• Stars
    star
    226
  • Rank 176,514 (Top 4 %)
  • Language
    C
  • License
    GNU Lesser Genera...
  • Created almost 7 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

😈 Trezor Communication Daemon (written in Go)

trezord-go

Build status Installer build status Go Report Card

Trezor Communication Daemon aka Trezor Bridge.

Only compatible with Chrome (version 53 or later) and Firefox (version 55 or later).

We officially don't support Windows 7 and older; it could run, but we don't guarantee it.

What does trezord do and why it is needed?

Trezord is a tiny http server, that allows webpages (like Trezor Suite in web mode) to communicate with Trezor directly.

Our new devices now support WebUSB, which should eliminate the need for Trezor Bridge; however, there are some reasons, why bridge is still needed.

  1. Firefox does not allow WebUSB (see discussion here).
  2. Devices with old firmware (2018 and older) support only HID and not WebUSB.
  3. WebUSB does not allow synchronization of USB access between domains.

Install and run from source

trezord-go requires go >= 1.18.

git clone --recursive https://github.com/trezor/trezord-go.git
cd trezord-go
go build .
./trezord-go -h

On Linux don't forget to install the udev rules if you are running from source and not using pre-built packages.

Debug mode

When built with -tags debug a debug mode is enabled. This disables CORS which is helpful for local development and when run inside a docker image.

Build release packages

Prerequisites:

  • install docker
  • make sure docker is in $PATH
  • make build-release; the installers are in release/installers, binaries in release/binaries

The base docker images are all built for both ARM and Intel 64, so they should work on both x64 architectures and ARM.

The base images are quite big and can take a while to download (mainly the musl cross-compiler, about 1 GB) and build (mainly the Rust-based apple-codesign). However, it should be cached correctly and run fast next time.

Signing release packages

By default, the binaries and installers are unsigned and unnotarized. The build does not require any certificates or private keys, but produces unsigned binaries and packages.

The notarization and signing is all done in Docker, so it can run everywhere. (No need to run the mac notarization on macOS, etc.)

If you want to sign the packages, you need the following:

  • For Linux, you need to put GPG private key into release/linux/privkey.asc.
  • For Windows, you need to put GPG private key into release/windows/privkey.asc and an authenticode to release/windows/authenticode.key and release/windows/authenticode.crt.
  • For macOS:
    1. You need to put GPG private key into release/macos/privkey.asc.
    2. Then you need to generate and put a lot of things for notarization and signing into release/macos/certs; see the details in top comment of release/macos/release.sh.

All those files are ignored by .gitignore so they are not accidentally put into git.

Emulator support

Trezord supports emulators for all Trezor versions. However, you need to enable it manually; it is disabled by default. After enabling, services that work with emulator can work with all services that support trezord.

To enable emulator, run trezord with a parameter -e followed by port, for every emulator with an enabled port:

./trezord-go -e 21324

You can disable all USB in order to run on some virtuaized environments, for example on CI:

./trezord-go -e 21324 -u=false

API documentation

trezord-go starts a HTTP server on http://localhost:21325. AJAX calls are only enabled from trezor.io subdomains.

Server supports following API calls:

url
method
parameters result type description
/
POST
{version:Β string} Returns current version of bridge
/enumerate
POST
Array<{path:Β string,
session:Β stringΒ |Β null}>
Lists devices.
path uniquely defines device between more connected devices. Two different devices (or device connected and disconnected) will return different paths.
If session is null, nobody else is using the device; if it's string, it identifies who is using it.
/listen
POST
request body: previous, as JSON like enumerate Listen to changes and returns either on change or after 30 second timeout. Compares change from previous that is sent as a parameter. "Change" is both connecting/disconnecting and session change.
/acquire/PATH/PREVIOUS
POST
PATH: path of device
PREVIOUS: previous session (or string "null")
{session:Β string} Acquires the device at PATH. By "acquiring" the device, you are claiming the device for yourself.
Before acquiring, checks that the current session is PREVIOUS.
If two applications call acquire on a newly connected device at the same time, only one of them succeed.
/release/SESSION
POST
SESSION: session to release {} Releases the device with the given session.
By "releasing" the device, you claim that you don't want to use the device anymore.
/call/SESSION
POST
SESSION: session to call

request body: hexadecimal string
hexadecimal string Both input and output are hexadecimal, encoded in following way:
first 2 bytes (4 characters in the hexadecimal) is the message type
next 4 bytes (8 in hex) is length of the data
the rest is the actual encoded protobuf data.
Protobuf messages are defined in this protobuf file and the app, calling trezord, should encode/decode it itself.
/post/SESSION
POST
SESSION: session to call

request body: hexadecimal string
0 Similar to call, just doesn't read response back. Also forces the message to be sent even if another call is in progress. Usable mainly for debug link and workflow cancelling on Trezor.
/read/SESSION
POST
SESSION: session to call 0 Similar to call, just doesn't post, only reads. Usable mainly for debug link.

Debug link support

Trezord has support for debug link.

To support an emulator with debug link, run

./trezord-go -ed 21324:21325 -u=false

this will detect emulator debug link on port 21325, with regular device on 21324.

To support WebUSB devices with debug link, no option is needed, just run trezord-go.

In the enumerate and listen results, there are now two new fields: debug and debugSession. debug signals that device can receive debug link messages.

Session management is separate for debug link and normal interface, so you can have two applications - one controlling trezor and one "normal".

There are new calls:

  • /debug/acquire/PATH, which has the same path as normal acquire, and returns a SESSION
  • /debug/release/SESSION releases session
  • /debug/call/SESSION, /debug/post/SESSION, /debug/read/SESSION work as with normal interface

The session IDs for debug link start with the string "debug".

Copyright

More Repositories

1

trezor-firmware

πŸ”’ Trezor Firmware Monorepo
C
1,286
star
2

python-mnemonic

🐍 Mnemonic code for generating deterministic keys, BIP39
Python
762
star
3

trezor-suite

🍬 Trezor Suite Monorepo
TypeScript
619
star
4

blockbook

πŸ“˜ Trezor address/account balance backend
Go
585
star
5

trezor-crypto

πŸ”’ Don't use this repo, use the new monorepo instead:
C
493
star
6

trezor-core

πŸ”’ Don't use this repo, use the new monorepo instead:
Python
353
star
7

connect

πŸ”— A platform for easy integration of Trezor into 3rd party services
JavaScript
350
star
8

trezor-mcu

πŸ”’ Don't use this repo, use the new monorepo instead:
C
318
star
9

cython-hidapi

🐍 Python wrapper for the HIDAPI
Cython
255
star
10

python-trezor

🐍 Don't use this repo, use the new monorepo instead:
Python
203
star
11

trezor-hardware

πŸ”§ Hardware design of Trezor
171
star
12

python-shamir-mnemonic

Python
155
star
13

trezor.js

⚠️ OBSOLETE. DO NOT USE! Use https://github.com/trezor/connect instead
JavaScript
95
star
14

trezor-common

πŸ”’ Don't post issues/PRs to here, use the new monorepo:
Python
89
star
15

trezor-android

πŸ“± TREZOR Communication Library for Android
Java
78
star
16

hd-wallet

πŸ’° High-performance Bitcoin HD Wallet in Javascript
JavaScript
56
star
17

trezor-password-manager

Password Management via TREZOR
SCSS
42
star
18

data

πŸ“¦ Data files for Trezor
HTML
39
star
19

trezor-wallet

⚠️ OBSOLETE. DO NOT USE! Use https://github.com/trezor/trezor-suite instead
JavaScript
29
star
20

trezor-user-env

Development tool for Trezor developers
Python
24
star
21

trezor-link

Javascript module for integrating TREZOR into Node.js and web applications.
TypeScript
18
star
22

connect-explorer

Connect Examples
JavaScript
12
star
23

trezor-suite-guide

User Guide present in Trezor Suite
11
star
24

rng-test

🎲 Random Number Generator (RNG) tests
C
10
star
25

community

πŸ‘« TREZOR Developer Community Discussion
9
star
26

trezor-ui-components

⚠️ OBSOLETE. DO NOT USE! Use https://github.com/trezor/trezor-suite instead
JavaScript
9
star
27

trezor-storage

πŸ”’ Don't use this repo, use the new monorepo instead:
C
9
star
28

coinjoin-backend

Python
6
star
29

omni-trezor

OMNI Wallet for Trezor
JavaScript
6
star
30

ui

🍺 User Interface Mockups and Experiments
HTML
6
star
31

trezor-rollout

⚠️ OBSOLETE. DO NOT USE! Use https://github.com/trezor/trezor-suite instead
JavaScript
5
star
32

trezor-test-scenarios

Python
5
star
33

trezor-core-ui

HTML
5
star
34

trezor-storage-test

πŸ”’ Don't use this repo, use the new monorepo instead:
Python
4
star
35

trezor-onboarding

⚠️ OBSOLETE. DO NOT USE! Use https://github.com/trezor/trezor-suite instead
TypeScript
4
star
36

.github

4
star
37

trezor-flags

JavaScript
4
star
38

trezor-translations-manager

⚠️ OBSOLETE. DO NOT USE! Use https://github.com/trezor/trezor-suite instead
JavaScript
3
star
39

trezor-blockchain-link

⚠️ OBSOLETE. DO NOT USE! Use https://github.com/trezor/trezor-suite instead
TypeScript
3
star
40

upysize

Tool for decreasing the size of compiled micropython code
Python
3
star
41

trezor-docker-images

Collection of docker images and configurations used across various trezor projects.
Dockerfile
2
star
42

binsize

Tool to analyze the size of a binary from .elf file
Python
2
star
43

definitions

Python
1
star