mirror of https://github.com/trezor/trezor-firmware.git synced 2024-11-15 20:19:23 +00:00

Go to file

Andrew Kozlik 9537bc40a5 core/webauthn: Use ECDH_ES_HKDF_256 instead of ES256 as the algorithm type for key-agreement keys. ECDH_ES_HKDF_256 is the wrong type to use, since the key-agreement does not use HKDF, but ES256 is even more wrong, because it is an ECDSA type rather than an ECDH type. Currently there is no correct algorithm type defined. ES256 is used by libfido2, whereas ECDH_ES_HKDF_256 is used by Chrome, YubiKey and SoloKey, so it has the majority.		2019-09-30 19:37:46 +02:00
ci	ci: changes to *.pyi should also trigger gen_check	2019-09-25 10:30:48 +00:00
common	u2f: Add keepersecurity.eu to knownapps.	2019-09-26 19:02:29 +02:00
core	core/webauthn: Use ECDH_ES_HKDF_256 instead of ES256 as the algorithm type for key-agreement keys.	2019-09-30 19:37:46 +02:00
crypto	crypto: sync base58.c with upstream	2019-09-29 08:46:21 +00:00
docs/git/hooks	git/hooks: do not suppress output	2019-08-02 10:39:55 +02:00
legacy	legacy/stellar: fix timebounds display (#582 )	2019-09-30 15:52:40 +02:00
python	python: make style	2019-09-26 16:48:16 +02:00
storage	storage: Add external salt parameter to unlock() and change_pin().	2019-09-18 18:53:42 +02:00
tests	core/recovery: allow changing word count again (fixes #554 )	2019-09-24 14:04:51 +02:00
tools	common/messages: Add credential management message.	2019-09-17 18:32:31 +02:00
vendor	core/secp256k1-zkp: use ARM assembly for field operations (#176 )	2019-05-25 11:42:13 +02:00
.clang-format	style: fix weirdness in modtrezorio-fatfs.h	2019-09-12 16:49:51 +02:00
.gitignore	ci: improve pipenv caching	2019-05-24 09:18:00 +02:00
.gitlab-ci.yml	ci: deploy frozen emulators to upgrade tests	2019-09-10 14:42:14 +02:00
.gitmodules	submodules: remove secp256k1-zkp's branch name because it will rotate	2019-06-04 08:21:42 +02:00
.travis.yml	ci: use pipenv sync	2019-08-12 12:57:25 +02:00
build-docker.sh	all: replace /bin/bash with /usr/bin/env bash	2019-09-12 17:35:55 +02:00
create_monorepo.py	all: replace /bin/bash with /usr/bin/env bash	2019-09-12 17:35:55 +02:00
Makefile	build: add help to make style/style_check	2019-08-29 12:46:06 +02:00
Pipfile	python: clarify requirements, enable tox in CI	2019-08-12 12:57:25 +02:00
Pipfile.lock	python: clarify requirements, enable tox in CI	2019-08-12 12:57:25 +02:00
README-monorepo.md	fix link in readme	2019-04-29 19:11:44 +02:00
README.md	README: add note on CI	2019-05-23 13:19:44 +02:00
SECURITY.md	docs: use monospace for fingerprints	2019-08-16 18:47:46 +02:00
setup.cfg	tests: run default set of tests from root	2019-08-12 12:57:25 +02:00
shell.nix	nix: modify shell.nix to work with pipenv	2019-09-24 12:03:11 +02:00

README.md

Trezor Firmware

Contribute

Inspired by GitLab Contributing Guide

Security vulnerability disclosure

Please report suspected security vulnerabilities in private to security@satoshilabs.com, also see the disclosure section on the Trezor.io website. Please do NOT create publicly viewable issues for suspected security vulnerabilities.

Issue Labels

Priority

Label	Meaning (SLA)
P1 Urgent	The current release + potentially immediate hotfix (30 days)
P2 High	The next release (60 days)
P3 Medium	Within the next 3 releases (90 days)
P4 Low	Anything outside the next 3 releases (120 days)

Severity

Label	Impact
S1 Blocker	Outage, broken feature with no workaround
S2 Critical	Broken feature, workaround too complex & unacceptable
S3 Major	Broken feature, workaround acceptable
S4 Low	Functionality inconvenience or cosmetic issue

CI

The complete test suite is running on our internal GitLab CI. If you are an external contributor, we also have a Travis instance where a small subset of tests is running as well - mostly style and easy fast checks, which are quite common to fail for new contributors.