support for compressed keys
This commit is contained in:
parent
98cce2af0d
commit
e7e169888d
1
TODOLIST
1
TODOLIST
|
@ -5,7 +5,6 @@ security:
|
|||
|
||||
|
||||
wallet, transactions :
|
||||
- support compressed keys
|
||||
- dust sweeping
|
||||
- transactions with multiple outputs
|
||||
- BIP 32
|
||||
|
|
|
@ -43,8 +43,57 @@ Hash = lambda x: hashlib.sha256(hashlib.sha256(x).digest()).digest()
|
|||
hash_encode = lambda x: x[::-1].encode('hex')
|
||||
hash_decode = lambda x: x.decode('hex')[::-1]
|
||||
|
||||
############ functions from pywallet #####################
|
||||
|
||||
# pywallet openssl private key implementation
|
||||
|
||||
def i2d_ECPrivateKey(pkey, compressed=False):
|
||||
if compressed:
|
||||
key = '3081d30201010420' + \
|
||||
'%064x' % pkey.secret + \
|
||||
'a081a53081a2020101302c06072a8648ce3d0101022100' + \
|
||||
'%064x' % _p + \
|
||||
'3006040100040107042102' + \
|
||||
'%064x' % _Gx + \
|
||||
'022100' + \
|
||||
'%064x' % _r + \
|
||||
'020101a124032200'
|
||||
else:
|
||||
key = '308201130201010420' + \
|
||||
'%064x' % pkey.secret + \
|
||||
'a081a53081a2020101302c06072a8648ce3d0101022100' + \
|
||||
'%064x' % _p + \
|
||||
'3006040100040107044104' + \
|
||||
'%064x' % _Gx + \
|
||||
'%064x' % _Gy + \
|
||||
'022100' + \
|
||||
'%064x' % _r + \
|
||||
'020101a144034200'
|
||||
|
||||
return key.decode('hex') + i2o_ECPublicKey(pkey, compressed)
|
||||
|
||||
def i2o_ECPublicKey(pkey, compressed=False):
|
||||
# public keys are 65 bytes long (520 bits)
|
||||
# 0x04 + 32-byte X-coordinate + 32-byte Y-coordinate
|
||||
# 0x00 = point at infinity, 0x02 and 0x03 = compressed, 0x04 = uncompressed
|
||||
# compressed keys: <sign> <x> where <sign> is 0x02 if y is even and 0x03 if y is odd
|
||||
if compressed:
|
||||
if pkey.pubkey.point.y() & 1:
|
||||
key = '03' + '%064x' % pkey.pubkey.point.x()
|
||||
else:
|
||||
key = '02' + '%064x' % pkey.pubkey.point.x()
|
||||
else:
|
||||
key = '04' + \
|
||||
'%064x' % pkey.pubkey.point.x() + \
|
||||
'%064x' % pkey.pubkey.point.y()
|
||||
|
||||
return key.decode('hex')
|
||||
|
||||
# end pywallet openssl private key implementation
|
||||
|
||||
|
||||
|
||||
############ functions from pywallet #####################
|
||||
|
||||
addrtype = 0
|
||||
|
||||
def hash_160(public_key):
|
||||
|
@ -151,17 +200,39 @@ def DecodeBase58Check(psz):
|
|||
def PrivKeyToSecret(privkey):
|
||||
return privkey[9:9+32]
|
||||
|
||||
def SecretToASecret(secret):
|
||||
vchIn = chr(addrtype+128) + secret
|
||||
def SecretToASecret(secret, compressed=False):
|
||||
vchIn = chr((addrtype+128)&255) + secret
|
||||
if compressed: vchIn += '\01'
|
||||
return EncodeBase58Check(vchIn)
|
||||
|
||||
def ASecretToSecret(key):
|
||||
vch = DecodeBase58Check(key)
|
||||
if vch and vch[0] == chr(addrtype+128):
|
||||
if vch and vch[0] == chr((addrtype+128)&255):
|
||||
return vch[1:]
|
||||
else:
|
||||
return False
|
||||
|
||||
def regenerate_key(sec):
|
||||
b = ASecretToSecret(sec)
|
||||
if not b:
|
||||
return False
|
||||
b = b[0:32]
|
||||
secret = int('0x' + b.encode('hex'), 16)
|
||||
return EC_KEY(secret)
|
||||
|
||||
def GetPubKey(pkey, compressed=False):
|
||||
return i2o_ECPublicKey(pkey, compressed)
|
||||
|
||||
def GetPrivKey(pkey, compressed=False):
|
||||
return i2d_ECPrivateKey(pkey, compressed)
|
||||
|
||||
def GetSecret(pkey):
|
||||
return ('%064x' % pkey.secret).decode('hex')
|
||||
|
||||
def is_compressed(sec):
|
||||
b = ASecretToSecret(sec)
|
||||
return len(b) == 33
|
||||
|
||||
########### end pywallet functions #######################
|
||||
|
||||
# secp256k1, http://www.oid-info.com/get/1.3.132.0.10
|
||||
|
@ -176,6 +247,13 @@ generator_secp256k1 = ecdsa.ellipticcurve.Point( curve_secp256k1, _Gx, _Gy, _r )
|
|||
oid_secp256k1 = (1,3,132,0,10)
|
||||
SECP256k1 = ecdsa.curves.Curve("SECP256k1", curve_secp256k1, generator_secp256k1, oid_secp256k1 )
|
||||
|
||||
class EC_KEY(object):
|
||||
def __init__( self, secret ):
|
||||
self.pubkey = ecdsa.ecdsa.Public_key( generator_secp256k1, generator_secp256k1 * secret )
|
||||
self.privkey = ecdsa.ecdsa.Private_key( self.pubkey, secret )
|
||||
self.secret = secret
|
||||
|
||||
|
||||
|
||||
def filter(s):
|
||||
out = re.sub('( [^\n]*|)\n','',s)
|
||||
|
@ -195,7 +273,6 @@ def raw_tx( inputs, outputs, for_sig = None ):
|
|||
sig = sig + chr(1) # hashtype
|
||||
script = int_to_hex( len(sig)) + ' push %d bytes\n'%len(sig)
|
||||
script += sig.encode('hex') + ' sig\n'
|
||||
pubkey = chr(4) + pubkey
|
||||
script += int_to_hex( len(pubkey)) + ' push %d bytes\n'%len(pubkey)
|
||||
script += pubkey.encode('hex') + ' pubkey\n'
|
||||
elif for_sig==i:
|
||||
|
|
|
@ -113,22 +113,33 @@ class Wallet:
|
|||
while not self.is_up_to_date(): time.sleep(0.1)
|
||||
|
||||
def import_key(self, keypair, password):
|
||||
address, key = keypair.split(':')
|
||||
|
||||
address, sec = keypair.split(':')
|
||||
if not self.is_valid(address):
|
||||
raise BaseException('Invalid Bitcoin address')
|
||||
if address in self.all_addresses():
|
||||
raise BaseException('Address already in wallet')
|
||||
b = ASecretToSecret( key )
|
||||
if not b:
|
||||
raise BaseException('Unsupported key format')
|
||||
secexp = int( b.encode('hex'), 16)
|
||||
private_key = ecdsa.SigningKey.from_secret_exponent( secexp, curve=SECP256k1 )
|
||||
|
||||
# rebuild public key from private key, compressed or uncompressed
|
||||
pkey = regenerate_key(sec)
|
||||
if not pkey:
|
||||
return False
|
||||
|
||||
# figure out if private key is compressed
|
||||
compressed = is_compressed(sec)
|
||||
|
||||
# rebuild private and public key from regenerated secret
|
||||
private_key = GetPrivKey(pkey, compressed)
|
||||
public_key = GetPubKey(pkey, compressed)
|
||||
addr = public_key_to_bc_address(public_key)
|
||||
|
||||
# sanity check
|
||||
public_key = private_key.get_verifying_key()
|
||||
if not address == public_key_to_bc_address( '04'.decode('hex') + public_key.to_string() ):
|
||||
if not address == addr :
|
||||
raise BaseException('Address does not match private key')
|
||||
self.imported_keys[address] = self.pw_encode( key, password )
|
||||
|
||||
|
||||
# store the originally requested keypair into the imported keys table
|
||||
self.imported_keys[address] = self.pw_encode(sec, password )
|
||||
|
||||
|
||||
def new_seed(self, password):
|
||||
seed = "%032x"%ecdsa.util.randrange( pow(2,128) )
|
||||
|
@ -172,19 +183,23 @@ class Wallet:
|
|||
return string_to_number( Hash( "%d:%d:"%(n,for_change) + self.master_public_key.decode('hex') ) )
|
||||
|
||||
def get_private_key_base58(self, address, password):
|
||||
pk = self.get_private_key(address, password)
|
||||
if pk is None: return None
|
||||
return SecretToASecret( pk )
|
||||
secexp, compressed = self.get_private_key(address, password)
|
||||
if secexp is None: return None
|
||||
pk = number_to_string( secexp, generator_secp256k1.order() )
|
||||
return SecretToASecret( pk, compressed )
|
||||
|
||||
def get_private_key(self, address, password):
|
||||
""" Privatekey(type,n) = Master_private_key + H(n|S|type) """
|
||||
order = generator_secp256k1.order()
|
||||
|
||||
if address in self.imported_keys.keys():
|
||||
b = self.pw_decode( self.imported_keys[address], password )
|
||||
if not b: return None
|
||||
b = ASecretToSecret( b )
|
||||
secexp = int( b.encode('hex'), 16)
|
||||
sec = self.pw_decode( self.imported_keys[address], password )
|
||||
if not sec: return None, None
|
||||
|
||||
pkey = regenerate_key(sec)
|
||||
compressed = is_compressed(sec)
|
||||
secexp = pkey.secret
|
||||
|
||||
else:
|
||||
if address in self.addresses:
|
||||
n = self.addresses.index(address)
|
||||
|
@ -201,20 +216,21 @@ class Wallet:
|
|||
if not seed: return None
|
||||
secexp = self.stretch_key(seed)
|
||||
secexp = ( secexp + self.get_sequence(n,for_change) ) % order
|
||||
compressed = False
|
||||
|
||||
pk = number_to_string(secexp,order)
|
||||
return pk
|
||||
return secexp, compressed
|
||||
|
||||
def msg_magic(self, message):
|
||||
return "\x18Bitcoin Signed Message:\n" + chr( len(message) ) + message
|
||||
|
||||
def sign_message(self, address, message, password):
|
||||
private_key = ecdsa.SigningKey.from_string( self.get_private_key(address, password), curve = SECP256k1 )
|
||||
secexp, compressed = self.get_private_key(address, password)
|
||||
private_key = ecdsa.SigningKey.from_secret_exponent( secexp, curve = SECP256k1 )
|
||||
public_key = private_key.get_verifying_key()
|
||||
signature = private_key.sign_digest( Hash( self.msg_magic( message ) ), sigencode = ecdsa.util.sigencode_string )
|
||||
assert public_key.verify_digest( signature, Hash( self.msg_magic( message ) ), sigdecode = ecdsa.util.sigdecode_string)
|
||||
for i in range(4):
|
||||
sig = base64.b64encode( chr(27+i) + signature )
|
||||
sig = base64.b64encode( chr(27 + i + (4 if compressed else 0)) + signature )
|
||||
try:
|
||||
self.verify_message( address, sig, message)
|
||||
return sig
|
||||
|
@ -598,9 +614,13 @@ class Wallet:
|
|||
s_inputs = []
|
||||
for i in range(len(inputs)):
|
||||
addr, v, p_hash, p_pos, p_scriptPubKey, _, _ = inputs[i]
|
||||
private_key = ecdsa.SigningKey.from_string( self.get_private_key(addr, password), curve = SECP256k1 )
|
||||
secexp, compressed = self.get_private_key(addr, password)
|
||||
private_key = ecdsa.SigningKey.from_secret_exponent( secexp, curve = SECP256k1 )
|
||||
public_key = private_key.get_verifying_key()
|
||||
pubkey = public_key.to_string()
|
||||
|
||||
pkey = EC_KEY(secexp)
|
||||
pubkey = GetPubKey(pkey, compressed)
|
||||
|
||||
tx = filter( raw_tx( inputs, outputs, for_sig = i ) )
|
||||
sig = private_key.sign_digest( Hash( tx.decode('hex') ), sigencode = ecdsa.util.sigencode_der )
|
||||
assert public_key.verify_digest( sig, Hash( tx.decode('hex') ), sigdecode = ecdsa.util.sigdecode_der)
|
||||
|
|
Loading…
Reference in New Issue