feat(zcash): wallet.zcashDisplayAddress for on-device UA verification#39
Merged
Conversation
…tion
Wraps the firmware ZcashDisplayAddress flow as a method on
KeepKeyHDWallet plus a standalone Zcash.zcashDisplayAddress() helper.
Pattern mirrors zcashGetOrchardFVK: build the proto, transport.call,
unpack the response.
API:
wallet.zcashDisplayAddress({
addressNList, // ZIP-32 path [32', 133', account']
account?,
address, // host-built UA string (u1...)
ak, nk, rivk, // FVK components for verification
expectedSeedFingerprint?, // optional ZIP-32 §6.1 binding
}): Promise<{ address: string; seedFingerprint?: Uint8Array }>
Trust model is firmware-side: device re-derives its Orchard FVK at
the requested account and rejects unless host's (ak, nk, rivk) matches.
On match, device displays the address with QR; user accept returns the
confirmed address bytes. Reject closes the call with Failure.
If expectedSeedFingerprint is supplied, device checks it against
BLAKE2b-256("Zcash_HD_Seed_FP", I2LEBSP_8(len) || seed) and rejects
before any FVK derivation on mismatch — catches "wrong device" errors.
Requires firmware ≥ 7.15.0 with the ZcashDisplayAddress proto handler
(BitHighlander/keepkey-firmware:feature-zcash, PR #220).
Build will fail until @bithighlander/device-protocol is republished
with the ZcashDisplayAddress / ZcashAddress proto messages — both are
already on BitHighlander/device-protocol:master via PR #27 and PR #28
but the npm package is currently pinned at 7.14.1 which predates them.
The package.json bump is intentionally NOT included here so that the
dep republish + version pick can be a separate, mechanical commit.
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Picks up ZcashDisplayAddress / ZcashAddress proto messages and the seed_fingerprint binding fields on FVK / SignPCZT / DisplayAddress / Address messages. Required for the wallet.zcashDisplayAddress wrapper introduced in this PR to compile. Also tightens the response unpack: throw on empty address instead of silently returning a possibly-undefined string. Empty means something went wrong on the wire. Verified locally: yarn build → success.
Firmware derives the Orchard UA from device seed material and
displays it; host no longer supplies UA / ak / nk / rivk. Wrapper
now accepts only { addressNList?, account? } and returns
{ address }.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Status: DRAFT — wrapper code is shape-correct and ready for review. Dep bump is the only thing keeping CI red. See "Blocker" below.
Summary
Adds a wrapper around the firmware `ZcashDisplayAddress` flow so hosts can ask the device to render a Zcash unified address with QR for the user to verify. Mirrors the existing `zcashGetOrchardFVK` pattern.
API
Plus a standalone `Zcash.zcashDisplayAddress(transport, params)` helper.
Trust model
Device-side: device re-derives its own Orchard FVK at the requested account and rejects with `Failure` unless the host-supplied `(ak, nk, rivk)` matches. On match, device displays the address with QR; user accept returns the confirmed bytes.
If `expectedSeedFingerprint` is supplied, device checks
`BLAKE2b-256("Zcash_HD_Seed_FP", I2LEBSP_8(len(seed)) || seed)`
and rejects before any FVK derivation on mismatch — catches "wrong device" errors.
Blocker — dep republish
The TypeScript build will fail against this PR until `@bithighlander/device-protocol` is republished with the new `ZcashDisplayAddress` / `ZcashAddress` proto messages. The proto changes are already merged on `BitHighlander/device-protocol:master` via:
Once the npm package is republished (e.g. `7.15.0`), bumping
`packages/hdwallet-keepkey/package.json`'s
`@bithighlander/device-protocol` pin will turn this PR green. That bump is intentionally NOT included here so it can be a separate mechanical commit in the same PR or as a follow-up.
Upstream chain
Test plan