Merge remote-tracking branch 'origin/main' into fix/LDG-599-enable-fl…

…ex-stax-compilation

fuzzing/mocks/ux.c

@@ -1,3 +1,3 @@
 #include "ux.h"
 
-ux_state_t dummy_ux_state; 
+ux_state_t dummy_ux_state;

src/common/getPublicKey.c

@@ -8,6 +8,7 @@
 static keyDerivationPath_t *keyPath = &path;
 static exportPublicKeyContext_t *ctx = &global.exportPublicKeyContext;
 static tx_state_t *tx_state = &global_tx_state;
+static const uint32_t HARDENED_OFFSET = 0x80000000;
 
 void sendPublicKey(bool compare);
 
@@ -86,7 +87,7 @@ void handleGetPublicKey(uint8_t *cdata, uint8_t p1, uint8_t p2, volatile unsigne
     } else {
         // If the key path is of length 5, then it is a request for a governance key.
         // Also it has to be in the governance subtree, which starts with 1.
-        if (keyPath->pathLength == 5) {
+        if (keyPath->pathLength == 5 && keyPath->rawKeyDerivationPath[0] == 1105) {
             if (keyPath->rawKeyDerivationPath[2] != 1) {
                 THROW(ERROR_INVALID_PATH);
             }
@@ -107,12 +108,24 @@ void handleGetPublicKey(uint8_t *cdata, uint8_t p1, uint8_t p2, volatile unsigne
                     THROW(ERROR_INVALID_PATH);
             }
         } else {
-            uint32_t identityIndex = keyPath->rawKeyDerivationPath[4];
-            uint32_t accountIndex = keyPath->rawKeyDerivationPath[6];
-            getIdentityAccountDisplay(ctx->display,
-                                      sizeof(ctx->display),
-                                      identityIndex,
-                                      accountIndex);
+            if (keyPath->rawKeyDerivationPath[0] == 44 ||
+                keyPath->rawKeyDerivationPath[0] == (44 | HARDENED_OFFSET)) {
+                uint32_t identityProviderIndex = keyPath->rawKeyDerivationPath[2];
+                uint32_t identityIndex = keyPath->rawKeyDerivationPath[3];
+                uint32_t accountIndex = keyPath->rawKeyDerivationPath[5];
+                getIdentityAccountDisplayNewPath(ctx->display,
+                                                 sizeof(ctx->display),
+                                                 identityProviderIndex,
+                                                 identityIndex,
+                                                 accountIndex);
+            } else {
+                uint32_t identityIndex = keyPath->rawKeyDerivationPath[4];
+                uint32_t accountIndex = keyPath->rawKeyDerivationPath[6];
+                getIdentityAccountDisplay(ctx->display,
+                                          sizeof(ctx->display),
+                                          identityIndex,
+                                          accountIndex);
+            }
         }
 
         // Display the UI for the public-key flow, where the user can validate that the

src/common/getPublicKey.h

@@ -12,7 +12,7 @@
 void handleGetPublicKey(uint8_t *cdata, uint8_t p1, uint8_t p2, volatile unsigned int *flags);
 
 typedef struct {
-    uint8_t display[14];
+    uint8_t display[21];
     char publicKey[68];
     bool signPublicKey;
 } exportPublicKeyContext_t;

src/common/util.c

@@ -149,6 +149,25 @@ void getIdentityAccountDisplay(uint8_t *dst,
     bin2dec(dst + offset, dstLength - offset, accountIndex);
 }
 
+void getIdentityAccountDisplayNewPath(uint8_t *dst,
+                                      size_t dstLength,
+                                      uint32_t identityProviderIndex,
+                                      uint32_t identityIndex,
+                                      uint32_t accountIndex) {
+    // Convert identityProviderIndex to text and store it in dst
+    int offset = numberToText(dst, dstLength, identityProviderIndex);
+    memmove(dst + offset, "/", 1);
+    offset += 1;
+
+    // Convert identityIndex to text and append it to dst
+    offset += numberToText(dst + offset, dstLength - offset, identityIndex);
+    memmove(dst + offset, "/", 1);
+    offset += 1;
+
+    // Convert accountIndex to text and append it to dst
+    bin2dec(dst + offset, dstLength - offset, accountIndex);
+}
+
 /**
  * Used to validate that an error result code from a Ledger library call
  * is equal CX_OK. If it is not CX_OK, then throw an ERROR_FAILED_CX_OPERATION

src/common/util.h

@@ -22,7 +22,7 @@ static const uint8_t r[32] = {0x73, 0xed, 0xa7, 0x53, 0x29, 0x9d, 0x7d, 0x48, 0x
  * Converts bytes into uint64_t (big endian).
  */
 #define U8BE(buf, off) \
-    (((uint64_t)(U4BE(buf, off)) << 32) | ((uint64_t)(U4BE(buf, off + 4)) & 0xFFFFFFFF))
+    (((uint64_t)(U4BE(buf, off)) << 32) | ((uint64_t) (U4BE(buf, off + 4)) & 0xFFFFFFFF))
 
 /**
  * Send a user rejection back to the caller, which will indicate to
@@ -131,6 +131,21 @@ void getIdentityAccountDisplay(uint8_t *dst,
                                uint32_t identityIndex,
                                uint32_t accountIndex);
 
+/**
+ * Builds a human-readable representation of the identityProvider/identity/account path for the new
+ * path format.
+ * @param dst [out] where to write the identityProvider/identity/account string
+ * @param dstLength length of dst
+ * @param identityProviderIndex index of the identity provider
+ * @param identityIndex index of the identity
+ * @param accountIndex index of the account
+ */
+void getIdentityAccountDisplayNewPath(uint8_t *dst,
+                                      size_t dstLength,
+                                      uint32_t identityProviderIndex,
+                                      uint32_t identityIndex,
+                                      uint32_t accountIndex);
+
 /**
  * Adds the account transaction header and transaction kind to the current
  * transaction hash.

tests/test_pubkey_cmd.py

@@ -83,21 +83,26 @@ def test_get_signed_legacy_public_key_confirm_accepted(
 
 
 # In this test we check that the GET_PUBLIC_KEY works in confirmation mode with signing for governance key
+@pytest.mark.active_test_scope
 def test_get_signed_legacy_governance_public_key_confirm_accepted(
     backend, navigator, firmware, default_screenshot_path, test_name
 ):
     client = BoilerplateCommandSender(backend)
     path = "m/1105/0/1/0/0"
     with client.get_public_key_with_confirmation(path=path, signPublicKey=True):
-        navigate_until_text_and_compare(
-            firmware, navigator, "Approve", default_screenshot_path, test_name
-        )
+        if firmware.is_nano:
+            navigator.navigate_and_compare(
+                default_screenshot_path,
+                test_name,
+                nano_accept_instructions,
+                screen_change_before_first_instruction=False,
+            )
 
     response = client.get_async_response().data
     print("km------------------|response:", response.hex())
     assert (
         response.hex()
-        == "2091fcf639f03a8e1c00ab0837383728c9a105df9d44c293b2436dddd7213bee1c4062cf20d6c17d1971e66808d325ce1fed188b26b0d543de9f25e5a1c5e46d979cbd2ab98bc4213159883837b9fffa67d43dc5bcbc7b694d164feea777abc4a30d"
+        == "91fcf639f03a8e1c00ab0837383728c9a105df9d44c293b2436dddd7213bee1c62cf20d6c17d1971e66808d325ce1fed188b26b0d543de9f25e5a1c5e46d979cbd2ab98bc4213159883837b9fffa67d43dc5bcbc7b694d164feea777abc4a30d"
     )
 
 
@@ -108,34 +113,43 @@ def test_get_legacy_public_key_confirm_accepted_2(
     client = BoilerplateCommandSender(backend)
     path = "m/1105/0/0/0/0/2/0/0"
     with client.get_public_key_with_confirmation(path=path):
-        navigate_until_text_and_compare(
-            firmware, navigator, "Approve", default_screenshot_path, test_name
-        )
+        if firmware.is_nano:
+            navigator.navigate_and_compare(
+                default_screenshot_path,
+                test_name,
+                nano_accept_instructions,
+                screen_change_before_first_instruction=False,
+            )
 
     response = client.get_async_response().data
     print("km------------------|response:", response.hex())
     assert (
         response.hex()
-        == "2087e16c8269270b1c75b930224df456d2927b80c760ffa77e57dbd738f6399492"
+        == "87e16c8269270b1c75b930224df456d2927b80c760ffa77e57dbd738f6399492"
     )
 
 
 # In this test we check that the GET_PUBLIC_KEY works in confirmation mode with signing
+@pytest.mark.active_test_scope
 def test_get_signed_new_public_key_confirm_accepted(
     backend, navigator, firmware, default_screenshot_path, test_name
 ):
     client = BoilerplateCommandSender(backend)
     path = "m/44/919/0/0/0"
     with client.get_public_key_with_confirmation(path=path, signPublicKey=True):
-        navigate_until_text_and_compare(
-            firmware, navigator, "Approve", default_screenshot_path, test_name
-        )
+        if firmware.is_nano:
+            navigator.navigate_and_compare(
+                default_screenshot_path,
+                test_name,
+                nano_accept_instructions,
+                screen_change_before_first_instruction=False,
+            )
 
     response = client.get_async_response().data
     print("km------------------|response:", response.hex())
     assert (
         response.hex()
-        == "20e31d69e500b0f83983fb6080aaa46129cf7c70e27d59b1aae9820b1d03f984024052c415c2552d81fde03a9aef6bba24325711a5924b417d79324f60ef67466a017542c6423387fd0d7679cab784d8178bf15e10eb4cb2eef944d47611682c930c"
+        == "e31d69e500b0f83983fb6080aaa46129cf7c70e27d59b1aae9820b1d03f9840252c415c2552d81fde03a9aef6bba24325711a5924b417d79324f60ef67466a017542c6423387fd0d7679cab784d8178bf15e10eb4cb2eef944d47611682c930c"
     )