fix: ledger builds (#6817)

Description --- Upgraded ledger to now build again on the latest versions of ledger. Made a manual implementation of tari crypto as tari crypto does not support no_std anymore  ## Summary by CodeRabbit - **Chores** - Upgraded the build process to use a newer container image. - Adjusted build settings to streamline dependencies and configuration. - **Refactor** - Revamped cryptographic signing, verification, and error handling for improved reliability. - Updated dependency management for enhanced operational stability in wallet functions. - **New Features** - Introduced domain-separated hashing and commitment mechanisms to bolster key management and overall security. - Added new cryptographic structures and methods for enhanced signature handling and commitment management. - Implemented new hash domains for improved hashing flexibility. - Introduced a new module for managing Schnorr signatures. - Added a new `PedersenCommitment` struct and associated methods for commitment management. - Introduced a `CommitmentAndPublicKeySignature` struct for handling commitment signatures.  --------- Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
tari-project · Feb 27, 2025 · 5b10f76 · 5b10f76
1 parent 64865c1
commit 5b10f76
Show file tree

Hide file tree

Showing 27 changed files with 1,746 additions and 125 deletions.
diff --git a/.github/workflows/build_ledger_wallet.yml b/.github/workflows/build_ledger_wallet.yml
@@ -15,7 +15,7 @@ name: Build minotari_ledger_wallet
 env:
   TS_FILENAME: "minotari_ledger_wallet"
   SHARUN: "shasum --algorithm 256"
-  DOCKER_IMAGE: "ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder:3.43.0 "
+  DOCKER_IMAGE: "ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder:3.51.0 "
 
 concurrency:
   # https://docs.github.com/en/actions/examples/using-concurrency-expressions-and-a-test-matrix

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/applications/minotari_console_wallet/src/automation/error.rs b/applications/minotari_console_wallet/src/automation/error.rs
@@ -95,11 +95,17 @@ pub enum CommandError {
     #[error("gRPC TLS cert error {0}")]
     GrpcTlsError(#[from] GrpcTlsError),
     #[error("Invalid signature: `{0}`")]
-    FailedSignature(#[from] SchnorrSignatureError),
+    FailedSignature(String),
     #[error("Tari script error: {0}")]
     ScriptError(#[from] ScriptError),
 }
 
+impl From<SchnorrSignatureError> for CommandError {
+    fn from(err: SchnorrSignatureError) -> Self {
+        CommandError::FailedSignature(err.to_string())
+    }
+}
+
 impl From<HexError> for CommandError {
     fn from(err: HexError) -> Self {
         CommandError::HexError(err.to_string())

diff --git a/applications/minotari_ledger_wallet/comms/Cargo.toml b/applications/minotari_ledger_wallet/comms/Cargo.toml
@@ -6,20 +6,19 @@ license = "BSD-3-Clause"
 edition = "2021"
 
 [dependencies]
-tari_crypto = { version = "0.22.0", default-features = false }
 tari_utilities = { version = "0.8" }
 tari_common = { path = "../../../common" }
 tari_common_types = { path = "../../../base_layer/common_types" }
 tari_script = { path = "../../../infrastructure/tari_script" }
+tari_crypto = { version = "0.22.0" }
 
 minotari_ledger_wallet_common = { path = "../common" }
 semver = "1.0"
 borsh = "1.5"
 dialoguer = { version = "0.11" }
-ledger-transport = { git = "https://github.com/Zondax/ledger-rs", rev = "20e2a20" }
-ledger-transport-hid = { git = "https://github.com/Zondax/ledger-rs", rev = "20e2a20" }
+ledger-transport = { git = "https://github.com/Zondax/ledger-rs", rev = "4ed4cfdef0ae8b40e8997d849a3262bcf00c7d3c" }
+ledger-transport-hid = { git = "https://github.com/Zondax/ledger-rs", rev = "4ed4cfdef0ae8b40e8997d849a3262bcf00c7d3c" }
 log = "0.4.20"
-once_cell = "1.19.0"
 rand = "0.8"
 serde = { version = "1.0.106", features = ["derive"] }
 thiserror = "1.0.26"
diff --git a/applications/minotari_ledger_wallet/comms/src/accessor_methods.rs b/applications/minotari_ledger_wallet/comms/src/accessor_methods.rs
@@ -20,11 +20,10 @@
 // WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
 // USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-use std::sync::Mutex;
+use std::sync::{LazyLock, Mutex};
 
 use log::debug;
 use minotari_ledger_wallet_common::common_types::{AppSW, Instruction};
-use once_cell::sync::Lazy;
 use rand::{rngs::OsRng, RngCore};
 use semver::Version;
 use tari_common::configuration::Network;
@@ -57,7 +56,7 @@ pub enum ScriptSignatureKey {
 
 /// Verify that the ledger application is working properly.
 pub fn verify_ledger_application() -> Result<(), LedgerDeviceError> {
-    static VERIFIED: Lazy<Mutex<Option<Result<(), LedgerDeviceError>>>> = Lazy::new(|| Mutex::new(None));
+    static VERIFIED: LazyLock<Mutex<Option<Result<(), LedgerDeviceError>>>> = LazyLock::new(|| Mutex::new(None));
     if let Ok(mut verified) = VERIFIED.try_lock() {
         if verified.is_none() {
             match verify() {

diff --git a/applications/minotari_ledger_wallet/comms/src/error.rs b/applications/minotari_ledger_wallet/comms/src/error.rs
@@ -21,7 +21,7 @@
 //  USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 use serde::{Deserialize, Serialize};
-use tari_crypto::tari_utilities::ByteArrayError;
+use tari_utilities::ByteArrayError;
 use thiserror::Error;
 
 /// Ledger device errors.

diff --git a/applications/minotari_ledger_wallet/comms/src/ledger_wallet.rs b/applications/minotari_ledger_wallet/comms/src/ledger_wallet.rs
@@ -20,12 +20,14 @@
 // WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
 // USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-use std::{ops::Deref, sync::Mutex};
+use std::{
+    ops::Deref,
+    sync::{LazyLock, Mutex},
+};
 
 use ledger_transport::{APDUAnswer, APDUCommand};
 use ledger_transport_hid::{hidapi::HidApi, TransportNativeHID};
 use minotari_ledger_wallet_common::common_types::Instruction;
-use once_cell::sync::Lazy;
 use tari_utilities::ByteArray;
 
 use crate::error::LedgerDeviceError;
@@ -60,8 +62,8 @@ impl HidManager {
     }
 }
 
-static HID_MANAGER: Lazy<Mutex<HidManager>> =
-    Lazy::new(|| Mutex::new(HidManager::new().expect("Failed to initialize HidManager")));
+static HID_MANAGER: LazyLock<Mutex<HidManager>> =
+    LazyLock::new(|| Mutex::new(HidManager::new().expect("Failed to initialize HidManager")));
 
 pub fn get_transport() -> Result<TransportNativeHID, LedgerDeviceError> {
     let mut manager = HID_MANAGER

diff --git a/applications/minotari_ledger_wallet/wallet/.cargo/config.toml b/applications/minotari_ledger_wallet/wallet/.cargo/config.toml
@@ -6,7 +6,7 @@ target = "nanosplus"
 
 [unstable]
 avoid-dev-deps = true
-build-std = ["core", "std", "alloc"]
+build-std = ["core", "alloc"]
 build-std-features = ["compiler-builtins-mem"]
 host-config = true
 target-applies-to-host = true

diff --git a/applications/minotari_ledger_wallet/wallet/Cargo.toml b/applications/minotari_ledger_wallet/wallet/Cargo.toml
@@ -6,31 +6,22 @@ license = "BSD-3-Clause"
 edition = "2021"
 
 [dependencies]
-tari_crypto = { version = "0.22.0", default-features = false, features = [
-    "borsh",
-] }
-tari_hashing = { path = "../../../hashing", version = "1.11.5-pre.0" }
 
 minotari_ledger_wallet_common = { path = "../common" }
+tari_utilities = { version = "0.8", default-features = false }
 
 blake2 = { version = "0.10", default-features = false }
 borsh = { version = "1.5", default-features = false }
 digest = { version = "0.10", default-features = false }
-include_gif = "1.0.1"
-ledger_device_sdk = "1.15"
+include_gif = "1.2"
+ledger_device_sdk = "1.21"
 rand_core = { version = "0.6", default_features = false }
 zeroize = { version = "1", default-features = false }
-# We dont directly use or call ledger_secure_sdk_sys, but it is a dependency of ledger_device_sdk,
-# we want to force it to a lower version so that it can run on an older rust version
-ledger_secure_sdk_sys = {version= "=1.5.3"}
-
-# once_cell defined here just to lock the version. Other dependencies may try to go to 1.19 which is incompatabile with
-# ledger at this time. 1.19 removes "atomic-polyfill" and replaces it with "portable-atomic" which can not build due to
-# target mismatches.
-once_cell = { version = "=1.18.0", default-features = false }
+curve25519-dalek = { version = "4", default-features = false, features = [ "alloc", "rand_core", "precomputed-tables", "zeroize"] }
+subtle = { version = "2.5.0", default-features = false }
 
 [package.metadata.cargo-machete]
-ignored = ["once_cell", "ledger_secure_sdk_sys"]
+ignored = []
 
 [profile.release]
 opt-level = 'z'
@@ -61,3 +52,6 @@ icon = "key_32x32.gif"
 icon = "key_40x40.gif"
 
 [workspace]
+
+[lints.rust]
+unexpected_cfgs = { level = "warn", check-cfg = ['cfg(target_os, values("stax", "flex", "nanos", "nanox", "nanosplus"))'] }
diff --git a/applications/minotari_ledger_wallet/wallet/src/handlers/get_dh_shared_secret.rs b/applications/minotari_ledger_wallet/wallet/src/handlers/get_dh_shared_secret.rs
@@ -8,10 +8,11 @@ use ledger_device_sdk::io::Comm;
 use ledger_device_sdk::nbgl::NbglStatus;
 #[cfg(not(any(target_os = "stax", target_os = "flex")))]
 use ledger_device_sdk::ui::gadgets::SingleMessage;
-use tari_crypto::{ristretto::RistrettoPublicKey, tari_utilities::ByteArray};
+use tari_utilities::ByteArray;
 use zeroize::Zeroizing;
 
 use crate::{
+    tari_crypto::keys::RistrettoPublicKey,
     utils::{derive_from_bip32_key, get_key_from_canonical_bytes},
     AppSW,
     KeyType,
@@ -25,6 +26,7 @@ pub fn handler_get_dh_shared_secret(comm: &mut Comm) -> Result<(), AppSW> {
         {
             SingleMessage::new("Invalid data length").show_and_wait();
         }
+
         #[cfg(any(target_os = "stax", target_os = "flex"))]
         {
             NbglStatus::new().text(&"Invalid data length").show(false);