Align with sdk

.github/workflows/build_and_functional_tests.yml

@@ -15,7 +15,7 @@ on:
         type: choice
         required: true
         default: 'Raise an error (default)'
-        description: CI behavior if the test snaphots are different than expected.
+        description: CI behavior if the test snapshots are different than expected.
         options:
           - 'Raise an error (default)'
           - 'Open a PR'

.github/workflows/codespell.yml

@@ -23,4 +23,4 @@ jobs:
         with:
           builtin: clear,rare
           check_filenames: true
-          path: src, src_bagl, src_features, src_nbgl, src_plugin_sdk, src_plugins, doc, client
+          path: src, src_bagl, src_features, src_nbgl, src_plugins, doc, client

.pre-commit-config.yaml

@@ -4,7 +4,7 @@
 
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.6.0
+    rev: v5.0.0
     hooks:
       - id: trailing-whitespace
       - id: end-of-file-fixer
@@ -14,7 +14,7 @@ repos:
       - id: check-case-conflict
 
   - repo: https://github.com/codespell-project/codespell
-    rev: v2.2.6
+    rev: v2.3.0
     hooks:
       - id: codespell
         args: ['--ignore-words-list', 'ontop,shft,hte', '--skip', 'makefile_conf/chain/*,tests/ragger/eip712_input_files/*']
@@ -26,7 +26,7 @@ repos:
         types_or: [c]
 
   - repo: https://github.com/Mateusz-Grzelinski/actionlint-py
-    rev: v1.6.27.13
+    rev: v1.7.6.22
     hooks:
       - id: actionlint
         types_or: [yaml]
@@ -39,9 +39,10 @@ repos:
         types_or: [markdown]
 
   - repo: https://github.com/PyCQA/pylint
-    rev: v2.16.2
+    rev: v3.3.3
     hooks:
       - id: pylint
+        language: system
         types: [python]
         args: ['--jobs=0', '--rcfile=tests/ragger/setup.cfg']
         files: '^tests/ragger/.*$'

client/src/ledger_app_clients/ethereum/client.py

@@ -1,20 +1,20 @@
-import rlp
 import struct
 from enum import IntEnum
+from typing import Optional, Tuple
+from hashlib import sha256
+import rlp
+from web3 import Web3
+
 from ragger.backend import BackendInterface
 from ragger.firmware import Firmware
 from ragger.error import ExceptionRAPDU
 from ragger.utils import RAPDU
-from typing import Optional
 
 from .command_builder import CommandBuilder
 from .eip712 import EIP712FieldType
 from .keychain import sign_data, Key
 from .tlv import format_tlv
 
-from hashlib import sha256
-from web3 import Web3
-
 
 class StatusWord(IntEnum):
     OK = 0x9000
@@ -92,7 +92,7 @@ class PKIClient:
     def __init__(self, client: BackendInterface) -> None:
         self._client = client
 
-    def send_certificate(self, p1: PKIPubKeyUsage, payload: bytes) -> RAPDU:
+    def send_certificate(self, p1: PKIPubKeyUsage, payload: bytes) -> None:
         try:
             response = self.send_raw(p1, payload)
             assert response.status == StatusWord.OK
@@ -275,6 +275,7 @@ def perform_privacy_operation(self,
 
     def _provide_trusted_name_common(self, payload: bytes, name_source: TrustedNameSource) -> RAPDU:
         payload += format_tlv(FieldTag.STRUCT_TYPE, 3)  # TrustedName
+        cert_apdu = ""
         if name_source == TrustedNameSource.CAL:
             if self._pki_client is not None:
                 # pylint: disable=line-too-long
@@ -286,6 +287,8 @@ def _provide_trusted_name_common(self, payload: bytes, name_source: TrustedNameS
                     cert_apdu = "010101020102110400000002120100130200021401011604000000002010547275737465645F4E616D655F43414C300200093101043201213321024CCA8FAD496AA5040A00A7EB2F5CC3B85376D88BA147A7D7054A99C64056188734010135010415473045022100ABA9D58446EE81EB073DA91941989DD7E133556D58DE2BCBA59E46253DB448B102201DF8AE930A9E318B50576D8922503A5D3EC84C00C332A7C8FF7CD48708751840"  # noqa: E501
                 elif self._firmware == Firmware.FLEX:
                     cert_apdu = "010101020102110400000002120100130200021401011604000000002010547275737465645F4E616D655F43414C300200093101043201213321024CCA8FAD496AA5040A00A7EB2F5CC3B85376D88BA147A7D7054A99C6405618873401013501051546304402206DC9F82C53F3B13400D3E343E3C8C81868E8C73B1EF2655D07891064B7AC3166022069A36E4059D75C93E488A5D58C02BCA9C80C081F77B31C5EDCF07F1A500C565A"  # noqa: E501
+                else:
+                    print(f"Invalid device '{self._firmware.name}'")
                 # pylint: enable=line-too-long
             key_id = 9
             key = Key.CAL
@@ -300,11 +303,13 @@ def _provide_trusted_name_common(self, payload: bytes, name_source: TrustedNameS
                     cert_apdu = "01010102010211040000000212010013020002140101160400000000200C547275737465645F4E616D6530020007310104320121332102B91FBEC173E3BA4A714E014EBC827B6F899A9FA7F4AC769CDE284317A00F4F6534010135010415473045022100A57DC7AB3F0E38A8D10783C7449024D929C60843BB75E5FF7B8088CB71CB130C022045A03E6F501F3702871466473BA08CE1F111357ED9EF395959733477165924C4"  # noqa: E501
                 elif self._firmware == Firmware.FLEX:
                     cert_apdu = "01010102010211040000000212010013020002140101160400000000200C547275737465645F4E616D6530020007310104320121332102B91FBEC173E3BA4A714E014EBC827B6F899A9FA7F4AC769CDE284317A00F4F6534010135010515473045022100D5BB77756C3D7C1B4254EA8D5351B94A89B13BA69C3631A523F293A10B7144B302201519B29A882BB22DCDDF6BE79A9CBA76566717FA877B7CA4B9CC40361A2D579E"  # noqa: E501
+                else:
+                    print(f"Invalid device '{self._firmware.name}'")
                 # pylint: enable=line-too-long
             key_id = 7
             key = Key.TRUSTED_NAME
 
-        if self._pki_client is not None:
+        if self._pki_client is not None and cert_apdu:
             self._pki_client.send_certificate(PKIPubKeyUsage.PUBKEY_USAGE_TRUSTED_NAME, bytes.fromhex(cert_apdu))
 
         payload += format_tlv(FieldTag.SIGNER_KEY_ID, key_id)  # test key
@@ -332,7 +337,7 @@ def provide_trusted_name_v2(self,
                                 chain_id: int,
                                 nft_id: Optional[int] = None,
                                 challenge: Optional[int] = None,
-                                not_valid_after: Optional[tuple[int]] = None) -> RAPDU:
+                                not_valid_after: Optional[Tuple[int]] = None) -> RAPDU:
         payload = format_tlv(FieldTag.STRUCT_VERSION, 2)
         payload += format_tlv(FieldTag.TRUSTED_NAME, name)
         payload += format_tlv(FieldTag.ADDRESS, addr)
@@ -371,9 +376,12 @@ def set_plugin(self,
                 cert_apdu = "01010102010211040000000212010013020002140101160400000000200A53657420506C7567696E30020003310107320121332103C055BC4ECF055E2D85085D35127A3DE6705C7F885055CD7071E87671BF191FE334010135010415473045022100B8AF9667C190B60BF350D8F8CA66A4BCEA22BF47D757CB7F88F8D16C7794BCDC02205F7D6C8E9294F73744A82E1062B10FFEB809252682112E71A419EFC78227211B"  # noqa: E501
             elif self._firmware == Firmware.FLEX:
                 cert_apdu = "01010102010211040000000212010013020002140101160400000000200A53657420506C7567696E30020003310107320121332103C055BC4ECF055E2D85085D35127A3DE6705C7F885055CD7071E87671BF191FE334010135010515473045022100F5069D8BCEDCF7CC55273266E3871B09FFCACD084B5753347A809DDDA67E6235022003CE65364BFA96B6FE7A9D8C13EC87B8E727E8B7BF4A63176F5D61AB8F97807E"  # noqa: E501
+            else:
+                print(f"Invalid device '{self._firmware.name}'")
+                cert_apdu = ""
             # pylint: enable=line-too-long
-
-            self._pki_client.send_certificate(PKIPubKeyUsage.PUBKEY_USAGE_PLUGIN_METADATA, bytes.fromhex(cert_apdu))
+            if cert_apdu:
+                self._pki_client.send_certificate(PKIPubKeyUsage.PUBKEY_USAGE_PLUGIN_METADATA, bytes.fromhex(cert_apdu))
 
         if sig is None:
             # Temporarily get a command with an empty signature to extract the payload and
@@ -421,9 +429,12 @@ def provide_nft_metadata(self,
                 cert_apdu = "0101010201021104000000021201001302000214010116040000000020084E46545F496E666F300200043101033201213321023CFB5FB31905F4BD39D9D535A40C26AAB51C5D7D3219B28AC942B980FB206CFB3401013501041546304402201DEE04EC830FFDE5C98A708EC6865605FC14FF6105A54BE5230F2B954C673B940220581A0A5E42A7779140963703E43B3BEABE4C69284EDEF00E76BB5875E0810C9B"  # noqa: E501
             elif self._firmware == Firmware.FLEX:
                 cert_apdu = "0101010201021104000000021201001302000214010116040000000020084E46545F496E666F300200043101033201213321023CFB5FB31905F4BD39D9D535A40C26AAB51C5D7D3219B28AC942B980FB206CFB340101350105154730450221009ABCC7056D54C1B5DBB353178B13850C20521EE6884AA415AA61B329DB1D87F602204E308F273B8D18080184695438577F770524F717E5D08EE20ECBF1BC599F3538"  # noqa: E501
+            else:
+                print(f"Invalid device '{self._firmware.name}'")
+                cert_apdu = ""
             # pylint: enable=line-too-long
-
-            self._pki_client.send_certificate(PKIPubKeyUsage.PUBKEY_USAGE_NFT_METADATA, bytes.fromhex(cert_apdu))
+            if cert_apdu:
+                self._pki_client.send_certificate(PKIPubKeyUsage.PUBKEY_USAGE_NFT_METADATA, bytes.fromhex(cert_apdu))
 
         if sig is None:
             # Temporarily get a command with an empty signature to extract the payload and
@@ -489,9 +500,12 @@ def provide_token_metadata(self,
                 cert_apdu = "01010102010211040000000212010013020002140101160400000000200B45524332305F546F6B656E300200063101083201213321024CCA8FAD496AA5040A00A7EB2F5CC3B85376D88BA147A7D7054A99C6405618873401013501041546304402206731FCD3E2432C5CA162381392FD17AD3A41EEF852E1D706F21A656AB165263602204B89FAE8DBAF191E2D79FB00EBA80D613CB7EDF0BE960CB6F6B29D96E1437F5F"  # noqa: E501
             elif self._firmware == Firmware.FLEX:
                 cert_apdu = "01010102010211040000000212010013020002140101160400000000200B45524332305F546F6B656E300200063101083201213321024CCA8FAD496AA5040A00A7EB2F5CC3B85376D88BA147A7D7054A99C64056188734010135010515473045022100B59EA8B958AA40578A6FBE9BBFB761020ACD5DBD8AA863C11DA17F42B2AFDE790220186316059EFA58811337D47C7F815F772EA42BBBCEA4AE123D1118C80588F5CB"  # noqa: E501
+            else:
+                print(f"Invalid device '{self._firmware.name}'")
+                cert_apdu = ""
             # pylint: enable=line-too-long
-
-            self._pki_client.send_certificate(PKIPubKeyUsage.PUBKEY_USAGE_COIN_META, bytes.fromhex(cert_apdu))
+            if cert_apdu:
+                self._pki_client.send_certificate(PKIPubKeyUsage.PUBKEY_USAGE_COIN_META, bytes.fromhex(cert_apdu))
 
         if sig is None:
             # Temporarily get a command with an empty signature to extract the payload and
@@ -525,15 +539,14 @@ def _prepare_network_info(self,
             # Network Icon
             payload += format_tlv(FieldTag.NETWORK_ICON_HASH, sha256(icon).digest())
         # Append the data Signature
-        payload += format_tlv(FieldTag.DER_SIGNATURE,
-                              sign_data(Key.NETWORK, payload))
+        payload += format_tlv(FieldTag.DER_SIGNATURE, sign_data(Key.NETWORK, payload))
         return payload
 
     def provide_network_information(self,
                                     name: str,
                                     ticker: str,
                                     chain_id: int,
-                                    icon: Optional[bytes] = None) -> RAPDU:
+                                    icon: Optional[bytes] = None) -> None:
 
         if self._pki_client is None:
             print(f"Ledger-PKI Not supported on '{self._firmware.name}'")
@@ -547,9 +560,12 @@ def provide_network_information(self,
                 cert_apdu = "0101010201021104000000021201001302000214010116040000000020076E6574776F726B3002000A31010C32012133210304AF5CF32094F855E93235E9EB43F48E9B436C2E1DFAEA58ECAFA68AAFB1D27C34010135010415463044022044C595C3E98100D4ECA75A73BF294090FF94948E80EE1430624C886B15BE862302200994E1D98CA72B78D57808B5FD236F439376AFC7C651B55D4AFBFB5AF4C15E00"  # noqa: E501
             elif self._firmware == Firmware.FLEX:
                 cert_apdu = "0101010201021104000000021201001302000214010116040000000020076E6574776F726B3002000A31010C32012133210304AF5CF32094F855E93235E9EB43F48E9B436C2E1DFAEA58ECAFA68AAFB1D27C34010135010515463044022008D276684F1A1CC3A89DB0B15120860414FF6A60E227FCAA29ED8F2096C982460220343FE956D443CEA33A2F8BD9DD1EAD783ACFF86088CF01BCE63C224DC815D7F0"  # noqa: E501
+            else:
+                print(f"Invalid device '{self._firmware.name}'")
+                cert_apdu = ""
             # pylint: enable=line-too-long
-
-            self._pki_client.send_certificate(PKIPubKeyUsage.PUBKEY_USAGE_NETWORK, bytes.fromhex(cert_apdu))
+            if cert_apdu:
+                self._pki_client.send_certificate(PKIPubKeyUsage.PUBKEY_USAGE_NETWORK, bytes.fromhex(cert_apdu))
 
         # Add the network info
         payload = self._prepare_network_info(name, ticker, chain_id, icon)
@@ -579,9 +595,13 @@ def provide_transaction_info(self, payload: bytes) -> RAPDU:
                 cert_apdu = "01010102010211040000000212010013020002140101160400000000200863616C6C646174613002000831010B32012133210381C0821E2A14AC2546FB0B9852F37CA2789D7D76483D79217FB36F51DCE1E7B434010135010415473045022100A88646AD72CA012D5FDAF8F6AE0B7EBEF079212768D57323CB5B57CADD9EB20D022005872F8EA06092C9783F01AF02C5510588FB60CBF4BA51FB382B39C1E060BB6B"  # noqa: E501
             elif self._firmware == Firmware.FLEX:
                 cert_apdu = "01010102010211040000000212010013020002140101160400000000200863616C6C646174613002000831010B32012133210381C0821E2A14AC2546FB0B9852F37CA2789D7D76483D79217FB36F51DCE1E7B43401013501051546304402205305BDDDAD0284A2EAC2A9BE4CEF6604AE9415C5F46883448F5F6325026234A3022001ED743BCF33CCEB070FDD73C3D3FCC2CEE5AB30A5C3EB7D2A8D21C6F58D493F"  # noqa: E501
+            else:
+                print(f"Invalid device '{self._firmware.name}'")
+                cert_apdu = ""
             # pylint: enable=line-too-long
+            if cert_apdu:
+                self._pki_client.send_certificate(PKIPubKeyUsage.PUBKEY_USAGE_CALLDATA, bytes.fromhex(cert_apdu))
 
-            self._pki_client.send_certificate(PKIPubKeyUsage.PUBKEY_USAGE_CALLDATA, bytes.fromhex(cert_apdu))
         chunks = self._cmd_builder.provide_transaction_info(payload)
         for chunk in chunks[:-1]:
             self._exchange(chunk)

client/src/ledger_app_clients/ethereum/command_builder.py

@@ -125,7 +125,7 @@ def eip712_send_struct_impl_array(self, size: int) -> bytes:
                                data)
 
     def eip712_send_struct_impl_struct_field(self, data: bytearray) -> list[bytes]:
-        chunks = list()
+        chunks = []
         # Add a 16-bit integer with the data's byte length (network byte order)
         data_w_length = bytearray()
         data_w_length.append((len(data) & 0xff00) >> 8)
@@ -264,7 +264,7 @@ def set_external_plugin(self, plugin_name: str, contract_address: bytes, selecto
                                data)
 
     def sign(self, bip32_path: str, rlp_data: bytes, p2: int) -> list[bytes]:
-        apdus = list()
+        apdus = []
         payload = pack_derivation_path(bip32_path)
         payload += rlp_data
         p1 = P1Type.SIGN_FIRST_CHUNK
@@ -281,7 +281,7 @@ def get_challenge(self) -> bytes:
         return self._serialize(InsType.GET_CHALLENGE, 0x00, 0x00)
 
     def provide_trusted_name(self, tlv_payload: bytes) -> list[bytes]:
-        chunks = list()
+        chunks = []
         payload = struct.pack(">H", len(tlv_payload))
         payload += tlv_payload
         p1 = 1
@@ -376,7 +376,7 @@ def personal_sign(self, path: str, msg: bytes):
         payload = pack_derivation_path(path)
         payload += struct.pack(">I", len(msg))
         payload += msg
-        chunks = list()
+        chunks = []
         p1 = P1Type.SIGN_FIRST_CHUNK
         while len(payload) > 0:
             chunk_size = 0xff
@@ -431,7 +431,7 @@ def provide_network_information(self,
         return chunks
 
     def common_tlv_serialize(self, tlv_payload: bytes, ins: InsType) -> list[bytes]:
-        chunks = list()
+        chunks = []
         payload = struct.pack(">H", len(tlv_payload))
         payload += tlv_payload
         p1 = 1