/ledger-app-flow

Primary LanguageJavaScriptApache License 2.0Apache-2.0

Ledger Flow app

stability-wip License CircleCI

This repository contains:

  • Ledger Nano S/X/SPlus BOLOS app
  • Specs / Documentation
  • C++ unit tests
  • Speculos tests
  • Semi-automatic on-device tests for Nano S/SPlus

ATTENTION

Please:

  • Do not use in production
  • Do not use a Ledger device with funds for development purposes.
  • Have a separate and marked device that is used ONLY for development and testing

Download and install

Once the app is approved by Ledger, it will be available in their app store (Ledger Live). The builds generated by this repository are for development purposes. THESE ARE UNVETTED DEVELOPMENT RELEASES.

Development

Preconditions

  • Be sure you checkout submodules too:

    git submodule update --init --recursive

  • Install Docker CE

  • We only officially support Ubuntu. It should be possible to do app development is other OSs, but compatibility is not always ensured.

In Ubuntu, you should install the following packages:

sudo apt update && apt-get -y install build-essential git wget cmake \
libssl-dev libgmp-dev autoconf libtool

  • Install node > v16.10.0. We typically recommend using n for node version management. (This is used to run emulation tests)

  • Install python 3

  • Install other dependencies running:

    • make deps

  • This project requires Ledger NanoS firmware 2.1 and/pr NanoSPlus firmware 1.0.0rc5

    • The requirements can be modified by changing build container (containerized build) / setting BOLOS_SDK variable (non-containerized build)

Warning: Some IDEs may not use the same python interpreter or virtual enviroment as the one you used when running pip. If you see conan is not found, check that you installed the package in the same interpreter as the one that launches cmake.

How to build ?

There are two possibilities. You may build in a build container or not. Normally, you should use build container. For this you need to have enviroment variable BOLOS_SDK= (that is, empty). If you want to do non-containerized build you se this variable to the directory containing nanos-secure-sdk (but many make targets work only with containerized approach).

We like clion or vscode, however, he we describe reproducible command line steps that can be used anywhere

  • Building the app itself

    If you installed all dependencies (as described above), just run:

    make

    However, you may want to clean up first (e.g. if you switched branches, or target devices)

    make clean

    If you want to build NanoX binaries (do not forget make clean when changing device builds)

    TARGET_DEVICE=NANO_X make

    If you want to build NanoSPlus binaries (do not forget make clean when changing device builds)

    TARGET_DEVICE=NANO_SP make

Loading the app to NanoS device using zxtool

You can use app/pkg/zxtool.sh generated by make command to load the app to ledger (works only for NanoS and NanoSPlus). The file is generated by most recent build so make sure that the build targets the device you want use. For further information about device setup see "Using a real device for integration tests" section

Running tests

Generating transaction test vectors

Transaction test vectors are stored in tests/testvectors.

Transaction sources are stored in the following manifest files:

  • tests/generate-transaction-tests/manifest.mainnet.json
  • tests/generate-transaction-tests/manifest.testnet.json

These manifest files are concadenation of several manifet files created by the flow-core-contracts repository.

To regenerate the test vectors, update the manifest files and run this:

make generate_test_vectors

Running C/C++ tests (x64)

If you installed the what is described above, just run (you may need to run make clean first):

make cpp_test

Running device emulation/integration tests

You can run tests on an emulated Ledger device using Speculos.

todo: update documentation

make speculos_install

Then you can run JS tests. The tests compare against saved snapshots.

make speculos_port_5001_test
make speculos_port_5002_test

Or for NanoX:

TARGET_DEVICE=NANO_X make speculos_port_5001_test
TARGET_DEVICE=NANO_X make speculos_port_5002_test

Or for NanoSPlus:

TARGET_DEVICE=NANO_SP make speculos_port_5001_test
TARGET_DEVICE=NANO_SP make speculos_port_5002_test

If you want to change the snapshots you can set TEST_PNG_RE_GEN_FOR enviroment variable. If you want to change snapshots set TEST_PNG_RE_GEN_FOR=test, otherwise you can set a prefix and tests with that prefix will be re-generated. Dont forget to review generated snapshot.

The 5002 test test sign transaction calls and uses the generated test vectors. Do not forget to regenerate them if you change them. The 5001 tests test all other calls.

Remember to run make if you change the app.

There are also backward compatibility tests, but only for Nano S. They test if JS works well with older versions of the application loaded on leder.

Updating Build container/SDK/Speculos

When updating Build container/SDK/Speculos you want to change SDK parameter in speculos call in deps/ledger-zxlib/dockerized_build.mk

Modifying the transaction list

To modify the list of transaction known by Ledger, do the following:

  1. Add/modify the manifest files in transaction_metadata directory, modify the script to include new files.
  2. Copy the resulting txMerkleTree.js file to js/src. Re-build js and re-install speculos (make speculos_install to include newly build js in speculos tests).
  3. Take the top level hash from txMerkleTree.js and move it to merkleTreeRoot variable of app/src/tx_metadata.c (you need to split the hex into C array of uint8_t's).
  4. Copy the resulting txMerkleTree.js file to test/generate-transaction-tests and regenerate the tests.
  5. You may want to modify the manifest for integration testing to include newly added changes into integration tests. If you do this, you may need to generate and review snapshots both for NanoS and NanoX/S+.

This process will have to change slightly in the future to support backward compatibility of JS. Thus not much automation for now.

Using a real device for integration tests (Nano S and Nano S Plus)

How to prepare your DEVELOPMENT! device:

You can normally use an emulated device for development purposed. This is only required if you are working on some integration that requires a physical device.

Please do not use a Ledger device with funds for development purposes.

Have a separate and marked device that is used ONLY for development and testing

There are a few additional steps that increase reproducibility and simplify development:

1 - Ensure your device works in your OS

2 - Set a test mnemonic

Many of our integration tests expect the device to be configured with a known test mnemonic.

  • Plug your device while pressing the right button

  • Your device will show "Recovery" in the screen

  • Double click

  • Run make dev_init. This will take about 2 minutes. The device will be initialized to:

    PIN: 5555
Mnemonic: equip will roof matter pink blind book anxiety banner elbow sun young

3 - Add a development certificate

  • Plug your device while pressing the right button

  • Your device will show "Recovery" in the screen

  • Click both buttons at the same time

  • Enter your pin if necessary

  • Run make dev_ca. The device will receive a development certificate to avoid constant manual confirmations.

4 - Load the app

  • see below

5 - Run the tests

  • Run make ledger_test / TARGET_DEVICE=NANO_SP make ledger_test and follow the instructions. You might want to comment out some tests.

Note that the tests require clean app state. You can compare screens you see with Speculos snapshots.

Loading the app

The Makefile will build the firmware in a docker container and leave the binary in the correct directory.

  • Build (you might need to `make clean first')

    make                # Builds the app

  • Upload to a device

    The following command will upload the application to the ledger:

    Warning: The application will be deleted before uploading.

    make load          # Builds and loads the app to the device

APDU Specifications