Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge #637: Improve support for the coming Ledger app 2.1.0
fa3c059 Add comment on disabled multisig tests; multiple keys in multisig are now supported (Salvatore Ingala) fbcbaee Convert hardened character "h" with "'" in signmessage (Salvatore Ingala) 4c293a4 Removed redundant check: - already done in the previous loop over all inputs. - moreover, the reference to the input_num variable in the error message was wrong (it should have been idx). (Salvatore Ingala) 0030b63 Update docs in can_sign_taproot (Salvatore Ingala) fb6fb63 Remove unused imports (Salvatore Ingala) 6f148a0 Make sure to run speculos with the correct app version number to use the new protocol (Salvatore Ingala) 1a0c8fa Add implementation of display_multisig_address to ledger.py (Salvatore Ingala) 961f9b5 Cold-who? (Salvatore Ingala) 8627ca7 Add support for message signing with the new protocol; kept old code for legacy protocol (Salvatore Ingala) 486cef5 Never retry legacy protocol for versions >= 2.1.* (Salvatore Ingala) 0cf2df1 Clarify comment about derivation path limitation (Salvatore Ingala) 276183a Remove mentions of limitations that were addressed before version 2.1.0 of the app (Salvatore Ingala) fc817d9 Switch to new protocol from version 2.1.* (Salvatore Ingala) 099252e Add "Bitcoin Legacy" and "Bitcoin Test Legacy" to recognized app names; use legacy protocol if app version is 1.*, or 2.0.*, or if the app name is "Bitcoin Legacy" or "Bitcoin Test Legacy" (Salvatore Ingala) Pull request description: ### Intro and context The upcoming version of the Ledger bitcoin app (version 2.1.0) will remove support to the legacy API (1.*). A number of limitations of the 2.* protocol have been addressed since the first release: - Each returned signature is now accompanied by the corresponding pubkey, instead of just the input index. - Key origin information is no longer required for external xpubs. - Multiple internal xpubs are supported (the device will sign for each internal xpub). - Introduces a modified wallet policy language matching [this proposal on bitcoin-dev](https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-May/020423.html), which addresses some drawbacks of the earlier version (most notably, removing the __change_/address-index_ from key information, and adding it to the policy's descriptor template instead). - Support for message signing was added. - OP_RETURN outputs are now supported. Since there are incompatibilities, the modified protocol from version 2.1.0 is opt-in (signaled by using `01` instead of `00` in the _p1_ field of the APDU), and the protocol of version 2.0.* (using `00` in _p1_) will still be supported in future versions for some time. Nevertheless, the `p1 == 0` protocol should is to be considered deprecated from the moment the 2.1.0 app goes live (expected in early November). All 2.* versions before 2.1.0 support the legacy 1.x protocol; therefore, in order to keep things simple, this PR **uses the legacy protocol for any version prior to 2.1.0**). I believe disruption will be minimal: users of the 2.0.* app will downgrade their multisig experience to the legacy protocol (which doesn't recognize change addresses), and are therefore recommended to upgrade to 2.1.0. Nothing changes for users that are still on the 1.* app series (upgrade is, of course, still recommended!). Moreover, the 2.1.0 adds **full support to miniscript** within `wsh` descriptors. ### Changes in this PR This is the list of changes in this PR: - Recognize "Bitcoin Legacy" and "Bitcoin Testnet Legacy" as a valid app name for the legacy protocol (regardless of the version). It will be deployed and available as an app in the Ledger app store. - Completely switch to the updated version (_p1_ = 1) of the new protocol starting from version 2.1.0; use legacy (1.*) protocol below version 2.1.0. Never retry with the legacy protocol on failure. - Remove checks for the limitations that were addressed. - Add support for message signing using the new protocol. - Add support for displaying multisig addresses. - Support multisig wallets with 16 keys (a previous version of the python library was limiting to 15 keys by mistake). Miniscript support is left for a separate PR (more comments below). ### Drawbacks Signing a psbt and displaying an address requires registering the wallet policy on the device. The current version of HWI does that right before signing (and this PR adds the same behavior for displaying addresses). This is not secure in a compromised machine if the device participates to multiple multisignature/script wallet accounts, as the adversary could trick the user into spending from a different wallet account. Moreover, miniscript support in HWI is not in this PR, since it requires larger changes to HWI. I'm working on a BIP for [miniscript wallet policies](https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-May/020423.html), and will propose a backwards-compatible and vendor-agnostic way to add native support for wallet policies in a separate PR. ACKs for top commit: achow101: ACK fa3c059 Tree-SHA512: 5391c0ad949737336e74050860ed8cf4c8bcef56e58ddedf52dc1e82e737b89a5bb1aa2af080132d2c059f71869ede9d79e1861d590c96e0e1b1d3602e314c35
- Loading branch information