[for review] TREZOR: initial integration proposal #4241
in this PR I would love to discuss current TREZOR integration approach in the similar manner Ledger did.
As TREZOR has some differences from Ledger we took a bit different approach when designing the protocols. The main idea is the
I believe that by choosing a bit more high-level approach in the protocol design we could easily add more advanced features, such as multisigs later during development. I also see security analysis of the protocol simpler as there are only a few well-defined roundtrips and in case of transaction signing. The transaction is incrementally built by Trezor completely. Moreover, the design is not new as the cold wallet features are already implemented in the code thus we can reuse existing features and design.
I tried to document transaction signing protocol on the following link.
Trezor has already PR merged implementing the Trezor side of the protocol:
Original integration approach was to have a python wallet that mimics
However, it would be quite nice to increase users comfort of the original
If you would like to test the code with Trezor emulator I can post more detailed information.
Thanks for feedback!
The Trezor support requires python3 and protobuf library to compile. If all requirements are met the cmake log will contain:
If it is not the case, there could be some missing dependency.
If you are having an issue building the Trezor support make sure the all submodules are up to date
And install the python3 and protobuf dependencies:
The first step is to create a wallet file using the device (restore).
On the first start, the
It is preferable to use
Key images sync (restore used wallet)
If you are recovering wallet that spent some inputs already you also need to perform key image sync. Trezor implements cold wallet signing protocol thus the same logic applies here as if you were using cold wallet on an offline host. Monero wallet does not have the spend-key so it cannot compute key images and discover whether you spent the incoming funds or not. Thus if you are getting double spend errors you need to perform key image sync.
Key image sync is performed with a command
Using existing restored wallet file
In order to use the wallet restored from the device you can use:
If there is any problem take a look at the log file for more detailed information and a problem cause.
It is always better to increase the log level and to inspect log files as there are more concrete reasons of failure. Logs also show detected Trezor devices.
Start the monero-wallet-cli with the following
Restart Trezor bridge
After each error it is better to kill trezor bridge so it releases all sessions.
@moneromooo-monero thanks for the reply.
So far I can see only 3 basic building blocks, logically separable to separate PRs:
This PR may seem large but the vast majority of the PR are generated protobuf messages in
There are also some small additions to wallet2, simplewallet, account etc. mainly adding support for another device (TREZOR) and few minor things, such as cold signing protocol. These are IMO good to keep in the same PR as the
JSON library - this PR was meant as a prototype to align some expectations, not for direct merge. Thus I used a single-file header-only JSON library which is very easy to work with (rapidjson is a bit more complicated). The one I used is also used in the general TREZOR C++ client library. But to make it clearer now I refactored the PR to use rapidjson.
So 3 separate PR (keccak, chacha, poly1305) and then this one?
Doesn't work for me.
I've installed the latest trezor bridge (2.0.24) from https://beta-wallet.trezor.io/#/bridge and unlocked the Trezor, but when I ran
Am I missing something? I'm using the original Trezor cable which works with the web wallet with no issues.
It seems the Trezor support is not built by the log. When building the Monero you have to have the following lines in the cmake log
If it is not the case, please provide the build log. There could be some missing dependency.
Make sure the all submodules are up to date
And install the python3 and