diff --git a/core/tests/test_apps.bitcoin.approver.py b/core/tests/test_apps.bitcoin.approver.py index 41a2a98e33..7354a846b1 100644 --- a/core/tests/test_apps.bitcoin.approver.py +++ b/core/tests/test_apps.bitcoin.approver.py @@ -3,8 +3,6 @@ from common import H_, await_result, unittest # isort:skip import storage.cache from trezor import wire from trezor.crypto import bip32 -from trezor.crypto.curve import bip340, secp256k1 -from trezor.crypto.hashlib import sha256 from trezor.enums import InputScriptType, OutputScriptType from trezor.messages import ( AuthorizeCoinJoin, @@ -13,9 +11,7 @@ from trezor.messages import ( TxInput, TxOutput, ) -from trezor.utils import HashWriter -from apps.bitcoin import writers from apps.bitcoin.authorization import FEE_RATE_DECIMALS, CoinJoinAuthorization from apps.bitcoin.sign_tx.approvers import CoinJoinApprover from apps.bitcoin.sign_tx.bitcoin import Bitcoin @@ -31,10 +27,6 @@ class TestApprover(unittest.TestCase): self.min_registrable_amount = 5000 self.coordinator_name = "www.example.com" - # Private key for signing and masking CoinJoin requests. - # m/0h for "all all ... all" seed. - self.private_key = b"?S\ti\x8b\xc5o{,\xab\x03\x194\xea\xa8[_:\xeb\xdf\xce\xef\xe50\xf17D\x98`\xb9dj" - self.node = bip32.HDNode( depth=0, fingerprint=0, @@ -43,9 +35,6 @@ class TestApprover(unittest.TestCase): private_key=b"\x01" * 32, curve_name="secp256k1", ) - self.tweaked_node_pubkey = b"\x02" + bip340.tweak_public_key( - self.node.public_key()[1:] - ) self.msg_auth = AuthorizeCoinJoin( coordinator=self.coordinator_name, @@ -61,42 +50,12 @@ class TestApprover(unittest.TestCase): storage.cache.start_session() def make_coinjoin_request(self, inputs): - mask_public_key = secp256k1.publickey(self.private_key) - coinjoin_flags = bytearray() - for txi in inputs: - shared_secret = secp256k1.multiply( - self.private_key, self.tweaked_node_pubkey - )[1:33] - h_mask = HashWriter(sha256()) - writers.write_bytes_fixed(h_mask, shared_secret, 32) - writers.write_bytes_reversed(h_mask, txi.prev_hash, writers.TX_HASH_SIZE) - writers.write_uint32(h_mask, txi.prev_index) - mask = h_mask.get_digest()[0] & 1 - signable = txi.script_type == InputScriptType.SPENDTAPROOT - txi.coinjoin_flags = signable ^ mask - coinjoin_flags.append(txi.coinjoin_flags) - - # Compute CoinJoin request signature. - h_request = HashWriter(sha256(b"CJR1")) - writers.write_bytes_prefixed(h_request, self.coordinator_name.encode()) - writers.write_uint32(h_request, self.coin.slip44) - writers.write_uint32( - h_request, int(self.fee_rate_percent * 10**FEE_RATE_DECIMALS) - ) - writers.write_uint64(h_request, self.no_fee_threshold) - writers.write_uint64(h_request, self.min_registrable_amount) - writers.write_bytes_fixed(h_request, mask_public_key, 33) - writers.write_bytes_prefixed(h_request, coinjoin_flags) - writers.write_bytes_fixed(h_request, sha256().digest(), 32) - writers.write_bytes_fixed(h_request, sha256().digest(), 32) - signature = secp256k1.sign(self.private_key, h_request.get_digest()) - return CoinJoinRequest( fee_rate=int(self.fee_rate_percent * 10**FEE_RATE_DECIMALS), no_fee_threshold=self.no_fee_threshold, min_registrable_amount=self.min_registrable_amount, - mask_public_key=mask_public_key, - signature=signature, + mask_public_key=bytearray(), + signature=bytearray(), ) def test_coinjoin_lots_of_inputs(self): diff --git a/tests/device_tests/bitcoin/payment_req.py b/tests/device_tests/bitcoin/payment_req.py index 5d987706df..73d98859ba 100644 --- a/tests/device_tests/bitcoin/payment_req.py +++ b/tests/device_tests/bitcoin/payment_req.py @@ -1,7 +1,7 @@ from collections import namedtuple from hashlib import sha256 -from ecdsa import ECDH, SECP256k1, SigningKey +from ecdsa import SECP256k1, SigningKey from trezorlib import btc, messages @@ -113,60 +113,15 @@ def make_coinjoin_request( no_fee_threshold=1_000_000, min_registrable_amount=5_000, ): - # Reuse the signing key as the masking key to ensure deterministic behavior. - # Note that in production the masking key should be generated randomly. - ecdh = ECDH(curve=SECP256k1) - ecdh.load_private_key(payment_req_signer) - mask_public_key = ecdh.get_public_key().to_string("compressed") - # Process inputs. - h_prevouts = sha256() - coinjoin_flags = bytearray() - for i, (txi, script_pubkey) in enumerate(zip(inputs, input_script_pubkeys)): - # Add input to prevouts hash. - h_prevouts.update(bytes(reversed(txi.prev_hash))) - h_prevouts.update(txi.prev_index.to_bytes(4, "little")) - - # Set signable flag in coinjoin_flags. - if len(script_pubkey) == 34 and script_pubkey.startswith(b"\x51\x20"): - ecdh.load_received_public_key_bytes(b"\x02" + script_pubkey[2:]) - shared_secret = ecdh.generate_sharedsecret_bytes() - h_mask = sha256(shared_secret) - h_mask.update(bytes(reversed(txi.prev_hash))) - h_mask.update(txi.prev_index.to_bytes(4, "little")) - mask = h_mask.digest()[0] & 1 - signable = bool(txi.address_n) - txi.coinjoin_flags = signable ^ mask - else: - txi.coinjoin_flags = 0 - + for i, txi in enumerate(inputs): # Set no_fee flag in coinjoin_flags. txi.coinjoin_flags |= (i in no_fee_indices) << 1 - coinjoin_flags.append(txi.coinjoin_flags) - - # Process outputs. - h_outputs = sha256() - for txo, script_pubkey in zip(outputs, output_script_pubkeys): - h_outputs.update(txo.amount.to_bytes(8, "little")) - hash_bytes_prefixed(h_outputs, script_pubkey) - - # Hash the CoinJoin request. - h_request = sha256(b"CJR1") - hash_bytes_prefixed(h_request, coordinator_name.encode()) - h_request.update(SLIP44.to_bytes(4, "little")) - h_request.update(fee_rate.to_bytes(4, "little")) - h_request.update(no_fee_threshold.to_bytes(8, "little")) - h_request.update(min_registrable_amount.to_bytes(8, "little")) - h_request.update(mask_public_key) - hash_bytes_prefixed(h_request, coinjoin_flags) - h_request.update(h_prevouts.digest()) - h_request.update(h_outputs.digest()) - return messages.CoinJoinRequest( fee_rate=fee_rate, no_fee_threshold=no_fee_threshold, min_registrable_amount=min_registrable_amount, - mask_public_key=mask_public_key, - signature=payment_req_signer.sign_digest_deterministic(h_request.digest()), + mask_public_key=b"", + signature=b"", )