Decrypt Wasm Messages

[blake-regalia]

Feature Request: Decrypt Wasm Messages (Draft)

This PR introduces the ability for the Ledger app to decrypt the message being sent to Secret WASM contracts, allowing users to see the actual message contents they are signing (e.g., details of SNIP transfers) instead of the base64-encoded buffer of the encrypted message.

How it works

A new instruction code 0x42 #SIGN_SECP256K1_DECRYPT is introduced in order to remain backwards-compatible. The new instruction allows callers to include an optional AES-128-SIV key (the transaction encryption key) which was used to encrypt the WASM message (see docs preview here).

The app then performs all the same checks and parsing as it does with 0x02 #SIGN_SECP256K1, in addition to verifying authenticity/integrity of the encrypted data via CMAC.

When displaying pages to the users, the app replaces the encrypted base64-encoded string with the decrypted message contents, allowing for transparent signing.

This approach ensures that the app is still signing the exact same payload as before, and that a malicious caller would not be able to trick users into signing a different message (e.g., by providing a false decryption key).

A note on app size

This implementation makes use of system libraries and already imported libs wherever possible, maintaining as small a footprint as possible to cut down on app size. v2.34.1 of the Secret app for Nano S is currently 46 KB (1/3rd the capacity of the device). Upon reviewing the entire source code, I believe there is a fair amount of optimization that can be done to reduce this size. A follow-up item will be to attempt to apply these optimizations.

Steps remaining before PR is moved out of draft status:

• Finish S2V implementation
• Add comprehensive test coverage
• Reduce size of app by optimizing parts of Zondax's implementation
• Report on output binary size difference affected by changes

[blake-regalia]

S2V has been implemented 🎉

Need to add tests next