
Pavol Rusnak
d7c0fbc379
add const where possible (for message parsing) 2016-08-29 22:36:18 +02:00
Pavol Rusnak
0a55a9e415
update to nanopb 0.2.9.3 2016-08-29 12:59:29 +02:00
Pavol Rusnak
fff16e813a
add link to protobuf definition in coins.c 2016-08-29 10:44:40 +02:00
Jochen Hoenicke
bc55013942
Simplified one-byte encodings 2016-08-25 13:02:14 +02:00
Jochen Hoenicke
91dcead35e
Gas estimate screen, tweaked display of value 2016-08-23 22:05:24 +02:00
Jochen Hoenicke
a37a2e3612
Confirm data, streamlining code
Set all size fields to 0, if fields was not given to avoid the conditions
later.

Display data and ask for confirmation.
2016-08-22 23:18:38 +02:00
Jochen Hoenicke
05a73593f6
No special case encoding for '\x0', cleanups
The encoding for data '\x00' was tested here:
http://testnet.etherscan.io/tx/0x05d6f97de3ecd33ad4059fa9bd342a10ef99d580a2d881b0c5a0c9e8c55ff975
2016-08-19 23:35:11 +02:00
Jochen Hoenicke
22d0e7a053 Incorporated changes for updated master 2016-08-19 03:16:59 +01:00
Pavol Rusnak
efd443abe8 implement ethereum signing check 2016-08-19 03:14:38 +01:00
Pavol Rusnak
4e0a69b6ea refactor ethereum methods, show progress properly 2016-08-19 03:14:38 +01:00
Pavol Rusnak
1558d77ea0 split rlp_encode_length into rlp_encode_length and rlp_encode_list_length 2016-08-19 03:14:38 +01:00
Pavol Rusnak
3db323c599 fix printing of ethereum value and address 2016-08-19 03:14:38 +01:00
Pavol Rusnak
3d1ab24d92 simplify ethereum code, EthereumSignTx.data_length is the total length now 2016-08-19 03:14:38 +01:00
Pavol Rusnak
48008ddd8e implement layoutEthereumConfirmTx 2016-08-19 03:14:38 +01:00
Pavol Rusnak
7d9a56e678 fix curly braces in if statements 2016-08-19 03:14:38 +01:00
Nick Johnson
4a195ebd86 Don't include 0x in address display, so everything fits 2016-08-19 03:14:38 +01:00
Alex Beregszaszi
7432805b6a Fix special RLP case for length=1 firstbyte=0 2016-08-19 03:14:38 +01:00
Alex Beregszaszi
079d282541 Simplify send_request_chunk() 2016-08-19 03:14:38 +01:00
Alex Beregszaszi
78b1370de9 More input sanity checks in EthereumSignTx 2016-08-19 03:14:38 +01:00
Alex Beregszaszi
a617200c9c Add confirmation dialog to EthereumSignTx 2016-08-19 03:14:38 +01:00
Alex Beregszaszi
e0a1743003 Add sanity checks for data fields in EthereumSignTx 2016-08-19 03:14:38 +01:00
Alex Beregszaszi
ab49a7cb45 Calculate data length based on the initial chunk and the supplied length 2016-08-19 03:14:38 +01:00
Alex Beregszaszi
e0395b13eb Fix RLP length calculation 2016-08-19 03:14:38 +01:00
Alex Beregszaszi
2b6c991179 Split out send_signature and support short requests 2016-08-19 03:14:38 +01:00
Alex Beregszaszi
1d2f9b6ecd Initial signing implementation for Ethereum 2016-08-19 03:14:38 +01:00
Alex Beregszaszi
a9449520b8 Ethereum signing skeleton 2016-08-19 03:14:38 +01:00
Alex Beregszaszi
9c7e41f15b Reorder fsm.c for logical grouping of signing methods 2016-08-19 03:14:38 +01:00
Nick Johnson
a031b79e24 Add sha3.o to OBJS 2016-08-19 03:14:38 +01:00
Nick Johnson
352d296f77 Return the correct MessageType from EthereumGetAddress 2016-08-19 03:14:38 +01:00
Alex Beregszaszi
3c2d9111e2 Implement EthereumGetAddress 2016-08-19 03:14:38 +01:00
Alex Beregszaszi
bf465357ee Include placeholder handlers for the Ethereum protocol 2016-08-19 03:14:38 +01:00
Jochen Hoenicke
7d8cb9018e
Ask for confirmation on ECDH Session (gpg decrypt)
Also fix abort to send a reply (a cancel failure)
2016-07-14 18:12:55 +02:00
Pavol Rusnak
437c5739f1
Merge branch 'jhoenicke-master' 2016-07-04 17:45:01 +02:00
Pavol Rusnak
f489550a1b
Merge branch 'master' of https://github.com/jhoenicke/trezor-mcu into jhoenicke-master 2016-07-04 17:42:39 +02:00
Pavol Rusnak
79e4d4d8c2
fix uppercase letters in GitHub/GitLab 2016-07-04 16:58:57 +02:00
Pavol Rusnak
40ca2c9210
add gitlab to u2f_knownapps 2016-07-04 15:48:36 +02:00
Pavol Rusnak
633024a993
send failure when reset workflow is aborted (this sends features when it was aborted by initialize message) 2016-07-04 15:02:24 +02:00
Pavol Rusnak
3ce756b692
add set -e to shell scripts 2016-07-03 13:54:32 +02:00
Pavol Rusnak
fdbae0b0e0
fix hid_control_request for debug link 2016-06-30 14:04:11 +02:00
Jochen Hoenicke
ae4dff6e5f Only compute pubkey on demand.
Changed all hdnode callers to call hdnode_fill_public_key if
they need the public key.
2016-06-27 10:13:18 +02:00
Jochen Hoenicke
97466519b0 Bitbucket U2F support 2016-06-26 21:49:41 +02:00
Pavol Rusnak
c6309ff93c
no UI for ECDHSessionKey for now (just ask for PIN) 2016-06-23 19:09:24 +02:00
Roman Zeyde
c86086e2b9 Add ECDH support 2016-06-16 22:40:21 +03:00
Pavol Rusnak
79986604a3 Merge pull request #92 from jhoenicke/master
Implement message SetU2FCounter
2016-06-13 00:30:12 +02:00
Jochen Hoenicke
120cfc148f
new message SetU2FCounter 2016-06-12 23:44:36 +02:00
Pavol Rusnak
57197e1463
use macros for usb interface numbers 2016-06-12 23:11:46 +02:00
Pavol Rusnak
5e57a1ceaf
Merge branch 'u2f' 2016-06-12 22:53:28 +02:00
Alex Beregszaszi
080dcf462f
Define field size limits for the Ethereum protocol 2016-06-12 22:51:05 +02:00
Jochen Hoenicke
caafefc0fb Tweaked timeouts, handle null nodes. 2016-06-12 21:25:35 +02:00
Roman Zeyde
e2064337c6 Update protobuf definitions 2016-06-11 22:20:38 +03:00
Roman Zeyde
63696dc474 crypto: add ECDH session key generation 2016-06-10 22:17:02 +03:00
Pavol Rusnak
da067913c2
show app icons in u2f dialog 2016-06-09 18:11:19 +02:00
Pavol Rusnak
b1e3c52b08
remove DialogIcon enum, use bitmap structure directly 2016-06-08 19:20:07 +02:00
Pavol Rusnak
9aaf0d37ba
add u2f icons 2016-06-08 19:20:06 +02:00
Ondrej Sika
2929bfbd48
u2f - add Slush Pool to WellKnown 2016-06-08 19:18:23 +02:00
Pavol Rusnak
36b9d80120
bump version (to 1.3.6) 2016-06-07 15:27:05 +02:00
Jochen Hoenicke
73e7d82e3f Allow initialize() to abort PIN wait 2016-05-28 16:24:14 +02:00
Pavol Rusnak
11072320a9
use ff01 usage page for debuglink 2016-05-27 15:27:41 +02:00
Jochen Hoenicke
c4e8bd0d0e More robust storage recycle sector
Clear storage marker first before clearing the second sector to prevent
leaving a state where only PIN failures have been cleared but storage is
still present.
2016-05-27 14:03:20 +02:00
Jochen Hoenicke
a366700332 fix indentation 2016-05-26 21:21:08 +02:00
Jochen Hoenicke
78d11cf060 New memory access over debug link 2016-05-26 20:59:16 +02:00
Jochen Hoenicke
be0858b7d7 Updated protobuf 2016-05-26 20:59:16 +02:00
Jochen Hoenicke
18d549c83d Fix U2F hid interface index for debug link 2016-05-26 20:59:16 +02:00
Jochen Hoenicke
e093371129 Added storage area for u2f counter.
To prevent flashing for every u2f operation just clear one bit in
the u2f area to indicate an increased counter.
2016-05-26 20:59:16 +02:00
Jochen Hoenicke
8e7896456a Merge branch 'origin/master' into u2f 2016-05-26 20:58:52 +02:00
Pavol Rusnak
e119656c29
use descriptor that matches fido one (except usage_page) 2016-05-26 13:33:10 +02:00
Jochen Hoenicke
87bfd5a829 Bugfix: restore storage.
Storage restore was broken due to my previous patch.
2016-05-25 01:14:32 +02:00
Jochen Hoenicke
053fe7cb66 Remove Cancel Option
U2F doesn't allow cancellation on device.

Also fix button state in protect.  This fixes the following bug:
1. wipe device
2. press and hold right button, click left button to cancel.
3. release all buttons.
4. wipe device again, now automatic.
2016-05-24 01:59:37 +02:00
Jochen Hoenicke
68b34af19e More standard conform behaviour
Tested with u2f-ref-code/u2f-tests.
Known incompatibility:
 - changed challenge invalidates button press.
2016-05-24 01:16:55 +02:00
Jochen Hoenicke
a1ba431d94
Use more sensible HID descriptor 2016-05-23 19:20:21 +02:00
Jochen Hoenicke
bc92fb95a5
Clear pinarea on storage_init if upgrade fails
This also cleans up the code a bit and resets storage_uuid if upgrade fails.
2016-05-20 20:13:43 +02:00
Pavol Rusnak
46119bd007
clear pin failures on wipe and when in debug mode 2016-05-20 17:00:10 +02:00
Jochen Hoenicke
96f30a0ba7 Don't ask for passphrase with u2f. 2016-05-20 01:49:20 +02:00
Jochen Hoenicke
a0571e02a7 Removed more magic numbers.
`KEY_PATH_LEN`: length of the derivation path in the key handle

`KEY_PATH_ENTRIES`: number of entries in derivation path including
initial BIP-43 selector.

`KEY_HANDLE_LEN`: length of key handle (derivation path + HMAC checksum)
2016-05-18 03:05:04 +02:00
Pavol Rusnak
d20671b517
handle various signed_message_headers correctly 2016-05-17 18:13:08 +02:00
Pavol Rusnak
041eaa5e4b
refactor u2f dialogs into a separate function 2016-05-16 18:58:13 +02:00
Pavol Rusnak
ad2bab0186
Merge branch 'u2f' of github.com:jhoenicke/trezor-mcu into u2f 2016-05-16 18:22:03 +02:00
Pavol Rusnak
c123db71b9
Merge branch 'master' into u2f 2016-05-16 18:19:31 +02:00
Pavol Rusnak
9006c90a59
use MEMSET_BZERO and U2F_APPID_SIZE macros 2016-05-16 18:18:21 +02:00
Jochen Hoenicke
2ab950555e Fixed u2f reentry 2016-05-15 10:44:57 +02:00
Jochen Hoenicke
eb2ef2464c CID hacks, not yet finished 2016-05-15 10:44:57 +02:00
Jochen Hoenicke
450a277f45 Only compile debugInt when debugging 2016-05-15 10:44:57 +02:00
Jochen Hoenicke
117d261a38 Script to generate key and certificate 2016-05-15 10:44:57 +02:00
Jochen Hoenicke
55fe98ccd1 Fix USB HID descriptor 2016-05-15 10:44:40 +02:00
Pavol Rusnak
e1fa896d6c
disable ECIES 2016-05-12 21:09:34 +02:00
Pavol Rusnak
def4a9a02c
fix pbkdf2 usage in storage.c 2016-05-12 21:05:17 +02:00
Pavol Rusnak
008da6c089 Merge pull request #82 from jhoenicke/pinarea
Don't reflash storage after each PIN entry
2016-05-12 15:40:09 +02:00
Jochen Hoenicke
8be6956ce9 fix compilation
updated coins datastructure to include the new fields
2016-04-29 22:36:43 +02:00
Pavol Rusnak
a5feab0175
update submodules 2016-04-29 17:52:16 +02:00
Pavol Rusnak
f5ea14a85f
fix bugs in debug 2016-04-29 17:06:21 +02:00
Jochen Hoenicke
6218770e26 Script to generate key and certificate 2016-04-29 16:20:54 +02:00
Jochen Hoenicke
c1ff9e1ec7 Use more sensible hid descriptor. 2016-04-29 16:20:54 +02:00
Jochen Hoenicke
2abe5d477e Clean-up. Better checks for buffer overflow. 2016-04-29 16:20:54 +02:00
Jochen Hoenicke
5c13e78deb Added support for known appid. 2016-04-29 16:20:54 +02:00
Jochen Hoenicke
b3bfc64d2f Use hmac for checking key integrity 2016-04-29 16:20:54 +02:00
Jochen Hoenicke
01ddb3ff66 Reduced buffer sizes, moved static info to flash 2016-04-29 16:20:54 +02:00
Jochen Hoenicke
1b8bd1852e Adapted U2F to new hdnode API 2016-04-29 16:20:54 +02:00
Jochen Hoenicke
cf38291ca4 Updated branch u2f 2016-04-29 16:19:54 +02:00
Jochen Hoenicke
630e26dd20 use less stack memory in storage_commit 2016-04-27 19:23:02 +02:00
Jochen Hoenicke
da98a3a6fd Don't reflash storage after each PIN entry
Instead of reflashing the whole storage, we use a designated area
in the second storage block, where we mark each PIN failure by a
single zero bit. This is because one can set bits in flash to zero but
not to one.  If the PIN was entered successfully the whole word is
set to zero and the next word stores the new PIN failure counter.
2016-04-27 18:39:04 +02:00
Jochen Hoenicke
e0539f8f8b Move public key recovery (verify) to trezor-crypto 2016-04-27 18:10:21 +02:00
Pavol Rusnak
5e5138066a
adapt the reorder of hash_final functions 2016-04-26 11:53:58 +02:00
Pavol Rusnak
b8539a6972
fix wording 2016-04-25 23:46:36 +02:00
Pavol Rusnak
035a6e754f
fix last commit 2016-04-25 23:40:24 +02:00
Pavol Rusnak
9e8c369f93
show address in verifymessage layout 2016-04-25 23:03:57 +02:00
Jochen Hoenicke
51f02ff763
ed25519 support 2016-04-22 18:22:45 +02:00
Jochen Hoenicke
6813ffb431
Remove the public_key hack.
It is no longer necessary to move the public key into a temporary buffer
since the node is specific for the curve and contains the right public
key.
2016-04-21 11:58:39 +02:00
Roman Zeyde
2b2414cb91 Add GPG v2.1 support by signing message digest 2016-04-20 21:01:39 +03:00
Jochen Hoenicke
03c501d9e3 Do not use hardcoded string for secp256k1. 2016-04-20 15:39:15 +02:00
Jochen Hoenicke
56238e63fc Added curve type to HD node.
Create a different root node for every curve type to separate the key
space.
2016-04-19 18:23:12 +02:00
Pavol Rusnak
d8aeb63854
pass version/lock_time parameters from SignTx message to signing_init function 2016-04-16 04:47:09 +02:00
Pavol Rusnak
7675a0aa5f
fix usage of inline/static 2016-02-15 15:29:19 +01:00
Pavol Rusnak
4c9149818a
bump version (to 1.3.5) 2016-02-12 18:29:06 +01:00
Pavol Rusnak
1d3c7ee3f2
cleanup Waking up screen usage 2016-01-19 15:36:43 +01:00
Pavol Rusnak
6e3aec0c1b
move submodules to vendor subdirectory 2015-12-15 23:01:54 +01:00
Pavol Rusnak
ed76d030ef
check for sessionPassphraseCached 2015-12-14 22:53:14 +01:00
Pavol Rusnak
f557e6149d
implement GetPublicKey.show_display option 2015-11-19 11:48:26 +01:00
Pavol Rusnak
27183323a4
fail sooner when the device is not initialized 2015-11-19 11:03:16 +01:00
Pavol Rusnak
50c8811af9
double sized font for reset device 2015-11-18 19:52:16 +01:00
Mark Bryars
32f8819997 Generate hardened keys in a unique root 2015-11-05 01:24:37 +01:00
Mark Bryars
9328cad7f1 Add U2F support 2015-11-03 16:47:12 +01:00
Roman Zeyde
c08ff09f0f storage: add compile-time assert for sizeof(Storage) validation 2015-09-06 21:14:23 +03:00
Pavol Rusnak
8372504238 show home screen on Initialize 2015-08-25 19:50:31 +02:00
Roman Zeyde
755b0388f0 firmware: exclude debug functionality from release build 2015-08-24 15:51:20 +03:00
Roman Zeyde
1bb00adc37 fsm: add compile-time assert for response size validation
ttps://gcc.gnu.org/gcc-4.6/changes.html
2015-08-24 13:55:44 +03:00
Pavol Rusnak
8b1f8a4595 show "Web sign in to" when HTTPS is detected 2015-08-21 17:04:38 +02:00
Pavol Rusnak
0c6b3e26e2 prepare 1.3.4 release 2015-08-03 21:59:06 +02:00
Pavol Rusnak
b678ba8811 update protob 2015-08-03 21:27:56 +02:00
Pavol Rusnak
e876aa5094 changed coin max fees 2015-07-29 15:38:00 +02:00
Pavol Rusnak
e8b47901ce show "Go to myTREZOR.com" instead of label when device is not initialized 2015-07-09 23:02:13 +02:00
Pavol Rusnak
9ae7d6bf65 simplify layout Dialog in SignIdentity 2015-07-04 23:45:57 +02:00
Pavol Rusnak
e4d86a49ab rework SignIdentity signing 2015-07-04 23:40:55 +02:00
Pavol Rusnak
eaf209d999 implement CipherKeyValue.iv field 2015-06-29 16:36:50 +02:00
Pavol Rusnak
d488366e36 Merge branch 'master' of git://github.com/romanz/trezor-mcu into romanz-master
Conflicts:
	firmware/crypto.c
2015-06-28 21:26:15 +02:00
Roman Zeyde
381f90b38a cryptoMessageSign() should check the return value of ecdsa_sign_digest() 2015-06-27 10:20:19 +03:00
Roman Zeyde
0ac032917b enable Trezor to perform SSH public key authentication
support both NIST256P1 and SECP256K1 ECDSA curves.
2015-06-26 10:43:39 +03:00
Pavol Rusnak
b4728e6cf9 Merge pull request #27 from jhoenicke/master
New usbDelay that delays and handles USB requests
2015-05-25 10:57:40 +02:00
Pavol Rusnak
02040421cb fix param order in memset 2015-05-18 13:37:44 +02:00
Darin Stanchfield
e99aafd949 fixed salt passing to pbkdf2_hmac_sha512 2015-05-05 12:01:34 -07:00
Jochen Hoenicke
218b9984bb New usbDelay that delays and handles USB requests
Added usbDelay that polls usb port (for system requests) while delaying.
This is called instead of delay in the button and pin delay functions.
Experimental evaluation gave that the cycle count should be roughly divided
by 28.5.
2015-04-29 19:10:48 +02:00
Pavol Rusnak
7d8fb375f0 seconds counter during pin lockdown 2015-04-16 18:16:30 +02:00
Pavol Rusnak
1501ca2f67 activate screensaver on ClearSession message 2015-04-13 19:52:38 +02:00
Pavol Rusnak
ea7e92f5dd make gears turn faster when signing 2015-04-13 18:53:58 +02:00
Pavol Rusnak
795f70075b make SignIdentity.challenge_hidden and SignIdentity.challenge_visual longer (256 bytes) 2015-04-02 17:20:39 +02:00
Pavol Rusnak
ba73f43f71 change "sign in" screen 2015-04-02 16:56:03 +02:00
Pavol Rusnak
00ccf6a8ce bump storage version 2015-04-01 19:43:36 +02:00
Pavol Rusnak
8b268692fe prepare 1.3.3 release 2015-04-01 17:17:37 +02:00
Pavol Rusnak
4cbf29505d don't clear PIN on Initialize 2015-03-31 16:31:29 +02:00
Pavol Rusnak
aee35dc768 add pin_cached + passphrase_cached fields to Features message; add GetFeatures message 2015-03-30 15:47:03 +02:00
Pavol Rusnak
bda4267c38 clear session on Initialize message 2015-03-30 14:41:51 +02:00
Pavol Rusnak
7c6d2fe395 ask for PIN in GetAddress and GetPublicKey messages 2015-03-30 14:38:33 +02:00
ELMr4Ever
e855946d1c Darkcoin to Dash re-branding 2015-03-28 21:12:01 -07:00
Pavol Rusnak
9761dd23e0 prepare 1.3.2 release 2015-03-21 10:44:30 +01:00
Pavol Rusnak
40e174ac87 bump storage version 2015-03-18 13:34:09 +01:00
Pavol Rusnak
f344ec9c9b actually is SLIP-0013 2015-03-17 15:02:07 +01:00
Pavol Rusnak
c286cd75f3 bn_substract_noprime -> bn_subtract 2015-03-17 14:23:58 +01:00
Pavol Rusnak
fb2a085fff update trezor-crypto 2015-03-12 16:14:11 +01:00
Pavol Rusnak
0ee02eb09a revert non-swiping dialogs 2015-03-03 18:35:04 +01:00
Pavol Rusnak
24660f3e2c fix port in signidentity dialog 2015-03-03 17:42:25 +01:00
Pavol Rusnak
65d734df58 add Darkcoin 2015-03-03 02:09:15 +01:00
Pavol Rusnak
d1c62659f7 make signidentity dialog nicer 2015-03-02 21:33:06 +01:00
Pavol Rusnak
1272046375 login -> sign in 2015-03-02 19:58:33 +01:00
Pavol Rusnak
402886e00d Merge pull request #16 from jhoenicke/master
PIN handling - constant time.
2015-02-26 11:38:53 +01:00
Pavol Rusnak
82308d8a38 make wording more verbose (in SignIdentity) 2015-02-25 20:26:21 +01:00
Pavol Rusnak
eefa689b33 call layout functions where needed to rewrite the display after dialog choice 2015-02-25 17:57:47 +01:00
Pavol Rusnak
137a60ce01 set multisig_fp_mismatch when non-multisig input is encountered 2015-02-25 17:03:46 +01:00
Pavol Rusnak
399d4d31b7 replace transaction check hashing 2015-02-25 17:03:46 +01:00
Pavol Rusnak
73c42402b9 implement SignIdentity workflow 2015-02-25 17:03:01 +01:00
Jochen Hoenicke
5d8135be1a Faster signing, smoother progressbar.
Most time in signing transaction on the Trezor side is spent
in layoutProgress.  This patch reduces the calls to this functions.
We also compute the progress differently, reserving 50 % for downloading
input transactions and 50 % for the signing process.  This gives a
smoother experience if the input transactions are large.
2015-02-25 16:37:08 +01:00
Jochen Hoenicke
286ee0525c PIN handling - constant time.
This diff contains three changes.
1. Make timing isPinCorrect independent of storage.pin, to avoid timing attacks
2. Only update failed PIN counter if the user entered a PIN.
   Of course, the fail counter is still incremented, before the PIN is checked.
3. Don't cache the PIN, but just the fact that the PIN was entered.  The
   cache should be in sync with storage.pin in any case.
2015-02-22 15:42:31 +01:00
Pavol Rusnak
ad6fc7b5a7 update protobuf 2015-02-20 19:01:45 +01:00
Pavol Rusnak
2f5e520345 add description to layoutAddress 2015-02-19 14:11:27 +01:00
Pavol Rusnak
f2f50aa188 bump version to 1.3.1 2015-02-16 15:23:30 +01:00
Pavol Rusnak
94531f264e speed up public ckd (used in multisig) 2015-02-15 20:47:53 +01:00
Pavol Rusnak
07c8c4963a use const char * const * for wordlist 2015-02-14 12:40:32 +01:00
Pavol Rusnak
60bb2fe2b1 use Knuth shuffles 2015-02-13 20:51:02 +01:00
Pavol Rusnak
7d3196a057 correctly skip utf-8 characters 2015-02-13 17:42:23 +01:00
Pavol Rusnak
7fd1e894f5 refactor font handling 2015-02-13 15:37:23 +01:00
Pavol Rusnak
03faa85cc4 integrate signing reorder patch by Jochen 2015-02-11 17:38:32 +01:00
Pavol Rusnak
ed3fbf901c passphrase protection -> encryption (in dialog) 2015-02-05 18:59:43 +01:00
Pavol Rusnak
b5221ce2e9 introduce homescreen 2015-02-04 21:27:07 +01:00
Pavol Rusnak
d35b741f08 enable OP_RETURN 2015-02-04 20:04:59 +01:00
Pavol Rusnak
40efefc571 rework pin handling 2015-01-27 13:00:25 +01:00
Pavol Rusnak
012d38a9a0 increasePinFails before asking PIN 2015-01-26 21:41:43 +01:00
Pavol Rusnak
7dacfd69ee check for flash operation failure 2015-01-26 21:10:51 +01:00
Pavol Rusnak
5f8a4f6da1 use hdnode_private_ckd_cached where appropriate 2015-01-26 20:24:07 +01:00
Pavol Rusnak
31385f71f4 update nanopb to 0.2.9.2 2015-01-26 14:02:14 +01:00
Pavol Rusnak
32158bbb5c refactor fsm_getRootNode into fsm_getDerivedNode 2015-01-26 13:53:06 +01:00
Pavol Rusnak
8f48ffe63c extract fsm_getCoin 2015-01-26 12:51:56 +01:00
Pavol Rusnak
0981ed98b6 Merge pull request #7 from runn1ng/master
correcting transponed QR code
2015-01-18 13:43:10 +01:00
cf18
880f058482 correcting transponed QR code 2015-01-18 04:23:56 +01:00
Pavol Rusnak
b5eecb30be downgrade nanopb to LTS version 0.2.9.1 2014-12-27 16:05:34 +01:00
Pavol Rusnak
b06780e0a7 prepare 1.3.0 release 2014-12-25 18:32:00 +01:00
Pavol Rusnak
48cc36b1b9 adapt to new base58 api, use CoinType.address_type_p2sh field 2014-12-23 03:18:29 +01:00
Pavol Rusnak
1674edcbac p2sh addresses can have 35 characters 2014-12-22 21:16:49 +01:00
Pavol Rusnak
30a55829e5 rework hashing of transactions 2014-12-21 20:34:14 +01:00
Pavol Rusnak
2a2eba7de5 rework layoutProgress functions 2014-12-21 18:58:56 +01:00
Pavol Rusnak
03a053c944 implement change logic for multisig 2014-12-21 02:15:56 +01:00
Pavol Rusnak
0898c707d9 move change logic before confirmation 2014-12-20 20:55:32 +01:00
Pavol Rusnak
7000451f71 implement OutputScriptType_PAYTOMULTISIG, reorganize compile_output code 2014-12-20 20:34:19 +01:00
Pavol Rusnak
0d427f2cd2 fix confirm layouts in multisig operation 2014-12-20 02:38:53 +01:00
Pavol Rusnak
cce9d783a6 introduce cryptoMultisigFingerprint 2014-12-16 18:56:44 +01:00
Pavol Rusnak
4122b56e1c check return value of cryptoHDNodePathToPubkey 2014-12-16 18:49:49 +01:00
Pavol Rusnak
309604d286 change setup wording 2014-12-16 18:45:39 +01:00
Pavol Rusnak
0e92d4c588 error checking of hdnode functions return values 2014-12-16 18:28:46 +01:00
Pavol Rusnak
1385de1154 use const where appropriate 2014-12-16 16:50:12 +01:00
Pavol Rusnak
567537cd03 update to new multisig api 2014-12-16 14:28:47 +01:00
Pavol Rusnak
961566c9b7 implement ApplySetttings.use_passphrase 2014-12-13 19:29:27 +01:00
Pavol Rusnak
7e27275ec8 allow 15/15 multisig 2014-12-10 20:20:03 +01:00
Pavol Rusnak
43ff5baeab such happy doge 2014-12-10 18:58:27 +01:00
Pavol Rusnak
92cfcd1565 implement GetAddress.multisig field 2014-12-10 18:04:51 +01:00
Pavol Rusnak
6561647d6b update pb 2014-12-10 15:44:26 +01:00
Pavol Rusnak
86dd83f93b sign message speedup
see https://github.com/spesmilo/electrum/pull/695/files#diff-3
2014-12-08 21:21:44 +01:00
Pavol Rusnak
10fc0b69fc check LoadDevice.skip_checksum field 2014-12-08 19:58:13 +01:00
Pavol Rusnak
d07f6026e9 detect multisig by SPENDMULTISIG flag 2014-12-07 13:11:29 +01:00
Pavol Rusnak
91451f88b5 multisig 2014-12-06 19:12:55 +01:00
Pavol Rusnak
a16e8c0e04 more layout fixes 2014-11-27 17:23:04 +01:00
Pavol Rusnak
0c050e7fca update layouts for message operations 2014-11-26 18:52:30 +01:00
Pavol Rusnak
f75515544f move Sign/Verify to crypto.c/h, implement Encrypt/Decrypt 2014-11-25 19:32:04 +01:00
Pavol Rusnak
960c665aac update protobuf, require address for verifymsg 2014-11-15 02:00:07 +01:00
Pavol Rusnak
c051dfde9d update trezor-crypto 2014-10-30 01:38:40 +01:00
Pavol Rusnak
8b70713e2b update protobuf 2014-10-30 00:51:28 +01:00
Pavol Rusnak
8f1c40a933 start implementing EncryptMessage/DecryptMessage 2014-10-22 19:53:25 +02:00
Pavol Rusnak
ba63157a77 check coin->address_type while building output 2014-08-19 00:49:17 +02:00
Pavol Rusnak
e5d55967a0 implement GetAddress.show_display 2014-08-13 11:08:15 +02:00
Pavol Rusnak
63c6d046d1 add PublicKey.xpub field 2014-08-07 21:53:55 +02:00
Pavol Rusnak
e5bdf1943a align encryption of hdnode with mnemonic logic 2014-08-07 20:56:56 +02:00
Pavol Rusnak
524f2a957a enable stack protector 2014-07-31 19:44:03 +02:00
Pavol Rusnak
a2eb43b057 fix message length in msg_read_tiny 2014-07-27 16:20:35 +02:00
Pavol Rusnak
ea4d99cfee change recovery logic 2014-07-10 18:11:44 +02:00
Pavol Rusnak
2707e8aff6 move APPVER guards from includes to app code 2014-07-07 15:03:34 +02:00
Pavol Rusnak
df524b9f35 prepare 1.2.0 release 2014-07-03 01:20:34 +02:00
Pavol Rusnak
9ca3854146 use estimate instead of real size of tx when calculating fee warning 2014-07-01 19:48:54 +02:00
Pavol Rusnak
849e758eb4 double the delay before buttonupdate 2014-06-26 00:26:47 +02:00
Pavol Rusnak
e9fd756daa better UI for layoutSignMessage, layoutVerifyMessage and layoutCipherKeyValue 2014-06-21 00:31:44 +02:00