## Tezio Wallet

Welcome to Tezio Wallet, an Arduino-based hardware wallet for the Tezos blockchain. Tezio Wallet is compatible with the Arduino MKR WiFi 1010 and the Arduino Nano 33 IoT, both of which include a cryptographic coprocessor to securely store keys and perform certain crytpographic functions. 

###  Installation

Install the Arduino IDE. Download and move the `TezioWallet` folder to your Arduino libraries folder, which is usually `My Documents\Arduino\libraries` on Windows or `Documents\Arduino\libraries` on macOS. Open the Arduino IDE and install the following dependencies using `Tools > Manage Libraries...`.

- ArduinoECCX08
- Crypto
- micro-ecc

### Usage

#### Setup

Running Tezio Wallet on your Arduino device requires that the device first be configured, provisioned, and locked. This is done using the `Tezio_Wallet_Setup.ino` sketch. The sketch runs an interactive setup process using the Arduino IDE's Serial Monitor to share data with the user and get user inputs. The process begins by loading default configuration data onto the Arduino's cryptographic coprocessor. Once the configuration data is written to the device, the user has the option to lock the cofiguration zone. This must be done before the device can be used. Note that the default configuration data stored in the `configuration.h` file is set up to enable current functionality but also to allow for possible future functionality such as encrypted writes to certain slots of the cryptochip's data zone. After the device is configured, the sketch proceeds to derive HD wallet cryptographic keys from a user supplied mnemonic phrase specifice in the `secrets.h` file, or if a mnemonic phrase isn't provided the sketch proceeds to derive a new 24 word phrase using entropy provided by the cryptochip's true random number generator. Mnemonic and key derivation are carried out using specifications outlined in the BIP-0039, BIP-0032, BIP-0044, SLIP-0044, and SLIP-0010. Secret keys are derived for all three elliptic curves supported by the Tezos blockchain: Ed25519, Secp256k1, and NIST P256 (Secp256r1). The keys are written to the Arduino's cryptochip. A user supplied read/write key is also written to the device. The read/write key will allow the user to perform encrypted reads and writes to certain data slots of the device after it is locked. After keys are written, the user is given the option to lock the cryptochip's data zone. After the data zone is locked, clear writes of cryptographic secrets will no longer be supported. The device must be locked before use. 

#### API

After the device is setup, provisioned, and locked, upload the `Tezio_Wallet_API.ino` sketch. The sketch can be run in debug (interactive) mode using the Arduino IDE's serial monitor. However, setting the debug flag to false puts the device into listening mode. It can then be connected via USB to any host machine and recieve and send data via serial. The API sketch invokes the TezioWallet_API class to expose certain cryptographic tools to the host device. Importantly, private (secret) keys never leave the device. In fact, the cryptochip implements hardware support for cryptographic functions using the NIST P256 curve so the NIST P256 secret key never leaves the cryptochip's secure element. This hardware support also means that cryptographic functions involving the NIST P256 curve are much faster than those of the other supported curves. Below are details about the structure of data packets sent and received using the API. This if followed by example interactions with a Tezio Wallet using python. 

### Packet Structure

#### To Wallet

Packets of bytes sent to the hardware wallet have four parts, one prefix byte, two length byte (LSB first), one or more body bytes, and two checksum bytes.

`packet = prefix (1 byte) + length (2 byte) + body (1 or more bytes) + checksum (2 bytes)`

The body is composed of an operation code (opCode), parameters, and data. 

`body = opCode (1 byte) + param1 (1 byte) + param2 (1 byte) + param3 (2 bytes) + data (1 or more bytes)`

A call may not require all parameters but if data is part of the body then values for all parameters must also be included. Parameter 3 is represented in code as a 16-bit variable but is always sent as two bytes with the LSB first. Packets are constructed as follows. First the body is constructed. The length bytes are the length of the body plus 3 to count both the length byte itself and the checksum bytes. The crc16 checksum is then computed for the length and body bytes. The checksum is appended LSB first. The prefix, which serves as a listening byte for the hardware wallet, is always 0x03. 

#### From Wallet

Packets of bytes received from the hardware wallet are similar but do not include a prefix since the host does not need to listen but simply waits for a reply to arrive. The body of the reply depends on the operation being executed.

`packet = length (2 byte) + body (1 or more bytes) + checksum (2 bytes)`

## Tezio Wallet API Operations

At the time of writing, the Tezio Wallet API implements the following three operations:
- op_get_pk: Query the wallet for a public key corresonding to one of the secret private keys stored on the cryptochip. The public key returned can be raw bytes, compressed, base58 encoded, or as a Tezos public key hash (address). 
- op_sign: Send a message to the wallet for signing. The message can be raw bytes or pre-hashed by the host maching. The signature returned can be raw bytes or base58 encoded.
- op_verify: Send a message and signature to the wallet for signature verification. The message can be raw bytes or pre-hashed and the signature can be raw bytes or base58 encoded. 

Accepted values and meanings for packet parameters param1, param2, param3, and packet data are summarized in the tables below. 

### Get Public Key Operation (op_get_pk)

| Packet Vars | Value |
|-------------|-------| 
| opCode      | 0x11  |
| param1      | curve |
| param2      | mode  |
| param3      | -     |
| data        | -     |


| curve | ECC curve |
|-------|-----------|
| 0x01  | Ed25519   |
| 0x02  | Secp256k1 |
| 0x03  | NIST P256 |

| mode | Public Key Format           |
|------|-----------------------------|
| 0x01 | Raw (32 or 64 bytes)        |
| 0x02 | Compressed (32 or 33 bytes) |
| 0x03 | Base58 Checksum Encoded     |
| 0x04 | Hashed (Tezos Address)      |

### Sign Operation (op_sign)

*param3 is not used but a value must be included whenever data is sent as part of the packet

| Packet Vars | Value  |
|-------------|--------| 
| opCode      | 0x21   |
| param1      | curve  |
| param2      | mode   |
| param3      | 0x0000 |
| data        | message|


| curve | ECC curve |
|-------|-----------|
| 0x01  | Ed25519   |
| 0x02  | Secp256k1 |
| 0x03  | NIST P256 |

| mode | message hashed | signature format        |
|------|----------------|-------------------------|
| 0x00 | N/A            | Default Signature (Base58 Checksum Encoded Zeros) |
| 0x01 | yes            | Raw (64 bytes)          |
| 0x02 | yes            | Base58 Checksum Encoded |
| 0x03 | no             | Raw (64 bytes)          |
| 0x04 | no             | Base58 Checksum Encoded |

### Verify Operation (op_verify)

| Packet Vars | Value              |
|-------------|--------------------| 
| opCode      | 0x22               |
| param1      | curve              |
| param2      | mode               |
| param3      | message length     |
| data        | message + signature|

| curve | ECC curve |
|-------|-----------|
| 0x01  | Ed25519   |
| 0x02  | Secp256k1 |
| 0x03  | NIST P256 |

| mode | message hashed | signature format        |
|------|----------------|-------------------------|
| 0x01 | yes            | Raw (64 bytes)          |
| 0x02 | yes            | Base58 Checksum Encoded |
| 0x03 | no             | Raw (64 bytes)          |
| 0x04 | no             | Base58 Checksum Encoded |

### Write Keys Operation (op_write_keys)

| Packet Vars | Value                  |
|-------------|------------------------| 
| opCode      | 0x32                   |
| param1      | curve                  |
| param2      | mode                   |
| param3      | 0x0000                 |
| data        | ECC secret key         |

| curve | ECC curve |
|-------|-----------|
| 0x01  | Ed25519   |
| 0x02  | Secp256k1 |
| 0x03  | NIST P256 |

| mode | key format                                                 |
|------|------------------------------------------------------------|
| 0x01 | Raw (32 bytes)                                             |
| 0x02 | Base58 Checksum Encoded                                    |
| 0x03 | Base58 Checksum Encoded Ed25519 Key w/ Public Key Appended |

## Example Tezio Wallet Operations

Each of the above operations is demonstrated below. A Python file Tezio.py defines two useful classes, TezioWallet and TezioRPC. Ensure this file is in the same director as this notebook. TezioWallet facilitates interactions with the hardware wallet while TezioRPC implements remote procedure calls to the Tezos network. 

In [4]:
# import TezioWallet from Tezio.py 
# TezioWallet uses the 'serial' module. Ensure it is installed (pip install pyserial)
from Tezio import TezioWallet

In [2]:
# retrieve the public key for curve NIST P256 (curve 0x03) in compressed format (mode 0x02)
opCode = 0x11
param1 = 0x03 
param2 = 0x02 

myWallet = TezioWallet()
myWallet.build_packet(opCode, param1, param2)
    
print('Packet to be sent...')
print(myWallet.packet.hex())
print()

if (not myWallet.query_wallet()):
    print('Wallet query failed')

print('Response received...')
print(myWallet.response.hex())

Packet to be sent...
030700110302300a

Response received...
03105a7d89a3f6c5b3691dd055944556c9858041f86da391b01c8389115b5209f6


In [6]:
myWallet.com

'/dev/cu.usbmodem14401'

In [7]:
# retrieve the public key hash for the Ed25519 curve 
opCode = 0x11
param1 = 0x01 
param2 = 0x03

myWallet = TezioWallet()
myWallet.build_packet(opCode, param1, param2)

print('Packet to be sent...')
print(myWallet.packet.hex())
print()

if (not myWallet.query_wallet()):
    print('Wallet query failed')

print('Decoded response received...')
print(myWallet.response.decode('utf-8'))

Packet to be sent...
0307001101033606

Decoded response received...
edpkv1EQnd7cMykpzKuo8xEnioizPd3nP6YYoyoRyRmVK5Vg7TfsCB


In [8]:
# do the same but use the get_pk method
myWallet = TezioWallet(1) # argument is curve to use (param 1)
public_key = myWallet.get_pk(3) # argument is mode (param 2)
print(public_key.decode('utf-8'))

edpkv1EQnd7cMykpzKuo8xEnioizPd3nP6YYoyoRyRmVK5Vg7TfsCB


In [9]:
# get default signature for a curve (base58 checksum encoded zeros)
opCode = 0x21
param1 = 0x03
param2 = 0x00

myWallet = TezioWallet()
myWallet.build_packet(opCode, param1, param2);
print('Packet to be sent...')
print(myWallet.packet.hex())
print()

if (not myWallet.query_wallet()):
    print('Wallet query failed')

print('Base58 encoded signature from the body of the reply...')
print(myWallet.response.decode('utf-8'))


Packet to be sent...
030700210300ff89

Base58 encoded signature from the body of the reply...
p2sigMJWuMaj1zAfVMzdZzFnoncCKE7faHzJ7coB6h3ziUiGeZoTZUNfYSQR5t2dJ6cFWCvUx8CZdLRCigAUtrt2JEfRzvbDnL


In [10]:
# sign an unhased message using the Secp256k1 curve and getting a base58 checksum endoced result
opCode = 0x21
param1 = 0x02
param2 = 0x04
param3 = 0x0000 # not used but needed in packet since data is included
# data = bytearray('This is my message. There are many like it but this is mine', 'utf-8') # 32 bytes so hashed or unhashed mode works
data = bytearray('abcdefghijklmnopqrstuvwxyz012345', 'utf-8')

myWallet = TezioWallet()
myWallet.build_packet(opCode, param1, param2, param3, data);
print('Packet to be sent...')
print(myWallet.packet.hex())
print()

if (not myWallet.query_wallet()):
    print('Wallet query failed')

print('Base58 encoded signature from the body of the reply...')
print(myWallet.response.decode('utf-8'))

Packet to be sent...
03290021020400006162636465666768696a6b6c6d6e6f707172737475767778797a303132333435b15f

Base58 encoded signature from the body of the reply...
spsig1D4fFWPBrAMe4pqCZ6taipR68yYUFT4wSV5M1BfUKU9idP13B8iMdytkhvjBJe9EYQ9idub3AaKk7z5yH329gSEyH8aTuf


In [11]:
# do the same with the op_sign method
myWallet = TezioWallet(2) # argument is curve to use (param 1)
message = 'abcdefghijklmnopqrstuvwxyz012345'
mode = 4 # param 2
signature = myWallet.sign(mode, message) 
print(signature.decode('utf-8'))

spsig1EnNqoPcE1cNsqqBeT8rakqNkMoNSoxEDjFN4jqRMULC9x3Lfq6ve39NWyLj3ZJrDeNwV1ECS4j2jPLmZ82gWW1m6CTEZq


In [12]:
# verify the signature
opCode = 0x22
# param1 and param2 are unchanged
param3 = len(data) 
sig = myWallet.response # signature from last query
data = list(data) + list(sig) # the data is not the message signed with the signature appended

print(param3)
print(len(sig))

myWallet = TezioWallet()
myWallet.build_packet(opCode, param1, param2, param3, data);
print('Packet to be sent...')
print(myWallet.packet.hex())
print()

if (not myWallet.query_wallet()):
    print('Wallet query failed')

print('Signature valid (0x01) or invalid (0x00)...')
print(myWallet.response.hex())

32
99
Packet to be sent...
038c0022020420006162636465666768696a6b6c6d6e6f707172737475767778797a303132333435737073696731456e4e716f50634531634e7371714265543872616b714e6b4d6f4e536f7845446a464e346a71524d554c433978334c667136766533394e57794c6a335a4a7244654e775631454353346a326a504c6d5a3832675757316d364354455a71cc57

Signature valid (0x01) or invalid (0x00)...
01


## Example Tezio Remote Procedure Calls (RPCs)

The TezioRPC class defines methods to carry out three fundamental operations on the Tezos blockchain, public key reveal (which must be done by all accounts to enable all other on-chain interactions), a transaction to send tez to another account, and delegation. Each of these is demonstrated below on the testnet for the Tezio Wallet account that uses the NIST P256 curve. 

<strong>NOTE: The account being used (in this case tz3MyarJihHrejsze59J2Seita7jYWDCJDPe) needs some tez to send and to pay transaction fees. Before proceding send some tez to the account from another test account.</strong>

In [1]:
# import the TezioWallet and TezioRPC classes
from Tezio import TezioWallet, TezioRPC

In [2]:
# specify public node url (in this case a testnet node) and wallet keys to use
nodeURL = 'https://rpc.ghostnet.teztnets.xyz'
myWallet = TezioWallet(3) # using NIST P256 keys (curve = 3)
myRPC = TezioRPC(nodeURL, myWallet)
myRPC.account

'tz3MyarJihHrejsze59J2Seita7jYWDCJDPe'

In [None]:
# reveal the public key for this account. This is needed so the network can verify signatures of future transactions
results = myRPC.reveal()

In [3]:
# delegate to a baker
delegate = 'tz1NiaviJwtMbpEcNqSP6neeoBYj8Brb3QPv' # delegate address
results = myRPC.delegation(delegate)

Simulating operation...
Baker fees and storage (burn) estimates:
Fee: 0.000397 tez
Storage: 0.0 tez
Inject operation? (Y/N)Y
Preapply operation...
Injecting operation...
Operation hash...
ooLbUqNuWCcMc2fCGLbXmbxAk6otaZbFEfctTowwBUJbjszEsDm


In [4]:
# send one tez (1000000 mutez) to another address, in this case the address for the Secp256k1 curve
# on the same Tezio Wallet
destination = 'tz2Dy8HhPZZqmxVK5hE8Unc66fiWvqY8wFXN'
results = myRPC.send_mutez(1000000, destination)

Simulating operation...
Baker fees and storage (burn) estimates:
Fee: 0.000451 tez
Storage: 0.0 tez
Inject operation? (Y/N)Y
Preapply operation...
Injecting operation...
Operation hash...
opPzWriZygfe5rzfy2EpQmCSGfC8M2TtauDsSsy4mZxmQXjEqVB
