Version 5.1.0 release

.github/workflows/coverage.yml

@@ -34,7 +34,7 @@ jobs:
         run: |
           aws s3 sync \
             middleware/coverage/ \
-            s3://${{ secrets.CODECOVERAGE_S3_BUCKET }}/powhsm_5.0.x/middleware_coverage_report \
+            s3://${{ secrets.CODECOVERAGE_S3_BUCKET }}/powhsm_5.1.x/middleware_coverage_report \
             --sse aws:kms --sse-kms-key-id ${{ secrets.CODECOVERAGE_KMS_KEY_ID }} \
             --no-progress --follow-symlinks --delete --only-show-errors
 
@@ -49,7 +49,7 @@ jobs:
         run: |
           aws s3 sync \
             firmware/coverage/output/ \
-            s3://${{ secrets.CODECOVERAGE_S3_BUCKET }}/powhsm_5.0.x/firmware_coverage_report \
+            s3://${{ secrets.CODECOVERAGE_S3_BUCKET }}/powhsm_5.1.x/firmware_coverage_report \
             --sse aws:kms --sse-kms-key-id ${{ secrets.CODECOVERAGE_KMS_KEY_ID }} \
             --no-progress --follow-symlinks --delete --only-show-errors
 

CHANGELOG.md

@@ -1,5 +1,19 @@
 # Changelog
 
+## [5.1.0] - 01/07/2024
+
+### Features/enhancements
+
+- Decoupled business and hardware layers in preparation for multiple platforms
+- Upgraded Python to version 3.12
+- Upgraded Python dependencies
+
+### Fixes
+
+- Removed unnecessary requirements file for middleware docker image
+- Fixed post-upgrade failing middleware docker image build
+- Incidentally bumped idna, pillow to address dependabot findings
+
 ## [5.0.0] - 09/04/2024
 
 ### Features/enhancements

README.md

@@ -3,8 +3,8 @@
 ![Tests](https://github.com/rsksmart/rsk-powhsm/actions/workflows/run-tests.yml/badge.svg)
 ![Python linter](https://github.com/rsksmart/rsk-powhsm/actions/workflows/lint-python.yml/badge.svg)
 ![C linter](https://github.com/rsksmart/rsk-powhsm/actions/workflows/lint-c.yml/badge.svg)
-[![Middleware coverage](https://img.shields.io/endpoint?url=https://d16sboe9lzo4ru.cloudfront.net/powhsm_5.0.x/middleware_coverage_report/badge.json)](https://d16sboe9lzo4ru.cloudfront.net/powhsm_5.0.x/middleware_coverage_report/index.html)
-[![Firmware coverage](https://img.shields.io/endpoint?url=https://d16sboe9lzo4ru.cloudfront.net/powhsm_5.0.x/firmware_coverage_report/badge.json)](https://d16sboe9lzo4ru.cloudfront.net/powhsm_5.0.x/firmware_coverage_report/index.html)
+[![Middleware coverage](https://img.shields.io/endpoint?url=https://d16sboe9lzo4ru.cloudfront.net/powhsm_5.1.x/middleware_coverage_report/badge.json)](https://d16sboe9lzo4ru.cloudfront.net/powhsm_5.1.x/middleware_coverage_report/index.html)
+[![Firmware coverage](https://img.shields.io/endpoint?url=https://d16sboe9lzo4ru.cloudfront.net/powhsm_5.1.x/firmware_coverage_report/badge.json)](https://d16sboe9lzo4ru.cloudfront.net/powhsm_5.1.x/firmware_coverage_report/index.html)
 
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](./LICENSE)
 

docs/attestation.md

@@ -52,7 +52,7 @@ Before diving into the UI attestation, it is important to recall a few relevant
 
 To generate the attestation, the UI uses the configured attestation scheme to sign a message generated by the concatenation of:
 
-- A predefined header (`HSM:UI:5.0`).
+- A predefined header (`HSM:UI:5.1`).
 - A 32 byte user-defined value. By default, the attestation generation client supplies the latest RSK block hash as this value, so it can then be used as a minimum timestamp reference for the attestation generation.
 - The compressed public key corresponding to the private key obtained by deriving the generated seed with the BIP32 path `m/44'/0'/0'/0/0` (normally used as the BTC key by the Signer application).
 - The hash of the currently authorized Signer version.
@@ -62,7 +62,7 @@ As a consequence of the aforementioned features, this message guarantees that th
 
 ### Signer attestation
 
-To generate the attestation, the Signer uses the configured attestation scheme to sign a message containing a predefined header (`HSM:SIGNER:5.0`) and the `sha256sum` of the concatenation of the authorized public keys (see the [protocol](./protocol.md) for details on this) lexicographically ordered by their UTF-encoded derivation path. This message guarantees that the device is running a specific version of the Signer and that those keys are in control of the ledger device.
+To generate the attestation, the Signer uses the configured attestation scheme to sign a message containing a predefined header (`HSM:SIGNER:5.1`) and the `sha256sum` of the concatenation of the authorized public keys (see the [protocol](./protocol.md) for details on this) lexicographically ordered by their UTF-encoded derivation path. This message guarantees that the device is running a specific version of the Signer and that those keys are in control of the ledger device.
 
 ## Attestation file format
 

docs/heartbeat.md

@@ -37,7 +37,7 @@ certification -- to verify.
 To generate the heartbeat, the Signer uses the configured endorsement scheme to sign a
 message generated by the concatenation of:
 
-- A predefined header (`HSM:SIGNER:HB:5.0:`).
+- A predefined header (`HSM:SIGNER:HB:5.1:`).
 - A 32 byte value corresponding to the currently known best block hash.
 - A value corresponding to the first 8 bytes of the last successful authorized signed
   operation's transaction hash.
@@ -53,7 +53,7 @@ transactions.
 To generate the heartbeat, the UI uses the configured endorsement scheme to sign a message
 generated by the concatenation of:
 
-- A predefined header (`HSM:UI:HB:5.0:`).
+- A predefined header (`HSM:UI:HB:5.1:`).
 - A 32 byte user-defined value. This value can vary and could be, for example, used as a
   timestamp reference for the end user.
 - A 32 byte value corresponding to the currently authorized Signer hash.

firmware/src/ledger/ui/src/attestation.h

@@ -48,7 +48,7 @@ typedef enum {
 } err_code_att_t;
 
 // Attestation message prefix
-#define ATT_MSG_PREFIX "HSM:UI:5.0"
+#define ATT_MSG_PREFIX "HSM:UI:5.1"
 #define ATT_MSG_PREFIX_LENGTH (sizeof(ATT_MSG_PREFIX) - sizeof(""))
 
 // User defined value size

firmware/src/ledger/ui/src/defs.h

@@ -30,7 +30,7 @@
 
 // Version and patchlevel
 #define VERSION_MAJOR 0x05
-#define VERSION_MINOR 0x00
+#define VERSION_MINOR 0x01
 #define VERSION_PATCH 0x00
 
 #endif // __DEFS_H

firmware/src/ledger/ui/src/ui_heartbeat.h

@@ -46,7 +46,7 @@ typedef enum {
 } err_code_ui_heartbeat_t;
 
 // Heartbeat message prefix
-#define UI_HEARTBEAT_MSG_PREFIX "HSM:UI:HB:5.0:"
+#define UI_HEARTBEAT_MSG_PREFIX "HSM:UI:HB:5.1:"
 #define UI_HEARTBEAT_MSG_PREFIX_LENGTH \
     (sizeof(UI_HEARTBEAT_MSG_PREFIX) - sizeof(""))
 

firmware/src/ledger/ui/test/attestation/test_attestation.c

@@ -160,7 +160,7 @@ void test_get_attestation_ud_value() {
     assert(3 == get_attestation(rx, &G_att_ctx));
     // PREFIX + UD_VALUE + Compressed pubkey + Signer hash + Iteration
     ASSERT_MEMCMP(
-        "HSM:UI:5.0"
+        "HSM:UI:5.1"
         "\x46\x8d\xa8\x7f\x6a\x85\xe6\x40\x93\x27\xe1\x17\xe8\xc7\xd2\x11\x0c"
         "\x73\x60\x22\x26\xbb\xb5\xed\xf2\x7d\x98\xc8\xa3\x1b\xcc\xf0"
         "\x02\xe6\xd7\x1d\x5c\x2b\x06\x36\x03\x53\xfb\xd8\x22\x7a\xb3\xab\xfc"
@@ -208,7 +208,7 @@ void test_get_attestation_get_msg() {
     *N_onboarded_ui = 1;
     memcpy(
         G_att_ctx.msg,
-        "HSM:UI:5.0"
+        "HSM:UI:5.1"
         "\x46\x8d\xa8\x7f\x6a\x85\xe6\x40\x93\x27\xe1\x17\xe8\xc7\xd2\x11\x0c"
         "\x73\x60\x22\x26\xbb\xb5\xed\xf2\x7d\x98\xc8\xa3\x1b\xcc\xf0"
         "\x03\xe6\xd7\x1d\x5c\x2b\x06\x36\x03\x53\xfb\xd8\x22\x7a\xb3\xab\xfc"
@@ -225,7 +225,7 @@ void test_get_attestation_get_msg() {
     assert((APDU_TOTAL_DATA_SIZE_OUT + 3) == get_attestation(rx, &G_att_ctx));
     ASSERT_APDU(
         "\x80\x50\x02\x01"
-        "HSM:UI:5.0"
+        "HSM:UI:5.1"
         "\x46\x8d\xa8\x7f\x6a\x85\xe6\x40\x93\x27\xe1\x17\xe8\xc7\xd2\x11\x0c"
         "\x73\x60\x22\x26\xbb\xb5\xed\xf2\x7d\x98\xc8\xa3\x1b\xcc\xf0"
         "\x03\xe6\xd7\x1d\x5c\x2b\x06\x36\x03\x53\xfb\xd8\x22\x7a\xb3\xab\xfc"
@@ -249,7 +249,7 @@ void test_get_attestation_get_msg_wrong_state() {
     *N_onboarded_ui = 1;
     memcpy(
         &G_att_ctx.msg,
-        "HSM:UI:5.0"
+        "HSM:UI:5.1"
         "\x46\x8d\xa8\x7f\x6a\x85\xe6\x40\x93\x27\xe1\x17\xe8\xc7\xd2\x11\x0c"
         "\x73\x60\x22\x26\xbb\xb5\xed\xf2\x7d\x98\xc8\xa3\x1b\xcc\xf0"
         "\x03\xe6\xd7\x1d\x5c\x2b\x06\x36\x03\x53\xfb\xd8\x22\x7a\xb3\xab\xfc"

firmware/src/ledger/ui/test/onboard/test_onboard.c

@@ -313,11 +313,11 @@ void test_is_onboarded() {
 
     G_device_onboarded = true;
     assert(5 == is_onboarded());
-    ASSERT_APDU("\x80\x01\x05\x00\x00");
+    ASSERT_APDU("\x80\x01\x05\x01\x00");
 
     G_device_onboarded = false;
     assert(5 == is_onboarded());
-    ASSERT_APDU("\x80\x00\x05\x00\x00");
+    ASSERT_APDU("\x80\x00\x05\x01\x00");
 }
 
 int main() {

firmware/src/ledger/ui/test/ui_heartbeat/test_ui_heartbeat.c

@@ -230,7 +230,7 @@ void test_op_ud_value() {
 
     assert_ok("\x80\x60\x01");
 
-    const char expected_msg[] = "HSM:UI:HB:5.0:" // Prefix
+    const char expected_msg[] = "HSM:UI:HB:5.1:" // Prefix
                                 "\x11"           // UD
                                 "\x22\x22\x22\x22\x22\x22\x22\x22\x22\x22" // .
                                 "\x22\x22\x22\x22\x22\x22\x22\x22\x22\x22" // .

firmware/src/powhsm/src/attestation.h

@@ -33,7 +33,7 @@
 // -----------------------------------------------------------------------
 
 // Attestation message prefix
-#define ATT_MSG_PREFIX "HSM:SIGNER:5.0"
+#define ATT_MSG_PREFIX "HSM:SIGNER:5.1"
 #define ATT_MSG_PREFIX_LENGTH (sizeof(ATT_MSG_PREFIX) - sizeof(""))
 
 // -----------------------------------------------------------------------

firmware/src/powhsm/src/defs.h

@@ -29,7 +29,7 @@
 
 // Version and patchlevel
 #define VERSION_MAJOR 0x05
-#define VERSION_MINOR 0x00
+#define VERSION_MINOR 0x01
 #define VERSION_PATCH 0x00
 
 #endif // __DEFS_H

firmware/src/powhsm/src/heartbeat.h

@@ -45,7 +45,7 @@ typedef enum {
 } err_code_heartbeat_t;
 
 // Heartbeat message prefix
-#define HEARTBEAT_MSG_PREFIX "HSM:SIGNER:HB:5.0:"
+#define HEARTBEAT_MSG_PREFIX "HSM:SIGNER:HB:5.1:"
 #define HEARTBEAT_MSG_PREFIX_LENGTH (sizeof(HEARTBEAT_MSG_PREFIX) - sizeof(""))
 
 // User-defined value size

firmware/test/cases/heartbeat.py

@@ -27,7 +27,7 @@
 
 
 class Heartbeat(TestCase):
-    EXPECTED_HEADER = "HSM:SIGNER:HB:5.0:"
+    EXPECTED_HEADER = "HSM:SIGNER:HB:5.1:"
     EHL = len(EXPECTED_HEADER)
 
     @classmethod

middleware/admin/verify_attestation.py

@@ -28,8 +28,8 @@
 from .certificate import HSMCertificate
 
 
-UI_MESSAGE_HEADER = b"HSM:UI:5.0"
-SIGNER_MESSAGE_HEADER = b"HSM:SIGNER:5.0"
+UI_MESSAGE_HEADER = b"HSM:UI:5.1"
+SIGNER_MESSAGE_HEADER = b"HSM:SIGNER:5.1"
 UI_DERIVATION_PATH = "m/44'/0'/0'/0/0"
 UD_VALUE_LENGTH = 32
 PUBKEY_COMPRESSED_LENGTH = 33

middleware/ledger/protocol.py

@@ -37,8 +37,8 @@
 
 class HSM2ProtocolLedger(HSM2Protocol):
     # Current manager supported versions for HSM UI and HSM SIGNER (<=)
-    UI_VERSION = HSM2FirmwareVersion(5, 0, 0)
-    APP_VERSION = HSM2FirmwareVersion(5, 0, 0)
+    UI_VERSION = HSM2FirmwareVersion(5, 1, 0)
+    APP_VERSION = HSM2FirmwareVersion(5, 1, 0)
 
     # Amount of time to wait to make sure the app is opened
     OPEN_APP_WAIT = 1  # second

middleware/tests/admin/test_verify_attestation.py

@@ -65,14 +65,14 @@ def setUp(self):
             )
         self.pubkeys_hash = pubkeys_hash.digest()
 
-        self.ui_msg = b"HSM:UI:5.0" + \
+        self.ui_msg = b"HSM:UI:5.1" + \
             bytes.fromhex("aa"*32) + \
             bytes.fromhex("bb"*33) + \
             bytes.fromhex("cc"*32) + \
             bytes.fromhex("0123")
         self.ui_hash = bytes.fromhex("ee" * 32)
 
-        self.signer_msg = b"HSM:SIGNER:5.0" + \
+        self.signer_msg = b"HSM:SIGNER:5.1" + \
             bytes.fromhex(self.pubkeys_hash.hex())
         self.signer_hash = bytes.fromhex("ff" * 32)
 

middleware/tests/ledger/test_protocol.py

@@ -49,7 +49,7 @@ def setUp(self):
         self.dongle.disconnect = Mock()
         self.dongle.is_onboarded = Mock(return_value=True)
         self.dongle.get_current_mode = Mock(return_value=HSM2Dongle.MODE.SIGNER)
-        self.dongle.get_version = Mock(return_value=HSM2FirmwareVersion(5, 0, 0))
+        self.dongle.get_version = Mock(return_value=HSM2FirmwareVersion(5, 1, 0))
         self.dongle.get_signer_parameters = Mock(return_value=Mock(
             min_required_difficulty=123))
         self.protocol = HSM2ProtocolLedger(self.pin, self.dongle)

middleware/tests/ledger/test_protocol_v1.py

@@ -47,7 +47,7 @@ def setUp(self):
         self.dongle.disconnect = Mock()
         self.dongle.is_onboarded = Mock(return_value=True)
         self.dongle.get_current_mode = Mock(return_value=HSM2Dongle.MODE.SIGNER)
-        self.dongle.get_version = Mock(return_value=HSM2FirmwareVersion(5, 0, 0))
+        self.dongle.get_version = Mock(return_value=HSM2FirmwareVersion(5, 1, 0))
         self.dongle.get_signer_parameters = Mock(return_value=Mock(
             min_required_difficulty=123))
         self.protocol = HSM1ProtocolLedger(self.pin, self.dongle)