@ledgerhq/hw-app-btc 6.2.0 → 6.9.1-6.9.1-taproot.0.0

package/src/buffertools.ts

@@ -0,0 +1,102 @@
+import varuint from "varuint-bitcoin";
+
+export class BufferWriter {
+  private bufs: Buffer[] = [];
+
+  write(alloc: number, fn: (b: Buffer) => void): void {
+    const b = Buffer.alloc(alloc);
+    fn(b);
+    this.bufs.push(b);
+  }
+
+  writeUInt8(i: number): void {
+    this.write(1, (b) => b.writeUInt8(i, 0));
+  }
+
+  writeInt32(i: number): void {
+    this.write(4, (b) => b.writeInt32LE(i, 0));
+  }
+
+  writeUInt32(i: number): void {
+    this.write(4, (b) => b.writeUInt32LE(i, 0));
+  }
+
+  writeUInt64(i: bigint): void {
+    this.write(8, (b) => b.writeBigUInt64LE(i, 0));
+  }
+
+  writeVarInt(i: number): void {
+    this.bufs.push(varuint.encode(i));
+  }
+
+  writeSlice(slice: Buffer): void {
+    this.bufs.push(Buffer.from(slice));
+  }
+
+  writeVarSlice(slice: Buffer): void {
+    this.writeVarInt(slice.length);
+    this.writeSlice(slice);
+  }
+
+  buffer(): Buffer {
+    return Buffer.concat(this.bufs);
+  }
+}
+
+export class BufferReader {
+  constructor(public buffer: Buffer, public offset: number = 0) {}
+
+  available(): number {
+    return this.buffer.length - this.offset;
+  }
+
+  readUInt8(): number {
+    const result = this.buffer.readUInt8(this.offset);
+    this.offset++;
+    return result;
+  }
+
+  readInt32(): number {
+    const result = this.buffer.readInt32LE(this.offset);
+    this.offset += 4;
+    return result;
+  }
+
+  readUInt32(): number {
+    const result = this.buffer.readUInt32LE(this.offset);
+    this.offset += 4;
+    return result;
+  }
+
+  readUInt64(): bigint {
+    const result = this.buffer.readBigUInt64LE(this.offset);
+    this.offset += 8;
+    return result;
+  }
+
+  readVarInt(): number {
+    const vi = varuint.decode(this.buffer, this.offset);
+    this.offset += varuint.decode.bytes;
+    return vi;
+  }
+
+  readSlice(n: number): Buffer {
+    if (this.buffer.length < this.offset + n) {
+      throw new Error("Cannot read slice out of bounds");
+    }
+    const result = this.buffer.slice(this.offset, this.offset + n);
+    this.offset += n;
+    return result;
+  }
+
+  readVarSlice(): Buffer {
+    return this.readSlice(this.readVarInt());
+  }
+
+  readVector(): Buffer[] {
+    const count = this.readVarInt();
+    const vector: Buffer[] = [];
+    for (let i = 0; i < count; i++) vector.push(this.readVarSlice());
+    return vector;
+  }
+}

package/src/createTransaction.ts

@@ -62,7 +62,7 @@ export type CreateTransactionArg = {
 export async function createTransaction(
   transport: Transport,
   arg: CreateTransactionArg
-) {
+): Promise<string> {
   const signTx = { ...defaultsSignTransaction, ...arg };
   const {
     inputs,
@@ -85,7 +85,7 @@ export async function createTransaction(
     try {
       const a = await getAppAndVersion(transport);
       useTrustedInputForSegwit = shouldUseTrustedInputForSegwit(a);
-    } catch (e) {
+    } catch (e: any) {
       if (e.statusCode === 0x6d00) {
         useTrustedInputForSegwit = false;
       } else {

package/src/getWalletPublicKey.ts

@@ -4,7 +4,12 @@ import { bip32asBuffer } from "./bip32";
 /**
  * address format is one of legacy | p2sh | bech32 | cashaddr
  */
-export type AddressFormat = "legacy" | "p2sh" | "bech32" | "cashaddr";
+export type AddressFormat =
+  | "legacy"
+  | "p2sh"
+  | "bech32"
+  | "bech32m"
+  | "cashaddr";
 const addressFormatMap = {
   legacy: 0,
   p2sh: 1,

package/src/hashPublicKey.ts

@@ -1,5 +1,5 @@
 import RIPEMD160 from "ripemd160";
 import sha from "sha.js";
-export function hashPublicKey(buffer: Buffer): any {
+export function hashPublicKey(buffer: Buffer): Buffer {
   return new RIPEMD160().update(sha("sha256").update(buffer).digest()).digest();
 }

package/src/index.ts

@@ -0,0 +1,2 @@
+import Btc from "./Btc";
+export default Btc;

package/src/newops/appClient.ts

@@ -0,0 +1,178 @@
+import Transport from "@ledgerhq/hw-transport";
+import { pathElementsToBuffer } from "../bip32";
+import { PsbtV2 } from "./psbtv2";
+import { MerkelizedPsbt } from "./merkelizedPsbt";
+import { ClientCommandInterpreter } from "./clientCommands";
+import { WalletPolicy } from "./policy";
+import { createVarint } from "../varint";
+import { hashLeaf, Merkle } from "./merkle";
+
+const CLA_BTC = 0xe1;
+const CLA_FRAMEWORK = 0xf8;
+
+enum BitcoinIns {
+  GET_PUBKEY = 0x00,
+  // GET_ADDRESS = 0x01,
+  REGISTER_WALLET = 0x02,
+  GET_WALLET_ADDRESS = 0x03,
+  SIGN_PSBT = 0x04,
+  GET_MASTER_FINGERPRINT = 0x05,
+}
+
+enum FrameworkIns {
+  CONTINUE_INTERRUPTED = 0x01,
+}
+
+export class AppClient {
+  transport: Transport;
+
+  constructor(transport: Transport) {
+    this.transport = transport;
+  }
+
+  private async makeRequest(
+    ins: BitcoinIns,
+    data: Buffer,
+    cci?: ClientCommandInterpreter
+  ): Promise<Buffer> {
+    let response: Buffer = await this.transport.send(CLA_BTC, ins, 0, 0, data, [
+      0x9000,
+      0xe000,
+    ]);
+    while (response.readUInt16BE(response.length - 2) === 0xe000) {
+      if (!cci) {
+        throw new Error("Unexpected SW_INTERRUPTED_EXECUTION");
+      }
+
+      const hwRequest = response.slice(0, -2);
+      const commandResponse = cci.execute(hwRequest);
+
+      response = await this.transport.send(
+        CLA_FRAMEWORK,
+        FrameworkIns.CONTINUE_INTERRUPTED,
+        0,
+        0,
+        commandResponse,
+        [0x9000, 0xe000]
+      );
+    }
+    return response.slice(0, -2); // drop the status word (can only be 0x9000 at this point)
+  }
+
+  async getPubkey(display: boolean, pathElements: number[]): Promise<string> {
+    if (pathElements.length > 6) {
+      throw new Error("Path too long. At most 6 levels allowed.");
+    }
+    const response = await this.makeRequest(
+      BitcoinIns.GET_PUBKEY,
+      Buffer.concat([
+        Buffer.of(display ? 1 : 0),
+        pathElementsToBuffer(pathElements),
+      ])
+    );
+    return response.toString("ascii");
+  }
+
+  async getWalletAddress(
+    walletPolicy: WalletPolicy,
+    walletHMAC: Buffer | null,
+    change: number,
+    addressIndex: number,
+    display: boolean
+  ): Promise<string> {
+    if (change !== 0 && change !== 1)
+      throw new Error("Change can only be 0 or 1");
+    if (addressIndex < 0 || !Number.isInteger(addressIndex))
+      throw new Error("Invalid address index");
+
+    if (walletHMAC != null && walletHMAC.length != 32) {
+      throw new Error("Invalid HMAC length");
+    }
+
+    const clientInterpreter = new ClientCommandInterpreter();
+    clientInterpreter.addKnownList(
+      walletPolicy.keys.map((k) => Buffer.from(k, "ascii"))
+    );
+    clientInterpreter.addKnownPreimage(walletPolicy.serialize());
+
+    const addressIndexBuffer = Buffer.alloc(4);
+    addressIndexBuffer.writeUInt32BE(addressIndex, 0);
+
+    const response = await this.makeRequest(
+      BitcoinIns.GET_WALLET_ADDRESS,
+      Buffer.concat([
+        Buffer.of(display ? 1 : 0),
+        walletPolicy.getWalletId(),
+        walletHMAC || Buffer.alloc(32, 0),
+        Buffer.of(change),
+        addressIndexBuffer,
+      ]),
+      clientInterpreter
+    );
+
+    return response.toString("ascii");
+  }
+
+  async signPsbt(
+    psbt: PsbtV2,
+    walletPolicy: WalletPolicy,
+    walletHMAC: Buffer | null
+  ): Promise<Map<number, Buffer>> {
+    const merkelizedPsbt = new MerkelizedPsbt(psbt);
+
+    if (walletHMAC != null && walletHMAC.length != 32) {
+      throw new Error("Invalid HMAC length");
+    }
+
+    const clientInterpreter = new ClientCommandInterpreter();
+
+    // prepare ClientCommandInterpreter
+    clientInterpreter.addKnownList(
+      walletPolicy.keys.map((k) => Buffer.from(k, "ascii"))
+    );
+    clientInterpreter.addKnownPreimage(walletPolicy.serialize());
+
+    clientInterpreter.addKnownMapping(merkelizedPsbt.globalMerkleMap);
+    for (const map of merkelizedPsbt.inputMerkleMaps) {
+      clientInterpreter.addKnownMapping(map);
+    }
+    for (const map of merkelizedPsbt.outputMerkleMaps) {
+      clientInterpreter.addKnownMapping(map);
+    }
+
+    clientInterpreter.addKnownList(merkelizedPsbt.inputMapCommitments);
+    const inputMapsRoot = new Merkle(
+      merkelizedPsbt.inputMapCommitments.map((m) => hashLeaf(m))
+    ).getRoot();
+    clientInterpreter.addKnownList(merkelizedPsbt.outputMapCommitments);
+    const outputMapsRoot = new Merkle(
+      merkelizedPsbt.outputMapCommitments.map((m) => hashLeaf(m))
+    ).getRoot();
+
+    await this.makeRequest(
+      BitcoinIns.SIGN_PSBT,
+      Buffer.concat([
+        merkelizedPsbt.getGlobalKeysValuesRoot(),
+        createVarint(merkelizedPsbt.getGlobalInputCount()),
+        inputMapsRoot,
+        createVarint(merkelizedPsbt.getGlobalOutputCount()),
+        outputMapsRoot,
+        walletPolicy.getWalletId(),
+        walletHMAC || Buffer.alloc(32, 0),
+      ]),
+      clientInterpreter
+    );
+
+    const yielded = clientInterpreter.getYielded();
+
+    const ret: Map<number, Buffer> = new Map();
+    for (const inputAndSig of yielded) {
+      ret[inputAndSig[0]] = inputAndSig.slice(1);
+    }
+    return ret;
+  }
+
+  async getMasterFingerprint(): Promise<Buffer> {
+    return this.makeRequest(BitcoinIns.GET_MASTER_FINGERPRINT, Buffer.of());
+  }
+}

package/src/newops/clientCommands.ts

@@ -0,0 +1,312 @@
+import { crypto } from "bitcoinjs-lib";
+import { createVarint } from "../varint";
+import { hashLeaf, Merkle } from "./merkle";
+import { MerkleMap } from "./merkleMap";
+
+enum ClientCommandCode {
+  YIELD = 0x10,
+  GET_PREIMAGE = 0x40,
+  GET_MERKLE_LEAF_PROOF = 0x41,
+  GET_MERKLE_LEAF_INDEX = 0x42,
+  GET_MORE_ELEMENTS = 0xa0,
+}
+
+abstract class ClientCommand {
+  abstract code: ClientCommandCode;
+  abstract execute(request: Buffer): Buffer;
+}
+
+export class YieldCommand extends ClientCommand {
+  private results: Buffer[];
+
+  code = ClientCommandCode.YIELD;
+
+  constructor(results: Buffer[]) {
+    super();
+    this.results = results;
+  }
+
+  execute(request: Buffer): Buffer {
+    this.results.push(Buffer.from(request.subarray(1)));
+    return Buffer.from("");
+  }
+}
+
+export class GetPreimageCommand extends ClientCommand {
+  private known_preimages: Map<string, Buffer>;
+  private queue: Buffer[];
+
+  code = ClientCommandCode.GET_PREIMAGE;
+
+  constructor(known_preimages: Map<string, Buffer>, queue: Buffer[]) {
+    super();
+    this.known_preimages = known_preimages;
+    this.queue = queue;
+  }
+
+  execute(request: Buffer): Buffer {
+    const req = request.subarray(1);
+
+    // we expect no more data to read
+    if (req.length != 1 + 32) {
+      throw new Error("Invalid request, unexpected trailing data");
+    }
+
+    if (req[0] != 0) {
+      throw new Error("Unsupported request, the first byte should be 0");
+    }
+
+    // read the hash
+    const hash = Buffer.alloc(32);
+    for (let i = 0; i < 32; i++) {
+      hash[i] = req[1 + i];
+    }
+    const req_hash_hex = hash.toString("hex");
+
+    const known_preimage = this.known_preimages.get(req_hash_hex);
+    if (known_preimage != undefined) {
+      const preimage_len_varint = createVarint(known_preimage.length);
+
+      // We can send at most 255 - len(preimage_len_out) - 1 bytes in a single message;
+      // the rest will be stored in the queue for GET_MORE_ELEMENTS
+      const max_payload_size = 255 - preimage_len_varint.length - 1;
+
+      const payload_size = Math.min(max_payload_size, known_preimage.length);
+
+      if (payload_size < known_preimage.length) {
+        for (let i = payload_size; i < known_preimage.length; i++) {
+          this.queue.push(Buffer.from([known_preimage[i]]));
+        }
+      }
+
+      return Buffer.concat([
+        preimage_len_varint,
+        Buffer.from([payload_size]),
+        known_preimage.subarray(0, payload_size),
+      ]);
+    }
+
+    throw Error(`Requested unknown preimage for: ${req_hash_hex}`);
+  }
+}
+
+export class GetMerkleLeafProofCommand extends ClientCommand {
+  private known_trees: Map<string, Merkle>;
+  private queue: Buffer[];
+
+  code = ClientCommandCode.GET_MERKLE_LEAF_PROOF;
+
+  constructor(known_trees: Map<string, Merkle>, queue: Buffer[]) {
+    super();
+    this.known_trees = known_trees;
+    this.queue = queue;
+  }
+
+  execute(request: Buffer): Buffer {
+    const req = request.subarray(1);
+
+    if (req.length != 32 + 4 + 4) {
+      throw new Error("Invalid request, unexpected trailing data");
+    }
+
+    // read the hash
+    const hash = Buffer.alloc(32);
+    for (let i = 0; i < 32; i++) {
+      hash[i] = req.readUInt8(i);
+    }
+    const hash_hex = hash.toString("hex");
+
+    const tree_size = req.readUInt32BE(32);
+    const leaf_index = req.readUInt32BE(32 + 4);
+
+    const mt = this.known_trees.get(hash_hex);
+    if (!mt) {
+      throw Error(`Requested Merkle leaf proof for unknown tree: ${hash_hex}`);
+    }
+
+    if (leaf_index >= tree_size || mt.size() != tree_size) {
+      throw Error("Invalid index or tree size.");
+    }
+
+    if (this.queue.length != 0) {
+      throw Error(
+        "This command should not execute when the queue is not empty."
+      );
+    }
+
+    const proof = mt.getProof(leaf_index);
+
+    const n_response_elements = Math.min(
+      Math.floor((255 - 32 - 1 - 1) / 32),
+      proof.length
+    );
+    const n_leftover_elements = proof.length - n_response_elements;
+
+    // Add to the queue any proof elements that do not fit the response
+    if (n_leftover_elements > 0) {
+      this.queue.push(...proof.slice(-n_leftover_elements));
+    }
+
+    return Buffer.concat([
+      mt.getLeafHash(leaf_index),
+      Buffer.from([proof.length]),
+      Buffer.from([n_response_elements]),
+      ...proof.slice(0, n_response_elements),
+    ]);
+  }
+}
+
+export class GetMerkleLeafIndexCommand extends ClientCommand {
+  private known_trees: Map<string, Merkle>;
+
+  code = ClientCommandCode.GET_MERKLE_LEAF_INDEX;
+
+  constructor(known_trees: Map<string, Merkle>) {
+    super();
+    this.known_trees = known_trees;
+  }
+
+  execute(request: Buffer): Buffer {
+    const req = request.subarray(1);
+
+    if (req.length != 32 + 32) {
+      throw new Error("Invalid request, unexpected trailing data");
+    }
+
+    // read the root hash
+    const root_hash = Buffer.alloc(32);
+    for (let i = 0; i < 32; i++) {
+      root_hash[i] = req.readUInt8(i);
+    }
+    const root_hash_hex = root_hash.toString("hex");
+
+    // read the leaf hash
+    const leef_hash = Buffer.alloc(32);
+    for (let i = 0; i < 32; i++) {
+      leef_hash[i] = req.readUInt8(32 + i);
+    }
+    const leef_hash_hex = leef_hash.toString("hex");
+
+    const mt = this.known_trees.get(root_hash_hex);
+    if (!mt) {
+      throw Error(
+        `Requested Merkle leaf index for unknown root: ${root_hash_hex}`
+      );
+    }
+
+    let leaf_index = 0;
+    let found = 0;
+    for (let i = 0; i < mt.size(); i++) {
+      if (mt.getLeafHash(i).toString("hex") == leef_hash_hex) {
+        found = 1;
+        leaf_index = i;
+        break;
+      }
+    }
+    return Buffer.concat([Buffer.from([found]), createVarint(leaf_index)]);
+  }
+}
+
+export class GetMoreElementsCommand extends ClientCommand {
+  queue: Buffer[];
+
+  code = ClientCommandCode.GET_MORE_ELEMENTS;
+
+  constructor(queue: Buffer[]) {
+    super();
+    this.queue = queue;
+  }
+
+  execute(request: Buffer): Buffer {
+    if (request.length != 1) {
+      throw new Error("Invalid request, unexpected trailing data");
+    }
+
+    if (this.queue.length === 0) {
+      throw new Error("No elements to get");
+    }
+
+    // all elements should have the same length
+    const element_len = this.queue[0].length;
+    if (this.queue.some((el) => el.length != element_len)) {
+      throw new Error(
+        "The queue contains elements with different byte length, which is not expected"
+      );
+    }
+
+    const max_elements = Math.floor(253 / element_len);
+    const n_returned_elements = Math.min(max_elements, this.queue.length);
+
+    const returned_elements = this.queue.splice(0, n_returned_elements);
+
+    return Buffer.concat([
+      Buffer.from([n_returned_elements]),
+      Buffer.from([element_len]),
+      ...returned_elements,
+    ]);
+  }
+}
+
+export class ClientCommandInterpreter {
+  private roots: Map<string, Merkle> = new Map();
+  private preimages: Map<string, Buffer> = new Map();
+
+  private yielded: Buffer[] = [];
+
+  private queue: Buffer[] = [];
+
+  private commands: Map<ClientCommandCode, ClientCommand> = new Map();
+
+  constructor() {
+    const commands = [
+      new YieldCommand(this.yielded),
+      new GetPreimageCommand(this.preimages, this.queue),
+      new GetMerkleLeafIndexCommand(this.roots),
+      new GetMerkleLeafProofCommand(this.roots, this.queue),
+      new GetMoreElementsCommand(this.queue),
+    ];
+
+    for (const cmd of commands) {
+      if (this.commands.has(cmd.code)) {
+        throw new Error(`Multiple commands with code ${cmd.code}`);
+      }
+      this.commands.set(cmd.code, cmd);
+    }
+  }
+
+  getYielded(): Buffer[] {
+    return this.yielded;
+  }
+
+  addKnownPreimage(preimage: Buffer): void {
+    this.preimages.set(crypto.sha256(preimage).toString("hex"), preimage);
+  }
+
+  addKnownList(elements: Buffer[]): void {
+    for (const el of elements) {
+      const preimage = Buffer.concat([Buffer.from([0]), el]);
+      this.addKnownPreimage(preimage);
+    }
+    const mt = new Merkle(elements.map((el) => hashLeaf(el)));
+    this.roots.set(mt.getRoot().toString("hex"), mt);
+  }
+
+  addKnownMapping(mm: MerkleMap): void {
+    this.addKnownList(mm.keys);
+    this.addKnownList(mm.values);
+  }
+
+  execute(request: Buffer): Buffer {
+    if (request.length == 0) {
+      throw new Error("Unexpected empty command");
+    }
+
+    const cmdCode = request[0];
+    const cmd = this.commands.get(cmdCode);
+    if (!cmd) {
+      throw new Error(`Unexpected command code ${cmdCode}`);
+    }
+
+    return cmd.execute(request);
+  }
+}

package/src/newops/merkelizedPsbt.ts

@@ -0,0 +1,55 @@
+import { MerkleMap } from "./merkleMap";
+import { PsbtV2 } from "./psbtv2";
+
+export class MerkelizedPsbt extends PsbtV2 {
+  public globalMerkleMap: MerkleMap;
+  public inputMerkleMaps: MerkleMap[] = [];
+  public outputMerkleMaps: MerkleMap[] = [];
+  public inputMapCommitments: Buffer[];
+  public outputMapCommitments: Buffer[];
+  constructor(psbt: PsbtV2) {
+    super();
+    psbt.copy(this);
+    this.globalMerkleMap = MerkelizedPsbt.createMerkleMap(this.globalMap);
+
+    for (let i = 0; i < this.getGlobalInputCount(); i++) {
+      this.inputMerkleMaps.push(
+        MerkelizedPsbt.createMerkleMap(this.inputMaps[i])
+      );
+    }
+    this.inputMapCommitments = [...this.inputMerkleMaps.values()].map((v) =>
+      v.commitment()
+    );
+
+    for (let i = 0; i < this.getGlobalOutputCount(); i++) {
+      this.outputMerkleMaps.push(
+        MerkelizedPsbt.createMerkleMap(this.outputMaps[i])
+      );
+    }
+    this.outputMapCommitments = [...this.outputMerkleMaps.values()].map((v) =>
+      v.commitment()
+    );
+  }
+  // These public functions are for MerkelizedPsbt.
+  getGlobalSize(): number {
+    return this.globalMap.size;
+  }
+  getGlobalKeysValuesRoot(): Buffer {
+    return this.globalMerkleMap.commitment();
+  }
+
+  private static createMerkleMap(map: Map<string, Buffer>): MerkleMap {
+    const sortedKeysStrings = [...map.keys()].sort();
+    const values = sortedKeysStrings.map((k) => {
+      const v = map.get(k);
+      if (!v) {
+        throw new Error("No value for key " + k);
+      }
+      return v;
+    });
+    const sortedKeys = sortedKeysStrings.map((k) => Buffer.from(k, "hex"));
+
+    const merkleMap = new MerkleMap(sortedKeys, values);
+    return merkleMap;
+  }
+}