tendermint/_nano/keys.go

package nano

import (
	"bytes"
	"encoding/hex"

	"github.com/pkg/errors"

	ledger "github.com/ethanfrey/ledger"

	crypto "github.com/tendermint/go-crypto"
	wire "github.com/tendermint/go-wire"
)

//nolint
const (
	NameLedgerEd25519 = "ledger-ed25519"
	TypeLedgerEd25519 = 0x10

	// Timeout is the number of seconds to wait for a response from the ledger
	// if eg. waiting for user confirmation on button push
	Timeout = 20
)

var device *ledger.Ledger

// getLedger gets a copy of the device, and caches it
func getLedger() (*ledger.Ledger, error) {
	var err error
	if device == nil {
		device, err = ledger.FindLedger()
	}
	return device, err
}

func signLedger(device *ledger.Ledger, msg []byte) (pub crypto.PubKey, sig crypto.Signature, err error) {
	var resp []byte

	packets := generateSignRequests(msg)
	for _, pack := range packets {
		resp, err = device.Exchange(pack, Timeout)
		if err != nil {
			return pub, sig, err
		}
	}

	// the last call is the result we want and needs to be parsed
	key, bsig, err := parseDigest(resp)
	if err != nil {
		return pub, sig, err
	}

	var b [32]byte
	copy(b[:], key)
	return PubKeyLedgerEd25519FromBytes(b), crypto.SignatureEd25519FromBytes(bsig), nil
}

// PrivKeyLedgerEd25519 implements PrivKey, calling the ledger nano
// we cache the PubKey from the first call to use it later
type PrivKeyLedgerEd25519 struct {
	// PubKey should be private, but we want to encode it via go-wire
	// so we can view the address later, even without having the ledger
	// attached
	CachedPubKey crypto.PubKey
}

// NewPrivKeyLedgerEd25519 will generate a new key and store the
// public key for later use.
func NewPrivKeyLedgerEd25519() (crypto.PrivKey, error) {
	var pk PrivKeyLedgerEd25519
	// getPubKey will cache the pubkey for later use,
	// this allows us to return an error early if the ledger
	// is not plugged in
	_, err := pk.getPubKey()
	return pk.Wrap(), err
}

// ValidateKey allows us to verify the sanity of a key
// after loading it from disk
func (pk *PrivKeyLedgerEd25519) ValidateKey() error {
	// getPubKey will return an error if the ledger is not
	// properly set up...
	pub, err := pk.forceGetPubKey()
	if err != nil {
		return err
	}
	// verify this matches cached address
	if !pub.Equals(pk.CachedPubKey) {
		return errors.New("ledger doesn't match cached key")
	}
	return nil
}

// AssertIsPrivKeyInner fulfils PrivKey Interface
func (pk *PrivKeyLedgerEd25519) AssertIsPrivKeyInner() {}

// Bytes fulfils PrivKey Interface - but it stores the cached pubkey so we can verify
// the same key when we reconnect to a ledger
func (pk *PrivKeyLedgerEd25519) Bytes() []byte {
	return wire.BinaryBytes(pk.Wrap())
}

// Sign calls the ledger and stores the PubKey for future use
//
// XXX/TODO: panics if there is an error communicating with the ledger.
//
// Communication is checked on NewPrivKeyLedger and PrivKeyFromBytes,
// returning an error, so this should only trigger if the privkey is held
// in memory for a while before use.
func (pk *PrivKeyLedgerEd25519) Sign(msg []byte) crypto.Signature {
	// oh, I wish there was better error handling
	dev, err := getLedger()
	if err != nil {
		panic(err)
	}

	pub, sig, err := signLedger(dev, msg)
	if err != nil {
		panic(err)
	}

	// if we have no pubkey yet, store it for future queries
	if pk.CachedPubKey.Empty() {
		pk.CachedPubKey = pub
	} else if !pk.CachedPubKey.Equals(pub) {
		panic("signed with a different key than stored")
	}
	return sig
}

// PubKey returns the stored PubKey
// TODO: query the ledger if not there, once it is not volatile
func (pk *PrivKeyLedgerEd25519) PubKey() crypto.PubKey {
	key, err := pk.getPubKey()
	if err != nil {
		panic(err)
	}
	return key
}

// getPubKey reads the pubkey from cache or from the ledger itself
// since this involves IO, it may return an error, which is not exposed
// in the PubKey interface, so this function allows better error handling
func (pk *PrivKeyLedgerEd25519) getPubKey() (key crypto.PubKey, err error) {
	// if we have no pubkey, set it
	if pk.CachedPubKey.Empty() {
		pk.CachedPubKey, err = pk.forceGetPubKey()
	}
	return pk.CachedPubKey, err
}

// forceGetPubKey is like getPubKey but ignores any cached key
// and ensures we get it from the ledger itself.
func (pk *PrivKeyLedgerEd25519) forceGetPubKey() (key crypto.PubKey, err error) {
	dev, err := getLedger()
	if err != nil {
		return key, errors.New("Can't connect to ledger device")
	}
	key, _, err = signLedger(dev, []byte{0})
	if err != nil {
		return key, errors.New("Please open cosmos app on the ledger")
	}
	return key, err
}

// Equals fulfils PrivKey Interface - makes sure both keys refer to the
// same
func (pk *PrivKeyLedgerEd25519) Equals(other crypto.PrivKey) bool {
	if ledger, ok := other.Unwrap().(*PrivKeyLedgerEd25519); ok {
		return pk.CachedPubKey.Equals(ledger.CachedPubKey)
	}
	return false
}

// MockPrivKeyLedgerEd25519 behaves as the ledger, but stores a pre-packaged call-response
// for use in test cases
type MockPrivKeyLedgerEd25519 struct {
	Msg []byte
	Pub [KeyLength]byte
	Sig [SigLength]byte
}

// NewMockKey returns
func NewMockKey(msg, pubkey, sig string) (pk MockPrivKeyLedgerEd25519) {
	var err error
	pk.Msg, err = hex.DecodeString(msg)
	if err != nil {
		panic(err)
	}

	bpk, err := hex.DecodeString(pubkey)
	if err != nil {
		panic(err)
	}
	bsig, err := hex.DecodeString(sig)
	if err != nil {
		panic(err)
	}

	copy(pk.Pub[:], bpk)
	copy(pk.Sig[:], bsig)
	return pk
}

var _ crypto.PrivKeyInner = MockPrivKeyLedgerEd25519{}

// AssertIsPrivKeyInner fulfils PrivKey Interface
func (pk MockPrivKeyLedgerEd25519) AssertIsPrivKeyInner() {}

// Bytes fulfils PrivKey Interface - not supported
func (pk MockPrivKeyLedgerEd25519) Bytes() []byte {
	return nil
}

// Sign returns a real SignatureLedger, if the msg matches what we expect
func (pk MockPrivKeyLedgerEd25519) Sign(msg []byte) crypto.Signature {
	if !bytes.Equal(pk.Msg, msg) {
		panic("Mock key is for different msg")
	}
	return crypto.SignatureEd25519(pk.Sig).Wrap()
}

// PubKey returns a real PubKeyLedgerEd25519, that will verify this signature
func (pk MockPrivKeyLedgerEd25519) PubKey() crypto.PubKey {
	return PubKeyLedgerEd25519FromBytes(pk.Pub)
}

// Equals compares that two Mocks have the same data
func (pk MockPrivKeyLedgerEd25519) Equals(other crypto.PrivKey) bool {
	if mock, ok := other.Unwrap().(MockPrivKeyLedgerEd25519); ok {
		return bytes.Equal(mock.Pub[:], pk.Pub[:]) &&
			bytes.Equal(mock.Sig[:], pk.Sig[:]) &&
			bytes.Equal(mock.Msg, pk.Msg)
	}
	return false
}

////////////////////////////////////////////
// pubkey

// PubKeyLedgerEd25519 works like a normal Ed25519 except a hash before the verify bytes
type PubKeyLedgerEd25519 struct {
	crypto.PubKeyEd25519
}

// PubKeyLedgerEd25519FromBytes creates a PubKey from the raw bytes
func PubKeyLedgerEd25519FromBytes(key [32]byte) crypto.PubKey {
	return PubKeyLedgerEd25519{crypto.PubKeyEd25519(key)}.Wrap()
}

// Bytes fulfils pk Interface - no data, just type info
func (pk PubKeyLedgerEd25519) Bytes() []byte {
	return wire.BinaryBytes(pk.Wrap())
}

// VerifyBytes uses the normal Ed25519 algorithm but a sha512 hash beforehand
func (pk PubKeyLedgerEd25519) VerifyBytes(msg []byte, sig crypto.Signature) bool {
	hmsg := hashMsg(msg)
	return pk.PubKeyEd25519.VerifyBytes(hmsg, sig)
}

// Equals implements PubKey interface
func (pk PubKeyLedgerEd25519) Equals(other crypto.PubKey) bool {
	if ledger, ok := other.Unwrap().(PubKeyLedgerEd25519); ok {
		return pk.PubKeyEd25519.Equals(ledger.PubKeyEd25519.Wrap())
	}
	return false
}

/*** registration with go-data ***/

func init() {
	crypto.PrivKeyMapper.
		RegisterImplementation(&PrivKeyLedgerEd25519{}, NameLedgerEd25519, TypeLedgerEd25519).
		RegisterImplementation(MockPrivKeyLedgerEd25519{}, "mock-ledger", 0x11)

	crypto.PubKeyMapper.
		RegisterImplementation(PubKeyLedgerEd25519{}, NameLedgerEd25519, TypeLedgerEd25519)
}

// Wrap fulfils interface for PrivKey struct
func (pk *PrivKeyLedgerEd25519) Wrap() crypto.PrivKey {
	return crypto.PrivKey{PrivKeyInner: pk}
}

// Wrap fulfils interface for PrivKey struct
func (pk MockPrivKeyLedgerEd25519) Wrap() crypto.PrivKey {
	return crypto.PrivKey{PrivKeyInner: pk}
}

// Wrap fulfils interface for PubKey struct
func (pk PubKeyLedgerEd25519) Wrap() crypto.PubKey {
	return crypto.PubKey{PubKeyInner: pk}
}