def get_seed(secret: bytes, passphrase: str, progress_bar=True):
if progress_bar:
mnemonic._start_progress()
seed = bip39.seed(secret.decode(), passphrase, mnemonic._render_progress)
mnemonic._stop_progress()
else:
seed = bip39.seed(secret.decode(), passphrase)
return seed
def test_p2pkh_node_derive_address(self):
coin = coins.by_name('Groestlcoin')
seed = bip39.seed(' '.join(['all'] * 12), '')
root = bip32.from_seed(seed, coin.curve_name)
node = node_derive(
root, [44 | 0x80000000, 17 | 0x80000000, 0 | 0x80000000, 1, 0])
address = node.address(coin.address_type) # generate in trezor-crypto
self.assertEqual(address, 'FmRaqvVBRrAp2Umfqx9V1ectZy8gw54QDN')
address = address_pkh(node.public_key(),
coin) # generate in trezor-core
self.assertEqual(address, 'FmRaqvVBRrAp2Umfqx9V1ectZy8gw54QDN')
node = node_derive(
root, [44 | 0x80000000, 17 | 0x80000000, 0 | 0x80000000, 1, 1])
address = node.address(coin.address_type)
self.assertEqual(address, 'Fmhtxeh7YdCBkyQF7AQG4QnY8y3rJg89di')
address = address_pkh(node.public_key(), coin)
self.assertEqual(address, 'Fmhtxeh7YdCBkyQF7AQG4QnY8y3rJg89di')
node = node_derive(
root, [44 | 0x80000000, 17 | 0x80000000, 0 | 0x80000000, 0, 0])
address = node.address(coin.address_type)
self.assertEqual(address, 'Fj62rBJi8LvbmWu2jzkaUX1NFXLEqDLoZM')
address = address_pkh(node.public_key(), coin)
self.assertEqual(address, 'Fj62rBJi8LvbmWu2jzkaUX1NFXLEqDLoZM')
def test_slip77(self):
seed = bip39.seed(
"alcohol woman abuse must during monitor noble actual mixed trade anger aisle",
"")
keychain = Keychain(seed, [["slip21", b"SLIP-0077"], ["secp256k1"]])
node = keychain.derive(
[44 | HARDENED, 1 | HARDENED, 0 | HARDENED, 0, 0])
coin = coins.by_name('Elements')
pubkey_hash = addresses.ecdsa_hash_pubkey(node.public_key(), coin)
script = scripts.output_script_p2pkh(pubkey_hash)
private_key = keychain.derive_slip77_blinding_private_key(script)
self.assertEqual(
private_key,
unhexlify(
b"26f1dc2c52222394236d76e0809516255cfcca94069fd5187c0f090d18f42ad6"
))
public_key = keychain.derive_slip77_blinding_public_key(script)
self.assertEqual(
public_key,
unhexlify(
b"03e84cd853fea825bd94f5d2d46580ae0d059c734707fa7a08f5e2f612a51c1acb"
))
self.assertEqual(secp256k1.publickey(private_key), public_key)
def test_get_public_key_scheme(self):
mnemonic = "abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon about"
seed = bip39.seed(mnemonic, '')
derivation_paths = [
[0x80000000 | 44, 0x80000000 | 194, 0x80000000, 0, 0],
[0x80000000 | 44, 0x80000000 | 194, 0x80000000, 0, 1],
[0x80000000 | 44, 0x80000000 | 194],
[0x80000000 | 44, 0x80000000 | 194, 0x80000000, 0, 0x80000000],
]
public_keys = [
b'0315c358024ce46767102578947584c4342a6982b922d454f63588effa34597197',
b'029622eff7248c4d298fe28f2df19ee0d5f7674f678844e05c31d1a5632412869e',
b'02625f33c10399703e95e41bd5054beef3ab893dcc7df2bb9bdcee48359b29069d',
b'037c9b7d24d42589941cca3f4debc75b37c0e7b881e6eb00d2e674958debe3bbc3',
]
wif_keys = [
'EOS6zpSNY1YoLxNt2VsvJjoDfBueU6xC1M1ERJw1UoekL1NHn8KNA',
'EOS62cPUiWnLqbUjiBMxbEU4pm4Hp5X3RGk4KMTadvZNygjX72yHW',
'EOS5dp8aCFoFwrKo6KuUfos1hwMfZGkiZUbaF2CyuD4chyBEN2wQK',
'EOS7n7TXwR4Y3DtPt2ji6akhQi5uw4SruuPArvoNJso84vhwPQt1G',
]
for index, path in enumerate(derivation_paths):
node = bip32.from_seed(seed, 'secp256k1')
node.derive_path(path)
wif, public_key = _get_public_key(node)
self.assertEqual(hexlify(public_key), public_keys[index])
self.assertEqual(wif, wif_keys[index])
self.assertEqual(_public_key_to_wif(public_key), wif_keys[index])
def test_preimage_testdata(self):
seed = bip39.seed(
'alcohol woman abuse must during monitor noble actual mixed trade anger aisle',
'')
coin = coins.by_name(self.tx.coin_name)
bip143 = Bip143Hash()
bip143.add_input(self.inp1)
bip143.add_input(self.inp2)
for txo in [self.out1, self.out2]:
script_pubkey = output_derive_script(txo.address, coin)
txo_bin = PrevOutput(amount=txo.amount,
script_pubkey=script_pubkey)
bip143.add_output(txo_bin, script_pubkey)
keychain = Keychain(seed, coin.curve_name, [AlwaysMatchingSchema])
node = keychain.derive(self.inp2.address_n)
# test data public key hash
# only for input 2 - input 1 is not segwit
result = bip143.preimage_hash(self.inp2, [node.public_key()], 1,
self.tx, coin, SIGHASH_ALL)
self.assertEqual(
hexlify(result),
b'2fa3f1351618b2532228d7182d3221d95c21fd3d496e7e22e9ded873cf022a8b'
)
def test_address_mac(self):
from apps.common.address_mac import check_address_mac, get_address_mac
from apps.common.keychain import Keychain
from apps.common.paths import AlwaysMatchingSchema
VECTORS = ((
'Bitcoin', '1DyHzbQUoQEsLxJn6M7fMD8Xdt1XvNiwNE',
'9cf7c230041d6ed95b8273bd32e023d3f227ec8c44257f6463c743a4b4add028'
), ('Testnet', 'mm6kLYbGEL1tGe4ZA8xacfgRPdW1NLjCbZ',
'4375089e50423505dc3480e6e85b0ba37a52bd1e009db5d260b6329f22c950d9')
)
seed = bip39.seed(' '.join(['all'] * 12), '')
for coin_name, address, mac in VECTORS:
coin = coins.by_name(coin_name)
mac = unhexlify(mac)
keychain = Keychain(seed,
coin.curve_name, [AlwaysMatchingSchema],
slip21_namespaces=[[b"SLIP-0024"]])
self.assertEqual(get_address_mac(address, coin.slip44, keychain),
mac)
check_address_mac(address, mac, coin.slip44, keychain)
with self.assertRaises(wire.DataError):
mac = bytes([mac[0] ^ 1]) + mac[1:]
check_address_mac(address, mac, coin.slip44, keychain)
def test_p2tr_gen_proof(self):
coin = coins.by_name('Bitcoin')
seed = bip39.seed(' '.join(['all'] * 12), '')
keychain = Keychain(seed, coin.curve_name, [AlwaysMatchingSchema], slip21_namespaces=[[b"SLIP-0019"]])
commitment_data = b""
node = keychain.derive([86 | HARDENED, 0 | HARDENED, 0 | HARDENED, 1, 0])
address = address_p2tr(node.public_key(), coin)
script_pubkey = scripts.output_derive_script(address, coin)
ownership_id = ownership.get_identifier(script_pubkey, keychain)
self.assertEqual(ownership_id, unhexlify("dc18066224b9e30e306303436dc18ab881c7266c13790350a3fe415e438135ec"))
proof, signature = ownership.generate_proof(
node=node,
script_type=InputScriptType.SPENDTAPROOT,
multisig=None,
coin=coin,
user_confirmed=False,
ownership_ids=[ownership_id],
script_pubkey=script_pubkey,
commitment_data=commitment_data,
)
self.assertEqual(signature, unhexlify("6cd08474ea019c9ab4b9b7b76ec03c4dd4db76abc3a460434a91cfc1b190174949eb7111c8e762407730a215421a0da0b5e01f48de62d7ccea0abea046e2a496"))
self.assertEqual(proof, unhexlify("534c00190001dc18066224b9e30e306303436dc18ab881c7266c13790350a3fe415e438135ec0001406cd08474ea019c9ab4b9b7b76ec03c4dd4db76abc3a460434a91cfc1b190174949eb7111c8e762407730a215421a0da0b5e01f48de62d7ccea0abea046e2a496"))
self.assertFalse(ownership.verify_nonownership(proof, script_pubkey, commitment_data, keychain, coin))
def test_p2wpkh_in_p2sh_node_derive_address(self):
coin = coins.by_name('Testnet')
seed = bip39.seed(' '.join(['all'] * 12), '')
root = bip32.from_seed(seed, 'secp256k1')
node = node_derive(
root, [49 | 0x80000000, 1 | 0x80000000, 0 | 0x80000000, 1, 0])
address = address_p2wpkh_in_p2sh(node.public_key(),
coin.address_type_p2sh)
self.assertEqual(address, '2N1LGaGg836mqSQqiuUBLfcyGBhyZbremDX')
node = node_derive(
root, [49 | 0x80000000, 1 | 0x80000000, 0 | 0x80000000, 1, 1])
address = address_p2wpkh_in_p2sh(node.public_key(),
coin.address_type_p2sh)
self.assertEqual(address, '2NFWLCJQBSpz1oUJwwLpX8ECifFWGznBVqs')
node = node_derive(
root, [49 | 0x80000000, 1 | 0x80000000, 0 | 0x80000000, 0, 0])
address = address_p2wpkh_in_p2sh(node.public_key(),
coin.address_type_p2sh)
self.assertEqual(address, '2N4Q5FhU2497BryFfUgbqkAJE87aKHUhXMp')
def test_preimage_testdata(self):
seed = bip39.seed(
'alcohol woman abuse must during monitor noble actual mixed trade anger aisle',
'')
coin = coins.by_name(self.tx.coin_name)
bip143 = Bitcoin(self.tx, None, coin)
bip143.hash143_add_input(self.inp1)
bip143.hash143_add_input(self.inp2)
for txo in [self.out1, self.out2]:
txo_bin = TxOutputBinType()
txo_bin.amount = txo.amount
script_pubkey = output_derive_script(txo.address, coin)
bip143.hash143_add_output(txo_bin, script_pubkey)
keychain = Keychain(seed, [[coin.curve_name, []]])
node = keychain.derive(self.inp2.address_n)
# test data public key hash
# only for input 2 - input 1 is not segwit
result = bip143.hash143_preimage_hash(self.inp2, [node.public_key()],
1)
self.assertEqual(
hexlify(result),
b'2fa3f1351618b2532228d7182d3221d95c21fd3d496e7e22e9ded873cf022a8b'
)
def test_p2pkh_gen_proof(self):
coin = coins.by_name('Bitcoin')
seed = bip39.seed(' '.join(['all'] * 12), 'TREZOR')
keychain = Keychain(seed, [[coin.curve_name, [44 | HARDENED]], ["slip21", [b"SLIP-0019"]]])
commitment_data = b""
node = keychain.derive([44 | HARDENED, 0 | HARDENED, 0 | HARDENED, 1, 0])
address = node.address(coin.address_type)
script_pubkey = scripts.output_derive_script(address, coin)
ownership_id = ownership.get_identifier(script_pubkey, keychain)
self.assertEqual(ownership_id, unhexlify("ccc49ac5fede0efc80725fbda8b763d4e62a221c51cc5425076cffa7722c0bda"))
proof, signature = ownership.generate_proof(
node=node,
script_type=InputScriptType.SPENDADDRESS,
multisig=None,
coin=coin,
user_confirmed=False,
ownership_ids=[ownership_id],
script_pubkey=script_pubkey,
commitment_data=commitment_data,
)
self.assertEqual(signature, unhexlify("304402206682f40a12f3609a308acb872888470a07760f2f4790ee4ff62665a39c02a5fc022026f3f38a7c2b2668c2eff9cc1e712c7f254926a482bae411ad18947eba9fd21c"))
self.assertEqual(proof, unhexlify("534c00190001ccc49ac5fede0efc80725fbda8b763d4e62a221c51cc5425076cffa7722c0bda6a47304402206682f40a12f3609a308acb872888470a07760f2f4790ee4ff62665a39c02a5fc022026f3f38a7c2b2668c2eff9cc1e712c7f254926a482bae411ad18947eba9fd21c012102f63159e21fbcb54221ec993def967ad2183a9c243c8bff6e7d60f4d5ed3b386500"))
self.assertFalse(ownership.verify_nonownership(proof, script_pubkey, commitment_data, keychain, coin))
def test_p2pkh_gen_proof(self):
# SLIP-0019 test vector 3
coin = coins.by_name('Bitcoin')
seed = bip39.seed(' '.join(['all'] * 12), 'TREZOR')
keychain = Keychain(seed, coin.curve_name, [AlwaysMatchingSchema], slip21_namespaces=[[b"SLIP-0019"]])
commitment_data = b""
node = keychain.derive([44 | HARDENED, 0 | HARDENED, 0 | HARDENED, 1, 0])
address = node.address(coin.address_type)
script_pubkey = scripts.output_derive_script(address, coin)
ownership_id = ownership.get_identifier(script_pubkey, keychain)
self.assertEqual(ownership_id, unhexlify("ccc49ac5fede0efc80725fbda8b763d4e62a221c51cc5425076cffa7722c0bda"))
proof, signature = ownership.generate_proof(
node=node,
script_type=InputScriptType.SPENDADDRESS,
multisig=None,
coin=coin,
user_confirmed=False,
ownership_ids=[ownership_id],
script_pubkey=script_pubkey,
commitment_data=commitment_data,
)
self.assertEqual(signature, unhexlify("3045022100e818002d0a85438a7f2140503a6aa0a6af6002fa956d0101fd3db24e776e546f0220430fd59dc1498bc96ab6e71a4829b60224828cf1fc35edc98e0973db203ca3f0"))
self.assertEqual(proof, unhexlify("534c00190001ccc49ac5fede0efc80725fbda8b763d4e62a221c51cc5425076cffa7722c0bda6b483045022100e818002d0a85438a7f2140503a6aa0a6af6002fa956d0101fd3db24e776e546f0220430fd59dc1498bc96ab6e71a4829b60224828cf1fc35edc98e0973db203ca3f0012102f63159e21fbcb54221ec993def967ad2183a9c243c8bff6e7d60f4d5ed3b386500"))
self.assertFalse(ownership.verify_nonownership(proof, script_pubkey, commitment_data, keychain, coin))
def get_root_without_passphrase(curve_name=_DEFAULT_CURVE):
from . import storage
if not storage.is_initialized():
raise Exception('Device is not initialized')
seed = bip39.seed(storage.get_mnemonic(), '')
root = bip32.from_seed(seed, curve_name)
return root
def get_seed(passphrase: str = "", progress_bar: bool = True) -> bytes:
mnemonic_secret = get_secret()
if mnemonic_secret is None:
raise ValueError("Mnemonic not set")
render_func = None
if progress_bar and not utils.DISABLE_ANIMATION:
_start_progress()
render_func = _render_progress
if is_bip39():
from trezor.crypto import bip39
seed = bip39.seed(mnemonic_secret.decode(), passphrase, render_func)
else: # SLIP-39
from trezor.crypto import slip39
identifier = storage.device.get_slip39_identifier()
iteration_exponent = storage.device.get_slip39_iteration_exponent()
if identifier is None or iteration_exponent is None:
# Identifier or exponent expected but not found
raise RuntimeError
seed = slip39.decrypt(mnemonic_secret, passphrase.encode(),
iteration_exponent, identifier)
return seed
def get_seed(passphrase: str = "", progress_bar: bool = True) -> bytes:
mnemonic_secret, mnemonic_type = get()
if mnemonic_secret is None:
raise ValueError("Mnemonic not set")
render_func = None
if progress_bar:
_start_progress()
render_func = _render_progress
if mnemonic_type == TYPE_BIP39:
seed = bip39.seed(mnemonic_secret.decode(), passphrase, render_func)
elif mnemonic_type == TYPE_SLIP39:
identifier = storage.device.get_slip39_identifier()
iteration_exponent = storage.device.get_slip39_iteration_exponent()
if identifier is None or iteration_exponent is None:
# Identifier or exponent expected but not found
raise RuntimeError
seed = slip39.decrypt(identifier, iteration_exponent, mnemonic_secret,
passphrase.encode())
if progress_bar:
_stop_progress()
return seed
def test_p2wpkh_gen_proof(self):
coin = coins.by_name('Bitcoin')
seed = bip39.seed(' '.join(['all'] * 12), '')
keychain = Keychain(seed, [[coin.curve_name, [84 | HARDENED]], ["slip21", [b"SLIP-0019"]]])
commitment_data = b""
node = keychain.derive([84 | HARDENED, 0 | HARDENED, 0 | HARDENED, 1, 0])
address = address_p2wpkh(node.public_key(), coin)
script_pubkey = scripts.output_derive_script(address, coin)
ownership_id = ownership.get_identifier(script_pubkey, keychain)
self.assertEqual(ownership_id, unhexlify("a122407efc198211c81af4450f40b235d54775efd934d16b9e31c6ce9bad5707"))
proof, signature = ownership.generate_proof(
node=node,
script_type=InputScriptType.SPENDWITNESS,
multisig=None,
coin=coin,
user_confirmed=False,
ownership_ids=[ownership_id],
script_pubkey=script_pubkey,
commitment_data=commitment_data,
)
self.assertEqual(signature, unhexlify("3045022100e5eaf2cb0a473b4545115c7b85323809e75cb106175ace38129fd62323d73df30220363dbc7acb7afcda022b1f8d97acb8f47c42043cfe0595583aa26e30bc8b3bb5"))
self.assertEqual(proof, unhexlify("534c00190001a122407efc198211c81af4450f40b235d54775efd934d16b9e31c6ce9bad57070002483045022100e5eaf2cb0a473b4545115c7b85323809e75cb106175ace38129fd62323d73df30220363dbc7acb7afcda022b1f8d97acb8f47c42043cfe0595583aa26e30bc8b3bb50121032ef68318c8f6aaa0adec0199c69901f0db7d3485eb38d9ad235221dc3d61154b"))
self.assertFalse(ownership.verify_nonownership(proof, script_pubkey, commitment_data, keychain, coin))
def test_p2wpkh_in_p2sh_gen_proof(self):
coin = coins.by_name('Bitcoin')
seed = bip39.seed(' '.join(['all'] * 12), '')
keychain = Keychain(seed, [[coin.curve_name, [49 | HARDENED]], ["slip21", [b"SLIP-0019"]]])
commitment_data = b""
node = keychain.derive([49 | HARDENED, 0 | HARDENED, 0 | HARDENED, 1, 0])
address = address_p2wpkh_in_p2sh(node.public_key(), coin)
script_pubkey = scripts.output_derive_script(address, coin)
ownership_id = ownership.get_identifier(script_pubkey, keychain)
self.assertEqual(ownership_id, unhexlify("92caf0b8daf78f1d388dbbceaec34bd2dabc31b217e32343663667f6694a3f46"))
proof, signature = ownership.generate_proof(
node=node,
script_type=InputScriptType.SPENDP2SHWITNESS,
multisig=None,
coin=coin,
user_confirmed=False,
ownership_ids=[ownership_id],
script_pubkey=script_pubkey,
commitment_data=commitment_data,
)
self.assertEqual(signature, unhexlify("3045022100a37330dca699725db613dd1b30059843d1248340642162a0adef114509c9849402201126c9044b998065d40b44fd2399b52c409794bbc3bfdd358cd5fb450c94316d"))
self.assertEqual(proof, unhexlify("534c0019000192caf0b8daf78f1d388dbbceaec34bd2dabc31b217e32343663667f6694a3f4617160014e0cffbee1925a411844f44c3b8d81365ab51d03602483045022100a37330dca699725db613dd1b30059843d1248340642162a0adef114509c9849402201126c9044b998065d40b44fd2399b52c409794bbc3bfdd358cd5fb450c94316d012103a961687895a78da9aef98eed8e1f2a3e91cfb69d2f3cf11cbd0bb1773d951928"))
self.assertFalse(ownership.verify_nonownership(proof, script_pubkey, commitment_data, keychain, coin))
def test_p2wpkh_in_p2sh_gen_proof(self):
# SLIP-0019 test vector 2
coin = coins.by_name('Bitcoin')
seed = bip39.seed(' '.join(['all'] * 12), '')
keychain = Keychain(seed, coin.curve_name, [AlwaysMatchingSchema], slip21_namespaces=[[b"SLIP-0019"]])
commitment_data = b""
node = keychain.derive([49 | HARDENED, 0 | HARDENED, 0 | HARDENED, 1, 0])
address = address_p2wpkh_in_p2sh(node.public_key(), coin)
script_pubkey = scripts.output_derive_script(address, coin)
ownership_id = ownership.get_identifier(script_pubkey, keychain)
self.assertEqual(ownership_id, unhexlify("92caf0b8daf78f1d388dbbceaec34bd2dabc31b217e32343663667f6694a3f46"))
proof, signature = ownership.generate_proof(
node=node,
script_type=InputScriptType.SPENDP2SHWITNESS,
multisig=None,
coin=coin,
user_confirmed=False,
ownership_ids=[ownership_id],
script_pubkey=script_pubkey,
commitment_data=commitment_data,
)
self.assertEqual(signature, unhexlify("30440220484072ca317663dd685d372115a9d2ff43d9afc6d352c10445a94e555e12154602202d3ffee5f780dbc74e67fcc4bcbc75a9816ed00df1142d571014724af9959355"))
self.assertEqual(proof, unhexlify("534c0019000192caf0b8daf78f1d388dbbceaec34bd2dabc31b217e32343663667f6694a3f4617160014e0cffbee1925a411844f44c3b8d81365ab51d036024730440220484072ca317663dd685d372115a9d2ff43d9afc6d352c10445a94e555e12154602202d3ffee5f780dbc74e67fcc4bcbc75a9816ed00df1142d571014724af9959355012103a961687895a78da9aef98eed8e1f2a3e91cfb69d2f3cf11cbd0bb1773d951928"))
self.assertFalse(ownership.verify_nonownership(proof, script_pubkey, commitment_data, keychain, coin))
def test_bip143_preimage_testdata(self):
seed = bip39.seed(
'alcohol woman abuse must during monitor noble actual mixed trade anger aisle',
'')
root = bip32.from_seed(seed, 'secp256k1')
coin = coins.by_name(self.tx.coin_name)
bip143 = Bip143()
bip143.add_prevouts(self.inp1)
bip143.add_sequence(self.inp1)
for txo in [self.out1, self.out2]:
txo_bin = TxOutputBinType()
txo_bin.amount = txo.amount
txo_bin.script_pubkey = output_derive_script(txo, coin, root)
bip143.add_output(txo_bin)
# test data public key hash
result = bip143.preimage_hash(
coin, self.tx, self.inp1,
unhexlify('79091972186c449eb1ded22b78e40d009bdf0089'), 0x01)
self.assertEqual(
hexlify(result),
b'64f3b0f4dd2bb3aa1ce8566d220cc74dda9df97d8490cc81d89d735c92e59fb6'
)
def test_p2tr_gen_proof(self):
# SLIP-0019 test vector 5
coin = coins.by_name('Bitcoin')
seed = bip39.seed(' '.join(['all'] * 12), '')
keychain = Keychain(seed, coin.curve_name, [AlwaysMatchingSchema], slip21_namespaces=[[b"SLIP-0019"]])
commitment_data = b""
node = keychain.derive([86 | HARDENED, 0 | HARDENED, 0 | HARDENED, 1, 0])
address = address_p2tr(node.public_key(), coin)
script_pubkey = scripts.output_derive_script(address, coin)
ownership_id = ownership.get_identifier(script_pubkey, keychain)
self.assertEqual(ownership_id, unhexlify("dc18066224b9e30e306303436dc18ab881c7266c13790350a3fe415e438135ec"))
proof, signature = ownership.generate_proof(
node=node,
script_type=InputScriptType.SPENDTAPROOT,
multisig=None,
coin=coin,
user_confirmed=False,
ownership_ids=[ownership_id],
script_pubkey=script_pubkey,
commitment_data=commitment_data,
)
self.assertEqual(signature, unhexlify("647d6af883107a870417e808abe424882bd28ee04a28ba85a7e99400e1b9485075733695964c2a0fa02d4439ab80830e9566ccbd10f2597f5513eff9f03a0497"))
self.assertEqual(proof, unhexlify("534c00190001dc18066224b9e30e306303436dc18ab881c7266c13790350a3fe415e438135ec000140647d6af883107a870417e808abe424882bd28ee04a28ba85a7e99400e1b9485075733695964c2a0fa02d4439ab80830e9566ccbd10f2597f5513eff9f03a0497"))
self.assertFalse(ownership.verify_nonownership(proof, script_pubkey, commitment_data, keychain, coin))
def test_preimage_testdata(self):
seed = bip39.seed(
'alcohol woman abuse must during monitor noble actual mixed trade anger aisle',
'')
root = bip32.from_seed(seed, 'secp256k1')
coin = coins.by_name(self.tx.coin_name)
bip143 = Bip143()
bip143.add_prevouts(self.inp1)
bip143.add_prevouts(self.inp2)
bip143.add_sequence(self.inp1)
bip143.add_sequence(self.inp2)
for txo in [self.out1, self.out2]:
txo_bin = TxOutputBinType()
txo_bin.amount = txo.amount
txo_bin.script_pubkey = output_derive_script(txo, coin, root)
bip143.add_output(txo_bin)
# test data public key hash
# only for input 2 - input 1 is not segwit
result = bip143.preimage_hash(
self.tx, self.inp2,
unhexlify('1d0f172a0ecb48aee1be1f2687d2963ae33f71a1'))
self.assertEqual(
hexlify(result),
b'c37af31116d1b27caf68aae9e3ac82f1477929014d5b917657d0eb49478cb670'
)
def test_p2wpkh_gen_proof(self):
# SLIP-0019 test vector 1
coin = coins.by_name('Bitcoin')
seed = bip39.seed(' '.join(['all'] * 12), '')
keychain = Keychain(seed, coin.curve_name, [AlwaysMatchingSchema], slip21_namespaces=[[b"SLIP-0019"]])
commitment_data = b""
node = keychain.derive([84 | HARDENED, 0 | HARDENED, 0 | HARDENED, 1, 0])
address = address_p2wpkh(node.public_key(), coin)
script_pubkey = scripts.output_derive_script(address, coin)
ownership_id = ownership.get_identifier(script_pubkey, keychain)
self.assertEqual(ownership_id, unhexlify("a122407efc198211c81af4450f40b235d54775efd934d16b9e31c6ce9bad5707"))
proof, signature = ownership.generate_proof(
node=node,
script_type=InputScriptType.SPENDWITNESS,
multisig=None,
coin=coin,
user_confirmed=False,
ownership_ids=[ownership_id],
script_pubkey=script_pubkey,
commitment_data=commitment_data,
)
self.assertEqual(signature, unhexlify("3045022100c0dc28bb563fc5fea76cacff75dba9cb4122412faae01937cdebccfb065f9a7002202e980bfbd8a434a7fc4cd2ca49da476ce98ca097437f8159b1a386b41fcdfac5"))
self.assertEqual(proof, unhexlify("534c00190001a122407efc198211c81af4450f40b235d54775efd934d16b9e31c6ce9bad57070002483045022100c0dc28bb563fc5fea76cacff75dba9cb4122412faae01937cdebccfb065f9a7002202e980bfbd8a434a7fc4cd2ca49da476ce98ca097437f8159b1a386b41fcdfac50121032ef68318c8f6aaa0adec0199c69901f0db7d3485eb38d9ad235221dc3d61154b"))
self.assertFalse(ownership.verify_nonownership(proof, script_pubkey, commitment_data, keychain, coin))
def test_p2pkh_txweight(self):
coin = coins.by_name('Bitcoin')
seed = bip39.seed(' '.join(['all'] * 12), '')
inp1 = TxInputType(
address_n=[0], # 14LmW5k4ssUrtbAB4255zdqv3b4w1TuX9e
# amount=390000,
prev_hash=unhexlify(
'd5f65ee80147b4bcc70b75e4bbf2d7382021b871bd8867ef8fa525ef50864882'
),
prev_index=0,
amount=None,
script_type=InputScriptType.SPENDADDRESS,
sequence=None,
multisig=None)
out1 = TxOutputType(address='1MJ2tj2ThBE62zXbBYA5ZaN3fdve5CPAz1',
amount=390000 - 10000,
script_type=OutputScriptType.PAYTOADDRESS,
address_n=[],
multisig=None)
calculator = TxWeightCalculator(1, 1)
calculator.add_input(inp1)
calculator.add_output(output_derive_script(out1, coin))
serialized_tx = '010000000182488650ef25a58fef6788bd71b8212038d7f2bbe4750bc7bcb44701e85ef6d5000000006b4830450221009a0b7be0d4ed3146ee262b42202841834698bb3ee39c24e7437df208b8b7077102202b79ab1e7736219387dffe8d615bbdba87e11477104b867ef47afed1a5ede7810121023230848585885f63803a0a8aecdd6538792d5c539215c91698e315bf0253b43dffffffff0160cc0500000000001976a914de9b2a8da088824e8fe51debea566617d851537888ac00000000'
tx_weight = len(
serialized_tx) / 2 * 4 # non-segwit tx's weight is simple length*4
self.assertEqual(calculator.get_total(), tx_weight)
def test_under_threshold(self):
coin_bitcoin = coins.by_name('Bitcoin')
ptx1 = TransactionType(version=1, lock_time=0, inputs_cnt=2, outputs_cnt=1)
pinp1 = TxInputType(script_sig=unhexlify('483045022072ba61305fe7cb542d142b8f3299a7b10f9ea61f6ffaab5dca8142601869d53c0221009a8027ed79eb3b9bc13577ac2853269323434558528c6b6a7e542be46e7e9a820141047a2d177c0f3626fc68c53610b0270fa6156181f46586c679ba6a88b34c6f4874686390b4d92e5769fbb89c8050b984f4ec0b257a0e5c4ff8bd3b035a51709503'),
prev_hash=unhexlify('c16a03f1cf8f99f6b5297ab614586cacec784c2d259af245909dedb0e39eddcf'),
prev_index=1,
script_type=None,
sequence=None)
pinp2 = TxInputType(script_sig=unhexlify('48304502200fd63adc8f6cb34359dc6cca9e5458d7ea50376cbd0a74514880735e6d1b8a4c0221008b6ead7fe5fbdab7319d6dfede3a0bc8e2a7c5b5a9301636d1de4aa31a3ee9b101410486ad608470d796236b003635718dfc07c0cac0cfc3bfc3079e4f491b0426f0676e6643a39198e8e7bdaffb94f4b49ea21baa107ec2e237368872836073668214'),
prev_hash=unhexlify('1ae39a2f8d59670c8fc61179148a8e61e039d0d9e8ab08610cb69b4a19453eaf'),
prev_index=1,
script_type=None,
sequence=None)
pout1 = TxOutputBinType(script_pubkey=unhexlify('76a91424a56db43cf6f2b02e838ea493f95d8d6047423188ac'),
amount=390000,
address_n=None)
inp1 = TxInputType(address_n=[0], # 14LmW5k4ssUrtbAB4255zdqv3b4w1TuX9e
# amount=390000,
prev_hash=unhexlify('d5f65ee80147b4bcc70b75e4bbf2d7382021b871bd8867ef8fa525ef50864882'),
prev_index=0,
amount=None,
multisig=None,
script_type=None,
sequence=None)
out1 = TxOutputType(address='1MJ2tj2ThBE62zXbBYA5ZaN3fdve5CPAz1',
amount=390000 - 90000, # fee increased to 90000, slightly less than the threshold
script_type=OutputScriptType.PAYTOADDRESS,
address_n=None)
tx = SignTx(coin_name=None, version=None, lock_time=None, inputs_count=1, outputs_count=1)
messages = [
None,
TxRequest(request_type=TXINPUT, details=TxRequestDetailsType(request_index=0, tx_hash=None)),
TxAck(tx=TransactionType(inputs=[inp1])),
TxRequest(request_type=TXMETA, details=TxRequestDetailsType(request_index=None, tx_hash=unhexlify('d5f65ee80147b4bcc70b75e4bbf2d7382021b871bd8867ef8fa525ef50864882')), serialized=None),
TxAck(tx=ptx1),
TxRequest(request_type=TXINPUT, details=TxRequestDetailsType(request_index=0, tx_hash=unhexlify('d5f65ee80147b4bcc70b75e4bbf2d7382021b871bd8867ef8fa525ef50864882')), serialized=None),
TxAck(tx=TransactionType(inputs=[pinp1])),
TxRequest(request_type=TXINPUT, details=TxRequestDetailsType(request_index=1, tx_hash=unhexlify('d5f65ee80147b4bcc70b75e4bbf2d7382021b871bd8867ef8fa525ef50864882')), serialized=None),
TxAck(tx=TransactionType(inputs=[pinp2])),
TxRequest(request_type=TXOUTPUT, details=TxRequestDetailsType(request_index=0, tx_hash=unhexlify('d5f65ee80147b4bcc70b75e4bbf2d7382021b871bd8867ef8fa525ef50864882')), serialized=None),
TxAck(tx=TransactionType(bin_outputs=[pout1])),
TxRequest(request_type=TXOUTPUT, details=TxRequestDetailsType(request_index=0, tx_hash=None), serialized=None),
TxAck(tx=TransactionType(outputs=[out1])),
signing.UiConfirmOutput(out1, coin_bitcoin),
True,
signing.UiConfirmTotal(300000, 90000, coin_bitcoin),
True,
TxRequest(request_type=TXINPUT, details=TxRequestDetailsType(request_index=0, tx_hash=None), serialized=None),
]
seed = bip39.seed('alcohol woman abuse must during monitor noble actual mixed trade anger aisle', '')
root = bip32.from_seed(seed, 'secp256k1')
signer = signing.sign_tx(tx, root)
for request, response in chunks(messages, 2):
self.assertEqualEx(signer.send(request), response)
def test_p2wsh_gen_proof(self):
coin = coins.by_name('Bitcoin')
seed = bip39.seed(' '.join(['all'] * 12), '')
keychain = Keychain(seed, [[coin.curve_name, [84 | HARDENED]], ["slip21", [b"SLIP-0019"]]])
commitment_data = b"TREZOR"
nodes = []
for index in range(1, 4):
node = keychain.derive([84 | HARDENED, 0 | HARDENED, index | HARDENED])
nodes.append(HDNodeType(
depth=node.depth(),
child_num=node.child_num(),
fingerprint=node.fingerprint(),
chain_code=node.chain_code(),
public_key=node.public_key(),
))
multisig = MultisigRedeemScriptType(
nodes=nodes,
address_n=[0, 1],
signatures=[b"", b"", b""],
m=2,
)
pubkeys = multisig_get_pubkeys(multisig)
address = address_multisig_p2wsh(pubkeys, multisig.m, coin.bech32_prefix)
script_pubkey = scripts.output_derive_script(address, coin)
ownership_id = ownership.get_identifier(script_pubkey, keychain)
ownership_ids = [b'\x00' * 32, ownership_id, b'\x01' * 32]
self.assertEqual(ownership_id, unhexlify("9c27411da79a23811856f897da890452ab9e17086038c4a3e70e9efa875cb3ef"))
# Sign with the first key.
_, signature = ownership.generate_proof(
node=keychain.derive([84 | HARDENED, 0 | HARDENED, 1 | HARDENED, 0, 1]),
script_type=InputScriptType.SPENDWITNESS,
multisig=multisig,
coin=coin,
user_confirmed=False,
ownership_ids=ownership_ids,
script_pubkey=script_pubkey,
commitment_data=commitment_data,
)
self.assertEqual(signature, unhexlify("304402207568cf003ff548c52ce8e3a46a1c1e681462ca8f1651b0c82f688d41280753b4022024f977fa96fd23cf71e35d4d3c5087c375fcf1b6eed6d11ab00d552817d39ba4"))
multisig.signatures[0] = signature
# Sign with the third key.
proof, signature = ownership.generate_proof(
node=keychain.derive([84 | HARDENED, 0 | HARDENED, 3 | HARDENED, 0, 1]),
script_type=InputScriptType.SPENDWITNESS,
multisig=multisig,
coin=coin,
user_confirmed=False,
ownership_ids=ownership_ids,
script_pubkey=script_pubkey,
commitment_data=commitment_data,
)
self.assertEqual(signature, unhexlify("304402203c4fedba34aebd213aba5b5af1ae26240a10a05cfc1c5b75c629275aa21560bb02203b90b4079c20f792f4ec533c72af31435b1e5f648ca8302730c309690133a710"))
self.assertEqual(proof, unhexlify("534c0019000300000000000000000000000000000000000000000000000000000000000000009c27411da79a23811856f897da890452ab9e17086038c4a3e70e9efa875cb3ef010101010101010101010101010101010101010101010101010101010101010100040047304402207568cf003ff548c52ce8e3a46a1c1e681462ca8f1651b0c82f688d41280753b4022024f977fa96fd23cf71e35d4d3c5087c375fcf1b6eed6d11ab00d552817d39ba40147304402203c4fedba34aebd213aba5b5af1ae26240a10a05cfc1c5b75c629275aa21560bb02203b90b4079c20f792f4ec533c72af31435b1e5f648ca8302730c309690133a71001695221022aff3e39acd2d510c661e097a9657962ad6bf75a977c2c905152d2eb2cd58c7b210241ec073f3bb3f701a87b78fbc5f7b4daec140b87da38303173eddd0860ac55e321030205585a3eb01cbebbbb7b9138f7796117cca8e30eba5cd143ff4e3e617d221553ae"))
self.assertFalse(ownership.verify_nonownership(proof, script_pubkey, commitment_data, keychain, coin))
def test_p2sh_gen_proof(self):
coin = coins.by_name('Bitcoin')
seed = bip39.seed(' '.join(['all'] * 12), '')
keychain = Keychain(seed, [[coin.curve_name, [48 | HARDENED]], ["slip21", [b"SLIP-0019"]]])
commitment_data = b"TREZOR"
nodes = []
for index in range(1, 3):
node = keychain.derive([48 | HARDENED, 0 | HARDENED, index | HARDENED])
nodes.append(HDNodeType(
depth=node.depth(),
child_num=node.child_num(),
fingerprint=node.fingerprint(),
chain_code=node.chain_code(),
public_key=node.public_key(),
))
multisig = MultisigRedeemScriptType(
nodes=nodes,
address_n=[0, 0],
signatures=[b"", b""],
m=2,
)
pubkeys = multisig_get_pubkeys(multisig)
address = address_multisig_p2sh(pubkeys, multisig.m, coin)
script_pubkey = scripts.output_derive_script(address, coin)
ownership_id = ownership.get_identifier(script_pubkey, keychain)
ownership_ids = [b'\x00' * 32, ownership_id]
self.assertEqual(ownership_id, unhexlify("ce4ee8298ad105c3495a1d2b620343133521ab34de2450deeb32eec39475fef4"))
# Sign with the first key.
_, signature = ownership.generate_proof(
node=keychain.derive([48 | HARDENED, 0 | HARDENED, 1 | HARDENED, 0, 0]),
script_type=InputScriptType.SPENDMULTISIG,
multisig=multisig,
coin=coin,
user_confirmed=False,
ownership_ids=ownership_ids,
script_pubkey=script_pubkey,
commitment_data=commitment_data,
)
self.assertEqual(signature, unhexlify("3045022100bc63486f167b911dc8ef2414c4bca6dcfac999797b67159957802a9c49c2179402201cec0d53fee78fcfde496e30be35bd855d93a5be89604c55dcfdbdc515fbb41a"))
multisig.signatures[0] = signature
# Sign with the third key.
proof, signature = ownership.generate_proof(
node=keychain.derive([48 | HARDENED, 0 | HARDENED, 2 | HARDENED, 0, 0]),
script_type=InputScriptType.SPENDMULTISIG,
multisig=multisig,
coin=coin,
user_confirmed=False,
ownership_ids=ownership_ids,
script_pubkey=script_pubkey,
commitment_data=commitment_data,
)
self.assertEqual(signature, unhexlify("3045022100d9d5966eb7858cc1a600a9c05be252c1df11d662f319a107d04e219a27c1386c02200674523e50e89164d6d5683dfbe9a50594b08011e11c18813b56cf855755afde"))
self.assertEqual(proof, unhexlify("534c001900020000000000000000000000000000000000000000000000000000000000000000ce4ee8298ad105c3495a1d2b620343133521ab34de2450deeb32eec39475fef4db00483045022100bc63486f167b911dc8ef2414c4bca6dcfac999797b67159957802a9c49c2179402201cec0d53fee78fcfde496e30be35bd855d93a5be89604c55dcfdbdc515fbb41a01483045022100d9d5966eb7858cc1a600a9c05be252c1df11d662f319a107d04e219a27c1386c02200674523e50e89164d6d5683dfbe9a50594b08011e11c18813b56cf855755afde014752210203ed6187880ae932660086e55d4561a57952dd200aa3ed2aa66b73e5723a0ce7210360e7f32fd3c8dee27a166f6614c598929699ee66acdcbda5fb24571bf2ae1ca052ae00"))
self.assertFalse(ownership.verify_nonownership(proof, script_pubkey, commitment_data, keychain, coin))
def test_p2sh_gen_proof(self):
coin = coins.by_name('Bitcoin')
seed = bip39.seed(' '.join(['all'] * 12), '')
keychain = Keychain(seed, coin.curve_name, [AlwaysMatchingSchema], slip21_namespaces=[[b"SLIP-0019"]])
commitment_data = b"TREZOR"
nodes = []
for index in range(1, 3):
node = keychain.derive([48 | HARDENED, 0 | HARDENED, index | HARDENED])
nodes.append(HDNodeType(
depth=node.depth(),
child_num=node.child_num(),
fingerprint=node.fingerprint(),
chain_code=node.chain_code(),
public_key=node.public_key(),
))
multisig = MultisigRedeemScriptType(
nodes=nodes,
address_n=[0, 0],
signatures=[b"", b""],
m=2,
)
pubkeys = multisig_get_pubkeys(multisig)
address = address_multisig_p2sh(pubkeys, multisig.m, coin)
script_pubkey = scripts.output_derive_script(address, coin)
ownership_id = ownership.get_identifier(script_pubkey, keychain)
ownership_ids = [b'\x00' * 32, ownership_id]
self.assertEqual(ownership_id, unhexlify("ce4ee8298ad105c3495a1d2b620343133521ab34de2450deeb32eec39475fef4"))
# Sign with the first key.
_, signature = ownership.generate_proof(
node=keychain.derive([48 | HARDENED, 0 | HARDENED, 1 | HARDENED, 0, 0]),
script_type=InputScriptType.SPENDMULTISIG,
multisig=multisig,
coin=coin,
user_confirmed=False,
ownership_ids=ownership_ids,
script_pubkey=script_pubkey,
commitment_data=commitment_data,
)
self.assertEqual(signature, unhexlify("3044022058091b367ab67281963029435046abcb51057d143077a36737780a7cbcd6c1af02202f54147645b970c60b5b631b233ed93c15304294a4214b2c44b57db84815ca14"))
multisig.signatures[0] = signature
# Sign with the third key.
proof, signature = ownership.generate_proof(
node=keychain.derive([48 | HARDENED, 0 | HARDENED, 2 | HARDENED, 0, 0]),
script_type=InputScriptType.SPENDMULTISIG,
multisig=multisig,
coin=coin,
user_confirmed=False,
ownership_ids=ownership_ids,
script_pubkey=script_pubkey,
commitment_data=commitment_data,
)
self.assertEqual(signature, unhexlify("304402200d8f270ea9a80678f266b3fbe6e4aa59aab46b440d8066dcf46fb46a4beaf58202201198d73e355158ebf532ca6527e28ea97b79594e016a65c7a0c68813c26271ff"))
self.assertEqual(proof, unhexlify("534c001900020000000000000000000000000000000000000000000000000000000000000000ce4ee8298ad105c3495a1d2b620343133521ab34de2450deeb32eec39475fef4d900473044022058091b367ab67281963029435046abcb51057d143077a36737780a7cbcd6c1af02202f54147645b970c60b5b631b233ed93c15304294a4214b2c44b57db84815ca140147304402200d8f270ea9a80678f266b3fbe6e4aa59aab46b440d8066dcf46fb46a4beaf58202201198d73e355158ebf532ca6527e28ea97b79594e016a65c7a0c68813c26271ff014752210203ed6187880ae932660086e55d4561a57952dd200aa3ed2aa66b73e5723a0ce7210360e7f32fd3c8dee27a166f6614c598929699ee66acdcbda5fb24571bf2ae1ca052ae00"))
self.assertFalse(ownership.verify_nonownership(proof, script_pubkey, commitment_data, keychain, coin))
async def _get_cached_seed(ctx: wire.Context) -> bytes:
if not storage.is_initialized():
raise wire.ProcessError('Device is not initialized')
if cache.get_seed() is None:
passphrase = await _get_cached_passphrase(ctx)
seed = bip39.seed(storage.get_mnemonic(), passphrase)
cache.set_seed(seed)
return cache.get_seed()
def derive_node_without_passphrase(path, curve_name=_DEFAULT_CURVE):
if not storage.is_initialized():
raise Exception('Device is not initialized')
seed = bip39.seed(storage.get_mnemonic(), '')
node = bip32.from_seed(seed, curve_name)
node.derive_path(path)
return node
def test_slip21(self):
seed = bip39.seed(' '.join(['all'] * 12), '')
node1 = Slip21Node(seed)
node2 = node1.clone()
keychain = Keychain(seed, [["slip21", b"SLIP-0021"]])
# Key(m)
KEY_M = unhexlify(
b"dbf12b44133eaab506a740f6565cc117228cbf1dd70635cfa8ddfdc9af734756"
)
self.assertEqual(node1.key(), KEY_M)
# Key(m/"SLIP-0021")
KEY_M_SLIP0021 = unhexlify(
b"1d065e3ac1bbe5c7fad32cf2305f7d709dc070d672044a19e610c77cdf33de0d"
)
node1.derive_path([b"SLIP-0021"])
self.assertEqual(node1.key(), KEY_M_SLIP0021)
self.assertIsNone(keychain.validate_path([b"SLIP-0021"], "slip21"))
self.assertEqual(
keychain.derive([b"SLIP-0021"], "slip21").key(), KEY_M_SLIP0021)
# Key(m/"SLIP-0021"/"Master encryption key")
KEY_M_SLIP0021_MEK = unhexlify(
b"ea163130e35bbafdf5ddee97a17b39cef2be4b4f390180d65b54cf05c6a82fde"
)
node1.derive_path([b"Master encryption key"])
self.assertEqual(node1.key(), KEY_M_SLIP0021_MEK)
self.assertIsNone(
keychain.validate_path([b"SLIP-0021", b"Master encryption key"],
"slip21"))
self.assertEqual(
keychain.derive([b"SLIP-0021", b"Master encryption key"],
"slip21").key(), KEY_M_SLIP0021_MEK)
# Key(m/"SLIP-0021"/"Authentication key")
KEY_M_SLIP0021_AK = unhexlify(
b"47194e938ab24cc82bfa25f6486ed54bebe79c40ae2a5a32ea6db294d81861a6"
)
node2.derive_path([b"SLIP-0021", b"Authentication key"])
self.assertEqual(node2.key(), KEY_M_SLIP0021_AK)
self.assertIsNone(
keychain.validate_path([b"SLIP-0021", b"Authentication key"],
"slip21"))
self.assertEqual(
keychain.derive([b"SLIP-0021", b"Authentication key"],
"slip21").key(), KEY_M_SLIP0021_AK)
# Forbidden paths.
with self.assertRaises(wire.DataError):
self.assertFalse(keychain.validate_path([], "slip21"))
with self.assertRaises(wire.DataError):
self.assertFalse(
keychain.validate_path([b"SLIP-9999", b"Authentication key"],
"slip21"))
with self.assertRaises(wire.DataError):
keychain.derive([b"SLIP-9999", b"Authentication key"],
"slip21").key()
def derive_node_without_passphrase(path: list,
curve_name: str = "secp256k1"
) -> bip32.HDNode:
if not storage.is_initialized():
raise Exception("Device is not initialized")
seed = bip39.seed(storage.get_mnemonic(), "")
node = bip32.from_seed(seed, curve_name)
node.derive_path(path)
return node
