Merge verifymsg_bip137_and_electrum

doc/bips.md

@@ -37,6 +37,7 @@ BIPs that are implemented by Bitcoin Core:
 * [`BIP 125`](https://github.com/bitcoin/bips/blob/master/bip-0125.mediawiki): Opt-in full replace-by-fee partially implemented: signaling is enforced if configured. For other replacement rules, see doc/policy/mempool-replacements.md.
 * [`BIP 130`](https://github.com/bitcoin/bips/blob/master/bip-0130.mediawiki): direct headers announcement is negotiated with peer versions `>=70012` as of **v0.12.0** ([PR 6494](https://github.com/bitcoin/bitcoin/pull/6494)).
 * [`BIP 133`](https://github.com/bitcoin/bips/blob/master/bip-0133.mediawiki): feefilter messages are respected and sent for peer versions `>=70013` as of **v0.13.0** ([PR 7542](https://github.com/bitcoin/bitcoin/pull/7542)).
+* [`BIP 137`](https://github.com/bitcoin/bips/blob/master/bip-0137.mediawiki): Signing and verifying signed messages proving the receiver agrees to a message are supported for legacy addresses since **v0.5.0** and verification-only for Segwit addresses as of **v28.1.knots20250301**.
 * [`BIP 141`](https://github.com/bitcoin/bips/blob/master/bip-0141.mediawiki): Segregated Witness (Consensus Layer) as of **v0.13.0** ([PR 8149](https://github.com/bitcoin/bitcoin/pull/8149)), defined for mainnet as of **v0.13.1** ([PR 8937](https://github.com/bitcoin/bitcoin/pull/8937)), and *buried* since **v0.19.0** ([PR #16060](https://github.com/bitcoin/bitcoin/pull/16060)).
 * [`BIP 143`](https://github.com/bitcoin/bips/blob/master/bip-0143.mediawiki): Transaction Signature Verification for Version 0 Witness Program as of **v0.13.0** ([PR 8149](https://github.com/bitcoin/bitcoin/pull/8149)), defined for mainnet as of **v0.13.1** ([PR 8937](https://github.com/bitcoin/bitcoin/pull/8937)), and *buried* since **v0.19.0** ([PR #16060](https://github.com/bitcoin/bitcoin/pull/16060)).
 * [`BIP 144`](https://github.com/bitcoin/bips/blob/master/bip-0144.mediawiki): Segregated Witness as of **0.13.0** ([PR 8149](https://github.com/bitcoin/bitcoin/pull/8149)).

src/common/signmessage.cpp

@@ -7,6 +7,7 @@
 #include <hash.h>
 #include <key.h>
 #include <key_io.h>
+#include <outputtype.h>
 #include <pubkey.h>
 #include <uint256.h>
 #include <util/strencodings.h>
@@ -33,7 +34,14 @@ MessageVerificationResult MessageVerify(
         return MessageVerificationResult::ERR_INVALID_ADDRESS;
     }
 
-    if (std::get_if<PKHash>(&destination) == nullptr) {
+    OutputType signed_for_outputtype;
+    if (std::holds_alternative<PKHash>(destination)) {
+        signed_for_outputtype = OutputType::LEGACY;
+    } else if (std::holds_alternative<ScriptHash>(destination)) {
+        signed_for_outputtype = OutputType::P2SH_SEGWIT;
+    } else if (std::holds_alternative<WitnessV0KeyHash>(destination)) {
+        signed_for_outputtype = OutputType::BECH32;
+    } else {
         return MessageVerificationResult::ERR_ADDRESS_NO_KEY;
     }
 
@@ -42,12 +50,27 @@ MessageVerificationResult MessageVerify(
         return MessageVerificationResult::ERR_MALFORMED_SIGNATURE;
     }
 
+    uint8_t sigtype{(*signature_bytes)[0]};
+    if (sigtype < 27 || sigtype > 42) {
+        return MessageVerificationResult::ERR_PUBKEY_NOT_RECOVERED;
+    }
+    sigtype = (sigtype - 27) >> 2;
+    if (sigtype == 3) {
+        (*signature_bytes)[0] -= 8;
+        signed_for_outputtype = OutputType::BECH32;
+    } else if (sigtype == 2) {
+        (*signature_bytes)[0] -= 4;
+        signed_for_outputtype = OutputType::P2SH_SEGWIT;
+    }
+
     CPubKey pubkey;
     if (!pubkey.RecoverCompact(MessageHash(message), *signature_bytes)) {
         return MessageVerificationResult::ERR_PUBKEY_NOT_RECOVERED;
     }
 
-    if (!(PKHash(pubkey) == *std::get_if<PKHash>(&destination))) {
+    CTxDestination recovered_dest = GetDestinationForKey(pubkey, signed_for_outputtype);
+
+    if (!(recovered_dest == destination)) {
         return MessageVerificationResult::ERR_NOT_SIGNED;
     }
 

src/qt/forms/signverifymessagedialog.ui

@@ -30,7 +30,7 @@
        <item>
         <widget class="QLabel" name="infoLabel_SM">
          <property name="text">
-          <string>You can sign messages/agreements with your legacy (P2PKH) addresses to prove you can receive bitcoins sent to them. Be careful not to sign anything vague or random, as phishing attacks may try to trick you into signing your identity over to them. Only sign fully-detailed statements you agree to.</string>
+          <string>You can sign messages/agreements with your addresses to prove you can receive bitcoins sent to them. Be careful not to sign anything vague or random, as phishing attacks may try to trick you into signing your identity over to them. Only sign fully-detailed statements you agree to.</string>
          </property>
          <property name="textFormat">
           <enum>Qt::PlainText</enum>

src/qt/signverifymessagedialog.cpp

@@ -124,7 +124,7 @@ void SignVerifyMessageDialog::on_signMessageButton_SM_clicked()
     if (!pkhash) {
         ui->addressIn_SM->setValid(false);
         ui->statusLabel_SM->setStyleSheet("QLabel { color: red; }");
-        ui->statusLabel_SM->setText(tr("The entered address does not refer to a legacy (P2PKH) key. Message signing for SegWit and other non-P2PKH address types is not supported in this version of %1. Please check the address and try again.").arg(PACKAGE_NAME));
+        ui->statusLabel_SM->setText(tr("The entered address does not refer to a key.") + QString(" ") + tr("Please check the address and try again."));
         return;
     }
 
@@ -222,7 +222,10 @@ void SignVerifyMessageDialog::on_verifyMessageButton_VM_clicked()
         return;
     case MessageVerificationResult::ERR_ADDRESS_NO_KEY:
         ui->addressIn_VM->setValid(false);
-        ui->statusLabel_VM->setText(tr("The entered address does not refer to a legacy (P2PKH) key. Message signing for SegWit and other non-P2PKH address types is not supported in this version of %1. Please check the address and try again.").arg(PACKAGE_NAME));
+        ui->statusLabel_VM->setText(
+            tr("The entered address does not refer to a key.") + QString(" ") +
+            tr("Please check the address and try again.")
+        );
         return;
     case MessageVerificationResult::ERR_MALFORMED_SIGNATURE:
         ui->signatureIn_VM->setValid(false);

test/functional/rpc_signmessagewithprivkey.py

@@ -4,6 +4,8 @@
 # file COPYING or http://www.opensource.org/licenses/mit-license.php.
 """Test RPC commands for signing messages with private key."""
 
+import base64
+
 from test_framework.descriptors import (
     descsum_create,
 )
@@ -22,7 +24,7 @@ class SignMessagesWithPrivTest(BitcoinTestFramework):
     def addresses_from_privkey(self, priv_key):
         '''Return addresses for a given WIF private key in legacy (P2PKH),
            nested segwit (P2SH-P2WPKH) and native segwit (P2WPKH) formats.'''
-        descriptors = f'pkh({priv_key})', f'sh(wpkh({priv_key}))', f'wpkh({priv_key})'
+        descriptors = f'pkh({priv_key})', f'sh(wpkh({priv_key}))', f'wpkh({priv_key})', f'wsh(pk({priv_key}))', f'tr({priv_key})'
         return [self.nodes[0].deriveaddresses(descsum_create(desc))[0] for desc in descriptors]
 
     def run_test(self):
@@ -39,9 +41,27 @@ class SignMessagesWithPrivTest(BitcoinTestFramework):
         assert_equal(addresses[0], 'mpLQjfK79b7CCV4VMJWEWAj5Mpx8Up5zxB')
         assert self.nodes[0].verifymessage(addresses[0], signature, message)
 
-        self.log.info('test that verifying with non-P2PKH addresses throws error')
-        for non_p2pkh_address in addresses[1:]:
-            assert_raises_rpc_error(-3, "Address does not refer to key", self.nodes[0].verifymessage, non_p2pkh_address, signature, message)
+        self.log.info('test that verifying with non-P2PKH addresses succeeds')
+        bin_sig = bytearray(base64.b64decode(signature))
+        for non_p2pkh_address in addresses[1:3]:
+            assert self.nodes[0].verifymessage(non_p2pkh_address, signature, message)
+            bin_sig[0] += 4
+            bip137_signature = base64.b64encode(bin_sig).decode('ascii')
+            assert self.nodes[0].verifymessage(non_p2pkh_address, bip137_signature, message)
+
+        self.log.info('test that verifying with p2wsh address throws error')
+        assert_raises_rpc_error(-3, "Address does not refer to key", self.nodes[0].verifymessage, addresses[3], signature, message)
+
+        self.log.info('test that verifying with p2tr address throws error')
+        assert_raises_rpc_error(-3, "Address does not refer to key", self.nodes[0].verifymessage, addresses[4], signature, message)
+
+        self.log.info('test that verifying Electrum p2sh-segwit succeeds')
+        signature = 'IFBRc4WU3K2c75KG7kcn/x9Ov6y75xrk05t9Zi7kwEIJNU0dMFMgRdeeKYo8JC4L83ckPavuaI+GUuvYZdwkGsM='
+        assert self.nodes[0].verifymessage('2MzoTgQ7YuReUaXaW2iciHoewDGdmagMVuy', signature, message)
+
+        self.log.info('test that verifying Electrum p2wpkh succeeds')
+        signature = 'IBR+8bubsBxBFFE3CO6pggzNSRyg/23HRMNXyWUIIEXmTe3P0apzd5izyR/d80nVRE883I58gijFKIevBLtcPRI='
+        assert self.nodes[0].verifymessage('bcrt1qa0mscp9epevt07rscyjsre5fdlxjp3tlcchs4x', signature, message)
 
         self.log.info('test parameter validity and error codes')
         # signmessagewithprivkey has two required parameters