first commit

Author: chris-belcher

.gitignore

@@ -0,0 +1,4 @@
+*.pyc
+*.swp
+config.cfg
+

LICENCE

@@ -0,0 +1,20 @@
+The MIT License (MIT)
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

README.md

@@ -0,0 +1,88 @@
+# Electrum Personal Server
+
+Electrum Personal Server is an implementation of the Electrum server protocol
+which fulfills the specific need of using the Electrum UI with full node
+verification and privacy, but without the heavyweight server backend, for a
+single user. It allows the user to benefit from all of Bitcoin Core's
+resource-saving features like pruning, blocksonly and disabled txindex. All
+of Electrum's feature-richness like hardware wallet integration,
+multisignature wallets, offline signing, mnemonic recovery phrases and so on
+can still be used, but backed by the user's own full node.
+
+Using Electrum with Electrum Personal Server is probably the most
+resource-efficent way right now to use a hardware wallet connected to your
+own full node. 
+
+For a longer explaination of this project and why it's important, see the
+[bitcointalk thread](https://bitcointalk.org/index.php?topic=2664747.msg27179198).
+
+See also the Electrum bitcoin wallet [website](https://electrum.org/).
+
+## How To Use
+
+This application requires python3 and a Bitcoin full node built with wallet
+capability.
+
+Download the latest release or clone the git repository. Enter the directory
+and rename the file `config.cfg_sample` to `config.cfg`, edit this file to
+configure your bitcoin node json-rpc authentication details. Next add your
+wallet addresses to the `[wallets]` section.
+
+Finally run `./server.py` on Linux or double-click `run-server.bat` on Windows.
+The first time the server is run it will import all configured addresses as
+watch-only into the Bitcoin node, and then exit giving you a chance to
+`-rescan` if your wallet contains historical transactions.
+
+Electrum wallet must be configured to connect to the server. SSL must be
+disabled which can be done either by `Tools` -> `Connection` -> Uncheck box
+`Use SSL`, or starting with the command line flag `--nossl`, depending on the
+version of Electrum. Tell Electrum to connect to the server in
+`Tools` -> `Server`, usually `localhost` if running on the same machine.
+
+Note that you can also try this with on [testnet bitcoin](https://en.bitcoin.it/wiki/Testnet).
+Electrum can be started in testnet mode with the command line flag `--testnet`.
+
+#### Exposure to the Internet
+
+You really don't want other people connecting to your server. They won't be
+able to synchronize their wallet, and they could potentially learn all your
+wallet addresses.
+
+By default the server will bind to and accept connections only from `localhost`
+so you should either run Electrum wallet from the same computer or use a SSH
+tunnel.
+
+## Project Readiness
+
+This project is in alpha stages as there are several essential missing
+features such as:
+
+* Merkle proofs are not handled, so every confirmed transaction is labelled
+  `Not Verified`.
+
+* The server does not support SSL so Electrum must be configured to disable it.
+
+* Deterministic wallets and master public keys are not supported. Addresses
+  must be imported individually.
+
+* Bech32 bitcoin addresses are not supported.
+
+* The Electrum server protocol has a caveat about multiple transactions included
+  in the same block. So there may be weird behaviour if that happens.
+
+* There's no way to turn off debug messages, so the console will be spammed by
+  them when used.
+
+When trying this, make sure you report any crashes, odd behaviour or times when
+Electrum disconnects (which indicates the server behaved unexpectedly).
+
+Someone should try running this on a Raspberry PI.
+
+## Contributing
+
+I welcome contributions. Please keep lines under 80 characters in length and
+ideally don't add any external dependencies to keep this as easy to install as
+possible.
+
+I can be contacted on freenode IRC on the `#bitcoin` and `#electrum` channels.
+

bitcoin/__init__.py

@@ -0,0 +1,13 @@
+from bitcoin.py2specials import *
+from bitcoin.py3specials import *
+secp_present = False
+try:
+    import secp256k1
+    secp_present = True
+    from bitcoin.secp256k1_main import *
+    from bitcoin.secp256k1_transaction import *
+    from bitcoin.secp256k1_deterministic import *    
+except ImportError as e:
+    from bitcoin.main import *
+    from bitcoin.deterministic import *
+    from bitcoin.transaction import *

bitcoin/deterministic.py

@@ -0,0 +1,128 @@
+from bitcoin.main import *
+import hmac
+import hashlib
+from binascii import hexlify
+
+# Below code ASSUMES binary inputs and compressed pubkeys
+MAINNET_PRIVATE = b'\x04\x88\xAD\xE4'
+MAINNET_PUBLIC = b'\x04\x88\xB2\x1E'
+TESTNET_PRIVATE = b'\x04\x35\x83\x94'
+TESTNET_PUBLIC = b'\x04\x35\x87\xCF'
+PRIVATE = [MAINNET_PRIVATE, TESTNET_PRIVATE]
+PUBLIC = [MAINNET_PUBLIC, TESTNET_PUBLIC]
+
+# BIP32 child key derivation
+
+def raw_bip32_ckd(rawtuple, i):
+    vbytes, depth, fingerprint, oldi, chaincode, key = rawtuple
+    i = int(i)
+
+    if vbytes in PRIVATE:
+        priv = key
+        pub = privtopub(key)
+    else:
+        pub = key
+
+    if i >= 2**31:
+        if vbytes in PUBLIC:
+            raise Exception("Can't do private derivation on public key!")
+        I = hmac.new(chaincode, b'\x00' + priv[:32] + encode(i, 256, 4),
+                     hashlib.sha512).digest()
+    else:
+        I = hmac.new(chaincode, pub + encode(i, 256, 4),
+                     hashlib.sha512).digest()
+
+    if vbytes in PRIVATE:
+        newkey = add_privkeys(I[:32] + B'\x01', priv)
+        fingerprint = bin_hash160(privtopub(key))[:4]
+    if vbytes in PUBLIC:
+        newkey = add_pubkeys(compress(privtopub(I[:32])), key)
+        fingerprint = bin_hash160(key)[:4]
+
+    return (vbytes, depth + 1, fingerprint, i, I[32:], newkey)
+
+
+def bip32_serialize(rawtuple):
+    vbytes, depth, fingerprint, i, chaincode, key = rawtuple
+    i = encode(i, 256, 4)
+    chaincode = encode(hash_to_int(chaincode), 256, 32)
+    keydata = b'\x00' + key[:-1] if vbytes in PRIVATE else key
+    bindata = vbytes + from_int_to_byte(
+        depth % 256) + fingerprint + i + chaincode + keydata
+    return changebase(bindata + bin_dbl_sha256(bindata)[:4], 256, 58)
+
+
+def bip32_deserialize(data):
+    dbin = changebase(data, 58, 256)
+    if bin_dbl_sha256(dbin[:-4])[:4] != dbin[-4:]:
+        raise Exception("Invalid checksum")
+    vbytes = dbin[0:4]
+    depth = from_byte_to_int(dbin[4])
+    fingerprint = dbin[5:9]
+    i = decode(dbin[9:13], 256)
+    chaincode = dbin[13:45]
+    key = dbin[46:78] + b'\x01' if vbytes in PRIVATE else dbin[45:78]
+    return (vbytes, depth, fingerprint, i, chaincode, key)
+
+
+def raw_bip32_privtopub(rawtuple):
+    vbytes, depth, fingerprint, i, chaincode, key = rawtuple
+    newvbytes = MAINNET_PUBLIC if vbytes == MAINNET_PRIVATE else TESTNET_PUBLIC
+    return (newvbytes, depth, fingerprint, i, chaincode, privtopub(key))
+
+
+def bip32_privtopub(data):
+    return bip32_serialize(raw_bip32_privtopub(bip32_deserialize(data)))
+
+
+def bip32_ckd(data, i):
+    return bip32_serialize(raw_bip32_ckd(bip32_deserialize(data), i))
+
+
+def bip32_master_key(seed, vbytes=MAINNET_PRIVATE):
+    I = hmac.new(
+        from_string_to_bytes("Bitcoin seed"), seed, hashlib.sha512).digest()
+    return bip32_serialize((vbytes, 0, b'\x00' * 4, 0, I[32:], I[:32] + b'\x01'
+                           ))
+
+
+def bip32_bin_extract_key(data):
+    return bip32_deserialize(data)[-1]
+
+
+def bip32_extract_key(data):
+    return safe_hexlify(bip32_deserialize(data)[-1])
+
+# Exploits the same vulnerability as above in Electrum wallets
+# Takes a BIP32 pubkey and one of the child privkeys of its corresponding
+# privkey and returns the BIP32 privkey associated with that pubkey
+
+def raw_crack_bip32_privkey(parent_pub, priv):
+    vbytes, depth, fingerprint, i, chaincode, key = priv
+    pvbytes, pdepth, pfingerprint, pi, pchaincode, pkey = parent_pub
+    i = int(i)
+
+    if i >= 2**31:
+        raise Exception("Can't crack private derivation!")
+
+    I = hmac.new(pchaincode, pkey + encode(i, 256, 4), hashlib.sha512).digest()
+
+    pprivkey = subtract_privkeys(key, I[:32] + b'\x01')
+
+    newvbytes = MAINNET_PRIVATE if vbytes == MAINNET_PUBLIC else TESTNET_PRIVATE
+    return (newvbytes, pdepth, pfingerprint, pi, pchaincode, pprivkey)
+
+
+def crack_bip32_privkey(parent_pub, priv):
+    dsppub = bip32_deserialize(parent_pub)
+    dspriv = bip32_deserialize(priv)
+    return bip32_serialize(raw_crack_bip32_privkey(dsppub, dspriv))
+
+def bip32_descend(*args):
+    if len(args) == 2:
+        key, path = args
+    else:
+        key, path = args[0], map(int, args[1:])
+    for p in path:
+        key = bip32_ckd(key, p)
+    return bip32_extract_key(key)