Merge #189: Bech32 address support

1547251 Bitcoin's default Regtest bech32 HRP is 'bcrt' not 'tb' (John Villar)
e8d2037 Add tests (genme)
542ac35  Add python2 support to CBech32BitcoinAddress (genme)
e872989 add str() tests for P2WPKHBitcoinAddress and P2WSHBitcoinAddress (Dmitry Petukhov)
7c2b4e1 add Bech32-encoded address support (Dmitry Petukhov)
737380e Add python2 support to bech32 (Martino Salvetti)
01083b7 Add BECH32_HRP in network parameters (Martino Salvetti)
dfaa0c2 Add Bech32 encoding/decoding; add CBech32Data (Martino Salvetti)

Pull request description:

  Add Bech32-encoded address support

  This is based on #154

  Introduce CBase58Address and CBech32Address

  make CBitcoinAddress a wrapper that returns CBase58Address or CBech32Address depending on input data

  introduce to_redeemScript() method, because for P2WPKHBitcoinAddress redeem script is not the same as scriptPubKey.

  unfortunately, for P2WSHBitcoinAddress to_redeemScript() cannot
  be implemented, as we need all pubkeys for that, and not only the hash.

Top commit has no ACKs.

Tree-SHA512: c2ea9a690c5f1a3d4f6f5d043396e8265adcfa0dc582daafb122a3f56e7eda2656051a07c294ea377034a221d83cb7864bc57265be0d02903f002412d86e384c

Author: petertodd

bitcoin/__init__.py

@@ -31,6 +31,7 @@ class MainParams(bitcoin.core.CoreMainParams):
     BASE58_PREFIXES = {'PUBKEY_ADDR':0,
                        'SCRIPT_ADDR':5,
                        'SECRET_KEY' :128}
+    BECH32_HRP = 'bc'
 
 class TestNetParams(bitcoin.core.CoreTestNetParams):
     MESSAGE_START = b'\x0b\x11\x09\x07'
@@ -43,6 +44,7 @@ class TestNetParams(bitcoin.core.CoreTestNetParams):
     BASE58_PREFIXES = {'PUBKEY_ADDR':111,
                        'SCRIPT_ADDR':196,
                        'SECRET_KEY' :239}
+    BECH32_HRP = 'tb'
 
 class RegTestParams(bitcoin.core.CoreRegTestParams):
     MESSAGE_START = b'\xfa\xbf\xb5\xda'
@@ -52,6 +54,7 @@ class RegTestParams(bitcoin.core.CoreRegTestParams):
     BASE58_PREFIXES = {'PUBKEY_ADDR':111,
                        'SCRIPT_ADDR':196,
                        'SECRET_KEY' :239}
+    BECH32_HRP = 'bcrt'
 
 """Master global setting for what chain params we're using.
 

bitcoin/bech32.py

@@ -0,0 +1,81 @@
+# Copyright (C) 2017 The python-bitcoinlib developers
+#
+# This file is part of python-bitcoinlib.
+#
+# It is subject to the license terms in the LICENSE file found in the top-level
+# directory of this distribution.
+#
+# No part of python-bitcoinlib, including this file, may be copied, modified,
+# propagated, or distributed except according to the terms contained in the
+# LICENSE file.
+
+"""Bech32 encoding and decoding"""
+
+import sys
+_bchr = chr
+_bord = ord
+if sys.version > '3':
+    long = int
+    _bchr = lambda x: bytes([x])
+    _bord = lambda x: x
+
+from bitcoin.segwit_addr import encode, decode
+import bitcoin
+
+class Bech32Error(Exception):
+    pass
+
+class Bech32ChecksumError(Bech32Error):
+    pass
+
+class CBech32Data(bytes):
+    """Bech32-encoded data
+
+    Includes a witver and checksum.
+    """
+    def __new__(cls, s):
+        """from bech32 addr to """
+        witver, data = decode(bitcoin.params.BECH32_HRP, s)
+        if witver is None and data is None:
+            raise Bech32Error('Bech32 decoding error')
+
+        return cls.from_bytes(witver, data)
+
+    def __init__(self, s):
+        """Initialize from bech32-encoded string
+
+        Note: subclasses put your initialization routines here, but ignore the
+        argument - that's handled by __new__(), and .from_bytes() will call
+        __init__() with None in place of the string.
+        """
+
+    @classmethod
+    def from_bytes(cls, witver, witprog):
+        """Instantiate from witver and data"""
+        if not (0 <= witver <= 16):
+            raise ValueError('witver must be in range 0 to 16 inclusive; got %d' % witver)
+        self = bytes.__new__(cls, witprog)
+        self.witver = witver
+
+        return self
+
+    def to_bytes(self):
+        """Convert to bytes instance
+
+        Note that it's the data represented that is converted; the checkum and
+        witver is not included.
+        """
+        return b'' + self
+
+    def __str__(self):
+        """Convert to string"""
+        return encode(bitcoin.params.BECH32_HRP, self.witver, self)
+
+    def __repr__(self):
+        return '%s(%r)' % (self.__class__.__name__, str(self))
+
+__all__ = (
+    'Bech32Error',
+    'Bech32ChecksumError',
+    'CBech32Data',
+)

bitcoin/segwit_addr.py

@@ -0,0 +1,131 @@
+# Copyright (c) 2017 Pieter Wuille
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+"""Reference implementation for Bech32 and segwit addresses."""
+
+import sys
+_bchr = chr
+_bord = lambda x: ord(x) if isinstance(x, str) else x
+if sys.version > '3':
+    long = int
+    _bchr = lambda x: bytes([x])
+    _bord = lambda x: x
+
+CHARSET = "qpzry9x8gf2tvdw0s3jn54khce6mua7l"
+
+
+def bech32_polymod(values):
+    """Internal function that computes the Bech32 checksum."""
+    generator = [0x3b6a57b2, 0x26508e6d, 0x1ea119fa, 0x3d4233dd, 0x2a1462b3]
+    chk = 1
+    for value in values:
+        top = chk >> 25
+        chk = (chk & 0x1ffffff) << 5 ^ value
+        for i in range(5):
+            chk ^= generator[i] if ((top >> i) & 1) else 0
+    return chk
+
+
+def bech32_hrp_expand(hrp):
+    """Expand the HRP into values for checksum computation."""
+    return [ord(x) >> 5 for x in hrp] + [0] + [ord(x) & 31 for x in hrp]
+
+
+def bech32_verify_checksum(hrp, data):
+    """Verify a checksum given HRP and converted data characters."""
+    return bech32_polymod(bech32_hrp_expand(hrp) + data) == 1
+
+
+def bech32_create_checksum(hrp, data):
+    """Compute the checksum values given HRP and data."""
+    values = bech32_hrp_expand(hrp) + data
+    polymod = bech32_polymod(values + [0, 0, 0, 0, 0, 0]) ^ 1
+    return [(polymod >> 5 * (5 - i)) & 31 for i in range(6)]
+
+
+def bech32_encode(hrp, data):
+    """Compute a Bech32 string given HRP and data values."""
+    combined = data + bech32_create_checksum(hrp, data)
+    return hrp + '1' + ''.join([CHARSET[d] for d in combined])
+
+
+def bech32_decode(bech):
+    """Validate a Bech32 string, and determine HRP and data."""
+    if ((any(ord(x) < 33 or ord(x) > 126 for x in bech)) or
+            (bech.lower() != bech and bech.upper() != bech)):
+        return (None, None)
+    bech = bech.lower()
+    pos = bech.rfind('1')
+    if pos < 1 or pos + 7 > len(bech) or len(bech) > 90:
+        return (None, None)
+    if not all(x in CHARSET for x in bech[pos+1:]):
+        return (None, None)
+    hrp = bech[:pos]
+    data = [CHARSET.find(x) for x in bech[pos+1:]]
+    if not bech32_verify_checksum(hrp, data):
+        return (None, None)
+    return (hrp, data[:-6])
+
+
+def convertbits(data, frombits, tobits, pad=True):
+    """General power-of-2 base conversion."""
+    acc = 0
+    bits = 0
+    ret = []
+    maxv = (1 << tobits) - 1
+    max_acc = (1 << (frombits + tobits - 1)) - 1
+    for value in data:
+        value = _bord(value)
+        if value < 0 or (value >> frombits):
+            return None
+        acc = ((acc << frombits) | value) & max_acc
+        bits += frombits
+        while bits >= tobits:
+            bits -= tobits
+            ret.append((acc >> bits) & maxv)
+    if pad:
+        if bits:
+            ret.append((acc << (tobits - bits)) & maxv)
+    elif bits >= frombits or ((acc << (tobits - bits)) & maxv):
+        return None
+    return ret
+
+
+def decode(hrp, addr):
+    """Decode a segwit address."""
+    hrpgot, data = bech32_decode(addr)
+    if hrpgot != hrp:
+        return (None, None)
+    decoded = convertbits(data[1:], 5, 8, False)
+    if decoded is None or len(decoded) < 2 or len(decoded) > 40:
+        return (None, None)
+    if data[0] > 16:
+        return (None, None)
+    if data[0] == 0 and len(decoded) != 20 and len(decoded) != 32:
+        return (None, None)
+    return (data[0], decoded)
+
+
+def encode(hrp, witver, witprog):
+    """Encode a segwit address."""
+    ret = bech32_encode(hrp, [witver] + convertbits(witprog, 8, 5))
+    if decode(hrp, ret) == (None, None):
+        return None
+    return ret

bitcoin/tests/data/bech32_encode_decode.json

@@ -0,0 +1,8 @@
+[
+["0014751e76e8199196d454941c45d1b3a323f1433bd6", "BC1QW508D6QEJXTDG4Y5R3ZARVARY0C5XW7KV8F3T4"],
+["00201863143c14c5166804bd19203356da136c985678cd4d27a1b8c6329604903262", "tb1qrp33g0q5c5txsp9arysrx4k6zdkfs4nce4xj0gdcccefvpysxf3q0sl5k7"],
+["5128751e76e8199196d454941c45d1b3a323f1433bd6751e76e8199196d454941c45d1b3a323f1433bd6", "bc1pw508d6qejxtdg4y5r3zarvary0c5xw7kw508d6qejxtdg4y5r3zarvary0c5xw7k7grplx"],
+["6002751e", "BC1SW50QA3JX3S"],
+["5210751e76e8199196d454941c45d1b3a323", "bc1zw508d6qejxtdg4y5r3zarvaryvg6kdaj"],
+["0020000000c4a5cad46221b2a187905e5266362b99d5e91c6ce24d165dab93e86433", "tb1qqqqqp399et2xygdj5xreqhjjvcmzhxw4aywxecjdzew6hylgvsesrxh6hy"]
+]

bitcoin/tests/data/bech32_invalid.json

@@ -0,0 +1,12 @@
+[
+  ["tc1qw508d6qejxtdg4y5r3zarvary0c5xw7kg3g4ty", "Invalid human-readable part"],
+  ["bc1qw508d6qejxtdg4y5r3zarvary0c5xw7kv8f3t5", "Invalid checksum"],
+  ["BC13W508D6QEJXTDG4Y5R3ZARVARY0C5XW7KN40WF2", "Invalid witness version"],
+  ["bc1rw5uspcuh", "Invalid program length"],
+  ["bc10w508d6qejxtdg4y5r3zarvary0c5xw7kw508d6qejxtdg4y5r3zarvary0c5xw7kw5rljs90", "Invalid program length"],
+  ["BC1QR508D6QEJXTDG4Y5R3ZARVARYV98GJ9P", "Invalid program length for witness version 0 (per BIP141)"],
+  ["tb1qrp33g0q5c5txsp9arysrx4k6zdkfs4nce4xj0gdcccefvpysxf3q0sL5k7", "Mixed case"],
+  ["bc1zw508d6qejxtdg4y5r3zarvaryvqyzf3du", "zero padding of more than 4 bits"],
+  ["tb1qrp33g0q5c5txsp9arysrx4k6zdkfs4nce4xj0gdcccefvpysxf3pjxtptv", "Non-zero padding in 8-to-5 conversion"],
+  ["bc1gmk9yu", "Empty data section"]
+]

bitcoin/tests/test_bech32.py

@@ -0,0 +1,77 @@
+# Copyright (C) 2013-2014 The python-bitcoinlib developers
+#
+# This file is part of python-bitcoinlib.
+#
+# It is subject to the license terms in the LICENSE file found in the top-level
+# directory of this distribution.
+#
+# No part of python-bitcoinlib, including this file, may be copied, modified,
+# propagated, or distributed except according to the terms contained in the
+# LICENSE file.
+
+from __future__ import absolute_import, division, print_function, unicode_literals
+
+import json
+import os
+import unittest
+import array
+import sys
+_bchr = chr
+_bord = ord
+_tobytes = lambda x: array.array('B', x).tostring()
+if sys.version > '3':
+    long = int
+    _bchr = lambda x: bytes([x])
+    _bord = lambda x: x
+    _tobytes = bytes
+
+from binascii import unhexlify
+
+from bitcoin.core.script import CScript, OP_0, OP_1, OP_16
+from bitcoin.bech32 import *
+from bitcoin.segwit_addr import encode, decode
+
+
+def load_test_vectors(name):
+    with open(os.path.dirname(__file__) + '/data/' + name, 'r') as fd:
+        for testcase in json.load(fd):
+            yield testcase
+
+def to_scriptPubKey(witver, witprog):
+    """Decoded bech32 address to script"""
+    return CScript([witver]) + CScript(_tobytes(witprog))
+
+class Test_bech32(unittest.TestCase):
+
+    def op_decode(self, witver):
+        """OP encoding to int"""
+        if witver == OP_0:
+            return 0
+        if OP_1 <= witver <= OP_16:
+            return witver - OP_1 + 1
+        self.fail('Wrong witver: %d' % witver)
+
+    def test_encode_decode(self):
+        for exp_bin, exp_bech32 in load_test_vectors('bech32_encode_decode.json'):
+            exp_bin = [_bord(y) for y in unhexlify(exp_bin.encode('utf8'))]
+            witver = self.op_decode(exp_bin[0])
+            hrp = exp_bech32[:exp_bech32.rindex('1')].lower()
+            self.assertEqual(exp_bin[1], len(exp_bin[2:]))
+            act_bech32 = encode(hrp, witver, exp_bin[2:])
+            act_bin = decode(hrp, exp_bech32)
+
+            self.assertEqual(act_bech32.lower(), exp_bech32.lower())
+            self.assertEqual(to_scriptPubKey(*act_bin), _tobytes(exp_bin))
+
+class Test_CBech32Data(unittest.TestCase):
+    def test_from_data(self):
+        b = CBech32Data.from_bytes(0, unhexlify('751e76e8199196d454941c45d1b3a323f1433bd6'))
+        self.assertEqual(b.witver, 0)
+        self.assertEqual(str(b).upper(), 'BC1QW508D6QEJXTDG4Y5R3ZARVARY0C5XW7KV8F3T4')
+
+    def test_invalid_bech32_exception(self):
+
+        for invalid, _ in load_test_vectors("bech32_invalid.json"):
+            msg = '%r should have raised Bech32Error but did not' % invalid
+            with self.assertRaises(Bech32Error, msg=msg):
+                CBech32Data(invalid)

bitcoin/tests/test_segwit.py

@@ -36,8 +36,8 @@ def test_p2wpkh_signaturehash(self):
         scriptpubkey  = CScript(x('00141d0f172a0ecb48aee1be1f2687d2963ae33f71a1'))
         value         = int(6*COIN)
 
-        address = CBitcoinAddress.from_scriptPubKey(scriptpubkey)
-        self.assertEqual(SignatureHash(address.to_scriptPubKey(), CTransaction.deserialize(unsigned_tx),
+        address = CBech32BitcoinAddress.from_scriptPubKey(scriptpubkey)
+        self.assertEqual(SignatureHash(address.to_redeemScript(), CTransaction.deserialize(unsigned_tx),
                 1, SIGHASH_ALL, value, SIGVERSION_WITNESS_V0),
             x('c37af31116d1b27caf68aae9e3ac82f1477929014d5b917657d0eb49478cb670'))
 
@@ -47,8 +47,8 @@ def test_p2sh_p2wpkh_signaturehash(self):
         redeemscript  = CScript(x('001479091972186c449eb1ded22b78e40d009bdf0089'))
         value         = int(10*COIN)
 
-        address = CBitcoinAddress.from_scriptPubKey(redeemscript)
-        self.assertEqual(SignatureHash(address.to_scriptPubKey(), CTransaction.deserialize(unsigned_tx),
+        address = CBase58BitcoinAddress.from_scriptPubKey(redeemscript)
+        self.assertEqual(SignatureHash(address.to_redeemScript(), CTransaction.deserialize(unsigned_tx),
                 0, SIGHASH_ALL, value, SIGVERSION_WITNESS_V0),
             x('64f3b0f4dd2bb3aa1ce8566d220cc74dda9df97d8490cc81d89d735c92e59fb6'))