Add ledger CI tests

Author: OBorce

.github/workflows/build.yml

@@ -28,14 +28,14 @@ jobs:
       - name: Install rust
         run: curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain $(python3 ./build-tools/cargo-info-extractor/extract.py --rust-version)
       - name: Build
-        run: cargo build --release --locked --features trezor
+        run: cargo build --release --locked --features trezor,ledger
       - name: Run tests
-        run: cargo test --release --workspace --features trezor
+        run: cargo test --release --workspace --features trezor,ledger
       - name: Run doc tests
-        run: cargo test --release --doc --features trezor
+        run: cargo test --release --doc --features trezor,ledger
       # This test is ignored, so it needs to run separately.
       - name: Run mixed_sighash_types test
-        run: cargo test --release mixed_sighash_types --features trezor
+        run: cargo test --release mixed_sighash_types --features trezor,ledger
       # This test is ignored, so it needs to run separately.
       - name: Run test_4opc_sequences test
         run: cargo test --release test_4opc_sequences -- --ignored
@@ -63,14 +63,14 @@ jobs:
       - name: Install rust
         run: curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain $(python3 ./build-tools/cargo-info-extractor/extract.py --rust-version)
       - name: Build
-        run: cargo build --release --locked --features trezor
+        run: cargo build --release --locked --features trezor,ledger
       - name: Run tests
-        run: cargo test --release --workspace --features trezor
+        run: cargo test --release --workspace --features trezor,ledger
       - name: Run doc tests
-        run: cargo test --release --doc --features trezor
+        run: cargo test --release --doc --features trezor,ledger
       # This test is ignored, so it needs to run separately.
       - name: Run mixed_sighash_types test
-        run: cargo test --release mixed_sighash_types --features trezor
+        run: cargo test --release mixed_sighash_types --features trezor,ledger
       # This test is ignored, so it needs to run separately.
       - name: Run test_4opc_sequences test
         run: cargo test --release test_4opc_sequences
@@ -94,14 +94,14 @@ jobs:
       - name: Install rust
         run: curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain $(python3 ./build-tools/cargo-info-extractor/extract.py --rust-version)
       - name: Build
-        run: cargo build --release --locked --features trezor
+        run: cargo build --release --locked --features trezor,ledger
       - name: Run tests
-        run: cargo test --release --workspace --features trezor
+        run: cargo test --release --workspace --features trezor,ledger
       - name: Run doc tests
-        run: cargo test --release --doc --features trezor
+        run: cargo test --release --doc --features trezor,ledger
       # This test is ignored, so it needs to run separately.
       - name: Run mixed_sighash_types test
-        run: cargo test --release mixed_sighash_types --features trezor
+        run: cargo test --release mixed_sighash_types --features trezor,ledger
       # This test is ignored, so it needs to run separately.
       - name: Run test_4opc_sequences test
         run: cargo test --release test_4opc_sequences
@@ -236,3 +236,82 @@ jobs:
           "
         working-directory: ./mintlayer-trezor-firmware
         timeout-minutes: 10
+
+  # Build Ledger-specific tests and archive them
+  run_tests_on_ledger_preparation:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout the core repository
+        uses: actions/checkout@v4
+        with:
+          submodules: recursive
+          path: ./mintlayer-core
+      - name: Update local dependency repositories
+        run: sudo apt-get update
+      - name: Install build dependencies
+        run: sudo apt-get install -yqq --no-install-recommends build-essential pkg-config libdbus-1-dev libusb-1.0-0-dev
+      - name: Install rust
+        run: curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
+      - name: Install cargo-nextest
+        uses: taiki-e/install-action@nextest
+      - name: Build and archive the tests
+        run: cargo nextest archive --release --locked -p wallet --features enable-ledger-device-tests --archive-file ledger-tests.tar.zst
+        working-directory: ./mintlayer-core
+      - name: Upload archived tests
+        uses: actions/upload-artifact@v4
+        with:
+          name: archived-ledger-tests
+          path: ./mintlayer-core/ledger-tests.tar.zst
+          retention-days: 1
+
+  # Run Ledger-specific tests on an emulator
+  run_tests_on_ledger:
+    needs: run_tests_on_ledger_preparation
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout the core repository
+        uses: actions/checkout@v4
+        with:
+          submodules: recursive
+          path: ./mintlayer-core
+      - name: Checkout mintlayer-ledger-app repository
+        uses: actions/checkout@v4
+        with:
+          repository: mintlayer/mintlayer-ledger-app
+          ref: feature/mintlayer-app
+          path: ./mintlayer-ledger-app
+      - name: Download archived tests
+        uses: actions/download-artifact@v4
+        with:
+          name: archived-ledger-tests
+          path: ./mintlayer-core
+      - name: Install cargo-nextest
+        uses: taiki-e/install-action@nextest
+      - name: Build Ledger app in container
+        run: |
+          sudo docker run --rm \
+            -v "$(realpath ./mintlayer-ledger-app):/app" \
+            ghcr.io/ledgerhq/ledger-app-builder/ledger-app-dev-tools:latest \
+            sh -c 'cd /app && cargo ledger build nanosplus'
+      - name: Run Ledger emulator and execute tests
+        run: |
+          set -e
+
+          sudo docker run -d --rm --name ledger-emulator \
+            -v "$(realpath ./mintlayer-ledger-app):/app" \
+            --publish 5001:5001 --publish 9999:9999 \
+            ghcr.io/ledgerhq/ledger-app-builder/ledger-app-dev-tools:latest \
+            sh -c 'cd /app && speculos --apdu-port 9999 --api-port 5001 --display headless --model nanosp -s "abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon about"  target/nanosplus/release/mintlayer-app'
+
+          echo "--- Waiting for emulator to initialize ---"
+          sleep 15
+
+          # Set up a trap to ensure the container is stopped even if tests fail or the job is cancelled
+          trap "echo '--- Dumping Ledger emulator logs ---'; sudo docker logs ledger-emulator; echo '--- Stopping Ledger emulator ---'; sudo docker stop ledger-emulator" EXIT
+
+          echo "--- Running Ledger device tests on the host ---"
+          cd ./mintlayer-core
+          cargo-nextest nextest run --archive-file ledger-tests.tar.zst -j1 ledger_signer || test_exit_code=$?
+
+          exit $test_exit_code
+        timeout-minutes: 15

Cargo.lock

@@ -273,7 +273,7 @@ rev = "510bb3ca30639af4bdb12a918b6bbbdb75fa5f52"
 [workspace.dependencies.mintlayer-ledger-messages]
 git = "https://github.com/mintlayer/mintlayer-ledger-app"
 # The commit "Fix comments"
-rev = "2fa1c33e536f94ba3cac94b97054902674580686"
+rev = "78bd2e2514be3a6db83e7493eaaa03c40acc5409"
 package = "messages"
 
 [workspace.dependencies.trezor-client]

Cargo.toml

@@ -22,36 +22,28 @@ use common::{
 };
 use crypto::key::{
     extended::ExtendedPublicKey,
-    hdkd::{
-        chain_code::{ChainCode, CHAINCODE_LENGTH},
-        derivation_path::DerivationPath,
-    },
+    hdkd::{chain_code::ChainCode, derivation_path::DerivationPath},
     secp256k1::{extended_keys::Secp256k1ExtendedPublicKey, Secp256k1PublicKey},
 };
-use serialization::{Decode, DecodeAll, Encode};
+use serialization::Encode;
 use utils::ensure;
 use wallet_types::hw_data::LedgerFullInfo;
 
 use ledger_lib::Exchange;
 use mintlayer_ledger_messages::{
     decode_all as ledger_decode_all, encode as ledger_encode, AddrType, Amount as LAmount,
-    Bip32Path as LedgerBip32Path, CoinType, InputAdditionalInfoReq, Ins,
-    OutputValue as LOutputValue, P1SignTx, PubKeyP1, PublicKeyReq, SignMessageReq, SignTxReq,
-    TxInput as LTxInput, TxInputReq, TxMetadataReq, TxOutput as LTxOutput, TxOutputReq, APDU_CLASS,
-    H256 as LH256, P1_APP_NAME, P1_GET_VERSION, P1_SIGN_NEXT, P1_SIGN_START, P2_DONE, P2_SIGN_MORE,
+    Bip32Path as LedgerBip32Path, CoinType, GetPublicKeyRespones, GetVersionRespones,
+    InputAdditionalInfoReq, Ins, MsgSignature, OutputValue as LOutputValue, P1SignTx, PubKeyP1,
+    PublicKeyReq, SignMessageReq, SignTxReq, Signature as LedgerSignature, TxInput as LTxInput,
+    TxInputReq, TxMetadataReq, TxOutput as LTxOutput, TxOutputReq, APDU_CLASS, H256 as LH256,
+    P1_APP_NAME, P1_GET_VERSION, P1_SIGN_NEXT, P1_SIGN_START, P2_DONE, P2_SIGN_MORE,
 };
 
 const MAX_ADPU_LEN: usize = (u8::MAX - 5) as usize; // 4 bytes for the header + 1 for len
 const TIMEOUT_DUR: Duration = Duration::from_secs(100);
 const OK_RESPONSE: u16 = 0x9000;
 const TX_VERSION: u8 = 1;
 
-#[derive(Decode)]
-pub struct LedgerSignature {
-    pub signature: [u8; 64],
-    pub multisig_idx: Option<u32>,
-}
-
 struct SignatureResult {
     sig: LedgerSignature,
     input_idx: usize,
@@ -129,10 +121,9 @@ pub async fn sign_challenge<L: Exchange>(
 
     let resp = send_chunked(ledger, Ins::SIGN_MSG, P1_SIGN_NEXT, message).await?;
 
-    let sig_len = *resp.first().ok_or(LedgerError::InvalidResponse)? as usize;
-    let sig = resp.as_slice().get(1..1 + sig_len).ok_or(LedgerError::InvalidResponse)?;
+    let sig: MsgSignature = ledger_decode_all(&resp).ok_or(LedgerError::InvalidResponse)?;
 
-    Ok(sig.to_vec())
+    Ok(sig.signature.to_vec())
 }
 
 pub async fn get_app_name<L: Exchange>(ledger: &mut L) -> Result<Vec<u8>, ledger_lib::Error> {
@@ -161,13 +152,12 @@ pub async fn check_current_app<L: Exchange>(ledger: &mut L) -> SignerResult<Ledg
         .await
         .map_err(|err| LedgerError::DeviceError(err.to_string()))?;
     let ver = ok_response(resp)?;
-    let app_version = match ver.as_slice() {
-        [major, minor, patch] => common::primitives::semver::SemVer {
-            major: *major,
-            minor: *minor,
-            patch: *patch as u16,
-        },
-        _ => return Err(SignerError::LedgerError(LedgerError::InvalidResponse)),
+    let app_version_resp: GetVersionRespones =
+        ledger_decode_all(&ver).ok_or(LedgerError::InvalidResponse)?;
+    let app_version = common::primitives::semver::SemVer {
+        major: app_version_resp.major,
+        minor: app_version_resp.minor,
+        patch: app_version_resp.patch as u16,
     };
 
     Ok(LedgerFullInfo { app_version })
@@ -191,20 +181,13 @@ pub async fn get_extended_public_key<L: Exchange>(
     )
     .await?;
 
-    let pk_len = *resp.first().ok_or(LedgerError::InvalidResponse)? as usize;
-    let public_key = resp.as_slice().get(1..1 + pk_len).ok_or(LedgerError::InvalidResponse)?;
-    let chain_code_len = *resp.get(1 + pk_len).ok_or(LedgerError::InvalidResponse)? as usize;
-    let chain_code: [_; CHAINCODE_LENGTH] = resp
-        .as_slice()
-        .get(2 + pk_len..2 + pk_len + chain_code_len)
-        .ok_or(LedgerError::InvalidResponse)?
-        .try_into()
-        .map_err(|_| LedgerError::InvalidKey)?;
+    let resp: GetPublicKeyRespones =
+        ledger_decode_all(&resp).ok_or(LedgerError::InvalidResponse)?;
 
     let extended_public_key = Secp256k1ExtendedPublicKey::new_unchecked(
         derivation_path,
-        ChainCode::from(chain_code),
-        Secp256k1PublicKey::from_bytes(public_key).map_err(|_| LedgerError::InvalidKey)?,
+        ChainCode::from(resp.chain_code),
+        Secp256k1PublicKey::from_bytes(&resp.public_key).map_err(|_| LedgerError::InvalidKey)?,
     );
 
     Ok(ExtendedPublicKey::new(extended_public_key))
@@ -286,8 +269,8 @@ fn decode_signature_response(resp: &[u8]) -> Result<SignatureResult, LedgerError
     let input_idx = *resp.first().ok_or(LedgerError::InvalidResponse)? as usize;
     let has_more_signatures = *resp.last().ok_or(LedgerError::InvalidResponse)? == P2_SIGN_MORE;
 
-    let sig = LedgerSignature::decode_all(&mut &resp[..resp.len() - 1][1..])
-        .map_err(|_| LedgerError::InvalidResponse)?;
+    let sig: LedgerSignature =
+        ledger_decode_all(&resp[..resp.len() - 1][1..]).ok_or(LedgerError::InvalidResponse)?;
 
     Ok(SignatureResult {
         sig,

wallet/src/signer/ledger_signer/ledger_messages.rs

@@ -23,7 +23,6 @@ use crate::{
         ledger_signer::ledger_messages::{
             check_current_app, get_app_name, get_extended_public_key, sign_challenge, sign_tx,
             to_ledger_amount, to_ledger_output_value, to_ledger_tx_input, to_ledger_tx_output,
-            LedgerSignature,
         },
         utils::{is_htlc_utxo, produce_uniparty_signature_for_input},
         Signer, SignerError, SignerProvider, SignerResult,
@@ -81,7 +80,8 @@ use itertools::{izip, Itertools};
 use ledger_lib::{Exchange, Filters, LedgerHandle, LedgerProvider, Transport};
 use mintlayer_ledger_messages::{
     AddrType, Bip32Path as LedgerBip32Path, CoinType, InputAdditionalInfoReq,
-    InputAddressPath as LedgerInputAddressPath, TxInputReq, TxOutputReq,
+    InputAddressPath as LedgerInputAddressPath, Signature as LedgerSignature, TxInputReq,
+    TxOutputReq,
 };
 use randomness::make_true_rng;
 use tokio::sync::Mutex;
@@ -669,8 +669,8 @@ where
                         (Some(destination), None) => {
                             let standalone = match standalone_inputs.get(&(input_index as u32)).map(|x| x.as_slice()) {
                                 Some([standalone]) => standalone,
+                                Some([]) | None => return Ok((None, SignatureStatus::NotSigned, SignatureStatus::NotSigned)),
                                 Some(_) => return Err(LedgerError::MultisigSignatureReturned.into()),
-                                None => return Ok((None, SignatureStatus::NotSigned, SignatureStatus::NotSigned))
                             };
 
                             let sig = produce_uniparty_signature_for_input(