Merge pull request #1 from coti-io/master

Adding message data

.clang-format

@@ -1,14 +1,14 @@
 ---
-Language:        Cpp
+Language: Cpp
 # BasedOnStyle:  Microsoft
 AccessModifierOffset: -2
 AlignAfterOpenBracket: Align
-AlignConsecutiveMacros: false
-AlignConsecutiveAssignments: false
-AlignConsecutiveBitFields: false
-AlignConsecutiveDeclarations: false
+AlignConsecutiveMacros: None
+AlignConsecutiveAssignments: None
+AlignConsecutiveBitFields: None
+AlignConsecutiveDeclarations: None
 AlignEscapedNewlines: Right
-AlignOperands:   Align
+AlignOperands: Align
 AlignTrailingComments: true
 AllowAllArgumentsOnNextLine: true
 AllowAllConstructorInitializersOnNextLine: true
@@ -27,21 +27,21 @@ AlwaysBreakTemplateDeclarations: MultiLine
 BinPackArguments: true
 BinPackParameters: true
 BraceWrapping:
-  AfterCaseLabel:  true
-  AfterClass:      true
+  AfterCaseLabel: true
+  AfterClass: true
   AfterControlStatement: Always
-  AfterEnum:       true
-  AfterFunction:   true
-  AfterNamespace:  true
+  AfterEnum: true
+  AfterFunction: true
+  AfterNamespace: true
   AfterObjCDeclaration: true
-  AfterStruct:     true
-  AfterUnion:      true
+  AfterStruct: true
+  AfterUnion: true
   AfterExternBlock: true
-  BeforeCatch:     true
-  BeforeElse:      true
+  BeforeCatch: true
+  BeforeElse: true
   BeforeLambdaBody: false
-  BeforeWhile:     false
-  IndentBraces:    false
+  BeforeWhile: false
+  IndentBraces: false
   SplitEmptyFunction: true
   SplitEmptyRecord: true
   SplitEmptyNamespace: true
@@ -54,48 +54,48 @@ BreakConstructorInitializersBeforeComma: false
 BreakConstructorInitializers: BeforeColon
 BreakAfterJavaFieldAnnotations: false
 BreakStringLiterals: true
-ColumnLimit:     150
-CommentPragmas:  '^ IWYU pragma:'
+ColumnLimit: 150
+CommentPragmas: '^ IWYU pragma:'
 CompactNamespaces: false
 ConstructorInitializerAllOnOneLineOrOnePerLine: false
 ConstructorInitializerIndentWidth: 4
 ContinuationIndentWidth: 4
 Cpp11BracedListStyle: true
 DeriveLineEnding: true
 DerivePointerAlignment: false
-DisableFormat:   false
+DisableFormat: false
 ExperimentalAutoDetectBinPacking: false
 FixNamespaceComments: true
 ForEachMacros:
   - foreach
   - Q_FOREACH
   - BOOST_FOREACH
-IncludeBlocks:   Preserve
+IncludeBlocks: Preserve
 IncludeCategories:
-  - Regex:           '^"(llvm|llvm-c|clang|clang-c)/'
-    Priority:        2
-    SortPriority:    0
-  - Regex:           '^(<|"(gtest|gmock|isl|json)/)'
-    Priority:        3
-    SortPriority:    0
-  - Regex:           '.*'
-    Priority:        1
-    SortPriority:    0
+  - Regex: '^"(llvm|llvm-c|clang|clang-c)/'
+    Priority: 2
+    SortPriority: 0
+  - Regex: '^(<|"(gtest|gmock|isl|json)/)'
+    Priority: 3
+    SortPriority: 0
+  - Regex: '.*'
+    Priority: 1
+    SortPriority: 0
 IncludeIsMainRegex: '(Test)?$'
 IncludeIsMainSourceRegex: ''
 IndentCaseLabels: false
 IndentCaseBlocks: false
 IndentGotoLabels: true
 IndentPPDirectives: None
 IndentExternBlock: AfterExternBlock
-IndentWidth:     4
+IndentWidth: 4
 IndentWrappedFunctionNames: false
 InsertTrailingCommas: None
 JavaScriptQuotes: Leave
 JavaScriptWrapImports: true
 KeepEmptyLinesAtTheStartOfBlocks: true
 MacroBlockBegin: ''
-MacroBlockEnd:   ''
+MacroBlockEnd: ''
 MaxEmptyLinesToKeep: 1
 NamespaceIndentation: None
 ObjCBinPackProtocolList: Auto
@@ -112,8 +112,8 @@ PenaltyBreakTemplateDeclaration: 10
 PenaltyExcessCharacter: 1000000
 PenaltyReturnTypeOnItsOwnLine: 1000
 PointerAlignment: Right
-ReflowComments:  true
-SortIncludes:    false
+ReflowComments: true
+SortIncludes: Never
 SortUsingDeclarations: true
 SpaceAfterCStyleCast: false
 SpaceAfterLogicalNot: false
@@ -127,20 +127,20 @@ SpaceBeforeRangeBasedForLoopColon: true
 SpaceInEmptyBlock: false
 SpaceInEmptyParentheses: false
 SpacesBeforeTrailingComments: 1
-SpacesInAngles:  false
+SpacesInAngles: false
 SpacesInConditionalStatement: false
 SpacesInContainerLiterals: true
 SpacesInCStyleCastParentheses: false
 SpacesInParentheses: false
 SpacesInSquareBrackets: false
 SpaceBeforeSquareBrackets: false
-Standard:        Latest
+Standard: Latest
 StatementMacros:
   - Q_UNUSED
   - QT_REQUIRE_VERSION
-TabWidth:        4
-UseCRLF:         false
-UseTab:          Never
+TabWidth: 4
+UseCRLF: false
+UseTab: Never
 WhitespaceSensitiveMacros:
   - STRINGIZE
   - PP_STRINGIZE

.github/workflows/ci-workflow.yml

@@ -0,0 +1,65 @@
+name: Coti Ledger Compilation & tests
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - master
+
+jobs:
+  nano_build:
+    name: Build Coti Ledger application for NanoS, X and S+
+    strategy:
+      matrix:
+        include:
+          - SDK: "$NANOS_SDK"
+            SDK_VERSION: "$NANOS_SDK_VERSION"
+            SDK_NAME: NANOS
+            ARTIFACT: coti-ledger-app-nanoS
+          - SDK: "$NANOX_SDK"
+            SDK_VERSION: "$NANOX_SDK_VERSION"
+            SDK_NAME: NANOX
+            ARTIFACT: coti-ledger-app-nanoX
+          - SDK: "$NANOSP_SDK"
+            SDK_VERSION: "$NANOSP_SDK_VERSION"
+            SDK_NAME: NANOS+
+            ARTIFACT: coti-ledger-app-nanoSP
+    runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/coti-io/coti-ledger-app-builder:latest
+
+    steps:
+      - name: Clone
+        uses: actions/checkout@v2
+      - name: Build ${{ matrix.SDK_NAME }} app
+        run: |
+          cd app
+          make BOLOS_SDK=${{ matrix.SDK }}
+      - name: Generate app binary name
+        id: generate-name
+        run: echo "::set-output name=BINARY_NAME::${{ matrix.ARTIFACT }}-${{ matrix.SDK_VERSION }}"
+      - name: Upload app binary
+        uses: actions/upload-artifact@v2
+        with:
+          name: ${{ steps.generate-name.outputs.BINARY_NAME }}
+          path: app/bin
+
+  job_scan_build:
+    name: Clang Static Analyzer
+    runs-on: ubuntu-latest
+
+    container:
+      image: ghcr.io/coti-io/coti-ledger-app-builder:latest
+
+    steps:
+      - uses: actions/checkout@v2
+      - name: Build with Clang Static Analyzer
+        run: |
+          cd app
+          make clean
+          scan-build --use-cc=clang -analyze-headers -enable-checker security -enable-checker unix -enable-checker valist -o scan-build --status-bugs make default
+      - uses: actions/upload-artifact@v2
+        if: failure()
+        with:
+          name: scan-build
+          path: scan-build

.github/workflows/publish.yml

@@ -0,0 +1,27 @@
+# Build the docker image and push it to GitHub Packages
+
+name: Coti Ledger App Builder Publisher
+
+on: [workflow_dispatch]
+
+jobs:
+  build:
+    name: Build and push coti-ledger-app-builder image
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+
+    steps:
+      - name: Clone
+        uses: actions/checkout@v2
+
+      - name: Build and push coti-ledger-app-builder to GitHub Packages
+        uses: docker/build-push-action@v1
+        with:
+          dockerfile: Dockerfile
+          repository: coti-io/coti-ledger-app-builder
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+          tag_with_sha: true
+          tags: latest

.gitignore

@@ -1,3 +1,4 @@
 .idea
 .vscode
 .DS_Store
+cmake-build-*

CMakeLists.txt

@@ -0,0 +1,19 @@
+cmake_minimum_required(VERSION 3.21)
+project(coti-ledger-app)
+
+set(CMAKE_C_STANDARD 11)
+
+set(APP_DOMAIN ./app/src/)
+set(BOLOS_SDK_INCLUDE ../nanos-sdk/include ../nanos-sdk/lib_2uf/include ../nanos-sdk/lib_ux/include ../nanos-sdk/lib_u2f/include ../nanos-sdk/lib_cxng/include)
+
+include_directories(${APP_DOMAIN})
+include_directories(${BOLOS_SDK_INCLUDE})
+
+add_compile_definitions(OS_IO_SEPROXYHAL HAVE_BAGL HAVE_PRINTF HAVE_SPRINTF HAVE_UX_FLOW HAVE_USB_APDU HAVE_IO_USB HAVE_L4_USBLIB IO_USB_MAX_ENDPOINTS=6 IO_HID_EP_LENGTH=64 HAVE_USB_APDU)
+add_compile_definitions(HAVE_ECC HAVE_SHA3 HAVE_U2F HAVE_IO_U2F HAVE_ECC_WEIERSTRASS HAVE_SECP256K1_CURVE HAVE_HASH HAVE_ECDSA U2F_PROXY_MAGIC=\"COTI\" USB_SEGMENT_SIZE=64 BLE_SEGMENT_SIZE=32)
+add_compile_definitions(HAVE_WEBUSB WEBUSB_URL_SIZE_B=0 WEBUSB_URL="" PRINTF=screen_printf IO_SEPROXYHAL_BUFFER_SIZE_B=300 APPVERSION)
+
+file(GLOB_RECURSE APP_SRC "./app/src/**")
+file(GLOB_RECURSE BOLOS_SDK_SRC "../nanos-sdk/**")
+add_executable(coti-ledger-app ${BOLOS_SDK_SRC} ${APP_SRC})
+

Dockerfile

@@ -1,41 +1,82 @@
-FROM python:3.8-slim
+FROM ubuntu:20.04
 ENV LANG C.UTF-8
 
+ARG DEBIAN_FRONTEND=noninteractive
+
+ARG LLVM_VERSION=12
+
 RUN apt-get update && apt-get upgrade -qy && \
     apt-get install -qy \
-    clang \
-    gcc-multilib \
-    gcc-arm-none-eabi \
-    libc6-dev-armhf-cross \
-    cmake \
-    git \
-    libudev-dev \
-    libusb-1.0-0-dev \
-    python3-pip \
-    wget \
-    gettext-base && \
+        clang-$LLVM_VERSION \
+        clang-tools-$LLVM_VERSION \
+        clang-format-$LLVM_VERSION \
+        cmake \
+        curl \
+        doxygen \
+        git \
+        lcov \
+        libbsd-dev \
+        libcmocka0 \
+        libcmocka-dev \
+        lld-$LLVM_VERSION \
+        make \
+        protobuf-compiler \
+        python-is-python3 \
+        python3 \
+        python3-pip \
+        gettext-base && \
+    apt-get autoclean -y && \
+    apt-get autoremove -y && \
     apt-get clean
 
+# Create generic clang & lld symbolic links to their installed version
+RUN cd /usr/bin && \
+    find . -name "*-"$LLVM_VERSION | sed "s/^\(.*\)\(-"$LLVM_VERSION"\)$/ln -s \1\2 \1/" | sh
+
+# ARM Embedded Toolchain
+# Integrity is checked using the MD5 checksum provided by ARM at https://developer.arm.com/tools-and-software/open-source-software/developer-tools/gnu-toolchain/gnu-rm/downloads
+RUN curl -sSfL -o arm-toolchain.tar.bz2 "https://armkeil.blob.core.windows.net/developer/Files/downloads/gnu-rm/10.3-2021.10/gcc-arm-none-eabi-10.3-2021.10-x86_64-linux.tar.bz2" && \
+    echo 2383e4eb4ea23f248d33adc70dc3227e arm-toolchain.tar.bz2 > /tmp/arm-toolchain.md5 && \
+    md5sum --check /tmp/arm-toolchain.md5 && rm /tmp/arm-toolchain.md5 && \
+    tar xf arm-toolchain.tar.bz2 -C /opt && \
+    rm arm-toolchain.tar.bz2
+
+# Adding GCC to PATH and defining rustup/cargo home directories
+ENV PATH=/opt/gcc-arm-none-eabi-10.3-2021.10/bin:$PATH \
+    RUSTUP_HOME=/opt/rustup \
+    CARGO_HOME=/opt/.cargo
+
+# Install rustup to manage rust toolchains
+RUN curl https://sh.rustup.rs -sSf | \
+    sh -s -- --default-toolchain stable -y
+
+# Adding cargo binaries to PATH
+ENV PATH=${CARGO_HOME}/bin:${PATH}
+
+# Adding ARMV6M target to the default toolchain
+RUN rustup target add thumbv6m-none-eabi
+
+# Python packages commonly used by apps
 RUN pip3 install ledgerblue pytest
 
-# CMocka
-RUN \
-    echo f0ccd8242d55e2fd74b16ba518359151f6f8383ff8aef4976e48393f77bba8b6 cmocka-1.1.5.tar.xz >> SHA256SUMS && \
-    wget https://cmocka.org/files/1.1/cmocka-1.1.5.tar.xz && \
-    sha256sum --check SHA256SUMS && \
-    mkdir cmocka && \
-    tar xf cmocka-1.1.5.tar.xz && \
-    cd cmocka && \
-    cmake ../cmocka-1.1.5 -DBUILD_SHARED_LIBS=OFF -DWITH_EXAMPLES=OFF -DCMAKE_C_COMPILER=arm-none-eabi-gcc -DCMAKE_C_FLAGS="--specs=nosys.specs" -DWITH_STATIC_LIB=true -DCMAKE_INSTALL_PREFIX=/install && \
-    make install && \
-    cd .. && \
-    rm -rf cmoka/ cmocka-1.1.5/ cmocka-1.1.5.tar.xz SHA256SUMS
+# Latest Nano S SDK
+ENV NANOS_SDK=/opt/nanos-secure-sdk
+ENV NANOS_SDK_VERSION=2.1.0
+RUN git clone --branch ${NANOS_SDK_VERSION} --depth 1 https://github.com/LedgerHQ/nanos-secure-sdk.git "${NANOS_SDK}"
+
+# Latest Nano X SDK
+ENV NANOX_SDK=/opt/nanox-secure-sdk
+ENV NANOX_SDK_VERSION=2.0.2-2
+RUN git clone --branch ${NANOX_SDK_VERSION} --depth 1 https://github.com/LedgerHQ/nanox-secure-sdk.git "${NANOX_SDK}"
 
-# Nano S SDK
-RUN git clone --branch 2.0.0-1 https://github.com/LedgerHQ/nanos-secure-sdk.git sdk
+# Latest Nano S+ SDK
+ENV NANOSP_SDK=/opt/nanosplus-secure-sdk
+ENV NANOSP_SDK_VERSION=1.0.3
+RUN git clone --branch ${NANOSP_SDK_VERSION} --depth 1 https://github.com/LedgerHQ/nanosplus-secure-sdk.git "${NANOSP_SDK}"
 
-ENV BOLOS_SDK=/sdk
+# Default SDK
+ENV BOLOS_SDK=${NANOS_SDK}
 
 WORKDIR /coti
 
-CMD ["/bin/bash"]
+CMD ["/usr/bin/env", "bash"]