EndSession support

[matejcik]

this PR introduces an implementation of the EndSession message and fixes #912

the new behavior is as follows:

• until first Initialize message is received, any attempt to use cached data is rejected with a ProcessError("Invalid session")
• after Initialize, a session is allocated
• calling EndSession destroys data of that session, and resets to the "invalid session" state. Subsequent uses of cache will again raise a ProcessError

This allows us to reuse session cache slots: a session ended with EndSession is cleared away, so we can have 9 "long-lived" sessions and reuse the 10th slots for things like requesting passphrase again. Suite should start using it ASAP.

trezorctl is also updated to make use of this: every command ends the session after itself, unless the session was resumed by trezorctl -s <session_id>

---

open questions:

• should we introduce a new failure code, InvalidSession, as suggested in the original bug? ISTM there is low possibility of breakage, as previously the call would end in a FirmwareError anyway.
• should we enforce session validity in all calls, or just the ones that touch the cache? It would be cleaner, but ISTM there is no actual need to do it.

[matejcik]

there is a behavior change on legacy: previously, calling e.g. GetAddress without a valid session would silently allocate one. Now it is necessary to call Initialize explicitly.

[matejcik]

Randomness has changed again in the TT PIN tests. I originally thought this is because we now call client.clear_session() unconditionally, but the affected tests are those where client.clear_session() would be called either way. It's probably nothing but I'll need to look into it more closely anyway.

[tsusanka]

The only breaking change for hosts is that we currently require Initialize beforehand and they should be using that already anyway. Right? And EndSession is not "mandatory".

We have to test extensively.

[tsusanka]

should we introduce a new failure code, InvalidSession, as suggested in the original bug? ISTM there is low possibility of breakage, as previously the call would end in a FirmwareError anyway.

Please, what is the original bug?

[tsusanka]

Btw is this going to work with HWI? Because they had some problems with our sessions didn't they?

[tsusanka]

Approve for Core.

@mmilata it might be early but would you like to have a look on a first PR as a reviewer? :)

[matejcik]

The only breaking change for hosts is that we currently require Initialize beforehand and they should be using that already anyway. Right? And EndSession is not "mandatory".

It's only breaking on T1. On TT since 2.3.0 doing anything without Initialize would result in a FirmwareError anyway.

other than that, yes. well-behaved clients will see no changes, and it is not necessary to use EndSession

Please, what is the original bug?

i meant the original issue, it's not a bug :) #912

Btw is this going to work with HWI? Because they had some problems with our sessions didn't they?

i believe so, but we should do some tests anyway

[mmilata]

Not very familiar with the session handling but for the untrained eye the change is looking good 👍

[mmilata]

Why does this work without @mock_storage?

[matejcik]

mock_storage is only required for Initialize, which calls apps.base.get_features, which looks into storage fields

[mmilata]

Btw maybe also consider documenting EndSession message in docs/common/communication/sessions.md?