Merge branch 'bitcoin:master' into codex32

BenWestgate · web-flow · commit 69c7c96fea1f · 2025-09-07T18:44:16.000-05:00
diff --git a/README.mediawiki b/README.mediawiki
@@ -889,13 +889,13 @@ Those proposing changes should consider that ultimately consent may rest with th
 | Karl-Johan Alm
 | Standard
 | Withdrawn
-|-
+|- style="background-color: #cfffcf"
 | [[bip-0155.mediawiki|155]]
 | Peer Services
 | addrv2 message
 | Wladimir J. van der Laan
 | Standard
-| Draft
+| Final
 |- style="background-color: #ffcfcf"
 | [[bip-0156.mediawiki|156]]
 | Peer Services
diff --git a/bip-0054.md b/bip-0054.md
@@ -8,7 +8,7 @@
   Comments-URI: https://github.com/bitcoin/bips/wiki/Comments:BIP-0054
   Status: Draft
   Type: Standards Track
-  Created: 2024-04-11
+  Created: 2025-04-11
   License: CC0-1.0
 ```
 
diff --git a/bip-0155.mediawiki b/bip-0155.mediawiki
@@ -5,7 +5,7 @@
   Author: Wladimir J. van der Laan <laanwj@gmail.com>
   Comments-Summary: No comments yet.
   Comments-URI: https://github.com/bitcoin/bips/wiki/Comments:BIP-0155
-  Status: Draft
+  Status: Final
   Type: Standards Track
   Created: 2019-02-27
   License: BSD-2-Clause
diff --git a/bip-0328/_xpub.py b/bip-0328/_xpub.py
@@ -83,8 +83,8 @@ def deserialize_point(b: bytes) -> Point:
 def bytes_to_point(point_bytes: bytes) -> Point:
     header = point_bytes[0]
     if header == 4:
-        x = point_bytes = point_bytes[1:33]
-        y = point_bytes = point_bytes[33:65]
+        x = point_bytes[1:33]
+        y = point_bytes[33:65]
         return (int(binascii.hexlify(x), 16), int(binascii.hexlify(y), 16))
     return deserialize_point(point_bytes)
 
diff --git a/bip-0352/reference.py b/bip-0352/reference.py
@@ -116,7 +116,7 @@ def decode_silent_payment_address(address: str, hrp: str = "tsp") -> Tuple[ECPub
     return B_scan, B_spend
 
 
-def create_outputs(input_priv_keys: List[Tuple[ECKey, bool]], outpoints: List[COutPoint], recipients: List[str], hrp="tsp") -> List[str]:
+def create_outputs(input_priv_keys: List[Tuple[ECKey, bool]], outpoints: List[COutPoint], recipients: List[str], expected: Dict[str, any] = None, hrp="tsp") -> List[str]:
     G = ECKey().set(1).get_pubkey()
     negated_keys = []
     for key, is_xonly in input_priv_keys:
@@ -129,10 +129,16 @@ def create_outputs(input_priv_keys: List[Tuple[ECKey, bool]], outpoints: List[CO
     if not a_sum.valid:
         # Input privkeys sum is zero -> fail
         return []
+    assert ECKey().set(bytes.fromhex(expected.get("input_private_key_sum"))) == a_sum, "a_sum did not match expected input_private_key_sum"
     input_hash = get_input_hash(outpoints, a_sum * G)
     silent_payment_groups: Dict[ECPubKey, List[ECPubKey]] = {}
     for recipient in recipients:
-        B_scan, B_m = decode_silent_payment_address(recipient, hrp=hrp)
+        B_scan, B_m = decode_silent_payment_address(recipient["address"], hrp=hrp)
+        # Verify decoded intermediate keys for recipient
+        expected_B_scan = ECPubKey().set(bytes.fromhex(recipient["scan_pub_key"]))
+        expected_B_m = ECPubKey().set(bytes.fromhex(recipient["spend_pub_key"]))
+        assert expected_B_scan == B_scan, "B_scan did not match expected recipient.scan_pub_key"
+        assert expected_B_m == B_m, "B_m did not match expected recipient.spend_pub_key"
         if B_scan in silent_payment_groups:
             silent_payment_groups[B_scan].append(B_m)
         else:
@@ -141,6 +147,14 @@ def create_outputs(input_priv_keys: List[Tuple[ECKey, bool]], outpoints: List[CO
     outputs = []
     for B_scan, B_m_values in silent_payment_groups.items():
         ecdh_shared_secret = input_hash * a_sum * B_scan
+        expected_shared_secrets = expected.get("shared_secrets", {})
+        # Find the recipient address that corresponds to this B_scan and get its index
+        for recipient_idx, recipient in enumerate(recipients):
+            recipient_B_scan = ECPubKey().set(bytes.fromhex(recipient["scan_pub_key"]))
+            if recipient_B_scan == B_scan:
+                expected_shared_secret_hex = expected_shared_secrets[recipient_idx]
+                assert ecdh_shared_secret.get_bytes(False).hex() == expected_shared_secret_hex, f"ecdh_shared_secret did not match expected, recipient {recipient_idx} ({recipient['address']}): expected={expected_shared_secret_hex}"
+                break
         k = 0
         for B_m in B_m_values:
             t_k = TaggedHash("BIP0352/SharedSecret", ecdh_shared_secret.get_bytes(False) + ser_uint32(k))
@@ -151,9 +165,13 @@ def create_outputs(input_priv_keys: List[Tuple[ECKey, bool]], outpoints: List[CO
     return list(set(outputs))
 
 
-def scanning(b_scan: ECKey, B_spend: ECPubKey, A_sum: ECPubKey, input_hash: bytes, outputs_to_check: List[ECPubKey], labels: Dict[str, str] = {}) -> List[Dict[str, str]]:
+def scanning(b_scan: ECKey, B_spend: ECPubKey, A_sum: ECPubKey, input_hash: bytes, outputs_to_check: List[ECPubKey], labels: Dict[str, str] = None, expected: Dict[str, any] = None) -> List[Dict[str, str]]:
     G = ECKey().set(1).get_pubkey()
+    input_hash_key = ECKey().set(input_hash)
+    computed_tweak_point = input_hash_key * A_sum
+    assert computed_tweak_point.get_bytes(False).hex() == expected.get("tweak"), "tweak did not match expected"
     ecdh_shared_secret = input_hash * b_scan * A_sum
+    assert ecdh_shared_secret.get_bytes(False).hex() == expected.get("shared_secret"), "ecdh_shared_secret did not match expected shared_secret"
     k = 0
     wallet = []
     while True:
@@ -236,11 +254,12 @@ def scanning(b_scan: ECKey, B_spend: ECPubKey, A_sum: ECPubKey, input_hash: byte
                     is_p2tr(vin.prevout),
                 ))
                 input_pub_keys.append(pubkey)
+            assert [pk.get_bytes(False).hex() for pk in input_pub_keys] == expected.get("input_pub_keys"), "input_pub_keys did not match expected"
 
             sending_outputs = []
             if (len(input_pub_keys) > 0):
                 outpoints = [vin.outpoint for vin in vins]
-                sending_outputs = create_outputs(input_priv_keys, outpoints, given["recipients"], hrp="sp")
+                sending_outputs = create_outputs(input_priv_keys, outpoints, given["recipients"], expected=expected, hrp="sp")
 
                 # Note: order doesn't matter for creating/finding the outputs. However, different orderings of the recipient addresses
                 # will produce different generated outputs if sending to multiple silent payment addresses belonging to the
@@ -303,6 +322,7 @@ def scanning(b_scan: ECKey, B_spend: ECPubKey, A_sum: ECPubKey, input_hash: byte
                     # Input pubkeys sum is point at infinity -> skip tx
                     assert expected["outputs"] == []
                     continue
+                assert A_sum.get_bytes(False).hex() == expected.get("input_pub_key_sum"), "A_sum did not match expected input_pub_key_sum"
                 input_hash = get_input_hash([vin.outpoint for vin in vins], A_sum)
                 pre_computed_labels = {
                     (generate_label(b_scan, label) * G).get_bytes(False).hex(): generate_label(b_scan, label).hex()
@@ -315,6 +335,7 @@ def scanning(b_scan: ECKey, B_spend: ECPubKey, A_sum: ECPubKey, input_hash: byte
                     input_hash=input_hash,
                     outputs_to_check=outputs_to_check,
                     labels=pre_computed_labels,
+                    expected=expected,
                 )
 
             # Check that the private key is correct for the found output public key
diff --git a/bip-0352/send_and_receive_test_vectors.json b/bip-0352/send_and_receive_test_vectors.json
diff --git a/bip-0388/wallet_policies.py b/bip-0388/wallet_policies.py
