v3.0.2

.github/workflows/build.yml

@@ -21,7 +21,7 @@ jobs:
         device: [nanos, nanosp, nanox, stax]
     runs-on: ubuntu-latest
     container:
-      image: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder:3.12.0
+      image: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-dev-tools:latest
     steps:
       - name: Checkout
         uses: actions/checkout@v3
@@ -43,32 +43,25 @@ jobs:
           path: app_${{ matrix.device }}_dbg.tgz
           name: app_${{ matrix.device }}_dbg.tgz
 
-  build_docker_integration_tests:
-    uses: ./.github/workflows/docker.yml
-    secrets: inherit
-    with:
-      dockerfile: docker/Dockerfile.integration-tests
-      image_name: integration_tests
 
   build_docker_tezos_ocaml:
+    if: github.repository == 'trilitech/ledger-app-tezos-wallet'
     uses: ./.github/workflows/docker.yml
     secrets: inherit
     with:
       dockerfile: docker/Dockerfile.ocaml
       image_name: tezos_ocaml
 
   integration_tests_basic:
-    needs: [build_app, build_docker_integration_tests]
+    needs: [build_app]
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false
       matrix:
         device: [nanos, nanosp, nanox, stax]
     container:
-      image: ${{ needs.build_docker_integration_tests.outputs.image }}
-      credentials:
-        username: ${{ secrets.DOCKER_USERNAME }}
-        password: ${{ secrets.DOCKER_PASSWORD }}
+      image: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-dev-tools:latest
+
     steps:
       - name: Set Git Safe Directory
         run: |
@@ -93,17 +86,31 @@ jobs:
             ./tests/integration/run_test_local.sh -F -m ${{ matrix.device }} \
               ./tests/integration/${{ matrix.device }}
           else
-            ./tests/integration/run_test_local.sh -F -m ${{ matrix.device }} \
-              ./tests/integration/nano ./tests/integration/nano/${{ matrix.device }}
+            apk add gmp-dev curl jq libsodium-dev git xxd procps
+            python3 -m venv tezos_test_env --system-site-package
+            source ./tezos_test_env/bin/activate
+            python3 -m pip install -r ./tests/requirements.txt -q
+            TMP_DIR=$(mktemp -d /tmp/foo-XXXXXX)
+            tar xfz app_${{ matrix.device }}_dbg.tgz -C $TMP_DIR
+            python3 -m pytest -n 32 tests/integration/nano/ --tb=no                \
+                   --device ${{ matrix.device }} --app $TMP_DIR/app.elf \
+                   --log-dir integration_tests_log
           fi
 
-      - name: Upload results
+      - name: Upload Stax results
         uses: actions/upload-artifact@v3
-        if: always()
+        if: always() && matrix.device == 'stax'
         with:
           name: integration_tests_${{ matrix.device }}.json
           path: ./integration_tests.json
 
+      - name: Upload Nano results
+        uses: actions/upload-artifact@v3
+        if: always() && matrix.device != 'stax'
+        with:
+          name: integration_tests_log_${{ matrix.device }}
+          path: ./integration_tests_log
+
   generate_samples_unit_tests:
     needs: [build_docker_tezos_ocaml]
     runs-on: ubuntu-latest
@@ -151,18 +158,15 @@ jobs:
           path: tests/samples/operations/nano
 
   integration_tests_samples:
-    needs: [build_app, generate_samples_unit_tests, build_docker_integration_tests]
+    needs: [build_app, generate_samples_unit_tests]
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false
       matrix:
         device: [nanos, nanosp, nanox]
         type: [micheline, operations]
     container:
-      image: ${{ needs.build_docker_integration_tests.outputs.image }}
-      credentials:
-        username: ${{ secrets.DOCKER_USERNAME }}
-        password: ${{ secrets.DOCKER_PASSWORD }}
+      image: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-dev-tools:latest
     steps:
       - name: Checkout
         uses: actions/checkout@v3
@@ -184,7 +188,12 @@ jobs:
           path: tests
 
       - name: Test
-        run: ./tests/integration/run_test_local.sh -T100 -F -m ${{ matrix.device }} tests
+        run: |
+            apk add gmp-dev curl jq libsodium-dev git xxd procps
+            python3 -m venv tezos_test_env --system-site-package
+            source ./tezos_test_env/bin/activate
+            python3 -m pip install -r ./tests/requirements.txt -q
+            ./tests/integration/run_test_local.sh -T100 -F -m ${{ matrix.device }} tests
 
       - name: Upload results
         uses: actions/upload-artifact@v3

.gitignore

@@ -10,8 +10,10 @@
 /app/src/glyphs.h
 /app_*.tgz
 /integration_tests.json
+/integration_tests_log
 /pattern_registry
 /tests/samples
+/*env/
 
 tags
 __pycache__

Makefile

@@ -25,17 +25,18 @@ docker_speculos:
 	$(DOCKER) image tag $(LEDGERHQ)/speculos speculos
 
 docker_ledger_app_builder:
-	$(DOCKER) pull $(LEDGERHQ)/ledger-app-builder/ledger-app-builder:3.12.0
-	$(DOCKER) image tag $(LEDGERHQ)/ledger-app-builder/ledger-app-builder:3.12.0 \
+	$(DOCKER) pull $(LEDGERHQ)/ledger-app-builder/ledger-app-dev-tools:latest
+	$(DOCKER) image tag $(LEDGERHQ)/ledger-app-builder/ledger-app-dev-tools:latest \
 			ledger-app-builder
 
 docker_ledger_app_ocaml:
 	$(DOCKER) build -t ledger-app-tezos-ocaml \
 			-f docker/Dockerfile.ocaml docker --platform linux/$(CPU)
 
 docker_ledger_app_integration_tests:
-	$(DOCKER) build -t ledger-app-tezos-integration-tests \
-			-f docker/Dockerfile.integration-tests docker --platform linux/$(CPU)
+	$(DOCKER) pull $(LEDGERHQ)/ledger-app-builder/ledger-app-dev-tools:latest
+	$(DOCKER) image tag $(LEDGERHQ)/ledger-app-builder/ledger-app-dev-tools:latest \
+			ledger-app-tezos-integration-tests
 
 docker_images: docker_speculos		\
 	docker_ledger_app_builder	\
@@ -94,12 +95,23 @@ integration_tests_basic_stax:	app_stax.tgz		\
 				tests/integration/stax/*
 	$(RUN_TEST_DOCKER) stax tests/integration/stax
 
-integration_tests_basic_%:	app_%.tgz			\
+integration_tests_basic_%:	app_%.tgz   \
 				app_%_dbg.tgz			\
 				tests/integration/*		\
 				tests/integration/nano/*	\
 				tests/integration/nano/%/*
-	$(RUN_TEST_DOCKER) $* tests/integration/nano tests/integration/nano/$*
+	docker run --rm -i -v "$(realpath .):/app" \
+	--entrypoint=/bin/sh ledger-app-tezos-integration-tests -c "  \
+		TMP_DIR=\$$(mktemp -d /tmp/foo-XXXXXX);                   \
+		cd /app;                                                  \
+		tar xfz app_$*_dbg.tgz -C \$$TMP_DIR;                     \
+		apk add gmp-dev curl jq libsodium-dev git xxd procps;     \
+		python3 -m venv tezos_test_env --system-site-package;     \
+		source ./tezos_test_env/bin/activate;                     \
+		python3 -m pip install -r tests/requirements.txt -q ;  \
+		python3 -m pytest -n 32 tests/integration/nano/ --tb=no   \
+			--device $* --app \$$TMP_DIR/app.elf                  \
+			--log-dir integration_tests_log"
 
 integration_tests_basic:	integration_tests_basic_nanos	\
 				integration_tests_basic_nanosp	\

README.md

@@ -18,8 +18,7 @@ The docker images can be built using the provided Makefile:
 :; make docker-images
 ```
 
-This pulls down two images, `ghcr.io/ledgerhq/speculos` and
-`ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder:latest`.  It
+This pulls down following image, `ghcr.io/ledgerhq/ledger-app-dev-tools`. It
 also builds an image via `docker/Dockerfile.ocaml`.
 
 We do not make the builds of the software conditional on these docker
@@ -157,11 +156,10 @@ make app_nanox_dbg.tgz
 You can run an individual test from the test container. You should see the app progress on the vnc viewer.
 
 ```sh
-./tests/integration/nano/<test_name>.py \
+pytest tests/integration/nano/<test_name>.py \
    --device $DEVICE \
    --port $PORT \
-   --display headless \
-   --vnc-port 41000 \
+   --speculos-args="--vnc-port 41000" \
    --app app/bin/app.elf
 ```
 

app/Makefile

@@ -43,7 +43,7 @@ APPNAME = "Tezos Wallet"
 # Application version
 APPVERSION_M=3
 APPVERSION_N=0
-APPVERSION_P=1
+APPVERSION_P=2
 APPVERSION=$(APPVERSION_M).$(APPVERSION_N).$(APPVERSION_P)
 
 # COMMIT

app/src/apdu_pubkey.c

@@ -59,7 +59,10 @@ provide_pubkey(void)
 static void
 format_pkh(cx_ecfp_public_key_t *pubkey, char *buffer, size_t len)
 {
-    derive_pkh(pubkey, global.path_with_curve.derivation_type, buffer, len);
+    TZ_PREAMBLE(("buffer=%p, len=%u", buffer, len));
+    TZ_LIB_CHECK(derive_pkh(pubkey, global.path_with_curve.derivation_type,
+                            buffer, len));
+    TZ_POSTAMBLE;
 }
 
 static void
@@ -179,14 +182,14 @@ handle_apdu_get_public_key(command_t *cmd)
     global.path_with_curve.derivation_type = cmd->p2;
     TZ_ASSERT(EXC_WRONG_PARAM,
               check_derivation_type(global.path_with_curve.derivation_type));
-    TZ_CHECK(read_bip32_path(&global.path_with_curve.bip32_path, cmd->data,
-                             cmd->lc));
+    TZ_LIB_CHECK(read_bip32_path(&global.path_with_curve.bip32_path,
+                                 cmd->data, cmd->lc));
 
     // Derive public key and store it on global.keys.pubkey
 
-    TZ_CHECK(derive_pk(&global.keys.pubkey,
-                       global.path_with_curve.derivation_type,
-                       &global.path_with_curve.bip32_path));
+    TZ_LIB_CHECK(derive_pk(&global.keys.pubkey,
+                           global.path_with_curve.derivation_type,
+                           &global.path_with_curve.bip32_path));
     if (prompt)
         prompt_address();
     else

app/src/apdu_sign.c

@@ -446,8 +446,8 @@ handle_first_apdu(command_t *cmd)
     TZ_ASSERT_NOTNULL(cmd);
     APDU_SIGN_ASSERT_STEP(SIGN_ST_IDLE);
 
-    TZ_CHECK(read_bip32_path(&global.path_with_curve.bip32_path, cmd->data,
-                             cmd->lc));
+    TZ_LIB_CHECK(read_bip32_path(&global.path_with_curve.bip32_path,
+                                 cmd->data, cmd->lc));
     global.path_with_curve.derivation_type = cmd->p2;
     TZ_ASSERT(EXC_WRONG_PARAM,
               check_derivation_type(global.path_with_curve.derivation_type));

app/src/app_main.c

@@ -36,6 +36,7 @@
 void
 app_exit(void)
 {
+    PRINTF("[DEBUG] Trying to exit the app. \n");
     os_sched_exit(-1);
 }
 

app/src/exception.h

@@ -29,6 +29,8 @@
 // https://www.eftlab.com/knowledge-base/complete-list-of-apdu-responses
 // https://docs.zondax.ch/ledger-apps/starkware/APDU
 
+typedef uint16_t tz_exc;
+
 #define EXC_WRONG_PARAM               0x6B00
 #define EXC_WRONG_LENGTH              0x6C00
 #define EXC_INVALID_INS               0x6D00
@@ -80,9 +82,9 @@
  */
 
 #define TZ_PREAMBLE(_args)          \
-    uint16_t _sw_ret_code = 0x0000; \
+    tz_exc   _sw_ret_code = 0x0000; \
     cx_err_t error        = CX_OK;  \
-    if (0)                          \
+    if (error != CX_OK)             \
         goto bail;                  \
     if (0)                          \
         goto end;                   \
@@ -101,6 +103,16 @@
     }                                                 \
     FUNC_LEAVE();
 
+#define TZ_LIB_POSTAMBLE                              \
+    end:                                              \
+    if (error != CX_OK) {                             \
+        _sw_ret_code = EXC_UNKNOWN_CX_ERR;            \
+        PRINTF("CX_CHECK failed with 0x%08x", error); \
+    }                                                 \
+    bail:                                             \
+    FUNC_LEAVE();                                     \
+    return _sw_ret_code
+
 #define TZ_FAIL(_sw_code)        \
     do {                         \
         _sw_ret_code = _sw_code; \
@@ -131,4 +143,14 @@
         }                                                           \
     } while (0)
 
+#define TZ_LIB_CHECK(_call)                                             \
+    do {                                                                \
+        _sw_ret_code = (_call);                                         \
+        if (_sw_ret_code) {                                             \
+            PRINTF("TZ_LIB_CHECK(\"%s\") on %s:%u\n", #_call, __FILE__, \
+                   __LINE__);                                           \
+            goto bail;                                                  \
+        }                                                               \
+    } while (0)
+
 #define TZ_ASSERT_NOTNULL(_x) TZ_ASSERT(EXC_MEMORY_ERROR, (_x) != NULL)

app/src/handle_swap.c

@@ -45,17 +45,17 @@
 void
 swap_handle_check_address(check_address_parameters_t *params)
 {
-    FUNC_ENTER(("params=%p", params));
+    TZ_PREAMBLE(("params=%p", params));
 
     if (params->address_to_check == NULL) {
         PRINTF("[ERROR] Address to check is null\n");
-        goto error;
+        goto bail;
     }
 
     if (params->address_parameters_length == 0
         || params->address_parameters == NULL) {
         PRINTF("[ERROR] Address parameters is null\n");
-        goto error;
+        goto bail;
     }
 
     char address[TZ_CAPTURE_BUFFER_SIZE] = {0};
@@ -64,21 +64,22 @@ swap_handle_check_address(check_address_parameters_t *params)
     derivation_type_t derivation_type = DERIVATION_TYPE_ED25519;
     bip32_path_t      bip32_path;
 
-    TZ_CHECK(read_bip32_path(&bip32_path, params->address_parameters,
-                             params->address_parameters_length));
+    TZ_LIB_CHECK(read_bip32_path(&bip32_path, params->address_parameters,
+                                 params->address_parameters_length));
     cx_ecfp_public_key_t pubkey;
-    TZ_CHECK(derive_pk(&pubkey, derivation_type, &bip32_path));
-    TZ_CHECK(derive_pkh(&pubkey, derivation_type, address, sizeof(address)));
+    TZ_LIB_CHECK(derive_pk(&pubkey, derivation_type, &bip32_path));
+    TZ_LIB_CHECK(
+        derive_pkh(&pubkey, derivation_type, address, sizeof(address)));
     if (strcmp(params->address_to_check, address) != 0) {
         PRINTF("[ERROR] Check address fail: %s !=  %s\n",
                params->address_to_check, address);
-        goto error;
+        goto bail;
     }
 
     params->result = 1;
     FUNC_LEAVE();
     return;
-error:
+end:
 bail:
     params->result = 0;
     FUNC_LEAVE();