Trezor Suite: CKB ecdsa review code#2
Open
DinhMaiMTD wants to merge 992 commits into
Open
Conversation
(cherry picked from commit 9a93e47bf10f3004e03b279e0983f8fc8eeb45f3)
(cherry picked from commit 0ef46bdd80cf6146d29cf08f48af7648745a8566)
(cherry picked from commit f770a536aeeb2367d93ab9930c7cd74fa70f0c29)
…PubKey (cherry picked from commit 342829e097cc2bb557f32d3d9d3921a835be7fbb)
(cherry picked from commit 20c80b77b8882439145b9b3cae2bf7dcbd9b7eb4)
The publishConfig rule introduced in af2b73c requires ESM-only packages to declare "type": "module" at the top level rather than under publishConfig. The @trezor/coins-solana package was prepared in parallel and missed the new constraint. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
…when fetching quotes
…hangeQuotes tests
…ect-common @trezor/connect-common previously imported DeviceAuthenticityConfig and DeviceAuthenticityBlacklistConfig as runtime values from @trezor/device-authenticity to construct AuthenticateDeviceParams as a TypeBox schema. That made @trezor/device-authenticity a runtime dependency of connect-common — and therefore a transitive runtime dependency of every thin public connect package (@trezor/connect-web, @trezor/connect-webextension, @trezor/connect-mobile), which never need the device-authenticity verification logic. This change makes @trezor/device-authenticity the single source of truth for the AuthenticateDeviceParams schema. The TypeBox schema and its Static<typeof ...> type are now declared together in device-authenticity/src/authenticateDeviceParams.ts, sharing one name the way DeviceAuthenticityConfig and DeviceAuthenticityBlacklistConfig already do. The runtime closure lines up with the domain: every field of the schema (config, blacklistConfig, allowDebugKeys) is a device-authenticity concept. @trezor/connect-common's authenticateDevice type module becomes a type-only re-export. The published bundle has zero runtime references to @trezor/device-authenticity (the type is inlined as a vendor file by inline-devdep-types.mjs). @trezor/connect imports the schema directly and uses it both as the type and as the runtime Assert target — one import, no duplicated shape, no drift. @trezor/device-authenticity is moved back from connect-common's dependencies to devDependencies (reverting the tactical fix in 63f9eb8 / trezor#27401), and its tsconfig project references are relocated to the devDeps block. The connect-{web,webextension,mobile} public-package-dependencies snapshots drop @noble/curves, @noble/post-quantum, @trezor/crypto-utils and @trezor/device-authenticity — the four entries that trezor#27401 added to the thin packages' runtime closure. @trezor/connect-explorer's authenticateDevice.mdx is updated to import AuthenticateDeviceParams from @trezor/device-authenticity (it uses the schema as a runtime value to render the ParamsTable), and the device-authenticity workspace dep + tsconfig project reference are added. refs trezor#27404 refs trezor#27401 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Move the EIP-712 `transformTypedData` helper into packages/connect/src/api/ethereum/ethereumSignTypedData.ts, where it lives alongside the existing typed-data encoding helpers and is re-exported only within the lazy-loaded ethereum chunk. T1B1 firmware cannot construct the hashes on-device; ethereumSignTypedData now computes them internally when the caller supplies only `data`. Caller-provided hashes still take precedence. Implementation switches from @metamask/eth-sig-util to viem (hashDomain / hashStruct), which is forked from eth-sig-util and produces byte-identical output on the firmware fixture suite. viem is already a monorepo dependency (blockchain-link, suite-common/calldata), so this is a net dep removal: @metamask/eth-sig-util and ~10 transitives leave the graph (Buffer polyfills, keccak native binding, bn.js, etc.) and the package becomes React Native safe. Local sanitizeData helper is gone — viem handles BigInt natively in the ABI encoder. @trezor/connect-plugin-ethereum is deprecated. Its 10.x release is a stub that throws a deprecation error pointing at the migration; the README and CHANGELOG document the upgrade path. Internal callers in suite-common/walletconnect and suite-common/trading are migrated to the new data-only call shape and have the plugin dependency removed. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
…pproved amount as 'unlimited' for max allowance
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
… between module-add-accounts and module-trading
@noble/curves is already a dependency and v2 ships DER signature parsing via DER.toSig / DER.hexFromSig that cover the same surface as bip66. Switching to it lets us drop the bip66 dep, remove its declare-module shim, and simplify scriptSignature.ts. The local toDER / fromDER helpers are also gone — bip66 returned r and s as raw DER-padded buffers (so callers had to strip a leading 0x00 and left-pad to 32 bytes). DER.toSig returns numeric bigints directly, and numberToBytesBE(value, 32) handles the 32-byte zero-padded big-endian output cleanly. Test fixtures for invalid inputs are updated to the new error messages (noble's DER parser uses different wording but agrees with bip66 on which inputs are valid vs invalid). Refs: trezor#27403
…regateTransactions
Re-run `buf generate` from current firmware proto. Picks up: - All 10 CKB MessageTypes (5500-5509) into messages_pb.js - Capability_CKB=28 into messages-management_pb.js - Incidental upstream additions: Capability_TouchWakeup, AuthenticityProofSizes, GetAuthenticityProofChunk - messages-ckb.ts cosmetic re-formatting from newer plugin version Without this regen the binary fileDesc lacks CKB enum values, so: - TrezorConnect.ckb* calls fail with "value out of range -1" (wire encoder cannot map MessageType_CKB* -> numeric id) - features.capabilities drops Capability_CKB during decode, so CKB is hidden from the suite coin selector
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Notes for QA
Related Issue
Resolve
Screenshots: