def test_p2sh_gen_proof(self): coin = coins.by_name('Bitcoin') seed = bip39.seed(' '.join(['all'] * 12), '') keychain = Keychain(seed, [[coin.curve_name, [48 | HARDENED]], ["slip21", [b"SLIP-0019"]]]) commitment_data = b"TREZOR" nodes = [] for index in range(1, 3): node = keychain.derive([48 | HARDENED, 0 | HARDENED, index | HARDENED]) nodes.append(HDNodeType( depth=node.depth(), child_num=node.child_num(), fingerprint=node.fingerprint(), chain_code=node.chain_code(), public_key=node.public_key(), )) multisig = MultisigRedeemScriptType( nodes=nodes, address_n=[0, 0], signatures=[b"", b""], m=2, ) pubkeys = multisig_get_pubkeys(multisig) address = address_multisig_p2sh(pubkeys, multisig.m, coin) script_pubkey = scripts.output_derive_script(address, coin) ownership_id = ownership.get_identifier(script_pubkey, keychain) ownership_ids = [b'\x00' * 32, ownership_id] self.assertEqual(ownership_id, unhexlify("ce4ee8298ad105c3495a1d2b620343133521ab34de2450deeb32eec39475fef4")) # Sign with the first key. _, signature = ownership.generate_proof( node=keychain.derive([48 | HARDENED, 0 | HARDENED, 1 | HARDENED, 0, 0]), script_type=InputScriptType.SPENDMULTISIG, multisig=multisig, coin=coin, user_confirmed=False, ownership_ids=ownership_ids, script_pubkey=script_pubkey, commitment_data=commitment_data, ) self.assertEqual(signature, unhexlify("3045022100bc63486f167b911dc8ef2414c4bca6dcfac999797b67159957802a9c49c2179402201cec0d53fee78fcfde496e30be35bd855d93a5be89604c55dcfdbdc515fbb41a")) multisig.signatures[0] = signature # Sign with the third key. proof, signature = ownership.generate_proof( node=keychain.derive([48 | HARDENED, 0 | HARDENED, 2 | HARDENED, 0, 0]), script_type=InputScriptType.SPENDMULTISIG, multisig=multisig, coin=coin, user_confirmed=False, ownership_ids=ownership_ids, script_pubkey=script_pubkey, commitment_data=commitment_data, ) self.assertEqual(signature, unhexlify("3045022100d9d5966eb7858cc1a600a9c05be252c1df11d662f319a107d04e219a27c1386c02200674523e50e89164d6d5683dfbe9a50594b08011e11c18813b56cf855755afde")) self.assertEqual(proof, unhexlify("534c001900020000000000000000000000000000000000000000000000000000000000000000ce4ee8298ad105c3495a1d2b620343133521ab34de2450deeb32eec39475fef4db00483045022100bc63486f167b911dc8ef2414c4bca6dcfac999797b67159957802a9c49c2179402201cec0d53fee78fcfde496e30be35bd855d93a5be89604c55dcfdbdc515fbb41a01483045022100d9d5966eb7858cc1a600a9c05be252c1df11d662f319a107d04e219a27c1386c02200674523e50e89164d6d5683dfbe9a50594b08011e11c18813b56cf855755afde014752210203ed6187880ae932660086e55d4561a57952dd200aa3ed2aa66b73e5723a0ce7210360e7f32fd3c8dee27a166f6614c598929699ee66acdcbda5fb24571bf2ae1ca052ae00")) self.assertFalse(ownership.verify_nonownership(proof, script_pubkey, commitment_data, keychain, coin))
def test_p2wsh_gen_proof(self): coin = coins.by_name('Bitcoin') seed = bip39.seed(' '.join(['all'] * 12), '') keychain = Keychain(seed, [[coin.curve_name, [84 | HARDENED]], ["slip21", [b"SLIP-0019"]]]) commitment_data = b"TREZOR" nodes = [] for index in range(1, 4): node = keychain.derive([84 | HARDENED, 0 | HARDENED, index | HARDENED]) nodes.append(HDNodeType( depth=node.depth(), child_num=node.child_num(), fingerprint=node.fingerprint(), chain_code=node.chain_code(), public_key=node.public_key(), )) multisig = MultisigRedeemScriptType( nodes=nodes, address_n=[0, 1], signatures=[b"", b"", b""], m=2, ) pubkeys = multisig_get_pubkeys(multisig) address = address_multisig_p2wsh(pubkeys, multisig.m, coin.bech32_prefix) script_pubkey = scripts.output_derive_script(address, coin) ownership_id = ownership.get_identifier(script_pubkey, keychain) ownership_ids = [b'\x00' * 32, ownership_id, b'\x01' * 32] self.assertEqual(ownership_id, unhexlify("9c27411da79a23811856f897da890452ab9e17086038c4a3e70e9efa875cb3ef")) # Sign with the first key. _, signature = ownership.generate_proof( node=keychain.derive([84 | HARDENED, 0 | HARDENED, 1 | HARDENED, 0, 1]), script_type=InputScriptType.SPENDWITNESS, multisig=multisig, coin=coin, user_confirmed=False, ownership_ids=ownership_ids, script_pubkey=script_pubkey, commitment_data=commitment_data, ) self.assertEqual(signature, unhexlify("304402207568cf003ff548c52ce8e3a46a1c1e681462ca8f1651b0c82f688d41280753b4022024f977fa96fd23cf71e35d4d3c5087c375fcf1b6eed6d11ab00d552817d39ba4")) multisig.signatures[0] = signature # Sign with the third key. proof, signature = ownership.generate_proof( node=keychain.derive([84 | HARDENED, 0 | HARDENED, 3 | HARDENED, 0, 1]), script_type=InputScriptType.SPENDWITNESS, multisig=multisig, coin=coin, user_confirmed=False, ownership_ids=ownership_ids, script_pubkey=script_pubkey, commitment_data=commitment_data, ) self.assertEqual(signature, unhexlify("304402203c4fedba34aebd213aba5b5af1ae26240a10a05cfc1c5b75c629275aa21560bb02203b90b4079c20f792f4ec533c72af31435b1e5f648ca8302730c309690133a710")) self.assertEqual(proof, unhexlify("534c0019000300000000000000000000000000000000000000000000000000000000000000009c27411da79a23811856f897da890452ab9e17086038c4a3e70e9efa875cb3ef010101010101010101010101010101010101010101010101010101010101010100040047304402207568cf003ff548c52ce8e3a46a1c1e681462ca8f1651b0c82f688d41280753b4022024f977fa96fd23cf71e35d4d3c5087c375fcf1b6eed6d11ab00d552817d39ba40147304402203c4fedba34aebd213aba5b5af1ae26240a10a05cfc1c5b75c629275aa21560bb02203b90b4079c20f792f4ec533c72af31435b1e5f648ca8302730c309690133a71001695221022aff3e39acd2d510c661e097a9657962ad6bf75a977c2c905152d2eb2cd58c7b210241ec073f3bb3f701a87b78fbc5f7b4daec140b87da38303173eddd0860ac55e321030205585a3eb01cbebbbb7b9138f7796117cca8e30eba5cd143ff4e3e617d221553ae")) self.assertFalse(ownership.verify_nonownership(proof, script_pubkey, commitment_data, keychain, coin))
def test_slip21(self): seed = bip39.seed(' '.join(['all'] * 12), '') node1 = Slip21Node(seed) node2 = node1.clone() keychain = Keychain(seed, [["slip21", b"SLIP-0021"]]) # Key(m) KEY_M = unhexlify( b"dbf12b44133eaab506a740f6565cc117228cbf1dd70635cfa8ddfdc9af734756" ) self.assertEqual(node1.key(), KEY_M) # Key(m/"SLIP-0021") KEY_M_SLIP0021 = unhexlify( b"1d065e3ac1bbe5c7fad32cf2305f7d709dc070d672044a19e610c77cdf33de0d" ) node1.derive_path([b"SLIP-0021"]) self.assertEqual(node1.key(), KEY_M_SLIP0021) self.assertIsNone(keychain.validate_path([b"SLIP-0021"], "slip21")) self.assertEqual( keychain.derive([b"SLIP-0021"], "slip21").key(), KEY_M_SLIP0021) # Key(m/"SLIP-0021"/"Master encryption key") KEY_M_SLIP0021_MEK = unhexlify( b"ea163130e35bbafdf5ddee97a17b39cef2be4b4f390180d65b54cf05c6a82fde" ) node1.derive_path([b"Master encryption key"]) self.assertEqual(node1.key(), KEY_M_SLIP0021_MEK) self.assertIsNone( keychain.validate_path([b"SLIP-0021", b"Master encryption key"], "slip21")) self.assertEqual( keychain.derive([b"SLIP-0021", b"Master encryption key"], "slip21").key(), KEY_M_SLIP0021_MEK) # Key(m/"SLIP-0021"/"Authentication key") KEY_M_SLIP0021_AK = unhexlify( b"47194e938ab24cc82bfa25f6486ed54bebe79c40ae2a5a32ea6db294d81861a6" ) node2.derive_path([b"SLIP-0021", b"Authentication key"]) self.assertEqual(node2.key(), KEY_M_SLIP0021_AK) self.assertIsNone( keychain.validate_path([b"SLIP-0021", b"Authentication key"], "slip21")) self.assertEqual( keychain.derive([b"SLIP-0021", b"Authentication key"], "slip21").key(), KEY_M_SLIP0021_AK) # Forbidden paths. with self.assertRaises(wire.DataError): self.assertFalse(keychain.validate_path([], "slip21")) with self.assertRaises(wire.DataError): self.assertFalse( keychain.validate_path([b"SLIP-9999", b"Authentication key"], "slip21")) with self.assertRaises(wire.DataError): keychain.derive([b"SLIP-9999", b"Authentication key"], "slip21").key()
def test_p2pkh_gen_proof(self): coin = coins.by_name('Bitcoin') seed = bip39.seed(' '.join(['all'] * 12), 'TREZOR') keychain = Keychain(seed, [[coin.curve_name, [44 | HARDENED]], ["slip21", [b"SLIP-0019"]]]) commitment_data = b"" node = keychain.derive([44 | HARDENED, 0 | HARDENED, 0 | HARDENED, 1, 0]) address = node.address(coin.address_type) script_pubkey = scripts.output_derive_script(address, coin) ownership_id = ownership.get_identifier(script_pubkey, keychain) self.assertEqual(ownership_id, unhexlify("ccc49ac5fede0efc80725fbda8b763d4e62a221c51cc5425076cffa7722c0bda")) proof, signature = ownership.generate_proof( node=node, script_type=InputScriptType.SPENDADDRESS, multisig=None, coin=coin, user_confirmed=False, ownership_ids=[ownership_id], script_pubkey=script_pubkey, commitment_data=commitment_data, ) self.assertEqual(signature, unhexlify("304402206682f40a12f3609a308acb872888470a07760f2f4790ee4ff62665a39c02a5fc022026f3f38a7c2b2668c2eff9cc1e712c7f254926a482bae411ad18947eba9fd21c")) self.assertEqual(proof, unhexlify("534c00190001ccc49ac5fede0efc80725fbda8b763d4e62a221c51cc5425076cffa7722c0bda6a47304402206682f40a12f3609a308acb872888470a07760f2f4790ee4ff62665a39c02a5fc022026f3f38a7c2b2668c2eff9cc1e712c7f254926a482bae411ad18947eba9fd21c012102f63159e21fbcb54221ec993def967ad2183a9c243c8bff6e7d60f4d5ed3b386500")) self.assertFalse(ownership.verify_nonownership(proof, script_pubkey, commitment_data, keychain, coin))
def test_p2wpkh_gen_proof(self): coin = coins.by_name('Bitcoin') seed = bip39.seed(' '.join(['all'] * 12), '') keychain = Keychain(seed, [[coin.curve_name, [84 | HARDENED]], ["slip21", [b"SLIP-0019"]]]) commitment_data = b"" node = keychain.derive([84 | HARDENED, 0 | HARDENED, 0 | HARDENED, 1, 0]) address = address_p2wpkh(node.public_key(), coin) script_pubkey = scripts.output_derive_script(address, coin) ownership_id = ownership.get_identifier(script_pubkey, keychain) self.assertEqual(ownership_id, unhexlify("a122407efc198211c81af4450f40b235d54775efd934d16b9e31c6ce9bad5707")) proof, signature = ownership.generate_proof( node=node, script_type=InputScriptType.SPENDWITNESS, multisig=None, coin=coin, user_confirmed=False, ownership_ids=[ownership_id], script_pubkey=script_pubkey, commitment_data=commitment_data, ) self.assertEqual(signature, unhexlify("3045022100e5eaf2cb0a473b4545115c7b85323809e75cb106175ace38129fd62323d73df30220363dbc7acb7afcda022b1f8d97acb8f47c42043cfe0595583aa26e30bc8b3bb5")) self.assertEqual(proof, unhexlify("534c00190001a122407efc198211c81af4450f40b235d54775efd934d16b9e31c6ce9bad57070002483045022100e5eaf2cb0a473b4545115c7b85323809e75cb106175ace38129fd62323d73df30220363dbc7acb7afcda022b1f8d97acb8f47c42043cfe0595583aa26e30bc8b3bb50121032ef68318c8f6aaa0adec0199c69901f0db7d3485eb38d9ad235221dc3d61154b")) self.assertFalse(ownership.verify_nonownership(proof, script_pubkey, commitment_data, keychain, coin))
def test_preimage_testdata(self): seed = bip39.seed( 'alcohol woman abuse must during monitor noble actual mixed trade anger aisle', '') coin = coins.by_name(self.tx.coin_name) bip143 = Bitcoin(self.tx, None, coin) bip143.hash143_add_input(self.inp1) bip143.hash143_add_input(self.inp2) for txo in [self.out1, self.out2]: txo_bin = TxOutputBinType() txo_bin.amount = txo.amount script_pubkey = output_derive_script(txo.address, coin) bip143.hash143_add_output(txo_bin, script_pubkey) keychain = Keychain(seed, [[coin.curve_name, []]]) node = keychain.derive(self.inp2.address_n) # test data public key hash # only for input 2 - input 1 is not segwit result = bip143.hash143_preimage_hash(self.inp2, [node.public_key()], 1) self.assertEqual( hexlify(result), b'2fa3f1351618b2532228d7182d3221d95c21fd3d496e7e22e9ded873cf022a8b' )
def test_slip77(self): seed = bip39.seed( "alcohol woman abuse must during monitor noble actual mixed trade anger aisle", "") keychain = Keychain(seed, [["slip21", b"SLIP-0077"], ["secp256k1"]]) node = keychain.derive( [44 | HARDENED, 1 | HARDENED, 0 | HARDENED, 0, 0]) coin = coins.by_name('Elements') pubkey_hash = addresses.ecdsa_hash_pubkey(node.public_key(), coin) script = scripts.output_script_p2pkh(pubkey_hash) private_key = keychain.derive_slip77_blinding_private_key(script) self.assertEqual( private_key, unhexlify( b"26f1dc2c52222394236d76e0809516255cfcca94069fd5187c0f090d18f42ad6" )) public_key = keychain.derive_slip77_blinding_public_key(script) self.assertEqual( public_key, unhexlify( b"03e84cd853fea825bd94f5d2d46580ae0d059c734707fa7a08f5e2f612a51c1acb" )) self.assertEqual(secp256k1.publickey(private_key), public_key)
async def sign_tx( ctx: wire.Context, msg: EosSignTx, keychain: seed.Keychain ) -> EosSignedTx: if msg.chain_id is None: raise wire.DataError("No chain id") if msg.header is None: raise wire.DataError("No header") if msg.num_actions is None or msg.num_actions == 0: raise wire.DataError("No actions") await paths.validate_path(ctx, validate_full_path, keychain, msg.address_n, CURVE) node = keychain.derive(msg.address_n) sha = HashWriter(sha256()) await _init(ctx, sha, msg) await _actions(ctx, sha, msg.num_actions) writers.write_variant32(sha, 0) writers.write_bytes(sha, bytearray(32)) digest = sha.get_digest() signature = secp256k1.sign( node.private_key(), digest, True, secp256k1.CANONICAL_SIG_EOS ) return EosSignedTx(signature=base58_encode("SIG_", "K1", signature))
def test_p2wpkh_in_p2sh_gen_proof(self): coin = coins.by_name('Bitcoin') seed = bip39.seed(' '.join(['all'] * 12), '') keychain = Keychain(seed, [[coin.curve_name, [49 | HARDENED]], ["slip21", [b"SLIP-0019"]]]) commitment_data = b"" node = keychain.derive([49 | HARDENED, 0 | HARDENED, 0 | HARDENED, 1, 0]) address = address_p2wpkh_in_p2sh(node.public_key(), coin) script_pubkey = scripts.output_derive_script(address, coin) ownership_id = ownership.get_identifier(script_pubkey, keychain) self.assertEqual(ownership_id, unhexlify("92caf0b8daf78f1d388dbbceaec34bd2dabc31b217e32343663667f6694a3f46")) proof, signature = ownership.generate_proof( node=node, script_type=InputScriptType.SPENDP2SHWITNESS, multisig=None, coin=coin, user_confirmed=False, ownership_ids=[ownership_id], script_pubkey=script_pubkey, commitment_data=commitment_data, ) self.assertEqual(signature, unhexlify("3045022100a37330dca699725db613dd1b30059843d1248340642162a0adef114509c9849402201126c9044b998065d40b44fd2399b52c409794bbc3bfdd358cd5fb450c94316d")) self.assertEqual(proof, unhexlify("534c0019000192caf0b8daf78f1d388dbbceaec34bd2dabc31b217e32343663667f6694a3f4617160014e0cffbee1925a411844f44c3b8d81365ab51d03602483045022100a37330dca699725db613dd1b30059843d1248340642162a0adef114509c9849402201126c9044b998065d40b44fd2399b52c409794bbc3bfdd358cd5fb450c94316d012103a961687895a78da9aef98eed8e1f2a3e91cfb69d2f3cf11cbd0bb1773d951928")) self.assertFalse(ownership.verify_nonownership(proof, script_pubkey, commitment_data, keychain, coin))
def get_address_for_change( o: TxOutputType, coin: coininfo.CoinInfo, keychain: seed.Keychain ): try: input_script_type = helpers.CHANGE_OUTPUT_TO_INPUT_SCRIPT_TYPES[o.script_type] except KeyError: raise SigningError(FailureType.DataError, "Invalid script type") node = keychain.derive(o.address_n, coin.curve_name) return addresses.get_address(input_script_type, coin, node, o.multisig)
async def get_public_key(ctx, msg: BinanceGetPublicKey, keychain: Keychain): await paths.validate_path(ctx, helpers.validate_full_path, keychain, msg.address_n, CURVE) node = keychain.derive(msg.address_n) pubkey = node.public_key() if msg.show_display: await layout.show_pubkey(ctx, pubkey) return BinancePublicKey(pubkey)
async def get_public_key(ctx: wire.Context, msg: EosGetPublicKey, keychain: Keychain) -> EosPublicKey: await paths.validate_path(ctx, validate_full_path, keychain, msg.address_n, CURVE) node = keychain.derive(msg.address_n) wif, public_key = _get_public_key(node) if msg.show_display: await require_get_public_key(ctx, wif) return EosPublicKey(wif, public_key)
def get_address_for_change(o: TxOutputType, coin: coininfo.CoinInfo, keychain: seed.Keychain): if o.script_type == OutputScriptType.PAYTOADDRESS: input_script_type = InputScriptType.SPENDADDRESS elif o.script_type == OutputScriptType.PAYTOMULTISIG: input_script_type = InputScriptType.SPENDMULTISIG elif o.script_type == OutputScriptType.PAYTOWITNESS: input_script_type = InputScriptType.SPENDWITNESS elif o.script_type == OutputScriptType.PAYTOP2SHWITNESS: input_script_type = InputScriptType.SPENDP2SHWITNESS else: raise SigningError(FailureType.DataError, "Invalid script type") node = keychain.derive(o.address_n, coin.curve_name) return addresses.get_address(input_script_type, coin, node, o.multisig)
def test_bip143_preimage_testdata(self): seed = bip39.seed('alcohol woman abuse must during monitor noble actual mixed trade anger aisle', '') coin = coins.by_name(self.tx.coin_name) bip143 = Bitcoin(self.tx, None, coin) bip143.hash143_add_input(self.inp1) for txo in [self.out1, self.out2]: txo_bin = TxOutputBinType() txo_bin.amount = txo.amount script_pubkey = output_derive_script(txo.address, coin) bip143.hash143_add_output(txo_bin, script_pubkey) keychain = Keychain(seed, [[coin.curve_name, []]]) node = keychain.derive(self.inp1.address_n) # test data public key hash result = bip143.hash143_preimage_hash(self.inp1, [node.public_key()], 1) self.assertEqual(hexlify(result), b'6e28aca7041720995d4acf59bbda64eef5d6f23723d23f2e994757546674bbd9')
async def get_address(ctx, msg: BinanceGetAddress, keychain: Keychain): HRP = "bnb" await paths.validate_path(ctx, helpers.validate_full_path, keychain, msg.address_n, CURVE) node = keychain.derive(msg.address_n) pubkey = node.public_key() address = helpers.address_from_public_key(pubkey, HRP) if msg.show_display: desc = address_n_to_str(msg.address_n) while True: if await show_address(ctx, address, desc=desc): break if await show_qr(ctx, address, desc=desc): break return BinanceAddress(address=address)
async def sign_tx(ctx, envelope, keychain: Keychain): # create transaction message -> sign it -> create signature/pubkey message -> serialize all if envelope.msg_count > 1: raise wire.DataError("Multiple messages not supported.") await paths.validate_path(ctx, helpers.validate_full_path, keychain, envelope.address_n, CURVE) node = keychain.derive(envelope.address_n) tx_req = BinanceTxRequest() msg = await ctx.call_any( tx_req, MessageType.BinanceCancelMsg, MessageType.BinanceOrderMsg, MessageType.BinanceTransferMsg, ) if envelope.source is None or envelope.source < 0: raise wire.DataError("Source missing or invalid.") msg_json = helpers.produce_json_for_signing(envelope, msg) if isinstance(msg, BinanceTransferMsg): await layout.require_confirm_transfer(ctx, msg) elif isinstance(msg, BinanceOrderMsg): await layout.require_confirm_order(ctx, msg) elif isinstance(msg, BinanceCancelMsg): await layout.require_confirm_cancel(ctx, msg) else: raise ValueError("input message unrecognized, is of type " + type(msg).__name__) signature_bytes = generate_content_signature(msg_json.encode(), node.private_key()) return BinanceSignedTx(signature=signature_bytes, public_key=node.public_key())
async def get_ownership_id(ctx, msg: GetOwnershipId, keychain: Keychain, coin: coininfo.CoinInfo) -> OwnershipId: await validate_path( ctx, addresses.validate_full_path, keychain, msg.address_n, coin.curve_name, coin=coin, script_type=msg.script_type, ) if msg.script_type not in common.INTERNAL_INPUT_SCRIPT_TYPES: raise wire.DataError("Invalid script type") if msg.script_type in common.SEGWIT_INPUT_SCRIPT_TYPES and not coin.segwit: raise wire.DataError("Segwit not enabled on this coin") node = keychain.derive(msg.address_n) address = addresses.get_address(msg.script_type, coin, node, msg.multisig) script_pubkey = scripts.output_derive_script(address, coin) ownership_id = get_identifier(script_pubkey, keychain) return OwnershipId(ownership_id=ownership_id)
async def sign_tx(tx: SignTx, keychain: seed.Keychain): tx = helpers.sanitize_sign_tx(tx) progress.init(tx.inputs_count, tx.outputs_count) # Phase 1 h_first, hash143, segwit, authorized_in, wallet_path = await check_tx_fee( tx, keychain) # Phase 2 # - sign inputs # - check that nothing changed coin = coins.by_name(tx.coin_name) tx_ser = TxRequestSerializedType() txo_bin = TxOutputBinType() tx_req = TxRequest() tx_req.details = TxRequestDetailsType() tx_req.serialized = None if coin.decred: prefix_hash = hash143.prefix_hash() for i_sign in range(tx.inputs_count): progress.advance() txi_sign = None key_sign = None key_sign_pub = None if segwit[i_sign]: # STAGE_REQUEST_SEGWIT_INPUT txi_sign = await helpers.request_tx_input(tx_req, i_sign) if not input_is_segwit(txi_sign): raise SigningError(FailureType.ProcessError, "Transaction has changed during signing") input_check_wallet_path(txi_sign, wallet_path) key_sign = keychain.derive(txi_sign.address_n, coin.curve_name) key_sign_pub = key_sign.public_key() txi_sign.script_sig = input_derive_script(coin, txi_sign, key_sign_pub) w_txi = writers.empty_bytearray(7 + len(txi_sign.prev_hash) + 4 + len(txi_sign.script_sig) + 4) if i_sign == 0: # serializing first input => prepend headers writers.write_bytes(w_txi, get_tx_header(coin, tx, True)) writers.write_tx_input(w_txi, txi_sign) tx_ser.serialized_tx = w_txi tx_req.serialized = tx_ser elif coin.force_bip143 or tx.overwintered: # STAGE_REQUEST_SEGWIT_INPUT txi_sign = await helpers.request_tx_input(tx_req, i_sign) input_check_wallet_path(txi_sign, wallet_path) is_bip143 = (txi_sign.script_type == InputScriptType.SPENDADDRESS or txi_sign.script_type == InputScriptType.SPENDMULTISIG) if not is_bip143 or txi_sign.amount > authorized_in: raise SigningError(FailureType.ProcessError, "Transaction has changed during signing") authorized_in -= txi_sign.amount key_sign = keychain.derive(txi_sign.address_n, coin.curve_name) key_sign_pub = key_sign.public_key() hash143_hash = hash143.preimage_hash( coin, tx, txi_sign, addresses.ecdsa_hash_pubkey(key_sign_pub, coin), get_hash_type(coin), ) # if multisig, check if signing with a key that is included in multisig if txi_sign.multisig: multisig.multisig_pubkey_index(txi_sign.multisig, key_sign_pub) signature = ecdsa_sign(key_sign, hash143_hash) tx_ser.signature_index = i_sign tx_ser.signature = signature # serialize input with correct signature txi_sign.script_sig = input_derive_script(coin, txi_sign, key_sign_pub, signature) w_txi_sign = writers.empty_bytearray(5 + len(txi_sign.prev_hash) + 4 + len(txi_sign.script_sig) + 4) if i_sign == 0: # serializing first input => prepend headers writers.write_bytes(w_txi_sign, get_tx_header(coin, tx)) writers.write_tx_input(w_txi_sign, txi_sign) tx_ser.serialized_tx = w_txi_sign tx_req.serialized = tx_ser elif coin.decred: txi_sign = await helpers.request_tx_input(tx_req, i_sign) input_check_wallet_path(txi_sign, wallet_path) key_sign = keychain.derive(txi_sign.address_n, coin.curve_name) key_sign_pub = key_sign.public_key() if txi_sign.script_type == InputScriptType.SPENDMULTISIG: prev_pkscript = scripts.output_script_multisig( multisig.multisig_get_pubkeys(txi_sign.multisig), txi_sign.multisig.m, ) elif txi_sign.script_type == InputScriptType.SPENDADDRESS: prev_pkscript = scripts.output_script_p2pkh( addresses.ecdsa_hash_pubkey(key_sign_pub, coin)) else: raise ValueError("Unknown input script type") h_witness = utils.HashWriter(blake256()) writers.write_uint32( h_witness, tx.version | decred.DECRED_SERIALIZE_WITNESS_SIGNING) writers.write_varint(h_witness, tx.inputs_count) for ii in range(tx.inputs_count): if ii == i_sign: writers.write_varint(h_witness, len(prev_pkscript)) writers.write_bytes(h_witness, prev_pkscript) else: writers.write_varint(h_witness, 0) witness_hash = writers.get_tx_hash(h_witness, double=coin.sign_hash_double, reverse=False) h_sign = utils.HashWriter(blake256()) writers.write_uint32(h_sign, decred.DECRED_SIGHASHALL) writers.write_bytes(h_sign, prefix_hash) writers.write_bytes(h_sign, witness_hash) sig_hash = writers.get_tx_hash(h_sign, double=coin.sign_hash_double) signature = ecdsa_sign(key_sign, sig_hash) tx_ser.signature_index = i_sign tx_ser.signature = signature # serialize input with correct signature txi_sign.script_sig = input_derive_script(coin, txi_sign, key_sign_pub, signature) w_txi_sign = writers.empty_bytearray( 8 + 4 + len(hash143.get_last_output_bytes()) if i_sign == 0 else 0 + 16 + 4 + len(txi_sign.script_sig)) if i_sign == 0: writers.write_bytes(w_txi_sign, hash143.get_last_output_bytes()) writers.write_uint32(w_txi_sign, tx.lock_time) writers.write_uint32(w_txi_sign, tx.expiry) writers.write_varint(w_txi_sign, tx.inputs_count) writers.write_tx_input_decred_witness(w_txi_sign, txi_sign) tx_ser.serialized_tx = w_txi_sign tx_req.serialized = tx_ser else: # hash of what we are signing with this input h_sign = utils.HashWriter(sha256()) # same as h_first, checked before signing the digest h_second = utils.HashWriter(sha256()) if tx.overwintered: writers.write_uint32( h_sign, tx.version | zcash.OVERWINTERED) # nVersion | fOverwintered writers.write_uint32(h_sign, tx.version_group_id) # nVersionGroupId else: writers.write_uint32(h_sign, tx.version) # nVersion if tx.timestamp: writers.write_uint32(h_sign, tx.timestamp) writers.write_varint(h_sign, tx.inputs_count) for i in range(tx.inputs_count): # STAGE_REQUEST_4_INPUT txi = await helpers.request_tx_input(tx_req, i) input_check_wallet_path(txi, wallet_path) writers.write_tx_input_check(h_second, txi) if i == i_sign: txi_sign = txi key_sign = keychain.derive(txi.address_n, coin.curve_name) key_sign_pub = key_sign.public_key() # for the signing process the script_sig is equal # to the previous tx's scriptPubKey (P2PKH) or a redeem script (P2SH) if txi_sign.script_type == InputScriptType.SPENDMULTISIG: txi_sign.script_sig = scripts.output_script_multisig( multisig.multisig_get_pubkeys(txi_sign.multisig), txi_sign.multisig.m, ) elif txi_sign.script_type == InputScriptType.SPENDADDRESS: txi_sign.script_sig = scripts.output_script_p2pkh( addresses.ecdsa_hash_pubkey(key_sign_pub, coin)) if coin.bip115: txi_sign.script_sig += scripts.script_replay_protection_bip115( txi_sign.prev_block_hash_bip115, txi_sign.prev_block_height_bip115, ) else: raise SigningError(FailureType.ProcessError, "Unknown transaction type") else: txi.script_sig = bytes() writers.write_tx_input(h_sign, txi) writers.write_varint(h_sign, tx.outputs_count) for o in range(tx.outputs_count): # STAGE_REQUEST_4_OUTPUT txo = await helpers.request_tx_output(tx_req, o) txo_bin.amount = txo.amount txo_bin.script_pubkey = output_derive_script( txo, coin, keychain) writers.write_tx_output(h_second, txo_bin) writers.write_tx_output(h_sign, txo_bin) writers.write_uint32(h_sign, tx.lock_time) if tx.overwintered: writers.write_uint32(h_sign, tx.expiry) # expiryHeight writers.write_varint(h_sign, 0) # nJoinSplit writers.write_uint32(h_sign, get_hash_type(coin)) # check the control digests if writers.get_tx_hash(h_first, False) != writers.get_tx_hash(h_second): raise SigningError(FailureType.ProcessError, "Transaction has changed during signing") # if multisig, check if signing with a key that is included in multisig if txi_sign.multisig: multisig.multisig_pubkey_index(txi_sign.multisig, key_sign_pub) # compute the signature from the tx digest signature = ecdsa_sign( key_sign, writers.get_tx_hash(h_sign, double=coin.sign_hash_double)) tx_ser.signature_index = i_sign tx_ser.signature = signature # serialize input with correct signature txi_sign.script_sig = input_derive_script(coin, txi_sign, key_sign_pub, signature) w_txi_sign = writers.empty_bytearray(5 + len(txi_sign.prev_hash) + 4 + len(txi_sign.script_sig) + 4) if i_sign == 0: # serializing first input => prepend headers writers.write_bytes(w_txi_sign, get_tx_header(coin, tx)) writers.write_tx_input(w_txi_sign, txi_sign) tx_ser.serialized_tx = w_txi_sign tx_req.serialized = tx_ser if coin.decred: return await helpers.request_tx_finish(tx_req) for o in range(tx.outputs_count): progress.advance() # STAGE_REQUEST_5_OUTPUT txo = await helpers.request_tx_output(tx_req, o) txo_bin.amount = txo.amount txo_bin.script_pubkey = output_derive_script(txo, coin, keychain) # serialize output w_txo_bin = writers.empty_bytearray(5 + 8 + 5 + len(txo_bin.script_pubkey) + 4) if o == 0: # serializing first output => prepend outputs count writers.write_varint(w_txo_bin, tx.outputs_count) writers.write_tx_output(w_txo_bin, txo_bin) tx_ser.signature_index = None tx_ser.signature = None tx_ser.serialized_tx = w_txo_bin tx_req.serialized = tx_ser any_segwit = True in segwit.values() for i in range(tx.inputs_count): progress.advance() if segwit[i]: # STAGE_REQUEST_SEGWIT_WITNESS txi = await helpers.request_tx_input(tx_req, i) input_check_wallet_path(txi, wallet_path) if not input_is_segwit(txi) or txi.amount > authorized_in: raise SigningError(FailureType.ProcessError, "Transaction has changed during signing") authorized_in -= txi.amount key_sign = keychain.derive(txi.address_n, coin.curve_name) key_sign_pub = key_sign.public_key() hash143_hash = hash143.preimage_hash( coin, tx, txi, addresses.ecdsa_hash_pubkey(key_sign_pub, coin), get_hash_type(coin), ) signature = ecdsa_sign(key_sign, hash143_hash) if txi.multisig: # find out place of our signature based on the pubkey signature_index = multisig.multisig_pubkey_index( txi.multisig, key_sign_pub) witness = scripts.witness_p2wsh(txi.multisig, signature, signature_index, get_hash_type(coin)) else: witness = scripts.witness_p2wpkh(signature, key_sign_pub, get_hash_type(coin)) tx_ser.serialized_tx = witness tx_ser.signature_index = i tx_ser.signature = signature elif any_segwit: tx_ser.serialized_tx = bytearray( 1) # empty witness for non-segwit inputs tx_ser.signature_index = None tx_ser.signature = None tx_req.serialized = tx_ser writers.write_uint32(tx_ser.serialized_tx, tx.lock_time) if tx.overwintered: if tx.version == 3: writers.write_uint32(tx_ser.serialized_tx, tx.expiry) # expiryHeight writers.write_varint(tx_ser.serialized_tx, 0) # nJoinSplit elif tx.version == 4: writers.write_uint32(tx_ser.serialized_tx, tx.expiry) # expiryHeight writers.write_uint64(tx_ser.serialized_tx, 0) # valueBalance writers.write_varint(tx_ser.serialized_tx, 0) # nShieldedSpend writers.write_varint(tx_ser.serialized_tx, 0) # nShieldedOutput writers.write_varint(tx_ser.serialized_tx, 0) # nJoinSplit else: raise SigningError( FailureType.DataError, "Unsupported version for overwintered transaction", ) await helpers.request_tx_finish(tx_req)
async def get_ownership_proof( ctx, msg: GetOwnershipProof, keychain: Keychain, coin: coininfo.CoinInfo ) -> OwnershipProof: await validate_path( ctx, addresses.validate_full_path, keychain, msg.address_n, coin.curve_name, coin=coin, script_type=msg.script_type, ) if msg.script_type not in common.INTERNAL_INPUT_SCRIPT_TYPES: raise wire.DataError("Invalid script type") if msg.script_type in common.SEGWIT_INPUT_SCRIPT_TYPES and not coin.segwit: raise wire.DataError("Segwit not enabled on this coin") node = keychain.derive(msg.address_n) address = addresses.get_address(msg.script_type, coin, node, msg.multisig) script_pubkey = scripts.output_derive_script(address, coin) ownership_id = get_identifier(script_pubkey, keychain) # If the scriptPubKey is multisig, then the caller has to provide # ownership IDs, otherwise providing an ID is optional. if msg.multisig: if ownership_id not in msg.ownership_ids: raise wire.DataError("Missing ownership identifier") elif msg.ownership_ids: if msg.ownership_ids != [ownership_id]: raise wire.DataError("Invalid ownership identifier") else: msg.ownership_ids = [ownership_id] # In order to set the "user confirmation" bit in the proof, the user must actually confirm. if msg.user_confirmation: text = Text("Proof of ownership", ui.ICON_CONFIG) text.normal("Do you want to create a") if not msg.commitment_data: text.normal("proof of ownership?") else: hex_data = hexlify(msg.commitment_data).decode() text.normal("proof of ownership for:") if len(hex_data) > 3 * _MAX_MONO_LINE: text.mono(hex_data[0:_MAX_MONO_LINE]) text.mono( hex_data[_MAX_MONO_LINE : 3 * _MAX_MONO_LINE // 2 - 1] + "..." + hex_data[-3 * _MAX_MONO_LINE // 2 + 2 : -_MAX_MONO_LINE] ) text.mono(hex_data[-_MAX_MONO_LINE:]) else: text.mono(hex_data) await require_confirm(ctx, text) ownership_proof, signature = generate_proof( node, msg.script_type, msg.multisig, coin, msg.user_confirmation, msg.ownership_ids, script_pubkey, msg.commitment_data, ) return OwnershipProof(ownership_proof=ownership_proof, signature=signature)
def get_identifier(script_pubkey: bytes, keychain: seed.Keychain) -> bytes: # k = Key(m/"SLIP-0019"/"Ownership identification key") node = keychain.derive(_OWNERSHIP_ID_KEY_PATH) # id = HMAC-SHA256(key = k, msg = scriptPubKey) return hmac.Hmac(node.key(), script_pubkey, hashlib.sha256).digest()
def test_p2wsh_in_p2sh_gen_proof(self): coin = coins.by_name('Bitcoin') seed = bip39.seed(' '.join(['all'] * 12), '') keychain = Keychain(seed, [[coin.curve_name, [49 | HARDENED]], ["slip21", [b"SLIP-0019"]]]) commitment_data = b"" nodes = [] for index in range(1, 6): node = keychain.derive([49 | HARDENED, 0 | HARDENED, index | HARDENED]) nodes.append(HDNodeType( depth=node.depth(), child_num=node.child_num(), fingerprint=node.fingerprint(), chain_code=node.chain_code(), public_key=node.public_key(), )) multisig = MultisigRedeemScriptType( nodes=nodes, address_n=[0, 1], signatures=[b"", b"", b"", b"", b""], m=3, ) pubkeys = multisig_get_pubkeys(multisig) address = address_multisig_p2wsh_in_p2sh(pubkeys, multisig.m, coin) script_pubkey = scripts.output_derive_script(address, coin) ownership_id = ownership.get_identifier(script_pubkey, keychain) ownership_ids = [b'\x00' * 32, b'\x01' * 32, b'\x02' * 32, ownership_id] self.assertEqual(ownership_id, unhexlify("66f99db388dfa7ae137f7bdb5f0004b4d6968014921cfaff1fec042e3bb83ae0")) # Sign with the second key. _, signature = ownership.generate_proof( node=keychain.derive([49 | HARDENED, 0 | HARDENED, 2 | HARDENED, 0, 1]), script_type=InputScriptType.SPENDP2SHWITNESS, multisig=multisig, coin=coin, user_confirmed=False, ownership_ids=ownership_ids, script_pubkey=script_pubkey, commitment_data=commitment_data, ) self.assertEqual(signature, unhexlify("3045022100deccf7735da7a8236efd59d5759c4cbe9fa32d567bcd57d8d718cc689bc6972402202ce7fe49b0f0caea049be69c91bca9c9397d693d79388f1cfb65d51deadfb3d8")) multisig.signatures[1] = signature # Sign with the fourth key. proof, signature = ownership.generate_proof( node=keychain.derive([49 | HARDENED, 0 | HARDENED, 4 | HARDENED, 0, 1]), script_type=InputScriptType.SPENDP2SHWITNESS, multisig=multisig, coin=coin, user_confirmed=False, ownership_ids=ownership_ids, script_pubkey=script_pubkey, commitment_data=commitment_data, ) self.assertEqual(signature, unhexlify("304402206e8219a013e94de493c4ff50b44d31f443d37a2c4dbcba6af1ac825b28cc631202200741a72035acd122a6f4fdb994c15ab19aa20cecdfdb19aa37490e7bb011a617")) multisig.signatures[3] = signature # Sign with the fifth key. proof, signature = ownership.generate_proof( node=keychain.derive([49 | HARDENED, 0 | HARDENED, 5 | HARDENED, 0, 1]), script_type=InputScriptType.SPENDP2SHWITNESS, multisig=multisig, coin=coin, user_confirmed=False, ownership_ids=ownership_ids, script_pubkey=script_pubkey, commitment_data=commitment_data, ) self.assertEqual(signature, unhexlify("304402202f6066733abf4671b74f1f883dd3c8d4810aa71b7b7b5f6196b1ceff83d5370e022053aad3bde0fe6ce6c4553dd72ddf07e7f06447a7bd35edf6f0b4e9690ee7ce79")) self.assertEqual(proof, unhexlify("534c0019000400000000000000000000000000000000000000000000000000000000000000000101010101010101010101010101010101010101010101010101010101010101020202020202020202020202020202020202020202020202020202020202020266f99db388dfa7ae137f7bdb5f0004b4d6968014921cfaff1fec042e3bb83ae0232200208c256ed80a97a421656daa1468f6d4d43f475cb52ed79532d8bcb315518298120500483045022100deccf7735da7a8236efd59d5759c4cbe9fa32d567bcd57d8d718cc689bc6972402202ce7fe49b0f0caea049be69c91bca9c9397d693d79388f1cfb65d51deadfb3d80147304402206e8219a013e94de493c4ff50b44d31f443d37a2c4dbcba6af1ac825b28cc631202200741a72035acd122a6f4fdb994c15ab19aa20cecdfdb19aa37490e7bb011a6170147304402202f6066733abf4671b74f1f883dd3c8d4810aa71b7b7b5f6196b1ceff83d5370e022053aad3bde0fe6ce6c4553dd72ddf07e7f06447a7bd35edf6f0b4e9690ee7ce7901ad5321032922ce9b0b71ae2d2d8a7f239610ae8226e0fb8c0f445ec4c88cf9aa4787f44b21028373a1cdb9a1afbc67e57f75eeea1f53e7210ae8ec4b3441a5f2bc4a250b663c21028ab4c06e3ad19053b370eff097697d4cb6d3738712ebcdcdc27c58a5639ac3aa2103e3247fab300aeba459257e4605245f85378ecbfe092ca3bc55ec1259baa456f521023b0d8d97398d97c4dba10f788344abd4bd1058ad3959724d32079ad04bdbde8a55ae")) self.assertFalse(ownership.verify_nonownership(proof, script_pubkey, commitment_data, keychain, coin))