9.1.0 Passphrase redesign (#107)

* new passphrase flow

* trezor-link 1.6.7-new-passphrase-flow

* 9.0.0-new-passphrase-flow.0

* 9.0.0-new-passphrase-flow.1

* cleanup

* 9.0.0-new-passphrase-flow.2

* 9.0.0-new-passphrase-flow.3

* filter session_id

* 9.0.0-new-passphrase-flow.4

* 9.0.0-new-passphrase-flow.5

* normalize passphrase

* trezor-link 1.7.0

* 9.1.0

* lockfile

Author: mroz22

package.json

@@ -1,6 +1,6 @@
 {
   "name": "trezor.js",
-  "version": "9.0.0",
+  "version": "9.1.0",
   "author": "TREZOR <info@trezor.io>",
   "homepage": "https://github.com/trezor/trezor.js",
   "description": "High-level Javascript API for Bitcoin Trezor",
@@ -69,7 +69,7 @@
     "node-fetch": "^1.6.0",
     "randombytes": "^2.0.1",
     "semver-compare": "1.0.0",
-    "trezor-link": "1.6.0-bridge-fallback.2",
+    "trezor-link": "1.7.0",
     "unorm": "^1.3.3",
     "whatwg-fetch": "0.11.0"
   },

src/device.js

@@ -73,7 +73,7 @@ export default class Device extends EventEmitter {
     disconnectEvent: Event0 = new Event0('disconnect', this);
     buttonEvent: Event1<string> = new Event1('button', this);
     errorEvent: Event1<Error> = new Event1('error', this);
-    passphraseEvent: Event1<(e: ?Error, passphrase?: ?string) => void> = new Event1('passphrase', this);
+    passphraseEvent: Event1<(e: ?Error, passphrase?: ?string, onDevice?: boolean) => void> = new Event1('passphrase', this);
     wordEvent: Event1<(e: ?Error, word?: ?string) => void> = new Event1('word', this);
     changedSessionsEvent: Event2<boolean, boolean> = new Event2('changedSessions', this);
     pinEvent: Event2<string, (e: ?Error, pin?: ?string) => void> = new Event2('pin', this);
@@ -489,8 +489,8 @@ export default class Device extends EventEmitter {
     }
 
     // See comment on device-list option getPassphraseHash
-    forwardPassphrase(source: Event1<(e: ?Error, passphrase?: ?string) => void>) {
-        source.on((arg: (e: ?Error, passphrase?: ?string) => void) => {
+    forwardPassphrase(source: Event1<(e: ?Error, passphrase?: ?string, onDevice?: boolean) => void>) {
+        source.on((arg: (e: ?Error, passphrase?: ?string, onDevice?: boolean) => void) => {
             if (this.rememberedPlaintextPasshprase != null) {
                 const p: string = this.rememberedPlaintextPasshprase;
 
@@ -503,8 +503,8 @@ export default class Device extends EventEmitter {
                 return;
             }
 
-            const argAndRemember = (e: ?Error, passphrase: ?string) => {
-                if (this.rememberPlaintextPassphrase) {
+            const argAndRemember = (e: ?Error, passphrase?: ?string, onDevice?: boolean) => {
+                if (this.rememberPlaintextPassphrase && !onDevice) {
                     if (passphrase != null) {
                         const checkPasshprase = this.checkPassphraseHash(passphrase);
                         if (!checkPasshprase) {
@@ -515,7 +515,7 @@ export default class Device extends EventEmitter {
 
                     this.rememberedPlaintextPasshprase = passphrase;
                 }
-                arg(e, passphrase);
+                arg(e, passphrase, onDevice);
             };
             this.passphraseEvent.emit(argAndRemember);
         });

src/session.js

@@ -58,7 +58,7 @@ export default class Session extends EventEmitter {
     errorEvent: Event1<Error> = new Event1('error', this);
     buttonEvent: Event1<string> = new Event1('button', this);
     pinEvent: Event2<string, (e: ?Error, pin?: ?string) => void> = new Event2('pin', this);
-    passphraseEvent: Event1<(e: ?Error, passphrase?: ?string) => void> = new Event1('passphrase', this);
+    passphraseEvent: Event1<(e: ?Error, passphrase?: ?string, onDevice?: boolean) => void> = new Event1('passphrase', this);
     wordEvent: Event1<(e: ?Error, word?: ?string) => void> = new Event1('word', this);
 
     static LABEL_MAX_LENGTH: number = 16;
@@ -120,8 +120,11 @@ export default class Session extends EventEmitter {
     }
 
     initialize(): Promise<MessageResponse<trezor.Features>> {
+        if (this.device && this.device.features.session_id) {
+            return this.typedCall('Initialize', 'Features', { session_id: this.device.features.session_id });
+        }
         if (this.device && this.device.passphraseState) {
-            return this.typedCall('Initialize', 'Features', { state: this.device.passphraseState });
+            return this.typedCall('Initialize', 'Features', { session_id: this.device.passphraseState });
         }
         return this.typedCall('Initialize', 'Features', {});
     }

src/trezortypes.js

@@ -37,6 +37,7 @@ export type Features = {
     bootloader_major_version: number | null;
     bootloader_minor_version: number | null;
     bootloader_patch_version: number | null;
+    session_id?: string;
 };
 
 export type ResetDeviceSettings = {

src/utils/call.js

@@ -179,7 +179,7 @@ export class CallHelper {
             );
         }
 
-        if (res.type === 'PassphraseStateRequest') {
+        if (res.type === 'Deprecated_PassphraseStateRequest') {
             if (this.session.device) {
                 const currentState = this.session.device.passphraseState;
                 const receivedState = res.message.state;
@@ -191,28 +191,40 @@ export class CallHelper {
                     });
                 }
                 this.session.device.passphraseState = receivedState;
-                return this._commonCall('PassphraseStateAck', { });
+                return this._commonCall('Deprecated_PassphraseStateAck', { });
             }
             // ??? nowhere to save the state, throwing error
             return Promise.reject(new Error('Nowhere to save passphrase state.'));
         }
 
         if (res.type === 'PassphraseRequest') {
-            if (res.message.on_device) {
+            if (res.message._on_device) {
                 // "fake" button event
                 this.session.buttonEvent.emit('PassphraseOnDevice');
                 if (this.session.device && this.session.device.passphraseState) {
-                    return this._commonCall('PassphraseAck', { state: this.session.device.passphraseState });
+                    return this._commonCall('PassphraseAck', { _state: this.session.device.passphraseState });
                 }
                 return this._commonCall('PassphraseAck', { });
             }
             return this._promptPassphrase().then(
-                passphrase => {
-                    if (this.session.device && this.session.device.passphraseState) {
-                        return this._commonCall('PassphraseAck', { passphrase: passphrase, state: this.session.device.passphraseState });
+                (res: Object) => {
+                    const { passphrase, onDevice } = res;
+                    const session_id = this.session.device && this.session.device.features.session_id;
+                    const passphraseState = this.session.device && this.session.device.passphraseState;
+                    if (session_id) {
+                        return this._commonCall(
+                            'PassphraseAck',
+                            onDevice ? { on_device: true } : { passphrase }
+                        );
+                    } else if (passphraseState) {
+                        return this._commonCall(
+                            'PassphraseAck', {
+                                passphrase,
+                                _state: passphraseState,
+                            });
+                    } else {
+                        return this._commonCall('PassphraseAck', { passphrase });
                     }
-
-                    return this._commonCall('PassphraseAck', { passphrase: passphrase });
                 },
                 err => {
                     return this._commonCall('Cancel', {}).catch(e => {
@@ -233,6 +245,16 @@ export class CallHelper {
             );
         }
 
+        // Initialize response for fw >= 2.3.0 || fw >= 1.9.0 with session_id=string
+        // GetFeatures always response with session_id null
+        // We need to avoid overwriting saved session_id in order to keep it for next Initialize call
+        if (res.type === 'Features') {
+            const oldSessionId = this.session.device && this.session.device.features.session_id;
+            if (oldSessionId && !res.message.session_id) {
+                res.message.session_id = oldSessionId;
+            }
+        }
+
         return Promise.resolve(res);
     }
 
@@ -253,14 +275,16 @@ export class CallHelper {
         });
     }
 
-    _promptPassphrase(): Promise<string> {
+    _promptPassphrase(): Promise<Object> {
         return new Promise((resolve, reject) => {
-            if (!this.session.passphraseEvent.emit((err, passphrase) => {
-                if (err || passphrase == null) {
-                    reject(err);
-                } else {
-                    resolve(passphrase.normalize('NFKD'));
+            if (!this.session.passphraseEvent.emit((err, passphrase, onDevice) => {
+                if (err || (!onDevice && passphrase == null)) {
+                    return reject(err);
+                }
+                if (typeof passphrase === 'string') {
+                    passphrase = passphrase.normalize('NFKD');
                 }
+                return resolve({ passphrase, onDevice });
             })) {
                 if (this.session.debug) {
                     console.warn('[trezor.js] [call] Passphrase callback not configured, cancelling request');