gabrielkerekes
f1b6056edb
Fix staking key hash message
...
When deriving an address with a foreign staking key Trezor would crash
due to forgotten `decode()` on hexlified staking key hash which was to
be displayed.
This wasn't discovered while testing because it weirdly would pass with
a `aaff00` string, but not with longer ones.
2020-07-30 14:43:32 +02:00
matejcik
c008600d08
core/debug: fail if wait_layout is sent without watch_layout
2020-07-29 11:50:47 +02:00
Pavol Rusnak
9a673db647
core: fix build on T1
...
file src/apps/base.py was added unconditionally breaking the T1 build
2020-07-28 12:12:53 +02:00
Pavol Rusnak
a6451dad46
core/fonts: update headers
2020-07-28 10:56:41 +02:00
Martin Milata
3021233eaf
core: remove unimports from bitcoin sign_tx layouts
2020-07-28 10:51:28 +02:00
Pavol Rusnak
47e7550423
core/extmod: add font_pixeloperator{,mono}, use this font for T1
2020-07-28 09:40:30 +02:00
Pavol Rusnak
cec87bba50
core: remove mono bold font variant (not used anywhere)
2020-07-27 23:22:34 +02:00
Pavol Rusnak
e6baaa7ed9
core/src1: use display.text instead of display.print
2020-07-27 17:40:34 +02:00
Pavol Rusnak
de43dde1e9
core: make emu.sh respect TREZOR_MODEL env variable
2020-07-27 17:38:55 +02:00
Pavol Rusnak
8bc32d035b
core/extmod: enable display_text* methods for other models than T
2020-07-27 17:24:13 +02:00
Pavol Rusnak
df03534955
core: print inverted question mark for nonprintable characters
2020-07-27 16:29:11 +02:00
Pavol Rusnak
89d701ed08
core+legacy: bump versions (also in changelogs)
2020-07-27 13:59:49 +02:00
matejcik
4eb5b927c0
core/cardano: simplify keychain implementation
2020-07-27 13:24:51 +02:00
Gabriel Kerekeš
d2c1624602
Cardano shelley update 2/3 ( #1112 )
2020-07-27 13:11:23 +02:00
gabrielkerekes
e1615e60ec
Update Cardano to support Shelley era 1/3
...
Update protobuf
- Previous transactions don't need to be sent anymore, because fee is
included in the transaction now. Thus transactions_count can be
removed from CardanoSignTx message and the CardanoTxAck and
CardanoTxRequest messages can be removed altogether.
- CardanoTxInputType.type is unused so remove it
Add NULL (None type) serialisation to CBOR
- Transaction metada must either have a valid structure or CBOR NULL
must be used (if metadata is empty) - it can't be simply left out.
Add protocol_magics file
- Just to have a nicer way of representing protocol magics
Update transaction signing
- Previous transactions no longer need to be requested
- Output building is simplified, since fee doesn't need to be calculated
- Remove transaction class since it is no longer needed (only functions
remained)
- Reorder functions so it reads top to bottom
Add protocol magic to byron address on testnet
- This has always been a part of the spec, but it hasn't been
implemented before, because it wasn't really needed.
Update trezorlib
Update tests
- Transaction messages are no longer required
- Expected values are different since tx format changed
- Common values in test cases have been extracted
Remove unused file
- Progress was used when receiving previous transactions
Add CRC check to output address validation
2020-07-27 13:04:49 +02:00
Pavol Rusnak
88aa3cf168
core: convert old changelogs to new format
2020-07-27 12:14:00 +02:00
Pavol Rusnak
8dacad0782
core/bootloader: update protobuf definitions
2020-07-26 00:00:37 +02:00
matejcik
fdcb64ac24
all: rename protobuf unsafe_prompts
to safety_checks
2020-07-24 16:37:58 +02:00
matejcik
19ad1dae8b
core/bitcoin: allow compatibility namespaces for Casa/Greenaddress
2020-07-24 16:37:58 +02:00
matejcik
b741560997
core/bitcoin: drop unused validate_path_for_bitcoin_public_key
2020-07-24 16:37:58 +02:00
matejcik
407375b0c4
core/bitcoin: move BITCOIN_NAMES to common
2020-07-24 16:37:58 +02:00
matejcik
8f8e793155
core, python: add changelogs
2020-07-24 16:37:58 +02:00
matejcik
fd8cb0e061
core/keychain: differentiate error message for ed25519 derivation
2020-07-24 16:37:58 +02:00
matejcik
0438f83a94
core: use public
as named argument instead of comment
2020-07-24 16:37:58 +02:00
matejcik
57b08c98ed
core: raise error on setting passphrase-on-device without passphrase
2020-07-24 16:37:58 +02:00
matejcik
58f460627f
core/tests: add unit tests for new functionality
2020-07-24 16:37:58 +02:00
matejcik
a461853cf6
core/tests: fix bitcoin unit tests
2020-07-24 16:37:58 +02:00
matejcik
c85d768b81
core: update references to keychain everywhere
2020-07-24 16:37:58 +02:00
matejcik
ff4ec2185e
core: refactor keychain to only support one curve at a time
...
also make a cleaner distinction between keychain, seed, path
This enables using `unsafe_prompts`, because with the original code, if
there was no namespace match, we wouldn't know which curve to use.
For ease of implementation, we use a LRU cache for derived keys,
instead of the original design "one cache entry per namespace".
SLIP21 is now treated completely separately, via `slip21_namespaces` and
`derive_slip21` method.
If more slip21-like things come in the future, we can instead hang them
on the keychain: put a per-curve Keychain object accessible by
`keychain[curve_name].derive()`, and the majority usecase will just pass
around `keychain[curve_name]` instead of having to specify the curve in
every `derive()` call.
Or alternately we'll just specify the curve in every `derive()` call,
whichever seems more appropriate.
2020-07-24 16:37:58 +02:00
matejcik
fa757f4b7f
core: improve type annotation for bip32.derive_path
2020-07-24 16:37:58 +02:00
matejcik
8e44132d3c
core: replace load_settings with individual setters
2020-07-24 16:37:58 +02:00
matejcik
1109250dcf
core: add option to allow unsafe prompts
2020-07-24 16:37:58 +02:00
Martin Milata
03f2dab6bc
core: reduce gc.collect calls during bitcon sign_tx
2020-07-24 15:35:09 +02:00
matejcik
c3a61998cb
core: generate resdata by Mako, use if/elif trick to save RAM
2020-07-24 14:09:31 +02:00
matejcik
125079a8a4
core: add changelog entry for synchronous protobuf
2020-07-24 14:09:31 +02:00
matejcik
7befdd07e4
core/tests: update unit tests
2020-07-24 14:09:31 +02:00
matejcik
5e7fd3aea6
core: use utils.BufferReader instead of apps.common.BytearrayReader
2020-07-24 14:09:31 +02:00
matejcik
1ff4a0d239
core: separate BufferIO into Reader (read-only) and Writer
...
also integrates BytearrayReader API into BufferReader
2020-07-24 14:09:31 +02:00
matejcik
3514a31bc9
core: make USB codec resilient to OOM conditions
2020-07-24 14:09:31 +02:00
matejcik
0a758b8181
core/tests: add synchronous protobuf tests
2020-07-24 14:09:31 +02:00
matejcik
31e2170766
core: make protobuf buffer smaller, dynamically allocate bigger if necessary
2020-07-24 14:09:31 +02:00
matejcik
a000ea5ec8
core/monero: update Monero app to use synchronous protobuf
2020-07-24 14:09:31 +02:00
matejcik
01d695283f
core: make protobuf buffer bigger
2020-07-24 14:09:31 +02:00
matejcik
0c3bc53aee
core: clean up types for field caching, fix count_message
2020-07-24 14:09:31 +02:00
matejcik
f723dca7b1
core: enable PYSTACK
2020-07-24 14:09:31 +02:00
matejcik
d568afa80d
core: improve protobuf field caching
2020-07-24 14:09:31 +02:00
matejcik
85d74ece76
core: implement synchronous v1 codec
2020-07-24 14:09:31 +02:00
Tomas Susanka
34bd57006f
core, legacy: set version of the upcoming release in Changelog
2020-07-24 12:33:46 +02:00
Martin Milata
fd117a0c9f
core: raise error on auto-lock value out of range
2020-07-22 21:38:42 +02:00
Andrew Kozlik
4005f4832f
core/embed: Set VCP write timeout to 0.
2020-07-16 09:34:58 +02:00
Ondrej Mikle
33d2bf417b
core: replace bootloader only in production. Fix device for T1 core port JLink upload
2020-07-13 10:45:32 +02:00
matejcik
051763575d
core: touch idle timer in keyboards ( fixes #1099 )
2020-07-10 14:05:52 +02:00
matejcik
2c4ecff0a4
core: fix synthetic events breaking io.poll delay calculation
2020-07-10 14:05:52 +02:00
Andrew Kozlik
eb28998f98
core/bitcoin: Support multiple change-outputs.
2020-07-09 15:51:23 +02:00
matejcik
2c8e5f527b
all: rename changelogs to .md for highlighting
2020-07-08 10:43:40 +02:00
matejcik
a19a9a318a
all: improve changelog formatting
2020-07-08 10:43:40 +02:00
matejcik
476cf2ee8f
core, legacy: more changelog entries
2020-07-08 10:43:40 +02:00
Pavol Rusnak
57ae902aed
core/monero: don't download test binary even if hash is different
2020-07-03 15:18:38 +02:00
Pavol Rusnak
5d666376f0
core/monero: update tests binary
2020-07-03 15:18:38 +02:00
Andrew Kozlik
37f4dcc7e5
core/bitcoin: Rename witness_p2wsh() to witness_multisig().
2020-07-03 11:17:19 +02:00
Andrew Kozlik
91b615c217
core: Update changelog.
2020-07-03 11:17:19 +02:00
Andrew Kozlik
9cd600f79e
core/bitcoin: Add special confirmation screen for transactions with external inputs.
2020-07-03 11:17:19 +02:00
Andrew Kozlik
64d9350de2
core/bitcoin: Implement GetOwnershipId message.
2020-07-03 11:17:19 +02:00
Andrew Kozlik
533de50588
common/protob: Add GetOwnershipId message.
2020-07-03 11:17:19 +02:00
Andrew Kozlik
712ec68c1b
core/bitcoin: Add support for external inputs with proof of non-ownership.
2020-07-03 11:17:19 +02:00
Andrew Kozlik
956ea9a94f
common: Add ownership_proof field to TxInputType.
2020-07-03 11:17:19 +02:00
Andrew Kozlik
791ff3fe06
core/tests: Add unit tests for SLIP-0019 proofs of ownership.
2020-07-03 11:17:19 +02:00
Andrew Kozlik
d4317d1536
core/bitcoin: Implement generation and verification of SLIP-0019 proofs of ownership.
2020-07-03 11:17:19 +02:00
Andrew Kozlik
d52de28704
core/bitcoin: Implement BIP-322 SignatureProof container.
2020-07-03 11:17:19 +02:00
Andrew Kozlik
c723c78529
common/protob: Add GetOwnershipProof message.
2020-07-03 11:17:19 +02:00
Andrew Kozlik
d48a372ca7
core/sign_tx: Implement support for signed external inputs.
2020-07-03 11:17:19 +02:00
Andrew Kozlik
78f14d286e
core/sign_tx: Factor out get_legacy_tx_digest() from sign_nonsegwit_input().
2020-07-03 11:17:19 +02:00
Andrew Kozlik
61e2d4d5e5
core/bitcoin: Implement signature verifier.
2020-07-03 11:17:19 +02:00
Andrew Kozlik
5378e12ba2
core/bitcoin: Clarify hash_type vs. sighash_type terminology.
2020-07-03 11:17:19 +02:00
Andrew Kozlik
d1e043f417
core/bitcoin: Implement parsing of scripts and witnesses for signature verification.
2020-07-03 11:17:19 +02:00
Andrew Kozlik
173bb7ed13
core/bitcoin: Replace TxInputType parameter in input_derive_script.
2020-07-03 11:17:19 +02:00
Andrew Kozlik
a901573ea2
core/bitcoin: Move script types from helpers to common.
2020-07-03 11:17:19 +02:00
Andrew Kozlik
3b6c1e5e6b
core/crypto: Add functions for verifying DER encoded signatures.
2020-07-03 11:17:19 +02:00
Andrew Kozlik
9459c5a5c2
core/common: Add BytearrayReader and basic reader functions.
2020-07-03 11:17:19 +02:00
Andrew Kozlik
99f01cd316
core/sign_tx: Check script_pubkeys of inputs.
2020-07-03 11:17:19 +02:00
Andrew Kozlik
cc655575c8
common: Add witness field to TxInputType.
2020-07-03 11:17:19 +02:00
Andrew Kozlik
872768928b
core/crypto: Fix endianity in DER length encoding.
2020-07-03 11:17:19 +02:00
Andrew Kozlik
e7f230d66e
core/sign_tx: Use varint length encoding for witness stack items.
2020-07-03 11:17:19 +02:00
Tomas Susanka
3a3e5739b0
core, legacy: update changelogs
2020-07-02 09:09:34 +00:00
Tomas Susanka
fc9eb63114
core: add previous commit to changelog
2020-07-01 17:37:47 +00:00
Tomas Susanka
0f9a2459d3
core: make QR code smaller for Monero
2020-07-01 17:20:04 +00:00
Tomas Susanka
ca3dd2bfb9
common: skip deprecated fields during generation; deprecate overwintered field in Zcash
2020-06-30 16:02:21 +02:00
matejcik
e6e3043096
all: implement support for pre-overwinter prevtx ( fixes #1030 )
2020-06-30 15:19:31 +02:00
Andrew Kozlik
f382f77c89
core/ui: Fix repaint bug in QR code rendering #1067 .
2020-06-25 12:25:41 +02:00
Tomas Susanka
e534ae3ad7
legacy, core: rename Features.pin_cached to unlocked and unify
2020-06-19 21:26:36 +02:00
Tomas Susanka
b6c8cbc24c
core: add 'initialized' to changelog
2020-06-16 11:31:29 +02:00
Tomas Susanka
a6acefbdf5
core: wipe before reset and recovery; introduce 'intialized' field
2020-06-16 11:31:29 +02:00
Andrey
1eeaa1e5cf
Enable extra_data for Zcoin. Changed coininfo.py
2020-06-15 09:53:00 +02:00
Tomas Susanka
b67be7dd9e
core: forbid all settings if not initialized
2020-06-11 18:47:01 +02:00
Tomas Susanka
f8b2f0bb7b
changelogs: change also bootloader changelogs to the new format
2020-06-11 15:48:38 +00:00
Tomas Susanka
9979af3cd2
changelogs: start using more detailed changelog
2020-06-11 17:43:40 +02:00
Tomas Susanka
981d079d7f
core/signverify: add failsafe for an empty message header
2020-06-11 09:08:50 +02:00
Tomas Susanka
56fe5adcfc
Merge branch 'release/2020-06'
2020-06-10 06:51:18 +00:00
Andrew Kozlik
d1690f4317
core/tools: fix pixel-perfect mode for centered text in dialog-designer
2020-06-09 13:31:42 +02:00
Pavol Rusnak
179645e3ad
core: unify usage of TREZOR_MODEL
2020-06-06 21:06:15 +02:00
Ondrej Mikle
c877dc8dd6
core: port storage to T1
2020-06-06 21:06:15 +02:00
Pavol Rusnak
2815b62838
core/tools: implement "pixel-perfect" mode for dialog-designer tool
2020-06-05 14:11:59 +00:00
Pavol Rusnak
5262ef84cf
common/defs/fido: add aws and tutanota
2020-06-05 14:53:13 +02:00
Andrew Kozlik
9c61257e8e
core: Use the Lock icon in the PIN entry dialog only when the device is actually locked.
2020-06-05 11:52:56 +02:00
Pavol Rusnak
5ed64a0736
core/tools: refactor dialog-designer tool
2020-06-04 21:39:47 +02:00
Pavol Rusnak
d9d5511858
core/tools: add quick'n'dirty dialog-designer tool
2020-06-04 19:56:42 +02:00
matejcik
7579ac5274
core: fix rendering issues in homescreens
2020-06-04 16:18:46 +02:00
matejcik
9df7c84c56
core/ui: lower lockscreen brightness
2020-06-04 16:18:46 +02:00
matejcik
8fa7684a9c
core: set a scheduler-safe maximum for autolock
2020-06-04 16:18:46 +02:00
matejcik
872e0fb0e0
core: lower scheduler resolution to milliseconds
...
This avoids problems with large timeouts causing the scheduler queue to
think the time counter has overflown, and ordering the autolock task before
immediate tasks.
The maximum reasonable time difference is 0x20000000, which in
microseconds is ~8 minutes, but in milliseconds a more reasonable ~6
days.
2020-06-04 16:18:46 +02:00
matejcik
847691798b
core: simplify homescreen and lockscreen implementations
2020-06-04 16:18:46 +02:00
matejcik
4bc865794f
core: only unlock storage if it is locked (solves determinism issue in tests)
2020-06-04 16:18:46 +02:00
matejcik
ffa7790ed5
core: start USB after booting apps
...
This prevents a race condition where sometimes an Initialize message
could arrive before the homescreen was fully booted -- and Recovery
homescreen would cancel it as part of its bootup sequence.
2020-06-04 16:18:46 +02:00
matejcik
70f67883c5
core: fix artifacts in click-based UI tests
2020-06-04 16:18:46 +02:00
matejcik
a9d8fd3992
core: debuglink interface avoids workflow management
...
This will have unintended consequences if you call a wirelink function
on the debulink interface. TT allows this ... and will behave badly.
2020-06-04 16:18:46 +02:00
matejcik
bc9247e18d
core: add Cancel to a list of allowed messages while locked
2020-06-04 16:18:46 +02:00
matejcik
f32c2f9e23
core: replace workflow.kill_default with workflow.close_others
2020-06-04 16:18:46 +02:00
matejcik
01832d5ae9
core: call close_others() in place of ButtonRequest
...
this makes sense, really: close_others() requests UI exclusivity, and
that is something that generally happens at the same places we emit a
ButtonRequest
2020-06-04 16:18:46 +02:00
matejcik
6f53ca0ac6
core: rework wait_layout()
...
The original wait_layout was unreliable, because there are no guarantees
re order of arrival of the respective events. Still, TT's event handling
is basically deterministic, so as long as the host sent its messages
close enough to each other, the order worked out.
This is no longer the case with the introduction of loop.spawn: TT's
behavior is still deterministic, but now ButtonAck is processed *before*
the corresponding wait_layout, so the waiting side waits forever.
In the new process, the host must first register to receive layout
events, and then receives all of them (so the number of calls to
wait_layout must match the number of layout changes).
DebugLinkWatchLayout message must be version-gated, because of an
unfortunate collection of bugs in previous versions wrt unknown message
handling; and this interests us because upgrade-tests are using
wait_layout feature.
2020-06-04 16:18:46 +02:00
matejcik
5d823ff5ea
core: use ButtonRequestType.PinEntry for PIN entry
2020-06-04 16:18:46 +02:00
matejcik
bbfce4e303
common: introduce ButtonRequestType.PinEntry
2020-06-04 16:18:46 +02:00
matejcik
3dbd9c9eca
core/loop: prevent finalizers from doing things when task is closed externally
2020-06-04 16:18:46 +02:00
matejcik
42e7c43c7c
core: make sure that auto-lock shuts down running workflows
2020-06-04 16:18:46 +02:00
matejcik
2d0206c043
core: replace workflow.on_start/on_close with workflow.spawn
2020-06-04 16:18:46 +02:00
matejcik
02565f3bfb
core/loop: introduce spawn syscall
2020-06-04 16:18:46 +02:00
matejcik
a4f47ddd21
core/lockscreen: ignore exception when user taps "unlock" and then cancels
2020-06-04 16:18:46 +02:00
matejcik
7ff1251ee1
core: dim lockscreen ( fixes #974 )
2020-06-04 16:18:46 +02:00
matejcik
4035aad51b
core: implement auto-lock after a configurable timeout ( fixes #75 )
2020-06-04 16:18:46 +02:00
matejcik
67b723e4ca
core: add a global idle timer
2020-06-04 16:18:46 +02:00
Andrew Kozlik
5469acfabf
core/webauthn: Cache user verification for 3 minutes.
2020-06-04 16:18:46 +02:00
Andrew Kozlik
b867ac1d01
core/webauthn: Implement FIDO2 unlocking from softlock.
2020-06-04 16:18:46 +02:00
Andrew Kozlik
0f81886c9f
core/webauthn: Allow confirm_dialog() to return a new state as an alternative to the user response.
2020-06-04 16:18:46 +02:00
Andrew Kozlik
c8ae5c157e
core/webauthn: Implement U2F unlocking from softlock.
2020-06-04 16:18:46 +02:00
matejcik
06aed7135a
core: do not prompt for PIN just to lock the device again
2020-06-04 16:18:46 +02:00
matejcik
2cedc687e6
core: disable trezor-crypto BIP32 cache
2020-06-04 16:18:46 +02:00
matejcik
246998910a
core: refactor usage of input_signals
...
this prevents a certain class of UI test failure. It also localizes the
use of debuglink signals into the layout classes instead of call sites,
which is a design we were already using for confirm_signals
2020-06-04 16:18:46 +02:00
matejcik
afeeafd5cd
core: hide some fields when softlocked
2020-06-04 16:18:46 +02:00
matejcik
b9bd9ea3d0
core: only softlock when PIN is set
2020-06-04 16:18:46 +02:00
matejcik
a9ddc2a8e2
core/boot: modify initial lockscreen label
2020-06-04 16:18:46 +02:00
matejcik
09af8aed4e
core: consider lockscreen to be a separate homescreen
...
this involves some changes to the workflow defaults:
* workflow.start_default() takes no arguments
* workflow.set_default() (originally replace_default) configures the
default that will be started by next call to start_default().
The intended usecase is to set_default() first and then start it
separately.
* apps.base.set_homescreen() factors out the logic originally in
main.py, that decides which homescreen should be launched. This uses
set_default() call. start_default() is then used explicitly in main.py
2020-06-04 16:18:46 +02:00
matejcik
d73480bc9d
core: introduce PIN soft-locking
2020-06-04 16:18:46 +02:00
matejcik
04c8b2803d
core: refactor homescreen app, include lockscreen in it
2020-06-04 16:18:46 +02:00
matejcik
9197623d83
core: factor out the decision whether to lock the device
2020-06-04 16:18:46 +02:00
matejcik
0600d87c8c
common: rename ClearSession to LockDevice, introduce EndSession
2020-06-04 16:18:46 +02:00
matejcik
32fcc4ad9c
core: make verify_user_pin accept a Context argument
2020-06-04 16:18:46 +02:00
matejcik
8ca7ffc3b8
core: use wire.PinCancelled/PinInvalid instead of custom versions
...
also refactor show_pin_invalid and its usages so that it raises directly
note that we are now using PinCancelled instead of ActionCancelled where
appropriate
2020-06-04 16:18:46 +02:00
matejcik
eabfcab9b9
core: add default messages to some error codes
2020-06-04 16:18:46 +02:00
matejcik
341c5b7d10
core/wire: make handler lookup pluggable
2020-06-04 16:18:46 +02:00
matejcik
837c4df61f
core: expose storage_is_unlocked() as config.is_unlocked()
2020-06-04 16:18:46 +02:00
matejcik
87433995b0
core: add BITCOIN_ONLY to mock file
2020-06-04 16:18:46 +02:00