Skip to content

Commit

Permalink
Introduce flag to allow non-compliant derivation paths
Browse files Browse the repository at this point in the history
  • Loading branch information
karbyshev committed Jan 17, 2024
1 parent 7e1a1a0 commit a7440f6
Show file tree
Hide file tree
Showing 3 changed files with 72 additions and 20 deletions.
70 changes: 54 additions & 16 deletions crates/apps/src/lib/cli.rs
Original file line number Diff line number Diff line change
Expand Up @@ -2975,8 +2975,10 @@ pub mod args {
arg("validator");
pub const HALT_ACTION: ArgFlag = flag("halt");
pub const HASH_LIST: Arg<String> = arg("hash-list");
pub const HD_WALLET_DERIVATION_PATH: ArgDefault<String> =
pub const HD_DERIVATION_PATH: ArgDefault<String> =
arg_default("hd-path", DefaultFn(|| "default".to_string()));
pub const HD_ALLOW_NON_COMPLIANT_DERIVATION_PATH: ArgFlag =
flag("allow-non-compliant");
pub const HISTORIC: ArgFlag = flag("historic");
pub const IBC_TRANSFER_MEMO_PATH: ArgOpt<PathBuf> = arg_opt("memo-path");
pub const INPUT_OPT: ArgOpt<PathBuf> = arg_opt("input");
Expand Down Expand Up @@ -6196,7 +6198,9 @@ pub mod args {
let alias_force = ALIAS_FORCE.parse(matches);
let unsafe_dont_encrypt = UNSAFE_DONT_ENCRYPT.parse(matches);
let use_device = USE_DEVICE.parse(matches);
let derivation_path = HD_WALLET_DERIVATION_PATH.parse(matches);
let derivation_path = HD_DERIVATION_PATH.parse(matches);
let allow_non_compliant =
HD_ALLOW_NON_COMPLIANT_DERIVATION_PATH.parse(matches);
Self {
scheme,
shielded,
Expand All @@ -6205,6 +6209,7 @@ pub mod args {
unsafe_dont_encrypt,
use_device,
derivation_path,
allow_non_compliant,
}
}

Expand Down Expand Up @@ -6234,14 +6239,29 @@ pub mod args {
"Derive an address and public key from the seed stored on the \
connected hardware wallet.",
))
.arg(HD_WALLET_DERIVATION_PATH.def().help(
.arg(HD_DERIVATION_PATH.def().help(
"HD key derivation path. Use keyword `default` to refer to a \
scheme default path:\n- m/44'/60'/0'/0/0 for secp256k1 \
scheme\n- m/44'/877'/0'/0'/0' for ed25519 scheme.\nFor \
ed25519, all path indices will be promoted to hardened \
indexes. If none is specified, the scheme default path is \
used.",
scheme default path:\n- m/44'/60'/0'/0/0 for the transparent \
secp256k1 scheme\n- m/44'/877'/0'/0'/0' for the transparent \
ed25519 scheme\n- m/32'/877'/0' for the shielded \
setting\nFor ed25519 scheme, all path indices will be \
promoted to hardened indexes. If none is specified, the \
scheme default path is used.",
))
.arg(HD_ALLOW_NON_COMPLIANT_DERIVATION_PATH.def().help(
"Allow non-compliant HD derivation path. The compliant \
derivation path schemes include:\n- \
m/44'/60'/account'/change/address_index for the transparent \
secp256k1 scheme\n- \
m/44'/877'/account'/change'/address_index' for the \
transparent ed25519 scheme\n- m/32'/877'/account' and\n- \
m/32'/877'/account'/address_index for the shielded setting",
))
.group(
ArgGroup::new("requires_group")
.args([HD_ALLOW_NON_COMPLIANT_DERIVATION_PATH.name])
.requires(HD_DERIVATION_PATH.name),
)
}
}

Expand All @@ -6253,7 +6273,9 @@ pub mod args {
let alias = ALIAS.parse(matches);
let alias_force = ALIAS_FORCE.parse(matches);
let unsafe_dont_encrypt = UNSAFE_DONT_ENCRYPT.parse(matches);
let derivation_path = HD_WALLET_DERIVATION_PATH.parse(matches);
let derivation_path = HD_DERIVATION_PATH.parse(matches);
let allow_non_compliant =
HD_ALLOW_NON_COMPLIANT_DERIVATION_PATH.parse(matches);
Self {
scheme,
shielded,
Expand All @@ -6262,6 +6284,7 @@ pub mod args {
alias_force,
unsafe_dont_encrypt,
derivation_path,
allow_non_compliant,
}
}

Expand All @@ -6280,7 +6303,7 @@ pub mod args {
.arg(
RAW_KEY_GEN
.def()
.conflicts_with(HD_WALLET_DERIVATION_PATH.name)
.conflicts_with(HD_DERIVATION_PATH.name)
.help(
"Generate a random non-HD secret / spending key. No \
mnemonic code is generated.",
Expand All @@ -6294,14 +6317,29 @@ pub mod args {
"UNSAFE: Do not encrypt the keypair. Do not use this for keys \
used in a live network.",
))
.arg(HD_WALLET_DERIVATION_PATH.def().help(
.arg(HD_DERIVATION_PATH.def().help(
"HD key derivation path. Use keyword `default` to refer to a \
scheme default path:\n- m/44'/60'/0'/0/0 for secp256k1 \
scheme\n- m/44'/877'/0'/0'/0' for ed25519 scheme.\nFor \
ed25519, all path indices will be promoted to hardened \
indexes. If none is specified, the scheme default path is \
used.",
scheme default path:\n- m/44'/60'/0'/0/0 for the transparent \
secp256k1 scheme\n- m/44'/877'/0'/0'/0' for the transparent \
ed25519 scheme\n- m/32'/877'/0' for the shielded \
setting\nFor ed25519 scheme, all path indices will be \
promoted to hardened indexes. If none is specified, the \
scheme default path is used.",
))
.arg(HD_ALLOW_NON_COMPLIANT_DERIVATION_PATH.def().help(
"Allow non-compliant HD derivation path. The compliant \
derivation path schemes include:\n- \
m/44'/60'/account'/change/address_index for the transparent \
secp256k1 scheme\n- \
m/44'/877'/account'/change'/address_index' for the \
transparent ed25519 scheme\n- m/32'/877'/account' and\n- \
m/32'/877'/account'/address_index for the shielded setting",
))
.group(
ArgGroup::new("requires_group")
.args([HD_ALLOW_NON_COMPLIANT_DERIVATION_PATH.name])
.requires(HD_DERIVATION_PATH.name),
)
}
}

Expand Down
18 changes: 14 additions & 4 deletions crates/apps/src/lib/cli/wallet.rs
Original file line number Diff line number Diff line change
Expand Up @@ -178,6 +178,7 @@ fn shielded_key_derive(
alias_force,
unsafe_dont_encrypt,
derivation_path,
allow_non_compliant,
use_device,
..
}: args::KeyDerive,
Expand All @@ -189,7 +190,7 @@ fn shielded_key_derive(
cli::safe_exit(1)
});
println!("Using HD derivation path {}", derivation_path);
if !derivation_path.is_namada_shielded_compliant() {
if !allow_non_compliant && !derivation_path.is_namada_shielded_compliant() {
display_line!(io, "Path {} is not compliant.", derivation_path);
display_line!(io, "No changes are persisted. Exiting.");
cli::safe_exit(1)
Expand Down Expand Up @@ -237,6 +238,7 @@ fn shielded_key_gen(
alias_force,
unsafe_dont_encrypt,
derivation_path,
allow_non_compliant,
..
}: args::KeyGen,
) {
Expand All @@ -252,7 +254,9 @@ fn shielded_key_gen(
cli::safe_exit(1)
});
println!("Using HD derivation path {}", derivation_path);
if !derivation_path.is_namada_shielded_compliant() {
if !allow_non_compliant
&& !derivation_path.is_namada_shielded_compliant()
{
display_line!(io, "Path {} is not compliant.", derivation_path);
display_line!(io, "No changes are persisted. Exiting.");
cli::safe_exit(1)
Expand Down Expand Up @@ -422,6 +426,7 @@ async fn transparent_key_and_address_derive(
alias_force,
unsafe_dont_encrypt,
derivation_path,
allow_non_compliant,
use_device,
..
}: args::KeyDerive,
Expand All @@ -434,7 +439,9 @@ async fn transparent_key_and_address_derive(
cli::safe_exit(1)
});
println!("Using HD derivation path {}", derivation_path);
if !derivation_path.is_namada_transparent_compliant(scheme) {
if !allow_non_compliant
&& !derivation_path.is_namada_transparent_compliant(scheme)
{
display_line!(io, "Path {} is not compliant.", derivation_path);
display_line!(io, "No changes are persisted. Exiting.");
cli::safe_exit(1)
Expand Down Expand Up @@ -527,6 +534,7 @@ fn transparent_key_and_address_gen(
alias_force,
unsafe_dont_encrypt,
derivation_path,
allow_non_compliant,
..
}: args::KeyGen,
) {
Expand All @@ -550,7 +558,9 @@ fn transparent_key_and_address_gen(
cli::safe_exit(1)
});
println!("Using HD derivation path {}", derivation_path);
if !derivation_path.is_namada_transparent_compliant(scheme) {
if !allow_non_compliant
&& !derivation_path.is_namada_transparent_compliant(scheme)
{
display_line!(io, "Path {} is not compliant.", derivation_path);
display_line!(io, "No changes are persisted. Exiting.");
cli::safe_exit(1)
Expand Down
4 changes: 4 additions & 0 deletions crates/sdk/src/args.rs
Original file line number Diff line number Diff line change
Expand Up @@ -2112,6 +2112,8 @@ pub struct KeyGen {
pub unsafe_dont_encrypt: bool,
/// BIP44 / ZIP32 derivation path
pub derivation_path: String,
/// Allow non-compliant derivation path
pub allow_non_compliant: bool,
}

/// Wallet restore key and implicit address arguments
Expand All @@ -2129,6 +2131,8 @@ pub struct KeyDerive {
pub unsafe_dont_encrypt: bool,
/// BIP44 / ZIP32 derivation path
pub derivation_path: String,
/// Allow non-compliant derivation path
pub allow_non_compliant: bool,
/// Use device to generate key and address
pub use_device: bool,
}
Expand Down

0 comments on commit a7440f6

Please sign in to comment.