Fbe/token account owner display

.github/workflows/ci-workflow.yml

@@ -14,6 +14,7 @@ jobs:
     uses: LedgerHQ/ledger-app-workflows/.github/workflows/reusable_build.yml@v1
     with:
       upload_app_binaries_artifact: compiled_app_binaries
+      flags: "TRUSTED_NAME_TEST=1"
 
   ragger_tests:
     name: Run ragger tests using the reusable workflow

.github/workflows/lint-workflow.yml

@@ -45,4 +45,4 @@ jobs:
         # Use Config file when the github action supports it
         builtin: clear,rare
         check_filenames: true
-        skip: ./libsol/printer_test.c,./tests/Cargo.lock
+        skip: ./libsol/printer_test.c,./tests/Cargo.lock,./tools/apdu_generator/Cargo.lock

Makefile

@@ -36,8 +36,8 @@ APPNAME = "Solana"
 
 # Application version
 APPVERSION_M = 1
-APPVERSION_N = 5
-APPVERSION_P = 6
+APPVERSION_N = 6
+APPVERSION_P = 0
 APPVERSION = "$(APPVERSION_M).$(APPVERSION_N).$(APPVERSION_P)"
 
 # Application source files
@@ -61,7 +61,7 @@ VARIANT_PARAM = COIN
 VARIANT_VALUES = solana
 
 # Enabling DEBUG flag will enable PRINTF and disable optimizations
-#DEBUG = 1
+# DEBUG = 1
 
 ########################################
 #     Application custom permissions   #
@@ -106,4 +106,12 @@ ifneq ($(WITH_LIBSOL),0)
     DEFINES      += NDEBUG
 endif
 
+#######################################
+# Trusted Name Test Mode              #
+#######################################
+TRUSTED_NAME_TEST ?= 0
+ifneq ($(TRUSTED_NAME_TEST),0)
+  DEFINES += HAVE_TRUSTED_NAME_TEST
+endif
+
 include $(BOLOS_SDK)/Makefile.standard_app

doc/api.md

@@ -1,5 +1,9 @@
 # Solana application : Common Technical Specifications
 
+## 1.4.0
+
+- Add support of Trusted Name descriptor (checked by PKI certificate)
+
 ## 1.3.1
 
 - Add support for versioned messages
@@ -134,6 +138,51 @@ _This command signs a Solana Off-Chain Message after having the user validate th
 | ------------- | :------: |
 | Signature     |    64    |
 
+### GET CHALLENGE
+
+#### Description
+
+_This command returns a 32-bit challenge generated by the app
+
+##### Command
+
+| _CLA_ | _INS_ | _P1_ | _P2_ |   _Lc_   |     _Le_ |
+| ----- | :---: | ---: | ---- | :------: | -------: |
+| E0    |  20   |   00 | 00   | 00       | N/A      |
+
+##### Input data
+
+N/A
+
+##### Output data
+
+| _Description_ | _Length_ |
+| ------------- | :------: |
+| Challenge     |    4     |
+
+### PROVIDE TRUSTED NAME TLV DESCRIPTOR
+
+#### Description
+
+_This command provides a [Solana Trusted Name TLV descriptor](https://ledgerhq.atlassian.net/wiki/spaces/BE/pages/5123145859/Solana+token+account+ownership)
+
+##### Command
+
+| _CLA_ | _INS_ | _P1_ | _P2_ |   _Lc_   |     _Le_ |
+| ----- | :---: | ---: | ---- | :------: | -------: |
+| E0    |  21   |   00 | 00   | F7 (max) | variable |
+
+##### Input data
+
+| _Description_                                       | _Length_ |
+| --------------------------------------------------- | :------: |
+| Serialized signed TLV descriptor payload            | variable |
+
+
+##### Output data
+
+N/A
+
 ## Transport protocol
 
 ### General transport description

ledger_app.toml

@@ -1,7 +1,11 @@
 [app]
 build_directory = "./"
 sdk = "C"
-devices = ["nanos", "nanox", "nanos+", "stax", "flex"]
+devices = ["nanox", "nanos+", "stax", "flex"]
+
+[use_cases]
+trusted_name_test = "TRUSTED_NAME_TEST=1"
+dbg_trusted_name_test = "DEBUG=1 TRUSTED_NAME_TEST=1"
 
 [tests]
 pytest_directory = "./tests/python"

libsol/spl_token_instruction.c

@@ -484,6 +484,9 @@ static int print_spl_token_initialize_multisig_info(const char* primary_title,
     return 0;
 }
 
+uint8_t g_trusted_token_account_owner_pubkey[BASE58_PUBKEY_LENGTH];
+bool g_trusted_token_account_owner_pubkey_set;
+
 int print_spl_token_transfer_info(const SplTokenTransferInfo* info,
                                   const PrintConfig* print_config,
                                   bool primary) {
@@ -502,6 +505,11 @@ int print_spl_token_transfer_info(const SplTokenTransferInfo* info,
                                   symbol,
                                   info->body.decimals);
 
+    if (g_trusted_token_account_owner_pubkey_set) {
+        item = transaction_summary_general_item();
+        summary_item_set_string(item, "To", (char*) g_trusted_token_account_owner_pubkey);
+    }
+
     item = transaction_summary_general_item();
     summary_item_set_pubkey(item, "Token address", info->mint_account);
 

src/apdu.c

@@ -1,5 +1,6 @@
 #include "apdu.h"
 #include "utils.h"
+#include "handle_provide_trusted_info.h"
 
 /**
  * Deserialize APDU into ApduCommand structure.
@@ -65,7 +66,9 @@ int apdu_handle_message(const uint8_t* apdu_message,
         case InsGetAppConfiguration:
         case InsGetPubkey:
         case InsSignMessage:
-        case InsSignOffchainMessage: {
+        case InsSignOffchainMessage:
+        case InsTrustedInfoGetChallenge:
+        case InsTrustedInfoProvideInfo: {
             // must at least hold a full modern header
             if (apdu_message_len < OFFSET_CDATA) {
                 return ApduReplySolanaInvalidMessageSize;
@@ -99,7 +102,8 @@ int apdu_handle_message(const uint8_t* apdu_message,
     const bool first_data_chunk = !(header.p2 & P2_EXTEND);
 
     if (header.instruction == InsDeprecatedGetAppConfiguration ||
-        header.instruction == InsGetAppConfiguration) {
+        header.instruction == InsGetAppConfiguration ||
+        header.instruction == InsTrustedInfoGetChallenge) {
         // return early if no data is expected for the command
         explicit_bzero(apdu_command, sizeof(ApduCommand));
         apdu_command->state = ApduStatePayloadComplete;
@@ -126,8 +130,8 @@ int apdu_handle_message(const uint8_t* apdu_message,
         explicit_bzero(apdu_command, sizeof(ApduCommand));
     }
 
-    // read derivation path
-    if (first_data_chunk) {
+    if ((first_data_chunk) && (header.instruction != InsTrustedInfoProvideInfo)) {
+        // read derivation path
         if (!header.deprecated_host && header.instruction != InsGetPubkey) {
             if (!header.data_length) {
                 return ApduReplySolanaInvalidMessageSize;
@@ -171,7 +175,6 @@ int apdu_handle_message(const uint8_t* apdu_message,
             return ApduReplySolanaInvalidMessageSize;
         }
     }
-
     if (header.data) {
         if (apdu_command->message_length + header.data_length > MAX_MESSAGE_LENGTH) {
             return ApduReplySolanaInvalidMessageSize;

src/apdu.h

@@ -47,6 +47,8 @@ typedef enum ApduReply {
     ApduReplySolanaSummaryFinalizeFailed = 0x6f00,
     ApduReplySolanaSummaryUpdateFailed = 0x6f01,
 
+    ApduReplySolanaInvalidTrustedInfo = 0x6c00,
+
     ApduReplyUnimplementedInstruction = 0x6d00,
     ApduReplyInvalidCla = 0x6e00,
 

src/globals.h

@@ -49,7 +49,9 @@ typedef enum InstructionCode {
     InsGetAppConfiguration = 0x04,
     InsGetPubkey = 0x05,
     InsSignMessage = 0x06,
-    InsSignOffchainMessage = 0x07
+    InsSignOffchainMessage = 0x07,
+    InsTrustedInfoGetChallenge = 0x20,
+    InsTrustedInfoProvideInfo = 0x21,
 } InstructionCode;
 
 extern volatile bool G_called_from_swap;

src/handle_get_challenge.c

@@ -0,0 +1,37 @@
+#include <os.h>
+#include <os_io.h>
+#include <cx.h>
+#include "apdu.h"
+#include "handle_get_challenge.h"
+
+static uint32_t challenge;
+
+/**
+ * Generate a new challenge from the Random Number Generator
+ */
+void roll_challenge(void) {
+#ifdef HAVE_TRUSTED_NAME_TEST
+    challenge = 0xdeadbeef;
+#else
+    challenge = cx_rng_u32();
+#endif
+}
+
+/**
+ * Get the current challenge
+ *
+ * @return challenge
+ */
+uint32_t get_challenge(void) {
+    return challenge;
+}
+
+/**
+ * Send back the current challenge
+ */
+void handle_get_challenge(volatile unsigned int *tx) {
+    PRINTF("New challenge -> %u\n", challenge);
+    U4BE_ENCODE(G_io_apdu_buffer, 0, challenge);
+    *tx += 4;
+    THROW(ApduReplySuccess);
+}

src/handle_get_challenge.h

@@ -0,0 +1,10 @@
+#ifndef TRUSTED_INFO_CHALLENGE_H_
+#define TRUSTED_INFO_CHALLENGE_H_
+
+#include <stdint.h>
+
+void roll_challenge(void);
+uint32_t get_challenge(void);
+void handle_get_challenge(volatile unsigned int *tx);
+
+#endif  // TRUSTED_INFO_CHALLENGE_H_