Added SSKR generate option to app menu

.github/workflows/ci-workflow.yml

@@ -1,3 +1,4 @@
+---
 name: Compilation & tests
 
 on:
@@ -6,10 +7,13 @@ on:
     branches:
       - master
       - develop
+    tags:
+      - '**'
   pull_request:
     paths-ignore:
       - '.github/workflows/*.yml'
 
+
 jobs:
   nano_build:
     name: Build application for NanoS, X and S+
@@ -27,15 +31,16 @@ jobs:
       image: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder:latest
     steps:
       - name: Clone
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - name: Build
         run: |
           git config --global --add safe.directory "$GITHUB_WORKSPACE"
           make BOLOS_SDK=${{ matrix.SDK }}
           mv bin/app.elf "bin/${{ matrix.model }}.elf"
+
       - name: Upload app binary
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         with:
           name: apps
           path: bin/*.elf
@@ -47,15 +52,15 @@ jobs:
       image: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder:latest
     steps:
       - name: Clone
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - name: Build with Clang Static Analyzer
         run: |
           make clean
           scan-build --use-cc=clang -analyze-headers -enable-checker security -enable-checker unix -enable-checker valist -disable-checker core.VLASize -o scan-build --status-bugs make default
 
       - name: Upload scan result
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         if: failure()
         with:
           name: scan-build

.github/workflows/codeql-workflow.yml

@@ -1,10 +1,13 @@
+---
 name: "CodeQL"
 
 on:
   push:
     branches:
       - master
       - develop
+    tags:
+      - '**'
   pull_request:
     # Excluded path: add the paths you want to ignore instead of deleting the workflow
     paths-ignore:
@@ -17,7 +20,7 @@ jobs:
     strategy:
       matrix:
         sdk: [ "$NANOS_SDK", "$NANOX_SDK", "$NANOSP_SDK" ]
-        #'cpp' covers C and C++
+        # 'cpp' covers C and C++
         language: [ 'cpp' ]
     runs-on: ubuntu-latest
     container:

.github/workflows/lint-workflow.yml

@@ -1,10 +1,14 @@
+---
 name: Code style check
 
 on:
   workflow_dispatch:
   push:
     branches:
       - master
+      - develop
+    tags:
+      - '**'
   pull_request:
     paths-ignore:
       - '.github/workflows/*.yml'

.github/workflows/release-workflow.yml

@@ -0,0 +1,52 @@
+---
+name: Create Release
+
+on:
+  workflow_run:
+    workflows: ['Compilation & tests']
+    types:
+      - completed
+
+jobs:
+  create_release:
+    name: Create Release
+    if: github.event.workflow_run.conclusion == 'success' && startsWith(github.event.workflow_run.head_branch, 'v')
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - name: Clone
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ github.event.workflow_run.head_branch }}
+
+      - name: Set VERSION variable from tag
+        run: |
+          HEAD_BRANCH=${{ github.event.workflow_run.head_branch }}
+          VERSION_NUMBER=${HEAD_BRANCH#v}
+          echo "VERSION_NUMBER=${VERSION_NUMBER}" >> ${GITHUB_ENV}
+          echo "VERSION_NAME=${HEAD_BRANCH//./_}" >> ${GITHUB_ENV}
+
+      - name: Download app binaries
+        uses: dawidd6/action-download-artifact@v2
+        with:
+          name: apps
+          path: ./bin/
+          commit: ${{ github.event.workflow_run.head_sha }}
+          workflow: ci-workflow.yml
+          workflow_conclusion: success
+          skip_unpack: true
+
+      - name: Rename app binaries
+        run: ls -la ./bin/ && sudo mv ./bin/apps.zip ./bin/apps.${VERSION_NAME}.zip && ls -la ./bin/
+
+      - name: Create Release
+        uses: ncipollo/release-action@v1
+        with:
+          name: Sharded Secret Key Reconstruction (SSKR) Check application for Ledger - Release ${{ env.VERSION_NUMBER }}
+          artifacts: ./bin/*.zip
+          artifactContentType: application/zip
+          bodyFile: CHANGELOG.md
+          tag: ${{ github.event.workflow_run.head_branch }}
+          makeLatest: true
+          allowUpdates: true

CHANGELOG.md

@@ -0,0 +1,20 @@
+# Ghange log
+
+## [1.0.1] - 2023-03-21
+
+### Added
+-  Clone app-recovery-check and rename to app-sskr-check
+-  Add SSKR (bc-sskr and bc-shamir) to app-sskr-check
+-  Generate SSKR shares from BIP39 mnemonic phrase
+  -  Write BIP39 to SSKR functionality
+  -  Add SSKR flow to the Check BIP39 menu
+  -  Test with 12-word BIP39 phrases
+  -  Test with 18-word BIP39 phrases
+  -  Test with 24-word BIP39 phrases
+  -  Test on nanos
+  -  Test on nanosp
+  -  Test on nano
+
+### Changed
+
+### Fixed

Makefile

@@ -34,9 +34,9 @@ APPVERSION   = "$(APPVERSION_M).$(APPVERSION_N).$(APPVERSION_P)"
 APP_LOAD_PARAMS = --appFlags 0x10 $(COMMON_LOAD_PARAMS) --apdu --curve secp256k1 --path ""
 
 ifeq ($(TARGET_NAME), TARGET_NANOS)
-    ICONNAME=icons/nanos_app_sskr_check.gif
+    ICONNAME=glyphs/nanos_app_sskr_check.gif
 else
-    ICONNAME=icons/nanox_app_sskr_check.gif
+    ICONNAME=glyphs/nanox_app_sskr_check.gif
 endif
 
 # Build configuration

README.md

@@ -5,4 +5,5 @@
 [![Code style check](https://github.com/aido/app-sskr-check/actions/workflows/lint-workflow.yml/badge.svg)](https://github.com/aido/app-sskr-check/actions/workflows/lint-workflow.yml)
 [![License](https://img.shields.io/github/license/aido/app-sskr-check)](https://github.com/aido/app-sskr-check/blob/develop/LICENSE)
 
-This application invites the user to type his seed on his Nano S, this seed is compared against the onboarded seed, and user is informed whether both seeds are matching or not. There are also options to create SSKR shares from BIP-39 phrase or to confirm the onboarded seed against SSKR shares.
+This application invites the user to type his seed on his Nano S, this seed is compared against the onboarded seed, and user is informed whether both seeds are matching or not. There are also options to create SSKR shares from BIP-39 phrase or to confirm the onboarded seed against SSKR shares. [Sharded Secret Key Reconstruction (SSKR)](https://github.com/BlockchainCommons/Research/blob/master/papers/bcr-2020-011-sskr.md) is an implementation of Shamir's Secret Sharing (SSS). SSS splits a master secret, such as the master seed S for Hierarchical Deterministic Wallets described in BIP32, into unique parts which can be distributed among participants. A specified minimum number of parts is required to be supplied in order to reconstruct the original secret. Knowledge of fewer than the required number of parts does not leak information about the master secret.
+

TODO.md

@@ -0,0 +1,34 @@
+# app-sskr-check TODO list
+
+### Todo
+
+- [ ] Add Ledger Stax to list of devices app works on
+- [ ] Fix issue with using 'cx_crc32_hw()' function in 'onboarding_seed_sskr.c' when testing with Speculos
+- [ ] Currently hardcoded to use a k-of-n threshold of 2-of-3. Add flow to set threshold values
+- [ ] Save memory by setting the SSKR word buffer (G_bolos_ux_context.sskr_words_buffer) to a sensible size. Maybe just store SSKR Bytewords as shorter two letter minimal Bytewords rather than a 4 letter Byteword plus spaace for each share. Convert minimal ByteWords back to four letter Bytewords just prior to display.
+
+### In Progress
+
+- [ ] Generate BIP39 mnemonic phrases from SSKR shares
+  - [ ] Write SSKR to BIP39 functionality
+  - [ ] Add flow to the Check SSKR menu
+  - [ ] Test with 29-word SSKR shares
+  - [ ] Test with 38-word SSKR shares
+  - [ ] Test with 46-word SSKR shares
+  - [ ] Test on nanos
+  - [ ] Test on nanosp
+  - [ ] Test on nanox
+
+### Done ✓
+
+- [x] Clone app-recovery-check and rename to app-sskr-check
+- [x] Add SSKR (bc-sskr and bc-shamir) to app-sskr-check
+- [x] Generate SSKR shares from BIP39 mnemonic phrase
+  - [x] Write BIP39 to SSKR functionality
+  - [x] Add SSKR flow to the Check BIP39 menu
+  - [x] Test with 12-word BIP39 phrases
+  - [x] Test with 18-word BIP39 phrases
+  - [x] Test with 24-word BIP39 phrases
+  - [x] Test on nanos
+  - [x] Test on nanosp
+  - [x] Test on nanox