def xfp_from_xpub(xpub):
# sometime we need to BIP32 fingerprint value: 4 bytes of ripemd(sha256(pubkey))
# UNTESTED
kk = bfh(Xpub.get_pubkey_from_xpub(xpub, []))
assert len(kk) == 33
xfp, = unpack('<I', hash_160(kk)[0:4])
return xfp
def get_xpub(self, bip32_path, xtype):
self.checkDevice()
# bip32_path is of the form 44'/0'/1'
# S-L-O-W - we don't handle the fingerprint directly, so compute
# it manually from the previous node
# This only happens once so it's bearable
#self.get_client() # prompt for the PIN before displaying the dialog if necessary
#self.handler.show_message("Computing master public key")
if xtype in ['p2wpkh', 'p2wsh'] and not self.supports_native_segwit():
raise UserFacingException(MSG_NEEDS_FW_UPDATE_SEGWIT)
if xtype in ['p2wpkh-p2sh', 'p2wsh-p2sh'] and not self.supports_segwit():
raise UserFacingException(MSG_NEEDS_FW_UPDATE_SEGWIT)
bip32_path = bip32.normalize_bip32_derivation(bip32_path)
bip32_intpath = bip32.convert_bip32_path_to_list_of_uint32(bip32_path)
bip32_path = bip32_path[2:] # cut off "m/"
if len(bip32_intpath) >= 1:
prevPath = bip32.convert_bip32_intpath_to_strpath(bip32_intpath[:-1])[2:]
nodeData = self.dongleObject.getWalletPublicKey(prevPath)
publicKey = compress_public_key(nodeData['publicKey'])
fingerprint_bytes = hash_160(publicKey)[0:4]
childnum_bytes = bip32_intpath[-1].to_bytes(length=4, byteorder="big")
else:
fingerprint_bytes = bytes(4)
childnum_bytes = bytes(4)
nodeData = self.dongleObject.getWalletPublicKey(bip32_path)
publicKey = compress_public_key(nodeData['publicKey'])
depth = len(bip32_intpath)
return BIP32Node(xtype=xtype,
eckey=ecc.ECPubkey(bytes(publicKey)),
chaincode=nodeData['chainCode'],
depth=depth,
fingerprint=fingerprint_bytes,
child_number=childnum_bytes).to_xpub()
def get_xpub(self, bip32_path, xtype):
assert xtype in SatochipPlugin.SUPPORTED_XTYPES
# try:
# hex_authentikey= self.handler.win.wallet.storage.get('authentikey')
# _logger.info(f"[SatochipClient] get_xpub(): self.handler.win.wallet.storage.authentikey:{str(hex_authentikey)}")#debugSatochip
# if hex_authentikey is not None:
# self.parser.authentikey_from_storage= ECPubkey(bytes.fromhex(hex_authentikey))
# except Exception as e: #attributeError?
# _logger.exception(f"Exception when getting authentikey from self.handler.win.wallet.storage:{str(e)}")#debugSatochip
# bip32_path is of the form 44'/0'/1'
_logger.info(f"[SatochipClient] get_xpub(): bip32_path={bip32_path}")#debugSatochip
(depth, bytepath)= bip32path2bytes(bip32_path)
(childkey, childchaincode)= self.cc.card_bip32_get_extendedkey(bytepath)
if depth == 0: #masterkey
fingerprint= bytes([0,0,0,0])
child_number= bytes([0,0,0,0])
else: #get parent info
(parentkey, parentchaincode)= self.cc.card_bip32_get_extendedkey(bytepath[0:-4])
fingerprint= hash_160(parentkey.get_public_key_bytes(compressed=True))[0:4]
child_number= bytepath[-4:]
#xpub= serialize_xpub(xtype, childchaincode, childkey.get_public_key_bytes(compressed=True), depth, fingerprint, child_number)
xpub= BIP32Node(xtype=xtype,
eckey=childkey,
chaincode=childchaincode,
depth=depth,
fingerprint=fingerprint,
child_number=child_number).to_xpub()
_logger.info(f"[SatochipClient] get_xpub(): xpub={str(xpub)}")#debugSatochip
return xpub
def get_xpub(self, bip32_path, xtype):
assert xtype in SatochipPlugin.SUPPORTED_XTYPES
# bip32_path is of the form 44'/0'/1'
_logger.info(f"[SatochipClient] get_xpub(): bip32_path={bip32_path}"
) #debugSatochip
(depth, bytepath) = bip32path2bytes(bip32_path)
(childkey,
childchaincode) = self.cc.card_bip32_get_extendedkey(bytepath)
if depth == 0: #masterkey
fingerprint = bytes([0, 0, 0, 0])
child_number = bytes([0, 0, 0, 0])
else: #get parent info
(parentkey, parentchaincode) = self.cc.card_bip32_get_extendedkey(
bytepath[0:-4])
fingerprint = hash_160(
parentkey.get_public_key_bytes(compressed=True))[0:4]
child_number = bytepath[-4:]
xpub = BIP32Node(xtype=xtype,
eckey=childkey,
chaincode=childchaincode,
depth=depth,
fingerprint=fingerprint,
child_number=child_number).to_xpub()
_logger.info(
f"[SatochipClient] get_xpub(): xpub={str(xpub)}") #debugSatochip
return xpub
def xfp_from_xpub(xpub):
# sometime we need to BIP32 fingerprint value: 4 bytes of ripemd(sha256(pubkey))
# UNTESTED
kk = bfh(Xpub.get_pubkey_from_xpub(xpub, []))
assert len(kk) == 33
xfp, = unpack('<I', hash_160(kk)[0:4])
return xfp
def build_psbt(self, tx: Transaction, wallet=None, xfp=None):
# Render a PSBT file, for upload to Coldcard.
#
if xfp is None:
# need fingerprint of MASTER xpub, not the derived key
xfp = self.ckcc_xfp
inputs = tx.inputs()
if 'prev_tx' not in inputs[0]:
# fetch info about inputs, if needed?
# - needed during export PSBT flow, not normal online signing
assert wallet, 'need wallet reference'
wallet.add_hw_info(tx)
# wallet.add_hw_info installs this attr
assert tx.output_info is not None, 'need data about outputs'
# Build map of pubkey needed as derivation from master, in PSBT binary format
# 1) binary version of the common subpath for all keys
# m/ => fingerprint LE32
# a/b/c => ints
base_path = pack('<I', xfp)
for x in self.get_derivation()[2:].split('/'):
if x.endswith("'"):
x = int(x[:-1]) | 0x80000000
else:
x = int(x)
base_path += pack('<I', x)
# 2) all used keys in transaction
subkeys = {}
derivations = self.get_tx_derivations(tx)
for xpubkey in derivations:
pubkey = xpubkey_to_pubkey(xpubkey)
# assuming depth two, non-harded: change + index
aa, bb = derivations[xpubkey]
assert 0 <= aa < 0x80000000
assert 0 <= bb < 0x80000000
subkeys[bfh(pubkey)] = base_path + pack('<II', aa, bb)
for txin in inputs:
if txin['type'] == 'coinbase':
self.give_error("Coinbase not supported")
if txin['type'] in ['p2sh', 'p2wsh-p2sh', 'p2wsh']:
self.give_error('No support yet for inputs of type: ' + txin['type'])
# Construct PSBT from start to finish.
out_fd = io.BytesIO()
out_fd.write(b'psbt\xff')
def write_kv(ktype, val, key=b''):
# serialize helper: write w/ size and key byte
out_fd.write(my_var_int(1 + len(key)))
out_fd.write(bytes([ktype]) + key)
if isinstance(val, str):
val = bfh(val)
out_fd.write(my_var_int(len(val)))
out_fd.write(val)
# global section: just the unsigned txn
class CustomTXSerialization(Transaction):
@classmethod
def input_script(cls, txin, estimate_size=False):
return ''
unsigned = bfh(CustomTXSerialization(tx.serialize()).serialize_to_network(witness=False))
write_kv(PSBT_GLOBAL_UNSIGNED_TX, unsigned)
# end globals section
out_fd.write(b'\x00')
# inputs section
for txin in inputs:
if Transaction.is_segwit_input(txin):
utxo = txin['prev_tx'].outputs()[txin['prevout_n']]
spendable = txin['prev_tx'].serialize_output(utxo)
write_kv(PSBT_IN_WITNESS_UTXO, spendable)
else:
write_kv(PSBT_IN_NON_WITNESS_UTXO, str(txin['prev_tx']))
pubkeys, x_pubkeys = tx.get_sorted_pubkeys(txin)
pubkeys = [bfh(k) for k in pubkeys]
for k in pubkeys:
write_kv(PSBT_IN_BIP32_DERIVATION, subkeys[k], k)
if txin['type'] == 'p2wpkh-p2sh':
assert len(pubkeys) == 1, 'can be only one redeem script per input'
pa = hash_160(k)
assert len(pa) == 20
write_kv(PSBT_IN_REDEEM_SCRIPT, b'\x00\x14'+pa)
out_fd.write(b'\x00')
# outputs section
for o in tx.outputs():
# can be empty, but must be present, and helpful to show change inputs
# wallet.add_hw_info() adds some data about change outputs into tx.output_info
if o.address in tx.output_info:
# this address "is_mine" but might not be change (I like to sent to myself)
output_info = tx.output_info.get(o.address)
index, xpubs = output_info.address_index, output_info.sorted_xpubs
if index[0] == 1 and len(index) == 2:
# it is a change output (based on our standard derivation path)
assert len(xpubs) == 1 # not expecting multisig
xpubkey = xpubs[0]
# document its bip32 derivation in output section
aa, bb = index
assert 0 <= aa < 0x80000000
assert 0 <= bb < 0x80000000
deriv = base_path + pack('<II', aa, bb)
pubkey = bfh(self.get_pubkey_from_xpub(xpubkey, index))
write_kv(PSBT_OUT_BIP32_DERIVATION, deriv, pubkey)
if output_info.script_type == 'p2wpkh-p2sh':
pa = hash_160(pubkey)
assert len(pa) == 20
write_kv(PSBT_OUT_REDEEM_SCRIPT, b'\x00\x14' + pa)
out_fd.write(b'\x00')
return out_fd.getvalue()
def build_psbt(tx: Transaction, wallet: Abstract_Wallet):
# Render a PSBT file, for possible upload to Coldcard.
#
# TODO this should be part of Wallet object, or maybe Transaction?
if getattr(tx, 'raw_psbt', False):
_logger.info('PSBT cache hit')
return tx.raw_psbt
inputs = tx.inputs()
if 'prev_tx' not in inputs[0]:
# fetch info about inputs, if needed?
# - needed during export PSBT flow, not normal online signing
wallet.add_hw_info(tx)
# wallet.add_hw_info installs this attr
assert tx.output_info is not None, 'need data about outputs'
# Build a map of all pubkeys needed as derivation from master XFP, in PSBT binary format
# 1) binary version of the common subpath for all keys
# m/ => fingerprint LE32
# a/b/c => ints
#
# 2) all used keys in transaction:
# - for all inputs and outputs (when its change back)
# - for all keystores, if multisig
#
subkeys = {}
for ks in wallet.get_keystores():
# XFP + fixed prefix for this keystore
ks_prefix = packed_xfp_path_for_keystore(ks)
# all pubkeys needed for input signing
for xpubkey, derivation in ks.get_tx_derivations(tx).items():
pubkey = xpubkey_to_pubkey(xpubkey)
# assuming depth two, non-harded: change + index
aa, bb = derivation
assert 0 <= aa < 0x80000000 and 0 <= bb < 0x80000000
subkeys[bfh(pubkey)] = ks_prefix + pack('<II', aa, bb)
# all keys related to change outputs
for o in tx.outputs():
if o.address in tx.output_info:
# this address "is_mine" but might not be change (if I send funds to myself)
output_info = tx.output_info.get(o.address)
if not output_info.is_change:
continue
chg_path = output_info.address_index
assert chg_path[0] == 1 and len(chg_path) == 2, f"unexpected change path: {chg_path}"
pubkey = ks.derive_pubkey(True, chg_path[1])
subkeys[bfh(pubkey)] = ks_prefix + pack('<II', *chg_path)
for txin in inputs:
assert txin['type'] != 'coinbase', _("Coinbase not supported")
if txin['type'] in ['p2sh', 'p2wsh-p2sh', 'p2wsh']:
assert type(wallet) is Multisig_Wallet
# Construct PSBT from start to finish.
out_fd = io.BytesIO()
out_fd.write(b'psbt\xff')
def write_kv(ktype, val, key=b''):
# serialize helper: write w/ size and key byte
out_fd.write(my_var_int(1 + len(key)))
out_fd.write(bytes([ktype]) + key)
if isinstance(val, str):
val = bfh(val)
out_fd.write(my_var_int(len(val)))
out_fd.write(val)
# global section: just the unsigned txn
class CustomTXSerialization(Transaction):
@classmethod
def input_script(cls, txin, estimate_size=False):
return ''
unsigned = bfh(CustomTXSerialization(tx.serialize()).serialize_to_network(witness=False))
write_kv(PSBT_GLOBAL_UNSIGNED_TX, unsigned)
if type(wallet) is Multisig_Wallet:
# always put the xpubs into the PSBT, useful at least for checking
for xp, ks in zip(wallet.get_master_public_keys(), wallet.get_keystores()):
ks_prefix = packed_xfp_path_for_keystore(ks)
write_kv(PSBT_GLOBAL_XPUB, ks_prefix, DecodeBase58Check(xp))
# end globals section
out_fd.write(b'\x00')
# inputs section
for txin in inputs:
if Transaction.is_segwit_input(txin):
utxo = txin['prev_tx'].outputs()[txin['prevout_n']]
spendable = txin['prev_tx'].serialize_output(utxo)
write_kv(PSBT_IN_WITNESS_UTXO, spendable)
else:
write_kv(PSBT_IN_NON_WITNESS_UTXO, str(txin['prev_tx']))
pubkeys, x_pubkeys = tx.get_sorted_pubkeys(txin)
pubkeys = [bfh(k) for k in pubkeys]
if type(wallet) is Multisig_Wallet:
# always need a redeem script for multisig
scr = Transaction.get_preimage_script(txin)
if Transaction.is_segwit_input(txin):
# needed for both p2wsh-p2sh and p2wsh
write_kv(PSBT_IN_WITNESS_SCRIPT, bfh(scr))
else:
write_kv(PSBT_IN_REDEEM_SCRIPT, bfh(scr))
sigs = txin.get('signatures')
for pk_pos, (pubkey, x_pubkey) in enumerate(zip(pubkeys, x_pubkeys)):
if pubkey in subkeys:
# faster? case ... calculated above
write_kv(PSBT_IN_BIP32_DERIVATION, subkeys[pubkey], pubkey)
else:
# when an input is partly signed, tx.get_tx_derivations()
# doesn't include that keystore's value and yet we need it
# because we need to show a correct keypath...
assert x_pubkey[0:2] == 'ff', x_pubkey
for ks in wallet.get_keystores():
d = ks.get_pubkey_derivation(x_pubkey)
if d is not None:
ks_path = packed_xfp_path_for_keystore(ks, d)
write_kv(PSBT_IN_BIP32_DERIVATION, ks_path, pubkey)
break
else:
raise AssertionError("no keystore for: %s" % x_pubkey)
if txin['type'] == 'p2wpkh-p2sh':
assert len(pubkeys) == 1, 'can be only one redeem script per input'
pa = hash_160(pubkey)
assert len(pa) == 20
write_kv(PSBT_IN_REDEEM_SCRIPT, b'\x00\x14'+pa)
# optional? insert (partial) signatures that we already have
if sigs and sigs[pk_pos]:
write_kv(PSBT_IN_PARTIAL_SIG, bfh(sigs[pk_pos]), pubkey)
out_fd.write(b'\x00')
# outputs section
for o in tx.outputs():
# can be empty, but must be present, and helpful to show change inputs
# wallet.add_hw_info() adds some data about change outputs into tx.output_info
if o.address in tx.output_info:
# this address "is_mine" but might not be change (if I send funds to myself)
output_info = tx.output_info.get(o.address)
if output_info.is_change:
pubkeys = [bfh(i) for i in wallet.get_public_keys(o.address)]
# Add redeem/witness script?
if type(wallet) is Multisig_Wallet:
# always need a redeem script for multisig cases
scr = bfh(multisig_script([bh2u(i) for i in sorted(pubkeys)], wallet.m))
if output_info.script_type == 'p2wsh-p2sh':
write_kv(PSBT_OUT_WITNESS_SCRIPT, scr)
write_kv(PSBT_OUT_REDEEM_SCRIPT, b'\x00\x20' + sha256(scr))
elif output_info.script_type == 'p2wsh':
write_kv(PSBT_OUT_WITNESS_SCRIPT, scr)
elif output_info.script_type == 'p2sh':
write_kv(PSBT_OUT_REDEEM_SCRIPT, scr)
else:
raise ValueError(output_info.script_type)
elif output_info.script_type == 'p2wpkh-p2sh':
# need a redeem script when P2SH is used to wrap p2wpkh
assert len(pubkeys) == 1
pa = hash_160(pubkeys[0])
write_kv(PSBT_OUT_REDEEM_SCRIPT, b'\x00\x14' + pa)
# Document change output's bip32 derivation(s)
for pubkey in pubkeys:
sk = subkeys[pubkey]
write_kv(PSBT_OUT_BIP32_DERIVATION, sk, pubkey)
out_fd.write(b'\x00')
# capture for later use
tx.raw_psbt = out_fd.getvalue()
return tx.raw_psbt