Skip to main content

Tendermint Validator App - Ledger Nano S

General structure

The general structure of commands and responses is as follows:

Commands

FieldTypeContentNote
CLAbyte (1)Application Identifier0x56
INSbyte (1)Instruction IDx
P1byte (1)Parameter 1x
P2byte (1)Parameter 2x
Lbyte (1)Bytes in payloadx
PAYLOADbyte (L)Payloadx

Response

FieldTypeContentNote
ANSWERbyte (?)Answerdepends on the command
SW1-SW2byte (2)Return codesee list of return codes

Return codes

Return codeDescription
0x6400Execution Error
0x6982Empty buffer
0x6983Output buffer too small
0x6986Command not allowed
0x6D00INS not supported
0x6E00CLA not supported
0x6F00Unknown
0x9000Success

Command definition

GET_VERSION

Command

FieldTypeContentExpected
CLAbyte (1)Application Identifier0x56
INSbyte (1)Instruction ID0x00
P1byte (1)Parameter 1ignored
P2byte (1)Parameter 2ignored
Lbyte (1)Bytes in payload0

Response

FieldTypeContentNote
MODEbyte (1)Test Mode0xFF means test mode is enabled
MAJORbyte (1)Version Major
MINORbyte (1)Version Minor
PATCHbyte (1)Version Patch
SW1-SW2byte (2)Return codesee list of return codes

PUBLIC_KEY_ED25519

Command

FieldTypeContentExpected
CLAbyte (1)Application Identifier0x56
INSbyte (1)Instruction ID0x01
P1byte (1)Parameter 1ignored
P2byte (1)Parameter 2ignored
Lbyte (1)Bytes in payload0

Response

FieldTypeContentNote
PKbyte (65)Public Key
SW1-SW2byte (2)Return codesee list of return codes

SIGN_ED25519

This command needs to be called several times until the complete message has been uploaded. The validator app will implement double-sign prevention.

Based on these values, the app will not sign anything that is:

  • A lower height
  • A lower round

The HSM keeps in RAM:

  • Latest height
  • Latest round

First signature / initialization

When starting the app, height and round will not be initialized. The first signature request will be used for initialization. The signature request should be rejected immediately and the the UI should switch to initialization mode. Refer the the UI spec.

Command

FieldTypeContentExpected
CLAbyte (1)Application Identifier0x56
INSbyte (1)Instruction ID0x03
P1byte (1)Packet Current Indexignored
P2byte (1)Packet Total Countignored
Lbyte (1)Bytes in payload0

Response

FieldTypeContentNote
SIGbyte (64)Signature
SW1-SW2byte (2)Return codesee list of return codes