@shapeshiftoss/hdwallet-gridplus 1.62.4-gridplus.alpha.0

package/src/solana.ts

@@ -0,0 +1,97 @@
+import * as core from "@shapeshiftoss/hdwallet-core";
+import { PublicKey } from "@solana/web3.js";
+import bs58 from "bs58";
+import { Client, Constants } from "gridplus-sdk";
+
+export async function solanaGetAddress(client: Client, msg: core.SolanaGetAddress): Promise<string | null> {
+  // Solana requires all path indices to be hardened (BIP32 hardened derivation)
+  // Hardening is indicated by setting the highest bit (0x80000000)
+  // If an index is already >= 0x80000000, it's already hardened; otherwise add 0x80000000
+  const correctedPath = msg.addressNList.map((idx) => {
+    if (idx >= 0x80000000) {
+      return idx;
+    } else {
+      return idx + 0x80000000;
+    }
+  });
+
+  const allHardened = correctedPath.every((idx) => idx >= 0x80000000);
+
+  if (!allHardened) {
+    throw new Error("Failed to harden all Solana path indices for ED25519");
+  }
+
+  const fwVersion = client.getFwVersion();
+
+  if (fwVersion.major === 0 && fwVersion.minor < 14) {
+    throw new Error(
+      `Solana requires firmware >= 0.14.0, current: ${fwVersion.major}.${fwVersion.minor}.${fwVersion.fix}`
+    );
+  }
+
+  const addresses = await client.getAddresses({
+    startPath: correctedPath,
+    n: 1,
+    flag: Constants.GET_ADDR_FLAGS.ED25519_PUB,
+  });
+
+  if (!addresses.length) {
+    throw new Error("No address returned from device");
+  }
+
+  const pubkeyBuffer = Buffer.isBuffer(addresses[0]) ? addresses[0] : Buffer.from(addresses[0], "hex");
+
+  const address = bs58.encode(pubkeyBuffer);
+
+  return address;
+}
+
+export async function solanaSignTx(client: Client, msg: core.SolanaSignTx): Promise<core.SolanaSignedTx | null> {
+  // Ensure all path indices are hardened for Solana (see solanaGetAddress for explanation)
+  const correctedPath = msg.addressNList.map((idx) => {
+    if (idx >= 0x80000000) return idx;
+    return idx + 0x80000000;
+  });
+
+  const allHardened = correctedPath.every((idx) => idx >= 0x80000000);
+  if (!allHardened) {
+    throw new Error("Failed to harden all Solana path indices - this should never happen");
+  }
+
+  const address = await solanaGetAddress(client, {
+    addressNList: correctedPath,
+    showDisplay: false,
+  });
+
+  if (!address) throw new Error("Failed to get Solana address");
+
+  const transaction = core.solanaBuildTransaction(msg, address);
+  const messageBytes = transaction.message.serialize();
+
+  const signingRequest = {
+    data: {
+      signerPath: correctedPath,
+      curveType: Constants.SIGNING.CURVES.ED25519,
+      hashType: Constants.SIGNING.HASHES.NONE,
+      encodingType: Constants.SIGNING.ENCODINGS.SOLANA,
+      payload: Buffer.from(messageBytes),
+    },
+  };
+
+  const signData = await client.sign(signingRequest);
+
+  if (!signData || !signData.sig) {
+    throw new Error("No signature returned from device");
+  }
+
+  const signature = Buffer.concat([signData.sig.r, signData.sig.s]);
+
+  transaction.addSignature(new PublicKey(address), signature);
+
+  const serializedTx = transaction.serialize();
+
+  return {
+    serialized: Buffer.from(serializedTx).toString("base64"),
+    signatures: transaction.signatures.map((sig) => Buffer.from(sig).toString("base64")),
+  };
+}

package/src/thorchain.ts

@@ -0,0 +1,125 @@
+import { pointCompress } from "@bitcoinerlab/secp256k1";
+import type { StdTx } from "@cosmjs/amino";
+import type { DirectSignResponse, OfflineDirectSigner } from "@cosmjs/proto-signing";
+import type { SignerData } from "@cosmjs/stargate";
+import * as core from "@shapeshiftoss/hdwallet-core";
+import type { SignDoc } from "cosmjs-types/cosmos/tx/v1beta1/tx";
+import { Client, Constants } from "gridplus-sdk";
+import PLazy from "p-lazy";
+
+import { createCosmosAddress } from "./cosmos";
+
+const protoTxBuilder = PLazy.from(() => import("@shapeshiftoss/proto-tx-builder"));
+const cosmJsProtoSigning = PLazy.from(() => import("@cosmjs/proto-signing"));
+
+export async function thorchainGetAddress(client: Client, msg: core.ThorchainGetAddress): Promise<string | null> {
+  const prefix = msg.testnet ? "tthor" : "thor";
+
+  // Get secp256k1 pubkey using GridPlus client instance
+  // Use FULL path - THORChain uses standard BIP44: m/44'/931'/0'/0/0 (5 levels)
+  const addresses = await client.getAddresses({
+    startPath: msg.addressNList,
+    n: 1,
+    flag: Constants.GET_ADDR_FLAGS.SECP256K1_PUB,
+  });
+
+  if (!addresses.length) {
+    throw new Error("No address returned from device");
+  }
+
+  // GridPlus SDK returns uncompressed 65-byte pubkeys, but THORChain needs compressed 33-byte pubkeys
+  const pubkeyBuffer = Buffer.isBuffer(addresses[0]) ? addresses[0] : Buffer.from(addresses[0], "hex");
+  const compressedPubkey = pointCompress(pubkeyBuffer, true);
+  const compressedHex = Buffer.from(compressedPubkey).toString("hex");
+  const thorAddress = createCosmosAddress(compressedHex, prefix);
+
+  return thorAddress;
+}
+
+export async function thorchainSignTx(
+  client: Client,
+  msg: core.ThorchainSignTx
+): Promise<core.ThorchainSignedTx | null> {
+  // Get the address for this path
+  const address = await thorchainGetAddress(client, { addressNList: msg.addressNList, testnet: msg.testnet });
+  if (!address) throw new Error("Failed to get THORChain address");
+
+  // Get the public key using client instance
+  const pubkeys = await client.getAddresses({
+    startPath: msg.addressNList,
+    n: 1,
+    flag: Constants.GET_ADDR_FLAGS.SECP256K1_PUB,
+  });
+
+  if (!pubkeys.length) {
+    throw new Error("No public key returned from device");
+  }
+
+  // GridPlus SDK returns uncompressed 65-byte pubkeys, but THORChain needs compressed 33-byte pubkeys
+  const pubkeyBuffer = Buffer.isBuffer(pubkeys[0]) ? pubkeys[0] : Buffer.from(pubkeys[0], "hex");
+  const compressedPubkey = pointCompress(pubkeyBuffer, true);
+  const pubkey = Buffer.from(compressedPubkey);
+
+  // Create a signer adapter for GridPlus with Direct signing (Proto)
+  const signer: OfflineDirectSigner = {
+    getAccounts: async () => [
+      {
+        address,
+        pubkey,
+        algo: "secp256k1" as const,
+      },
+    ],
+    signDirect: async (signerAddress: string, signDoc: SignDoc): Promise<DirectSignResponse> => {
+      if (signerAddress !== address) {
+        throw new Error("Signer address mismatch");
+      }
+
+      // Use CosmJS to create the sign bytes from the SignDoc
+      const signBytes = (await cosmJsProtoSigning).makeSignBytes(signDoc);
+
+      // Sign using GridPlus SDK general signing
+      // Pass unhashed signBytes and let device hash with SHA256
+      const signData = {
+        data: {
+          payload: signBytes,
+          curveType: Constants.SIGNING.CURVES.SECP256K1,
+          hashType: Constants.SIGNING.HASHES.SHA256,
+          encodingType: Constants.SIGNING.ENCODINGS.NONE,
+          signerPath: msg.addressNList,
+        },
+      };
+
+      const signedResult = await client.sign(signData);
+
+      if (!signedResult?.sig) {
+        throw new Error("No signature returned from device");
+      }
+
+      const { r, s } = signedResult.sig;
+      const rHex = Buffer.isBuffer(r) ? r : Buffer.from(r);
+      const sHex = Buffer.isBuffer(s) ? s : Buffer.from(s);
+
+      // Combine r and s for signature
+      const signature = Buffer.concat([rHex, sHex]);
+
+      return {
+        signed: signDoc,
+        signature: {
+          pub_key: {
+            type: "tendermint/PubKeySecp256k1",
+            value: pubkey.toString("base64"),
+          },
+          signature: signature.toString("base64"),
+        },
+      };
+    },
+  };
+
+  const signerData: SignerData = {
+    sequence: Number(msg.sequence),
+    accountNumber: Number(msg.account_number),
+    chainId: msg.chain_id,
+  };
+
+  return (await protoTxBuilder).sign(address, msg.tx as StdTx, signer, signerData, "thorchain");
+}

package/src/transport.ts

@@ -0,0 +1,131 @@
+import * as core from "@shapeshiftoss/hdwallet-core";
+import { randomBytes } from "crypto";
+import { Client } from "gridplus-sdk";
+
+export type GridPlusTransportConfig = {
+  deviceId: string;
+  password?: string;
+};
+
+export class GridPlusTransport extends core.Transport {
+  public deviceId?: string;
+  public password?: string;
+  public connected: boolean = false;
+  private client?: Client;
+  // Session identifier used to track reconnections. When present, we can skip
+  // passing deviceId to SDK setup() which avoids triggering the pairing screen
+  // on the device and enables faster reconnection from localStorage.
+  private sessionId?: string;
+
+  constructor(config: GridPlusTransportConfig) {
+    super(new core.Keyring());
+    this.deviceId = config.deviceId;
+    this.password = config.password;
+  }
+
+  public getDeviceID(): Promise<string> {
+    return Promise.resolve(this.deviceId || "");
+  }
+
+  public async connect(): Promise<void> {
+    if (!this.deviceId) {
+      throw new Error("Device ID is required to connect to GridPlus");
+    }
+
+    const { isPaired } = await this.setup(this.deviceId, this.password);
+
+    if (!isPaired) {
+      throw new Error("Device is not paired");
+    }
+  }
+
+  public async connectGridPlus(deviceId: string, password?: string): Promise<void> {
+    this.deviceId = deviceId;
+    this.password = password || "shapeshift-default";
+    await this.connect();
+  }
+
+  public async disconnect(): Promise<void> {
+    this.connected = false;
+    this.deviceId = undefined;
+    this.password = undefined;
+  }
+
+  public isConnected(): boolean {
+    return this.connected;
+  }
+
+  public async setup(
+    deviceId: string,
+    password?: string,
+    existingSessionId?: string
+  ): Promise<{ isPaired: boolean; sessionId: string }> {
+    this.deviceId = deviceId;
+    this.password = password || "shapeshift-default";
+
+    // Use existing sessionId if provided, otherwise generate new one
+    if (existingSessionId) {
+      this.sessionId = existingSessionId;
+    } else if (!this.sessionId) {
+      this.sessionId = randomBytes(32).toString("hex");
+    }
+
+    // Create Client instance directly (Frame pattern) - no localStorage!
+    // This ensures we always get fresh activeWallets from device
+    if (!this.client) {
+      this.client = new Client({
+        name: "ShapeShift",
+        baseUrl: "https://signing.gridpl.us",
+        privKey: Buffer.from(this.sessionId, "hex"),
+        retryCount: 3,
+        timeout: 60000,
+        skipRetryOnWrongWallet: true,
+      });
+
+      try {
+        // Connect to device - returns true if paired, false if needs pairing
+        const isPaired = await this.client.connect(deviceId);
+        this.connected = true;
+        return { isPaired, sessionId: this.sessionId };
+      } catch (error) {
+        // Handle "Device Locked" error - treat as unpaired
+        const errorMessage = error instanceof Error ? error.message : String(error);
+        if (errorMessage.toLowerCase().includes("device locked")) {
+          this.connected = true;
+          return { isPaired: false, sessionId: this.sessionId };
+        }
+
+        throw error;
+      }
+    } else {
+      // Client already exists, reset active wallets to clear stale state before reconnecting
+      // This is critical when switching between SafeCards - ensures fresh wallet state from device
+      this.client.resetActiveWallets();
+      const isPaired = await this.client.connect(deviceId);
+      this.connected = true;
+      return { isPaired, sessionId: this.sessionId };
+    }
+  }
+
+  public async pair(pairingCode: string): Promise<boolean> {
+    if (!this.client) {
+      throw new Error("Client not initialized. Call setup() first.");
+    }
+
+    const result = await this.client.pair(pairingCode);
+    this.connected = !!result;
+    return !!result;
+  }
+
+  public getClient(): Client | undefined {
+    return this.client;
+  }
+
+  public getSessionId(): string | undefined {
+    return this.sessionId;
+  }
+
+  public async call(): Promise<any> {
+    throw new Error("GridPlus transport call not implemented");
+  }
+}

package/src/utils.ts

@@ -0,0 +1,101 @@
+import * as core from "@shapeshiftoss/hdwallet-core";
+import * as bech32 from "bech32";
+import { decode as bs58Decode, encode as bs58Encode } from "bs58check";
+import CryptoJS from "crypto-js";
+
+import { accountTypeToVersion, convertVersions, UTXO_NETWORK_PARAMS, UtxoAccountType } from "./constants";
+
+/**
+ * Convert xpub version bytes for different coins (e.g., xpub → dgub for Dogecoin)
+ * GridPlus returns Bitcoin-format xpubs, but some coins like Dogecoin need different prefixes
+ */
+export function convertXpubVersion(xpub: string, accountType: UtxoAccountType | undefined, coin: string): string {
+  if (!accountType) return xpub;
+  if (!convertVersions.includes(xpub.substring(0, 4))) {
+    return xpub;
+  }
+
+  const payload = bs58Decode(xpub);
+  const version = payload.slice(0, 4);
+  const desiredVersion = accountTypeToVersion(coin, accountType);
+  if (version.compare(desiredVersion) !== 0) {
+    const key = payload.slice(4);
+    return bs58Encode(Buffer.concat([desiredVersion, key]));
+  }
+  return xpub;
+}
+
+export function scriptTypeToAccountType(scriptType: core.BTCInputScriptType | undefined): UtxoAccountType | undefined {
+  switch (scriptType) {
+    case core.BTCInputScriptType.SpendAddress:
+      return UtxoAccountType.P2pkh;
+    case core.BTCInputScriptType.SpendWitness:
+      return UtxoAccountType.SegwitNative;
+    case core.BTCInputScriptType.SpendP2SHWitness:
+      return UtxoAccountType.SegwitP2sh;
+    default:
+      return undefined;
+  }
+}
+
+/**
+ * Derive a UTXO address from a compressed public key
+ * @param pubkeyHex - Compressed public key as hex string (33 bytes, starting with 02 or 03)
+ * @param coin - Coin name (Bitcoin, Dogecoin, Litecoin, etc.)
+ * @param scriptType - Script type (p2pkh, p2wpkh, p2sh-p2wpkh)
+ * @returns The derived address
+ */
+export function deriveAddressFromPubkey(
+  pubkeyHex: string,
+  coin: string,
+  scriptType: core.BTCInputScriptType = core.BTCInputScriptType.SpendAddress
+): string {
+  const network = UTXO_NETWORK_PARAMS[coin] || UTXO_NETWORK_PARAMS.Bitcoin;
+  const pubkeyBuffer = Buffer.from(pubkeyHex, "hex");
+
+  if (pubkeyBuffer.length !== 33) {
+    throw new Error(`Invalid compressed public key length: ${pubkeyBuffer.length} bytes`);
+  }
+
+  // Hash160 = RIPEMD160(SHA256(pubkey))
+  const sha256Hash = CryptoJS.SHA256(CryptoJS.enc.Hex.parse(pubkeyHex));
+  const hash160 = CryptoJS.RIPEMD160(sha256Hash).toString();
+  const hash160Buffer = Buffer.from(hash160, "hex");
+
+  switch (scriptType) {
+    case core.BTCInputScriptType.SpendAddress: {
+      // P2PKH: <pubKeyHash version byte> + hash160 + checksum
+      const payload = Buffer.concat([Buffer.from([network.pubKeyHash]), hash160Buffer]);
+      return bs58Encode(payload);
+    }
+
+    case core.BTCInputScriptType.SpendWitness: {
+      // P2WPKH (bech32): witness version 0 + hash160
+      if (!network.bech32) {
+        throw new Error(`Bech32 not supported for ${coin}`);
+      }
+      const words = bech32.toWords(hash160Buffer);
+      words.unshift(0); // witness version 0
+      return bech32.encode(network.bech32, words);
+    }
+
+    case core.BTCInputScriptType.SpendP2SHWitness: {
+      // P2SH-P2WPKH: scriptHash of witness program
+      // Witness program: OP_0 (0x00) + length (0x14) + hash160
+      const witnessProgram = Buffer.concat([Buffer.from([0x00, 0x14]), hash160Buffer]);
+
+      // Hash160 of witness program
+      const wpHex = witnessProgram.toString("hex");
+      const wpSha256 = CryptoJS.SHA256(CryptoJS.enc.Hex.parse(wpHex));
+      const wpHash160 = CryptoJS.RIPEMD160(wpSha256).toString();
+      const wpHash160Buffer = Buffer.from(wpHash160, "hex");
+
+      // Encode with scriptHash version byte
+      const payload = Buffer.concat([Buffer.from([network.scriptHash]), wpHash160Buffer]);
+      return bs58Encode(payload);
+    }
+
+    default:
+      throw new Error(`Unsupported script type: ${scriptType}`);
+  }
+}

package/tsconfig.json

@@ -0,0 +1,10 @@
+{
+  "extends": "../../tsconfig.json",
+  "compilerOptions": {
+    "outDir": "dist",
+    "rootDir": "src"
+  },
+  "include": ["src/**/*"],
+  "exclude": ["node_modules", "dist"],
+  "references": [{ "path": "../hdwallet-core" }]
+}