Merge pull request #7 from LedgerHQ/develop

Align master with p1
LedgerHQ · Jan 5, 2023 · 38c9db8 · 38c9db8
2 parents 2742b65 + b577bb9
commit 38c9db8
Show file tree

Hide file tree

Showing 75 changed files with 1,720 additions and 358 deletions.
diff --git a/.github/workflows/ci-workflow.yml b/.github/workflows/ci-workflow.yml
@@ -1,14 +1,22 @@
 name: Compilation & tests
 
-on: [push, pull_request]
+on:
+  push:
+    branches:
+      - master
+      - develop
+  pull_request:
+    branches:
+      - master
+      - develop
 
 jobs:
   job_build_debug:
     name: Build debug
     runs-on: ubuntu-latest
 
     container:
-      image: docker://ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder:latest
+      image: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder:latest
 
     steps:
       - name: Clone
@@ -30,7 +38,7 @@ jobs:
     runs-on: ubuntu-latest
 
     container:
-      image: docker://ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder:latest
+      image: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder:latest
 
     steps:
       - name: Clone
@@ -60,7 +68,7 @@ jobs:
           name: codecov-app-hive
           fail_ci_if_error: true
           verbose: true
-      
+
       - name: HTML documentation
         run: doxygen .doxygen/Doxyfile
 
@@ -77,7 +85,7 @@ jobs:
     runs-on: ubuntu-latest
 
     container:
-      image: docker://ledgerhq/speculos:latest
+      image: ghcr.io/ledgerhq/speculos:latest
       ports:
         - 1234:1234
         - 9999:9999
@@ -90,7 +98,7 @@ jobs:
     steps:
       - name: Clone
         uses: actions/checkout@v2
-    
+
       - name: Install required packages
         run: |
           apt update && apt install -qy curl unzip wget gcc # /!\ workaround for pysha3

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -0,0 +1,50 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches:
+      - develop
+  pull_request:
+    branches:
+      - develop
+    paths-ignore:
+      - '.github/workflows/*.yml'
+      - 'tests/*'
+
+jobs:
+  analyse:
+    name: Analyse
+    runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder:latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy: 
+      matrix:
+        sdk: [ "$NANOS_SDK", "$NANOX_SDK", "$NANOSP_SDK" ]
+        #'cpp' covers C and C++
+        language: [ 'cpp' ]
+
+    steps:
+      - name: Adding GitHub workspace as safe directory
+        run: git config --global --add safe.directory $GITHUB_WORKSPACE
+
+      - name: Clone
+        uses: actions/checkout@v3
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: ${{ matrix.language }}
+          queries: security-and-quality
+
+      # CodeQL will create the database during the compilation
+      - name: Build
+        run: |
+          make BOLOS_SDK=${{ matrix.sdk }}
+        
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
diff --git a/.github/workflows/lint-workflow.yml b/.github/workflows/lint-workflow.yml
@@ -1,6 +1,14 @@
 name: Code style check
 
-on: [push, pull_request]
+on:
+  push:
+    branches:
+      - master
+      - develop
+  pull_request:
+    branches:
+      - master
+      - develop
 
 jobs:
   job_lint:

diff --git a/.gitignore b/.gitignore
@@ -35,4 +35,10 @@ doc/latex
 # Bolos dev env
 dev-env
 
-**/node_modules
+**/node_modules
+
+# Fuzzer
+fuzzing/cmake-build-fuzz/
+fuzzing/cmake-build-fuzz-coverage/
+fuzzing/corpus/
+fuzzing/html-coverage/
diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -84,7 +84,8 @@
         "numeric": "c",
         "__functional_base_03": "c",
         "__tuple": "c",
-        "compare": "c"
+        "compare": "c",
+        "sstream": "c"
     },
     "C_Cpp.clang_format_path": "/usr/bin/clang-format",
     "editor.formatOnSave": true

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,13 +5,19 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.1.0] - 2022-04-13
+
+### Feature
+
+- Settings menu to enable/disable hash signing
+- Hash signing command
+
 ## [1.0.1] - 2022-02-20
 
 ### Fixed
 
 - update_account uses authority type optional serializer
 
-
 ## [1.0.0] - 2021-08-29
 
 ### Added

diff --git a/Makefile b/Makefile
@@ -22,14 +22,18 @@ endif
 include $(BOLOS_SDK)/Makefile.defines
 
 APP_LOAD_PARAMS  = --curve secp256k1
-APP_LOAD_PARAMS += --appFlags 0x240
+ifeq ($(TARGET_NAME),TARGET_NANOX)
+APP_LOAD_PARAMS += --appFlags 0x200
+else
+APP_LOAD_PARAMS += --appFlags 0x000
+endif
 APP_LOAD_PARAMS += --path "48'/13'"
 APP_LOAD_PARAMS += $(COMMON_LOAD_PARAMS)
 
 APPNAME      = "Hive"
 APPVERSION_M = 1
-APPVERSION_N = 0
-APPVERSION_P = 1
+APPVERSION_N = 1
+APPVERSION_P = 0
 APPVERSION   = "$(APPVERSION_M).$(APPVERSION_N).$(APPVERSION_P)"
 
 ifeq ($(TARGET_NAME),TARGET_NANOS)
@@ -40,10 +44,6 @@ endif
 
 all: default
 
-# Ledger: add the "Pending security review" disclaimer
-APP_LOAD_PARAMS += --tlvraw 9F:01
-DEFINES += HAVE_PENDING_REVIEW_SCREEN
-
 DEFINES += $(DEFINES_LIB)
 DEFINES += APPNAME=\"$(APPNAME)\"
 DEFINES += APPVERSION=\"$(APPVERSION)\"

diff --git a/README.md b/README.md
@@ -2,7 +2,6 @@
 
 [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
 
-
 ![](https://user-images.githubusercontent.com/4411084/79356492-53928580-7f3f-11ea-929c-2b7e4ee4c8d5.jpg)
 
 ## What is Hive
@@ -17,46 +16,47 @@ Hive is an innovative and forward-looking decentralized blockchain and ecosystem
 
 Learn more: https://hive.io
 
-***
+---
 
 Operations supported by Hive Ledger application:
- * vote
- * comment
- * transfer
- * transfer_to_vesting
- * withdraw_vesting
- * limit_order_create
- * limit_order_cancel
- * feed_publish
- * convert
- * account_create
- * account_update
- * witness_update
- * account_witness_vote
- * account_witness_proxy
- * delete_comment
- * custom_json
- * comment_options
- * set_withdraw_vesting_route
- * claim_account
- * create_claimed_account
- * request_account_recovery
- * recover_account
- * change_recovery_account
- * transfer_to_savings
- * transfer_from_savings
- * cancel_transfer_from_savings
- * decline_voting_rights
- * reset_account
- * set_reset_account
- * claim_reward_balance
- * delegate_vesting_shares
- * create_proposal
- * update_proposal_votes
- * remove_proposal
- * update_proposal
- * collateralized_convert
- * recurrent_transfer
+
+- vote
+- comment
+- transfer
+- transfer_to_vesting
+- withdraw_vesting
+- limit_order_create
+- limit_order_cancel
+- feed_publish
+- convert
+- account_create
+- account_update
+- witness_update
+- account_witness_vote
+- account_witness_proxy
+- delete_comment
+- custom_json
+- comment_options
+- set_withdraw_vesting_route
+- claim_account
+- create_claimed_account
+- request_account_recovery
+- recover_account
+- change_recovery_account
+- transfer_to_savings
+- transfer_from_savings
+- cancel_transfer_from_savings
+- decline_voting_rights
+- reset_account
+- set_reset_account
+- claim_reward_balance
+- delegate_vesting_shares
+- create_proposal
+- update_proposal_votes
+- remove_proposal
+- update_proposal
+- collateralized_convert
+- recurrent_transfer
 
 ## Prerequisite
 
@@ -76,7 +76,25 @@ Compile app in the container:
 
 ```
 docker run --rm -ti -v "$(realpath .):/app" ledger-app-builder:latest make
-``` 
+```
+
+You can compile the app in debug mode (should print additional information in speculos) with:
+
+```
+docker run --rm -ti -v "$(realpath .):/app" ledger-app-builder:latest make DEBUG=1
+```
+
+If you want to compile the app for Nano X model, enter the container:
+
+```
+docker run --rm -ti -v "$(realpath .):/app" ledger-app-builder:latest
+```
+
+And then run
+
+```
+BOLOS_SDK=$NANOX_SDK make
+```
 
 ## Simulate with Speculos
 
@@ -96,7 +114,6 @@ docker run --rm -it -v $(realpath .)/bin:/speculos/apps -p 1234:1234 -p 5000:500
 
 Open `http://localhost:5000/` in your browser to see the simulator.
 
-
 ## Debug with Speculos
 
 You can also debug this app with GDB thanks to speculos. First, make sure you have `gdb-multiarch` installed:
@@ -119,14 +136,12 @@ Connect your debugger with vscode by starting `Attach to gdbserver` configuratio
 
 You need to have ledgerblue installed (should be handled in "Prerequisite" part of this Readme).
 
-
 Load it with:
 
 ```
 python3 -m ledgerblue.loadApp --curve secp256k1 --appFlags 0x240 --path "48'/13'" --tlv --targetId 0x31100004 --targetVersion="2.0.0" --delete --fileName bin/app.hex --appName "Hive" --appVersion "1.0.0" --dataSize $((0x`cat debug/app.map |grep _envram_data | tr -s ' ' | cut -f2 -d' '|cut -f2 -d'x'` - 0x`cat debug/app.map |grep _nvram_data | tr -s ' ' | cut -f2 -d' '|cut -f2 -d'x'`)) `ICONHEX=\`python3 ./dev-env/SDK/nanos-secure-sdk/icon3.py --hexbitmaponly icons/nanos_app_hive.gif  2>/dev/null\` ; [ ! -z "$ICONHEX" ] && echo "--icon $ICONHEX"`
 ```
 
-
 ## Tests
 
 Big part of source code is covered by unit tests, written in `cmocka` framework.
@@ -164,5 +179,3 @@ It outputs 4 artifacts:
 - `speculos-log` within APDU command/response when executing end-to-end tests
 - `code-coverage` within HTML details of code coverage
 - `documentation` within HTML auto-generated documentation
-
-