def __init__(self, internal_pubkey, tap_node=None, merkle_root=None): self.internal_pubkey = S256Point.parse_bip340(internal_pubkey.bip340()) self.tap_node = tap_node if merkle_root is not None: self.tweak = big_endian_to_int( hash_taptweak(internal_pubkey.bip340() + merkle_root)) elif tap_node is None: self.tweak = big_endian_to_int( hash_taptweak(internal_pubkey.bip340())) else: self.tweak = big_endian_to_int( hash_taptweak(internal_pubkey.bip340() + tap_node.hash())) self.tweak_point = self.internal_pubkey + self.tweak self.parity = self.tweak_point.parity
def __init__(self, raw): self.raw = raw if len(raw) != 64: raise ValueError("signature should be 64 bytes") # check that the sig's R is valid if big_endian_to_int(raw[:32]) == 0: raise AssertionError("R should not be zero") xonly_key = ffi.new("secp256k1_xonly_pubkey *") if not lib.secp256k1_xonly_pubkey_parse(GLOBAL_CTX, xonly_key, raw[:32]): raise ValueError(f"libsecp256k1 invalid R {raw[:32].hex()}") s = big_endian_to_int(raw[32:]) if s >= N: raise ValueError(f"{s:x} is greater than or equal to {N:x}")
def parse(cls, wif): """ Converts WIF to a PrivateKey object. Note that this doesn't differentiate between non-mainnet networks. Since this class doesn't generate anything downstream of the particular network (e.g. addresses), it shouldn't be a problem, however the network inferred here cannot be relied upon if parsing a non-mainnet key. """ raw = raw_decode_base58(wif) if len(raw) == 34: compressed = True if raw[-1] != 1: raise ValueError("Invalid WIF") raw = raw[:-1] else: compressed = False secret = big_endian_to_int(raw[1:]) if raw[0] == 0xEF: network = "testnet" elif raw[0] == 0x80: network = "mainnet" else: raise ValueError("Invalid WIF") return cls(secret, network=network, compressed=compressed)
def test_sign_schnorr(self): pk = PrivateKey(randint(1, N)) msg = int_to_big_endian(randint(1, N), 32) sig = pk.sign_schnorr(msg, aux=b"\x00" * 32) self.assertTrue(pk.point.verify_schnorr(msg, sig)) # tweak tweak = randint(1, N) tweak_point = pk.tweaked(tweak).point k = randint(1, N) r = k * G if r.parity: k = N - k r = k * G message = r.bip340() + tweak_point.bip340() + msg challenge = big_endian_to_int(hash_challenge(message)) % N if pk.point.parity == tweak_point.parity: secret = pk.secret else: secret = -pk.secret s = (k + challenge * secret) % N if tweak_point.parity: s = (s - challenge * tweak) % N else: s = (s + challenge * tweak) % N sig = SchnorrSignature.parse(r.bip340() + int_to_big_endian(s, 32)) self.assertTrue(tweak_point.verify_schnorr(msg, sig))
def __init__(self, points, locktime=None, sequence=None): if locktime is not None and sequence is not None: raise ValueError( "Both locktime and sequence are defined. Only one of them should be." ) super().__init__() if len(points) == 0: raise ValueError("Need at least one public key") bip340s = sorted([p.bip340() for p in points]) self.points = [S256Point.parse_bip340(b) for b in bip340s] self.commitment = hash_keyagglist(b"".join(bip340s)) self.coefs = [ big_endian_to_int(hash_keyaggcoef(self.commitment + b)) for b in bip340s ] # the second unique public key has a coefficient of 1 self.coefs[1] = 1 self.coef_lookup = {b: c for c, b in zip(self.coefs, bip340s)} # aggregate point self.point = S256Point.combine( [c * p for c, p in zip(self.coefs, self.points)]) if locktime is not None: self.commands = locktime_commands(locktime) elif sequence is not None: self.commands = sequence_commands(sequence) else: self.commands = [] self.commands += [self.point.bip340(), 0xAC]
def test_p2tr_empty_script_tree(self): tests = [ { "given": { "internalPubkey": "d6889cb081036e0faefa3a35157ad71086b123b2b144b649798b494c300a961d", }, "intermediary": { "tweak": "b86e7be8f39bab32a6f2c0443abbc210f0edac0e2c53d501b36b64437d9c6c70", "tweakedPubkey": "53a1f6e454df1aa2776a2814a721372d6258050de330b3c6d10ee8f4e0dda343", }, "expected": { "scriptPubKey": "512053a1f6e454df1aa2776a2814a721372d6258050de330b3c6d10ee8f4e0dda343", "bip350Address": "bc1p2wsldez5mud2yam29q22wgfh9439spgduvct83k3pm50fcxa5dps59h4z5", }, }, ] for test in tests: point = S256Point.parse_bip340( bytes.fromhex(test["given"]["internalPubkey"]) ) raw_tweak = bytes.fromhex(test["intermediary"]["tweak"]) tap_root = TapRoot(point) self.assertEqual(tap_root.tweak, big_endian_to_int(raw_tweak)) tweak_point_want = S256Point.parse_bip340( bytes.fromhex(test["intermediary"]["tweakedPubkey"]) ) self.assertEqual(tap_root.bip340(), tweak_point_want.bip340()) stream = BytesIO( encode_varstr(bytes.fromhex(test["expected"]["scriptPubKey"])) ) script_pubkey_want = ScriptPubKey.parse(stream) self.assertEqual(tap_root.script_pubkey(), script_pubkey_want) self.assertEqual(tap_root.address(), test["expected"]["bip350Address"])
def generate_shares(cls, mnemonic, k, n, passphrase=b"", exponent=0): """Takes a BIP39 mnemonic along with k, n, passphrase and exponent. Returns a list of SLIP39 mnemonics, any k of of which, along with the passphrase, recover the secret""" # convert mnemonic to a shared secret secret = mnemonic_to_bytes(mnemonic) num_bits = len(secret) * 8 if num_bits not in (128, 256): raise ValueError("mnemonic must be 12 or 24 words") # generate id id = randbits(15) # encrypt secret with passphrase encrypted = cls.encrypt(secret, id, exponent, passphrase) # split encrypted payload and create shares shares = [] data = cls.split_secret(encrypted, k, n) for group_index, share_bytes in data: share = Share( share_bit_length=num_bits, id=id, exponent=exponent, group_index=group_index, group_threshold=k, group_count=n, member_index=0, member_threshold=1, value=big_endian_to_int(share_bytes), ) shares.append(share.mnemonic()) return shares
def bytes_to_mnemonic(b, num_bits): """returns a mnemonic given a byte representation""" if num_bits not in (128, 160, 192, 224, 256): raise InvalidBIP39Length( f"{num_bits} bits (you need 128, 160, 192, 224 or 256 bits)" ) preseed = big_endian_to_int(b) # 1 extra bit for checksum is needed per 32 bits num_checksum_bits = num_bits // 32 # the checksum is the sha256's first n bits. At most this is 8 checksum = sha256(b)[0] >> (8 - num_checksum_bits) # we concatenate the checksum to the preseed all_bits = (preseed << num_checksum_bits) | checksum # now we get the mnemonic passphrase mnemonic = [] # now group into groups of 11 bits for _ in range((num_bits + num_checksum_bits) // 11): # grab the last 11 bits current = all_bits & ((1 << 11) - 1) # insert the correct word at the front mnemonic.insert(0, BIP39[current]) # shift by 11 bits so we can move to the next set all_bits >>= 11 # return the mnemonic phrase by putting spaces between return " ".join(mnemonic)
def verify_message(self, message, sig): """Verify a message in the form of bytes. Assumes that the z is calculated using hash256 interpreted as a big-endian integer""" # calculate the hash256 of the message h256 = hash256(message) # z is the big-endian interpretation. use big_endian_to_int z = big_endian_to_int(h256) # verify the message using the self.verify method return self.verify(z, sig)
def sig_hash_bip143( self, input_index, redeem_script=None, witness_script=None, hash_type=SIGHASH_ALL, ): """Returns the integer representation of the hash that needs to get signed for index input_index""" # grab the input being signed by looking up the input_index tx_in = self.tx_ins[input_index] # start with the version in 4 bytes, little endian s = int_to_little_endian(self.version, 4) # add the HashPrevouts and HashSequence if hash_type & SIGHASH_ANYONECANPAY != SIGHASH_ANYONECANPAY: s += self.hash_prevouts() if hash_type & SIGHASH_ANYONECANPAY != SIGHASH_ANYONECANPAY and ( hash_type & 3) not in (SIGHASH_SINGLE, SIGHASH_NONE): s += self.hash_sequence() # add the previous transaction hash in little endian s += tx_in.prev_tx[::-1] # add the previous transaction index in 4 bytes, little endian s += int_to_little_endian(tx_in.prev_index, 4) # for p2wpkh, we need to compute the ScriptCode # Exercise 1: account for p2wsh. Check first for the existence of a WitnessScript if witness_script: # for p2wsh and p2sh-p2wsh the ScriptCode is the WitnessScript script_code = witness_script elif redeem_script: # for p2sh-p2wpkh, get the hash160 which is the 2nd command of the RedeemScript h160 = redeem_script.commands[1] # the ScriptCode is the P2PKHScriptPubKey created using the hash160 script_code = P2PKHScriptPubKey(h160) else: # get the script pubkey associated with the previous output (remember network) script_pubkey = tx_in.script_pubkey(self.network) # next get the hash160 in the script_pubkey. for p2wpkh, it's the second command h160 = script_pubkey.commands[1] # finally the ScriptCode is the P2PKHScriptPubKey created using the hash160 script_code = P2PKHScriptPubKey(h160) # add the serialized ScriptCode s += script_code.serialize() # add the value of the input in 8 bytes, little endian s += int_to_little_endian(tx_in.value(network=self.network), 8) # add the sequence of the input in 4 bytes, little endian s += tx_in.sequence.serialize() # add the HashOutputs if (hash_type & 3) not in (SIGHASH_SINGLE, SIGHASH_NONE): s += self.hash_outputs() elif hash_type & SIGHASH_SINGLE == SIGHASH_SINGLE: s += self.tx_outs[input_index].serialize() # add the locktime in 4 bytes, little endian s += self.locktime.serialize() # add the sighash (SIGHASH_ALL) in 4 bytes, little endian s += int_to_little_endian(hash_type, 4) # hash256 the whole thing, interpret the as a big endian integer using int_to_big_endian return big_endian_to_int(hash256(s))
def sign_message(self, message): """Sign a message in the form of bytes instead of the z. The z should be assumed to be the hash256 of the message interpreted as a big-endian integer.""" # compute the hash256 of the message h256 = hash256(message) # z is the big-endian interpretation. use big_endian_to_int z = big_endian_to_int(h256) # sign the message using the self.sign method return self.sign(z)
def sign_schnorr(self, msg, aux): if self.point.parity: d = N - self.secret else: d = self.secret if len(msg) != 32: raise ValueError("msg needs to be 32 bytes") if len(aux) != 32: raise ValueError("aux needs to be 32 bytes") t = xor_bytes(int_to_big_endian(d, 32), hash_aux(aux)) k = big_endian_to_int(hash_nonce(t + self.point.bip340() + msg)) % N r = k * G if r.parity: k = N - k r = k * G message = r.bip340() + self.point.bip340() + msg e = big_endian_to_int(hash_challenge(message)) % N s = (k + e * d) % N sig = SchnorrSignature(r, s) if not self.point.verify_schnorr(msg, sig): raise RuntimeError("Bad Signature") return sig
def parse_bip340(cls, bip340_bin): """returns a Point object from a BIP340 pubkey""" n = big_endian_to_int(bip340_bin) if n == 0: # point at infinity return cls(None, None) x = S256Field(n) # right side of the equation y^2 = x^3 + 7 alpha = x**3 + S256Field(B) # solve for left side beta = alpha.sqrt() if beta.num % 2 == 1: beta = S256Field(P - beta.num) return cls(x, beta)
def sign(self, private_key, k, r, sig_hash, tweak=0): tweak_point = self.get_tweak_point(tweak) msg = r.bip340() + tweak_point.bip340() + sig_hash challenge = big_endian_to_int(hash_challenge(msg)) % N h_i = self.coef_lookup[private_key.point.bip340()] c_i = h_i * challenge % N if r.parity == tweak_point.parity: k_real = k else: k_real = -k if self.point.parity == private_key.point.parity: secret = private_key.secret else: secret = -private_key.secret return (k_real + c_i * secret) % N
def verify_schnorr(self, msg, schnorr_sig): if self.parity: point = -1 * self else: point = self if schnorr_sig.r.x is None: return False message = schnorr_sig.r.bip340() + point.bip340() + msg challenge = big_endian_to_int(hash_challenge(message)) % N result = -challenge * point + schnorr_sig.s if result.x is None: return False if result.parity: return False return result.bip340() == schnorr_sig.r.bip340()
def get_signature(self, s_sum, r, sig_hash, tweak=0): tweak_point = self.get_tweak_point(tweak) if tweak: msg = r.bip340() + tweak_point.bip340() + sig_hash challenge = big_endian_to_int(hash_challenge(msg)) % N if tweak_point.parity: s = (-s_sum - challenge * tweak) % N else: s = (s_sum + challenge * tweak) % N else: s = s_sum % N s_raw = int_to_big_endian(s, 32) sig = r.bip340() + s_raw schnorrsig = SchnorrSignature.parse(sig) if not tweak_point.verify_schnorr(sig_hash, schnorrsig): raise ValueError("Invalid signature") return schnorrsig
def parse(cls, wif): """Converts WIF to a PrivateKey object""" raw = raw_decode_base58(wif) if len(raw) == 34: compressed = True if raw[-1] != 1: raise ValueError("Invalid WIF") raw = raw[:-1] else: compressed = False secret = big_endian_to_int(raw[1:]) if raw[0] == 0xEF: network = "testnet" elif raw[0] == 0x80: network = "mainnet" else: raise ValueError("Invalid WIF") return cls(secret, network=network, compressed=compressed)
def deterministic_k(self, z): k = b"\x00" * 32 v = b"\x01" * 32 if z > N: z -= N z_bytes = int_to_big_endian(z, 32) secret_bytes = int_to_big_endian(self.secret, 32) s256 = hashlib.sha256 k = hmac.new(k, v + b"\x00" + secret_bytes + z_bytes, s256).digest() v = hmac.new(k, v, s256).digest() k = hmac.new(k, v + b"\x01" + secret_bytes + z_bytes, s256).digest() v = hmac.new(k, v, s256).digest() while True: v = hmac.new(k, v, s256).digest() candidate = big_endian_to_int(v) if candidate >= 1 and candidate < N: return candidate k = hmac.new(k, v + b"\x00", s256).digest() v = hmac.new(k, v, s256).digest()
def test_p2tr_general(self): tests = [ { "given": { "internalPubkey": "187791b6f712a8ea41c8ecdd0ee77fab3e85263b37e1ec18a3651926b3a6cf27", "scriptTree": { "id": 0, "script": "20d85a959b0290bf19bb89ed43c916be835475d013da4b362117393e25a48229b8ac", "leafVersion": 192, }, }, "intermediary": { "leafHashes": [ "5b75adecf53548f3ec6ad7d78383bf84cc57b55a3127c72b9a2481752dd88b21" ], "merkleRoot": "5b75adecf53548f3ec6ad7d78383bf84cc57b55a3127c72b9a2481752dd88b21", "tweak": "cbd8679ba636c1110ea247542cfbd964131a6be84f873f7f3b62a777528ed001", "tweakedPubkey": "147c9c57132f6e7ecddba9800bb0c4449251c92a1e60371ee77557b6620f3ea3", }, "expected": { "scriptPubKey": "5120147c9c57132f6e7ecddba9800bb0c4449251c92a1e60371ee77557b6620f3ea3", "bip350Address": "bc1pz37fc4cn9ah8anwm4xqqhvxygjf9rjf2resrw8h8w4tmvcs0863sa2e586", "scriptPathControlBlocks": [ "c1187791b6f712a8ea41c8ecdd0ee77fab3e85263b37e1ec18a3651926b3a6cf27" ], }, }, { "given": { "internalPubkey": "93478e9488f956df2396be2ce6c5cced75f900dfa18e7dabd2428aae78451820", "scriptTree": { "id": 0, "script": "20b617298552a72ade070667e86ca63b8f5789a9fe8731ef91202a91c9f3459007ac", "leafVersion": 192, }, }, "intermediary": { "leafHashes": [ "c525714a7f49c28aedbbba78c005931a81c234b2f6c99a73e4d06082adc8bf2b" ], "merkleRoot": "c525714a7f49c28aedbbba78c005931a81c234b2f6c99a73e4d06082adc8bf2b", "tweak": "6af9e28dbf9d6aaf027696e2598a5b3d056f5fd2355a7fd5a37a0e5008132d30", "tweakedPubkey": "e4d810fd50586274face62b8a807eb9719cef49c04177cc6b76a9a4251d5450e", }, "expected": { "scriptPubKey": "5120e4d810fd50586274face62b8a807eb9719cef49c04177cc6b76a9a4251d5450e", "bip350Address": "bc1punvppl2stp38f7kwv2u2spltjuvuaayuqsthe34hd2dyy5w4g58qqfuag5", "scriptPathControlBlocks": [ "c093478e9488f956df2396be2ce6c5cced75f900dfa18e7dabd2428aae78451820" ], }, }, { "given": { "internalPubkey": "ee4fe085983462a184015d1f782d6a5f8b9c2b60130aff050ce221ecf3786592", "scriptTree": [ { "id": 0, "script": "20387671353e273264c495656e27e39ba899ea8fee3bb69fb2a680e22093447d48ac", "leafVersion": 192, }, {"id": 1, "script": "06424950333431", "leafVersion": 250}, ], }, "intermediary": { "leafHashes": [ "8ad69ec7cf41c2a4001fd1f738bf1e505ce2277acdcaa63fe4765192497f47a7", "f224a923cd0021ab202ab139cc56802ddb92dcfc172b9212261a539df79a112a", ], "merkleRoot": "6c2dc106ab816b73f9d07e3cd1ef2c8c1256f519748e0813e4edd2405d277bef", "tweak": "9e0517edc8259bb3359255400b23ca9507f2a91cd1e4250ba068b4eafceba4a9", "tweakedPubkey": "712447206d7a5238acc7ff53fbe94a3b64539ad291c7cdbc490b7577e4b17df5", }, "expected": { "scriptPubKey": "5120712447206d7a5238acc7ff53fbe94a3b64539ad291c7cdbc490b7577e4b17df5", "bip350Address": "bc1pwyjywgrd0ffr3tx8laflh6228dj98xkjj8rum0zfpd6h0e930h6saqxrrm", "scriptPathControlBlocks": [ "c0ee4fe085983462a184015d1f782d6a5f8b9c2b60130aff050ce221ecf3786592f224a923cd0021ab202ab139cc56802ddb92dcfc172b9212261a539df79a112a", "faee4fe085983462a184015d1f782d6a5f8b9c2b60130aff050ce221ecf37865928ad69ec7cf41c2a4001fd1f738bf1e505ce2277acdcaa63fe4765192497f47a7", ], }, }, { "given": { "internalPubkey": "f9f400803e683727b14f463836e1e78e1c64417638aa066919291a225f0e8dd8", "scriptTree": [ { "id": 0, "script": "2044b178d64c32c4a05cc4f4d1407268f764c940d20ce97abfd44db5c3592b72fdac", "leafVersion": 192, }, {"id": 1, "script": "07546170726f6f74", "leafVersion": 192}, ], }, "intermediary": { "leafHashes": [ "64512fecdb5afa04f98839b50e6f0cb7b1e539bf6f205f67934083cdcc3c8d89", "2cb2b90daa543b544161530c925f285b06196940d6085ca9474d41dc3822c5cb", ], "merkleRoot": "ab179431c28d3b68fb798957faf5497d69c883c6fb1e1cd9f81483d87bac90cc", "tweak": "639f0281b7ac49e742cd25b7f188657626da1ad169209078e2761cefd91fd65e", "tweakedPubkey": "77e30a5522dd9f894c3f8b8bd4c4b2cf82ca7da8a3ea6a239655c39c050ab220", }, "expected": { "scriptPubKey": "512077e30a5522dd9f894c3f8b8bd4c4b2cf82ca7da8a3ea6a239655c39c050ab220", "bip350Address": "bc1pwl3s54fzmk0cjnpl3w9af39je7pv5ldg504x5guk2hpecpg2kgsqaqstjq", "scriptPathControlBlocks": [ "c1f9f400803e683727b14f463836e1e78e1c64417638aa066919291a225f0e8dd82cb2b90daa543b544161530c925f285b06196940d6085ca9474d41dc3822c5cb", "c1f9f400803e683727b14f463836e1e78e1c64417638aa066919291a225f0e8dd864512fecdb5afa04f98839b50e6f0cb7b1e539bf6f205f67934083cdcc3c8d89", ], }, }, { "given": { "internalPubkey": "e0dfe2300b0dd746a3f8674dfd4525623639042569d829c7f0eed9602d263e6f", "scriptTree": [ { "id": 0, "script": "2072ea6adcf1d371dea8fba1035a09f3d24ed5a059799bae114084130ee5898e69ac", "leafVersion": 192, }, [ { "id": 1, "script": "202352d137f2f3ab38d1eaa976758873377fa5ebb817372c71e2c542313d4abda8ac", "leafVersion": 192, }, { "id": 2, "script": "207337c0dd4253cb86f2c43a2351aadd82cccb12a172cd120452b9bb8324f2186aac", "leafVersion": 192, }, ], ], }, "intermediary": { "leafHashes": [ "2645a02e0aac1fe69d69755733a9b7621b694bb5b5cde2bbfc94066ed62b9817", "ba982a91d4fc552163cb1c0da03676102d5b7a014304c01f0c77b2b8e888de1c", "9e31407bffa15fefbf5090b149d53959ecdf3f62b1246780238c24501d5ceaf6", ], "merkleRoot": "ccbd66c6f7e8fdab47b3a486f59d28262be857f30d4773f2d5ea47f7761ce0e2", "tweak": "b57bfa183d28eeb6ad688ddaabb265b4a41fbf68e5fed2c72c74de70d5a786f4", "tweakedPubkey": "91b64d5324723a985170e4dc5a0f84c041804f2cd12660fa5dec09fc21783605", }, "expected": { "scriptPubKey": "512091b64d5324723a985170e4dc5a0f84c041804f2cd12660fa5dec09fc21783605", "bip350Address": "bc1pjxmy65eywgafs5tsunw95ruycpqcqnev6ynxp7jaasylcgtcxczs6n332e", "scriptPathControlBlocks": [ "c0e0dfe2300b0dd746a3f8674dfd4525623639042569d829c7f0eed9602d263e6fffe578e9ea769027e4f5a3de40732f75a88a6353a09d767ddeb66accef85e553", "c0e0dfe2300b0dd746a3f8674dfd4525623639042569d829c7f0eed9602d263e6f9e31407bffa15fefbf5090b149d53959ecdf3f62b1246780238c24501d5ceaf62645a02e0aac1fe69d69755733a9b7621b694bb5b5cde2bbfc94066ed62b9817", "c0e0dfe2300b0dd746a3f8674dfd4525623639042569d829c7f0eed9602d263e6fba982a91d4fc552163cb1c0da03676102d5b7a014304c01f0c77b2b8e888de1c2645a02e0aac1fe69d69755733a9b7621b694bb5b5cde2bbfc94066ed62b9817", ], }, }, { "given": { "internalPubkey": "55adf4e8967fbd2e29f20ac896e60c3b0f1d5b0efa9d34941b5958c7b0a0312d", "scriptTree": [ { "id": 0, "script": "2071981521ad9fc9036687364118fb6ccd2035b96a423c59c5430e98310a11abe2ac", "leafVersion": 192, }, [ { "id": 1, "script": "20d5094d2dbe9b76e2c245a2b89b6006888952e2faa6a149ae318d69e520617748ac", "leafVersion": 192, }, { "id": 2, "script": "20c440b462ad48c7a77f94cd4532d8f2119dcebbd7c9764557e62726419b08ad4cac", "leafVersion": 192, }, ], ], }, "intermediary": { "leafHashes": [ "f154e8e8e17c31d3462d7132589ed29353c6fafdb884c5a6e04ea938834f0d9d", "737ed1fe30bc42b8022d717b44f0d93516617af64a64753b7a06bf16b26cd711", "d7485025fceb78b9ed667db36ed8b8dc7b1f0b307ac167fa516fe4352b9f4ef7", ], "merkleRoot": "2f6b2c5397b6d68ca18e09a3f05161668ffe93a988582d55c6f07bd5b3329def", "tweak": "6579138e7976dc13b6a92f7bfd5a2fc7684f5ea42419d43368301470f3b74ed9", "tweakedPubkey": "75169f4001aa68f15bbed28b218df1d0a62cbbcf1188c6665110c293c907b831", }, "expected": { "scriptPubKey": "512075169f4001aa68f15bbed28b218df1d0a62cbbcf1188c6665110c293c907b831", "bip350Address": "bc1pw5tf7sqp4f50zka7629jrr036znzew70zxyvvej3zrpf8jg8hqcssyuewe", "scriptPathControlBlocks": [ "c155adf4e8967fbd2e29f20ac896e60c3b0f1d5b0efa9d34941b5958c7b0a0312d3cd369a528b326bc9d2133cbd2ac21451acb31681a410434672c8e34fe757e91", "c155adf4e8967fbd2e29f20ac896e60c3b0f1d5b0efa9d34941b5958c7b0a0312dd7485025fceb78b9ed667db36ed8b8dc7b1f0b307ac167fa516fe4352b9f4ef7f154e8e8e17c31d3462d7132589ed29353c6fafdb884c5a6e04ea938834f0d9d", "c155adf4e8967fbd2e29f20ac896e60c3b0f1d5b0efa9d34941b5958c7b0a0312d737ed1fe30bc42b8022d717b44f0d93516617af64a64753b7a06bf16b26cd711f154e8e8e17c31d3462d7132589ed29353c6fafdb884c5a6e04ea938834f0d9d", ], }, }, ] def parse_item(item): if type(item) == dict: tapleaf_version = item["leafVersion"] tap_script = Script.parse( BytesIO(encode_varstr(bytes.fromhex(item["script"]))) ) tap_leaf = TapLeaf(tap_script, tapleaf_version) return tap_leaf else: return TapBranch(parse_item(item[0]), parse_item(item[1])) for test in tests: point = S256Point.parse_bip340( bytes.fromhex(test["given"]["internalPubkey"]) ) tap_tree = parse_item(test["given"]["scriptTree"]) merkle_root = tap_tree.hash() merkle_root_want = bytes.fromhex(test["intermediary"]["merkleRoot"]) self.assertEqual(merkle_root, merkle_root_want) tap_root = TapRoot(point, tap_tree) raw_tweak = bytes.fromhex(test["intermediary"]["tweak"]) self.assertEqual(tap_root.tweak, big_endian_to_int(raw_tweak)) tweak_point_want = S256Point.parse_bip340( bytes.fromhex(test["intermediary"]["tweakedPubkey"]) ) self.assertEqual(tap_root.bip340(), tweak_point_want.bip340()) stream = BytesIO( encode_varstr(bytes.fromhex(test["expected"]["scriptPubKey"])) ) script_pubkey_want = ScriptPubKey.parse(stream) self.assertEqual(tap_root.script_pubkey(), script_pubkey_want) self.assertEqual(tap_root.address(), test["expected"]["bip350Address"]) control_blocks = test["expected"]["scriptPathControlBlocks"] leaf_hashes = test["intermediary"]["leafHashes"] for control_block_hex, tap_leaf, leaf_hash in zip( control_blocks, tap_tree.leaves(), leaf_hashes ): self.assertEqual(tap_leaf.hash(), bytes.fromhex(leaf_hash)) control_block_raw = bytes.fromhex(control_block_hex) control_block_want = ControlBlock.parse(control_block_raw) control_block = tap_root.control_block(tap_leaf) self.assertEqual(control_block, control_block_want) self.assertEqual( tap_leaf.tapleaf_version, control_block.tapleaf_version ) self.assertEqual(tap_root.parity, control_block.parity) self.assertEqual(control_block.serialize(), control_block_raw) self.assertEqual(control_block.internal_pubkey, point) self.assertEqual(control_block.merkle_root(tap_leaf), merkle_root) self.assertEqual(control_block.tweak(tap_leaf), raw_tweak)
def tweak_point(self, leaf): return self.internal_pubkey + big_endian_to_int(self.tweak(leaf))
def test_p2tr_spending(self): test = { "given": { "rawUnsignedTx": "02000000097de20cbff686da83a54981d2b9bab3586f4ca7e48f57f5b55963115f3b334e9c010000000000000000d7b7cab57b1393ace2d064f4d4a2cb8af6def61273e127517d44759b6dafdd990000000000fffffffff8e1f583384333689228c5d28eac13366be082dc57441760d957275419a418420000000000fffffffff0689180aa63b30cb162a73c6d2a38b7eeda2a83ece74310fda0843ad604853b0100000000feffffffaa5202bdf6d8ccd2ee0f0202afbbb7461d9264a25e5bfd3c5a52ee1239e0ba6c0000000000feffffff956149bdc66faa968eb2be2d2faa29718acbfe3941215893a2a3446d32acd050000000000000000000e664b9773b88c09c32cb70a2a3e4da0ced63b7ba3b22f848531bbb1d5d5f4c94010000000000000000e9aa6b8e6c9de67619e6a3924ae25696bb7b694bb677a632a74ef7eadfd4eabf0000000000ffffffffa778eb6a263dc090464cd125c466b5a99667720b1c110468831d058aa1b82af10100000000ffffffff0200ca9a3b000000001976a91406afd46bcdfd22ef94ac122aa11f241244a37ecc88ac807840cb0000000020ac9a87f5594be208f8532db38cff670c450ed2fea8fcdefcc9a663f78bab962b0065cd1d", "utxosSpent": [ { "scriptPubKey": "512053a1f6e454df1aa2776a2814a721372d6258050de330b3c6d10ee8f4e0dda343", "amountSats": 420000000, }, { "scriptPubKey": "5120147c9c57132f6e7ecddba9800bb0c4449251c92a1e60371ee77557b6620f3ea3", "amountSats": 462000000, }, { "scriptPubKey": "76a914751e76e8199196d454941c45d1b3a323f1433bd688ac", "amountSats": 294000000, }, { "scriptPubKey": "5120e4d810fd50586274face62b8a807eb9719cef49c04177cc6b76a9a4251d5450e", "amountSats": 504000000, }, { "scriptPubKey": "512091b64d5324723a985170e4dc5a0f84c041804f2cd12660fa5dec09fc21783605", "amountSats": 630000000, }, { "scriptPubKey": "00147dd65592d0ab2fe0d0257d571abf032cd9db93dc", "amountSats": 378000000, }, { "scriptPubKey": "512075169f4001aa68f15bbed28b218df1d0a62cbbcf1188c6665110c293c907b831", "amountSats": 672000000, }, { "scriptPubKey": "5120712447206d7a5238acc7ff53fbe94a3b64539ad291c7cdbc490b7577e4b17df5", "amountSats": 546000000, }, { "scriptPubKey": "512077e30a5522dd9f894c3f8b8bd4c4b2cf82ca7da8a3ea6a239655c39c050ab220", "amountSats": 588000000, }, ], }, "intermediary": { "hashAmounts": "58a6964a4f5f8f0b642ded0a8a553be7622a719da71d1f5befcefcdee8e0fde6", "hashOutputs": "a2e6dab7c1f0dcd297c8d61647fd17d821541ea69c3cc37dcbad7f90d4eb4bc5", "hashPrevouts": "e3b33bb4ef3a52ad1fffb555c0d82828eb22737036eaeb02a235d82b909c4c3f", "hashScriptPubkeys": "23ad0f61ad2bca5ba6a7693f50fce988e17c3780bf2b1e720cfbb38fbdd52e21", "hashSequences": "18959c7221ab5ce9e26c3cd67b22c24f8baa54bac281d8e6b05e400e6c3a957e", }, "inputSpending": [ { "given": { "txinIndex": 0, "internalPrivkey": "6b973d88838f27366ed61c9ad6367663045cb456e28335c109e30717ae0c6baa", "merkleRoot": None, "hashType": 3, }, "intermediary": { "internalPubkey": "d6889cb081036e0faefa3a35157ad71086b123b2b144b649798b494c300a961d", "tweak": "b86e7be8f39bab32a6f2c0443abbc210f0edac0e2c53d501b36b64437d9c6c70", "tweakedPrivkey": "2405b971772ad26915c8dcdf10f238753a9b837e5f8e6a86fd7c0cce5b7296d9", "sigMsg": "0003020000000065cd1de3b33bb4ef3a52ad1fffb555c0d82828eb22737036eaeb02a235d82b909c4c3f58a6964a4f5f8f0b642ded0a8a553be7622a719da71d1f5befcefcdee8e0fde623ad0f61ad2bca5ba6a7693f50fce988e17c3780bf2b1e720cfbb38fbdd52e2118959c7221ab5ce9e26c3cd67b22c24f8baa54bac281d8e6b05e400e6c3a957e0000000000d0418f0e9a36245b9a50ec87f8bf5be5bcae434337b87139c3a5b1f56e33cba0", "precomputedUsed": [ "hashAmounts", "hashPrevouts", "hashScriptPubkeys", "hashSequences", ], "sigHash": "2514a6272f85cfa0f45eb907fcb0d121b808ed37c6ea160a5a9046ed5526d555", }, "expected": { "witness": [ "ed7c1647cb97379e76892be0cacff57ec4a7102aa24296ca39af7541246d8ff14d38958d4cc1e2e478e4d4a764bbfd835b16d4e314b72937b29833060b87276c03" ] }, }, { "given": { "txinIndex": 1, "internalPrivkey": "1e4da49f6aaf4e5cd175fe08a32bb5cb4863d963921255f33d3bc31e1343907f", "merkleRoot": "5b75adecf53548f3ec6ad7d78383bf84cc57b55a3127c72b9a2481752dd88b21", "hashType": 131, }, "intermediary": { "internalPubkey": "187791b6f712a8ea41c8ecdd0ee77fab3e85263b37e1ec18a3651926b3a6cf27", "tweak": "cbd8679ba636c1110ea247542cfbd964131a6be84f873f7f3b62a777528ed001", "tweakedPrivkey": "ea260c3b10e60f6de018455cd0278f2f5b7e454be1999572789e6a9565d26080", "sigMsg": "0083020000000065cd1d00d7b7cab57b1393ace2d064f4d4a2cb8af6def61273e127517d44759b6dafdd9900000000808f891b00000000225120147c9c57132f6e7ecddba9800bb0c4449251c92a1e60371ee77557b6620f3ea3ffffffffffcef8fb4ca7efc5433f591ecfc57391811ce1e186a3793024def5c884cba51d", "precomputedUsed": [], "sigHash": "325a644af47e8a5a2591cda0ab0723978537318f10e6a63d4eed783b96a71a4d", }, "expected": { "witness": [ "052aedffc554b41f52b521071793a6b88d6dbca9dba94cf34c83696de0c1ec35ca9c5ed4ab28059bd606a4f3a657eec0bb96661d42921b5f50a95ad33675b54f83" ] }, }, { "given": { "txinIndex": 3, "internalPrivkey": "d3c7af07da2d54f7a7735d3d0fc4f0a73164db638b2f2f7c43f711f6d4aa7e64", "merkleRoot": "c525714a7f49c28aedbbba78c005931a81c234b2f6c99a73e4d06082adc8bf2b", "hashType": 1, }, "intermediary": { "internalPubkey": "93478e9488f956df2396be2ce6c5cced75f900dfa18e7dabd2428aae78451820", "tweak": "6af9e28dbf9d6aaf027696e2598a5b3d056f5fd2355a7fd5a37a0e5008132d30", "tweakedPrivkey": "97323385e57015b75b0339a549c56a948eb961555973f0951f555ae6039ef00d", "sigMsg": "0001020000000065cd1de3b33bb4ef3a52ad1fffb555c0d82828eb22737036eaeb02a235d82b909c4c3f58a6964a4f5f8f0b642ded0a8a553be7622a719da71d1f5befcefcdee8e0fde623ad0f61ad2bca5ba6a7693f50fce988e17c3780bf2b1e720cfbb38fbdd52e2118959c7221ab5ce9e26c3cd67b22c24f8baa54bac281d8e6b05e400e6c3a957ea2e6dab7c1f0dcd297c8d61647fd17d821541ea69c3cc37dcbad7f90d4eb4bc50003000000", "precomputedUsed": [ "hashAmounts", "hashOutputs", "hashPrevouts", "hashScriptPubkeys", "hashSequences", ], "sigHash": "bf013ea93474aa67815b1b6cc441d23b64fa310911d991e713cd34c7f5d46669", }, "expected": { "witness": [ "ff45f742a876139946a149ab4d9185574b98dc919d2eb6754f8abaa59d18b025637a3aa043b91817739554f4ed2026cf8022dbd83e351ce1fabc272841d2510a01" ] }, }, { "given": { "txinIndex": 4, "internalPrivkey": "f36bb07a11e469ce941d16b63b11b9b9120a84d9d87cff2c84a8d4affb438f4e", "merkleRoot": "ccbd66c6f7e8fdab47b3a486f59d28262be857f30d4773f2d5ea47f7761ce0e2", "hashType": 0, }, "intermediary": { "internalPubkey": "e0dfe2300b0dd746a3f8674dfd4525623639042569d829c7f0eed9602d263e6f", "tweak": "b57bfa183d28eeb6ad688ddaabb265b4a41fbf68e5fed2c72c74de70d5a786f4", "tweakedPrivkey": "a8e7aa924f0d58854185a490e6c41f6efb7b675c0f3331b7f14b549400b4d501", "sigMsg": "0000020000000065cd1de3b33bb4ef3a52ad1fffb555c0d82828eb22737036eaeb02a235d82b909c4c3f58a6964a4f5f8f0b642ded0a8a553be7622a719da71d1f5befcefcdee8e0fde623ad0f61ad2bca5ba6a7693f50fce988e17c3780bf2b1e720cfbb38fbdd52e2118959c7221ab5ce9e26c3cd67b22c24f8baa54bac281d8e6b05e400e6c3a957ea2e6dab7c1f0dcd297c8d61647fd17d821541ea69c3cc37dcbad7f90d4eb4bc50004000000", "precomputedUsed": [ "hashAmounts", "hashOutputs", "hashPrevouts", "hashScriptPubkeys", "hashSequences", ], "sigHash": "4f900a0bae3f1446fd48490c2958b5a023228f01661cda3496a11da502a7f7ef", }, "expected": { "witness": [ "b4010dd48a617db09926f729e79c33ae0b4e94b79f04a1ae93ede6315eb3669de185a17d2b0ac9ee09fd4c64b678a0b61a0a86fa888a273c8511be83bfd6810f" ] }, }, { "given": { "txinIndex": 6, "internalPrivkey": "415cfe9c15d9cea27d8104d5517c06e9de48e2f986b695e4f5ffebf230e725d8", "merkleRoot": "2f6b2c5397b6d68ca18e09a3f05161668ffe93a988582d55c6f07bd5b3329def", "hashType": 2, }, "intermediary": { "internalPubkey": "55adf4e8967fbd2e29f20ac896e60c3b0f1d5b0efa9d34941b5958c7b0a0312d", "tweak": "6579138e7976dc13b6a92f7bfd5a2fc7684f5ea42419d43368301470f3b74ed9", "tweakedPrivkey": "241c14f2639d0d7139282aa6abde28dd8a067baa9d633e4e7230287ec2d02901", "sigMsg": "0002020000000065cd1de3b33bb4ef3a52ad1fffb555c0d82828eb22737036eaeb02a235d82b909c4c3f58a6964a4f5f8f0b642ded0a8a553be7622a719da71d1f5befcefcdee8e0fde623ad0f61ad2bca5ba6a7693f50fce988e17c3780bf2b1e720cfbb38fbdd52e2118959c7221ab5ce9e26c3cd67b22c24f8baa54bac281d8e6b05e400e6c3a957e0006000000", "precomputedUsed": [ "hashAmounts", "hashPrevouts", "hashScriptPubkeys", "hashSequences", ], "sigHash": "15f25c298eb5cdc7eb1d638dd2d45c97c4c59dcaec6679cfc16ad84f30876b85", }, "expected": { "witness": [ "a3785919a2ce3c4ce26f298c3d51619bc474ae24014bcdd31328cd8cfbab2eff3395fa0a16fe5f486d12f22a9cedded5ae74feb4bbe5351346508c5405bcfee002" ] }, }, { "given": { "txinIndex": 7, "internalPrivkey": "c7b0e81f0a9a0b0499e112279d718cca98e79a12e2f137c72ae5b213aad0d103", "merkleRoot": "6c2dc106ab816b73f9d07e3cd1ef2c8c1256f519748e0813e4edd2405d277bef", "hashType": 130, }, "intermediary": { "internalPubkey": "ee4fe085983462a184015d1f782d6a5f8b9c2b60130aff050ce221ecf3786592", "tweak": "9e0517edc8259bb3359255400b23ca9507f2a91cd1e4250ba068b4eafceba4a9", "tweakedPrivkey": "65b6000cd2bfa6b7cf736767a8955760e62b6649058cbc970b7c0871d786346b", "sigMsg": "0082020000000065cd1d00e9aa6b8e6c9de67619e6a3924ae25696bb7b694bb677a632a74ef7eadfd4eabf00000000804c8b2000000000225120712447206d7a5238acc7ff53fbe94a3b64539ad291c7cdbc490b7577e4b17df5ffffffff", "precomputedUsed": [], "sigHash": "cd292de50313804dabe4685e83f923d2969577191a3e1d2882220dca88cbeb10", }, "expected": { "witness": [ "ea0c6ba90763c2d3a296ad82ba45881abb4f426b3f87af162dd24d5109edc1cdd11915095ba47c3a9963dc1e6c432939872bc49212fe34c632cd3ab9fed429c482" ] }, }, { "given": { "txinIndex": 8, "internalPrivkey": "77863416be0d0665e517e1c375fd6f75839544eca553675ef7fdf4949518ebaa", "merkleRoot": "ab179431c28d3b68fb798957faf5497d69c883c6fb1e1cd9f81483d87bac90cc", "hashType": 129, }, "intermediary": { "internalPubkey": "f9f400803e683727b14f463836e1e78e1c64417638aa066919291a225f0e8dd8", "tweak": "639f0281b7ac49e742cd25b7f188657626da1ad169209078e2761cefd91fd65e", "tweakedPrivkey": "ec18ce6af99f43815db543f47b8af5ff5df3b2cb7315c955aa4a86e8143d2bf5", "sigMsg": "0081020000000065cd1da2e6dab7c1f0dcd297c8d61647fd17d821541ea69c3cc37dcbad7f90d4eb4bc500a778eb6a263dc090464cd125c466b5a99667720b1c110468831d058aa1b82af101000000002b0c230000000022512077e30a5522dd9f894c3f8b8bd4c4b2cf82ca7da8a3ea6a239655c39c050ab220ffffffff", "precomputedUsed": ["hashOutputs"], "sigHash": "cccb739eca6c13a8a89e6e5cd317ffe55669bbda23f2fd37b0f18755e008edd2", }, "expected": { "witness": [ "bbc9584a11074e83bc8c6759ec55401f0ae7b03ef290c3139814f545b58a9f8127258000874f44bc46db7646322107d4d86aec8e73b8719a61fff761d75b5dd981" ] }, }, ], "auxiliary": { "fullySignedTx": "020000000001097de20cbff686da83a54981d2b9bab3586f4ca7e48f57f5b55963115f3b334e9c010000000000000000d7b7cab57b1393ace2d064f4d4a2cb8af6def61273e127517d44759b6dafdd990000000000fffffffff8e1f583384333689228c5d28eac13366be082dc57441760d957275419a41842000000006b4830450221008f3b8f8f0537c420654d2283673a761b7ee2ea3c130753103e08ce79201cf32a022079e7ab904a1980ef1c5890b648c8783f4d10103dd62f740d13daa79e298d50c201210279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798fffffffff0689180aa63b30cb162a73c6d2a38b7eeda2a83ece74310fda0843ad604853b0100000000feffffffaa5202bdf6d8ccd2ee0f0202afbbb7461d9264a25e5bfd3c5a52ee1239e0ba6c0000000000feffffff956149bdc66faa968eb2be2d2faa29718acbfe3941215893a2a3446d32acd050000000000000000000e664b9773b88c09c32cb70a2a3e4da0ced63b7ba3b22f848531bbb1d5d5f4c94010000000000000000e9aa6b8e6c9de67619e6a3924ae25696bb7b694bb677a632a74ef7eadfd4eabf0000000000ffffffffa778eb6a263dc090464cd125c466b5a99667720b1c110468831d058aa1b82af10100000000ffffffff0200ca9a3b000000001976a91406afd46bcdfd22ef94ac122aa11f241244a37ecc88ac807840cb0000000020ac9a87f5594be208f8532db38cff670c450ed2fea8fcdefcc9a663f78bab962b0141ed7c1647cb97379e76892be0cacff57ec4a7102aa24296ca39af7541246d8ff14d38958d4cc1e2e478e4d4a764bbfd835b16d4e314b72937b29833060b87276c030141052aedffc554b41f52b521071793a6b88d6dbca9dba94cf34c83696de0c1ec35ca9c5ed4ab28059bd606a4f3a657eec0bb96661d42921b5f50a95ad33675b54f83000141ff45f742a876139946a149ab4d9185574b98dc919d2eb6754f8abaa59d18b025637a3aa043b91817739554f4ed2026cf8022dbd83e351ce1fabc272841d2510a010140b4010dd48a617db09926f729e79c33ae0b4e94b79f04a1ae93ede6315eb3669de185a17d2b0ac9ee09fd4c64b678a0b61a0a86fa888a273c8511be83bfd6810f0247304402202b795e4de72646d76eab3f0ab27dfa30b810e856ff3a46c9a702df53bb0d8cc302203ccc4d822edab5f35caddb10af1be93583526ccfbade4b4ead350781e2f8adcd012102f9308a019258c31049344f85f89d5229b531c845836f99b08601f113bce036f90141a3785919a2ce3c4ce26f298c3d51619bc474ae24014bcdd31328cd8cfbab2eff3395fa0a16fe5f486d12f22a9cedded5ae74feb4bbe5351346508c5405bcfee0020141ea0c6ba90763c2d3a296ad82ba45881abb4f426b3f87af162dd24d5109edc1cdd11915095ba47c3a9963dc1e6c432939872bc49212fe34c632cd3ab9fed429c4820141bbc9584a11074e83bc8c6759ec55401f0ae7b03ef290c3139814f545b58a9f8127258000874f44bc46db7646322107d4d86aec8e73b8719a61fff761d75b5dd9810065cd1d" }, } hex_tx = test["given"]["rawUnsignedTx"] tx_obj = Tx.parse(BytesIO(bytes.fromhex(hex_tx))) self.maxDiff = None self.assertEqual(tx_obj.serialize().hex(), hex_tx) tx_obj.segwit = True for tx_in, utxo in zip(tx_obj.tx_ins, test["given"]["utxosSpent"]): tx_in._value = utxo["amountSats"] tx_in._script_pubkey = Script.parse( BytesIO(encode_varstr(bytes.fromhex(utxo["scriptPubKey"]))) ) shas = test["intermediary"] self.assertEqual(tx_obj.sha_amounts().hex(), shas["hashAmounts"]) self.assertEqual(tx_obj.sha_outputs().hex(), shas["hashOutputs"]) self.assertEqual(tx_obj.sha_prevouts().hex(), shas["hashPrevouts"]) self.assertEqual(tx_obj.sha_script_pubkeys().hex(), shas["hashScriptPubkeys"]) self.assertEqual(tx_obj.sha_sequences().hex(), shas["hashSequences"]) fully_signed = test["auxiliary"]["fullySignedTx"] signed_tx = Tx.parse(BytesIO(bytes.fromhex(fully_signed))) for input_data in test["inputSpending"]: i = input_data["given"]["txinIndex"] secret = big_endian_to_int( bytes.fromhex(input_data["given"]["internalPrivkey"]) ) tx_in = tx_obj.tx_ins[i] private_key = PrivateKey(secret) pubkey = private_key.point hash_type = input_data["given"]["hashType"] self.assertEqual( pubkey.bip340().hex(), input_data["intermediary"]["internalPubkey"] ) mr_hex = input_data["given"]["merkleRoot"] if mr_hex is None: merkle_root = None else: merkle_root = bytes.fromhex(mr_hex) tap_root = TapRoot(pubkey, merkle_root=merkle_root) tweak_want = big_endian_to_int( bytes.fromhex(input_data["intermediary"]["tweak"]) ) self.assertEqual(tap_root.tweak, tweak_want) tweaked_private_key = private_key.tweaked(tap_root.tweak) tweaked_want = big_endian_to_int( bytes.fromhex(input_data["intermediary"]["tweakedPrivkey"]) ) self.assertEqual(tweaked_private_key.secret, tweaked_want) sig_hash_want = input_data["intermediary"]["sigHash"] self.assertEqual( tx_obj.sig_hash_bip341(i, hash_type=hash_type).hex(), sig_hash_want ) tx_obj.sign_input(i, tweaked_private_key, hash_type=hash_type) for j, witness_want in enumerate(input_data["expected"]["witness"]): self.assertEqual(tx_in.witness[j].hex(), witness_want) # the two we can't sign for i in (2, 5): signed_tx.tx_ins[i].script_sig = Script() signed_tx.tx_ins[i].witness = Witness() self.assertEqual(tx_obj.serialize(), signed_tx.serialize())
def compute_coefficient(self, nonce_sums, sig_hash): bytes_to_hash = (nonce_sums[0].sec() + nonce_sums[1].sec() + self.point.bip340() + sig_hash) return big_endian_to_int(hash_musignonce(bytes_to_hash))
def sig_hash_legacy(self, input_index, redeem_script=None, hash_type=SIGHASH_ALL): """Returns the integer representation of the hash that needs to get signed for index input_index""" # consensus bugs related to invalid input indices DEFAULT = 1 << 248 if input_index >= len(self.tx_ins): return DEFAULT elif hash_type & 3 == SIGHASH_SINGLE and input_index >= len( self.tx_outs): return DEFAULT # create the serialization per spec # start with version: int_to_little_endian in 4 bytes s = int_to_little_endian(self.version, 4) # next, how many inputs there are: encode_varint s += encode_varint(len(self.tx_ins)) # loop through each input: for i, tx_in in enumerate(self.tx_ins) for i, tx_in in enumerate(self.tx_ins): sequence = tx_in.sequence # if the input index is the one we're signing if i == input_index: # if the RedeemScript was passed in, that's the ScriptSig if redeem_script: script_sig = redeem_script # otherwise the previous tx's ScriptPubkey is the ScriptSig else: script_sig = tx_in.script_pubkey(self.network) # Otherwise, the ScriptSig is empty else: script_sig = None if hash_type & 3 in (SIGHASH_NONE, SIGHASH_SINGLE): sequence = Sequence(0) # create a TxIn object with the prev_tx, prev_index and sequence # the same as the current tx_in and the script_sig from above new_tx_in = TxIn( prev_tx=tx_in.prev_tx, prev_index=tx_in.prev_index, script_sig=script_sig, sequence=sequence, ) # add the serialization of the TxIn object if hash_type & SIGHASH_ANYONECANPAY: if i == input_index: s += new_tx_in.serialize() else: s += new_tx_in.serialize() # add how many outputs there are using encode_varint s += encode_varint(len(self.tx_outs)) # add the serialization of each output for i, tx_out in enumerate(self.tx_outs): if hash_type & 3 == SIGHASH_NONE: continue elif hash_type & 3 == SIGHASH_SINGLE: if i == input_index: s += tx_out.serialize() break else: s += b"\xff\xff\xff\xff\xff\xff\xff\xff\x00" else: s += tx_out.serialize() # add the locktime using int_to_little_endian in 4 bytes s += self.locktime.serialize() # add SIGHASH_ALL using int_to_little_endian in 4 bytes s += int_to_little_endian(hash_type, 4) # hash256 the serialization h256 = hash256(s) # convert the result to an integer using big_endian_to_int(x) return big_endian_to_int(h256)
def parse(cls, signature_bin): stream = BytesIO(signature_bin) r = S256Point.parse(stream.read(32)) s = big_endian_to_int(stream.read(32)) return cls(r, s)