From 1c9ff46e98df9e76d4b9a160c4635d72afd12f04 Mon Sep 17 00:00:00 2001 From: Christopher Goes Date: Mon, 30 Apr 2018 16:42:11 +0200 Subject: [PATCH 01/15] Ledger integration, WIP --- Gopkg.lock | 14 ++- Gopkg.toml | 4 + _nano/keys.go | 294 --------------------------------------------- _nano/keys_test.go | 142 ---------------------- _nano/sign.go | 63 ---------- _nano/sign_test.go | 160 ------------------------ amino.go | 2 + ledger.go | 154 ++++++++++++++++++++++++ ledger_test.go | 72 +++++++++++ signature.go | 6 + 10 files changed, 251 insertions(+), 660 deletions(-) delete mode 100644 _nano/keys.go delete mode 100644 _nano/keys_test.go delete mode 100644 _nano/sign.go delete mode 100644 _nano/sign_test.go create mode 100644 ledger.go create mode 100644 ledger_test.go diff --git a/Gopkg.lock b/Gopkg.lock index f52af5591..fbfaa63fa 100644 --- a/Gopkg.lock +++ b/Gopkg.lock @@ -1,6 +1,12 @@ # This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'. +[[projects]] + branch = "master" + name = "github.com/brejski/hid" + packages = ["."] + revision = "06112dcfcc50a7e0e4fd06e17f9791e788fdaafc" + [[projects]] branch = "master" name = "github.com/btcsuite/btcd" @@ -147,6 +153,12 @@ packages = ["."] revision = "8e7a99b3e716f36d3b080a9a70f9eb45abe4edcc" +[[projects]] + branch = "master" + name = "github.com/zondax/ledger-goclient" + packages = ["."] + revision = "0eb48e14b06efd0354c2e0e18f15db121c64b9b8" + [[projects]] branch = "master" name = "golang.org/x/crypto" @@ -166,6 +178,6 @@ [solve-meta] analyzer-name = "dep" analyzer-version = 1 - inputs-digest = "f9ccfa2cadfcbfb43bf729b871a0ad2f8d4f4acb118cd859e6faf9b24842b840" + inputs-digest = "f3cfb54414cb9d59bab79226c7778673e7ac5b7a464baf9b2ea76c1f2563631e" solver-name = "gps-cdcl" solver-version = 1 diff --git a/Gopkg.toml b/Gopkg.toml index 4ccb8c07d..3737ec5f9 100644 --- a/Gopkg.toml +++ b/Gopkg.toml @@ -57,6 +57,10 @@ name = "github.com/tyler-smith/go-bip39" branch = "master" +[[constraint]] + name = "github.com/zondax/ledger-goclient" + branch = "master" + [prune] go-tests = true unused-packages = true diff --git a/_nano/keys.go b/_nano/keys.go deleted file mode 100644 index 8cf1c3721..000000000 --- a/_nano/keys.go +++ /dev/null @@ -1,294 +0,0 @@ -package nano - -import ( - "bytes" - "encoding/hex" - - "github.com/pkg/errors" - - ledger "github.com/ethanfrey/ledger" - - crypto "github.com/tendermint/go-crypto" - amino "github.com/tendermint/go-amino" -) - -//nolint -const ( - NameLedgerEd25519 = "ledger-ed25519" - TypeLedgerEd25519 = 0x10 - - // Timeout is the number of seconds to wait for a response from the ledger - // if eg. waiting for user confirmation on button push - Timeout = 20 -) - -var device *ledger.Ledger - -// getLedger gets a copy of the device, and caches it -func getLedger() (*ledger.Ledger, error) { - var err error - if device == nil { - device, err = ledger.FindLedger() - } - return device, err -} - -func signLedger(device *ledger.Ledger, msg []byte) (pub crypto.PubKey, sig crypto.Signature, err error) { - var resp []byte - - packets := generateSignRequests(msg) - for _, pack := range packets { - resp, err = device.Exchange(pack, Timeout) - if err != nil { - return pub, sig, err - } - } - - // the last call is the result we want and needs to be parsed - key, bsig, err := parseDigest(resp) - if err != nil { - return pub, sig, err - } - - var b [32]byte - copy(b[:], key) - return PubKeyLedgerEd25519FromBytes(b), crypto.SignatureEd25519FromBytes(bsig), nil -} - -// PrivKeyLedgerEd25519 implements PrivKey, calling the ledger nano -// we cache the PubKey from the first call to use it later -type PrivKeyLedgerEd25519 struct { - // PubKey should be private, but we want to encode it via go-amino - // so we can view the address later, even without having the ledger - // attached - CachedPubKey crypto.PubKey -} - -// NewPrivKeyLedgerEd25519 will generate a new key and store the -// public key for later use. -func NewPrivKeyLedgerEd25519() (crypto.PrivKey, error) { - var pk PrivKeyLedgerEd25519 - // getPubKey will cache the pubkey for later use, - // this allows us to return an error early if the ledger - // is not plugged in - _, err := pk.getPubKey() - return pk.Wrap(), err -} - -// ValidateKey allows us to verify the sanity of a key -// after loading it from disk -func (pk *PrivKeyLedgerEd25519) ValidateKey() error { - // getPubKey will return an error if the ledger is not - // properly set up... - pub, err := pk.forceGetPubKey() - if err != nil { - return err - } - // verify this matches cached address - if !pub.Equals(pk.CachedPubKey) { - return errors.New("ledger doesn't match cached key") - } - return nil -} - -// AssertIsPrivKeyInner fulfils PrivKey Interface -func (pk *PrivKeyLedgerEd25519) AssertIsPrivKeyInner() {} - -// Bytes fulfils PrivKey Interface - but it stores the cached pubkey so we can verify -// the same key when we reconnect to a ledger -func (pk *PrivKeyLedgerEd25519) Bytes() []byte { - return amino.BinaryBytes(pk.Wrap()) -} - -// Sign calls the ledger and stores the PubKey for future use -// -// XXX/TODO: panics if there is an error communicating with the ledger. -// -// Communication is checked on NewPrivKeyLedger and PrivKeyFromBytes, -// returning an error, so this should only trigger if the privkey is held -// in memory for a while before use. -func (pk *PrivKeyLedgerEd25519) Sign(msg []byte) crypto.Signature { - // oh, I wish there was better error handling - dev, err := getLedger() - if err != nil { - panic(err) - } - - pub, sig, err := signLedger(dev, msg) - if err != nil { - panic(err) - } - - // if we have no pubkey yet, store it for future queries - if pk.CachedPubKey.Empty() { - pk.CachedPubKey = pub - } else if !pk.CachedPubKey.Equals(pub) { - panic("signed with a different key than stored") - } - return sig -} - -// PubKey returns the stored PubKey -// TODO: query the ledger if not there, once it is not volatile -func (pk *PrivKeyLedgerEd25519) PubKey() crypto.PubKey { - key, err := pk.getPubKey() - if err != nil { - panic(err) - } - return key -} - -// getPubKey reads the pubkey from cache or from the ledger itself -// since this involves IO, it may return an error, which is not exposed -// in the PubKey interface, so this function allows better error handling -func (pk *PrivKeyLedgerEd25519) getPubKey() (key crypto.PubKey, err error) { - // if we have no pubkey, set it - if pk.CachedPubKey.Empty() { - pk.CachedPubKey, err = pk.forceGetPubKey() - } - return pk.CachedPubKey, err -} - -// forceGetPubKey is like getPubKey but ignores any cached key -// and ensures we get it from the ledger itself. -func (pk *PrivKeyLedgerEd25519) forceGetPubKey() (key crypto.PubKey, err error) { - dev, err := getLedger() - if err != nil { - return key, errors.New("Can't connect to ledger device") - } - key, _, err = signLedger(dev, []byte{0}) - if err != nil { - return key, errors.New("Please open cosmos app on the ledger") - } - return key, err -} - -// Equals fulfils PrivKey Interface - makes sure both keys refer to the -// same -func (pk *PrivKeyLedgerEd25519) Equals(other crypto.PrivKey) bool { - if ledger, ok := other.Unwrap().(*PrivKeyLedgerEd25519); ok { - return pk.CachedPubKey.Equals(ledger.CachedPubKey) - } - return false -} - -// MockPrivKeyLedgerEd25519 behaves as the ledger, but stores a pre-packaged call-response -// for use in test cases -type MockPrivKeyLedgerEd25519 struct { - Msg []byte - Pub [KeyLength]byte - Sig [SigLength]byte -} - -// NewMockKey returns -func NewMockKey(msg, pubkey, sig string) (pk MockPrivKeyLedgerEd25519) { - var err error - pk.Msg, err = hex.DecodeString(msg) - if err != nil { - panic(err) - } - - bpk, err := hex.DecodeString(pubkey) - if err != nil { - panic(err) - } - bsig, err := hex.DecodeString(sig) - if err != nil { - panic(err) - } - - copy(pk.Pub[:], bpk) - copy(pk.Sig[:], bsig) - return pk -} - -var _ crypto.PrivKeyInner = MockPrivKeyLedgerEd25519{} - -// AssertIsPrivKeyInner fulfils PrivKey Interface -func (pk MockPrivKeyLedgerEd25519) AssertIsPrivKeyInner() {} - -// Bytes fulfils PrivKey Interface - not supported -func (pk MockPrivKeyLedgerEd25519) Bytes() []byte { - return nil -} - -// Sign returns a real SignatureLedger, if the msg matches what we expect -func (pk MockPrivKeyLedgerEd25519) Sign(msg []byte) crypto.Signature { - if !bytes.Equal(pk.Msg, msg) { - panic("Mock key is for different msg") - } - return crypto.SignatureEd25519(pk.Sig).Wrap() -} - -// PubKey returns a real PubKeyLedgerEd25519, that will verify this signature -func (pk MockPrivKeyLedgerEd25519) PubKey() crypto.PubKey { - return PubKeyLedgerEd25519FromBytes(pk.Pub) -} - -// Equals compares that two Mocks have the same data -func (pk MockPrivKeyLedgerEd25519) Equals(other crypto.PrivKey) bool { - if mock, ok := other.Unwrap().(MockPrivKeyLedgerEd25519); ok { - return bytes.Equal(mock.Pub[:], pk.Pub[:]) && - bytes.Equal(mock.Sig[:], pk.Sig[:]) && - bytes.Equal(mock.Msg, pk.Msg) - } - return false -} - -//////////////////////////////////////////// -// pubkey - -// PubKeyLedgerEd25519 works like a normal Ed25519 except a hash before the verify bytes -type PubKeyLedgerEd25519 struct { - crypto.PubKeyEd25519 -} - -// PubKeyLedgerEd25519FromBytes creates a PubKey from the raw bytes -func PubKeyLedgerEd25519FromBytes(key [32]byte) crypto.PubKey { - return PubKeyLedgerEd25519{crypto.PubKeyEd25519(key)}.Wrap() -} - -// Bytes fulfils pk Interface - no data, just type info -func (pk PubKeyLedgerEd25519) Bytes() []byte { - return amino.BinaryBytes(pk.Wrap()) -} - -// VerifyBytes uses the normal Ed25519 algorithm but a sha512 hash beforehand -func (pk PubKeyLedgerEd25519) VerifyBytes(msg []byte, sig crypto.Signature) bool { - hmsg := hashMsg(msg) - return pk.PubKeyEd25519.VerifyBytes(hmsg, sig) -} - -// Equals implements PubKey interface -func (pk PubKeyLedgerEd25519) Equals(other crypto.PubKey) bool { - if ledger, ok := other.Unwrap().(PubKeyLedgerEd25519); ok { - return pk.PubKeyEd25519.Equals(ledger.PubKeyEd25519.Wrap()) - } - return false -} - -/*** registration with go-data ***/ - -func init() { - crypto.PrivKeyMapper. - RegisterImplementation(&PrivKeyLedgerEd25519{}, NameLedgerEd25519, TypeLedgerEd25519). - RegisterImplementation(MockPrivKeyLedgerEd25519{}, "mock-ledger", 0x11) - - crypto.PubKeyMapper. - RegisterImplementation(PubKeyLedgerEd25519{}, NameLedgerEd25519, TypeLedgerEd25519) -} - -// Wrap fulfils interface for PrivKey struct -func (pk *PrivKeyLedgerEd25519) Wrap() crypto.PrivKey { - return crypto.PrivKey{PrivKeyInner: pk} -} - -// Wrap fulfils interface for PrivKey struct -func (pk MockPrivKeyLedgerEd25519) Wrap() crypto.PrivKey { - return crypto.PrivKey{PrivKeyInner: pk} -} - -// Wrap fulfils interface for PubKey struct -func (pk PubKeyLedgerEd25519) Wrap() crypto.PubKey { - return crypto.PubKey{PubKeyInner: pk} -} diff --git a/_nano/keys_test.go b/_nano/keys_test.go deleted file mode 100644 index fda096e29..000000000 --- a/_nano/keys_test.go +++ /dev/null @@ -1,142 +0,0 @@ -package nano - -import ( - "encoding/hex" - "os" - "testing" - - asrt "github.com/stretchr/testify/assert" - rqr "github.com/stretchr/testify/require" - - crypto "github.com/tendermint/go-crypto" -) - -func TestLedgerKeys(t *testing.T) { - assert, require := asrt.New(t), rqr.New(t) - - cases := []struct { - msg, pubkey, sig string - valid bool - }{ - 0: { - msg: "F00D", - pubkey: "8E8754F012C2FDB492183D41437FD837CB81D8BBE731924E2E0DAF43FD3F2C93", - sig: "787DC03E9E4EE05983E30BAE0DEFB8DB0671DBC2F5874AC93F8D8CA4018F7A42D6F9A9BCEADB422AC8E27CEE9CA205A0B88D22CD686F0A43EB806E8190A3C400", - valid: true, - }, - 1: { - msg: "DEADBEEF", - pubkey: "0C45ADC887A5463F668533443C829ED13EA8E2E890C778957DC28DB9D2AD5A6C", - sig: "00ED74EED8FDAC7988A14BF6BC222120CBAC249D569AF4C2ADABFC86B792F97DF73C4919BE4B6B0ACB53547273BF29FBF0A9E0992FFAB6CB6C9B09311FC86A00", - valid: true, - }, - 2: { - msg: "1234567890AA", - pubkey: "598FC1F0C76363D14D7480736DEEF390D85863360F075792A6975EFA149FD7EA", - sig: "59AAB7D7BDC4F936B6415DE672A8B77FA6B8B3451CD95B3A631F31F9A05DAEEE5E7E4F89B64DDEBB5F63DC042CA13B8FCB8185F82AD7FD5636FFDA6B0DC9570B", - valid: true, - }, - 3: { - msg: "1234432112344321", - pubkey: "359E0636E780457294CCA5D2D84DB190C3EDBD6879729C10D3963DEA1D5D8120", - sig: "616B44EC7A65E7C719C170D669A47DE80C6AC0BB13FBCC89230976F9CC14D4CF9ECF26D4AFBB9FFF625599F1FF6F78EDA15E9F6B6BDCE07CFE9D8C407AC45208", - valid: true, - }, - 4: { - msg: "12344321123443", - pubkey: "359E0636E780457294CCA5D2D84DB190C3EDBD6879729C10D3963DEA1D5D8120", - sig: "616B44EC7A65E7C719C170D669A47DE80C6AC0BB13FBCC89230976F9CC14D4CF9ECF26D4AFBB9FFF625599F1FF6F78EDA15E9F6B6BDCE07CFE9D8C407AC45208", - valid: false, - }, - 5: { - msg: "1234432112344321", - pubkey: "459E0636E780457294CCA5D2D84DB190C3EDBD6879729C10D3963DEA1D5D8120", - sig: "616B44EC7A65E7C719C170D669A47DE80C6AC0BB13FBCC89230976F9CC14D4CF9ECF26D4AFBB9FFF625599F1FF6F78EDA15E9F6B6BDCE07CFE9D8C407AC45208", - valid: false, - }, - 6: { - msg: "1234432112344321", - pubkey: "359E0636E780457294CCA5D2D84DB190C3EDBD6879729C10D3963DEA1D5D8120", - sig: "716B44EC7A65E7C719C170D669A47DE80C6AC0BB13FBCC89230976F9CC14D4CF9ECF26D4AFBB9FFF625599F1FF6F78EDA15E9F6B6BDCE07CFE9D8C407AC45208", - valid: false, - }, - } - - for i, tc := range cases { - bmsg, err := hex.DecodeString(tc.msg) - require.NoError(err, "%d", i) - - priv := NewMockKey(tc.msg, tc.pubkey, tc.sig) - pub := priv.PubKey() - sig := priv.Sign(bmsg) - - valid := pub.VerifyBytes(bmsg, sig) - assert.Equal(tc.valid, valid, "%d", i) - } -} - -func TestRealLedger(t *testing.T) { - assert, require := asrt.New(t), rqr.New(t) - - if os.Getenv("WITH_LEDGER") == "" { - t.Skip("Set WITH_LEDGER to run code on real ledger") - } - msg := []byte("kuhehfeohg") - - priv, err := NewPrivKeyLedgerEd25519() - require.Nil(err, "%+v", err) - pub := priv.PubKey() - sig := priv.Sign(msg) - - valid := pub.VerifyBytes(msg, sig) - assert.True(valid) - - // now, let's serialize the key and make sure it still works - bs := priv.Bytes() - priv2, err := crypto.PrivKeyFromBytes(bs) - require.Nil(err, "%+v", err) - - // make sure we get the same pubkey when we load from disk - pub2 := priv2.PubKey() - require.Equal(pub, pub2) - - // signing with the loaded key should match the original pubkey - sig = priv2.Sign(msg) - valid = pub.VerifyBytes(msg, sig) - assert.True(valid) - - // make sure pubkeys serialize properly as well - bs = pub.Bytes() - bpub, err := crypto.PubKeyFromBytes(bs) - require.NoError(err) - assert.Equal(pub, bpub) -} - -// TestRealLedgerErrorHandling calls. These tests assume -// the ledger is not plugged in.... -func TestRealLedgerErrorHandling(t *testing.T) { - require := rqr.New(t) - - if os.Getenv("WITH_LEDGER") != "" { - t.Skip("Skipping on WITH_LEDGER as it tests unplugged cases") - } - - // first, try to generate a key, must return an error - // (no panic) - _, err := NewPrivKeyLedgerEd25519() - require.Error(err) - - led := PrivKeyLedgerEd25519{} // empty - // or with some pub key - ed := crypto.GenPrivKeyEd25519() - led2 := PrivKeyLedgerEd25519{CachedPubKey: ed.PubKey()} - - // loading these should return errors - bs := led.Bytes() - _, err = crypto.PrivKeyFromBytes(bs) - require.Error(err) - - bs = led2.Bytes() - _, err = crypto.PrivKeyFromBytes(bs) - require.Error(err) -} diff --git a/_nano/sign.go b/_nano/sign.go deleted file mode 100644 index c40801583..000000000 --- a/_nano/sign.go +++ /dev/null @@ -1,63 +0,0 @@ -package nano - -import ( - "bytes" - "crypto/sha512" - - "github.com/pkg/errors" -) - -const ( - App = 0x80 - Init = 0x00 - Update = 0x01 - Digest = 0x02 - MaxChunk = 253 - KeyLength = 32 - SigLength = 64 -) - -var separator = []byte{0, 0xCA, 0xFE, 0} - -func generateSignRequests(payload []byte) [][]byte { - // nice one-shot - digest := []byte{App, Digest} - if len(payload) < MaxChunk { - return [][]byte{append(digest, payload...)} - } - - // large payload is multi-chunk - result := [][]byte{{App, Init}} - update := []byte{App, Update} - for len(payload) > MaxChunk { - msg := append(update, payload[:MaxChunk]...) - payload = payload[MaxChunk:] - result = append(result, msg) - } - result = append(result, append(update, payload...)) - result = append(result, digest) - return result -} - -func parseDigest(resp []byte) (key, sig []byte, err error) { - if resp[0] != App || resp[1] != Digest { - return nil, nil, errors.New("Invalid header") - } - resp = resp[2:] - if len(resp) != KeyLength+SigLength+len(separator) { - return nil, nil, errors.Errorf("Incorrect length: %d", len(resp)) - } - - key, resp = resp[:KeyLength], resp[KeyLength:] - if !bytes.Equal(separator, resp[:len(separator)]) { - return nil, nil, errors.New("Cannot find 0xCAFE") - } - - sig = resp[len(separator):] - return key, sig, nil -} - -func hashMsg(data []byte) []byte { - res := sha512.Sum512(data) - return res[:] -} diff --git a/_nano/sign_test.go b/_nano/sign_test.go deleted file mode 100644 index 18e4e0d0b..000000000 --- a/_nano/sign_test.go +++ /dev/null @@ -1,160 +0,0 @@ -package nano - -import ( - "encoding/hex" - "testing" - - "github.com/pkg/errors" - asrt "github.com/stretchr/testify/assert" - rqr "github.com/stretchr/testify/require" - - crypto "github.com/tendermint/go-crypto" -) - -func parseEdKey(data []byte) (key crypto.PubKey, err error) { - ed := crypto.PubKeyEd25519{} - if len(data) < len(ed) { - return key, errors.Errorf("Key length too short: %d", len(data)) - } - copy(ed[:], data) - return ed.Wrap(), nil -} - -func parseSig(data []byte) (key crypto.Signature, err error) { - ed := crypto.SignatureEd25519{} - if len(data) < len(ed) { - return key, errors.Errorf("Sig length too short: %d", len(data)) - } - copy(ed[:], data) - return ed.Wrap(), nil -} - -func TestParseDigest(t *testing.T) { - assert, require := asrt.New(t), rqr.New(t) - - cases := []struct { - output string - key string - sig string - valid bool - }{ - { - output: "80028E8754F012C2FDB492183D41437FD837CB81D8BBE731924E2E0DAF43FD3F2C9300CAFE00787DC03E9E4EE05983E30BAE0DEFB8DB0671DBC2F5874AC93F8D8CA4018F7A42D6F9A9BCEADB422AC8E27CEE9CA205A0B88D22CD686F0A43EB806E8190A3C400", - key: "8E8754F012C2FDB492183D41437FD837CB81D8BBE731924E2E0DAF43FD3F2C93", - sig: "787DC03E9E4EE05983E30BAE0DEFB8DB0671DBC2F5874AC93F8D8CA4018F7A42D6F9A9BCEADB422AC8E27CEE9CA205A0B88D22CD686F0A43EB806E8190A3C400", - valid: true, - }, - { - output: "800235467890876543525437890796574535467890", - key: "", - sig: "", - valid: false, - }, - } - - for i, tc := range cases { - msg, err := hex.DecodeString(tc.output) - require.Nil(err, "%d: %+v", i, err) - - lKey, lSig, err := parseDigest(msg) - if !tc.valid { - assert.NotNil(err, "%d", i) - } else if assert.Nil(err, "%d: %+v", i, err) { - key, err := hex.DecodeString(tc.key) - require.Nil(err, "%d: %+v", i, err) - sig, err := hex.DecodeString(tc.sig) - require.Nil(err, "%d: %+v", i, err) - - assert.Equal(key, lKey, "%d", i) - assert.Equal(sig, lSig, "%d", i) - } - } -} - -type cryptoCase struct { - msg string - key string - sig string - valid bool -} - -func toBytes(c cryptoCase) (msg, key, sig []byte, err error) { - msg, err = hex.DecodeString(c.msg) - if err != nil { - return - } - key, err = hex.DecodeString(c.key) - if err != nil { - return - } - sig, err = hex.DecodeString(c.sig) - return -} - -func TestCryptoConvert(t *testing.T) { - assert, require := asrt.New(t), rqr.New(t) - - cases := []cryptoCase{ - 0: { - msg: "F00D", - key: "8E8754F012C2FDB492183D41437FD837CB81D8BBE731924E2E0DAF43FD3F2C93", - sig: "787DC03E9E4EE05983E30BAE0DEFB8DB0671DBC2F5874AC93F8D8CA4018F7A42D6F9A9BCEADB422AC8E27CEE9CA205A0B88D22CD686F0A43EB806E8190A3C400", - valid: true, - }, - 1: { - msg: "DEADBEEF", - key: "0C45ADC887A5463F668533443C829ED13EA8E2E890C778957DC28DB9D2AD5A6C", - sig: "00ED74EED8FDAC7988A14BF6BC222120CBAC249D569AF4C2ADABFC86B792F97DF73C4919BE4B6B0ACB53547273BF29FBF0A9E0992FFAB6CB6C9B09311FC86A00", - valid: true, - }, - 2: { - msg: "1234567890AA", - key: "598FC1F0C76363D14D7480736DEEF390D85863360F075792A6975EFA149FD7EA", - sig: "59AAB7D7BDC4F936B6415DE672A8B77FA6B8B3451CD95B3A631F31F9A05DAEEE5E7E4F89B64DDEBB5F63DC042CA13B8FCB8185F82AD7FD5636FFDA6B0DC9570B", - valid: true, - }, - 3: { - msg: "1234432112344321", - key: "359E0636E780457294CCA5D2D84DB190C3EDBD6879729C10D3963DEA1D5D8120", - sig: "616B44EC7A65E7C719C170D669A47DE80C6AC0BB13FBCC89230976F9CC14D4CF9ECF26D4AFBB9FFF625599F1FF6F78EDA15E9F6B6BDCE07CFE9D8C407AC45208", - valid: true, - }, - 4: { - msg: "12344321123443", - key: "359E0636E780457294CCA5D2D84DB190C3EDBD6879729C10D3963DEA1D5D8120", - sig: "616B44EC7A65E7C719C170D669A47DE80C6AC0BB13FBCC89230976F9CC14D4CF9ECF26D4AFBB9FFF625599F1FF6F78EDA15E9F6B6BDCE07CFE9D8C407AC45208", - valid: false, - }, - 5: { - msg: "1234432112344321", - key: "459E0636E780457294CCA5D2D84DB190C3EDBD6879729C10D3963DEA1D5D8120", - sig: "616B44EC7A65E7C719C170D669A47DE80C6AC0BB13FBCC89230976F9CC14D4CF9ECF26D4AFBB9FFF625599F1FF6F78EDA15E9F6B6BDCE07CFE9D8C407AC45208", - valid: false, - }, - 6: { - msg: "1234432112344321", - key: "359E0636E780457294CCA5D2D84DB190C3EDBD6879729C10D3963DEA1D5D8120", - sig: "716B44EC7A65E7C719C170D669A47DE80C6AC0BB13FBCC89230976F9CC14D4CF9ECF26D4AFBB9FFF625599F1FF6F78EDA15E9F6B6BDCE07CFE9D8C407AC45208", - valid: false, - }, - } - - for i, tc := range cases { - msg, key, sig, err := toBytes(tc) - require.Nil(err, "%d: %+v", i, err) - - pk, err := parseEdKey(key) - require.Nil(err, "%d: %+v", i, err) - psig, err := parseSig(sig) - require.Nil(err, "%d: %+v", i, err) - - // it is not the signature of the message itself - valid := pk.VerifyBytes(msg, psig) - assert.False(valid, "%d", i) - - // but rather of the hash of the msg - hmsg := hashMsg(msg) - valid = pk.VerifyBytes(hmsg, psig) - assert.Equal(tc.valid, valid, "%d", i) - } -} diff --git a/amino.go b/amino.go index 89636895a..2af765434 100644 --- a/amino.go +++ b/amino.go @@ -27,6 +27,8 @@ func RegisterAmino(cdc *amino.Codec) { "tendermint/PrivKeyEd25519", nil) cdc.RegisterConcrete(PrivKeySecp256k1{}, "tendermint/PrivKeySecp256k1", nil) + cdc.RegisterConcrete(PrivKeyLedgerSecp256k1{}, + "tendermint/PrivKeyLedgerSecp256k1", nil) cdc.RegisterInterface((*Signature)(nil), nil) cdc.RegisterConcrete(SignatureEd25519{}, diff --git a/ledger.go b/ledger.go new file mode 100644 index 000000000..0fe4b7d39 --- /dev/null +++ b/ledger.go @@ -0,0 +1,154 @@ +package crypto + +import ( + "github.com/pkg/errors" + + // secp256k1 "github.com/btcsuite/btcd/btcec" + ledger "github.com/zondax/ledger-goclient" +) + +var device *ledger.Ledger + +// getLedger gets a copy of the device, and caches it +func getLedger() (*ledger.Ledger, error) { + var err error + if device == nil { + device, err = ledger.FindLedger() + } + return device, err +} + +func signLedger(device *ledger.Ledger, msg []byte) (pub PubKey, sig Signature, err error) { + bsig, err := device.Sign(msg) + if err != nil { + return pub, sig, err + } + key, err := device.GetPublicKey() + if err != nil { + return pub, sig, err + } + var p PubKeySecp256k1 + copy(p[:], key) + return p, SignatureSecp256k1FromBytes(bsig), nil +} + +// PrivKeyLedgerSecp256k1 implements PrivKey, calling the ledger nano +// we cache the PubKey from the first call to use it later +type PrivKeyLedgerSecp256k1 struct { + // PubKey should be private, but we want to encode it via go-amino + // so we can view the address later, even without having the ledger + // attached + CachedPubKey PubKey +} + +// NewPrivKeyLedgerSecp256k1 will generate a new key and store the +// public key for later use. +func NewPrivKeyLedgerSecp256k1() (PrivKey, error) { + var pk PrivKeyLedgerSecp256k1 + // getPubKey will cache the pubkey for later use, + // this allows us to return an error early if the ledger + // is not plugged in + _, err := pk.getPubKey() + return &pk, err +} + +// ValidateKey allows us to verify the sanity of a key +// after loading it from disk +func (pk PrivKeyLedgerSecp256k1) ValidateKey() error { + // getPubKey will return an error if the ledger is not + // properly set up... + pub, err := pk.forceGetPubKey() + if err != nil { + return err + } + // verify this matches cached address + if !pub.Equals(pk.CachedPubKey) { + return errors.New("ledger doesn't match cached key") + } + return nil +} + +// AssertIsPrivKeyInner fulfils PrivKey Interface +func (pk *PrivKeyLedgerSecp256k1) AssertIsPrivKeyInner() {} + +// Bytes fulfils PrivKey Interface - but it stores the cached pubkey so we can verify +// the same key when we reconnect to a ledger +func (pk PrivKeyLedgerSecp256k1) Bytes() []byte { + bin, err := cdc.MarshalBinaryBare(pk) + if err != nil { + panic(err) + } + return bin +} + +// Sign calls the ledger and stores the PubKey for future use +// +// XXX/TODO: panics if there is an error communicating with the ledger. +// +// Communication is checked on NewPrivKeyLedger and PrivKeyFromBytes, +// returning an error, so this should only trigger if the privkey is held +// in memory for a while before use. +func (pk PrivKeyLedgerSecp256k1) Sign(msg []byte) Signature { + // oh, I wish there was better error handling + dev, err := getLedger() + if err != nil { + panic(err) + } + + pub, sig, err := signLedger(dev, msg) + if err != nil { + panic(err) + } + + // if we have no pubkey yet, store it for future queries + if pk.CachedPubKey == nil { + pk.CachedPubKey = pub + } else if !pk.CachedPubKey.Equals(pub) { + panic("signed with a different key than stored") + } + return sig +} + +// PubKey returns the stored PubKey +// TODO: query the ledger if not there, once it is not volatile +func (pk PrivKeyLedgerSecp256k1) PubKey() PubKey { + key, err := pk.getPubKey() + if err != nil { + panic(err) + } + return key +} + +// getPubKey reads the pubkey from cache or from the ledger itself +// since this involves IO, it may return an error, which is not exposed +// in the PubKey interface, so this function allows better error handling +func (pk PrivKeyLedgerSecp256k1) getPubKey() (key PubKey, err error) { + // if we have no pubkey, set it + if pk.CachedPubKey == nil { + pk.CachedPubKey, err = pk.forceGetPubKey() + } + return pk.CachedPubKey, err +} + +// forceGetPubKey is like getPubKey but ignores any cached key +// and ensures we get it from the ledger itself. +func (pk PrivKeyLedgerSecp256k1) forceGetPubKey() (key PubKey, err error) { + dev, err := getLedger() + if err != nil { + return key, errors.New("Can't connect to ledger device") + } + key, _, err = signLedger(dev, []byte{0}) + if err != nil { + return key, errors.New("Please open cosmos app on the ledger") + } + return key, err +} + +// Equals fulfils PrivKey Interface - makes sure both keys refer to the +// same +func (pk PrivKeyLedgerSecp256k1) Equals(other PrivKey) bool { + if ledger, ok := other.(*PrivKeyLedgerSecp256k1); ok { + return pk.CachedPubKey.Equals(ledger.CachedPubKey) + } + return false +} diff --git a/ledger_test.go b/ledger_test.go new file mode 100644 index 000000000..848c2cece --- /dev/null +++ b/ledger_test.go @@ -0,0 +1,72 @@ +package crypto + +import ( + "os" + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func TestRealLedger(t *testing.T) { + + if os.Getenv("WITH_LEDGER") == "" { + t.Skip("Set WITH_LEDGER to run code on real ledger") + } + msg := []byte("kuhehfeohg") + + priv, err := NewPrivKeyLedgerSecp256k1() + require.Nil(t, err, "%+v", err) + pub := priv.PubKey() + sig := priv.Sign(msg) + + valid := pub.VerifyBytes(msg, sig) + assert.True(t, valid) + + // now, let's serialize the key and make sure it still works + bs := priv.Bytes() + priv2, err := PrivKeyFromBytes(bs) + require.Nil(t, err, "%+v", err) + + // make sure we get the same pubkey when we load from disk + pub2 := priv2.PubKey() + require.Equal(t, pub, pub2) + + // signing with the loaded key should match the original pubkey + sig = priv2.Sign(msg) + valid = pub.VerifyBytes(msg, sig) + assert.True(t, valid) + + // make sure pubkeys serialize properly as well + bs = pub.Bytes() + bpub, err := PubKeyFromBytes(bs) + require.NoError(t, err) + assert.Equal(t, pub, bpub) +} + +// TestRealLedgerErrorHandling calls. These tests assume +// the ledger is not plugged in.... +func TestRealLedgerErrorHandling(t *testing.T) { + if os.Getenv("WITH_LEDGER") != "" { + t.Skip("Skipping on WITH_LEDGER as it tests unplugged cases") + } + + // first, try to generate a key, must return an error + // (no panic) + _, err := NewPrivKeyLedgerSecp256k1() + require.Error(t, err) + + led := PrivKeyLedgerSecp256k1{} // empty + // or with some pub key + ed := GenPrivKeySecp256k1() + led2 := PrivKeyLedgerSecp256k1{CachedPubKey: ed.PubKey()} + + // loading these should return errors + bs := led.Bytes() + _, err = PrivKeyFromBytes(bs) + require.Error(t, err) + + bs = led2.Bytes() + _, err = PrivKeyFromBytes(bs) + require.Error(t, err) +} diff --git a/signature.go b/signature.go index cfe927137..8bf151b41 100644 --- a/signature.go +++ b/signature.go @@ -79,3 +79,9 @@ func (sig SignatureSecp256k1) Equals(other Signature) bool { return false } } + +func SignatureSecp256k1FromBytes(data []byte) Signature { + var sig SignatureSecp256k1 + copy(sig[:], data) + return sig +} From 065c3943b1918e9bcbd55ede1df3ee6392552d41 Mon Sep 17 00:00:00 2001 From: Christopher Goes Date: Mon, 30 Apr 2018 16:49:11 +0200 Subject: [PATCH 02/15] Fix no-Ledger testcase --- ledger_test.go | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/ledger_test.go b/ledger_test.go index 848c2cece..7b2b4ea1e 100644 --- a/ledger_test.go +++ b/ledger_test.go @@ -55,18 +55,4 @@ func TestRealLedgerErrorHandling(t *testing.T) { // (no panic) _, err := NewPrivKeyLedgerSecp256k1() require.Error(t, err) - - led := PrivKeyLedgerSecp256k1{} // empty - // or with some pub key - ed := GenPrivKeySecp256k1() - led2 := PrivKeyLedgerSecp256k1{CachedPubKey: ed.PubKey()} - - // loading these should return errors - bs := led.Bytes() - _, err = PrivKeyFromBytes(bs) - require.Error(t, err) - - bs = led2.Bytes() - _, err = PrivKeyFromBytes(bs) - require.Error(t, err) } From e25a64fdf1e4aae53ad5e2780d0b4cc56eedaae6 Mon Sep 17 00:00:00 2001 From: Christopher Goes Date: Mon, 30 Apr 2018 19:34:19 +0200 Subject: [PATCH 03/15] Fix testcases, all looks OK --- ledger.go | 9 ++++++--- signature.go | 2 +- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/ledger.go b/ledger.go index 0fe4b7d39..b2b06415d 100644 --- a/ledger.go +++ b/ledger.go @@ -3,7 +3,7 @@ package crypto import ( "github.com/pkg/errors" - // secp256k1 "github.com/btcsuite/btcd/btcec" + secp256k1 "github.com/btcsuite/btcd/btcec" ledger "github.com/zondax/ledger-goclient" ) @@ -23,13 +23,16 @@ func signLedger(device *ledger.Ledger, msg []byte) (pub PubKey, sig Signature, e if err != nil { return pub, sig, err } + sig = SignatureSecp256k1FromBytes(bsig) key, err := device.GetPublicKey() if err != nil { return pub, sig, err } var p PubKeySecp256k1 - copy(p[:], key) - return p, SignatureSecp256k1FromBytes(bsig), nil + // Reserialize in the 33-byte compressed format + cmp, err := secp256k1.ParsePubKey(key[:], secp256k1.S256()) + copy(p[:], cmp.SerializeCompressed()) + return p, sig, nil } // PrivKeyLedgerSecp256k1 implements PrivKey, calling the ledger nano diff --git a/signature.go b/signature.go index 8bf151b41..a364dc7fb 100644 --- a/signature.go +++ b/signature.go @@ -81,7 +81,7 @@ func (sig SignatureSecp256k1) Equals(other Signature) bool { } func SignatureSecp256k1FromBytes(data []byte) Signature { - var sig SignatureSecp256k1 + sig := make(SignatureSecp256k1, len(data)) copy(sig[:], data) return sig } From 391936b7346a116053b301fd6c74ace17eac4d75 Mon Sep 17 00:00:00 2001 From: Christopher Goes Date: Wed, 2 May 2018 17:10:32 +0200 Subject: [PATCH 04/15] Prevent unnecessary signatures, improve error messages --- ledger.go | 37 +++++++++++++++++++++++-------------- 1 file changed, 23 insertions(+), 14 deletions(-) diff --git a/ledger.go b/ledger.go index b2b06415d..18fdf478e 100644 --- a/ledger.go +++ b/ledger.go @@ -18,21 +18,25 @@ func getLedger() (*ledger.Ledger, error) { return device, err } -func signLedger(device *ledger.Ledger, msg []byte) (pub PubKey, sig Signature, err error) { - bsig, err := device.Sign(msg) - if err != nil { - return pub, sig, err - } - sig = SignatureSecp256k1FromBytes(bsig) +func pubkeyLedger(device *ledger.Ledger) (pub PubKey, err error) { key, err := device.GetPublicKey() if err != nil { - return pub, sig, err + return pub, err } var p PubKeySecp256k1 // Reserialize in the 33-byte compressed format cmp, err := secp256k1.ParsePubKey(key[:], secp256k1.S256()) copy(p[:], cmp.SerializeCompressed()) - return p, sig, nil + return pub, err +} + +func signLedger(device *ledger.Ledger, msg []byte) (sig Signature, err error) { + bsig, err := device.Sign(msg) + if err != nil { + return sig, err + } + sig = SignatureSecp256k1FromBytes(bsig) + return sig, nil } // PrivKeyLedgerSecp256k1 implements PrivKey, calling the ledger nano @@ -66,7 +70,7 @@ func (pk PrivKeyLedgerSecp256k1) ValidateKey() error { } // verify this matches cached address if !pub.Equals(pk.CachedPubKey) { - return errors.New("ledger doesn't match cached key") + return errors.New("Cached key does not match retrieved key") } return nil } @@ -98,7 +102,12 @@ func (pk PrivKeyLedgerSecp256k1) Sign(msg []byte) Signature { panic(err) } - pub, sig, err := signLedger(dev, msg) + sig, err := signLedger(dev, msg) + if err != nil { + panic(err) + } + + pub, err := pubkeyLedger(dev) if err != nil { panic(err) } @@ -107,7 +116,7 @@ func (pk PrivKeyLedgerSecp256k1) Sign(msg []byte) Signature { if pk.CachedPubKey == nil { pk.CachedPubKey = pub } else if !pk.CachedPubKey.Equals(pub) { - panic("signed with a different key than stored") + panic("Stored key does not match signing key") } return sig } @@ -138,11 +147,11 @@ func (pk PrivKeyLedgerSecp256k1) getPubKey() (key PubKey, err error) { func (pk PrivKeyLedgerSecp256k1) forceGetPubKey() (key PubKey, err error) { dev, err := getLedger() if err != nil { - return key, errors.New("Can't connect to ledger device") + return key, errors.New("Cannot connect to Ledger device") } - key, _, err = signLedger(dev, []byte{0}) + key, err = pubkeyLedger(dev) if err != nil { - return key, errors.New("Please open cosmos app on the ledger") + return key, errors.New("Please open Cosmos app on the Ledger device") } return key, err } From 86b09b0cd7c3a7b6a4ce825564ede75a80d5605b Mon Sep 17 00:00:00 2001 From: Christopher Goes Date: Thu, 3 May 2018 06:26:58 +0200 Subject: [PATCH 05/15] Bugfix --- ledger.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ledger.go b/ledger.go index 18fdf478e..4effa2590 100644 --- a/ledger.go +++ b/ledger.go @@ -27,7 +27,7 @@ func pubkeyLedger(device *ledger.Ledger) (pub PubKey, err error) { // Reserialize in the 33-byte compressed format cmp, err := secp256k1.ParsePubKey(key[:], secp256k1.S256()) copy(p[:], cmp.SerializeCompressed()) - return pub, err + return p, err } func signLedger(device *ledger.Ledger, msg []byte) (sig Signature, err error) { From 49e03fb481075d3f8d601dfc73e9f34ff8edd9d6 Mon Sep 17 00:00:00 2001 From: Christopher Goes Date: Thu, 10 May 2018 01:41:15 +0200 Subject: [PATCH 06/15] Update dependency versions --- Gopkg.lock | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/Gopkg.lock b/Gopkg.lock index fbfaa63fa..3e44587e1 100644 --- a/Gopkg.lock +++ b/Gopkg.lock @@ -11,7 +11,7 @@ branch = "master" name = "github.com/btcsuite/btcd" packages = ["btcec"] - revision = "2be2f12b358dc57d70b8f501b00be450192efbc3" + revision = "675abc5df3c5531bc741b56a765e35623459da6d" [[projects]] branch = "master" @@ -119,7 +119,7 @@ "leveldb/table", "leveldb/util" ] - revision = "714f901b98fdb3aa954b4193d8cbd64a28d80cad" + revision = "ae970a0732be3a1f5311da86118d37b9f4bd2a5a" [[projects]] branch = "master" @@ -134,8 +134,8 @@ [[projects]] name = "github.com/tendermint/go-amino" packages = ["."] - revision = "42246108ff925a457fb709475070a03dfd3e2b5c" - version = "0.9.6" + revision = "ed62928576cfcaf887209dc96142cd79cdfff389" + version = "0.9.9" [[projects]] name = "github.com/tendermint/tmlibs" @@ -144,8 +144,8 @@ "db", "log" ] - revision = "2e24b64fc121dcdf1cabceab8dc2f7257675483c" - version = "v0.8.1" + revision = "d94e312673e16a11ea55d742cefb3e331228f898" + version = "v0.8.2" [[projects]] branch = "master" @@ -157,7 +157,7 @@ branch = "master" name = "github.com/zondax/ledger-goclient" packages = ["."] - revision = "0eb48e14b06efd0354c2e0e18f15db121c64b9b8" + revision = "a242cfad962597a588288f99fa3425a01a820295" [[projects]] branch = "master" @@ -173,7 +173,7 @@ "ripemd160", "salsa20/salsa" ] - revision = "b2aa35443fbc700ab74c586ae79b81c171851023" + revision = "2d027ae1dddd4694d54f7a8b6cbe78dca8720226" [solve-meta] analyzer-name = "dep" From 337ad8e594d31a16449cf2756ed33ba959ea3964 Mon Sep 17 00:00:00 2001 From: Christopher Goes Date: Thu, 10 May 2018 02:03:28 +0200 Subject: [PATCH 07/15] Update to new Ledger API in progress --- ledger.go | 19 +++++++++++-------- ledger_test.go | 7 +++++-- 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/ledger.go b/ledger.go index 4effa2590..d44b2dab9 100644 --- a/ledger.go +++ b/ledger.go @@ -9,6 +9,8 @@ import ( var device *ledger.Ledger +type DerivationPath = []uint32 + // getLedger gets a copy of the device, and caches it func getLedger() (*ledger.Ledger, error) { var err error @@ -18,8 +20,8 @@ func getLedger() (*ledger.Ledger, error) { return device, err } -func pubkeyLedger(device *ledger.Ledger) (pub PubKey, err error) { - key, err := device.GetPublicKey() +func pubkeyLedger(device *ledger.Ledger, path DerivationPath) (pub PubKey, err error) { + key, err := device.GetPublicKeySECP256K1(path) if err != nil { return pub, err } @@ -30,8 +32,8 @@ func pubkeyLedger(device *ledger.Ledger) (pub PubKey, err error) { return p, err } -func signLedger(device *ledger.Ledger, msg []byte) (sig Signature, err error) { - bsig, err := device.Sign(msg) +func signLedger(device *ledger.Ledger, path DerivationPath, msg []byte) (sig Signature, err error) { + bsig, err := device.SignSECP256K1(path, msg) if err != nil { return sig, err } @@ -46,11 +48,12 @@ type PrivKeyLedgerSecp256k1 struct { // so we can view the address later, even without having the ledger // attached CachedPubKey PubKey + Path DerivationPath } // NewPrivKeyLedgerSecp256k1 will generate a new key and store the // public key for later use. -func NewPrivKeyLedgerSecp256k1() (PrivKey, error) { +func NewPrivKeyLedgerSecp256k1(path DerivationPath) (PrivKey, error) { var pk PrivKeyLedgerSecp256k1 // getPubKey will cache the pubkey for later use, // this allows us to return an error early if the ledger @@ -102,12 +105,12 @@ func (pk PrivKeyLedgerSecp256k1) Sign(msg []byte) Signature { panic(err) } - sig, err := signLedger(dev, msg) + sig, err := signLedger(dev, pk.Path, msg) if err != nil { panic(err) } - pub, err := pubkeyLedger(dev) + pub, err := pubkeyLedger(dev, pk.Path) if err != nil { panic(err) } @@ -149,7 +152,7 @@ func (pk PrivKeyLedgerSecp256k1) forceGetPubKey() (key PubKey, err error) { if err != nil { return key, errors.New("Cannot connect to Ledger device") } - key, err = pubkeyLedger(dev) + key, err = pubkeyLedger(dev, pk.Path) if err != nil { return key, errors.New("Please open Cosmos app on the Ledger device") } diff --git a/ledger_test.go b/ledger_test.go index 7b2b4ea1e..1c193b5f1 100644 --- a/ledger_test.go +++ b/ledger_test.go @@ -15,7 +15,9 @@ func TestRealLedger(t *testing.T) { } msg := []byte("kuhehfeohg") - priv, err := NewPrivKeyLedgerSecp256k1() + path := DerivationPath{44, 60, 0, 0, 0} + + priv, err := NewPrivKeyLedgerSecp256k1(path) require.Nil(t, err, "%+v", err) pub := priv.PubKey() sig := priv.Sign(msg) @@ -53,6 +55,7 @@ func TestRealLedgerErrorHandling(t *testing.T) { // first, try to generate a key, must return an error // (no panic) - _, err := NewPrivKeyLedgerSecp256k1() + path := DerivationPath{44, 60, 0, 0, 0} + _, err := NewPrivKeyLedgerSecp256k1(path) require.Error(t, err) } From e6d0ade0e1a8315613e026fe64b006f24f58beab Mon Sep 17 00:00:00 2001 From: Christopher Goes Date: Mon, 14 May 2018 15:33:10 +0200 Subject: [PATCH 08/15] Update to latest upstream, debugging information --- Gopkg.lock | 6 +++--- ledger.go | 8 +++++--- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/Gopkg.lock b/Gopkg.lock index 3e44587e1..d65f87b68 100644 --- a/Gopkg.lock +++ b/Gopkg.lock @@ -119,7 +119,7 @@ "leveldb/table", "leveldb/util" ] - revision = "ae970a0732be3a1f5311da86118d37b9f4bd2a5a" + revision = "9637fa0b2f0db13c99d899b91007edb7df4610b7" [[projects]] branch = "master" @@ -157,7 +157,7 @@ branch = "master" name = "github.com/zondax/ledger-goclient" packages = ["."] - revision = "a242cfad962597a588288f99fa3425a01a820295" + revision = "5b2fe84d3139027c29bd8f0c054ed9444f8a7622" [[projects]] branch = "master" @@ -173,7 +173,7 @@ "ripemd160", "salsa20/salsa" ] - revision = "2d027ae1dddd4694d54f7a8b6cbe78dca8720226" + revision = "034e5325b6ab92faa14d15c30e86919e911cf8e0" [solve-meta] analyzer-name = "dep" diff --git a/ledger.go b/ledger.go index d44b2dab9..a9bc1d975 100644 --- a/ledger.go +++ b/ledger.go @@ -1,6 +1,7 @@ package crypto import ( + "fmt" "github.com/pkg/errors" secp256k1 "github.com/btcsuite/btcd/btcec" @@ -23,7 +24,7 @@ func getLedger() (*ledger.Ledger, error) { func pubkeyLedger(device *ledger.Ledger, path DerivationPath) (pub PubKey, err error) { key, err := device.GetPublicKeySECP256K1(path) if err != nil { - return pub, err + return pub, fmt.Errorf("Error fetching public key: %v", err) } var p PubKeySecp256k1 // Reserialize in the 33-byte compressed format @@ -55,6 +56,7 @@ type PrivKeyLedgerSecp256k1 struct { // public key for later use. func NewPrivKeyLedgerSecp256k1(path DerivationPath) (PrivKey, error) { var pk PrivKeyLedgerSecp256k1 + pk.Path = path // getPubKey will cache the pubkey for later use, // this allows us to return an error early if the ledger // is not plugged in @@ -150,11 +152,11 @@ func (pk PrivKeyLedgerSecp256k1) getPubKey() (key PubKey, err error) { func (pk PrivKeyLedgerSecp256k1) forceGetPubKey() (key PubKey, err error) { dev, err := getLedger() if err != nil { - return key, errors.New("Cannot connect to Ledger device") + return key, errors.New(fmt.Sprintf("Cannot connect to Ledger device - error: %v", err)) } key, err = pubkeyLedger(dev, pk.Path) if err != nil { - return key, errors.New("Please open Cosmos app on the Ledger device") + return key, errors.New(fmt.Sprintf("Please open Cosmos app on the Ledger device - error: %v", err)) } return key, err } From e534559bdc88e0cdbecaf41bc0023f3fb57c9785 Mon Sep 17 00:00:00 2001 From: Christopher Goes Date: Wed, 30 May 2018 01:39:50 +0200 Subject: [PATCH 09/15] Update upstream Ledger code --- Gopkg.lock | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/Gopkg.lock b/Gopkg.lock index d65f87b68..332714ee4 100644 --- a/Gopkg.lock +++ b/Gopkg.lock @@ -11,13 +11,13 @@ branch = "master" name = "github.com/btcsuite/btcd" packages = ["btcec"] - revision = "675abc5df3c5531bc741b56a765e35623459da6d" + revision = "bc0944904505aab55e089371a892be2f87883161" [[projects]] branch = "master" name = "github.com/btcsuite/btcutil" packages = ["base58"] - revision = "501929d3d046174c3d39f0ea54ece471aa17238c" + revision = "d4cc87b860166d00d6b5b9e0d3b3d71d6088d4d4" [[projects]] name = "github.com/davecgh/go-spew" @@ -61,7 +61,7 @@ branch = "master" name = "github.com/golang/snappy" packages = ["."] - revision = "553a641470496b2327abcac10b36396bd98e45c9" + revision = "2e65f85255dbc3072edf28d6b5b8efc472979f5a" [[projects]] branch = "master" @@ -119,7 +119,7 @@ "leveldb/table", "leveldb/util" ] - revision = "9637fa0b2f0db13c99d899b91007edb7df4610b7" + revision = "5d6fca44a948d2be89a9702de7717f0168403d3d" [[projects]] branch = "master" @@ -134,8 +134,8 @@ [[projects]] name = "github.com/tendermint/go-amino" packages = ["."] - revision = "ed62928576cfcaf887209dc96142cd79cdfff389" - version = "0.9.9" + revision = "3c22a7a539411f89a96738fcfa14c1027e24e5ec" + version = "0.9.10" [[projects]] name = "github.com/tendermint/tmlibs" @@ -144,8 +144,8 @@ "db", "log" ] - revision = "d94e312673e16a11ea55d742cefb3e331228f898" - version = "v0.8.2" + revision = "d970af87248a4e162590300dbb74e102183a417d" + version = "v0.8.3" [[projects]] branch = "master" @@ -157,7 +157,7 @@ branch = "master" name = "github.com/zondax/ledger-goclient" packages = ["."] - revision = "5b2fe84d3139027c29bd8f0c054ed9444f8a7622" + revision = "3e2146609cdb97894c064d59e9d00accd8c2b1dd" [[projects]] branch = "master" @@ -173,7 +173,7 @@ "ripemd160", "salsa20/salsa" ] - revision = "034e5325b6ab92faa14d15c30e86919e911cf8e0" + revision = "ab813273cd59e1333f7ae7bff5d027d4aadf528c" [solve-meta] analyzer-name = "dep" From 3186dc4cef541ab8f4a7bd107b2894b1186a601a Mon Sep 17 00:00:00 2001 From: Christopher Goes Date: Wed, 30 May 2018 03:29:42 +0200 Subject: [PATCH 10/15] Clarify function names --- ledger.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/ledger.go b/ledger.go index a9bc1d975..5b681cda8 100644 --- a/ledger.go +++ b/ledger.go @@ -21,7 +21,7 @@ func getLedger() (*ledger.Ledger, error) { return device, err } -func pubkeyLedger(device *ledger.Ledger, path DerivationPath) (pub PubKey, err error) { +func pubkeyLedgerSecp256k1(device *ledger.Ledger, path DerivationPath) (pub PubKey, err error) { key, err := device.GetPublicKeySECP256K1(path) if err != nil { return pub, fmt.Errorf("Error fetching public key: %v", err) @@ -33,7 +33,7 @@ func pubkeyLedger(device *ledger.Ledger, path DerivationPath) (pub PubKey, err e return p, err } -func signLedger(device *ledger.Ledger, path DerivationPath, msg []byte) (sig Signature, err error) { +func signLedgerSecp256k1(device *ledger.Ledger, path DerivationPath, msg []byte) (sig Signature, err error) { bsig, err := device.SignSECP256K1(path, msg) if err != nil { return sig, err @@ -107,12 +107,12 @@ func (pk PrivKeyLedgerSecp256k1) Sign(msg []byte) Signature { panic(err) } - sig, err := signLedger(dev, pk.Path, msg) + sig, err := signLedgerSecp256k1(dev, pk.Path, msg) if err != nil { panic(err) } - pub, err := pubkeyLedger(dev, pk.Path) + pub, err := pubkeyLedgerSecp256k1(dev, pk.Path) if err != nil { panic(err) } @@ -154,7 +154,7 @@ func (pk PrivKeyLedgerSecp256k1) forceGetPubKey() (key PubKey, err error) { if err != nil { return key, errors.New(fmt.Sprintf("Cannot connect to Ledger device - error: %v", err)) } - key, err = pubkeyLedger(dev, pk.Path) + key, err = pubkeyLedgerSecp256k1(dev, pk.Path) if err != nil { return key, errors.New(fmt.Sprintf("Please open Cosmos app on the Ledger device - error: %v", err)) } From ee411daa1778470e93f6cbc634c22ded60e40ea6 Mon Sep 17 00:00:00 2001 From: Christopher Goes Date: Wed, 30 May 2018 03:42:47 +0200 Subject: [PATCH 11/15] Add ed25519, tests will fail until ed25519 verification fix --- ledger_common.go | 19 ++++ ledger_ed25519.go | 156 +++++++++++++++++++++++++++++++ ledger.go => ledger_secp256k1.go | 13 --- ledger_test.go | 40 +++++++- 4 files changed, 214 insertions(+), 14 deletions(-) create mode 100644 ledger_common.go create mode 100644 ledger_ed25519.go rename ledger.go => ledger_secp256k1.go (94%) diff --git a/ledger_common.go b/ledger_common.go new file mode 100644 index 000000000..39f15464a --- /dev/null +++ b/ledger_common.go @@ -0,0 +1,19 @@ +package crypto + +import ( + ledger "github.com/zondax/ledger-goclient" +) + +var device *ledger.Ledger + +// Ledger derivation path +type DerivationPath = []uint32 + +// getLedger gets a copy of the device, and caches it +func getLedger() (*ledger.Ledger, error) { + var err error + if device == nil { + device, err = ledger.FindLedger() + } + return device, err +} diff --git a/ledger_ed25519.go b/ledger_ed25519.go new file mode 100644 index 000000000..0c9cd157f --- /dev/null +++ b/ledger_ed25519.go @@ -0,0 +1,156 @@ +package crypto + +import ( + "fmt" + "github.com/pkg/errors" + + // "github.com/tendermint/ed25519" + ledger "github.com/zondax/ledger-goclient" +) + +func pubkeyLedgerEd25519(device *ledger.Ledger, path DerivationPath) (pub PubKey, err error) { + key, err := device.GetPublicKeyED25519(path) + if err != nil { + return pub, fmt.Errorf("Error fetching public key: %v", err) + } + var p PubKeyEd25519 + copy(p[:], key[0:32]) + return p, err +} + +func signLedgerEd25519(device *ledger.Ledger, path DerivationPath, msg []byte) (sig Signature, err error) { + bsig, err := device.SignED25519(path, msg) + if err != nil { + return sig, err + } + sig = SignatureEd25519FromBytes(bsig) + return sig, nil +} + +// PrivKeyLedgerEd25519 implements PrivKey, calling the ledger nano +// we cache the PubKey from the first call to use it later +type PrivKeyLedgerEd25519 struct { + // PubKey should be private, but we want to encode it via go-amino + // so we can view the address later, even without having the ledger + // attached + CachedPubKey PubKey + Path DerivationPath +} + +// NewPrivKeyLedgerEd25519 will generate a new key and store the +// public key for later use. +func NewPrivKeyLedgerEd25519(path DerivationPath) (PrivKey, error) { + var pk PrivKeyLedgerEd25519 + pk.Path = path + // getPubKey will cache the pubkey for later use, + // this allows us to return an error early if the ledger + // is not plugged in + _, err := pk.getPubKey() + return &pk, err +} + +// ValidateKey allows us to verify the sanity of a key +// after loading it from disk +func (pk PrivKeyLedgerEd25519) ValidateKey() error { + // getPubKey will return an error if the ledger is not + // properly set up... + pub, err := pk.forceGetPubKey() + if err != nil { + return err + } + // verify this matches cached address + if !pub.Equals(pk.CachedPubKey) { + return errors.New("Cached key does not match retrieved key") + } + return nil +} + +// AssertIsPrivKeyInner fulfils PrivKey Interface +func (pk *PrivKeyLedgerEd25519) AssertIsPrivKeyInner() {} + +// Bytes fulfils PrivKey Interface - but it stores the cached pubkey so we can verify +// the same key when we reconnect to a ledger +func (pk PrivKeyLedgerEd25519) Bytes() []byte { + bin, err := cdc.MarshalBinaryBare(pk) + if err != nil { + panic(err) + } + return bin +} + +// Sign calls the ledger and stores the PubKey for future use +// +// XXX/TODO: panics if there is an error communicating with the ledger. +// +// Communication is checked on NewPrivKeyLedger and PrivKeyFromBytes, +// returning an error, so this should only trigger if the privkey is held +// in memory for a while before use. +func (pk PrivKeyLedgerEd25519) Sign(msg []byte) Signature { + // oh, I wish there was better error handling + dev, err := getLedger() + if err != nil { + panic(err) + } + + sig, err := signLedgerEd25519(dev, pk.Path, msg) + if err != nil { + panic(err) + } + + pub, err := pubkeyLedgerEd25519(dev, pk.Path) + if err != nil { + panic(err) + } + + // if we have no pubkey yet, store it for future queries + if pk.CachedPubKey == nil { + pk.CachedPubKey = pub + } else if !pk.CachedPubKey.Equals(pub) { + panic("Stored key does not match signing key") + } + return sig +} + +// PubKey returns the stored PubKey +// TODO: query the ledger if not there, once it is not volatile +func (pk PrivKeyLedgerEd25519) PubKey() PubKey { + key, err := pk.getPubKey() + if err != nil { + panic(err) + } + return key +} + +// getPubKey reads the pubkey from cache or from the ledger itself +// since this involves IO, it may return an error, which is not exposed +// in the PubKey interface, so this function allows better error handling +func (pk PrivKeyLedgerEd25519) getPubKey() (key PubKey, err error) { + // if we have no pubkey, set it + if pk.CachedPubKey == nil { + pk.CachedPubKey, err = pk.forceGetPubKey() + } + return pk.CachedPubKey, err +} + +// forceGetPubKey is like getPubKey but ignores any cached key +// and ensures we get it from the ledger itself. +func (pk PrivKeyLedgerEd25519) forceGetPubKey() (key PubKey, err error) { + dev, err := getLedger() + if err != nil { + return key, errors.New(fmt.Sprintf("Cannot connect to Ledger device - error: %v", err)) + } + key, err = pubkeyLedgerEd25519(dev, pk.Path) + if err != nil { + return key, errors.New(fmt.Sprintf("Please open Cosmos app on the Ledger device - error: %v", err)) + } + return key, err +} + +// Equals fulfils PrivKey Interface - makes sure both keys refer to the +// same +func (pk PrivKeyLedgerEd25519) Equals(other PrivKey) bool { + if ledger, ok := other.(*PrivKeyLedgerEd25519); ok { + return pk.CachedPubKey.Equals(ledger.CachedPubKey) + } + return false +} diff --git a/ledger.go b/ledger_secp256k1.go similarity index 94% rename from ledger.go rename to ledger_secp256k1.go index 5b681cda8..b574035d4 100644 --- a/ledger.go +++ b/ledger_secp256k1.go @@ -8,19 +8,6 @@ import ( ledger "github.com/zondax/ledger-goclient" ) -var device *ledger.Ledger - -type DerivationPath = []uint32 - -// getLedger gets a copy of the device, and caches it -func getLedger() (*ledger.Ledger, error) { - var err error - if device == nil { - device, err = ledger.FindLedger() - } - return device, err -} - func pubkeyLedgerSecp256k1(device *ledger.Ledger, path DerivationPath) (pub PubKey, err error) { key, err := device.GetPublicKeySECP256K1(path) if err != nil { diff --git a/ledger_test.go b/ledger_test.go index 1c193b5f1..a0ea35837 100644 --- a/ledger_test.go +++ b/ledger_test.go @@ -8,7 +8,7 @@ import ( "github.com/stretchr/testify/require" ) -func TestRealLedger(t *testing.T) { +func TestRealLedgerSecp256k1(t *testing.T) { if os.Getenv("WITH_LEDGER") == "" { t.Skip("Set WITH_LEDGER to run code on real ledger") @@ -46,6 +46,44 @@ func TestRealLedger(t *testing.T) { assert.Equal(t, pub, bpub) } +func TestRealLedgerEd25519(t *testing.T) { + + if os.Getenv("WITH_LEDGER") == "" { + t.Skip("Set WITH_LEDGER to run code on real ledger") + } + msg := []byte("kuhehfeohg") + + path := DerivationPath{44, 60, 0, 0, 0} + + priv, err := NewPrivKeyLedgerEd25519(path) + require.Nil(t, err, "%+v", err) + pub := priv.PubKey() + sig := priv.Sign(msg) + + valid := pub.VerifyBytes(msg, sig) + assert.True(t, valid) + + // now, let's serialize the key and make sure it still works + bs := priv.Bytes() + priv2, err := PrivKeyFromBytes(bs) + require.Nil(t, err, "%+v", err) + + // make sure we get the same pubkey when we load from disk + pub2 := priv2.PubKey() + require.Equal(t, pub, pub2) + + // signing with the loaded key should match the original pubkey + sig = priv2.Sign(msg) + valid = pub.VerifyBytes(msg, sig) + assert.True(t, valid) + + // make sure pubkeys serialize properly as well + bs = pub.Bytes() + bpub, err := PubKeyFromBytes(bs) + require.NoError(t, err) + assert.Equal(t, pub, bpub) +} + // TestRealLedgerErrorHandling calls. These tests assume // the ledger is not plugged in.... func TestRealLedgerErrorHandling(t *testing.T) { From c689f38cb587be1d4681c19e7ebea7ec8e35794e Mon Sep 17 00:00:00 2001 From: Christopher Goes Date: Wed, 30 May 2018 22:07:20 +0200 Subject: [PATCH 12/15] Implement PubKeyLedgerEd25519 --- amino.go | 4 +++ ledger_ed25519.go | 2 +- ledger_pub_key.go | 68 +++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 73 insertions(+), 1 deletion(-) create mode 100644 ledger_pub_key.go diff --git a/amino.go b/amino.go index 2af765434..b78a15ed9 100644 --- a/amino.go +++ b/amino.go @@ -19,6 +19,8 @@ func RegisterAmino(cdc *amino.Codec) { cdc.RegisterInterface((*PubKey)(nil), nil) cdc.RegisterConcrete(PubKeyEd25519{}, "tendermint/PubKeyEd25519", nil) + cdc.RegisterConcrete(PubKeyLedgerEd25519{}, + "tendermint/PubKeyLedgerEd25519", nil) cdc.RegisterConcrete(PubKeySecp256k1{}, "tendermint/PubKeySecp256k1", nil) @@ -29,6 +31,8 @@ func RegisterAmino(cdc *amino.Codec) { "tendermint/PrivKeySecp256k1", nil) cdc.RegisterConcrete(PrivKeyLedgerSecp256k1{}, "tendermint/PrivKeyLedgerSecp256k1", nil) + cdc.RegisterConcrete(PrivKeyLedgerEd25519{}, + "tendermint/PrivKeyLedgerEd25519", nil) cdc.RegisterInterface((*Signature)(nil), nil) cdc.RegisterConcrete(SignatureEd25519{}, diff --git a/ledger_ed25519.go b/ledger_ed25519.go index 0c9cd157f..2110b8871 100644 --- a/ledger_ed25519.go +++ b/ledger_ed25519.go @@ -13,7 +13,7 @@ func pubkeyLedgerEd25519(device *ledger.Ledger, path DerivationPath) (pub PubKey if err != nil { return pub, fmt.Errorf("Error fetching public key: %v", err) } - var p PubKeyEd25519 + var p PubKeyLedgerEd25519 copy(p[:], key[0:32]) return p, err } diff --git a/ledger_pub_key.go b/ledger_pub_key.go new file mode 100644 index 000000000..0a5222577 --- /dev/null +++ b/ledger_pub_key.go @@ -0,0 +1,68 @@ +package crypto + +import ( + "bytes" + "crypto/sha512" + "fmt" + + "github.com/tendermint/ed25519" + "github.com/tendermint/ed25519/extra25519" + "golang.org/x/crypto/ripemd160" +) + +var _ PubKey = PubKeyLedgerEd25519{} + +// Implements PubKeyInner +type PubKeyLedgerEd25519 [32]byte + +func (pubKey PubKeyLedgerEd25519) Address() Address { + // append type byte + hasher := ripemd160.New() + hasher.Write(pubKey.Bytes()) // does not error + return Address(hasher.Sum(nil)) +} + +func (pubKey PubKeyLedgerEd25519) Bytes() []byte { + bz, err := cdc.MarshalBinaryBare(pubKey) + if err != nil { + panic(err) + } + return bz +} + +func (pubKey PubKeyLedgerEd25519) VerifyBytes(msg []byte, sig_ Signature) bool { + // must verify sha512 hash of msg, no padding, for Ledger compatibility + sig, ok := sig_.(SignatureEd25519) + if !ok { + return false + } + pubKeyBytes := [32]byte(pubKey) + sigBytes := [64]byte(sig) + h := sha512.New() + h.Write(msg) + digest := h.Sum(nil) + return ed25519.Verify(&pubKeyBytes, digest, &sigBytes) +} + +// For use with golang/crypto/nacl/box +// If error, returns nil. +func (pubKey PubKeyLedgerEd25519) ToCurve25519() *[32]byte { + keyCurve25519, pubKeyBytes := new([32]byte), [32]byte(pubKey) + ok := extra25519.PublicKeyToCurve25519(keyCurve25519, &pubKeyBytes) + if !ok { + return nil + } + return keyCurve25519 +} + +func (pubKey PubKeyLedgerEd25519) String() string { + return fmt.Sprintf("PubKeyLedgerEd25519{%X}", pubKey[:]) +} + +func (pubKey PubKeyLedgerEd25519) Equals(other PubKey) bool { + if otherEd, ok := other.(PubKeyLedgerEd25519); ok { + return bytes.Equal(pubKey[:], otherEd[:]) + } else { + return false + } +} From bb81e4aa5f88218d5b2c478e133909908a5619b4 Mon Sep 17 00:00:00 2001 From: Christopher Goes Date: Wed, 30 May 2018 22:16:30 +0200 Subject: [PATCH 13/15] Pin to an upstream revision --- Gopkg.lock | 3 +-- Gopkg.toml | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/Gopkg.lock b/Gopkg.lock index 332714ee4..2090ac2e3 100644 --- a/Gopkg.lock +++ b/Gopkg.lock @@ -154,7 +154,6 @@ revision = "8e7a99b3e716f36d3b080a9a70f9eb45abe4edcc" [[projects]] - branch = "master" name = "github.com/zondax/ledger-goclient" packages = ["."] revision = "3e2146609cdb97894c064d59e9d00accd8c2b1dd" @@ -178,6 +177,6 @@ [solve-meta] analyzer-name = "dep" analyzer-version = 1 - inputs-digest = "f3cfb54414cb9d59bab79226c7778673e7ac5b7a464baf9b2ea76c1f2563631e" + inputs-digest = "365c3bca75ced49eb0ebcdc5c98fd47b534850684fcc94c16d1bc6a671116395" solver-name = "gps-cdcl" solver-version = 1 diff --git a/Gopkg.toml b/Gopkg.toml index 3737ec5f9..10931a1a6 100644 --- a/Gopkg.toml +++ b/Gopkg.toml @@ -59,7 +59,7 @@ [[constraint]] name = "github.com/zondax/ledger-goclient" - branch = "master" + revision = "3e2146609cdb97894c064d59e9d00accd8c2b1dd" [prune] go-tests = true From 63aac6559032f9fbc1a6a94b2a20ae9b30de0f65 Mon Sep 17 00:00:00 2001 From: Christopher Goes Date: Thu, 31 May 2018 21:21:50 +0200 Subject: [PATCH 14/15] Remove Ledger ed25519 support, for now --- amino.go | 4 -- ledger_ed25519.go | 156 ---------------------------------------------- ledger_pub_key.go | 68 -------------------- ledger_test.go | 38 ----------- 4 files changed, 266 deletions(-) delete mode 100644 ledger_ed25519.go delete mode 100644 ledger_pub_key.go diff --git a/amino.go b/amino.go index b78a15ed9..2af765434 100644 --- a/amino.go +++ b/amino.go @@ -19,8 +19,6 @@ func RegisterAmino(cdc *amino.Codec) { cdc.RegisterInterface((*PubKey)(nil), nil) cdc.RegisterConcrete(PubKeyEd25519{}, "tendermint/PubKeyEd25519", nil) - cdc.RegisterConcrete(PubKeyLedgerEd25519{}, - "tendermint/PubKeyLedgerEd25519", nil) cdc.RegisterConcrete(PubKeySecp256k1{}, "tendermint/PubKeySecp256k1", nil) @@ -31,8 +29,6 @@ func RegisterAmino(cdc *amino.Codec) { "tendermint/PrivKeySecp256k1", nil) cdc.RegisterConcrete(PrivKeyLedgerSecp256k1{}, "tendermint/PrivKeyLedgerSecp256k1", nil) - cdc.RegisterConcrete(PrivKeyLedgerEd25519{}, - "tendermint/PrivKeyLedgerEd25519", nil) cdc.RegisterInterface((*Signature)(nil), nil) cdc.RegisterConcrete(SignatureEd25519{}, diff --git a/ledger_ed25519.go b/ledger_ed25519.go deleted file mode 100644 index 2110b8871..000000000 --- a/ledger_ed25519.go +++ /dev/null @@ -1,156 +0,0 @@ -package crypto - -import ( - "fmt" - "github.com/pkg/errors" - - // "github.com/tendermint/ed25519" - ledger "github.com/zondax/ledger-goclient" -) - -func pubkeyLedgerEd25519(device *ledger.Ledger, path DerivationPath) (pub PubKey, err error) { - key, err := device.GetPublicKeyED25519(path) - if err != nil { - return pub, fmt.Errorf("Error fetching public key: %v", err) - } - var p PubKeyLedgerEd25519 - copy(p[:], key[0:32]) - return p, err -} - -func signLedgerEd25519(device *ledger.Ledger, path DerivationPath, msg []byte) (sig Signature, err error) { - bsig, err := device.SignED25519(path, msg) - if err != nil { - return sig, err - } - sig = SignatureEd25519FromBytes(bsig) - return sig, nil -} - -// PrivKeyLedgerEd25519 implements PrivKey, calling the ledger nano -// we cache the PubKey from the first call to use it later -type PrivKeyLedgerEd25519 struct { - // PubKey should be private, but we want to encode it via go-amino - // so we can view the address later, even without having the ledger - // attached - CachedPubKey PubKey - Path DerivationPath -} - -// NewPrivKeyLedgerEd25519 will generate a new key and store the -// public key for later use. -func NewPrivKeyLedgerEd25519(path DerivationPath) (PrivKey, error) { - var pk PrivKeyLedgerEd25519 - pk.Path = path - // getPubKey will cache the pubkey for later use, - // this allows us to return an error early if the ledger - // is not plugged in - _, err := pk.getPubKey() - return &pk, err -} - -// ValidateKey allows us to verify the sanity of a key -// after loading it from disk -func (pk PrivKeyLedgerEd25519) ValidateKey() error { - // getPubKey will return an error if the ledger is not - // properly set up... - pub, err := pk.forceGetPubKey() - if err != nil { - return err - } - // verify this matches cached address - if !pub.Equals(pk.CachedPubKey) { - return errors.New("Cached key does not match retrieved key") - } - return nil -} - -// AssertIsPrivKeyInner fulfils PrivKey Interface -func (pk *PrivKeyLedgerEd25519) AssertIsPrivKeyInner() {} - -// Bytes fulfils PrivKey Interface - but it stores the cached pubkey so we can verify -// the same key when we reconnect to a ledger -func (pk PrivKeyLedgerEd25519) Bytes() []byte { - bin, err := cdc.MarshalBinaryBare(pk) - if err != nil { - panic(err) - } - return bin -} - -// Sign calls the ledger and stores the PubKey for future use -// -// XXX/TODO: panics if there is an error communicating with the ledger. -// -// Communication is checked on NewPrivKeyLedger and PrivKeyFromBytes, -// returning an error, so this should only trigger if the privkey is held -// in memory for a while before use. -func (pk PrivKeyLedgerEd25519) Sign(msg []byte) Signature { - // oh, I wish there was better error handling - dev, err := getLedger() - if err != nil { - panic(err) - } - - sig, err := signLedgerEd25519(dev, pk.Path, msg) - if err != nil { - panic(err) - } - - pub, err := pubkeyLedgerEd25519(dev, pk.Path) - if err != nil { - panic(err) - } - - // if we have no pubkey yet, store it for future queries - if pk.CachedPubKey == nil { - pk.CachedPubKey = pub - } else if !pk.CachedPubKey.Equals(pub) { - panic("Stored key does not match signing key") - } - return sig -} - -// PubKey returns the stored PubKey -// TODO: query the ledger if not there, once it is not volatile -func (pk PrivKeyLedgerEd25519) PubKey() PubKey { - key, err := pk.getPubKey() - if err != nil { - panic(err) - } - return key -} - -// getPubKey reads the pubkey from cache or from the ledger itself -// since this involves IO, it may return an error, which is not exposed -// in the PubKey interface, so this function allows better error handling -func (pk PrivKeyLedgerEd25519) getPubKey() (key PubKey, err error) { - // if we have no pubkey, set it - if pk.CachedPubKey == nil { - pk.CachedPubKey, err = pk.forceGetPubKey() - } - return pk.CachedPubKey, err -} - -// forceGetPubKey is like getPubKey but ignores any cached key -// and ensures we get it from the ledger itself. -func (pk PrivKeyLedgerEd25519) forceGetPubKey() (key PubKey, err error) { - dev, err := getLedger() - if err != nil { - return key, errors.New(fmt.Sprintf("Cannot connect to Ledger device - error: %v", err)) - } - key, err = pubkeyLedgerEd25519(dev, pk.Path) - if err != nil { - return key, errors.New(fmt.Sprintf("Please open Cosmos app on the Ledger device - error: %v", err)) - } - return key, err -} - -// Equals fulfils PrivKey Interface - makes sure both keys refer to the -// same -func (pk PrivKeyLedgerEd25519) Equals(other PrivKey) bool { - if ledger, ok := other.(*PrivKeyLedgerEd25519); ok { - return pk.CachedPubKey.Equals(ledger.CachedPubKey) - } - return false -} diff --git a/ledger_pub_key.go b/ledger_pub_key.go deleted file mode 100644 index 0a5222577..000000000 --- a/ledger_pub_key.go +++ /dev/null @@ -1,68 +0,0 @@ -package crypto - -import ( - "bytes" - "crypto/sha512" - "fmt" - - "github.com/tendermint/ed25519" - "github.com/tendermint/ed25519/extra25519" - "golang.org/x/crypto/ripemd160" -) - -var _ PubKey = PubKeyLedgerEd25519{} - -// Implements PubKeyInner -type PubKeyLedgerEd25519 [32]byte - -func (pubKey PubKeyLedgerEd25519) Address() Address { - // append type byte - hasher := ripemd160.New() - hasher.Write(pubKey.Bytes()) // does not error - return Address(hasher.Sum(nil)) -} - -func (pubKey PubKeyLedgerEd25519) Bytes() []byte { - bz, err := cdc.MarshalBinaryBare(pubKey) - if err != nil { - panic(err) - } - return bz -} - -func (pubKey PubKeyLedgerEd25519) VerifyBytes(msg []byte, sig_ Signature) bool { - // must verify sha512 hash of msg, no padding, for Ledger compatibility - sig, ok := sig_.(SignatureEd25519) - if !ok { - return false - } - pubKeyBytes := [32]byte(pubKey) - sigBytes := [64]byte(sig) - h := sha512.New() - h.Write(msg) - digest := h.Sum(nil) - return ed25519.Verify(&pubKeyBytes, digest, &sigBytes) -} - -// For use with golang/crypto/nacl/box -// If error, returns nil. -func (pubKey PubKeyLedgerEd25519) ToCurve25519() *[32]byte { - keyCurve25519, pubKeyBytes := new([32]byte), [32]byte(pubKey) - ok := extra25519.PublicKeyToCurve25519(keyCurve25519, &pubKeyBytes) - if !ok { - return nil - } - return keyCurve25519 -} - -func (pubKey PubKeyLedgerEd25519) String() string { - return fmt.Sprintf("PubKeyLedgerEd25519{%X}", pubKey[:]) -} - -func (pubKey PubKeyLedgerEd25519) Equals(other PubKey) bool { - if otherEd, ok := other.(PubKeyLedgerEd25519); ok { - return bytes.Equal(pubKey[:], otherEd[:]) - } else { - return false - } -} diff --git a/ledger_test.go b/ledger_test.go index a0ea35837..dda3d3d3d 100644 --- a/ledger_test.go +++ b/ledger_test.go @@ -46,44 +46,6 @@ func TestRealLedgerSecp256k1(t *testing.T) { assert.Equal(t, pub, bpub) } -func TestRealLedgerEd25519(t *testing.T) { - - if os.Getenv("WITH_LEDGER") == "" { - t.Skip("Set WITH_LEDGER to run code on real ledger") - } - msg := []byte("kuhehfeohg") - - path := DerivationPath{44, 60, 0, 0, 0} - - priv, err := NewPrivKeyLedgerEd25519(path) - require.Nil(t, err, "%+v", err) - pub := priv.PubKey() - sig := priv.Sign(msg) - - valid := pub.VerifyBytes(msg, sig) - assert.True(t, valid) - - // now, let's serialize the key and make sure it still works - bs := priv.Bytes() - priv2, err := PrivKeyFromBytes(bs) - require.Nil(t, err, "%+v", err) - - // make sure we get the same pubkey when we load from disk - pub2 := priv2.PubKey() - require.Equal(t, pub, pub2) - - // signing with the loaded key should match the original pubkey - sig = priv2.Sign(msg) - valid = pub.VerifyBytes(msg, sig) - assert.True(t, valid) - - // make sure pubkeys serialize properly as well - bs = pub.Bytes() - bpub, err := PubKeyFromBytes(bs) - require.NoError(t, err) - assert.Equal(t, pub, bpub) -} - // TestRealLedgerErrorHandling calls. These tests assume // the ledger is not plugged in.... func TestRealLedgerErrorHandling(t *testing.T) { From 80e97522504e79dca2f0e2c35168e6f47dc307ce Mon Sep 17 00:00:00 2001 From: Christopher Goes Date: Thu, 31 May 2018 21:30:20 +0200 Subject: [PATCH 15/15] Move TODOs to #114 --- Gopkg.lock | 4 ++-- ledger_secp256k1.go | 19 ++++++++----------- 2 files changed, 10 insertions(+), 13 deletions(-) diff --git a/Gopkg.lock b/Gopkg.lock index 2090ac2e3..f51e2b229 100644 --- a/Gopkg.lock +++ b/Gopkg.lock @@ -11,7 +11,7 @@ branch = "master" name = "github.com/btcsuite/btcd" packages = ["btcec"] - revision = "bc0944904505aab55e089371a892be2f87883161" + revision = "86fed781132ac890ee03e906e4ecd5d6fa180c64" [[projects]] branch = "master" @@ -172,7 +172,7 @@ "ripemd160", "salsa20/salsa" ] - revision = "ab813273cd59e1333f7ae7bff5d027d4aadf528c" + revision = "5ba7f63082460102a45837dbd1827e10f9479ac0" [solve-meta] analyzer-name = "dep" diff --git a/ledger_secp256k1.go b/ledger_secp256k1.go index b574035d4..f485bb415 100644 --- a/ledger_secp256k1.go +++ b/ledger_secp256k1.go @@ -2,7 +2,6 @@ package crypto import ( "fmt" - "github.com/pkg/errors" secp256k1 "github.com/btcsuite/btcd/btcec" ledger "github.com/zondax/ledger-goclient" @@ -11,13 +10,14 @@ import ( func pubkeyLedgerSecp256k1(device *ledger.Ledger, path DerivationPath) (pub PubKey, err error) { key, err := device.GetPublicKeySECP256K1(path) if err != nil { - return pub, fmt.Errorf("Error fetching public key: %v", err) + return nil, fmt.Errorf("error fetching public key: %v", err) } var p PubKeySecp256k1 // Reserialize in the 33-byte compressed format cmp, err := secp256k1.ParsePubKey(key[:], secp256k1.S256()) copy(p[:], cmp.SerializeCompressed()) - return p, err + pub = p + return } func signLedgerSecp256k1(device *ledger.Ledger, path DerivationPath, msg []byte) (sig Signature, err error) { @@ -26,7 +26,7 @@ func signLedgerSecp256k1(device *ledger.Ledger, path DerivationPath, msg []byte) return sig, err } sig = SignatureSecp256k1FromBytes(bsig) - return sig, nil + return } // PrivKeyLedgerSecp256k1 implements PrivKey, calling the ledger nano @@ -62,7 +62,7 @@ func (pk PrivKeyLedgerSecp256k1) ValidateKey() error { } // verify this matches cached address if !pub.Equals(pk.CachedPubKey) { - return errors.New("Cached key does not match retrieved key") + return fmt.Errorf("cached key does not match retrieved key") } return nil } @@ -82,8 +82,6 @@ func (pk PrivKeyLedgerSecp256k1) Bytes() []byte { // Sign calls the ledger and stores the PubKey for future use // -// XXX/TODO: panics if there is an error communicating with the ledger. -// // Communication is checked on NewPrivKeyLedger and PrivKeyFromBytes, // returning an error, so this should only trigger if the privkey is held // in memory for a while before use. @@ -108,13 +106,12 @@ func (pk PrivKeyLedgerSecp256k1) Sign(msg []byte) Signature { if pk.CachedPubKey == nil { pk.CachedPubKey = pub } else if !pk.CachedPubKey.Equals(pub) { - panic("Stored key does not match signing key") + panic("stored key does not match signing key") } return sig } // PubKey returns the stored PubKey -// TODO: query the ledger if not there, once it is not volatile func (pk PrivKeyLedgerSecp256k1) PubKey() PubKey { key, err := pk.getPubKey() if err != nil { @@ -139,11 +136,11 @@ func (pk PrivKeyLedgerSecp256k1) getPubKey() (key PubKey, err error) { func (pk PrivKeyLedgerSecp256k1) forceGetPubKey() (key PubKey, err error) { dev, err := getLedger() if err != nil { - return key, errors.New(fmt.Sprintf("Cannot connect to Ledger device - error: %v", err)) + return key, fmt.Errorf("cannot connect to Ledger device - error: %v", err) } key, err = pubkeyLedgerSecp256k1(dev, pk.Path) if err != nil { - return key, errors.New(fmt.Sprintf("Please open Cosmos app on the Ledger device - error: %v", err)) + return key, fmt.Errorf("please open Cosmos app on the Ledger device - error: %v", err) } return key, err }