@ledgerhq/hw-ledger-key-ring-protocol 0.2.1-nightly.0

package/src/CommandStreamEncoder.ts

@@ -0,0 +1,144 @@
+import { TLV } from "./tlv";
+import {
+  CommandBlock,
+  Command,
+  CommandType,
+  Derive,
+  Seed,
+  AddMember,
+  CloseStream,
+  PublishKey,
+  EditMember,
+} from "./CommandBlock";
+
+export const TLVCommandStreamEncoder = {
+  packSeed: function (b: Seed): Uint8Array {
+    let object = new Uint8Array();
+    if (b.topic) {
+      object = TLV.pushBytes(object, b.topic);
+    } else {
+      object = TLV.pushBytes(object, new Uint8Array(0));
+    }
+    object = TLV.pushInt16(object, b.protocolVersion);
+    object = TLV.pushPublicKey(object, b.groupKey);
+    object = TLV.pushBytes(object, b.initializationVector);
+    object = TLV.pushBytes(object, b.encryptedXpriv);
+    object = TLV.pushPublicKey(object, b.ephemeralPublicKey);
+    return object;
+  },
+
+  packDerive: function (b: Derive): Uint8Array {
+    let object = new Uint8Array();
+    object = TLV.pushDerivationPath(object, b.path);
+    object = TLV.pushPublicKey(object, b.groupKey);
+    object = TLV.pushBytes(object, b.initializationVector);
+    object = TLV.pushBytes(object, b.encryptedXpriv);
+    object = TLV.pushPublicKey(object, b.ephemeralPublicKey);
+    return object;
+  },
+
+  packAddMember: function (b: AddMember): Uint8Array {
+    let object = new Uint8Array();
+    object = TLV.pushString(object, b.name);
+    object = TLV.pushPublicKey(object, b.publicKey);
+    object = TLV.pushInt32(object, b.permissions);
+    return object;
+  },
+
+  packPublishKey: function (b: PublishKey): Uint8Array {
+    let object = new Uint8Array();
+    object = TLV.pushBytes(object, b.initializationVector);
+    object = TLV.pushBytes(object, b.encryptedXpriv);
+    object = TLV.pushPublicKey(object, b.recipient);
+    object = TLV.pushPublicKey(object, b.ephemeralPublicKey);
+    return object;
+  },
+
+  packCloseStream: function (b: CloseStream): Uint8Array {
+    b as CloseStream;
+    return new Uint8Array();
+  },
+
+  packEditMember: function (b: EditMember): Uint8Array {
+    let object = new Uint8Array();
+    object = TLV.pushPublicKey(object, b.member);
+    if (b.permissions) {
+      object = TLV.pushInt32(object, b.permissions);
+    } else {
+      object = TLV.pushNull(object);
+    }
+    if (b.name) {
+      object = TLV.pushString(object, b.name);
+    } else {
+      object = TLV.pushNull(object);
+    }
+    return object;
+  },
+};
+
+function packCommand(buffer: Uint8Array, command: Command): Uint8Array {
+  let object = new Uint8Array();
+  switch (command.getType()) {
+    case CommandType.Seed:
+      object = TLVCommandStreamEncoder.packSeed(command as Seed);
+      break;
+    case CommandType.Derive:
+      object = TLVCommandStreamEncoder.packDerive(command as Derive);
+      break;
+    case CommandType.AddMember:
+      object = TLVCommandStreamEncoder.packAddMember(command as AddMember);
+      break;
+    case CommandType.PublishKey:
+      object = TLVCommandStreamEncoder.packPublishKey(command as PublishKey);
+      break;
+    case CommandType.CloseStream:
+      object = TLVCommandStreamEncoder.packCloseStream(command as CloseStream);
+      break;
+    case CommandType.EditMember:
+      object = TLVCommandStreamEncoder.packEditMember(command as EditMember);
+      break;
+  }
+  buffer = TLV.pushTLV(buffer, command.getType(), object.length, object);
+  return buffer;
+}
+
+export class CommandStreamEncoder {
+  public static encode(stream: CommandBlock[]): Uint8Array {
+    return pack(stream);
+  }
+
+  public static encodeBlockHeader(block: CommandBlock): Uint8Array {
+    let buffer = new Uint8Array();
+    buffer = TLV.pushByte(buffer, block.version);
+    buffer = TLV.pushHash(buffer, block.parent);
+    buffer = TLV.pushPublicKey(buffer, block.issuer);
+    buffer = TLV.pushByte(buffer, block.commands.length);
+    return buffer;
+  }
+
+  public static encodeCommand(block: CommandBlock, index: number): Uint8Array {
+    if (index >= block.commands.length || index < 0) {
+      throw new Error("Index out of range");
+    }
+    let buffer = new Uint8Array();
+    buffer = packCommand(buffer, block.commands[index]);
+    return buffer;
+  }
+
+  public static encodeSignature(block: CommandBlock): Uint8Array {
+    if (block.signature.length === 0) return new Uint8Array();
+    return TLV.pushSignature(new Uint8Array(), block.signature);
+  }
+}
+
+function pack(stream: CommandBlock[]): Uint8Array {
+  let buffer = new Uint8Array();
+  for (const block of stream) {
+    buffer = TLV.push(buffer, CommandStreamEncoder.encodeBlockHeader(block));
+    for (let index = 0; index < block.commands.length; index++) {
+      buffer = TLV.push(buffer, CommandStreamEncoder.encodeCommand(block, index));
+    }
+    buffer = TLV.push(buffer, CommandStreamEncoder.encodeSignature(block));
+  }
+  return buffer;
+}

package/src/CommandStreamJsonifier.ts

@@ -0,0 +1,82 @@
+import { to_hex } from "./NobleCrypto";
+import {
+  Command,
+  CommandBlock,
+  CommandType,
+  Seed,
+  AddMember,
+  PublishKey,
+  EditMember,
+  Derive,
+} from "./CommandBlock";
+import { DerivationPath } from "./Crypto";
+import { CommandStreamEncoder } from "./CommandStreamEncoder";
+import { createHash } from "crypto";
+
+export default class CommandStreamJsonifier {
+  private static jsonifyCommand(command: Command): object {
+    switch (command.getType()) {
+      case CommandType.Seed:
+        return {
+          type: "Seed",
+          topic: to_hex((command as Seed).topic),
+          groupKey: to_hex((command as Seed).groupKey),
+          encryptedXpriv: to_hex((command as Seed).encryptedXpriv),
+          ephemeralPublicKey: to_hex((command as Seed).ephemeralPublicKey),
+          initializationVector: to_hex((command as Seed).initializationVector),
+        };
+      case CommandType.AddMember:
+        return {
+          type: "AddMember",
+          name: (command as AddMember).name,
+          publicKey: to_hex((command as AddMember).publicKey),
+          permissions: (command as AddMember).permissions,
+        };
+      case CommandType.EditMember:
+        return {
+          type: "EditMember",
+          member: to_hex((command as EditMember).member),
+          name: (command as EditMember).name,
+          permissions: (command as EditMember).permissions,
+        };
+      case CommandType.Derive:
+        return {
+          type: "Derive",
+          path: DerivationPath.toString((command as Derive).path),
+          groupKey: to_hex((command as Derive).groupKey),
+          encryptedXpriv: to_hex((command as Derive).encryptedXpriv),
+          ephemeralPublicKey: to_hex((command as Derive).ephemeralPublicKey),
+          initializationVector: to_hex((command as Derive).initializationVector),
+        };
+      case CommandType.CloseStream:
+        return {
+          type: "CloseStream",
+        };
+      case CommandType.PublishKey:
+        return {
+          type: "PublishKey",
+          encryptedXpriv: to_hex((command as PublishKey).encryptedXpriv),
+          initializationVector: to_hex((command as PublishKey).initializationVector),
+          ephemeralPublicKey: to_hex((command as PublishKey).ephemeralPublicKey),
+          recipient: to_hex((command as PublishKey).recipient),
+        };
+    }
+  }
+
+  public static jsonify(stream: CommandBlock[]): object {
+    return stream.map(block => {
+      const b = CommandStreamEncoder.encode([block]);
+      const h = createHash("sha256");
+      h.update(b);
+      return {
+        parent: to_hex(block.parent),
+        issuer: to_hex(block.issuer),
+        hash: h.digest().toString("hex"),
+        command: block.commands.map(command => {
+          return CommandStreamJsonifier.jsonifyCommand(command);
+        }),
+        signature: to_hex(block.signature),
+      };
+    });
+  }
+}

package/src/CommandStreamResolver.ts

@@ -0,0 +1,284 @@
+import {
+  CommandBlock,
+  Command,
+  verifyCommandBlock,
+  Seed,
+  AddMember,
+  PublishKey,
+  Derive,
+  CommandType,
+  hashCommandBlock,
+  Permissions,
+} from "./CommandBlock";
+import { crypto } from "./Crypto";
+
+interface PublishedKey {
+  encryptedXpriv: Uint8Array;
+  ephemeralPublicKey: Uint8Array;
+  issuer: Uint8Array;
+  initialiationVector: Uint8Array;
+}
+
+type MemberData = {
+  id: string;
+  name: string;
+  permissions: number;
+};
+
+class ResolvedCommandStreamInternals {
+  public isCreated: boolean = false;
+  public members: Uint8Array[] = [];
+  public membersData: MemberData[] = [];
+  public topic: Uint8Array | null = null;
+  public keys: Map<string, PublishedKey> = new Map();
+  public permission: Map<string, number> = new Map();
+  public height: number = 0;
+  public streamId: string = "";
+  public hashes: string[] = [];
+  public names: Map<string, string> = new Map();
+  public groupPublicKey: Uint8Array = new Uint8Array();
+  public derivationPath: number[] = [];
+}
+
+export class ResolvedCommandStream {
+  private _internals: ResolvedCommandStreamInternals;
+
+  constructor(internals: ResolvedCommandStreamInternals) {
+    this._internals = internals;
+  }
+
+  public isCreated(): boolean {
+    return this._internals.isCreated;
+  }
+
+  public getMembers(): Uint8Array[] {
+    return this._internals.members;
+  }
+
+  public getMembersData(): MemberData[] {
+    return this._internals.membersData;
+  }
+
+  public getTopic(): Uint8Array | null {
+    return this._internals.topic;
+  }
+
+  public isOwner(publicKey: Uint8Array): boolean {
+    return this._internals.permission.get(crypto.to_hex(publicKey)) === Permissions.OWNER;
+  }
+
+  public isKeyCreator(publicKey: Uint8Array): boolean {
+    return (
+      (this._internals.permission.get(crypto.to_hex(publicKey))! & Permissions.KEY_CREATOR) ===
+      Permissions.KEY_CREATOR
+    );
+  }
+
+  public ownsKey(publicKey: Uint8Array): boolean {
+    return this._internals.keys.get(crypto.to_hex(publicKey)) !== undefined;
+  }
+
+  public isMemberAdder(publicKey: Uint8Array): boolean {
+    return (
+      (this._internals.permission.get(crypto.to_hex(publicKey))! & Permissions.ADD_MEMBER) ===
+      Permissions.ADD_MEMBER
+    );
+  }
+
+  public isMemberRemover(publicKey: Uint8Array): boolean {
+    return (
+      (this._internals.permission.get(crypto.to_hex(publicKey))! & Permissions.REMOVE_MEMBER) ===
+      Permissions.REMOVE_MEMBER
+    );
+  }
+
+  public keyCount(): number {
+    return this._internals.keys.size;
+  }
+
+  public getEncryptedKey(publicKey: Uint8Array): PublishedKey | null {
+    const key = this._internals.keys.get(crypto.to_hex(publicKey));
+    if (key) return key;
+    return null;
+  }
+
+  public getGroupPublicKey(): Uint8Array {
+    return this._internals.groupPublicKey;
+  }
+
+  public getStreamDerivationPath(): number[] {
+    return this._internals.derivationPath;
+  }
+}
+
+function exists(list: Uint8Array[], obj: Uint8Array): boolean {
+  for (const item of list) {
+    if (obj.length !== item.length) {
+      continue;
+    }
+    for (let i = 0; i < item.length; i++) {
+      if (item[i] !== obj[i]) {
+        continue;
+      }
+    }
+    return true;
+  }
+  return false;
+}
+
+export default class CommandStreamResolver {
+  private static assertIssuerCanPublish(
+    issuer: Uint8Array,
+    internals: ResolvedCommandStreamInternals,
+  ): void {
+    if (!exists(internals.members, issuer)) {
+      throw new Error("Issuer is not a member of the group at height " + internals.height);
+    }
+    if ((internals.permission.get(crypto.to_hex(issuer))! & 0x02) === Permissions.KEY_READER) {
+      throw new Error(
+        "Issuer does not have permission to publish keys at height " + internals.height,
+      );
+    }
+    if (
+      internals.keys.get(crypto.to_hex(issuer)) === undefined &&
+      (internals.permission.get(crypto.to_hex(issuer))! & Permissions.KEY_CREATOR) !=
+        Permissions.KEY_CREATOR
+    ) {
+      throw new Error("Issuer does not have a key to publish at height " + internals.height);
+    }
+    if (
+      !internals.keys.has(crypto.to_hex(issuer)) &&
+      (internals.permission.get(crypto.to_hex(issuer))! & Permissions.KEY_CREATOR) !==
+        Permissions.KEY_CREATOR &&
+      internals.keys.keys.length > 0
+    ) {
+      throw new Error("Issuer is trying to publish a new key at height " + internals.height);
+    }
+  }
+
+  private static assertIssuerCanAddMember(
+    issuer: Uint8Array,
+    internals: ResolvedCommandStreamInternals,
+  ): void {
+    if (!exists(internals.members, issuer)) {
+      throw new Error("Issuer is not a member of the group at height " + internals.height);
+    }
+    if (
+      (internals.permission.get(crypto.to_hex(issuer))! & Permissions.ADD_MEMBER) !==
+      Permissions.ADD_MEMBER
+    ) {
+      throw new Error(
+        "Issuer does not have permission to add members at height " + internals.height,
+      );
+    }
+  }
+
+  private static assertStreamIsCreated(internals: ResolvedCommandStreamInternals): void {
+    if (internals.isCreated === false) {
+      throw new Error("The stream is not created at height " + internals.height);
+    }
+  }
+
+  private static replayCommand(
+    command: Command,
+    block: CommandBlock,
+    blockHash: string,
+    height: number,
+    internals: ResolvedCommandStreamInternals,
+  ): ResolvedCommandStreamInternals {
+    switch (command.getType()) {
+      case CommandType.Seed:
+        internals.isCreated = true;
+        internals.topic = (command as Seed).topic;
+        internals.members.push(block.issuer);
+        internals.permission.set(crypto.to_hex(block.issuer), Permissions.OWNER);
+        internals.streamId = blockHash;
+        internals.keys.set(crypto.to_hex(block.issuer), {
+          encryptedXpriv: (command as Seed).encryptedXpriv,
+          issuer: block.issuer,
+          ephemeralPublicKey: (command as Seed).ephemeralPublicKey,
+          initialiationVector: (command as Seed).initializationVector,
+        });
+        internals.groupPublicKey = (command as Seed).groupKey;
+        break;
+      case CommandType.Derive:
+        internals.isCreated = true;
+        internals.members.push(block.issuer);
+        internals.permission.set(crypto.to_hex(block.issuer), Permissions.OWNER);
+        internals.streamId = blockHash;
+        internals.keys.set(crypto.to_hex(block.issuer), {
+          encryptedXpriv: (command as Derive).encryptedXpriv,
+          ephemeralPublicKey: (command as Derive).ephemeralPublicKey,
+          initialiationVector: (command as Derive).initializationVector,
+          issuer: block.issuer,
+        });
+        internals.groupPublicKey = (command as Derive).groupKey;
+        internals.derivationPath = (command as Derive).path;
+        break;
+      case CommandType.AddMember: {
+        this.assertStreamIsCreated(internals);
+        this.assertIssuerCanAddMember(block.issuer, internals);
+        const { publicKey, permissions, name } = command as AddMember;
+        const id = crypto.to_hex(publicKey);
+        internals.members.push(publicKey);
+        internals.permission.set(id, permissions);
+        internals.names.set(id, name);
+        internals.membersData.push({ id, name, permissions });
+        break;
+      }
+      case CommandType.PublishKey:
+        this.assertStreamIsCreated(internals);
+        this.assertIssuerCanPublish(block.issuer, internals);
+        internals.keys.set(crypto.to_hex((command as PublishKey).recipient), {
+          encryptedXpriv: (command as PublishKey).encryptedXpriv,
+          ephemeralPublicKey: (command as PublishKey).ephemeralPublicKey,
+          issuer: block.issuer,
+          initialiationVector: (command as PublishKey).initializationVector,
+        });
+        break;
+    }
+    return internals;
+  }
+
+  private static async resolveBlock(
+    block: CommandBlock,
+    height: number,
+    internals: ResolvedCommandStreamInternals,
+  ): Promise<ResolvedCommandStreamInternals> {
+    // Check signature
+    if ((await verifyCommandBlock(block)) === false) {
+      throw new Error("Invalid block signature at height " + height);
+    }
+    // Check if issuer is part of the group
+    if (height > 0 && !exists(internals.members, block.issuer)) {
+      throw new Error("Issuer is not part of the group at height " + height);
+    }
+
+    const blockHash = crypto.to_hex(await hashCommandBlock(block));
+
+    for (const command of block.commands) {
+      internals = CommandStreamResolver.replayCommand(command, block, blockHash, height, internals);
+    }
+    internals.hashes.push(blockHash);
+    return internals;
+  }
+
+  public static async resolve(stream: CommandBlock[]): Promise<ResolvedCommandStream> {
+    let internals = new ResolvedCommandStreamInternals();
+    for (let height = 0; height < stream.length; height++) {
+      internals.height = height;
+      const block = stream[height];
+      if (
+        height > 0 &&
+        crypto.to_hex(block.parent) !== crypto.to_hex(await hashCommandBlock(stream[height - 1]))
+      ) {
+        throw new Error(
+          "Command stream has been tampered with (invalid parent hash) at height " + height,
+        );
+      }
+      if (block.signature.length === 0) break;
+      internals = await CommandStreamResolver.resolveBlock(block, height, internals);
+    }
+    return new ResolvedCommandStream(internals);
+  }
+}

package/src/Crypto.ts

@@ -0,0 +1,78 @@
+import { NobleCryptoSecp256k1 } from "./NobleCrypto";
+
+export interface KeyPair {
+  publicKey: Uint8Array;
+  privateKey: Uint8Array;
+}
+
+export interface KeyPairWithChainCode extends KeyPair {
+  chainCode: Uint8Array;
+}
+
+/**
+ *
+ */
+export interface Crypto {
+  randomKeypair(): Promise<KeyPair>;
+  keypairFromSecretKey(secretKey: Uint8Array): Promise<KeyPair>;
+  sign(message: Uint8Array, keyPair: KeyPair): Promise<Uint8Array>;
+  verify(message: Uint8Array, signature: Uint8Array, publicKey: Uint8Array): Promise<boolean>;
+  encrypt(secret: Uint8Array, nonce: Uint8Array, message: Uint8Array): Promise<Uint8Array>;
+  decrypt(secret: Uint8Array, nonce: Uint8Array, ciphertext: Uint8Array): Promise<Uint8Array>;
+  randomBytes(size: number): Promise<Uint8Array>;
+  ecdh(keyPair: KeyPair, publicKey: Uint8Array): Promise<Uint8Array>;
+  hash(message: Uint8Array): Promise<Uint8Array>;
+  computeSymmetricKey(privateKey: Uint8Array, extra: Uint8Array): Promise<Uint8Array>;
+  from_hex(hex: string): Uint8Array;
+  to_hex(bytes?: Uint8Array): string;
+  derivePrivate(xpriv: Uint8Array, path: number[]): Promise<KeyPairWithChainCode>;
+}
+
+export class DerivationPath {
+  private constructor() {}
+
+  static hardenedIndex(index: number): number {
+    return index + 0x80000000;
+  }
+
+  static reverseHardenedIndex(index: number): number {
+    return index - 0x80000000;
+  }
+
+  static toIndexArray(path: string | number[]): number[] {
+    if (Array.isArray(path)) {
+      return path;
+    }
+    if (path.startsWith("m/")) {
+      path = path.substring(2);
+    }
+    return path.split("/").map(s => {
+      if (s.endsWith("'") || s.endsWith("h")) {
+        return parseInt(s.substring(0, s.length - 1)) + 0x80000000;
+      }
+      return parseInt(s);
+    });
+  }
+
+  static toString(path: number[] | string): string {
+    if (typeof path === "string") {
+      return path;
+    }
+    return (
+      "m/" +
+      path
+        .map(s => {
+          if (s >= 0x80000000) {
+            return s - 0x80000000 + "'";
+          }
+          return s;
+        })
+        .join("/")
+    );
+  }
+}
+
+/**
+ *
+ */
+export const crypto = new NobleCryptoSecp256k1();