BitBoxSwiss
diff --git a/‎.github/workflows/ci.yml
+16-10 b/‎.github/workflows/ci.yml
+16-10
diff --git a/‎api/bootloader/device_test.go
+4-4 b/‎api/bootloader/device_test.go
+4-4
diff --git a/‎api/bootloader/util_test.go
+4-4 b/‎api/bootloader/util_test.go
+4-4
diff --git a/‎api/firmware/backup_test.go
+59 b/‎api/firmware/backup_test.go
+59
diff --git a/‎api/firmware/bip85_test.go
+38 b/‎api/firmware/bip85_test.go
+38
diff --git a/‎api/firmware/btc_test.go
+89-2 b/‎api/firmware/btc_test.go
+89-2
@@ -11,9 +11,9 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Clone the repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Enable caching
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           # Increment cache number to invalidate.
           key: ${{runner.os}}-cache-1
@@ -22,7 +22,7 @@ jobs:
             ~/.cache/go-build
             ~/.cache/golangci-lint
       - name: Install Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v4
         with:
           go-version: ${{env.GO_VERSION}}
       # Keep the linter version and its config in .golangci.yml in sync with the app repo at
@@ -37,31 +37,37 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Clone the repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Enable caching
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           # Increment cache number to invalidate.
           key: ${{runner.os}}-cache-1
           path: |
             ~/go/pkg
             ~/.cache/go-build
             ~/.cache/golangci-lint
+      - name: Enable simulators caching
+        uses: actions/cache@v4
+        with:
+          key: ${{runner.os}}-simulators-cache-${{hashFiles('./api/firmware/testdata/simulators.json')}}
+          path: |
+            ./api/firmware/testdata/simulators
       - name: Install Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v4
         with:
           go-version: ${{env.GO_VERSION}}
       - name: Test
         run: |
           go version
-          go test ./...
+          go test ./... -v
   build:
     runs-on: ubuntu-22.04
     steps:
       - name: Clone the repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Enable caching
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           # Increment cache number to invalidate.
           key: ${{runner.os}}-cache-1
@@ -70,7 +76,7 @@ jobs:
             ~/.cache/go-build
             ~/.cache/golangci-lint
       - name: Install Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v4
         with:
           go-version: ${{env.GO_VERSION}}
       - name: Build
 
@@ -19,7 +19,7 @@ import (
 	"encoding/hex"
 	"errors"
 	"fmt"
-	"io/ioutil"
+	"os"
 	"testing"
 
 	"github.com/BitBoxSwiss/bitbox02-api-go/api/bootloader"
@@ -184,7 +184,7 @@ func TestGetHashes(t *testing.T) {
 
 // TestSignedFirmwareVersion tests device.SignedFirmwareVersion.
 func TestSignedFirmwareVersion(t *testing.T) {
-	signedFirmware, err := ioutil.ReadFile("testdata/firmware-btc.v4.2.2.signed.bin")
+	signedFirmware, err := os.ReadFile("testdata/firmware-btc.v4.2.2.signed.bin")
 	if err != nil {
 		panic(err)
 	}
@@ -209,11 +209,11 @@ func TestSignedFirmwareVersion(t *testing.T) {
 // TestUpgradeFirmware tests a successful firmware upgrade with a real-world signed firmware
 // fixture.
 func TestUpgradeFirmware(t *testing.T) {
-	signedFirmware, err := ioutil.ReadFile("testdata/firmware-btc.v4.2.2.signed.bin")
+	signedFirmware, err := os.ReadFile("testdata/firmware-btc.v4.2.2.signed.bin")
 	if err != nil {
 		panic(err)
 	}
-	unsignedFirmware, err := ioutil.ReadFile("testdata/firmware-btc.v4.2.2.bin")
+	unsignedFirmware, err := os.ReadFile("testdata/firmware-btc.v4.2.2.bin")
 	if err != nil {
 		panic(err)
 	}
 
@@ -16,7 +16,7 @@ package bootloader
 
 import (
 	"encoding/hex"
-	"io/ioutil"
+	"os"
 	"testing"
 
 	"github.com/BitBoxSwiss/bitbox02-api-go/api/common"
@@ -27,7 +27,7 @@ func TestHashFirmware(t *testing.T) {
 	emptyHash := []byte("\xad\x27\x67\x91\x84\x74\xf3\x30\x02\x95\xb2\xef\x94\x9a\xe8\x13\xd7\x87\x0c\xed\x70\x30\x58\x29\xa0\x12\x91\xa4\x8f\x8b\xbc\x78")
 	require.Equal(t, emptyHash, HashFirmware(5, []byte{}))
 
-	unsignedFirmware, err := ioutil.ReadFile("testdata/firmware-btc.v4.2.2.bin")
+	unsignedFirmware, err := os.ReadFile("testdata/firmware-btc.v4.2.2.bin")
 	require.NoError(t, err)
 	require.Equal(t,
 		[]byte("\x9a\xfc\x65\xa1\x99\x6c\x0d\xfd\xbb\x17\x08\xbf\x51\x8d\x96\x8c\xde\xc7\xe3\xc3\x52\x56\x1e\x2b\x09\x1d\x91\x83\x6c\x06\x8a\xe5"),
@@ -36,10 +36,10 @@ func TestHashFirmware(t *testing.T) {
 }
 
 func TestParseSignedFirmmare(t *testing.T) {
-	unsignedFirmware, err := ioutil.ReadFile("testdata/firmware-btc.v4.2.2.bin")
+	unsignedFirmware, err := os.ReadFile("testdata/firmware-btc.v4.2.2.bin")
 	require.NoError(t, err)
 
-	signedFirmware, err := ioutil.ReadFile("testdata/firmware-btc.v4.2.2.signed.bin")
+	signedFirmware, err := os.ReadFile("testdata/firmware-btc.v4.2.2.signed.bin")
 	require.NoError(t, err)
 
 	product, sigData, firmware, err := ParseSignedFirmware(signedFirmware)
 
@@ -0,0 +1,59 @@
+// Copyright 2024 Shift Crypto AG
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package firmware
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestSimulatorBackups(t *testing.T) {
+	const seedLen = 32
+	const testName = "test wallet name"
+	testSimulatorsAfterPairing(t, func(t *testing.T, device *Device) {
+		t.Helper()
+		require.NoError(t, device.SetDeviceName(testName))
+
+		require.NoError(t, device.SetPassword(seedLen))
+		require.Equal(t, StatusSeeded, device.Status())
+
+		list, err := device.ListBackups()
+		require.NoError(t, err)
+		require.Empty(t, list)
+
+		_, err = device.CheckBackup(true)
+		require.Error(t, err)
+
+		require.NoError(t, device.CreateBackup())
+		require.Equal(t, StatusInitialized, device.Status())
+
+		list, err = device.ListBackups()
+		require.NoError(t, err)
+		require.Len(t, list, 1)
+		require.Equal(t, testName, list[0].Name)
+
+		id, err := device.CheckBackup(true)
+		require.NoError(t, err)
+		require.Equal(t, list[0].ID, id)
+
+		require.Error(t, device.RestoreBackup(list[0].ID))
+		require.NoError(t, device.Reset())
+		require.NoError(t, device.RestoreBackup(list[0].ID))
+		id, err = device.CheckBackup(true)
+		require.NoError(t, err)
+		require.Equal(t, list[0].ID, id)
+	})
+}
@@ -0,0 +1,38 @@
+// Copyright 2024 Shift Crypto AG
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package firmware
+
+import (
+	"encoding/hex"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestSimulatorBIP85AppBip39(t *testing.T) {
+	// Can't test this yet as the simulator panics at trinary_choice (12, 18, 24 word choice).
+	t.Skip()
+}
+
+func TestSimulatorBIP85AppLN(t *testing.T) {
+	testInitializedSimulators(t, func(t *testing.T, device *Device) {
+		t.Helper()
+		entropy, err := device.BIP85AppLN()
+		require.NoError(t, err)
+		require.Equal(t,
+			"d05448562b8b64994b7de7eac43cdc8a",
+			hex.EncodeToString(entropy))
+	})
+}
@@ -1,4 +1,5 @@
 // Copyright 2018-2019 Shift Cryptosecurity AG
+// Copyright 2024 Shift Crypto AG
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -20,12 +21,26 @@ import (
 
 	"github.com/BitBoxSwiss/bitbox02-api-go/api/firmware/messages"
 	"github.com/BitBoxSwiss/bitbox02-api-go/util/semver"
+	"github.com/btcsuite/btcd/btcec/v2"
+	"github.com/btcsuite/btcd/btcec/v2/ecdsa"
+	"github.com/btcsuite/btcd/btcutil/hdkeychain"
+	"github.com/btcsuite/btcd/chaincfg/chainhash"
 	"github.com/stretchr/testify/require"
 	"google.golang.org/protobuf/proto"
 )
 
 const hardenedKeyStart = 0x80000000
 
+func parseECDSASignature(t *testing.T, sig []byte) *ecdsa.Signature {
+	t.Helper()
+	require.Len(t, sig, 64)
+	r := new(btcec.ModNScalar)
+	r.SetByteSlice(sig[:32])
+	s := new(btcec.ModNScalar)
+	s.SetByteSlice(sig[32:])
+	return ecdsa.NewSignature(r, s)
+}
+
 func TestNewXPub(t *testing.T) {
 	xpub, err := NewXPub(
 		"xpub6FEZ9Bv73h1vnE4TJG4QFj2RPXJhhsPbnXgFyH3ErLvpcZrDcynY65bhWga8PazWHLSLi23PoBhGcLcYW6JRiJ12zXZ9Aop4LbAqsS3gtcy")
@@ -39,7 +54,79 @@ func TestNewXPub(t *testing.T) {
 	}, xpub)
 }
 
-func TestBTCXPub(t *testing.T) {
+func TestBTCXpub(t *testing.T) {
+	testInitializedSimulators(t, func(t *testing.T, device *Device) {
+		t.Helper()
+		xpub, err := device.BTCXPub(messages.BTCCoin_TBTC, []uint32{
+			49 + hardenedKeyStart,
+			1 + hardenedKeyStart,
+			0 + hardenedKeyStart,
+		}, messages.BTCPubRequest_YPUB, false)
+		require.NoError(t, err)
+		require.Equal(t, "ypub6WqXiL3fbDK5QNPe3hN4uSVkEvuE8wXoNCcecgggSuKVpU3Kc4fTvhuLgUhtnbAdaTb9gpz5PQdvzcsKPTLgW2CPkF5ZNRzQeKFT4NSc1xN", xpub)
+	})
+}
+
+func TestBTCAddress(t *testing.T) {
+	testInitializedSimulators(t, func(t *testing.T, device *Device) {
+		t.Helper()
+		address, err := device.BTCAddress(
+			messages.BTCCoin_TBTC,
+			[]uint32{
+				84 + hardenedKeyStart,
+				1 + hardenedKeyStart,
+				0 + hardenedKeyStart,
+				1,
+				10,
+			},
+			NewBTCScriptConfigSimple(messages.BTCScriptConfig_P2WPKH),
+			false,
+		)
+		require.NoError(t, err)
+		require.Equal(t, "tb1qq064dxjgl9h9wzgsmzy6t6306qew42w9ka02u3", address)
+	})
+}
+
+func parseXPub(t *testing.T, xpubStr string, keypath ...uint32) *hdkeychain.ExtendedKey {
+	t.Helper()
+	xpub, err := hdkeychain.NewKeyFromString(xpubStr)
+	require.NoError(t, err)
+
+	for _, child := range keypath {
+		xpub, err = xpub.Derive(child)
+		require.NoError(t, err)
+	}
+	return xpub
+}
+
+func TestSimulatorBTCSignMessage(t *testing.T) {
+	testInitializedSimulators(t, func(t *testing.T, device *Device) {
+		t.Helper()
+		coin := messages.BTCCoin_BTC
+		accountKeypath := []uint32{49 + hardenedKeyStart, 0 + hardenedKeyStart, 0 + hardenedKeyStart}
+
+		xpubStr, err := device.BTCXPub(coin, accountKeypath, messages.BTCPubRequest_XPUB, false)
+		require.NoError(t, err)
+
+		xpub := parseXPub(t, xpubStr, 0, 10)
+		pubKey, err := xpub.ECPubKey()
+		require.NoError(t, err)
+
+		sig, _, _, err := device.BTCSignMessage(
+			coin,
+			&messages.BTCScriptConfigWithKeypath{
+				ScriptConfig: NewBTCScriptConfigSimple(messages.BTCScriptConfig_P2WPKH_P2SH),
+				Keypath:      append(accountKeypath, 0, 10),
+			},
+			[]byte("message"),
+		)
+		require.NoError(t, err)
+		sigHash := chainhash.DoubleHashB([]byte("\x18Bitcoin Signed Message:\n\x07message"))
+		require.True(t, parseECDSASignature(t, sig).Verify(sigHash, pubKey))
+	})
+}
+
+func TestSimulatorBTCXPub(t *testing.T) {
 	testConfigurations(t, func(t *testing.T, env *testEnv) {
 		t.Helper()
 		expected := "mocked-xpub"
@@ -110,7 +197,7 @@ func TestBTCXPub(t *testing.T) {
 	})
 }
 
-func TestBTCAddress(t *testing.T) {
+func TestSimulatorBTCAddress(t *testing.T) {
 	testConfigurations(t, func(t *testing.T, env *testEnv) {
 		t.Helper()
 		expected := "mocked-address"