Oraclize random datasource - Ledger Nano S source code
This folder contains the random datasource source code that runs on the Ledger device. The code is commented extensively in order to improve its readability.
Due limitations in the memory size, the insertion is done step by step, in an iterative way, in collaboration with the host application. The data structure used is similar to a radix-tree. First, the leaf node is updated and then the rest of the nodes (since their hash value has to be changed, think of a merkle tree update). In each step, the consistency of the procedure is validated by the ledger device. Last, the new roothash is calculated and stored.
The state can be exported and imported using the functions provided. Only the latest exported state will be imported successfully!
Random data generation by the LEDGER_NANO_S device (opcode 0x22):
check if the requested time delay (dt) has passed.
sign the (keyhash, dt, Nbyte, nonce) tuple with the session private key (SessionPrivKey).
hash the signature generated in the previous step: SHA256(signature).
pick Nbytes (1-32) from the generated hash.
*keyhash = SHA256(t0, dt, nonce, Nbytes)
**signature = SessionPrivKey_Sign(SHA256(keyhash, dt, Nbytes, nonce))
Nbytes: number of random bytes to be returned, initially requested by the contract/user.
Nonce: random nonce provided by the user
t0: the time when the request was sent to the device (number of ticks)
dt: the time delay - time needed to pass in order to generate the results (set by the user)
SessionPrivKey, SessionPubKey: the corrsesponding private and public key of the keypair generated by the device and is valid for the entire session (till the app is deleted ot reinstalled).
How to verify that the code running is actually the one provided in the github repository
In order to verify that the code being executed by the Oraclize datasource is the one actually provided in the Github repository you should download it, generate its CODEHASH (SHA256 of the binary file compiled with the tools provided by Ledger) and compare it with the one hardcoded in the proof verification that you are using. The procedure involves setting up the Ledger development environment using a Docker container image, downloading the repository, and compiling the corresponding source code. We have automated the whole procedure for you, just follow the steps below!
1- Development environment setup
docker pull nbasim/ledger-blue-sdk docker run -t -i nbasim/ledger-blue-sdk /bin/bash cd home git clone https://github.com/LedgerHQ/nanos-secure-sdk.git cd nanos-secure-sdk/ git reset --hard 1525802dda0b5437439c61b79f49e632b2080d14 apt-get update apt-get install -y libc6-dev-i386
2- Download and compile the application
cd /home git clone https://github.com/oraclize/random-datasource.git cd random-datasource/ledger/blue-app-rng/ make BOLOS_ENV=/opt/ledger-blue/ BOLOS_SDK=/home/nanos-secure-sdk
3- Generate the CODEHASH
cd /home git clone https://github.com/LedgerHQ/blue-loader-python.git cp -r blue-loader-python/ledgerblue/ /usr/local/lib/python2.7/dist-packages/ledgerblue/ python -m ledgerblue.hashApp --hex bin/token.hex
4- Check the CODEHASH you got with the expected one: