@swapkit/wallet-hardware 4.8.0 → 4.8.2

package/src/ledger/clients/thorchain/utils.ts

@@ -0,0 +1,69 @@
+import { base64 } from "@scure/base";
+import { SwapKitError } from "@swapkit/helpers";
+
+export const getSignature = (signatureArray: any) => {
+  // Check Type Length Value encoding
+  if (signatureArray.length < 64) {
+    throw new SwapKitError("wallet_ledger_invalid_signature", { reason: "Too short" });
+  }
+  if (signatureArray[0] !== 0x30) {
+    throw new SwapKitError("wallet_ledger_invalid_signature", { reason: "TLV encoding: expected first byte 0x30" });
+  }
+  if (signatureArray[1] + 2 !== signatureArray.length) {
+    throw new SwapKitError("wallet_ledger_invalid_signature", { reason: "signature length does not match TLV" });
+  }
+  if (signatureArray[2] !== 0x02) {
+    throw new SwapKitError("wallet_ledger_invalid_signature", { reason: "TLV encoding: expected length type 0x02" });
+  }
+
+  // r signature
+  const rLength = signatureArray[3];
+  let rSignature = signatureArray.slice(4, rLength + 4);
+
+  // Drop leading zero on some 'r' signatures that are 33 bytes.
+  if (rSignature.length === 33 && rSignature[0] === 0) {
+    rSignature = rSignature.slice(1, 33);
+  } else if (rSignature.length === 33) {
+    throw new SwapKitError("wallet_ledger_invalid_signature", { reason: "r too long" });
+  }
+
+  // add leading zero's to pad to 32 bytes
+  while (rSignature.length < 32) {
+    rSignature.unshift(0);
+  }
+
+  // s signature
+  if (signatureArray[rLength + 4] !== 0x02) {
+    throw new SwapKitError("wallet_ledger_invalid_signature", {
+      reason: "TLV encoding: expected length type 0x02 for s",
+    });
+  }
+
+  const sLength = signatureArray[rLength + 5];
+
+  if (4 + rLength + 2 + sLength !== signatureArray.length) {
+    throw new SwapKitError("wallet_ledger_invalid_signature", {
+      reason: "TLV byte lengths do not match message length",
+    });
+  }
+
+  let sSignature = signatureArray.slice(rLength + 6, signatureArray.length);
+
+  // Drop leading zero on 's' signatures that are 33 bytes. This shouldn't occur since ledger signs using "Small s" math. But just to be sure...
+  if (sSignature.length === 33 && sSignature[0] === 0) {
+    sSignature = sSignature.slice(1, 33);
+  } else if (sSignature.length === 33) {
+    throw new SwapKitError("wallet_ledger_invalid_signature", { reason: "s too long" });
+  }
+
+  // add leading zero's to pad to 32 bytes
+  while (sSignature.length < 32) {
+    sSignature.unshift(0);
+  }
+
+  if (rSignature.length !== 32 || sSignature.length !== 32) {
+    throw new SwapKitError("wallet_ledger_invalid_signature", { reason: "must be 32 bytes each" });
+  }
+
+  return base64.encode(Buffer.concat([rSignature, sSignature]));
+};

package/src/ledger/clients/tron.ts

@@ -0,0 +1,85 @@
+import type TronApp from "@ledgerhq/hw-app-trx";
+import {
+  type DerivationPathArray,
+  derivationPathToString,
+  NetworkDerivationPath,
+  SwapKitError,
+} from "@swapkit/helpers";
+import type { TronSignedTransaction, TronSigner, TronTransaction } from "@swapkit/toolboxes/tron";
+
+import { getLedgerTransport } from "../helpers/getLedgerTransport";
+
+export class TronLedgerInterface implements TronSigner {
+  derivationPath: string;
+  ledgerApp: InstanceType<typeof TronApp> | null = null;
+  ledgerTimeout = 50000;
+
+  constructor(derivationPath?: DerivationPathArray | string) {
+    this.derivationPath =
+      typeof derivationPath === "string"
+        ? derivationPath
+        : derivationPathToString(derivationPath || NetworkDerivationPath.TRON);
+  }
+
+  checkOrCreateTransportAndLedger = async () => {
+    if (this.ledgerApp) return;
+    await this.createTransportAndLedger();
+  };
+
+  createTransportAndLedger = async () => {
+    const transport = await getLedgerTransport();
+    const TronApp = (await import("@ledgerhq/hw-app-trx")).default;
+
+    this.ledgerApp = new TronApp(transport);
+  };
+
+  getAddress = async (): Promise<string> => {
+    const response = await this.getAddressAndPubKey();
+    if (!response) throw new SwapKitError("wallet_ledger_failed_to_get_address");
+    return response.address;
+  };
+
+  getAddressAndPubKey = async () => {
+    await this.createTransportAndLedger();
+    const result = await this.ledgerApp?.getAddress(this.derivationPath);
+
+    if (!result) throw new SwapKitError("wallet_ledger_failed_to_get_address");
+
+    return { address: result.address, publicKey: result.publicKey };
+  };
+
+  showAddressAndPubKey = async () => {
+    await this.createTransportAndLedger();
+    return this.ledgerApp?.getAddress(this.derivationPath, true);
+  };
+
+  signTransaction = async (transaction: TronTransaction): Promise<TronSignedTransaction> => {
+    await this.createTransportAndLedger();
+
+    if (!this.ledgerApp) {
+      throw new SwapKitError("wallet_ledger_transport_error");
+    }
+
+    // Tron transactions need to be serialized before signing
+    const serializedTx = JSON.stringify(transaction);
+
+    try {
+      const signature = await this.ledgerApp.signTransaction(
+        this.derivationPath,
+        serializedTx,
+        [], // Token signatures array - empty for native TRX transfers
+      );
+
+      if (!signature) {
+        throw new SwapKitError("wallet_ledger_signing_error");
+      }
+
+      // Return the signed transaction in Tron's expected format
+      return { ...transaction, signature: [signature] };
+    } catch (error) {
+      throw new SwapKitError("wallet_ledger_signing_error", { error });
+    }
+  };
+}
+
+export const TronLedger = (derivationPath?: DerivationPathArray) => new TronLedgerInterface(derivationPath);

package/src/ledger/clients/utxo-legacy-adapter.ts

@@ -0,0 +1,71 @@
+import { hex } from "@scure/base";
+import type { UTXOChain } from "@swapkit/helpers";
+import type { UTXOType } from "@swapkit/toolboxes/utxo";
+import type { Transaction } from "@swapkit/utxo-signer";
+
+/**
+ * Extract per-input metadata from a V3 PSBT in the shape the legacy
+ * `@ledgerhq/hw-app-btc.createPaymentTransaction` adapter expects.
+ *
+ * For segwit inputs the SwapKit V3 API populates `witnessUtxo`; for legacy
+ * (BCH/DOGE/DASH) it populates `nonWitnessUtxo` with the full prior-tx bytes.
+ * We re-encode the parsed `nonWitnessUtxo` back to hex via `RawTx.encode` so
+ * `btcApp.splitTransaction(hex)` can consume it.
+ *
+ * Single-address account assumption: all inputs share our derivation path.
+ */
+export async function extractInputsFromPsbt(tx: Transaction): Promise<UTXOType[]> {
+  const { RawTx } = await import("@swapkit/utxo-signer");
+  const inputs: UTXOType[] = [];
+
+  for (let i = 0; i < tx.inputsLength; i++) {
+    const input = tx.getInput(i);
+
+    if (!input.txid || input.index === undefined) {
+      throw new Error(`PSBT input ${i} is missing txid/index`);
+    }
+
+    const txHex = input.nonWitnessUtxo ? hex.encode(RawTx.encode(input.nonWitnessUtxo)) : "";
+    const witnessUtxo = input.witnessUtxo
+      ? { script: input.witnessUtxo.script, value: Number(input.witnessUtxo.amount) }
+      : undefined;
+
+    inputs.push({
+      hash: hex.encode(input.txid),
+      index: input.index,
+      txHex,
+      value: witnessUtxo?.value ?? 0,
+      witnessUtxo,
+    } as UTXOType);
+  }
+
+  return inputs;
+}
+
+/**
+ * Build a toolbox-compatible signer from the existing legacy Ledger UTXO
+ * client. The toolbox synthesizes `signAndBroadcastTransaction` on top of
+ * `signer.signTransaction(tx) → Transaction`.
+ */
+export function createLegacyPsbtSigner({
+  legacyClient,
+  chain: _chain,
+  address,
+}: {
+  legacyClient: { signTransaction: (tx: Transaction, inputUtxos: UTXOType[]) => Promise<string> };
+  chain: UTXOChain;
+  address: string;
+}) {
+  return {
+    getAddress: async () => address,
+    signTransaction: async (tx: Transaction): Promise<Transaction> => {
+      const inputUtxos = await extractInputsFromPsbt(tx);
+      const signedTxHex = await legacyClient.signTransaction(tx, inputUtxos);
+
+      const { Transaction: TxClass } = await import("@swapkit/utxo-signer");
+      // `Transaction.fromRaw` parses a serialised tx (no PSBT envelope) — exactly
+      // what `createPaymentTransaction` returns.
+      return TxClass.fromRaw(hex.decode(signedTxHex));
+    },
+  };
+}

package/src/ledger/clients/utxo-psbt.ts

@@ -0,0 +1,145 @@
+import { base64 } from "@scure/base";
+import { HDKey } from "@scure/bip32";
+import { type DerivationPathArray, derivationPathToString, getWalletFormatFor, SwapKitError } from "@swapkit/helpers";
+import type { Transaction } from "@swapkit/utxo-signer";
+
+import { getLedgerTransport } from "../helpers/getLedgerTransport";
+
+type SupportedCoin = "bitcoin" | "litecoin";
+
+type DefaultDescriptorTemplate = "wpkh(@0/**)" | "tr(@0/**)" | "sh(wpkh(@0/**))" | "pkh(@0/**)";
+
+function templateForFormat(format: ReturnType<typeof getWalletFormatFor>): DefaultDescriptorTemplate {
+  switch (format) {
+    case "bech32":
+      return "wpkh(@0/**)";
+    case "p2sh":
+      return "sh(wpkh(@0/**))";
+    case "legacy":
+      return "pkh(@0/**)";
+    default:
+      return "wpkh(@0/**)";
+  }
+}
+
+function pathToString(path: DerivationPathArray | string): string {
+  return typeof path === "string" ? path : derivationPathToString(path);
+}
+
+function pathToNumberArray(path: string): number[] {
+  return path
+    .replace(/^m\//, "")
+    .split("/")
+    .filter(Boolean)
+    .map((p) => {
+      const hardened = p.endsWith("'");
+      const num = Number.parseInt(hardened ? p.slice(0, -1) : p, 10);
+      return hardened ? (num | 0x80000000) >>> 0 : num;
+    });
+}
+
+const BaseLedgerPsbtUTXO = ({ chain }: { chain: SupportedCoin }) => {
+  let appClient: import("ledger-bitcoin").AppClient | undefined;
+  let masterFingerprint: string | undefined;
+
+  async function getAppClient() {
+    if (!appClient) {
+      const transport = await getLedgerTransport();
+      const { AppClient } = await import("ledger-bitcoin");
+      appClient = new AppClient(transport);
+    }
+    return appClient;
+  }
+
+  async function getFingerprint() {
+    if (!masterFingerprint) {
+      const app = await getAppClient();
+      masterFingerprint = await app.getMasterFingerprint();
+    }
+    return masterFingerprint;
+  }
+
+  return (derivationPathArray?: DerivationPathArray | string) => {
+    // Single-address account: change == index == 0 by default.
+    const derivationPath = derivationPathArray ? pathToString(derivationPathArray) : "84'/0'/0'/0/0";
+    const accountPath = derivationPath.split("/").slice(0, 3).join("/");
+    const leafSegments = derivationPath.split("/").slice(3);
+    const change = Number(leafSegments[0] ?? 0);
+    const addressIndex = Number(leafSegments[1] ?? 0);
+    const format = getWalletFormatFor(derivationPath);
+    const template = templateForFormat(format);
+
+    let cachedAccountXpub: string | undefined;
+    let cachedLeafPubkey: Uint8Array | undefined;
+
+    async function buildPolicy() {
+      const app = await getAppClient();
+      const fpr = await getFingerprint();
+      if (!cachedAccountXpub) {
+        cachedAccountXpub = await app.getExtendedPubkey(`m/${accountPath}`);
+      }
+      const { DefaultWalletPolicy } = await import("ledger-bitcoin");
+      const policy = new DefaultWalletPolicy(template, `[${fpr}/${accountPath}]${cachedAccountXpub}`);
+      return { app, fpr, policy, xpub: cachedAccountXpub };
+    }
+
+    async function getLeafPubkey() {
+      if (!cachedLeafPubkey) {
+        const { xpub } = await buildPolicy();
+        const accountKey = HDKey.fromExtendedKey(xpub);
+        const leaf = accountKey.derive(`m/${change}/${addressIndex}`);
+        if (!leaf.publicKey) {
+          throw new SwapKitError("wallet_ledger_get_address_error", {
+            message: `Cannot derive leaf pubkey for ${chain}`,
+          });
+        }
+        cachedLeafPubkey = leaf.publicKey;
+      }
+      return cachedLeafPubkey;
+    }
+
+    return {
+      connect: async () => {
+        await getAppClient();
+      },
+      getAddress: async () => {
+        const { app, policy } = await buildPolicy();
+        const address = await app.getWalletAddress(policy, null, change, addressIndex, false);
+        if (!address) {
+          throw new SwapKitError("wallet_ledger_get_address_error", {
+            message: `Cannot get ${chain} address from ledger derivation path: ${derivationPath}`,
+          });
+        }
+        return address;
+      },
+      getExtendedPublicKey: async (path = `m/${accountPath}`) => {
+        const app = await getAppClient();
+        return app.getExtendedPubkey(path);
+      },
+      signTransaction: async (tx: Transaction): Promise<Transaction> => {
+        const { app, policy, fpr } = await buildPolicy();
+        const fingerprintBE = Number.parseInt(fpr, 16) >>> 0;
+        const pathNumbers = pathToNumberArray(derivationPath);
+        const leafPubkey = await getLeafPubkey();
+
+        // Single-address account: every input is owned by the same key + path.
+        for (let i = 0; i < tx.inputsLength; i++) {
+          tx.updateInput(i, { bip32Derivation: [[leafPubkey, { fingerprint: fingerprintBE, path: pathNumbers }]] });
+        }
+
+        const psbtB64 = base64.encode(tx.toPSBT(0));
+        const sigs = await app.signPsbt(psbtB64, policy, null);
+
+        for (const [idx, partial] of sigs) {
+          tx.updateInput(idx, { partialSig: [[new Uint8Array(partial.pubkey), new Uint8Array(partial.signature)]] });
+        }
+
+        tx.finalize();
+        return tx;
+      },
+    };
+  };
+};
+
+export const BitcoinPsbtLedger = BaseLedgerPsbtUTXO({ chain: "bitcoin" });
+export const LitecoinPsbtLedger = BaseLedgerPsbtUTXO({ chain: "litecoin" });