Merge pull request Zondax#53 from Zondax/dev

Dev

.github/workflows/check_version.yml

@@ -26,7 +26,7 @@ jobs:
       version: ${{ steps.store-version.outputs.version }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           submodules: true
       - run: make version

.github/workflows/main.yml

@@ -20,7 +20,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           submodules: true
       - name: Install deps
@@ -33,7 +33,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           submodules: true
       - name: Install rust
@@ -62,7 +62,7 @@ jobs:
       size: ${{steps.build.outputs.size}}
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           submodules: true
       - name: Build Standard app
@@ -92,20 +92,20 @@ jobs:
           echo $HOME
           echo $DISPLAY
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           submodules: true
       - run: sudo apt-get update -y && sudo apt-get install -y libusb-1.0.0 libudev-dev
       - name: Install node
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
       - name: Install yarn
         run: |
           npm install -g yarn
       - name: Build Ledger app
         run: make test_all
       - name: Upload Snapshots (only failure)
         if: ${{ failure() }}
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: snapshots-tmp
           path: tests_zemu/snapshots-tmp/
@@ -121,7 +121,7 @@ jobs:
         BOLOS_SDK: /opt/nanos-secure-sdk
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           submodules: true
       - name: Install deps
@@ -157,7 +157,7 @@ jobs:
         BOLOS_SDK: /opt/nanosplus-secure-sdk
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           submodules: true
       - name: Install deps
@@ -193,15 +193,16 @@ jobs:
         BOLOS_SDK: /opt/stax-secure-sdk
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           submodules: true
       - name: Install deps
         run: pip install ledgerblue
 
       - name: Build Stax
         shell: bash -l {0}
-        run: make SUBSTRATE_PARSER_FULL=1
+        run: |
+          PRODUCTION_BUILD=0 make
       - name: Set tag
         id: stax
         run: echo "tag_name=$(./app/pkg/installer_stax.sh version)" >> $GITHUB_OUTPUT
@@ -215,3 +216,38 @@ jobs:
           tag_name: ${{ steps.stax.outputs.tag_name }}
           draft: false
           prerelease: false
+
+  build_package_flex:
+    needs: [configure, build, build_ledger, test_zemu]
+    if: ${{ github.ref == 'refs/heads/main' }}
+    runs-on: ubuntu-latest
+    container:
+      image: zondax/ledger-app-builder:latest
+      options: --user ${{ needs.configure.outputs.uid_gid }}
+      env:
+        BOLOS_SDK: /opt/flex-secure-sdk
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          submodules: true
+      - name: Install deps
+        run: pip install ledgerblue
+
+      - name: Build Flex
+        shell: bash -l {0}
+        run: |
+          PRODUCTION_BUILD=0 make
+      - name: Set tag
+        id: flex
+        run: echo "tag_name=$(./app/pkg/installer_flex.sh version)" >> $GITHUB_OUTPUT
+      - name: Update Release
+        id: update_release_2
+        uses: softprops/action-gh-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
+        with:
+          files: ./app/pkg/installer_flex.sh
+          tag_name: ${{ steps.flex.outputs.tag_name }}
+          draft: false
+          prerelease: false

CMakeLists.txt

@@ -233,6 +233,7 @@ target_link_libraries(unittests PRIVATE
         JsonCpp::JsonCpp)
 
 add_compile_definitions(TESTVECTORS_DIR="${CMAKE_CURRENT_SOURCE_DIR}/tests/")
+add_compile_definitions(COMPILE_MASP=1)
 add_test(NAME unittests COMMAND unittests)
 set_tests_properties(unittests PROPERTIES WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/tests)
 

app/Makefile

@@ -75,6 +75,11 @@ ifndef ICONNAME
 $(error ICONNAME is not set)
 endif
 
+# Compile MASP mode for all devices excetpt Nano S, 
+ifneq ($(TARGET_NAME),TARGET_NANOS)
+    DEFINES += COMPILE_MASP
+endif
+
 include $(CURDIR)/../deps/ledger-zxlib/makefiles/Makefile.platform
 # Add SDK BLAKE2b
 DEFINES += HAVE_HASH HAVE_BLAKE2

app/Makefile.version

@@ -3,4 +3,4 @@ APPVERSION_M=0
 # This is the `spec_version` field of `Runtime`
 APPVERSION_N=0
 # This is the patch version of this release
-APPVERSION_P=24
+APPVERSION_P=26

app/src/apdu_handler.c

@@ -123,6 +123,28 @@ __Z_INLINE void handleSignTransaction(volatile uint32_t *flags, volatile uint32_
     *flags |= IO_ASYNCH_REPLY;
 }
 
+// For wrapper transactions, address is derived from Ed25519 pubkey
+__Z_INLINE void handleGetAddr(volatile uint32_t *flags, volatile uint32_t *tx, uint32_t rx) {
+    zemu_log("handleGetAddr\n");
+    extractHDPath(rx, OFFSET_DATA);
+    *tx = 0;
+    const uint8_t requireConfirmation = G_io_apdu_buffer[OFFSET_P1];
+
+    zxerr_t zxerr = app_fill_address(key_ed25519);
+    if(zxerr != zxerr_ok){
+        *tx = 0;
+        THROW(APDU_CODE_DATA_INVALID);
+    }
+    if (requireConfirmation) {
+        view_review_init(addr_getItem, addr_getNumItems, app_reply_cmd);
+        view_review_show(REVIEW_ADDRESS);
+        *flags |= IO_ASYNCH_REPLY;
+        return;
+    }
+    *tx = cmdResponseLen;
+    THROW(APDU_CODE_OK);
+}
+#if defined(COMPILE_MASP)
 __Z_INLINE void handleSignMasp(volatile uint32_t *flags, volatile uint32_t *tx, uint32_t rx) {
     ZEMU_LOGF(50, "handleSignMasp\n")
     if (!process_chunk(tx, rx)) {
@@ -146,28 +168,6 @@ __Z_INLINE void handleSignMasp(volatile uint32_t *flags, volatile uint32_t *tx,
     *flags |= IO_ASYNCH_REPLY;
 }
 
-// For wrapper transactions, address is derived from Ed25519 pubkey
-__Z_INLINE void handleGetAddr(volatile uint32_t *flags, volatile uint32_t *tx, uint32_t rx) {
-    zemu_log("handleGetAddr\n");
-    extractHDPath(rx, OFFSET_DATA);
-    *tx = 0;
-    const uint8_t requireConfirmation = G_io_apdu_buffer[OFFSET_P1];
-
-    zxerr_t zxerr = app_fill_address(key_ed25519);
-    if(zxerr != zxerr_ok){
-        *tx = 0;
-        THROW(APDU_CODE_DATA_INVALID);
-    }
-    if (requireConfirmation) {
-        view_review_init(addr_getItem, addr_getNumItems, app_reply_cmd);
-        view_review_show(REVIEW_ADDRESS);
-        *flags |= IO_ASYNCH_REPLY;
-        return;
-    }
-    *tx = cmdResponseLen;
-    THROW(APDU_CODE_OK);
-}
-
 __Z_INLINE void handleGetKeys(volatile uint32_t *flags, volatile uint32_t *tx, uint32_t rx) {
     extractHDPath(rx, OFFSET_DATA);
     if (G_io_apdu_buffer[OFFSET_P2] >= InvalidKey) {
@@ -221,6 +221,8 @@ __Z_INLINE void handleExtractSpendSign(__Z_UNUSED volatile uint32_t *flags, vola
     THROW(APDU_CODE_OK);
 }
 
+#endif
+
 __Z_INLINE void handle_getversion(__Z_UNUSED volatile uint32_t *flags, volatile uint32_t *tx)
 {
     G_io_apdu_buffer[0] = 0;
@@ -288,7 +290,7 @@ void handleApdu(volatile uint32_t *flags, volatile uint32_t *tx, uint32_t rx) {
                     handleSignTransaction(flags, tx, rx);
                     break;
                 }
-
+#if defined(COMPILE_MASP)
                 case INS_GET_KEYS: {
                     CHECK_PIN_VALIDATED()
                     handleGetKeys(flags, tx, rx);
@@ -324,6 +326,7 @@ void handleApdu(volatile uint32_t *flags, volatile uint32_t *tx, uint32_t rx) {
                     handleExtractSpendSign(flags, tx, rx);
                     break;
                 }
+#endif
 #if defined(APP_TESTING)
                 case INS_TEST: {
                     handleTest(flags, tx, rx);

app/src/bech32_encoding.c

@@ -16,7 +16,7 @@
 #include "bech32_encoding.h"
 #include <zxmacros.h>
 
-#define MAX_SIZE 200
+#define MAX_SIZE 280
 
 static uint32_t bech32_polymod_step(uint32_t pre) {
     uint8_t b = pre >> 25u;
@@ -107,14 +107,13 @@ zxerr_t bech32EncodeFromLargeBytes(char *out,
         return zxerr_out_of_bounds;
     }
 
-    size_t hrplen = strlen(hrp);
     // We set a lower bound to ensure this is safe
-    if (out_len < hrplen + (in_len * 2) + 7) {
+    if (out_len < MAX_SIZE) {
         return zxerr_buffer_too_small;
     }
 
     // Overestimate required size *2==(8/4) instead of *(8/5)
-    uint8_t tmp_data[MAX_SIZE * 2];
+    uint8_t tmp_data[280];
     size_t tmp_size = 0;
     MEMZERO(tmp_data, sizeof(tmp_data));
 

app/src/common/tx.c

@@ -21,7 +21,7 @@
 #include <string.h>
 #include "zxmacros.h"
 
-#if defined(TARGET_NANOX) || defined(TARGET_NANOS2) || defined(TARGET_STAX)
+#if defined(TARGET_NANOX) || defined(TARGET_NANOS2) || defined(TARGET_STAX) || defined(TARGET_FLEX)
 #define RAM_BUFFER_SIZE 8192
 #define FLASH_BUFFER_SIZE 16384
 #elif defined(TARGET_NANOS)
@@ -37,7 +37,7 @@ typedef struct {
     uint8_t buffer[FLASH_BUFFER_SIZE];
 } storage_t;
 
-#if defined(TARGET_NANOS) || defined(TARGET_NANOX) || defined(TARGET_NANOS2) || defined(TARGET_STAX)
+#if defined(TARGET_NANOS) || defined(TARGET_NANOX) || defined(TARGET_NANOS2) || defined(TARGET_STAX) || defined(TARGET_FLEX)
 storage_t NV_CONST N_appdata_impl __attribute__((aligned(64)));
 #define N_appdata (*(NV_VOLATILE storage_t *)PIC(&N_appdata_impl))
 #endif

app/src/crypto.c

@@ -32,7 +32,7 @@
 #include "keys_personalizations.h"
 #include "nvdata.h"
 
-#if defined(TARGET_NANOS) || defined(TARGET_NANOS2) || defined(TARGET_NANOX) || defined(TARGET_STAX)
+#if defined(TARGET_NANOS) || defined(TARGET_NANOS2) || defined(TARGET_NANOX) || defined(TARGET_STAX) || defined(TARGET_FLEX)
     #include "cx.h"
     #include "cx_sha256.h"
     #include "cx_blake2b.h"
@@ -284,9 +284,11 @@ static zxerr_t crypto_addTxnHashes(const parser_tx_t *txObj, concatenated_hashes
             break;
 
         case UpdateVP:
-            MEMCPY(hashes->hashes.ptr + hashes->hashesLen * HASH_LEN, txObj->updateVp.vp_type_sechash.ptr, HASH_LEN);
-            hashes->indices.ptr[hashes->hashesLen] = txObj->updateVp.vp_type_secidx;
-            hashes->hashesLen++;
+           if (txObj->updateVp.has_vp_code) {
+                MEMCPY(hashes->hashes.ptr + hashes->hashesLen * HASH_LEN, txObj->updateVp.vp_type_sechash.ptr, HASH_LEN);
+                hashes->indices.ptr[hashes->hashesLen] = txObj->updateVp.vp_type_secidx;
+                hashes->hashesLen++;
+            }
             break;
 
         case InitProposal:
@@ -952,26 +954,25 @@ zxerr_t crypto_computeRandomness(masp_type_e type, uint8_t *out, uint16_t outLen
     uint8_t tmp_rnd[RANDOM_LEN] = {0};
 
 #ifdef APP_TESTING
-    uint8_t out_tmp_rnd2[RANDOM_LEN] = {0x57, 0x04, 0x17, 0x50, 0x42, 0xb2, 0x4c, 0x3d, 0x51, 
-                                       0xe8, 0x0e, 0xeb, 0x4c, 0xfb, 0xff, 0xe2, 0xfc, 0x05,
-                                       0x61, 0x91, 0x61, 0x2b, 0x50, 0xca, 0xa9, 0x78, 0x24,
-                                       0xa2, 0x76, 0xd9, 0xe4, 0x0b};
-
-    uint8_t out_tmp_rnd[RANDOM_LEN] = {0x04, 0x56, 0xf7, 0x74, 0xac, 0x0f, 0x67, 0x12, 0x68,
-                                        0xf0, 0x3b, 0x82, 0xbf, 0x9a, 0x77, 0x4d, 0x39, 0x26,
-                                        0xb6, 0xc4, 0x43, 0x1e, 0x09, 0x9f, 0xf5, 0x5f, 0xee,
-                                        0x62, 0xa2, 0x9a, 0xf4, 0x09};
-
-
-    uint8_t spend_tmp_rnd[RANDOM_LEN] = {0x59, 0x63, 0x82, 0x91, 0xee, 0xab, 0xca, 0x62, 0x53,
-                                         0x50, 0xd7, 0xb9, 0x64, 0x1d, 0xf8, 0xf5, 0x7a, 0x81,
-                                         0x6e, 0xa9, 0xa5, 0x6c, 0xdb, 0x21, 0x7b, 0x6c, 0xc3,
-                                         0x32, 0xb0, 0x40, 0xf1, 0x0a};
+    uint8_t out_tmp_rnd2[RANDOM_LEN] = {0x71, 0x11, 0x60, 0x47, 0xe5, 0xe8, 0xb5, 0x0a, 0x5c,
+                                        0x74, 0x69, 0x8a, 0xc2, 0x9b, 0x73, 0x5c, 0xc9, 0xe2,
+                                        0xfa, 0xf7, 0x94, 0x37, 0xb8, 0x15, 0xa2, 0xb7, 0x0b,
+                                        0x07, 0xec, 0x24, 0xf9, 0x08};
+
+uint8_t out_tmp_rnd[RANDOM_LEN] = {0x4b, 0xd4, 0xe9, 0x74, 0xdd, 0x7b, 0xa7, 0x59, 0x25, 0x25,
+                                   0xdc, 0x92, 0xfe, 0xe9, 0xa4, 0x3b, 0x6d, 0xb1, 0xde, 0x93,
+                                   0x12, 0x5b, 0x76, 0xfa, 0x22, 0x4e, 0xb2, 0xf0, 0x41, 0x04,
+                                   0xe1, 0x02};
+
+    uint8_t spend_tmp_rnd[RANDOM_LEN] = {0x78,0xbf, 0x5c, 0xd8, 0x3b, 0x81, 0xaf,0x94, 0xc7, 
+                                         0xa5, 0xeb, 0x68,0x9e,0xc5,0x24,0xd2,0xda, 0x98,
+                                         0x0c,0x84,0x73,0x55,0x49, 0x2f,0xd0,0x8e,0x1d,0x79,
+                                         0x41,0x3e,0x6b,0x08};
 
-    uint8_t spend_tmp_rnd2[RANDOM_LEN] = {0x0a, 0x10, 0xc1, 0xcd, 0xbd, 0x97, 0xb0, 0xbb, 0x38,
-                                          0xd3, 0x52, 0x58, 0x5a, 0xf1, 0x0d, 0x1f, 0xdf, 0xfa,
-                                          0xcf, 0xc3, 0x54, 0xb9, 0xd0, 0x29, 0x1c, 0x7c, 0x10,
-                                          0xaa, 0x4d, 0x23, 0x93, 0x03};
+    uint8_t spend_tmp_rnd2[RANDOM_LEN] = {0x5e, 0x0e, 0xdd, 0x60, 0x7d, 0x43, 0x4e, 0x34, 0x76,
+                                          0x6b, 0xdb, 0x07, 0x13, 0xe2, 0xef, 0xdd, 0x27, 0x5a,
+                                          0x0d, 0x50, 0x73, 0x47, 0x9f, 0xda, 0x02, 0x0c, 0xfc,
+                                          0x6f, 0x03, 0x97, 0x53, 0x07};
 #else 
     uint8_t tmp_rnd2[RANDOM_LEN] = {0};
 #endif