Fixes issue #232.
It assumes largest possible signature size for all inputs. For segwit
multisig it can be .25 bytes off due to difference between segwit
encoding (varint) vs. non-segwit encoding (op_push) of the multisig script.
The 4 byte hash_type/forkid is part of the signed message, but not
part of the transaction. Instead of hacking it into the transaction,
add it after the transaction when computing the signature.
Increase the size of the addresses in protobuf.
Fix layout2.c to handle longer addresses.
Add a field bech32_prefix to coins.h
Adapted the coins-gen script.
Added bech32 support in signing.c and transaction.c
Having CoinType using the protobuf structures has several disadvantages.
- We always need to change trezor-common if we need a new field (like
bech32 prefix)
- Every time Trezor initializes it sends all this information out and
nobody cares.
- The protobuf structures add storage overhead due to their fixed size.
I also removed most of the `has_` fields except for forkid:
- `has_segwit` was merged with segwit
- `has_coin_shortcut` can be replaced by test for NULL if necessary.
The fields were reordered for better padding.
There was a signed/unsigned problem: size_t is unsigned, but we use
-1 to indicate mismatch. The problem was that when checking the input
address path, it still did this unintentionally when a mismatch was
detected, forbidding to sign with mismatched inputs, even when there
is no change address.
We now use 1 for mismatch. Also we don't allow change address anymore
if the inputs have a path of length 1. This simplifies the code a bit.
NIS deserializes then serializes transactions in order to verify the
signature. This means that transactions must be serialized canonically,
otherwise the signature will not match. Due to [1], mosaics are sorted
and deduplicated in transfer transactions.
[1]: 4231550ddf
