diff --git a/TODOLIST b/TODOLIST index 08b1d6f8..988fbf14 100644 --- a/TODOLIST +++ b/TODOLIST @@ -5,7 +5,6 @@ security: wallet, transactions : - - support compressed keys - dust sweeping - transactions with multiple outputs - BIP 32 diff --git a/lib/bitcoin.py b/lib/bitcoin.py index c8e8ba04..eb205004 100644 --- a/lib/bitcoin.py +++ b/lib/bitcoin.py @@ -43,8 +43,57 @@ Hash = lambda x: hashlib.sha256(hashlib.sha256(x).digest()).digest() hash_encode = lambda x: x[::-1].encode('hex') hash_decode = lambda x: x.decode('hex')[::-1] -############ functions from pywallet ##################### +# pywallet openssl private key implementation + +def i2d_ECPrivateKey(pkey, compressed=False): + if compressed: + key = '3081d30201010420' + \ + '%064x' % pkey.secret + \ + 'a081a53081a2020101302c06072a8648ce3d0101022100' + \ + '%064x' % _p + \ + '3006040100040107042102' + \ + '%064x' % _Gx + \ + '022100' + \ + '%064x' % _r + \ + '020101a124032200' + else: + key = '308201130201010420' + \ + '%064x' % pkey.secret + \ + 'a081a53081a2020101302c06072a8648ce3d0101022100' + \ + '%064x' % _p + \ + '3006040100040107044104' + \ + '%064x' % _Gx + \ + '%064x' % _Gy + \ + '022100' + \ + '%064x' % _r + \ + '020101a144034200' + + return key.decode('hex') + i2o_ECPublicKey(pkey, compressed) + +def i2o_ECPublicKey(pkey, compressed=False): + # public keys are 65 bytes long (520 bits) + # 0x04 + 32-byte X-coordinate + 32-byte Y-coordinate + # 0x00 = point at infinity, 0x02 and 0x03 = compressed, 0x04 = uncompressed + # compressed keys: where is 0x02 if y is even and 0x03 if y is odd + if compressed: + if pkey.pubkey.point.y() & 1: + key = '03' + '%064x' % pkey.pubkey.point.x() + else: + key = '02' + '%064x' % pkey.pubkey.point.x() + else: + key = '04' + \ + '%064x' % pkey.pubkey.point.x() + \ + '%064x' % pkey.pubkey.point.y() + + return key.decode('hex') + +# end pywallet openssl private key implementation + + + +############ functions from pywallet ##################### + addrtype = 0 def hash_160(public_key): @@ -151,17 +200,39 @@ def DecodeBase58Check(psz): def PrivKeyToSecret(privkey): return privkey[9:9+32] -def SecretToASecret(secret): - vchIn = chr(addrtype+128) + secret +def SecretToASecret(secret, compressed=False): + vchIn = chr((addrtype+128)&255) + secret + if compressed: vchIn += '\01' return EncodeBase58Check(vchIn) def ASecretToSecret(key): vch = DecodeBase58Check(key) - if vch and vch[0] == chr(addrtype+128): + if vch and vch[0] == chr((addrtype+128)&255): return vch[1:] else: return False +def regenerate_key(sec): + b = ASecretToSecret(sec) + if not b: + return False + b = b[0:32] + secret = int('0x' + b.encode('hex'), 16) + return EC_KEY(secret) + +def GetPubKey(pkey, compressed=False): + return i2o_ECPublicKey(pkey, compressed) + +def GetPrivKey(pkey, compressed=False): + return i2d_ECPrivateKey(pkey, compressed) + +def GetSecret(pkey): + return ('%064x' % pkey.secret).decode('hex') + +def is_compressed(sec): + b = ASecretToSecret(sec) + return len(b) == 33 + ########### end pywallet functions ####################### # secp256k1, http://www.oid-info.com/get/1.3.132.0.10 @@ -176,6 +247,13 @@ generator_secp256k1 = ecdsa.ellipticcurve.Point( curve_secp256k1, _Gx, _Gy, _r ) oid_secp256k1 = (1,3,132,0,10) SECP256k1 = ecdsa.curves.Curve("SECP256k1", curve_secp256k1, generator_secp256k1, oid_secp256k1 ) +class EC_KEY(object): + def __init__( self, secret ): + self.pubkey = ecdsa.ecdsa.Public_key( generator_secp256k1, generator_secp256k1 * secret ) + self.privkey = ecdsa.ecdsa.Private_key( self.pubkey, secret ) + self.secret = secret + + def filter(s): out = re.sub('( [^\n]*|)\n','',s) @@ -195,7 +273,6 @@ def raw_tx( inputs, outputs, for_sig = None ): sig = sig + chr(1) # hashtype script = int_to_hex( len(sig)) + ' push %d bytes\n'%len(sig) script += sig.encode('hex') + ' sig\n' - pubkey = chr(4) + pubkey script += int_to_hex( len(pubkey)) + ' push %d bytes\n'%len(pubkey) script += pubkey.encode('hex') + ' pubkey\n' elif for_sig==i: diff --git a/lib/wallet.py b/lib/wallet.py index 648b30d3..9cde7c89 100644 --- a/lib/wallet.py +++ b/lib/wallet.py @@ -113,22 +113,33 @@ class Wallet: while not self.is_up_to_date(): time.sleep(0.1) def import_key(self, keypair, password): - address, key = keypair.split(':') + + address, sec = keypair.split(':') if not self.is_valid(address): raise BaseException('Invalid Bitcoin address') if address in self.all_addresses(): raise BaseException('Address already in wallet') - b = ASecretToSecret( key ) - if not b: - raise BaseException('Unsupported key format') - secexp = int( b.encode('hex'), 16) - private_key = ecdsa.SigningKey.from_secret_exponent( secexp, curve=SECP256k1 ) + + # rebuild public key from private key, compressed or uncompressed + pkey = regenerate_key(sec) + if not pkey: + return False + + # figure out if private key is compressed + compressed = is_compressed(sec) + + # rebuild private and public key from regenerated secret + private_key = GetPrivKey(pkey, compressed) + public_key = GetPubKey(pkey, compressed) + addr = public_key_to_bc_address(public_key) + # sanity check - public_key = private_key.get_verifying_key() - if not address == public_key_to_bc_address( '04'.decode('hex') + public_key.to_string() ): + if not address == addr : raise BaseException('Address does not match private key') - self.imported_keys[address] = self.pw_encode( key, password ) - + + # store the originally requested keypair into the imported keys table + self.imported_keys[address] = self.pw_encode(sec, password ) + def new_seed(self, password): seed = "%032x"%ecdsa.util.randrange( pow(2,128) ) @@ -172,19 +183,23 @@ class Wallet: return string_to_number( Hash( "%d:%d:"%(n,for_change) + self.master_public_key.decode('hex') ) ) def get_private_key_base58(self, address, password): - pk = self.get_private_key(address, password) - if pk is None: return None - return SecretToASecret( pk ) + secexp, compressed = self.get_private_key(address, password) + if secexp is None: return None + pk = number_to_string( secexp, generator_secp256k1.order() ) + return SecretToASecret( pk, compressed ) def get_private_key(self, address, password): """ Privatekey(type,n) = Master_private_key + H(n|S|type) """ order = generator_secp256k1.order() if address in self.imported_keys.keys(): - b = self.pw_decode( self.imported_keys[address], password ) - if not b: return None - b = ASecretToSecret( b ) - secexp = int( b.encode('hex'), 16) + sec = self.pw_decode( self.imported_keys[address], password ) + if not sec: return None, None + + pkey = regenerate_key(sec) + compressed = is_compressed(sec) + secexp = pkey.secret + else: if address in self.addresses: n = self.addresses.index(address) @@ -201,20 +216,21 @@ class Wallet: if not seed: return None secexp = self.stretch_key(seed) secexp = ( secexp + self.get_sequence(n,for_change) ) % order + compressed = False - pk = number_to_string(secexp,order) - return pk + return secexp, compressed def msg_magic(self, message): return "\x18Bitcoin Signed Message:\n" + chr( len(message) ) + message def sign_message(self, address, message, password): - private_key = ecdsa.SigningKey.from_string( self.get_private_key(address, password), curve = SECP256k1 ) + secexp, compressed = self.get_private_key(address, password) + private_key = ecdsa.SigningKey.from_secret_exponent( secexp, curve = SECP256k1 ) public_key = private_key.get_verifying_key() signature = private_key.sign_digest( Hash( self.msg_magic( message ) ), sigencode = ecdsa.util.sigencode_string ) assert public_key.verify_digest( signature, Hash( self.msg_magic( message ) ), sigdecode = ecdsa.util.sigdecode_string) for i in range(4): - sig = base64.b64encode( chr(27+i) + signature ) + sig = base64.b64encode( chr(27 + i + (4 if compressed else 0)) + signature ) try: self.verify_message( address, sig, message) return sig @@ -598,9 +614,13 @@ class Wallet: s_inputs = [] for i in range(len(inputs)): addr, v, p_hash, p_pos, p_scriptPubKey, _, _ = inputs[i] - private_key = ecdsa.SigningKey.from_string( self.get_private_key(addr, password), curve = SECP256k1 ) + secexp, compressed = self.get_private_key(addr, password) + private_key = ecdsa.SigningKey.from_secret_exponent( secexp, curve = SECP256k1 ) public_key = private_key.get_verifying_key() - pubkey = public_key.to_string() + + pkey = EC_KEY(secexp) + pubkey = GetPubKey(pkey, compressed) + tx = filter( raw_tx( inputs, outputs, for_sig = i ) ) sig = private_key.sign_digest( Hash( tx.decode('hex') ), sigencode = ecdsa.util.sigencode_der ) assert public_key.verify_digest( sig, Hash( tx.decode('hex') ), sigdecode = ecdsa.util.sigdecode_der)