tests/ledger signing (#194)

By Default, the `SignText` function in the geth usbwallet package
returns NotSupported. To resolve this, we fork that package and enable
that function to be used and use that here.

Also, this PR also updates some of the `Sign` logic in `Signable`:
* `SigningHash()` always returns the hash with the EIP 191 prefix
* `SigningMessage()` only returns the hash without the EIP 191 prefix
* The `Sign` method in `Signable` is updated to always use
`SigningMessage` instead of `SigningHash` (this is because the EIP 191
prefix is automatically added in the ledger case)
* The `Sign` function on the private key signer is updated to always add
an EIP 191 prefix before signing

This fixes two issues:
* The `NotSupported` error when using ledger
* The mismatching recovered address in the ledger E2E test

---------

Co-authored-by: ajaskolski <[email protected]>
Co-authored-by: ajaskolski <[email protected]>

Author: akhilchainani

.golangci.yml

@@ -93,6 +93,7 @@ issues:
     # Exclude the directory from linting because it will soon be removed and only contains
     # generated code. Can be removed once the gethwrappers directory is removed.
     - sdk/evm/bindings
+    - sdk/usbwallet
   exclude-rules:
     - path: _test\.go
       linters:

e2e/ledger/ledger_test.go

@@ -95,6 +95,6 @@ func TestManualLedgerSigning(t *testing.T) { //nolint:paralleltest
 	recoveredAddr, err := signature.Recover(hash)
 	require.NoError(t, err, "Failed to recover signer address")
 
-	require.Equal(t, accountPublicKey, recoveredAddr, "Signature verification failed")
+	require.Equal(t, accountPublicKey, recoveredAddr.Hex(), "Signature verification failed")
 	t.Logf("Signature verified successfully. Signed by: %s\n", recoveredAddr.Hex())
 }

go.mod

@@ -6,6 +6,7 @@ require (
 	github.com/ethereum/go-ethereum v1.14.12
 	github.com/go-playground/validator/v10 v10.23.0
 	github.com/joho/godotenv v1.5.1
+	github.com/karalabe/hid v1.0.1-0.20240306101548-573246063e52
 	github.com/smartcontractkit/chain-selectors v1.0.34
 	github.com/smartcontractkit/chainlink-testing-framework/framework v0.3.6
 	github.com/spf13/cast v1.7.0
@@ -82,7 +83,6 @@ require (
 	github.com/holiman/uint256 v1.3.1 // indirect
 	github.com/huin/goupnp v1.3.0 // indirect
 	github.com/jackpal/go-nat-pmp v1.0.2 // indirect
-	github.com/karalabe/hid v1.0.1-0.20240306101548-573246063e52 // indirect
 	github.com/klauspost/compress v1.17.9 // indirect
 	github.com/kr/pretty v0.3.1 // indirect
 	github.com/kr/text v0.2.0 // indirect

proposal.go

@@ -184,13 +184,13 @@ func (p *Proposal) SigningHash() (common.Hash, error) {
 		return common.Hash{}, err
 	}
 
-	return toEthSignedMessageHash(msg), nil
+	return toEthSignedMessageHash(msg.Bytes()), nil
 }
 
 // SigningMessage generates a signing message without the EIP191 prefix.
 // This function is used for ledger contexts where the ledger itself will apply the EIP191 prefix.
 // Corresponds to the input here https://github.com/smartcontractkit/ccip-owner-contracts/blob/main/src/ManyChainMultiSig.sol#L202
-func (p *Proposal) SigningMessage() ([32]byte, error) {
+func (p *Proposal) SigningMessage() (common.Hash, error) {
 	tree, err := p.MerkleTree()
 	if err != nil {
 		return common.Hash{}, err
@@ -263,15 +263,6 @@ func (p *Proposal) GetEncoders() (map[types.ChainSelector]sdk.Encoder, error) {
 	return encoders, nil
 }
 
-func toEthSignedMessageHash(messageHash common.Hash) common.Hash {
-	// Add the Ethereum signed message prefix
-	prefix := []byte("\x19Ethereum Signed Message:\n32")
-	data := append(prefix, messageHash.Bytes()...)
-
-	// Hash the prefixed message
-	return crypto.Keccak256Hash(data)
-}
-
 // proposalValidateBasic basic validation for an MCMS proposal
 func proposalValidateBasic(proposalObj Proposal) error {
 	validUntil := time.Unix(int64(proposalObj.ValidUntil), 0)

sdk/usbwallet/README.md

@@ -0,0 +1,10 @@
+# Notes
+
+- Lifted from Geth v1.14.7 source code accounts/usbwallet directory.
+  - Note that Geth < 1.14 version suffers from this issue described and patched here https://github.com/ethereum/go-ethereum/pull/28945.
+- Removed trezor
+- Modified to add EIP 191 support (SignPersonalMessage). The Geth library does not implement EIP 191
+intentionally, as it is less secure than its successor EIP 712. However, in the case of MCMS we explicitly 
+want the cross chain replayability possibility of EIP 191. Luckily the ledger communication  
+protocol is already fully supported. Aside from adding the new methods to the hub and wallet interfaces,
+the diff is localized to eip191.go.

sdk/usbwallet/eip191.go

@@ -0,0 +1,113 @@
+package usbwallet
+
+import (
+	"encoding/binary"
+	"fmt"
+
+	"github.com/ethereum/go-ethereum/accounts"
+	"github.com/ethereum/go-ethereum/crypto"
+)
+
+var (
+	// Add support for ledger sign personal message.
+	ledgerP1InitPersonalMessageData ledgerParam1 = 0x00 // First chunk of Personal Message data
+	ledgerP1ContPersonalMessageData ledgerParam1 = 0x80 // Next chunk of Personal Message data
+	ledgerOpSignPersonalMessage     ledgerOpcode = 0x08 // Signs an ethereum personal message
+)
+
+// signMessage implements accounts.Wallet
+// Used for EIP191 (personal signing).
+func (w *wallet) signMessage(account accounts.Account, message []byte) ([]byte, error) {
+	w.stateLock.RLock() // Comms have own mutex, this is for the state fields
+	defer w.stateLock.RUnlock()
+
+	// If the wallet is closed, abort
+	if w.device == nil {
+		return nil, accounts.ErrWalletClosed
+	}
+	// Make sure the requested account is contained within
+	path, ok := w.paths[account.Address]
+	if !ok {
+		return nil, accounts.ErrUnknownAccount
+	}
+	// All infos gathered and metadata checks out, request signing
+	<-w.commsLock
+	defer func() { w.commsLock <- struct{}{} }()
+
+	// Ensure the device isn't screwed with while user confirmation is pending
+	// TODO(karalabe): remove if hotplug lands on Windows
+	w.hub.commsLock.Lock()
+	w.hub.commsPend++
+	w.hub.commsLock.Unlock()
+
+	defer func() {
+		w.hub.commsLock.Lock()
+		w.hub.commsPend--
+		w.hub.commsLock.Unlock()
+	}()
+	signature, err := w.driver.SignPersonalMessage(path, message)
+	if err != nil {
+		return nil, err
+	}
+	return signature, nil
+}
+
+func (w *ledgerDriver) SignPersonalMessage(path accounts.DerivationPath, message []byte) ([]byte, error) {
+	// If the Ethereum app doesn't run, abort
+	if w.offline() {
+		return nil, accounts.ErrWalletClosed
+	}
+	// Ensure the wallet is capable of signing the given transaction
+	if w.version[0] < 1 && w.version[1] < 2 {
+		//lint:ignore ST1005 brand name displayed on the console
+		return nil, fmt.Errorf("Ledger version >= 1.2.0 required for personal signing (found version v%d.%d.%d)", w.version[0], w.version[1], w.version[2])
+	}
+	return w.ledgerSignPersonalMessage(path, message)
+}
+
+func (w *ledgerDriver) ledgerSignPersonalMessage(derivationPath []uint32, message []byte) ([]byte, error) {
+	// Flatten the derivation path into the Ledger request
+	path := make([]byte, 1+4*len(derivationPath))
+	path[0] = byte(len(derivationPath))
+	for i, component := range derivationPath {
+		binary.BigEndian.PutUint32(path[1+4*i:], component)
+	}
+	var messageLength [4]byte
+	binary.BigEndian.PutUint32(messageLength[:], uint32(len(message)))
+	payload := append(path, messageLength[:]...)
+	payload = append(payload, message...)
+	// Send the request and wait for the response
+	var (
+		op    = ledgerP1InitPersonalMessageData
+		reply []byte
+		err   error
+	)
+	fmt.Println("Derivation path: ", path)
+	// Chunk size selection to mitigate an underlying RLP deserialization issue on the ledger app.
+	// https://github.com/LedgerHQ/app-ethereum/issues/409
+	chunk := 255
+	for ; len(payload)%chunk <= ledgerEip155Size; chunk-- {
+	}
+
+	for len(payload) > 0 {
+		// Calculate the size of the next data chunk
+		if chunk > len(payload) {
+			chunk = len(payload)
+		}
+		// Send the chunk over, ensuring it's processed correctly
+		reply, err = w.ledgerExchange(ledgerOpSignPersonalMessage, op, 0, payload[:chunk])
+		if err != nil {
+			return nil, err
+		}
+		// Shift the payload and ensure subsequent chunks are marked as such
+		payload = payload[chunk:]
+		op = ledgerP1ContPersonalMessageData
+	}
+
+	// Extract the Ethereum signature and do a sanity validation
+	if len(reply) != crypto.SignatureLength {
+		return nil, fmt.Errorf("reply lacks signature: reploy %v", reply)
+	}
+	signature := append(reply[1:], reply[0])
+	return signature, nil
+}