✨ (solana-signer): Add support for OCMS v1

Author: fAnselmi-Ledger

.changeset/whole-doodles-invite.md

@@ -0,0 +1,5 @@
+---
+"@ledgerhq/device-signer-kit-solana": minor
+---
+
+Add support for OCMS v1 in signMessage

apps/sample/src/components/SignerSolanaView/index.tsx

@@ -15,6 +15,7 @@ import {
   type SignMessageDAError,
   type SignMessageDAIntermediateValue,
   type SignMessageDAOutput,
+  SignMessageVersion,
   type SignTransactionDAError,
   type SignTransactionDAIntermediateValue,
   type SignTransactionDAOutput,
@@ -35,6 +36,13 @@ import { useDmk } from "@/providers/DeviceManagementKitProvider";
 
 const DEFAULT_DERIVATION_PATH = "44'/501'/0'/0'";
 
+const signMessageVersionOptions = Object.values(SignMessageVersion).map(
+  (value) => ({
+    label: value,
+    value,
+  }),
+);
+
 export const SignerSolanaView: React.FC<{ sessionId: string }> = ({
   sessionId,
 }) => {
@@ -116,21 +124,56 @@ export const SignerSolanaView: React.FC<{ sessionId: string }> = ({
         title: "Sign off chain message",
         description:
           "Perform all the actions necessary to sign a solana off-chain message from the device",
-        executeDeviceAction: ({ derivationPath, message, skipOpenApp }) => {
+        executeDeviceAction: ({
+          derivationPath,
+          message,
+          version,
+          skipOpenApp,
+        }) => {
           if (!signer) {
             throw new Error("Signer not initialized");
           }
-          return signer.signMessage(derivationPath, message, { skipOpenApp });
+          let payload: string | Uint8Array = message;
+          if (version === SignMessageVersion.Raw) {
+            const hex = message.replace(/\s/g, "");
+            if (!/^([0-9a-fA-F]{2})*$/.test(hex)) {
+              throw new Error(
+                "Raw mode requires a valid hex string (pairs of hex digits)",
+              );
+            }
+            payload = Uint8Array.from(
+              hex.match(/.{1,2}/g)?.map((b) => parseInt(b, 16)) ?? [],
+            );
+          }
+          return signer.signMessage(derivationPath, payload, {
+            version,
+            skipOpenApp,
+          });
         },
         initialValues: {
           derivationPath: DEFAULT_DERIVATION_PATH,
           message: "Hello World",
+          version: SignMessageVersion.V0,
           skipOpenApp: false,
         },
+        valueSelector: {
+          version: signMessageVersionOptions,
+        },
+        labelSelector: {
+          derivationPath: "Derivation path",
+          message: "Message (hex bytes for Raw mode)",
+          version: "Signing mode",
+          skipOpenApp: "Skip open app",
+        },
         deviceModelId,
       } satisfies DeviceActionProps<
         SignMessageDAOutput,
-        { derivationPath: string; message: string; skipOpenApp: boolean },
+        {
+          derivationPath: string;
+          message: string;
+          version: SignMessageVersion;
+          skipOpenApp: boolean;
+        },
         SignMessageDAError,
         SignMessageDAIntermediateValue
       >,

packages/signer/signer-solana/README.md

@@ -234,12 +234,13 @@ const subscription = observable.subscribe({
 
 ### Use Case 3: Sign Message
 
-This method allows users to sign a text string that is displayed on Ledger devices.
+This method allows users to sign an off-chain message displayed on Ledger devices, following the [Solana off-chain message signing specification](https://docs.anza.xyz/proposals/off-chain-message-signing).
 
 ```typescript
 const { observable, cancel } = signerSolana.signMessage(
   derivationPath,
   message,
+  options,
 );
 ```
 
@@ -254,15 +255,47 @@ const { observable, cancel } = signerSolana.signMessage(
 - `message`
 
   - **Required**
-  - **Type:** `string`
-  - The message to be signed, which will be displayed on the Ledger device.
+  - **Type:** `string | Uint8Array`
+  - The message to sign. Pass a `string` for V0/V1/Legacy (UTF-8 encoded automatically). Pass a `Uint8Array` for Raw mode when you have an already-formatted binary payload.
+
+- `options`
+
+  - Optional
+  - Type: `MessageOptions`
+
+    ```typescript
+    import { SignMessageVersion } from "@ledgerhq/device-signer-kit-solana";
+
+    enum SignMessageVersion {
+      Raw = "raw",
+      Legacy = "legacy",
+      V0 = "v0",
+      V1 = "v1",
+    }
+
+    type MessageOptions = {
+      skipOpenApp?: boolean;
+      version?: SignMessageVersion; // defaults to V0
+      appDomain?: string; // V0 only
+    };
+    ```
+
+  - `skipOpenApp`: Skip the automatic open-app step.
+  - `version`: The off-chain message signing mode. Defaults to `SignMessageVersion.V0`.
+    - **V0** (default) — original off-chain message header with `appDomain`, format detection, and up to 65 515 bytes. Falls back to Legacy on `6a81`.
+    - **V1** — simplified header: no `appDomain`, no format byte. Up to 65 535 bytes. Falls back to V0 -> Legacy on `6a81`. Not yet supported by released firmware.
+    - **Legacy** — compact header for backward compatibility with old Solana app firmware. Current firmware will reject it with `6a81`.
+    - **Raw** — pass-through mode: sends the caller-provided `Uint8Array` payload directly with no header wrapping. Use when you have already built a valid off-chain message. Returns a plain base58 signature (no envelope).
+  - `appDomain`: Application domain string for V0 headers. Encoded as UTF-8 and padded/truncated to 32 bytes. Ignored for V1, Legacy, and Raw.
 
 #### **Returns**
 
 - `observable` Emits DeviceActionState updates, including the following details:
 
 ```typescript
-type Signature = Uint8Array; // Signed message bytes
+type SignMessageOutput = {
+  signature: string; // base58 envelope (V1/V0/Legacy) or raw base58 signature (Raw)
+};
 ```
 
 - `cancel` A function to cancel the action on the Ledger device.

packages/signer/signer-solana/src/api/SignerSolana.ts

@@ -17,7 +17,7 @@ export interface SignerSolana {
 
   signMessage: (
     derivationPath: string,
-    message: string,
+    message: string | Uint8Array,
     options?: MessageOptions,
   ) => SignMessageDAReturnType;
 

packages/signer/signer-solana/src/api/index.ts

@@ -20,6 +20,8 @@ export type {
   SignTransactionDAOutput,
   SignTransactionDAReturnType,
 } from "@api/app-binder/SignTransactionDeviceActionTypes";
+export { SignMessageVersion } from "@api/model/MessageOptions";
+export type { MessageOptions } from "@api/model/MessageOptions";
 export type { Signature } from "@api/model/Signature";
 export type { SolanaTransactionOptionalConfig } from "@api/model/SolanaTransactionOptionalConfig";
 export type { Transaction } from "@api/model/Transaction";

packages/signer/signer-solana/src/api/model/MessageOptions.ts

@@ -1,10 +1,46 @@
+export enum SignMessageVersion {
+  /**
+   * Pass-through mode: sends `sendingData` directly to the device with no
+   * header wrapping. Use this when the caller has already built a valid
+   * off-chain message payload (e.g. a correctly formatted V0 or V1 OCM).
+   * Returns a plain base58 signature (no envelope).
+   */
+  Raw = "raw",
+  /**
+   * Compact V0 header without `appDomain` or signer fields.
+   * Only recognised by older Solana app firmware versions.
+   * Current firmware (>= 1.x) requires the full V0 header and will
+   * reject this format with `6a81`.
+   */
+  Legacy = "legacy",
+  V0 = "v0",
+  V1 = "v1",
+}
+
 export type MessageOptions = {
   skipOpenApp?: boolean;
   /**
-   * The application domain to include in the off-chain message header
-   * (per the Anza off-chain message signing spec).
+   * Off-chain message signing mode. Defaults to `V0`.
+   *
+   * - `V0` (default) — supported on all firmware with off-chain signing.
+   *   Falls back to Legacy on `6a81`.
+   * - `V1` — supported on firmware with V1 off-chain signing (not yet
+   *   released). Falls back to V0 on `6a81`.
+   * - `Legacy` — for backward compatibility with very old Solana app
+   *   firmware. Current firmware will reject it.
+   * - `Raw` — pass-through: the caller provides the fully formatted
+   *   payload (as `Uint8Array`) and the SDK sends it as-is.
+   *
+   * Fallback cascade on `6a81` (invalid header):
+   *   V1 -> V0 -> Legacy
+   *   V0 -> Legacy
+   *   Legacy / Raw -> no fallback
+   */
+  version?: SignMessageVersion;
+  /**
+   * V0 only: the application domain to include in the off-chain message header.
    * Encoded as UTF-8 and padded/truncated to 32 bytes.
-   * If omitted, defaults to 32 zero bytes.
+   * If omitted, defaults to 32 zero bytes. Ignored for V1, Legacy, and Raw.
    *
    * @see https://docs.anza.xyz/proposals/off-chain-message-signing
    */

packages/signer/signer-solana/src/internal/DefaultSignerSolana.test.ts

@@ -57,7 +57,7 @@ describe("DefaultSignerSolana", () => {
     expect(dmk.executeDeviceAction).toHaveBeenCalled();
   });
 
-  it("should call signMessage", () => {
+  it("should call signMessage with a string", () => {
     const dmk = {
       executeDeviceAction: vi.fn(),
       getLoggerFactory: vi.fn().mockReturnValue(mockLoggerFactory),
@@ -72,6 +72,24 @@ describe("DefaultSignerSolana", () => {
     expect(dmk.executeDeviceAction).toHaveBeenCalled();
   });
 
+  it("should call signMessage with a Uint8Array for Raw pass-through", () => {
+    const dmk = {
+      executeDeviceAction: vi.fn(),
+      getLoggerFactory: vi.fn().mockReturnValue(mockLoggerFactory),
+    } as unknown as DeviceManagementKit;
+    const sessionId = {} as DeviceSessionId;
+    const signer = new DefaultSignerSolana({
+      dmk,
+      sessionId,
+      contextModule: contextModuleStub,
+    });
+    signer.signMessage(
+      "44'/501'/0'/0'",
+      new Uint8Array([0xff, 0x01, 0x02]),
+    );
+    expect(dmk.executeDeviceAction).toHaveBeenCalled();
+  });
+
   it("should call getAppConfiguration", () => {
     const dmk = {
       executeDeviceAction: vi.fn(),

packages/signer/signer-solana/src/internal/DefaultSignerSolana.ts

@@ -151,21 +151,35 @@ export class DefaultSignerSolana implements SignerSolana {
 
   /**
    * ## signMessage
-   * #### Securely sign an arbitrary message on Ledger devices.
+   * #### Sign a Solana off-chain message on Ledger devices.
+   *
+   * Supports multiple signing modes via `SignMessageVersion`:
+   * - **V0** (default) — original header with `appDomain`, up to 65 515 bytes. Falls back to Legacy on `6a81`.
+   * - **V1** — simplified header, up to 65 535 bytes. Falls back to V0 -> Legacy on `6a81`. Not yet supported by released firmware.
+   * - **Legacy** — compact header for backward compatibility with old Solana app firmware.
+   * - **Raw** — pass-through: sends a caller-formatted `Uint8Array` payload as-is, no header wrapping.
+   *
    * ---
    * ### Parameters
    *
    * **Required**
    * - **derivationPath** `string`
    *   The derivation path used for signing.
    *
-   * - **message** `string (hex-encoded)`
-   *   The message to sign, provided as a hex string.
+   * - **message** `string | Uint8Array`
+   *   The message to sign. Pass a `string` for V0/V1/Legacy (UTF-8 encoded
+   *   automatically). Pass a `Uint8Array` for Raw mode when you have an
+   *   already-formatted binary payload.
    *
    * **Optional**
    * - **options** `MessageOptions`
    *   - **skipOpenApp** `boolean`
    *     If `true`, skips opening the Solana app on the device.
+   *   - **version** `SignMessageVersion`
+   *     Off-chain message signing mode. Defaults to `SignMessageVersion.V0`.
+   *   - **appDomain** `string`
+   *     V0 only: application domain included in the header (padded/truncated to 32 bytes).
+   *     Ignored for V1, Legacy, and Raw.
    *
    * ---
    * ### Returns
@@ -177,7 +191,7 @@ export class DefaultSignerSolana implements SignerSolana {
    * ### Internal Flow
    *
    * Under the hood, this method subscribes to an
-   * `Observable<DeviceActionState<Uint8Array, SignMessageDAError, IntermediateValue>>`.
+   * `Observable<DeviceActionState<{ signature: string }, SignMessageDAError, IntermediateValue>>`.
    *
    * #### DeviceActionState
    * Represents the lifecycle of a device action:
@@ -203,24 +217,28 @@ export class DefaultSignerSolana implements SignerSolana {
    * - **Pending** → Waiting for user confirmation on the device.
    *   Includes an `intermediateValue` of type `IntermediateValue`.
    * - **Stopped** → Action was cancelled before completion.
-   * - **Completed** → Provides the signed message bytes (`Uint8Array`).
+   * - **Completed** → Provides `{ signature: string }` — a base58 envelope
+   *   (V1/V0/Legacy) or a raw base58 signature (Raw).
    * - **Error** → The device or signing operation failed (`SignMessageDAError`).
    *
    * ---
    * ### Example
    *
    * ```ts
+   * import { SignMessageVersion } from "@ledgerhq/device-signer-kit-solana";
+   *
    * const { observable } = signerSolana.signMessage(
    *   "m/44'/501'/0'/0'",
-   *   "48656c6c6f20576f726c64" // hex string
+   *   "Hello World",
+   *   { version: SignMessageVersion.V0 },
    * );
    * observable.subscribe({
    *   next: state => {
    *     if (state.status === DeviceActionStatus.Pending) {
    *       console.log("Waiting for user action...", state.intermediateValue);
    *     }
    *     if (state.status === DeviceActionStatus.Completed) {
-   *       console.log("Signature:", state.output);
+   *       console.log("Signature:", state.output.signature);
    *     }
    *   },
    *   error: err => console.error("Error:", err),
@@ -229,7 +247,7 @@ export class DefaultSignerSolana implements SignerSolana {
    */
   signMessage(
     derivationPath: string,
-    message: string,
+    message: string | Uint8Array,
     options?: MessageOptions,
   ): SignMessageDAReturnType {
     return this._container