Home Explore Help
Sign In
mmgen
/
mmgen-wallet
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 7c0bdf0fc0
Branches Tags
mmgen-wallet
/
mmgen
/
bitcoin.py

bitcoin.py 6.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182 
  1. #!/usr/bin/env python
    2. 

  2. #
    3. 

  3. # MMGen = Multi-Mode GENerator, command-line Bitcoin cold storage solution
    4. 

  4. # Copyright (C)2013-2016 Philemon <mmgen-py@yandex.com>
    5. 

  5. #
    6. 

  6. # This program is free software: you can redistribute it and/or modify
    7. 

  7. # it under the terms of the GNU General Public License as published by
    8. 

  8. # the Free Software Foundation, either version 3 of the License, or
    9. 

  9. # (at your option) any later version.
    10. 

  10. #
    11. 

  11. # This program is distributed in the hope that it will be useful,
    12. 

  12. # but WITHOUT ANY WARRANTY; without even the implied warranty of
    13. 

  13. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    14. 

  14. # GNU General Public License for more details.
    15. 

  15. #
    16. 

  16. # You should have received a copy of the GNU General Public License
    17. 

  17. # along with this program.  If not, see <http://www.gnu.org/licenses/>.
    18. 

  18. 

  19. """
    20. 

  20. bitcoin.py:  Bitcoin address/key conversion functions
    21. 

  21. """
    22. 

  22. 

  23. import ecdsa
    24. 

  24. from binascii import hexlify, unhexlify
    25. 

  25. from hashlib import sha256
    26. 

  26. from hashlib import new as hashlib_new
    27. 

  27. import sys
    28. 

  28. 

  29. # From electrum:
    30. 

  30. # secp256k1, http://www.oid-info.com/get/1.3.132.0.10
    31. 

  31. _p = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2FL
    32. 

  32. _r = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141L
    33. 

  33. _b = 0x0000000000000000000000000000000000000000000000000000000000000007L
    34. 

  34. _a = 0x0000000000000000000000000000000000000000000000000000000000000000L
    35. 

  35. _Gx = 0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798L
    36. 

  36. _Gy = 0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8L
    37. 

  37. _curve_secp256k1 = ecdsa.ellipticcurve.CurveFp(_p,_a,_b)
    38. 

  38. _generator_secp256k1 = ecdsa.ellipticcurve.Point(_curve_secp256k1,_Gx,_Gy,_r)
    39. 

  39. _oid_secp256k1 = (1,3,132,0,10)
    40. 

  40. _secp256k1 = ecdsa.curves.Curve('secp256k1',_curve_secp256k1,_generator_secp256k1,_oid_secp256k1)
    41. 

  41. 

  42. b58a='123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz'
    43. 

  43. 

  44. # From en.bitcoin.it:
    45. 

  45. #   The Base58 encoding used is home made, and has some differences.
    46. 

  46. #   Especially, leading zeroes are kept as single zeroes when conversion
    47. 

  47. #   happens.
    48. 

  48. #
    49. 

  49. # Test: 5JbQQTs3cnoYN9vDYaGY6nhQ1DggVsY4FJNBUfEfpSQqrEp3srk
    50. 

  50. #
    51. 

  51. # The 'zero address':
    52. 

  52. # 1111111111111111111114oLvT2 (use step2 = ('0' * 40) to generate)
    53. 

  53. 

  54. from mmgen.globalvars import g
    55. 

  55. 

  56. def pubhex2hexaddr(pubhex):
    57. 

  57. 	step1 = sha256(unhexlify(pubhex)).digest()
    58. 

  58. 	return hashlib_new('ripemd160',step1).hexdigest()
    59. 

  59. 

  60. def hexaddr2addr(hexaddr,p2sh=False):
    61. 

  61. 	# devdoc/ref_transactions.md:
    62. 

  62. 	hexaddr2 = ('00','6f','05','c4')[g.testnet+(2*p2sh)] + hexaddr
    63. 

  63. 	step1 = sha256(unhexlify(hexaddr2)).digest()
    64. 

  64. 	step2 = sha256(step1).hexdigest()
    65. 

  65. 	pubkey = hexaddr2 + step2[:8]
    66. 

  66. 	lzeroes = (len(hexaddr2) - len(hexaddr2.lstrip('0'))) / 2
    67. 

  67. 	return ('1' * lzeroes) + _numtob58(int(pubkey,16))
    68. 

  68. 

  69. def verify_addr(addr,verbose=False,return_hex=False):
    70. 

  70. 	for vers_num,ldigit in ('00','1'),('05','3'),('6f','mn'),('c4','2'):
    71. 

  71. 		if addr[0] not in ldigit: continue
    72. 

  72. 		num = _b58tonum(addr)
    73. 

  73. 		if num == False: break
    74. 

  74. 		addr_hex = '{:050x}'.format(num)
    75. 

  75. 		if addr_hex[:2] != vers_num: continue
    76. 

  76. 		step1 = sha256(unhexlify(addr_hex[:42])).digest()
    77. 

  77. 		step2 = sha256(step1).hexdigest()
    78. 

  78. 		if step2[:8] == addr_hex[42:]:
    79. 

  79. 			return addr_hex[2:42] if return_hex else True
    80. 

  80. 		else:
    81. 

  81. 			if verbose: Msg("Invalid checksum in address '%s'" % addr)
    82. 

  82. 			break
    83. 

  83. 

  84. 	if verbose: Msg("Invalid address '%s'" % addr)
    85. 

  85. 	return False
    86. 

  86. 

  87. 

  88. # Reworked code from here:
    89. 

  89. 

  90. def _numtob58(num):
    91. 

  91. 	ret = []
    92. 

  92. 	while num:
    93. 

  93. 		ret.append(b58a[num % 58])
    94. 

  94. 		num /= 58
    95. 

  95. 	return ''.join(ret)[::-1]
    96. 

  96. 

  97. def _b58tonum(b58num):
    98. 

  98. 	for i in b58num:
    99. 

  99. 		if not i in b58a: return False
    100. 

  100. 	return sum([b58a.index(n) * (58**i) for i,n in enumerate(list(b58num[::-1]))])
    101. 

  101. 

  102. # The following are MMGen internal (non-Bitcoin) b58 functions
    103. 

  103. 

  104. # Drop-in replacements for b64encode() and b64decode():
    105. 

  105. # (well, not exactly: they yield numeric but not bytewise equivalence)
    106. 

  106. 

  107. def b58encode(s):
    108. 

  108. 	if s == '': return ''
    109. 

  109. 	num = int(hexlify(s),16)
    110. 

  110. 	return _numtob58(num)
    111. 

  111. 

  112. def b58decode(b58num):
    113. 

  113. 	if b58num == '': return ''
    114. 

  114. 	# Zap all spaces:
    115. 

  115. 	# Use translate() only with str, not unicode
    116. 

  116. 	num = _b58tonum(str(b58num).translate(None,' \t\n\r'))
    117. 

  117. 	if num == False: return False
    118. 

  118. 	out = u'{:x}'.format(num)
    119. 

  119. 	return unhexlify(u'0'*(len(out)%2) + out)
    120. 

  120. 

  121. # These yield bytewise equivalence in our special cases:
    122. 

  122. 

  123. bin_lens = 16,24,32
    124. 

  124. b58_lens = 22,33,44
    125. 

  125. 

  126. def _b58_pad(s,a,b,pad,f,w):
    127. 

  127. 	try:
    128. 

  128. 		outlen = b[a.index(len(s))]
    129. 

  129. 	except:
    130. 

  130. 		Msg('_b58_pad() accepts only %s %s bytes long '\
    131. 

  131. 			'(input was %s bytes)' % (w,','.join([str(i) for i in a]),len(s)))
    132. 

  132. 		return False
    133. 

  133. 

  134. 	out = f(s)
    135. 

  135. 	if out == False: return False
    136. 

  136. 	return '%s%s' % (pad * (outlen - len(out)), out)
    137. 

  137. 

  138. def b58encode_pad(s):
    139. 

  139. 	return _b58_pad(s,
    140. 

  140. 		a=bin_lens,b=b58_lens,pad='1',f=b58encode,w='binary strings')
    141. 

  141. 

  142. def b58decode_pad(s):
    143. 

  143. 	return _b58_pad(s,
    144. 

  144. 		a=b58_lens,b=bin_lens,pad='\0',f=b58decode,w='base 58 numbers')
    145. 

  145. 

  146. # Compressed address support:
    147. 

  147. 

  148. def wif2hex(wif):
    149. 

  149. 	compressed = wif[0] != ('5','9')[g.testnet]
    150. 

  150. 	idx = (66,68)[bool(compressed)]
    151. 

  151. 	num = _b58tonum(wif)
    152. 

  152. 	if num == False: return False
    153. 

  153. 	key = '{:x}'.format(num)
    154. 

  154. 	if compressed and key[66:68] != '01': return False
    155. 

  155. 	round1 = sha256(unhexlify(key[:idx])).digest()
    156. 

  156. 	round2 = sha256(round1).hexdigest()
    157. 

  157. 	return key[2:66] if (key[:2] == ('80','ef')[g.testnet] and key[idx:] == round2[:8]) else False
    158. 

  158. 

  159. def hex2wif(hexpriv,compressed=False):
    160. 

  160. 	step1 = ('80','ef')[g.testnet] + hexpriv + ('','01')[bool(compressed)]
    161. 

  161. 	step2 = sha256(unhexlify(step1)).digest()
    162. 

  162. 	step3 = sha256(step2).hexdigest()
    163. 

  163. 	key = step1 + step3[:8]
    164. 

  164. 	return _numtob58(int(key,16))
    165. 

  165. 

  166. # devdoc/guide_wallets.md:
    167. 

  167. # Uncompressed public keys start with 0x04; compressed public keys begin with
    168. 

  168. # 0x03 or 0x02 depending on whether they're greater or less than the midpoint
    169. 

  169. # of the curve.
    170. 

  170. def privnum2pubhex(numpriv,compressed=False):
    171. 

  171. 	pko = ecdsa.SigningKey.from_secret_exponent(numpriv,_secp256k1)
    172. 

  172. 	# pubkey = 32-byte X coord + 32-byte Y coord (unsigned big-endian)
    173. 

  173. 	pubkey = hexlify(pko.get_verifying_key().to_string())
    174. 

  174. 	if compressed: # discard Y coord, replace with appropriate version byte
    175. 

  175. 		# even Y: <0, odd Y: >0 -- https://bitcointalk.org/index.php?topic=129652.0
    176. 

  176. 		p = ('03','02')[pubkey[-1] in '02468ace']
    177. 

  177. 		return p+pubkey[:64]
    178. 

  178. 	else:
    179. 

  179. 		return '04'+pubkey
    180. 

  180. 

  181. def privnum2addr(numpriv,compressed=False):
    182. 

  182. 	return hexaddr2addr(pubhex2hexaddr(privnum2pubhex(numpriv,compressed)))
    183.