@ledgerhq/hw-app-btc 6.11.0 → 6.12.1

package/src/newops/accounttype.ts

@@ -0,0 +1,373 @@
+import { crypto } from "bitcoinjs-lib";
+import { pointAddScalar } from "tiny-secp256k1";
+import { BufferWriter } from "../buffertools";
+import {
+  HASH_SIZE,
+  OP_CHECKSIG,
+  OP_DUP,
+  OP_EQUAL,
+  OP_EQUALVERIFY,
+  OP_HASH160,
+} from "../constants";
+import { hashPublicKey } from "../hashPublicKey";
+import { DefaultDescriptorTemplate } from "./policy";
+import { PsbtV2 } from "./psbtv2";
+
+export type SpendingCondition = {
+  scriptPubKey: Buffer;
+  redeemScript?: Buffer;
+  // Possible future extension:
+  // witnessScript?: Buffer; // For p2wsh witnessScript
+  // tapScript?: {tapPath: Buffer[], script: Buffer} // For taproot
+};
+
+export type SpentOutput = { cond: SpendingCondition; amount: Buffer };
+
+/**
+ * Encapsulates differences between account types, for example p2wpkh,
+ * p2wpkhWrapped, p2tr.
+ */
+export interface AccountType {
+  /**
+   * Generates a scriptPubKey (output script) from a list of public keys. If a
+   * p2sh redeemScript or a p2wsh witnessScript is needed it will also be set on
+   * the returned SpendingCondition.
+   *
+   * The pubkeys are expected to be 33 byte ecdsa compressed pubkeys.
+   */
+  spendingCondition(pubkeys: Buffer[]): SpendingCondition;
+
+  /**
+   * Populates the psbt with account type-specific data for an input.
+   * @param i The index of the input map to populate
+   * @param inputTx The full transaction containing the spent output. This may
+   * be omitted for taproot.
+   * @param spentOutput The amount and spending condition of the spent output
+   * @param pubkeys The 33 byte ecdsa compressed public keys involved in the input
+   * @param pathElems The paths corresponding to the pubkeys, in same order.
+   */
+  setInput(
+    i: number,
+    inputTx: Buffer | undefined,
+    spentOutput: SpentOutput,
+    pubkeys: Buffer[],
+    pathElems: number[][]
+  ): void;
+
+  /**
+   * Populates the psbt with account type-specific data for an output. This is typically
+   * done for change outputs and other outputs that goes to the same account as
+   * being spent from.
+   * @param i The index of the output map to populate
+   * @param cond The spending condition for this output
+   * @param pubkeys The 33 byte ecdsa compressed public keys involved in this output
+   * @param paths The paths corresponding to the pubkeys, in same order.
+   */
+  setOwnOutput(
+    i: number,
+    cond: SpendingCondition,
+    pubkeys: Buffer[],
+    paths: number[][]
+  ): void;
+
+  /**
+   * Returns the descriptor template for this account type. Currently only
+   * DefaultDescriptorTemplates are allowed, but that might be changed in the
+   * future. See class WalletPolicy for more information on descriptor
+   * templates.
+   */
+  getDescriptorTemplate(): DefaultDescriptorTemplate;
+}
+
+// eslint-disable-next-line @typescript-eslint/no-empty-interface
+interface BaseAccount extends AccountType {}
+
+abstract class BaseAccount implements AccountType {
+  constructor(protected psbt: PsbtV2, protected masterFp: Buffer) {}
+}
+
+/**
+ * Superclass for single signature accounts. This will make sure that the pubkey
+ * arrays and path arrays in the method arguments contains exactly one element
+ * and calls an abstract method to do the actual work.
+ */
+abstract class SingleKeyAccount extends BaseAccount {
+  spendingCondition(pubkeys: Buffer[]): SpendingCondition {
+    if (pubkeys.length != 1) {
+      throw new Error("Expected single key, got " + pubkeys.length);
+    }
+    return this.singleKeyCondition(pubkeys[0]);
+  }
+  protected abstract singleKeyCondition(pubkey: Buffer): SpendingCondition;
+
+  setInput(
+    i: number,
+    inputTx: Buffer | undefined,
+    spentOutput: SpentOutput,
+    pubkeys: Buffer[],
+    pathElems: number[][]
+  ) {
+    if (pubkeys.length != 1) {
+      throw new Error("Expected single key, got " + pubkeys.length);
+    }
+    if (pathElems.length != 1) {
+      throw new Error("Expected single path, got " + pathElems.length);
+    }
+    this.setSingleKeyInput(i, inputTx, spentOutput, pubkeys[0], pathElems[0]);
+  }
+  protected abstract setSingleKeyInput(
+    i: number,
+    inputTx: Buffer | undefined,
+    spentOutput: SpentOutput,
+    pubkey: Buffer,
+    path: number[]
+  );
+
+  setOwnOutput(
+    i: number,
+    cond: SpendingCondition,
+    pubkeys: Buffer[],
+    paths: number[][]
+  ) {
+    if (pubkeys.length != 1) {
+      throw new Error("Expected single key, got " + pubkeys.length);
+    }
+    if (paths.length != 1) {
+      throw new Error("Expected single path, got " + paths.length);
+    }
+    this.setSingleKeyOutput(i, cond, pubkeys[0], paths[0]);
+  }
+  protected abstract setSingleKeyOutput(
+    i: number,
+    cond: SpendingCondition,
+    pubkey: Buffer,
+    path: number[]
+  );
+}
+
+export class p2pkh extends SingleKeyAccount {
+  singleKeyCondition(pubkey: Buffer): SpendingCondition {
+    const buf = new BufferWriter();
+    const pubkeyHash = hashPublicKey(pubkey);
+    buf.writeSlice(Buffer.from([OP_DUP, OP_HASH160, HASH_SIZE]));
+    buf.writeSlice(pubkeyHash);
+    buf.writeSlice(Buffer.from([OP_EQUALVERIFY, OP_CHECKSIG]));
+    return { scriptPubKey: buf.buffer() };
+  }
+
+  setSingleKeyInput(
+    i: number,
+    inputTx: Buffer | undefined,
+    _spentOutput: SpentOutput,
+    pubkey: Buffer,
+    path: number[]
+  ) {
+    if (!inputTx) {
+      throw new Error("Full input base transaction required");
+    }
+    this.psbt.setInputNonWitnessUtxo(i, inputTx);
+    this.psbt.setInputBip32Derivation(i, pubkey, this.masterFp, path);
+  }
+
+  setSingleKeyOutput(
+    i: number,
+    cond: SpendingCondition,
+    pubkey: Buffer,
+    path: number[]
+  ) {
+    this.psbt.setOutputBip32Derivation(i, pubkey, this.masterFp, path);
+  }
+
+  getDescriptorTemplate(): DefaultDescriptorTemplate {
+    return "pkh(@0)";
+  }
+}
+
+export class p2tr extends SingleKeyAccount {
+  singleKeyCondition(pubkey: Buffer): SpendingCondition {
+    const xonlyPubkey = pubkey.slice(1); // x-only pubkey
+    const buf = new BufferWriter();
+    const outputKey = this.getTaprootOutputKey(xonlyPubkey);
+    buf.writeSlice(Buffer.from([0x51, 32])); // push1, pubkeylen
+    buf.writeSlice(outputKey);
+    return { scriptPubKey: buf.buffer() };
+  }
+
+  setSingleKeyInput(
+    i: number,
+    _inputTx: Buffer | undefined,
+    spentOutput: SpentOutput,
+    pubkey: Buffer,
+    path: number[]
+  ) {
+    const xonly = pubkey.slice(1);
+    this.psbt.setInputTapBip32Derivation(i, xonly, [], this.masterFp, path);
+    this.psbt.setInputWitnessUtxo(
+      i,
+      spentOutput.amount,
+      spentOutput.cond.scriptPubKey
+    );
+  }
+
+  setSingleKeyOutput(
+    i: number,
+    cond: SpendingCondition,
+    pubkey: Buffer,
+    path: number[]
+  ) {
+    const xonly = pubkey.slice(1);
+    this.psbt.setOutputTapBip32Derivation(i, xonly, [], this.masterFp, path);
+  }
+
+  getDescriptorTemplate(): DefaultDescriptorTemplate {
+    return "tr(@0)";
+  }
+
+  /*
+  The following two functions are copied from wallet-btc and adapted.
+  They should be moved to a library to avoid code reuse.
+  */
+  private hashTapTweak(x: Buffer): Buffer {
+    // hash_tag(x) = SHA256(SHA256(tag) || SHA256(tag) || x), see BIP340
+    // See https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki#specification
+    const h = crypto.sha256(Buffer.from("TapTweak", "utf-8"));
+    return crypto.sha256(Buffer.concat([h, h, x]));
+  }
+
+  /**
+   * Calculates a taproot output key from an internal key. This output key will be
+   * used as witness program in a taproot output. The internal key is tweaked
+   * according to recommendation in BIP341:
+   * https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki#cite_ref-22-0
+   *
+   * @param internalPubkey A 32 byte x-only taproot internal key
+   * @returns The output key
+   */
+  getTaprootOutputKey(internalPubkey: Buffer): Buffer {
+    if (internalPubkey.length != 32) {
+      throw new Error("Expected 32 byte pubkey. Got " + internalPubkey.length);
+    }
+    // A BIP32 derived key can be converted to a schnorr pubkey by dropping
+    // the first byte, which represent the oddness/evenness. In schnorr all
+    // pubkeys are even.
+    // https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki#public-key-conversion
+    const evenEcdsaPubkey = Buffer.concat([
+      Buffer.from([0x02]),
+      internalPubkey,
+    ]);
+    const tweak = this.hashTapTweak(internalPubkey);
+
+    // Q = P + int(hash_TapTweak(bytes(P)))G
+    const outputEcdsaKey = Buffer.from(pointAddScalar(evenEcdsaPubkey, tweak));
+    // Convert to schnorr.
+    const outputSchnorrKey = outputEcdsaKey.slice(1);
+    // Create address
+    return outputSchnorrKey;
+  }
+}
+
+export class p2wpkhWrapped extends SingleKeyAccount {
+  singleKeyCondition(pubkey: Buffer): SpendingCondition {
+    const buf = new BufferWriter();
+    const redeemScript = this.createRedeemScript(pubkey);
+    const scriptHash = hashPublicKey(redeemScript);
+    buf.writeSlice(Buffer.from([OP_HASH160, HASH_SIZE]));
+    buf.writeSlice(scriptHash);
+    buf.writeUInt8(OP_EQUAL);
+    return { scriptPubKey: buf.buffer(), redeemScript: redeemScript };
+  }
+
+  setSingleKeyInput(
+    i: number,
+    inputTx: Buffer | undefined,
+    spentOutput: SpentOutput,
+    pubkey: Buffer,
+    path: number[]
+  ) {
+    if (!inputTx) {
+      throw new Error("Full input base transaction required");
+    }
+    this.psbt.setInputNonWitnessUtxo(i, inputTx);
+    this.psbt.setInputBip32Derivation(i, pubkey, this.masterFp, path);
+
+    const userSuppliedRedeemScript = spentOutput.cond.redeemScript;
+    const expectedRedeemScript = this.createRedeemScript(pubkey);
+    if (
+      userSuppliedRedeemScript &&
+      !expectedRedeemScript.equals(userSuppliedRedeemScript)
+    ) {
+      // At what point might a user set the redeemScript on its own?
+      throw new Error(`User-supplied redeemScript ${userSuppliedRedeemScript.toString(
+        "hex"
+      )} doesn't
+       match expected ${expectedRedeemScript.toString("hex")} for input ${i}`);
+    }
+    this.psbt.setInputRedeemScript(i, expectedRedeemScript);
+    this.psbt.setInputWitnessUtxo(
+      i,
+      spentOutput.amount,
+      spentOutput.cond.scriptPubKey
+    );
+  }
+
+  setSingleKeyOutput(
+    i: number,
+    cond: SpendingCondition,
+    pubkey: Buffer,
+    path: number[]
+  ) {
+    this.psbt.setOutputRedeemScript(i, cond.redeemScript!);
+    this.psbt.setOutputBip32Derivation(i, pubkey, this.masterFp, path);
+  }
+
+  getDescriptorTemplate(): DefaultDescriptorTemplate {
+    return "sh(wpkh(@0))";
+  }
+
+  private createRedeemScript(pubkey: Buffer): Buffer {
+    const pubkeyHash = hashPublicKey(pubkey);
+    return Buffer.concat([Buffer.from("0014", "hex"), pubkeyHash]);
+  }
+}
+
+export class p2wpkh extends SingleKeyAccount {
+  singleKeyCondition(pubkey: Buffer): SpendingCondition {
+    const buf = new BufferWriter();
+    const pubkeyHash = hashPublicKey(pubkey);
+    buf.writeSlice(Buffer.from([0, HASH_SIZE]));
+    buf.writeSlice(pubkeyHash);
+    return { scriptPubKey: buf.buffer() };
+  }
+
+  setSingleKeyInput(
+    i: number,
+    inputTx: Buffer | undefined,
+    spentOutput: SpentOutput,
+    pubkey: Buffer,
+    path: number[]
+  ) {
+    if (!inputTx) {
+      throw new Error("Full input base transaction required");
+    }
+    this.psbt.setInputNonWitnessUtxo(i, inputTx);
+    this.psbt.setInputBip32Derivation(i, pubkey, this.masterFp, path);
+    this.psbt.setInputWitnessUtxo(
+      i,
+      spentOutput.amount,
+      spentOutput.cond.scriptPubKey
+    );
+  }
+
+  setSingleKeyOutput(
+    i: number,
+    cond: SpendingCondition,
+    pubkey: Buffer,
+    path: number[]
+  ) {
+    this.psbt.setOutputBip32Derivation(i, pubkey, this.masterFp, path);
+  }
+
+  getDescriptorTemplate(): DefaultDescriptorTemplate {
+    return "wpkh(@0)";
+  }
+}

package/src/newops/appClient.ts

@@ -73,7 +73,7 @@ export class AppClient {
     const response = await this.makeRequest(
       BitcoinIns.GET_PUBKEY,
       Buffer.concat([
-        Buffer.of(display ? 1 : 0),
+        Buffer.from(display ? [1] : [0]),
         pathElementsToBuffer(pathElements),
       ])
     );
@@ -96,7 +96,7 @@ export class AppClient {
       throw new Error("Invalid HMAC length");
     }
 
-    const clientInterpreter = new ClientCommandInterpreter();
+    const clientInterpreter = new ClientCommandInterpreter(() => {});
     clientInterpreter.addKnownList(
       walletPolicy.keys.map((k) => Buffer.from(k, "ascii"))
     );
@@ -108,10 +108,10 @@ export class AppClient {
     const response = await this.makeRequest(
       BitcoinIns.GET_WALLET_ADDRESS,
       Buffer.concat([
-        Buffer.of(display ? 1 : 0),
+        Buffer.from(display ? [1] : [0]),
         walletPolicy.getWalletId(),
         walletHMAC || Buffer.alloc(32, 0),
-        Buffer.of(change),
+        Buffer.from([change]),
         addressIndexBuffer,
       ]),
       clientInterpreter
@@ -123,7 +123,8 @@ export class AppClient {
   async signPsbt(
     psbt: PsbtV2,
     walletPolicy: WalletPolicy,
-    walletHMAC: Buffer | null
+    walletHMAC: Buffer | null,
+    progressCallback: () => void
   ): Promise<Map<number, Buffer>> {
     const merkelizedPsbt = new MerkelizedPsbt(psbt);
 
@@ -131,7 +132,7 @@ export class AppClient {
       throw new Error("Invalid HMAC length");
     }
 
-    const clientInterpreter = new ClientCommandInterpreter();
+    const clientInterpreter = new ClientCommandInterpreter(progressCallback);
 
     // prepare ClientCommandInterpreter
     clientInterpreter.addKnownList(
@@ -180,6 +181,6 @@ export class AppClient {
   }
 
   async getMasterFingerprint(): Promise<Buffer> {
-    return this.makeRequest(BitcoinIns.GET_MASTER_FINGERPRINT, Buffer.of());
+    return this.makeRequest(BitcoinIns.GET_MASTER_FINGERPRINT, Buffer.from([]));
   }
 }

package/src/newops/clientCommands.ts

@@ -1,4 +1,5 @@
 import { crypto } from "bitcoinjs-lib";
+import { BufferReader } from "../buffertools";
 import { createVarint } from "../varint";
 import { hashLeaf, Merkle } from "./merkle";
 import { MerkleMap } from "./merkleMap";
@@ -21,13 +22,14 @@ export class YieldCommand extends ClientCommand {
 
   code = ClientCommandCode.YIELD;
 
-  constructor(results: Buffer[]) {
+  constructor(results: Buffer[], private progressCallback: () => void) {
     super();
     this.results = results;
   }
 
   execute(request: Buffer): Buffer {
     this.results.push(Buffer.from(request.subarray(1)));
+    this.progressCallback();
     return Buffer.from("");
   }
 }
@@ -105,19 +107,24 @@ export class GetMerkleLeafProofCommand extends ClientCommand {
   execute(request: Buffer): Buffer {
     const req = request.subarray(1);
 
-    if (req.length != 32 + 4 + 4) {
-      throw new Error("Invalid request, unexpected trailing data");
+    if (req.length < 32 + 1 + 1) {
+      throw new Error("Invalid request, expected at least 34 bytes");
     }
 
-    // read the hash
-    const hash = Buffer.alloc(32);
-    for (let i = 0; i < 32; i++) {
-      hash[i] = req.readUInt8(i);
-    }
+    const reqBuf = new BufferReader(req);
+    const hash = reqBuf.readSlice(32);
     const hash_hex = hash.toString("hex");
 
-    const tree_size = req.readUInt32BE(32);
-    const leaf_index = req.readUInt32BE(32 + 4);
+    let tree_size;
+    let leaf_index;
+    try {
+      tree_size = reqBuf.readVarInt();
+      leaf_index = reqBuf.readVarInt();
+    } catch (e: any) {
+      throw new Error(
+        "Invalid request, couldn't parse tree_size or leaf_index"
+      );
+    }
 
     const mt = this.known_trees.get(hash_hex);
     if (!mt) {
@@ -272,9 +279,9 @@ export class ClientCommandInterpreter {
 
   private commands: Map<ClientCommandCode, ClientCommand> = new Map();
 
-  constructor() {
+  constructor(progressCallback: () => void) {
     const commands = [
-      new YieldCommand(this.yielded),
+      new YieldCommand(this.yielded, progressCallback),
       new GetPreimageCommand(this.preimages, this.queue),
       new GetMerkleLeafIndexCommand(this.roots),
       new GetMerkleLeafProofCommand(this.roots, this.queue),

package/src/newops/merkle.ts

@@ -62,7 +62,7 @@ export class Merkle {
   }
 
   hashNode(left: Buffer, right: Buffer): Buffer {
-    return this.h(Buffer.concat([Buffer.of(1), left, right]));
+    return this.h(Buffer.concat([Buffer.from([1]), left, right]));
   }
 }
 
@@ -70,7 +70,7 @@ export function hashLeaf(
   buf: Buffer,
   hashFunction: (buf: Buffer) => Buffer = crypto.sha256
 ): Buffer {
-  return hashConcat(Buffer.of(0), buf, hashFunction);
+  return hashConcat(Buffer.from([0]), buf, hashFunction);
 }
 
 function hashConcat(

package/src/newops/psbtExtractor.ts

@@ -13,7 +13,7 @@ export function extract(psbt: PsbtV2): Buffer {
 
   const isSegwit = !!psbt.getInputWitnessUtxo(0);
   if (isSegwit) {
-    tx.writeSlice(Buffer.of(0, 1));
+    tx.writeSlice(Buffer.from([0, 1]));
   }
   const inputCount = psbt.getGlobalInputCount();
   tx.writeVarInt(inputCount);
@@ -21,7 +21,7 @@ export function extract(psbt: PsbtV2): Buffer {
   for (let i = 0; i < inputCount; i++) {
     tx.writeSlice(psbt.getInputPreviousTxid(i));
     tx.writeUInt32(psbt.getInputOutputIndex(i));
-    tx.writeVarSlice(psbt.getInputFinalScriptsig(i) ?? Buffer.of());
+    tx.writeVarSlice(psbt.getInputFinalScriptsig(i) ?? Buffer.from([]));
     tx.writeUInt32(psbt.getInputSequence(i));
     if (isSegwit) {
       witnessWriter.writeSlice(psbt.getInputFinalScriptwitness(i));

package/src/newops/psbtv2.ts

@@ -14,6 +14,7 @@ export enum psbtIn {
   NON_WITNESS_UTXO = 0x00,
   WITNESS_UTXO = 0x01,
   PARTIAL_SIG = 0x02,
+  SIGHASH_TYPE = 0x03,
   REDEEM_SCRIPT = 0x04,
   BIP32_DERIVATION = 0x06,
   FINAL_SCRIPTSIG = 0x07,
@@ -32,7 +33,7 @@ export enum psbtOut {
   TAP_BIP32_DERIVATION = 0x07,
 }
 
-const PSBT_MAGIC_BYTES = Buffer.of(0x70, 0x73, 0x62, 0x74, 0xff);
+const PSBT_MAGIC_BYTES = Buffer.from([0x70, 0x73, 0x62, 0x74, 0xff]);
 
 export class NoSuchEntry extends Error {}
 
@@ -128,6 +129,14 @@ export class PsbtV2 {
   getInputPartialSig(inputIndex: number, pubkey: Buffer): Buffer | undefined {
     return this.getInputOptional(inputIndex, psbtIn.PARTIAL_SIG, pubkey);
   }
+  setInputSighashType(inputIndex: number, sigHashtype: number) {
+    this.setInput(inputIndex, psbtIn.SIGHASH_TYPE, b(), uint32LE(sigHashtype));
+  }
+  getInputSighashType(inputIndex: number): number | undefined {
+    const result = this.getInputOptional(inputIndex, psbtIn.SIGHASH_TYPE, b());
+    if (!result) return undefined;
+    return result.readUInt32LE(0);
+  }
   setInputRedeemScript(inputIndex: number, redeemScript: Buffer) {
     this.setInput(inputIndex, psbtIn.REDEEM_SCRIPT, b(), redeemScript);
   }
@@ -312,7 +321,7 @@ export class PsbtV2 {
   }
   serialize(): Buffer {
     const buf = new BufferWriter();
-    buf.writeSlice(Buffer.of(0x70, 0x73, 0x62, 0x74, 0xff));
+    buf.writeSlice(Buffer.from([0x70, 0x73, 0x62, 0x74, 0xff]));
     serializeMap(buf, this.globalMap);
     this.inputMaps.forEach((map) => {
       serializeMap(buf, map);
@@ -362,7 +371,7 @@ export class PsbtV2 {
     return keyTypes.some((k) => k == keyType);
   }
   private setGlobal(keyType: KeyType, value: Buffer) {
-    const key = new Key(keyType, Buffer.of());
+    const key = new Key(keyType, Buffer.from([]));
     this.globalMap.set(key.toString(), value);
   }
   private getGlobal(keyType: KeyType): Buffer {
@@ -532,7 +541,7 @@ function serializeMap(buf: BufferWriter, map: Map<string, Buffer>) {
 }
 
 function b(): Buffer {
-  return Buffer.of();
+  return Buffer.from([]);
 }
 function set(
   map: Map<string, Buffer>,