trezor-firmware/core/src/apps/bitcoin/multisig.py

from trezor import wire
from trezor.crypto import bip32
from trezor.crypto.hashlib import sha256
from trezor.messages.HDNodeType import HDNodeType
from trezor.messages.MultisigRedeemScriptType import MultisigRedeemScriptType
from trezor.utils import HashWriter

from apps.common import paths

from .writers import write_bytes_fixed, write_uint32

if False:
    from typing import List


def multisig_fingerprint(multisig: MultisigRedeemScriptType) -> bytes:
    if multisig.nodes:
        pubnodes = multisig.nodes
    else:
        pubnodes = [hd.node for hd in multisig.pubkeys]
    m = multisig.m
    n = len(pubnodes)

    if n < 1 or n > 15 or m < 1 or m > 15:
        raise wire.DataError("Invalid multisig parameters")

    for d in pubnodes:
        if len(d.public_key) != 33 or len(d.chain_code) != 32:
            raise wire.DataError("Invalid multisig parameters")

    # casting to bytes(), sorting on bytearray() is not supported in MicroPython
    pubnodes = sorted(pubnodes, key=lambda n: bytes(n.public_key))

    h = HashWriter(sha256())
    write_uint32(h, m)
    write_uint32(h, n)
    for d in pubnodes:
        write_uint32(h, d.depth)
        write_uint32(h, d.fingerprint)
        write_uint32(h, d.child_num)
        write_bytes_fixed(h, d.chain_code, 32)
        write_bytes_fixed(h, d.public_key, 33)

    return h.get_digest()


def validate_multisig(multisig: MultisigRedeemScriptType) -> None:
    if any(paths.is_hardened(n) for n in multisig.address_n):
        raise wire.DataError("Cannot perform hardened derivation from XPUB")
    for hd in multisig.pubkeys:
        if any(paths.is_hardened(n) for n in hd.address_n):
            raise wire.DataError("Cannot perform hardened derivation from XPUB")


def multisig_pubkey_index(multisig: MultisigRedeemScriptType, pubkey: bytes) -> int:
    validate_multisig(multisig)
    if multisig.nodes:
        for i, hd_node in enumerate(multisig.nodes):
            if multisig_get_pubkey(hd_node, multisig.address_n) == pubkey:
                return i
    else:
        for i, hd in enumerate(multisig.pubkeys):
            if multisig_get_pubkey(hd.node, hd.address_n) == pubkey:
                return i
    raise wire.DataError("Pubkey not found in multisig script")


def multisig_get_pubkey(n: HDNodeType, p: paths.Bip32Path) -> bytes:
    node = bip32.HDNode(
        depth=n.depth,
        fingerprint=n.fingerprint,
        child_num=n.child_num,
        chain_code=n.chain_code,
        public_key=n.public_key,
    )
    for i in p:
        node.derive(i, True)
    return node.public_key()


def multisig_get_pubkeys(multisig: MultisigRedeemScriptType) -> List[bytes]:
    validate_multisig(multisig)
    if multisig.nodes:
        return [multisig_get_pubkey(hd, multisig.address_n) for hd in multisig.nodes]
    else:
        return [multisig_get_pubkey(hd.node, hd.address_n) for hd in multisig.pubkeys]


def multisig_get_pubkey_count(multisig: MultisigRedeemScriptType) -> int:
    if multisig.nodes:
        return len(multisig.nodes)
    else:
        return len(multisig.pubkeys)
core/bitcoin: finalize bitcoin refactor - core/bitcoin: move common files to the app's root - core/bitcoin: use require_confirm instead of confirm - core: move bitcoin unrelated functions from 'bitcoin' to a new 'misc' app - core/bitcoin: use relative imports inside the app - core: rename wallet app to bitcoin - core/wallet: replace SigningErrors and the other exception classes with wire.Errors 2020-05-15 18:35:09 +00:00			`from trezor import wire`
singing: multisig 2018-01-29 13:41:56 +00:00			`from trezor.crypto import bip32`
src: run isort 2018-07-03 14:20:26 +00:00			`from trezor.crypto.hashlib import sha256`
src/apps/wallet/sign_tx: implemented simplified API for MultisigRedeemScriptType If address_n is the same for all nodes in the multisig, provide it just once and supply nodes directly (not in the HDNodePathType structure) 2019-02-04 00:15:13 +00:00			`from trezor.messages.HDNodeType import HDNodeType`
src: run isort 2018-07-03 14:20:26 +00:00			`from trezor.messages.MultisigRedeemScriptType import MultisigRedeemScriptType`
core/sign_tx: Consolidate wallet path and multisig fingerprint checking. 2020-04-15 15:16:20 +00:00			`from trezor.utils import HashWriter`
singing: multisig 2018-01-29 13:41:56 +00:00
feat(core/bitcoin): use path schemas 2020-07-23 11:58:19 +00:00			`from apps.common import paths`

core/bitcoin: finalize bitcoin refactor - core/bitcoin: move common files to the app's root - core/bitcoin: use require_confirm instead of confirm - core: move bitcoin unrelated functions from 'bitcoin' to a new 'misc' app - core/bitcoin: use relative imports inside the app - core: rename wallet app to bitcoin - core/wallet: replace SigningErrors and the other exception classes with wire.Errors 2020-05-15 18:35:09 +00:00			`from .writers import write_bytes_fixed, write_uint32`
signing/multisig: change check using multisig fingerprint 2018-02-08 12:14:36 +00:00
core: Fix typing. 2020-04-07 07:39:11 +00:00			`if False:`
core/sign_tx: Consolidate wallet path and multisig fingerprint checking. 2020-04-15 15:16:20 +00:00			`from typing import List`
core: Fix typing. 2020-04-07 07:39:11 +00:00
signing/multisig: change check using multisig fingerprint 2018-02-08 12:14:36 +00:00
			`def multisig_fingerprint(multisig: MultisigRedeemScriptType) -> bytes:`
src/apps/wallet/sign_tx: implemented simplified API for MultisigRedeemScriptType If address_n is the same for all nodes in the multisig, provide it just once and supply nodes directly (not in the HDNodePathType structure) 2019-02-04 00:15:13 +00:00			`if multisig.nodes:`
			`pubnodes = multisig.nodes`
			`else:`
			`pubnodes = [hd.node for hd in multisig.pubkeys]`
signing/multisig: change check using multisig fingerprint 2018-02-08 12:14:36 +00:00			`m = multisig.m`
src/apps/wallet/sign_tx: implemented simplified API for MultisigRedeemScriptType If address_n is the same for all nodes in the multisig, provide it just once and supply nodes directly (not in the HDNodePathType structure) 2019-02-04 00:15:13 +00:00			`n = len(pubnodes)`
signing/multisig: change check using multisig fingerprint 2018-02-08 12:14:36 +00:00
signing/multisig: minor refactoring 2018-02-23 18:55:28 +00:00			`if n < 1 or n > 15 or m < 1 or m > 15:`
core/bitcoin: finalize bitcoin refactor - core/bitcoin: move common files to the app's root - core/bitcoin: use require_confirm instead of confirm - core: move bitcoin unrelated functions from 'bitcoin' to a new 'misc' app - core/bitcoin: use relative imports inside the app - core: rename wallet app to bitcoin - core/wallet: replace SigningErrors and the other exception classes with wire.Errors 2020-05-15 18:35:09 +00:00			`raise wire.DataError("Invalid multisig parameters")`
signing/multisig: change check using multisig fingerprint 2018-02-08 12:14:36 +00:00
src/apps/wallet/sign_tx: implemented simplified API for MultisigRedeemScriptType If address_n is the same for all nodes in the multisig, provide it just once and supply nodes directly (not in the HDNodePathType structure) 2019-02-04 00:15:13 +00:00			`for d in pubnodes:`
signing/multisig: minor refactoring 2018-02-23 18:55:28 +00:00			`if len(d.public_key) != 33 or len(d.chain_code) != 32:`
core/bitcoin: finalize bitcoin refactor - core/bitcoin: move common files to the app's root - core/bitcoin: use require_confirm instead of confirm - core: move bitcoin unrelated functions from 'bitcoin' to a new 'misc' app - core/bitcoin: use relative imports inside the app - core: rename wallet app to bitcoin - core/wallet: replace SigningErrors and the other exception classes with wire.Errors 2020-05-15 18:35:09 +00:00			`raise wire.DataError("Invalid multisig parameters")`
signing/multisig: change check using multisig fingerprint 2018-02-08 12:14:36 +00:00
			`# casting to bytes(), sorting on bytearray() is not supported in MicroPython`
src/apps/wallet/sign_tx: implemented simplified API for MultisigRedeemScriptType If address_n is the same for all nodes in the multisig, provide it just once and supply nodes directly (not in the HDNodePathType structure) 2019-02-04 00:15:13 +00:00			`pubnodes = sorted(pubnodes, key=lambda n: bytes(n.public_key))`
signing/multisig: change check using multisig fingerprint 2018-02-08 12:14:36 +00:00
utils: simplify HashWriter interface 2018-10-30 14:48:26 +00:00			`h = HashWriter(sha256())`
signing/multisig: change check using multisig fingerprint 2018-02-08 12:14:36 +00:00			`write_uint32(h, m)`
			`write_uint32(h, n)`
src/apps/wallet/sign_tx: implemented simplified API for MultisigRedeemScriptType If address_n is the same for all nodes in the multisig, provide it just once and supply nodes directly (not in the HDNodePathType structure) 2019-02-04 00:15:13 +00:00			`for d in pubnodes:`
signing/multisig: change check using multisig fingerprint 2018-02-08 12:14:36 +00:00			`write_uint32(h, d.depth)`
			`write_uint32(h, d.fingerprint)`
			`write_uint32(h, d.child_num)`
core/sign_tx: remove write_bytes_unchecked where appropriate 2020-03-16 11:42:19 +00:00			`write_bytes_fixed(h, d.chain_code, 32)`
			`write_bytes_fixed(h, d.public_key, 33)`
signing/multisig: change check using multisig fingerprint 2018-02-08 12:14:36 +00:00
			`return h.get_digest()`
singing: multisig 2018-01-29 13:41:56 +00:00

feat(core/bitcoin): use path schemas 2020-07-23 11:58:19 +00:00			`def validate_multisig(multisig: MultisigRedeemScriptType) -> None:`
			`if any(paths.is_hardened(n) for n in multisig.address_n):`
			`raise wire.DataError("Cannot perform hardened derivation from XPUB")`
			`for hd in multisig.pubkeys:`
			`if any(paths.is_hardened(n) for n in hd.address_n):`
			`raise wire.DataError("Cannot perform hardened derivation from XPUB")`


signing/multisig: check if pubkey is part of multisig msg 2018-01-31 11:48:18 +00:00			`def multisig_pubkey_index(multisig: MultisigRedeemScriptType, pubkey: bytes) -> int:`
feat(core/bitcoin): use path schemas 2020-07-23 11:58:19 +00:00			`validate_multisig(multisig)`
src/apps/wallet/sign_tx: implemented simplified API for MultisigRedeemScriptType If address_n is the same for all nodes in the multisig, provide it just once and supply nodes directly (not in the HDNodePathType structure) 2019-02-04 00:15:13 +00:00			`if multisig.nodes:`
core: Fix mypy. 2020-04-08 15:37:40 +00:00			`for i, hd_node in enumerate(multisig.nodes):`
			`if multisig_get_pubkey(hd_node, multisig.address_n) == pubkey:`
src/apps/wallet/sign_tx: implemented simplified API for MultisigRedeemScriptType If address_n is the same for all nodes in the multisig, provide it just once and supply nodes directly (not in the HDNodePathType structure) 2019-02-04 00:15:13 +00:00			`return i`
			`else:`
			`for i, hd in enumerate(multisig.pubkeys):`
			`if multisig_get_pubkey(hd.node, hd.address_n) == pubkey:`
			`return i`
core/bitcoin: finalize bitcoin refactor - core/bitcoin: move common files to the app's root - core/bitcoin: use require_confirm instead of confirm - core: move bitcoin unrelated functions from 'bitcoin' to a new 'misc' app - core/bitcoin: use relative imports inside the app - core: rename wallet app to bitcoin - core/wallet: replace SigningErrors and the other exception classes with wire.Errors 2020-05-15 18:35:09 +00:00			`raise wire.DataError("Pubkey not found in multisig script")`
signing/multisig: check if pubkey is part of multisig msg 2018-01-31 11:48:18 +00:00

feat(core/bitcoin): use path schemas 2020-07-23 11:58:19 +00:00			`def multisig_get_pubkey(n: HDNodeType, p: paths.Bip32Path) -> bytes:`
singing: multisig 2018-01-29 13:41:56 +00:00			`node = bip32.HDNode(`
			`depth=n.depth,`
			`fingerprint=n.fingerprint,`
			`child_num=n.child_num,`
			`chain_code=n.chain_code,`
src: run black 2018-07-03 14:20:58 +00:00			`public_key=n.public_key,`
			`)`
singing: multisig 2018-01-29 13:41:56 +00:00			`for i in p:`
			`node.derive(i, True)`
			`return node.public_key()`


core: Fix typing. 2020-04-07 07:39:11 +00:00			`def multisig_get_pubkeys(multisig: MultisigRedeemScriptType) -> List[bytes]:`
feat(core/bitcoin): use path schemas 2020-07-23 11:58:19 +00:00			`validate_multisig(multisig)`
src/apps/wallet/sign_tx: implemented simplified API for MultisigRedeemScriptType If address_n is the same for all nodes in the multisig, provide it just once and supply nodes directly (not in the HDNodePathType structure) 2019-02-04 00:15:13 +00:00			`if multisig.nodes:`
src/apps/wallet/sign_tx: fix style 2019-02-04 00:51:56 +00:00			`return [multisig_get_pubkey(hd, multisig.address_n) for hd in multisig.nodes]`
src/apps/wallet/sign_tx: implemented simplified API for MultisigRedeemScriptType If address_n is the same for all nodes in the multisig, provide it just once and supply nodes directly (not in the HDNodePathType structure) 2019-02-04 00:15:13 +00:00			`else:`
			`return [multisig_get_pubkey(hd.node, hd.address_n) for hd in multisig.pubkeys]`


core: Fix typing. 2020-04-07 07:39:11 +00:00			`def multisig_get_pubkey_count(multisig: MultisigRedeemScriptType) -> int:`
src/apps/wallet/sign_tx: implemented simplified API for MultisigRedeemScriptType If address_n is the same for all nodes in the multisig, provide it just once and supply nodes directly (not in the HDNodePathType structure) 2019-02-04 00:15:13 +00:00			`if multisig.nodes:`
			`return len(multisig.nodes)`
			`else:`
src/apps/wallet/sign_tx: fix typo 2019-02-04 12:57:31 +00:00			`return len(multisig.pubkeys)`