Signatures: Support new lmsig for multisig delegated logicsigs (#579)

* Support new lmsig for multisig delegated logicsigs

Author: jannotti

algosdk/constants.py

@@ -56,6 +56,8 @@
 """str: prefix for multisig addresses"""
 LOGIC_PREFIX = b"Program"
 """bytes: program (logic) prefix when signing"""
+MULTISIG_LOGIC_PREFIX = b"MsigProgram"
+"""bytes: program (logic) prefix when signing"""
 LOGIC_DATA_PREFIX = b"ProgData"
 """bytes: program (logic) data prefix when signing"""
 APPID_PREFIX = b"appID"
@@ -123,6 +125,7 @@
 bytes_prefix = BYTES_PREFIX
 msig_addr_prefix = MSIG_ADDR_PREFIX
 logic_prefix = LOGIC_PREFIX
+multisig_logic_prefix = MULTISIG_LOGIC_PREFIX
 logic_data_prefix = LOGIC_DATA_PREFIX
 hash_len = HASH_LEN
 check_sum_len_bytes = CHECK_SUM_LEN_BYTES

algosdk/transaction.py

@@ -2364,17 +2364,20 @@ def validate(self):
         if len(self.subsigs) > constants.multisig_account_limit:
             raise error.MultisigAccountSizeError
 
-    def address(self):
-        """Return the multisig account address."""
+    def address_bytes(self):
+        """Return the raw bytes of the multisig account address."""
         msig_bytes = (
             bytes(constants.msig_addr_prefix, "utf-8")
             + bytes([self.version])
             + bytes([self.threshold])
         )
         for s in self.subsigs:
             msig_bytes += s.public_key
-        addr = encoding.checksum(msig_bytes)
-        return encoding.encode_address(addr)
+        return encoding.checksum(msig_bytes)
+
+    def address(self):
+        """Return the multisig account address."""
+        return encoding.encode_address(self.address_bytes())
 
     def verify(self, message):
         """Verify that the multisig is valid for the message."""
@@ -2509,6 +2512,7 @@ def __init__(self, program, args=None):
         self.args = args
         self.sig = None
         self.msig = None
+        self.lmsig = None
 
     @staticmethod
     def _sanity_check_program(program):
@@ -2561,6 +2565,8 @@ def dictify(self):
             od["sig"] = base64.b64decode(self.sig)
         elif self.msig:
             od["msig"] = self.msig.dictify()
+        elif self.lmsig:
+            od["lmsig"] = self.lmsig.dictify()
         return od
 
     @staticmethod
@@ -2570,8 +2576,17 @@ def undictify(d):
             lsig.sig = base64.b64encode(d["sig"]).decode()
         elif "msig" in d:
             lsig.msig = Multisig.undictify(d["msig"])
+        elif "lmsig" in d:
+            lsig.lmsig = Multisig.undictify(d["lmsig"])
         return lsig
 
+    def sig_count(self):
+        return (
+            int(self.sig is not None)
+            + int(self.msig is not None)
+            + int(self.lmsig is not None)
+        )
+
     def verify(self, public_key):
         """
         Verifies LogicSig against the transaction's sender address
@@ -2584,29 +2599,38 @@ def verify(self, public_key):
                 the logic hash or the signature is valid against the sender\
                 address), false otherwise
         """
-        if self.sig and self.msig:
-            return False
-
         try:
             self._sanity_check_program(self.logic)
         except error.InvalidProgram:
             return False
 
-        to_sign = constants.logic_prefix + self.logic
-
-        if not self.sig and not self.msig:
-            checksum = encoding.checksum(to_sign)
-            return checksum == public_key
+        if self.sig_count() > 1:
+            return False
 
         if self.sig:
             verify_key = VerifyKey(public_key)
             try:
+                to_sign = constants.logic_prefix + self.logic
                 verify_key.verify(to_sign, base64.b64decode(self.sig))
                 return True
             except (BadSignatureError, ValueError, TypeError):
                 return False
 
-        return self.msig.verify(to_sign)
+        if self.msig:
+            to_sign = constants.logic_prefix + self.logic
+            return self.msig.verify(to_sign)
+
+        if self.lmsig:
+            to_sign = (
+                constants.multisig_logic_prefix
+                + self.lmsig.address_bytes()
+                + self.logic
+            )
+            return self.lmsig.verify(to_sign)
+
+        # Non-delegated
+        to_sign = constants.logic_prefix + self.logic
+        return public_key == encoding.checksum(to_sign)
 
     def address(self):
         """
@@ -2626,6 +2650,18 @@ def sign_program(program, private_key):
         signed = signing_key.sign(to_sign)
         return base64.b64encode(signed.signature).decode()
 
+    @staticmethod
+    def multisig_sign_program(program, private_key, multisig):
+        private_key = base64.b64decode(private_key)
+        signing_key = SigningKey(private_key[: constants.key_len_bytes])
+        to_sign = (
+            constants.multisig_logic_prefix
+            + multisig.address_bytes()
+            + program
+        )
+        signed = signing_key.sign(to_sign)
+        return base64.b64encode(signed.signature).decode()
+
     @staticmethod
     def single_sig_multisig(program, private_key, multisig):
         index = -1
@@ -2637,7 +2673,7 @@ def single_sig_multisig(program, private_key, multisig):
                 break
         if index == -1:
             raise error.InvalidSecretKeyError
-        sig = LogicSig.sign_program(program, private_key)
+        sig = LogicSig.multisig_sign_program(program, private_key, multisig)
 
         return sig, index
 
@@ -2657,7 +2693,7 @@ def sign(self, private_key, multisig=None):
                 already been provided
         """
         if not multisig:
-            if self.msig:
+            if self.msig or self.lmsig:
                 raise error.LogicSigOverspecifiedSignature
             self.sig = LogicSig.sign_program(self.logic, private_key)
         else:
@@ -2667,7 +2703,7 @@ def sign(self, private_key, multisig=None):
                 self.logic, private_key, multisig
             )
             multisig.subsigs[index].signature = base64.b64decode(sig)
-            self.msig = multisig
+            self.lmsig = multisig
 
     def append_to_multisig(self, private_key):
         """
@@ -2680,12 +2716,12 @@ def append_to_multisig(self, private_key):
             InvalidSecretKeyError: if no matching private key in multisig\
                 object
         """
-        if self.msig is None:
+        if self.lmsig is None:
             raise error.InvalidSecretKeyError
         sig, index = LogicSig.single_sig_multisig(
-            self.logic, private_key, self.msig
+            self.logic, private_key, self.lmsig
         )
-        self.msig.subsigs[index].signature = base64.b64decode(sig)
+        self.lmsig.subsigs[index].signature = base64.b64decode(sig)
 
     def __eq__(self, other):
         if not isinstance(other, LogicSig):
@@ -2695,6 +2731,7 @@ def __eq__(self, other):
             and self.args == other.args
             and self.sig == other.sig
             and self.msig == other.msig
+            and self.lmsig == other.lmsig
         )
 
 
@@ -2744,7 +2781,7 @@ def is_delegated(self) -> bool:
         Returns:
             bool: True if and only if this is a delegated LogicSigAccount.
         """
-        return bool(self.lsig.sig or self.lsig.msig)
+        return bool(self.lsig.sig or self.lsig.msig or self.lsig.lmsig)
 
     def verify(self) -> bool:
         """
@@ -2757,6 +2794,15 @@ def verify(self) -> bool:
         addr = self.address()
         return self.lsig.verify(encoding.decode_address(addr))
 
+    def sig_count(self) -> int:
+        """
+        Returns the number of cryptographic signatures on the LogicSig
+
+        Returns:
+            int: The number of signatures. Should never exceed 1.
+        """
+        return self.lsig.sig_count()
+
     def address(self) -> str:
         """
         Get the address of this LogicSigAccount.
@@ -2767,7 +2813,7 @@ def address(self) -> str:
         If the LogicSig is not delegated to another account, this will return an
         escrow address that is the hash of the LogicSig's program code.
         """
-        if self.lsig.sig and self.lsig.msig:
+        if self.sig_count() > 1:
             raise error.LogicSigOverspecifiedSignature
 
         if self.lsig.sig:
@@ -2778,6 +2824,9 @@ def address(self) -> str:
         if self.lsig.msig:
             return self.lsig.msig.address()
 
+        if self.lsig.lmsig:
+            return self.lsig.lmsig.address()
+
         return self.lsig.address()
 
     def sign_multisig(self, multisig: Multisig, private_key: str) -> None:
@@ -2874,6 +2923,8 @@ def __init__(
                 lsigAddr = transaction.sender
             elif lsig.msig:
                 lsigAddr = lsig.msig.address()
+            elif lsig.lmsig:
+                lsigAddr = lsig.lmsig.address()
             else:
                 lsigAddr = lsig.address()
             self.lsig = lsig

tests/unit_tests/msig_delegated.txn

@@ -0,0 +1,38 @@
+{
+  "lsig": {
+    "arg:b64": [
+      "AQ==",
+      "AgM="
+    ],
+    "l:b64": "ASABASI=",
+    "lmsig": {
+      "subsig": [
+        {
+          "pk:b64": "G37AsEvqYbeWkJfmy/QH4QinBTUdC8mKvrEiCairgXg=",
+          "s:b64": "jDNlxLHRE3DyP3DXd0af4dlHeb9NjWSBdkk173hMzHZXbMDg7+nBRvpgdtr6zlXumvMbdo68MrTsGiyMPcBnBg=="
+        },
+        {
+          "pk:b64": "CWMyCVNzifB1ZxF3OZHH0D4bc8jE9Sv2r/Aaolz5wnE=",
+          "s:b64": "T1bUfdnAsWoV9Yhk6edD1TEJH/evbLKB3zQNFTojbqXZF3PZ/5dljvfqY/A3aM3+KL6KxoJ683Gt2YSnOOrlDQ=="
+        },
+        {
+          "pk:b64": "5/D4TQaBHfnzHI2HixFV9GcdUaGFwgCQhmf0SVhwaKE="
+        }
+      ],
+      "thr": 2,
+      "v": 1
+    }
+  },
+  "txn": {
+    "amt": 5000,
+    "fee": 217000,
+    "fv": 972508,
+    "gen": "testnet-v31.0",
+    "gh:b64": "JgsgCaCTqIaLeVhyL6XlRu3n7Rfk2FxMeK+wRSaQ7dI=",
+    "lv": 973508,
+    "note:b64": "tFF5Ofz60nE=",
+    "rcv:b64": "tMYiaKTDNVD1im3UuMojnJ8dELNBqn4aNuPOYfv8+Yo=",
+    "snd:b64": "jZK0iZABc6BN+kNZo2ZqavzqLEKgXdnB9z7rpUeAN+k=",
+    "type": "pay"
+  }
+}

tests/unit_tests/msig_delegated_other.txn

@@ -0,0 +1,39 @@
+{
+  "lsig": {
+    "arg:b64": [
+      "AQ==",
+      "AgM="
+    ],
+    "l:b64": "ASABASI=",
+    "lmsig": {
+      "subsig": [
+        {
+          "pk:b64": "G37AsEvqYbeWkJfmy/QH4QinBTUdC8mKvrEiCairgXg=",
+          "s:b64": "jDNlxLHRE3DyP3DXd0af4dlHeb9NjWSBdkk173hMzHZXbMDg7+nBRvpgdtr6zlXumvMbdo68MrTsGiyMPcBnBg=="
+        },
+        {
+          "pk:b64": "CWMyCVNzifB1ZxF3OZHH0D4bc8jE9Sv2r/Aaolz5wnE=",
+          "s:b64": "T1bUfdnAsWoV9Yhk6edD1TEJH/evbLKB3zQNFTojbqXZF3PZ/5dljvfqY/A3aM3+KL6KxoJ683Gt2YSnOOrlDQ=="
+        },
+        {
+          "pk:b64": "5/D4TQaBHfnzHI2HixFV9GcdUaGFwgCQhmf0SVhwaKE="
+        }
+      ],
+      "thr": 2,
+      "v": 1
+    }
+  },
+  "sgnr:b64": "jZK0iZABc6BN+kNZo2ZqavzqLEKgXdnB9z7rpUeAN+k=",
+  "txn": {
+    "amt": 5000,
+    "fee": 217000,
+    "fv": 972508,
+    "gen": "testnet-v31.0",
+    "gh:b64": "JgsgCaCTqIaLeVhyL6XlRu3n7Rfk2FxMeK+wRSaQ7dI=",
+    "lv": 973508,
+    "note:b64": "tFF5Ofz60nE=",
+    "rcv:b64": "tMYiaKTDNVD1im3UuMojnJ8dELNBqn4aNuPOYfv8+Yo=",
+    "snd:b64": "tMYiaKTDNVD1im3UuMojnJ8dELNBqn4aNuPOYfv8+Yo=",
+    "type": "pay"
+  }
+}

tests/unit_tests/pay_msig_delegated.txn

@@ -0,0 +1,30 @@
+{
+  "lsig": {
+    "l:b64": "ASABASI=",
+    "lmsig": {
+      "subsig": [
+        {
+          "pk:b64": "eUdQSBmJmLH5xdIDnkf+V3AQH6usPifhfJVwnJ7d7nM=",
+          "s:b64": "E5HLGOcgWODZRLIlpQu2iAf+NLucRSNz1xfgomJdgggUrNljWEsrkLGXBjFMqHHKD02V4gkl4pgqLX96lpU3AA=="
+        },
+        {
+          "pk:b64": "vEhvB7iC7lgJHhMsBIQGlMnblx0lmrEyqGSAwdCqvrU=",
+          "s:b64": "4IOlC8zhjjy7j5yKTODB7So5qfdlhDe89/BdCQw7mL7ULX0LFdr+HyOh39mdnPdgM7+lfjbOhsrY1RO7AwRyAw=="
+        }
+      ],
+      "thr": 2,
+      "v": 1
+    }
+  },
+  "txn": {
+    "amt": 1000000,
+    "fee": 1000,
+    "fv": 447,
+    "gen": "network-v1",
+    "gh:b64": "zNQES/4IqimxRif40xYvzBBIYCZSbYvNSRIzVIh4swo=",
+    "lv": 1447,
+    "rcv:b64": "G5lBeqbJ/yljtd70mPTxXmTkjs14UccjSEBp4G3lW4I=",
+    "snd:b64": "jK0vte/Ze647qZL7ch63CUpU8zSp0oEiIxV2HMA4w8o=",
+    "type": "pay"
+  }
+}