@ledgerhq/hw-bolos 6.31.4

package/lib-es/PKIError.js

@@ -0,0 +1,143 @@
+const ErrorCode = {
+    0x422f: "Incorrect structure type",
+    0x4230: "Incorrect certificate version",
+    0x4231: "Incorrect certificate validity",
+    0x4232: "Incorrect certificate validity index",
+    0x4233: "Unknown signer key ID",
+    0x4234: "Unknown signature algorithm",
+    0x4235: "Unknown public key ID",
+    0x4236: "Unknown public key usage",
+    0x4237: "Incorrect elliptic curve ID",
+    0x4238: "Incorrect signature algorithm associated to the public key",
+    0x4239: "Unknown target device",
+    0x422d: "Unknown certificate tag",
+    0x3301: "Failed to hash data",
+    0x422e: "expected_key_usage doesn't match certificate key usage",
+    0x5720: "Failed to verify signature",
+    0x4118: "trusted_name buffer is too small to contain the trusted name",
+};
+export const errorCodeValue = Object.keys(ErrorCode).map(v => parseInt(v));
+export function throwError(code) {
+    switch (code) {
+        case 0x422f:
+            throw new PKIStructError();
+        case 0x4230:
+            throw new PKICertificateVersionError();
+        case 0x4231:
+            throw new PKICertificateValidityError();
+        case 0x4232:
+            throw new PKICertificateIndexError();
+        case 0x4233:
+            throw new PKIUnknownSignerIdError();
+        case 0x4234:
+            throw new PKIUnknownSignerAlgorithmError();
+        case 0x4235:
+            throw new PKIUnknownPublicIdError();
+        case 0x4236:
+            throw new PKIUnknownPublicUsageError();
+        case 0x4237:
+            throw new PKIIncorrectCurveError();
+        case 0x4238:
+            throw new PKIIncorrectSignatureError();
+        case 0x4239:
+            throw new PKIUnknownDeviceError();
+        case 0x422d:
+            throw new PKIUnknownCertificateTagError();
+        case 0x3301:
+            throw new PKIFailedHashError();
+        case 0x422e:
+            throw new PKIMismatchKeyError();
+        case 0x5720:
+            throw new PKIFailedVerificationError();
+        case 0x4118:
+            throw new PKITrustedNameTooSmallError();
+        default:
+            throw new PKIError("Unknown");
+    }
+}
+export class PKIError extends Error {
+    constructor(cause) {
+        super("PKIError due to " + cause);
+    }
+}
+export class PKIStructError extends PKIError {
+    constructor() {
+        super(ErrorCode[0x422f]);
+    }
+}
+export class PKICertificateVersionError extends PKIError {
+    constructor() {
+        super(ErrorCode[0x4230]);
+    }
+}
+export class PKICertificateValidityError extends PKIError {
+    constructor() {
+        super(ErrorCode[0x4231]);
+    }
+}
+export class PKICertificateIndexError extends PKIError {
+    constructor() {
+        super(ErrorCode[0x4232]);
+    }
+}
+export class PKIUnknownSignerIdError extends PKIError {
+    constructor() {
+        super(ErrorCode[0x4233]);
+    }
+}
+export class PKIUnknownSignerAlgorithmError extends PKIError {
+    constructor() {
+        super(ErrorCode[0x4234]);
+    }
+}
+export class PKIUnknownPublicIdError extends PKIError {
+    constructor() {
+        super(ErrorCode[0x4235]);
+    }
+}
+export class PKIUnknownPublicUsageError extends PKIError {
+    constructor() {
+        super(ErrorCode[0x4236]);
+    }
+}
+export class PKIIncorrectCurveError extends PKIError {
+    constructor() {
+        super(ErrorCode[0x4237]);
+    }
+}
+export class PKIIncorrectSignatureError extends PKIError {
+    constructor() {
+        super(ErrorCode[0x4238]);
+    }
+}
+export class PKIUnknownDeviceError extends PKIError {
+    constructor() {
+        super(ErrorCode[0x4239]);
+    }
+}
+export class PKIUnknownCertificateTagError extends PKIError {
+    constructor() {
+        super(ErrorCode[0x422d]);
+    }
+}
+export class PKIFailedHashError extends PKIError {
+    constructor() {
+        super(ErrorCode[0x3301]);
+    }
+}
+export class PKIMismatchKeyError extends PKIError {
+    constructor() {
+        super(ErrorCode[0x422e]);
+    }
+}
+export class PKIFailedVerificationError extends PKIError {
+    constructor() {
+        super(ErrorCode[0x5720]);
+    }
+}
+export class PKITrustedNameTooSmallError extends PKIError {
+    constructor() {
+        super(ErrorCode[0x4118]);
+    }
+}
+//# sourceMappingURL=PKIError.js.map

package/lib-es/PKIError.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"PKIError.js","sourceRoot":"","sources":["../src/PKIError.ts"],"names":[],"mappings":"AAAA,MAAM,SAAS,GAA2B;IACxC,MAAM,EAAE,0BAA0B;IAClC,MAAM,EAAE,+BAA+B;IACvC,MAAM,EAAE,gCAAgC;IACxC,MAAM,EAAE,sCAAsC;IAC9C,MAAM,EAAE,uBAAuB;IAC/B,MAAM,EAAE,6BAA6B;IACrC,MAAM,EAAE,uBAAuB;IAC/B,MAAM,EAAE,0BAA0B;IAClC,MAAM,EAAE,6BAA6B;IACrC,MAAM,EAAE,4DAA4D;IACpE,MAAM,EAAE,uBAAuB;IAC/B,MAAM,EAAE,yBAAyB;IACjC,MAAM,EAAE,qBAAqB;IAC7B,MAAM,EAAE,wDAAwD;IAChE,MAAM,EAAE,4BAA4B;IACpC,MAAM,EAAE,8DAA8D;CACvE,CAAC;AACF,MAAM,CAAC,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;AAE3E,MAAM,UAAU,UAAU,CAAC,IAAY;IACrC,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,MAAM;YACT,MAAM,IAAI,cAAc,EAAE,CAAC;QAC7B,KAAK,MAAM;YACT,MAAM,IAAI,0BAA0B,EAAE,CAAC;QACzC,KAAK,MAAM;YACT,MAAM,IAAI,2BAA2B,EAAE,CAAC;QAC1C,KAAK,MAAM;YACT,MAAM,IAAI,wBAAwB,EAAE,CAAC;QACvC,KAAK,MAAM;YACT,MAAM,IAAI,uBAAuB,EAAE,CAAC;QACtC,KAAK,MAAM;YACT,MAAM,IAAI,8BAA8B,EAAE,CAAC;QAC7C,KAAK,MAAM;YACT,MAAM,IAAI,uBAAuB,EAAE,CAAC;QACtC,KAAK,MAAM;YACT,MAAM,IAAI,0BAA0B,EAAE,CAAC;QACzC,KAAK,MAAM;YACT,MAAM,IAAI,sBAAsB,EAAE,CAAC;QACrC,KAAK,MAAM;YACT,MAAM,IAAI,0BAA0B,EAAE,CAAC;QACzC,KAAK,MAAM;YACT,MAAM,IAAI,qBAAqB,EAAE,CAAC;QACpC,KAAK,MAAM;YACT,MAAM,IAAI,6BAA6B,EAAE,CAAC;QAC5C,KAAK,MAAM;YACT,MAAM,IAAI,kBAAkB,EAAE,CAAC;QACjC,KAAK,MAAM;YACT,MAAM,IAAI,mBAAmB,EAAE,CAAC;QAClC,KAAK,MAAM;YACT,MAAM,IAAI,0BAA0B,EAAE,CAAC;QACzC,KAAK,MAAM;YACT,MAAM,IAAI,2BAA2B,EAAE,CAAC;QAC1C;YACE,MAAM,IAAI,QAAQ,CAAC,SAAS,CAAC,CAAC;IAClC,CAAC;AACH,CAAC;AAED,MAAM,OAAO,QAAS,SAAQ,KAAK;IACjC,YAAY,KAAa;QACvB,KAAK,CAAC,kBAAkB,GAAG,KAAK,CAAC,CAAC;IACpC,CAAC;CACF;AACD,MAAM,OAAO,cAAe,SAAQ,QAAQ;IAC1C;QACE,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IAC3B,CAAC;CACF;AACD,MAAM,OAAO,0BAA2B,SAAQ,QAAQ;IACtD;QACE,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IAC3B,CAAC;CACF;AACD,MAAM,OAAO,2BAA4B,SAAQ,QAAQ;IACvD;QACE,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IAC3B,CAAC;CACF;AACD,MAAM,OAAO,wBAAyB,SAAQ,QAAQ;IACpD;QACE,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IAC3B,CAAC;CACF;AACD,MAAM,OAAO,uBAAwB,SAAQ,QAAQ;IACnD;QACE,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IAC3B,CAAC;CACF;AACD,MAAM,OAAO,8BAA+B,SAAQ,QAAQ;IAC1D;QACE,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IAC3B,CAAC;CACF;AACD,MAAM,OAAO,uBAAwB,SAAQ,QAAQ;IACnD;QACE,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IAC3B,CAAC;CACF;AACD,MAAM,OAAO,0BAA2B,SAAQ,QAAQ;IACtD;QACE,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IAC3B,CAAC;CACF;AACD,MAAM,OAAO,sBAAuB,SAAQ,QAAQ;IAClD;QACE,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IAC3B,CAAC;CACF;AACD,MAAM,OAAO,0BAA2B,SAAQ,QAAQ;IACtD;QACE,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IAC3B,CAAC;CACF;AACD,MAAM,OAAO,qBAAsB,SAAQ,QAAQ;IACjD;QACE,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IAC3B,CAAC;CACF;AACD,MAAM,OAAO,6BAA8B,SAAQ,QAAQ;IACzD;QACE,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IAC3B,CAAC;CACF;AACD,MAAM,OAAO,kBAAmB,SAAQ,QAAQ;IAC9C;QACE,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IAC3B,CAAC;CACF;AACD,MAAM,OAAO,mBAAoB,SAAQ,QAAQ;IAC/C;QACE,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IAC3B,CAAC;CACF;AACD,MAAM,OAAO,0BAA2B,SAAQ,QAAQ;IACtD;QACE,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IAC3B,CAAC;CACF;AACD,MAAM,OAAO,2BAA4B,SAAQ,QAAQ;IACvD;QACE,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IAC3B,CAAC;CACF"}

package/lib-es/index.d.ts

@@ -0,0 +1,2 @@
+export { default as loadPKI } from "./loadPKI";
+//# sourceMappingURL=index.d.ts.map

package/lib-es/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,IAAI,OAAO,EAAE,MAAM,WAAW,CAAC"}

package/lib-es/index.js

@@ -0,0 +1,2 @@
+export { default as loadPKI } from "./loadPKI";
+//# sourceMappingURL=index.js.map

package/lib-es/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,IAAI,OAAO,EAAE,MAAM,WAAW,CAAC"}

package/lib-es/loadPKI.d.ts

@@ -0,0 +1,19 @@
+import Transport from "@ledgerhq/hw-transport";
+declare const keyUsage: {
+    GENUINE_CHECK: number;
+    EXCHANGE_PAYLOAD: number;
+    NFT_METADATA: number;
+    TRUSTED_NAME: number;
+    BACKUP_PROVIDER: number;
+    RECOVER_ORCHESTRATOR: number;
+    PLUGIN_METADATA: number;
+    COIN_META: number;
+    SEED_ID_AUTH: number;
+    UNKNOWN: number;
+};
+/**
+ * Load certificate
+ */
+declare const _default: (transport: Transport, key: keyof typeof keyUsage, descriptor: string, signature: string) => Promise<void>;
+export default _default;
+//# sourceMappingURL=loadPKI.d.ts.map

package/lib-es/loadPKI.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"loadPKI.d.ts","sourceRoot":"","sources":["../src/loadPKI.ts"],"names":[],"mappings":"AAAA,OAAO,SAA0B,MAAM,wBAAwB,CAAC;AAUhE,QAAA,MAAM,QAAQ;;;;;;;;;;;CAWb,CAAC;AAEF;;GAEG;oCAEU,SAAS,OACf,MAAM,eAAe,cACd,MAAM,aACP,MAAM,KAChB,QAAQ,IAAI,CAAC;AALhB,wBA2BE"}

package/lib-es/loadPKI.integ.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=loadPKI.integ.test.d.ts.map

package/lib-es/loadPKI.integ.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"loadPKI.integ.test.d.ts","sourceRoot":"","sources":["../src/loadPKI.integ.test.ts"],"names":[],"mappings":""}

package/lib-es/loadPKI.integ.test.js

@@ -0,0 +1,37 @@
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+import TransportNodeHidSingleton from "@ledgerhq/hw-transport-node-hid-singleton";
+import loadPKI from "./loadPKI";
+import { PKIFailedVerificationError } from "./PKIError";
+describe("loadPKI with real connected device", () => {
+    let transport;
+    beforeAll(() => __awaiter(void 0, void 0, void 0, function* () {
+        transport = yield TransportNodeHidSingleton.open("");
+    }));
+    afterAll(() => __awaiter(void 0, void 0, void 0, function* () {
+        yield transport.close();
+    }));
+    it.skip("returns an Ok", () => __awaiter(void 0, void 0, void 0, function* () {
+        // Given
+        const descriptor = "0101010201023501043601021004010500001302000314010120086e66745f6d657461300200053101043201213401013321035e6c1020c14dc46442fe89f97c0b68cdb15976dc24f24c316e7b30fe4e8cc76b";
+        const signature = "30440220774aa1a064c9bd5ff2c820156b4af106d464d8ca0eb2de5f2956c8b52356496202205ef40dd54beb3c1534d011af9f581f426141d39338b3da6abf4023254cbef72c";
+        // When & Then
+        yield expect(loadPKI(transport, "TRUSTED_NAME", descriptor, signature)).rejects.not.toThrow();
+        yield (() => new Promise(f => setTimeout(f, 1000)))();
+    }));
+    it("returns an Verification Failed error", () => __awaiter(void 0, void 0, void 0, function* () {
+        // Given
+        const descriptor = "0101010201023501043601021004010500001302000314010120086e66745f6d657461300200053101043201213401013321035e6c1020c14dc46442fe89f97c0b68cdb15976dc24f24c316e7b30fe4e8cc76b";
+        const signature = "30440220774aa1a064c9bd5ff2c820156b4af106d464d8ca0eb2de5f2956c8b52356496202205ef40dd54beb3c1534d011af9f581f426141d39338b3da6abf4023254cbef72c";
+        // When & Then
+        yield expect(loadPKI(transport, "TRUSTED_NAME", descriptor, signature)).rejects.toThrow(PKIFailedVerificationError);
+    }));
+});
+//# sourceMappingURL=loadPKI.integ.test.js.map

package/lib-es/loadPKI.integ.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"loadPKI.integ.test.js","sourceRoot":"","sources":["../src/loadPKI.integ.test.ts"],"names":[],"mappings":";;;;;;;;;AACA,OAAO,yBAAyB,MAAM,2CAA2C,CAAC;AAClF,OAAO,OAAO,MAAM,WAAW,CAAC;AAChC,OAAO,EAAE,0BAA0B,EAAE,MAAM,YAAY,CAAC;AAExD,QAAQ,CAAC,oCAAoC,EAAE,GAAG,EAAE;IAClD,IAAI,SAAoB,CAAC;IAEzB,SAAS,CAAC,GAAS,EAAE;QACnB,SAAS,GAAG,MAAM,yBAAyB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACvD,CAAC,CAAA,CAAC,CAAC;IACH,QAAQ,CAAC,GAAS,EAAE;QAClB,MAAM,SAAS,CAAC,KAAK,EAAE,CAAC;IAC1B,CAAC,CAAA,CAAC,CAAC;IAEH,EAAE,CAAC,IAAI,CAAC,eAAe,EAAE,GAAS,EAAE;QAClC,QAAQ;QACR,MAAM,UAAU,GACd,wKAAwK,CAAC;QAC3K,MAAM,SAAS,GACb,8IAA8I,CAAC;QAEjJ,cAAc;QACd,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,EAAE,cAAc,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;QAC9F,MAAM,CAAC,GAAG,EAAE,CAAC,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;IACxD,CAAC,CAAA,CAAC,CAAC;IAEH,EAAE,CAAC,sCAAsC,EAAE,GAAS,EAAE;QACpD,QAAQ;QACR,MAAM,UAAU,GACd,wKAAwK,CAAC;QAC3K,MAAM,SAAS,GACb,8IAA8I,CAAC;QAEjJ,cAAc;QACd,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,EAAE,cAAc,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CACrF,0BAA0B,CAC3B,CAAC;IACJ,CAAC,CAAA,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/lib-es/loadPKI.js

@@ -0,0 +1,46 @@
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+import { StatusCodes } from "@ledgerhq/hw-transport";
+import { errorCodeValue, throwError } from "./PKIError";
+const handledErrorCode = errorCodeValue.concat(StatusCodes.OK);
+const CLA = 0xb0;
+const INS = 0x06;
+const P2 = 0x00;
+// Extract from https://github.com/LedgerHQ/ledger-secure-sdk/blob/d59b21f8a1f2e78ad50b5a8a21d0daac68826643/include/os_pki.h#L74
+const keyUsage = {
+    GENUINE_CHECK: 0x01,
+    EXCHANGE_PAYLOAD: 0x02,
+    NFT_METADATA: 0x03,
+    TRUSTED_NAME: 0x04,
+    BACKUP_PROVIDER: 0x05,
+    RECOVER_ORCHESTRATOR: 0x06,
+    PLUGIN_METADATA: 0x07,
+    COIN_META: 0x08,
+    SEED_ID_AUTH: 0x09,
+    UNKNOWN: 0x0a,
+};
+/**
+ * Load certificate
+ */
+export default (transport, key, descriptor, signature) => __awaiter(void 0, void 0, void 0, function* () {
+    const descriptorBuffer = Buffer.from(descriptor, "hex");
+    const signatureBuffer = Buffer.from(signature, "hex");
+    const result = yield transport.send(CLA, INS, keyUsage[key], P2, Buffer.concat([
+        new Uint8Array(descriptorBuffer),
+        new Uint8Array(Buffer.from("15", "hex")),
+        new Uint8Array(Buffer.from([signatureBuffer.length])),
+        new Uint8Array(signatureBuffer),
+    ]), handledErrorCode);
+    const resultCode = result.readUInt16BE(result.length - 2);
+    if (resultCode !== StatusCodes.OK) {
+        throwError(resultCode);
+    }
+});
+//# sourceMappingURL=loadPKI.js.map

package/lib-es/loadPKI.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"loadPKI.js","sourceRoot":"","sources":["../src/loadPKI.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAkB,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAChE,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAExD,MAAM,gBAAgB,GAAG,cAAc,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;AAE/D,MAAM,GAAG,GAAG,IAAI,CAAC;AACjB,MAAM,GAAG,GAAG,IAAI,CAAC;AACjB,MAAM,EAAE,GAAG,IAAI,CAAC;AAEhB,gIAAgI;AAChI,MAAM,QAAQ,GAAG;IACf,aAAa,EAAE,IAAI;IACnB,gBAAgB,EAAE,IAAI;IACtB,YAAY,EAAE,IAAI;IAClB,YAAY,EAAE,IAAI;IAClB,eAAe,EAAE,IAAI;IACrB,oBAAoB,EAAE,IAAI;IAC1B,eAAe,EAAE,IAAI;IACrB,SAAS,EAAE,IAAI;IACf,YAAY,EAAE,IAAI;IAClB,OAAO,EAAE,IAAI;CACd,CAAC;AAEF;;GAEG;AACH,eAAe,CACb,SAAoB,EACpB,GAA0B,EAC1B,UAAkB,EAClB,SAAiB,EACF,EAAE;IACjB,MAAM,gBAAgB,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;IACxD,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;IAEtD,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,IAAI,CACjC,GAAG,EACH,GAAG,EACH,QAAQ,CAAC,GAAG,CAAC,EACb,EAAE,EACF,MAAM,CAAC,MAAM,CAAC;QACZ,IAAI,UAAU,CAAC,gBAAgB,CAAC;QAChC,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QACxC,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC;QACrD,IAAI,UAAU,CAAC,eAAe,CAAC;KAChC,CAAC,EACF,gBAAgB,CACjB,CAAC;IAEF,MAAM,UAAU,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC1D,IAAI,UAAU,KAAK,WAAW,CAAC,EAAE,EAAE,CAAC;QAClC,UAAU,CAAC,UAAU,CAAC,CAAC;IACzB,CAAC;AACH,CAAC,CAAA,CAAC"}

package/lib-es/loadPKI.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=loadPKI.test.d.ts.map

package/lib-es/loadPKI.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"loadPKI.test.d.ts","sourceRoot":"","sources":["../src/loadPKI.test.ts"],"names":[],"mappings":""}

package/lib-es/loadPKI.test.js

@@ -0,0 +1,32 @@
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+import { createTransportRecorder, MockTransport, RecordStore } from "@ledgerhq/hw-transport-mocker";
+import loadPKI from "./loadPKI";
+describe("loadPKI", () => {
+    const recordStore = new RecordStore();
+    const mockTransport = new MockTransport(Buffer.from([0, 0x90, 0x00]));
+    const TransportRecorder = createTransportRecorder(mockTransport, recordStore);
+    it("returns a new Challenge value", () => __awaiter(void 0, void 0, void 0, function* () {
+        // Given
+        const descriptor = "010203";
+        const signature = "0a0b0c0d0e0f1a1b1c1d1e1f";
+        const signatureLengthInHex = "0c";
+        const transport = new TransportRecorder(mockTransport);
+        // When
+        yield loadPKI(transport, "GENUINE_CHECK", descriptor, signature);
+        // Then
+        const expectCommand = Buffer.from([0xb0, 0x06, 0x01, 0x00]).toString("hex");
+        const certSeparator = "15";
+        const data = descriptor + certSeparator + signatureLengthInHex + signature;
+        const dataLengthInHex = (data.length / 2).toString(16);
+        expect(recordStore.queue[0][0]).toBe(expectCommand + dataLengthInHex + data);
+    }));
+});
+//# sourceMappingURL=loadPKI.test.js.map

package/lib-es/loadPKI.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"loadPKI.test.js","sourceRoot":"","sources":["../src/loadPKI.test.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,EAAE,uBAAuB,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,+BAA+B,CAAC;AACpG,OAAO,OAAO,MAAM,WAAW,CAAC;AAEhC,QAAQ,CAAC,SAAS,EAAE,GAAG,EAAE;IACvB,MAAM,WAAW,GAAG,IAAI,WAAW,EAAE,CAAC;IACtC,MAAM,aAAa,GAAG,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC;IACtE,MAAM,iBAAiB,GAAG,uBAAuB,CAAC,aAAa,EAAE,WAAW,CAAC,CAAC;IAE9E,EAAE,CAAC,+BAA+B,EAAE,GAAS,EAAE;QAC7C,QAAQ;QACR,MAAM,UAAU,GAAG,QAAQ,CAAC;QAC5B,MAAM,SAAS,GAAG,0BAA0B,CAAC;QAC7C,MAAM,oBAAoB,GAAG,IAAI,CAAC;QAClC,MAAM,SAAS,GAAG,IAAI,iBAAiB,CAAC,aAAa,CAAC,CAAC;QAEvD,OAAO;QACP,MAAM,OAAO,CAAC,SAAS,EAAE,eAAe,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC;QAEjE,OAAO;QACP,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAC5E,MAAM,aAAa,GAAG,IAAI,CAAC;QAC3B,MAAM,IAAI,GAAG,UAAU,GAAG,aAAa,GAAG,oBAAoB,GAAG,SAAS,CAAC;QAC3E,MAAM,eAAe,GAAG,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;QACvD,MAAM,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,GAAG,eAAe,GAAG,IAAI,CAAC,CAAC;IAC/E,CAAC,CAAA,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/package.json

@@ -0,0 +1,53 @@
+{
+  "name": "@ledgerhq/hw-bolos",
+  "version": "6.31.4",
+  "description": "List of commands for Ledger Hardware Wallet OS",
+  "keywords": [
+    "Ledger",
+    "LedgerWallet",
+    "Nano",
+    "BOLOS"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/LedgerHQ/ledger-live.git"
+  },
+  "bugs": {
+    "url": "https://github.com/LedgerHQ/ledger-live/issues"
+  },
+  "homepage": "https://github.com/LedgerHQ/ledger-live/tree/develop/libs/ledgerjs/packages/hw-bolos",
+  "publishConfig": {
+    "access": "public"
+  },
+  "main": "lib/index.js",
+  "module": "lib-es/index.js",
+  "types": "lib/index.d.ts",
+  "license": "Apache-2.0",
+  "dependencies": {
+    "@ledgerhq/hw-transport": "6.31.4"
+  },
+  "devDependencies": {
+    "@types/jest": "^29.5.10",
+    "@types/node": "^20.8.10",
+    "documentation": "14.0.2",
+    "jest": "^29.7.0",
+    "rimraf": "^4.4.1",
+    "ts-jest": "^29.1.1",
+    "ts-node": "^10.4.0",
+    "@ledgerhq/hw-transport-mocker": "6.29.4",
+    "@ledgerhq/hw-transport-node-hid-singleton": "^6.31.5"
+  },
+  "scripts": {
+    "clean": "rimraf lib lib-es",
+    "build": "tsc && tsc -m ES6 --outDir lib-es",
+    "prewatch": "pnpm build",
+    "watch": "tsc --watch",
+    "watch:es": "tsc --watch -m ES6 --outDir lib-es",
+    "doc": "documentation readme src/** --section=API --pe ts --re ts --re d.ts",
+    "lint": "eslint ./src --no-error-on-unmatched-pattern --ext .ts,.tsx --cache",
+    "lint:fix": "pnpm lint --fix",
+    "test": "jest",
+    "test-integ": "jest --config=jest.integ.config.ts --runInBand",
+    "unimported": "unimported"
+  }
+}

package/src/PKIError.ts

@@ -0,0 +1,144 @@
+const ErrorCode: Record<number, string> = {
+  0x422f: "Incorrect structure type",
+  0x4230: "Incorrect certificate version",
+  0x4231: "Incorrect certificate validity",
+  0x4232: "Incorrect certificate validity index",
+  0x4233: "Unknown signer key ID",
+  0x4234: "Unknown signature algorithm",
+  0x4235: "Unknown public key ID",
+  0x4236: "Unknown public key usage",
+  0x4237: "Incorrect elliptic curve ID",
+  0x4238: "Incorrect signature algorithm associated to the public key",
+  0x4239: "Unknown target device",
+  0x422d: "Unknown certificate tag",
+  0x3301: "Failed to hash data",
+  0x422e: "expected_key_usage doesn't match certificate key usage",
+  0x5720: "Failed to verify signature",
+  0x4118: "trusted_name buffer is too small to contain the trusted name",
+};
+export const errorCodeValue = Object.keys(ErrorCode).map(v => parseInt(v));
+
+export function throwError(code: number) {
+  switch (code) {
+    case 0x422f:
+      throw new PKIStructError();
+    case 0x4230:
+      throw new PKICertificateVersionError();
+    case 0x4231:
+      throw new PKICertificateValidityError();
+    case 0x4232:
+      throw new PKICertificateIndexError();
+    case 0x4233:
+      throw new PKIUnknownSignerIdError();
+    case 0x4234:
+      throw new PKIUnknownSignerAlgorithmError();
+    case 0x4235:
+      throw new PKIUnknownPublicIdError();
+    case 0x4236:
+      throw new PKIUnknownPublicUsageError();
+    case 0x4237:
+      throw new PKIIncorrectCurveError();
+    case 0x4238:
+      throw new PKIIncorrectSignatureError();
+    case 0x4239:
+      throw new PKIUnknownDeviceError();
+    case 0x422d:
+      throw new PKIUnknownCertificateTagError();
+    case 0x3301:
+      throw new PKIFailedHashError();
+    case 0x422e:
+      throw new PKIMismatchKeyError();
+    case 0x5720:
+      throw new PKIFailedVerificationError();
+    case 0x4118:
+      throw new PKITrustedNameTooSmallError();
+    default:
+      throw new PKIError("Unknown");
+  }
+}
+
+export class PKIError extends Error {
+  constructor(cause: string) {
+    super("PKIError due to " + cause);
+  }
+}
+export class PKIStructError extends PKIError {
+  constructor() {
+    super(ErrorCode[0x422f]);
+  }
+}
+export class PKICertificateVersionError extends PKIError {
+  constructor() {
+    super(ErrorCode[0x4230]);
+  }
+}
+export class PKICertificateValidityError extends PKIError {
+  constructor() {
+    super(ErrorCode[0x4231]);
+  }
+}
+export class PKICertificateIndexError extends PKIError {
+  constructor() {
+    super(ErrorCode[0x4232]);
+  }
+}
+export class PKIUnknownSignerIdError extends PKIError {
+  constructor() {
+    super(ErrorCode[0x4233]);
+  }
+}
+export class PKIUnknownSignerAlgorithmError extends PKIError {
+  constructor() {
+    super(ErrorCode[0x4234]);
+  }
+}
+export class PKIUnknownPublicIdError extends PKIError {
+  constructor() {
+    super(ErrorCode[0x4235]);
+  }
+}
+export class PKIUnknownPublicUsageError extends PKIError {
+  constructor() {
+    super(ErrorCode[0x4236]);
+  }
+}
+export class PKIIncorrectCurveError extends PKIError {
+  constructor() {
+    super(ErrorCode[0x4237]);
+  }
+}
+export class PKIIncorrectSignatureError extends PKIError {
+  constructor() {
+    super(ErrorCode[0x4238]);
+  }
+}
+export class PKIUnknownDeviceError extends PKIError {
+  constructor() {
+    super(ErrorCode[0x4239]);
+  }
+}
+export class PKIUnknownCertificateTagError extends PKIError {
+  constructor() {
+    super(ErrorCode[0x422d]);
+  }
+}
+export class PKIFailedHashError extends PKIError {
+  constructor() {
+    super(ErrorCode[0x3301]);
+  }
+}
+export class PKIMismatchKeyError extends PKIError {
+  constructor() {
+    super(ErrorCode[0x422e]);
+  }
+}
+export class PKIFailedVerificationError extends PKIError {
+  constructor() {
+    super(ErrorCode[0x5720]);
+  }
+}
+export class PKITrustedNameTooSmallError extends PKIError {
+  constructor() {
+    super(ErrorCode[0x4118]);
+  }
+}

package/src/index.ts

@@ -0,0 +1 @@
+export { default as loadPKI } from "./loadPKI";

package/src/loadPKI.integ.test.ts

@@ -0,0 +1,40 @@
+import Transport from "@ledgerhq/hw-transport";
+import TransportNodeHidSingleton from "@ledgerhq/hw-transport-node-hid-singleton";
+import loadPKI from "./loadPKI";
+import { PKIFailedVerificationError } from "./PKIError";
+
+describe("loadPKI with real connected device", () => {
+  let transport: Transport;
+
+  beforeAll(async () => {
+    transport = await TransportNodeHidSingleton.open("");
+  });
+  afterAll(async () => {
+    await transport.close();
+  });
+
+  it.skip("returns an Ok", async () => {
+    // Given
+    const descriptor =
+      "0101010201023501043601021004010500001302000314010120086e66745f6d657461300200053101043201213401013321035e6c1020c14dc46442fe89f97c0b68cdb15976dc24f24c316e7b30fe4e8cc76b";
+    const signature =
+      "30440220774aa1a064c9bd5ff2c820156b4af106d464d8ca0eb2de5f2956c8b52356496202205ef40dd54beb3c1534d011af9f581f426141d39338b3da6abf4023254cbef72c";
+
+    // When & Then
+    await expect(loadPKI(transport, "TRUSTED_NAME", descriptor, signature)).rejects.not.toThrow();
+    await (() => new Promise(f => setTimeout(f, 1000)))();
+  });
+
+  it("returns an Verification Failed error", async () => {
+    // Given
+    const descriptor =
+      "0101010201023501043601021004010500001302000314010120086e66745f6d657461300200053101043201213401013321035e6c1020c14dc46442fe89f97c0b68cdb15976dc24f24c316e7b30fe4e8cc76b";
+    const signature =
+      "30440220774aa1a064c9bd5ff2c820156b4af106d464d8ca0eb2de5f2956c8b52356496202205ef40dd54beb3c1534d011af9f581f426141d39338b3da6abf4023254cbef72c";
+
+    // When & Then
+    await expect(loadPKI(transport, "TRUSTED_NAME", descriptor, signature)).rejects.toThrow(
+      PKIFailedVerificationError,
+    );
+  });
+});

package/src/loadPKI.test.ts

@@ -0,0 +1,26 @@
+import { createTransportRecorder, MockTransport, RecordStore } from "@ledgerhq/hw-transport-mocker";
+import loadPKI from "./loadPKI";
+
+describe("loadPKI", () => {
+  const recordStore = new RecordStore();
+  const mockTransport = new MockTransport(Buffer.from([0, 0x90, 0x00]));
+  const TransportRecorder = createTransportRecorder(mockTransport, recordStore);
+
+  it("returns a new Challenge value", async () => {
+    // Given
+    const descriptor = "010203";
+    const signature = "0a0b0c0d0e0f1a1b1c1d1e1f";
+    const signatureLengthInHex = "0c";
+    const transport = new TransportRecorder(mockTransport);
+
+    // When
+    await loadPKI(transport, "GENUINE_CHECK", descriptor, signature);
+
+    // Then
+    const expectCommand = Buffer.from([0xb0, 0x06, 0x01, 0x00]).toString("hex");
+    const certSeparator = "15";
+    const data = descriptor + certSeparator + signatureLengthInHex + signature;
+    const dataLengthInHex = (data.length / 2).toString(16);
+    expect(recordStore.queue[0][0]).toBe(expectCommand + dataLengthInHex + data);
+  });
+});

package/src/loadPKI.ts

@@ -0,0 +1,54 @@
+import Transport, { StatusCodes } from "@ledgerhq/hw-transport";
+import { errorCodeValue, throwError } from "./PKIError";
+
+const handledErrorCode = errorCodeValue.concat(StatusCodes.OK);
+
+const CLA = 0xb0;
+const INS = 0x06;
+const P2 = 0x00;
+
+// Extract from https://github.com/LedgerHQ/ledger-secure-sdk/blob/d59b21f8a1f2e78ad50b5a8a21d0daac68826643/include/os_pki.h#L74
+const keyUsage = {
+  GENUINE_CHECK: 0x01,
+  EXCHANGE_PAYLOAD: 0x02,
+  NFT_METADATA: 0x03,
+  TRUSTED_NAME: 0x04,
+  BACKUP_PROVIDER: 0x05,
+  RECOVER_ORCHESTRATOR: 0x06,
+  PLUGIN_METADATA: 0x07,
+  COIN_META: 0x08,
+  SEED_ID_AUTH: 0x09,
+  UNKNOWN: 0x0a,
+};
+
+/**
+ * Load certificate
+ */
+export default async (
+  transport: Transport,
+  key: keyof typeof keyUsage,
+  descriptor: string,
+  signature: string,
+): Promise<void> => {
+  const descriptorBuffer = Buffer.from(descriptor, "hex");
+  const signatureBuffer = Buffer.from(signature, "hex");
+
+  const result = await transport.send(
+    CLA,
+    INS,
+    keyUsage[key],
+    P2,
+    Buffer.concat([
+      new Uint8Array(descriptorBuffer),
+      new Uint8Array(Buffer.from("15", "hex")),
+      new Uint8Array(Buffer.from([signatureBuffer.length])),
+      new Uint8Array(signatureBuffer),
+    ]),
+    handledErrorCode,
+  );
+
+  const resultCode = result.readUInt16BE(result.length - 2);
+  if (resultCode !== StatusCodes.OK) {
+    throwError(resultCode);
+  }
+};