@ledgerhq/hw-app-btc 6.2.0 → 6.9.1-6.9.1-taproot.0.0

package/src/newops/merkle.ts

@@ -0,0 +1,123 @@
+import { crypto } from "bitcoinjs-lib";
+
+export class Merkle {
+  private leaves: Buffer[];
+  private rootNode: Node;
+  private leafNodes: Node[];
+  private h: (buf: Buffer) => Buffer;
+  constructor(
+    leaves: Buffer[],
+    hasher: (buf: Buffer) => Buffer = crypto.sha256
+  ) {
+    this.leaves = leaves;
+    this.h = hasher;
+    const nodes = this.calculateRoot(leaves);
+    this.rootNode = nodes.root;
+    this.leafNodes = nodes.leaves;
+  }
+  getRoot(): Buffer {
+    return this.rootNode.hash;
+  }
+  size(): number {
+    return this.leaves.length;
+  }
+  getLeaves(): Buffer[] {
+    return this.leaves;
+  }
+  getLeafHash(index: number): Buffer {
+    return this.leafNodes[index].hash;
+  }
+  getProof(index: number): Buffer[] {
+    if (index >= this.leaves.length) throw Error("Index out of bounds");
+    return proveNode(this.leafNodes[index]);
+  }
+
+  calculateRoot(leaves: Buffer[]): { root: Node; leaves: Node[] } {
+    const n = leaves.length;
+    if (n == 0) {
+      return {
+        root: new Node(undefined, undefined, Buffer.alloc(32, 0)),
+        leaves: [],
+      };
+    }
+    if (n == 1) {
+      const newNode = new Node(undefined, undefined, leaves[0]);
+      return { root: newNode, leaves: [newNode] };
+    }
+    const leftCount = highestPowerOf2LessThan(n);
+    const leftBranch = this.calculateRoot(leaves.slice(0, leftCount));
+    const rightBranch = this.calculateRoot(leaves.slice(leftCount));
+    const leftChild = leftBranch.root;
+    const rightChild = rightBranch.root;
+    const hash = this.hashNode(leftChild.hash, rightChild.hash);
+    const node = new Node(leftChild, rightChild, hash);
+    leftChild.parent = node;
+    rightChild.parent = node;
+    return { root: node, leaves: leftBranch.leaves.concat(rightBranch.leaves) };
+  }
+
+  hashNode(left: Buffer, right: Buffer): Buffer {
+    return this.h(Buffer.concat([Buffer.of(1), left, right]));
+  }
+}
+
+export function hashLeaf(
+  buf: Buffer,
+  hashFunction: (buf: Buffer) => Buffer = crypto.sha256
+): Buffer {
+  return hashConcat(Buffer.of(0), buf, hashFunction);
+}
+
+function hashConcat(
+  bufA: Buffer,
+  bufB: Buffer,
+  hashFunction: (buf: Buffer) => Buffer
+): Buffer {
+  return hashFunction(Buffer.concat([bufA, bufB]));
+}
+
+class Node {
+  leftChild?: Node;
+  rightChild?: Node;
+  parent?: Node;
+  hash: Buffer;
+  constructor(left: Node | undefined, right: Node | undefined, hash: Buffer) {
+    this.leftChild = left;
+    this.rightChild = right;
+    this.hash = hash;
+  }
+  isLeaf(): boolean {
+    return this.leftChild == undefined;
+  }
+}
+
+function proveNode(node: Node): Buffer[] {
+  if (!node.parent) {
+    return [];
+  }
+  if (node.parent.leftChild == node) {
+    if (!node.parent.rightChild) {
+      throw new Error("Expected right child to exist");
+    }
+    return [node.parent.rightChild.hash, ...proveNode(node.parent)];
+  } else {
+    if (!node.parent.leftChild) {
+      throw new Error("Expected left child to exist");
+    }
+    return [node.parent.leftChild.hash, ...proveNode(node.parent)];
+  }
+}
+
+function highestPowerOf2LessThan(n: number) {
+  if (n < 2) {
+    throw Error("Expected n >= 2");
+  }
+  if (isPowerOf2(n)) {
+    return n / 2;
+  }
+  return 1 << Math.floor(Math.log2(n));
+}
+
+function isPowerOf2(n: number): boolean {
+  return (n & (n - 1)) == 0;
+}

package/src/newops/merkleMap.ts

@@ -0,0 +1,39 @@
+import { createVarint } from "../varint";
+import { hashLeaf, Merkle } from "./merkle";
+
+export class MerkleMap {
+  keys: Buffer[];
+  keysTree: Merkle;
+  values: Buffer[];
+  valuesTree: Merkle;
+  /**
+   * @param keys Sorted list of (unhashed) keys
+   * @param values values, in corresponding order as the keys, and of equal length
+   */
+  constructor(keys: Buffer[], values: Buffer[]) {
+    if (keys.length != values.length) {
+      throw new Error("keys and values should have the same length");
+    }
+
+    // Sanity check: verify that keys are actually sorted and with no duplicates
+    for (let i = 0; i < keys.length - 1; i++) {
+      if (keys[i].toString("hex") >= keys[i + 1].toString("hex")) {
+        throw new Error("keys must be in strictly increasing order");
+      }
+    }
+
+    this.keys = keys;
+    this.keysTree = new Merkle(keys.map((k) => hashLeaf(k)));
+    this.values = values;
+    this.valuesTree = new Merkle(values.map((v) => hashLeaf(v)));
+  }
+
+  commitment(): Buffer {
+    // returns a buffer between 65 and 73 (included) bytes long
+    return Buffer.concat([
+      createVarint(this.keys.length),
+      this.keysTree.getRoot(),
+      this.valuesTree.getRoot(),
+    ]);
+  }
+}

package/src/newops/policy.ts

@@ -0,0 +1,52 @@
+import { pathArrayToString } from "../bip32";
+import { BufferWriter } from "../buffertools";
+import { crypto } from "bitcoinjs-lib";
+import { Merkle, hashLeaf } from "./merkle";
+
+export type DefaultDescriptorTemplate =
+  | "pkh(@0)"
+  | "sh(wpkh(@0))"
+  | "wpkh(@0)"
+  | "tr(@0)";
+
+export class WalletPolicy {
+  descriptorTemplate: string;
+  keys: string[];
+  /**
+   * For now, we only support default descriptor templates.
+   */
+  constructor(descriptorTemplate: DefaultDescriptorTemplate, key: string) {
+    this.descriptorTemplate = descriptorTemplate;
+    this.keys = [key];
+  }
+
+  getWalletId(): Buffer {
+    // wallet_id (sha256 of the wallet serialization),
+    return crypto.sha256(this.serialize());
+  }
+
+  serialize(): Buffer {
+    const keyBuffers = this.keys.map((k) => {
+      return Buffer.from(k, "ascii");
+    });
+    const m = new Merkle(keyBuffers.map((k) => hashLeaf(k)));
+
+    const buf = new BufferWriter();
+    buf.writeUInt8(0x01); // wallet type (policy map)
+    buf.writeUInt8(0); // length of wallet name (empty string for default wallets)
+    buf.writeVarSlice(Buffer.from(this.descriptorTemplate, "ascii"));
+    buf.writeVarInt(this.keys.length), buf.writeSlice(m.getRoot());
+    return buf.buffer();
+  }
+}
+
+export function createKey(
+  masterFingerprint: Buffer,
+  path: number[],
+  xpub: string
+): string {
+  const accountPath = pathArrayToString(path);
+  return `[${masterFingerprint.toString("hex")}${accountPath.substring(
+    1
+  )}]${xpub}/**`;
+}

package/src/newops/psbtExtractor.ts

@@ -0,0 +1,33 @@
+import { BufferWriter } from "../buffertools";
+import { PsbtV2 } from "./psbtv2";
+
+export function extract(psbt: PsbtV2): Buffer {
+  const tx = new BufferWriter();
+  tx.writeUInt32(psbt.getGlobalTxVersion());
+
+  const isSegwit = !!psbt.getInputWitnessUtxo(0);
+  if (isSegwit) {
+    tx.writeSlice(Buffer.of(0, 1));
+  }
+  const inputCount = psbt.getGlobalInputCount();
+  tx.writeVarInt(inputCount);
+  const witnessWriter = new BufferWriter();
+  for (let i = 0; i < inputCount; i++) {
+    tx.writeSlice(psbt.getInputPreviousTxid(i));
+    tx.writeUInt32(psbt.getInputOutputIndex(i));
+    tx.writeVarSlice(psbt.getInputFinalScriptsig(i) ?? Buffer.of());
+    tx.writeUInt32(psbt.getInputSequence(i));
+    if (isSegwit) {
+      witnessWriter.writeSlice(psbt.getInputFinalScriptwitness(i));
+    }
+  }
+  const outputCount = psbt.getGlobalOutputCount();
+  tx.writeVarInt(outputCount);
+  for (let i = 0; i < outputCount; i++) {
+    tx.writeUInt64(BigInt(psbt.getOutputAmount(i)));
+    tx.writeVarSlice(psbt.getOutputScript(i));
+  }
+  tx.writeSlice(witnessWriter.buffer());
+  tx.writeUInt32(psbt.getGlobalFallbackLocktime() ?? 0);
+  return tx.buffer();
+}

package/src/newops/psbtFinalizer.ts

@@ -0,0 +1,110 @@
+import { BufferWriter } from "../buffertools";
+import { psbtIn, PsbtV2 } from "./psbtv2";
+
+/**
+ *
+ * @param psbt The psbt with all signatures added as partial sigs, either through PSBT_IN_PARTIAL_SIG or PSBT_IN_TAP_KEY_SIG
+ */
+export function finalize(psbt: PsbtV2): void {
+  // First check that each input has a signature
+  const inputCount = psbt.getGlobalInputCount();
+  for (let i = 0; i < inputCount; i++) {
+    const legacyPubkeys = psbt.getInputKeyDatas(i, psbtIn.PARTIAL_SIG);
+    const taprootSig = psbt.getInputTapKeySig(i);
+    if (legacyPubkeys.length == 0 && !taprootSig) {
+      throw Error(`No signature for input ${i} present`);
+    }
+    if (legacyPubkeys.length > 0) {
+      if (legacyPubkeys.length > 1) {
+        throw Error(
+          `Expected exactly one signature, got ${legacyPubkeys.length}`
+        );
+      }
+      if (taprootSig) {
+        throw Error("Both taproot and non-taproot signatures present.");
+      }
+
+      const isSegwitV0 = !!psbt.getInputWitnessUtxo(i);
+      const redeemScript = psbt.getInputRedeemScript(i);
+      const isWrappedSegwit = !!redeemScript;
+      const signature = psbt.getInputPartialSig(i, legacyPubkeys[0]);
+      if (!signature)
+        throw new Error("Expected partial signature for input " + i);
+      if (isSegwitV0) {
+        const witnessBuf = new BufferWriter();
+        witnessBuf.writeVarInt(2);
+        witnessBuf.writeVarInt(signature.length);
+        witnessBuf.writeSlice(signature);
+        witnessBuf.writeVarInt(legacyPubkeys[0].length);
+        witnessBuf.writeSlice(legacyPubkeys[0]);
+        psbt.setInputFinalScriptwitness(i, witnessBuf.buffer());
+        if (isWrappedSegwit) {
+          if (!redeemScript || redeemScript.length == 0) {
+            throw new Error(
+              "Expected non-empty redeemscript. Can't finalize intput " + i
+            );
+          }
+          const scriptSigBuf = new BufferWriter();
+          // Push redeemScript length
+          scriptSigBuf.writeUInt8(redeemScript.length);
+          scriptSigBuf.writeSlice(redeemScript);
+          psbt.setInputFinalScriptsig(i, scriptSigBuf.buffer());
+        }
+      } else {
+        // Legacy input
+        const scriptSig = new BufferWriter();
+        writePush(scriptSig, signature);
+        writePush(scriptSig, legacyPubkeys[0]);
+        psbt.setInputFinalScriptsig(i, scriptSig.buffer());
+      }
+    } else {
+      // Taproot input
+      const signature = psbt.getInputTapKeySig(i);
+      if (!signature) {
+        throw Error("No taproot signature found");
+      }
+      if (signature.length != 64) {
+        throw Error("Unexpected length of schnorr signature.");
+      }
+      const witnessBuf = new BufferWriter();
+      witnessBuf.writeVarInt(1);
+      witnessBuf.writeVarInt(64);
+      witnessBuf.writeSlice(signature);
+      psbt.setInputFinalScriptwitness(i, witnessBuf.buffer());
+    }
+    clearFinalizedInput(psbt, i);
+  }
+}
+
+function clearFinalizedInput(psbt: PsbtV2, inputIndex: number) {
+  const keyTypes = [
+    psbtIn.BIP32_DERIVATION,
+    psbtIn.PARTIAL_SIG,
+    psbtIn.TAP_BIP32_DERIVATION,
+    psbtIn.TAP_KEY_SIG,
+  ];
+  const witnessUtxoAvailable = !!psbt.getInputWitnessUtxo(inputIndex);
+  const nonWitnessUtxoAvailable = !!psbt.getInputNonWitnessUtxo(inputIndex);
+  if (witnessUtxoAvailable && nonWitnessUtxoAvailable) {
+    // Remove NON_WITNESS_UTXO for segwit v0 as it's only needed while signing.
+    // Segwit v1 doesn't have NON_WITNESS_UTXO set.
+    // See https://github.com/bitcoin/bips/blob/master/bip-0174.mediawiki#cite_note-7
+    keyTypes.push(psbtIn.NON_WITNESS_UTXO);
+  }
+  psbt.deleteInputEntries(inputIndex, keyTypes);
+}
+
+function writePush(buf: BufferWriter, data: Buffer) {
+  if (data.length <= 75) {
+    buf.writeUInt8(data.length);
+  } else if (data.length <= 256) {
+    buf.writeUInt8(76);
+    buf.writeUInt8(data.length);
+  } else if (data.length <= 256 * 256) {
+    buf.writeUInt8(77);
+    const b = Buffer.alloc(2);
+    b.writeUInt16LE(data.length, 0);
+    buf.writeSlice(b);
+  }
+  buf.writeSlice(data);
+}