@ledgerhq/hw-app-btc 6.20.0 → 6.25.1-alpha.3

package/lib-es/createTransaction.js.flow

@@ -0,0 +1,419 @@
+// @flow
+
+import { log } from "@ledgerhq/logs";
+import type Transport from "@ledgerhq/hw-transport";
+import { hashPublicKey } from "./hashPublicKey";
+import { getWalletPublicKey } from "./getWalletPublicKey";
+import type { AddressFormat } from "./getWalletPublicKey";
+import { getTrustedInput } from "./getTrustedInput";
+import { startUntrustedHashTransactionInput } from "./startUntrustedHashTransactionInput";
+import { serializeTransaction } from "./serializeTransaction";
+import { getTrustedInputBIP143 } from "./getTrustedInputBIP143";
+import { compressPublicKey } from "./compressPublicKey";
+import { signTransaction } from "./signTransaction";
+import { hashOutputFull, provideOutputFullChangePath } from "./finalizeInput";
+import { getAppAndVersion } from "./getAppAndVersion";
+import type { TransactionOutput, Transaction } from "./types";
+import {
+  DEFAULT_LOCKTIME,
+  DEFAULT_SEQUENCE,
+  SIGHASH_ALL,
+  OP_DUP,
+  OP_HASH160,
+  HASH_SIZE,
+  OP_EQUALVERIFY,
+  OP_CHECKSIG,
+} from "./constants";
+import { shouldUseTrustedInputForSegwit } from "./shouldUseTrustedInputForSegwit";
+
+export type { AddressFormat };
+
+const defaultsSignTransaction = {
+  lockTime: DEFAULT_LOCKTIME,
+  sigHashType: SIGHASH_ALL,
+  segwit: false,
+  additionals: [],
+  onDeviceStreaming: (_e) => {},
+  onDeviceSignatureGranted: () => {},
+  onDeviceSignatureRequested: () => {},
+};
+
+/**
+ *
+ */
+export type CreateTransactionArg = {
+  inputs: Array<[Transaction, number, ?string, ?number]>,
+  associatedKeysets: string[],
+  changePath?: string,
+  outputScriptHex: string,
+  lockTime?: number,
+  sigHashType?: number,
+  segwit?: boolean,
+  initialTimestamp?: number,
+  additionals: Array<string>,
+  expiryHeight?: Buffer,
+  useTrustedInputForSegwit?: boolean,
+  onDeviceStreaming?: ({
+    progress: number,
+    total: number,
+    index: number,
+  }) => void,
+  onDeviceSignatureRequested?: () => void,
+  onDeviceSignatureGranted?: () => void,
+};
+
+export async function createTransaction(
+  transport: Transport<*>,
+  arg: CreateTransactionArg
+) {
+  let {
+    inputs,
+    associatedKeysets,
+    changePath,
+    outputScriptHex,
+    lockTime,
+    sigHashType,
+    segwit,
+    initialTimestamp,
+    additionals,
+    expiryHeight,
+    useTrustedInputForSegwit,
+    onDeviceStreaming,
+    onDeviceSignatureGranted,
+    onDeviceSignatureRequested,
+  } = {
+    ...defaultsSignTransaction,
+    ...arg,
+  };
+
+  if (useTrustedInputForSegwit === undefined) {
+    try {
+      const a = await getAppAndVersion(transport);
+      useTrustedInputForSegwit = shouldUseTrustedInputForSegwit(a);
+    } catch (e) {
+      if (e.statusCode === 0x6d00) {
+        useTrustedInputForSegwit = false;
+      } else {
+        throw e;
+      }
+    }
+  }
+
+  // loop: 0 or 1 (before and after)
+  // i: index of the input being streamed
+  // i goes on 0...n, inluding n. in order for the progress value to go to 1
+  // we normalize the 2 loops to make a global percentage
+  const notify = (loop, i) => {
+    const { length } = inputs;
+    if (length < 3) return; // there is not enough significant event to worth notifying (aka just use a spinner)
+    const index = length * loop + i;
+    const total = 2 * length;
+    const progress = index / total;
+    onDeviceStreaming({ progress, total, index });
+  };
+
+  const isDecred = additionals.includes("decred");
+  const isXST = additionals.includes("stealthcoin");
+  let startTime = Date.now();
+  const sapling = additionals.includes("sapling");
+  const bech32 = segwit && additionals.includes("bech32");
+  let useBip143 =
+    segwit ||
+    (!!additionals &&
+      (additionals.includes("abc") ||
+        additionals.includes("gold") ||
+        additionals.includes("bip143"))) ||
+    (!!expiryHeight && !isDecred);
+  // Inputs are provided as arrays of [transaction, output_index, optional redeem script, optional sequence]
+  // associatedKeysets are provided as arrays of [path]
+  const nullScript = Buffer.alloc(0);
+  const nullPrevout = Buffer.alloc(0);
+  const defaultVersion = Buffer.alloc(4);
+  !!expiryHeight && !isDecred
+    ? defaultVersion.writeUInt32LE(sapling ? 0x80000004 : 0x80000003, 0)
+    : isXST
+    ? defaultVersion.writeUInt32LE(2, 0)
+    : defaultVersion.writeUInt32LE(1, 0); // Default version to 2 for XST not to have timestamp
+  const trustedInputs: Array<*> = [];
+  const regularOutputs: Array<TransactionOutput> = [];
+  const signatures = [];
+  const publicKeys = [];
+  let firstRun = true;
+  const resuming = false;
+  const targetTransaction: Transaction = {
+    inputs: [],
+    version: defaultVersion,
+    timestamp: Buffer.alloc(0),
+  };
+
+  const getTrustedInputCall =
+    useBip143 && !useTrustedInputForSegwit
+      ? getTrustedInputBIP143
+      : getTrustedInput;
+  const outputScript = Buffer.from(outputScriptHex, "hex");
+
+  notify(0, 0);
+
+  // first pass on inputs to get trusted inputs
+  for (let input of inputs) {
+    if (!resuming) {
+      const trustedInput = await getTrustedInputCall(
+        transport,
+        input[1],
+        input[0],
+        additionals
+      );
+      log("hw", "got trustedInput=" + trustedInput);
+      let sequence = Buffer.alloc(4);
+      sequence.writeUInt32LE(
+        input.length >= 4 && typeof input[3] === "number"
+          ? input[3]
+          : DEFAULT_SEQUENCE,
+        0
+      );
+      trustedInputs.push({
+        trustedInput: true,
+        value: Buffer.from(trustedInput, "hex"),
+        sequence,
+      });
+    }
+
+    const { outputs } = input[0];
+    const index = input[1];
+    if (outputs && index <= outputs.length - 1) {
+      regularOutputs.push(outputs[index]);
+    }
+
+    if (expiryHeight && !isDecred) {
+      targetTransaction.nVersionGroupId = Buffer.from(
+        sapling ? [0x85, 0x20, 0x2f, 0x89] : [0x70, 0x82, 0xc4, 0x03]
+      );
+      targetTransaction.nExpiryHeight = expiryHeight;
+      // For sapling : valueBalance (8), nShieldedSpend (1), nShieldedOutput (1), nJoinSplit (1)
+      // Overwinter : use nJoinSplit (1)
+      targetTransaction.extraData = Buffer.from(
+        sapling
+          ? [0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]
+          : [0x00]
+      );
+    } else if (isDecred) {
+      targetTransaction.nExpiryHeight = expiryHeight;
+    }
+  }
+
+  targetTransaction.inputs = inputs.map((input) => {
+    let sequence = Buffer.alloc(4);
+    sequence.writeUInt32LE(
+      input.length >= 4 && typeof input[3] === "number"
+        ? input[3]
+        : DEFAULT_SEQUENCE,
+      0
+    );
+    return {
+      script: nullScript,
+      prevout: nullPrevout,
+      sequence,
+    };
+  });
+
+  if (!resuming) {
+    // Collect public keys
+    const result = [];
+    for (let i = 0; i < inputs.length; i++) {
+      const r = await getWalletPublicKey(transport, {
+        path: associatedKeysets[i],
+      });
+      notify(0, i + 1);
+      result.push(r);
+    }
+    for (let i = 0; i < result.length; i++) {
+      publicKeys.push(
+        compressPublicKey(Buffer.from(result[i].publicKey, "hex"))
+      );
+    }
+  }
+
+  if (initialTimestamp !== undefined) {
+    targetTransaction.timestamp = Buffer.alloc(4);
+    targetTransaction.timestamp.writeUInt32LE(
+      Math.floor(initialTimestamp + (Date.now() - startTime) / 1000),
+      0
+    );
+  }
+
+  onDeviceSignatureRequested();
+
+  if (useBip143) {
+    // Do the first run with all inputs
+    await startUntrustedHashTransactionInput(
+      transport,
+      true,
+      targetTransaction,
+      trustedInputs,
+      true,
+      !!expiryHeight,
+      additionals,
+      useTrustedInputForSegwit
+    );
+
+    if (!resuming && changePath) {
+      await provideOutputFullChangePath(transport, changePath);
+    }
+
+    await hashOutputFull(transport, outputScript);
+  }
+
+  if (!!expiryHeight && !isDecred) {
+    await signTransaction(transport, "", lockTime, SIGHASH_ALL, expiryHeight);
+  }
+
+  // Do the second run with the individual transaction
+  for (let i = 0; i < inputs.length; i++) {
+    const input = inputs[i];
+    let script =
+      inputs[i].length >= 3 && typeof input[2] === "string"
+        ? Buffer.from(input[2], "hex")
+        : !segwit
+        ? regularOutputs[i].script
+        : Buffer.concat([
+            Buffer.from([OP_DUP, OP_HASH160, HASH_SIZE]),
+            hashPublicKey(publicKeys[i]),
+            Buffer.from([OP_EQUALVERIFY, OP_CHECKSIG]),
+          ]);
+    let pseudoTX = Object.assign({}, targetTransaction);
+    let pseudoTrustedInputs = useBip143 ? [trustedInputs[i]] : trustedInputs;
+    if (useBip143) {
+      pseudoTX.inputs = [{ ...pseudoTX.inputs[i], script }];
+    } else {
+      pseudoTX.inputs[i].script = script;
+    }
+
+    await startUntrustedHashTransactionInput(
+      transport,
+      !useBip143 && firstRun,
+      pseudoTX,
+      pseudoTrustedInputs,
+      useBip143,
+      !!expiryHeight && !isDecred,
+      additionals,
+      useTrustedInputForSegwit
+    );
+
+    if (!useBip143) {
+      if (!resuming && changePath) {
+        await provideOutputFullChangePath(transport, changePath);
+      }
+      await hashOutputFull(transport, outputScript, additionals);
+    }
+
+    if (firstRun) {
+      onDeviceSignatureGranted();
+      notify(1, 0);
+    }
+
+    const signature = await signTransaction(
+      transport,
+      associatedKeysets[i],
+      lockTime,
+      sigHashType,
+      expiryHeight,
+      additionals
+    );
+    notify(1, i + 1);
+
+    signatures.push(signature);
+    targetTransaction.inputs[i].script = nullScript;
+    if (firstRun) {
+      firstRun = false;
+    }
+  }
+
+  // Populate the final input scripts
+  for (let i = 0; i < inputs.length; i++) {
+    if (segwit) {
+      targetTransaction.witness = Buffer.alloc(0);
+      if (!bech32) {
+        targetTransaction.inputs[i].script = Buffer.concat([
+          Buffer.from("160014", "hex"),
+          hashPublicKey(publicKeys[i]),
+        ]);
+      }
+    } else {
+      const signatureSize = Buffer.alloc(1);
+      const keySize = Buffer.alloc(1);
+      signatureSize[0] = signatures[i].length;
+      keySize[0] = publicKeys[i].length;
+      targetTransaction.inputs[i].script = Buffer.concat([
+        signatureSize,
+        signatures[i],
+        keySize,
+        publicKeys[i],
+      ]);
+    }
+    let offset = useBip143 && !useTrustedInputForSegwit ? 0 : 4;
+    targetTransaction.inputs[i].prevout = trustedInputs[i].value.slice(
+      offset,
+      offset + 0x24
+    );
+  }
+
+  const lockTimeBuffer = Buffer.alloc(4);
+  lockTimeBuffer.writeUInt32LE(lockTime, 0);
+
+  var result = Buffer.concat([
+    serializeTransaction(
+      targetTransaction,
+      false,
+      targetTransaction.timestamp,
+      additionals
+    ),
+    outputScript,
+  ]);
+
+  if (segwit && !isDecred) {
+    var witness = Buffer.alloc(0);
+    for (var i = 0; i < inputs.length; i++) {
+      var tmpScriptData = Buffer.concat([
+        Buffer.from("02", "hex"),
+        Buffer.from([signatures[i].length]),
+        signatures[i],
+        Buffer.from([publicKeys[i].length]),
+        publicKeys[i],
+      ]);
+      witness = Buffer.concat([witness, tmpScriptData]);
+    }
+    result = Buffer.concat([result, witness]);
+  }
+
+  // FIXME: In ZEC or KMD sapling lockTime is serialized before expiryHeight.
+  // expiryHeight is used only in overwinter/sapling so I moved lockTimeBuffer here
+  // and it should not break other coins because expiryHeight is false for them.
+  // Don't know about Decred though.
+  result = Buffer.concat([result, lockTimeBuffer]);
+
+  if (expiryHeight) {
+    result = Buffer.concat([
+      result,
+      targetTransaction.nExpiryHeight || Buffer.alloc(0),
+      targetTransaction.extraData || Buffer.alloc(0),
+    ]);
+  }
+
+  if (isDecred) {
+    let decredWitness = Buffer.from([targetTransaction.inputs.length]);
+    inputs.forEach((input, inputIndex) => {
+      decredWitness = Buffer.concat([
+        decredWitness,
+        Buffer.from([0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]),
+        Buffer.from([0x00, 0x00, 0x00, 0x00]), //Block height
+        Buffer.from([0xff, 0xff, 0xff, 0xff]), //Block index
+        Buffer.from([targetTransaction.inputs[inputIndex].script.length]),
+        targetTransaction.inputs[inputIndex].script,
+      ]);
+    });
+
+    result = Buffer.concat([result, decredWitness]);
+  }
+
+  return result.toString("hex");
+}

package/lib-es/debug.js.flow

@@ -0,0 +1,41 @@
+// @flow
+import type { Transaction } from "./types";
+
+export function formatTransactionDebug(transaction: Transaction) {
+  let str = "TX";
+  str += " version " + transaction.version.toString("hex");
+  if (transaction.locktime) {
+    str += " locktime " + transaction.locktime.toString("hex");
+  }
+  if (transaction.witness) {
+    str += " witness " + transaction.witness.toString("hex");
+  }
+  if (transaction.timestamp) {
+    str += " timestamp " + transaction.timestamp.toString("hex");
+  }
+  if (transaction.nVersionGroupId) {
+    str += " nVersionGroupId " + transaction.nVersionGroupId.toString("hex");
+  }
+  if (transaction.nExpiryHeight) {
+    str += " nExpiryHeight " + transaction.nExpiryHeight.toString("hex");
+  }
+  if (transaction.extraData) {
+    str += " extraData " + transaction.extraData.toString("hex");
+  }
+  transaction.inputs.forEach(({ prevout, script, sequence }, i) => {
+    str += `\ninput ${i}:`;
+    str += ` prevout ${prevout.toString("hex")}`;
+    str += ` script ${script.toString("hex")}`;
+    str += ` sequence ${sequence.toString("hex")}`;
+  });
+  (transaction.outputs || []).forEach(({ amount, script }, i) => {
+    str += `\noutput ${i}:`;
+    str += ` amount ${amount.toString("hex")}`;
+    str += ` script ${script.toString("hex")}`;
+  });
+  return str;
+}
+
+export function displayTransactionDebug(transaction: Transaction) {
+  console.log(formatTransactionDebug(transaction));
+}

package/lib-es/finalizeInput.js.flow

@@ -0,0 +1,38 @@
+// @flow
+import Transport from "@ledgerhq/hw-transport";
+import { bip32asBuffer } from "./bip32";
+import { MAX_SCRIPT_BLOCK } from "./constants";
+
+export function provideOutputFullChangePath(
+  transport: Transport<*>,
+  path: string
+): Promise<string> {
+  let buffer = bip32asBuffer(path);
+  return transport.send(0xe0, 0x4a, 0xff, 0x00, buffer);
+}
+
+export async function hashOutputFull(
+  transport: Transport<*>,
+  outputScript: Buffer,
+  additionals: Array<string> = []
+): Promise<void> {
+  let offset = 0;
+  let p1 = 0x80;
+  const isDecred = additionals.includes("decred");
+  ///WARNING: Decred works only with one call (without chunking)
+  //TODO: test without this for Decred
+  if (isDecred) {
+    return transport.send(0xe0, 0x4a, p1, 0x00, outputScript);
+  }
+
+  while (offset < outputScript.length) {
+    let blockSize =
+      offset + MAX_SCRIPT_BLOCK >= outputScript.length
+        ? outputScript.length - offset
+        : MAX_SCRIPT_BLOCK;
+    let p1 = offset + blockSize === outputScript.length ? 0x80 : 0x00;
+    let data = outputScript.slice(offset, offset + blockSize);
+    await transport.send(0xe0, 0x4a, p1, 0x00, data);
+    offset += blockSize;
+  }
+}

package/lib-es/getAppAndVersion.js.flow

@@ -0,0 +1,19 @@
+// @flow
+import invariant from "invariant";
+import Transport from "@ledgerhq/hw-transport";
+
+export const getAppAndVersion = async (
+  transport: Transport<*>
+): Promise<{ name: string, version: string, flags: number }> => {
+  const r = await transport.send(0xb0, 0x01, 0x00, 0x00);
+  let i = 0;
+  const format = r[i++];
+  invariant(format === 1, "getAppAndVersion: format not supported");
+  const nameLength = r[i++];
+  const name = r.slice(i, (i += nameLength)).toString("ascii");
+  const versionLength = r[i++];
+  const version = r.slice(i, (i += versionLength)).toString("ascii");
+  const flagLength = r[i++];
+  const flags = r.slice(i, (i += flagLength));
+  return { name, version, flags };
+};

package/lib-es/getTrustedInput.js.flow

@@ -0,0 +1,163 @@
+// @flow
+import invariant from "invariant";
+import type Transport from "@ledgerhq/hw-transport";
+import type { Transaction } from "./types";
+import { MAX_SCRIPT_BLOCK } from "./constants";
+import { createVarint } from "./varint";
+
+export async function getTrustedInputRaw(
+  transport: Transport<*>,
+  transactionData: Buffer,
+  indexLookup: ?number
+): Promise<string> {
+  let data;
+  let firstRound = false;
+  if (typeof indexLookup === "number") {
+    firstRound = true;
+    const prefix = Buffer.alloc(4);
+    prefix.writeUInt32BE(indexLookup, 0);
+    data = Buffer.concat([prefix, transactionData], transactionData.length + 4);
+  } else {
+    data = transactionData;
+  }
+  const trustedInput = await transport.send(
+    0xe0,
+    0x42,
+    firstRound ? 0x00 : 0x80,
+    0x00,
+    data
+  );
+
+  const res = trustedInput.slice(0, trustedInput.length - 2).toString("hex");
+  return res;
+}
+
+export async function getTrustedInput(
+  transport: Transport<*>,
+  indexLookup: number,
+  transaction: Transaction,
+  additionals: Array<string> = []
+): Promise<string> {
+  const {
+    version,
+    inputs,
+    outputs,
+    locktime,
+    nExpiryHeight,
+    extraData,
+  } = transaction;
+  if (!outputs || !locktime) {
+    throw new Error("getTrustedInput: locktime & outputs is expected");
+  }
+  const isDecred = additionals.includes("decred");
+  const isXST = additionals.includes("stealthcoin");
+
+  const processScriptBlocks = async (script, sequence) => {
+    const seq = sequence || Buffer.alloc(0);
+    const scriptBlocks = [];
+    let offset = 0;
+    while (offset !== script.length) {
+      let blockSize =
+        script.length - offset > MAX_SCRIPT_BLOCK
+          ? MAX_SCRIPT_BLOCK
+          : script.length - offset;
+      if (offset + blockSize !== script.length) {
+        scriptBlocks.push(script.slice(offset, offset + blockSize));
+      } else {
+        scriptBlocks.push(
+          Buffer.concat([script.slice(offset, offset + blockSize), seq])
+        );
+      }
+      offset += blockSize;
+    }
+
+    // Handle case when no script length: we still want to pass the sequence
+    // relatable: https://github.com/LedgerHQ/ledger-live-desktop/issues/1386
+    if (script.length === 0) {
+      scriptBlocks.push(seq);
+    }
+
+    let res;
+    for (let scriptBlock of scriptBlocks) {
+      res = await getTrustedInputRaw(transport, scriptBlock);
+    }
+    return res;
+  };
+
+  const processWholeScriptBlock = (block) =>
+    getTrustedInputRaw(transport, block);
+
+  await getTrustedInputRaw(
+    transport,
+    Buffer.concat([
+      transaction.version,
+      transaction.timestamp || Buffer.alloc(0),
+      transaction.nVersionGroupId || Buffer.alloc(0),
+      createVarint(inputs.length),
+    ]),
+    indexLookup
+  );
+
+  for (let input of inputs) {
+    const isXSTV2 =
+      isXST &&
+      Buffer.compare(version, Buffer.from([0x02, 0x00, 0x00, 0x00])) === 0;
+    const treeField = isDecred
+      ? input.tree || Buffer.from([0x00])
+      : Buffer.alloc(0);
+    const data = Buffer.concat([
+      input.prevout,
+      treeField,
+      isXSTV2 ? Buffer.from([0x00]) : createVarint(input.script.length),
+    ]);
+    await getTrustedInputRaw(transport, data);
+
+    // iteration (eachSeries) ended
+    // TODO notify progress
+    // deferred.notify("input");
+    // Reference: https://github.com/StealthSend/Stealth/commit/5be35d6c2c500b32ed82e5d6913d66d18a4b0a7f#diff-e8db9b851adc2422aadfffca88f14c91R566
+    await (isDecred
+      ? processWholeScriptBlock(Buffer.concat([input.script, input.sequence]))
+      : isXSTV2
+      ? processWholeScriptBlock(input.sequence)
+      : processScriptBlocks(input.script, input.sequence));
+  }
+
+  await getTrustedInputRaw(transport, createVarint(outputs.length));
+
+  for (let output of outputs) {
+    const data = Buffer.concat([
+      output.amount,
+      isDecred ? Buffer.from([0x00, 0x00]) : Buffer.alloc(0), //Version script
+      createVarint(output.script.length),
+      output.script,
+    ]);
+    await getTrustedInputRaw(transport, data);
+  }
+
+  const endData = [];
+
+  if (nExpiryHeight && nExpiryHeight.length > 0) {
+    endData.push(nExpiryHeight);
+  }
+
+  if (extraData && extraData.length > 0) {
+    endData.push(extraData);
+  }
+
+  let extraPart;
+  if (endData.length) {
+    const data = Buffer.concat(endData);
+    extraPart = isDecred
+      ? data
+      : Buffer.concat([createVarint(data.length), data]);
+  }
+
+  const res = await processScriptBlocks(
+    Buffer.concat([locktime, extraPart || Buffer.alloc(0)])
+  );
+
+  invariant(res, "missing result in processScriptBlocks");
+
+  return res;
+}