feat(trezor): return typed PassphraseResponse#91
Open
coreyphillips wants to merge 2 commits into
Open
Conversation
- Migrates Trezor passphrase handling from a `String` to the typed `PassphraseResponse` enum (`Cancel` / `Standard` / `Hidden { value }`) introduced in trezor-connect-rs 0.3.0
Collaborator
Author
|
Release for testing here. |
…hrase entry
Expose trezor-connect-rs 0.3.2's session-passphrase support over the FFI so apps can choose which wallet a connection opens, including deferring passphrase entry to the Trezor screen.
- Add `selection: WalletSelection` parameter to `trezor_connect` (Standard / Hidden { passphrase } / OnDevice). On THP devices (Safe 5/7) the passphrase is bound to the session at creation time; on desktop it is still supplied via the UI callback, so selection is unused there.
- Hold the host passphrase in `Zeroizing` so the buffer is wiped on drop; add the `zeroize` dependency.
- Re-export and handle `PassphraseResponse::OnDevice`.
- Surface `TrezorFeatures.passphrase_entry_capable` (Capability_PassphraseEntry).
- Map the now-`#[non_exhaustive]` upstream error enums exhaustively, including `DeviceError::InvalidState`.
- Bump trezor-connect-rs 0.3.0 -> 0.3.2; package 0.1.61 -> 0.1.62.
Collaborator
Author
|
Android PR available for testing here. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Migrates Trezor passphrase handling from a
Stringto the typedPassphraseResponseenum and adds per-connection wallet selection, letting apps choose which wallet a connection opens, including deferring passphrase entry to the Trezor screen.Description
Bumps
trezor-connect-rs0.2.8 → 0.3.2 and adopts its new typed passphrasecallback and session-passphrase support, replacing the old stringly-typed API.
Why (typed passphrase): the previous
on_passphrase_request(...) -> Stringencoding used
""to mean cancel and any non-empty string to mean hiddenwallet. This left no way to express the standard wallet case (
Some("")on the device — an empty passphrase that selects the standard wallet rather
than a hidden one). A user selecting the standard wallet would send
"", whichwas interpreted as cancel. The new
Standardvariant closes that gap.Why (wallet selection): on THP devices (Safe 5/7) the passphrase is bound
to the session at creation time, not via a mid-operation prompt. To support
that — and on-device passphrase entry — connections now declare up front which
wallet to open.
Passphrase callback (typed)
on_passphrase_requestnow returnsPassphraseResponse(Cancel/Standard/Hidden { value }/OnDevice) instead ofString.PassphraseResponseto UniFFI bindings via#[uniffi::remote(Enum)]rather than forking the type (trezor-connect-rsintentionally has no uniffi dependency). The variant list is kept in sync
with upstream and guarded by tests.
UiCallbackAdapter::on_passphrase_requestto a pass-through (bothtraits now return the same upstream type). PIN keeps the legacy
String → Optionencoding (no upstream enum exists for it).TrezorError::PassphraseCancelled, mapped from the upstreamTcDeviceError::PassphraseCancelled.Per-connection wallet selection
selection: WalletSelectionparameter totrezor_connect(
Standard/Hidden { passphrase }/OnDevice). On THP devices thepassphrase is bound to the session at creation, so it must be supplied on
every connect — there is no separate "set passphrase" step and nothing is
cached between calls; reconnect with a different
selectionto switchwallets. On desktop the passphrase is still supplied via the UI callback, so
selectionis unused on that path.Zeroizingso the buffer is wiped on drop(adds the
zeroizedependency).OnDevicecarries no host passphrase so theTrezor prompts on its own screen.
TrezorFeatures.passphrase_entry_capable(
Capability_PassphraseEntry) so apps can tell whether on-device entry isavailable.
Other
#[non_exhaustive]upstream error enums exhaustively, includingDeviceError::InvalidState(wrong passphrase for a remembered wallet).including the critical Standard-must-not-become-Cancel case,
OnDevicemapping, and
on_deviceflag forwarding.Cargo.toml,Package.swift+ checksum,gradle.properties) and regenerates Swift / Kotlin / Python bindings.Preview
N/A — Rust FFI library change, no UI surface.
QA Notes
Automated:
cargo test modules::trezor— all pass, including the newtest_passphrase_adapter_*/test_pin_adapter_*cases.cargo clippy— no new warnings introduced by this change.Manual (on-device, against the updated app binding):
the operation proceeds (previously this was treated as cancel).
wallet derives correctly.
OnDevice/ enter the passphrase on the Trezoritself → the device prompts and the connection opens the matching wallet.
PassphraseCancelled.selection→ connection opensthe other wallet.