block_io 2.0.0 → 3.0.0

data/lib/block_io/extended_bitcoinrb.rb

@@ -0,0 +1,127 @@
+require 'yaml'
+
+module Bitcoin
+
+  # set network chain params
+  def self.chain_params=(name)
+    raise "chain params for #{name} is not defined." unless %i(BTC DOGE LTC BTCTEST DOGETEST LTCTEST).include?(name.to_sym)
+    @current_chain = nil
+    @chain_param = name.to_sym
+  end
+  
+  # current network chain params.
+  def self.chain_params
+    return @current_chain if @current_chain
+    return (@current_chain = Bitcoin::ChainParams.get(@chain_param.to_s))
+  end
+  
+  class ChainParams
+    def self.get(network)
+      init(network)
+    end
+
+    def self.init(name)
+      i = YAML.load(File.open("#{__dir__}/chainparams/#{name}.yml"))
+      i.dust_relay_fee ||= Bitcoin::DUST_RELAY_TX_FEE
+      i
+    end
+  end
+
+  module Secp256k1
+    
+    module Ruby
+
+      module_function
+
+      def sign_ecdsa(data, privkey, extra_entropy)
+        privkey = privkey.htb
+        private_key = ECDSA::Format::IntegerOctetString.decode(privkey)
+        extra_entropy ||= ''
+        nonce = RFC6979.generate_rfc6979_nonce(privkey + data, extra_entropy)
+
+        # port form ecdsa gem.
+        r_point = GROUP.new_point(nonce)
+
+        point_field = ECDSA::PrimeField.new(GROUP.order)
+        r = point_field.mod(r_point.x)
+        return nil if r.zero?
+
+        e = ECDSA.normalize_digest(data, GROUP.bit_length)
+        s = point_field.mod(point_field.inverse(nonce) * (e + r * private_key))
+
+        # covert to low-s
+        s = GROUP.order - s if s > (GROUP.order / 2)
+
+        return nil if s.zero?
+
+        signature = ECDSA::Signature.new(r, s).to_der
+
+        # comment lines below lead to performance issues
+        #        public_key = Bitcoin::Key.new(priv_key: privkey.bth, :key_type => Bitcoin::Key::TYPES[:compressed]).pubkey # get rid of the key_type warning
+        #        raise 'Creation of signature failed.' unless Bitcoin::Secp256k1::Ruby.verify_sig(data, signature, public_key)
+        
+        signature
+      end
+      
+    end
+  end
+  
+  class Key
+
+    def initialize(priv_key: nil, pubkey: nil, key_type: nil, compressed: true, allow_hybrid: false)
+      # override so enforce compressed keys
+      
+      raise "key_type must always be Bitcoin::KEY::TYPES[:compressed]" unless key_type == TYPES[:compressed]
+      puts "[Warning] Use key_type parameter instead of compressed. compressed parameter removed in the future." if key_type.nil? && !compressed.nil? && pubkey.nil?
+      if key_type
+        @key_type = key_type
+        compressed = @key_type != TYPES[:uncompressed]
+      else
+        @key_type = compressed ? TYPES[:compressed] : TYPES[:uncompressed]
+      end
+      @secp256k1_module =  Bitcoin.secp_impl
+      @priv_key = priv_key
+      if @priv_key
+        raise ArgumentError, Errors::Messages::INVALID_PRIV_KEY unless validate_private_key_range(@priv_key)
+      end
+      if pubkey
+        @pubkey = pubkey
+      else
+        @pubkey = generate_pubkey(priv_key, compressed: compressed) if priv_key
+      end
+      raise ArgumentError, Errors::Messages::INVALID_PUBLIC_KEY unless fully_valid_pubkey?(allow_hybrid)
+    end
+
+    def public_key_hex
+      @pubkey
+    end
+
+    def private_key_hex
+      @priv_key
+    end
+    
+  end
+
+end
+
+module Bech32
+  # override so we can parse non-Bitcoin Bech32 addresses
+  
+  class SegwitAddr
+    
+    private
+    def parse_addr(addr)
+      @hrp, data, spec = Bech32.decode(addr)
+      raise 'Invalid address.' if hrp.nil? || data[0].nil? || !['bc', 'ltc', 'tb', 'tltc', 'doge', 'tdge'].include?(hrp) # HRP_MAINNET, HRP_TESTNET, HRP_REGTEST].include?(hrp)
+      @ver = data[0]
+      raise 'Invalid witness version' if @ver > 16
+      @prog = convert_bits(data[1..-1], 5, 8, false)
+      raise 'Invalid witness program' if @prog.nil? || @prog.length < 2 || @prog.length > 40
+      raise 'Invalid witness program with version 0' if @ver == 0 && (@prog.length != 20 && @prog.length != 32)
+      raise 'Witness version and encoding spec do not match' if (@ver == 0 && spec != Bech32::Encoding::BECH32) || (@ver != 0 && spec != Bech32::Encoding::BECH32M)
+    end
+        
+  end
+  
+end
+

data/lib/block_io/helper.rb

@@ -2,61 +2,165 @@ module BlockIo
 
   class Helper
 
-    def self.signData(inputs, keys)
-      # sign the given data with the given keys
+    def self.allSignaturesPresent?(tx, inputs, signatures, input_address_data)
+      # returns true if transaction has all signatures present
+      
+      all_signatures_present = false
 
-      raise Exception.new("Keys object must be a hash or array containing the appropriate keys.") unless keys.size >= 1
+      inputs.each do |input|
+        # check if each input has its required signatures
+        
+        spending_address = input['spending_address']
+        current_input_address_data = input_address_data.detect{|x| x['address'] == spending_address}
+        required_signatures = current_input_address_data['required_signatures']
+        public_keys = current_input_address_data['public_keys']
 
-      signatures_added = false
-      
-      # create a dictionary of keys we have
-      # saves the next loop from being O(n^3)
-      hkeys = (keys.is_a?(Hash) ? keys : keys.inject({}){|h,v| h[v.public_key] = v; h})
-      odata = []
+        signatures_present = signatures.map{|x| x if x['input_index'] == input['input_index']}.compact.inject({}){|h,v| h[v['public_key']] = v['signature']; h}
+
+        # break the loop if all signatures are not present for this input
+        all_signatures_present = (signatures_present.keys.size >= required_signatures)
+        break unless all_signatures_present
+        
+      end
 
-      # saves the next loop from being O(n^2)
-      inputs.each{|input| odata << input["data_to_sign"]; odata << input["signatures_needed"]; odata.push(*input["signers"])}
+      all_signatures_present
 
-      data_to_sign = nil
-      signatures_needed = nil
+    end
+
+    def self.isSegwitAddressType?(address_type)
+
+      case address_type
+      when /^P2WPKH(-over-P2SH)?$/
+        true
+      when /^P2WSH(-over-P2SH)?$/
+        true
+      when /^WITNESS_V(\d)$/
+        true
+      else
+        false
+      end
+        
+    end
+    
+    def self.finalizeTransaction(tx, inputs, signatures, input_address_data)
+      # append signatures to the transaction and return its hexadecimal representation
       
-      while !(cdata = odata.shift).nil? do
-        # O(n)
+      inputs.each do |input|
+        # for each input
+
+        signatures_present = signatures.map{|x| x if x['input_index'] == input['input_index']}.compact.inject({}){|h,v| h[v['public_key']] = v['signature']; h}
+        address_data = input_address_data.detect{|x| x['address'] == input['spending_address']} # contains public keys (ordered) and the address type
+        input_index = input['input_index']
+        is_segwit = isSegwitAddressType?(address_data['address_type'])
+        script_stack = (is_segwit ? tx.in[input_index].script_witness.stack : tx.in[input_index].script_sig)
         
-        if cdata.is_a?(String) then
-          # this is data to sign
+        if ['P2PKH', 'P2WPKH', 'P2WPKH-over-P2SH'].include?(address_data['address_type']) then
+          # P2PKH will use script_sig as script_stack
+          # P2WPKH input, or P2WPKH-over-P2SH input will use script_witness.stack as script_stack
 
-          # make a copy of this
-          data_to_sign = '' << cdata
+          current_public_key = address_data['public_keys'][0]
+          current_signature = signatures_present[current_public_key]
 
-          # number of signatures needed
-          signatures_needed = 0 + odata.shift
+          # no blank push necessary for P2PKH, P2WPKH, P2WPKH-over-P2SH
+          script_stack << ([current_signature].pack("H*") + [Bitcoin::SIGHASH_TYPE[:all]].pack('C'))
+          script_stack << [current_public_key].pack("H*")
 
-        else
-          # add signatures if necessary
-          # dTrust required signatures may be lower than number of keys provided
-          
-          if hkeys.key?(cdata["signer_public_key"]) and signatures_needed > 0 and cdata["signed_data"].nil? then
-            cdata["signed_data"] = hkeys[cdata["signer_public_key"]].sign(data_to_sign) 
-            signatures_needed -= 1
-            signatures_added ||= true
+          # P2WPKH-over-P2SH required script_sig still
+          tx.in[input_index].script_sig << (
+            Bitcoin::Script.to_p2wpkh(
+              Bitcoin::Key.new(:pubkey => current_public_key, :key_type => Bitcoin::Key::TYPES[:compressed]).hash160 # hash160 of the compressed pubkey
+            ).to_payload
+          ) if address_data['address_type'] == "P2WPKH-over-P2SH"
+                    
+        elsif ['P2SH', 'WITNESS_V0', 'P2WSH-over-P2SH'].include?(address_data['address_type']) then
+          # P2SH will use script_sig as script_stack
+          # P2WSH or P2WSH-over-P2SH input will use script_witness.stack as script_stack
+
+          script = Bitcoin::Script.to_p2sh_multisig_script(address_data['required_signatures'], address_data['public_keys'])
+
+          script_stack << '' # blank push for scripthash always
+
+          signatures_added = 0
+
+          address_data['public_keys'].each do |public_key|
+            next unless signatures_present.key?(public_key)
+
+            # append signatures, no sighash needed, in correct order of public keys
+            current_signature = signatures_present[public_key]
+            script_stack << ([current_signature].pack("H*") + [Bitcoin::SIGHASH_TYPE[:all]].pack('C'))
+
+            signatures_added += 1
+
+            # required signatures added? break loop and move on
+            break if signatures_added == address_data['required_signatures']
           end
+
+          script_stack << script.last.to_payload
+
+          # P2WSH-over-P2SH needs script_sig populated still
+          tx.in[input_index].script_sig << Bitcoin::Script.to_p2wsh(script.last).to_payload if address_data['address_type'] == "P2WSH-over-P2SH"
           
+        else
+          raise "Unrecognized input address: #{address_data['address_type']}"
         end
-
+        
       end
 
-      signatures_added
+      tx.to_hex
+      
     end
+    
+    def self.getSigHashForInput(tx, input_index, input_data, input_address_data)
+      # returns the sighash for the given input in bytes
+      
+      address_type = input_address_data["address_type"]
+      input_value = (BigDecimal(input_data['input_value']) * BigDecimal(100000000)).to_i # in sats
+      sighash = nil
+      
+      if address_type == "P2SH" then
+        # P2SH addresses
+        
+        script = Bitcoin::Script.to_p2sh_multisig_script(input_address_data["required_signatures"], input_address_data["public_keys"])
+        sighash = tx.sighash_for_input(input_index, script.last)
+        
+      elsif address_type == "P2WSH-over-P2SH" or address_type == "WITNESS_V0" then
+        # P2WSH-over-P2SH addresses
+        # WITNESS_V0 addresses
 
-    def self.extractKey(encrypted_data, b64_enc_key, use_low_r = true)
+        script = Bitcoin::Script.to_p2sh_multisig_script(input_address_data["required_signatures"], input_address_data["public_keys"])
+        sighash = tx.sighash_for_input(input_index, script.last, amount: input_value, sig_version: :witness_v0)
+        
+      elsif address_type == "P2WPKH-over-P2SH" or address_type == "P2WPKH" then
+        # P2WPKH-over-P2SH addresses
+        # P2WPKH addresses
+        
+        pub_key = Bitcoin::Key.new(:pubkey => input_address_data['public_keys'].first, :key_type => Bitcoin::Key::TYPES[:compressed]) # compressed
+        script = Bitcoin::Script.to_p2wpkh(pub_key.hash160)
+        sighash = tx.sighash_for_input(input_index, script, amount: input_value, sig_version: :witness_v0)
+        
+      elsif address_type == "P2PKH" then
+        # P2PKH addresses
+
+        pub_key = Bitcoin::Key.new(:pubkey => input_address_data['public_keys'].first, :key_type => Bitcoin::Key::TYPES[:compressed]) # compressed
+        script = Bitcoin::Script.to_p2pkh(pub_key.hash160)
+        sighash = tx.sighash_for_input(input_index, script)
+
+      else
+        raise "Unrecognize address type: #{address_type}"
+      end
+
+      sighash
+      
+    end
+    
+    def self.extractKey(encrypted_data, b64_enc_key)
       # passphrase is in plain text
       # encrypted_data is in base64, as it was stored on Block.io
       # returns the private key extracted from the given encrypted data
       
       decrypted = self.decrypt(encrypted_data, b64_enc_key)
       
-      Key.from_passphrase(decrypted, use_low_r)
+      Key.from_passphrase(decrypted)
 
     end
     
@@ -90,12 +194,6 @@ module BlockIo
 
     end
 
-    def self.low_r?(r)
-      # https://github.com/bitcoin/bitcoin/blob/v0.20.0/src/key.cpp#L207
-      h = r.scan(/../)
-      h[3].to_i(16) == 32 and h[4].to_i(16) < 0x80
-    end
-    
     # Decrypts a block of data (encrypted_data) given an encryption key
     def self.decrypt(encrypted_data, b64_enc_key, iv = nil, cipher_type = "AES-256-ECB")
       

data/lib/block_io/key.rb

@@ -2,67 +2,18 @@ module BlockIo
 
   class Key
 
-    def initialize(privkey = nil, use_low_r = true, compressed = true)
-      # the privkey must be in hex if at all provided
-
-      @group = ECDSA::Group::Secp256k1
-      @private_key = (privkey.nil? ? (1 + SecureRandom.random_number(@group.order - 1)) : privkey.to_i(16))
-      @public_key = @group.generator.multiply_by_scalar(@private_key)
-      @compressed = compressed
-      @use_low_r = use_low_r
-      
-    end 
-    
-    def private_key
-      # returns private key in hex form
-      @private_key.to_s(16)
-    end
-    
-    def public_key
-      # returns the compressed form of the public key to save network fees (shorter scripts)
-      # hex form
-      ECDSA::Format::PointOctetString.encode(@public_key, compression: @compressed).unpack("H*")[0]
+    def self.generate
+      # returns a new key
+      Bitcoin::Key.generate(Bitcoin::Key::TYPES[:compressed]) # compressed
     end
-    
-    def sign(data)
-      # sign the given hexadecimal string
-
-      counter = 0
-      signature = nil
-      
-      loop do
-
-        # first this we get K, it's without extra entropy
-        # second time onwards, with extra entropy
-        nonce = Key.deterministicGenerateK([data].pack("H*"), @private_key, counter) # RFC6979
-        signature = ECDSA.sign(@group, @private_key, data.to_i(16), nonce)
-      
-        r, s = signature.components
 
-        # BIP0062 -- use lower S values only
-        over_two = @group.order >> 1 # half of what it was                     
-        s = @group.order - s if (s > over_two)
-        
-        signature = ECDSA::Signature.new(r, s)
-
-        # DER encode this, and return it in hex form
-        signature = ECDSA::Format::SignatureDerString.encode(signature).unpack("H*")[0]
-
-        break if !@use_low_r or Helper.low_r?(signature)
-
-        counter += 1
-
-      end
-      
-      signature
-      
-    end
-
-    def valid_signature?(signature, data)
-      ECDSA.valid_signature?(@public_key, [data].pack("H*"), ECDSA::Format::SignatureDerString.decode([signature].pack("H*")))
+    def self.from_private_key_hex(priv_key_hex)
+      # returns Bitcoin::Key (compressed)
+      # quirky behavior from bitcoinrb 0.7.0: use IntegerOctetString.encode on private key (integer) first
+      Bitcoin::Key.new(:priv_key => ECDSA::Format::IntegerOctetString.encode(priv_key_hex.to_i(16), 32).bth, :key_type => Bitcoin::Key::TYPES[:compressed])
     end
     
-    def self.from_passphrase(passphrase, use_low_r = true)
+    def self.from_passphrase(passphrase)
       # ATTENTION: use BlockIo::Key.new to generate new private keys. Using passphrases is not recommended due to lack of / low entropy.
       # create a private/public key pair from a given passphrase
       # use a long, random passphrase. your security depends on the passphrase's entropy.
@@ -72,78 +23,14 @@ module BlockIo
       hashed_key = Helper.sha256([passphrase].pack("H*")) # must pass bytes to sha256
       
       # modding is for backward compatibility with legacy bitcoinjs
-      Key.new((hashed_key.to_i(16) % ECDSA::Group::Secp256k1.order).to_s(16), use_low_r)
+      BlockIo::Key.from_private_key_hex((hashed_key.to_i(16) % ECDSA::Group::Secp256k1.order).to_s(16))
     end
 
-    def self.from_wif(wif, use_low_r = true)
+    def self.from_wif(wif)
       # returns a new key extracted from the Wallet Import Format provided
-      # TODO check against checksum
-
-      hexkey = Helper.decode_base58(wif)
-      actual_key = hexkey[2...66]
 
-      compressed = hexkey[2..hexkey.length].length-8 > 64 and hexkey[2..hexkey.length][64...66] == "01"
-
-      Key.new(actual_key, use_low_r, compressed)
-
-    end
-
-    private
-    
-    def self.isPositive(i)
-      sig = "!+-"[i <=> 0]
-      sig.eql?("+")
-    end
-    
-    def self.deterministicGenerateK(data, privkey, extra_entropy = nil, group = ECDSA::Group::Secp256k1)
-      # returns a deterministic K  -- RFC6979
-
-      hash = data.bytes.to_a
-
-      x = [privkey.to_s(16)].pack("H*").bytes.to_a
-      
-      k = [0] * 32      
-      v = [1] * 32
-
-      e = (extra_entropy.to_i <= 0 ? [] : [extra_entropy.to_s(16).rjust(64,"0").scan(/../).reverse.join].pack("H*").bytes.to_a)
-      
-      # step D
-      k_data = [v, [0], x, hash, e]
-      k_data.flatten!
-      k = OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), k.pack("C*"), k_data.pack("C*")).bytes.to_a
-      
-      # step E
-      v = OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), k.pack("C*"), v.pack("C*")).bytes.to_a
-      
-      # step F
-      k_data = [v, [1], x, hash, e]
-      k_data.flatten!
-      k = OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), k.pack("C*"), k_data.pack("C*")).bytes.to_a
-      
-      # step G
-      v = OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), k.pack("C*"), v.pack("C*")).bytes.to_a
-      
-      # step H2b (Step H1/H2a ignored)
-      v = OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), k.pack("C*"), v.pack("C*")).bytes.to_a
-      
-      h2b = v.pack("C*").unpack("H*")[0]
-      tNum = h2b.to_i(16)
-      
-      # step H3
-      while (!isPositive(tNum) or tNum >= group.order) do
-        # k = crypto.HmacSHA256(Buffer.concat([v, new Buffer([0])]), k)
-        k_data = [v, [0]]
-        k_data.flatten!
-        k = OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), k.pack("C*"), k_data.pack("C*")).bytes.to_a
-        
-        # v = crypto.HmacSHA256(v, k)
-        v = OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), k.pack("C*"), v.pack("C*")).bytes.to_a
-        
-        # T = BigInteger.fromBuffer(v)
-        tNum = v.pack("C*").unpack("H*")[0].to_i(16)
-      end
+      Bitcoin::Key.from_wif(wif)
 
-      tNum
     end
 
   end