fix: use correct derivation path for masp signs using ledger AND sign all sapling inputs (#2163)

Author: mateuszjasiuk

apps/extension/src/Approvals/ConfirmSignLedgerTx.tsx

@@ -1,3 +1,5 @@
+import { getSdk } from "@namada/sdk/web";
+import sdkInit from "@namada/sdk/web-init";
 import clsx from "clsx";
 import { ReactNode, useCallback, useEffect, useState } from "react";
 
@@ -84,8 +86,9 @@ export const ConfirmSignLedgerTx: React.FC<Props> = ({ details }) => {
   const signMaspTx = async (
     ledger: Ledger,
     bytes: Uint8Array,
-    path: string
-  ): Promise<{ sbar: Uint8Array; rbar: Uint8Array }> => {
+    path: string,
+    shieldedHash?: string
+  ): Promise<{ sbar: Uint8Array; rbar: Uint8Array }[]> => {
     const signMaspSpendsResponse = await ledger.namadaApp.signMaspSpends(
       path,
       Buffer.from(bytes)
@@ -97,14 +100,36 @@ export const ConfirmSignLedgerTx: React.FC<Props> = ({ details }) => {
       );
     }
 
-    const spendSignatureResponse = await ledger.namadaApp.getSpendSignature();
-    if (spendSignatureResponse.returnCode !== LedgerError.NoErrors) {
-      throw new Error(
-        `Getting spends signature error encountered: ${signMaspSpendsResponse.errorMessage}`
-      );
+    if (!shieldedHash) {
+      throw new Error("Shielded hash is required for MASP transactions");
     }
 
-    return spendSignatureResponse;
+    const { cryptoMemory } = await sdkInit();
+    // TODO: Find a better way to init the sdk, token has to be any valid token
+    const sdk = getSdk(
+      cryptoMemory,
+      "",
+      "",
+      "",
+      "tnam1q9gr66cvu4hrzm0sd5kmlnjje82gs3xlfg3v6nu7"
+    );
+    const descriptors = await sdk
+      .getMasp()
+      .getDescriptorMap(bytes, fromBase64(shieldedHash));
+
+    const responses = [];
+    // TODO: this probably means that we do not really need descriptor map, but just to iterate over the sapling inputs
+    for (const _ of descriptors) {
+      const spendSignatureResponse = await ledger.namadaApp.getSpendSignature();
+      if (spendSignatureResponse.returnCode !== LedgerError.NoErrors) {
+        throw new Error(
+          `Getting spends signature error encountered: ${signMaspSpendsResponse.errorMessage}`
+        );
+      }
+      responses.push(spendSignatureResponse);
+    }
+
+    return responses;
   };
 
   const signLedgerTx = async (
@@ -130,15 +155,20 @@ export const ConfirmSignLedgerTx: React.FC<Props> = ({ details }) => {
       ledger: Ledger,
       tx: string,
       zip32Path: string,
-      signatures: string[]
+      signatures: string[],
+      shieldedHash?: string
     ) => {
-      const { sbar, rbar } = await signMaspTx(
+      const responses = await signMaspTx(
         ledger,
         fromBase64(tx),
-        zip32Path
+        zip32Path,
+        shieldedHash
       );
-      const signature = toBase64(new Uint8Array([...rbar, ...sbar]));
-      signatures.push(signature);
+
+      responses.forEach(({ sbar, rbar }) => {
+        const signature = toBase64(new Uint8Array([...rbar, ...sbar]));
+        signatures.push(signature);
+      });
     },
     []
   );
@@ -197,10 +227,12 @@ export const ConfirmSignLedgerTx: React.FC<Props> = ({ details }) => {
         if (!accountDetails) {
           throw new Error(`Failed to query account details for ${signer}`);
         }
+        const [transparentAccount, shieldedAccount] = accountDetails;
+
         const path = {
-          account: accountDetails.path.account,
-          change: accountDetails.path.change || 0,
-          index: accountDetails.path.index || 0,
+          account: transparentAccount.path.account,
+          change: transparentAccount.path.change || 0,
+          index: transparentAccount.path.index || 0,
         };
 
         const pendingTxs = await requester.sendMessage(
@@ -247,7 +279,7 @@ export const ConfirmSignLedgerTx: React.FC<Props> = ({ details }) => {
           transferTypes.includes("Unshielding") ||
           transferTypes.includes("IbcUnshieldTransfer");
 
-        for await (const tx of pendingTxs) {
+        for await (const { tx, shieldedHash } of pendingTxs) {
           if (txCount > 1) {
             setStepTwoDescription(
               <p>
@@ -259,11 +291,22 @@ export const ConfirmSignLedgerTx: React.FC<Props> = ({ details }) => {
           }
 
           if (fromMasp) {
+            if (!shieldedAccount) {
+              throw new Error(
+                `Shielded account details for ${signer} not found!`
+              );
+            }
             const zip32Path = makeSaplingPath(chains.namada.bip44.coinType, {
-              account: path.account,
+              account: shieldedAccount.path.account,
             });
             // Adds new signature to the collection
-            await handleMaspSignTx(ledger, tx, zip32Path, maspSignatures);
+            await handleMaspSignTx(
+              ledger,
+              tx,
+              zip32Path,
+              maspSignatures,
+              shieldedHash
+            );
           } else {
             const bip44Path = makeBip44Path(chains.namada.bip44.coinType, path);
             // Adds new signature to the collection

apps/extension/src/background/approvals/messages.ts

@@ -311,7 +311,9 @@ export class QueryTxDetailsMsg extends Message<TxDetails[]> {
   }
 }
 
-export class QueryPendingTxBytesMsg extends Message<string[] | undefined> {
+export class QueryPendingTxBytesMsg extends Message<
+  { tx: string; shieldedHash?: string }[] | undefined
+> {
   public static type(): MessageType {
     return MessageType.QueryPendingTxBytes;
   }

apps/extension/src/background/approvals/service.test.ts

@@ -224,7 +224,7 @@ describe("approvals service", () => {
       // tx bytes expected to be base64-encoded
       const bytes = "dHhEYXRh"; // "txData"
 
-      (keyRingService.queryAccountDetails as any).mockResolvedValue(() => ({}));
+      (keyRingService.queryAccountDetails as any).mockResolvedValue([{}, {}]);
 
       const signaturePromise = service.approveSignTx(
         signer,

apps/extension/src/background/approvals/service.ts

@@ -79,6 +79,7 @@ export class ApprovalsService {
     if (!details) {
       throw new Error(ApprovalErrors.AccountNotFound(signer));
     }
+    const [account] = details;
 
     const pendingTx: PendingTx = {
       signer,
@@ -89,7 +90,7 @@ export class ApprovalsService {
     await this.txStore.set(msgId, pendingTx);
 
     return this.launchApprovalPopup(
-      `${TopLevelRoute.ApproveSignTx}/${msgId}/${encodeURIComponent(origin)}/${details.type}/${signer}`
+      `${TopLevelRoute.ApproveSignTx}/${msgId}/${encodeURIComponent(origin)}/${account.type}/${signer}`
     );
   }
 
@@ -214,21 +215,22 @@ export class ApprovalsService {
 
     const { tx: sdkTx } = this.sdkService.getSdk();
 
-    const txsWithSignatures = signatures.map((signature, i) => {
-      const tx = pendingTx.txs[i];
-      const signingData = tx.signingData.map((signingData) =>
-        new Message().encode(new SigningDataMsgValue(signingData))
-      );
-      const txBytes = sdkTx.appendMaspSignature(
-        tx.bytes,
-        signingData,
-        fromBase64(signature)
-      );
+    const tx = pendingTx.txs[0];
+    const signingData = tx.signingData.map((signingData) =>
+      new Message().encode(new SigningDataMsgValue(signingData))
+    );
+    const bytes = sdkTx.appendMaspSignatures(
+      tx.bytes,
+      signingData,
+      signatures.map(fromBase64)
+    );
 
-      return { ...tx, bytes: txBytes };
-    });
+    const txWithSignatures = {
+      ...tx,
+      bytes,
+    };
 
-    await this.txStore.set(msgId, { ...pendingTx, txs: txsWithSignatures });
+    await this.txStore.set(msgId, { ...pendingTx, txs: [txWithSignatures] });
   }
 
   async submitSignArbitrary(
@@ -406,11 +408,15 @@ export class ApprovalsService {
   }
 
   async approveUpdateDefaultAccount(address: string): Promise<void> {
-    const account = await this.keyRingService.queryAccountDetails(address);
+    const accounts = await this.keyRingService.queryAccountDetails(address);
+    if (!accounts) {
+      throw new Error(ApprovalErrors.AccountNotFound(address));
+    }
+    const [transactionAccount] = accounts;
 
     return this.launchApprovalPopup(TopLevelRoute.ApproveUpdateDefaultAccount, {
       address,
-      alias: account?.alias ?? "",
+      alias: transactionAccount.alias,
     });
   }
 
@@ -441,15 +447,23 @@ export class ApprovalsService {
     );
   }
 
-  async queryPendingTxBytes(msgId: string): Promise<string[] | undefined> {
+  async queryPendingTxBytes(
+    msgId: string
+  ): Promise<{ tx: string; shieldedHash?: string }[] | undefined> {
     const pendingTx = await this.txStore.get(msgId);
 
     if (!pendingTx) {
       throw new Error(ApprovalErrors.TransactionDataNotFound(msgId));
     }
 
     if (pendingTx.txs) {
-      return pendingTx.txs.map(({ bytes }) => toBase64(bytes));
+      return pendingTx.txs.map((tx) => ({
+        tx: toBase64(tx.bytes),
+        shieldedHash:
+          tx.signingData[0].shieldedHash ?
+            toBase64(tx.signingData[0].shieldedHash)
+          : undefined,
+      }));
     }
   }
 

apps/extension/src/background/keyring/keyring.ts

@@ -659,11 +659,12 @@ export class KeyRing {
   }
 
   public async updateDefaultAccount(address: string): Promise<void> {
-    const account = await this.queryAccountDetails(address);
-    if (!account) {
+    const accounts = await this.queryAccountDetails(address);
+    if (!accounts) {
       throw new Error(`Account with address ${address} not found.`);
     }
-    const { id, type } = account;
+    const [transactionAccount] = accounts;
+    const { id, type } = transactionAccount;
     await this.setActiveAccount(id, type);
   }
 
@@ -919,7 +920,7 @@ export class KeyRing {
 
   async queryAccountDetails(
     address: string
-  ): Promise<DerivedAccount | undefined> {
+  ): Promise<[DerivedAccount, DerivedAccount | undefined] | undefined> {
     const disposableKey = await this.localStorage.getDisposableSigner(address);
 
     const account = await this.vaultStorage.findOneOrFail(
@@ -931,7 +932,13 @@ export class KeyRing {
     if (!account) {
       return;
     }
-    return account.public;
+    const shieldedAccount = await this.vaultStorage.findOne(
+      KeyStore,
+      "parentId",
+      account.public.id
+    );
+
+    return [account.public, shieldedAccount?.public];
   }
 
   async genDisposableSigner(): Promise<

apps/extension/src/background/keyring/messages.ts

@@ -394,7 +394,7 @@ export class DeleteAccountMsg extends Message<
 }
 
 export class QueryAccountDetailsMsg extends Message<
-  DerivedAccount | undefined
+  [DerivedAccount, DerivedAccount | undefined] | undefined
 > {
   public static type(): MessageType {
     return MessageType.QueryAccountDetails;

apps/extension/src/background/keyring/service.ts

@@ -254,7 +254,7 @@ export class KeyRingService {
 
   async queryAccountDetails(
     address: string
-  ): Promise<DerivedAccount | undefined> {
+  ): Promise<[DerivedAccount, DerivedAccount | undefined] | undefined> {
     if (await this.vaultService.isLocked()) {
       throw new Error(ApprovalErrors.KeychainLocked());
     }

packages/sdk/src/masp/masp.ts

@@ -9,6 +9,20 @@ export class Masp {
    */
   constructor(protected readonly sdk: SdkWasm) {}
 
+  /**
+   * Get spend notes descriptor map
+   * @async
+   * @param tx - tx bytes
+   * @param shieldedHash - bytes of the shielded hash
+   * @returns - Promise resolving to an array of numbers representing the descriptor map
+   */
+  async getDescriptorMap(
+    tx: Uint8Array,
+    shieldedHash: Uint8Array
+  ): Promise<number[]> {
+    return await this.sdk.get_descriptor_map(tx, shieldedHash);
+  }
+
   /**
    * Check if SDK has MASP parameters loaded
    * @async

packages/sdk/src/tx/tx.ts

@@ -370,15 +370,15 @@ export class Tx {
    * Append signature for transactions signed by Ledger Hardware Wallet
    * @param txBytes - bytes of the transaction
    * @param signingData - signing data
-   * @param signature - masp signature
+   * @param signatures - masp signature
    * @returns transaction bytes with signature appended
    */
-  appendMaspSignature(
+  appendMaspSignatures(
     txBytes: Uint8Array,
     signingData: Uint8Array[],
-    signature: Uint8Array
+    signatures: Uint8Array[]
   ): Uint8Array {
-    return this.sdk.sign_masp_ledger(txBytes, signingData, signature);
+    return this.sdk.sign_masp_ledger(txBytes, signingData, signatures);
   }
 
   /**