def test_msg_signing(self): msg1 = b'Chancellor on brink of second bailout for banks' msg2 = b'Electrum' def sign_message_with_wif_privkey(wif_privkey, msg): txin_type, privkey, compressed = deserialize_privkey(wif_privkey) key = ecc.ECPrivkey(privkey) return key.sign_message(msg, compressed) sig1 = sign_message_with_wif_privkey( 'T7J3unHmmx9S8e8Zdi9r98A7wTW386HkxvMbUKEMsAY9JRWfbSe6', msg1) addr1 = 'LPvBisC3rGmpGa3E3NeQk3PHQN4VS237y2' sig2 = sign_message_with_wif_privkey( '6uGWYKbyKLBMa1ysfq9rMANcbtYKY49vrawvaH3rBXooApLq6t2', msg2) addr2 = 'LacEkfqxYsPqDuS8ZCstJUc59gxVm2DQaT' sig1_b64 = base64.b64encode(sig1) sig2_b64 = base64.b64encode(sig2) self.assertEqual( sig1_b64, b'IHGAMaPxjrn3CD19S7J5KAq4xF6mdLznsSL8SrqhNwficUHlK5wSth6/J*Z/pEyo92nkUoA+kL9VJpjLnKJKTmM=' ) self.assertEqual( sig2_b64, b'G14KtfFZQYjyhz4PUzX/yz8eEC1BFHsaEKZOJGLeTWJoNp/umpi5zPeCvhUcgSoMtAkmw3pATrM2bcDdYi1tqIs=' ) self.assertTrue(ecc.verify_message_with_address(addr1, sig1, msg1)) self.assertTrue(ecc.verify_message_with_address(addr2, sig2, msg2)) self.assertFalse(ecc.verify_message_with_address( addr1, b'wrong', msg1)) self.assertFalse(ecc.verify_message_with_address(addr1, sig2, msg1))
def test_msg_signing(self): msg1 = b'Chancellor on brink of second bailout for banks' msg2 = b'Electrum' def sign_message_with_wif_privkey(wif_privkey, msg): txin_type, privkey, compressed = deserialize_privkey(wif_privkey) key = ecc.ECPrivkey(privkey) return key.sign_message(msg, compressed) sig1 = sign_message_with_wif_privkey( 'T7J3unHmmx9S8e8Zdi9r98A7wTW386HkxvMbUKEMsAY9JRWfbSe6', msg1) addr1 = 'LPvBisC3rGmpGa3E3NeQk3PHQN4VS237y2' sig2 = sign_message_with_wif_privkey( '6uGWYKbyKLBMa1ysfq9rMANcbtYKY49vrawvaH3rBXooApLq6t2', msg2) addr2 = 'LacEkfqxYsPqDuS8ZCstJUc59gxVm2DQaT' sig1_b64 = base64.b64encode(sig1) sig2_b64 = base64.b64encode(sig2) self.assertEqual(sig1_b64, b'IHGAMaPxjrn3CD19S7J5KAq4xF6mdLznsSL8SrqhNwficUHlK5wSth6/J*Z/pEyo92nkUoA+kL9VJpjLnKJKTmM=') self.assertEqual(sig2_b64, b'G14KtfFZQYjyhz4PUzX/yz8eEC1BFHsaEKZOJGLeTWJoNp/umpi5zPeCvhUcgSoMtAkmw3pATrM2bcDdYi1tqIs=') self.assertTrue(ecc.verify_message_with_address(addr1, sig1, msg1)) self.assertTrue(ecc.verify_message_with_address(addr2, sig2, msg2)) self.assertFalse(ecc.verify_message_with_address(addr1, b'wrong', msg1)) self.assertFalse(ecc.verify_message_with_address(addr1, sig2, msg1))
def sign_message(self, sequence, message, password): sig = None try: message = message.encode('utf8') inputPath = self.get_derivation() + "/%d/%d" % sequence msg_hash = Hash(msg_magic(message)) inputHash = to_hexstr(msg_hash) hasharray = [] hasharray.append({'hash': inputHash, 'keypath': inputPath}) hasharray = json.dumps(hasharray) msg = ('{"sign":{"meta":"sign message", "data":%s}}' % hasharray).encode('utf8') dbb_client = self.plugin.get_client(self) if not dbb_client.is_paired(): raise Exception(_("Could not sign message.")) reply = dbb_client.hid_send_encrypt(msg) self.handler.show_message(_("Signing message ...") + "\n\n" + _("To continue, touch the Digital Bitbox's blinking light for 3 seconds.") + "\n\n" + _("To cancel, briefly touch the blinking light or wait for the timeout.")) reply = dbb_client.hid_send_encrypt(msg) # Send twice, first returns an echo for smart verification (not implemented) self.handler.finished() if 'error' in reply: raise Exception(reply['error']['message']) if 'sign' not in reply: raise Exception(_("Could not sign message.")) if 'recid' in reply['sign'][0]: # firmware > v2.1.1 sig_string = binascii.unhexlify(reply['sign'][0]['sig']) recid = int(reply['sign'][0]['recid'], 16) sig = ecc.construct_sig65(sig_string, recid, True) pubkey, compressed = ecc.ECPubkey.from_signature65(sig, msg_hash) addr = public_key_to_p2pkh(pubkey.get_public_key_bytes(compressed=compressed)) if ecc.verify_message_with_address(addr, sig, message) is False: raise Exception(_("Could not sign message")) elif 'pubkey' in reply['sign'][0]: # firmware <= v2.1.1 for recid in range(4): sig_string = binascii.unhexlify(reply['sign'][0]['sig']) sig = ecc.construct_sig65(sig_string, recid, True) try: addr = public_key_to_p2pkh(binascii.unhexlify(reply['sign'][0]['pubkey'])) if ecc.verify_message_with_address(addr, sig, message): break except Exception: continue else: raise Exception(_("Could not sign message")) except BaseException as e: self.give_error(e) return sig
def sign_message(self, sequence, message, password): sig = None try: message = message.encode('utf8') inputPath = self.get_derivation() + "/%d/%d" % sequence msg_hash = sha256d(msg_magic(message)) inputHash = to_hexstr(msg_hash) hasharray = [] hasharray.append({'hash': inputHash, 'keypath': inputPath}) hasharray = json.dumps(hasharray) msg = ('{"sign":{"meta":"sign message", "data":%s}}' % hasharray).encode('utf8') dbb_client = self.plugin.get_client(self) if not dbb_client.is_paired(): raise Exception(_("Could not sign message.")) reply = dbb_client.hid_send_encrypt(msg) self.handler.show_message(_("Signing message ...") + "\n\n" + _("To continue, touch the Digital Bitbox's blinking light for 3 seconds.") + "\n\n" + _("To cancel, briefly touch the blinking light or wait for the timeout.")) reply = dbb_client.hid_send_encrypt(msg) # Send twice, first returns an echo for smart verification (not implemented) self.handler.finished() if 'error' in reply: raise Exception(reply['error']['message']) if 'sign' not in reply: raise Exception(_("Could not sign message.")) if 'recid' in reply['sign'][0]: # firmware > v2.1.1 sig_string = binascii.unhexlify(reply['sign'][0]['sig']) recid = int(reply['sign'][0]['recid'], 16) sig = ecc.construct_sig65(sig_string, recid, True) pubkey, compressed = ecc.ECPubkey.from_signature65(sig, msg_hash) addr = public_key_to_p2pkh(pubkey.get_public_key_bytes(compressed=compressed)) if ecc.verify_message_with_address(addr, sig, message) is False: raise Exception(_("Could not sign message")) elif 'pubkey' in reply['sign'][0]: # firmware <= v2.1.1 for recid in range(4): sig_string = binascii.unhexlify(reply['sign'][0]['sig']) sig = ecc.construct_sig65(sig_string, recid, True) try: addr = public_key_to_p2pkh(binascii.unhexlify(reply['sign'][0]['pubkey'])) if ecc.verify_message_with_address(addr, sig, message): break except Exception: continue else: raise Exception(_("Could not sign message")) except BaseException as e: self.give_error(e) return sig
async def get_update_info(self): async with make_aiohttp_session( proxy=self.main_window.network.proxy) as session: async with session.get(UpdateCheck.url) as result: signed_version_dict = await result.json(content_type=None) # example signed_version_dict: # { # "version": "3.9.9", # "signatures": { # "1Lqm1HphuhxKZQEawzPse8gJtgjm9kUKT4": "IA+2QG3xPRn4HAIFdpu9eeaCYC7S5wS/sDxn54LJx6BdUTBpse3ibtfq8C43M7M1VfpGkD5tsdwl5C6IfpZD/gQ=" # } # } version_num = signed_version_dict['version'] sigs = signed_version_dict['signatures'] for address, sig in sigs.items(): if address not in UpdateCheck.VERSION_ANNOUNCEMENT_SIGNING_KEYS: continue sig = base64.b64decode(sig) msg = version_num.encode('utf-8') if ecc.verify_message_with_address( address=address, sig65=sig, message=msg, net=constants.BitcoinMainnet): self.print_error( f"valid sig for version announcement '{version_num}' from address '{address}'" ) break else: raise Exception( 'no valid signature for version announcement') return LooseVersion(version_num.strip())
async def get_update_info(self): async with make_aiohttp_session(proxy=self.main_window.network.proxy) as session: async with session.get(UpdateCheck.url) as result: signed_version_dict = await result.json(content_type=None) # example signed_version_dict: # { # "version": "3.9.9", # "signatures": { # "1Lqm1HphuhxKZQEawzPse8gJtgjm9kUKT4": "IA+2QG3xPRn4HAIFdpu9eeaCYC7S5wS/sDxn54LJx6BdUTBpse3ibtfq8C43M7M1VfpGkD5tsdwl5C6IfpZD/gQ=" # } # } version_num = signed_version_dict['version'] sigs = signed_version_dict['signatures'] for address, sig in sigs.items(): if address not in UpdateCheck.VERSION_ANNOUNCEMENT_SIGNING_KEYS: continue sig = base64.b64decode(sig) msg = version_num.encode('utf-8') if ecc.verify_message_with_address(address=address, sig65=sig, message=msg, net=constants.BitcoinMainnet): self.print_error(f"valid sig for version announcement '{version_num}' from address '{address}'") break else: raise Exception('no valid signature for version announcement') return LooseVersion(version_num.strip())