2018-06-21 14:28:34 +00:00
|
|
|
# This file is part of the Trezor project.
|
2016-11-25 21:53:55 +00:00
|
|
|
#
|
2019-05-29 16:44:09 +00:00
|
|
|
# Copyright (C) 2012-2019 SatoshiLabs and contributors
|
2016-11-25 21:53:55 +00:00
|
|
|
#
|
|
|
|
# This library is free software: you can redistribute it and/or modify
|
2018-06-21 14:28:34 +00:00
|
|
|
# it under the terms of the GNU Lesser General Public License version 3
|
|
|
|
# as published by the Free Software Foundation.
|
2016-11-25 21:53:55 +00:00
|
|
|
#
|
|
|
|
# This library is distributed in the hope that it will be useful,
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
# GNU Lesser General Public License for more details.
|
|
|
|
#
|
2018-06-21 14:28:34 +00:00
|
|
|
# You should have received a copy of the License along with this library.
|
|
|
|
# If not, see <https://www.gnu.org/licenses/lgpl-3.0.html>.
|
2016-11-25 21:53:55 +00:00
|
|
|
|
2018-08-06 14:15:44 +00:00
|
|
|
import functools
|
2014-01-14 13:29:18 +00:00
|
|
|
import hashlib
|
2018-08-21 13:58:26 +00:00
|
|
|
import re
|
2016-06-27 21:17:20 +00:00
|
|
|
import struct
|
2018-05-21 12:28:53 +00:00
|
|
|
import unicodedata
|
2018-08-13 16:21:24 +00:00
|
|
|
from typing import List, NewType
|
2018-04-18 13:00:59 +00:00
|
|
|
|
|
|
|
HARDENED_FLAG = 1 << 31
|
|
|
|
|
2018-08-13 16:21:24 +00:00
|
|
|
Address = NewType("Address", List[int])
|
2018-04-18 13:00:59 +00:00
|
|
|
|
|
|
|
|
|
|
|
def H_(x: int) -> int:
|
|
|
|
"""
|
|
|
|
Shortcut function that "hardens" a number in a BIP44 path.
|
|
|
|
"""
|
|
|
|
return x | HARDENED_FLAG
|
2014-01-14 13:29:18 +00:00
|
|
|
|
2017-06-23 19:31:42 +00:00
|
|
|
|
2018-04-20 15:23:43 +00:00
|
|
|
def btc_hash(data):
|
|
|
|
"""
|
|
|
|
Double-SHA256 hash as used in BTC
|
|
|
|
"""
|
2017-06-23 19:31:42 +00:00
|
|
|
return hashlib.sha256(hashlib.sha256(data).digest()).digest()
|
|
|
|
|
2014-01-14 13:29:18 +00:00
|
|
|
|
2020-05-13 09:36:03 +00:00
|
|
|
def tx_hash(data):
|
|
|
|
"""Calculate and return double-SHA256 hash in reverse order.
|
|
|
|
|
|
|
|
This is what Bitcoin uses as txids.
|
|
|
|
"""
|
|
|
|
return btc_hash(data)[::-1]
|
|
|
|
|
|
|
|
|
2014-01-14 13:29:18 +00:00
|
|
|
def hash_160(public_key):
|
2018-08-13 16:21:24 +00:00
|
|
|
md = hashlib.new("ripemd160")
|
2014-01-14 13:29:18 +00:00
|
|
|
md.update(hashlib.sha256(public_key).digest())
|
|
|
|
return md.digest()
|
|
|
|
|
|
|
|
|
|
|
|
def hash_160_to_bc_address(h160, address_type):
|
2018-08-13 16:21:24 +00:00
|
|
|
vh160 = struct.pack("<B", address_type) + h160
|
2018-04-20 15:23:43 +00:00
|
|
|
h = btc_hash(vh160)
|
2014-01-14 13:29:18 +00:00
|
|
|
addr = vh160 + h[0:4]
|
|
|
|
return b58encode(addr)
|
|
|
|
|
2017-06-23 19:31:42 +00:00
|
|
|
|
2014-01-14 13:29:18 +00:00
|
|
|
def compress_pubkey(public_key):
|
2018-02-27 15:30:32 +00:00
|
|
|
if public_key[0] == 4:
|
|
|
|
return bytes((public_key[64] & 1) + 2) + public_key[1:33]
|
2017-11-06 10:09:54 +00:00
|
|
|
raise ValueError("Pubkey is already compressed")
|
2014-01-14 13:29:18 +00:00
|
|
|
|
2017-06-23 19:31:42 +00:00
|
|
|
|
2014-01-14 13:29:18 +00:00
|
|
|
def public_key_to_bc_address(public_key, address_type, compress=True):
|
2018-08-13 16:21:24 +00:00
|
|
|
if public_key[0] == "\x04" and compress:
|
2014-01-14 13:29:18 +00:00
|
|
|
public_key = compress_pubkey(public_key)
|
|
|
|
|
|
|
|
h160 = hash_160(public_key)
|
|
|
|
return hash_160_to_bc_address(h160, address_type)
|
|
|
|
|
2017-06-23 19:31:42 +00:00
|
|
|
|
2018-08-13 16:21:24 +00:00
|
|
|
__b58chars = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"
|
2013-12-30 22:34:56 +00:00
|
|
|
__b58base = len(__b58chars)
|
|
|
|
|
2017-06-23 19:31:42 +00:00
|
|
|
|
2013-12-30 22:34:56 +00:00
|
|
|
def b58encode(v):
|
|
|
|
""" encode v, which is a string of bytes, to base58."""
|
|
|
|
|
2016-05-05 02:57:14 +00:00
|
|
|
long_value = 0
|
2018-02-28 16:00:16 +00:00
|
|
|
for c in v:
|
2016-06-27 21:17:20 +00:00
|
|
|
long_value = long_value * 256 + c
|
2013-12-30 22:34:56 +00:00
|
|
|
|
2018-08-13 16:21:24 +00:00
|
|
|
result = ""
|
2013-12-30 22:34:56 +00:00
|
|
|
while long_value >= __b58base:
|
|
|
|
div, mod = divmod(long_value, __b58base)
|
|
|
|
result = __b58chars[mod] + result
|
|
|
|
long_value = div
|
|
|
|
result = __b58chars[long_value] + result
|
|
|
|
|
|
|
|
# Bitcoin does a little leading-zero-compression:
|
|
|
|
# leading 0-bytes in the input become leading-1s
|
|
|
|
nPad = 0
|
2018-02-28 16:00:16 +00:00
|
|
|
for c in v:
|
2016-06-27 21:17:20 +00:00
|
|
|
if c == 0:
|
2013-12-30 22:34:56 +00:00
|
|
|
nPad += 1
|
|
|
|
else:
|
|
|
|
break
|
|
|
|
|
|
|
|
return (__b58chars[0] * nPad) + result
|
|
|
|
|
2017-06-23 19:31:42 +00:00
|
|
|
|
2018-11-02 16:06:04 +00:00
|
|
|
def b58decode(v, length=None):
|
2013-12-30 22:34:56 +00:00
|
|
|
""" decode v into a string of len bytes."""
|
2018-11-02 16:06:04 +00:00
|
|
|
if isinstance(v, bytes):
|
|
|
|
v = v.decode()
|
|
|
|
|
2019-01-23 10:34:41 +00:00
|
|
|
for c in v:
|
|
|
|
if c not in __b58chars:
|
|
|
|
raise ValueError("invalid Base58 string")
|
|
|
|
|
2016-05-05 02:57:14 +00:00
|
|
|
long_value = 0
|
2013-12-30 22:34:56 +00:00
|
|
|
for (i, c) in enumerate(v[::-1]):
|
|
|
|
long_value += __b58chars.find(c) * (__b58base ** i)
|
|
|
|
|
2018-08-13 16:21:24 +00:00
|
|
|
result = b""
|
2013-12-30 22:34:56 +00:00
|
|
|
while long_value >= 256:
|
|
|
|
div, mod = divmod(long_value, 256)
|
2018-08-13 16:21:24 +00:00
|
|
|
result = struct.pack("B", mod) + result
|
2013-12-30 22:34:56 +00:00
|
|
|
long_value = div
|
2018-08-13 16:21:24 +00:00
|
|
|
result = struct.pack("B", long_value) + result
|
2013-12-30 22:34:56 +00:00
|
|
|
|
|
|
|
nPad = 0
|
|
|
|
for c in v:
|
|
|
|
if c == __b58chars[0]:
|
|
|
|
nPad += 1
|
|
|
|
else:
|
|
|
|
break
|
|
|
|
|
2018-08-13 16:21:24 +00:00
|
|
|
result = b"\x00" * nPad + result
|
2013-12-30 22:34:56 +00:00
|
|
|
if length is not None and len(result) != length:
|
|
|
|
return None
|
|
|
|
|
2016-06-27 21:17:20 +00:00
|
|
|
return result
|
2018-04-18 13:00:59 +00:00
|
|
|
|
|
|
|
|
2018-11-02 16:06:04 +00:00
|
|
|
def b58check_encode(v):
|
|
|
|
checksum = btc_hash(v)[:4]
|
|
|
|
return b58encode(v + checksum)
|
|
|
|
|
|
|
|
|
|
|
|
def b58check_decode(v, length=None):
|
|
|
|
dec = b58decode(v, length)
|
|
|
|
data, checksum = dec[:-4], dec[-4:]
|
|
|
|
if btc_hash(data)[:4] != checksum:
|
|
|
|
raise ValueError("invalid checksum")
|
|
|
|
return data
|
|
|
|
|
|
|
|
|
2018-04-18 13:00:59 +00:00
|
|
|
def parse_path(nstr: str) -> Address:
|
|
|
|
"""
|
|
|
|
Convert BIP32 path string to list of uint32 integers with hardened flags.
|
|
|
|
Several conventions are supported to set the hardened flag: -1, 1', 1h
|
|
|
|
|
|
|
|
e.g.: "0/1h/1" -> [0, 0x80000001, 1]
|
|
|
|
|
|
|
|
:param nstr: path string
|
|
|
|
:return: list of integers
|
|
|
|
"""
|
|
|
|
if not nstr:
|
|
|
|
return []
|
|
|
|
|
2018-08-13 16:21:24 +00:00
|
|
|
n = nstr.split("/")
|
2018-04-18 13:00:59 +00:00
|
|
|
|
|
|
|
# m/a/b/c => a/b/c
|
2018-08-13 16:21:24 +00:00
|
|
|
if n[0] == "m":
|
2018-04-18 13:00:59 +00:00
|
|
|
n = n[1:]
|
|
|
|
|
|
|
|
def str_to_harden(x: str) -> int:
|
2018-08-13 16:21:24 +00:00
|
|
|
if x.startswith("-"):
|
2018-04-18 13:00:59 +00:00
|
|
|
return H_(abs(int(x)))
|
2018-08-13 16:21:24 +00:00
|
|
|
elif x.endswith(("h", "'")):
|
2018-04-18 13:00:59 +00:00
|
|
|
return H_(int(x[:-1]))
|
|
|
|
else:
|
|
|
|
return int(x)
|
|
|
|
|
|
|
|
try:
|
2018-06-25 15:51:09 +00:00
|
|
|
return [str_to_harden(x) for x in n]
|
2020-03-04 12:38:33 +00:00
|
|
|
except Exception as e:
|
|
|
|
raise ValueError("Invalid BIP32 path", nstr) from e
|
2018-05-21 12:28:53 +00:00
|
|
|
|
|
|
|
|
|
|
|
def normalize_nfc(txt):
|
2018-08-13 16:21:24 +00:00
|
|
|
"""
|
2018-05-21 12:28:53 +00:00
|
|
|
Normalize message to NFC and return bytes suitable for protobuf.
|
|
|
|
This seems to be bitcoin-qt standard of doing things.
|
2018-08-13 16:21:24 +00:00
|
|
|
"""
|
2018-05-21 12:28:53 +00:00
|
|
|
if isinstance(txt, bytes):
|
2018-09-06 14:21:15 +00:00
|
|
|
txt = txt.decode()
|
|
|
|
return unicodedata.normalize("NFC", txt).encode()
|
2018-05-21 12:28:53 +00:00
|
|
|
|
|
|
|
|
|
|
|
class expect:
|
|
|
|
# Decorator checks if the method
|
|
|
|
# returned one of expected protobuf messages
|
|
|
|
# or raises an exception
|
2018-06-25 15:51:09 +00:00
|
|
|
def __init__(self, expected, field=None):
|
2018-05-21 12:28:53 +00:00
|
|
|
self.expected = expected
|
2018-06-25 15:51:09 +00:00
|
|
|
self.field = field
|
2018-05-21 12:28:53 +00:00
|
|
|
|
|
|
|
def __call__(self, f):
|
|
|
|
@functools.wraps(f)
|
|
|
|
def wrapped_f(*args, **kwargs):
|
2018-10-02 15:18:13 +00:00
|
|
|
__tracebackhide__ = True # for pytest # pylint: disable=W0612
|
2018-05-21 12:28:53 +00:00
|
|
|
ret = f(*args, **kwargs)
|
|
|
|
if not isinstance(ret, self.expected):
|
2018-08-13 16:21:24 +00:00
|
|
|
raise RuntimeError(
|
|
|
|
"Got %s, expected %s" % (ret.__class__, self.expected)
|
|
|
|
)
|
2018-06-25 15:51:09 +00:00
|
|
|
if self.field is not None:
|
|
|
|
return getattr(ret, self.field)
|
|
|
|
else:
|
|
|
|
return ret
|
|
|
|
|
2018-05-21 12:28:53 +00:00
|
|
|
return wrapped_f
|
|
|
|
|
|
|
|
|
|
|
|
def session(f):
|
|
|
|
# Decorator wraps a BaseClient method
|
|
|
|
# with session activation / deactivation
|
|
|
|
@functools.wraps(f)
|
trezorlib: transport/protocol reshuffle
This commit breaks session handling (which matters with Bridge) and
regresses Bridge to an older code state. Both of these issues will be
rectified in subsequent commits.
Explanation of this big API reshuffle follows:
* protocols are moved to trezorlib.transport, and to a single common file.
* there is a cleaner definition of Transport and Protocol API (see below)
* fully valid mypy type hinting
* session handle counters and open handle counters mostly went away. Transports
and Protocols are meant to be "raw" APIs; TrezorClient will implement
context-handler-based sessions, session tracking, etc.
I'm calling this a "reshuffle" because it involved very small number of
code changes. Most of it is moving things around where they sit better.
The API changes are as follows.
Transport is now a thing that can:
* open and close sessions
* read and write protobuf messages
* enumerate and find devices
Some transports (all except bridge) are technically bytes-based and need
a separate protocol implementation (because we have two existing protocols,
although only the first one is actually used). Hence a protocol superclass.
Protocol is a thing that *also* can:
* open and close sessions
* read and write protobuf messages
For that, it requires a `handle`.
Handle is a physical layer for a protocol. It can:
* open and close some sort of device connection
(this is distinct from session! Connection is a channel over which you can
send data. Session is a logical arrangement on top of that; you can have
multiple sessions on a single connection.)
* read and write 64-byte chunks of data
With that, we introduce ProtocolBasedTransport, which simply delegates
the appropriate Transport functionality to respective Protocol methods.
hid and webusb transports are ProtocolBasedTransport-s that provide separate
device handles. HidHandle and WebUsbHandle existed before, but the distinction
of functionality between a Transport and its Handle was unclear. Some methods
were moved and now the handles implement the Handle API, while the transports
provide the enumeration parts of the Transport API, as well as glue between
the respective Protocols and Handles.
udp transport is also a ProtocolBasedTransport, but it acts as its own handle.
(That might be changed. For now, I went with the pre-existing structure.)
In addition, session_begin/end is renamed to begin/end_session to keep
consistent verb_noun naming.
2018-11-08 14:24:28 +00:00
|
|
|
def wrapped_f(client, *args, **kwargs):
|
2018-08-13 16:21:24 +00:00
|
|
|
__tracebackhide__ = True # for pytest # pylint: disable=W0612
|
2018-11-08 17:08:02 +00:00
|
|
|
client.open()
|
2018-05-21 12:28:53 +00:00
|
|
|
try:
|
trezorlib: transport/protocol reshuffle
This commit breaks session handling (which matters with Bridge) and
regresses Bridge to an older code state. Both of these issues will be
rectified in subsequent commits.
Explanation of this big API reshuffle follows:
* protocols are moved to trezorlib.transport, and to a single common file.
* there is a cleaner definition of Transport and Protocol API (see below)
* fully valid mypy type hinting
* session handle counters and open handle counters mostly went away. Transports
and Protocols are meant to be "raw" APIs; TrezorClient will implement
context-handler-based sessions, session tracking, etc.
I'm calling this a "reshuffle" because it involved very small number of
code changes. Most of it is moving things around where they sit better.
The API changes are as follows.
Transport is now a thing that can:
* open and close sessions
* read and write protobuf messages
* enumerate and find devices
Some transports (all except bridge) are technically bytes-based and need
a separate protocol implementation (because we have two existing protocols,
although only the first one is actually used). Hence a protocol superclass.
Protocol is a thing that *also* can:
* open and close sessions
* read and write protobuf messages
For that, it requires a `handle`.
Handle is a physical layer for a protocol. It can:
* open and close some sort of device connection
(this is distinct from session! Connection is a channel over which you can
send data. Session is a logical arrangement on top of that; you can have
multiple sessions on a single connection.)
* read and write 64-byte chunks of data
With that, we introduce ProtocolBasedTransport, which simply delegates
the appropriate Transport functionality to respective Protocol methods.
hid and webusb transports are ProtocolBasedTransport-s that provide separate
device handles. HidHandle and WebUsbHandle existed before, but the distinction
of functionality between a Transport and its Handle was unclear. Some methods
were moved and now the handles implement the Handle API, while the transports
provide the enumeration parts of the Transport API, as well as glue between
the respective Protocols and Handles.
udp transport is also a ProtocolBasedTransport, but it acts as its own handle.
(That might be changed. For now, I went with the pre-existing structure.)
In addition, session_begin/end is renamed to begin/end_session to keep
consistent verb_noun naming.
2018-11-08 14:24:28 +00:00
|
|
|
return f(client, *args, **kwargs)
|
2018-05-21 12:28:53 +00:00
|
|
|
finally:
|
2018-11-08 17:08:02 +00:00
|
|
|
client.close()
|
2018-08-13 16:21:24 +00:00
|
|
|
|
2018-05-21 12:28:53 +00:00
|
|
|
return wrapped_f
|
2018-08-21 13:58:26 +00:00
|
|
|
|
|
|
|
|
|
|
|
# de-camelcasifier
|
|
|
|
# https://stackoverflow.com/a/1176023/222189
|
|
|
|
|
|
|
|
FIRST_CAP_RE = re.compile("(.)([A-Z][a-z]+)")
|
|
|
|
ALL_CAP_RE = re.compile("([a-z0-9])([A-Z])")
|
|
|
|
|
|
|
|
|
|
|
|
def from_camelcase(s):
|
|
|
|
s = FIRST_CAP_RE.sub(r"\1_\2", s)
|
|
|
|
return ALL_CAP_RE.sub(r"\1_\2", s).lower()
|
|
|
|
|
|
|
|
|
|
|
|
def dict_from_camelcase(d, renames=None):
|
|
|
|
if not isinstance(d, dict):
|
|
|
|
return d
|
|
|
|
|
|
|
|
if renames is None:
|
|
|
|
renames = {}
|
|
|
|
|
|
|
|
res = {}
|
|
|
|
for key, value in d.items():
|
|
|
|
newkey = from_camelcase(key)
|
|
|
|
renamed_key = renames.get(newkey) or renames.get(key)
|
|
|
|
if renamed_key:
|
|
|
|
newkey = renamed_key
|
|
|
|
|
|
|
|
if isinstance(value, list):
|
|
|
|
res[newkey] = [dict_from_camelcase(v, renames) for v in value]
|
|
|
|
else:
|
|
|
|
res[newkey] = dict_from_camelcase(value, renames)
|
|
|
|
|
|
|
|
return res
|
2021-02-05 16:46:02 +00:00
|
|
|
|
|
|
|
|
|
|
|
# adapted from https://github.com/bitcoin-core/HWI/blob/master/hwilib/descriptor.py
|
|
|
|
|
|
|
|
|
|
|
|
def descriptor_checksum(desc: str) -> str:
|
|
|
|
def _polymod(c: int, val: int) -> int:
|
|
|
|
c0 = c >> 35
|
|
|
|
c = ((c & 0x7FFFFFFFF) << 5) ^ val
|
|
|
|
if c0 & 1:
|
|
|
|
c ^= 0xF5DEE51989
|
|
|
|
if c0 & 2:
|
|
|
|
c ^= 0xA9FDCA3312
|
|
|
|
if c0 & 4:
|
|
|
|
c ^= 0x1BAB10E32D
|
|
|
|
if c0 & 8:
|
|
|
|
c ^= 0x3706B1677A
|
|
|
|
if c0 & 16:
|
|
|
|
c ^= 0x644D626FFD
|
|
|
|
return c
|
|
|
|
|
|
|
|
INPUT_CHARSET = "0123456789()[],'/*abcdefgh@:$%{}IJKLMNOPQRSTUVWXYZ&+-.;<=>?!^_|~ijklmnopqrstuvwxyzABCDEFGH`#\"\\ "
|
|
|
|
CHECKSUM_CHARSET = "qpzry9x8gf2tvdw0s3jn54khce6mua7l"
|
|
|
|
|
|
|
|
c = 1
|
|
|
|
cls = 0
|
|
|
|
clscount = 0
|
|
|
|
for ch in desc:
|
|
|
|
pos = INPUT_CHARSET.find(ch)
|
|
|
|
if pos == -1:
|
|
|
|
return ""
|
|
|
|
c = _polymod(c, pos & 31)
|
|
|
|
cls = cls * 3 + (pos >> 5)
|
|
|
|
clscount += 1
|
|
|
|
if clscount == 3:
|
|
|
|
c = _polymod(c, cls)
|
|
|
|
cls = 0
|
|
|
|
clscount = 0
|
|
|
|
if clscount > 0:
|
|
|
|
c = _polymod(c, cls)
|
|
|
|
for j in range(0, 8):
|
|
|
|
c = _polymod(c, 0)
|
|
|
|
c ^= 1
|
|
|
|
|
|
|
|
ret = [""] * 8
|
|
|
|
for j in range(0, 8):
|
|
|
|
ret[j] = CHECKSUM_CHARSET[(c >> (5 * (7 - j))) & 31]
|
|
|
|
return "".join(ret)
|