Ledger integration, WIP

7 years ago · 1c9ff46e98
--- a/Gopkg.lock
+++ b/Gopkg.lock
@ -1,6 +1,12 @@
 # This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'.


 [[projects]]
  branch = "master"
  name = "github.com/brejski/hid"
  packages = ["."]
  revision = "06112dcfcc50a7e0e4fd06e17f9791e788fdaafc"

 [[projects]]
  branch = "master"
  name = "github.com/btcsuite/btcd"
@ -147,6 +153,12 @@
  packages = ["."]
  revision = "8e7a99b3e716f36d3b080a9a70f9eb45abe4edcc"

 [[projects]]
  branch = "master"
  name = "github.com/zondax/ledger-goclient"
  packages = ["."]
  revision = "0eb48e14b06efd0354c2e0e18f15db121c64b9b8"

 [[projects]]
  branch = "master"
  name = "golang.org/x/crypto"
@ -166,6 +178,6 @@
 [solve-meta]
  analyzer-name = "dep"
  analyzer-version = 1
  inputs-digest = "f9ccfa2cadfcbfb43bf729b871a0ad2f8d4f4acb118cd859e6faf9b24842b840"
  inputs-digest = "f3cfb54414cb9d59bab79226c7778673e7ac5b7a464baf9b2ea76c1f2563631e"
  solver-name = "gps-cdcl"
  solver-version = 1
--- a/Gopkg.toml
+++ b/Gopkg.toml
@ -57,6 +57,10 @@
  name = "github.com/tyler-smith/go-bip39"
  branch = "master"

 [[constraint]]
  name = "github.com/zondax/ledger-goclient"
  branch = "master"

 [prune]
  go-tests = true
  unused-packages = true
--- a/_nano/keys.go
+++ b/_nano/keys.go
@ -1,294 +0,0 @@
 package nano

 import (
 	"bytes"
 	"encoding/hex"

 	"github.com/pkg/errors"

 	ledger "github.com/ethanfrey/ledger"

 	crypto "github.com/tendermint/go-crypto"
 	amino "github.com/tendermint/go-amino"
 )

 //nolint
 const (
 	NameLedgerEd25519 = "ledger-ed25519"
 	TypeLedgerEd25519 = 0x10

 	// Timeout is the number of seconds to wait for a response from the ledger
 	// if eg. waiting for user confirmation on button push
 	Timeout = 20
 )

 var device *ledger.Ledger

 // getLedger gets a copy of the device, and caches it
 func getLedger() (*ledger.Ledger, error) {
 	var err error
 	if device == nil {
 		device, err = ledger.FindLedger()
 	}
 	return device, err
 }

 func signLedger(device *ledger.Ledger, msg []byte) (pub crypto.PubKey, sig crypto.Signature, err error) {
 	var resp []byte

 	packets := generateSignRequests(msg)
 	for _, pack := range packets {
 		resp, err = device.Exchange(pack, Timeout)
 		if err != nil {
 			return pub, sig, err
 		}
 	}

 	// the last call is the result we want and needs to be parsed
 	key, bsig, err := parseDigest(resp)
 	if err != nil {
 		return pub, sig, err
 	}

 	var b [32]byte
 	copy(b[:], key)
 	return PubKeyLedgerEd25519FromBytes(b), crypto.SignatureEd25519FromBytes(bsig), nil
 }

 // PrivKeyLedgerEd25519 implements PrivKey, calling the ledger nano
 // we cache the PubKey from the first call to use it later
 type PrivKeyLedgerEd25519 struct {
 	// PubKey should be private, but we want to encode it via go-amino
 	// so we can view the address later, even without having the ledger
 	// attached
 	CachedPubKey crypto.PubKey
 }

 // NewPrivKeyLedgerEd25519 will generate a new key and store the
 // public key for later use.
 func NewPrivKeyLedgerEd25519() (crypto.PrivKey, error) {
 	var pk PrivKeyLedgerEd25519
 	// getPubKey will cache the pubkey for later use,
 	// this allows us to return an error early if the ledger
 	// is not plugged in
 	_, err := pk.getPubKey()
 	return pk.Wrap(), err
 }

 // ValidateKey allows us to verify the sanity of a key
 // after loading it from disk
 func (pk *PrivKeyLedgerEd25519) ValidateKey() error {
 	// getPubKey will return an error if the ledger is not
 	// properly set up...
 	pub, err := pk.forceGetPubKey()
 	if err != nil {
 		return err
 	}
 	// verify this matches cached address
 	if !pub.Equals(pk.CachedPubKey) {
 		return errors.New("ledger doesn't match cached key")
 	}
 	return nil
 }

 // AssertIsPrivKeyInner fulfils PrivKey Interface
 func (pk *PrivKeyLedgerEd25519) AssertIsPrivKeyInner() {}

 // Bytes fulfils PrivKey Interface - but it stores the cached pubkey so we can verify
 // the same key when we reconnect to a ledger
 func (pk *PrivKeyLedgerEd25519) Bytes() []byte {
 	return amino.BinaryBytes(pk.Wrap())
 }

 // Sign calls the ledger and stores the PubKey for future use
 //
 // XXX/TODO: panics if there is an error communicating with the ledger.
 //
 // Communication is checked on NewPrivKeyLedger and PrivKeyFromBytes,
 // returning an error, so this should only trigger if the privkey is held
 // in memory for a while before use.
 func (pk *PrivKeyLedgerEd25519) Sign(msg []byte) crypto.Signature {
 	// oh, I wish there was better error handling
 	dev, err := getLedger()
 	if err != nil {
 		panic(err)
 	}

 	pub, sig, err := signLedger(dev, msg)
 	if err != nil {
 		panic(err)
 	}

 	// if we have no pubkey yet, store it for future queries
 	if pk.CachedPubKey.Empty() {
 		pk.CachedPubKey = pub
 	} else if !pk.CachedPubKey.Equals(pub) {
 		panic("signed with a different key than stored")
 	}
 	return sig
 }

 // PubKey returns the stored PubKey
 // TODO: query the ledger if not there, once it is not volatile
 func (pk *PrivKeyLedgerEd25519) PubKey() crypto.PubKey {
 	key, err := pk.getPubKey()
 	if err != nil {
 		panic(err)
 	}
 	return key
 }

 // getPubKey reads the pubkey from cache or from the ledger itself
 // since this involves IO, it may return an error, which is not exposed
 // in the PubKey interface, so this function allows better error handling
 func (pk *PrivKeyLedgerEd25519) getPubKey() (key crypto.PubKey, err error) {
 	// if we have no pubkey, set it
 	if pk.CachedPubKey.Empty() {
 		pk.CachedPubKey, err = pk.forceGetPubKey()
 	}
 	return pk.CachedPubKey, err
 }

 // forceGetPubKey is like getPubKey but ignores any cached key
 // and ensures we get it from the ledger itself.
 func (pk *PrivKeyLedgerEd25519) forceGetPubKey() (key crypto.PubKey, err error) {
 	dev, err := getLedger()
 	if err != nil {
 		return key, errors.New("Can't connect to ledger device")
 	}
 	key, _, err = signLedger(dev, []byte{0})
 	if err != nil {
 		return key, errors.New("Please open cosmos app on the ledger")
 	}
 	return key, err
 }

 // Equals fulfils PrivKey Interface - makes sure both keys refer to the
 // same
 func (pk *PrivKeyLedgerEd25519) Equals(other crypto.PrivKey) bool {
 	if ledger, ok := other.Unwrap().(*PrivKeyLedgerEd25519); ok {
 		return pk.CachedPubKey.Equals(ledger.CachedPubKey)
 	}
 	return false
 }

 // MockPrivKeyLedgerEd25519 behaves as the ledger, but stores a pre-packaged call-response
 // for use in test cases
 type MockPrivKeyLedgerEd25519 struct {
 	Msg []byte
 	Pub [KeyLength]byte
 	Sig [SigLength]byte
 }

 // NewMockKey returns
 func NewMockKey(msg, pubkey, sig string) (pk MockPrivKeyLedgerEd25519) {
 	var err error
 	pk.Msg, err = hex.DecodeString(msg)
 	if err != nil {
 		panic(err)
 	}

 	bpk, err := hex.DecodeString(pubkey)
 	if err != nil {
 		panic(err)
 	}
 	bsig, err := hex.DecodeString(sig)
 	if err != nil {
 		panic(err)
 	}

 	copy(pk.Pub[:], bpk)
 	copy(pk.Sig[:], bsig)
 	return pk
 }

 var _ crypto.PrivKeyInner = MockPrivKeyLedgerEd25519{}

 // AssertIsPrivKeyInner fulfils PrivKey Interface
 func (pk MockPrivKeyLedgerEd25519) AssertIsPrivKeyInner() {}

 // Bytes fulfils PrivKey Interface - not supported
 func (pk MockPrivKeyLedgerEd25519) Bytes() []byte {
 	return nil
 }

 // Sign returns a real SignatureLedger, if the msg matches what we expect
 func (pk MockPrivKeyLedgerEd25519) Sign(msg []byte) crypto.Signature {
 	if !bytes.Equal(pk.Msg, msg) {
 		panic("Mock key is for different msg")
 	}
 	return crypto.SignatureEd25519(pk.Sig).Wrap()
 }

 // PubKey returns a real PubKeyLedgerEd25519, that will verify this signature
 func (pk MockPrivKeyLedgerEd25519) PubKey() crypto.PubKey {
 	return PubKeyLedgerEd25519FromBytes(pk.Pub)
 }

 // Equals compares that two Mocks have the same data
 func (pk MockPrivKeyLedgerEd25519) Equals(other crypto.PrivKey) bool {
 	if mock, ok := other.Unwrap().(MockPrivKeyLedgerEd25519); ok {
 		return bytes.Equal(mock.Pub[:], pk.Pub[:]) &&
 			bytes.Equal(mock.Sig[:], pk.Sig[:]) &&
 			bytes.Equal(mock.Msg, pk.Msg)
 	}
 	return false
 }

 ////////////////////////////////////////////
 // pubkey

 // PubKeyLedgerEd25519 works like a normal Ed25519 except a hash before the verify bytes
 type PubKeyLedgerEd25519 struct {
 	crypto.PubKeyEd25519
 }

 // PubKeyLedgerEd25519FromBytes creates a PubKey from the raw bytes
 func PubKeyLedgerEd25519FromBytes(key [32]byte) crypto.PubKey {
 	return PubKeyLedgerEd25519{crypto.PubKeyEd25519(key)}.Wrap()
 }

 // Bytes fulfils pk Interface - no data, just type info
 func (pk PubKeyLedgerEd25519) Bytes() []byte {
 	return amino.BinaryBytes(pk.Wrap())
 }

 // VerifyBytes uses the normal Ed25519 algorithm but a sha512 hash beforehand
 func (pk PubKeyLedgerEd25519) VerifyBytes(msg []byte, sig crypto.Signature) bool {
 	hmsg := hashMsg(msg)
 	return pk.PubKeyEd25519.VerifyBytes(hmsg, sig)
 }

 // Equals implements PubKey interface
 func (pk PubKeyLedgerEd25519) Equals(other crypto.PubKey) bool {
 	if ledger, ok := other.Unwrap().(PubKeyLedgerEd25519); ok {
 		return pk.PubKeyEd25519.Equals(ledger.PubKeyEd25519.Wrap())
 	}
 	return false
 }

 /*** registration with go-data ***/

 func init() {
 	crypto.PrivKeyMapper.
 		RegisterImplementation(&PrivKeyLedgerEd25519{}, NameLedgerEd25519, TypeLedgerEd25519).
 		RegisterImplementation(MockPrivKeyLedgerEd25519{}, "mock-ledger", 0x11)

 	crypto.PubKeyMapper.
 		RegisterImplementation(PubKeyLedgerEd25519{}, NameLedgerEd25519, TypeLedgerEd25519)
 }

 // Wrap fulfils interface for PrivKey struct
 func (pk *PrivKeyLedgerEd25519) Wrap() crypto.PrivKey {
 	return crypto.PrivKey{PrivKeyInner: pk}
 }

 // Wrap fulfils interface for PrivKey struct
 func (pk MockPrivKeyLedgerEd25519) Wrap() crypto.PrivKey {
 	return crypto.PrivKey{PrivKeyInner: pk}
 }

 // Wrap fulfils interface for PubKey struct
 func (pk PubKeyLedgerEd25519) Wrap() crypto.PubKey {
 	return crypto.PubKey{PubKeyInner: pk}
 }
--- a/_nano/keys_test.go
+++ b/_nano/keys_test.go
@ -1,142 +0,0 @@
 package nano

 import (
 	"encoding/hex"
 	"os"
 	"testing"

 	asrt "github.com/stretchr/testify/assert"
 	rqr "github.com/stretchr/testify/require"

 	crypto "github.com/tendermint/go-crypto"
 )

 func TestLedgerKeys(t *testing.T) {
 	assert, require := asrt.New(t), rqr.New(t)

 	cases := []struct {
 		msg, pubkey, sig string
 		valid            bool
 	}{
 		0: {
 			msg:    "F00D",
 			pubkey: "8E8754F012C2FDB492183D41437FD837CB81D8BBE731924E2E0DAF43FD3F2C93",
 			sig:    "787DC03E9E4EE05983E30BAE0DEFB8DB0671DBC2F5874AC93F8D8CA4018F7A42D6F9A9BCEADB422AC8E27CEE9CA205A0B88D22CD686F0A43EB806E8190A3C400",
 			valid:  true,
 		},
 		1: {
 			msg:    "DEADBEEF",
 			pubkey: "0C45ADC887A5463F668533443C829ED13EA8E2E890C778957DC28DB9D2AD5A6C",
 			sig:    "00ED74EED8FDAC7988A14BF6BC222120CBAC249D569AF4C2ADABFC86B792F97DF73C4919BE4B6B0ACB53547273BF29FBF0A9E0992FFAB6CB6C9B09311FC86A00",
 			valid:  true,
 		},
 		2: {
 			msg:    "1234567890AA",
 			pubkey: "598FC1F0C76363D14D7480736DEEF390D85863360F075792A6975EFA149FD7EA",
 			sig:    "59AAB7D7BDC4F936B6415DE672A8B77FA6B8B3451CD95B3A631F31F9A05DAEEE5E7E4F89B64DDEBB5F63DC042CA13B8FCB8185F82AD7FD5636FFDA6B0DC9570B",
 			valid:  true,
 		},
 		3: {
 			msg:    "1234432112344321",
 			pubkey: "359E0636E780457294CCA5D2D84DB190C3EDBD6879729C10D3963DEA1D5D8120",
 			sig:    "616B44EC7A65E7C719C170D669A47DE80C6AC0BB13FBCC89230976F9CC14D4CF9ECF26D4AFBB9FFF625599F1FF6F78EDA15E9F6B6BDCE07CFE9D8C407AC45208",
 			valid:  true,
 		},
 		4: {
 			msg:    "12344321123443",
 			pubkey: "359E0636E780457294CCA5D2D84DB190C3EDBD6879729C10D3963DEA1D5D8120",
 			sig:    "616B44EC7A65E7C719C170D669A47DE80C6AC0BB13FBCC89230976F9CC14D4CF9ECF26D4AFBB9FFF625599F1FF6F78EDA15E9F6B6BDCE07CFE9D8C407AC45208",
 			valid:  false,
 		},
 		5: {
 			msg:    "1234432112344321",
 			pubkey: "459E0636E780457294CCA5D2D84DB190C3EDBD6879729C10D3963DEA1D5D8120",
 			sig:    "616B44EC7A65E7C719C170D669A47DE80C6AC0BB13FBCC89230976F9CC14D4CF9ECF26D4AFBB9FFF625599F1FF6F78EDA15E9F6B6BDCE07CFE9D8C407AC45208",
 			valid:  false,
 		},
 		6: {
 			msg:    "1234432112344321",
 			pubkey: "359E0636E780457294CCA5D2D84DB190C3EDBD6879729C10D3963DEA1D5D8120",
 			sig:    "716B44EC7A65E7C719C170D669A47DE80C6AC0BB13FBCC89230976F9CC14D4CF9ECF26D4AFBB9FFF625599F1FF6F78EDA15E9F6B6BDCE07CFE9D8C407AC45208",
 			valid:  false,
 		},
 	}

 	for i, tc := range cases {
 		bmsg, err := hex.DecodeString(tc.msg)
 		require.NoError(err, "%d", i)

 		priv := NewMockKey(tc.msg, tc.pubkey, tc.sig)
 		pub := priv.PubKey()
 		sig := priv.Sign(bmsg)

 		valid := pub.VerifyBytes(bmsg, sig)
 		assert.Equal(tc.valid, valid, "%d", i)
 	}
 }

 func TestRealLedger(t *testing.T) {
 	assert, require := asrt.New(t), rqr.New(t)

 	if os.Getenv("WITH_LEDGER") == "" {
 		t.Skip("Set WITH_LEDGER to run code on real ledger")
 	}
 	msg := []byte("kuhehfeohg")

 	priv, err := NewPrivKeyLedgerEd25519()
 	require.Nil(err, "%+v", err)
 	pub := priv.PubKey()
 	sig := priv.Sign(msg)

 	valid := pub.VerifyBytes(msg, sig)
 	assert.True(valid)

 	// now, let's serialize the key and make sure it still works
 	bs := priv.Bytes()
 	priv2, err := crypto.PrivKeyFromBytes(bs)
 	require.Nil(err, "%+v", err)

 	// make sure we get the same pubkey when we load from disk
 	pub2 := priv2.PubKey()
 	require.Equal(pub, pub2)

 	// signing with the loaded key should match the original pubkey
 	sig = priv2.Sign(msg)
 	valid = pub.VerifyBytes(msg, sig)
 	assert.True(valid)

 	// make sure pubkeys serialize properly as well
 	bs = pub.Bytes()
 	bpub, err := crypto.PubKeyFromBytes(bs)
 	require.NoError(err)
 	assert.Equal(pub, bpub)
 }

 // TestRealLedgerErrorHandling calls. These tests assume
 // the ledger is not plugged in....
 func TestRealLedgerErrorHandling(t *testing.T) {
 	require := rqr.New(t)

 	if os.Getenv("WITH_LEDGER") != "" {
 		t.Skip("Skipping on WITH_LEDGER as it tests unplugged cases")
 	}

 	// first, try to generate a key, must return an error
 	// (no panic)
 	_, err := NewPrivKeyLedgerEd25519()
 	require.Error(err)

 	led := PrivKeyLedgerEd25519{} // empty
 	// or with some pub key
 	ed := crypto.GenPrivKeyEd25519()
 	led2 := PrivKeyLedgerEd25519{CachedPubKey: ed.PubKey()}

 	// loading these should return errors
 	bs := led.Bytes()
 	_, err = crypto.PrivKeyFromBytes(bs)
 	require.Error(err)

 	bs = led2.Bytes()
 	_, err = crypto.PrivKeyFromBytes(bs)
 	require.Error(err)
 }
--- a/_nano/sign.go
+++ b/_nano/sign.go
@ -1,63 +0,0 @@
 package nano

 import (
 	"bytes"
 	"crypto/sha512"

 	"github.com/pkg/errors"
 )

 const (
 	App       = 0x80
 	Init      = 0x00
 	Update    = 0x01
 	Digest    = 0x02
 	MaxChunk  = 253
 	KeyLength = 32
 	SigLength = 64
 )

 var separator = []byte{0, 0xCA, 0xFE, 0}

 func generateSignRequests(payload []byte) [][]byte {
 	// nice one-shot
 	digest := []byte{App, Digest}
 	if len(payload) < MaxChunk {
 		return [][]byte{append(digest, payload...)}
 	}

 	// large payload is multi-chunk
 	result := [][]byte{{App, Init}}
 	update := []byte{App, Update}
 	for len(payload) > MaxChunk {
 		msg := append(update, payload[:MaxChunk]...)
 		payload = payload[MaxChunk:]
 		result = append(result, msg)
 	}
 	result = append(result, append(update, payload...))
 	result = append(result, digest)
 	return result
 }

 func parseDigest(resp []byte) (key, sig []byte, err error) {
 	if resp[0] != App || resp[1] != Digest {
 		return nil, nil, errors.New("Invalid header")
 	}
 	resp = resp[2:]
 	if len(resp) != KeyLength+SigLength+len(separator) {
 		return nil, nil, errors.Errorf("Incorrect length: %d", len(resp))
 	}

 	key, resp = resp[:KeyLength], resp[KeyLength:]
 	if !bytes.Equal(separator, resp[:len(separator)]) {
 		return nil, nil, errors.New("Cannot find 0xCAFE")
 	}

 	sig = resp[len(separator):]
 	return key, sig, nil
 }

 func hashMsg(data []byte) []byte {
 	res := sha512.Sum512(data)
 	return res[:]
 }
--- a/_nano/sign_test.go
+++ b/_nano/sign_test.go
@ -1,160 +0,0 @@
 package nano

 import (
 	"encoding/hex"
 	"testing"

 	"github.com/pkg/errors"
 	asrt "github.com/stretchr/testify/assert"
 	rqr "github.com/stretchr/testify/require"

 	crypto "github.com/tendermint/go-crypto"
 )

 func parseEdKey(data []byte) (key crypto.PubKey, err error) {
 	ed := crypto.PubKeyEd25519{}
 	if len(data) < len(ed) {
 		return key, errors.Errorf("Key length too short: %d", len(data))
 	}
 	copy(ed[:], data)
 	return ed.Wrap(), nil
 }

 func parseSig(data []byte) (key crypto.Signature, err error) {
 	ed := crypto.SignatureEd25519{}
 	if len(data) < len(ed) {
 		return key, errors.Errorf("Sig length too short: %d", len(data))
 	}
 	copy(ed[:], data)
 	return ed.Wrap(), nil
 }

 func TestParseDigest(t *testing.T) {
 	assert, require := asrt.New(t), rqr.New(t)

 	cases := []struct {
 		output string
 		key    string
 		sig    string
 		valid  bool
 	}{
 		{
 			output: "80028E8754F012C2FDB492183D41437FD837CB81D8BBE731924E2E0DAF43FD3F2C9300CAFE00787DC03E9E4EE05983E30BAE0DEFB8DB0671DBC2F5874AC93F8D8CA4018F7A42D6F9A9BCEADB422AC8E27CEE9CA205A0B88D22CD686F0A43EB806E8190A3C400",
 			key:    "8E8754F012C2FDB492183D41437FD837CB81D8BBE731924E2E0DAF43FD3F2C93",
 			sig:    "787DC03E9E4EE05983E30BAE0DEFB8DB0671DBC2F5874AC93F8D8CA4018F7A42D6F9A9BCEADB422AC8E27CEE9CA205A0B88D22CD686F0A43EB806E8190A3C400",
 			valid:  true,
 		},
 		{
 			output: "800235467890876543525437890796574535467890",
 			key:    "",
 			sig:    "",
 			valid:  false,
 		},
 	}

 	for i, tc := range cases {
 		msg, err := hex.DecodeString(tc.output)
 		require.Nil(err, "%d: %+v", i, err)

 		lKey, lSig, err := parseDigest(msg)
 		if !tc.valid {
 			assert.NotNil(err, "%d", i)
 		} else if assert.Nil(err, "%d: %+v", i, err) {
 			key, err := hex.DecodeString(tc.key)
 			require.Nil(err, "%d: %+v", i, err)
 			sig, err := hex.DecodeString(tc.sig)
 			require.Nil(err, "%d: %+v", i, err)

 			assert.Equal(key, lKey, "%d", i)
 			assert.Equal(sig, lSig, "%d", i)
 		}
 	}
 }

 type cryptoCase struct {
 	msg   string
 	key   string
 	sig   string
 	valid bool
 }

 func toBytes(c cryptoCase) (msg, key, sig []byte, err error) {
 	msg, err = hex.DecodeString(c.msg)
 	if err != nil {
 		return
 	}
 	key, err = hex.DecodeString(c.key)
 	if err != nil {
 		return
 	}
 	sig, err = hex.DecodeString(c.sig)
 	return
 }

 func TestCryptoConvert(t *testing.T) {
 	assert, require := asrt.New(t), rqr.New(t)

 	cases := []cryptoCase{
 		0: {
 			msg:   "F00D",
 			key:   "8E8754F012C2FDB492183D41437FD837CB81D8BBE731924E2E0DAF43FD3F2C93",
 			sig:   "787DC03E9E4EE05983E30BAE0DEFB8DB0671DBC2F5874AC93F8D8CA4018F7A42D6F9A9BCEADB422AC8E27CEE9CA205A0B88D22CD686F0A43EB806E8190A3C400",
 			valid: true,
 		},
 		1: {
 			msg:   "DEADBEEF",
 			key:   "0C45ADC887A5463F668533443C829ED13EA8E2E890C778957DC28DB9D2AD5A6C",
 			sig:   "00ED74EED8FDAC7988A14BF6BC222120CBAC249D569AF4C2ADABFC86B792F97DF73C4919BE4B6B0ACB53547273BF29FBF0A9E0992FFAB6CB6C9B09311FC86A00",
 			valid: true,
 		},
 		2: {
 			msg:   "1234567890AA",
 			key:   "598FC1F0C76363D14D7480736DEEF390D85863360F075792A6975EFA149FD7EA",
 			sig:   "59AAB7D7BDC4F936B6415DE672A8B77FA6B8B3451CD95B3A631F31F9A05DAEEE5E7E4F89B64DDEBB5F63DC042CA13B8FCB8185F82AD7FD5636FFDA6B0DC9570B",
 			valid: true,
 		},
 		3: {
 			msg:   "1234432112344321",
 			key:   "359E0636E780457294CCA5D2D84DB190C3EDBD6879729C10D3963DEA1D5D8120",
 			sig:   "616B44EC7A65E7C719C170D669A47DE80C6AC0BB13FBCC89230976F9CC14D4CF9ECF26D4AFBB9FFF625599F1FF6F78EDA15E9F6B6BDCE07CFE9D8C407AC45208",
 			valid: true,
 		},
 		4: {
 			msg:   "12344321123443",
 			key:   "359E0636E780457294CCA5D2D84DB190C3EDBD6879729C10D3963DEA1D5D8120",
 			sig:   "616B44EC7A65E7C719C170D669A47DE80C6AC0BB13FBCC89230976F9CC14D4CF9ECF26D4AFBB9FFF625599F1FF6F78EDA15E9F6B6BDCE07CFE9D8C407AC45208",
 			valid: false,
 		},
 		5: {
 			msg:   "1234432112344321",
 			key:   "459E0636E780457294CCA5D2D84DB190C3EDBD6879729C10D3963DEA1D5D8120",
 			sig:   "616B44EC7A65E7C719C170D669A47DE80C6AC0BB13FBCC89230976F9CC14D4CF9ECF26D4AFBB9FFF625599F1FF6F78EDA15E9F6B6BDCE07CFE9D8C407AC45208",
 			valid: false,
 		},
 		6: {
 			msg:   "1234432112344321",
 			key:   "359E0636E780457294CCA5D2D84DB190C3EDBD6879729C10D3963DEA1D5D8120",
 			sig:   "716B44EC7A65E7C719C170D669A47DE80C6AC0BB13FBCC89230976F9CC14D4CF9ECF26D4AFBB9FFF625599F1FF6F78EDA15E9F6B6BDCE07CFE9D8C407AC45208",
 			valid: false,
 		},
 	}

 	for i, tc := range cases {
 		msg, key, sig, err := toBytes(tc)
 		require.Nil(err, "%d: %+v", i, err)

 		pk, err := parseEdKey(key)
 		require.Nil(err, "%d: %+v", i, err)
 		psig, err := parseSig(sig)
 		require.Nil(err, "%d: %+v", i, err)

 		// it is not the signature of the message itself
 		valid := pk.VerifyBytes(msg, psig)
 		assert.False(valid, "%d", i)

 		// but rather of the hash of the msg
 		hmsg := hashMsg(msg)
 		valid = pk.VerifyBytes(hmsg, psig)
 		assert.Equal(tc.valid, valid, "%d", i)
 	}
 }
--- a/amino.go
+++ b/amino.go
@ -27,6 +27,8 @@ func RegisterAmino(cdc *amino.Codec) {
 		"tendermint/PrivKeyEd25519", nil)
 	cdc.RegisterConcrete(PrivKeySecp256k1{},
 		"tendermint/PrivKeySecp256k1", nil)
 	cdc.RegisterConcrete(PrivKeyLedgerSecp256k1{},
 		"tendermint/PrivKeyLedgerSecp256k1", nil)

 	cdc.RegisterInterface((*Signature)(nil), nil)
 	cdc.RegisterConcrete(SignatureEd25519{},
--- a/ledger.go
+++ b/ledger.go
@ -0,0 +1,154 @@
 package crypto

 import (
 	"github.com/pkg/errors"

 	// secp256k1 "github.com/btcsuite/btcd/btcec"
 	ledger "github.com/zondax/ledger-goclient"
 )

 var device *ledger.Ledger

 // getLedger gets a copy of the device, and caches it
 func getLedger() (*ledger.Ledger, error) {
 	var err error
 	if device == nil {
 		device, err = ledger.FindLedger()
 	}
 	return device, err
 }

 func signLedger(device *ledger.Ledger, msg []byte) (pub PubKey, sig Signature, err error) {
 	bsig, err := device.Sign(msg)
 	if err != nil {
 		return pub, sig, err
 	}
 	key, err := device.GetPublicKey()
 	if err != nil {
 		return pub, sig, err
 	}
 	var p PubKeySecp256k1
 	copy(p[:], key)
 	return p, SignatureSecp256k1FromBytes(bsig), nil
 }

 // PrivKeyLedgerSecp256k1 implements PrivKey, calling the ledger nano
 // we cache the PubKey from the first call to use it later
 type PrivKeyLedgerSecp256k1 struct {
 	// PubKey should be private, but we want to encode it via go-amino
 	// so we can view the address later, even without having the ledger
 	// attached
 	CachedPubKey PubKey
 }

 // NewPrivKeyLedgerSecp256k1 will generate a new key and store the
 // public key for later use.
 func NewPrivKeyLedgerSecp256k1() (PrivKey, error) {
 	var pk PrivKeyLedgerSecp256k1
 	// getPubKey will cache the pubkey for later use,
 	// this allows us to return an error early if the ledger
 	// is not plugged in
 	_, err := pk.getPubKey()
 	return &pk, err
 }

 // ValidateKey allows us to verify the sanity of a key
 // after loading it from disk
 func (pk PrivKeyLedgerSecp256k1) ValidateKey() error {
 	// getPubKey will return an error if the ledger is not
 	// properly set up...
 	pub, err := pk.forceGetPubKey()
 	if err != nil {
 		return err
 	}
 	// verify this matches cached address
 	if !pub.Equals(pk.CachedPubKey) {
 		return errors.New("ledger doesn't match cached key")
 	}
 	return nil
 }

 // AssertIsPrivKeyInner fulfils PrivKey Interface
 func (pk *PrivKeyLedgerSecp256k1) AssertIsPrivKeyInner() {}

 // Bytes fulfils PrivKey Interface - but it stores the cached pubkey so we can verify
 // the same key when we reconnect to a ledger
 func (pk PrivKeyLedgerSecp256k1) Bytes() []byte {
 	bin, err := cdc.MarshalBinaryBare(pk)
 	if err != nil {
 		panic(err)
 	}
 	return bin
 }

 // Sign calls the ledger and stores the PubKey for future use
 //
 // XXX/TODO: panics if there is an error communicating with the ledger.
 //
 // Communication is checked on NewPrivKeyLedger and PrivKeyFromBytes,
 // returning an error, so this should only trigger if the privkey is held
 // in memory for a while before use.
 func (pk PrivKeyLedgerSecp256k1) Sign(msg []byte) Signature {
 	// oh, I wish there was better error handling
 	dev, err := getLedger()
 	if err != nil {
 		panic(err)
 	}

 	pub, sig, err := signLedger(dev, msg)
 	if err != nil {
 		panic(err)
 	}

 	// if we have no pubkey yet, store it for future queries
 	if pk.CachedPubKey == nil {
 		pk.CachedPubKey = pub
 	} else if !pk.CachedPubKey.Equals(pub) {
 		panic("signed with a different key than stored")
 	}
 	return sig
 }

 // PubKey returns the stored PubKey
 // TODO: query the ledger if not there, once it is not volatile
 func (pk PrivKeyLedgerSecp256k1) PubKey() PubKey {
 	key, err := pk.getPubKey()
 	if err != nil {
 		panic(err)
 	}
 	return key
 }

 // getPubKey reads the pubkey from cache or from the ledger itself
 // since this involves IO, it may return an error, which is not exposed
 // in the PubKey interface, so this function allows better error handling
 func (pk PrivKeyLedgerSecp256k1) getPubKey() (key PubKey, err error) {
 	// if we have no pubkey, set it
 	if pk.CachedPubKey == nil {
 		pk.CachedPubKey, err = pk.forceGetPubKey()
 	}
 	return pk.CachedPubKey, err
 }

 // forceGetPubKey is like getPubKey but ignores any cached key
 // and ensures we get it from the ledger itself.
 func (pk PrivKeyLedgerSecp256k1) forceGetPubKey() (key PubKey, err error) {
 	dev, err := getLedger()
 	if err != nil {
 		return key, errors.New("Can't connect to ledger device")
 	}
 	key, _, err = signLedger(dev, []byte{0})
 	if err != nil {
 		return key, errors.New("Please open cosmos app on the ledger")
 	}
 	return key, err
 }

 // Equals fulfils PrivKey Interface - makes sure both keys refer to the
 // same
 func (pk PrivKeyLedgerSecp256k1) Equals(other PrivKey) bool {
 	if ledger, ok := other.(*PrivKeyLedgerSecp256k1); ok {
 		return pk.CachedPubKey.Equals(ledger.CachedPubKey)
 	}
 	return false
 }
--- a/ledger_test.go
+++ b/ledger_test.go
@ -0,0 +1,72 @@
 package crypto

 import (
 	"os"
 	"testing"

 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )

 func TestRealLedger(t *testing.T) {

 	if os.Getenv("WITH_LEDGER") == "" {
 		t.Skip("Set WITH_LEDGER to run code on real ledger")
 	}
 	msg := []byte("kuhehfeohg")

 	priv, err := NewPrivKeyLedgerSecp256k1()
 	require.Nil(t, err, "%+v", err)
 	pub := priv.PubKey()
 	sig := priv.Sign(msg)

 	valid := pub.VerifyBytes(msg, sig)
 	assert.True(t, valid)

 	// now, let's serialize the key and make sure it still works
 	bs := priv.Bytes()
 	priv2, err := PrivKeyFromBytes(bs)
 	require.Nil(t, err, "%+v", err)

 	// make sure we get the same pubkey when we load from disk
 	pub2 := priv2.PubKey()
 	require.Equal(t, pub, pub2)

 	// signing with the loaded key should match the original pubkey
 	sig = priv2.Sign(msg)
 	valid = pub.VerifyBytes(msg, sig)
 	assert.True(t, valid)

 	// make sure pubkeys serialize properly as well
 	bs = pub.Bytes()
 	bpub, err := PubKeyFromBytes(bs)
 	require.NoError(t, err)
 	assert.Equal(t, pub, bpub)
 }

 // TestRealLedgerErrorHandling calls. These tests assume
 // the ledger is not plugged in....
 func TestRealLedgerErrorHandling(t *testing.T) {
 	if os.Getenv("WITH_LEDGER") != "" {
 		t.Skip("Skipping on WITH_LEDGER as it tests unplugged cases")
 	}

 	// first, try to generate a key, must return an error
 	// (no panic)
 	_, err := NewPrivKeyLedgerSecp256k1()
 	require.Error(t, err)

 	led := PrivKeyLedgerSecp256k1{} // empty
 	// or with some pub key
 	ed := GenPrivKeySecp256k1()
 	led2 := PrivKeyLedgerSecp256k1{CachedPubKey: ed.PubKey()}

 	// loading these should return errors
 	bs := led.Bytes()
 	_, err = PrivKeyFromBytes(bs)
 	require.Error(t, err)

 	bs = led2.Bytes()
 	_, err = PrivKeyFromBytes(bs)
 	require.Error(t, err)
 }
--- a/signature.go
+++ b/signature.go
@ -79,3 +79,9 @@ func (sig SignatureSecp256k1) Equals(other Signature) bool {
 		return false
 	}
 }

 func SignatureSecp256k1FromBytes(data []byte) Signature {
 	var sig SignatureSecp256k1
 	copy(sig[:], data)
 	return sig
 }