Initial commit

add Jubjub
add Blake2 and update deps
keys generation cpp tests
compute public address
update JS package
compute sapling keys
use local blake2s
fix Rust compilation flags
update APDU spec
add publish JS package script
disable Ledger CI

.clang-format

@@ -0,0 +1,5 @@
+BasedOnStyle: Google
+IndentWidth: 4
+ColumnLimit: 125
+DerivePointerAlignment: false
+PointerAlignment: Right

.clang-tidy

@@ -0,0 +1,22 @@
+Checks: "-*,
+  clang-diagnostic-*,
+  clang-analyzer-*,
+  cppcoreguidelines-init-variables,
+  google-runtime-int,
+  google-readability-avoid-underscore-in-googletest-name,
+  misc-*,
+  performance-*,
+  portability-*,
+  readability-*,
+  -misc-no-recursion,
+  -readability-function-cognitive-complexity"
+WarningsAsErrors: "*"
+CheckOptions:
+  - key: readability-identifier-length.MinimumVariableNameLength
+    value: 2
+  - key: readability-identifier-length.MinimumParameterNameLength
+    value: 2
+  - key: readability-identifier-length.MinimumLoopCounterNameLength
+    value: 1
+  - key: readability-magic-numbers.IgnorePowersOf2IntegerValues
+    value: true

.editorconfig

@@ -0,0 +1,16 @@
+# top-most EditorConfig file
+root = true
+
+[*]
+charset = utf-8
+trim_trailing_whitespace = true
+end_of_line = lf
+insert_final_newline = true
+
+[*.{c,h,cpp,hpp}]
+indent_style = space
+indent_size = 4
+
+[*.{yml,sh}]
+indent_style = space
+indent_size = 2

.github/workflows/check_version.yml

@@ -0,0 +1,53 @@
+name: Verify PRs to main
+
+on:
+  workflow_dispatch:
+  pull_request:
+    branches:
+      - main
+      - develop
+
+jobs:
+  configure:
+    runs-on: ubuntu-latest
+    outputs:
+      uid_gid: ${{ steps.get-user.outputs.uid_gid }}
+    steps:
+      - id: get-user
+        run: echo "uid_gid=$(id -u):$(id -g)" >> $GITHUB_OUTPUT
+
+  get_version:
+    needs: configure
+    runs-on: ubuntu-latest
+    container:
+      image: zondax/ledger-app-builder:latest
+      options: --user ${{ needs.configure.outputs.uid_gid }}
+    env:
+      SDK_VARNAME: NANOSP_SDK
+    outputs:
+      version: ${{ steps.store-version.outputs.version }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          submodules: true
+      - run: make version
+      - id: store-version
+        run: echo "version=$(cat ./app/app.version)" >> $GITHUB_OUTPUT
+
+  check_app_version:
+    needs: get_version
+    runs-on: ubuntu-latest
+    steps:
+      - id: checkTag
+        uses: mukunku/[email protected]
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag: ${{ needs.get_version.outputs.version }}
+
+      - run: echo ${{ steps.checkTag.outputs.exists }}
+
+      - name: Tag exists
+        if: ${{ steps.checkTag.outputs.exists == 'true' }}
+        run: exit 1

.github/workflows/guidelines_enforcer.yml

@@ -0,0 +1,23 @@
+name: Ensure compliance with Ledger guidelines
+
+# This workflow is mandatory in all applications
+# It calls a reusable workflow guidelines_enforcer developed by Ledger's internal developer team.
+# The successful completion of the reusable workflow is a mandatory step for an app to be available on the Ledger
+# application store.
+#
+# More information on the guidelines can be found in the repository:
+# LedgerHQ/ledger-app-workflows/
+
+on:
+  workflow_dispatch:
+  # push:
+  #   branches:
+  #     - master
+  #     - main
+  #     - develop
+  # pull_request:
+
+jobs:
+  guidelines_enforcer:
+    name: Call Ledger guidelines_enforcer
+    uses: LedgerHQ/ledger-app-workflows/.github/workflows/reusable_guidelines_enforcer.yml@v1

.github/workflows/lint.yml

@@ -0,0 +1,43 @@
+name: Lint and format 💅
+
+on:
+  workflow_dispatch:
+  # push:
+  # pull_request:
+  #   branches:
+  #     - main
+  #     - develop
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    container: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder-legacy:latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: recursive
+      - name: Add missing deps
+        run: |
+          DEBIAN_FRONTEND=noninteractive
+          apt-get update
+          apt-get install -y bear sudo
+      - name: Generate compilation database
+        run: bear -- make -j BOLOS_SDK="$NANOSP_SDK"
+      - name: Lint and format 💅
+        uses: cpp-linter/cpp-linter-action@v2
+        id: linter
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          file-annotations: true
+          files-changed-only: false
+          ignore: "app/build|cmake|deps|fuzz|tests"
+          step-summary: true
+          style: file # uses .clang-format
+          thread-comments: true
+          tidy-checks: "" # use only .clang-tidy checks
+      - name: Fail if errors
+        if: steps.linter.outputs.checks-failed > 0
+        run: |
+          echo "Linter or formatter failed!"
+          exit 1

.github/workflows/main.yml

@@ -0,0 +1,165 @@
+name: Build
+on:
+  workflow_dispatch:
+  push:
+  pull_request:
+    branches:
+      - main
+      - develop
+
+jobs:
+  configure:
+    runs-on: ubuntu-latest
+    outputs:
+      uid_gid: ${{ steps.get-user.outputs.uid_gid }}
+    steps:
+      - id: get-user
+        run: echo "uid_gid=$(id -u):$(id -g)" >> $GITHUB_OUTPUT
+
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          submodules: true
+      - name: Install deps
+        run: |
+          sudo update-alternatives --install /usr/bin/python python /usr/bin/python3 10
+          make deps
+      - run: make cpp_test
+
+  build_ledger:
+    needs: configure
+    runs-on: ubuntu-latest
+    container:
+      image: zondax/ledger-app-builder:latest
+      options: --user ${{ needs.configure.outputs.uid_gid }}
+      env:
+        BOLOS_SDK: /opt/nanos-secure-sdk
+    outputs:
+      size: ${{steps.build.outputs.size}}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          submodules: true
+      - name: Build Standard app
+        id: build
+        shell: bash -l {0}
+        run: |
+          make
+          echo "size=$(python3 deps/ledger-zxlib/scripts/getSize.py s)" >> $GITHUB_OUTPUT
+
+  size_nano_s:
+    needs: build_ledger
+    runs-on: ubuntu-latest
+    env:
+      NANOS_LIMIT_SIZE: 136
+    steps:
+      - run: |
+          echo "LNS app size: ${{needs.build_ledger.outputs.size}} KiB"
+          [ ${{needs.build_ledger.outputs.size}} -le $NANOS_LIMIT_SIZE ]
+
+  test_zemu:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Test
+        run: |
+          id
+          echo $HOME
+          echo $DISPLAY
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          submodules: true
+      - run: sudo apt-get update -y && sudo apt-get install -y libusb-1.0.0 libudev-dev
+      - name: Install node
+        uses: actions/setup-node@v3
+      - name: Install yarn
+        run: |
+          npm install -g yarn
+      - name: Build Ledger app
+        run: make
+      - name: Build/Install build js deps
+        run: make zemu_install
+      - name: Run zemu tests
+        run: "cd tests_zemu; yarn test"
+      - name: Upload Snapshots (only failure)
+        if: ${{ failure() }}
+        uses: actions/upload-artifact@v3
+        with:
+          name: snapshots-tmp
+          path: tests_zemu/snapshots-tmp/
+
+  build_package_nanos:
+    needs: [configure, build, build_ledger, test_zemu]
+    if: ${{ github.ref == 'refs/heads/main' }}
+    runs-on: ubuntu-latest
+    container:
+      image: zondax/ledger-app-builder:latest
+      options: --user ${{ needs.configure.outputs.uid_gid }}
+      env:
+        BOLOS_SDK: /opt/nanos-secure-sdk
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          submodules: true
+      - name: Install deps
+        run: pip install ledgerblue
+
+      - name: Build NanoS
+        shell: bash -l {0}
+        run: |
+          make
+          mv ./app/pkg/installer_s.sh ./app/pkg/installer_nanos.sh
+      - name: Set tag
+        id: nanos
+        run: echo "tag_name=$(./app/pkg/installer_nanos.sh version)" >> $GITHUB_OUTPUT
+      - name: Create or Update Release (1)
+        id: create_release_0
+        uses: softprops/action-gh-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
+        with:
+          files: ./app/pkg/installer_nanos.sh
+          tag_name: ${{ steps.nanos.outputs.tag_name }}
+          draft: false
+          prerelease: false
+
+  build_package_nanosp:
+    needs: [configure, build, build_ledger, test_zemu]
+    if: ${{ github.ref == 'refs/heads/main' }}
+    runs-on: ubuntu-latest
+    container:
+      image: zondax/ledger-app-builder:latest
+      options: --user ${{ needs.configure.outputs.uid_gid }}
+      env:
+        BOLOS_SDK: /opt/nanosplus-secure-sdk
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          submodules: true
+      - name: Install deps
+        run: pip install ledgerblue
+
+      - name: Build NanoSP
+        shell: bash -l {0}
+        run: |
+          make
+          mv ./app/pkg/installer_s2.sh ./app/pkg/installer_nanos_plus.sh
+      - name: Set tag
+        id: nanosp
+        run: echo "tag_name=$(./app/pkg/installer_nanos_plus.sh version)" >> $GITHUB_OUTPUT
+      - name: Update Release
+        id: update_release_2
+        uses: softprops/action-gh-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
+        with:
+          files: ./app/pkg/installer_nanos_plus.sh
+          tag_name: ${{ steps.nanosp.outputs.tag_name }}
+          draft: false
+          prerelease: false

.github/workflows/publish.yaml

@@ -0,0 +1,54 @@
+name: "Publish js packages"
+
+on:
+  release:
+    types:
+      - created
+    tags:
+      - "npm_v[0-9]+(\\.[0-9]+)*"
+
+jobs:
+  publish_npm_package:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          submodules: true
+      - name: Install node
+        uses: actions/setup-node@v3
+        with:
+          registry-url: "https://registry.npmjs.org"
+          scope: "@zondax"
+      - name: Install yarn
+        run: npm install -g yarn
+      - name: Build package
+        run: |
+          cd js
+          yarn install
+          yarn build
+      - name: Get latest release version number
+        id: get_version
+        run: |
+          GITHUB_REF=${{ github.ref }}
+          echo "version=${GITHUB_REF##*/}" >> $GITHUB_OUTPUT
+      - name: Show version
+        run: echo ${{ steps.get_version.outputs.version }}
+      - name: Clean latest release version number
+        id: get_version_cleaned
+        uses: bhowell2/github-substring-action@v1
+        with:
+          output_name: version
+          value: ${{ steps.get_version.outputs.version }}
+          index_of_str: "npm_"
+      - name: Update tag
+        run: |
+          cd js
+          echo Publishing as ${{ steps.get_version_cleaned.outputs.version }}
+          npm --allow-same-version --no-git-tag-version version ${{ steps.get_version_cleaned.outputs.version }}
+      - name: Publish package
+        run: |
+          cd js
+          npm publish
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN_PUBLISH_AUTO }}