async def handle(self, cmd, args): # Dispatch incoming message, and provide reply. from main import hsm_active, is_devmode try: cmd = bytes(cmd).decode() except: raise FramingError('decode') if cmd[0].isupper() and (is_simulator() or is_devmode): # special hacky commands to support testing w/ the simulator try: from usb_test_commands import do_usb_command return do_usb_command(cmd, args) except: raise pass if hsm_active: # only a few commands are allowed during HSM mode if cmd not in HSM_WHITELIST: raise HSMDenied if cmd == 'dfu_': # only useful in factory, undocumented. return self.call_after(callgate.enter_dfu) if cmd == 'rebo': import machine return self.call_after(machine.reset) if cmd == 'logo': from utils import clean_shutdown return self.call_after(clean_shutdown) if cmd == 'ping': return b'biny' + args if cmd == 'upld': offset, total_size = unpack_from('<II', args) data = memoryview(args)[4 + 4:] return await self.handle_upload(offset, total_size, data) if cmd == 'dwld': offset, length, fileno = unpack_from('<III', args) return await self.handle_download(offset, length, fileno) if cmd == 'ncry': version, his_pubkey = unpack_from('<I64s', args) return self.handle_crypto_setup(version, his_pubkey) if cmd == 'vers': from version import get_mpy_version, hw_label from callgate import get_bl_version # Returning: date, version(human), bootloader version, full date version # BUT: be ready for additions! rv = list(get_mpy_version()) rv.insert(2, get_bl_version()[0]) rv.append(hw_label) return b'asci' + ('\n'.join(rv)).encode() if cmd == 'sha2': return b'biny' + self.file_checksum.digest() if cmd == 'xpub': assert self.encrypted_req, 'must encrypt' return self.handle_xpub(args) if cmd == 'mitm': assert self.encrypted_req, 'must encrypt' return await self.handle_mitm_check() if cmd == 'smsg': # sign message addr_fmt, len_subpath, len_msg = unpack_from('<III', args) subpath = args[12:12 + len_subpath] msg = args[12 + len_subpath:] assert len(msg) == len_msg, "badlen" from auth import sign_msg sign_msg(msg, subpath, addr_fmt) return None if cmd == 'p2sh': # show P2SH (probably multisig) address on screen (also provides it back) # - must provide redeem script, and list of [xfp+path] from auth import start_show_p2sh_address if hsm_active and not hsm_active.approve_address_share( is_p2sh=True): raise HSMDenied # new multsig goodness, needs mapping from xfp->path and M values addr_fmt, M, N, script_len = unpack_from('<IBBH', args) assert addr_fmt & AFC_SCRIPT assert 1 <= M <= N <= 20 assert 30 <= script_len <= 520 offset = 8 witdeem_script = args[offset:offset + script_len] offset += script_len assert len(witdeem_script) == script_len xfp_paths = [] for i in range(N): ln = args[offset] assert 1 <= ln <= 16, 'badlen' xfp_paths.append(unpack_from('<%dI' % ln, args, offset + 1)) offset += (ln * 4) + 1 assert offset == len(args) return b'asci' + start_show_p2sh_address(M, N, addr_fmt, xfp_paths, witdeem_script) if cmd == 'show': # simple cases, older code: text subpath from auth import start_show_address addr_fmt, = unpack_from('<I', args) assert not (addr_fmt & AFC_SCRIPT) return b'asci' + start_show_address(addr_fmt, subpath=args[4:]) if cmd == 'enrl': # Enroll new xpubkey to be involved in multisigs. # - text config file must already be uploaded file_len, file_sha = unpack_from('<I32s', args) if file_sha != self.file_checksum.digest(): return b'err_Checksum' assert 100 < file_len <= (20 * 200), "badlen" # Start an UX interaction, return immediately here from auth import maybe_enroll_xpub maybe_enroll_xpub(sf_len=file_len, ux_reset=True) return None if cmd == 'msck': # Quick check to test if we have a wallet already installed. from multisig import MultisigWallet M, N, xfp_xor = unpack_from('<3I', args) return int(MultisigWallet.quick_check(M, N, xfp_xor)) if cmd == 'stxn': # sign transaction txn_len, flags, txn_sha = unpack_from('<II32s', args) if txn_sha != self.file_checksum.digest(): return b'err_Checksum' assert 50 < txn_len <= MAX_TXN_LEN, "bad txn len" from auth import sign_transaction sign_transaction(txn_len, (flags & STXN_FLAGS_MASK), txn_sha) return None if cmd == 'stok' or cmd == 'bkok' or cmd == 'smok' or cmd == 'pwok': # Have we finished (whatever) the transaction, # which needed user approval? If so, provide result. from auth import UserAuthorizedAction req = UserAuthorizedAction.active_request if not req: return b'err_No active request' if req.refused: UserAuthorizedAction.cleanup() return b'refu' if req.failed: rv = b'err_' + req.failed.encode() UserAuthorizedAction.cleanup() return rv if not req.result: # STILL waiting on user return None if cmd == 'pwok': # return new root xpub xpub = req.result UserAuthorizedAction.cleanup() return b'asci' + bytes(xpub, 'ascii') elif cmd == 'smok': # signed message done: just give them the signature addr, sig = req.address, req.result UserAuthorizedAction.cleanup() return pack('<4sI', 'smrx', len(addr)) + addr.encode() + sig else: # generic file response resp_len, sha = req.result UserAuthorizedAction.cleanup() return pack('<4sI32s', 'strx', resp_len, sha) if cmd == 'pass': # bip39 passphrase provided, maybe use it if authorized assert self.encrypted_req, 'must encrypt' from auth import start_bip39_passphrase from main import settings assert settings.get('words', True), 'no seed' assert len(args) < 400, 'too long' pw = str(args, 'utf8') assert len(pw) < 100, 'too long' return start_bip39_passphrase(pw) if cmd == 'back': # start backup: asks user, takes long time. from auth import start_remote_backup return start_remote_backup() if cmd == 'blkc': # report which blockchain we are configured for from chains import current_chain chain = current_chain() return b'asci' + chain.ctype if cmd == 'bagi': return self.handle_bag_number(args) if has_fatram: # HSM and user-related features only larger-memory Mk3 if cmd == 'hsms': # HSM mode "start" -- requires user approval if args: file_len, file_sha = unpack_from('<I32s', args) if file_sha != self.file_checksum.digest(): return b'err_Checksum' assert 2 <= file_len <= (200 * 1000), "badlen" else: file_len = 0 # Start an UX interaction but return (mostly) immediately here from hsm_ux import start_hsm_approval await start_hsm_approval(sf_len=file_len, usb_mode=True) return None if cmd == 'hsts': # can always query HSM mode from hsm import hsm_status_report import ujson return b'asci' + ujson.dumps(hsm_status_report()) if cmd == 'gslr': # get the value held in the Storage Locker assert hsm_active, 'need hsm' return b'biny' + hsm_active.fetch_storage_locker() # User Mgmt if cmd == 'nwur': # new user from users import Users auth_mode, ul, sl = unpack_from('<BBB', args) username = bytes(args[3:3 + ul]).decode('ascii') secret = bytes(args[3 + ul:3 + ul + sl]) return b'asci' + Users.create(username, auth_mode, secret).encode('ascii') if cmd == 'rmur': # delete user from users import Users ul, = unpack_from('<B', args) username = bytes(args[1:1 + ul]).decode('ascii') return Users.delete(username) if cmd == 'user': # auth user (HSM mode) from users import Users totp_time, ul, tl = unpack_from('<IBB', args) username = bytes(args[6:6 + ul]).decode('ascii') token = bytes(args[6 + ul:6 + ul + tl]) if hsm_active: # just queues these details, can't be checked until PSBT on-hand hsm_active.usb_auth_user(username, token, totp_time) return None else: # dryrun/testing purposes: validate only, doesn't unlock nothing return b'asci' + Users.auth_okay(username, token, totp_time).encode('ascii') print("USB garbage: %s +[%d]" % (cmd, len(args))) return b'err_Unknown cmd'
async def handle(self, cmd, args): # Dispatch incoming message, and provide reply. try: cmd = bytes(cmd).decode() except: raise FramingError('decode') if cmd == 'dfu_': # only useful in factory, undocumented. return self.call_after(callgate.enter_dfu) if cmd == 'rebo': import machine return self.call_after(machine.reset) if cmd == 'logo': return self.call_after(callgate.show_logout) if cmd == 'ping': return b'biny' + args if cmd == 'upld': offset, total_size = unpack_from('<II', args) data = memoryview(args)[4 + 4:] return await self.handle_upload(offset, total_size, data) if cmd == 'dwld': offset, length, fileno = unpack_from('<III', args) return await self.handle_download(offset, length, fileno) if cmd == 'ncry': version, his_pubkey = unpack_from('<I64s', args) return self.handle_crypto_setup(version, his_pubkey) if cmd == 'vers': from version import get_mpy_version from callgate import get_bl_version # Returning: date, version(human), bootloader version, full date version # BUT: be ready for additions! rv = list(get_mpy_version()) rv.insert(2, get_bl_version()[0]) return b'asci' + ('\n'.join(rv)).encode() if cmd == 'sha2': return b'biny' + self.file_checksum.digest() if cmd == 'xpub': assert self.encrypted_req, 'must encrypt' return self.handle_xpub(str(args, 'ascii')) if cmd == 'mitm': assert self.encrypted_req, 'must encrypt' return await self.handle_mitm_check() if cmd == 'smsg': # sign message addr_fmt, len_subpath, len_msg = unpack_from('<III', args) subpath = args[12:12 + len_subpath] msg = args[12 + len_subpath:] assert len(msg) == len_msg, "badlen" from auth import sign_msg sign_msg(msg, subpath, addr_fmt) return None if cmd == 'p2sh': # show P2SH (probably multisig) address on screen (also provides it back) # - must provide redeem script, and list of [xfp+path] from auth import start_show_p2sh_address # new multsig goodness, needs mapping from xfp->path and M values addr_fmt, M, N, script_len = unpack_from('<IBBH', args) assert addr_fmt & AFC_SCRIPT assert 1 <= M <= N <= 20 assert 30 <= script_len <= 520 offset = 8 witdeem_script = args[offset:offset + script_len] offset += script_len assert len(witdeem_script) == script_len xfp_paths = [] for i in range(N): ln = args[offset] assert 2 <= ln <= 16, 'badlen' xfp_paths.append(unpack_from('<%dI' % ln, args, offset + 1)) offset += (ln * 4) + 1 assert offset == len(args) return b'asci' + start_show_p2sh_address(M, N, addr_fmt, xfp_paths, witdeem_script) if cmd == 'show': # simple cases, older code: text subpath from auth import start_show_address addr_fmt, = unpack_from('<I', args) assert not (addr_fmt & AFC_SCRIPT) return b'asci' + start_show_address(addr_fmt, subpath=args[4:]) if cmd == 'enrl': # Enroll new xpubkey to be involved in multisigs. # - text config file must already be uploaded file_len, file_sha = unpack_from('<I32s', args) if file_sha != self.file_checksum.digest(): return b'err_Checksum' assert 100 < file_len <= (20 * 200), "badlen" # Start an UX interaction, return immediately here from auth import maybe_enroll_xpub maybe_enroll_xpub(sf_len=file_len, ux_reset=True) return None if cmd == 'msck': # Quick check to test if we have a wallet already installed. from multisig import MultisigWallet M, N, xfp_xor = unpack_from('<3I', args) return int(MultisigWallet.quick_check(M, N, xfp_xor)) if cmd == 'stxn': # sign transaction txn_len, finalize, txn_sha = unpack_from('<II32s', args) if txn_sha != self.file_checksum.digest(): return b'err_Checksum' assert 50 < txn_len <= MAX_TXN_LEN, "bad txn len" from auth import sign_transaction sign_transaction(txn_len, bool(finalize)) return None if cmd == 'stok' or cmd == 'bkok' or cmd == 'smok' or cmd == 'pwok' or cmd == 'enok': # Have we finished (whatever) the transaction, # which needed user approval? If so, provide result. from auth import active_request, UserAuthorizedAction if not active_request: return b'err_No active request' if active_request.refused: UserAuthorizedAction.cleanup() return b'refu' if active_request.failed: rv = b'err_' + active_request.failed.encode() UserAuthorizedAction.cleanup() return rv if not active_request.result: # STILL waiting on user return None if cmd == 'pwok' or cmd == 'enok': # return new root xpub xpub = active_request.result UserAuthorizedAction.cleanup() return b'asci' + bytes(xpub, 'ascii') elif cmd == 'smok': # signed message done: just give them the signature addr, sig = active_request.address, active_request.result UserAuthorizedAction.cleanup() return pack('<4sI', 'smrx', len(addr)) + addr.encode() + sig else: # generic file response resp_len, sha = active_request.result UserAuthorizedAction.cleanup() return pack('<4sI32s', 'strx', resp_len, sha) if cmd == 'pass': # bip39 passphrase provided, maybe use it if authorized assert self.encrypted_req, 'must encrypt' from auth import start_bip39_passphrase from main import settings assert settings.get('words', True), 'no seed' assert len(args) < 400, 'too long' pw = str(args, 'utf8') assert len(pw) < 100, 'too long' return start_bip39_passphrase(pw) if cmd == 'back': # start backup: asks user, takes long time. from auth import start_remote_backup return start_remote_backup() if cmd == 'bagi': return self.handle_bag_number(args) if is_simulator() and cmd[0].isupper(): # special hacky commands to support testing w/ the simulator from sim_usb import do_usb_command return do_usb_command(cmd, args) print("USB garbage: %s +[%d]" % (cmd, len(args))) return b'err_Unknown cmd'