Merge pull request #3 from LedgerHQ/develop

Merge develop in main following version 1.0.1 deployment on P1
LedgerHQ · Mar 16, 2023 · 64a0a2f · 64a0a2f
2 parents 530d38b + a37cd15
commit 64a0a2f
Show file tree

Hide file tree

Showing 835 changed files with 1,040 additions and 589 deletions.
diff --git a/.github/workflows/build_and_functional_tests.yml b/.github/workflows/build_and_functional_tests.yml
@@ -0,0 +1,65 @@
+name: Build and run functional tests using ragger through reusable workflow
+
+# This workflow will build the app and then run functional tests using the Ragger framework upon Speculos emulation.
+# It calls a reusable workflow developed by Ledger's internal developer team to build the application and upload the
+# resulting binaries.
+# It then calls another reusable workflow to run the Ragger tests on the compiled application binary.
+#
+# While this workflow is optional, having functional testing on your application is mandatory and this workflow and
+# tooling environment is meant to be easy to use and adapt after forking your application
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - master
+      - main
+      - develop
+  pull_request:
+
+jobs:
+  build_application:
+    name: Build application using the reusable workflow
+    uses: LedgerHQ/ledger-app-workflows/.github/workflows/reusable_build.yml@v1
+    with:
+      run_for_devices: '["nanox", "nanosp"]'
+      upload_app_binaries_artifact: compiled_app_binaries
+
+  ragger_tests:
+    name: Run ragger tests
+    strategy:
+      matrix:
+        include:
+          - model: nanox
+
+          - model: nanosp
+            args: "--fast"
+
+          - model: nanox
+            args: "--transport HID --fast"
+
+    needs: build_application
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Clone
+        uses: actions/checkout@v3
+
+      - name: Download app binaries
+        uses: actions/download-artifact@v3
+        with:
+          name: compiled_app_binaries
+          path: build/
+
+      - name: Install APT dependencies
+        run: sudo apt-get update && sudo apt-get install -y qemu-user-static tesseract-ocr libtesseract-dev
+
+      - name: Install tests dependencies
+        run: |
+          pip install --extra-index-url https://test.pypi.org/simple/ -r tests/speculos/requirements.txt
+
+      - name: Run test
+        env:
+          CTEST_OUTPUT_ON_FAILURE: 1
+        run: pytest tests/speculos/ --tb=short -v --device ${{ matrix.model }} ${{ matrix.args }}
diff --git a/.github/workflows/ci-workflow.yml b/.github/workflows/ci-workflow.yml
diff --git a/.github/workflows/guidelines_enforcer.yml b/.github/workflows/guidelines_enforcer.yml
@@ -0,0 +1,23 @@
+name: Ensure compliance with Ledger guidelines
+
+# This workflow is mandatory in all applications
+# It calls a reusable workflow guidelines_enforcer developed by Ledger's internal developer team.
+# The successful completion of the reusable workflow is a mandatory step for an app to be available on the Ledger
+# application store.
+#
+# More information on the guidelines can be found in the repository:
+# LedgerHQ/ledger-app-workflows/
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - master
+      - main
+      - develop
+  pull_request:
+
+jobs:
+  guidelines_enforcer:
+    name: Call Ledger guidelines_enforcer
+    uses: LedgerHQ/ledger-app-workflows/.github/workflows/reusable_guidelines_enforcer.yml@v1
diff --git a/.github/workflows/misspellings_checks.yml b/.github/workflows/misspellings_checks.yml
@@ -0,0 +1,28 @@
+name: Misspellings checks
+
+# This workflow performs some misspelling checks on the repository
+# It is there to help us maintain a level of quality in our codebase and does not have to be kept on forked
+# applications.
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - master
+      - main
+      - develop
+  pull_request:
+
+jobs:
+  misspell:
+    name: Check misspellings
+    runs-on: ubuntu-latest
+    steps:
+    - name: Clone
+      uses: actions/checkout@v3
+
+    - name: Check misspellings
+      uses: codespell-project/actions-codespell@v1
+      with:
+        builtin: clear,rare
+        check_filenames: true
diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml
@@ -0,0 +1,28 @@
+name: Unit testing with Codecov coverage checking
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - master
+      - main
+      - develop
+  pull_request:
+
+jobs:
+  job_unit_test:
+    name: Unit test
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Clone
+        uses: actions/checkout@v3
+
+      - name: Install make and clang
+        run: |
+          sudo apt update
+          sudo apt install -y make clang
+
+      - name: Run unit tests
+        run: |
+          make -C tests/unit-tests
diff --git a/.gitignore b/.gitignore
@@ -1,10 +1,7 @@
 # Compilation of Ledger's app
-src/glyphs.c
-src/glyphs.h
 bin/
 debug/
-dep/
-obj/
+build
 
 # Unit tests
 tests/unit-tests/fuzz_cbip_decode
@@ -34,5 +31,4 @@ doc/latex
 attestations/data/prod/*/*priv-key.*
 attestations/data/prod/*priv-key.*
 
-tests/elfs/
 tests/speculos/snapshots-tmp/
diff --git a/Makefile b/Makefile
@@ -21,7 +21,7 @@ endif
 include $(BOLOS_SDK)/Makefile.defines
 
 $(info TARGET_NAME=$(TARGET_NAME))
-ifneq ($(TARGET_NAME),$(filter $(TARGET_NAME),TARGET_NANOS TARGET_NANOX TARGET_NANOS2))
+ifneq ($(TARGET_NAME),$(filter $(TARGET_NAME),TARGET_NANOX TARGET_NANOS2))
 $(error Environment variable TARGET_NAME is not valid or not supported)
 endif
 
@@ -33,16 +33,12 @@ APP_LOAD_PARAMS += --path "5262163'"  # int("PKS".encode("ascii").hex(), 16)
 APP_LOAD_PARAMS += --appFlags 0x040
 APP_LOAD_PARAMS += $(COMMON_LOAD_PARAMS)
 
-APPVERSION_M=0
-APPVERSION_N=1
-APPVERSION_P=0
+APPVERSION_M=1
+APPVERSION_N=0
+APPVERSION_P=1
 APPVERSION=$(APPVERSION_M).$(APPVERSION_N).$(APPVERSION_P)
 
-ifeq ($(TARGET_NAME),TARGET_NANOS)
-ICONNAME=icons/icon_security_key_nanos.gif
-else
 ICONNAME=icons/icon_security_key.gif
-endif
 
 ################
 # Default rule #
@@ -83,6 +79,16 @@ ifneq ($(PROD_FIDO2_NANOSP_PRIVATE_KEY),0)
     DEFINES += PROD_FIDO2_NANOSP_PRIVATE_KEY=${PROD_FIDO2_NANOSP_PRIVATE_KEY}
 endif
 
+PROD_U2F_STAX_PRIVATE_KEY?=0
+ifneq ($(PROD_U2F_STAX_PRIVATE_KEY),0)
+    DEFINES += PROD_U2F_STAX_PRIVATE_KEY=${PROD_U2F_STAX_PRIVATE_KEY}
+endif
+
+PROD_FIDO2_STAX_PRIVATE_KEY?=0
+ifneq ($(PROD_FIDO2_STAX_PRIVATE_KEY),0)
+    DEFINES += PROD_FIDO2_STAX_PRIVATE_KEY=${PROD_FIDO2_STAX_PRIVATE_KEY}
+endif
+
 ############
 # Platform #
 ############
@@ -133,15 +139,14 @@ DEFINES += HAVE_UX_STACK_INIT_KEEP_TICKER
 # Used to initialize app counter to current timestamp directly in the app bin code
 # when the app is streamed from the HSM.
 # This is necessary to never use the counter with a lower value than previous calls.
+# This means that the app APDU will be patched when streamed from the HSM and therefore
+# the apdu should not contain a crc.
 DEFINES += HAVE_COUNTER_MARKER
+APP_LOAD_PARAMS += --nocrc
 
 DEFINES += HAVE_FIDO2_RPID_FILTER
 
-ifeq ($(TARGET_NAME),TARGET_NANOS)
-DEFINES += RK_SIZE=2048
-else
 DEFINES += RK_SIZE=6144
-endif
 
 #DEFINES  += HAVE_CBOR_DEBUG
 

diff --git a/README.md b/README.md
@@ -51,3 +51,14 @@ See dedicated `README.md` in tests `directory`.
 ## Known limitations
 
 On Linux and Mac, Firefox support only U2F but not CTAP2, see [corresponding tracker](https://bugzilla.mozilla.org/show_bug.cgi?id=1530370).
+
+Due to OS constraints, this Security Key App as some limitations:
+
+* It is not available on the Nano S due to the lack of support of AES-SIV on Nano S OS.
+* Discoverable / Resident credentials are supported but are stored on a part of the device flash that will be wiped upon app deletion, which can happen:
+  - If the user chooses to uninstall it from Ledger Live
+  - If the user chooses to update the app to a new available version
+  - If the user updates the OS version
+* Following FIDO2 spec, credentials can be revoked, but the revocation mechanism is based on a counter that - as discoverable credentials - will be wiped upon app deletion.
+
+Please look at the dedicated section at the end of [this blog post](https://blog.ledger.com/security-key/) for more detailed explanations.
diff --git a/attestations/README.md b/attestations/README.md
@@ -53,5 +53,5 @@ They can be accessed from the public repository and should therefore never be us
 You can then retrieve the attestation data and key in a form that should be put in `src/crypto_data.h`.
 To do so, just run `./generateCryptoData.py <env> <version> <model>` and the data should be output in the terminal.
 
-This repository contains a `src/crypto_data.h` file that is committed and contains datas from `test` env and public data from `prod` env.
+This repository contains a `src/crypto_data.h` file that is committed and contains data from `test` env and public data from `prod` env.
 Never use `test` data in production.
diff --git a/attestations/cnf/FIDO2/openssl_cert_stax.cnf b/attestations/cnf/FIDO2/openssl_cert_stax.cnf
@@ -0,0 +1,14 @@
+[req]
+distinguished_name = req_distinguished_name
+prompt = no
+
+[req_distinguished_name]
+C = FR 
+O = Ledger 
+OU = Authenticator Attestation
+CN = Ledger Stax FIDO 2 Attestation Batch 1
+
+[v3_req]
+1.3.6.1.4.1.45724.1.1.4=ASN1:FORMAT:HEX,OCTETSTRING:6e24d385004a16a07bfeefd963845b34
+basicConstraints=critical,CA:FALSE
+