@ledgerhq/hw-app-btc 6.11.0 → 6.12.1

package/src/BtcNew.ts

@@ -1,6 +1,6 @@
 import { crypto } from "bitcoinjs-lib";
-import { pointCompress, pointAddScalar } from "tiny-secp256k1";
 import semver from "semver";
+import { pointCompress } from "tiny-secp256k1";
 import {
   getXpubComponents,
   hardenedPathOf,
@@ -8,26 +8,29 @@ import {
   pathStringToArray,
   pubkeyFromXpub,
 } from "./bip32";
-import { BufferReader, BufferWriter } from "./buffertools";
+import { BufferReader } from "./buffertools";
 import type { CreateTransactionArg } from "./createTransaction";
+import { AppAndVersion } from "./getAppAndVersion";
 import type { AddressFormat } from "./getWalletPublicKey";
-import { hashPublicKey } from "./hashPublicKey";
+import {
+  AccountType,
+  p2pkh,
+  p2tr,
+  p2wpkh,
+  p2wpkhWrapped,
+  SpendingCondition,
+} from "./newops/accounttype";
 import { AppClient as Client } from "./newops/appClient";
-import { createKey, WalletPolicy } from "./newops/policy";
+import {
+  createKey,
+  DefaultDescriptorTemplate,
+  WalletPolicy,
+} from "./newops/policy";
 import { extract } from "./newops/psbtExtractor";
 import { finalize } from "./newops/psbtFinalizer";
 import { psbtIn, PsbtV2 } from "./newops/psbtv2";
 import { serializeTransaction } from "./serializeTransaction";
 import type { Transaction } from "./types";
-import {
-  HASH_SIZE,
-  OP_CHECKSIG,
-  OP_DUP,
-  OP_EQUAL,
-  OP_EQUALVERIFY,
-  OP_HASH160,
-} from "./constants";
-import { AppAndVersion } from "./getAppAndVersion";
 
 const newSupportedApps = ["Bitcoin", "Bitcoin Test"];
 
@@ -127,7 +130,7 @@ export default class BtcNew {
 
     const address = await this.getWalletAddress(
       pathElements,
-      accountTypeFrom(opts?.format ?? "legacy"),
+      descrTemplFrom(opts?.format ?? "legacy"),
       display
     );
     const components = getXpubComponents(xpub);
@@ -158,7 +161,7 @@ export default class BtcNew {
    */
   private async getWalletAddress(
     pathElements: number[],
-    accountType: AccountType,
+    descrTempl: DefaultDescriptorTemplate,
     display: boolean
   ): Promise<string> {
     const accountPath = hardenedPathOf(pathElements);
@@ -168,7 +171,7 @@ export default class BtcNew {
     const accountXpub = await this.client.getExtendedPubkey(false, accountPath);
     const masterFingerprint = await this.client.getMasterFingerprint();
     const policy = new WalletPolicy(
-      accountType,
+      descrTempl,
       createKey(masterFingerprint, accountPath, accountXpub)
     );
     const changeAndIndex = pathElements.slice(-2, pathElements.length);
@@ -192,27 +195,39 @@ export default class BtcNew {
   async createPaymentTransactionNew(
     arg: CreateTransactionArg
   ): Promise<string> {
-    if (arg.inputs.length == 0) {
+    const inputCount = arg.inputs.length;
+    if (inputCount == 0) {
       throw Error("No inputs");
     }
     const psbt = new PsbtV2();
+    // The master fingerprint is needed when adding BIP32 derivation paths on
+    // the psbt.
+    const masterFp = await this.client.getMasterFingerprint();
 
-    const accountType = accountTypeFromArg(arg);
+    const accountType = accountTypeFromArg(arg, psbt, masterFp);
 
     if (arg.lockTime) {
       // The signer will assume locktime 0 if unset
       psbt.setGlobalFallbackLocktime(arg.lockTime);
     }
-    psbt.setGlobalInputCount(arg.inputs.length);
+    psbt.setGlobalInputCount(inputCount);
     psbt.setGlobalPsbtVersion(2);
     psbt.setGlobalTxVersion(2);
 
-    // The master fingerprint is needed when adding BIP32 derivation paths on
-    // the psbt.
-    const masterFp = await this.client.getMasterFingerprint();
+    let notifyCount = 0;
+    const progress = () => {
+      if (!arg.onDeviceStreaming) return;
+      arg.onDeviceStreaming({
+        total: 2 * inputCount,
+        index: notifyCount,
+        progress: ++notifyCount / (2 * inputCount),
+      });
+    };
+
     let accountXpub = "";
     let accountPath: number[] = [];
-    for (let i = 0; i < arg.inputs.length; i++) {
+    for (let i = 0; i < inputCount; i++) {
+      progress();
       const pathElems: number[] = pathStringToArray(arg.associatedKeysets[i]);
       if (accountXpub == "") {
         // We assume all inputs belong to the same account so we set
@@ -226,7 +241,8 @@ export default class BtcNew {
         arg.inputs[i],
         pathElems,
         accountType,
-        masterFp
+        masterFp,
+        arg.sigHashType
       );
     }
 
@@ -251,36 +267,41 @@ export default class BtcNew {
       // We won't know if we're paying to ourselves, because there's no
       // information in arg to support multiple "change paths". One exception is
       // if there are multiple outputs to the change address.
-      const isChange = changeData && outputScript.equals(changeData?.script);
+      const isChange =
+        changeData && outputScript.equals(changeData?.cond.scriptPubKey);
       if (isChange) {
         changeFound = true;
         // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
         const changePath = pathStringToArray(arg.changePath!);
         const pubkey = changeData.pubkey;
 
-        if (accountType == AccountType.p2pkh) {
-          psbt.setOutputBip32Derivation(i, pubkey, masterFp, changePath);
-        } else if (accountType == AccountType.p2wpkh) {
-          psbt.setOutputBip32Derivation(i, pubkey, masterFp, changePath);
-        } else if (accountType == AccountType.p2wpkhWrapped) {
-          // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
-          psbt.setOutputRedeemScript(i, changeData.redeemScript!);
-          psbt.setOutputBip32Derivation(i, pubkey, masterFp, changePath);
-        } else if (accountType == AccountType.p2tr) {
-          psbt.setOutputTapBip32Derivation(i, pubkey, [], masterFp, changePath);
-        }
+        accountType.setOwnOutput(i, changeData.cond, [pubkey], [changePath]);
       }
     }
     if (!changeFound) {
       throw new Error(
         "Change script not found among outputs! " +
-          changeData?.script.toString("hex")
+          changeData?.cond.scriptPubKey.toString("hex")
       );
     }
 
     const key = createKey(masterFp, accountPath, accountXpub);
-    const p = new WalletPolicy(accountType, key);
-    await this.signPsbt(psbt, p);
+    const p = new WalletPolicy(accountType.getDescriptorTemplate(), key);
+    // This is cheating, because it's not actually requested on the
+    // device yet, but it will be, soonish.
+    if (arg.onDeviceSignatureRequested) arg.onDeviceSignatureRequested();
+
+    let firstSigned = false;
+    // This callback will be called once for each signature yielded.
+    const progressCallback = () => {
+      if (!firstSigned) {
+        firstSigned = true;
+        arg.onDeviceSignatureGranted && arg.onDeviceSignatureGranted();
+      }
+      progress();
+    };
+
+    await this.signPsbt(psbt, p, progressCallback);
     finalize(psbt);
     const serializedTx = extract(psbt);
     return serializedTx.toString("hex");
@@ -298,9 +319,7 @@ export default class BtcNew {
     accountPath: number[],
     accountType: AccountType,
     path: string | undefined
-  ): Promise<
-    { script: Buffer; redeemScript?: Buffer; pubkey: Buffer } | undefined
-  > {
+  ): Promise<{ cond: SpendingCondition; pubkey: Buffer } | undefined> {
     if (!path) return undefined;
     const pathElems = pathStringToArray(path);
     // Make sure path is in our account, otherwise something fishy is probably
@@ -313,12 +332,9 @@ export default class BtcNew {
       }
     }
     const xpub = await this.client.getExtendedPubkey(false, pathElems);
-    let pubkey = pubkeyFromXpub(xpub);
-    if (accountType == AccountType.p2tr) {
-      pubkey = pubkey.slice(1);
-    }
-    const script = outputScriptOf(pubkey, accountType);
-    return { ...script, pubkey };
+    const pubkey = pubkeyFromXpub(xpub);
+    const cond = accountType.spendingCondition([pubkey]);
+    return { cond, pubkey };
   }
 
   /**
@@ -337,15 +353,21 @@ export default class BtcNew {
     ],
     pathElements: number[],
     accountType: AccountType,
-    masterFP: Buffer
+    masterFP: Buffer,
+    sigHashType?: number
   ): Promise<void> {
     const inputTx = input[0];
     const spentOutputIndex = input[1];
-    const redeemScript = input[2];
+    // redeemScript will be null for wrapped p2wpkh, we need to create it
+    // ourselves. But if set, it should be used.
+    const redeemScript = input[2] ? Buffer.from(input[2], "hex") : undefined;
     const sequence = input[3];
     if (sequence) {
       psbt.setInputSequence(i, sequence);
     }
+    if (sigHashType) {
+      psbt.setInputSighashType(i, sigHashType);
+    }
     const inputTxBuffer = serializeTransaction(inputTx, true);
     const inputTxid = crypto.hash256(inputTxBuffer);
     const xpubBase58 = await this.client.getExtendedPubkey(false, pathElements);
@@ -353,32 +375,19 @@ export default class BtcNew {
     const pubkey = pubkeyFromXpub(xpubBase58);
     if (!inputTx.outputs)
       throw Error("Missing outputs array in transaction to sign");
-    const spentOutput = inputTx.outputs[spentOutputIndex];
-
-    if (accountType == AccountType.p2pkh) {
-      psbt.setInputNonWitnessUtxo(i, inputTxBuffer);
-      psbt.setInputBip32Derivation(i, pubkey, masterFP, pathElements);
-    } else if (accountType == AccountType.p2wpkh) {
-      psbt.setInputNonWitnessUtxo(i, inputTxBuffer);
-      psbt.setInputBip32Derivation(i, pubkey, masterFP, pathElements);
-      psbt.setInputWitnessUtxo(i, spentOutput.amount, spentOutput.script);
-    } else if (accountType == AccountType.p2wpkhWrapped) {
-      psbt.setInputNonWitnessUtxo(i, inputTxBuffer);
-      psbt.setInputBip32Derivation(i, pubkey, masterFP, pathElements);
-      if (!redeemScript) {
-        throw new Error("Missing redeemScript for p2wpkhWrapped input");
-      }
-      const expectedRedeemScript = createRedeemScript(pubkey);
-      if (redeemScript != expectedRedeemScript.toString("hex")) {
-        throw new Error("Unexpected redeemScript");
-      }
-      psbt.setInputRedeemScript(i, expectedRedeemScript);
-      psbt.setInputWitnessUtxo(i, spentOutput.amount, spentOutput.script);
-    } else if (accountType == AccountType.p2tr) {
-      const xonly = pubkey.slice(1);
-      psbt.setInputTapBip32Derivation(i, xonly, [], masterFP, pathElements);
-      psbt.setInputWitnessUtxo(i, spentOutput.amount, spentOutput.script);
-    }
+    const spentTxOutput = inputTx.outputs[spentOutputIndex];
+    const spendCondition: SpendingCondition = {
+      scriptPubKey: spentTxOutput.script,
+      redeemScript: redeemScript,
+    };
+    const spentOutput = { cond: spendCondition, amount: spentTxOutput.amount };
+    accountType.setInput(
+      i,
+      inputTxBuffer,
+      spentOutput,
+      [pubkey],
+      [pathElements]
+    );
 
     psbt.setInputPreviousTxId(i, inputTxid);
     psbt.setInputOutputIndex(i, spentOutputIndex);
@@ -395,12 +404,14 @@ export default class BtcNew {
    */
   private async signPsbt(
     psbt: PsbtV2,
-    walletPolicy: WalletPolicy
+    walletPolicy: WalletPolicy,
+    progressCallback: () => void
   ): Promise<void> {
     const sigs: Map<number, Buffer> = await this.client.signPsbt(
       psbt,
       walletPolicy,
-      Buffer.alloc(32, 0)
+      Buffer.alloc(32, 0),
+      progressCallback
     );
     sigs.forEach((v, k) => {
       // Note: Looking at BIP32 derivation does not work in the generic case,
@@ -422,103 +433,23 @@ export default class BtcNew {
   }
 }
 
-enum AccountType {
-  p2pkh = "pkh(@0)",
-  p2wpkh = "wpkh(@0)",
-  p2wpkhWrapped = "sh(wpkh(@0))",
-  p2tr = "tr(@0)",
-}
-
-function createRedeemScript(pubkey: Buffer): Buffer {
-  const pubkeyHash = hashPublicKey(pubkey);
-  return Buffer.concat([Buffer.from("0014", "hex"), pubkeyHash]);
-}
-
-/**
- * Generates a single signature scriptPubKey (output script) from a public key.
- * This is done differently depending on account type.
- *
- * If accountType is p2tr, the public key must be a 32 byte x-only taproot
- * pubkey, otherwise it's expected to be a 33 byte ecdsa compressed pubkey.
- */
-function outputScriptOf(
-  pubkey: Buffer,
-  accountType: AccountType
-): { script: Buffer; redeemScript?: Buffer } {
-  const buf = new BufferWriter();
-  const pubkeyHash = hashPublicKey(pubkey);
-  let redeemScript: Buffer | undefined;
-  if (accountType == AccountType.p2pkh) {
-    buf.writeSlice(Buffer.of(OP_DUP, OP_HASH160, HASH_SIZE));
-    buf.writeSlice(pubkeyHash);
-    buf.writeSlice(Buffer.of(OP_EQUALVERIFY, OP_CHECKSIG));
-  } else if (accountType == AccountType.p2wpkhWrapped) {
-    redeemScript = createRedeemScript(pubkey);
-    const scriptHash = hashPublicKey(redeemScript);
-    buf.writeSlice(Buffer.of(OP_HASH160, HASH_SIZE));
-    buf.writeSlice(scriptHash);
-    buf.writeUInt8(OP_EQUAL);
-  } else if (accountType == AccountType.p2wpkh) {
-    buf.writeSlice(Buffer.of(0, HASH_SIZE));
-    buf.writeSlice(pubkeyHash);
-  } else if (accountType == AccountType.p2tr) {
-    const outputKey = getTaprootOutputKey(pubkey);
-    buf.writeSlice(Buffer.of(0x51, 32)); // push1, pubkeylen
-    buf.writeSlice(outputKey);
-  }
-  return { script: buf.buffer(), redeemScript };
-}
-
-function accountTypeFrom(addressFormat: AddressFormat): AccountType {
-  if (addressFormat == "legacy") return AccountType.p2pkh;
-  if (addressFormat == "p2sh") return AccountType.p2wpkhWrapped;
-  if (addressFormat == "bech32") return AccountType.p2wpkh;
-  if (addressFormat == "bech32m") return AccountType.p2tr;
+function descrTemplFrom(
+  addressFormat: AddressFormat
+): DefaultDescriptorTemplate {
+  if (addressFormat == "legacy") return "pkh(@0)";
+  if (addressFormat == "p2sh") return "sh(wpkh(@0))";
+  if (addressFormat == "bech32") return "wpkh(@0)";
+  if (addressFormat == "bech32m") return "tr(@0)";
   throw new Error("Unsupported address format " + addressFormat);
 }
 
-function accountTypeFromArg(arg: CreateTransactionArg): AccountType {
-  if (arg.additionals.includes("bech32m")) return AccountType.p2tr;
-  if (arg.additionals.includes("bech32")) return AccountType.p2wpkh;
-  if (arg.segwit) return AccountType.p2wpkhWrapped;
-  return AccountType.p2pkh;
-}
-
-/*
-The following two functions are copied from wallet-btc and adapted.
-They should be moved to a library to avoid code reuse. 
-*/
-function hashTapTweak(x: Buffer): Buffer {
-  // hash_tag(x) = SHA256(SHA256(tag) || SHA256(tag) || x), see BIP340
-  // See https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki#specification
-  const h = crypto.sha256(Buffer.from("TapTweak", "utf-8"));
-  return crypto.sha256(Buffer.concat([h, h, x]));
-}
-
-/**
- * Calculates a taproot output key from an internal key. This output key will be
- * used as witness program in a taproot output. The internal key is tweaked
- * according to recommendation in BIP341:
- * https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki#cite_ref-22-0
- *
- * @param internalPubkey A 32 byte x-only taproot internal key
- * @returns The output key
- */
-function getTaprootOutputKey(internalPubkey: Buffer): Buffer {
-  if (internalPubkey.length != 32) {
-    throw new Error("Expected 32 byte pubkey. Got " + internalPubkey.length);
-  }
-  // A BIP32 derived key can be converted to a schnorr pubkey by dropping
-  // the first byte, which represent the oddness/evenness. In schnorr all
-  // pubkeys are even.
-  // https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki#public-key-conversion
-  const evenEcdsaPubkey = Buffer.concat([Buffer.of(0x02), internalPubkey]);
-  const tweak = hashTapTweak(internalPubkey);
-
-  // Q = P + int(hash_TapTweak(bytes(P)))G
-  const outputEcdsaKey = Buffer.from(pointAddScalar(evenEcdsaPubkey, tweak));
-  // Convert to schnorr.
-  const outputSchnorrKey = outputEcdsaKey.slice(1);
-  // Create address
-  return outputSchnorrKey;
+function accountTypeFromArg(
+  arg: CreateTransactionArg,
+  psbt: PsbtV2,
+  masterFp: Buffer
+): AccountType {
+  if (arg.additionals.includes("bech32m")) return new p2tr(psbt, masterFp);
+  if (arg.additionals.includes("bech32")) return new p2wpkh(psbt, masterFp);
+  if (arg.segwit) return new p2wpkhWrapped(psbt, masterFp);
+  return new p2pkh(psbt, masterFp);
 }