trezor-firmware/core/src/apps/lisk/sign_tx.py

import ustruct

from trezor import wire
from trezor.crypto.curve import ed25519
from trezor.crypto.hashlib import sha256
from trezor.enums import LiskTransactionType
from trezor.messages import LiskSignedTx
from trezor.utils import HashWriter

from apps.common import paths
from apps.common.keychain import auto_keychain

from . import layout
from .helpers import get_address_from_public_key


@auto_keychain(__name__)
async def sign_tx(ctx, msg, keychain):
    await paths.validate_path(ctx, keychain, msg.address_n)

    pubkey, seckey = _get_keys(keychain, msg)
    transaction = _update_raw_tx(msg.transaction, pubkey)

    try:
        await _require_confirm_by_type(ctx, transaction)
    except AttributeError:
        raise wire.DataError("The transaction has invalid asset data field")

    await layout.require_confirm_fee(ctx, transaction.amount, transaction.fee)

    txbytes = _get_transaction_bytes(transaction)
    txhash = HashWriter(sha256())
    for field in txbytes:
        txhash.extend(field)
    digest = txhash.get_digest()

    signature = ed25519.sign(seckey, digest)

    return LiskSignedTx(signature=signature)


def _get_keys(keychain, msg):
    node = keychain.derive(msg.address_n)

    seckey = node.private_key()
    pubkey = node.public_key()
    pubkey = pubkey[1:]  # skip ed25519 pubkey marker

    return pubkey, seckey


def _update_raw_tx(transaction, pubkey):
    # If device is using for second signature sender_public_key must be exist in transaction
    if not transaction.sender_public_key:
        transaction.sender_public_key = pubkey

    # For CastVotes transactions, recipientId should be equal to transaction
    # creator address.
    if transaction.type == LiskTransactionType.CastVotes:
        if not transaction.recipient_id:
            transaction.recipient_id = get_address_from_public_key(pubkey)

    return transaction


async def _require_confirm_by_type(ctx, transaction):

    if transaction.type == LiskTransactionType.Transfer:
        return await layout.require_confirm_tx(
            ctx, transaction.recipient_id, transaction.amount
        )

    if transaction.type == LiskTransactionType.RegisterDelegate:
        return await layout.require_confirm_delegate_registration(
            ctx, transaction.asset.delegate.username
        )

    if transaction.type == LiskTransactionType.CastVotes:
        return await layout.require_confirm_vote_tx(ctx, transaction.asset.votes)

    if transaction.type == LiskTransactionType.RegisterSecondPassphrase:
        return await layout.require_confirm_public_key(
            ctx, transaction.asset.signature.public_key
        )

    if transaction.type == LiskTransactionType.RegisterMultisignatureAccount:
        return await layout.require_confirm_multisig(
            ctx, transaction.asset.multisignature
        )

    raise wire.DataError("Invalid transaction type")


def _get_transaction_bytes(tx):

    # Required transaction parameters
    t_type = ustruct.pack("<b", tx.type)
    t_timestamp = ustruct.pack("<i", tx.timestamp)
    t_sender_public_key = tx.sender_public_key
    t_requester_public_key = tx.requester_public_key or b""

    if not tx.recipient_id:
        # Value can be empty string
        t_recipient_id = ustruct.pack(">Q", 0)
    else:
        # Lisk uses big-endian for recipient_id, string -> int -> bytes
        t_recipient_id = ustruct.pack(">Q", int(tx.recipient_id[:-1]))

    t_amount = ustruct.pack("<Q", tx.amount)
    t_asset = _get_asset_data_bytes(tx)
    t_signature = tx.signature or b""

    return (
        t_type,
        t_timestamp,
        t_sender_public_key,
        t_requester_public_key,
        t_recipient_id,
        t_amount,
        t_asset,
        t_signature,
    )


def _get_asset_data_bytes(msg):

    if msg.type == LiskTransactionType.Transfer:
        # Transfer transaction have optional data field
        if msg.asset.data is not None:
            return msg.asset.data.encode()
        else:
            return b""

    if msg.type == LiskTransactionType.RegisterDelegate:
        return msg.asset.delegate.username.encode()

    if msg.type == LiskTransactionType.CastVotes:
        return ("".join(msg.asset.votes)).encode()

    if msg.type == LiskTransactionType.RegisterSecondPassphrase:
        return msg.asset.signature.public_key

    if msg.type == LiskTransactionType.RegisterMultisignatureAccount:
        data = b""
        data += ustruct.pack("<b", msg.asset.multisignature.min)
        data += ustruct.pack("<b", msg.asset.multisignature.life_time)
        data += ("".join(msg.asset.multisignature.keys_group)).encode()
        return data

    raise wire.DataError("Invalid transaction type")
app.lisk: code style 6 years ago			`import ustruct`
src: run isort 6 years ago
app.lisk: code style 6 years ago			`from trezor import wire`
			`from trezor.crypto.curve import ed25519`
			`from trezor.crypto.hashlib import sha256`
refactor(core): fix imports and use new protobuf API in apps 3 years ago			`from trezor.enums import LiskTransactionType`
			`from trezor.messages import LiskSignedTx`
app.lisk: Add lisk_sign_tx and layouts 6 years ago			`from trezor.utils import HashWriter`

seed: pass keychain to workflows, add namespaces 6 years ago			`from apps.common import paths`
feat(core): update most apps to use path schemas 4 years ago			`from apps.common.keychain import auto_keychain`
style(core): use relative imports everywhere except Monero, which has a rather complex structure and I don't want to search&replace mess with it in case some of the things break memory layout 4 years ago
feat(core): update most apps to use path schemas 4 years ago			`from . import layout`
			`from .helpers import get_address_from_public_key`
app.lisk: Add lisk_sign_tx and layouts 6 years ago
apps: introduce Keychain API 6 years ago
feat(core): update most apps to use path schemas 4 years ago			`@auto_keychain(__name__)`
seed: pass keychain to workflows, add namespaces 6 years ago			`async def sign_tx(ctx, msg, keychain):`
feat(core): update most apps to use path schemas 4 years ago			`await paths.validate_path(ctx, keychain, msg.address_n)`
coins: validate derivation paths Based on SLIP-44 ids and other checks. See docs/coins/README for info. 6 years ago
apps: introduce Keychain API 6 years ago			`pubkey, seckey = _get_keys(keychain, msg)`
app.lisk: code style 6 years ago			`transaction = _update_raw_tx(msg.transaction, pubkey)`
app.lisk: Add lisk_sign_tx and layouts 6 years ago
			`try:`
app.lisk: code style 6 years ago			`await _require_confirm_by_type(ctx, transaction)`
app.lisk: Add lisk_sign_tx and layouts 6 years ago			`except AttributeError:`
src: run black 6 years ago			`raise wire.DataError("The transaction has invalid asset data field")`
app.lisk: Add lisk_sign_tx and layouts 6 years ago
app.lisk: code style 6 years ago			`await layout.require_confirm_fee(ctx, transaction.amount, transaction.fee)`
app.lisk: Add lisk_sign_tx and layouts 6 years ago
app.lisk: code style 6 years ago			`txbytes = _get_transaction_bytes(transaction)`
utils: simplify HashWriter interface 6 years ago			`txhash = HashWriter(sha256())`
app.lisk: code style 6 years ago			`for field in txbytes:`
			`txhash.extend(field)`
			`digest = txhash.get_digest()`
app.lisk: Add lisk_sign_tx and layouts 6 years ago
app.lisk: code style 6 years ago			`signature = ed25519.sign(seckey, digest)`
app.lisk: Add lisk_sign_tx and layouts 6 years ago
app.lisk: code style 6 years ago			`return LiskSignedTx(signature=signature)`
app.lisk: Add lisk_sign_tx and layouts 6 years ago

apps: introduce Keychain API 6 years ago			`def _get_keys(keychain, msg):`
core: use new keychain decorators where appropriate 4 years ago			`node = keychain.derive(msg.address_n)`
app.lisk: Add lisk_sign_tx and layouts 6 years ago
app.lisk: code style 6 years ago			`seckey = node.private_key()`
			`pubkey = node.public_key()`
			`pubkey = pubkey[1:] # skip ed25519 pubkey marker`
app.lisk: Add lisk_sign_tx and layouts 6 years ago
app.lisk: code style 6 years ago			`return pubkey, seckey`
app.lisk: Add lisk_sign_tx and layouts 6 years ago

app.lisk: code style 6 years ago			`def _update_raw_tx(transaction, pubkey):`
lisk: fix raw transaction fields update 6 years ago			`# If device is using for second signature sender_public_key must be exist in transaction`
			`if not transaction.sender_public_key:`
			`transaction.sender_public_key = pubkey`
app.lisk: code style 6 years ago
			`# For CastVotes transactions, recipientId should be equal to transaction`
			`# creator address.`
			`if transaction.type == LiskTransactionType.CastVotes:`
lisk: fix _update_raw_tx function for second signature calculation (#348) 6 years ago			`if not transaction.recipient_id:`
			`transaction.recipient_id = get_address_from_public_key(pubkey)`
app.lisk: code style 6 years ago
			`return transaction`


			`async def _require_confirm_by_type(ctx, transaction):`

			`if transaction.type == LiskTransactionType.Transfer:`
			`return await layout.require_confirm_tx(`
src: run black 6 years ago			`ctx, transaction.recipient_id, transaction.amount`
			`)`
app.lisk: code style 6 years ago
			`if transaction.type == LiskTransactionType.RegisterDelegate:`
			`return await layout.require_confirm_delegate_registration(`
src: run black 6 years ago			`ctx, transaction.asset.delegate.username`
			`)`
app.lisk: Add lisk_sign_tx and layouts 6 years ago
app.lisk: code style 6 years ago			`if transaction.type == LiskTransactionType.CastVotes:`
src: run black 6 years ago			`return await layout.require_confirm_vote_tx(ctx, transaction.asset.votes)`
app.lisk: Add lisk_sign_tx and layouts 6 years ago
app.lisk: code style 6 years ago			`if transaction.type == LiskTransactionType.RegisterSecondPassphrase:`
			`return await layout.require_confirm_public_key(`
src: run black 6 years ago			`ctx, transaction.asset.signature.public_key`
			`)`
app.lisk: code style 6 years ago
			`if transaction.type == LiskTransactionType.RegisterMultisignatureAccount:`
			`return await layout.require_confirm_multisig(`
src: run black 6 years ago			`ctx, transaction.asset.multisignature`
			`)`
app.lisk: code style 6 years ago
src: run black 6 years ago			`raise wire.DataError("Invalid transaction type")`
app.lisk: code style 6 years ago

			`def _get_transaction_bytes(tx):`

			`# Required transaction parameters`
src: run black 6 years ago			`t_type = ustruct.pack("<b", tx.type)`
			`t_timestamp = ustruct.pack("<i", tx.timestamp)`
app.lisk: code style 6 years ago			`t_sender_public_key = tx.sender_public_key`
src: run black 6 years ago			`t_requester_public_key = tx.requester_public_key or b""`
app.lisk: code style 6 years ago
			`if not tx.recipient_id:`
			`# Value can be empty string`
src: run black 6 years ago			`t_recipient_id = ustruct.pack(">Q", 0)`
app.lisk: Add lisk_sign_tx and layouts 6 years ago			`else:`
app.lisk: code style 6 years ago			`# Lisk uses big-endian for recipient_id, string -> int -> bytes`
src: run black 6 years ago			`t_recipient_id = ustruct.pack(">Q", int(tx.recipient_id[:-1]))`
app.lisk: Add lisk_sign_tx and layouts 6 years ago
src: run black 6 years ago			`t_amount = ustruct.pack("<Q", tx.amount)`
app.lisk: code style 6 years ago			`t_asset = _get_asset_data_bytes(tx)`
src: run black 6 years ago			`t_signature = tx.signature or b""`
app.lisk: Add lisk_sign_tx and layouts 6 years ago
src: run black 6 years ago			`return (`
			`t_type,`
			`t_timestamp,`
			`t_sender_public_key,`
			`t_requester_public_key,`
			`t_recipient_id,`
			`t_amount,`
			`t_asset,`
			`t_signature,`
			`)`
app.lisk: Add lisk_sign_tx and layouts 6 years ago

app.lisk: review improvments 6 years ago			`def _get_asset_data_bytes(msg):`
app.lisk: Add lisk_sign_tx and layouts 6 years ago
app.lisk: code style 6 years ago			`if msg.type == LiskTransactionType.Transfer:`
app.lisk: review improvments 6 years ago			`# Transfer transaction have optional data field`
			`if msg.asset.data is not None:`
src: cleanup "utf8" madness 6 years ago			`return msg.asset.data.encode()`
app.lisk: review improvments 6 years ago			`else:`
src: run black 6 years ago			`return b""`
app.lisk: Add lisk_sign_tx and layouts 6 years ago
app.lisk: code style 6 years ago			`if msg.type == LiskTransactionType.RegisterDelegate:`
src: cleanup "utf8" madness 6 years ago			`return msg.asset.delegate.username.encode()`
app.lisk: Add lisk_sign_tx and layouts 6 years ago
app.lisk: code style 6 years ago			`if msg.type == LiskTransactionType.CastVotes:`
src: cleanup "utf8" madness 6 years ago			`return ("".join(msg.asset.votes)).encode()`
app.lisk: Add lisk_sign_tx and layouts 6 years ago
app.lisk: code style 6 years ago			`if msg.type == LiskTransactionType.RegisterSecondPassphrase:`
app.lisk: review improvments 6 years ago			`return msg.asset.signature.public_key`
app.lisk: Add lisk_sign_tx and layouts 6 years ago
app.lisk: code style 6 years ago			`if msg.type == LiskTransactionType.RegisterMultisignatureAccount:`
src: run black 6 years ago			`data = b""`
			`data += ustruct.pack("<b", msg.asset.multisignature.min)`
			`data += ustruct.pack("<b", msg.asset.multisignature.life_time)`
src: cleanup "utf8" madness 6 years ago			`data += ("".join(msg.asset.multisignature.keys_group)).encode()`
app.lisk: review improvments 6 years ago			`return data`
app.lisk: Add lisk_sign_tx and layouts 6 years ago
src: run black 6 years ago			`raise wire.DataError("Invalid transaction type")`