@swapkit/wallet-hardware 4.8.0 → 4.8.2

package/src/ledger/clients/sui.ts

@@ -0,0 +1,130 @@
+import type Sui from "@ledgerhq/hw-app-sui";
+import {
+  Chain,
+  type DerivationPathArray,
+  derivationPathToString,
+  NetworkDerivationPath,
+  SwapKitError,
+} from "@swapkit/helpers";
+
+import { getLedgerTransport } from "../helpers/getLedgerTransport";
+
+export class SuiLedgerInterface {
+  derivationPath: string;
+  ledgerApp: InstanceType<typeof Sui> | null = null;
+  address: string | null = null;
+  publicKey: Uint8Array | null = null;
+
+  constructor(derivationPath?: DerivationPathArray | string) {
+    this.derivationPath =
+      typeof derivationPath === "string"
+        ? derivationPath
+        : derivationPathToString(derivationPath || NetworkDerivationPath[Chain.Sui]);
+  }
+
+  /**
+   * Transform derivation path for SUI Ledger format.
+   * SUI Ledger expects: 44'/784'/0'/0'/0' (all hardened, no 'm/' prefix)
+   * Standard format is: m/44'/784'/0'/0/0 (only first 3 hardened, has 'm/' prefix)
+   */
+  private getLedgerPath(): string {
+    return this.derivationPath
+      .replace(/^m\//, "") // Remove 'm/' prefix
+      .replace(/\/(\d+)\/(\d+)$/, "/$1'/$2'"); // Make last two components hardened
+  }
+
+  private async createTransportAndLedger() {
+    if (this.ledgerApp) return;
+
+    const transport = await getLedgerTransport();
+    const SuiApp = (await import("@ledgerhq/hw-app-sui")).default;
+    this.ledgerApp = new SuiApp(transport);
+  }
+
+  async connect(): Promise<string> {
+    await this.createTransportAndLedger();
+
+    if (!this.ledgerApp) {
+      throw new SwapKitError("wallet_ledger_transport_error");
+    }
+
+    const ledgerPath = this.getLedgerPath();
+    const result = await this.ledgerApp.getPublicKey(ledgerPath);
+
+    if (!result?.publicKey) {
+      throw new SwapKitError("wallet_ledger_failed_to_get_address");
+    }
+
+    this.publicKey = result.publicKey;
+    this.address = `0x${Buffer.from(result.address).toString("hex")}`;
+
+    return this.address;
+  }
+
+  toSuiAddress(): string {
+    if (!this.address) {
+      throw new SwapKitError("wallet_ledger_failed_to_get_address");
+    }
+    return this.address;
+  }
+
+  async getAddress(): Promise<string> {
+    if (this.address) return this.address;
+    return await this.connect();
+  }
+
+  async signTransaction(
+    input: Uint8Array | { transaction: Uint8Array },
+  ): Promise<{ bytes: string; signature: string }> {
+    const txBytes = input instanceof Uint8Array ? input : input.transaction;
+    await this.createTransportAndLedger();
+
+    if (!this.ledgerApp) {
+      throw new SwapKitError("wallet_ledger_transport_error");
+    }
+
+    if (!this.publicKey) {
+      throw new SwapKitError("wallet_ledger_failed_to_get_address");
+    }
+
+    try {
+      const ledgerPath = this.getLedgerPath();
+
+      // SUI intent message format for TransactionData:
+      // [intent_scope=0 (TransactionData), intent_version=0, app_id=0] + transaction_bytes
+      // The Ledger SUI app expects the INTENT MESSAGE, not raw transaction bytes
+      const intentMessage = new Uint8Array(3 + txBytes.length);
+      intentMessage[0] = 0; // IntentScope: TransactionData
+      intentMessage[1] = 0; // IntentVersion: V0
+      intentMessage[2] = 0; // AppId: Sui
+      intentMessage.set(txBytes, 3);
+
+      const result = await this.ledgerApp.signTransaction(ledgerPath, intentMessage);
+
+      if (!result?.signature) {
+        throw new SwapKitError("wallet_ledger_signing_error");
+      }
+
+      // SUI signature format: [scheme_flag (1 byte)] + [signature (64 bytes)] + [public_key (32 bytes)]
+      // Scheme flag 0x00 = Ed25519
+      const pubKey = this.publicKey.length === 33 ? this.publicKey.slice(1) : this.publicKey;
+      if (pubKey.length !== 32) {
+        throw new SwapKitError("wallet_ledger_signing_error", { error: "Invalid public key length" });
+      }
+
+      const serializedSignature = new Uint8Array(1 + 64 + 32);
+      serializedSignature[0] = 0x00; // Ed25519 scheme flag
+      serializedSignature.set(result.signature, 1);
+      serializedSignature.set(pubKey, 65);
+
+      const signatureBase64 = Buffer.from(serializedSignature).toString("base64");
+      const bytesBase64 = Buffer.from(txBytes).toString("base64");
+
+      return { bytes: bytesBase64, signature: signatureBase64 };
+    } catch (error) {
+      throw new SwapKitError("wallet_ledger_signing_error", { error });
+    }
+  }
+}
+
+export const SuiLedger = (derivationPath?: DerivationPathArray) => new SuiLedgerInterface(derivationPath);

package/src/ledger/clients/thorchain/common.ts

@@ -0,0 +1,93 @@
+export const CLA = 0x55;
+export const CHUNK_SIZE = 250;
+export const APP_KEY = "CSM";
+
+export const INS = {
+  GET_ADDR_SECP256K1: 0x04,
+  GET_VERSION: 0x00,
+  INS_PUBLIC_KEY_SECP256K1: 0x01, // Obsolete
+  SIGN_SECP256K1: 0x02,
+};
+
+export const PAYLOAD_TYPE = { ADD: 0x01, INIT: 0x00, LAST: 0x02 };
+
+export const P1_VALUES = { ONLY_RETRIEVE: 0x00, SHOW_ADDRESS_IN_DEVICE: 0x01 };
+
+export const P2_VALUES = { JSON: 0x0 };
+
+export const ERROR_CODE = { NoError: 0x9000 };
+
+const ERROR_DESCRIPTION: any = {
+  1: "U2F: Unknown",
+  2: "U2F: Bad request",
+  3: "U2F: Configuration unsupported",
+  4: "U2F: Device Ineligible",
+  5: "U2F: Timeout",
+  14: "Timeout",
+  25600: "Execution Error",
+  26368: "Wrong Length",
+  26626: "Error deriving keys",
+  27010: "Empty Buffer",
+  27011: "Output buffer too small",
+  27012: "Data is invalid",
+  27013: "Conditions not satisfied",
+  27014: "Transaction rejected",
+  27264: "Bad key handle",
+  27392: "Invalid P1/P2",
+  27904: "Instruction not supported",
+  28160: "App does not seem to be open",
+  28416: "Unknown error",
+  28417: "Sign/verify error",
+  36864: "No errors",
+  36865: "Device is busy",
+};
+
+export function errorCodeToString(statusCode: number) {
+  if (statusCode in ERROR_DESCRIPTION) return ERROR_DESCRIPTION[statusCode];
+  return `Unknown Status Code: ${statusCode}`;
+}
+
+function isDict(v: any) {
+  return typeof v === "object" && v !== null && !Array.isArray(v) && !(v instanceof Date);
+}
+
+export function processErrorResponse(response: any) {
+  if (response) {
+    if (isDict(response)) {
+      if (Object.hasOwn(response, "statusCode")) {
+        return { error_message: errorCodeToString(response.statusCode), return_code: response.statusCode };
+      }
+
+      if (Object.hasOwn(response, "return_code") && Object.hasOwn(response, "error_message")) {
+        return response;
+      }
+    }
+    return { error_message: response.toString(), return_code: 0xffff };
+  }
+
+  return { error_message: response.toString(), return_code: 0xffff };
+}
+
+export function getVersion(transport: any) {
+  return transport.send(CLA, INS.GET_VERSION, 0, 0).then((response: any) => {
+    const errorCodeData = response.slice(-2);
+    const returnCode = errorCodeData[0] * 256 + errorCodeData[1];
+
+    let targetId = 0;
+    if (response.length >= 9) {
+      targetId = (response[5] << 24) + (response[6] << 16) + (response[7] << 8) + (response[8] << 0);
+    }
+
+    return {
+      device_locked: response[4] === 1,
+      error_message: errorCodeToString(returnCode),
+      major: response[1],
+      minor: response[2],
+      patch: response[3],
+      return_code: returnCode,
+      target_id: targetId.toString(16),
+      // ///
+      test_mode: response[0] !== 0,
+    };
+  }, processErrorResponse);
+}

package/src/ledger/clients/thorchain/helpers.ts

@@ -0,0 +1,120 @@
+import { SwapKitError } from "@swapkit/helpers";
+import { CLA, ERROR_CODE, errorCodeToString, INS, P2_VALUES, PAYLOAD_TYPE, processErrorResponse } from "./common";
+
+export function serializePathv1(path: number[]) {
+  if (path == null || path.length < 3) {
+    throw new SwapKitError("wallet_ledger_invalid_params", { reason: "Path too short" });
+  }
+  if (path.length > 10) {
+    throw new SwapKitError("wallet_ledger_invalid_params", { reason: "Path too long" });
+  }
+  const buf = Buffer.alloc(1 + 4 * path.length);
+  buf.writeUInt8(path.length, 0);
+  for (let i = 0; i < path.length; i += 1) {
+    let v = path[i] || 0;
+    if (i < 3) {
+      // eslint-disable-next-line no-bitwise
+      v |= 0x80000000; // Harden
+    }
+    buf.writeInt32LE(v, 1 + i * 4);
+  }
+  return buf;
+}
+
+export function signSendChunkv1(app: any, chunkIdx: number, _chunkNum: number, chunk: Buffer, txType = P2_VALUES.JSON) {
+  return app.transport
+    .send(CLA, INS.SIGN_SECP256K1, chunkIdx, txType, chunk, [ERROR_CODE.NoError, 0x6984, 0x6a80])
+    .then((response: any) => {
+      const errorCodeData = response.slice(-2);
+      const returnCode = errorCodeData[0] * 256 + errorCodeData[1];
+      let errorMessage = errorCodeToString(returnCode);
+
+      if (returnCode === 0x6a80 || returnCode === 0x6984) {
+        errorMessage = `${errorMessage} : ${response.slice(0, response.length - 2).toString("ascii")}`;
+      }
+
+      let signature: any = null;
+      if (response.length > 2) {
+        signature = response.slice(0, response.length - 2);
+      }
+
+      return { error_message: errorMessage, return_code: returnCode, signature };
+    }, processErrorResponse);
+}
+
+function compressPublicKey(publicKey: Buffer) {
+  if (publicKey.length !== 65) {
+    throw new SwapKitError("wallet_ledger_invalid_params", {
+      reason: "decompressed public key length should be 65 bytes",
+    });
+  }
+  const y = publicKey.slice(33, 65);
+
+  // @ts-expect-error
+  const z = Buffer.from([2 + (y[y.length - 1] & 1)]);
+  return Buffer.concat([z, publicKey.slice(1, 33)]);
+}
+
+export function publicKeyv1(app: any, data: Buffer) {
+  return app.transport
+    .send(CLA, INS.INS_PUBLIC_KEY_SECP256K1, 0, 0, data, [ERROR_CODE.NoError])
+    .then((response: any) => {
+      const errorCodeData = response.slice(-2);
+      const returnCode = errorCodeData[0] * 256 + errorCodeData[1];
+      const pk = Buffer.from(response.slice(0, 65));
+
+      return {
+        compressed_pk: compressPublicKey(pk),
+        error_message: errorCodeToString(returnCode),
+        pk,
+        return_code: returnCode,
+      };
+    }, processErrorResponse);
+}
+
+export function serializePathv2(path: number[]) {
+  if (!path || path.length !== 5) {
+    throw new SwapKitError("wallet_ledger_invalid_params", { reason: "Path must be exactly 5 elements" });
+  }
+
+  const buf = Buffer.alloc(20);
+  // @ts-expect-error
+  buf.writeUInt32LE(0x80000000 + path[0], 0);
+  // @ts-expect-error
+  buf.writeUInt32LE(0x80000000 + path[1], 4);
+  // @ts-expect-error
+  buf.writeUInt32LE(0x80000000 + path[2], 8);
+  // @ts-expect-error
+  buf.writeUInt32LE(path[3], 12);
+  // @ts-expect-error
+  buf.writeUInt32LE(path[4], 16);
+
+  return buf;
+}
+
+export function signSendChunkv2(app: any, chunkIdx: number, chunkNum: number, chunk: Buffer, txType = P2_VALUES.JSON) {
+  let payloadType = PAYLOAD_TYPE.ADD;
+  if (chunkIdx === 1) {
+    payloadType = PAYLOAD_TYPE.INIT;
+  }
+  if (chunkIdx === chunkNum) {
+    payloadType = PAYLOAD_TYPE.LAST;
+  }
+
+  return signSendChunkv1(app, payloadType, 0, chunk, txType);
+}
+
+export function publicKeyv2(app: any, data: Buffer) {
+  return app.transport.send(CLA, INS.GET_ADDR_SECP256K1, 0, 0, data, [ERROR_CODE.NoError]).then((response: any) => {
+    const errorCodeData = response.slice(-2);
+    const returnCode = errorCodeData[0] * 256 + errorCodeData[1];
+    const compressedPk = Buffer.from(response.slice(0, 33));
+
+    return {
+      compressed_pk: compressedPk,
+      error_message: errorCodeToString(returnCode),
+      pk: "OBSOLETE PROPERTY",
+      return_code: returnCode,
+    };
+  }, processErrorResponse);
+}

package/src/ledger/clients/thorchain/index.ts

@@ -0,0 +1,87 @@
+import { base64 } from "@scure/base";
+import { type DerivationPathArray, NetworkDerivationPath, SwapKitError } from "@swapkit/helpers";
+
+import { CosmosLedgerInterface } from "../../interfaces/CosmosLedgerInterface";
+import type { GetAddressAndPubKeyResponse } from "../../types";
+import { getSignature } from "./utils";
+
+export class THORChainLedger extends CosmosLedgerInterface {
+  private pubKey: string | null = null;
+
+  derivationPath: DerivationPathArray;
+
+  constructor(derivationPath: DerivationPathArray = NetworkDerivationPath.THOR) {
+    super();
+    this.chain = "thor";
+    this.derivationPath = derivationPath;
+  }
+
+  get pubkey() {
+    return this.pubKey;
+  }
+
+  connect = async () => {
+    await this.checkOrCreateTransportAndLedger();
+    const { compressed_pk, bech32_address }: GetAddressAndPubKeyResponse = await this.getAddressAndPubKey();
+
+    this.pubKey = base64.encode(compressed_pk);
+
+    return bech32_address;
+  };
+
+  getAddressAndPubKey = async () => {
+    await this.checkOrCreateTransportAndLedger(true);
+
+    const response: GetAddressAndPubKeyResponse = await this.ledgerApp.getAddressAndPubKey(
+      this.derivationPath,
+      this.chain,
+    );
+
+    this.validateResponse(response.return_code, response.error_message);
+
+    return response;
+  };
+
+  showAddressAndPubKey = async () => {
+    await this.checkOrCreateTransportAndLedger(true);
+
+    const response: GetAddressAndPubKeyResponse = await this.ledgerApp.showAddressAndPubKey(
+      this.derivationPath,
+      this.chain,
+    );
+
+    this.validateResponse(response.return_code, response.error_message);
+
+    return response;
+  };
+
+  signTransaction = async (rawTx: string, sequence = "0") => {
+    await this.checkOrCreateTransportAndLedger(true);
+
+    const { return_code, error_message, signature } = await this.ledgerApp.sign(this.derivationPath, rawTx);
+
+    if (!this.pubKey) throw new SwapKitError("wallet_ledger_pubkey_not_found");
+
+    this.validateResponse(return_code, error_message);
+
+    return [
+      {
+        pub_key: { type: "tendermint/PubKeySecp256k1", value: this.pubKey },
+        sequence,
+        signature: getSignature(signature),
+      },
+    ];
+  };
+
+  sign = async (message: string) => {
+    await this.checkOrCreateTransportAndLedger(true);
+
+    const { return_code, error_message, signature } = await this.ledgerApp.sign(this.derivationPath, message);
+
+    if (!this.pubKey) throw new SwapKitError("wallet_ledger_pubkey_not_found");
+
+    this.validateResponse(return_code, error_message);
+
+    return getSignature(signature);
+  };
+}

package/src/ledger/clients/thorchain/lib.ts

@@ -0,0 +1,258 @@
+import type Transport from "@ledgerhq/hw-transport";
+import { SwapKitError } from "@swapkit/helpers";
+
+import {
+  CHUNK_SIZE,
+  CLA,
+  ERROR_CODE,
+  errorCodeToString,
+  getVersion,
+  INS,
+  P1_VALUES,
+  P2_VALUES,
+  processErrorResponse,
+} from "./common";
+import {
+  publicKeyv1,
+  publicKeyv2,
+  serializePathv1,
+  serializePathv2,
+  signSendChunkv1,
+  signSendChunkv2,
+} from "./helpers";
+
+export class THORChainApp {
+  transport: Transport;
+  versionResponse: any;
+
+  constructor(transport: any) {
+    if (!transport) {
+      throw new SwapKitError("wallet_ledger_transport_not_defined");
+    }
+
+    this.transport = transport;
+  }
+
+  static serializeHRP(hrp: string) {
+    if (hrp == null || hrp.length < 3 || hrp.length > 83) {
+      throw new SwapKitError("wallet_ledger_invalid_params", { reason: "Invalid HRP" });
+    }
+    const buf = Buffer.alloc(1 + hrp.length);
+    buf.writeUInt8(hrp.length, 0);
+    buf.write(hrp, 1);
+    return buf;
+  }
+
+  async serializePath(path: number[]) {
+    this.versionResponse = await getVersion(this.transport);
+
+    if (this.versionResponse.return_code !== ERROR_CODE.NoError) {
+      throw this.versionResponse;
+    }
+
+    switch (this.versionResponse.major) {
+      case 1:
+        return serializePathv1(path);
+      case 2:
+        return serializePathv2(path);
+      default:
+        return Buffer.alloc(0);
+    }
+  }
+
+  async signGetChunks(path: number[], buffer: Buffer) {
+    const serializedPath = await this.serializePath(path);
+
+    const chunks = [];
+    chunks.push(serializedPath);
+
+    for (let i = 0; i < buffer.length; i += CHUNK_SIZE) {
+      let end = i + CHUNK_SIZE;
+      if (i > buffer.length) {
+        end = buffer.length;
+      }
+      chunks.push(buffer.slice(i, end));
+    }
+
+    return chunks;
+  }
+
+  async getVersion() {
+    try {
+      this.versionResponse = await getVersion(this.transport);
+      return this.versionResponse;
+    } catch (e) {
+      return processErrorResponse(e);
+    }
+  }
+
+  appInfo() {
+    return this.transport.send(0xb0, 0x01, 0, 0).then((response: any) => {
+      const returnCode = response.readUInt16BE(response.length - 2);
+
+      let appName = "";
+      let appVersion = "";
+      let flagLen = 0;
+      let flagsValue = 0;
+
+      if (response[0] !== 1) {
+        // Ledger responds with format ID 1. There is no spec for any format != 1
+        return { error_message: "response format ID not recognized", return_code: 0x9001 };
+      }
+
+      const appNameLen = response[1];
+      appName = response.slice(2, 2 + appNameLen).toString("ascii");
+      let idx = 2 + appNameLen;
+      const appVersionLen = response[idx];
+      idx += 1;
+      appVersion = response.slice(idx, idx + appVersionLen).toString("ascii");
+      idx += appVersionLen;
+      const appFlagsLen = response[idx];
+      idx += 1;
+      flagLen = appFlagsLen;
+      flagsValue = response[idx];
+
+      return {
+        appName,
+        appVersion,
+        error_message: errorCodeToString(returnCode),
+        flag_onboarded: (flagsValue & 4) !== 0,
+        flag_pin_validated: (flagsValue & 128) !== 0,
+        flag_recovery: (flagsValue & 1) !== 0,
+        flag_signed_mcu_code: (flagsValue & 2) !== 0,
+        flagLen,
+        flagsValue,
+        return_code: returnCode,
+      };
+    }, processErrorResponse);
+  }
+
+  deviceInfo() {
+    return this.transport
+      .send(0xe0, 0x01, 0, 0, Buffer.from([]), [ERROR_CODE.NoError, 0x6e00])
+      .then((response: any) => {
+        const errorCodeData = response.slice(-2);
+        const returnCode = errorCodeData[0] * 256 + errorCodeData[1];
+
+        if (returnCode === 0x6e00) {
+          return { error_message: "This command is only available in the Dashboard", return_code: returnCode };
+        }
+
+        const targetId = response.slice(0, 4).toString("hex");
+
+        let pos = 4;
+        const secureElementVersionLen = response[pos];
+        pos += 1;
+        const seVersion = response.slice(pos, pos + secureElementVersionLen).toString();
+        pos += secureElementVersionLen;
+
+        const flagsLen = response[pos];
+        pos += 1;
+        const flag = response.slice(pos, pos + flagsLen).toString("hex");
+        pos += flagsLen;
+
+        const mcuVersionLen = response[pos];
+        pos += 1;
+        // Patch issue in mcu version
+        let tmp = response.slice(pos, pos + mcuVersionLen);
+        if (tmp[mcuVersionLen - 1] === 0) {
+          tmp = response.slice(pos, pos + mcuVersionLen - 1);
+        }
+        const mcuVersion = tmp.toString();
+
+        return {
+          error_message: errorCodeToString(returnCode),
+          flag,
+          mcuVersion,
+          return_code: returnCode,
+          seVersion,
+          // //
+          targetId,
+        };
+      }, processErrorResponse);
+  }
+
+  async publicKey(path: number[]) {
+    try {
+      const serializedPath = await this.serializePath(path);
+
+      switch (this.versionResponse.major) {
+        case 1:
+          return publicKeyv1(this, serializedPath);
+        case 2: {
+          const data = Buffer.concat([THORChainApp.serializeHRP("thor"), serializedPath]);
+          return publicKeyv2(this, data);
+        }
+        default:
+          return { error_message: "App Version is not supported", return_code: 0x6400 };
+      }
+    } catch (e) {
+      return processErrorResponse(e);
+    }
+  }
+
+  async getAddressAndPubKey(path: number[], hrp: string, showInDevice = false) {
+    try {
+      const serializedPath = await this.serializePath(path);
+      const data = Buffer.concat([THORChainApp.serializeHRP(hrp), serializedPath]);
+      const response = await this.transport.send(
+        CLA,
+        INS.GET_ADDR_SECP256K1,
+        showInDevice ? P1_VALUES.SHOW_ADDRESS_IN_DEVICE : P1_VALUES.ONLY_RETRIEVE,
+        0,
+        data,
+        [ERROR_CODE.NoError],
+      );
+
+      const compressedPk = Buffer.from(response.slice(0, 33));
+      const bech32Address = Buffer.from(response.slice(33, -2)).toString();
+      const returnCode = response.readUInt16BE(response.length - 2);
+
+      return {
+        bech32_address: bech32Address,
+        compressed_pk: compressedPk,
+        error_message: errorCodeToString(returnCode),
+        return_code: returnCode,
+      };
+    } catch (err) {
+      return processErrorResponse(err);
+    }
+  }
+
+  showAddressAndPubKey(path: number[], hrp: string) {
+    return this.getAddressAndPubKey(path, hrp, true);
+  }
+
+  signSendChunk(chunkIdx: number, chunkNum: number, chunk: Buffer, txType = P2_VALUES.JSON) {
+    switch (this.versionResponse.major) {
+      case 1:
+        return signSendChunkv1(this, chunkIdx, chunkNum, chunk, txType);
+      case 2:
+        return signSendChunkv2(this, chunkIdx, chunkNum, chunk, txType);
+      default:
+        return { error_message: "App Version is not supported", return_code: 0x6400 };
+    }
+  }
+
+  async sign(path: number[], message: string, txType = P2_VALUES.JSON) {
+    const buffer = Buffer.from(message);
+    let chunks: Buffer[] = [];
+    let response: any;
+    try {
+      chunks = await this.signGetChunks(path, buffer);
+      response = await this.signSendChunk(1, chunks.length, chunks[0] as Buffer, txType);
+    } catch (error) {
+      processErrorResponse(error);
+    }
+    let result = { error_message: response.error_message, return_code: response.return_code, signature: null };
+
+    for (let i = 1; i < chunks.length; i += 1) {
+      result = await this.signSendChunk(1 + i, chunks.length, chunks[i] as Buffer, txType);
+      if (result.return_code !== ERROR_CODE.NoError) {
+        break;
+      }
+    }
+
+    return { error_message: result.error_message, return_code: result.return_code, signature: result.signature };
+  }
+}