From bb66cf238f7ff9d990f3a8b1177b84f78ea018dc Mon Sep 17 00:00:00 2001 From: Mateusz Jasiuk Date: Tue, 31 Dec 2024 15:13:06 +0100 Subject: [PATCH] feat: ledger shielded accounts --- apps/extension/package.json | 2 +- .../src/App/Accounts/ParentAccounts.tsx | 17 +++---- .../src/Setup/Ledger/LedgerConnect.tsx | 24 +++++++++ .../src/Setup/Ledger/LedgerImport.tsx | 14 ++++- apps/extension/src/Setup/Setup.tsx | 4 +- apps/extension/src/Setup/query.ts | 22 ++++++-- apps/extension/src/Setup/types.ts | 3 ++ .../src/background/keyring/handler.ts | 22 ++++++-- .../src/background/keyring/keyring.ts | 29 ++++++++++- .../src/background/keyring/messages.ts | 16 +++++- .../src/background/keyring/service.ts | 10 +++- apps/namadillo/src/App/Ibc/IbcTransfer.tsx | 1 + .../src/App/NamadaTransfer/NamadaTransfer.tsx | 2 +- packages/sdk/package.json | 2 +- packages/sdk/src/ledger.ts | 51 +++++++++++-------- packages/sdk/src/sdk.ts | 2 +- packages/shared/lib/src/types/masp.rs | 26 ++++++++++ yarn.lock | 12 ++--- 18 files changed, 203 insertions(+), 56 deletions(-) diff --git a/apps/extension/package.json b/apps/extension/package.json index 1d9f487654..8e7c5a97e8 100644 --- a/apps/extension/package.json +++ b/apps/extension/package.json @@ -46,7 +46,7 @@ "@ledgerhq/hw-transport": "^6.31.4", "@ledgerhq/hw-transport-webhid": "^6.29.4", "@ledgerhq/hw-transport-webusb": "^6.29.4", - "@zondax/ledger-namada": "^1.0.0", + "@zondax/ledger-namada": "^2.0.0", "bignumber.js": "^9.1.1", "buffer": "^6.0.3", "dompurify": "^3.0.2", diff --git a/apps/extension/src/App/Accounts/ParentAccounts.tsx b/apps/extension/src/App/Accounts/ParentAccounts.tsx index b437d43548..1befaa8cbd 100644 --- a/apps/extension/src/App/Accounts/ParentAccounts.tsx +++ b/apps/extension/src/App/Accounts/ParentAccounts.tsx @@ -7,12 +7,13 @@ import { KeyListItem, Stack, } from "@namada/components"; -import { AccountType, DerivedAccount } from "@namada/types"; +import { DerivedAccount } from "@namada/types"; import { ParentAccountsFooter } from "App/Accounts/ParentAccountsFooter"; import { PageHeader } from "App/Common"; import routes from "App/routes"; import { ParentAccount } from "background/keyring"; import { AccountContext } from "context"; +import invariant from "invariant"; import { openSetupTab } from "utils"; /** @@ -26,20 +27,14 @@ export const ParentAccounts = (): JSX.Element => { accounts: allAccounts, changeActiveAccountId, } = useContext(AccountContext); - // We check which accounts need to be re-imported const accounts = allAccounts - .filter( - (account) => account.parentId || account.type === AccountType.Ledger - ) + .filter((account) => account.parentId) .map((account) => { - const outdated = - account.type !== AccountType.Ledger && - typeof account.pseudoExtendedKey === "undefined"; + const outdated = typeof account.pseudoExtendedKey === "undefined"; - // The only account without a parent is the ledger account - const parent = - parentAccounts.find((pa) => pa.id === account.parentId) || account; + const parent = parentAccounts.find((pa) => pa.id === account.parentId); + invariant(parent, `Parent account not found for account ${account.id}`); return { ...parent, outdated }; }); diff --git a/apps/extension/src/Setup/Ledger/LedgerConnect.tsx b/apps/extension/src/Setup/Ledger/LedgerConnect.tsx index 8dd0d176a4..ac3b404109 100644 --- a/apps/extension/src/Setup/Ledger/LedgerConnect.tsx +++ b/apps/extension/src/Setup/Ledger/LedgerConnect.tsx @@ -1,6 +1,12 @@ import { chains } from "@namada/chains"; import { ActionButton, Alert, Image, Stack } from "@namada/components"; import { Ledger as LedgerApp, makeBip44Path } from "@namada/sdk/web"; +import sdkInit from "@namada/sdk/web-init"; +import { + ExtendedViewingKey, + ProofGenerationKey, + PseudoExtendedKey, +} from "@namada/shared"; import { Bip44Path } from "@namada/types"; import { LedgerError } from "@zondax/ledger-namada"; import { LedgerStep } from "Setup/Common"; @@ -33,14 +39,32 @@ export const LedgerConnect: React.FC = ({ path, setPath }) => { } setIsLedgerConnecting(true); + + await sdkInit(); + const { xfvk, pgk } = await ledger.getShieldedKeys(); const { address, publicKey } = await ledger.showAddressAndPublicKey( makeBip44Path(chains.namada.bip44.coinType, path) ); + const extendedViewingKey = new ExtendedViewingKey(xfvk); + const encodedExtendedViewingKey = extendedViewingKey.encode(); + const encodedPaymentAddress = extendedViewingKey + .default_payment_address() + .encode(); + const proofGenerationKey = ProofGenerationKey.from_bytes(pgk.ak, pgk.nsk); + const pseudoExtendedKey = PseudoExtendedKey.from( + extendedViewingKey, + proofGenerationKey + ); + const encodedPseudoExtendedKey = pseudoExtendedKey.encode(); + setIsLedgerConnecting(false); navigate(routes.ledgerImport(), { state: { address, publicKey, + extendedViewingKey: encodedExtendedViewingKey, + pseudoExtendedKey: encodedPseudoExtendedKey, + paymentAddress: encodedPaymentAddress, }, }); } catch (e) { diff --git a/apps/extension/src/Setup/Ledger/LedgerImport.tsx b/apps/extension/src/Setup/Ledger/LedgerImport.tsx index 6d9fb4ef50..efc2a610e7 100644 --- a/apps/extension/src/Setup/Ledger/LedgerImport.tsx +++ b/apps/extension/src/Setup/Ledger/LedgerImport.tsx @@ -10,6 +10,9 @@ import { useLocation, useNavigate } from "react-router-dom"; type LedgerImportLocationState = { address: string; publicKey: string; + extendedViewingKey: string; + pseudoExtendedKey: string; + paymentAddress: string; }; type LedgerProps = { @@ -55,12 +58,21 @@ export const LedgerImport = ({ await accountManager.savePassword(password); } - const { address, publicKey } = locationState; + const { + address, + publicKey, + extendedViewingKey, + pseudoExtendedKey, + paymentAddress, + } = locationState; const account = await accountManager.saveLedgerAccount({ alias, address, publicKey, path, + extendedViewingKey, + pseudoExtendedKey, + paymentAddress, }); navigate(routes.ledgerComplete(), { diff --git a/apps/extension/src/Setup/Setup.tsx b/apps/extension/src/Setup/Setup.tsx index c08e1a3ea5..604ca321c7 100644 --- a/apps/extension/src/Setup/Setup.tsx +++ b/apps/extension/src/Setup/Setup.tsx @@ -110,8 +110,8 @@ export const Setup: React.FC = () => { const prettyAccountSecret = accountSecret.t === "Mnemonic" ? "mnemonic" - : accountSecret.t === "PrivateKey" ? "private key" - : assertNever(accountSecret); + : accountSecret.t === "PrivateKey" ? "private key" + : assertNever(accountSecret); setCompletionStatusInfo(`Encrypting and storing ${prettyAccountSecret}.`); // Create parent account diff --git a/apps/extension/src/Setup/query.ts b/apps/extension/src/Setup/query.ts index ea8be11553..d16cac2274 100644 --- a/apps/extension/src/Setup/query.ts +++ b/apps/extension/src/Setup/query.ts @@ -13,7 +13,7 @@ import { DeriveAccountDetails, LedgerAccountDetails } from "./types"; // Wrap account management calls with extension requester instance export class AccountManager { - constructor(private readonly requester: ExtensionRequester) {} + constructor(private readonly requester: ExtensionRequester) { } /** * Set password for the extension @@ -88,10 +88,26 @@ export class AccountManager { async saveLedgerAccount( details: LedgerAccountDetails ): Promise { - const { alias, address, publicKey, path } = details; + const { + alias, + address, + publicKey, + path, + extendedViewingKey, + pseudoExtendedKey, + paymentAddress, + } = details; return (await this.requester.sendMessage( Ports.Background, - new AddLedgerAccountMsg(alias, address, publicKey, path) + new AddLedgerAccountMsg( + alias, + address, + publicKey, + path, + extendedViewingKey, + pseudoExtendedKey, + paymentAddress + ) )) as AccountStore; } } diff --git a/apps/extension/src/Setup/types.ts b/apps/extension/src/Setup/types.ts index 4ea8253ed3..54d7901c91 100644 --- a/apps/extension/src/Setup/types.ts +++ b/apps/extension/src/Setup/types.ts @@ -19,4 +19,7 @@ export type LedgerAccountDetails = { path: Bip44Path; address: string; publicKey: string; + extendedViewingKey: string; + pseudoExtendedKey: string; + paymentAddress: string; }; diff --git a/apps/extension/src/background/keyring/handler.ts b/apps/extension/src/background/keyring/handler.ts index 2d86d20d21..b4088cc0f6 100644 --- a/apps/extension/src/background/keyring/handler.ts +++ b/apps/extension/src/background/keyring/handler.ts @@ -105,8 +105,24 @@ const handleAddLedgerAccountMsg: ( service: KeyRingService ) => InternalHandler = (service) => { return async (_, msg) => { - const { alias, address, publicKey, bip44Path } = msg; - return await service.saveLedger(alias, address, publicKey, bip44Path); + const { + alias, + address, + publicKey, + bip44Path, + extendedViewingKey, + pseudoExtendedKey, + paymentAddress, + } = msg; + return await service.saveLedger( + alias, + address, + publicKey, + bip44Path, + extendedViewingKey, + pseudoExtendedKey, + paymentAddress + ); }; }; @@ -179,7 +195,7 @@ const handleQueryAccountsMsg: ( const output = query && query.accountId ? await service.queryAccountsByParentId(query.accountId) - : await service.queryAccounts(); + : await service.queryAccounts(); return output; }; diff --git a/apps/extension/src/background/keyring/keyring.ts b/apps/extension/src/background/keyring/keyring.ts index 54352f3233..ff4d74b8f2 100644 --- a/apps/extension/src/background/keyring/keyring.ts +++ b/apps/extension/src/background/keyring/keyring.ts @@ -101,7 +101,10 @@ export class KeyRing { alias: string, address: string, publicKey: string, - bip44Path: Bip44Path + bip44Path: Bip44Path, + pseudoExtendedKey: string, + extendedViewingKey: string, + paymentAddress: string ): Promise { const id = generateId(UUID_NAMESPACE, alias, address); const accountStore: AccountStore = { @@ -125,6 +128,30 @@ export class KeyRing { sensitive, }); + const shieldedId = generateId(UUID_NAMESPACE, alias, address); + const shieldedAccountStore: AccountStore = { + id: shieldedId, + alias, + address: paymentAddress, + publicKey, + owner: extendedViewingKey, + path: bip44Path, + pseudoExtendedKey, + parentId: id, + type: AccountType.ShieldedKeys, + source: "imported", + timestamp: 0, + }; + + const shieldedSensitive = await this.vaultService.encryptSensitiveData({ + text: "", + passphrase: "", + }); + await this.vaultStorage.add(KeyStore, { + public: shieldedAccountStore, + sensitive: shieldedSensitive, + }); + await this.setActiveAccount(id, AccountType.Ledger); return accountStore; } diff --git a/apps/extension/src/background/keyring/messages.ts b/apps/extension/src/background/keyring/messages.ts index 927657485d..ce6931cbb0 100644 --- a/apps/extension/src/background/keyring/messages.ts +++ b/apps/extension/src/background/keyring/messages.ts @@ -186,7 +186,9 @@ export class AddLedgerAccountMsg extends Message { public readonly address: string, public readonly publicKey: string, public readonly bip44Path: Bip44Path, - public readonly parentId?: string + public readonly extendedViewingKey: string, + public readonly pseudoExtendedKey: string, + public readonly paymentAddress: string ) { super(); } @@ -207,6 +209,18 @@ export class AddLedgerAccountMsg extends Message { if (!this.bip44Path) { throw new Error("BIP44 Path was not provided!"); } + + if (!this.pseudoExtendedKey) { + throw new Error("Pseudo extended key was not provided!"); + } + + if (!this.extendedViewingKey) { + throw new Error("Extended viewing key was not provided!"); + } + + if (!this.paymentAddress) { + throw new Error("Payment address was not provided!"); + } } route(): string { diff --git a/apps/extension/src/background/keyring/service.ts b/apps/extension/src/background/keyring/service.ts index 4be1e92b53..7c806f6f03 100644 --- a/apps/extension/src/background/keyring/service.ts +++ b/apps/extension/src/background/keyring/service.ts @@ -81,7 +81,10 @@ export class KeyRingService { alias: string, address: string, publicKey: string, - bip44Path: Bip44Path + bip44Path: Bip44Path, + extendedViewingKey: string, + pseudoExtendedKey: string, + paymentAddress: string ): Promise { const account = await this._keyRing.queryAccountByAddress(address); if (account) { @@ -94,7 +97,10 @@ export class KeyRingService { alias, address, publicKey, - bip44Path + bip44Path, + pseudoExtendedKey, + extendedViewingKey, + paymentAddress ); await this.broadcaster.updateAccounts(); diff --git a/apps/namadillo/src/App/Ibc/IbcTransfer.tsx b/apps/namadillo/src/App/Ibc/IbcTransfer.tsx index 76961ceb1c..48269c40d2 100644 --- a/apps/namadillo/src/App/Ibc/IbcTransfer.tsx +++ b/apps/namadillo/src/App/Ibc/IbcTransfer.tsx @@ -54,6 +54,7 @@ export const IbcTransfer = (): JSX.Element => { walletAddress: sourceAddress, }) ); + console.log("userAssets", userAssets); // Local State const [shielded, setShielded] = useState(true); diff --git a/apps/namadillo/src/App/NamadaTransfer/NamadaTransfer.tsx b/apps/namadillo/src/App/NamadaTransfer/NamadaTransfer.tsx index c0dad90230..a7e3a973aa 100644 --- a/apps/namadillo/src/App/NamadaTransfer/NamadaTransfer.tsx +++ b/apps/namadillo/src/App/NamadaTransfer/NamadaTransfer.tsx @@ -62,7 +62,7 @@ export const NamadaTransfer: React.FC = () => { const account = defaultAccounts.data?.find((account) => shielded ? account.type === AccountType.ShieldedKeys - : account.type !== AccountType.ShieldedKeys + : account.type !== AccountType.ShieldedKeys ); const sourceAddress = account?.address; const selectedAssetAddress = searchParams.get(params.asset) || undefined; diff --git a/packages/sdk/package.json b/packages/sdk/package.json index e545c41be8..44a16f68c7 100644 --- a/packages/sdk/package.json +++ b/packages/sdk/package.json @@ -65,7 +65,7 @@ "@ledgerhq/hw-transport": "^6.31.4", "@ledgerhq/hw-transport-webhid": "^6.29.4", "@ledgerhq/hw-transport-webusb": "^6.29.4", - "@zondax/ledger-namada": "^1.0.0", + "@zondax/ledger-namada": "^2.0.0", "bignumber.js": "^9.1.1", "buffer": "^6.0.3", "slip44": "^3.0.18" diff --git a/packages/sdk/src/ledger.ts b/packages/sdk/src/ledger.ts index e4ad28ee40..2bfcb9047d 100644 --- a/packages/sdk/src/ledger.ts +++ b/packages/sdk/src/ledger.ts @@ -12,20 +12,17 @@ import { ResponseVersion, ResponseViewKey, } from "@zondax/ledger-namada"; -import { makeBip44Path } from "./utils"; +import { makeBip44Path, makeSaplingPath } from "./utils"; const { coinType } = chains.namada.bip44; export type LedgerAddressAndPublicKey = { address: string; publicKey: string }; export type LedgerShieldedKeys = { - viewingKey: { - viewKey?: string; - ivk?: string; - ovk?: string; - }; - proofGenerationKey: { - ak?: string; - nsk?: string; + xfvk: Uint8Array; + // Proof Generation Key + pgk: { + ak: Uint8Array; + nsk: Uint8Array; }; }; @@ -58,6 +55,9 @@ export const DEFAULT_LEDGER_BIP44_PATH = makeBip44Path(coinType, { index: 0, }); +export const DEFAULT_LEDGER_ZIP32_PATH = makeSaplingPath(coinType, { + account: 0, +}); /** * Functionality for interacting with NamadaApp for Ledger Hardware Wallets */ @@ -155,12 +155,19 @@ export class Ledger { * @returns ShieldedKeys */ public async getShieldedKeys( - path: string = DEFAULT_LEDGER_BIP44_PATH, + path: string = DEFAULT_LEDGER_ZIP32_PATH, promptUser = true ): Promise { try { - const { viewKey, ivk, ovk }: ResponseViewKey = - await this.namadaApp.retrieveKeys(path, NamadaKeys.ViewKey, promptUser); + const { xfvk }: ResponseViewKey = await this.namadaApp.retrieveKeys( + path, + NamadaKeys.ViewKey, + promptUser + ); + + if (!xfvk) { + throw new Error(`Could not retrieve Viewing Key`); + } const { ak, nsk }: ResponseProofGenKey = await this.namadaApp.retrieveKeys( @@ -168,20 +175,20 @@ export class Ledger { NamadaKeys.ProofGenerationKey, promptUser ); + if (!ak || !nsk) { + throw new Error(`Could not retrieve Proof Generation Key`); + } return { - viewingKey: { - viewKey: viewKey?.toString(), - ivk: ivk?.toString(), - ovk: ovk?.toString(), - }, - proofGenerationKey: { - ak: ak?.toString(), - nsk: nsk?.toString(), + xfvk: new Uint8Array(xfvk), + pgk: { + ak: new Uint8Array(ak), + nsk: new Uint8Array(nsk), }, }; - } catch (_) { - throw new Error(`Could not retrieve Viewing Key`); + } catch (e) { + console.error(e); + throw new Error(`Could not retrieve shielded keys: ${e}`); } } diff --git a/packages/sdk/src/sdk.ts b/packages/sdk/src/sdk.ts index fc61a9089b..2330bee793 100644 --- a/packages/sdk/src/sdk.ts +++ b/packages/sdk/src/sdk.ts @@ -29,7 +29,7 @@ export class Sdk { public readonly cryptoMemory: WebAssembly.Memory, public readonly url: string, public readonly nativeToken: string - ) {} + ) { } /** * Re-initialize wasm instances and return this instance diff --git a/packages/shared/lib/src/types/masp.rs b/packages/shared/lib/src/types/masp.rs index cff5b901e8..50b408e8b4 100644 --- a/packages/shared/lib/src/types/masp.rs +++ b/packages/shared/lib/src/types/masp.rs @@ -47,6 +47,13 @@ impl ExtendedViewingKey { pub fn encode(&self) -> String { self.0.to_string() } + + pub fn default_payment_address(&self) -> PaymentAddress { + let xfvk = zip32::ExtendedFullViewingKey::from(self.0); + let (_, payment_address) = xfvk.default_address(); + + PaymentAddress(payment_address.into()) + } } #[wasm_bindgen] @@ -54,6 +61,13 @@ pub struct ProofGenerationKey(pub(crate) sapling::ProofGenerationKey); #[wasm_bindgen] impl ProofGenerationKey { + pub fn from_bytes(ak: Vec, nsk: Vec) -> ProofGenerationKey { + let concatenated: Vec = ak.iter().chain(nsk.iter()).cloned().collect(); + let pgk = sapling::ProofGenerationKey::try_from_slice(concatenated.as_slice()) + .expect("Deserializing ProofGenerationKey should not fail!"); + + ProofGenerationKey(pgk) + } pub fn encode(&self) -> String { hex::encode( borsh::to_vec(&self.0).expect("Serializing ProofGenerationKey should not fail!"), @@ -86,6 +100,18 @@ impl PseudoExtendedKey { .expect("Deserializing ProofGenerationKey should not fail!"), ) } + + pub fn from(xvk: ExtendedViewingKey, pgk: ProofGenerationKey) -> Self { + let mut pxk = zip32::PseudoExtendedKey::from(zip32::ExtendedFullViewingKey::from(xvk.0)); + pxk.augment_proof_generation_key(pgk.0) + .expect("Augmenting proof generation key should not fail!"); + + pxk.augment_spend_authorizing_key_unchecked(sapling::redjubjub::PrivateKey( + jubjub::Fr::default(), + )); + + Self(pxk) + } } /// Wrap ExtendedSpendingKey diff --git a/yarn.lock b/yarn.lock index d29ea9e566..77cf28159f 100644 --- a/yarn.lock +++ b/yarn.lock @@ -3487,7 +3487,7 @@ __metadata: "@types/w3c-web-usb": "npm:^1.0.10" "@types/webextension-polyfill": "npm:^0.10.6" "@types/zxcvbn": "npm:^4.4.1" - "@zondax/ledger-namada": "npm:^1.0.0" + "@zondax/ledger-namada": "npm:^2.0.0" bignumber.js: "npm:^9.1.1" buffer: "npm:^6.0.3" copy-webpack-plugin: "npm:^11.0.0" @@ -3759,7 +3759,7 @@ __metadata: "@release-it/conventional-changelog": "npm:^8.0.1" "@types/jest": "npm:^29.5.12" "@types/node": "npm:^20.11.4" - "@zondax/ledger-namada": "npm:^1.0.0" + "@zondax/ledger-namada": "npm:^2.0.0" babel-jest: "npm:^29.0.3" bignumber.js: "npm:^9.1.1" buffer: "npm:^6.0.3" @@ -6074,12 +6074,12 @@ __metadata: languageName: node linkType: hard -"@zondax/ledger-namada@npm:^1.0.0": - version: 1.0.0 - resolution: "@zondax/ledger-namada@npm:1.0.0" +"@zondax/ledger-namada@npm:^2.0.0": + version: 2.0.0 + resolution: "@zondax/ledger-namada@npm:2.0.0" dependencies: "@ledgerhq/hw-transport": "npm:^6.30.6" - checksum: f7490964ccd41f9a63f2bc8d89ea9f01e7d6a58be796db0b454a3f1455dcc8dc8dd578a8642aa0f0799c93f838e8e3afd69f59f7e9947816b9471338c2b9dd63 + checksum: 1fa2a9a537bc42df01444332529a606ed77f608a2cc1dbb029915ed854ff447976930a4338c2d68d50d98869828cd76b1a4f4b5c2c989fd84af7b66d55dc51fc languageName: node linkType: hard