def test_p2sh_gen_proof(self):
coin = coins.by_name('Bitcoin')
seed = bip39.seed(' '.join(['all'] * 12), '')
keychain = Keychain(seed, [[coin.curve_name, [48 | HARDENED]], ["slip21", [b"SLIP-0019"]]])
commitment_data = b"TREZOR"
nodes = []
for index in range(1, 3):
node = keychain.derive([48 | HARDENED, 0 | HARDENED, index | HARDENED])
nodes.append(HDNodeType(
depth=node.depth(),
child_num=node.child_num(),
fingerprint=node.fingerprint(),
chain_code=node.chain_code(),
public_key=node.public_key(),
))
multisig = MultisigRedeemScriptType(
nodes=nodes,
address_n=[0, 0],
signatures=[b"", b""],
m=2,
)
pubkeys = multisig_get_pubkeys(multisig)
address = address_multisig_p2sh(pubkeys, multisig.m, coin)
script_pubkey = scripts.output_derive_script(address, coin)
ownership_id = ownership.get_identifier(script_pubkey, keychain)
ownership_ids = [b'\x00' * 32, ownership_id]
self.assertEqual(ownership_id, unhexlify("ce4ee8298ad105c3495a1d2b620343133521ab34de2450deeb32eec39475fef4"))
# Sign with the first key.
_, signature = ownership.generate_proof(
node=keychain.derive([48 | HARDENED, 0 | HARDENED, 1 | HARDENED, 0, 0]),
script_type=InputScriptType.SPENDMULTISIG,
multisig=multisig,
coin=coin,
user_confirmed=False,
ownership_ids=ownership_ids,
script_pubkey=script_pubkey,
commitment_data=commitment_data,
)
self.assertEqual(signature, unhexlify("3045022100bc63486f167b911dc8ef2414c4bca6dcfac999797b67159957802a9c49c2179402201cec0d53fee78fcfde496e30be35bd855d93a5be89604c55dcfdbdc515fbb41a"))
multisig.signatures[0] = signature
# Sign with the third key.
proof, signature = ownership.generate_proof(
node=keychain.derive([48 | HARDENED, 0 | HARDENED, 2 | HARDENED, 0, 0]),
script_type=InputScriptType.SPENDMULTISIG,
multisig=multisig,
coin=coin,
user_confirmed=False,
ownership_ids=ownership_ids,
script_pubkey=script_pubkey,
commitment_data=commitment_data,
)
self.assertEqual(signature, unhexlify("3045022100d9d5966eb7858cc1a600a9c05be252c1df11d662f319a107d04e219a27c1386c02200674523e50e89164d6d5683dfbe9a50594b08011e11c18813b56cf855755afde"))
self.assertEqual(proof, unhexlify("534c001900020000000000000000000000000000000000000000000000000000000000000000ce4ee8298ad105c3495a1d2b620343133521ab34de2450deeb32eec39475fef4db00483045022100bc63486f167b911dc8ef2414c4bca6dcfac999797b67159957802a9c49c2179402201cec0d53fee78fcfde496e30be35bd855d93a5be89604c55dcfdbdc515fbb41a01483045022100d9d5966eb7858cc1a600a9c05be252c1df11d662f319a107d04e219a27c1386c02200674523e50e89164d6d5683dfbe9a50594b08011e11c18813b56cf855755afde014752210203ed6187880ae932660086e55d4561a57952dd200aa3ed2aa66b73e5723a0ce7210360e7f32fd3c8dee27a166f6614c598929699ee66acdcbda5fb24571bf2ae1ca052ae00"))
self.assertFalse(ownership.verify_nonownership(proof, script_pubkey, commitment_data, keychain, coin))
def test_p2wsh_gen_proof(self):
coin = coins.by_name('Bitcoin')
seed = bip39.seed(' '.join(['all'] * 12), '')
keychain = Keychain(seed, [[coin.curve_name, [84 | HARDENED]], ["slip21", [b"SLIP-0019"]]])
commitment_data = b"TREZOR"
nodes = []
for index in range(1, 4):
node = keychain.derive([84 | HARDENED, 0 | HARDENED, index | HARDENED])
nodes.append(HDNodeType(
depth=node.depth(),
child_num=node.child_num(),
fingerprint=node.fingerprint(),
chain_code=node.chain_code(),
public_key=node.public_key(),
))
multisig = MultisigRedeemScriptType(
nodes=nodes,
address_n=[0, 1],
signatures=[b"", b"", b""],
m=2,
)
pubkeys = multisig_get_pubkeys(multisig)
address = address_multisig_p2wsh(pubkeys, multisig.m, coin.bech32_prefix)
script_pubkey = scripts.output_derive_script(address, coin)
ownership_id = ownership.get_identifier(script_pubkey, keychain)
ownership_ids = [b'\x00' * 32, ownership_id, b'\x01' * 32]
self.assertEqual(ownership_id, unhexlify("9c27411da79a23811856f897da890452ab9e17086038c4a3e70e9efa875cb3ef"))
# Sign with the first key.
_, signature = ownership.generate_proof(
node=keychain.derive([84 | HARDENED, 0 | HARDENED, 1 | HARDENED, 0, 1]),
script_type=InputScriptType.SPENDWITNESS,
multisig=multisig,
coin=coin,
user_confirmed=False,
ownership_ids=ownership_ids,
script_pubkey=script_pubkey,
commitment_data=commitment_data,
)
self.assertEqual(signature, unhexlify("304402207568cf003ff548c52ce8e3a46a1c1e681462ca8f1651b0c82f688d41280753b4022024f977fa96fd23cf71e35d4d3c5087c375fcf1b6eed6d11ab00d552817d39ba4"))
multisig.signatures[0] = signature
# Sign with the third key.
proof, signature = ownership.generate_proof(
node=keychain.derive([84 | HARDENED, 0 | HARDENED, 3 | HARDENED, 0, 1]),
script_type=InputScriptType.SPENDWITNESS,
multisig=multisig,
coin=coin,
user_confirmed=False,
ownership_ids=ownership_ids,
script_pubkey=script_pubkey,
commitment_data=commitment_data,
)
self.assertEqual(signature, unhexlify("304402203c4fedba34aebd213aba5b5af1ae26240a10a05cfc1c5b75c629275aa21560bb02203b90b4079c20f792f4ec533c72af31435b1e5f648ca8302730c309690133a710"))
self.assertEqual(proof, unhexlify("534c0019000300000000000000000000000000000000000000000000000000000000000000009c27411da79a23811856f897da890452ab9e17086038c4a3e70e9efa875cb3ef010101010101010101010101010101010101010101010101010101010101010100040047304402207568cf003ff548c52ce8e3a46a1c1e681462ca8f1651b0c82f688d41280753b4022024f977fa96fd23cf71e35d4d3c5087c375fcf1b6eed6d11ab00d552817d39ba40147304402203c4fedba34aebd213aba5b5af1ae26240a10a05cfc1c5b75c629275aa21560bb02203b90b4079c20f792f4ec533c72af31435b1e5f648ca8302730c309690133a71001695221022aff3e39acd2d510c661e097a9657962ad6bf75a977c2c905152d2eb2cd58c7b210241ec073f3bb3f701a87b78fbc5f7b4daec140b87da38303173eddd0860ac55e321030205585a3eb01cbebbbb7b9138f7796117cca8e30eba5cd143ff4e3e617d221553ae"))
self.assertFalse(ownership.verify_nonownership(proof, script_pubkey, commitment_data, keychain, coin))
def test_slip21(self):
seed = bip39.seed(' '.join(['all'] * 12), '')
node1 = Slip21Node(seed)
node2 = node1.clone()
keychain = Keychain(seed, [["slip21", b"SLIP-0021"]])
# Key(m)
KEY_M = unhexlify(
b"dbf12b44133eaab506a740f6565cc117228cbf1dd70635cfa8ddfdc9af734756"
)
self.assertEqual(node1.key(), KEY_M)
# Key(m/"SLIP-0021")
KEY_M_SLIP0021 = unhexlify(
b"1d065e3ac1bbe5c7fad32cf2305f7d709dc070d672044a19e610c77cdf33de0d"
)
node1.derive_path([b"SLIP-0021"])
self.assertEqual(node1.key(), KEY_M_SLIP0021)
self.assertIsNone(keychain.validate_path([b"SLIP-0021"], "slip21"))
self.assertEqual(
keychain.derive([b"SLIP-0021"], "slip21").key(), KEY_M_SLIP0021)
# Key(m/"SLIP-0021"/"Master encryption key")
KEY_M_SLIP0021_MEK = unhexlify(
b"ea163130e35bbafdf5ddee97a17b39cef2be4b4f390180d65b54cf05c6a82fde"
)
node1.derive_path([b"Master encryption key"])
self.assertEqual(node1.key(), KEY_M_SLIP0021_MEK)
self.assertIsNone(
keychain.validate_path([b"SLIP-0021", b"Master encryption key"],
"slip21"))
self.assertEqual(
keychain.derive([b"SLIP-0021", b"Master encryption key"],
"slip21").key(), KEY_M_SLIP0021_MEK)
# Key(m/"SLIP-0021"/"Authentication key")
KEY_M_SLIP0021_AK = unhexlify(
b"47194e938ab24cc82bfa25f6486ed54bebe79c40ae2a5a32ea6db294d81861a6"
)
node2.derive_path([b"SLIP-0021", b"Authentication key"])
self.assertEqual(node2.key(), KEY_M_SLIP0021_AK)
self.assertIsNone(
keychain.validate_path([b"SLIP-0021", b"Authentication key"],
"slip21"))
self.assertEqual(
keychain.derive([b"SLIP-0021", b"Authentication key"],
"slip21").key(), KEY_M_SLIP0021_AK)
# Forbidden paths.
with self.assertRaises(wire.DataError):
self.assertFalse(keychain.validate_path([], "slip21"))
with self.assertRaises(wire.DataError):
self.assertFalse(
keychain.validate_path([b"SLIP-9999", b"Authentication key"],
"slip21"))
with self.assertRaises(wire.DataError):
keychain.derive([b"SLIP-9999", b"Authentication key"],
"slip21").key()
def test_p2pkh_gen_proof(self):
coin = coins.by_name('Bitcoin')
seed = bip39.seed(' '.join(['all'] * 12), 'TREZOR')
keychain = Keychain(seed, [[coin.curve_name, [44 | HARDENED]], ["slip21", [b"SLIP-0019"]]])
commitment_data = b""
node = keychain.derive([44 | HARDENED, 0 | HARDENED, 0 | HARDENED, 1, 0])
address = node.address(coin.address_type)
script_pubkey = scripts.output_derive_script(address, coin)
ownership_id = ownership.get_identifier(script_pubkey, keychain)
self.assertEqual(ownership_id, unhexlify("ccc49ac5fede0efc80725fbda8b763d4e62a221c51cc5425076cffa7722c0bda"))
proof, signature = ownership.generate_proof(
node=node,
script_type=InputScriptType.SPENDADDRESS,
multisig=None,
coin=coin,
user_confirmed=False,
ownership_ids=[ownership_id],
script_pubkey=script_pubkey,
commitment_data=commitment_data,
)
self.assertEqual(signature, unhexlify("304402206682f40a12f3609a308acb872888470a07760f2f4790ee4ff62665a39c02a5fc022026f3f38a7c2b2668c2eff9cc1e712c7f254926a482bae411ad18947eba9fd21c"))
self.assertEqual(proof, unhexlify("534c00190001ccc49ac5fede0efc80725fbda8b763d4e62a221c51cc5425076cffa7722c0bda6a47304402206682f40a12f3609a308acb872888470a07760f2f4790ee4ff62665a39c02a5fc022026f3f38a7c2b2668c2eff9cc1e712c7f254926a482bae411ad18947eba9fd21c012102f63159e21fbcb54221ec993def967ad2183a9c243c8bff6e7d60f4d5ed3b386500"))
self.assertFalse(ownership.verify_nonownership(proof, script_pubkey, commitment_data, keychain, coin))
def test_p2wpkh_gen_proof(self):
coin = coins.by_name('Bitcoin')
seed = bip39.seed(' '.join(['all'] * 12), '')
keychain = Keychain(seed, [[coin.curve_name, [84 | HARDENED]], ["slip21", [b"SLIP-0019"]]])
commitment_data = b""
node = keychain.derive([84 | HARDENED, 0 | HARDENED, 0 | HARDENED, 1, 0])
address = address_p2wpkh(node.public_key(), coin)
script_pubkey = scripts.output_derive_script(address, coin)
ownership_id = ownership.get_identifier(script_pubkey, keychain)
self.assertEqual(ownership_id, unhexlify("a122407efc198211c81af4450f40b235d54775efd934d16b9e31c6ce9bad5707"))
proof, signature = ownership.generate_proof(
node=node,
script_type=InputScriptType.SPENDWITNESS,
multisig=None,
coin=coin,
user_confirmed=False,
ownership_ids=[ownership_id],
script_pubkey=script_pubkey,
commitment_data=commitment_data,
)
self.assertEqual(signature, unhexlify("3045022100e5eaf2cb0a473b4545115c7b85323809e75cb106175ace38129fd62323d73df30220363dbc7acb7afcda022b1f8d97acb8f47c42043cfe0595583aa26e30bc8b3bb5"))
self.assertEqual(proof, unhexlify("534c00190001a122407efc198211c81af4450f40b235d54775efd934d16b9e31c6ce9bad57070002483045022100e5eaf2cb0a473b4545115c7b85323809e75cb106175ace38129fd62323d73df30220363dbc7acb7afcda022b1f8d97acb8f47c42043cfe0595583aa26e30bc8b3bb50121032ef68318c8f6aaa0adec0199c69901f0db7d3485eb38d9ad235221dc3d61154b"))
self.assertFalse(ownership.verify_nonownership(proof, script_pubkey, commitment_data, keychain, coin))
def test_preimage_testdata(self):
seed = bip39.seed(
'alcohol woman abuse must during monitor noble actual mixed trade anger aisle',
'')
coin = coins.by_name(self.tx.coin_name)
bip143 = Bitcoin(self.tx, None, coin)
bip143.hash143_add_input(self.inp1)
bip143.hash143_add_input(self.inp2)
for txo in [self.out1, self.out2]:
txo_bin = TxOutputBinType()
txo_bin.amount = txo.amount
script_pubkey = output_derive_script(txo.address, coin)
bip143.hash143_add_output(txo_bin, script_pubkey)
keychain = Keychain(seed, [[coin.curve_name, []]])
node = keychain.derive(self.inp2.address_n)
# test data public key hash
# only for input 2 - input 1 is not segwit
result = bip143.hash143_preimage_hash(self.inp2, [node.public_key()],
1)
self.assertEqual(
hexlify(result),
b'2fa3f1351618b2532228d7182d3221d95c21fd3d496e7e22e9ded873cf022a8b'
)
def test_slip77(self):
seed = bip39.seed(
"alcohol woman abuse must during monitor noble actual mixed trade anger aisle",
"")
keychain = Keychain(seed, [["slip21", b"SLIP-0077"], ["secp256k1"]])
node = keychain.derive(
[44 | HARDENED, 1 | HARDENED, 0 | HARDENED, 0, 0])
coin = coins.by_name('Elements')
pubkey_hash = addresses.ecdsa_hash_pubkey(node.public_key(), coin)
script = scripts.output_script_p2pkh(pubkey_hash)
private_key = keychain.derive_slip77_blinding_private_key(script)
self.assertEqual(
private_key,
unhexlify(
b"26f1dc2c52222394236d76e0809516255cfcca94069fd5187c0f090d18f42ad6"
))
public_key = keychain.derive_slip77_blinding_public_key(script)
self.assertEqual(
public_key,
unhexlify(
b"03e84cd853fea825bd94f5d2d46580ae0d059c734707fa7a08f5e2f612a51c1acb"
))
self.assertEqual(secp256k1.publickey(private_key), public_key)
async def sign_tx(
ctx: wire.Context, msg: EosSignTx, keychain: seed.Keychain
) -> EosSignedTx:
if msg.chain_id is None:
raise wire.DataError("No chain id")
if msg.header is None:
raise wire.DataError("No header")
if msg.num_actions is None or msg.num_actions == 0:
raise wire.DataError("No actions")
await paths.validate_path(ctx, validate_full_path, keychain, msg.address_n, CURVE)
node = keychain.derive(msg.address_n)
sha = HashWriter(sha256())
await _init(ctx, sha, msg)
await _actions(ctx, sha, msg.num_actions)
writers.write_variant32(sha, 0)
writers.write_bytes(sha, bytearray(32))
digest = sha.get_digest()
signature = secp256k1.sign(
node.private_key(), digest, True, secp256k1.CANONICAL_SIG_EOS
)
return EosSignedTx(signature=base58_encode("SIG_", "K1", signature))
def test_p2wpkh_in_p2sh_gen_proof(self):
coin = coins.by_name('Bitcoin')
seed = bip39.seed(' '.join(['all'] * 12), '')
keychain = Keychain(seed, [[coin.curve_name, [49 | HARDENED]], ["slip21", [b"SLIP-0019"]]])
commitment_data = b""
node = keychain.derive([49 | HARDENED, 0 | HARDENED, 0 | HARDENED, 1, 0])
address = address_p2wpkh_in_p2sh(node.public_key(), coin)
script_pubkey = scripts.output_derive_script(address, coin)
ownership_id = ownership.get_identifier(script_pubkey, keychain)
self.assertEqual(ownership_id, unhexlify("92caf0b8daf78f1d388dbbceaec34bd2dabc31b217e32343663667f6694a3f46"))
proof, signature = ownership.generate_proof(
node=node,
script_type=InputScriptType.SPENDP2SHWITNESS,
multisig=None,
coin=coin,
user_confirmed=False,
ownership_ids=[ownership_id],
script_pubkey=script_pubkey,
commitment_data=commitment_data,
)
self.assertEqual(signature, unhexlify("3045022100a37330dca699725db613dd1b30059843d1248340642162a0adef114509c9849402201126c9044b998065d40b44fd2399b52c409794bbc3bfdd358cd5fb450c94316d"))
self.assertEqual(proof, unhexlify("534c0019000192caf0b8daf78f1d388dbbceaec34bd2dabc31b217e32343663667f6694a3f4617160014e0cffbee1925a411844f44c3b8d81365ab51d03602483045022100a37330dca699725db613dd1b30059843d1248340642162a0adef114509c9849402201126c9044b998065d40b44fd2399b52c409794bbc3bfdd358cd5fb450c94316d012103a961687895a78da9aef98eed8e1f2a3e91cfb69d2f3cf11cbd0bb1773d951928"))
self.assertFalse(ownership.verify_nonownership(proof, script_pubkey, commitment_data, keychain, coin))
def get_address_for_change(
o: TxOutputType, coin: coininfo.CoinInfo, keychain: seed.Keychain
):
try:
input_script_type = helpers.CHANGE_OUTPUT_TO_INPUT_SCRIPT_TYPES[o.script_type]
except KeyError:
raise SigningError(FailureType.DataError, "Invalid script type")
node = keychain.derive(o.address_n, coin.curve_name)
return addresses.get_address(input_script_type, coin, node, o.multisig)
async def get_public_key(ctx, msg: BinanceGetPublicKey, keychain: Keychain):
await paths.validate_path(ctx, helpers.validate_full_path, keychain,
msg.address_n, CURVE)
node = keychain.derive(msg.address_n)
pubkey = node.public_key()
if msg.show_display:
await layout.show_pubkey(ctx, pubkey)
return BinancePublicKey(pubkey)
async def get_public_key(ctx: wire.Context, msg: EosGetPublicKey,
keychain: Keychain) -> EosPublicKey:
await paths.validate_path(ctx, validate_full_path, keychain, msg.address_n,
CURVE)
node = keychain.derive(msg.address_n)
wif, public_key = _get_public_key(node)
if msg.show_display:
await require_get_public_key(ctx, wif)
return EosPublicKey(wif, public_key)
def get_address_for_change(o: TxOutputType, coin: coininfo.CoinInfo,
keychain: seed.Keychain):
if o.script_type == OutputScriptType.PAYTOADDRESS:
input_script_type = InputScriptType.SPENDADDRESS
elif o.script_type == OutputScriptType.PAYTOMULTISIG:
input_script_type = InputScriptType.SPENDMULTISIG
elif o.script_type == OutputScriptType.PAYTOWITNESS:
input_script_type = InputScriptType.SPENDWITNESS
elif o.script_type == OutputScriptType.PAYTOP2SHWITNESS:
input_script_type = InputScriptType.SPENDP2SHWITNESS
else:
raise SigningError(FailureType.DataError, "Invalid script type")
node = keychain.derive(o.address_n, coin.curve_name)
return addresses.get_address(input_script_type, coin, node, o.multisig)
def test_bip143_preimage_testdata(self):
seed = bip39.seed('alcohol woman abuse must during monitor noble actual mixed trade anger aisle', '')
coin = coins.by_name(self.tx.coin_name)
bip143 = Bitcoin(self.tx, None, coin)
bip143.hash143_add_input(self.inp1)
for txo in [self.out1, self.out2]:
txo_bin = TxOutputBinType()
txo_bin.amount = txo.amount
script_pubkey = output_derive_script(txo.address, coin)
bip143.hash143_add_output(txo_bin, script_pubkey)
keychain = Keychain(seed, [[coin.curve_name, []]])
node = keychain.derive(self.inp1.address_n)
# test data public key hash
result = bip143.hash143_preimage_hash(self.inp1, [node.public_key()], 1)
self.assertEqual(hexlify(result), b'6e28aca7041720995d4acf59bbda64eef5d6f23723d23f2e994757546674bbd9')
async def get_address(ctx, msg: BinanceGetAddress, keychain: Keychain):
HRP = "bnb"
await paths.validate_path(ctx, helpers.validate_full_path, keychain,
msg.address_n, CURVE)
node = keychain.derive(msg.address_n)
pubkey = node.public_key()
address = helpers.address_from_public_key(pubkey, HRP)
if msg.show_display:
desc = address_n_to_str(msg.address_n)
while True:
if await show_address(ctx, address, desc=desc):
break
if await show_qr(ctx, address, desc=desc):
break
return BinanceAddress(address=address)
async def sign_tx(ctx, envelope, keychain: Keychain):
# create transaction message -> sign it -> create signature/pubkey message -> serialize all
if envelope.msg_count > 1:
raise wire.DataError("Multiple messages not supported.")
await paths.validate_path(ctx, helpers.validate_full_path, keychain,
envelope.address_n, CURVE)
node = keychain.derive(envelope.address_n)
tx_req = BinanceTxRequest()
msg = await ctx.call_any(
tx_req,
MessageType.BinanceCancelMsg,
MessageType.BinanceOrderMsg,
MessageType.BinanceTransferMsg,
)
if envelope.source is None or envelope.source < 0:
raise wire.DataError("Source missing or invalid.")
msg_json = helpers.produce_json_for_signing(envelope, msg)
if isinstance(msg, BinanceTransferMsg):
await layout.require_confirm_transfer(ctx, msg)
elif isinstance(msg, BinanceOrderMsg):
await layout.require_confirm_order(ctx, msg)
elif isinstance(msg, BinanceCancelMsg):
await layout.require_confirm_cancel(ctx, msg)
else:
raise ValueError("input message unrecognized, is of type " +
type(msg).__name__)
signature_bytes = generate_content_signature(msg_json.encode(),
node.private_key())
return BinanceSignedTx(signature=signature_bytes,
public_key=node.public_key())
async def get_ownership_id(ctx, msg: GetOwnershipId, keychain: Keychain,
coin: coininfo.CoinInfo) -> OwnershipId:
await validate_path(
ctx,
addresses.validate_full_path,
keychain,
msg.address_n,
coin.curve_name,
coin=coin,
script_type=msg.script_type,
)
if msg.script_type not in common.INTERNAL_INPUT_SCRIPT_TYPES:
raise wire.DataError("Invalid script type")
if msg.script_type in common.SEGWIT_INPUT_SCRIPT_TYPES and not coin.segwit:
raise wire.DataError("Segwit not enabled on this coin")
node = keychain.derive(msg.address_n)
address = addresses.get_address(msg.script_type, coin, node, msg.multisig)
script_pubkey = scripts.output_derive_script(address, coin)
ownership_id = get_identifier(script_pubkey, keychain)
return OwnershipId(ownership_id=ownership_id)
async def sign_tx(tx: SignTx, keychain: seed.Keychain):
tx = helpers.sanitize_sign_tx(tx)
progress.init(tx.inputs_count, tx.outputs_count)
# Phase 1
h_first, hash143, segwit, authorized_in, wallet_path = await check_tx_fee(
tx, keychain)
# Phase 2
# - sign inputs
# - check that nothing changed
coin = coins.by_name(tx.coin_name)
tx_ser = TxRequestSerializedType()
txo_bin = TxOutputBinType()
tx_req = TxRequest()
tx_req.details = TxRequestDetailsType()
tx_req.serialized = None
if coin.decred:
prefix_hash = hash143.prefix_hash()
for i_sign in range(tx.inputs_count):
progress.advance()
txi_sign = None
key_sign = None
key_sign_pub = None
if segwit[i_sign]:
# STAGE_REQUEST_SEGWIT_INPUT
txi_sign = await helpers.request_tx_input(tx_req, i_sign)
if not input_is_segwit(txi_sign):
raise SigningError(FailureType.ProcessError,
"Transaction has changed during signing")
input_check_wallet_path(txi_sign, wallet_path)
key_sign = keychain.derive(txi_sign.address_n, coin.curve_name)
key_sign_pub = key_sign.public_key()
txi_sign.script_sig = input_derive_script(coin, txi_sign,
key_sign_pub)
w_txi = writers.empty_bytearray(7 + len(txi_sign.prev_hash) + 4 +
len(txi_sign.script_sig) + 4)
if i_sign == 0: # serializing first input => prepend headers
writers.write_bytes(w_txi, get_tx_header(coin, tx, True))
writers.write_tx_input(w_txi, txi_sign)
tx_ser.serialized_tx = w_txi
tx_req.serialized = tx_ser
elif coin.force_bip143 or tx.overwintered:
# STAGE_REQUEST_SEGWIT_INPUT
txi_sign = await helpers.request_tx_input(tx_req, i_sign)
input_check_wallet_path(txi_sign, wallet_path)
is_bip143 = (txi_sign.script_type == InputScriptType.SPENDADDRESS
or txi_sign.script_type
== InputScriptType.SPENDMULTISIG)
if not is_bip143 or txi_sign.amount > authorized_in:
raise SigningError(FailureType.ProcessError,
"Transaction has changed during signing")
authorized_in -= txi_sign.amount
key_sign = keychain.derive(txi_sign.address_n, coin.curve_name)
key_sign_pub = key_sign.public_key()
hash143_hash = hash143.preimage_hash(
coin,
tx,
txi_sign,
addresses.ecdsa_hash_pubkey(key_sign_pub, coin),
get_hash_type(coin),
)
# if multisig, check if signing with a key that is included in multisig
if txi_sign.multisig:
multisig.multisig_pubkey_index(txi_sign.multisig, key_sign_pub)
signature = ecdsa_sign(key_sign, hash143_hash)
tx_ser.signature_index = i_sign
tx_ser.signature = signature
# serialize input with correct signature
txi_sign.script_sig = input_derive_script(coin, txi_sign,
key_sign_pub, signature)
w_txi_sign = writers.empty_bytearray(5 + len(txi_sign.prev_hash) +
4 + len(txi_sign.script_sig) +
4)
if i_sign == 0: # serializing first input => prepend headers
writers.write_bytes(w_txi_sign, get_tx_header(coin, tx))
writers.write_tx_input(w_txi_sign, txi_sign)
tx_ser.serialized_tx = w_txi_sign
tx_req.serialized = tx_ser
elif coin.decred:
txi_sign = await helpers.request_tx_input(tx_req, i_sign)
input_check_wallet_path(txi_sign, wallet_path)
key_sign = keychain.derive(txi_sign.address_n, coin.curve_name)
key_sign_pub = key_sign.public_key()
if txi_sign.script_type == InputScriptType.SPENDMULTISIG:
prev_pkscript = scripts.output_script_multisig(
multisig.multisig_get_pubkeys(txi_sign.multisig),
txi_sign.multisig.m,
)
elif txi_sign.script_type == InputScriptType.SPENDADDRESS:
prev_pkscript = scripts.output_script_p2pkh(
addresses.ecdsa_hash_pubkey(key_sign_pub, coin))
else:
raise ValueError("Unknown input script type")
h_witness = utils.HashWriter(blake256())
writers.write_uint32(
h_witness,
tx.version | decred.DECRED_SERIALIZE_WITNESS_SIGNING)
writers.write_varint(h_witness, tx.inputs_count)
for ii in range(tx.inputs_count):
if ii == i_sign:
writers.write_varint(h_witness, len(prev_pkscript))
writers.write_bytes(h_witness, prev_pkscript)
else:
writers.write_varint(h_witness, 0)
witness_hash = writers.get_tx_hash(h_witness,
double=coin.sign_hash_double,
reverse=False)
h_sign = utils.HashWriter(blake256())
writers.write_uint32(h_sign, decred.DECRED_SIGHASHALL)
writers.write_bytes(h_sign, prefix_hash)
writers.write_bytes(h_sign, witness_hash)
sig_hash = writers.get_tx_hash(h_sign,
double=coin.sign_hash_double)
signature = ecdsa_sign(key_sign, sig_hash)
tx_ser.signature_index = i_sign
tx_ser.signature = signature
# serialize input with correct signature
txi_sign.script_sig = input_derive_script(coin, txi_sign,
key_sign_pub, signature)
w_txi_sign = writers.empty_bytearray(
8 + 4 +
len(hash143.get_last_output_bytes()) if i_sign == 0 else 0 +
16 + 4 + len(txi_sign.script_sig))
if i_sign == 0:
writers.write_bytes(w_txi_sign,
hash143.get_last_output_bytes())
writers.write_uint32(w_txi_sign, tx.lock_time)
writers.write_uint32(w_txi_sign, tx.expiry)
writers.write_varint(w_txi_sign, tx.inputs_count)
writers.write_tx_input_decred_witness(w_txi_sign, txi_sign)
tx_ser.serialized_tx = w_txi_sign
tx_req.serialized = tx_ser
else:
# hash of what we are signing with this input
h_sign = utils.HashWriter(sha256())
# same as h_first, checked before signing the digest
h_second = utils.HashWriter(sha256())
if tx.overwintered:
writers.write_uint32(
h_sign, tx.version
| zcash.OVERWINTERED) # nVersion | fOverwintered
writers.write_uint32(h_sign,
tx.version_group_id) # nVersionGroupId
else:
writers.write_uint32(h_sign, tx.version) # nVersion
if tx.timestamp:
writers.write_uint32(h_sign, tx.timestamp)
writers.write_varint(h_sign, tx.inputs_count)
for i in range(tx.inputs_count):
# STAGE_REQUEST_4_INPUT
txi = await helpers.request_tx_input(tx_req, i)
input_check_wallet_path(txi, wallet_path)
writers.write_tx_input_check(h_second, txi)
if i == i_sign:
txi_sign = txi
key_sign = keychain.derive(txi.address_n, coin.curve_name)
key_sign_pub = key_sign.public_key()
# for the signing process the script_sig is equal
# to the previous tx's scriptPubKey (P2PKH) or a redeem script (P2SH)
if txi_sign.script_type == InputScriptType.SPENDMULTISIG:
txi_sign.script_sig = scripts.output_script_multisig(
multisig.multisig_get_pubkeys(txi_sign.multisig),
txi_sign.multisig.m,
)
elif txi_sign.script_type == InputScriptType.SPENDADDRESS:
txi_sign.script_sig = scripts.output_script_p2pkh(
addresses.ecdsa_hash_pubkey(key_sign_pub, coin))
if coin.bip115:
txi_sign.script_sig += scripts.script_replay_protection_bip115(
txi_sign.prev_block_hash_bip115,
txi_sign.prev_block_height_bip115,
)
else:
raise SigningError(FailureType.ProcessError,
"Unknown transaction type")
else:
txi.script_sig = bytes()
writers.write_tx_input(h_sign, txi)
writers.write_varint(h_sign, tx.outputs_count)
for o in range(tx.outputs_count):
# STAGE_REQUEST_4_OUTPUT
txo = await helpers.request_tx_output(tx_req, o)
txo_bin.amount = txo.amount
txo_bin.script_pubkey = output_derive_script(
txo, coin, keychain)
writers.write_tx_output(h_second, txo_bin)
writers.write_tx_output(h_sign, txo_bin)
writers.write_uint32(h_sign, tx.lock_time)
if tx.overwintered:
writers.write_uint32(h_sign, tx.expiry) # expiryHeight
writers.write_varint(h_sign, 0) # nJoinSplit
writers.write_uint32(h_sign, get_hash_type(coin))
# check the control digests
if writers.get_tx_hash(h_first,
False) != writers.get_tx_hash(h_second):
raise SigningError(FailureType.ProcessError,
"Transaction has changed during signing")
# if multisig, check if signing with a key that is included in multisig
if txi_sign.multisig:
multisig.multisig_pubkey_index(txi_sign.multisig, key_sign_pub)
# compute the signature from the tx digest
signature = ecdsa_sign(
key_sign,
writers.get_tx_hash(h_sign, double=coin.sign_hash_double))
tx_ser.signature_index = i_sign
tx_ser.signature = signature
# serialize input with correct signature
txi_sign.script_sig = input_derive_script(coin, txi_sign,
key_sign_pub, signature)
w_txi_sign = writers.empty_bytearray(5 + len(txi_sign.prev_hash) +
4 + len(txi_sign.script_sig) +
4)
if i_sign == 0: # serializing first input => prepend headers
writers.write_bytes(w_txi_sign, get_tx_header(coin, tx))
writers.write_tx_input(w_txi_sign, txi_sign)
tx_ser.serialized_tx = w_txi_sign
tx_req.serialized = tx_ser
if coin.decred:
return await helpers.request_tx_finish(tx_req)
for o in range(tx.outputs_count):
progress.advance()
# STAGE_REQUEST_5_OUTPUT
txo = await helpers.request_tx_output(tx_req, o)
txo_bin.amount = txo.amount
txo_bin.script_pubkey = output_derive_script(txo, coin, keychain)
# serialize output
w_txo_bin = writers.empty_bytearray(5 + 8 + 5 +
len(txo_bin.script_pubkey) + 4)
if o == 0: # serializing first output => prepend outputs count
writers.write_varint(w_txo_bin, tx.outputs_count)
writers.write_tx_output(w_txo_bin, txo_bin)
tx_ser.signature_index = None
tx_ser.signature = None
tx_ser.serialized_tx = w_txo_bin
tx_req.serialized = tx_ser
any_segwit = True in segwit.values()
for i in range(tx.inputs_count):
progress.advance()
if segwit[i]:
# STAGE_REQUEST_SEGWIT_WITNESS
txi = await helpers.request_tx_input(tx_req, i)
input_check_wallet_path(txi, wallet_path)
if not input_is_segwit(txi) or txi.amount > authorized_in:
raise SigningError(FailureType.ProcessError,
"Transaction has changed during signing")
authorized_in -= txi.amount
key_sign = keychain.derive(txi.address_n, coin.curve_name)
key_sign_pub = key_sign.public_key()
hash143_hash = hash143.preimage_hash(
coin,
tx,
txi,
addresses.ecdsa_hash_pubkey(key_sign_pub, coin),
get_hash_type(coin),
)
signature = ecdsa_sign(key_sign, hash143_hash)
if txi.multisig:
# find out place of our signature based on the pubkey
signature_index = multisig.multisig_pubkey_index(
txi.multisig, key_sign_pub)
witness = scripts.witness_p2wsh(txi.multisig, signature,
signature_index,
get_hash_type(coin))
else:
witness = scripts.witness_p2wpkh(signature, key_sign_pub,
get_hash_type(coin))
tx_ser.serialized_tx = witness
tx_ser.signature_index = i
tx_ser.signature = signature
elif any_segwit:
tx_ser.serialized_tx = bytearray(
1) # empty witness for non-segwit inputs
tx_ser.signature_index = None
tx_ser.signature = None
tx_req.serialized = tx_ser
writers.write_uint32(tx_ser.serialized_tx, tx.lock_time)
if tx.overwintered:
if tx.version == 3:
writers.write_uint32(tx_ser.serialized_tx,
tx.expiry) # expiryHeight
writers.write_varint(tx_ser.serialized_tx, 0) # nJoinSplit
elif tx.version == 4:
writers.write_uint32(tx_ser.serialized_tx,
tx.expiry) # expiryHeight
writers.write_uint64(tx_ser.serialized_tx, 0) # valueBalance
writers.write_varint(tx_ser.serialized_tx, 0) # nShieldedSpend
writers.write_varint(tx_ser.serialized_tx, 0) # nShieldedOutput
writers.write_varint(tx_ser.serialized_tx, 0) # nJoinSplit
else:
raise SigningError(
FailureType.DataError,
"Unsupported version for overwintered transaction",
)
await helpers.request_tx_finish(tx_req)
async def get_ownership_proof(
ctx, msg: GetOwnershipProof, keychain: Keychain, coin: coininfo.CoinInfo
) -> OwnershipProof:
await validate_path(
ctx,
addresses.validate_full_path,
keychain,
msg.address_n,
coin.curve_name,
coin=coin,
script_type=msg.script_type,
)
if msg.script_type not in common.INTERNAL_INPUT_SCRIPT_TYPES:
raise wire.DataError("Invalid script type")
if msg.script_type in common.SEGWIT_INPUT_SCRIPT_TYPES and not coin.segwit:
raise wire.DataError("Segwit not enabled on this coin")
node = keychain.derive(msg.address_n)
address = addresses.get_address(msg.script_type, coin, node, msg.multisig)
script_pubkey = scripts.output_derive_script(address, coin)
ownership_id = get_identifier(script_pubkey, keychain)
# If the scriptPubKey is multisig, then the caller has to provide
# ownership IDs, otherwise providing an ID is optional.
if msg.multisig:
if ownership_id not in msg.ownership_ids:
raise wire.DataError("Missing ownership identifier")
elif msg.ownership_ids:
if msg.ownership_ids != [ownership_id]:
raise wire.DataError("Invalid ownership identifier")
else:
msg.ownership_ids = [ownership_id]
# In order to set the "user confirmation" bit in the proof, the user must actually confirm.
if msg.user_confirmation:
text = Text("Proof of ownership", ui.ICON_CONFIG)
text.normal("Do you want to create a")
if not msg.commitment_data:
text.normal("proof of ownership?")
else:
hex_data = hexlify(msg.commitment_data).decode()
text.normal("proof of ownership for:")
if len(hex_data) > 3 * _MAX_MONO_LINE:
text.mono(hex_data[0:_MAX_MONO_LINE])
text.mono(
hex_data[_MAX_MONO_LINE : 3 * _MAX_MONO_LINE // 2 - 1]
+ "..."
+ hex_data[-3 * _MAX_MONO_LINE // 2 + 2 : -_MAX_MONO_LINE]
)
text.mono(hex_data[-_MAX_MONO_LINE:])
else:
text.mono(hex_data)
await require_confirm(ctx, text)
ownership_proof, signature = generate_proof(
node,
msg.script_type,
msg.multisig,
coin,
msg.user_confirmation,
msg.ownership_ids,
script_pubkey,
msg.commitment_data,
)
return OwnershipProof(ownership_proof=ownership_proof, signature=signature)
def get_identifier(script_pubkey: bytes, keychain: seed.Keychain) -> bytes:
# k = Key(m/"SLIP-0019"/"Ownership identification key")
node = keychain.derive(_OWNERSHIP_ID_KEY_PATH)
# id = HMAC-SHA256(key = k, msg = scriptPubKey)
return hmac.Hmac(node.key(), script_pubkey, hashlib.sha256).digest()
def test_p2wsh_in_p2sh_gen_proof(self):
coin = coins.by_name('Bitcoin')
seed = bip39.seed(' '.join(['all'] * 12), '')
keychain = Keychain(seed, [[coin.curve_name, [49 | HARDENED]], ["slip21", [b"SLIP-0019"]]])
commitment_data = b""
nodes = []
for index in range(1, 6):
node = keychain.derive([49 | HARDENED, 0 | HARDENED, index | HARDENED])
nodes.append(HDNodeType(
depth=node.depth(),
child_num=node.child_num(),
fingerprint=node.fingerprint(),
chain_code=node.chain_code(),
public_key=node.public_key(),
))
multisig = MultisigRedeemScriptType(
nodes=nodes,
address_n=[0, 1],
signatures=[b"", b"", b"", b"", b""],
m=3,
)
pubkeys = multisig_get_pubkeys(multisig)
address = address_multisig_p2wsh_in_p2sh(pubkeys, multisig.m, coin)
script_pubkey = scripts.output_derive_script(address, coin)
ownership_id = ownership.get_identifier(script_pubkey, keychain)
ownership_ids = [b'\x00' * 32, b'\x01' * 32, b'\x02' * 32, ownership_id]
self.assertEqual(ownership_id, unhexlify("66f99db388dfa7ae137f7bdb5f0004b4d6968014921cfaff1fec042e3bb83ae0"))
# Sign with the second key.
_, signature = ownership.generate_proof(
node=keychain.derive([49 | HARDENED, 0 | HARDENED, 2 | HARDENED, 0, 1]),
script_type=InputScriptType.SPENDP2SHWITNESS,
multisig=multisig,
coin=coin,
user_confirmed=False,
ownership_ids=ownership_ids,
script_pubkey=script_pubkey,
commitment_data=commitment_data,
)
self.assertEqual(signature, unhexlify("3045022100deccf7735da7a8236efd59d5759c4cbe9fa32d567bcd57d8d718cc689bc6972402202ce7fe49b0f0caea049be69c91bca9c9397d693d79388f1cfb65d51deadfb3d8"))
multisig.signatures[1] = signature
# Sign with the fourth key.
proof, signature = ownership.generate_proof(
node=keychain.derive([49 | HARDENED, 0 | HARDENED, 4 | HARDENED, 0, 1]),
script_type=InputScriptType.SPENDP2SHWITNESS,
multisig=multisig,
coin=coin,
user_confirmed=False,
ownership_ids=ownership_ids,
script_pubkey=script_pubkey,
commitment_data=commitment_data,
)
self.assertEqual(signature, unhexlify("304402206e8219a013e94de493c4ff50b44d31f443d37a2c4dbcba6af1ac825b28cc631202200741a72035acd122a6f4fdb994c15ab19aa20cecdfdb19aa37490e7bb011a617"))
multisig.signatures[3] = signature
# Sign with the fifth key.
proof, signature = ownership.generate_proof(
node=keychain.derive([49 | HARDENED, 0 | HARDENED, 5 | HARDENED, 0, 1]),
script_type=InputScriptType.SPENDP2SHWITNESS,
multisig=multisig,
coin=coin,
user_confirmed=False,
ownership_ids=ownership_ids,
script_pubkey=script_pubkey,
commitment_data=commitment_data,
)
self.assertEqual(signature, unhexlify("304402202f6066733abf4671b74f1f883dd3c8d4810aa71b7b7b5f6196b1ceff83d5370e022053aad3bde0fe6ce6c4553dd72ddf07e7f06447a7bd35edf6f0b4e9690ee7ce79"))
self.assertEqual(proof, unhexlify("534c0019000400000000000000000000000000000000000000000000000000000000000000000101010101010101010101010101010101010101010101010101010101010101020202020202020202020202020202020202020202020202020202020202020266f99db388dfa7ae137f7bdb5f0004b4d6968014921cfaff1fec042e3bb83ae0232200208c256ed80a97a421656daa1468f6d4d43f475cb52ed79532d8bcb315518298120500483045022100deccf7735da7a8236efd59d5759c4cbe9fa32d567bcd57d8d718cc689bc6972402202ce7fe49b0f0caea049be69c91bca9c9397d693d79388f1cfb65d51deadfb3d80147304402206e8219a013e94de493c4ff50b44d31f443d37a2c4dbcba6af1ac825b28cc631202200741a72035acd122a6f4fdb994c15ab19aa20cecdfdb19aa37490e7bb011a6170147304402202f6066733abf4671b74f1f883dd3c8d4810aa71b7b7b5f6196b1ceff83d5370e022053aad3bde0fe6ce6c4553dd72ddf07e7f06447a7bd35edf6f0b4e9690ee7ce7901ad5321032922ce9b0b71ae2d2d8a7f239610ae8226e0fb8c0f445ec4c88cf9aa4787f44b21028373a1cdb9a1afbc67e57f75eeea1f53e7210ae8ec4b3441a5f2bc4a250b663c21028ab4c06e3ad19053b370eff097697d4cb6d3738712ebcdcdc27c58a5639ac3aa2103e3247fab300aeba459257e4605245f85378ecbfe092ca3bc55ec1259baa456f521023b0d8d97398d97c4dba10f788344abd4bd1058ad3959724d32079ad04bdbde8a55ae"))
self.assertFalse(ownership.verify_nonownership(proof, script_pubkey, commitment_data, keychain, coin))
