Experiment - generating segwit addresses

bip32.c

@@ -25,6 +25,7 @@
 #include <string.h>
 #include <stdbool.h>
 
+#include "address.h"
 #include "bignum.h"
 #include "hmac.h"
 #include "ecdsa.h"
@@ -270,7 +271,7 @@ int hdnode_public_ckd(HDNode *inout, uint32_t i)
 	return 1;
 }
 
-int hdnode_public_ckd_address_optimized(const curve_point *pub, const uint8_t *chain_code, uint32_t i, uint32_t version, char *addr, int addrsize)
+int hdnode_public_ckd_address_optimized(const curve_point *pub, const uint8_t *chain_code, uint32_t i, uint32_t version, char *addr, int addrsize, bool segwit)
 {
 	uint8_t child_pubkey[33];
 	curve_point b;
@@ -278,8 +279,27 @@ int hdnode_public_ckd_address_optimized(const curve_point *pub, const uint8_t *c
 	hdnode_public_ckd_cp(&secp256k1, pub, chain_code, i, &b, NULL);
 	child_pubkey[0] = 0x02 | (b.y.val[0] & 0x01);
 	bn_write_be(&b.x, child_pubkey + 1);
-	ecdsa_get_address(child_pubkey, version, addr, addrsize);
-	return 1;
+
+	if (!segwit) {
+		ecdsa_get_address(child_pubkey, version, addr, addrsize);
+		return 1;
+	} else {
+		uint8_t raw[32];
+		size_t prelen = address_prefix_bytes_len(version);
+		uint8_t digest[MAX_ADDR_RAW_SIZE];
+
+		raw[0] = 0; // version byte
+		raw[1] = 20; // push 20 bytes
+		ecdsa_get_pubkeyhash(child_pubkey, raw + 2);
+		sha256_Raw(raw, 22, digest);
+		address_write_prefix_bytes(version, raw);
+		ripemd160(digest, 32, raw + prelen);
+
+		if (!base58_encode_check(raw, prelen + 20, addr, MAX_ADDR_SIZE)) {
+			return 0;
+		}
+		return 1;
+	}
 }
 
 #if USE_BIP32_CACHE

bip32.h

@@ -26,6 +26,7 @@
 
 #include <stdint.h>
 #include <stdlib.h>
+#include <stdbool.h>
 #include "ecdsa.h"
 #include "options.h"
 
@@ -57,7 +58,7 @@ int hdnode_public_ckd_cp(const ecdsa_curve *curve, const curve_point *parent, co
 
 int hdnode_public_ckd(HDNode *inout, uint32_t i);
 
-int hdnode_public_ckd_address_optimized(const curve_point *pub, const uint8_t *chain_code, uint32_t i, uint32_t version, char *addr, int addrsize);
+int hdnode_public_ckd_address_optimized(const curve_point *pub, const uint8_t *chain_code, uint32_t i, uint32_t version, char *addr, int addrsize, bool segwit);
 
 #if USE_BIP32_CACHE
 

emscripten/post.js

@@ -51,8 +51,8 @@ function serializeNode(node) {
  * @param {Number} version  address version byte
  * @return {String}
  */
-function deriveAddress(index, version) {
-    _hdnode_public_ckd_address_optimized(_pubpoint, _chaincode, index, version, _address, ADDRESS_SIZE);
+function deriveAddress(index, version, segwit) {
+    _hdnode_public_ckd_address_optimized(_pubpoint, _chaincode, index, version, _address, ADDRESS_SIZE, segwit);
     return Pointer_stringify(_address);
 }
 
@@ -63,12 +63,12 @@ function deriveAddress(index, version) {
  * @param {Number} version     address version byte
  * @return {Array<String>}
  */
-function deriveAddressRange(node, firstIndex, lastIndex, version) {
+function deriveAddressRange(node, firstIndex, lastIndex, version, segwit) {
     var addresses = [];
     serializeNode(node);
     var i;
     for (i = firstIndex; i <= lastIndex; i++) {
-        addresses.push(deriveAddress(i, version));
+        addresses.push(deriveAddress(i, version, segwit));
     }
     return addresses;
 }

emscripten/test-correctness.js

@@ -13,7 +13,10 @@ var nodeStruct = {
     public_key: node.keyPair.getPublicKeyBuffer()
 };
 
-var addresses = crypto.deriveAddressRange(nodeStruct, 0, 999, 0);
+var addresses = crypto.deriveAddressRange(nodeStruct, 0, 999, 0, false);
+
+// for segwit:
+// var addresses = crypto.deriveAddressRange(nodeStruct, 0, 999, 5, true);
 
 var fs = require('fs');
 var loaded = fs.readFileSync('test-addresses.txt').toString().split("\n");