zolfa
/
tendermint
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 221 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
305 Commits
183 Branches
291 MiB
Tree: 2bbad9d496
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '2bbad9d496'
${ noResults }
tendermint/ledger_secp256k1.go

155 lines
4.4 KiB
Raw Normal View History

Ledger integration, WIP
7 years ago
Update to latest upstream, debugging information
7 years ago
Ledger integration, WIP
7 years ago
Fix testcases, all looks OK
7 years ago
Ledger integration, WIP
7 years ago
Clarify function names
7 years ago
Update to new Ledger API in progress
7 years ago
Ledger integration, WIP
7 years ago
Move TODOs to #114
7 years ago
Ledger integration, WIP
7 years ago
Fix testcases, all looks OK
7 years ago
Move TODOs to #114
7 years ago
Prevent unnecessary signatures, improve error messages
7 years ago
Clarify function names
7 years ago
Update to new Ledger API in progress
7 years ago
Prevent unnecessary signatures, improve error messages
7 years ago
Move TODOs to #114
7 years ago
Ledger integration, WIP
7 years ago
Update to new Ledger API in progress
7 years ago
Ledger integration, WIP
7 years ago
Update to new Ledger API in progress
7 years ago
Ledger integration, WIP
7 years ago
Update to latest upstream, debugging information
7 years ago
Ledger integration, WIP
7 years ago
Move TODOs to #114
7 years ago
Ledger integration, WIP
7 years ago
Clarify function names
7 years ago
Prevent unnecessary signatures, improve error messages
7 years ago
Clarify function names
7 years ago
Ledger integration, WIP
7 years ago
Move TODOs to #114
7 years ago
Ledger integration, WIP
7 years ago
Move TODOs to #114
7 years ago
Ledger integration, WIP
7 years ago
Clarify function names
7 years ago
Ledger integration, WIP
7 years ago
Move TODOs to #114
7 years ago
Ledger integration, WIP
7 years ago
 
  1. package crypto
  2. 

  3. import (
  4. 	"fmt"
  5. 

  6. 	secp256k1 "github.com/btcsuite/btcd/btcec"
  7. 	ledger "github.com/zondax/ledger-goclient"
  8. )
  9. 

  10. func pubkeyLedgerSecp256k1(device *ledger.Ledger, path DerivationPath) (pub PubKey, err error) {
  11. 	key, err := device.GetPublicKeySECP256K1(path)
  12. 	if err != nil {
  13. 		return nil, fmt.Errorf("error fetching public key: %v", err)
  14. 	}
  15. 	var p PubKeySecp256k1
  16. 	// Reserialize in the 33-byte compressed format

  17. 	cmp, err := secp256k1.ParsePubKey(key[:], secp256k1.S256())
  18. 	copy(p[:], cmp.SerializeCompressed())
  19. 	pub = p
  20. 	return
  21. }
  22. 

  23. func signLedgerSecp256k1(device *ledger.Ledger, path DerivationPath, msg []byte) (sig Signature, err error) {
  24. 	bsig, err := device.SignSECP256K1(path, msg)
  25. 	if err != nil {
  26. 		return sig, err
  27. 	}
  28. 	sig = SignatureSecp256k1FromBytes(bsig)
  29. 	return
  30. }
  31. 

  32. // PrivKeyLedgerSecp256k1 implements PrivKey, calling the ledger nano

  33. // we cache the PubKey from the first call to use it later

  34. type PrivKeyLedgerSecp256k1 struct {
  35. 	// PubKey should be private, but we want to encode it via go-amino

  36. 	// so we can view the address later, even without having the ledger

  37. 	// attached

  38. 	CachedPubKey PubKey
  39. 	Path         DerivationPath
  40. }
  41. 

  42. // NewPrivKeyLedgerSecp256k1 will generate a new key and store the

  43. // public key for later use.

  44. func NewPrivKeyLedgerSecp256k1(path DerivationPath) (PrivKey, error) {
  45. 	var pk PrivKeyLedgerSecp256k1
  46. 	pk.Path = path
  47. 	// getPubKey will cache the pubkey for later use,

  48. 	// this allows us to return an error early if the ledger

  49. 	// is not plugged in

  50. 	_, err := pk.getPubKey()
  51. 	return &pk, err
  52. }
  53. 

  54. // ValidateKey allows us to verify the sanity of a key

  55. // after loading it from disk

  56. func (pk PrivKeyLedgerSecp256k1) ValidateKey() error {
  57. 	// getPubKey will return an error if the ledger is not

  58. 	// properly set up...

  59. 	pub, err := pk.forceGetPubKey()
  60. 	if err != nil {
  61. 		return err
  62. 	}
  63. 	// verify this matches cached address

  64. 	if !pub.Equals(pk.CachedPubKey) {
  65. 		return fmt.Errorf("cached key does not match retrieved key")
  66. 	}
  67. 	return nil
  68. }
  69. 

  70. // AssertIsPrivKeyInner fulfils PrivKey Interface

  71. func (pk *PrivKeyLedgerSecp256k1) AssertIsPrivKeyInner() {}
  72. 

  73. // Bytes fulfils PrivKey Interface - but it stores the cached pubkey so we can verify

  74. // the same key when we reconnect to a ledger

  75. func (pk PrivKeyLedgerSecp256k1) Bytes() []byte {
  76. 	bin, err := cdc.MarshalBinaryBare(pk)
  77. 	if err != nil {
  78. 		panic(err)
  79. 	}
  80. 	return bin
  81. }
  82. 

  83. // Sign calls the ledger and stores the PubKey for future use

  84. //

  85. // Communication is checked on NewPrivKeyLedger and PrivKeyFromBytes,

  86. // returning an error, so this should only trigger if the privkey is held

  87. // in memory for a while before use.

  88. func (pk PrivKeyLedgerSecp256k1) Sign(msg []byte) Signature {
  89. 	// oh, I wish there was better error handling

  90. 	dev, err := getLedger()
  91. 	if err != nil {
  92. 		panic(err)
  93. 	}
  94. 

  95. 	sig, err := signLedgerSecp256k1(dev, pk.Path, msg)
  96. 	if err != nil {
  97. 		panic(err)
  98. 	}
  99. 

  100. 	pub, err := pubkeyLedgerSecp256k1(dev, pk.Path)
  101. 	if err != nil {
  102. 		panic(err)
  103. 	}
  104. 

  105. 	// if we have no pubkey yet, store it for future queries

  106. 	if pk.CachedPubKey == nil {
  107. 		pk.CachedPubKey = pub
  108. 	} else if !pk.CachedPubKey.Equals(pub) {
  109. 		panic("stored key does not match signing key")
  110. 	}
  111. 	return sig
  112. }
  113. 

  114. // PubKey returns the stored PubKey

  115. func (pk PrivKeyLedgerSecp256k1) PubKey() PubKey {
  116. 	key, err := pk.getPubKey()
  117. 	if err != nil {
  118. 		panic(err)
  119. 	}
  120. 	return key
  121. }
  122. 

  123. // getPubKey reads the pubkey from cache or from the ledger itself

  124. // since this involves IO, it may return an error, which is not exposed

  125. // in the PubKey interface, so this function allows better error handling

  126. func (pk PrivKeyLedgerSecp256k1) getPubKey() (key PubKey, err error) {
  127. 	// if we have no pubkey, set it

  128. 	if pk.CachedPubKey == nil {
  129. 		pk.CachedPubKey, err = pk.forceGetPubKey()
  130. 	}
  131. 	return pk.CachedPubKey, err
  132. }
  133. 

  134. // forceGetPubKey is like getPubKey but ignores any cached key

  135. // and ensures we get it from the ledger itself.

  136. func (pk PrivKeyLedgerSecp256k1) forceGetPubKey() (key PubKey, err error) {
  137. 	dev, err := getLedger()
  138. 	if err != nil {
  139. 		return key, fmt.Errorf("cannot connect to Ledger device - error: %v", err)
  140. 	}
  141. 	key, err = pubkeyLedgerSecp256k1(dev, pk.Path)
  142. 	if err != nil {
  143. 		return key, fmt.Errorf("please open Cosmos app on the Ledger device - error: %v", err)
  144. 	}
  145. 	return key, err
  146. }
  147. 

  148. // Equals fulfils PrivKey Interface - makes sure both keys refer to the

  149. // same

  150. func (pk PrivKeyLedgerSecp256k1) Equals(other PrivKey) bool {
  151. 	if ledger, ok := other.(*PrivKeyLedgerSecp256k1); ok {
  152. 		return pk.CachedPubKey.Equals(ledger.CachedPubKey)
  153. 	}
  154. 	return false
  155. }