Merge pull request #375 from LedgerHQ/apr/ci/new_cal_test_key

New CAL test key for CI
2022-11-16 18:50:34 +01:00
parent 847a172584 32161b9432
commit 806b811f77
6 changed files with 59 additions and 27 deletions
--- a/.github/workflows/ci-workflow.yml
+++ b/.github/workflows/ci-workflow.yml
@@ -177,13 +177,13 @@ jobs:

      - name: Build test binaries
        run: |
-          make -j BOLOS_SDK=$NANOS_SDK CAL_TESTING_KEY=1
+          make -j BOLOS_SDK=$NANOS_SDK CAL_CI_KEY=1
          mv bin/app.elf app-nanos.elf
          make clean
-          make -j BOLOS_SDK=$NANOX_SDK CAL_TESTING_KEY=1
+          make -j BOLOS_SDK=$NANOX_SDK CAL_CI_KEY=1
          mv bin/app.elf app-nanox.elf
          make clean
-          make -j BOLOS_SDK=$NANOSP_SDK CAL_TESTING_KEY=1
+          make -j BOLOS_SDK=$NANOSP_SDK CAL_CI_KEY=1
          mv bin/app.elf app-nanosp.elf

      - name: Upload app binaries
@@ -270,9 +270,7 @@ jobs:
          sudo apt install -y qemu-user-static

      - name: Run tests
-        env:
-          CAL_SIGNATURE_TEST_KEY: ${{ secrets.CAL_SIGNATURE_TEST_KEY }}
        run: |
          cd tests/ragger
          . ./venv/bin/activate
-          pytest --path ./elfs --model ${{ matrix.model }} -s -v
+          pytest --path ./elfs --model ${{ matrix.model }} -s -v --tb=short
--- a/12
+++ b/12
@@ -147,10 +147,14 @@ ifneq ($(TARGET_NAME),TARGET_NANOS)
 DEFINES	+= HAVE_EIP712_FULL_SUPPORT
 endif

-# CryptoAssetsList testing key
-CAL_TESTING_KEY:=0
-ifneq ($(CAL_TESTING_KEY),0)
-DEFINES += HAVE_CAL_TESTING_KEY
+# CryptoAssetsList key
+CAL_TEST_KEY:=0
+CAL_CI_KEY:=0
+ifneq ($(CAL_TEST_KEY),0)
+DEFINES += HAVE_CAL_TEST_KEY
+endif
+ifneq ($(CAL_CI_KEY),0)
+DEFINES += HAVE_CAL_CI_KEY
 endif

 # Enabling debug PRINTF
--- a/src/tokens.h
+++ b/src/tokens.h
@@ -43,21 +43,31 @@ extern tokenDefinition_t const TOKENS_EXTRA[NUM_TOKENS_EXTRA];

 #ifndef HAVE_TOKENS_LIST

+#if defined(HAVE_CAL_TEST_KEY) && defined(HAVE_CAL_CI_KEY)
+#error "CAL key contradiction, two alternative keys selected at once"
+#endif
+
 static const uint8_t LEDGER_SIGNATURE_PUBLIC_KEY[] = {
-#ifndef HAVE_CAL_TESTING_KEY
-    // production key 2019-01-11 03:07PM (erc20signer)
-    0x04, 0x5e, 0x6c, 0x10, 0x20, 0xc1, 0x4d, 0xc4, 0x64, 0x42, 0xfe, 0x89, 0xf9, 0x7c,
-    0x0b, 0x68, 0xcd, 0xb1, 0x59, 0x76, 0xdc, 0x24, 0xf2, 0x4c, 0x31, 0x6e, 0x7b, 0x30,
-    0xfe, 0x4e, 0x8c, 0xc7, 0x6b, 0x14, 0x89, 0x15, 0x0c, 0x21, 0x51, 0x4e, 0xbf, 0x44,
-    0x0f, 0xf5, 0xde, 0xa5, 0x39, 0x3d, 0x83, 0xde, 0x53, 0x58, 0xcd, 0x09, 0x8f, 0xce,
-    0x8f, 0xd0, 0xf8, 0x1d, 0xaa, 0x94, 0x97, 0x91, 0x83
-#else
+#if defined(HAVE_CAL_TEST_KEY)
    // test key 2019-01-11 03:07PM (erc20signer)
    0x04, 0x20, 0xda, 0x62, 0x00, 0x3c, 0x0c, 0xe0, 0x97, 0xe3, 0x36, 0x44, 0xa1, 0x0f,
    0xe4, 0xc3, 0x04, 0x54, 0x06, 0x9a, 0x44, 0x54, 0xf0, 0xfa, 0x9d, 0x4e, 0x84, 0xf4,
    0x50, 0x91, 0x42, 0x9b, 0x52, 0x20, 0xaf, 0x9e, 0x35, 0xc0, 0xb2, 0xd9, 0x28, 0x93,
    0x80, 0x13, 0x73, 0x07, 0xde, 0x4d, 0xd1, 0xd4, 0x18, 0x42, 0x8c, 0xf2, 0x1a, 0x93,
    0xb3, 0x35, 0x61, 0xbb, 0x09, 0xd8, 0x8f, 0xe5, 0x79
+#elif defined(HAVE_CAL_CI_KEY)
+    0x04, 0x4c, 0xca, 0x8f, 0xad, 0x49, 0x6a, 0xa5, 0x04, 0x0a, 0x00, 0xa7, 0xeb, 0x2f,
+    0x5c, 0xc3, 0xb8, 0x53, 0x76, 0xd8, 0x8b, 0xa1, 0x47, 0xa7, 0xd7, 0x05, 0x4a, 0x99,
+    0xc6, 0x40, 0x56, 0x18, 0x87, 0xfe, 0x17, 0xa0, 0x96, 0xe3, 0x6c, 0x3b, 0x52, 0x3b,
+    0x24, 0x4f, 0x3e, 0x2f, 0xf7, 0xf8, 0x40, 0xae, 0x26, 0xc4, 0xe7, 0x7a, 0xd3, 0xbc,
+    0x73, 0x9a, 0xf5, 0xde, 0x6f, 0x2d, 0x77, 0xa7, 0xb6
+#else
+    // production key 2019-01-11 03:07PM (erc20signer)
+    0x04, 0x5e, 0x6c, 0x10, 0x20, 0xc1, 0x4d, 0xc4, 0x64, 0x42, 0xfe, 0x89, 0xf9, 0x7c,
+    0x0b, 0x68, 0xcd, 0xb1, 0x59, 0x76, 0xdc, 0x24, 0xf2, 0x4c, 0x31, 0x6e, 0x7b, 0x30,
+    0xfe, 0x4e, 0x8c, 0xc7, 0x6b, 0x14, 0x89, 0x15, 0x0c, 0x21, 0x51, 0x4e, 0xbf, 0x44,
+    0x0f, 0xf5, 0xde, 0xa5, 0x39, 0x3d, 0x83, 0xde, 0x53, 0x58, 0xcd, 0x09, 0x8f, 0xce,
+    0x8f, 0xd0, 0xf8, 0x1d, 0xaa, 0x94, 0x97, 0x91, 0x83
 #endif
 };

--- a/tests/ragger/cal/cal.py
+++ b/tests/ragger/cal/cal.py
@@ -0,0 +1,18 @@
+import os
+import hashlib
+from ecdsa.util import sigencode_der
+from ecdsa import SigningKey
+
+_key: SigningKey = None
+
+def _init_key():
+    global _key
+    with open(os.path.dirname(__file__) + "/key.pem") as pem_file:
+        _key = SigningKey.from_pem(pem_file.read(), hashlib.sha256)
+    assert _key != None
+
+def sign(data: bytes) -> bytes:
+    global _key
+    if not _key:
+        _init_key()
+    return _key.sign_deterministic(data, sigencode=sigencode_der)
--- a/tests/ragger/cal/key.pem
+++ b/tests/ragger/cal/key.pem
@@ -0,0 +1,8 @@
+-----BEGIN EC PARAMETERS-----
+BgUrgQQACg==
+-----END EC PARAMETERS-----
+-----BEGIN EC PRIVATE KEY-----
+MHQCAQEEIHoMkoRaNq0neb1TxRBor4WouV8PQqJf02sg4eh768LpoAcGBSuBBAAK
+oUQDQgAETMqPrUlqpQQKAKfrL1zDuFN22IuhR6fXBUqZxkBWGIf+F6CW42w7Ujsk
+Tz4v9/hAribE53rTvHOa9d5vLXentg==
+-----END EC PRIVATE KEY-----
--- a/tests/ragger/eip712/InputData.py
+++ b/tests/ragger/eip712/InputData.py
@@ -1,14 +1,11 @@
 #!/usr/bin/env python3

-import os
 import json
 import sys
 import re
 import hashlib
-from ecdsa import SigningKey
-from ecdsa.util import sigencode_der
 from ethereum_client.client import EthereumClient, EIP712FieldType
-import base64
+from cal import cal

 # global variables
 app_client: EthereumClient = None
@@ -254,7 +251,7 @@ def send_filtering_message_info(display_name: str, filters_count: int):
    for char in display_name:
        to_sign.append(ord(char))

-    sig = sig_ctx["key"].sign_deterministic(to_sign, sigencode=sigencode_der)
+    sig = cal.sign(to_sign)
    app_client.eip712_filtering_message_info(display_name, filters_count, sig)

 # ledgerjs doesn't actually sign anything, and instead uses already pre-computed signatures
@@ -272,7 +269,7 @@ def send_filtering_show_field(display_name):
        to_sign.append(ord(char))
    for char in display_name:
        to_sign.append(ord(char))
-    sig = sig_ctx["key"].sign_deterministic(to_sign, sigencode=sigencode_der)
+    sig = cal.sign(to_sign)
    app_client.eip712_filtering_show_field(display_name, sig)

 def read_filtering_file(domain, message, filtering_file_path):
@@ -299,9 +296,6 @@ def init_signature_context(types, domain):
    global sig_ctx

    handle_optional_domain_values(domain)
-    env_key = os.environ["CAL_SIGNATURE_TEST_KEY"]
-    key = base64.b64decode(env_key).decode() # base 64 string -> decode bytes -> string
-    sig_ctx["key"] = SigningKey.from_pem(key, hashlib.sha256)
    caddr = domain["verifyingContract"]
    if caddr.startswith("0x"):
        caddr = caddr[2:]