Fixes issue #232.
It assumes largest possible signature size for all inputs. For segwit
multisig it can be .25 bytes off due to difference between segwit
encoding (varint) vs. non-segwit encoding (op_push) of the multisig script.
The 4 byte hash_type/forkid is part of the signed message, but not
part of the transaction. Instead of hacking it into the transaction,
add it after the transaction when computing the signature.
Increase the size of the addresses in protobuf.
Fix layout2.c to handle longer addresses.
Add a field bech32_prefix to coins.h
Adapted the coins-gen script.
Added bech32 support in signing.c and transaction.c
Having CoinType using the protobuf structures has several disadvantages.
- We always need to change trezor-common if we need a new field (like
bech32 prefix)
- Every time Trezor initializes it sends all this information out and
nobody cares.
- The protobuf structures add storage overhead due to their fixed size.
I also removed most of the `has_` fields except for forkid:
- `has_segwit` was merged with segwit
- `has_coin_shortcut` can be replaced by test for NULL if necessary.
The fields were reordered for better padding.
There was a signed/unsigned problem: size_t is unsigned, but we use
-1 to indicate mismatch. The problem was that when checking the input
address path, it still did this unintentionally when a mismatch was
detected, forbidding to sign with mismatched inputs, even when there
is no change address.
We now use 1 for mismatch. Also we don't allow change address anymore
if the inputs have a path of length 1. This simplifies the code a bit.
Don't hash the whole transaction if forkid is set. Instead use the
same codepath as for segwit.
Rename segwit_to_spend to authorized_amount and use it for forkid
amount and segwit amount validity checks.
Removed some duplicated code.
