diff --git a/accounts/usbwallet/ledger.go b/accounts/usbwallet/ledger.go
index 71f0f9392fc41870ce1a55c72c2e76b4622457e8..3de3b4091cfce0b8a78d3f9c95a4c7d2295c2363 100644
--- a/accounts/usbwallet/ledger.go
+++ b/accounts/usbwallet/ledger.go
@@ -52,8 +52,10 @@ const (
ledgerOpRetrieveAddress ledgerOpcode = 0x02 // Returns the public key and Ethereum address for a given BIP 32 path
ledgerOpSignTransaction ledgerOpcode = 0x04 // Signs an Ethereum transaction after having the user validate the parameters
ledgerOpGetConfiguration ledgerOpcode = 0x06 // Returns specific wallet application configuration
+ ledgerOpSignTypedMessage ledgerOpcode = 0x0c // Signs an Ethereum message following the EIP 712 specification
ledgerP1DirectlyFetchAddress ledgerParam1 = 0x00 // Return address directly from the wallet
+ ledgerP1InitTypedMessageData ledgerParam1 = 0x00 // First chunk of Typed Message data
ledgerP1InitTransactionData ledgerParam1 = 0x00 // First transaction data block for signing
ledgerP1ContTransactionData ledgerParam1 = 0x80 // Subsequent transaction data block for signing
ledgerP2DiscardAddressChainCode ledgerParam2 = 0x00 // Do not return the chain code along with the address
@@ -170,6 +172,24 @@ func (w *ledgerDriver) SignTx(path accounts.DerivationPath, tx *types.Transactio
return w.ledgerSign(path, tx, chainID)
}
+// SignTypedMessage implements usbwallet.driver, sending the message to the Ledger and
+// waiting for the user to sign or deny the transaction.
+//
+// Note: this was introduced in the ledger 1.5.0 firmware
+func (w *ledgerDriver) SignTypedMessage(path accounts.DerivationPath, domainHash []byte, messageHash []byte) ([]byte, error) {
+ // If the Ethereum app doesn't run, abort
+ if w.offline() {
+ return nil, accounts.ErrWalletClosed
+ }
+ // Ensure the wallet is capable of signing the given transaction
+ if w.version[0] < 1 && w.version[1] < 5 {
+ //lint:ignore ST1005 brand name displayed on the console
+ return nil, fmt.Errorf("Ledger version >= 1.5.0 required for EIP-712 signing (found version v%d.%d.%d)", w.version[0], w.version[1], w.version[2])
+ }
+ // All infos gathered and metadata checks out, request signing
+ return w.ledgerSignTypedMessage(path, domainHash, messageHash)
+}
+
// ledgerVersion retrieves the current version of the Ethereum wallet app running
// on the Ledger wallet.
//
@@ -367,6 +387,68 @@ func (w *ledgerDriver) ledgerSign(derivationPath []uint32, tx *types.Transaction
return sender, signed, nil
}
+// ledgerSignTypedMessage sends the transaction to the Ledger wallet, and waits for the user
+// to confirm or deny the transaction.
+//
+// The signing protocol is defined as follows:
+//
+// CLA | INS | P1 | P2 | Lc | Le
+// ----+-----+----+-----------------------------+-----+---
+// E0 | 0C | 00 | implementation version : 00 | variable | variable
+//
+// Where the input is:
+//
+// Description | Length
+// -------------------------------------------------+----------
+// Number of BIP 32 derivations to perform (max 10) | 1 byte
+// First derivation index (big endian) | 4 bytes
+// ... | 4 bytes
+// Last derivation index (big endian) | 4 bytes
+// domain hash | 32 bytes
+// message hash | 32 bytes
+//
+//
+//
+// And the output data is:
+//
+// Description | Length
+// ------------+---------
+// signature V | 1 byte
+// signature R | 32 bytes
+// signature S | 32 bytes
+func (w *ledgerDriver) ledgerSignTypedMessage(derivationPath []uint32, domainHash []byte, messageHash []byte) ([]byte, error) {
+ // Flatten the derivation path into the Ledger request
+ path := make([]byte, 1+4*len(derivationPath))
+ path[0] = byte(len(derivationPath))
+ for i, component := range derivationPath {
+ binary.BigEndian.PutUint32(path[1+4*i:], component)
+ }
+ // Create the 712 message
+ payload := append(path, domainHash...)
+ payload = append(payload, messageHash...)
+
+ // Send the request and wait for the response
+ var (
+ op = ledgerP1InitTypedMessageData
+ reply []byte
+ err error
+ )
+
+ // Send the message over, ensuring it's processed correctly
+ reply, err = w.ledgerExchange(ledgerOpSignTypedMessage, op, 0, payload)
+
+ if err != nil {
+ return nil, err
+ }
+
+ // Extract the Ethereum signature and do a sanity validation
+ if len(reply) != crypto.SignatureLength {
+ return nil, errors.New("reply lacks signature")
+ }
+ signature := append(reply[1:], reply[0])
+ return signature, nil
+}
+
// ledgerExchange performs a data exchange with the Ledger wallet, sending it a
// message and retrieving the response.
//
diff --git a/accounts/usbwallet/trezor.go b/accounts/usbwallet/trezor.go
index 0546458c47bd623ef59244968c2b0d779834d83f..c2182b88d03be087235ac58a1b3ba810071e4e68 100644
--- a/accounts/usbwallet/trezor.go
+++ b/accounts/usbwallet/trezor.go
@@ -185,6 +185,10 @@ func (w *trezorDriver) SignTx(path accounts.DerivationPath, tx *types.Transactio
return w.trezorSign(path, tx, chainID)
}
+func (w *trezorDriver) SignTypedMessage(path accounts.DerivationPath, domainHash []byte, messageHash []byte) ([]byte, error) {
+ return nil, accounts.ErrNotSupported
+}
+
// trezorDerive sends a derivation request to the Trezor device and returns the
// Ethereum address located on that path.
func (w *trezorDriver) trezorDerive(derivationPath []uint32) (common.Address, error) {
diff --git a/accounts/usbwallet/wallet.go b/accounts/usbwallet/wallet.go
index 9f74e5554f1429b79c212c4124ec3f07ea077129..b6f1814488c08375cd9e8cfe9f32ff8db6f09d77 100644
--- a/accounts/usbwallet/wallet.go
+++ b/accounts/usbwallet/wallet.go
@@ -67,6 +67,8 @@ type driver interface {
// SignTx sends the transaction to the USB device and waits for the user to confirm
// or deny the transaction.
SignTx(path accounts.DerivationPath, tx *types.Transaction, chainID *big.Int) (common.Address, *types.Transaction, error)
+
+ SignTypedMessage(path accounts.DerivationPath, messageHash []byte, domainHash []byte) ([]byte, error)
}
// wallet represents the common functionality shared by all USB hardware
@@ -524,7 +526,46 @@ func (w *wallet) signHash(account accounts.Account, hash []byte) ([]byte, error)
// SignData signs keccak256(data). The mimetype parameter describes the type of data being signed
func (w *wallet) SignData(account accounts.Account, mimeType string, data []byte) ([]byte, error) {
- return w.signHash(account, crypto.Keccak256(data))
+
+ // Unless we are doing 712 signing, simply dispatch to signHash
+ if !(mimeType == accounts.MimetypeTypedData && len(data) == 66 && data[0] == 0x19 && data[1] == 0x01) {
+ return w.signHash(account, crypto.Keccak256(data))
+ }
+
+ // dispatch to 712 signing if the mimetype is TypedData and the format matches
+ w.stateLock.RLock() // Comms have own mutex, this is for the state fields
+ defer w.stateLock.RUnlock()
+
+ // If the wallet is closed, abort
+ if w.device == nil {
+ return nil, accounts.ErrWalletClosed
+ }
+ // Make sure the requested account is contained within
+ path, ok := w.paths[account.Address]
+ if !ok {
+ return nil, accounts.ErrUnknownAccount
+ }
+ // All infos gathered and metadata checks out, request signing
+ <-w.commsLock
+ defer func() { w.commsLock <- struct{}{} }()
+
+ // Ensure the device isn't screwed with while user confirmation is pending
+ // TODO(karalabe): remove if hotplug lands on Windows
+ w.hub.commsLock.Lock()
+ w.hub.commsPend++
+ w.hub.commsLock.Unlock()
+
+ defer func() {
+ w.hub.commsLock.Lock()
+ w.hub.commsPend--
+ w.hub.commsLock.Unlock()
+ }()
+ // Sign the transaction
+ signature, err := w.driver.SignTypedMessage(path, data[2:34], data[34:66])
+ if err != nil {
+ return nil, err
+ }
+ return signature, nil
}
// SignDataWithPassphrase implements accounts.Wallet, attempting to sign the given