5 Commits

Author SHA1 Message Date
Marvin Jones
2dc114c27b docs(keycard): clarify personalization is mandatory and document default CA
Reinstalling the applet via `./gradlew install` wipes any existing
personalization regardless of firmware source, which wasn't previously
called out and is a common source of "card not available" confusion.
Also state plainly that personalization is required before any command
works, and document keycard-rs's actual baked-in default CA public key
instead of only describing the override mechanism.

Export KEYCARD_CA_PUBLIC_KEY in all keycard test scripts so they work
against the dev/test-CA personalization flow they rely on.
2026-07-07 17:04:05 -04:00
Marvin Jones
42b53c6907 Updated to v2 secure communication 2026-07-06 17:41:36 -04:00
Marvin Jones
763464d27b refactor(keycard_wallet): replace keycard-py (pyo3) with native keycard-rs
Rewrites the Keycard integration to talk to the LEE-flavored applet
directly from Rust via keycard-rs (pinned git dependency), dropping the
pyo3 shim, python_path.rs, and the vendored keycard-py Python library
entirely. Verified end-to-end against real hardware: pairing, PIN
verification, mnemonic loading, BIP340 Schnorr signing, and transfers
between keycard and public/private accounts.

Also cleans up the pyo3 usage that had leaked into wallet's signing
path (signing.rs, account_manager.rs) beyond the keycard CLI itself,
and trims wallet_with_keycard.sh's Python setup down to just pyscard,
which is only needed by the force_unpower.py test helper now.
2026-07-06 17:41:36 -04:00
jonesmarvin8
feb6cb7f92
feat(wallet): add keycard support for public accounts for public/privacy txs for program facades (#461)
* feat: add basic commands for communicating with keycard

* initialize changes

* reorganization

* add script file for easier wallet access

* update commands

* fixes

* fixed load for non continuous run

* Updates for signatures with keycard

* fix BIP-340 signatures for fixed sized messages

* fmt

* refactor and add pin support to program facades

* fix unit test

* fixes

* Revert "fixes"

This reverts commit 41f34f4ff4145b7abb60fd9bec168ae4b60f23b4.

* fixes

* fixes

* Removed privacy keycard calls

* Revert "Removed privacy keycard calls"

This reverts commit d70ef505a1f40b87159099761f5fce5a31e3f17b.

* Add domain separators

* Removed privacy txs for keycard

* CI fixes

* CI fixes

* addressed some comments

* fix ci

* initialize branch

* ci fixes

* fix integration test issue and updated keycard firmware

* addressed more comments

* fixed deny

* remove keycard-py

* fixed from earlier merge

* add hash_message tests

* add test

* fix deny

* CI fixes

* fixed integration tests

* Update public.rs

* update artifacts

* privacy command fixes

* ci and comments

* addressed comments

* comment fixes

* fixes from merging main

* adding support to other programs

* expanded support

* ci fixes

* ci and add private account keys test

* some fixes and setup notes

* Ci fixes

* ci fixes

* update key paths to avoid collisions in tests

* added separated files for keycard_tests_2.sh

* first round of comments

* Revert "Merge branch 'main' into marvin/keycard-commands"

This reverts commit 3fce53f663a3996938dddf77680854570063ca21, reversing
changes made to e7b42a5177641455a8917bd2e29db20afd9690e5.

* python comments

* addressed comments

* compile error fixed

* fix artifacts

* fix main merge error

* adjust signer logic workflow

* updating logic

* fmt

* refactored

* clippy fix

* minor fix

* addressing comments

* minor fix

* ci fix

* addressed deferred comments

* clean up

* minor cleanup

* ci fixes

* fmt fix

* feat!(wallet): Merged `SigningGroup` with `AccountManager` (#500)

* feat: account manager extension

* feat(wallet): added unified way of sending public transactions to all facades

* fix(wallet): no sign option added

* fix(deny): deny fix

* fix(wallet): suggestion 1

* fix(wallet): suggestion fix 1

* feat!: Add new path for externally provided seed to the circuit.

BREAKING CHANGE: add identity variants to the circuit and change semantics for `Claim::Authorized` for private PDAs

* feat(ci): use separate job per each integration tests module

* feat(ci): cache rust artifacts

* feat(ci): build integration tests binary once and reuse it

* fix(wallet): fmt

* ci: add bench-regression workflow with criterion-compare for crypto_primitives_bench

* fix(wallet): merge postfix

* feat!(wallet): SigningGroup merged with AccountManager

* fix(ci): deny and artifacts fix

* fix(deny): deny fix

* fix keycard and lint

---------

Co-authored-by: Sergio Chouhy <sergio.chouhy@gmail.com>
Co-authored-by: Daniil Polyakov <arjentix@gmail.com>
Co-authored-by: Moudy <m.ellaz@hotmail.com>
Co-authored-by: Sergio Chouhy <41742639+schouhy@users.noreply.github.com>
Co-authored-by: jonesmarvin8 <83104039+jonesmarvin8@users.noreply.github.com>

* addressed comments

* minor comments

* Rebase to main

* CI fixes

---------

Co-authored-by: Pravdyvy <46261001+Pravdyvy@users.noreply.github.com>
Co-authored-by: Sergio Chouhy <sergio.chouhy@gmail.com>
Co-authored-by: Daniil Polyakov <arjentix@gmail.com>
Co-authored-by: Moudy <m.ellaz@hotmail.com>
Co-authored-by: Sergio Chouhy <41742639+schouhy@users.noreply.github.com>
2026-06-05 17:35:10 -04:00
Sergio Chouhy
50be74580b refactor!: move LEZ related crates to dedicated directory
BREAKING CHANGE: LEZ crates have been moved from top-level directories into
  a dedicated `lez/` subdirectory. The following crates were relocated:

    common          → lez/common
    indexer         → lez/indexer
    explorer_service→ lez/explorer_service
    keycard_wallet  → lez/keycard_wallet
    mempool         → lez/mempool
    sequencer       → lez/sequencer
    storage         → lez/storage
    testnet_initial_state → lez/testnet_initial_state
    wallet          → lez/wallet
    wallet-ffi      → lez/wallet-ffi

  Any external tooling, scripts, or paths referencing these crates at their
  previous top-level locations must be updated.
2026-06-02 14:17:59 -03:00