@alephium/ledger-app 0.4.0 → 0.5.1

package/dist/src/index.d.ts

@@ -1,21 +1,2 @@
-/// <reference types="node" />
-import { Account, KeyType } from '@alephium/web3';
-import Transport from '@ledgerhq/hw-transport';
-export declare const CLA = 128;
-export declare enum INS {
-    GET_VERSION = 0,
-    GET_PUBLIC_KEY = 1,
-    SIGN_HASH = 2,
-    SIGN_TX = 3
-}
-export declare const GROUP_NUM = 4;
-export declare const HASH_LEN = 32;
-export default class AlephiumApp {
-    readonly transport: Transport;
-    constructor(transport: Transport);
-    close(): Promise<void>;
-    getVersion(): Promise<string>;
-    getAccount(startPath: string, targetGroup?: number, keyType?: KeyType, display?: boolean): Promise<readonly [Account, number]>;
-    signHash(path: string, hash: Buffer): Promise<string>;
-    signUnsignedTx(path: string, unsignedTx: Buffer): Promise<string>;
-}
+export * from './types';
+export * from './ledger-app';

package/dist/src/index.js

@@ -10,103 +10,9 @@ var __createBinding = (this && this.__createBinding) || (Object.create ? (functi
     if (k2 === undefined) k2 = k;
     o[k2] = m[k];
 }));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.HASH_LEN = exports.GROUP_NUM = exports.INS = exports.CLA = void 0;
-const web3_1 = require("@alephium/web3");
-const hw_transport_1 = require("@ledgerhq/hw-transport");
-const serde = __importStar(require("./serde"));
-const elliptic_1 = require("elliptic");
-const ec = new elliptic_1.ec('secp256k1');
-exports.CLA = 0x80;
-var INS;
-(function (INS) {
-    INS[INS["GET_VERSION"] = 0] = "GET_VERSION";
-    INS[INS["GET_PUBLIC_KEY"] = 1] = "GET_PUBLIC_KEY";
-    INS[INS["SIGN_HASH"] = 2] = "SIGN_HASH";
-    INS[INS["SIGN_TX"] = 3] = "SIGN_TX";
-})(INS = exports.INS || (exports.INS = {}));
-exports.GROUP_NUM = 4;
-exports.HASH_LEN = 32;
-class AlephiumApp {
-    constructor(transport) {
-        this.transport = transport;
-    }
-    async close() {
-        await this.transport.close();
-    }
-    async getVersion() {
-        const response = await this.transport.send(exports.CLA, INS.GET_VERSION, 0x00, 0x00);
-        console.log(`response ${response.length} - ${response.toString('hex')}`);
-        return `${response[0]}.${response[1]}.${response[2]}`;
-    }
-    async getAccount(startPath, targetGroup, keyType, display = false) {
-        if ((targetGroup ?? 0) >= exports.GROUP_NUM) {
-            throw Error(`Invalid targetGroup: ${targetGroup}`);
-        }
-        if (keyType === 'bip340-schnorr') {
-            throw Error('BIP340-Schnorr is not supported yet');
-        }
-        const p1 = targetGroup === undefined ? 0x00 : exports.GROUP_NUM;
-        const p2 = targetGroup === undefined ? 0x00 : targetGroup;
-        const payload = Buffer.concat([serde.serializePath(startPath), Buffer.from([display ? 1 : 0])]);
-        const response = await this.transport.send(exports.CLA, INS.GET_PUBLIC_KEY, p1, p2, payload);
-        const publicKey = ec.keyFromPublic(response.slice(0, 65)).getPublic(true, 'hex');
-        const address = (0, web3_1.addressFromPublicKey)(publicKey);
-        const group = (0, web3_1.groupOfAddress)(address);
-        const hdIndex = response.slice(65, 69).readUInt32BE(0);
-        return [{ publicKey: publicKey, address: address, group: group, keyType: keyType ?? 'default' }, hdIndex];
-    }
-    async signHash(path, hash) {
-        if (hash.length !== exports.HASH_LEN) {
-            throw new Error('Invalid hash length');
-        }
-        const data = Buffer.concat([serde.serializePath(path), hash]);
-        console.log(`data ${data.length}`);
-        const response = await this.transport.send(exports.CLA, INS.SIGN_HASH, 0x00, 0x00, data, [hw_transport_1.StatusCodes.OK]);
-        console.log(`response ${response.length} - ${response.toString('hex')}`);
-        return decodeSignature(response);
-    }
-    async signUnsignedTx(path, unsignedTx) {
-        console.log(`unsigned tx size: ${unsignedTx.length}`);
-        const encodedPath = serde.serializePath(path);
-        const firstFrameTxLength = 256 - 25;
-        const txData = unsignedTx.slice(0, unsignedTx.length > firstFrameTxLength ? firstFrameTxLength : unsignedTx.length);
-        const data = Buffer.concat([encodedPath, txData]);
-        let response = await this.transport.send(exports.CLA, INS.SIGN_TX, 0x00, 0x00, data, [hw_transport_1.StatusCodes.OK]);
-        if (unsignedTx.length <= firstFrameTxLength) {
-            return decodeSignature(response);
-        }
-        const frameLength = 256 - 5;
-        let fromIndex = firstFrameTxLength;
-        while (fromIndex < unsignedTx.length) {
-            const remain = unsignedTx.length - fromIndex;
-            const toIndex = remain > frameLength ? (fromIndex + frameLength) : unsignedTx.length;
-            const data = unsignedTx.slice(fromIndex, toIndex);
-            response = await this.transport.send(exports.CLA, INS.SIGN_TX, 0x01, 0x00, data, [hw_transport_1.StatusCodes.OK]);
-            fromIndex = toIndex;
-        }
-        return decodeSignature(response);
-    }
-}
-exports.default = AlephiumApp;
-function decodeSignature(response) {
-    // Decode signature: https://bitcoin.stackexchange.com/a/12556
-    const rLen = response.slice(3, 4)[0];
-    const r = response.slice(4, 4 + rLen);
-    const sLen = response.slice(5 + rLen, 6 + rLen)[0];
-    const s = response.slice(6 + rLen, 6 + rLen + sLen);
-    console.log(`${rLen} - ${r.toString('hex')}\n${sLen} - ${s.toString('hex')}`);
-    return (0, web3_1.encodeHexSignature)(r.toString('hex'), s.toString('hex'));
-}
+__exportStar(require("./types"), exports);
+__exportStar(require("./ledger-app"), exports);

package/dist/src/ledger-app.d.ts

@@ -0,0 +1,22 @@
+/// <reference types="node" />
+import { Account, KeyType } from '@alephium/web3';
+import Transport from '@ledgerhq/hw-transport';
+import { TokenMetadata } from './types';
+export declare const CLA = 128;
+export declare enum INS {
+    GET_VERSION = 0,
+    GET_PUBLIC_KEY = 1,
+    SIGN_HASH = 2,
+    SIGN_TX = 3
+}
+export declare const GROUP_NUM = 4;
+export declare const HASH_LEN = 32;
+export default class AlephiumApp {
+    readonly transport: Transport;
+    constructor(transport: Transport);
+    close(): Promise<void>;
+    getVersion(): Promise<string>;
+    getAccount(startPath: string, targetGroup?: number, keyType?: KeyType, display?: boolean): Promise<readonly [Account, number]>;
+    signHash(path: string, hash: Buffer): Promise<string>;
+    signUnsignedTx(path: string, unsignedTx: Buffer, tokenMetadata?: TokenMetadata[]): Promise<string>;
+}

package/dist/src/ledger-app.js

@@ -0,0 +1,115 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.HASH_LEN = exports.GROUP_NUM = exports.INS = exports.CLA = void 0;
+const web3_1 = require("@alephium/web3");
+const hw_transport_1 = require("@ledgerhq/hw-transport");
+const serde = __importStar(require("./serde"));
+const elliptic_1 = require("elliptic");
+const ec = new elliptic_1.ec('secp256k1');
+exports.CLA = 0x80;
+var INS;
+(function (INS) {
+    INS[INS["GET_VERSION"] = 0] = "GET_VERSION";
+    INS[INS["GET_PUBLIC_KEY"] = 1] = "GET_PUBLIC_KEY";
+    INS[INS["SIGN_HASH"] = 2] = "SIGN_HASH";
+    INS[INS["SIGN_TX"] = 3] = "SIGN_TX";
+})(INS = exports.INS || (exports.INS = {}));
+exports.GROUP_NUM = 4;
+exports.HASH_LEN = 32;
+// The maximum payload size is 255: https://github.com/LedgerHQ/ledger-live/blob/develop/libs/ledgerjs/packages/hw-transport/src/Transport.ts#L261
+const MAX_PAYLOAD_SIZE = 255;
+class AlephiumApp {
+    constructor(transport) {
+        this.transport = transport;
+    }
+    async close() {
+        await this.transport.close();
+    }
+    async getVersion() {
+        const response = await this.transport.send(exports.CLA, INS.GET_VERSION, 0x00, 0x00);
+        console.log(`response ${response.length} - ${response.toString('hex')}`);
+        return `${response[0]}.${response[1]}.${response[2]}`;
+    }
+    async getAccount(startPath, targetGroup, keyType, display = false) {
+        if ((targetGroup ?? 0) >= exports.GROUP_NUM) {
+            throw Error(`Invalid targetGroup: ${targetGroup}`);
+        }
+        if (keyType === 'bip340-schnorr') {
+            throw Error('BIP340-Schnorr is not supported yet');
+        }
+        const p1 = targetGroup === undefined ? 0x00 : exports.GROUP_NUM;
+        const p2 = targetGroup === undefined ? 0x00 : targetGroup;
+        const payload = Buffer.concat([serde.serializePath(startPath), Buffer.from([display ? 1 : 0])]);
+        const response = await this.transport.send(exports.CLA, INS.GET_PUBLIC_KEY, p1, p2, payload);
+        const publicKey = ec.keyFromPublic(response.slice(0, 65)).getPublic(true, 'hex');
+        const address = (0, web3_1.addressFromPublicKey)(publicKey);
+        const group = (0, web3_1.groupOfAddress)(address);
+        const hdIndex = response.slice(65, 69).readUInt32BE(0);
+        return [{ publicKey: publicKey, address: address, group: group, keyType: keyType ?? 'default' }, hdIndex];
+    }
+    async signHash(path, hash) {
+        if (hash.length !== exports.HASH_LEN) {
+            throw new Error('Invalid hash length');
+        }
+        const data = Buffer.concat([serde.serializePath(path), hash]);
+        console.log(`data ${data.length}`);
+        const response = await this.transport.send(exports.CLA, INS.SIGN_HASH, 0x00, 0x00, data, [hw_transport_1.StatusCodes.OK]);
+        console.log(`response ${response.length} - ${response.toString('hex')}`);
+        return decodeSignature(response);
+    }
+    async signUnsignedTx(path, unsignedTx, tokenMetadata = []) {
+        console.log(`unsigned tx size: ${unsignedTx.length}`);
+        const encodedPath = serde.serializePath(path);
+        const encodedTokenMetadata = serde.serializeTokenMetadata(tokenMetadata);
+        const firstFrameTxLength = MAX_PAYLOAD_SIZE - 20 - encodedTokenMetadata.length;
+        const txData = unsignedTx.slice(0, unsignedTx.length > firstFrameTxLength ? firstFrameTxLength : unsignedTx.length);
+        const data = Buffer.concat([encodedPath, encodedTokenMetadata, txData]);
+        let response = await this.transport.send(exports.CLA, INS.SIGN_TX, 0x00, 0x00, data, [hw_transport_1.StatusCodes.OK]);
+        if (unsignedTx.length <= firstFrameTxLength) {
+            return decodeSignature(response);
+        }
+        const frameLength = MAX_PAYLOAD_SIZE;
+        let fromIndex = firstFrameTxLength;
+        while (fromIndex < unsignedTx.length) {
+            const remain = unsignedTx.length - fromIndex;
+            const toIndex = remain > frameLength ? (fromIndex + frameLength) : unsignedTx.length;
+            const data = unsignedTx.slice(fromIndex, toIndex);
+            response = await this.transport.send(exports.CLA, INS.SIGN_TX, 0x01, 0x00, data, [hw_transport_1.StatusCodes.OK]);
+            fromIndex = toIndex;
+        }
+        return decodeSignature(response);
+    }
+}
+exports.default = AlephiumApp;
+function decodeSignature(response) {
+    // Decode signature: https://bitcoin.stackexchange.com/a/12556
+    const rLen = response.slice(3, 4)[0];
+    const r = response.slice(4, 4 + rLen);
+    const sLen = response.slice(5 + rLen, 6 + rLen)[0];
+    const s = response.slice(6 + rLen, 6 + rLen + sLen);
+    console.log(`${rLen} - ${r.toString('hex')}\n${sLen} - ${s.toString('hex')}`);
+    return (0, web3_1.encodeHexSignature)(r.toString('hex'), s.toString('hex'));
+}

package/dist/src/serde.d.ts

@@ -1,5 +1,7 @@
 /// <reference types="node" />
+import { TokenMetadata } from "./types";
 export declare const TRUE = 16;
 export declare const FALSE = 0;
 export declare function splitPath(path: string): number[];
 export declare function serializePath(path: string): Buffer;
+export declare function serializeTokenMetadata(tokens: TokenMetadata[]): Buffer;

package/dist/src/serde.js

@@ -1,6 +1,8 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.serializePath = exports.splitPath = exports.FALSE = exports.TRUE = void 0;
+exports.serializeTokenMetadata = exports.serializePath = exports.splitPath = exports.FALSE = exports.TRUE = void 0;
+const web3_1 = require("@alephium/web3");
+const types_1 = require("./types");
 exports.TRUE = 0x10;
 exports.FALSE = 0x00;
 function splitPath(path) {
@@ -30,3 +32,46 @@ function serializePath(path) {
     return buffer;
 }
 exports.serializePath = serializePath;
+function symbolToBytes(symbol) {
+    const buffer = Buffer.alloc(types_1.MAX_TOKEN_SYMBOL_LENGTH, 0);
+    for (let i = 0; i < symbol.length; i++) {
+        buffer[i] = symbol.charCodeAt(i) & 0xFF;
+    }
+    return buffer;
+}
+function check(tokens) {
+    const hasDuplicate = tokens.some((token, index) => index !== tokens.findIndex((t) => t.tokenId === token.tokenId));
+    if (hasDuplicate) {
+        throw new Error(`There are duplicate tokens`);
+    }
+    tokens.forEach((token) => {
+        if (!((0, web3_1.isHexString)(token.tokenId) && token.tokenId.length === 64)) {
+            throw new Error(`Invalid token id: ${token.tokenId}`);
+        }
+        if (token.symbol.length > types_1.MAX_TOKEN_SYMBOL_LENGTH) {
+            throw new Error(`The token symbol is too long: ${token.symbol}`);
+        }
+    });
+    if (tokens.length > types_1.MAX_TOKEN_SIZE) {
+        throw new Error(`The token size exceeds maximum size`);
+    }
+}
+function serializeTokenMetadata(tokens) {
+    check(tokens);
+    const array = tokens
+        .map((metadata) => {
+        const symbolBytes = symbolToBytes(metadata.symbol);
+        const buffer = Buffer.concat([
+            Buffer.from([metadata.version]),
+            Buffer.from(metadata.tokenId, 'hex'),
+            symbolBytes,
+            Buffer.from([metadata.decimals])
+        ]);
+        if (buffer.length !== types_1.TOKEN_METADATA_SIZE) {
+            throw new Error(`Invalid token metadata: ${metadata}`);
+        }
+        return buffer;
+    });
+    return Buffer.concat([Buffer.from([array.length]), ...array]);
+}
+exports.serializeTokenMetadata = serializeTokenMetadata;

package/dist/src/serde.test.js

@@ -1,6 +1,9 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+const web3_1 = require("@alephium/web3");
 const serde_1 = require("./serde");
+const crypto_1 = require("crypto");
+const types_1 = require("./types");
 describe('serde', () => {
     it('should split path', () => {
         expect((0, serde_1.splitPath)(`m/44'/1234'/0'/0/0`)).toStrictEqual([44 + 0x80000000, 1234 + 0x80000000, 0 + 0x80000000, 0, 0]);
@@ -10,4 +13,68 @@ describe('serde', () => {
         expect((0, serde_1.serializePath)(`m/1'/2'/0'/0/0`)).toStrictEqual(Buffer.from([0x80, 0, 0, 1, 0x80, 0, 0, 2, 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]));
         expect((0, serde_1.serializePath)(`m/1'/2'/0'/0/0`)).toStrictEqual(Buffer.from([0x80, 0, 0, 1, 0x80, 0, 0, 2, 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]));
     });
+    it('should encode token metadata', () => {
+        const token0 = {
+            version: 0,
+            tokenId: (0, web3_1.binToHex)((0, crypto_1.randomBytes)(32)),
+            symbol: 'Token0',
+            decimals: 8
+        };
+        const token1 = {
+            version: 1,
+            tokenId: (0, web3_1.binToHex)((0, crypto_1.randomBytes)(32)),
+            symbol: 'Token1',
+            decimals: 18
+        };
+        const token2 = {
+            version: 2,
+            tokenId: (0, web3_1.binToHex)((0, crypto_1.randomBytes)(32)),
+            symbol: 'Token2',
+            decimals: 6
+        };
+        const token3 = {
+            version: 3,
+            tokenId: (0, web3_1.binToHex)((0, crypto_1.randomBytes)(32)),
+            symbol: 'Token3',
+            decimals: 0
+        };
+        const token4 = {
+            version: 4,
+            tokenId: (0, web3_1.binToHex)((0, crypto_1.randomBytes)(32)),
+            symbol: 'Token4',
+            decimals: 12
+        };
+        const encodeSymbol = (symbol) => {
+            return (0, web3_1.binToHex)(Buffer.from(symbol, 'ascii')).padEnd(types_1.MAX_TOKEN_SYMBOL_LENGTH * 2, '0');
+        };
+        expect((0, web3_1.binToHex)((0, serde_1.serializeTokenMetadata)([]))).toEqual('00');
+        expect((0, web3_1.binToHex)((0, serde_1.serializeTokenMetadata)([token0]))).toEqual('01' + '00' + token0.tokenId + encodeSymbol(token0.symbol) + '08');
+        expect((0, web3_1.binToHex)((0, serde_1.serializeTokenMetadata)([token1]))).toEqual('01' + '01' + token1.tokenId + encodeSymbol(token1.symbol) + '12');
+        expect((0, web3_1.binToHex)((0, serde_1.serializeTokenMetadata)([token0, token1]))).toEqual('02' + '00' + token0.tokenId + encodeSymbol(token0.symbol) + '08' +
+            '01' + token1.tokenId + encodeSymbol(token1.symbol) + '12');
+        expect((0, web3_1.binToHex)((0, serde_1.serializeTokenMetadata)([token0, token1, token2, token3, token4]))).toEqual('05' + '00' + token0.tokenId + encodeSymbol(token0.symbol) + '08' +
+            '01' + token1.tokenId + encodeSymbol(token1.symbol) + '12' +
+            '02' + token2.tokenId + encodeSymbol(token2.symbol) + '06' +
+            '03' + token3.tokenId + encodeSymbol(token3.symbol) + '00' +
+            '04' + token4.tokenId + encodeSymbol(token4.symbol) + '0c');
+        expect(() => (0, serde_1.serializeTokenMetadata)([token0, token1, token0])).toThrow('There are duplicate tokens');
+        const token5 = {
+            version: 5,
+            tokenId: (0, web3_1.binToHex)((0, crypto_1.randomBytes)(32)),
+            symbol: 'Token5',
+            decimals: 18
+        };
+        expect(() => (0, serde_1.serializeTokenMetadata)([token0, token1, token2, token3, token4, token5])).toThrow('The token size exceeds maximum size');
+        const invalidToken = {
+            ...token0,
+            tokenId: (0, web3_1.binToHex)((0, crypto_1.randomBytes)(33))
+        };
+        expect(() => (0, serde_1.serializeTokenMetadata)([token0, invalidToken])).toThrow('Invalid token id');
+        const longSymbolToken = {
+            ...token0,
+            tokenId: (0, web3_1.binToHex)((0, crypto_1.randomBytes)(32)),
+            symbol: 'LongSymbolToken'
+        };
+        expect(() => (0, serde_1.serializeTokenMetadata)([token0, longSymbolToken, token1])).toThrow('The token symbol is too long');
+    });
 });

package/dist/src/types.d.ts

@@ -0,0 +1,9 @@
+export declare const MAX_TOKEN_SIZE = 5;
+export declare const MAX_TOKEN_SYMBOL_LENGTH = 12;
+export declare const TOKEN_METADATA_SIZE = 46;
+export interface TokenMetadata {
+    version: number;
+    tokenId: string;
+    symbol: string;
+    decimals: number;
+}

package/dist/src/types.js

@@ -0,0 +1,6 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TOKEN_METADATA_SIZE = exports.MAX_TOKEN_SYMBOL_LENGTH = exports.MAX_TOKEN_SIZE = void 0;
+exports.MAX_TOKEN_SIZE = 5;
+exports.MAX_TOKEN_SYMBOL_LENGTH = 12;
+exports.TOKEN_METADATA_SIZE = 46;

package/dist/test/utils.d.ts

@@ -3,7 +3,8 @@ export declare enum OutputType {
     Base = 0,
     Multisig = 1,
     Token = 2,
-    MultisigAndToken = 3
+    BaseAndToken = 3,
+    MultisigAndToken = 4
 }
 export declare function staxFlexApproveOnce(): Promise<void>;
 export declare function approveTx(outputs: OutputType[], hasExternalInputs?: boolean): Promise<void>;

package/dist/test/utils.js

@@ -21,33 +21,41 @@ async function clickAndApprove(times) {
     }
     await pressButton('both');
 }
+function getModel() {
+    const model = process.env.MODEL;
+    return model ? model : 'nanos';
+}
 var OutputType;
 (function (OutputType) {
     OutputType[OutputType["Base"] = 0] = "Base";
     OutputType[OutputType["Multisig"] = 1] = "Multisig";
     OutputType[OutputType["Token"] = 2] = "Token";
-    OutputType[OutputType["MultisigAndToken"] = 3] = "MultisigAndToken";
+    OutputType[OutputType["BaseAndToken"] = 3] = "BaseAndToken";
+    OutputType[OutputType["MultisigAndToken"] = 4] = "MultisigAndToken";
 })(OutputType = exports.OutputType || (exports.OutputType = {}));
 const NanosClickTable = new Map([
     [OutputType.Base, 5],
     [OutputType.Multisig, 10],
     [OutputType.Token, 11],
+    [OutputType.BaseAndToken, 12],
     [OutputType.MultisigAndToken, 16],
 ]);
 const NanospClickTable = new Map([
     [OutputType.Base, 3],
     [OutputType.Multisig, 5],
     [OutputType.Token, 6],
+    [OutputType.BaseAndToken, 6],
     [OutputType.MultisigAndToken, 8],
 ]);
 const StaxClickTable = new Map([
     [OutputType.Base, 2],
     [OutputType.Multisig, 3],
     [OutputType.Token, 3],
+    [OutputType.BaseAndToken, 3],
     [OutputType.MultisigAndToken, 4],
 ]);
 function getOutputClickSize(outputType) {
-    const model = process.env.MODEL;
+    const model = getModel();
     switch (model) {
         case 'nanos': return NanosClickTable.get(outputType);
         case 'nanosp':
@@ -85,15 +93,16 @@ async function touchPosition(pos) {
     });
 }
 async function _touch(times) {
-    let continuePos = process.env.MODEL === 'stax' ? STAX_CONTINUE_POSITION : FLEX_CONTINUE_POSITION;
+    const model = getModel();
+    const continuePos = model === 'stax' ? STAX_CONTINUE_POSITION : FLEX_CONTINUE_POSITION;
     for (let i = 0; i < times; i += 1) {
         await touchPosition(continuePos);
     }
-    let approvePos = process.env.MODEL === 'stax' ? STAX_APPROVE_POSITION : FLEX_APPROVE_POSITION;
+    const approvePos = model === 'stax' ? STAX_APPROVE_POSITION : FLEX_APPROVE_POSITION;
     await touchPosition(approvePos);
 }
 async function staxFlexApproveOnce() {
-    if (process.env.MODEL === 'stax') {
+    if (getModel() === 'stax') {
         await touchPosition(STAX_APPROVE_POSITION);
     }
     else {
@@ -138,7 +147,7 @@ async function approveHash() {
     if (isStaxOrFlex()) {
         return await _touch(3);
     }
-    if (process.env.MODEL === 'nanos') {
+    if (getModel() === 'nanos') {
         await clickAndApprove(5);
     }
     else {
@@ -152,7 +161,7 @@ async function approveAddress() {
     if (isStaxOrFlex()) {
         return await _touch(2);
     }
-    if (process.env.MODEL === 'nanos') {
+    if (getModel() === 'nanos') {
         await clickAndApprove(4);
     }
     else {
@@ -161,13 +170,13 @@ async function approveAddress() {
 }
 exports.approveAddress = approveAddress;
 function isStaxOrFlex() {
-    return !process.env.MODEL.startsWith('nano');
+    return !getModel().startsWith('nano');
 }
 function skipBlindSigningWarning() {
     if (!needToAutoApprove())
         return;
     if (isStaxOrFlex()) {
-        const rejectPos = process.env.MODEL === 'stax' ? STAX_REJECT_POSITION : FLEX_REJECT_POSITION;
+        const rejectPos = getModel() === 'stax' ? STAX_REJECT_POSITION : FLEX_REJECT_POSITION;
         touchPosition(rejectPos);
     }
     else {
@@ -179,8 +188,9 @@ async function enableBlindSigning() {
     if (!needToAutoApprove())
         return;
     if (isStaxOrFlex()) {
-        const settingsPos = process.env.MODEL === 'stax' ? STAX_SETTINGS_POSITION : FLEX_SETTINGS_POSITION;
-        const blindSettingPos = process.env.MODEL === 'stax' ? STAX_BLIND_SETTING_POSITION : FLEX_BLIND_SETTING_POSITION;
+        const model = getModel();
+        const settingsPos = model === 'stax' ? STAX_SETTINGS_POSITION : FLEX_SETTINGS_POSITION;
+        const blindSettingPos = model === 'stax' ? STAX_BLIND_SETTING_POSITION : FLEX_BLIND_SETTING_POSITION;
         await touchPosition(settingsPos);
         await touchPosition(blindSettingPos);
         await touchPosition(settingsPos);

package/dist/test/wallet.test.js

@@ -26,12 +26,13 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-const src_1 = __importStar(require("../src"));
+const ledger_app_1 = __importStar(require("../src/ledger-app"));
 const web3_1 = require("@alephium/web3");
 const web3_test_1 = require("@alephium/web3-test");
 const web3_wallet_1 = require("@alephium/web3-wallet");
 const blakejs_1 = __importDefault(require("blakejs"));
 const utils_1 = require("./utils");
+const crypto_1 = require("crypto");
 describe('ledger wallet', () => {
     const nodeProvider = new web3_1.NodeProvider("http://127.0.0.1:22973");
     web3_1.web3.setCurrentNodeProvider(nodeProvider);
@@ -55,14 +56,14 @@ describe('ledger wallet', () => {
     }
     it('should get version', async () => {
         const transport = await (0, utils_1.createTransport)();
-        const app = new src_1.default(transport);
+        const app = new ledger_app_1.default(transport);
         const version = await app.getVersion();
         expect(version).toBe('0.4.0');
         await app.close();
     });
     it('should get public key', async () => {
         const transport = await (0, utils_1.createTransport)();
-        const app = new src_1.default(transport);
+        const app = new ledger_app_1.default(transport);
         const [account, hdIndex] = await app.getAccount(path);
         expect(hdIndex).toBe(pathIndex);
         console.log(account);
@@ -70,7 +71,7 @@ describe('ledger wallet', () => {
     });
     it('should get public key and confirm address', async () => {
         const transport = await (0, utils_1.createTransport)();
-        const app = new src_1.default(transport);
+        const app = new ledger_app_1.default(transport);
         (0, utils_1.approveAddress)();
         const [account, hdIndex] = await app.getAccount(path, undefined, undefined, true);
         expect(hdIndex).toBe(pathIndex);
@@ -79,8 +80,8 @@ describe('ledger wallet', () => {
     }, 30000);
     it('should get public key for group', async () => {
         const transport = await (0, utils_1.createTransport)();
-        const app = new src_1.default(transport);
-        for (let group = 0; group < src_1.GROUP_NUM; group++) {
+        const app = new ledger_app_1.default(transport);
+        for (let group = 0; group < ledger_app_1.GROUP_NUM; group++) {
             const [account, hdIndex] = await app.getAccount(path, group);
             expect(hdIndex >= pathIndex).toBe(true);
             expect((0, web3_1.groupOfAddress)(account.address)).toBe(group);
@@ -90,15 +91,15 @@ describe('ledger wallet', () => {
     });
     it('should get public key for group for Schnorr signature', async () => {
         const transport = await (0, utils_1.createTransport)();
-        const app = new src_1.default(transport);
-        for (let group = 0; group < src_1.GROUP_NUM; group++) {
+        const app = new ledger_app_1.default(transport);
+        for (let group = 0; group < ledger_app_1.GROUP_NUM; group++) {
             await expect(app.getAccount(path, group, 'bip340-schnorr')).rejects.toThrow('BIP340-Schnorr is not supported yet');
         }
         await app.close();
     });
     it('should sign hash', async () => {
         const transport = await (0, utils_1.createTransport)();
-        const app = new src_1.default(transport);
+        const app = new ledger_app_1.default(transport);
         const [account] = await app.getAccount(path);
         console.log(account);
         const hash = Buffer.from(blakejs_1.default.blake2b(Buffer.from([0, 1, 2, 3, 4]), undefined, 32));
@@ -108,9 +109,9 @@ describe('ledger wallet', () => {
         await app.close();
         expect((0, web3_1.transactionVerifySignature)(hash.toString('hex'), account.publicKey, signature)).toBe(true);
     }, 10000);
-    it('shoudl transfer alph to one address', async () => {
+    it('should transfer alph to one address', async () => {
         const transport = await (0, utils_1.createTransport)();
-        const app = new src_1.default(transport);
+        const app = new ledger_app_1.default(transport);
         const [testAccount] = await app.getAccount(path);
         await transferToAddress(testAccount.address);
         const buildTxResult = await nodeProvider.transactions.postTransactionsBuild({
@@ -136,7 +137,7 @@ describe('ledger wallet', () => {
     }, 120000);
     it('should transfer alph to multiple addresses', async () => {
         const transport = await (0, utils_1.createTransport)();
-        const app = new src_1.default(transport);
+        const app = new ledger_app_1.default(transport);
         const [testAccount] = await app.getAccount(path);
         await transferToAddress(testAccount.address);
         const buildTxResult = await nodeProvider.transactions.postTransactionsBuild({
@@ -166,7 +167,7 @@ describe('ledger wallet', () => {
     }, 120000);
     it('should transfer alph to multisig address', async () => {
         const transport = await (0, utils_1.createTransport)();
-        const app = new src_1.default(transport);
+        const app = new ledger_app_1.default(transport);
         const [testAccount] = await app.getAccount(path);
         await transferToAddress(testAccount.address);
         const multiSigAddress = 'X3KYVteDjsKuUP1F68Nv9iEUecnnkMuwjbC985AnA6MvciDFJ5bAUEso2Sd7sGrwZ5rfNLj7Rp4n9XjcyzDiZsrPxfhNkPYcDm3ce8pQ9QasNFByEufMi3QJ3cS9Vk6cTpqNcq';
@@ -193,7 +194,7 @@ describe('ledger wallet', () => {
     }, 120000);
     it('should transfer token to multisig address', async () => {
         const transport = await (0, utils_1.createTransport)();
-        const app = new src_1.default(transport);
+        const app = new ledger_app_1.default(transport);
         const [testAccount] = await app.getAccount(path);
         await transferToAddress(testAccount.address);
         const tokenInfo = await (0, web3_test_1.mintToken)(testAccount.address, 2222222222222222222222222n);
@@ -230,9 +231,82 @@ describe('ledger wallet', () => {
         expect(token.amount).toEqual('1111111111111111111111111');
         await app.close();
     }, 120000);
+    async function genTokensAndDestinations(fromAddress, toAddress, mintAmount, transferAmount) {
+        const tokens = [];
+        const tokenSymbol = 'TestTokenABC';
+        const destinations = [];
+        for (let i = 0; i < 5; i += 1) {
+            const tokenInfo = await (0, web3_test_1.mintToken)(fromAddress, mintAmount);
+            const tokenMetadata = {
+                version: 0,
+                tokenId: tokenInfo.contractId,
+                symbol: tokenSymbol.slice(0, tokenSymbol.length - i),
+                decimals: 18 - i
+            };
+            tokens.push(tokenMetadata);
+            destinations.push({
+                address: toAddress,
+                attoAlphAmount: web3_1.DUST_AMOUNT.toString(),
+                tokens: [
+                    {
+                        id: tokenMetadata.tokenId,
+                        amount: transferAmount.toString()
+                    }
+                ]
+            });
+        }
+        return { tokens, destinations };
+    }
+    it('should transfer token with metadata', async () => {
+        const transport = await (0, utils_1.createTransport)();
+        const app = new ledger_app_1.default(transport);
+        const [testAccount] = await app.getAccount(path);
+        await transferToAddress(testAccount.address);
+        const toAddress = '1BmVCLrjttchZMW7i6df7mTdCKzHpy38bgDbVL1GqV6P7';
+        const transferAmount = 1234567890123456789012345n;
+        const mintAmount = 2222222222222222222222222n;
+        const { tokens, destinations } = await genTokensAndDestinations(testAccount.address, toAddress, mintAmount, transferAmount);
+        const randomOrderTokens = tokens.sort((a, b) => b.tokenId.localeCompare(a.tokenId));
+        const buildTxResult = await nodeProvider.transactions.postTransactionsBuild({
+            fromPublicKey: testAccount.publicKey,
+            destinations: destinations
+        });
+        (0, utils_1.approveTx)(Array(5).fill(utils_1.OutputType.BaseAndToken));
+        const signature = await app.signUnsignedTx(path, Buffer.from(buildTxResult.unsignedTx, 'hex'), randomOrderTokens);
+        expect((0, web3_1.transactionVerifySignature)(buildTxResult.txId, testAccount.publicKey, signature)).toBe(true);
+        const submitResult = await nodeProvider.transactions.postTransactionsSubmit({
+            unsignedTx: buildTxResult.unsignedTx,
+            signature: signature
+        });
+        await (0, web3_1.waitForTxConfirmation)(submitResult.txId, 1, 1000);
+        const balances = await nodeProvider.addresses.getAddressesAddressBalance(toAddress);
+        tokens.forEach((metadata) => {
+            const tokenBalance = balances.tokenBalances.find((t) => t.id === metadata.tokenId);
+            expect(BigInt(tokenBalance.amount)).toEqual(transferAmount);
+        });
+        await app.close();
+    }, 120000);
+    it('should reject tx if the metadata version is invalid', async () => {
+        const transport = await (0, utils_1.createTransport)();
+        const app = new ledger_app_1.default(transport);
+        const [testAccount] = await app.getAccount(path);
+        await transferToAddress(testAccount.address);
+        const toAddress = '1BmVCLrjttchZMW7i6df7mTdCKzHpy38bgDbVL1GqV6P7';
+        const transferAmount = 1234567890123456789012345n;
+        const mintAmount = 2222222222222222222222222n;
+        const { tokens, destinations } = await genTokensAndDestinations(testAccount.address, toAddress, mintAmount, transferAmount);
+        const invalidTokenIndex = (0, crypto_1.randomInt)(5);
+        tokens[invalidTokenIndex] = { ...tokens[invalidTokenIndex], version: 1 };
+        const buildTxResult = await nodeProvider.transactions.postTransactionsBuild({
+            fromPublicKey: testAccount.publicKey,
+            destinations: destinations
+        });
+        await expect(app.signUnsignedTx(path, Buffer.from(buildTxResult.unsignedTx, 'hex'), tokens)).rejects.toThrow();
+        await app.close();
+    }, 120000);
     it('should transfer from multiple inputs', async () => {
         const transport = await (0, utils_1.createTransport)();
-        const app = new src_1.default(transport);
+        const app = new ledger_app_1.default(transport);
         const [testAccount] = await app.getAccount(path);
         for (let i = 0; i < 20; i += 1) {
             await transferToAddress(testAccount.address, web3_1.ONE_ALPH);
@@ -270,7 +344,7 @@ describe('ledger wallet', () => {
     }
     it('should test external inputs', async () => {
         const transport = await (0, utils_1.createTransport)();
-        const app = new src_1.default(transport);
+        const app = new ledger_app_1.default(transport);
         const [testAccount] = await app.getAccount(path);
         const { account: newAccount, unlockScript: unlockScript0 } = getAccount(testAccount.group);
         for (let i = 0; i < 2; i += 1) {
@@ -327,7 +401,7 @@ describe('ledger wallet', () => {
     }, 120000);
     it('should test self transfer tx', async () => {
         const transport = await (0, utils_1.createTransport)();
-        const app = new src_1.default(transport);
+        const app = new ledger_app_1.default(transport);
         const [testAccount] = await app.getAccount(path);
         await transferToAddress(testAccount.address);
         const buildTxResult = await nodeProvider.transactions.postTransactionsBuild({
@@ -353,7 +427,7 @@ describe('ledger wallet', () => {
     }, 12000);
     it('should test script execution tx', async () => {
         const transport = await (0, utils_1.createTransport)();
-        const app = new src_1.default(transport);
+        const app = new ledger_app_1.default(transport);
         const [testAccount] = await app.getAccount(path);
         await transferToAddress(testAccount.address);
         const buildTxResult = await nodeProvider.contracts.postContractsUnsignedTxDeployContract({

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@alephium/ledger-app",
-  "version": "0.4.0",
+  "version": "0.5.1",
   "license": "GPL",
   "types": "dist/src/index.d.ts",
   "exports": {

package/src/index.ts

@@ -1,103 +1,2 @@
-import { Account, KeyType, addressFromPublicKey, encodeHexSignature, groupOfAddress } from '@alephium/web3'
-import Transport, { StatusCodes } from '@ledgerhq/hw-transport'
-import * as serde from './serde'
-import { ec as EC } from 'elliptic'
-
-const ec = new EC('secp256k1')
-
-export const CLA = 0x80
-export enum INS {
-  GET_VERSION = 0x00,
-  GET_PUBLIC_KEY = 0x01,
-  SIGN_HASH = 0x02,
-  SIGN_TX = 0x03
-}
-
-export const GROUP_NUM = 4
-export const HASH_LEN = 32
-
-export default class AlephiumApp {
-  readonly transport: Transport
-
-  constructor(transport: Transport) {
-    this.transport = transport
-  }
-
-  async close(): Promise<void> {
-    await this.transport.close()
-  }
-
-  async getVersion(): Promise<string> {
-    const response = await this.transport.send(CLA, INS.GET_VERSION, 0x00, 0x00)
-    console.log(`response ${response.length} - ${response.toString('hex')}`)
-    return `${response[0]}.${response[1]}.${response[2]}`
-  }
-
-  async getAccount(startPath: string, targetGroup?: number, keyType?: KeyType, display = false): Promise<readonly [Account, number]> {
-    if ((targetGroup ?? 0) >= GROUP_NUM) {
-      throw Error(`Invalid targetGroup: ${targetGroup}`)
-    }
-
-    if (keyType === 'bip340-schnorr') {
-      throw Error('BIP340-Schnorr is not supported yet')
-    }
-
-    const p1 = targetGroup === undefined ? 0x00 : GROUP_NUM
-    const p2 = targetGroup === undefined ? 0x00 : targetGroup
-    const payload = Buffer.concat([serde.serializePath(startPath), Buffer.from([display ? 1 : 0])]);
-    const response = await this.transport.send(CLA, INS.GET_PUBLIC_KEY, p1, p2, payload)
-    const publicKey = ec.keyFromPublic(response.slice(0, 65)).getPublic(true, 'hex')
-    const address = addressFromPublicKey(publicKey)
-    const group = groupOfAddress(address)
-    const hdIndex = response.slice(65, 69).readUInt32BE(0)
-
-    return [{ publicKey: publicKey, address: address, group: group, keyType: keyType ?? 'default' }, hdIndex] as const
-  }
-
-  async signHash(path: string, hash: Buffer): Promise<string> {
-    if (hash.length !== HASH_LEN) {
-      throw new Error('Invalid hash length')
-    }
-
-    const data = Buffer.concat([serde.serializePath(path), hash])
-    console.log(`data ${data.length}`)
-    const response = await this.transport.send(CLA, INS.SIGN_HASH, 0x00, 0x00, data, [StatusCodes.OK])
-    console.log(`response ${response.length} - ${response.toString('hex')}`)
-
-    return decodeSignature(response)
-  }
-
-  async signUnsignedTx(path: string, unsignedTx: Buffer): Promise<string> {
-    console.log(`unsigned tx size: ${unsignedTx.length}`)
-    const encodedPath = serde.serializePath(path)
-    const firstFrameTxLength = 256 - 25;
-    const txData = unsignedTx.slice(0, unsignedTx.length > firstFrameTxLength ? firstFrameTxLength : unsignedTx.length)
-    const data = Buffer.concat([encodedPath, txData])
-    let response = await this.transport.send(CLA, INS.SIGN_TX, 0x00, 0x00, data, [StatusCodes.OK])
-    if (unsignedTx.length <= firstFrameTxLength) {
-      return decodeSignature(response)
-    }
-
-    const frameLength = 256 - 5
-    let fromIndex = firstFrameTxLength
-    while (fromIndex < unsignedTx.length) {
-      const remain = unsignedTx.length - fromIndex
-      const toIndex = remain > frameLength ? (fromIndex + frameLength) : unsignedTx.length
-      const data = unsignedTx.slice(fromIndex, toIndex)
-      response = await this.transport.send(CLA, INS.SIGN_TX, 0x01, 0x00, data, [StatusCodes.OK])
-      fromIndex = toIndex
-    }
-
-    return decodeSignature(response)
-  }
-}
-
-function decodeSignature(response: Buffer): string {
-  // Decode signature: https://bitcoin.stackexchange.com/a/12556
-  const rLen = response.slice(3, 4)[0]
-  const r = response.slice(4, 4 + rLen)
-  const sLen = response.slice(5 + rLen, 6 + rLen)[0]
-  const s = response.slice(6 + rLen, 6 + rLen + sLen)
-  console.log(`${rLen} - ${r.toString('hex')}\n${sLen} - ${s.toString('hex')}`)
-  return encodeHexSignature(r.toString('hex'), s.toString('hex'))
-}
+export * from './types'
+export * from './ledger-app'

package/src/ledger-app.ts

@@ -0,0 +1,112 @@
+import { Account, KeyType, addressFromPublicKey, encodeHexSignature, groupOfAddress } from '@alephium/web3'
+import Transport, { StatusCodes } from '@ledgerhq/hw-transport'
+import * as serde from './serde'
+import { ec as EC } from 'elliptic'
+import { TokenMetadata } from './types'
+
+const ec = new EC('secp256k1')
+
+export const CLA = 0x80
+export enum INS {
+  GET_VERSION = 0x00,
+  GET_PUBLIC_KEY = 0x01,
+  SIGN_HASH = 0x02,
+  SIGN_TX = 0x03
+}
+
+export const GROUP_NUM = 4
+export const HASH_LEN = 32
+
+// The maximum payload size is 255: https://github.com/LedgerHQ/ledger-live/blob/develop/libs/ledgerjs/packages/hw-transport/src/Transport.ts#L261
+const MAX_PAYLOAD_SIZE = 255
+
+export default class AlephiumApp {
+  readonly transport: Transport
+
+  constructor(transport: Transport) {
+    this.transport = transport
+  }
+
+  async close(): Promise<void> {
+    await this.transport.close()
+  }
+
+  async getVersion(): Promise<string> {
+    const response = await this.transport.send(CLA, INS.GET_VERSION, 0x00, 0x00)
+    console.log(`response ${response.length} - ${response.toString('hex')}`)
+    return `${response[0]}.${response[1]}.${response[2]}`
+  }
+
+  async getAccount(startPath: string, targetGroup?: number, keyType?: KeyType, display = false): Promise<readonly [Account, number]> {
+    if ((targetGroup ?? 0) >= GROUP_NUM) {
+      throw Error(`Invalid targetGroup: ${targetGroup}`)
+    }
+
+    if (keyType === 'bip340-schnorr') {
+      throw Error('BIP340-Schnorr is not supported yet')
+    }
+
+    const p1 = targetGroup === undefined ? 0x00 : GROUP_NUM
+    const p2 = targetGroup === undefined ? 0x00 : targetGroup
+    const payload = Buffer.concat([serde.serializePath(startPath), Buffer.from([display ? 1 : 0])]);
+    const response = await this.transport.send(CLA, INS.GET_PUBLIC_KEY, p1, p2, payload)
+    const publicKey = ec.keyFromPublic(response.slice(0, 65)).getPublic(true, 'hex')
+    const address = addressFromPublicKey(publicKey)
+    const group = groupOfAddress(address)
+    const hdIndex = response.slice(65, 69).readUInt32BE(0)
+
+    return [{ publicKey: publicKey, address: address, group: group, keyType: keyType ?? 'default' }, hdIndex] as const
+  }
+
+  async signHash(path: string, hash: Buffer): Promise<string> {
+    if (hash.length !== HASH_LEN) {
+      throw new Error('Invalid hash length')
+    }
+
+    const data = Buffer.concat([serde.serializePath(path), hash])
+    console.log(`data ${data.length}`)
+    const response = await this.transport.send(CLA, INS.SIGN_HASH, 0x00, 0x00, data, [StatusCodes.OK])
+    console.log(`response ${response.length} - ${response.toString('hex')}`)
+
+    return decodeSignature(response)
+  }
+
+  async signUnsignedTx(
+    path: string,
+    unsignedTx: Buffer,
+    tokenMetadata: TokenMetadata[] = []
+  ): Promise<string> {
+    console.log(`unsigned tx size: ${unsignedTx.length}`)
+    const encodedPath = serde.serializePath(path)
+    const encodedTokenMetadata = serde.serializeTokenMetadata(tokenMetadata)
+    const firstFrameTxLength = MAX_PAYLOAD_SIZE - 20 - encodedTokenMetadata.length;
+    const txData = unsignedTx.slice(0, unsignedTx.length > firstFrameTxLength ? firstFrameTxLength : unsignedTx.length)
+    const data = Buffer.concat([encodedPath, encodedTokenMetadata, txData])
+    let response = await this.transport.send(CLA, INS.SIGN_TX, 0x00, 0x00, data, [StatusCodes.OK])
+    if (unsignedTx.length <= firstFrameTxLength) {
+      return decodeSignature(response)
+    }
+
+    const frameLength = MAX_PAYLOAD_SIZE
+    let fromIndex = firstFrameTxLength
+    while (fromIndex < unsignedTx.length) {
+      const remain = unsignedTx.length - fromIndex
+      const toIndex = remain > frameLength ? (fromIndex + frameLength) : unsignedTx.length
+      const data = unsignedTx.slice(fromIndex, toIndex)
+      response = await this.transport.send(CLA, INS.SIGN_TX, 0x01, 0x00, data, [StatusCodes.OK])
+      fromIndex = toIndex
+    }
+
+    return decodeSignature(response)
+  }
+}
+
+function decodeSignature(response: Buffer): string {
+  // Decode signature: https://bitcoin.stackexchange.com/a/12556
+  const rLen = response.slice(3, 4)[0]
+  const r = response.slice(4, 4 + rLen)
+  const sLen = response.slice(5 + rLen, 6 + rLen)[0]
+  const s = response.slice(6 + rLen, 6 + rLen + sLen)
+  console.log(`${rLen} - ${r.toString('hex')}\n${sLen} - ${s.toString('hex')}`)
+  return encodeHexSignature(r.toString('hex'), s.toString('hex'))
+}

package/src/serde.ts

@@ -1,3 +1,6 @@
+import { isHexString } from "@alephium/web3"
+import { MAX_TOKEN_SIZE, MAX_TOKEN_SYMBOL_LENGTH, TOKEN_METADATA_SIZE, TokenMetadata } from "./types"
+
 export const TRUE = 0x10
 export const FALSE = 0x00
 
@@ -28,3 +31,50 @@ export function serializePath(path: string): Buffer {
   nodes.forEach((element, index) => buffer.writeUInt32BE(element, 4 * index))
   return buffer
 }
+
+function symbolToBytes(symbol: string): Buffer {
+  const buffer = Buffer.alloc(MAX_TOKEN_SYMBOL_LENGTH, 0)
+  for (let i = 0; i < symbol.length; i++) {
+    buffer[i] = symbol.charCodeAt(i) & 0xFF
+  }
+  return buffer
+}
+
+function check(tokens: TokenMetadata[]) {
+  const hasDuplicate = tokens.some((token, index) => index !== tokens.findIndex((t) => t.tokenId === token.tokenId))
+  if (hasDuplicate) {
+    throw new Error(`There are duplicate tokens`)
+  }
+
+  tokens.forEach((token) => {
+    if (!(isHexString(token.tokenId) && token.tokenId.length === 64)) {
+      throw new Error(`Invalid token id: ${token.tokenId}`)
+    }
+    if (token.symbol.length > MAX_TOKEN_SYMBOL_LENGTH) {
+      throw new Error(`The token symbol is too long: ${token.symbol}`)
+    }
+  })
+
+  if (tokens.length > MAX_TOKEN_SIZE) {
+    throw new Error(`The token size exceeds maximum size`)
+  }
+}
+
+export function serializeTokenMetadata(tokens: TokenMetadata[]): Buffer {
+  check(tokens)
+  const array = tokens
+    .map((metadata) => {
+      const symbolBytes = symbolToBytes(metadata.symbol)
+      const buffer = Buffer.concat([
+        Buffer.from([metadata.version]),
+        Buffer.from(metadata.tokenId, 'hex'),
+        symbolBytes,
+        Buffer.from([metadata.decimals])
+      ])
+      if (buffer.length !== TOKEN_METADATA_SIZE) {
+        throw new Error(`Invalid token metadata: ${metadata}`)
+      }
+      return buffer
+    })
+  return Buffer.concat([Buffer.from([array.length]), ...array])
+}

package/src/types.ts

@@ -0,0 +1,10 @@
+export const MAX_TOKEN_SIZE = 5
+export const MAX_TOKEN_SYMBOL_LENGTH = 12
+export const TOKEN_METADATA_SIZE = 46
+
+export interface TokenMetadata {
+  version: number,
+  tokenId: string,
+  symbol: string,
+  decimals: number
+}

package/test/utils.ts

@@ -19,10 +19,16 @@ async function clickAndApprove(times: number) {
   await pressButton('both')
 }
 
+function getModel(): string {
+  const model = process.env.MODEL
+  return model ? model as string : 'nanos'
+}
+
 export enum OutputType {
   Base,
   Multisig,
   Token,
+  BaseAndToken,
   MultisigAndToken
 }
 
@@ -30,6 +36,7 @@ const NanosClickTable = new Map([
   [OutputType.Base, 5],
   [OutputType.Multisig, 10],
   [OutputType.Token, 11],
+  [OutputType.BaseAndToken, 12],
   [OutputType.MultisigAndToken, 16],
 ])
 
@@ -37,6 +44,7 @@ const NanospClickTable = new Map([
   [OutputType.Base, 3],
   [OutputType.Multisig, 5],
   [OutputType.Token, 6],
+  [OutputType.BaseAndToken, 6],
   [OutputType.MultisigAndToken, 8],
 ])
 
@@ -44,11 +52,12 @@ const StaxClickTable = new Map([
   [OutputType.Base, 2],
   [OutputType.Multisig, 3],
   [OutputType.Token, 3],
+  [OutputType.BaseAndToken, 3],
   [OutputType.MultisigAndToken, 4],
 ])
 
 function getOutputClickSize(outputType: OutputType) {
-  const model = process.env.MODEL
+  const model = getModel()
   switch (model) {
     case 'nanos': return NanosClickTable.get(outputType)!
     case 'nanosp':
@@ -98,16 +107,17 @@ async function touchPosition(pos: Position) {
 }
 
 async function _touch(times: number) {
-  let continuePos = process.env.MODEL === 'stax' ? STAX_CONTINUE_POSITION : FLEX_CONTINUE_POSITION
+  const model = getModel()
+  const continuePos = model === 'stax' ? STAX_CONTINUE_POSITION : FLEX_CONTINUE_POSITION
   for (let i = 0; i < times; i += 1) {
     await touchPosition(continuePos)
   }
-  let approvePos = process.env.MODEL === 'stax' ? STAX_APPROVE_POSITION : FLEX_APPROVE_POSITION
+  const approvePos = model === 'stax' ? STAX_APPROVE_POSITION : FLEX_APPROVE_POSITION
   await touchPosition(approvePos)
 }
 
 export async function staxFlexApproveOnce() {
-  if (process.env.MODEL === 'stax') {
+  if (getModel() === 'stax') {
     await touchPosition(STAX_APPROVE_POSITION)
   } else {
     await touchPosition(FLEX_APPROVE_POSITION)
@@ -151,7 +161,7 @@ export async function approveHash() {
   if (isStaxOrFlex()) {
     return await _touch(3)
   }
-  if (process.env.MODEL === 'nanos') {
+  if (getModel() === 'nanos') {
     await clickAndApprove(5)
   } else {
     await clickAndApprove(3)
@@ -163,7 +173,7 @@ export async function approveAddress() {
   if (isStaxOrFlex()) {
     return await _touch(2)
   }
-  if (process.env.MODEL === 'nanos') {
+  if (getModel() === 'nanos') {
     await clickAndApprove(4)
   } else {
     await clickAndApprove(2)
@@ -171,13 +181,13 @@ export async function approveAddress() {
 }
 
 function isStaxOrFlex(): boolean {
-  return !process.env.MODEL!.startsWith('nano')
+  return !getModel().startsWith('nano')
 }
 
 export function skipBlindSigningWarning() {
   if (!needToAutoApprove()) return
   if (isStaxOrFlex()) {
-    const rejectPos = process.env.MODEL === 'stax' ? STAX_REJECT_POSITION : FLEX_REJECT_POSITION
+    const rejectPos = getModel() === 'stax' ? STAX_REJECT_POSITION : FLEX_REJECT_POSITION
     touchPosition(rejectPos)
   } else {
     clickAndApprove(3)
@@ -187,8 +197,9 @@ export function skipBlindSigningWarning() {
 export async function enableBlindSigning() {
   if (!needToAutoApprove()) return
   if (isStaxOrFlex()) {
-    const settingsPos = process.env.MODEL === 'stax' ? STAX_SETTINGS_POSITION : FLEX_SETTINGS_POSITION
-    const blindSettingPos = process.env.MODEL === 'stax' ? STAX_BLIND_SETTING_POSITION : FLEX_BLIND_SETTING_POSITION
+    const model = getModel()
+    const settingsPos = model === 'stax' ? STAX_SETTINGS_POSITION : FLEX_SETTINGS_POSITION
+    const blindSettingPos = model === 'stax' ? STAX_BLIND_SETTING_POSITION : FLEX_BLIND_SETTING_POSITION
     await touchPosition(settingsPos)
     await touchPosition(blindSettingPos)
     await touchPosition(settingsPos)

package/test/wallet.test.ts

@@ -1,10 +1,11 @@
-import SpeculosTransport from '@ledgerhq/hw-transport-node-speculos'
-import AlephiumApp, { GROUP_NUM } from '../src'
-import { ALPH_TOKEN_ID, Address, NodeProvider, ONE_ALPH, binToHex, codec, groupOfAddress, node, sleep, transactionVerifySignature, waitForTxConfirmation, web3 } from '@alephium/web3'
+import AlephiumApp, { GROUP_NUM } from '../src/ledger-app'
+import { ALPH_TOKEN_ID, Address, DUST_AMOUNT, NodeProvider, ONE_ALPH, binToHex, codec, groupOfAddress, node, sleep, transactionVerifySignature, waitForTxConfirmation, web3 } from '@alephium/web3'
 import { getSigner, mintToken, transfer } from '@alephium/web3-test'
 import { PrivateKeyWallet } from '@alephium/web3-wallet'
 import blake from 'blakejs'
 import { approveAddress, approveHash, approveTx, createTransport, enableBlindSigning, getRandomInt, needToAutoApprove, OutputType, skipBlindSigningWarning, staxFlexApproveOnce } from './utils'
+import { TokenMetadata } from '../src/types'
+import { randomInt } from 'crypto'
 
 describe('ledger wallet', () => {
   const nodeProvider = new NodeProvider("http://127.0.0.1:22973")
@@ -95,7 +96,7 @@ describe('ledger wallet', () => {
     expect(transactionVerifySignature(hash.toString('hex'), account.publicKey, signature)).toBe(true)
   }, 10000)
 
-  it('shoudl transfer alph to one address', async () => {
+  it('should transfer alph to one address', async () => {
     const transport = await createTransport()
     const app = new AlephiumApp(transport)
     const [testAccount] = await app.getAccount(path)
@@ -239,6 +240,96 @@ describe('ledger wallet', () => {
     await app.close()
   }, 120000)
 
+  async function genTokensAndDestinations(
+    fromAddress: string,
+    toAddress: string,
+    mintAmount: bigint,
+    transferAmount: bigint
+  ) {
+    const tokens: TokenMetadata[] = []
+    const tokenSymbol = 'TestTokenABC'
+    const destinations: node.Destination[] = []
+    for (let i = 0; i < 5; i += 1) {
+      const tokenInfo = await mintToken(fromAddress, mintAmount);
+      const tokenMetadata: TokenMetadata = {
+        version: 0,
+        tokenId: tokenInfo.contractId,
+        symbol: tokenSymbol.slice(0, tokenSymbol.length - i),
+        decimals: 18 - i
+      }
+      tokens.push(tokenMetadata)
+      destinations.push({
+        address: toAddress,
+        attoAlphAmount: DUST_AMOUNT.toString(),
+        tokens: [
+          {
+            id: tokenMetadata.tokenId,
+            amount: transferAmount.toString()
+          }
+        ]
+      })
+    }
+    return { tokens, destinations }
+  }
+
+  it('should transfer token with metadata', async () => {
+    const transport = await createTransport()
+    const app = new AlephiumApp(transport)
+    const [testAccount] = await app.getAccount(path)
+    await transferToAddress(testAccount.address)
+
+    const toAddress = '1BmVCLrjttchZMW7i6df7mTdCKzHpy38bgDbVL1GqV6P7';
+    const transferAmount = 1234567890123456789012345n
+    const mintAmount = 2222222222222222222222222n
+    const { tokens, destinations } = await genTokensAndDestinations(testAccount.address, toAddress, mintAmount, transferAmount)
+
+    const randomOrderTokens = tokens.sort((a, b) => b.tokenId.localeCompare(a.tokenId))
+    const buildTxResult = await nodeProvider.transactions.postTransactionsBuild({
+      fromPublicKey: testAccount.publicKey,
+      destinations: destinations
+    })
+
+    approveTx(Array(5).fill(OutputType.BaseAndToken))
+    const signature = await app.signUnsignedTx(path, Buffer.from(buildTxResult.unsignedTx, 'hex'), randomOrderTokens)
+    expect(transactionVerifySignature(buildTxResult.txId, testAccount.publicKey, signature)).toBe(true)
+
+    const submitResult = await nodeProvider.transactions.postTransactionsSubmit({
+      unsignedTx: buildTxResult.unsignedTx,
+      signature: signature
+    })
+    await waitForTxConfirmation(submitResult.txId, 1, 1000)
+    const balances = await nodeProvider.addresses.getAddressesAddressBalance(toAddress)
+    tokens.forEach((metadata) => {
+      const tokenBalance = balances.tokenBalances!.find((t) => t.id === metadata.tokenId)!
+      expect(BigInt(tokenBalance.amount)).toEqual(transferAmount)
+    })
+
+    await app.close()
+  }, 120000)
+
+  it('should reject tx if the metadata version is invalid', async () => {
+    const transport = await createTransport()
+    const app = new AlephiumApp(transport)
+    const [testAccount] = await app.getAccount(path)
+    await transferToAddress(testAccount.address)
+
+    const toAddress = '1BmVCLrjttchZMW7i6df7mTdCKzHpy38bgDbVL1GqV6P7';
+    const transferAmount = 1234567890123456789012345n
+    const mintAmount = 2222222222222222222222222n
+    const { tokens, destinations } = await genTokensAndDestinations(testAccount.address, toAddress, mintAmount, transferAmount)
+
+    const invalidTokenIndex = randomInt(5)
+    tokens[invalidTokenIndex] = { ...tokens[invalidTokenIndex], version: 1 }
+    const buildTxResult = await nodeProvider.transactions.postTransactionsBuild({
+      fromPublicKey: testAccount.publicKey,
+      destinations: destinations
+    })
+
+    await expect(app.signUnsignedTx(path, Buffer.from(buildTxResult.unsignedTx, 'hex'), tokens)).rejects.toThrow()
+
+    await app.close()
+  }, 120000)
+
   it('should transfer from multiple inputs', async () => {
     const transport = await createTransport()
     const app = new AlephiumApp(transport)