git://git.novaco.in / electrum-nvc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
replace 'ElectrumKeyID' with more general 'KeyID' field in transactions
[electrum-nvc.git] / lib / bitcoin.py
1 #!/usr/bin/env python
2 #
3 # Electrum - lightweight Bitcoin client
4 # Copyright (C) 2011 thomasv@gitorious
5 #
6 # This program is free software: you can redistribute it and/or modify
7 # it under the terms of the GNU General Public License as published by
8 # the Free Software Foundation, either version 3 of the License, or
9 # (at your option) any later version.
10 #
11 # This program is distributed in the hope that it will be useful,
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 # GNU General Public License for more details.
15 #
16 # You should have received a copy of the GNU General Public License
17 # along with this program. If not, see <http://www.gnu.org/licenses/>.
18
19
20 import hashlib, base64, ecdsa, re
21 from util import print_error
22
23 def rev_hex(s):
24     return s.decode('hex')[::-1].encode('hex')
25
26 def int_to_hex(i, length=1):
27     s = hex(i)[2:].rstrip('L')
28     s = "0"*(2*length - len(s)) + s
29     return rev_hex(s)
30
31 def var_int(i):
32     # https://en.bitcoin.it/wiki/Protocol_specification#Variable_length_integer
33     if i<0xfd:
34         return int_to_hex(i)
35     elif i<=0xffff:
36         return "fd"+int_to_hex(i,2)
37     elif i<=0xffffffff:
38         return "fe"+int_to_hex(i,4)
39     else:
40         return "ff"+int_to_hex(i,8)
41
42 def op_push(i):
43     if i<0x4c:
44         return int_to_hex(i)
45     elif i<0xff:
46         return '4c' + int_to_hex(i)
47     elif i<0xffff:
48         return '4d' + int_to_hex(i,2)
49     else:
50         return '4e' + int_to_hex(i,4)
51     
52
53
54 Hash = lambda x: hashlib.sha256(hashlib.sha256(x).digest()).digest()
55 hash_encode = lambda x: x[::-1].encode('hex')
56 hash_decode = lambda x: x.decode('hex')[::-1]
57
58
59 # pywallet openssl private key implementation
60
61 def i2d_ECPrivateKey(pkey, compressed=False):
62     if compressed:
63         key = '3081d30201010420' + \
64               '%064x' % pkey.secret + \
65               'a081a53081a2020101302c06072a8648ce3d0101022100' + \
66               '%064x' % _p + \
67               '3006040100040107042102' + \
68               '%064x' % _Gx + \
69               '022100' + \
70               '%064x' % _r + \
71               '020101a124032200'
72     else:
73         key = '308201130201010420' + \
74               '%064x' % pkey.secret + \
75               'a081a53081a2020101302c06072a8648ce3d0101022100' + \
76               '%064x' % _p + \
77               '3006040100040107044104' + \
78               '%064x' % _Gx + \
79               '%064x' % _Gy + \
80               '022100' + \
81               '%064x' % _r + \
82               '020101a144034200'
83         
84     return key.decode('hex') + i2o_ECPublicKey(pkey.pubkey, compressed)
85     
86 def i2o_ECPublicKey(pubkey, compressed=False):
87     # public keys are 65 bytes long (520 bits)
88     # 0x04 + 32-byte X-coordinate + 32-byte Y-coordinate
89     # 0x00 = point at infinity, 0x02 and 0x03 = compressed, 0x04 = uncompressed
90     # compressed keys: <sign> <x> where <sign> is 0x02 if y is even and 0x03 if y is odd
91     if compressed:
92         if pubkey.point.y() & 1:
93             key = '03' + '%064x' % pubkey.point.x()
94         else:
95             key = '02' + '%064x' % pubkey.point.x()
96     else:
97         key = '04' + \
98               '%064x' % pubkey.point.x() + \
99               '%064x' % pubkey.point.y()
100             
101     return key.decode('hex')
102             
103 # end pywallet openssl private key implementation
104
105                                                 
106             
107 ############ functions from pywallet ##################### 
108
109 def hash_160(public_key):
110     try:
111         md = hashlib.new('ripemd160')
112         md.update(hashlib.sha256(public_key).digest())
113         return md.digest()
114     except:
115         import ripemd
116         md = ripemd.new(hashlib.sha256(public_key).digest())
117         return md.digest()
118
119
120 def public_key_to_bc_address(public_key):
121     h160 = hash_160(public_key)
122     return hash_160_to_bc_address(h160)
123
124 def hash_160_to_bc_address(h160, addrtype = 0):
125     vh160 = chr(addrtype) + h160
126     h = Hash(vh160)
127     addr = vh160 + h[0:4]
128     return b58encode(addr)
129
130 def bc_address_to_hash_160(addr):
131     bytes = b58decode(addr, 25)
132     return ord(bytes[0]), bytes[1:21]
133
134 def encode_point(pubkey, compressed=False):
135     order = generator_secp256k1.order()
136     p = pubkey.pubkey.point
137     x_str = ecdsa.util.number_to_string(p.x(), order)
138     y_str = ecdsa.util.number_to_string(p.y(), order)
139     if compressed:
140         return chr(2 + (p.y() & 1)) + x_str
141     else:
142         return chr(4) + pubkey.to_string() #x_str + y_str
143
144 __b58chars = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz'
145 __b58base = len(__b58chars)
146
147 def b58encode(v):
148     """ encode v, which is a string of bytes, to base58."""
149
150     long_value = 0L
151     for (i, c) in enumerate(v[::-1]):
152         long_value += (256**i) * ord(c)
153
154     result = ''
155     while long_value >= __b58base:
156         div, mod = divmod(long_value, __b58base)
157         result = __b58chars[mod] + result
158         long_value = div
159     result = __b58chars[long_value] + result
160
161     # Bitcoin does a little leading-zero-compression:
162     # leading 0-bytes in the input become leading-1s
163     nPad = 0
164     for c in v:
165         if c == '\0': nPad += 1
166         else: break
167
168     return (__b58chars[0]*nPad) + result
169
170 def b58decode(v, length):
171     """ decode v into a string of len bytes."""
172     long_value = 0L
173     for (i, c) in enumerate(v[::-1]):
174         long_value += __b58chars.find(c) * (__b58base**i)
175
176     result = ''
177     while long_value >= 256:
178         div, mod = divmod(long_value, 256)
179         result = chr(mod) + result
180         long_value = div
181     result = chr(long_value) + result
182
183     nPad = 0
184     for c in v:
185         if c == __b58chars[0]: nPad += 1
186         else: break
187
188     result = chr(0)*nPad + result
189     if length is not None and len(result) != length:
190         return None
191
192     return result
193
194
195 def EncodeBase58Check(vchIn):
196     hash = Hash(vchIn)
197     return b58encode(vchIn + hash[0:4])
198
199 def DecodeBase58Check(psz):
200     vchRet = b58decode(psz, None)
201     key = vchRet[0:-4]
202     csum = vchRet[-4:]
203     hash = Hash(key)
204     cs32 = hash[0:4]
205     if cs32 != csum:
206         return None
207     else:
208         return key
209
210 def PrivKeyToSecret(privkey):
211     return privkey[9:9+32]
212
213 def SecretToASecret(secret, compressed=False, addrtype=0):
214     vchIn = chr((addrtype+128)&255) + secret
215     if compressed: vchIn += '\01'
216     return EncodeBase58Check(vchIn)
217
218 def ASecretToSecret(key, addrtype=0):
219     vch = DecodeBase58Check(key)
220     if vch and vch[0] == chr((addrtype+128)&255):
221         return vch[1:]
222     else:
223         return False
224
225 def regenerate_key(sec):
226     b = ASecretToSecret(sec)
227     if not b:
228         return False
229     b = b[0:32]
230     secret = int('0x' + b.encode('hex'), 16)
231     return EC_KEY(secret)
232
233 def GetPubKey(pubkey, compressed=False):
234     return i2o_ECPublicKey(pubkey, compressed)
235
236 def GetPrivKey(pkey, compressed=False):
237     return i2d_ECPrivateKey(pkey, compressed)
238
239 def GetSecret(pkey):
240     return ('%064x' % pkey.secret).decode('hex')
241
242 def is_compressed(sec):
243     b = ASecretToSecret(sec)
244     return len(b) == 33
245
246
247 def address_from_private_key(sec):
248     # rebuild public key from private key, compressed or uncompressed
249     pkey = regenerate_key(sec)
250     assert pkey
251
252     # figure out if private key is compressed
253     compressed = is_compressed(sec)
254         
255     # rebuild private and public key from regenerated secret
256     private_key = GetPrivKey(pkey, compressed)
257     public_key = GetPubKey(pkey.pubkey, compressed)
258     address = public_key_to_bc_address(public_key)
259     return address
260
261
262 def is_valid(addr):
263     ADDRESS_RE = re.compile('[1-9A-HJ-NP-Za-km-z]{26,}\\Z')
264     if not ADDRESS_RE.match(addr): return False
265     try:
266         addrtype, h = bc_address_to_hash_160(addr)
267     except:
268         return False
269     return addr == hash_160_to_bc_address(h, addrtype)
270
271
272 ########### end pywallet functions #######################
273
274 # secp256k1, http://www.oid-info.com/get/1.3.132.0.10
275 _p = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2FL
276 _r = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141L
277 _b = 0x0000000000000000000000000000000000000000000000000000000000000007L
278 _a = 0x0000000000000000000000000000000000000000000000000000000000000000L
279 _Gx = 0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798L
280 _Gy = 0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8L
281 curve_secp256k1 = ecdsa.ellipticcurve.CurveFp( _p, _a, _b )
282 generator_secp256k1 = ecdsa.ellipticcurve.Point( curve_secp256k1, _Gx, _Gy, _r )
283 oid_secp256k1 = (1,3,132,0,10)
284 SECP256k1 = ecdsa.curves.Curve("SECP256k1", curve_secp256k1, generator_secp256k1, oid_secp256k1 ) 
285
286 from ecdsa.util import string_to_number, number_to_string
287
288 def msg_magic(message):
289     return "\x18Bitcoin Signed Message:\n" + chr( len(message) ) + message
290
291
292 class EC_KEY(object):
293     def __init__( self, secret ):
294         self.pubkey = ecdsa.ecdsa.Public_key( generator_secp256k1, generator_secp256k1 * secret )
295         self.privkey = ecdsa.ecdsa.Private_key( self.pubkey, secret )
296         self.secret = secret
297
298     def sign_message(self, message, compressed, address):
299         private_key = ecdsa.SigningKey.from_secret_exponent( self.secret, curve = SECP256k1 )
300         public_key = private_key.get_verifying_key()
301         signature = private_key.sign_digest( Hash( msg_magic(message) ), sigencode = ecdsa.util.sigencode_string )
302         assert public_key.verify_digest( signature, Hash( msg_magic(message) ), sigdecode = ecdsa.util.sigdecode_string)
303         for i in range(4):
304             sig = base64.b64encode( chr(27 + i + (4 if compressed else 0)) + signature )
305             try:
306                 self.verify_message( address, sig, message)
307                 return sig
308             except:
309                 continue
310         else:
311             raise BaseException("error: cannot sign message")
312
313     @classmethod
314     def verify_message(self, address, signature, message):
315         """ See http://www.secg.org/download/aid-780/sec1-v2.pdf for the math """
316         from ecdsa import numbertheory, ellipticcurve, util
317         import msqr
318         curve = curve_secp256k1
319         G = generator_secp256k1
320         order = G.order()
321         # extract r,s from signature
322         sig = base64.b64decode(signature)
323         if len(sig) != 65: raise BaseException("Wrong encoding")
324         r,s = util.sigdecode_string(sig[1:], order)
325         nV = ord(sig[0])
326         if nV < 27 or nV >= 35:
327             raise BaseException("Bad encoding")
328         if nV >= 31:
329             compressed = True
330             nV -= 4
331         else:
332             compressed = False
333
334         recid = nV - 27
335         # 1.1
336         x = r + (recid/2) * order
337         # 1.3
338         alpha = ( x * x * x  + curve.a() * x + curve.b() ) % curve.p()
339         beta = msqr.modular_sqrt(alpha, curve.p())
340         y = beta if (beta - recid) % 2 == 0 else curve.p() - beta
341         # 1.4 the constructor checks that nR is at infinity
342         R = ellipticcurve.Point(curve, x, y, order)
343         # 1.5 compute e from message:
344         h = Hash( msg_magic(message) )
345         e = string_to_number(h)
346         minus_e = -e % order
347         # 1.6 compute Q = r^-1 (sR - eG)
348         inv_r = numbertheory.inverse_mod(r,order)
349         Q = inv_r * ( s * R + minus_e * G )
350         public_key = ecdsa.VerifyingKey.from_public_point( Q, curve = SECP256k1 )
351         # check that Q is the public key
352         public_key.verify_digest( sig[1:], h, sigdecode = ecdsa.util.sigdecode_string)
353         # check that we get the original signing address
354         addr = public_key_to_bc_address( encode_point(public_key, compressed) )
355         if address != addr:
356             raise BaseException("Bad signature")
357
358
359 ###################################### BIP32 ##############################
360
361 random_seed = lambda n: "%032x"%ecdsa.util.randrange( pow(2,n) )
362
363
364
365 def bip32_init(seed):
366     import hmac
367         
368     I = hmac.new("Bitcoin seed", seed, hashlib.sha512).digest()
369
370     print "seed", seed.encode('hex')
371     master_secret = I[0:32]
372     master_chain = I[32:]
373
374     # public key
375     curve = SECP256k1
376     master_private_key = ecdsa.SigningKey.from_string( master_secret, curve = SECP256k1 )
377     master_public_key = master_private_key.get_verifying_key()
378     K = master_public_key.to_string()
379     K_compressed = GetPubKey(master_public_key.pubkey,True)
380     return master_secret, master_chain, K, K_compressed
381
382     
383 def CKD(k, c, n):
384     import hmac
385     from ecdsa.util import string_to_number, number_to_string
386     order = generator_secp256k1.order()
387     keypair = EC_KEY(string_to_number(k))
388     K = GetPubKey(keypair.pubkey,True)
389     I = hmac.new(c, K + rev_hex(int_to_hex(n,4)).decode('hex'), hashlib.sha512).digest()
390     k_n = number_to_string( (string_to_number(I[0:32]) * string_to_number(k)) % order , order )
391     c_n = I[32:]
392     return k_n, c_n
393
394
395 def CKD_prime(K, c, n):
396     import hmac
397     from ecdsa.util import string_to_number, number_to_string
398     order = generator_secp256k1.order()
399
400     K_public_key = ecdsa.VerifyingKey.from_string( K, curve = SECP256k1 )
401     K_compressed = GetPubKey(K_public_key.pubkey,True)
402
403     I = hmac.new(c, K_compressed + rev_hex(int_to_hex(n,4)).decode('hex'), hashlib.sha512).digest()
404
405     #pubkey = ecdsa.ecdsa.Public_key( generator_secp256k1, string_to_number(I[0:32]) * K_public_key.pubkey.point )
406     public_key = ecdsa.VerifyingKey.from_public_point( string_to_number(I[0:32]) * K_public_key.pubkey.point, curve = SECP256k1 )
407     K_n = public_key.to_string()
408     K_n_compressed = GetPubKey(public_key.pubkey,True)
409     c_n = I[32:]
410
411     return K_n, K_n_compressed, c_n
412
413
414
415 class ElectrumSequence:
416     """  Privatekey(type,n) = Master_private_key + H(n|S|type)  """
417
418     def __init__(self, master_public_key, mpk2 = None, mpk3 = None):
419         self.master_public_key = master_public_key
420         self.mpk2 = mpk2
421         self.mpk3 = mpk3
422
423     @classmethod
424     def mpk_from_seed(klass, seed):
425         curve = SECP256k1
426         secexp = klass.stretch_key(seed)
427         master_private_key = ecdsa.SigningKey.from_secret_exponent( secexp, curve = SECP256k1 )
428         master_public_key = master_private_key.get_verifying_key().to_string().encode('hex')
429         return master_public_key
430
431     @classmethod
432     def stretch_key(self,seed):
433         oldseed = seed
434         for i in range(100000):
435             seed = hashlib.sha256(seed + oldseed).digest()
436         return string_to_number( seed )
437
438     def get_sequence(self, sequence, mpk):
439         for_change, n = sequence
440         return string_to_number( Hash( "%d:%d:"%(n,for_change) + mpk.decode('hex') ) )
441
442     def get_address(self, sequence):
443         if not self.mpk2:
444             pubkey = self.get_pubkey(sequence)
445             address = public_key_to_bc_address( pubkey.decode('hex') )
446         elif not self.mpk3:
447             pubkey1 = self.get_pubkey(sequence)
448             pubkey2 = self.get_pubkey(sequence, use_mpk2=True)
449             address = Transaction.multisig_script([pubkey1, pubkey2], 2)["address"]
450         else:
451             pubkey1 = self.get_pubkey(sequence)
452             pubkey2 = self.get_pubkey(sequence, mpk = self.mpk2)
453             pubkey3 = self.get_pubkey(sequence, mpk = self.mpk3)
454             address = Transaction.multisig_script([pubkey1, pubkey2, pubkey3], 2)["address"]
455         return address
456
457     def get_pubkey(self, sequence, mpk=None):
458         curve = SECP256k1
459         if mpk is None: mpk = self.master_public_key
460         z = self.get_sequence(sequence, mpk)
461         master_public_key = ecdsa.VerifyingKey.from_string( mpk.decode('hex'), curve = SECP256k1 )
462         pubkey_point = master_public_key.pubkey.point + z*curve.generator
463         public_key2 = ecdsa.VerifyingKey.from_public_point( pubkey_point, curve = SECP256k1 )
464         return '04' + public_key2.to_string().encode('hex')
465
466     def get_private_key_from_stretched_exponent(self, sequence, secexp):
467         order = generator_secp256k1.order()
468         secexp = ( secexp + self.get_sequence(sequence, self.master_public_key) ) % order
469         pk = number_to_string( secexp, generator_secp256k1.order() )
470         compressed = False
471         return SecretToASecret( pk, compressed )
472         
473     def get_private_key(self, sequence, seed):
474         secexp = self.stretch_key(seed)
475         return self.get_private_key_from_stretched_exponent(sequence, secexp)
476
477     def get_private_keys(self, sequence_list, seed):
478         secexp = self.stretch_key(seed)
479         return [ self.get_private_key_from_stretched_exponent( sequence, secexp) for sequence in sequence_list]
480
481     def check_seed(self, seed):
482         curve = SECP256k1
483         secexp = self.stretch_key(seed)
484         master_private_key = ecdsa.SigningKey.from_secret_exponent( secexp, curve = SECP256k1 )
485         master_public_key = master_private_key.get_verifying_key().to_string().encode('hex')
486         if master_public_key != self.master_public_key:
487             print_error('invalid password (mpk)')
488             raise BaseException('Invalid password')
489         return True
490
491     def get_input_info(self, sequence):
492         if not self.mpk2:
493             pk_addr = self.get_address(sequence)
494             redeemScript = None
495         elif not self.mpk3:
496             pubkey1 = self.get_pubkey(sequence)
497             pubkey2 = self.get_pubkey(sequence,mpk=self.mpk2)
498             pk_addr = public_key_to_bc_address( pubkey1.decode('hex') ) # we need to return that address to get the right private key
499             redeemScript = Transaction.multisig_script([pubkey1, pubkey2], 2)['redeemScript']
500         else:
501             pubkey1 = self.get_pubkey(sequence)
502             pubkey2 = self.get_pubkey(sequence,mpk=self.mpk2)
503             pubkey3 = self.get_pubkey(sequence,mpk=self.mpk3)
504             pk_addr = public_key_to_bc_address( pubkey1.decode('hex') ) # we need to return that address to get the right private key
505             redeemScript = Transaction.multisig_script([pubkey1, pubkey2, pubkey3], 2)['redeemScript']
506         return pk_addr, redeemScript
507
508
509
510
511 class BIP32Sequence:
512
513     def __init__(self, mpkc, mpkc2 = None):
514         self.master_public_key, self.master_chain = mpkc
515         if mpkc2:
516             self.master_public_key2, self.master_chain2 = mpkc2
517             self.is_p2sh = True
518         else:
519             self.is_p2sh = False
520     
521     @classmethod
522     def mpk_from_seed(klass, seed):
523         master_secret, master_chain, master_public_key, master_public_key_compressed = bip32_init(seed)
524         return master_public_key.encode('hex'), master_chain.encode('hex')
525
526     def get_pubkey(self, sequence, use_mpk2=False):
527         if not use_mpl2:
528             K = self.master_public_key.decode('hex')
529             chain = self.master_chain.decode('hex')
530         else:
531             K = self.master_public_key_2.decode('hex')
532             chain = self.master_chain_2.decode('hex')
533         for i in sequence:
534             K, K_compressed, chain = CKD_prime(K, chain, i)
535         return K_compressed
536
537     def get_address(self, sequence):
538         return hash_160_to_bc_address(hash_160(self.get_pubkey(sequence)))
539
540     def get_private_key(self, seed, sequence):
541         k = self.master_secret
542         chain = self.master_chain
543         for i in sequence:
544             k, k_compressed, chain = CKD(k, chain, i)
545         return SecretToASecret(k0, True)
546
547     def check_seed(self, seed):
548         master_secret, master_chain, master_public_key, master_public_key_compressed = bip32_init(seed)
549         assert self.master_public_key == master_public_key
550
551 ################################## transactions
552
553
554 class Transaction:
555     
556     def __init__(self, raw):
557         self.raw = raw
558         self.deserialize()
559         self.inputs = self.d['inputs']
560         self.outputs = self.d['outputs']
561         self.outputs = map(lambda x: (x['address'],x['value']), self.outputs)
562         self.input_info = None
563         self.is_complete = True
564         
565     @classmethod
566     def from_io(klass, inputs, outputs):
567         raw = klass.serialize(inputs, outputs, for_sig = -1) # for_sig=-1 means do not sign
568         self = klass(raw)
569         self.is_complete = False
570         self.inputs = inputs
571         self.outputs = outputs
572         extras = []
573         for i in self.inputs:
574             e = { 'txid':i['tx_hash'], 'vout':i['index'], 'scriptPubKey':i.get('raw_output_script') }
575             extras.append(e)
576         self.input_info = extras
577         return self
578
579     def __str__(self):
580         return self.raw
581
582     @classmethod
583     def multisig_script(klass, public_keys, num=None):
584         n = len(public_keys)
585         if num is None: num = n
586         # supports only "2 of 2", and "2 of 3" transactions
587         assert num <= n and n in [2,3]
588     
589         if num==2:
590             s = '52'
591         elif num == 3:
592             s = '53'
593         else:
594             raise
595     
596         for k in public_keys:
597             s += var_int(len(k)/2)
598             s += k
599         if n==2:
600             s += '52'
601         elif n==3:
602             s += '53'
603         else:
604             raise
605         s += 'ae'
606
607         out = { "address": hash_160_to_bc_address(hash_160(s.decode('hex')), 5), "redeemScript":s }
608         return out
609
610     @classmethod
611     def serialize( klass, inputs, outputs, for_sig = None ):
612
613         s  = int_to_hex(1,4)                                         # version
614         s += var_int( len(inputs) )                                  # number of inputs
615         for i in range(len(inputs)):
616             txin = inputs[i]
617             s += txin['tx_hash'].decode('hex')[::-1].encode('hex')   # prev hash
618             s += int_to_hex(txin['index'],4)                         # prev index
619
620             if for_sig is None:
621                 pubkeysig = txin.get('pubkeysig')
622                 if pubkeysig:
623                     pubkey, sig = pubkeysig[0]
624                     sig = sig + chr(1)                               # hashtype
625                     script  = op_push( len(sig))
626                     script += sig.encode('hex')
627                     script += op_push( len(pubkey))
628                     script += pubkey.encode('hex')
629                 else:
630                     signatures = txin['signatures']
631                     pubkeys = txin['pubkeys']
632                     script = '00'                                    # op_0
633                     for sig in signatures:
634                         sig = sig + '01'
635                         script += op_push(len(sig)/2)
636                         script += sig
637
638                     redeem_script = klass.multisig_script(pubkeys,2).get('redeemScript')
639                     script += op_push(len(redeem_script)/2)
640                     script += redeem_script
641
642             elif for_sig==i:
643                 if txin.get('redeemScript'):
644                     script = txin['redeemScript']                    # p2sh uses the inner script
645                 else:
646                     script = txin['raw_output_script']               # scriptsig
647             else:
648                 script=''
649             s += var_int( len(script)/2 )                            # script length
650             s += script
651             s += "ffffffff"                                          # sequence
652
653         s += var_int( len(outputs) )                                 # number of outputs
654         for output in outputs:
655             addr, amount = output
656             s += int_to_hex( amount, 8)                              # amount
657             addrtype, hash_160 = bc_address_to_hash_160(addr)
658             if addrtype == 0:
659                 script = '76a9'                                      # op_dup, op_hash_160
660                 script += '14'                                       # push 0x14 bytes
661                 script += hash_160.encode('hex')
662                 script += '88ac'                                     # op_equalverify, op_checksig
663             elif addrtype == 5:
664                 script = 'a9'                                        # op_hash_160
665                 script += '14'                                       # push 0x14 bytes
666                 script += hash_160.encode('hex')
667                 script += '87'                                       # op_equal
668             else:
669                 raise
670             
671             s += var_int( len(script)/2 )                           #  script length
672             s += script                                             #  script
673         s += int_to_hex(0,4)                                        #  lock time
674         if for_sig is not None and for_sig != -1:
675             s += int_to_hex(1, 4)                                   #  hash type
676         return s
677
678
679     def for_sig(self,i):
680         return self.serialize(self.inputs, self.outputs, for_sig = i)
681
682
683     def hash(self):
684         return Hash(self.raw.decode('hex') )[::-1].encode('hex')
685
686     def sign(self, private_keys):
687         import deserialize
688
689         for i in range(len(self.inputs)):
690             txin = self.inputs[i]
691             tx_for_sig = self.serialize( self.inputs, self.outputs, for_sig = i )
692
693             if txin.get('redeemScript'):
694                 # 1 parse the redeem script
695                 num, redeem_pubkeys = deserialize.parse_redeemScript(txin.get('redeemScript'))
696                 self.inputs[i]["pubkeys"] = redeem_pubkeys
697
698                 # build list of public/private keys
699                 keypairs = {}
700                 for sec in private_keys.values():
701                     compressed = is_compressed(sec)
702                     pkey = regenerate_key(sec)
703                     pubkey = GetPubKey(pkey.pubkey, compressed)
704                     keypairs[ pubkey.encode('hex') ] = sec
705
706                 # list of already existing signatures
707                 signatures = txin.get("signatures",[])
708                 print_error("signatures",signatures)
709
710                 for pubkey in redeem_pubkeys:
711                     public_key = ecdsa.VerifyingKey.from_string(pubkey[2:].decode('hex'), curve = SECP256k1)
712                     for s in signatures:
713                         try:
714                             public_key.verify_digest( s.decode('hex')[:-1], Hash( tx_for_sig.decode('hex') ), sigdecode = ecdsa.util.sigdecode_der)
715                             break
716                         except ecdsa.keys.BadSignatureError:
717                             continue
718                     else:
719                         # check if we have a key corresponding to the redeem script
720                         if pubkey in keypairs.keys():
721                             # add signature
722                             sec = keypairs[pubkey]
723                             compressed = is_compressed(sec)
724                             pkey = regenerate_key(sec)
725                             secexp = pkey.secret
726                             private_key = ecdsa.SigningKey.from_secret_exponent( secexp, curve = SECP256k1 )
727                             public_key = private_key.get_verifying_key()
728                             sig = private_key.sign_digest( Hash( tx_for_sig.decode('hex') ), sigencode = ecdsa.util.sigencode_der )
729                             assert public_key.verify_digest( sig, Hash( tx_for_sig.decode('hex') ), sigdecode = ecdsa.util.sigdecode_der)
730                             signatures.append( sig.encode('hex') )
731                         
732                 # for p2sh, pubkeysig is a tuple (may be incomplete)
733                 self.inputs[i]["signatures"] = signatures
734                 print_error("signatures",signatures)
735                 self.is_complete = len(signatures) == num
736
737             else:
738                 sec = private_keys[txin['address']]
739                 compressed = is_compressed(sec)
740                 pkey = regenerate_key(sec)
741                 secexp = pkey.secret
742
743                 private_key = ecdsa.SigningKey.from_secret_exponent( secexp, curve = SECP256k1 )
744                 public_key = private_key.get_verifying_key()
745                 pkey = EC_KEY(secexp)
746                 pubkey = GetPubKey(pkey.pubkey, compressed)
747                 sig = private_key.sign_digest( Hash( tx_for_sig.decode('hex') ), sigencode = ecdsa.util.sigencode_der )
748                 assert public_key.verify_digest( sig, Hash( tx_for_sig.decode('hex') ), sigdecode = ecdsa.util.sigdecode_der)
749
750                 self.inputs[i]["pubkeysig"] = [(pubkey, sig)]
751                 self.is_complete = True
752
753         self.raw = self.serialize( self.inputs, self.outputs )
754
755
756     def deserialize(self):
757         import deserialize
758         vds = deserialize.BCDataStream()
759         vds.write(self.raw.decode('hex'))
760         self.d = deserialize.parse_Transaction(vds)
761         return self.d
762     
763
764     def has_address(self, addr):
765         found = False
766         for txin in self.inputs:
767             if addr == txin.get('address'): 
768                 found = True
769                 break
770         for txout in self.outputs:
771             if addr == txout[0]:
772                 found = True
773                 break
774         return found
775
776
777     def get_value(self, addresses, prevout_values):
778         # return the balance for that tx
779         is_send = False
780         is_pruned = False
781         v_in = v_out = v_out_mine = 0
782
783         for item in self.inputs:
784             addr = item.get('address')
785             if addr in addresses:
786                 is_send = True
787                 key = item['prevout_hash']  + ':%d'%item['prevout_n']
788                 value = prevout_values.get( key )
789                 if value is None:
790                     is_pruned = True
791                 else:
792                     v_in += value
793             else:
794                 is_pruned = True
795                     
796         for item in self.outputs:
797             addr, value = item
798             v_out += value
799             if addr in addresses:
800                 v_out_mine += value
801
802         if not is_pruned:
803             # all inputs are mine:
804             fee = v_out - v_in
805             v = v_out_mine - v_in
806         else:
807             # some inputs are mine:
808             fee = None
809             if is_send:
810                 v = v_out_mine - v_out
811             else:
812                 # no input is mine
813                 v = v_out_mine
814             
815         return is_send, v, fee
816
817     def as_dict(self):
818         import json
819         out = {
820             "hex":self.raw,
821             "complete":self.is_complete
822             }
823         if not self.is_complete:
824             extras = []
825             for i in self.inputs:
826                 e = { 'txid':i['tx_hash'], 'vout':i['index'],
827                       'scriptPubKey':i.get('raw_output_script'),
828                       'KeyID':i.get('KeyID'),
829                       'redeemScript':i.get('redeemScript'),
830                       'signatures':i.get('signatures'),
831                       'pubkeys':i.get('pubkeys'),
832                       }
833                 extras.append(e)
834             self.input_info = extras
835
836             if self.input_info:
837                 out['input_info'] = json.dumps(self.input_info).replace(' ','')
838
839         return out
840
841
842
843
844 def test_bip32():
845     seed = "ff000000000000000000000000000000".decode('hex')
846     master_secret, master_chain, master_public_key, master_public_key_compressed = bip32_init(seed)
847         
848     print "secret key", master_secret.encode('hex')
849     print "chain code", master_chain.encode('hex')
850
851     key_id = hash_160(master_public_key_compressed)
852     print "keyid", key_id.encode('hex')
853     print "base58"
854     print "address", hash_160_to_bc_address(key_id)
855     print "secret key", SecretToASecret(master_secret, True)
856
857     print "-- m/0 --"
858     k0, c0 = CKD(master_secret, master_chain, 0)
859     print "secret", k0.encode('hex')
860     print "chain", c0.encode('hex')
861     print "secret key", SecretToASecret(k0, True)
862     
863     K0, K0_compressed, c0 = CKD_prime(master_public_key, master_chain, 0)
864     print "address", hash_160_to_bc_address(hash_160(K0_compressed))
865     
866     print "-- m/0/1 --"
867     K01, K01_compressed, c01 = CKD_prime(K0, c0, 1)
868     print "address", hash_160_to_bc_address(hash_160(K01_compressed))
869     
870     print "-- m/0/1/3 --"
871     K013, K013_compressed, c013 = CKD_prime(K01, c01, 3)
872     print "address", hash_160_to_bc_address(hash_160(K013_compressed))
873     
874     print "-- m/0/1/3/7 --"
875     K0137, K0137_compressed, c0137 = CKD_prime(K013, c013, 7)
876     print "address", hash_160_to_bc_address(hash_160(K0137_compressed))
877         
878
879
880 if __name__ == '__main__':
881     test_bip32()
882
883
Lightweight Novacoin client