1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-22 14:28:07 +00:00
Commit Graph

990 Commits

Author SHA1 Message Date
Tomas Susanka
0b7a8449f8 core: style 2020-03-30 16:04:05 +00:00
Tomas Susanka
bf20537f41 core: add option to omit cancel button in HoldToConfirm; add it to reset 2020-03-30 16:00:12 +00:00
Pavol Rusnak
336a417233 core/bootloader: distinguish between a vendor change and downgrade with wipe 2020-03-25 15:15:12 +01:00
Andrew Kozlik
8ae0535e69 core/webauthn: Fix attestation statement format to use a list in the x5c field. 2020-03-24 16:18:37 +01:00
Tomas Susanka
aa71c20f2c core: require hold to confirm 2020-03-24 09:20:10 +00:00
Ondrej Mikle
634ed5aabc
core: commands for flashing via JLink (#911) 2020-03-23 10:40:06 +01:00
Tomas Susanka
025436db47 core/changelog: add FIDO2's Ed25519 2020-03-23 08:00:31 +00:00
Tomas Susanka
f786d75a6f core: drop obsolete check for ANYONECANSPEND segwit outputs 2020-03-20 14:19:31 +00:00
Tomas Susanka
d0d41c884e legacy: move script type checks to separate functions and unify with core 2020-03-20 14:19:31 +00:00
matejcik
bd9e15bb8c core/tests: add unit tests for prevhash writers 2020-03-20 14:19:31 +00:00
matejcik
a9faa4d4ab core/tests: fix inline variant of assertRaises
otherwise code like the following would fail:

>>> self.assertRaises(AssertionError, ensure, False)

because the AssertionError raised internally by `ensure` would be
conflated with the AssertionError raised by the tested function
2020-03-20 14:19:31 +00:00
matejcik
da89a17ce5 all: add checks for prev_hash size 2020-03-20 14:19:31 +00:00
matejcik
c15519f707 core/sign_tx: modify get_tx_header to avoid writing unchecked bytes 2020-03-20 14:19:31 +00:00
matejcik
9cab61fbd3 core/sign_tx: remove write_bytes_unchecked where appropriate 2020-03-20 14:19:31 +00:00
matejcik
27f6306e1d core: introduce safer write_bytes functions 2020-03-20 14:19:30 +00:00
matejcik
9a5f6b025a core/tezos: factor out writing Michelson instructions 2020-03-20 14:19:30 +00:00
matejcik
694f714719 core/ripple: rename write_bytes to avoid name collision 2020-03-20 14:19:30 +00:00
Tomas Susanka
64584e271c legacy, core: add and unify validation checks 2020-03-20 14:19:30 +00:00
matejcik
ffdb299c61 all: drop Capricoin support [NO BACKPORT] 2020-03-20 14:19:30 +00:00
matejcik
adea7d6b35 all: make timestamp mandatory on timestamp-enabled coins 2020-03-20 14:19:07 +00:00
matejcik
e2035b4972 all: drop Horizen and BIP-115 support [NO BACKPORT] 2020-03-20 14:19:07 +00:00
matejcik
6f9c6361ea core: remove negative_fee and cashaddr_prefix from bitcoin-only fw 2020-03-20 14:18:27 +00:00
matejcik
7d5771911c core: flip condition for force_bip143
this should be equivalent because Bitcoin does not have force_bip143 set
2020-03-20 14:18:27 +00:00
matejcik
ed464f3d47 all: ensure expiry, timestamp and extra_data are blocked as appropriate 2020-03-20 14:18:27 +00:00
matejcik
27803ee8c1 all: drop overwintered field from transaction 2020-03-20 14:18:27 +00:00
matejcik
c9fd3f77a5 all: add overwintered field to coin specification 2020-03-20 14:18:27 +00:00
Pavol Rusnak
817b922850 all: add extra_data and timestamp fields to coin specification 2020-03-20 14:18:27 +00:00
matejcik
136307bcae core: propagate coin info to all sanitize functions 2020-03-20 14:17:44 +00:00
matejcik
303c05aba7 core/sign_tx: check if prev_tx has enough outputs to match prev_index 2020-03-20 14:17:44 +00:00
Andrew Kozlik
a34637c0f2 core/sign_tx: Check multisig fingerprint before signing inputs. 2020-03-20 14:17:44 +00:00
Tomas Susanka
163220e4b7 core/wallet: properly check decred input 2020-03-20 14:17:44 +00:00
Ondřej Vejpustek
6274cfdf8b core: remove unreachable zcash code 2020-03-20 14:17:44 +00:00
Ondřej Vejpustek
d61181d7e8 core: fix transaction header for mixed segwit inputs 2020-03-20 14:17:44 +00:00
Tomas Susanka
f0a39df75d core/wallet: check inputs and outputs right after receiving them 2020-03-20 14:17:44 +00:00
Tomas Susanka
0903159d9b core, legacy: make sure OPRETURN ouput is not marked as change 2020-03-20 14:17:44 +00:00
Tomas Susanka
4af9aa547e core: forbid unnecessary fields in OPRETURN output 2020-03-20 14:17:44 +00:00
Andrew Kozlik
d800fcbf9f core/sign_tx: If there is a non-multisig input, then change output cannot be multisig.
(cherry picked from commit 8eb6ce0899)
2020-03-20 14:17:44 +00:00
Andrew Kozlik
b3cd760df0 core/webauthn: Disable CTAPHID_WINK function. 2020-03-20 15:07:06 +01:00
Andrew Kozlik
e5008eb332 core/webauthn: Remove indistinguishable credentials from the allow list. 2020-03-20 15:07:06 +01:00
Andrew Kozlik
cda9de8dd1 core/webauthn: Add maxCredentialCountInList and maxCredentialIdLength to authenticatorGetInfo response. 2020-03-20 15:07:06 +01:00
Andrew Kozlik
0af0e06d5b core/webauthn: Truncate names in credential data to at most 100 bytes. 2020-03-20 15:07:06 +01:00
matejcik
ccffefd667 core/boot: do not catch OSError in boot wait 2020-03-20 14:03:28 +01:00
matejcik
f6f041e269 core/sdcard: also catch OSError in the formatting phase 2020-03-20 14:03:28 +01:00
matejcik
3a71a5a05c core/sdcard: show "Wrong SD card" when unlocking SD protect with unformatted card 2020-03-20 14:03:28 +01:00
matejcik
3789a3372b core/sdcard: modify exception handling in fatfs
expose ff.c constants, raise them as arguments to FatFSError

introduce NotMounted and NoFilesystem as subclasses of FatFSError with
the appropriate error code set
2020-03-20 14:03:28 +01:00
Andrew Kozlik
8ee0026637 core: Allow PIN entry even when SD protect is enabled and the card is not present. 2020-03-19 15:04:33 +01:00
Andrew Kozlik
bfd834d1de storage: Add storage_ensure_not_wipe_code(). 2020-03-19 15:04:33 +01:00
Konnor Klashinsky
70a1f957ed
Fix BackupDevice layout on 18-word seed wallets 2020-03-13 13:41:04 +13:00
Andrew Kozlik
2f905a1157 core/webauthn: Add algorithm and curve to WebAuthnListResidentCredentials response. 2020-03-12 15:45:26 +01:00
Andrew Kozlik
f610787f8d core/webauthn: Clean up bytes/bytearray typing around uctypes. 2020-03-12 15:45:26 +01:00
Andrew Kozlik
e378820f7f core/webauthn: Implement support for Ed25519 signatures in FIDO2. 2020-03-12 15:45:26 +01:00
Pavol Rusnak
624b639ba8
Merge pull request #886 from trezor/onvej-sl/monero-optimizations-squashed
xmr/bp: memory optimizations and improvements, fixed style
2020-03-02 17:54:30 +01:00
Tomas Susanka
f8de140271 core: add cancel to hold to confirm dialogs 2020-03-02 13:58:41 +00:00
Dusan Klinec
2658e253fa xmr/bp: memory optimizations and improvements
- different approach to vector manipulation - more on the fly operations. Prepared for fully offloaded operations, BP on Trezor with constant memory.
- memory requirements reduced from (4MN + const) to (2MN + const)
- more raw methods to avoid unnecessary encoding/decoding
- chunking improved, chunk size set as a constant, changed from 64 to 32, missing pieces implemented to cover also BP 16
- proof_v8 support discontinued, old hardfork, not needed anymore
- get_exponent register clash fixed (for large vectors)
- reduced heap fragmentation by removing some temporary allocations
- hashing with len and offset to reduce heap fragmentation by creating a sliced arrays
- use to() wherever possible to avoid allocations and return of mutable private object
- global functions start with _ prefix, reduce import footprint
- use __slots__ in classes to minimize footprint
2020-03-02 12:17:03 +01:00
Tomas Susanka
21676a0662 ore/tezos: better wording in delegation cancel 2020-03-02 08:49:34 +00:00
matejcik
7f91bc571c core: ensure default task restarts after a passphrase workflow (fixes #883) 2020-02-28 15:55:40 +01:00
Tomas Susanka
5ee6e56f56
Merge pull request #880 from trezor/tsusanka/sign-verify-ui
Unify sign/verify message dialogs and fix text overflow
2020-02-28 15:47:48 +01:00
matejcik
bd9663af79 common/defs: update token reference, add new tokens to 2.3.0/1.9.0, regenerate coins_details 2020-02-27 19:13:17 +01:00
Tomas Susanka
86b010a18b
Merge pull request #878 from trezor/matejcik/fatfs-corruption
FatFS API rework
2020-02-27 15:58:38 +01:00
Tomas Susanka
c8b7d3fb56 core/changelog: SD card protection is part of 2.3.0 2020-02-27 13:57:48 +00:00
Tomas Susanka
a63e6fc4ef core+legacy: update changelogs 2020-02-27 13:21:17 +00:00
Tomas Susanka
a8af9feebe core: fix text overflow in some dialogs 2020-02-27 12:43:33 +00:00
Tomas Susanka
744c32991f core: unify sign/verify functions
The UI records are modified because of two changes:
- Added a coin name to the Sign/Verify screen (ETH/Lisk).
- Unified to use mono.
2020-02-27 12:43:33 +00:00
Tomas Susanka
b317613d63
Merge pull request #874 from trezor/tsusanka/test
Use wire errors where applicable
2020-02-27 13:38:30 +01:00
Tomas Susanka
495a59c282 core: use wire errors instead of ValueErrors where applicable 2020-02-27 10:46:01 +00:00
matejcik
18ac4fc9ca core: update Python facing APIs 2020-02-27 10:56:23 +01:00
matejcik
9ab84d2455 core/tests: thoroughly test modified APIs 2020-02-27 10:56:23 +01:00
matejcik
b24411b900 core/sdcard: unmount instance when powering off sdcard 2020-02-27 10:56:23 +01:00
matejcik
c81be584fb core/fatfs: ensure functions can only be called on a mounted filesystem
ff.c has a lazy-mounting feature, where any filesystem call will mount
the volume if it can. This messes with predictability of the mounted
state, so all (except mount/unmount/mkfs) Python functions will first
check if the fs is mounted.
2020-02-27 10:56:23 +01:00
matejcik
fa746e2990 core/fatfs: rework low-level FatFS API
Instead of having possibly multiple FatFS objects, each with its own
`fs` struct, there is one global static fs_instance. This is to match
the mode of operation of ff.c, which assumes a global list of mounts,
and all functions operate on the global based on path.

Methods of FatFS were converted to functions on the fatfs module.

fatfs.unmount() does not call ff.c's unmount, but simply invalidates
fs_instance. This is basically what ff.c would do, except without
messing with ff.c's global list of mounts.
2020-02-26 14:18:41 +01:00
Pavol Rusnak
c896f02eb3
core/boardloader: use SRAM as SD card read buffer
because DMA can't access the CCMRAM
2020-02-25 17:59:16 +01:00
Andrew Kozlik
2133f7cf29 core: Prevent data loss when writing to USB VCP. 2020-02-25 12:08:07 +01:00
matejcik
b916072389 common: restore PassphraseAck.state 2020-02-24 15:15:09 +01:00
matejcik
d7b9582386 core/sdcard: add ensure_filesystem option (fixes #868)
It is possible to call `ensure_sdcard` in a way that requires only SD
card be inserted, but not necessarily formatted.

This is useful for SD-protect and possibly other use-cases where the SD
card is read-only, and "not formatted" is identical to "not containing
the right files".
2020-02-24 13:28:44 +01:00
matejcik
e9c275c24f core/sdcard: fix invalid state when filesystem mounting fails 2020-02-24 13:28:44 +01:00
Pavol Rusnak
39ce100608
Merge pull request #864 from trezor/prusnak/bootloader-text-break
core/bootloader: split long vendor string
2020-02-21 18:39:20 +01:00
Tomas Susanka
6c47bf8230 core: store multiple sessions/caches at the same time 2020-02-21 14:40:42 +01:00
Pavol Rusnak
562671401e
Merge pull request #860 from trezor/prusnak/multisig-show-yours-others
core: show yours/others in get_address for multisig
2020-02-20 13:49:13 +01:00
matejcik
918603ad5c core: add unit test for sdcard wrapper 2020-02-20 12:51:48 +01:00
matejcik
7983fd34d6 core: fix unit tests 2020-02-20 12:51:48 +01:00
matejcik
4ed6487a19 core/sdcard: add out-of-bounds checks to emulator 2020-02-20 12:51:48 +01:00
matejcik
ddee77ecb6 core: add SD clearing via debuglink 2020-02-20 12:51:48 +01:00
matejcik
d0b1b171f1 core/sdcard: ensure emulator initializes the SD card when first needed 2020-02-20 12:51:48 +01:00
matejcik
5bd8d9b5bb core/sdcard: make allocating new SD card for emulator fast 2020-02-20 12:51:48 +01:00
matejcik
1e9352b9e0 core: add SD format dialog, generalize sdcard usage 2020-02-20 12:51:48 +01:00
matejcik
5bac85f260 core: use filesystem wrapper instead of the ensure_filesystem decorator 2020-02-20 12:51:48 +01:00
matejcik
d08942be4a core: introduce filesystem wrapper 2020-02-20 12:51:48 +01:00
matejcik
b2084a19be core/trezorio: move sdcard functions to a submodule 2020-02-20 12:51:48 +01:00
matejcik
30529d218d core/sdcard: change SDCard methods to plain functions 2020-02-20 12:51:48 +01:00
matejcik
06b89c57c5 core/sdcard: return proper disk status flags to fatfs 2020-02-20 12:51:48 +01:00
Tomas Susanka
ff1bb67abc common: return the PasshraseType button request 2020-02-20 08:04:35 +00:00
Pavol Rusnak
dc66bbe3d5
core/bootloader: split long vendor string 2020-02-19 21:40:28 +00:00
Pavol Rusnak
74802a107e
core/modtrezorui: add display_text_split 2020-02-19 21:40:28 +00:00
Pavol Rusnak
c4babd3c0b
Merge pull request #846 from trezor/bootloader-read-retry
core/bootloader: make read more benevolent and read error more helpful
2020-02-19 19:45:34 +01:00
Pavol Rusnak
581e46ff87
Merge pull request #845 from trezor/prusnak/webusb-popup
Don't show WebUSB popup in firmware, in bootloader only if no firmware present
2020-02-19 18:18:01 +01:00
Pavol Rusnak
7944c1a837
core/monero: add confirmation dialog for unlock_time 2020-02-19 14:31:45 +00:00
Pavol Rusnak
a808cc9190
core/apps: await require_confirm should be called without return 2020-02-19 14:31:45 +00:00
Pavol Rusnak
b9486c0b33
core: show yours/others in get_address for multisig 2020-02-18 22:39:55 +00:00
Tomas Susanka
577daf09fe tests: introduce --ui-check-missing to test/remove missing tests 2020-02-18 09:33:21 +01:00
matejcik
1d41141a1f core/emulator: properly ignore inotify problems (fixes #854) 2020-02-17 12:33:38 +01:00
Pavol Rusnak
2958a97c87
Merge pull request #830 from trezor/tsusanka/fw-upgrade
FW Update: Request a small chunk first to make the UI smoother
2020-02-15 13:08:33 +01:00
matejcik
e61b7d28e9 all: do not send state in PassphraseAck (not needed for compatibility) 2020-02-13 15:44:50 +01:00
Pavol Rusnak
63dfd6c6ab
core/bootloader: make read more benevolent and read error more helpful 2020-02-12 22:05:29 +01:00
Pavol Rusnak
07cd73ce57
core: show webusb popup only in bootloader and only if firmware is not installed 2020-02-12 20:47:05 +00:00
matejcik
4c8c96272c emu: fix flag options with defaults
Click REALLY INSISTS you provide on/off switches for your options.
You can use is_flag, but then the presence of the option changes based
on the default value.

Which makes sense, really:
@option("-f", "foobar", is_flag=True, default=False)
you would expect `./cli -f` to have `foobar is True`

whereas with
@option("-f", "foobar", is_flag=True, default=True)
you would expect `./cli -f` to have `foobar is False`, otherwise it's a
no-op

this becomes fun with `default=os.environ.get("SOMETHING")`, because
then the effect of the option CHANGES with a value of environment
variable!

there's two ways around this:
a) don't use defaults, update the flag explicitly, like:
   foobar = foobar or os.environ.get("FOOBAR") == "1"
b) forget about is_flag and specify an on/off switch, where the default
   value works as intended

since the latter is also technically speaking more correct, i'm doing it
2020-02-12 13:32:05 +01:00
matejcik
271da3fa39 python: add detailed logging to emulator runner 2020-02-12 13:31:58 +01:00
matejcik
c14429c445 all: shut down emulator on error_shutdown 2020-02-12 13:31:31 +01:00
matejcik
d3b88a37be core: do not catch SystemExit in handle_session (#826) 2020-02-12 10:36:42 +01:00
Tomas Susanka
f947fe97cc core: fix style 2020-02-11 16:41:43 +01:00
Tomas Susanka
0a13f7a441 core: properly limit passphrase to 50 bytes 2020-02-11 15:39:08 +00:00
Tomas Susanka
2c0504ad1c
Merge pull request #803 from trezor/passphrase
Passphrase Redesign
2020-02-11 16:01:59 +01:00
matejcik
05a1d6f771 core/debug: add "show arbitrary screen" capability, for easier prototyping 2020-02-11 11:53:34 +01:00
matejcik
c01d04f26e common/protob: drop a default field declaration
which triggers nanopb bug https://github.com/nanopb/nanopb/issues/487
2020-02-11 11:53:34 +01:00
matejcik
741c0c8888 core: improve stability of Monero test runner 2020-02-11 11:16:28 +01:00
matejcik
4c9689d7a7 common: return deprecated fields to protobuf, to allow cross-version compatible code 2020-02-10 12:35:28 +01:00
Pavol Rusnak
e58225fe02
core/boot: don't call mkfs in emulator 2020-02-07 15:30:21 +00:00
Pavol Rusnak
fdfa64ac2a
core/ui: fix HoldToConfirm redraw 2020-02-07 15:21:16 +00:00
Pavol Rusnak
32f8f1cb61
core/embed: update fatfs to 0.14; use upstream version 2020-02-07 15:21:16 +00:00
Tomas Susanka
56dc952495 common: fix PassphraseAck.on_device id 2020-02-07 14:19:01 +00:00
Pavol Rusnak
73ed2f3450
legacy: small nitpicks related to the new passphrase handling 2020-02-07 11:41:03 +00:00
Tomas Susanka
15ed5cd19e
core: do not clear cache on ClearSession 2020-02-07 11:41:03 +00:00
Tomas Susanka
fd0dc8ed66
core/passphrase: merge 'get from user' functions 2020-02-07 11:41:03 +00:00
Tomas Susanka
7d7ffe3b67
cardano: derive the root and then cache 2020-02-07 11:41:02 +00:00
matejcik
3fa99c0c6a
core/tests: add storage.cache tests 2020-02-07 11:41:02 +00:00
matejcik
938f347514
core: use DUMMY_CONTEXT constant instead of own instance 2020-02-07 11:41:02 +00:00
matejcik
d4171aaedc
core/tests: extract common await_result() method 2020-02-07 11:41:02 +00:00
matejcik
1f50a13edf
core: use cache for Monero live refresh confirmation 2020-02-07 11:41:02 +00:00
Tomas Susanka
b96d7cafbb
core: rework cache and fix cardano caching 2020-02-07 11:41:01 +00:00
Tomas Susanka
aa6988a556
core/ui: introduce draw_simple 2020-02-07 11:41:01 +00:00
Tomas Susanka
d5763d9cab
all: implement code review comments 2020-02-07 11:41:01 +00:00
Tomas Susanka
f3553f63f1
common: remove PassphraseRequest.on_device completely 2020-02-07 11:41:00 +00:00
Tomas Susanka
c65b57affb
core, legacy: remove passphrase_cached 2020-02-07 11:41:00 +00:00
Tomas Susanka
1343583d21
core: bump version to 2.3.0 2020-02-07 11:41:00 +00:00
Tomas Susanka
8fa0d8f098
core/passphrase: show dialog to enter the passphrase on host 2020-02-07 11:41:00 +00:00
Tomas Susanka
a3f3d4fcdb
remove ping.passphrase/pin 2020-02-07 11:41:00 +00:00
Tomas Susanka
b5d6aaf77c
tests: test PassphraseAck options 2020-02-07 11:41:00 +00:00
Tomas Susanka
ece351c5e5
core: do not prompt for passphrase if 'always' setting is enabled 2020-02-07 11:40:59 +00:00
Tomas Susanka
466dc4732d
core/passphrase: add button requests 2020-02-07 11:40:59 +00:00
Tomas Susanka
4a0f727f13
core: fix monero 2020-02-07 11:40:59 +00:00
Tomas Susanka
cd09f9ce94
all: modify passphrase source to always on device 2020-02-07 11:40:59 +00:00
Tomas Susanka
eafd57c301
common, core: add passphrase entry capability 2020-02-07 11:40:58 +00:00
Tomas Susanka
90d5cdfd5b
all: rework passphrase
The `on_device` field is being moved to PassphraseAck, State messages
are removed. Features newly contain `session_id`.
2020-02-07 11:40:58 +00:00
Tomas Susanka
a02d7e3daf core/bootloader: request vendor header first 2020-02-06 12:22:32 +00:00
matejcik
d28e33ef02 core/headertool: support generating vendor headers with explicit size 2020-02-05 12:23:34 +01:00
Pavol Rusnak
6dbed1424f
core+legacy: update nanopb api to version 0.4 2020-02-04 17:18:27 +00:00
Pavol Rusnak
3eb7775659
core/bootloader: regenerate protobuf messages 2020-02-04 17:18:17 +00:00
Pavol Rusnak
4647e7d686
core+legacy: use nanopb generator from pipenv 2020-02-04 17:15:25 +00:00
Pavol Rusnak
5bf8eca350
legacy+core: accept only valid UTF-8 strings via nanopb 2020-02-04 17:15:25 +00:00
Tomas Susanka
277e494ffa core/recovery: end dry run before showing success
updates #815
2020-02-03 12:12:49 +00:00
Tomas Susanka
4850eaf534 emu.py: remove frozen variable 2020-01-30 14:47:11 +00:00