@tcswap/wallet-hardware 4.2.16

package/src/ledger/clients/thorchain/common.ts

@@ -0,0 +1,93 @@
+export const CLA = 0x55;
+export const CHUNK_SIZE = 250;
+export const APP_KEY = "CSM";
+
+export const INS = {
+  GET_ADDR_SECP256K1: 0x04,
+  GET_VERSION: 0x00,
+  INS_PUBLIC_KEY_SECP256K1: 0x01, // Obsolete
+  SIGN_SECP256K1: 0x02,
+};
+
+export const PAYLOAD_TYPE = { ADD: 0x01, INIT: 0x00, LAST: 0x02 };
+
+export const P1_VALUES = { ONLY_RETRIEVE: 0x00, SHOW_ADDRESS_IN_DEVICE: 0x01 };
+
+export const P2_VALUES = { JSON: 0x0 };
+
+export const ERROR_CODE = { NoError: 0x9000 };
+
+const ERROR_DESCRIPTION: any = {
+  1: "U2F: Unknown",
+  2: "U2F: Bad request",
+  3: "U2F: Configuration unsupported",
+  4: "U2F: Device Ineligible",
+  5: "U2F: Timeout",
+  14: "Timeout",
+  25600: "Execution Error",
+  26368: "Wrong Length",
+  26626: "Error deriving keys",
+  27010: "Empty Buffer",
+  27011: "Output buffer too small",
+  27012: "Data is invalid",
+  27013: "Conditions not satisfied",
+  27014: "Transaction rejected",
+  27264: "Bad key handle",
+  27392: "Invalid P1/P2",
+  27904: "Instruction not supported",
+  28160: "App does not seem to be open",
+  28416: "Unknown error",
+  28417: "Sign/verify error",
+  36864: "No errors",
+  36865: "Device is busy",
+};
+
+export function errorCodeToString(statusCode: number) {
+  if (statusCode in ERROR_DESCRIPTION) return ERROR_DESCRIPTION[statusCode];
+  return `Unknown Status Code: ${statusCode}`;
+}
+
+function isDict(v: any) {
+  return typeof v === "object" && v !== null && !Array.isArray(v) && !(v instanceof Date);
+}
+
+export function processErrorResponse(response: any) {
+  if (response) {
+    if (isDict(response)) {
+      if (Object.hasOwn(response, "statusCode")) {
+        return { error_message: errorCodeToString(response.statusCode), return_code: response.statusCode };
+      }
+
+      if (Object.hasOwn(response, "return_code") && Object.hasOwn(response, "error_message")) {
+        return response;
+      }
+    }
+    return { error_message: response.toString(), return_code: 0xffff };
+  }
+
+  return { error_message: response.toString(), return_code: 0xffff };
+}
+
+export function getVersion(transport: any) {
+  return transport.send(CLA, INS.GET_VERSION, 0, 0).then((response: any) => {
+    const errorCodeData = response.slice(-2);
+    const returnCode = errorCodeData[0] * 256 + errorCodeData[1];
+
+    let targetId = 0;
+    if (response.length >= 9) {
+      targetId = (response[5] << 24) + (response[6] << 16) + (response[7] << 8) + (response[8] << 0);
+    }
+
+    return {
+      device_locked: response[4] === 1,
+      error_message: errorCodeToString(returnCode),
+      major: response[1],
+      minor: response[2],
+      patch: response[3],
+      return_code: returnCode,
+      target_id: targetId.toString(16),
+      // ///
+      test_mode: response[0] !== 0,
+    };
+  }, processErrorResponse);
+}

package/src/ledger/clients/thorchain/helpers.ts

@@ -0,0 +1,124 @@
+/**
+ * Modifications © 2025 Horizontal Systems.
+ */
+
+import { USwapError } from "@tcswap/helpers";
+import { CLA, ERROR_CODE, errorCodeToString, INS, P2_VALUES, PAYLOAD_TYPE, processErrorResponse } from "./common";
+
+export function serializePathv1(path: number[]) {
+  if (path == null || path.length < 3) {
+    throw new USwapError("wallet_ledger_invalid_params", { reason: "Path too short" });
+  }
+  if (path.length > 10) {
+    throw new USwapError("wallet_ledger_invalid_params", { reason: "Path too long" });
+  }
+  const buf = Buffer.alloc(1 + 4 * path.length);
+  buf.writeUInt8(path.length, 0);
+  for (let i = 0; i < path.length; i += 1) {
+    let v = path[i] || 0;
+    if (i < 3) {
+      // eslint-disable-next-line no-bitwise
+      v |= 0x80000000; // Harden
+    }
+    buf.writeInt32LE(v, 1 + i * 4);
+  }
+  return buf;
+}
+
+export function signSendChunkv1(app: any, chunkIdx: number, _chunkNum: number, chunk: Buffer, txType = P2_VALUES.JSON) {
+  return app.transport
+    .send(CLA, INS.SIGN_SECP256K1, chunkIdx, txType, chunk, [ERROR_CODE.NoError, 0x6984, 0x6a80])
+    .then((response: any) => {
+      const errorCodeData = response.slice(-2);
+      const returnCode = errorCodeData[0] * 256 + errorCodeData[1];
+      let errorMessage = errorCodeToString(returnCode);
+
+      if (returnCode === 0x6a80 || returnCode === 0x6984) {
+        errorMessage = `${errorMessage} : ${response.slice(0, response.length - 2).toString("ascii")}`;
+      }
+
+      let signature: any = null;
+      if (response.length > 2) {
+        signature = response.slice(0, response.length - 2);
+      }
+
+      return { error_message: errorMessage, return_code: returnCode, signature };
+    }, processErrorResponse);
+}
+
+function compressPublicKey(publicKey: Buffer) {
+  if (publicKey.length !== 65) {
+    throw new USwapError("wallet_ledger_invalid_params", {
+      reason: "decompressed public key length should be 65 bytes",
+    });
+  }
+  const y = publicKey.slice(33, 65);
+
+  // @ts-expect-error
+  const z = Buffer.from([2 + (y[y.length - 1] & 1)]);
+  return Buffer.concat([z, publicKey.slice(1, 33)]);
+}
+
+export function publicKeyv1(app: any, data: Buffer) {
+  return app.transport
+    .send(CLA, INS.INS_PUBLIC_KEY_SECP256K1, 0, 0, data, [ERROR_CODE.NoError])
+    .then((response: any) => {
+      const errorCodeData = response.slice(-2);
+      const returnCode = errorCodeData[0] * 256 + errorCodeData[1];
+      const pk = Buffer.from(response.slice(0, 65));
+
+      return {
+        compressed_pk: compressPublicKey(pk),
+        error_message: errorCodeToString(returnCode),
+        pk,
+        return_code: returnCode,
+      };
+    }, processErrorResponse);
+}
+
+export function serializePathv2(path: number[]) {
+  if (!path || path.length !== 5) {
+    throw new USwapError("wallet_ledger_invalid_params", { reason: "Path must be exactly 5 elements" });
+  }
+
+  const buf = Buffer.alloc(20);
+  // @ts-expect-error
+  buf.writeUInt32LE(0x80000000 + path[0], 0);
+  // @ts-expect-error
+  buf.writeUInt32LE(0x80000000 + path[1], 4);
+  // @ts-expect-error
+  buf.writeUInt32LE(0x80000000 + path[2], 8);
+  // @ts-expect-error
+  buf.writeUInt32LE(path[3], 12);
+  // @ts-expect-error
+  buf.writeUInt32LE(path[4], 16);
+
+  return buf;
+}
+
+export function signSendChunkv2(app: any, chunkIdx: number, chunkNum: number, chunk: Buffer, txType = P2_VALUES.JSON) {
+  let payloadType = PAYLOAD_TYPE.ADD;
+  if (chunkIdx === 1) {
+    payloadType = PAYLOAD_TYPE.INIT;
+  }
+  if (chunkIdx === chunkNum) {
+    payloadType = PAYLOAD_TYPE.LAST;
+  }
+
+  return signSendChunkv1(app, payloadType, 0, chunk, txType);
+}
+
+export function publicKeyv2(app: any, data: Buffer) {
+  return app.transport.send(CLA, INS.GET_ADDR_SECP256K1, 0, 0, data, [ERROR_CODE.NoError]).then((response: any) => {
+    const errorCodeData = response.slice(-2);
+    const returnCode = errorCodeData[0] * 256 + errorCodeData[1];
+    const compressedPk = Buffer.from(response.slice(0, 33));
+
+    return {
+      compressed_pk: compressedPk,
+      error_message: errorCodeToString(returnCode),
+      pk: "OBSOLETE PROPERTY",
+      return_code: returnCode,
+    };
+  }, processErrorResponse);
+}

package/src/ledger/clients/thorchain/index.ts

@@ -0,0 +1,91 @@
+/**
+ * Modifications © 2025 Horizontal Systems.
+ */
+
+import { base64 } from "@scure/base";
+import { type DerivationPathArray, NetworkDerivationPath, USwapError } from "@tcswap/helpers";
+
+import { CosmosLedgerInterface } from "../../interfaces/CosmosLedgerInterface";
+import type { GetAddressAndPubKeyResponse } from "../../types";
+import { getSignature } from "./utils";
+
+export class THORChainLedger extends CosmosLedgerInterface {
+  private pubKey: string | null = null;
+
+  derivationPath: DerivationPathArray;
+
+  constructor(derivationPath: DerivationPathArray = NetworkDerivationPath.THOR) {
+    super();
+    this.chain = "thor";
+    this.derivationPath = derivationPath;
+  }
+
+  get pubkey() {
+    return this.pubKey;
+  }
+
+  connect = async () => {
+    await this.checkOrCreateTransportAndLedger();
+    const { compressed_pk, bech32_address }: GetAddressAndPubKeyResponse = await this.getAddressAndPubKey();
+
+    this.pubKey = base64.encode(compressed_pk);
+
+    return bech32_address;
+  };
+
+  getAddressAndPubKey = async () => {
+    await this.checkOrCreateTransportAndLedger(true);
+
+    const response: GetAddressAndPubKeyResponse = await this.ledgerApp.getAddressAndPubKey(
+      this.derivationPath,
+      this.chain,
+    );
+
+    this.validateResponse(response.return_code, response.error_message);
+
+    return response;
+  };
+
+  showAddressAndPubKey = async () => {
+    await this.checkOrCreateTransportAndLedger(true);
+
+    const response: GetAddressAndPubKeyResponse = await this.ledgerApp.showAddressAndPubKey(
+      this.derivationPath,
+      this.chain,
+    );
+
+    this.validateResponse(response.return_code, response.error_message);
+
+    return response;
+  };
+
+  signTransaction = async (rawTx: string, sequence = "0") => {
+    await this.checkOrCreateTransportAndLedger(true);
+
+    const { return_code, error_message, signature } = await this.ledgerApp.sign(this.derivationPath, rawTx);
+
+    if (!this.pubKey) throw new USwapError("wallet_ledger_pubkey_not_found");
+
+    this.validateResponse(return_code, error_message);
+
+    return [
+      {
+        pub_key: { type: "tendermint/PubKeySecp256k1", value: this.pubKey },
+        sequence,
+        signature: getSignature(signature),
+      },
+    ];
+  };
+
+  sign = async (message: string) => {
+    await this.checkOrCreateTransportAndLedger(true);
+
+    const { return_code, error_message, signature } = await this.ledgerApp.sign(this.derivationPath, message);
+
+    if (!this.pubKey) throw new USwapError("wallet_ledger_pubkey_not_found");
+
+    this.validateResponse(return_code, error_message);
+
+    return getSignature(signature);
+  };
+}

package/src/ledger/clients/thorchain/lib.ts

@@ -0,0 +1,282 @@
+/**
+ * Modifications © 2025 Horizontal Systems.
+ */
+
+import type Transport from "@ledgerhq/hw-transport";
+import { USwapError } from "@tcswap/helpers";
+/** ******************************************************************************
+ *  (c) 2019 ZondaX GmbH
+ *  (c) 2016-2017 Ledger
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ ******************************************************************************* */
+
+import {
+  CHUNK_SIZE,
+  CLA,
+  ERROR_CODE,
+  errorCodeToString,
+  getVersion,
+  INS,
+  P1_VALUES,
+  P2_VALUES,
+  processErrorResponse,
+} from "./common";
+import {
+  publicKeyv1,
+  publicKeyv2,
+  serializePathv1,
+  serializePathv2,
+  signSendChunkv1,
+  signSendChunkv2,
+} from "./helpers";
+
+export class THORChainApp {
+  transport: Transport;
+  versionResponse: any;
+
+  constructor(transport: any) {
+    if (!transport) {
+      throw new USwapError("wallet_ledger_transport_not_defined");
+    }
+
+    this.transport = transport;
+  }
+
+  static serializeHRP(hrp: string) {
+    if (hrp == null || hrp.length < 3 || hrp.length > 83) {
+      throw new USwapError("wallet_ledger_invalid_params", { reason: "Invalid HRP" });
+    }
+    const buf = Buffer.alloc(1 + hrp.length);
+    buf.writeUInt8(hrp.length, 0);
+    buf.write(hrp, 1);
+    return buf;
+  }
+
+  async serializePath(path: number[]) {
+    this.versionResponse = await getVersion(this.transport);
+
+    if (this.versionResponse.return_code !== ERROR_CODE.NoError) {
+      throw this.versionResponse;
+    }
+
+    switch (this.versionResponse.major) {
+      case 1:
+        return serializePathv1(path);
+      case 2:
+        return serializePathv2(path);
+      default:
+        return Buffer.alloc(0);
+    }
+  }
+
+  async signGetChunks(path: number[], buffer: Buffer) {
+    const serializedPath = await this.serializePath(path);
+
+    const chunks = [];
+    chunks.push(serializedPath);
+
+    for (let i = 0; i < buffer.length; i += CHUNK_SIZE) {
+      let end = i + CHUNK_SIZE;
+      if (i > buffer.length) {
+        end = buffer.length;
+      }
+      chunks.push(buffer.slice(i, end));
+    }
+
+    return chunks;
+  }
+
+  async getVersion() {
+    try {
+      this.versionResponse = await getVersion(this.transport);
+      return this.versionResponse;
+    } catch (e) {
+      return processErrorResponse(e);
+    }
+  }
+
+  appInfo() {
+    return this.transport.send(0xb0, 0x01, 0, 0).then((response: any) => {
+      const errorCodeData = response.slice(-2);
+      const returnCode = errorCodeData[0] * 256 + errorCodeData[1];
+
+      let appName = "";
+      let appVersion = "";
+      let flagLen = 0;
+      let flagsValue = 0;
+
+      if (response[0] !== 1) {
+        // Ledger responds with format ID 1. There is no spec for any format != 1
+        return { error_message: "response format ID not recognized", return_code: 0x9001 };
+      }
+
+      const appNameLen = response[1];
+      appName = response.slice(2, 2 + appNameLen).toString("ascii");
+      let idx = 2 + appNameLen;
+      const appVersionLen = response[idx];
+      idx += 1;
+      appVersion = response.slice(idx, idx + appVersionLen).toString("ascii");
+      idx += appVersionLen;
+      const appFlagsLen = response[idx];
+      idx += 1;
+      flagLen = appFlagsLen;
+      flagsValue = response[idx];
+
+      return {
+        appName,
+        appVersion,
+        error_message: errorCodeToString(returnCode),
+        flag_onboarded: (flagsValue & 4) !== 0,
+        flag_pin_validated: (flagsValue & 128) !== 0,
+        flag_recovery: (flagsValue & 1) !== 0,
+        flag_signed_mcu_code: (flagsValue & 2) !== 0,
+        flagLen,
+        flagsValue,
+        return_code: returnCode,
+      };
+    }, processErrorResponse);
+  }
+
+  deviceInfo() {
+    return this.transport
+      .send(0xe0, 0x01, 0, 0, Buffer.from([]), [ERROR_CODE.NoError, 0x6e00])
+      .then((response: any) => {
+        const errorCodeData = response.slice(-2);
+        const returnCode = errorCodeData[0] * 256 + errorCodeData[1];
+
+        if (returnCode === 0x6e00) {
+          return { error_message: "This command is only available in the Dashboard", return_code: returnCode };
+        }
+
+        const targetId = response.slice(0, 4).toString("hex");
+
+        let pos = 4;
+        const secureElementVersionLen = response[pos];
+        pos += 1;
+        const seVersion = response.slice(pos, pos + secureElementVersionLen).toString();
+        pos += secureElementVersionLen;
+
+        const flagsLen = response[pos];
+        pos += 1;
+        const flag = response.slice(pos, pos + flagsLen).toString("hex");
+        pos += flagsLen;
+
+        const mcuVersionLen = response[pos];
+        pos += 1;
+        // Patch issue in mcu version
+        let tmp = response.slice(pos, pos + mcuVersionLen);
+        if (tmp[mcuVersionLen - 1] === 0) {
+          tmp = response.slice(pos, pos + mcuVersionLen - 1);
+        }
+        const mcuVersion = tmp.toString();
+
+        return {
+          error_message: errorCodeToString(returnCode),
+          flag,
+          mcuVersion,
+          return_code: returnCode,
+          seVersion,
+          // //
+          targetId,
+        };
+      }, processErrorResponse);
+  }
+
+  async publicKey(path: number[]) {
+    try {
+      const serializedPath = await this.serializePath(path);
+
+      switch (this.versionResponse.major) {
+        case 1:
+          return publicKeyv1(this, serializedPath);
+        case 2: {
+          const data = Buffer.concat([THORChainApp.serializeHRP("thor"), serializedPath]);
+          return publicKeyv2(this, data);
+        }
+        default:
+          return { error_message: "App Version is not supported", return_code: 0x6400 };
+      }
+    } catch (e) {
+      return processErrorResponse(e);
+    }
+  }
+
+  getAddressAndPubKey(path: number[], hrp: string, showInDevice = false) {
+    return this.serializePath(path)
+      .then((serializedPath: Buffer) => {
+        const data = Buffer.concat([THORChainApp.serializeHRP(hrp), serializedPath]);
+        return this.transport
+          .send(
+            CLA,
+            INS.GET_ADDR_SECP256K1,
+            showInDevice ? P1_VALUES.SHOW_ADDRESS_IN_DEVICE : P1_VALUES.ONLY_RETRIEVE,
+            0,
+            data,
+            [ERROR_CODE.NoError],
+          )
+          .then((response: any) => {
+            const errorCodeData = response.slice(-2);
+            const returnCode = errorCodeData[0] * 256 + errorCodeData[1];
+
+            const compressedPk = Buffer.from(response.slice(0, 33));
+            const bech32Address = Buffer.from(response.slice(33, -2)).toString();
+
+            return {
+              bech32_address: bech32Address,
+              compressed_pk: compressedPk,
+              error_message: errorCodeToString(returnCode),
+              return_code: returnCode,
+            };
+          }, processErrorResponse);
+      })
+      .catch((err) => processErrorResponse(err));
+  }
+
+  showAddressAndPubKey(path: number[], hrp: string) {
+    return this.getAddressAndPubKey(path, hrp, true);
+  }
+
+  signSendChunk(chunkIdx: number, chunkNum: number, chunk: Buffer, txType = P2_VALUES.JSON) {
+    switch (this.versionResponse.major) {
+      case 1:
+        return signSendChunkv1(this, chunkIdx, chunkNum, chunk, txType);
+      case 2:
+        return signSendChunkv2(this, chunkIdx, chunkNum, chunk, txType);
+      default:
+        return { error_message: "App Version is not supported", return_code: 0x6400 };
+    }
+  }
+
+  async sign(path: number[], message: string, txType = P2_VALUES.JSON) {
+    const buffer = Buffer.from(message);
+    let chunks: Buffer[] = [];
+    let response: any;
+    try {
+      chunks = await this.signGetChunks(path, buffer);
+      response = await this.signSendChunk(1, chunks.length, chunks[0] as Buffer, txType);
+    } catch (error) {
+      processErrorResponse(error);
+    }
+    let result = { error_message: response.error_message, return_code: response.return_code, signature: null };
+
+    for (let i = 1; i < chunks.length; i += 1) {
+      result = await this.signSendChunk(1 + i, chunks.length, chunks[i] as Buffer, txType);
+      if (result.return_code !== ERROR_CODE.NoError) {
+        break;
+      }
+    }
+
+    return { error_message: result.error_message, return_code: result.return_code, signature: result.signature };
+  }
+}

package/src/ledger/clients/thorchain/utils.ts

@@ -0,0 +1,71 @@
+/**
+ * Modifications © 2025 Horizontal Systems.
+ */
+
+import { base64 } from "@scure/base";
+import { USwapError } from "@tcswap/helpers";
+
+export const getSignature = (signatureArray: any) => {
+  // Check Type Length Value encoding
+  if (signatureArray.length < 64) {
+    throw new USwapError("wallet_ledger_invalid_signature", { reason: "Too short" });
+  }
+  if (signatureArray[0] !== 0x30) {
+    throw new USwapError("wallet_ledger_invalid_signature", { reason: "TLV encoding: expected first byte 0x30" });
+  }
+  if (signatureArray[1] + 2 !== signatureArray.length) {
+    throw new USwapError("wallet_ledger_invalid_signature", { reason: "signature length does not match TLV" });
+  }
+  if (signatureArray[2] !== 0x02) {
+    throw new USwapError("wallet_ledger_invalid_signature", { reason: "TLV encoding: expected length type 0x02" });
+  }
+
+  // r signature
+  const rLength = signatureArray[3];
+  let rSignature = signatureArray.slice(4, rLength + 4);
+
+  // Drop leading zero on some 'r' signatures that are 33 bytes.
+  if (rSignature.length === 33 && rSignature[0] === 0) {
+    rSignature = rSignature.slice(1, 33);
+  } else if (rSignature.length === 33) {
+    throw new USwapError("wallet_ledger_invalid_signature", { reason: "r too long" });
+  }
+
+  // add leading zero's to pad to 32 bytes
+  while (rSignature.length < 32) {
+    rSignature.unshift(0);
+  }
+
+  // s signature
+  if (signatureArray[rLength + 4] !== 0x02) {
+    throw new USwapError("wallet_ledger_invalid_signature", {
+      reason: "TLV encoding: expected length type 0x02 for s",
+    });
+  }
+
+  const sLength = signatureArray[rLength + 5];
+
+  if (4 + rLength + 2 + sLength !== signatureArray.length) {
+    throw new USwapError("wallet_ledger_invalid_signature", { reason: "TLV byte lengths do not match message length" });
+  }
+
+  let sSignature = signatureArray.slice(rLength + 6, signatureArray.length);
+
+  // Drop leading zero on 's' signatures that are 33 bytes. This shouldn't occur since ledger signs using "Small s" math. But just to be sure...
+  if (sSignature.length === 33 && sSignature[0] === 0) {
+    sSignature = sSignature.slice(1, 33);
+  } else if (sSignature.length === 33) {
+    throw new USwapError("wallet_ledger_invalid_signature", { reason: "s too long" });
+  }
+
+  // add leading zero's to pad to 32 bytes
+  while (sSignature.length < 32) {
+    sSignature.unshift(0);
+  }
+
+  if (rSignature.length !== 32 || sSignature.length !== 32) {
+    throw new USwapError("wallet_ledger_invalid_signature", { reason: "must be 32 bytes each" });
+  }
+
+  return base64.encode(Buffer.concat([rSignature, sSignature]));
+};