trezor-firmware/core/src/apps/bitcoin/multisig.py

from trezor import wire
from trezor.crypto import bip32
from trezor.crypto.hashlib import sha256
from trezor.messages.HDNodeType import HDNodeType
from trezor.messages.MultisigRedeemScriptType import MultisigRedeemScriptType
from trezor.utils import HashWriter

from apps.common import paths

from .writers import write_bytes_fixed, write_uint32


def multisig_fingerprint(multisig: MultisigRedeemScriptType) -> bytes:
    if multisig.nodes:
        pubnodes = multisig.nodes
    else:
        pubnodes = [hd.node for hd in multisig.pubkeys]
    m = multisig.m
    n = len(pubnodes)

    if n < 1 or n > 15 or m < 1 or m > 15:
        raise wire.DataError("Invalid multisig parameters")

    for d in pubnodes:
        if len(d.public_key) != 33 or len(d.chain_code) != 32:
            raise wire.DataError("Invalid multisig parameters")

    # casting to bytes(), sorting on bytearray() is not supported in MicroPython
    pubnodes = sorted(pubnodes, key=lambda n: bytes(n.public_key))

    h = HashWriter(sha256())
    write_uint32(h, m)
    write_uint32(h, n)
    for d in pubnodes:
        write_uint32(h, d.depth)
        write_uint32(h, d.fingerprint)
        write_uint32(h, d.child_num)
        write_bytes_fixed(h, d.chain_code, 32)
        write_bytes_fixed(h, d.public_key, 33)

    return h.get_digest()


def validate_multisig(multisig: MultisigRedeemScriptType) -> None:
    if any(paths.is_hardened(n) for n in multisig.address_n):
        raise wire.DataError("Cannot perform hardened derivation from XPUB")
    for hd in multisig.pubkeys:
        if any(paths.is_hardened(n) for n in hd.address_n):
            raise wire.DataError("Cannot perform hardened derivation from XPUB")


def multisig_pubkey_index(multisig: MultisigRedeemScriptType, pubkey: bytes) -> int:
    validate_multisig(multisig)
    if multisig.nodes:
        for i, hd_node in enumerate(multisig.nodes):
            if multisig_get_pubkey(hd_node, multisig.address_n) == pubkey:
                return i
    else:
        for i, hd in enumerate(multisig.pubkeys):
            if multisig_get_pubkey(hd.node, hd.address_n) == pubkey:
                return i
    raise wire.DataError("Pubkey not found in multisig script")


def multisig_get_pubkey(n: HDNodeType, p: paths.Bip32Path) -> bytes:
    node = bip32.HDNode(
        depth=n.depth,
        fingerprint=n.fingerprint,
        child_num=n.child_num,
        chain_code=n.chain_code,
        public_key=n.public_key,
    )
    for i in p:
        node.derive(i, True)
    return node.public_key()


def multisig_get_pubkeys(multisig: MultisigRedeemScriptType) -> list[bytes]:
    validate_multisig(multisig)
    if multisig.nodes:
        return [multisig_get_pubkey(hd, multisig.address_n) for hd in multisig.nodes]
    else:
        return [multisig_get_pubkey(hd.node, hd.address_n) for hd in multisig.pubkeys]


def multisig_get_pubkey_count(multisig: MultisigRedeemScriptType) -> int:
    if multisig.nodes:
        return len(multisig.nodes)
    else:
        return len(multisig.pubkeys)
core/bitcoin: finalize bitcoin refactor - core/bitcoin: move common files to the app's root - core/bitcoin: use require_confirm instead of confirm - core: move bitcoin unrelated functions from 'bitcoin' to a new 'misc' app - core/bitcoin: use relative imports inside the app - core: rename wallet app to bitcoin - core/wallet: replace SigningErrors and the other exception classes with wire.Errors 4 years ago			`from trezor import wire`
singing: multisig 6 years ago			`from trezor.crypto import bip32`
src: run isort 6 years ago			`from trezor.crypto.hashlib import sha256`
src/apps/wallet/sign_tx: implemented simplified API for MultisigRedeemScriptType If address_n is the same for all nodes in the multisig, provide it just once and supply nodes directly (not in the HDNodePathType structure) 5 years ago			`from trezor.messages.HDNodeType import HDNodeType`
src: run isort 6 years ago			`from trezor.messages.MultisigRedeemScriptType import MultisigRedeemScriptType`
core/sign_tx: Consolidate wallet path and multisig fingerprint checking. 4 years ago			`from trezor.utils import HashWriter`
singing: multisig 6 years ago
feat(core/bitcoin): use path schemas 4 years ago			`from apps.common import paths`

core/bitcoin: finalize bitcoin refactor - core/bitcoin: move common files to the app's root - core/bitcoin: use require_confirm instead of confirm - core: move bitcoin unrelated functions from 'bitcoin' to a new 'misc' app - core/bitcoin: use relative imports inside the app - core: rename wallet app to bitcoin - core/wallet: replace SigningErrors and the other exception classes with wire.Errors 4 years ago			`from .writers import write_bytes_fixed, write_uint32`
signing/multisig: change check using multisig fingerprint 6 years ago

			`def multisig_fingerprint(multisig: MultisigRedeemScriptType) -> bytes:`
src/apps/wallet/sign_tx: implemented simplified API for MultisigRedeemScriptType If address_n is the same for all nodes in the multisig, provide it just once and supply nodes directly (not in the HDNodePathType structure) 5 years ago			`if multisig.nodes:`
			`pubnodes = multisig.nodes`
			`else:`
			`pubnodes = [hd.node for hd in multisig.pubkeys]`
signing/multisig: change check using multisig fingerprint 6 years ago			`m = multisig.m`
src/apps/wallet/sign_tx: implemented simplified API for MultisigRedeemScriptType If address_n is the same for all nodes in the multisig, provide it just once and supply nodes directly (not in the HDNodePathType structure) 5 years ago			`n = len(pubnodes)`
signing/multisig: change check using multisig fingerprint 6 years ago
signing/multisig: minor refactoring 6 years ago			`if n < 1 or n > 15 or m < 1 or m > 15:`
core/bitcoin: finalize bitcoin refactor - core/bitcoin: move common files to the app's root - core/bitcoin: use require_confirm instead of confirm - core: move bitcoin unrelated functions from 'bitcoin' to a new 'misc' app - core/bitcoin: use relative imports inside the app - core: rename wallet app to bitcoin - core/wallet: replace SigningErrors and the other exception classes with wire.Errors 4 years ago			`raise wire.DataError("Invalid multisig parameters")`
signing/multisig: change check using multisig fingerprint 6 years ago
src/apps/wallet/sign_tx: implemented simplified API for MultisigRedeemScriptType If address_n is the same for all nodes in the multisig, provide it just once and supply nodes directly (not in the HDNodePathType structure) 5 years ago			`for d in pubnodes:`
signing/multisig: minor refactoring 6 years ago			`if len(d.public_key) != 33 or len(d.chain_code) != 32:`
core/bitcoin: finalize bitcoin refactor - core/bitcoin: move common files to the app's root - core/bitcoin: use require_confirm instead of confirm - core: move bitcoin unrelated functions from 'bitcoin' to a new 'misc' app - core/bitcoin: use relative imports inside the app - core: rename wallet app to bitcoin - core/wallet: replace SigningErrors and the other exception classes with wire.Errors 4 years ago			`raise wire.DataError("Invalid multisig parameters")`
signing/multisig: change check using multisig fingerprint 6 years ago
			`# casting to bytes(), sorting on bytearray() is not supported in MicroPython`
src/apps/wallet/sign_tx: implemented simplified API for MultisigRedeemScriptType If address_n is the same for all nodes in the multisig, provide it just once and supply nodes directly (not in the HDNodePathType structure) 5 years ago			`pubnodes = sorted(pubnodes, key=lambda n: bytes(n.public_key))`
signing/multisig: change check using multisig fingerprint 6 years ago
utils: simplify HashWriter interface 6 years ago			`h = HashWriter(sha256())`
signing/multisig: change check using multisig fingerprint 6 years ago			`write_uint32(h, m)`
			`write_uint32(h, n)`
src/apps/wallet/sign_tx: implemented simplified API for MultisigRedeemScriptType If address_n is the same for all nodes in the multisig, provide it just once and supply nodes directly (not in the HDNodePathType structure) 5 years ago			`for d in pubnodes:`
signing/multisig: change check using multisig fingerprint 6 years ago			`write_uint32(h, d.depth)`
			`write_uint32(h, d.fingerprint)`
			`write_uint32(h, d.child_num)`
core/sign_tx: remove write_bytes_unchecked where appropriate 4 years ago			`write_bytes_fixed(h, d.chain_code, 32)`
			`write_bytes_fixed(h, d.public_key, 33)`
signing/multisig: change check using multisig fingerprint 6 years ago
			`return h.get_digest()`
singing: multisig 6 years ago

feat(core/bitcoin): use path schemas 4 years ago			`def validate_multisig(multisig: MultisigRedeemScriptType) -> None:`
			`if any(paths.is_hardened(n) for n in multisig.address_n):`
			`raise wire.DataError("Cannot perform hardened derivation from XPUB")`
			`for hd in multisig.pubkeys:`
			`if any(paths.is_hardened(n) for n in hd.address_n):`
			`raise wire.DataError("Cannot perform hardened derivation from XPUB")`


signing/multisig: check if pubkey is part of multisig msg 6 years ago			`def multisig_pubkey_index(multisig: MultisigRedeemScriptType, pubkey: bytes) -> int:`
feat(core/bitcoin): use path schemas 4 years ago			`validate_multisig(multisig)`
src/apps/wallet/sign_tx: implemented simplified API for MultisigRedeemScriptType If address_n is the same for all nodes in the multisig, provide it just once and supply nodes directly (not in the HDNodePathType structure) 5 years ago			`if multisig.nodes:`
core: Fix mypy. 4 years ago			`for i, hd_node in enumerate(multisig.nodes):`
			`if multisig_get_pubkey(hd_node, multisig.address_n) == pubkey:`
src/apps/wallet/sign_tx: implemented simplified API for MultisigRedeemScriptType If address_n is the same for all nodes in the multisig, provide it just once and supply nodes directly (not in the HDNodePathType structure) 5 years ago			`return i`
			`else:`
			`for i, hd in enumerate(multisig.pubkeys):`
			`if multisig_get_pubkey(hd.node, hd.address_n) == pubkey:`
			`return i`
core/bitcoin: finalize bitcoin refactor - core/bitcoin: move common files to the app's root - core/bitcoin: use require_confirm instead of confirm - core: move bitcoin unrelated functions from 'bitcoin' to a new 'misc' app - core/bitcoin: use relative imports inside the app - core: rename wallet app to bitcoin - core/wallet: replace SigningErrors and the other exception classes with wire.Errors 4 years ago			`raise wire.DataError("Pubkey not found in multisig script")`
signing/multisig: check if pubkey is part of multisig msg 6 years ago

feat(core/bitcoin): use path schemas 4 years ago			`def multisig_get_pubkey(n: HDNodeType, p: paths.Bip32Path) -> bytes:`
singing: multisig 6 years ago			`node = bip32.HDNode(`
			`depth=n.depth,`
			`fingerprint=n.fingerprint,`
			`child_num=n.child_num,`
			`chain_code=n.chain_code,`
src: run black 6 years ago			`public_key=n.public_key,`
			`)`
singing: multisig 6 years ago			`for i in p:`
			`node.derive(i, True)`
			`return node.public_key()`


style(core): use more recent type annotation syntax https://www.python.org/dev/peps/pep-0585/ - Type Hinting Generics In Standard Collections https://www.python.org/dev/peps/pep-0604/ - Allow writing union types as X \| Y 3 years ago			`def multisig_get_pubkeys(multisig: MultisigRedeemScriptType) -> list[bytes]:`
feat(core/bitcoin): use path schemas 4 years ago			`validate_multisig(multisig)`
src/apps/wallet/sign_tx: implemented simplified API for MultisigRedeemScriptType If address_n is the same for all nodes in the multisig, provide it just once and supply nodes directly (not in the HDNodePathType structure) 5 years ago			`if multisig.nodes:`
src/apps/wallet/sign_tx: fix style 5 years ago			`return [multisig_get_pubkey(hd, multisig.address_n) for hd in multisig.nodes]`
src/apps/wallet/sign_tx: implemented simplified API for MultisigRedeemScriptType If address_n is the same for all nodes in the multisig, provide it just once and supply nodes directly (not in the HDNodePathType structure) 5 years ago			`else:`
			`return [multisig_get_pubkey(hd.node, hd.address_n) for hd in multisig.pubkeys]`


core: Fix typing. 4 years ago			`def multisig_get_pubkey_count(multisig: MultisigRedeemScriptType) -> int:`
src/apps/wallet/sign_tx: implemented simplified API for MultisigRedeemScriptType If address_n is the same for all nodes in the multisig, provide it just once and supply nodes directly (not in the HDNodePathType structure) 5 years ago			`if multisig.nodes:`
			`return len(multisig.nodes)`
			`else:`
src/apps/wallet/sign_tx: fix typo 5 years ago			`return len(multisig.pubkeys)`