Updates

.github/workflows/main.yml

@@ -29,6 +29,27 @@ jobs:
           make deps
       - run: make cpp_test
 
+  build_rust:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          submodules: true
+      - name: Install rust
+        uses: actions-rs/toolchain@v1
+        with:
+          toolchain: stable
+      - name: rustfmt
+        run: |
+          cd ./rs
+          cargo fmt --version
+          cargo fmt -- --check
+      - name: audit
+        run: |
+          cd ./rs
+          cargo audit
+
   build_ledger:
     needs: configure
     runs-on: ubuntu-latest
@@ -160,3 +181,37 @@ jobs:
           tag_name: ${{ steps.nanosp.outputs.tag_name }}
           draft: false
           prerelease: false
+
+  build_package_stax:
+    needs: [configure, build, build_ledger, test_zemu]
+    if: ${{ github.ref == 'refs/heads/main' }}
+    runs-on: ubuntu-latest
+    container:
+      image: zondax/ledger-app-builder:latest
+      options: --user ${{ needs.configure.outputs.uid_gid }}
+      env:
+        BOLOS_SDK: /opt/stax-secure-sdk
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          submodules: true
+      - name: Install deps
+        run: pip install ledgerblue
+
+      - name: Build Stax
+        shell: bash -l {0}
+        run: make SUBSTRATE_PARSER_FULL=1
+      - name: Set tag
+        id: stax
+        run: echo "tag_name=$(./app/pkg/installer_stax.sh version)" >> $GITHUB_OUTPUT
+      - name: Update Release
+        id: update_release_2
+        uses: softprops/action-gh-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
+        with:
+          files: ./app/pkg/installer_stax.sh
+          tag_name: ${{ steps.stax.outputs.tag_name }}
+          draft: false
+          prerelease: false

app/Makefile.version

@@ -3,4 +3,4 @@ APPVERSION_M=0
 # This is the `spec_version` field of `Runtime`
 APPVERSION_N=0
 # This is the patch version of this release
-APPVERSION_P=11
+APPVERSION_P=12

rs/Cargo.toml

@@ -28,7 +28,7 @@ prost-types = "0.11.6"
 
 leb128 = "0.2.5"
 sha2 = "0.10.6"
-ed25519-dalek = "1.0.1"
+ed25519-dalek = "2.1.0"
 bincode = "1.3.3"
 
 [dev-dependencies]

rs/src/lib.rs

@@ -255,21 +255,25 @@ where
         section_hashes: HashMap<usize, Vec<u8>>,
         pubkey: &[u8],
     ) -> bool {
-        use ed25519_dalek::{PublicKey, Signature};
+        use ed25519_dalek::{Signature, VerifyingKey};
 
         if pubkey != &signature.pubkey {
             return false;
         }
 
-        let public_key = PublicKey::from_bytes(&signature.pubkey[1..]).unwrap();
+        let mut public_key_bytes = [0u8; 32];
+        public_key_bytes.copy_from_slice(&signature.pubkey[1..33]);
+        let public_key = VerifyingKey::from_bytes(&public_key_bytes).unwrap();
         let unsigned_raw_sig_hash = self.hash_signature_sec(
             vec![],
             &section_hashes,
             signature.raw_indices.clone(),
             None,
             None,
         );
-        let raw_signature = Signature::from_bytes(&signature.raw_signature[1..]).unwrap();
+        let mut raw_signature_bytes = [0u8; 64];
+        raw_signature_bytes.copy_from_slice(&signature.raw_signature[1..65]);
+        let raw_signature = Signature::from_bytes(&raw_signature_bytes);
         let raw_sig = public_key
             .verify(&unsigned_raw_sig_hash, &raw_signature)
             .is_ok();
@@ -295,7 +299,9 @@ where
             None,
         );
 
-        let wrapper_signature = Signature::from_bytes(&signature.wrapper_signature[1..]).unwrap();
+        let mut wrapper_signature_bytes = [0u8; 64];
+        wrapper_signature_bytes.copy_from_slice(&signature.wrapper_signature[1..65]);
+        let wrapper_signature = Signature::from_bytes(&wrapper_signature_bytes);
         let wrapper_sig = public_key
             .verify(&unsigned_wrapper_sig_hash, &wrapper_signature)
             .is_ok();