13 |
24 | {siteConfig.title}
14 |{siteConfig.tagline}
15 |
16 |
20 | Getting Started
21 |
22 |
23 | docs directory.
29 |
30 | ),
31 | },
32 | {
33 | title: 'Powered by React',
34 | image: '/img/undraw_docusaurus_react.svg',
35 | description: (
36 | <>
37 | Extend or customize your website layout by reusing React. Docusaurus can
38 | be extended while reusing the same header and footer.
39 |
40 | ),
41 | },
42 | ];
43 |
44 | function Feature({ title, image, description }: FeatureItem) {
45 | return (
46 |
47 |
55 | );
56 | }
57 |
58 | export default function HomepageFeatures(): JSX.Element {
59 | return (
60 |
48 | 
49 |
50 |
51 |
54 | {title}
52 |{description}
53 |
62 |
68 |
63 | {FeatureList.map((props, idx) => (
64 |
67 |
49 |
94 | );
95 | }
96 |
97 | export default App;
98 |
--------------------------------------------------------------------------------
/src/functions/addKvRecords.ts:
--------------------------------------------------------------------------------
1 | import {
2 | LatticeSecureEncryptedRequestType,
3 | encryptedSecureRequest,
4 | } from '../protocol';
5 | import {
6 | validateConnectedClient,
7 | validateKvRecord,
8 | validateKvRecords,
9 | } from '../shared/validators';
10 | import {
11 | AddKvRecordsRequestFunctionParams,
12 | KVRecords,
13 | FirmwareConstants,
14 | } from '../types';
15 |
16 | /**
17 | * `addKvRecords` takes in a set of key-value records and sends a request to add them to the
18 | * Lattice.
19 | * @category Lattice
20 | * @returns A callback with an error or null.
21 | */
22 | export async function addKvRecords({
23 | client,
24 | records,
25 | type,
26 | caseSensitive,
27 | }: AddKvRecordsRequestFunctionParams): PromiseEXAMPLE APP
50 |
51 |
93 |
60 |
73 |
74 |
83 |
90 |
91 |
51 |
125 | );
126 | };
127 |
--------------------------------------------------------------------------------
/src/__test__/integration/__mocks__/handlers.ts:
--------------------------------------------------------------------------------
1 | import { http, HttpResponse } from 'msw';
2 | import connectResponse from './connect.json';
3 | import getAddressesResponse from './getAddresses.json';
4 | import signResponse from './sign.json';
5 | import fetchActiveWalletResponse from './fetchActiveWallet.json';
6 | import addKvRecordsResponse from './addKvRecords.json';
7 | import getKvRecordsResponse from './getKvRecords.json';
8 | import removeKvRecordsResponse from './removeKvRecords.json';
9 | import {
10 | etherscanResponse0x06412d7e,
11 | etherscanResponse0x7a250d56,
12 | etherscanResponse0xa0b86991,
13 | etherscanResponse0xc36442b6,
14 | } from './etherscan';
15 | import {
16 | fourbyteResponse0c49ccbe,
17 | fourbyteResponse0x38ed1739,
18 | fourbyteResponse0x6a761202,
19 | fourbyteResponse0xa9059cbb,
20 | fourbyteResponseac9650d8,
21 | fourbyteResponsefc6f7865,
22 | } from './4byte';
23 |
24 | export const handlers = [
25 | http.post('https://signing.gridpl.us/test/connect', () => {
26 | return HttpResponse.json(connectResponse);
27 | }),
28 | http.post('https://signing.gridpl.us/test/getAddresses', () => {
29 | return HttpResponse.json(getAddressesResponse);
30 | }),
31 | http.post('https://signing.gridpl.us/test/sign', () => {
32 | return HttpResponse.json(signResponse);
33 | }),
34 | http.post('https://signing.gridpl.us/test/fetchActiveWallet', () => {
35 | return HttpResponse.json(fetchActiveWalletResponse);
36 | }),
37 | http.post('https://signing.gridpl.us/test/addKvRecords', () => {
38 | return HttpResponse.json(addKvRecordsResponse);
39 | }),
40 | http.post('https://signing.gridpl.us/test/getKvRecords', () => {
41 | return HttpResponse.json(getKvRecordsResponse);
42 | }),
43 | http.post('https://signing.gridpl.us/test/removeKvRecords', () => {
44 | return HttpResponse.json(removeKvRecordsResponse);
45 | }),
46 | http.get('https://api.etherscan.io/api', ({ request }) => {
47 | const url = new URL(request.url);
48 | const module = url.searchParams.get('module');
49 | const action = url.searchParams.get('action');
50 | const address = url.searchParams.get('address');
51 |
52 | if (module === 'contract' && action === 'getabi') {
53 | if (address === '0xa0b86991c6218b36c1d19d4a2e9eb0ce3606eb48') {
54 | return HttpResponse.json({
55 | result: JSON.stringify(etherscanResponse0xa0b86991),
56 | });
57 | }
58 | if (address === '0x7a250d5630b4cf539739df2c5dacb4c659f2488d') {
59 | return HttpResponse.json({
60 | result: JSON.stringify(etherscanResponse0x7a250d56),
61 | });
62 | }
63 | if (address === '0xc36442b4a4522e871399cd717abdd847ab11fe88') {
64 | return HttpResponse.json({
65 | result: JSON.stringify(etherscanResponse0xc36442b6),
66 | });
67 | }
68 | if (address === '0x06412d7ebfbf66c25607e2ed24c1d207043be327') {
69 | return HttpResponse.json({
70 | result: JSON.stringify(etherscanResponse0x06412d7e),
71 | });
72 | }
73 | }
74 | return new HttpResponse(null, { status: 404 });
75 | }),
76 | http.get('https://www.4byte.directory/api/v1/signatures', ({ request }) => {
77 | const url = new URL(request.url);
78 | const hexSignature = url.searchParams.get('hex_signature');
79 | if (hexSignature === '0xa9059cbb') {
80 | return HttpResponse.json(fourbyteResponse0xa9059cbb);
81 | }
82 | if (hexSignature === '0x38ed1739') {
83 | return HttpResponse.json(fourbyteResponse0x38ed1739);
84 | }
85 | if (hexSignature === '0xac9650d8') {
86 | return HttpResponse.json(fourbyteResponseac9650d8);
87 | }
88 | if (hexSignature === '0x0c49ccbe') {
89 | return HttpResponse.json(fourbyteResponse0c49ccbe);
90 | }
91 | if (hexSignature === '0xfc6f7865') {
92 | return HttpResponse.json(fourbyteResponsefc6f7865);
93 | }
94 | if (hexSignature === '0x6a761202') {
95 | return HttpResponse.json(fourbyteResponse0x6a761202);
96 | }
97 | return new HttpResponse(null, { status: 404 });
98 | }),
99 | ];
100 |
--------------------------------------------------------------------------------
/.github/workflows/build-test.yml:
--------------------------------------------------------------------------------
1 | name: CI
2 |
3 | on:
4 | push:
5 | branches:
6 | - main
7 | - dev
8 | - 'release/**'
9 | pull_request:
10 | branches:
11 | - main
12 | - dev
13 | - 'release/**'
14 |
15 | jobs:
16 | build:
17 | name: Lint, Build & Unit, E2E Tests
18 | runs-on: ubuntu-latest
19 | permissions:
20 | contents: read
21 | packages: read
22 | env:
23 | INTERNAL_EVENT: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository }}
24 |
25 | steps:
26 | - name: Checkout code
27 | uses: actions/checkout@v5
28 |
29 | - name: Install Node.js
30 | uses: actions/setup-node@v3
31 | with:
32 | node-version: 20.x
33 |
34 | - name: Install pnpm
35 | uses: pnpm/action-setup@v2
36 | with:
37 | version: 9
38 |
39 | - name: Install dependencies
40 | run: pnpm install
41 |
42 | - name: Run linter
43 | run: pnpm run lint
44 |
45 | - name: Run tests
46 | run: pnpm run test
47 |
48 | - name: Build project
49 | run: pnpm run build
50 |
51 | - name: Release a nightly build
52 | if: env.INTERNAL_EVENT == 'true'
53 | run: pnpx pkg-pr-new publish
54 |
55 | - name: Checkout lattice-simulator
56 | if: env.INTERNAL_EVENT == 'true'
57 | uses: actions/checkout@v5
58 | with:
59 | repository: GridPlus/lattice-simulator
60 | path: lattice-simulator
61 | token: ${{ secrets.GRIDPLUS_SIM_PAT }}
62 |
63 | - name: Install simulator dependencies
64 | if: env.INTERNAL_EVENT == 'true'
65 | working-directory: lattice-simulator
66 | run: pnpm install
67 |
68 | - name: Start simulator in background
69 | if: env.INTERNAL_EVENT == 'true'
70 | working-directory: lattice-simulator
71 | env:
72 | CI: '1'
73 | DEBUG_SIGNING: '1'
74 | DEBUG: 'lattice*'
75 | LATTICE_MNEMONIC: 'test test test test test test test test test test test junk'
76 | PORT: '3000'
77 | DEVICE_ID: 'SD0001'
78 | PASSWORD: '12345678'
79 | PAIRING_SECRET: '12345678'
80 | ENC_PW: '12345678'
81 | run: |
82 | pnpm run dev > simulator.log 2>&1 &
83 | echo $! > simulator.pid
84 | echo "Simulator PID: $(cat simulator.pid)"
85 |
86 | # Wait for simulator to be ready
87 | echo "Waiting for simulator to start..."
88 | for i in {1..30}; do
89 | if curl -s http://localhost:3000 > /dev/null 2>&1; then
90 | echo "Simulator is ready!"
91 | break
92 | fi
93 | if [ $i -eq 30 ]; then
94 | echo "Simulator failed to start within 30 seconds"
95 | cat simulator.log
96 | exit 1
97 | fi
98 | sleep 1
99 | done
100 |
101 | - name: Run SDK e2e tests with simulator
102 | if: env.INTERNAL_EVENT == 'true'
103 | working-directory: ${{ github.workspace }}
104 | env:
105 | CI: '1'
106 | DEBUG_SIGNING: '1'
107 | baseUrl: 'http://127.0.0.1:3000'
108 | DEVICE_ID: 'SD0001'
109 | PASSWORD: '12345678'
110 | PAIRING_SECRET: '12345678'
111 | ENC_PW: '12345678'
112 | APP_NAME: 'lattice-manager'
113 | run: pnpm run e2e --reporter=basic
114 |
115 | - name: Show simulator logs on failure
116 | if: failure() && env.INTERNAL_EVENT == 'true'
117 | working-directory: lattice-simulator
118 | run: |
119 | echo "=== Simulator logs ==="
120 | cat simulator.log || echo "No simulator logs found"
121 |
122 | - name: Stop simulator
123 | if: always() && env.INTERNAL_EVENT == 'true'
124 | working-directory: lattice-simulator
125 | run: |
126 | if [ -f simulator.pid ]; then
127 | kill $(cat simulator.pid) || true
128 | fi
129 |
--------------------------------------------------------------------------------
/src/shared/utilities.ts:
--------------------------------------------------------------------------------
1 | import { HARDENED_OFFSET } from '../constants';
2 | import { KeyPair, ActiveWallets, FirmwareVersion } from '../types';
3 |
4 | /**
5 | * Get 64 bytes representing the public key This is the uncompressed key without the leading 04
6 | * byte
7 | * @param KeyPair - //TODO Describe the keypair
8 | * @param LE - Whether to return the public key in little endian format.
9 | * @returns A Buffer containing the public key.
10 | */
11 | export const getPubKeyBytes = (key: KeyPair, LE = false) => {
12 | const k = key.getPublic();
13 | const p = k.encode('hex', false);
14 | const pb = Buffer.from(p, 'hex');
15 | if (LE === true) {
16 | // Need to flip X and Y components to little endian
17 | const x = pb.slice(1, 33).reverse();
18 | const y = pb.slice(33, 65).reverse();
19 | // @ts-expect-error - TODO: Find out why Buffer won't accept pb[0]
20 | return Buffer.concat([pb[0], x, y]);
21 | } else {
22 | return pb;
23 | }
24 | };
25 |
26 | /**
27 | * Get the shared secret, derived via ECDH from the local private key and the ephemeral public key
28 | * @internal
29 | * @returns Buffer
30 | */
31 | export const getSharedSecret = (key: KeyPair, ephemeralPub: KeyPair) => {
32 | // Once every ~256 attempts, we will get a key that starts with a `00` byte, which can lead to
33 | // problems initializing AES if we don't force a 32 byte BE buffer.
34 | return Buffer.from(key.derive(ephemeralPub.getPublic()).toArray('be', 32));
35 | };
36 |
37 | // Given a set of wallet data, which contains two wallet descriptors, parse the data and save it
38 | // to memory
39 | export const parseWallets = (walletData: any): ActiveWallets => {
40 | // Read the external wallet data first. If it is non-null, the external wallet will be the
41 | // active wallet of the device and we should save it. If the external wallet is blank, it means
42 | // there is no card present and we should save and use the interal wallet. If both wallets are
43 | // empty, it means the device still needs to be set up.
44 | const walletDescriptorLen = 71;
45 | // Internal first
46 | let off = 0;
47 | const activeWallets: ActiveWallets = {
48 | internal: {
49 | uid: undefined,
50 | capabilities: undefined,
51 | name: undefined,
52 | external: false,
53 | },
54 | external: {
55 | uid: undefined,
56 | capabilities: undefined,
57 | name: undefined,
58 | external: true,
59 | },
60 | };
61 | activeWallets.internal.uid = walletData.slice(off, off + 32);
62 | // NOTE: `capabilities` and `name` were deprecated in Lattice firmware.
63 | // They never provided any real information, but have been archived here
64 | // since the response size has been preserved and we may bring them back
65 | // in a different form.
66 | // activeWallets.internal.capabilities = walletData.readUInt32BE(off + 32);
67 | // activeWallets.internal.name = walletData.slice(
68 | // off + 36,
69 | // off + walletDescriptorLen,
70 | // );
71 | // Offset the first item
72 | off += walletDescriptorLen;
73 | // External
74 | activeWallets.external.uid = walletData.slice(off, off + 32);
75 | // activeWallets.external.capabilities = walletData.readUInt32BE(off + 32);
76 | // activeWallets.external.name = walletData.slice(
77 | // off + 36,
78 | // off + walletDescriptorLen,
79 | // );
80 |
81 | return activeWallets;
82 | };
83 |
84 | // Determine if a provided firmware version matches or exceeds the current firmware version
85 | export const isFWSupported = (
86 | fwVersion: FirmwareVersion,
87 | versionSupported: FirmwareVersion,
88 | ): boolean => {
89 | const { major, minor, fix } = fwVersion;
90 | const { major: _major, minor: _minor, fix: _fix } = versionSupported;
91 | return (
92 | major > _major ||
93 | (major >= _major && minor > _minor) ||
94 | (major >= _major && minor >= _minor && fix >= _fix)
95 | );
96 | };
97 |
98 | /**
99 | * Convert a set of BIP39 path indices to a string
100 | * @param path - Set of indices
101 | */
102 | export const getPathStr = function (path) {
103 | let pathStr = 'm';
104 | path.forEach((idx) => {
105 | if (idx >= HARDENED_OFFSET) {
106 | pathStr += `/${idx - HARDENED_OFFSET}'`;
107 | } else {
108 | pathStr += `/${idx}`;
109 | }
110 | });
111 | return pathStr;
112 | };
113 |
--------------------------------------------------------------------------------
/src/__test__/unit/encoders.test.ts:
--------------------------------------------------------------------------------
1 | import { EXTERNAL } from '../../constants';
2 | import {
3 | encodeAddKvRecordsRequest,
4 | encodeGetAddressesRequest,
5 | encodeGetKvRecordsRequest,
6 | encodePairRequest,
7 | encodeRemoveKvRecordsRequest,
8 | encodeSignRequest,
9 | } from '../../functions';
10 | import { buildTransaction } from '../../shared/functions';
11 | import { getP256KeyPair } from '../../util';
12 | import {
13 | buildFirmwareConstants,
14 | buildGetAddressesObject,
15 | buildSignObject,
16 | buildWallet,
17 | getFwVersionsList,
18 | } from '../utils/builders';
19 |
20 | describe('encoders', () => {
21 | let mockRandom: any;
22 |
23 | beforeAll(() => {
24 | mockRandom = vi.spyOn(globalThis.Math, 'random').mockReturnValue(0.1);
25 | });
26 |
27 | afterAll(() => {
28 | mockRandom.mockRestore();
29 | });
30 |
31 | describe('pair', () => {
32 | test('pair encoder', () => {
33 | const privKey = Buffer.alloc(32, '1');
34 | expect(privKey.toString()).toMatchSnapshot();
35 | const key = getP256KeyPair(privKey);
36 | const payload = encodePairRequest({
37 | key,
38 | pairingSecret: 'testtest',
39 | appName: 'testtest',
40 | });
41 | const payloadAsString = payload.toString('hex');
42 | expect(payloadAsString).toMatchSnapshot();
43 | });
44 | });
45 |
46 | describe('getAddresses', () => {
47 | test('encodeGetAddressesRequest with default flag', () => {
48 | const payload = encodeGetAddressesRequest(buildGetAddressesObject());
49 | const payloadAsString = payload.toString('hex');
50 | expect(payloadAsString).toMatchSnapshot();
51 | });
52 |
53 | test('encodeGetAddressesRequest with ED25519_PUB', () => {
54 | const mockObject = buildGetAddressesObject({
55 | flag: EXTERNAL.GET_ADDR_FLAGS.ED25519_PUB,
56 | });
57 | const payload = encodeGetAddressesRequest(mockObject);
58 | const payloadAsString = payload.toString('hex');
59 | expect(payloadAsString).toMatchSnapshot();
60 | });
61 |
62 | test('encodeGetAddressesRequest with SECP256K1_PUB', () => {
63 | const mockObject = buildGetAddressesObject({
64 | flag: EXTERNAL.GET_ADDR_FLAGS.SECP256K1_PUB,
65 | });
66 | const payload = encodeGetAddressesRequest(mockObject);
67 | const payloadAsString = payload.toString('hex');
68 | expect(payloadAsString).toMatchSnapshot();
69 | });
70 | });
71 |
72 | describe('sign', () => {
73 | test.each(getFwVersionsList())(
74 | 'should test sign encoder with firmware v%d.%d.%d',
75 | (major, minor, patch) => {
76 | const fwVersion = Buffer.from([patch, minor, major]);
77 | const txObj = buildSignObject(fwVersion);
78 | const tx = buildTransaction(txObj);
79 | const req = {
80 | ...txObj,
81 | ...tx,
82 | wallet: buildWallet(),
83 | };
84 | const { payload } = encodeSignRequest(req);
85 | const payloadAsString = payload.toString('hex');
86 | expect(payloadAsString).toMatchSnapshot();
87 | },
88 | );
89 | });
90 |
91 | describe('KvRecords', () => {
92 | test('getKvRecords', () => {
93 | const mockObject = { type: 0, n: 1, start: 0 };
94 | const payload = encodeGetKvRecordsRequest(mockObject);
95 | const payloadAsString = payload.toString('hex');
96 | expect(payloadAsString).toMatchSnapshot();
97 | });
98 |
99 | test('addKvRecords', () => {
100 | const fwConstants = buildFirmwareConstants();
101 | const mockObject = {
102 | type: 0,
103 | records: { key: 'value' },
104 | caseSensitive: false,
105 | fwConstants,
106 | };
107 | const payload = encodeAddKvRecordsRequest(mockObject);
108 | const payloadAsString = payload.toString('hex');
109 | expect(payloadAsString).toMatchSnapshot();
110 | });
111 |
112 | test('removeKvRecords', () => {
113 | const fwConstants = buildFirmwareConstants();
114 | const mockObject = {
115 | type: 0,
116 | ids: ['0'],
117 | caseSensitive: false,
118 | fwConstants,
119 | };
120 | const payload = encodeRemoveKvRecordsRequest(mockObject);
121 | const payloadAsString = payload.toString('hex');
122 | expect(payloadAsString).toMatchSnapshot();
123 | });
124 | });
125 | });
126 |
--------------------------------------------------------------------------------
/src/api/utilities.ts:
--------------------------------------------------------------------------------
1 | import { Client } from '../client';
2 | import { EXTERNAL, HARDENED_OFFSET } from '../constants';
3 | import {
4 | getFunctionQueue,
5 | loadClient,
6 | saveClient,
7 | setFunctionQueue,
8 | } from './state';
9 |
10 | /**
11 | * `queue` is a function that wraps all functional API calls. It limits the number of concurrent
12 | * requests to the server to 1, and ensures that the client state data is saved after each call.
13 | * This is necessary because the ephemeral public key must be updated after each successful request,
14 | * and two concurrent requests could result in the same key being used twice or the wrong key being
15 | * written to memory locally.
16 | *
17 | * @internal
18 | */
19 | export const queue = async (fn: (client: Client) => Promise{label}
52 | 53 | 54 | 55 |
56 |
63 |
71 |
80 |
88 |
97 | Addresses
57 |-
58 | {addresses?.map((address) => (
59 |
- {address} 60 | ))} 61 |
98 |
107 |
108 | Address Tags
99 |-
100 | {addressTags?.map((tag: any) => (
101 |
- 102 | {tag.key}: {tag.val} 103 | 104 | ))} 105 |
109 |
116 |
124 | Ledger Addresses
110 |-
111 | {ledgerAddresses?.map((ledgerAddress: any) => (
112 |
- {ledgerAddress} 113 | ))} 114 |