LedgerHQ · lpascal-ledger · Feb 28, 2024 · Oct 24, 2023 · Feb 16, 2024 · Feb 19, 2024
diff --git a/.github/workflows/ci-workflow.yml b/.github/workflows/ci-workflow.yml
@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Clone
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Install cmocka
         run: |
           sudo apt update
@@ -37,7 +37,7 @@ jobs:
           lcov --directory . -b "$(realpath build/)" --add-tracefile coverage.base --add-tracefile coverage.capture -o coverage.info
           lcov --directory . -b "$(realpath build/)" --remove coverage.info '*/unit-tests/*' -o coverage.info
           genhtml coverage.info -o coverage
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v4
         with:
           name: code-coverage
           path: tests/unit/coverage

diff --git a/.github/workflows/codeql-workflow.yml b/.github/workflows/codeql-workflow.yml
@@ -34,7 +34,7 @@ jobs:
 
     steps:
       - name: Clone
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Initialize CodeQL
         uses: github/codeql-action/init@v2

diff --git a/.github/workflows/lint-workflow.yml b/.github/workflows/lint-workflow.yml
@@ -17,7 +17,7 @@ jobs:
 
     steps:
       - name: Clone
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Lint
         uses: DoozyX/[email protected]
@@ -32,7 +32,7 @@ jobs:
 
     steps:
     - name: Clone
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         fetch-depth: 0
 

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -0,0 +1,35 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [1.1.3] - 2024-??-??
+
+### Fix
+
+- Bug #38: some applications were randomly lowering capital characters, leading passwords containing
+  capital characters to be almost always wrong.
+
+## [1.1.2] - 2023-10-12 (Stax only)
+
+### Fix
+
+- Updated porting to Stax SDK evolutions
+
+## [1.1.1] - 2023-04-25 (Stax only)
+
+### Fix
+
+- Derivation path changed, from `44'/1` to `5265220'`
+
+## [1.1.0] - 2023-04-12 (Stax only)
+
+### Add
+
+- Stax porting
+
+## [1.0.2] - 2022-03-02
+
+Original Passwords application
diff --git a/Makefile b/Makefile
@@ -28,20 +28,19 @@ APPVERSION_N=1
 APPVERSION_P=2
 APPVERSION=$(APPVERSION_M).$(APPVERSION_N).$(APPVERSION_P)
 
-APP_LOAD_PARAMS=--appFlags 0x40 --path "5265220'" --curve secp256k1 $(COMMON_LOAD_PARAMS)
+VARIANT_PARAM = NONE
+VARIANT_VALUES = pwmgr
 
-DEFINES += APPNAME=\"$(APPNAME)\"
-DEFINES += MAJOR_VERSION=$(APPVERSION_M) MINOR_VERSION=$(APPVERSION_N) PATCH_VERSION=$(APPVERSION_P)
-DEFINES += APPVERSION=\"$(APPVERSION)\"
+CURVE_APP_LOAD_PARAMS = secp256k1
+PATH_APP_LOAD_PARAMS = "5265220'"
+HAVE_APPLICATION_FLAG_GLOBAL_PIN = 1
 
-ifeq ($(TARGET_NAME),TARGET_NANOS)
-    ICONNAME=icons/nanos_icon_password_manager.gif
-else ifeq ($(TARGET_NAME), TARGET_STAX)
-    ICONNAME=icons/stax_icon_password_manager_32px.gif
-else
-    ICONNAME=icons/nanox_icon_password_manager.gif
-endif
+DEFINES += APPNAME=\"$(APPNAME)\"
 
+ICON_NANOS = icons/nanos_icon_password_manager.gif
+ICON_NANOSP = icons/nanox_icon_password_manager.gif
+ICON_NANOX = icons/nanox_icon_password_manager.gif
+ICON_STAX = icons/stax_icon_password_manager_32px.gif
 
 DEFINES += OS_IO_SEPROXYHAL
 DEFINES += HAVE_IO_USB HAVE_L4_USBLIB IO_USB_MAX_ENDPOINTS=4 IO_HID_EP_LENGTH=64 HAVE_USB_APDU
@@ -88,53 +87,10 @@ else
     DEFINES   += POPULATE
 endif
 
-# Enabling debug PRINTF
-DEBUG ?= 0
-ifneq ($(DEBUG),0)
-    $(info DEBUG ENABLED)
-    DEFINES += HAVE_STACK_OVERFLOW_CHECK HAVE_PRINTF
-    ifeq ($(TARGET_NAME),TARGET_NANOS)
-        DEFINES   += PRINTF=screen_printf
-    else
-        DEFINES   += PRINTF=mcu_usb_printf
-    endif
-else
-    $(info DEBUG DISABLED)
-    DEFINES   += PRINTF\(...\)=
-endif
-
-##############
-#  Compiler  #
-##############
-CC      := $(CLANGPATH)clang
-AS      := $(GCCPATH)arm-none-eabi-gcc
-LD      := $(GCCPATH)arm-none-eabi-gcc
-LDLIBS  += -lm -lgcc -lc
-
-# import rules to compile glyphs(/pone)
-include $(BOLOS_SDK)/Makefile.glyphs
-
 ### computed variables
 APP_SOURCE_PATH  += src
-SDK_SOURCE_PATH  += lib_stusb lib_stusb_impl
-
-ifneq ($(TARGET_NAME), TARGET_NANOS)
-ifneq ($(TARGET_NAME), TARGET_STAX)
-    SDK_SOURCE_PATH  += lib_ux
-endif
-endif
-
-load: all
-	python -m ledgerblue.loadApp $(APP_LOAD_PARAMS)
-
-delete:
-	python -m ledgerblue.deleteApp $(COMMON_DELETE_PARAMS)
-
-# import generic rules from the sdk
-include $(BOLOS_SDK)/Makefile.rules
 
 #add dependency on custom makefile filename
 dep/%.d: %.c Makefile
 
-listvariants:
-	@echo VARIANTS NONE pwmgr
+include $(BOLOS_SDK)/Makefile.standard_app
diff --git a/include/hid_mapping.h b/include/hid_mapping.h
@@ -15,9 +15,11 @@
  *  limitations under the License.
  ********************************************************************************/
 
-#ifndef HID_MAPPING_H
+#pragma once
 
 #define HID_MAPPING_H
+#define SHIFT_KEY 0x02
+#define ALT_KEY   0x04
 
 #include <stdint.h>
 
@@ -29,5 +31,3 @@ enum hid_mapping_e {
 typedef enum hid_mapping_e hid_mapping_t;
 
 void map_char(hid_mapping_t mapping, uint8_t key, uint8_t *out);
-
-#endif
diff --git a/src/apdu_handlers/dump_metadatas.c b/src/apdu_handlers/dump_metadatas.c
@@ -1,7 +1,7 @@
 #include "dump_metadatas.h"
+#include "error.h"
 #include "globals.h"
 #include "io.h"
-#include "sw.h"
 #include "password_ui_flows.h"
 
 int dump_metadatas() {
@@ -31,8 +31,7 @@ int dump_metadatas() {
 
     app_state.bytes_transferred += payload_size;
 
-    const buf_t response = {.bytes = G_io_apdu_buffer,
-                            .size = payload_size + TRANSFER_PAYLOAD_OFFSET};
-
-    return send(&response, SW_OK);
+    return io_send_response_pointer(G_io_apdu_buffer,
+                                    payload_size + TRANSFER_PAYLOAD_OFFSET,
+                                    SW_OK);
 }
diff --git a/src/apdu_handlers/get_app_config.c b/src/apdu_handlers/get_app_config.c
@@ -15,21 +15,21 @@
  *  limitations under the License.
  ********************************************************************************/
 
+#include <io.h>
 #include <stdint.h>
 #include <limits.h>
 #include <math.h>
 #include <stdlib.h>
 
-#include "../password_ui_flows.h"
+#include "error.h"
 #include "get_app_config.h"
-#include "io.h"
-#include "sw.h"
-#include "types.h"
 #include "globals.h"
+#include "password_ui_flows.h"
+#include "types.h"
 
 int get_app_config(uint8_t p1, uint8_t p2, __attribute__((unused)) const buf_t* input) {
     if (p1 != 0 || p2 != 0) {
-        return send_sw(SW_WRONG_P1P2);
+        return io_send_sw(SW_WRONG_P1P2);
     }
 
     uint8_t* config = G_io_apdu_buffer;
@@ -43,8 +43,6 @@ int get_app_config(uint8_t p1, uint8_t p2, __attribute__((unused)) const buf_t*
     config[offset++] = N_storage.keyboard_layout;
     config[offset++] = N_storage.press_enter_after_typing;
 
-    const buf_t buf = {.bytes = config, .size = offset};
-
     ui_idle();
-    return send(&buf, SW_OK);
+    return io_send_response_pointer(config, offset, SW_OK);
 }
diff --git a/src/apdu_handlers/load_metadatas.c b/src/apdu_handlers/load_metadatas.c
@@ -1,13 +1,14 @@
-#include "load_metadatas.h"
-#include "io.h"
+#include <io.h>
+
+#include "error.h"
 #include "globals.h"
-#include "sw.h"
+#include "load_metadatas.h"
 #include "metadata.h"
 #include "password_ui_flows.h"
 
 int load_metadatas(uint8_t p1, uint8_t p2, const buf_t *input) {
     if ((p1 != 0 && p1 != P1_LAST_CHUNK) || p2 != 0) {
-        return send_sw(SW_WRONG_P1P2);
+        return io_send_sw(SW_WRONG_P1P2);
     }
     if (app_state.user_approval == false) {
         app_state.bytes_transferred = 0;
@@ -17,7 +18,7 @@ int load_metadatas(uint8_t p1, uint8_t p2, const buf_t *input) {
     }
 
     if (input->size > sizeof(N_storage.metadatas) - app_state.bytes_transferred) {
-        return send_sw(SW_WRONG_DATA_LENGTH);
+        return io_send_sw(SW_WRONG_DATA_LENGTH);
     }
 
     override_metadatas(app_state.bytes_transferred, (void *) input->bytes, input->size);
@@ -28,9 +29,9 @@ int load_metadatas(uint8_t p1, uint8_t p2, const buf_t *input) {
         app_state.user_approval = false;
         ui_idle();
         if (compact_metadata()) {
-            return send_sw(SW_METADATAS_PARSING_ERROR);
+            return io_send_sw(SW_METADATAS_PARSING_ERROR);
         }
     }
 
-    return send_sw(SW_OK);
+    return io_send_sw(SW_OK);
 }