Merge pull request #739 from btchip/7702-phase1

Implementation of EIP 7702 - phase 1

Author: apaillier-ledger

client/src/ledger_app_clients/ethereum/client.py

@@ -17,6 +17,7 @@
 from .tlv import format_tlv, FieldTag
 from .response_parser import pk_addr
 from .tx_simu import TxSimu
+from .tx_auth_7702 import TxAuth7702
 
 
 class StatusWord(IntEnum):
@@ -212,28 +213,35 @@ def eip712_filtering_trusted_name(self,
     def eip712_filtering_raw(self, name: str, sig: bytes, discarded: bool):
         return self._exchange_async(self._cmd_builder.eip712_filtering_raw(name, sig, discarded))
 
-    def serialize_tx(self, tx_params: dict) -> Tuple[bytes, bytes]:
+    def serialize_tx(self, tx_params: dict, tx_raw: Optional[bytes] = None) -> Tuple[bytes, bytes]:
         """Computes the serialized TX and its hash"""
 
-        tx = Web3().eth.account.create().sign_transaction(tx_params).rawTransaction
+        if tx_raw is not None:
+            tx = tx_raw
+        else:
+            tx = Web3().eth.account.create().sign_transaction(tx_params).rawTransaction
         prefix = bytes()
         suffix = []
-        if tx[0] in [0x01, 0x02]:
+        if tx[0] in [0x01, 0x02, 0x04]:
             prefix = tx[:1]
             tx = tx[len(prefix):]
         else:  # legacy
             if "chainId" in tx_params:
                 suffix = [int(tx_params["chainId"]), bytes(), bytes()]
-        decoded_tx = rlp.decode(tx)[:-3]  # remove already computed signature
+        if tx_raw is None:
+            decoded_tx = rlp.decode(tx)[:-3]  # remove already computed signature
+        else:
+            decoded_tx = rlp.decode(tx)
         encoded_tx = prefix + rlp.encode(decoded_tx + suffix)
         tx_hash = keccak(encoded_tx)
         return encoded_tx, tx_hash
 
     def sign(self,
              bip32_path: str,
              tx_params: dict,
+             tx_raw: Optional[bytes] = None,  # Introduced for 7702 until web3.py supports authorization lists
              mode: SignMode = SignMode.BASIC):
-        tx, _ = self.serialize_tx(tx_params)
+        tx, _ = self.serialize_tx(tx_params, tx_raw)
         chunks = self._cmd_builder.sign(bip32_path, tx, mode)
         for chunk in chunks[:-1]:
             self._exchange(chunk)
@@ -671,3 +679,9 @@ def provide_proxy_info(self, payload: bytes) -> RAPDU:
         for chunk in chunks[:-1]:
             self._exchange(chunk)
         return self._exchange(chunks[-1])
+
+    def sign_eip7702_authorization(self, auth_params: TxAuth7702) -> RAPDU:
+        chunks = self._cmd_builder.sign_eip7702_authorization(auth_params.serialize())
+        for chunk in chunks[:-1]:
+            self._exchange(chunk)
+        return self._exchange_async(chunks[-1])

client/src/ledger_app_clients/ethereum/command_builder.py

@@ -2,6 +2,7 @@
 # https://github.com/LedgerHQ/app-ethereum/blob/develop/doc/ethapp.adoc
 
 import struct
+import math
 from enum import IntEnum
 from typing import Optional
 from ragger.bip import pack_derivation_path
@@ -31,6 +32,7 @@ class InsType(IntEnum):
     PROVIDE_PROXY_INFO = 0x2a
     PROVIDE_NETWORK_INFORMATION = 0x30
     PROVIDE_TX_SIMULATION = 0x32
+    SIGN_EIP7702_AUTHORIZATION = 0x34
 
 
 class P1Type(IntEnum):
@@ -64,6 +66,11 @@ class P2Type(IntEnum):
 class CommandBuilder:
     _CLA: int = 0xE0
 
+    def _intToBytes(self, i: int) -> bytes:
+        if i == 0:
+            return b"\x00"
+        return i.to_bytes(math.ceil(i.bit_length() / 8), 'big')
+
     def _serialize(self,
                    ins: InsType,
                    p1: int,
@@ -456,6 +463,9 @@ def provide_network_information(self,
                 p1 = P1Type.FOLLOWING_CHUNK
         return chunks
 
+    def sign_eip7702_authorization(self, tlv_payload: bytes) -> list[bytes]:
+        return self.common_tlv_serialize(InsType.SIGN_EIP7702_AUTHORIZATION, tlv_payload)
+
     def provide_enum_value(self, tlv_payload: bytes) -> list[bytes]:
         return self.common_tlv_serialize(InsType.PROVIDE_ENUM_VALUE, tlv_payload)
 

client/src/ledger_app_clients/ethereum/settings.py

@@ -11,6 +11,7 @@ class SettingID(Enum):
     NONCE = auto()
     VERBOSE_EIP712 = auto()
     DEBUG_DATA = auto()
+    EIP7702 = auto()
 
 
 def get_device_settings(firmware: Firmware) -> list[SettingID]:
@@ -28,6 +29,7 @@ def get_device_settings(firmware: Firmware) -> list[SettingID]:
             SettingID.NONCE,
             SettingID.VERBOSE_EIP712,
             SettingID.DEBUG_DATA,
+            SettingID.EIP7702,
         ]
     return [
         SettingID.WEB3_CHECK,
@@ -36,6 +38,7 @@ def get_device_settings(firmware: Firmware) -> list[SettingID]:
         SettingID.NONCE,
         SettingID.VERBOSE_EIP712,
         SettingID.DEBUG_DATA,
+        SettingID.EIP7702,
     ]
 
 
@@ -75,6 +78,11 @@ def get_setting_position(firmware: Firmware, setting: SettingID) -> tuple[int, i
             page, y = 2, 130
         else:
             page, y = 2, 315
+    elif setting == SettingID.EIP7702:
+        if firmware == Firmware.STAX:
+            page, y = 2, 300
+        else:
+            page, y = 3, 140
     else:
         raise ValueError(f"Unknown setting: {setting}")
     return page, x, y

client/src/ledger_app_clients/ethereum/tx_auth_7702.py

@@ -0,0 +1,53 @@
+from typing import Optional
+from enum import IntEnum
+
+from bip_utils import Bip32Utils
+
+from .tlv import TlvSerializable
+
+
+class FieldTag(IntEnum):
+    STRUCT_VERSION = 0x00
+    DERIVATION_IDX = 0x01
+    DELEGATE_ADDR = 0x02
+    CHAIN_ID = 0x03
+    NONCE = 0x04
+
+
+class TxAuth7702(TlvSerializable):
+    bip32_path: str
+    delegate: bytes
+    nonce: int
+    chain_id: int
+
+    def __init__(self,
+                 bip32_path: str,
+                 delegate: bytes,
+                 nonce: int,
+                 chain_id: Optional[int]) -> None:
+        self.bip32_path = bip32_path
+        self.delegate = delegate
+        self.nonce = nonce
+        if chain_id is None:
+            self.chain_id = 0
+        else:
+            self.chain_id = chain_id
+
+    def serialize(self) -> bytes:
+        payload: bytes = self.serialize_field(FieldTag.STRUCT_VERSION, 1)
+        split = self.bip32_path.split("/")
+        if split[0] != "m":
+            raise ValueError("Error master expected in bip32 path")
+        for value in split[1:]:
+            if value == "":
+                raise ValueError(f'Error missing value in split bip 32 path list "{split}"')
+            if value.endswith('\''):
+                payload += self.serialize_field(FieldTag.DERIVATION_IDX,
+                                                Bip32Utils.HardenIndex(int(value[:-1])).to_bytes(4, byteorder='big'))
+            else:
+                payload += self.serialize_field(FieldTag.DERIVATION_IDX,
+                                                int(value).to_bytes(4, byteorder='big'))
+        payload += self.serialize_field(FieldTag.DELEGATE_ADDR, self.delegate)
+        payload += self.serialize_field(FieldTag.NONCE, self.nonce.to_bytes(8, 'big'))
+        payload += self.serialize_field(FieldTag.CHAIN_ID, self.chain_id.to_bytes(8, 'big'))
+        return payload

client/src/ledger_app_clients/ethereum/utils.py

@@ -1,3 +1,4 @@
+from typing import Optional
 from eth_account import Account
 from eth_account.messages import encode_defunct, encode_typed_data
 import rlp
@@ -25,10 +26,13 @@ def recover_message(msg, vrs: tuple) -> bytes:
     return bytes.fromhex(addr[2:])
 
 
-def recover_transaction(tx_params, vrs: tuple) -> bytes:
-    raw_tx = Account.create().sign_transaction(tx_params).rawTransaction
+def recover_transaction(tx_params, vrs: tuple, raw_tx_param: Optional[bytes] = None) -> bytes:
+    if raw_tx_param is None:
+        raw_tx = Account.create().sign_transaction(tx_params).rawTransaction
+    else:
+        raw_tx = raw_tx_param
     prefix = bytes()
-    if raw_tx[0] in [0x01, 0x02]:
+    if raw_tx[0] in [0x01, 0x02, 0x04]:
         prefix = raw_tx[:1]
         raw_tx = raw_tx[len(prefix):]
     else:
@@ -58,6 +62,9 @@ def recover_transaction(tx_params, vrs: tuple) -> bytes:
             # Pre EIP-155 TX
             assert False
     decoded = rlp.decode(raw_tx)
-    reencoded = rlp.encode(decoded[:-3] + list(normalize_vrs(vrs)))
+    if raw_tx_param is None:
+        reencoded = rlp.encode(decoded[:-3] + list(normalize_vrs(vrs)))
+    else:
+        reencoded = rlp.encode(decoded + list(normalize_vrs(vrs)))
     addr = Account.recover_transaction(prefix + reencoded)
     return bytes.fromhex(addr[2:])

doc/ethapp.adoc

@@ -97,7 +97,7 @@ _Output data_
 
 #### Description
 
-https://github.com/ethereum/EIPs/blob/master/EIPS/eip-1559.md
+The application supports signing legacy or EIP 2718 (https://github.com/ethereum/EIPs/blob/master/EIPS/eip-2718.md) transactions for Type 2 (https://github.com/ethereum/EIPs/blob/master/EIPS/eip-1559.md) and Type 4 (https://github.com/ethereum/EIPs/blob/master/EIPS/eip-7702.md)
 
 This command signs an Ethereum transaction after having the user validate the following parameters
 
@@ -1455,6 +1455,56 @@ None
 | Web3 Check setting status  | 1
 |====================================
 
+### SIGN EIP 7702 AUTHORIZATION
+
+#### Description
+
+This command computes the signature for an element of a EIP 7702 Authorization list (https://github.com/ethereum/EIPs/blob/master/EIPS/eip-7702.md) on the given account, for the given delegate, chain ID and nonce.
+
+The user is prompted to confirm the operation before the signature is issued.
+
+#### Coding
+
+_Command_
+
+[width="80%"]
+|==============================================================
+| *CLA* | *INS*  | *P1*               | *P2*       | *LC*
+|   E0  |   34   | 01 : first chunk
+
+                   00 : following chunk
+                                      | 00         | 00
+|==============================================================
+
+_Input data_
+
+##### If P1 == first chunk
+
+[width="80%"]
+|====================================================================
+| *Description*                                     | *Length (byte)*
+| struct size (BE)                                  | 2
+| link:tlv_structs.md#auth_7702[AUTH_7702 struct] | variable
+|====================================================================
+
+##### If P1 == following chunk
+
+[width="80%"]
+|====================================================================
+| *Description*                                     | *Length (byte)*
+| link:tlv_structs.md#auth_7702[AUTH_7702 struct] | variable
+|====================================================================
+
+_Output data_
+
+[width="80%"]
+|==============================================================================================================================
+| *Description*                                                                     | *Length*
+| Signature parity (0 even, 1 odd) - use as is in EIP 7702                          | 1
+| r                                                                                 | 32
+| s                                                                                 | 32
+|==============================================================================================================================
+
 ## Transport protocol
 
 ### General transport description

doc/tlv_structs.md

@@ -312,3 +312,13 @@ In version 1 of the protocol:
 | SELECTOR       | 0x28 | uint[4]         | function selector               | x        |
 | IMPL_ADDRESS   | 0x29 | uint8[20]       | implementation contract address |          |
 | SIGNATURE      | 0x15 | uint8[]         | signature of the structure      |          |
+
+## AUTH_7702
+
+| Name           | Tag  | Payload type    | Description                     | Optional |
+|----------------|------|-----------------|---------------------------------|----------|
+| STRUCT_VERSION | 0x00 | uint8           | structure version (currently 1) |          |
+| DERIVATION_IDX | 0x01 | uint32          | BIP32 derivation path item      |          |
+| DELEGATE_ADDR  | 0x02 | uint8[20]       | delegate address                |          |
+| CHAIN_ID       | 0x03 | uint64          | Chain ID (00 for no restriction)|          |
+| NONCE          | 0x04 | uint64          | nonce                           |          |

examples/signAuthorizationEIP7702.py

@@ -0,0 +1,91 @@
+#!/usr/bin/env python
+"""
+*******************************************************************************
+*   Ledger Ethereum App
+*   (c) 2016-2019 Ledger
+*
+*  Licensed under the Apache License, Version 2.0 (the "License");
+*  you may not use this file except in compliance with the License.
+*  You may obtain a copy of the License at
+*
+*      http://www.apache.org/licenses/LICENSE-2.0
+*
+*  Unless required by applicable law or agreed to in writing, software
+*  distributed under the License is distributed on an "AS IS" BASIS,
+*  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+*  See the License for the specific language governing permissions and
+*  limitations under the License.
+********************************************************************************
+"""
+from __future__ import print_function
+
+from ledgerblue.comm import getDongle
+from ledgerblue.commException import CommException
+import argparse
+import struct
+import binascii
+import math
+import rlp
+
+
+
+def der_encode(value):
+    value_bytes = value.to_bytes(max(1, (value.bit_length() + 7) // 8), 'big')
+    if value >= 0x80:
+        value_bytes = (0x80 | len(value_bytes)).to_bytes(1, 'big') + value_bytes
+    return value_bytes
+
+def tlv_encode(tag, value):
+    return der_encode(tag) + der_encode(len(value)) + value
+
+def parse_bip32_path(path):
+    if len(path) == 0:
+        return b""
+    result = b""
+    elements = path.split('/')
+    for pathElement in elements:
+        element = pathElement.split('\'')
+        result = result + der_encode(0x01) + der_encode(0x04)
+        if len(element) == 1:
+            result = result + struct.pack(">I", int(element[0]))
+        else:
+            result = result + struct.pack(">I", 0x80000000 | int(element[0]))
+    return result
+
+
+parser = argparse.ArgumentParser()
+parser.add_argument('--path', help="BIP 32 path to retrieve")
+parser.add_argument('--chainid', help="Chain ID", type=int, required=True)
+parser.add_argument('--nonce', help="Account Nonce", type=int, required=True)
+parser.add_argument('--delegate', help="Delegate address", type=str, required=True)
+args = parser.parse_args()
+
+if args.path == None:
+    args.path = "44'/60'/0'/0/0"
+
+tmp = tlv_encode(0x00, struct.pack(">B", 0x01))
+tmp += parse_bip32_path(args.path)
+data = binascii.unhexlify(args.delegate[2:])
+tmp += tlv_encode(0x02, data)
+tmp += tlv_encode(0x03, struct.pack(">Q", args.chainid))
+tmp += tlv_encode(0x04, struct.pack(">Q", args.nonce))
+
+tmp = struct.pack(">H", len(tmp)) + tmp
+
+apdu = bytearray.fromhex("e0340100")
+apdu += struct.pack(">B", len(tmp))
+apdu += tmp
+
+dongle = getDongle(True)
+result = dongle.exchange(bytes(apdu))
+
+v = result[0]
+r = result[1 : 1 + 32]
+s = result[1 + 32 :]
+
+print("v = " + str(v))
+print("r = " + binascii.hexlify(r).decode('utf-8'))
+print("s = " + binascii.hexlify(s).decode('utf-8'))
+
+rlpData = [ args.chainid, binascii.unhexlify(args.delegate[2:]), args.nonce, v, r, s ]
+print(binascii.hexlify(rlp.encode(rlpData)).decode('utf-8'))