@onekeyfe/hd-core 1.1.27-alpha.41 → 1.1.27-alpha.43

package/__tests__/DeviceCommands.test.ts

@@ -0,0 +1,99 @@
+import { HardwareErrorCode } from '@onekeyfe/hd-shared';
+
+import { DeviceCommands } from '../src/device/DeviceCommands';
+
+jest.mock('../src/data/config', () => ({
+  getSDKVersion: jest.fn(() => '1.0.0'),
+  DEFAULT_DOMAIN: 'https://jssdk.onekey.so/1.0.0/',
+}));
+
+const createCommands = () => {
+  const commands = Object.create(DeviceCommands.prototype) as DeviceCommands;
+  commands.device = {
+    clearCancelableAction: jest.fn(),
+  } as any;
+  return commands;
+};
+
+describe('DeviceCommands failure mapping', () => {
+  it.each([
+    ['ButtonAck', 'Not in Ethereum signing mode'],
+    ['PinMatrixAck', 'Not in Conflux signing mode'],
+  ])('keeps %s unexpected message "%s" as firmware runtime error', async (callType, message) => {
+    const commands = createCommands();
+
+    await expect(
+      commands._filterCommonTypes(
+        {
+          type: 'Failure',
+          message: {
+            code: 'Failure_UnexpectedMessage',
+            message,
+          },
+        } as any,
+        callType as any
+      )
+    ).rejects.toMatchObject({
+      errorCode: HardwareErrorCode.RuntimeError,
+      message: `Failure_UnexpectedMessage,${message}`,
+    });
+  });
+
+  it('keeps the existing NotInSigningMode mapping', async () => {
+    const commands = createCommands();
+
+    await expect(
+      commands._filterCommonTypes(
+        {
+          type: 'Failure',
+          message: {
+            code: 'Failure_UnexpectedMessage',
+            message: 'Not in Signing mode',
+          },
+        } as any,
+        'ButtonAck'
+      )
+    ).rejects.toMatchObject({
+      errorCode: HardwareErrorCode.NotInSigningMode,
+    });
+  });
+
+  it('keeps the existing unexpected passphrase mapping', async () => {
+    const commands = createCommands();
+
+    await expect(
+      commands._filterCommonTypes(
+        {
+          type: 'Failure',
+          message: {
+            code: 'Failure_UnexpectedMessage',
+            message: 'Unexpected message',
+          },
+        } as any,
+        'PassphraseAck'
+      )
+    ).rejects.toMatchObject({
+      errorCode: HardwareErrorCode.UnexpectPassphrase,
+    });
+  });
+
+  it('keeps non signing unexpected messages as runtime errors', async () => {
+    const commands = createCommands();
+
+    await expect(
+      commands._filterCommonTypes(
+        {
+          type: 'Failure',
+          message: {
+            code: 'Failure_UnexpectedMessage',
+            message: 'Not in Reset mode',
+          },
+        } as any,
+        'ButtonAck'
+      )
+    ).rejects.toMatchObject({
+      errorCode: HardwareErrorCode.RuntimeError,
+      message: 'Failure_UnexpectedMessage,Not in Reset mode',
+    });
+  });
+});

package/__tests__/evmLedgerLegacySafety.test.ts

@@ -0,0 +1,261 @@
+import AllNetworkGetAddressBase from '../src/api/allnetwork/AllNetworkGetAddressBase';
+import EvmGetAddress from '../src/api/evm/EVMGetAddress';
+import EVMGetPublicKey from '../src/api/evm/EVMGetPublicKey';
+import { findMethod } from '../src/api/utils';
+
+jest.mock('../src/data/config', () => ({
+  getSDKVersion: jest.fn(() => '1.0.0'),
+  DEFAULT_DOMAIN: 'https://jssdk.onekey.so/1.0.0/',
+}));
+
+jest.mock('../src/api/utils', () => ({
+  findMethod: jest.fn(),
+}));
+
+const createDevice = (onekeyDeviceType: string) => {
+  const typedCall = jest.fn();
+  return {
+    typedCall,
+    device: {
+      features: {
+        onekey_device_type: onekeyDeviceType,
+        safety_checks: 'Strict',
+      },
+      commands: {
+        typedCall,
+      },
+    },
+  };
+};
+
+class TestAllNetworkMethod extends AllNetworkGetAddressBase {
+  async getAllNetworkAddress() {
+    return Promise.resolve([]);
+  }
+}
+
+describe('EVM Ledger legacy path safety checks', () => {
+  it.each([
+    ['evmGetAddress', EvmGetAddress],
+    ['evmGetPublicKey', EVMGetPublicKey],
+  ])(
+    'temporarily relaxes safety checks for Pro %s on ledger legacy path index greater than 1',
+    async (methodName, Method) => {
+      const { device, typedCall } = createDevice('PRO');
+      const method = new Method({
+        id: 1,
+        payload: {
+          method: methodName,
+          path: "m/44'/60'/0'/2",
+        },
+      });
+      method.device = device as any;
+
+      await method.checkSafetyLevelOnTestNet();
+
+      expect(typedCall).toHaveBeenCalledWith('ApplySettings', 'Success', {
+        safety_checks: 'PromptTemporarily',
+      });
+    }
+  );
+
+  it('temporarily relaxes safety checks for Touch get public key on ledger legacy path index greater than 1', async () => {
+    const { device, typedCall } = createDevice('TOUCH');
+    const method = new EVMGetPublicKey({
+      id: 1,
+      payload: {
+        method: 'evmGetPublicKey',
+        path: "m/44'/60'/0'/2",
+      },
+    });
+    method.device = device as any;
+
+    await method.checkSafetyLevelOnTestNet();
+
+    expect(typedCall).toHaveBeenCalledWith('ApplySettings', 'Success', {
+      safety_checks: 'PromptTemporarily',
+    });
+  });
+
+  it('runs EVM safety checks when allNetwork dispatches to the inner get address method', async () => {
+    const { device, typedCall } = createDevice('PRO');
+    (findMethod as jest.Mock).mockImplementation(message => new EvmGetAddress(message));
+    const runSpy = jest.spyOn(EvmGetAddress.prototype, 'run').mockResolvedValue([
+      {
+        path: "m/44'/60'/0'/2",
+        address: '0x0000000000000000000000000000000000000000',
+      },
+    ]);
+    const method = new TestAllNetworkMethod({
+      id: 1,
+      payload: {
+        method: 'allNetworkGetAddress',
+        connectId: 'connect-id',
+        deviceId: 'device-id',
+        bundle: [],
+      },
+    });
+    method.device = {
+      ...device,
+      on: jest.fn(),
+      off: jest.fn(),
+    } as any;
+
+    await method.callMethod(
+      'evmGetAddress',
+      {
+        bundle: [
+          {
+            path: "m/44'/60'/0'/2",
+            showOnOneKey: false,
+            chainId: 1,
+            _originRequestParams: {
+              network: 'evm',
+              path: "m/44'/60'/0'/2",
+              showOnOneKey: false,
+              chainName: '1',
+            },
+          },
+        ],
+      },
+      0
+    );
+
+    expect(typedCall).toHaveBeenCalledWith('ApplySettings', 'Success', {
+      safety_checks: 'PromptTemporarily',
+    });
+
+    runSpy.mockRestore();
+  });
+
+  it('only applies temporary safety checks once during one allNetwork request even when features stay strict', async () => {
+    const { device, typedCall } = createDevice('PRO');
+    (findMethod as jest.Mock).mockImplementation(message => new EvmGetAddress(message));
+    const runSpy = jest
+      .spyOn(EvmGetAddress.prototype, 'run')
+      .mockResolvedValueOnce([
+        {
+          path: "m/44'/60'/0'/2",
+          address: '0x0000000000000000000000000000000000000002',
+        },
+      ])
+      .mockResolvedValueOnce([
+        {
+          path: "m/44'/60'/0'/3",
+          address: '0x0000000000000000000000000000000000000003',
+        },
+      ]);
+    const method = new TestAllNetworkMethod({
+      id: 1,
+      payload: {
+        method: 'allNetworkGetAddressByLoop',
+        connectId: 'connect-id',
+        deviceId: 'device-id',
+        bundle: [],
+      },
+    });
+    method.device = {
+      ...device,
+      on: jest.fn(),
+      off: jest.fn(),
+    } as any;
+
+    await method.callMethod(
+      'evmGetAddress',
+      {
+        bundle: [
+          {
+            path: "m/44'/60'/0'/2",
+            showOnOneKey: false,
+            chainId: 1,
+            _originRequestParams: {
+              network: 'evm',
+              path: "m/44'/60'/0'/2",
+              showOnOneKey: false,
+              chainName: '1',
+            },
+          },
+        ],
+      },
+      0
+    );
+
+    await method.callMethod(
+      'evmGetAddress',
+      {
+        bundle: [
+          {
+            path: "m/44'/60'/0'/3",
+            showOnOneKey: false,
+            chainId: 1,
+            _originRequestParams: {
+              network: 'evm',
+              path: "m/44'/60'/0'/3",
+              showOnOneKey: false,
+              chainName: '1',
+            },
+          },
+        ],
+      },
+      0
+    );
+
+    expect(typedCall).toHaveBeenCalledTimes(1);
+    expect(typedCall).toHaveBeenCalledWith('ApplySettings', 'Success', {
+      safety_checks: 'PromptTemporarily',
+    });
+
+    runSpy.mockRestore();
+  });
+
+  it.each(["m/44'/60'/0'/0", "m/44'/60'/0'/1"])(
+    'keeps safety checks unchanged for legal ledger legacy path %s',
+    async path => {
+      const { device, typedCall } = createDevice('PRO');
+      const method = new EvmGetAddress({
+        id: 1,
+        payload: {
+          method: 'evmGetAddress',
+          path,
+        },
+      });
+      method.device = device as any;
+
+      await method.checkSafetyLevelOnTestNet();
+
+      expect(typedCall).not.toHaveBeenCalled();
+    }
+  );
+
+  it('keeps safety checks unchanged for standard 5-segment BIP44 paths', async () => {
+    const { device, typedCall } = createDevice('PRO');
+    const method = new EvmGetAddress({
+      id: 1,
+      payload: {
+        method: 'evmGetAddress',
+        path: "m/44'/60'/0'/0/2",
+      },
+    });
+    method.device = device as any;
+
+    await method.checkSafetyLevelOnTestNet();
+
+    expect(typedCall).not.toHaveBeenCalled();
+  });
+
+  it('keeps safety checks unchanged on non Pro/Touch devices', async () => {
+    const { device, typedCall } = createDevice('MINI');
+    const method = new EvmGetAddress({
+      id: 1,
+      payload: {
+        method: 'evmGetAddress',
+        path: "m/44'/60'/0'/2",
+      },
+    });
+    method.device = device as any;
+
+    await method.checkSafetyLevelOnTestNet();
+
+    expect(typedCall).not.toHaveBeenCalled();
+  });
+});

package/__tests__/logBlockEvent.test.ts

@@ -0,0 +1,37 @@
+import { UI_RESPONSE, getLogBlockLabel } from '../src/events';
+
+describe('getLogBlockLabel', () => {
+  it('blocks evmSignTypedData params before logging large typed data', () => {
+    expect(
+      getLogBlockLabel({
+        method: 'evmSignTypedData',
+        data: {
+          message: {
+            data: `0x${'ab'.repeat(4096)}`,
+          },
+        },
+      })
+    ).toBe('evmSignTypedData');
+  });
+
+  it('blocks evmSignTypedData iframe call payload before bridge logging', () => {
+    expect(
+      getLogBlockLabel({
+        event: 'iframe-call',
+        type: 'iframe-call',
+        payload: {
+          method: 'evmSignTypedData',
+          data: {
+            message: {
+              data: `0x${'ab'.repeat(4096)}`,
+            },
+          },
+        },
+      })
+    ).toBe('evmSignTypedData');
+  });
+
+  it('keeps existing sensitive UI response blocking', () => {
+    expect(getLogBlockLabel({ type: UI_RESPONSE.RECEIVE_PIN })).toBe(UI_RESPONSE.RECEIVE_PIN);
+  });
+});

package/__tests__/preInitialize.test.ts

@@ -0,0 +1,22 @@
+import { Device } from '../src/device/Device';
+
+jest.mock('../src/data/config', () => ({
+  getSDKVersion: jest.fn(() => '1.0.0'),
+  DEFAULT_DOMAIN: 'https://jssdk.onekey.so/1.0.0/',
+}));
+
+describe('preInitialize', () => {
+  it('matches pre-initialized state by passphraseState only', () => {
+    const device = Object.create(Device.prototype) as Device;
+
+    device.markPreInitialized({
+      passphraseState: 'passphrase-state',
+    });
+
+    expect(
+      device.isPreInitializeMetaMatch({
+        passphraseState: 'passphrase-state',
+      })
+    ).toBe(true);
+  });
+});

package/__tests__/protocol-v2.test.ts

@@ -17,8 +17,15 @@ import GetDeviceInfo from '../src/api/GetDeviceInfo';
 import GetPassphraseState from '../src/api/GetPassphraseState';
 import GetOnekeyFeatures from '../src/api/GetOnekeyFeatures';
 import { batchGetPublickeys } from '../src/api/helpers/batchGetPublickeys';
+import SuiGetAddress from '../src/api/sui/SuiGetAddress';
+import SuiGetPublicKey from '../src/api/sui/SuiGetPublicKey';
+import SuiSignMessage from '../src/api/sui/SuiSignMessage';
 import SuiSignTransaction from '../src/api/sui/SuiSignTransaction';
 import SolGetAddress from '../src/api/solana/SolGetAddress';
+import TonGetAddress from '../src/api/ton/TonGetAddress';
+import TonSignData from '../src/api/ton/TonSignData';
+import TonSignMessage from '../src/api/ton/TonSignMessage';
+import TonSignProof from '../src/api/ton/TonSignProof';
 import TronGetAddress from '../src/api/tron/TronGetAddress';
 import TronSignMessage from '../src/api/tron/TronSignMessage';
 import XrpSignTransaction from '../src/api/xrp/XrpSignTransaction';
@@ -133,8 +140,9 @@ describe('Protocol V2 feature adapter', () => {
     expect(features.ble_enable).toBe(true);
   });
 
-  test('uses GetPassphraseState payloads compatible with Pro1 passphrase flow', async () => {
+  test('uses GetPassphraseState payloads compatible with Pro series passphrase flow', async () => {
     const features = normalizeProtocolV2Features(descriptor as any);
+    features.onekey_firmware_version = '4.15.0';
     const typedCall = jest.fn().mockResolvedValue({
       type: 'PassphraseState',
       message: {
@@ -229,6 +237,8 @@ describe('Protocol V2 feature adapter', () => {
       ...descriptor,
       protocolType: 'V2',
     } as any);
+    (device as any).features.onekey_firmware_version = '4.15.0';
+    (device as any).features.passphrase_protection = true;
     (device as any).commands = { typedCall };
 
     await expect(getPassphraseStateWithRefreshDeviceInfo(device)).resolves.toMatchObject({
@@ -238,7 +248,7 @@ describe('Protocol V2 feature adapter', () => {
 
     expect(device.passphraseState).toBeUndefined();
     expect(device.features?.passphrase_protection).toBe(true);
-    expect(device.features?.session_id).toBe('session-auto');
+    expect(device.features?.session_id).toBeNull();
     expect(device.getInternalState()).toBeUndefined();
     device.passphraseState = 'state-auto';
     expect(device.getInternalState()).toBe('session-auto');
@@ -268,6 +278,7 @@ describe('Protocol V2 feature adapter', () => {
         },
       }
     );
+    (device as any).features.onekey_firmware_version = '4.15.0';
     (device as any).commands = { typedCall };
 
     await expect(
@@ -278,7 +289,7 @@ describe('Protocol V2 feature adapter', () => {
     });
 
     expect(device.features?.passphrase_protection).toBe(false);
-    expect(device.features?.session_id).toBe('main-pin-session');
+    expect(device.features?.session_id).toBeNull();
     expect(device.getInternalState()).toBeUndefined();
     expect(typedCall).toHaveBeenLastCalledWith('GetPassphraseState', 'PassphraseState', {
       _only_main_pin: true,
@@ -300,6 +311,8 @@ describe('Protocol V2 feature adapter', () => {
       ...descriptor,
       protocolType: 'V2',
     } as any);
+    (device as any).features.onekey_firmware_version = '4.15.0';
+    (device as any).features.passphrase_protection = true;
     (device as any).commands = { typedCall };
 
     await expect(device.checkPassphraseStateSafety('expected-state', false, true)).resolves.toBe(
@@ -307,7 +320,7 @@ describe('Protocol V2 feature adapter', () => {
     );
 
     expect(device.getInternalState()).toBeUndefined();
-    expect(typedCall).toHaveBeenLastCalledWith('GetPassphraseState', 'PassphraseState', {
+    expect(typedCall).toHaveBeenNthCalledWith(1, 'GetPassphraseState', 'PassphraseState', {
       passphrase_state: 'expected-state',
     });
   });
@@ -676,7 +689,7 @@ describe('API compatibility handling', () => {
     );
   });
 
-  test('does not mark Pro2 Tron and Solana address methods as unsupported', () => {
+  test('does not mark Pro2 Tron, Solana, TON and SUI methods as unsupported', () => {
     const features = {
       onekey_device_type: 'pro2',
     } as Features;
@@ -697,6 +710,66 @@ describe('API compatibility handling', () => {
         showOnOneKey: false,
       },
     });
+    const tonGetAddressMethod = new TonGetAddress({
+      id: 3,
+      payload: {
+        method: 'tonGetAddress',
+        path: "m/44'/607'/0'",
+        showOnOneKey: false,
+      },
+    });
+    const tonSignMessageMethod = new TonSignMessage({
+      id: 4,
+      payload: {
+        method: 'tonSignMessage',
+        path: "m/44'/607'/0'",
+      },
+    });
+    const tonSignProofMethod = new TonSignProof({
+      id: 5,
+      payload: {
+        method: 'tonSignProof',
+        path: "m/44'/607'/0'",
+      },
+    });
+    const tonSignDataMethod = new TonSignData({
+      id: 6,
+      payload: {
+        method: 'tonSignData',
+        path: "m/44'/607'/0'",
+      },
+    });
+    const suiGetAddressMethod = new SuiGetAddress({
+      id: 7,
+      payload: {
+        method: 'suiGetAddress',
+        path: "m/44'/784'/0'/0'/0'",
+        showOnOneKey: false,
+      },
+    });
+    const suiGetPublicKeyMethod = new SuiGetPublicKey({
+      id: 8,
+      payload: {
+        method: 'suiGetPublicKey',
+        path: "m/44'/784'/0'/0'/0'",
+      },
+    });
+    const suiSignMessageMethod = new SuiSignMessage({
+      id: 9,
+      payload: {
+        method: 'suiSignMessage',
+        path: "m/44'/784'/0'/0'/0'",
+        messageHex: '0x1234',
+      },
+    });
+    const suiSignTransactionMethod = new SuiSignTransaction({
+      id: 10,
+      payload: {
+        method: 'suiSignTransaction',
+        path: "m/44'/784'/0'/0'/0'",
+        rawTx: '0x1234',
+      },
+    });
 
     expect(
       isMethodVersionRangeUnsupported(
@@ -708,6 +781,48 @@ describe('API compatibility handling', () => {
         getMethodVersionRange(features, type => solMethod.getVersionRange()[type])
       )
     ).toBe(false);
+    expect(getMethodVersionRange(features, type => tonGetAddressMethod.getVersionRange()[type]))
+      .toEqual({
+        min: '0.0.0',
+      });
+    expect(getMethodVersionRange(features, type => tonSignMessageMethod.getVersionRange()[type]))
+      .toEqual({
+        min: '0.0.0',
+      });
+    expect(getMethodVersionRange(features, type => tonSignProofMethod.getVersionRange()[type]))
+      .toEqual({
+        min: '0.0.0',
+      });
+    expect(getMethodVersionRange(features, type => tonSignDataMethod.getVersionRange()[type]))
+      .toEqual({
+        min: '0.0.0',
+      });
+    expect(getMethodVersionRange(features, type => suiGetAddressMethod.getVersionRange()[type]))
+      .toEqual({
+        min: '0.0.0',
+      });
+    expect(getMethodVersionRange(features, type => suiGetPublicKeyMethod.getVersionRange()[type]))
+      .toEqual({
+        min: '0.0.0',
+      });
+    expect(getMethodVersionRange(features, type => suiSignMessageMethod.getVersionRange()[type]))
+      .toEqual({
+        min: '0.0.0',
+      });
+    expect(
+      getMethodVersionRange(features, type => suiSignTransactionMethod.getVersionRange()[type])
+    ).toEqual({
+      min: '0.0.0',
+    });
+  });
+
+  test('includes TON signData in the Protocol V2 protobuf schema', () => {
+    const protocolV2Messages = DataManager.getProtobufMessages('v2Schema') as any;
+
+    expect(protocolV2Messages.nested.TonSignData).toBeDefined();
+    expect(protocolV2Messages.nested.TonSignedData).toBeDefined();
+    expect(protocolV2Messages.nested.MessageType.values.MessageType_TonSignData).toBe(11908);
+    expect(protocolV2Messages.nested.MessageType.values.MessageType_TonSignedData).toBe(11909);
   });
 
   test('uses chunk transfer for large Sui transactions on Protocol V2', async () => {
@@ -1161,7 +1276,6 @@ describe('Protocol V2 firmware update targets', () => {
       filePath: 'vol1:firmware.bin',
       processedSize: 0,
       totalSize: 4097,
-      transferStartTime: Date.now() - 1000,
     });
 
     const writePayloads = typedCall.mock.calls.map(call => call[2]);
@@ -1169,16 +1283,6 @@ describe('Protocol V2 firmware update targets', () => {
     expect(writePayloads.map(payload => payload.file.data.byteLength)).toEqual([4096, 1]);
     expect(writePayloads.map(payload => payload.overwrite)).toEqual([true, false]);
     expect(writePayloads.every(payload => payload.append === false)).toBe(true);
-    expect(method.postProgressMessage).toHaveBeenLastCalledWith(
-      99,
-      'transferData',
-      expect.objectContaining({
-        transferredBytes: 4097,
-        totalBytes: 4097,
-        rateBytesPerSecond: expect.any(Number),
-        elapsedMs: expect.any(Number),
-      })
-    );
   });
 
   test('caps native BLE firmware upload chunks below the WebUSB limit', async () => {
@@ -1358,7 +1462,7 @@ describe('Protocol V2 firmware update method', () => {
 });
 
 describe('Protocol V2 onboarding status method', () => {
-  test('returns DeviceOnboardingStatus from low-level status query', async () => {
+  test('returns OnboardingStatus from low-level status query', async () => {
     const method = new DeviceGetOnboardingStatus({
       id: 1,
       payload: {
@@ -1368,10 +1472,16 @@ describe('Protocol V2 onboarding status method', () => {
     method.init();
 
     const typedCall = jest.fn().mockResolvedValue({
-      type: 'DeviceOnboardingStatus',
+      type: 'OnboardingStatus',
       message: {
-        step: 4,
-        page_name: 'Recovery Phrase',
+        step: 3,
+        setup: {
+          restore: {
+            mnemonic: true,
+          },
+        },
+        detail_code: 7,
+        detail_str: 'Recovery Phrase',
       },
     });
 
@@ -1380,14 +1490,16 @@ describe('Protocol V2 onboarding status method', () => {
     };
 
     await expect(method.run()).resolves.toEqual({
-      step: 4,
-      page_name: 'Recovery Phrase',
+      step: 3,
+      setup: {
+        restore: {
+          mnemonic: true,
+        },
+      },
+      detail_code: 7,
+      detail_str: 'Recovery Phrase',
     });
-    expect(typedCall).toHaveBeenCalledWith(
-      'DeviceGetOnboardingStatus',
-      'DeviceOnboardingStatus',
-      {}
-    );
+    expect(typedCall).toHaveBeenCalledWith('GetOnboardingStatus', 'OnboardingStatus', {});
   });
 });