defines MultisigHardwareSigner for Ledger multisig keys (#5366)

hughy · web-flow · commit 1b640a20ab0e · 2024-09-12T15:36:50.000-07:00
a multisig account generated using a Ledger device will have a access to the
participant identity, but not the secret or keyPackage

uses a separate interface for MultisigHardwareSigner to cover this case and
expands the MultisigKeys type to cover this interface

the distinct interface allows us to store multisig keys for the Ledger case
without a database migration for existing multisig keys
diff --git a/ironfish/src/wallet/interfaces/multisigKeys.ts b/ironfish/src/wallet/interfaces/multisigKeys.ts
@@ -8,8 +8,13 @@ export interface MultisigSigner {
   publicKeyPackage: string
 }
 
+export interface MultisigHardwareSigner {
+  identity: string
+  publicKeyPackage: string
+}
+
 export interface MultisigCoordinator {
   publicKeyPackage: string
 }
 
-export type MultisigKeys = MultisigSigner | MultisigCoordinator
+export type MultisigKeys = MultisigSigner | MultisigHardwareSigner | MultisigCoordinator
diff --git a/ironfish/src/wallet/walletdb/multiSigKeys.test.ts b/ironfish/src/wallet/walletdb/multiSigKeys.test.ts
@@ -1,7 +1,11 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at https://mozilla.org/MPL/2.0/. */
-import { MultisigCoordinator, MultisigSigner } from '../interfaces/multisigKeys'
+import {
+  MultisigCoordinator,
+  MultisigHardwareSigner,
+  MultisigSigner,
+} from '../interfaces/multisigKeys'
 import { MultisigKeysEncoding } from './multisigKeys'
 
 describe('multisigKeys encoder', () => {
@@ -32,4 +36,18 @@ describe('multisigKeys encoder', () => {
       expect(deserializedValue).toEqual(value)
     })
   })
+
+  describe('with a hardware multisig', () => {
+    it('serializes the value into a buffer and deserialized to the original value', () => {
+      const encoder = new MultisigKeysEncoding()
+
+      const value: MultisigHardwareSigner = {
+        publicKeyPackage: 'aaaa',
+        identity: 'c0ffee',
+      }
+      const buffer = encoder.serialize(value)
+      const deserializedValue = encoder.deserialize(buffer)
+      expect(deserializedValue).toEqual(value)
+    })
+  })
 })
diff --git a/ironfish/src/wallet/walletdb/multisigKeys.ts b/ironfish/src/wallet/walletdb/multisigKeys.ts
@@ -4,20 +4,27 @@
 import bufio from 'bufio'
 import { Assert } from '../../assert'
 import { IDatabaseEncoding } from '../../storage'
-import { MultisigKeys, MultisigSigner } from '../interfaces/multisigKeys'
+import {
+  MultisigHardwareSigner,
+  MultisigKeys,
+  MultisigSigner,
+} from '../interfaces/multisigKeys'
 
 export class MultisigKeysEncoding implements IDatabaseEncoding<MultisigKeys> {
   serialize(value: MultisigKeys): Buffer {
     const bw = bufio.write(this.getSize(value))
 
     let flags = 0
     flags |= Number(!!isSignerMultisig(value)) << 0
+    flags |= Number(!!isHardwareSignerMultisig(value)) << 1
     bw.writeU8(flags)
 
     bw.writeVarBytes(Buffer.from(value.publicKeyPackage, 'hex'))
     if (isSignerMultisig(value)) {
       bw.writeVarBytes(Buffer.from(value.secret, 'hex'))
       bw.writeVarBytes(Buffer.from(value.keyPackage, 'hex'))
+    } else if (isHardwareSignerMultisig(value)) {
+      bw.writeVarBytes(Buffer.from(value.identity, 'hex'))
     }
 
     return bw.render()
@@ -28,6 +35,7 @@ export class MultisigKeysEncoding implements IDatabaseEncoding<MultisigKeys> {
 
     const flags = reader.readU8()
     const isSigner = flags & (1 << 0)
+    const isHardwareSigner = flags & (1 << 1)
 
     const publicKeyPackage = reader.readVarBytes().toString('hex')
     if (isSigner) {
@@ -38,6 +46,12 @@ export class MultisigKeysEncoding implements IDatabaseEncoding<MultisigKeys> {
         secret,
         keyPackage,
       }
+    } else if (isHardwareSigner) {
+      const identity = reader.readVarBytes().toString('hex')
+      return {
+        publicKeyPackage,
+        identity,
+      }
     }
 
     return {
@@ -53,6 +67,8 @@ export class MultisigKeysEncoding implements IDatabaseEncoding<MultisigKeys> {
     if (isSignerMultisig(value)) {
       size += bufio.sizeVarString(value.secret, 'hex')
       size += bufio.sizeVarString(value.keyPackage, 'hex')
+    } else if (isHardwareSignerMultisig(value)) {
+      size += bufio.sizeVarString(value.identity, 'hex')
     }
 
     return size
@@ -63,6 +79,12 @@ export function isSignerMultisig(multisigKeys: MultisigKeys): multisigKeys is Mu
   return 'keyPackage' in multisigKeys && 'secret' in multisigKeys
 }
 
+export function isHardwareSignerMultisig(
+  multisigKeys: MultisigKeys,
+): multisigKeys is MultisigHardwareSigner {
+  return 'identity' in multisigKeys
+}
+
 export function AssertIsSignerMultisig(
   multisigKeys: MultisigKeys,
 ): asserts multisigKeys is MultisigSigner {

Original file line number	Diff line number	Diff line change
`@@ -8,8 +8,13 @@ export interface MultisigSigner {`
`8`	`8`	`publicKeyPackage: string`
`9`	`9`	`}`
`10`	`10`
	`11`	`+export interface MultisigHardwareSigner {`
	`12`	`+ identity: string`
	`13`	`+ publicKeyPackage: string`
	`14`	`+}`
	`15`	`+`
`11`	`16`	`export interface MultisigCoordinator {`
`12`	`17`	`publicKeyPackage: string`
`13`	`18`	`}`
`14`	`19`
`15`		`-export type MultisigKeys = MultisigSigner \| MultisigCoordinator`
	`20`	`+export type MultisigKeys = MultisigSigner \| MultisigHardwareSigner \| MultisigCoordinator`