aboutsummaryrefslogtreecommitdiff
path: root/src/device_trezor/device_trezor_base.cpp
diff options
context:
space:
mode:
authorDusan Klinec <dusan.klinec@gmail.com>2020-04-07 18:25:25 +0200
committerDusan Klinec <dusan.klinec@gmail.com>2020-04-27 18:17:56 +0200
commite509ede2aa7263cc49d3378bc8c833a62300211d (patch)
treedf49ba98d2d90e024c638adc13b3556dabaa7ce3 /src/device_trezor/device_trezor_base.cpp
parentMerge pull request #6405 (diff)
downloadmonero-e509ede2aa7263cc49d3378bc8c833a62300211d.tar.xz
trezor: adapt to new passphrase mechanism
- choice where to enter passphrase is now made on the host - use wipeable string in the comm stack - wipe passphrase memory - protocol optimizations, prepare for new firmware version - minor fixes and improvements - tests fixes, HF12 support
Diffstat (limited to 'src/device_trezor/device_trezor_base.cpp')
-rw-r--r--src/device_trezor/device_trezor_base.cpp110
1 files changed, 82 insertions, 28 deletions
diff --git a/src/device_trezor/device_trezor_base.cpp b/src/device_trezor/device_trezor_base.cpp
index b7adf433d..354ae6691 100644
--- a/src/device_trezor/device_trezor_base.cpp
+++ b/src/device_trezor/device_trezor_base.cpp
@@ -28,6 +28,7 @@
//
#include "device_trezor_base.hpp"
+#include "memwipe.h"
#include <boost/algorithm/string/classification.hpp>
#include <boost/algorithm/string/split.hpp>
#include <boost/regex.hpp>
@@ -151,7 +152,7 @@ namespace trezor {
bool device_trezor_base::disconnect() {
TREZOR_AUTO_LOCK_DEVICE();
- m_device_state.clear();
+ m_device_session_id.clear();
m_features.reset();
if (m_transport){
@@ -292,8 +293,8 @@ namespace trezor {
case messages::MessageType_PassphraseRequest:
on_passphrase_request(input, dynamic_cast<const messages::common::PassphraseRequest*>(input.m_msg.get()));
return true;
- case messages::MessageType_PassphraseStateRequest:
- on_passphrase_state_request(input, dynamic_cast<const messages::common::PassphraseStateRequest*>(input.m_msg.get()));
+ case messages::MessageType_Deprecated_PassphraseStateRequest:
+ on_passphrase_state_request(input, dynamic_cast<const messages::common::Deprecated_PassphraseStateRequest*>(input.m_msg.get()));
return true;
case messages::MessageType_PinMatrixRequest:
on_pin_request(input, dynamic_cast<const messages::common::PinMatrixRequest*>(input.m_msg.get()));
@@ -361,23 +362,34 @@ namespace trezor {
return false;
}
- void device_trezor_base::device_state_reset_unsafe()
+ void device_trezor_base::device_state_initialize_unsafe()
{
require_connected();
+ std::string tmp_session_id;
auto initMsg = std::make_shared<messages::management::Initialize>();
+ const auto data_cleaner = epee::misc_utils::create_scope_leave_handler([&]() {
+ memwipe(&tmp_session_id[0], tmp_session_id.size());
+ });
- if(!m_device_state.empty()) {
- initMsg->set_allocated_state(&m_device_state);
+ if(!m_device_session_id.empty()) {
+ tmp_session_id.assign(m_device_session_id.data(), m_device_session_id.size());
+ initMsg->set_allocated_session_id(&tmp_session_id);
}
m_features = this->client_exchange<messages::management::Features>(initMsg);
- initMsg->release_state();
+ if (m_features->has_session_id()){
+ m_device_session_id = m_features->session_id();
+ } else {
+ m_device_session_id.clear();
+ }
+
+ initMsg->release_session_id();
}
void device_trezor_base::device_state_reset()
{
TREZOR_AUTO_LOCK_CMD();
- device_state_reset_unsafe();
+ device_state_initialize_unsafe();
}
#ifdef WITH_TREZOR_DEBUGGING
@@ -441,48 +453,89 @@ namespace trezor {
pin = m_pin;
}
- // TODO: remove PIN from memory
+ std::string pin_field;
messages::common::PinMatrixAck m;
if (pin) {
- m.set_pin(pin.get().data(), pin.get().size());
+ pin_field.assign(pin->data(), pin->size());
+ m.set_allocated_pin(&pin_field);
}
+
+ const auto data_cleaner = epee::misc_utils::create_scope_leave_handler([&]() {
+ m.release_pin();
+ if (!pin_field.empty()){
+ memwipe(&pin_field[0], pin_field.size());
+ }
+ });
+
resp = call_raw(&m);
}
void device_trezor_base::on_passphrase_request(GenericMessage & resp, const messages::common::PassphraseRequest * msg)
{
CHECK_AND_ASSERT_THROW_MES(msg, "Empty message");
- MDEBUG("on_passhprase_request, on device: " << msg->on_device());
- boost::optional<epee::wipeable_string> passphrase;
- TREZOR_CALLBACK_GET(passphrase, on_passphrase_request, msg->on_device());
+ MDEBUG("on_passhprase_request");
- if (!passphrase && m_passphrase){
- passphrase = m_passphrase;
+ // Backward compatibility, migration clause.
+ if (msg->has__on_device() && msg->_on_device()){
+ messages::common::PassphraseAck m;
+ resp = call_raw(&m);
+ return;
}
- m_passphrase = boost::none;
+ bool on_device = true;
+ if (msg->has__on_device() && !msg->_on_device()){
+ on_device = false; // do not enter on device, old devices.
+ }
- messages::common::PassphraseAck m;
- if (!msg->on_device() && passphrase){
- // TODO: remove passphrase from memory
- m.set_passphrase(passphrase.get().data(), passphrase.get().size());
+ if (on_device && m_features && m_features->capabilities_size() > 0){
+ on_device = false;
+ for (auto it = m_features->capabilities().begin(); it != m_features->capabilities().end(); it++) {
+ if (*it == messages::management::Features::Capability_PassphraseEntry){
+ on_device = true;
+ }
+ }
}
- if (!m_device_state.empty()){
- m.set_allocated_state(&m_device_state);
+ boost::optional<epee::wipeable_string> passphrase;
+ TREZOR_CALLBACK_GET(passphrase, on_passphrase_request, on_device);
+
+ std::string passphrase_field;
+ messages::common::PassphraseAck m;
+ m.set_on_device(on_device);
+ if (!on_device) {
+ if (!passphrase && m_passphrase) {
+ passphrase = m_passphrase;
+ }
+
+ if (m_passphrase) {
+ m_passphrase = boost::none;
+ }
+
+ if (passphrase) {
+ passphrase_field.assign(passphrase->data(), passphrase->size());
+ m.set_allocated_passphrase(&passphrase_field);
+ }
}
+ const auto data_cleaner = epee::misc_utils::create_scope_leave_handler([&]() {
+ m.release_passphrase();
+ if (!passphrase_field.empty()){
+ memwipe(&passphrase_field[0], passphrase_field.size());
+ }
+ });
+
resp = call_raw(&m);
- m.release_state();
}
- void device_trezor_base::on_passphrase_state_request(GenericMessage & resp, const messages::common::PassphraseStateRequest * msg)
+ void device_trezor_base::on_passphrase_state_request(GenericMessage & resp, const messages::common::Deprecated_PassphraseStateRequest * msg)
{
MDEBUG("on_passhprase_state_request");
CHECK_AND_ASSERT_THROW_MES(msg, "Empty message");
- m_device_state = msg->state();
- messages::common::PassphraseStateAck m;
+ if (msg->has_state()) {
+ m_device_session_id = msg->state();
+ }
+ messages::common::Deprecated_PassphraseStateAck m;
resp = call_raw(&m);
}
@@ -510,7 +563,7 @@ namespace trezor {
}
auto msg = std::make_shared<messages::management::LoadDevice>();
- msg->set_mnemonic(mnemonic);
+ msg->add_mnemonics(mnemonic);
msg->set_pin(pin);
msg->set_passphrase_protection(passphrase_protection);
msg->set_label(label);
@@ -535,7 +588,8 @@ namespace trezor {
return boost::none;
}
- boost::optional<epee::wipeable_string> trezor_debug_callback::on_passphrase_request(bool on_device) {
+ boost::optional<epee::wipeable_string> trezor_debug_callback::on_passphrase_request(bool & on_device) {
+ on_device = true;
return boost::none;
}