Release v0.1.0

vendor/github.com/muun/libwallet/.gitignore

@@ -0,0 +1,17 @@
+# Mac OS X finder
+.DS_Store
+
+# Vim swap files
+*~
+.*.sw[a-z]
+
+# VS code
+.vscode
+
+# Goland
+.idea
+
+# Golang
+/bin
+/pkg
+/src

vendor/github.com/muun/libwallet/README.md

@@ -0,0 +1,16 @@
+![muun](https://muun.com/images/github-banner-v2.png)
+
+## About
+
+This is the source code repository for muun's wallet core library. Muun is a non-custodial 2-of-2 multisig wallet with a special focus on security and ease of use.
+
+This library is used by our mobile wallets with [gomobile](https://godoc.org/golang.org/x/mobile/cmd/gomobile).
+
+## Responsible Disclosure
+
+Send us an email to report any security related bugs or vulnerabilities at [security@muun.com](mailto:security@muun.com).
+
+You can encrypt your email message using our public PGP key.
+
+Public key fingerprint: `1299 28C1 E79F E011 6DA4 C80F 8DB7 FD0F 61E6 ED76`
+

vendor/github.com/muun/libwallet/V1.go

@@ -0,0 +1,73 @@
+package libwallet
+
+import (
+	"github.com/btcsuite/btcd/txscript"
+	"github.com/btcsuite/btcd/wire"
+	"github.com/btcsuite/btcutil"
+	"github.com/pkg/errors"
+)
+
+// CreateAddressV1 returns a P2PKH MuunAddress from a publicKey for using in TransactionSchameV1
+func CreateAddressV1(publicKey *HDPublicKey) (MuunAddress, error) {
+	pubkey, err := btcutil.NewAddressPubKey(publicKey.Raw(), publicKey.Network.network)
+	if err != nil {
+		return nil, err
+	}
+
+	pubkeyHash := pubkey.AddressPubKeyHash()
+	address := pubkeyHash.String()
+
+	return &muunAddress{address: address, version: addressV1, derivationPath: publicKey.Path}, nil
+}
+
+func addUserSignatureInputV1(input Input, index int, tx *wire.MsgTx, privateKey *HDPrivateKey) (*wire.TxIn, error) {
+
+	txInput := tx.TxIn[index]
+
+	sig, err := signInputV1(input, index, tx, privateKey)
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed to sign V1 input")
+	}
+
+	builder := txscript.NewScriptBuilder()
+	builder.AddData(sig)
+	builder.AddData(privateKey.PublicKey().Raw())
+	script, err := builder.Script()
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed to generate signing script")
+	}
+
+	txInput.SignatureScript = script
+
+	return txInput, nil
+}
+
+func createRedeemScriptV1(publicKey *HDPublicKey) ([]byte, error) {
+
+	userAddress, err := btcutil.NewAddressPubKey(publicKey.Raw(), publicKey.Network.network)
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed to generate address for user")
+	}
+
+	return txscript.PayToAddrScript(userAddress.AddressPubKeyHash())
+}
+
+func signInputV1(input Input, index int, tx *wire.MsgTx, privateKey *HDPrivateKey) ([]byte, error) {
+
+	redeemScript, err := createRedeemScriptV1(privateKey.PublicKey())
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed to build reedem script for signing")
+	}
+
+	privKey, err := privateKey.key.ECPrivKey()
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed to produce EC priv key for signing")
+	}
+
+	sig, err := txscript.RawTxInSignature(tx, index, redeemScript, txscript.SigHashAll, privKey)
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed to sign V1 input")
+	}
+
+	return sig, nil
+}

vendor/github.com/muun/libwallet/V2.go

@@ -0,0 +1,106 @@
+package libwallet
+
+import (
+	"github.com/btcsuite/btcd/txscript"
+	"github.com/btcsuite/btcutil"
+	"github.com/pkg/errors"
+
+	"github.com/btcsuite/btcd/wire"
+)
+
+func CreateAddressV2(userKey, muunKey *HDPublicKey) (MuunAddress, error) {
+
+	script, err := createRedeemScriptV2(userKey, muunKey)
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed to generate redeem script v2")
+	}
+
+	address, err := btcutil.NewAddressScriptHash(script, userKey.Network.network)
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed to generate multisig address")
+	}
+
+	return &muunAddress{
+		address:        address.String(),
+		version:        addressV2,
+		derivationPath: userKey.Path,
+		redeemScript:   script,
+	}, nil
+}
+
+func createRedeemScriptV2(userKey, muunKey *HDPublicKey) ([]byte, error) {
+
+	userAddress, err := btcutil.NewAddressPubKey(userKey.Raw(), userKey.Network.network)
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed to generate address for user")
+	}
+
+	muunAddress, err := btcutil.NewAddressPubKey(muunKey.Raw(), muunKey.Network.network)
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed to generate address for muun")
+	}
+
+	return txscript.MultiSigScript([]*btcutil.AddressPubKey{
+		userAddress,
+		muunAddress,
+	}, 2)
+}
+
+func addUserSignatureInputV2(input Input, index int, tx *wire.MsgTx, privateKey *HDPrivateKey,
+	muunKey *HDPublicKey) (*wire.TxIn, error) {
+
+	if len(input.MuunSignature()) == 0 {
+		return nil, errors.Errorf("muun signature must be present")
+	}
+
+	txInput := tx.TxIn[index]
+
+	redeemScript, err := createRedeemScriptV2(privateKey.PublicKey(), muunKey)
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed to build reedem script for signing")
+	}
+
+	sig, err := signInputV2(input, index, tx, privateKey.PublicKey(), muunKey, privateKey)
+	if err != nil {
+		return nil, err
+	}
+
+	// This is a standard 2 of 2 multisig script
+	// 0 because of a bug in bitcoind
+	// Then the 2 sigs: first the users and then muuns
+	// Last, the script that contains the two pub keys and OP_CHECKMULTISIG
+	builder := txscript.NewScriptBuilder()
+	builder.AddInt64(0)
+	builder.AddData(sig)
+	builder.AddData(input.MuunSignature())
+	builder.AddData(redeemScript)
+	script, err := builder.Script()
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed to generate signing script")
+	}
+
+	txInput.SignatureScript = script
+
+	return txInput, nil
+}
+
+func signInputV2(input Input, index int, tx *wire.MsgTx, userKey, muunKey *HDPublicKey,
+	signingKey *HDPrivateKey) ([]byte, error) {
+
+	redeemScript, err := createRedeemScriptV2(userKey, muunKey)
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed to build reedem script for signing")
+	}
+
+	privKey, err := signingKey.key.ECPrivKey()
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed to produce EC priv key for signing")
+	}
+
+	sig, err := txscript.RawTxInSignature(tx, index, redeemScript, txscript.SigHashAll, privKey)
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed to sign V2 output")
+	}
+
+	return sig, nil
+}

vendor/github.com/muun/libwallet/V3.go

@@ -0,0 +1,84 @@
+package libwallet
+
+import (
+	"github.com/btcsuite/btcutil"
+
+	"github.com/pkg/errors"
+
+	"github.com/btcsuite/btcd/wire"
+)
+
+func CreateAddressV3(userKey, muunKey *HDPublicKey) (MuunAddress, error) {
+
+	redeemScript, err := createRedeemScriptV3(userKey, muunKey)
+	if err != nil {
+		return nil, err
+	}
+
+	address, err := btcutil.NewAddressScriptHash(redeemScript, userKey.Network.network)
+	if err != nil {
+		return nil, err
+	}
+
+	return &muunAddress{
+		address:        address.EncodeAddress(),
+		version:        addressV3,
+		derivationPath: userKey.Path,
+		redeemScript:   redeemScript,
+	}, nil
+}
+
+func createRedeemScriptV3(userKey, muunKey *HDPublicKey) ([]byte, error) {
+	witnessScript, err := createWitnessScriptV3(userKey, muunKey)
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed to generate redeem script v3")
+	}
+
+	return createNonNativeSegwitRedeemScript(witnessScript)
+}
+
+func createWitnessScriptV3(userKey, muunKey *HDPublicKey) ([]byte, error) {
+	// createRedeemScriptV2 creates a valid script for both V2 and V3 schemes
+	return createRedeemScriptV2(userKey, muunKey)
+}
+
+func addUserSignatureInputV3(input Input, index int, tx *wire.MsgTx, privateKey *HDPrivateKey, muunKey *HDPublicKey) (*wire.TxIn, error) {
+
+	if len(input.MuunSignature()) == 0 {
+		return nil, errors.Errorf("muun signature must be present")
+	}
+
+
+	witnessScript, err := createWitnessScriptV3(privateKey.PublicKey(), muunKey)
+	if err != nil {
+		return nil, err
+	}
+
+	sig, err := signInputV3(input, index, tx, privateKey.PublicKey(), muunKey, privateKey)
+	if err != nil {
+		return nil, err
+	}
+
+	zeroByteArray := []byte{}
+
+	txInput := tx.TxIn[index]
+	txInput.Witness = wire.TxWitness{zeroByteArray, sig, input.MuunSignature(), witnessScript}
+
+	return txInput, nil
+}
+
+func signInputV3(input Input, index int, tx *wire.MsgTx, userKey *HDPublicKey, muunKey *HDPublicKey,
+	signingKey *HDPrivateKey) ([]byte, error) {
+
+	witnessScript, err := createWitnessScriptV3(userKey, muunKey)
+	if err != nil {
+		return nil, err
+	}
+
+	redeemScript, err := createRedeemScriptV3(userKey, muunKey)
+	if err != nil {
+		return nil,  errors.Wrapf(err, "failed to build reedem script for signing")
+	}
+
+	return signNonNativeSegwitInput(input, index, tx, signingKey, redeemScript, witnessScript)
+}

vendor/github.com/muun/libwallet/address.go

@@ -0,0 +1,252 @@
+package libwallet
+
+import (
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strconv"
+	"strings"
+
+	"github.com/btcsuite/btcd/txscript"
+	"github.com/btcsuite/btcutil"
+	"github.com/golang/protobuf/proto"
+	"github.com/pkg/errors"
+)
+
+type AddressVersion int
+
+const (
+	addressV1            AddressVersion = 1
+	addressV2            AddressVersion = 2
+	addressV3            AddressVersion = 3
+	addressSubmarineSwap AddressVersion = 101
+)
+
+type muunAddress struct {
+	version        AddressVersion
+	derivationPath string
+	address        string
+	redeemScript   []byte
+}
+
+func newMuunAddress(version AddressVersion, userPublicKey, muunPublicKey *HDPublicKey) (MuunAddress, error) {
+	if userPublicKey.Path != muunPublicKey.Path {
+		return nil, errors.Errorf("paths must match for address generation (%v != %v)", userPublicKey.Path, muunPublicKey.Path)
+	}
+
+	switch version {
+	case addressV1:
+		return CreateAddressV1(userPublicKey)
+	case addressV2:
+		return CreateAddressV2(userPublicKey, muunPublicKey)
+	case addressV3:
+		return CreateAddressV3(userPublicKey, muunPublicKey)
+	case addressSubmarineSwap:
+		return CreateAddressSubmarineSwap(userPublicKey)
+	}
+
+	return nil, errors.Errorf("unknown version %v", version)
+}
+
+func (a *muunAddress) Version() int {
+	return int(a.version)
+}
+
+func (a *muunAddress) DerivationPath() string {
+	return a.derivationPath
+}
+
+func (a *muunAddress) Address() string {
+	return a.address
+}
+
+func (a *muunAddress) RedeemScript() []byte {
+	return a.redeemScript
+}
+
+// MuunPaymentURI is muun's uri struct
+type MuunPaymentURI struct {
+	Address      string
+	Label        string
+	Message      string
+	Amount       string
+	URI          string
+	BIP70Url     string
+	CreationTime string
+	ExpiresTime  string
+	Invoice      *Invoice
+}
+
+const (
+	bitcoinScheme = "bitcoin:"
+	muunScheme    = "muun:"
+)
+
+// GetPaymentURI builds a MuunPaymentURI from an address and a network
+func GetPaymentURI(address string, network *Network) (*MuunPaymentURI, error) {
+
+	uriAddress := normalizeAddress(address)
+
+	components, err := url.Parse(uriAddress)
+	if err != nil {
+		return nil, err
+	}
+
+	if components.Scheme != "bitcoin" {
+		return nil, errors.New("Invalid scheme")
+	}
+
+	base58Address := components.Opaque
+
+	// When URIs are bitcoin:// the address comes in host
+	// this happens in iOS that mostly ignores bitcoin: format
+	if len(base58Address) == 0 {
+		base58Address = components.Host
+	}
+
+	queryValues, err := url.ParseQuery(components.RawQuery)
+	if err != nil {
+		return nil, errors.Wrapf(err, "Couldnt parse query")
+	}
+
+	var label, message, amount string
+
+	if len(queryValues["label"]) != 0 {
+		label = queryValues["label"][0]
+	}
+
+	if len(queryValues["message"]) != 0 {
+		message = queryValues["message"][0]
+	}
+
+	if len(queryValues["amount"]) != 0 {
+		amount = queryValues["amount"][0]
+	}
+
+	if len(queryValues["lightning"]) != 0 {
+		invoice, err := ParseInvoice(queryValues["lightning"][0], network)
+
+		if err == nil {
+			return &MuunPaymentURI{Invoice:invoice}, nil
+		}
+	}
+
+	//BIP70 check
+	if len(queryValues["r"]) != 0 {
+		if len(base58Address) > 0 {
+			return &MuunPaymentURI{
+				Address:  base58Address,
+				Label:    label,
+				Message:  message,
+				Amount:   amount,
+				URI:      uriAddress,
+				BIP70Url: queryValues["r"][0],
+			}, nil
+		}
+		return &MuunPaymentURI{
+			Label:    label,
+			Message:  message,
+			Amount:   amount,
+			URI:      uriAddress,
+			BIP70Url: queryValues["r"][0],
+		}, nil
+	}
+
+	// Bech32 check
+	validatedBase58Address, err := btcutil.DecodeAddress(base58Address, network.network)
+	if err != nil {
+		return nil, err
+	}
+
+	if !validatedBase58Address.IsForNet(network.network) {
+		return nil, errors.Errorf("Network mismatch")
+	}
+
+	return &MuunPaymentURI{
+		Address: validatedBase58Address.String(),
+		Label:   label,
+		Message: message,
+		Amount:  amount,
+		URI:     uriAddress,
+	}, nil
+
+}
+
+// DoPaymentRequestCall builds a MuunPaymentUri from a url and a network. Handling BIP70 to 72
+func DoPaymentRequestCall(url string, network *Network) (*MuunPaymentURI, error) {
+	req, err := http.NewRequest("GET", url, nil)
+	if err != nil {
+		return nil, errors.Wrapf(err, "Failed to create request to: %s", url)
+	}
+
+	req.Header.Set("Accept", "application/bitcoin-paymentrequest")
+
+	client := &http.Client{}
+	resp, err := client.Do(req)
+	if err != nil {
+		return nil, errors.Wrapf(err, "Failed to make request to: %s", url)
+	}
+	defer resp.Body.Close()
+
+	body, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return nil, errors.Wrapf(err, "Failed to read body response")
+	}
+
+	payReq := &PaymentRequest{}
+	err = proto.Unmarshal(body, payReq)
+	if err != nil {
+		return nil, errors.Wrapf(err, "Failed to Unmarshall paymentRequest")
+	}
+
+	payDetails := &PaymentDetails{}
+
+	err = proto.Unmarshal(payReq.SerializedPaymentDetails, payDetails)
+	if err != nil {
+		return nil, errors.Wrapf(err, "Failed to Unmarshall paymentDetails")
+	}
+
+	if len(payDetails.Outputs) == 0 {
+		return nil, errors.New("No outputs provided")
+	}
+
+	address, err := getAddressFromScript(payDetails.Outputs[0].Script, network)
+	if err != nil {
+		errors.Wrapf(err, "Failed to get address")
+	}
+
+	return &MuunPaymentURI{
+		Address:      address,
+		Message:      *payDetails.Memo,
+		Amount:       strconv.FormatUint(*payDetails.Outputs[0].Amount, 10),
+		BIP70Url:     url,
+		CreationTime: strconv.FormatUint(*payDetails.Time, 10),
+		ExpiresTime:  strconv.FormatUint(*payDetails.Expires, 10),
+	}, nil
+}
+
+func getAddressFromScript(script []byte, network *Network) (string, error) {
+	pkScript, err := txscript.ParsePkScript(script)
+	if err != nil {
+		return "", err
+	}
+	address, err := pkScript.Address(network.network)
+	if err != nil {
+		return "", err
+	}
+	return address.String(), nil
+}
+
+func normalizeAddress(rawAddress string) string {
+	newAddress := rawAddress
+
+	if strings.Contains(newAddress, muunScheme) {
+		newAddress = strings.Replace(newAddress, muunScheme, bitcoinScheme, 1)
+	}
+
+	if !strings.Contains(newAddress, bitcoinScheme) {
+		newAddress = bitcoinScheme + rawAddress
+	}
+
+	return newAddress
+}

vendor/github.com/muun/libwallet/aes.go

@@ -0,0 +1,70 @@
+package libwallet
+
+import (
+	"bytes"
+	"crypto/aes"
+	"crypto/cipher"
+
+	"github.com/pkg/errors"
+)
+
+func encrypt(key []byte, iv []byte, plaintext []byte) ([]byte, error) {
+
+	plaintext = pkcs7Padding(plaintext)
+
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return nil, err
+	}
+
+	ciphertext := make([]byte, len(plaintext))
+
+	mode := cipher.NewCBCEncrypter(block, iv)
+	mode.CryptBlocks(ciphertext, plaintext)
+
+	return ciphertext, nil
+}
+
+func decrypt(key []byte, iv []byte, cypertext []byte) ([]byte, error) {
+
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return nil, err
+	}
+
+	plaintext := make([]byte, len(cypertext))
+
+	mode := cipher.NewCBCDecrypter(block, iv)
+	mode.CryptBlocks(plaintext, cypertext)
+
+	plaintext, err = pkcs7UnPadding(plaintext)
+	if err != nil {
+		return nil, err
+	}
+
+	return plaintext, nil
+}
+
+func pkcs7Padding(src []byte) []byte {
+	padding := aes.BlockSize - len(src)%aes.BlockSize
+	padtext := bytes.Repeat([]byte{byte(padding)}, padding)
+	return append(src, padtext...)
+}
+
+func pkcs7UnPadding(src []byte) ([]byte, error) {
+	length := len(src)
+	unpadding := int(src[length-1])
+
+	if unpadding > aes.BlockSize || unpadding == 0 {
+		return nil, errors.New("invalid pkcs7 padding (unpadding > aes.BlockSize || unpadding == 0)")
+	}
+
+	pad := src[len(src)-unpadding:]
+	for i := 0; i < unpadding; i++ {
+		if pad[i] != byte(unpadding) {
+			return nil, errors.New("invalid pkcs7 padding (pad[i] != unpadding)")
+		}
+	}
+
+	return src[:(length - unpadding)], nil
+}

vendor/github.com/muun/libwallet/bip70.pb.go

@@ -0,0 +1,431 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// source: bip70.proto
+
+package libwallet
+
+import (
+	fmt "fmt"
+	math "math"
+
+	proto "github.com/golang/protobuf/proto"
+)
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ = proto.Marshal
+var _ = fmt.Errorf
+var _ = math.Inf
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
+
+// Generalized form of "send payment to this/these bitcoin addresses"
+type Output struct {
+	Amount               *uint64  `protobuf:"varint,1,opt,name=amount,def=0" json:"amount,omitempty"`
+	Script               []byte   `protobuf:"bytes,2,req,name=script" json:"script,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *Output) Reset()         { *m = Output{} }
+func (m *Output) String() string { return proto.CompactTextString(m) }
+func (*Output) ProtoMessage()    {}
+func (*Output) Descriptor() ([]byte, []int) {
+	return fileDescriptor_de204c4c8d465ce4, []int{0}
+}
+
+func (m *Output) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_Output.Unmarshal(m, b)
+}
+func (m *Output) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_Output.Marshal(b, m, deterministic)
+}
+func (m *Output) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Output.Merge(m, src)
+}
+func (m *Output) XXX_Size() int {
+	return xxx_messageInfo_Output.Size(m)
+}
+func (m *Output) XXX_DiscardUnknown() {
+	xxx_messageInfo_Output.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Output proto.InternalMessageInfo
+
+const Default_Output_Amount uint64 = 0
+
+func (m *Output) GetAmount() uint64 {
+	if m != nil && m.Amount != nil {
+		return *m.Amount
+	}
+	return Default_Output_Amount
+}
+
+func (m *Output) GetScript() []byte {
+	if m != nil {
+		return m.Script
+	}
+	return nil
+}
+
+type PaymentDetails struct {
+	Network              *string   `protobuf:"bytes,1,opt,name=network,def=main" json:"network,omitempty"`
+	Outputs              []*Output `protobuf:"bytes,2,rep,name=outputs" json:"outputs,omitempty"`
+	Time                 *uint64   `protobuf:"varint,3,req,name=time" json:"time,omitempty"`
+	Expires              *uint64   `protobuf:"varint,4,opt,name=expires" json:"expires,omitempty"`
+	Memo                 *string   `protobuf:"bytes,5,opt,name=memo" json:"memo,omitempty"`
+	PaymentUrl           *string   `protobuf:"bytes,6,opt,name=payment_url,json=paymentUrl" json:"payment_url,omitempty"`
+	MerchantData         []byte    `protobuf:"bytes,7,opt,name=merchant_data,json=merchantData" json:"merchant_data,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
+	XXX_unrecognized     []byte    `json:"-"`
+	XXX_sizecache        int32     `json:"-"`
+}
+
+func (m *PaymentDetails) Reset()         { *m = PaymentDetails{} }
+func (m *PaymentDetails) String() string { return proto.CompactTextString(m) }
+func (*PaymentDetails) ProtoMessage()    {}
+func (*PaymentDetails) Descriptor() ([]byte, []int) {
+	return fileDescriptor_de204c4c8d465ce4, []int{1}
+}
+
+func (m *PaymentDetails) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_PaymentDetails.Unmarshal(m, b)
+}
+func (m *PaymentDetails) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_PaymentDetails.Marshal(b, m, deterministic)
+}
+func (m *PaymentDetails) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_PaymentDetails.Merge(m, src)
+}
+func (m *PaymentDetails) XXX_Size() int {
+	return xxx_messageInfo_PaymentDetails.Size(m)
+}
+func (m *PaymentDetails) XXX_DiscardUnknown() {
+	xxx_messageInfo_PaymentDetails.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_PaymentDetails proto.InternalMessageInfo
+
+const Default_PaymentDetails_Network string = "main"
+
+func (m *PaymentDetails) GetNetwork() string {
+	if m != nil && m.Network != nil {
+		return *m.Network
+	}
+	return Default_PaymentDetails_Network
+}
+
+func (m *PaymentDetails) GetOutputs() []*Output {
+	if m != nil {
+		return m.Outputs
+	}
+	return nil
+}
+
+func (m *PaymentDetails) GetTime() uint64 {
+	if m != nil && m.Time != nil {
+		return *m.Time
+	}
+	return 0
+}
+
+func (m *PaymentDetails) GetExpires() uint64 {
+	if m != nil && m.Expires != nil {
+		return *m.Expires
+	}
+	return 0
+}
+
+func (m *PaymentDetails) GetMemo() string {
+	if m != nil && m.Memo != nil {
+		return *m.Memo
+	}
+	return ""
+}
+
+func (m *PaymentDetails) GetPaymentUrl() string {
+	if m != nil && m.PaymentUrl != nil {
+		return *m.PaymentUrl
+	}
+	return ""
+}
+
+func (m *PaymentDetails) GetMerchantData() []byte {
+	if m != nil {
+		return m.MerchantData
+	}
+	return nil
+}
+
+type PaymentRequest struct {
+	PaymentDetailsVersion    *uint32  `protobuf:"varint,1,opt,name=payment_details_version,json=paymentDetailsVersion,def=1" json:"payment_details_version,omitempty"`
+	PkiType                  *string  `protobuf:"bytes,2,opt,name=pki_type,json=pkiType,def=none" json:"pki_type,omitempty"`
+	PkiData                  []byte   `protobuf:"bytes,3,opt,name=pki_data,json=pkiData" json:"pki_data,omitempty"`
+	SerializedPaymentDetails []byte   `protobuf:"bytes,4,req,name=serialized_payment_details,json=serializedPaymentDetails" json:"serialized_payment_details,omitempty"`
+	Signature                []byte   `protobuf:"bytes,5,opt,name=signature" json:"signature,omitempty"`
+	XXX_NoUnkeyedLiteral     struct{} `json:"-"`
+	XXX_unrecognized         []byte   `json:"-"`
+	XXX_sizecache            int32    `json:"-"`
+}
+
+func (m *PaymentRequest) Reset()         { *m = PaymentRequest{} }
+func (m *PaymentRequest) String() string { return proto.CompactTextString(m) }
+func (*PaymentRequest) ProtoMessage()    {}
+func (*PaymentRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_de204c4c8d465ce4, []int{2}
+}
+
+func (m *PaymentRequest) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_PaymentRequest.Unmarshal(m, b)
+}
+func (m *PaymentRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_PaymentRequest.Marshal(b, m, deterministic)
+}
+func (m *PaymentRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_PaymentRequest.Merge(m, src)
+}
+func (m *PaymentRequest) XXX_Size() int {
+	return xxx_messageInfo_PaymentRequest.Size(m)
+}
+func (m *PaymentRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_PaymentRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_PaymentRequest proto.InternalMessageInfo
+
+const Default_PaymentRequest_PaymentDetailsVersion uint32 = 1
+const Default_PaymentRequest_PkiType string = "none"
+
+func (m *PaymentRequest) GetPaymentDetailsVersion() uint32 {
+	if m != nil && m.PaymentDetailsVersion != nil {
+		return *m.PaymentDetailsVersion
+	}
+	return Default_PaymentRequest_PaymentDetailsVersion
+}
+
+func (m *PaymentRequest) GetPkiType() string {
+	if m != nil && m.PkiType != nil {
+		return *m.PkiType
+	}
+	return Default_PaymentRequest_PkiType
+}
+
+func (m *PaymentRequest) GetPkiData() []byte {
+	if m != nil {
+		return m.PkiData
+	}
+	return nil
+}
+
+func (m *PaymentRequest) GetSerializedPaymentDetails() []byte {
+	if m != nil {
+		return m.SerializedPaymentDetails
+	}
+	return nil
+}
+
+func (m *PaymentRequest) GetSignature() []byte {
+	if m != nil {
+		return m.Signature
+	}
+	return nil
+}
+
+type X509Certificates struct {
+	Certificate          [][]byte `protobuf:"bytes,1,rep,name=certificate" json:"certificate,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *X509Certificates) Reset()         { *m = X509Certificates{} }
+func (m *X509Certificates) String() string { return proto.CompactTextString(m) }
+func (*X509Certificates) ProtoMessage()    {}
+func (*X509Certificates) Descriptor() ([]byte, []int) {
+	return fileDescriptor_de204c4c8d465ce4, []int{3}
+}
+
+func (m *X509Certificates) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_X509Certificates.Unmarshal(m, b)
+}
+func (m *X509Certificates) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_X509Certificates.Marshal(b, m, deterministic)
+}
+func (m *X509Certificates) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_X509Certificates.Merge(m, src)
+}
+func (m *X509Certificates) XXX_Size() int {
+	return xxx_messageInfo_X509Certificates.Size(m)
+}
+func (m *X509Certificates) XXX_DiscardUnknown() {
+	xxx_messageInfo_X509Certificates.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_X509Certificates proto.InternalMessageInfo
+
+func (m *X509Certificates) GetCertificate() [][]byte {
+	if m != nil {
+		return m.Certificate
+	}
+	return nil
+}
+
+type Payment struct {
+	MerchantData         []byte    `protobuf:"bytes,1,opt,name=merchant_data,json=merchantData" json:"merchant_data,omitempty"`
+	Transactions         [][]byte  `protobuf:"bytes,2,rep,name=transactions" json:"transactions,omitempty"`
+	RefundTo             []*Output `protobuf:"bytes,3,rep,name=refund_to,json=refundTo" json:"refund_to,omitempty"`
+	Memo                 *string   `protobuf:"bytes,4,opt,name=memo" json:"memo,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
+	XXX_unrecognized     []byte    `json:"-"`
+	XXX_sizecache        int32     `json:"-"`
+}
+
+func (m *Payment) Reset()         { *m = Payment{} }
+func (m *Payment) String() string { return proto.CompactTextString(m) }
+func (*Payment) ProtoMessage()    {}
+func (*Payment) Descriptor() ([]byte, []int) {
+	return fileDescriptor_de204c4c8d465ce4, []int{4}
+}
+
+func (m *Payment) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_Payment.Unmarshal(m, b)
+}
+func (m *Payment) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_Payment.Marshal(b, m, deterministic)
+}
+func (m *Payment) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Payment.Merge(m, src)
+}
+func (m *Payment) XXX_Size() int {
+	return xxx_messageInfo_Payment.Size(m)
+}
+func (m *Payment) XXX_DiscardUnknown() {
+	xxx_messageInfo_Payment.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Payment proto.InternalMessageInfo
+
+func (m *Payment) GetMerchantData() []byte {
+	if m != nil {
+		return m.MerchantData
+	}
+	return nil
+}
+
+func (m *Payment) GetTransactions() [][]byte {
+	if m != nil {
+		return m.Transactions
+	}
+	return nil
+}
+
+func (m *Payment) GetRefundTo() []*Output {
+	if m != nil {
+		return m.RefundTo
+	}
+	return nil
+}
+
+func (m *Payment) GetMemo() string {
+	if m != nil && m.Memo != nil {
+		return *m.Memo
+	}
+	return ""
+}
+
+type PaymentACK struct {
+	Payment              *Payment `protobuf:"bytes,1,req,name=payment" json:"payment,omitempty"`
+	Memo                 *string  `protobuf:"bytes,2,opt,name=memo" json:"memo,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *PaymentACK) Reset()         { *m = PaymentACK{} }
+func (m *PaymentACK) String() string { return proto.CompactTextString(m) }
+func (*PaymentACK) ProtoMessage()    {}
+func (*PaymentACK) Descriptor() ([]byte, []int) {
+	return fileDescriptor_de204c4c8d465ce4, []int{5}
+}
+
+func (m *PaymentACK) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_PaymentACK.Unmarshal(m, b)
+}
+func (m *PaymentACK) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_PaymentACK.Marshal(b, m, deterministic)
+}
+func (m *PaymentACK) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_PaymentACK.Merge(m, src)
+}
+func (m *PaymentACK) XXX_Size() int {
+	return xxx_messageInfo_PaymentACK.Size(m)
+}
+func (m *PaymentACK) XXX_DiscardUnknown() {
+	xxx_messageInfo_PaymentACK.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_PaymentACK proto.InternalMessageInfo
+
+func (m *PaymentACK) GetPayment() *Payment {
+	if m != nil {
+		return m.Payment
+	}
+	return nil
+}
+
+func (m *PaymentACK) GetMemo() string {
+	if m != nil && m.Memo != nil {
+		return *m.Memo
+	}
+	return ""
+}
+
+func init() {
+	proto.RegisterType((*Output)(nil), "payments.Output")
+	proto.RegisterType((*PaymentDetails)(nil), "payments.PaymentDetails")
+	proto.RegisterType((*PaymentRequest)(nil), "payments.PaymentRequest")
+	proto.RegisterType((*X509Certificates)(nil), "payments.X509Certificates")
+	proto.RegisterType((*Payment)(nil), "payments.Payment")
+	proto.RegisterType((*PaymentACK)(nil), "payments.PaymentACK")
+}
+
+func init() { proto.RegisterFile("bip70.proto", fileDescriptor_de204c4c8d465ce4) }
+
+var fileDescriptor_de204c4c8d465ce4 = []byte{
+	// 499 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x74, 0x53, 0x5f, 0x6f, 0xd3, 0x3e,
+	0x14, 0x55, 0xd2, 0xfc, 0x9a, 0xf6, 0x36, 0xfb, 0x69, 0x58, 0x02, 0x3c, 0x84, 0xb6, 0x28, 0xbc,
+	0x44, 0x20, 0xaa, 0x32, 0x81, 0xd0, 0x0a, 0x2f, 0x6c, 0x7b, 0x43, 0x88, 0xc9, 0x1a, 0x88, 0xb7,
+	0xc8, 0x4b, 0xbd, 0x61, 0x35, 0xb1, 0x8d, 0x7d, 0x03, 0x94, 0xef, 0xc1, 0x27, 0x84, 0x0f, 0x82,
+	0xf2, 0xaf, 0x61, 0x9b, 0x78, 0xb3, 0xcf, 0x3d, 0x39, 0xf7, 0xdc, 0x7b, 0x1c, 0x98, 0x5d, 0x48,
+	0xf3, 0x72, 0x31, 0x37, 0x56, 0xa3, 0x26, 0x13, 0xc3, 0x37, 0xa5, 0x50, 0xe8, 0x92, 0x57, 0x30,
+	0x7e, 0x5f, 0xa1, 0xa9, 0x90, 0xec, 0xc1, 0x98, 0x97, 0xba, 0x52, 0x48, 0xbd, 0xd8, 0x4b, 0x83,
+	0xa5, 0xb7, 0x60, 0x1d, 0x40, 0xee, 0xc1, 0xd8, 0xe5, 0x56, 0x1a, 0xa4, 0x7e, 0xec, 0xa7, 0x11,
+	0xeb, 0x6e, 0xc9, 0x6f, 0x0f, 0xfe, 0x3f, 0x6b, 0x95, 0x4e, 0x05, 0x72, 0x59, 0x38, 0xb2, 0x0f,
+	0xa1, 0x12, 0xf8, 0x4d, 0xdb, 0x75, 0x23, 0x33, 0x5d, 0x06, 0x25, 0x97, 0x8a, 0xf5, 0x20, 0x79,
+	0x0c, 0xa1, 0x6e, 0xfa, 0x39, 0xea, 0xc7, 0xa3, 0x74, 0x76, 0xb8, 0x3b, 0xef, 0xbd, 0xcc, 0x5b,
+	0x23, 0xac, 0x27, 0x10, 0x02, 0x01, 0xca, 0x52, 0xd0, 0x51, 0xec, 0xa7, 0x01, 0x6b, 0xce, 0x84,
+	0x42, 0x28, 0xbe, 0x1b, 0x69, 0x85, 0xa3, 0x41, 0x6d, 0x93, 0xf5, 0xd7, 0x9a, 0x5d, 0x8a, 0x52,
+	0xd3, 0xff, 0xea, 0xb6, 0xac, 0x39, 0x93, 0x03, 0x98, 0x75, 0xea, 0x59, 0x65, 0x0b, 0x3a, 0x6e,
+	0x4a, 0xd0, 0x41, 0x1f, 0x6c, 0x41, 0x1e, 0xc1, 0x4e, 0x29, 0x6c, 0xfe, 0x99, 0x2b, 0xcc, 0x56,
+	0x1c, 0x39, 0x0d, 0x63, 0x2f, 0x8d, 0x58, 0xd4, 0x83, 0xa7, 0x1c, 0x79, 0xf2, 0x6b, 0x18, 0x93,
+	0x89, 0x2f, 0x95, 0x70, 0x48, 0x8e, 0xe0, 0x7e, 0x2f, 0xbc, 0x6a, 0x27, 0xcf, 0xbe, 0x0a, 0xeb,
+	0xa4, 0x56, 0xcd, 0xd8, 0x3b, 0x4b, 0xef, 0x19, 0xbb, 0x6b, 0xae, 0xad, 0xe6, 0x63, 0x5b, 0x27,
+	0x07, 0x30, 0x31, 0x6b, 0x99, 0xe1, 0xc6, 0x08, 0xea, 0xb7, 0x2b, 0x52, 0x5a, 0x09, 0x16, 0x9a,
+	0xb5, 0x3c, 0xdf, 0x18, 0x41, 0xf6, 0x5a, 0x42, 0x63, 0x67, 0xd4, 0xd8, 0xa9, 0x4b, 0xb5, 0x13,
+	0xf2, 0x1a, 0x1e, 0x38, 0x61, 0x25, 0x2f, 0xe4, 0x0f, 0xb1, 0xca, 0x6e, 0x38, 0xa0, 0x41, 0x13,
+	0x0e, 0x1d, 0x18, 0x37, 0xb2, 0x79, 0x08, 0x53, 0x27, 0xaf, 0x14, 0xc7, 0xca, 0x8a, 0x66, 0x4d,
+	0x11, 0x1b, 0x80, 0xe4, 0x39, 0xec, 0x7e, 0x7a, 0xb1, 0x38, 0x3a, 0x11, 0x16, 0xe5, 0xa5, 0xcc,
+	0x39, 0x0a, 0x47, 0x62, 0x98, 0xe5, 0xc3, 0x9d, 0x7a, 0xf1, 0x28, 0x8d, 0xd8, 0xdf, 0x50, 0xf2,
+	0xd3, 0x83, 0xb0, 0x6b, 0x73, 0x7b, 0x99, 0xde, 0xed, 0x65, 0x92, 0x04, 0x22, 0xb4, 0x5c, 0x39,
+	0x9e, 0xa3, 0xd4, 0xaa, 0x7d, 0x05, 0x11, 0xbb, 0x86, 0x91, 0xa7, 0x30, 0xb5, 0xe2, 0xb2, 0x52,
+	0xab, 0x0c, 0x35, 0x1d, 0xfd, 0xe3, 0x99, 0x4c, 0x5a, 0xca, 0xb9, 0xde, 0x26, 0x1f, 0x0c, 0xc9,
+	0x27, 0xef, 0x00, 0x3a, 0x5b, 0x6f, 0x4e, 0xde, 0x92, 0x27, 0x10, 0x76, 0x9f, 0x53, 0x2f, 0xf6,
+	0xd3, 0xd9, 0xe1, 0x9d, 0x41, 0xae, 0x4f, 0xb6, 0x67, 0x6c, 0xe5, 0xfc, 0x41, 0xee, 0x38, 0x85,
+	0x7d, 0x6d, 0xaf, 0xe6, 0x17, 0x12, 0x73, 0x2d, 0x55, 0xfb, 0x17, 0xe5, 0xba, 0x70, 0x5b, 0x99,
+	0xe3, 0xf1, 0x59, 0x8d, 0xb9, 0x3f, 0x01, 0x00, 0x00, 0xff, 0xff, 0x27, 0x08, 0xfa, 0xe5, 0x68,
+	0x03, 0x00, 0x00,
+}

vendor/github.com/muun/libwallet/bip70.proto

@@ -0,0 +1,44 @@
+//
+// Simple Bitcoin Payment Protocol messages
+//
+// Use fields 1000+ for extensions;
+// to avoid conflicts, register extensions via pull-req at
+// https://github.com/bitcoin/bips/blob/master/bip-0070/extensions.mediawiki
+//
+
+syntax = "proto3";
+
+// Generalized form of "send payment to this/these bitcoin addresses"
+message Output {
+        optional uint64 amount = 1 [default = 0]; // amount is integer-number-of-satoshis
+        required bytes script = 2; // usually one of the standard Script forms
+}
+message PaymentDetails {
+        optional string network = 1 [default = "main"]; // "main" or "test"
+        repeated Output outputs = 2;        // Where payment should be sent
+        required uint64 time = 3;           // Timestamp; when payment request created
+        optional uint64 expires = 4;        // Timestamp; when this request should be considered invalid
+        optional string memo = 5;           // Human-readable description of request for the customer
+        optional string payment_url = 6;    // URL to send Payment and get PaymentACK
+        optional bytes merchant_data = 7;   // Arbitrary data to include in the Payment message
+}
+message PaymentRequest {
+        optional uint32 payment_details_version = 1 [default = 1];
+        optional string pki_type = 2 [default = "none"];  // none / x509+sha256 / x509+sha1
+        optional bytes pki_data = 3;                      // depends on pki_type
+        required bytes serialized_payment_details = 4;    // PaymentDetails
+        optional bytes signature = 5;                     // pki-dependent signature
+}
+message X509Certificates {
+        repeated bytes certificate = 1;    // DER-encoded X.509 certificate chain
+}
+message Payment {
+        optional bytes merchant_data = 1;  // From PaymentDetails.merchant_data
+        repeated bytes transactions = 2;   // Signed transactions that satisfy PaymentDetails.outputs
+        repeated Output refund_to = 3;     // Where to send refunds, if a refund is necessary
+        optional string memo = 4;          // Human-readable message for the merchant
+}
+message PaymentACK {
+        required Payment payment = 1;      // Payment message that triggered this ACK
+        optional string memo = 2;          // human-readable message for customer
+}

vendor/github.com/muun/libwallet/challenge_keys.go

@@ -0,0 +1,124 @@
+package libwallet
+
+import (
+	"bytes"
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/sha256"
+	"encoding/binary"
+	"encoding/hex"
+
+	"github.com/btcsuite/btcd/btcec"
+	"github.com/btcsuite/btcutil/base58"
+	"github.com/pkg/errors"
+)
+
+type ChallengePrivateKey struct {
+	key *btcec.PrivateKey
+}
+
+type DecryptedPrivateKey struct {
+	Key      *HDPrivateKey
+	Birthday int
+}
+
+func NewChallengePrivateKey(input, salt []byte) *ChallengePrivateKey {
+
+	key := Scrypt256(input, salt)
+
+	// 2nd return value is the pub key which we don't need right now
+	priv, _ := btcec.PrivKeyFromBytes(btcec.S256(), key)
+
+	return &ChallengePrivateKey{key: priv}
+}
+
+func (k *ChallengePrivateKey) SignSha(payload []byte) ([]byte, error) {
+
+	hash := sha256.Sum256(payload)
+	sig, err := k.key.Sign(hash[:])
+
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed to sign payload")
+	}
+
+	return sig.Serialize(), nil
+}
+
+func (k *ChallengePrivateKey) PubKeyHex() string {
+	rawKey := k.key.PubKey().SerializeCompressed()
+	return hex.EncodeToString(rawKey)
+}
+
+func (k *ChallengePrivateKey) PubKey() *ChallengePublicKey {
+	return &ChallengePublicKey{pubKey: k.key.PubKey()}
+}
+
+func (k *ChallengePrivateKey) DecryptKey(encryptedKey string, network *Network) (*DecryptedPrivateKey, error) {
+
+	reader := bytes.NewReader(base58.Decode(encryptedKey))
+	version, err := reader.ReadByte()
+	if err != nil {
+		return nil, errors.Wrapf(err, "decrypting key")
+	}
+	if version != 2 {
+		return nil, errors.Errorf("decrypting key: found key version %v, expected 2", version)
+	}
+
+	birthdayBytes := make([]byte, 2)
+	rawPubEph := make([]byte, 33)
+	ciphertext := make([]byte, 64)
+	recoveryCodeSalt := make([]byte, 8)
+
+	n, err := reader.Read(birthdayBytes)
+	if err != nil || n != 2 {
+		return nil, errors.Errorf("decrypting key: failed to read birthday")
+	}
+	birthday := binary.BigEndian.Uint16(birthdayBytes)
+
+	n, err = reader.Read(rawPubEph)
+	if err != nil || n != 33 {
+		return nil, errors.Errorf("decrypting key: failed to read pubeph")
+	}
+
+	n, err = reader.Read(ciphertext)
+	if err != nil || n != 64 {
+		return nil, errors.Errorf("decrypting key: failed to read ciphertext")
+	}
+
+	n, err = reader.Read(recoveryCodeSalt)
+	if err != nil || n != 8 {
+		return nil, errors.Errorf("decrypting key: failed to read recoveryCodeSalt")
+	}
+
+	pubEph, err := btcec.ParsePubKey(rawPubEph, btcec.S256())
+	if err != nil {
+		return nil, errors.Wrapf(err, "decrypting key: failed to parse pub eph")
+	}
+
+	sharedSecret, _ := pubEph.ScalarMult(pubEph.X, pubEph.Y, k.key.D.Bytes())
+
+	iv := rawPubEph[len(rawPubEph)-aes.BlockSize:]
+
+	block, err := aes.NewCipher(sharedSecret.Bytes())
+	if err != nil {
+		return nil, err
+	}
+
+	plaintext := make([]byte, len(ciphertext))
+
+	mode := cipher.NewCBCDecrypter(block, iv)
+	mode.CryptBlocks(plaintext, ciphertext)
+
+	rawPrivKey := plaintext[0:32]
+	rawChainCode := plaintext[32:]
+
+	privKey, err := NewHDPrivateKeyFromBytes(rawPrivKey, rawChainCode, network)
+	if err != nil {
+		return nil, errors.Wrapf(err, "decrypting key: failed to parse key")
+	}
+
+	return &DecryptedPrivateKey{
+		privKey,
+		int(birthday),
+	}, nil
+}

vendor/github.com/muun/libwallet/challenge_public_key.go

@@ -0,0 +1,76 @@
+package libwallet
+
+import (
+	"bytes"
+	"crypto/aes"
+	"crypto/cipher"
+	"encoding/binary"
+
+	"github.com/btcsuite/btcd/btcec"
+	"github.com/btcsuite/btcutil/base58"
+	"github.com/pkg/errors"
+)
+
+type ChallengePublicKey struct {
+	pubKey *btcec.PublicKey
+}
+
+func NewChallengePublicKeyFromSerialized(serializedKey []byte) (*ChallengePublicKey, error) {
+
+	pubKey, err := btcec.ParsePubKey(serializedKey, btcec.S256())
+	if err != nil {
+		return nil, err
+	}
+
+	return &ChallengePublicKey{pubKey}, nil
+}
+
+func (k *ChallengePublicKey) EncryptKey(privKey *HDPrivateKey, recoveryCodeSalt []byte, birthday int) (string, error) {
+
+	const (
+		chainCodeStart = 13
+		chainCodeLength = 32
+		privKeyStart = 46
+		privKeyLength = 32
+	)
+
+	rawHDKey := base58.Decode(privKey.String())
+	plaintext := make([]byte, 0)
+	plaintext = append(plaintext, rawHDKey[privKeyStart:privKeyStart+privKeyLength]...)
+	plaintext = append(plaintext, rawHDKey[chainCodeStart:chainCodeStart+chainCodeLength]...)
+	if len(plaintext) != 64 {
+		return "", errors.Errorf("failed to encrypt key: expected payload of 64 bytes, found %v", len(plaintext))
+	}
+
+	privEph, err := btcec.NewPrivateKey(btcec.S256())
+	if err != nil {
+		return "", errors.Wrapf(err, "failed to encrypt key")
+	}
+
+	sharedSecret, _ := k.pubKey.ScalarMult(k.pubKey.X, k.pubKey.Y, privEph.D.Bytes())
+	serializedPubkey := privEph.PubKey().SerializeCompressed()
+	iv := serializedPubkey[len(serializedPubkey)-aes.BlockSize:]
+
+	block, err := aes.NewCipher(sharedSecret.Bytes())
+	if err != nil {
+		return "", err
+	}
+
+	ciphertext := make([]byte, len(plaintext))
+
+	mode := cipher.NewCBCEncrypter(block, iv)
+	mode.CryptBlocks(ciphertext, plaintext)
+
+	birthdayBytes := make([]byte, 2)
+	binary.BigEndian.PutUint16(birthdayBytes, uint16(birthday))
+
+	result := make([]byte, 0, 1+2+33+len(ciphertext)+len(recoveryCodeSalt))
+	buf := bytes.NewBuffer(result)
+	buf.WriteByte(2)
+	buf.Write(birthdayBytes)
+	buf.Write(privEph.PubKey().SerializeCompressed())
+	buf.Write(ciphertext)
+	buf.Write(recoveryCodeSalt)
+
+	return base58.Encode(buf.Bytes()), nil
+}

vendor/github.com/muun/libwallet/derivationpath.go

@@ -0,0 +1,79 @@
+package libwallet
+
+import (
+	"strconv"
+	"strings"
+
+	"github.com/pkg/errors"
+)
+
+type derivationIndex struct {
+	i        uint32
+	hardened bool
+	name     string
+}
+
+type derivationPath struct {
+	indexes []derivationIndex
+}
+
+const (
+	hardenedSymbol = "'"
+)
+
+// parseDerivationPath parses BIP32 paths
+// The following paths are valid:
+//
+// "" (root key)
+// "m" (root key)
+// "/" (root key)
+// "m/0'" (hardened child #0 of the root key)
+// "/0'" (hardened child #0 of the root key)
+// "0'" (hardened child #0 of the root key)
+// "m/44'/1'/2'" (BIP44 testnet account #2)
+// "/44'/1'/2'" (BIP44 testnet account #2)
+// "44'/1'/2'" (BIP44 testnet account #2)
+// "m/schema:1'" (Muun schema path)
+//
+// The following paths are invalid:
+//
+// "m / 0 / 1" (contains spaces)
+// "m/b/c" (alphabetical characters instead of numerical indexes)
+// "m/1.2^3" (contains illegal characters)
+func parseDerivationPath(path string) (*derivationPath, error) {
+	if path == "m" || path == "/" || path == "" {
+		return &derivationPath{indexes: make([]derivationIndex, 0)}, nil
+	}
+
+	var indexes []derivationIndex
+	path = strings.TrimPrefix(path, "m")
+	path = strings.TrimPrefix(path, "/")
+
+	for _, chunk := range strings.Split(path, "/") {
+		hardened := false
+		indexText := chunk
+		if strings.HasSuffix(indexText, hardenedSymbol) {
+			hardened = true
+			indexText = strings.TrimSuffix(indexText, hardenedSymbol)
+		}
+
+		parts := strings.Split(indexText, ":")
+		if len(parts) > 2 {
+			return nil, errors.New("path is malformed: " + path)
+		}
+
+		var name string
+		if len(parts) == 2 {
+			name = parts[0]
+		}
+
+		index, err := strconv.ParseUint(parts[len(parts)-1], 10, 32)
+		if err != nil {
+			return nil, errors.New("path is malformed " + err.Error())
+		}
+
+		indexes = append(indexes, derivationIndex{i: uint32(index), hardened: hardened, name: name})
+	}
+
+	return &derivationPath{indexes: indexes}, nil
+}

vendor/github.com/muun/libwallet/go.mod

@@ -0,0 +1,12 @@
+module github.com/muun/libwallet
+
+go 1.12
+
+require (
+	github.com/btcsuite/btcd v0.0.0-20190824003749-130ea5bddde3
+	github.com/btcsuite/btcutil v0.0.0-20190425235716-9e5f4b9a998d
+	github.com/golang/protobuf v1.3.2
+	github.com/lightningnetwork/lnd v0.7.1-beta-rc2
+	github.com/pkg/errors v0.8.1
+	golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7
+)

vendor/github.com/muun/libwallet/go.sum

@@ -0,0 +1,191 @@
+cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+git.schwanenlied.me/yawning/bsaes.git v0.0.0-20180720073208-c0276d75487e/go.mod h1:BWqTsj8PgcPriQJGl7el20J/7TuT1d/hSyFDXMEpoEo=
+github.com/NebulousLabs/fastrand v0.0.0-20180208210444-3cf7173006a0/go.mod h1:Bdzq+51GR4/0DIhaICZEOm+OHvXGwwB2trKZ8B4Y6eQ=
+github.com/NebulousLabs/go-upnp v0.0.0-20180202185039-29b680b06c82/go.mod h1:GbuBk21JqF+driLX3XtJYNZjGa45YDoa9IqCTzNSfEc=
+github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
+github.com/Yawning/aez v0.0.0-20180114000226-4dad034d9db2/go.mod h1:9pIqrY6SXNL8vjRQE5Hd/OL5GyK/9MrGUWs87z/eFfk=
+github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da/go.mod h1:eHEWzANqSiWQsof+nXEI9bUVUyV6F53Fp89EuCh2EAA=
+github.com/aead/siphash v1.0.1/go.mod h1:Nywa3cDsYNNK3gaciGTWPwHt0wlpNV15vwmswBAUSII=
+github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
+github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
+github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
+github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
+github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx27Ps=
+github.com/btcsuite/btcd v0.0.0-20180823030728-d81d8877b8f3/go.mod h1:Dmm/EzmjnCiweXmzRIAiUWCInVmPgjkzgv5k4tVyXiQ=
+github.com/btcsuite/btcd v0.0.0-20181130015935-7d2daa5bfef2/go.mod h1:Jr9bmNVGZ7TH2Ux1QuP0ec+yGgh0gE9FIlkzQiI5bR0=
+github.com/btcsuite/btcd v0.0.0-20190213025234-306aecffea32/go.mod h1:DrZx5ec/dmnfpw9KyYoQyYo7d0KEvTkk/5M/vbZjAr8=
+github.com/btcsuite/btcd v0.0.0-20190523000118-16327141da8c/go.mod h1:3J08xEfcugPacsc34/LKRU2yO7YmuT8yt28J8k2+rrI=
+github.com/btcsuite/btcd v0.0.0-20190605094302-a0d1e3e36d50/go.mod h1:3J08xEfcugPacsc34/LKRU2yO7YmuT8yt28J8k2+rrI=
+github.com/btcsuite/btcd v0.0.0-20190629003639-c26ffa870fd8/go.mod h1:3J08xEfcugPacsc34/LKRU2yO7YmuT8yt28J8k2+rrI=
+github.com/btcsuite/btcd v0.0.0-20190824003749-130ea5bddde3 h1:A/EVblehb75cUgXA5njHPn0kLAsykn6mJGz7rnmW5W0=
+github.com/btcsuite/btcd v0.0.0-20190824003749-130ea5bddde3/go.mod h1:3J08xEfcugPacsc34/LKRU2yO7YmuT8yt28J8k2+rrI=
+github.com/btcsuite/btclog v0.0.0-20170628155309-84c8d2346e9f h1:bAs4lUbRJpnnkd9VhRV3jjAVU7DJVjMaK+IsvSeZvFo=
+github.com/btcsuite/btclog v0.0.0-20170628155309-84c8d2346e9f/go.mod h1:TdznJufoqS23FtqVCzL0ZqgP5MqXbb4fg/WgDys70nA=
+github.com/btcsuite/btcutil v0.0.0-20180706230648-ab6388e0c60a/go.mod h1:+5NJ2+qvTyV9exUAL/rxXi3DcLg2Ts+ymUAY5y4NvMg=
+github.com/btcsuite/btcutil v0.0.0-20190207003914-4c204d697803/go.mod h1:+5NJ2+qvTyV9exUAL/rxXi3DcLg2Ts+ymUAY5y4NvMg=
+github.com/btcsuite/btcutil v0.0.0-20190425235716-9e5f4b9a998d h1:yJzD/yFppdVCf6ApMkVy8cUxV0XrxdP9rVf6D87/Mng=
+github.com/btcsuite/btcutil v0.0.0-20190425235716-9e5f4b9a998d/go.mod h1:+5NJ2+qvTyV9exUAL/rxXi3DcLg2Ts+ymUAY5y4NvMg=
+github.com/btcsuite/btcwallet v0.0.0-20180904010540-284e2e0e696e33d5be388f7f3d9a26db703e0c06/go.mod h1:/d7QHZsfUAruXuBhyPITqoYOmJ+nq35qPsJjz/aSpCg=
+github.com/btcsuite/btcwallet v0.0.0-20190313032608-acf3b04b0273/go.mod h1:mkOYY8/psBiL5E+Wb0V7M0o+N7NXi2SZJz6+RKkncIc=
+github.com/btcsuite/btcwallet v0.0.0-20190319010515-89ab2044f962/go.mod h1:qMi4jGpAO6YRsd81RYDG7o5pBIGqN9faCioJdagLu64=
+github.com/btcsuite/btcwallet v0.0.0-20190712034938-7a3a3e82cbb6/go.mod h1:sXVxjjP5YeWqWsiQbQDXvAw6J6Qvr8swu7MONoNaF9k=
+github.com/btcsuite/fastsha256 v0.0.0-20160815193821-637e65642941/go.mod h1:QcFA8DZHtuIAdYKCq/BzELOaznRsCvwf4zTPmaYwaig=
+github.com/btcsuite/go-socks v0.0.0-20170105172521-4720035b7bfd/go.mod h1:HHNXQzUsZCxOoE+CPiyCTO6x34Zs86zZUiwtpXoGdtg=
+github.com/btcsuite/golangcrypto v0.0.0-20150304025918-53f62d9b43e8/go.mod h1:tYvUd8KLhm/oXvUeSEs2VlLghFjQt9+ZaF9ghH0JNjc=
+github.com/btcsuite/goleveldb v0.0.0-20160330041536-7834afc9e8cd/go.mod h1:F+uVaaLLH7j4eDXPRvw78tMflu7Ie2bzYOH4Y8rRKBY=
+github.com/btcsuite/goleveldb v1.0.0/go.mod h1:QiK9vBlgftBg6rWQIj6wFzbPfRjiykIEhBH4obrXJ/I=
+github.com/btcsuite/snappy-go v0.0.0-20151229074030-0bdef8d06723/go.mod h1:8woku9dyThutzjeg+3xrA5iCpBRH8XEEg3lh6TiUghc=
+github.com/btcsuite/snappy-go v1.0.0/go.mod h1:8woku9dyThutzjeg+3xrA5iCpBRH8XEEg3lh6TiUghc=
+github.com/btcsuite/websocket v0.0.0-20150119174127-31079b680792/go.mod h1:ghJtEyQwv5/p4Mg4C0fgbePVuGr935/5ddU9Z3TmDRY=
+github.com/btcsuite/winsvc v1.0.0/go.mod h1:jsenWakMcC0zFBFurPLEAyrnc/teJEM1O46fmI40EZs=
+github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
+github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
+github.com/coreos/bbolt v0.0.0-20180223184059-7ee3ded59d4835e10f3e7d0f7603c42aa5e83820/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
+github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
+github.com/davecgh/go-spew v0.0.0-20171005155431-ecdeabc65495/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
+github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
+github.com/go-errors/errors v1.0.1 h1:LUHzmkK3GUKUrL/1gfBUxAHzcev3apQlezX/+O7ma6w=
+github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=
+github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
+github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
+github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
+github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
+github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
+github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
+github.com/golang/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:tluoj9z5200jBnyusfRPU2LqT6J+DAorxEvtC7LHB+E=
+github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/protobuf v0.0.0-20180821051752-b27b920f9e71/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs=
+github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
+github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
+github.com/grpc-ecosystem/grpc-gateway v0.0.0-20170724004829-f2862b476edc/go.mod h1:RSKVYQBd5MCa4OVpNdGskqpgL2+G+NZTnrVHpWWfpdw=
+github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
+github.com/jackpal/gateway v1.0.5/go.mod h1:lTpwd4ACLXmpyiCTRtfiNyVnUmqT9RivzCDQetPfnjA=
+github.com/jackpal/go-nat-pmp v0.0.0-20170405195558-28a68d0c24ad/go.mod h1:QPH045xvCAeXUZOxsnwmrtiCoxIr9eob+4orBN1SBKc=
+github.com/jessevdk/go-flags v0.0.0-20141203071132-1679536dcc89/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
+github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
+github.com/jrick/logrotate v1.0.0/go.mod h1:LNinyqDIJnpAur+b8yyulnQw/wDuN1+BYKlTRt3OuAQ=
+github.com/juju/clock v0.0.0-20180808021310-bab88fc67299/go.mod h1:nD0vlnrUjcjJhqN5WuCWZyzfd5AHZAC9/ajvbSx69xA=
+github.com/juju/errors v0.0.0-20181118221551-089d3ea4e4d5/go.mod h1:W54LbzXuIE0boCoNJfwqpmkKJ1O4TCTZMetAt6jGk7Q=
+github.com/juju/loggo v0.0.0-20180524022052-584905176618/go.mod h1:vgyd7OREkbtVEN/8IXZe5Ooef3LQePvuBm9UWj6ZL8U=
+github.com/juju/retry v0.0.0-20180821225755-9058e192b216/go.mod h1:OohPQGsr4pnxwD5YljhQ+TZnuVRYpa5irjugL1Yuif4=
+github.com/juju/testing v0.0.0-20180920084828-472a3e8b2073/go.mod h1:63prj8cnj0tU0S9OHjGJn+b1h0ZghCndfnbQolrYTwA=
+github.com/juju/utils v0.0.0-20180820210520-bf9cc5bdd62d/go.mod h1:6/KLg8Wz/y2KVGWEpkK9vMNGkOnu4k/cqs8Z1fKjTOk=
+github.com/juju/version v0.0.0-20180108022336-b64dbd566305/go.mod h1:kE8gK5X0CImdr7qpSKl3xB2PmpySSmfj7zVbkZFs81U=
+github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
+github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/kkdai/bstream v0.0.0-20161212061736-f391b8402d23/go.mod h1:J+Gs4SYgM6CZQHDETBtE9HaSEkGmuNXF86RwHhHUvq4=
+github.com/kkdai/bstream v0.0.0-20181106074824-b3251f7901ec/go.mod h1:J+Gs4SYgM6CZQHDETBtE9HaSEkGmuNXF86RwHhHUvq4=
+github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/lightninglabs/gozmq v0.0.0-20180324010646-462a8a753885/go.mod h1:KUh15naRlx/TmUMFS/p4JJrCrE6F7RGF7rsnvuu45E4=
+github.com/lightninglabs/gozmq v0.0.0-20190710231225-cea2a031735d/go.mod h1:vxmQPeIQxPf6Jf9rM8R+B4rKBqLA2AjttNxkFBL2Plk=
+github.com/lightninglabs/neutrino v0.0.0-20181017011010-4d6069299130/go.mod h1:KJq43Fu9ceitbJsSXMILcT4mGDNI/crKmPIkDOZXFyM=
+github.com/lightninglabs/neutrino v0.0.0-20190213031021-ae4583a89cfb/go.mod h1:g6cMQd+hfAU8pQTJAdjm6/EQREhupyd22f+CL0qYFOE=
+github.com/lightninglabs/neutrino v0.0.0-20190313035638-e1ad4c33fb18/go.mod h1:v6tz6jbuAubTrRpX8ke2KH9sJxml8KlPQTKgo9mAp1Q=
+github.com/lightninglabs/neutrino v0.0.0-20190725230401-ddf667a8b5c4/go.mod h1:vzLU75ll8qbRJIzW5dvK/UXtR9c2FecJ6VNOM8chyVM=
+github.com/lightningnetwork/lightning-onion v0.0.0-20190703000913-ecc936dc56c9/go.mod h1:Sooe/CoCqa85JxqHV+IBR2HW+6t2Cv+36awSmoccswM=
+github.com/lightningnetwork/lnd v0.7.1-beta-rc2 h1:N0AuHo4wI6TogabvOfpwg1LkR3RxGCvqYq0Wb7GL+ck=
+github.com/lightningnetwork/lnd v0.7.1-beta-rc2/go.mod h1:ODASBFcJwVlb4aqO3m090whpP2kfA9zEvmG/pj+fOfg=
+github.com/lightningnetwork/lnd/queue v1.0.1/go.mod h1:vaQwexir73flPW43Mrm7JOgJHmcEFBWWSl9HlyASoms=
+github.com/lightningnetwork/lnd/ticker v1.0.0/go.mod h1:iaLXJiVgI1sPANIF2qYYUJXjoksPNvGNYowB8aRbpX0=
+github.com/ltcsuite/ltcd v0.0.0-20190101042124-f37f8bf35796 h1:sjOGyegMIhvgfq5oaue6Td+hxZuf3tDC8lAPrFldqFw=
+github.com/ltcsuite/ltcd v0.0.0-20190101042124-f37f8bf35796/go.mod h1:3p7ZTf9V1sNPI5H8P3NkTFF4LuwMdPl2DodF60qAKqY=
+github.com/ltcsuite/ltcutil v0.0.0-20181217130922-17f3b04680b6/go.mod h1:8Vg/LTOO0KYa/vlHWJ6XZAevPQThGH5sufO0Hrou/lA=
+github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
+github.com/miekg/dns v0.0.0-20171125082028-79bfde677fa8 h1:PRMAcldsl4mXKJeRNB/KVNz6TlbS6hk2Rs42PqgU3Ws=
+github.com/miekg/dns v0.0.0-20171125082028-79bfde677fa8/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
+github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
+github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
+github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
+github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
+github.com/onsi/gomega v1.4.1/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
+github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
+github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I=
+github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
+github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
+github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
+github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
+github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
+github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
+github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
+github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
+github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
+github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
+github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
+github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/tv42/zbase32 v0.0.0-20160707012821-501572607d02/go.mod h1:tHlrkM198S068ZqfrO6S8HsoJq2bF3ETfTL+kt4tInY=
+github.com/urfave/cli v1.18.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
+go.etcd.io/bbolt v1.3.0/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
+go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
+go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
+golang.org/x/crypto v0.0.0-20170930174604-9419663f5a44/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20190103213133-ff983b9c42bc/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20190211182817-74369b46fc67/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7 h1:0hQKqeLdqlt5iIwVOBErRisrHJAN57yOiPRQItI20fU=
+golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/net v0.0.0-20180719180050-a680a1efc54d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180821023952-922f4815f713/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181106065722-10aee1819953/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190206173232-65e2d4e15006/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3 h1:0GoQqolDA55aaLxZyTzK/Y2ePZzZTUrRacwib7cNsYQ=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20180821140842-3b58ed4ad339/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190102155601-82a175fd1598/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190209173611-3b5209105503/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
+google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+google.golang.org/genproto v0.0.0-20190201180003-4b09977fb922/go.mod h1:L3J43x8/uS+qIUoksaLKe6OS3nUKxOKuIFz1sl2/jx4=
+google.golang.org/grpc v1.12.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
+google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio=
+google.golang.org/grpc v1.18.0 h1:IZl7mfBGfbhYx2p2rKRtYgDFw6SBz+kclmxYrCksPPA=
+google.golang.org/grpc v1.18.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs=
+gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/errgo.v1 v1.0.0/go.mod h1:CxwszS/Xz1C49Ucd2i6Zil5UToP1EmyrFhKaMVbg1mk=
+gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
+gopkg.in/macaroon-bakery.v2 v2.0.1/go.mod h1:B4/T17l+ZWGwxFSZQmlBwp25x+og7OkhETfr3S9MbIA=
+gopkg.in/macaroon.v2 v2.0.0/go.mod h1:+I6LnTMkm/uV5ew/0nsulNjL16SK4+C8yDmRUzHR17I=
+gopkg.in/mgo.v2 v2.0.0-20180705113604-9856a29383ce/go.mod h1:yeKp02qBN3iKW1OzL3MGk2IdtZzaj7SFntXj72NppTA=
+gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
+gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=

vendor/github.com/muun/libwallet/hdkeycommon.go

@@ -0,0 +1,29 @@
+package libwallet
+
+import (
+	"github.com/pkg/errors"
+
+	"github.com/btcsuite/btcd/chaincfg"
+	"github.com/btcsuite/btcutil/hdkeychain"
+)
+
+func keyFromString(str string) (*hdkeychain.ExtendedKey, *Network, error) {
+
+	key, err := hdkeychain.NewKeyFromString(str)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var params *chaincfg.Params
+	if key.IsForNet(&chaincfg.MainNetParams) {
+		params = &chaincfg.MainNetParams
+	} else if key.IsForNet(&chaincfg.TestNet3Params) {
+		params = &chaincfg.TestNet3Params
+	} else if key.IsForNet(&chaincfg.RegressionNetParams) {
+		params = &chaincfg.RegressionNetParams
+	} else {
+		return nil, nil, errors.New("this key is for an unknown network")
+	}
+
+	return key, newNetwork(params), nil
+}

vendor/github.com/muun/libwallet/hdprivatekey.go

@@ -0,0 +1,136 @@
+package libwallet
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/pkg/errors"
+
+	"github.com/btcsuite/btcutil/hdkeychain"
+)
+
+// HDPrivateKey is an HD capable priv key
+type HDPrivateKey struct {
+	key     hdkeychain.ExtendedKey
+	Network *Network
+	Path    string
+}
+
+// NewHDPrivateKey builds an HD priv key from a seed for a given network
+func NewHDPrivateKey(seed []byte, network *Network) (*HDPrivateKey, error) {
+
+	key, err := hdkeychain.NewMaster(seed, network.network)
+	if err != nil {
+		return nil, err
+	}
+
+	return &HDPrivateKey{key: *key, Network: network, Path: "m"}, nil
+}
+
+// NewHDPrivateKey builds an HD priv key from the compress priv and chain code for a given network
+func NewHDPrivateKeyFromBytes(rawKey, chainCode []byte, network *Network) (*HDPrivateKey, error) {
+
+	parentFP := []byte{0, 0, 0, 0}
+	key := hdkeychain.NewExtendedKey(network.network.HDPrivateKeyID[:],
+		rawKey, chainCode, parentFP, 0, 0, true)
+
+	return &HDPrivateKey{key: *key, Network: network, Path: "m"}, nil
+}
+
+// NewHDPrivateKeyFromString creates an HD priv key from a base58-encoded string
+// If the parsed key is public, it returns an error
+func NewHDPrivateKeyFromString(str, path string) (*HDPrivateKey, error) {
+
+	key, network, err := keyFromString(str)
+	if err != nil {
+		return nil, err
+	}
+
+	if !key.IsPrivate() {
+		return nil, errors.New("encoded key was not a private key")
+	}
+
+	return &HDPrivateKey{key: *key, Network: network, Path: path}, nil
+}
+
+// PublicKey returns the matching pub key
+func (p *HDPrivateKey) PublicKey() *HDPublicKey {
+
+	key, err := p.key.Neuter()
+	if err != nil {
+		panic("original key was invalid")
+	}
+
+	return &HDPublicKey{key: *key, Network: p.Network, Path: p.Path}
+}
+
+// String return the key base58-encoded
+func (p *HDPrivateKey) String() string {
+	return p.key.String()
+}
+
+// DerivedAt derives a new child priv key, which may be hardened
+// index should be uint32 but for java compat we use int64
+func (p *HDPrivateKey) DerivedAt(index int64, hardened bool) (*HDPrivateKey, error) {
+
+	path := fmt.Sprintf("%v/%v", p.Path, index)
+
+	var modifier uint32
+	if hardened {
+		modifier = hdkeychain.HardenedKeyStart
+		path = path + hardenedSymbol
+	}
+
+	child, err := p.key.Child(uint32(index) | modifier)
+	if err != nil {
+		return nil, err
+	}
+
+	return &HDPrivateKey{key: *child, Network: p.Network, Path: path}, nil
+}
+
+func (p *HDPrivateKey) DeriveTo(path string) (*HDPrivateKey, error) {
+
+	if !strings.HasPrefix(path, p.Path) {
+		return nil, errors.Errorf("derivation path %v is not prefix of the keys path %v", path, p.Path)
+	}
+
+	firstPath, err := parseDerivationPath(p.Path)
+	if err != nil {
+		return nil, errors.Wrapf(err, "couldn't parse derivation path %v", p.Path)
+	}
+
+	secondPath, err := parseDerivationPath(path)
+	if err != nil {
+		return nil, errors.Wrapf(err, "couldn't parse derivation path %v", path)
+	}
+
+	indexes := secondPath.indexes[len(firstPath.indexes):]
+	derivedKey := p
+	for depth, index := range indexes {
+		derivedKey, err = derivedKey.DerivedAt(int64(index.i), index.hardened)
+		if err != nil {
+			return nil, errors.Wrapf(err, "failed to derive key at path %v on depth %v", path, depth)
+		}
+	}
+	// The generated path has no names in it, so replace it
+	derivedKey.Path = path
+
+	return derivedKey, nil
+}
+
+// Sign a payload using the backing EC key
+func (p *HDPrivateKey) Sign(data []byte) ([]byte, error) {
+
+	signingKey, err := p.key.ECPrivKey()
+	if err != nil {
+		return nil, err
+	}
+
+	sig, err := signingKey.Sign(data)
+	if err != nil {
+		return nil, err
+	}
+
+	return sig.Serialize(), nil
+}

vendor/github.com/muun/libwallet/hdpublickey.go

@@ -0,0 +1,96 @@
+package libwallet
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/pkg/errors"
+
+	"github.com/btcsuite/btcutil/hdkeychain"
+)
+
+// HDPublicKey is an HD capable pub key
+type HDPublicKey struct {
+	key     hdkeychain.ExtendedKey
+	Network *Network
+	Path    string
+}
+
+// NewHDPublicKeyFromString creates an HD pub key from a base58-encoded string
+// If the parsed key is private, it returns an error
+func NewHDPublicKeyFromString(str, path string) (*HDPublicKey, error) {
+
+	key, network, err := keyFromString(str)
+	if err != nil {
+		return nil, err
+	}
+
+	if key.IsPrivate() {
+		return nil, errors.New("encoded key was not a public key")
+	}
+
+	return &HDPublicKey{key: *key, Network: network, Path: path}, nil
+}
+
+// String return the key base58-encoded
+func (p *HDPublicKey) String() string {
+	return p.key.String()
+}
+
+// DerivedAt derives a new child pub key
+// index should be uint32 but for java compat we use int64
+func (p *HDPublicKey) DerivedAt(index int64) (*HDPublicKey, error) {
+
+	child, err := p.key.Child(uint32(index))
+	if err != nil {
+		return nil, err
+	}
+
+	path := fmt.Sprintf("%v/%v", p.Path, index)
+	return &HDPublicKey{key: *child, Network: p.Network, Path: path}, nil
+}
+
+func (p *HDPublicKey) DeriveTo(path string) (*HDPublicKey, error) {
+
+	if !strings.HasPrefix(path, p.Path) {
+		return nil, errors.Errorf("derivation path %v is not prefix of the keys path %v", path, p.Path)
+	}
+
+	firstPath, err := parseDerivationPath(p.Path)
+	if err != nil {
+		return nil, errors.Wrapf(err, "couldn't parse derivation path %v", p.Path)
+	}
+
+	secondPath, err := parseDerivationPath(path)
+	if err != nil {
+		return nil, errors.Wrapf(err, "couldn't parse derivation path %v", path)
+	}
+
+	indexes := secondPath.indexes[len(firstPath.indexes):]
+	derivedKey := p
+	for depth, index := range indexes {
+		if index.hardened {
+			return nil, errors.Errorf("can't derive a hardened pub key (path %v)", path)
+		}
+
+		derivedKey, err = derivedKey.DerivedAt(int64(index.i))
+		if err != nil {
+			return nil, errors.Wrapf(err, "failed to derive key at path %v on depth %v", path, depth)
+		}
+	}
+	// The generated path has no names in it, so replace it
+	derivedKey.Path = path
+
+	return derivedKey, nil
+}
+
+// Raw returns the backing EC compressed raw key
+func (p *HDPublicKey) Raw() []byte {
+
+	key, err := p.key.ECPubKey()
+	if err != nil {
+		panic("failed to extract pub key")
+	}
+
+	return key.SerializeCompressed()
+}

vendor/github.com/muun/libwallet/invoice.go

@@ -0,0 +1,67 @@
+package libwallet
+
+import (
+	fmt "fmt"
+	"strings"
+
+	"github.com/lightningnetwork/lnd/zpay32"
+	"github.com/pkg/errors"
+)
+
+// Invoice is muun's invoice struct
+type Invoice struct {
+	RawInvoice      string
+	FallbackAddress *MuunPaymentURI
+	Network         *Network
+	MilliSat        string
+	Destination     []byte
+	PaymentHash     [32]byte
+	Expiry          int64
+	Description     string
+}
+
+const lightningScheme = "lightning:"
+
+// ParseInvoice parses an Invoice from an invoice string and a network
+func ParseInvoice(invoice string, network *Network) (*Invoice, error) {
+
+	if strings.HasPrefix(strings.ToLower(invoice), lightningScheme) {
+		// Remove lightning scheme from rawInvoice
+		invoice = invoice[len(lightningScheme):len(invoice)]
+	}
+
+	parsedInvoice, err := zpay32.Decode(invoice, network.network)
+	if err != nil {
+		return nil, errors.Wrapf(err, "Couldnt parse invoice")
+	}
+
+	var fallbackAdd *MuunPaymentURI
+
+	if parsedInvoice.FallbackAddr != nil {
+		fallbackAdd, err = GetPaymentURI(parsedInvoice.FallbackAddr.String(), network)
+		if err != nil {
+			return nil, errors.Wrapf(err, "Couldnt get address")
+		}
+	}
+
+	var description string
+	if parsedInvoice.Description != nil {
+		description = *parsedInvoice.Description
+	}
+
+	var milliSats string
+	if parsedInvoice.MilliSat != nil {
+		milliSats = fmt.Sprintf("%v", uint64(*parsedInvoice.MilliSat))
+	}
+
+	return &Invoice{
+		RawInvoice:      invoice,
+		FallbackAddress: fallbackAdd,
+		Network:         network,
+		MilliSat:        milliSats,
+		Destination:     parsedInvoice.Destination.SerializeCompressed(),
+		PaymentHash:     *parsedInvoice.PaymentHash,
+		Expiry:          parsedInvoice.Timestamp.Unix() + int64(parsedInvoice.Expiry().Seconds()),
+		Description:     description,
+	}, nil
+}

vendor/github.com/muun/libwallet/keycrypter.go

@@ -0,0 +1,168 @@
+package libwallet
+
+import (
+	"strconv"
+	"strings"
+	"unicode/utf16"
+
+	"github.com/pkg/errors"
+
+	"crypto/rand"
+	"encoding/hex"
+)
+
+const (
+	ivLength   = 16
+	saltLength = 8
+
+	scryptIterations            = 512
+	scryptBlockSize             = 8
+	scryptParallelizationFactor = 1
+
+	seperator = ":"
+)
+
+type DecryptedKey struct {
+	Key  *HDPrivateKey
+	Path string
+}
+
+// KeyEncrypt encrypts an HD priv key using a user-provided secret into a string
+// We use SCrypt256 for key derivation and AES-CBC-PKCS7 for encryption.
+// The returned string has information about version, derivation path, scrypt and AES parameters.
+func KeyEncrypt(key *HDPrivateKey, passphrase string) (string, error) {
+
+	privateKeyBytes := []byte(key.String())
+	iv := randomBytes(ivLength)
+	salt := randomBytes(saltLength)
+
+	inputSecret := scrypt256(stringToBytes(passphrase),
+		salt,
+		scryptIterations,
+		scryptBlockSize,
+		scryptParallelizationFactor)
+
+	encrypted, err := encrypt(inputSecret, iv, privateKeyBytes)
+	if err != nil {
+		return "", err
+	}
+
+	derivationPathBytes := []byte(key.Path)
+
+	elements := []string{
+		"v1",
+		strconv.Itoa(scryptIterations),
+		strconv.Itoa(scryptParallelizationFactor),
+		strconv.Itoa(scryptBlockSize),
+		hex.EncodeToString(salt),
+		hex.EncodeToString(iv),
+		hex.EncodeToString(encrypted),
+		hex.EncodeToString(derivationPathBytes),
+	}
+
+	return strings.Join(elements, seperator), nil
+}
+
+// KeyDecrypt decrypts a key encrypted with KeyEncrypt
+func KeyDecrypt(value, passphrase string) (*DecryptedKey, error) {
+
+	elements := strings.Split(value, seperator)
+
+	if len(elements) != 8 {
+		return nil, errors.New("KeyCrypter: invalid format")
+	}
+
+	version := elements[0]
+	iterations, err := strconv.Atoi(elements[1])
+	if err != nil {
+		return nil, errors.New("KeyCrypter: invalid iterations: " + err.Error())
+	}
+
+	parallelizationFactor, err := strconv.Atoi(elements[2])
+	if err != nil {
+		return nil, errors.New("KeyCrypter: invalid p: " + err.Error())
+	}
+
+	blockSize, err := strconv.Atoi(elements[3])
+	if err != nil {
+		return nil, errors.New("KeyCrypter: invalid blocksize: " + err.Error())
+	}
+
+	salt, err := hex.DecodeString(elements[4])
+	if err != nil {
+		return nil, errors.New("KeyCrypter: invalid salt: " + err.Error())
+	}
+
+	iv, err := hex.DecodeString(elements[5])
+	if err != nil {
+		return nil, errors.New("KeyCrypter: invalid iv: " + err.Error())
+	}
+
+	payload, err := hex.DecodeString(elements[6])
+	if err != nil {
+		return nil, errors.New("KeyCrypter: invalid payload: " + err.Error())
+	}
+
+	pathBytes, err := hex.DecodeString(elements[7])
+	if err != nil {
+		return nil, errors.New("KeyCrypter: invalid path: " + err.Error())
+	}
+
+	if version != "v1" {
+		return nil, errors.New("KeyCrypter: invalid version " + version)
+	}
+
+	inputSecret := scrypt256(stringToBytes(passphrase),
+		salt,
+		iterations,
+		blockSize,
+		parallelizationFactor)
+
+	decryptedBytes, err := decrypt(inputSecret, iv, payload)
+	if err != nil {
+		return nil, errors.New("KeyCrypter: failed to decrypt pk: " + err.Error())
+	}
+
+	encodedPrivateKey := string(decryptedBytes[:])
+	path := string(pathBytes[:])
+
+	privateKey, err := NewHDPrivateKeyFromString(encodedPrivateKey, path)
+	if err != nil {
+		return nil, errors.New("KeyCrypter: failed to decode pk: " + err.Error())
+	}
+
+	return &DecryptedKey{Key: privateKey, Path: path}, nil
+}
+
+func randomBytes(count int) []byte {
+	buf := make([]byte, count)
+	_, err := rand.Read(buf)
+	if err != nil {
+		panic("couldn't read random bytes")
+	}
+
+	return buf
+}
+
+func stringToBytes(str string) []byte {
+
+	// You might wonder why this code exists....
+	// Turns out that the scrypt implementation used in android is hardwired
+	// to use strings as UTF16 (which is Java's native format). So we need to
+	// use the same exact byte array encoding.
+
+	// There seems no way to convert a strint to code points directly
+	// for range iterates strings in a rune basis, so we do that
+	var runes []rune
+	for _, rune := range str {
+		runes = append(runes, rune)
+	}
+
+	result := make([]byte, 0)
+	for _, char := range utf16.Encode(runes) {
+		result = append(result, byte((char&0xFF00)>>8))
+		result = append(result, byte(char&0x00FF))
+	}
+
+	return result
+}

vendor/github.com/muun/libwallet/network.go

@@ -0,0 +1,34 @@
+package libwallet
+
+import (
+	"github.com/btcsuite/btcd/chaincfg"
+)
+
+// Network has the parameters for operating in a given Bitcoin network
+type Network struct {
+	network *chaincfg.Params
+}
+
+func newNetwork(params *chaincfg.Params) *Network {
+	return &Network{network: params}
+}
+
+// Mainnet returns an instance of the Bitcoin Main Network
+func Mainnet() *Network {
+	return &Network{network: &chaincfg.MainNetParams}
+}
+
+// Testnet returns an instance of the Bitcoin Test Network
+func Testnet() *Network {
+	return &Network{network: &chaincfg.TestNet3Params}
+}
+
+// Regtest returns an instance of the Bitcoin Regression Network
+func Regtest() *Network {
+	return &Network{network: &chaincfg.RegressionNetParams}
+}
+
+// Name returns the Network's name
+func (n *Network) Name() string {
+	return n.network.Name
+}

vendor/github.com/muun/libwallet/partiallysignedtransaction.go

@@ -0,0 +1,149 @@
+package libwallet
+
+import (
+	"bytes"
+	"encoding/hex"
+
+	"github.com/btcsuite/btcd/wire"
+	"github.com/pkg/errors"
+)
+
+type MuunAddress interface {
+	Version() int
+	DerivationPath() string
+	Address() string
+}
+
+// TODO: Change name
+type RedeemableAddress interface {
+	RedeemScript() []byte
+}
+
+type Outpoint interface {
+	TxId() []byte
+	Index() int
+	Amount() int64
+}
+
+type InputSubmarineSwap interface {
+	RefundAddress() string
+	PaymentHash256() []byte
+	ServerPublicKey() []byte
+	LockTime() int64
+}
+
+type Input interface {
+	OutPoint() Outpoint
+	Address() MuunAddress
+	UserSignature() []byte
+	MuunSignature() []byte
+	SubmarineSwap() InputSubmarineSwap
+}
+
+type PartiallySignedTransaction struct {
+	tx     *wire.MsgTx
+	inputs []Input
+}
+
+type Transaction struct {
+	Hash  string
+	Bytes []byte
+}
+
+func NewPartiallySignedTransaction(hexTx string) (*PartiallySignedTransaction, error) {
+
+	rawTx, err := hex.DecodeString(hexTx)
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed to decode hex tx")
+	}
+
+	tx := wire.NewMsgTx(0)
+	err = tx.BtcDecode(bytes.NewBuffer(rawTx), 0, wire.WitnessEncoding)
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed to decode tx")
+	}
+
+	return &PartiallySignedTransaction{tx: tx, inputs: []Input{}}, nil
+}
+
+func (p *PartiallySignedTransaction) AddInput(input Input) {
+	p.inputs = append(p.inputs, input)
+}
+
+func (p *PartiallySignedTransaction) Sign(key *HDPrivateKey, muunKey *HDPublicKey) (*Transaction, error) {
+
+	for i, input := range p.inputs {
+
+		derivedKey, err := key.DeriveTo(input.Address().DerivationPath())
+		if err != nil {
+			return nil, errors.Wrapf(err, "failed to derive user key")
+		}
+
+		derivedMuunKey, err := muunKey.DeriveTo(input.Address().DerivationPath())
+		if err != nil {
+			return nil, errors.Wrapf(err, "failed to derive muun key")
+		}
+
+		var txIn *wire.TxIn
+
+		switch AddressVersion(input.Address().Version()) {
+		case addressV1:
+			txIn, err = addUserSignatureInputV1(input, i, p.tx, derivedKey)
+		case addressV2:
+			txIn, err = addUserSignatureInputV2(input, i, p.tx, derivedKey, derivedMuunKey)
+		case addressV3:
+			txIn, err = addUserSignatureInputV3(input, i, p.tx, derivedKey, derivedMuunKey)
+		case addressSubmarineSwap:
+			txIn, err = addUserSignatureInputSubmarineSwap(input, i, p.tx, derivedKey, derivedMuunKey)
+		default:
+			return nil, errors.Errorf("cant sign transaction of version %v", input.Address().Version())
+		}
+
+		if err != nil {
+			return nil, errors.Wrapf(err, "failed to sign input using version %v", input.Address().Version())
+		}
+
+		p.tx.TxIn[i] = txIn
+	}
+
+	var writer bytes.Buffer
+	err := p.tx.BtcEncode(&writer, 0, wire.WitnessEncoding)
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed to encode tx")
+	}
+
+	return &Transaction{
+		Hash:  p.tx.TxHash().String(),
+		Bytes: writer.Bytes(),
+	}, nil
+
+}
+
+func (p *PartiallySignedTransaction) MuunSignatureForInput(index int, userKey *HDPublicKey,
+	muunKey *HDPrivateKey) ([]byte, error) {
+
+	input := p.inputs[index]
+
+	derivedUserKey, err := userKey.DeriveTo(input.Address().DerivationPath())
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed to derive user key")
+	}
+
+	derivedMuunKey, err := muunKey.DeriveTo(input.Address().DerivationPath())
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed to derive muun key")
+	}
+
+	switch AddressVersion(input.Address().Version()) {
+	case addressV1:
+		return []byte{}, nil
+	case addressV2:
+		return signInputV2(input, index, p.tx, derivedUserKey, derivedMuunKey.PublicKey(), derivedMuunKey)
+	case addressV3:
+		return signInputV3(input, index, p.tx, derivedUserKey, derivedMuunKey.PublicKey(), derivedMuunKey)
+	case addressSubmarineSwap:
+		return nil, errors.New("cant sign arbitrary submarine swap inputs")
+	}
+
+	return nil, errors.New("unknown address scheme")
+}

vendor/github.com/muun/libwallet/ripemd160.go

@@ -0,0 +1,15 @@
+package libwallet
+
+import (
+	hash "golang.org/x/crypto/ripemd160"
+)
+
+func ripemd160(data []byte) []byte {
+	hasher := hash.New()
+	_, err := hasher.Write(data)
+	if err != nil {
+		panic("failed to hash")
+	}
+
+	return hasher.Sum([]byte{})
+}

vendor/github.com/muun/libwallet/scrypt.go

@@ -0,0 +1,27 @@
+package libwallet
+
+import (
+	"golang.org/x/crypto/scrypt"
+)
+
+const (
+	iterations            = 512
+	blockSize             = 8
+	parallelizationFactor = 1
+	outputLength          = 32
+)
+
+func Scrypt256(data, salt []byte) []byte {
+	return scrypt256(data, salt, iterations, blockSize, parallelizationFactor)
+}
+
+func scrypt256(data, salt []byte, iterations, blockSize, parallelizationFactor int) []byte {
+
+	key, err := scrypt.Key(data, salt, iterations, blockSize, parallelizationFactor, outputLength)
+
+	if err != nil {
+		panic("scrypt parameters are bad")
+	}
+
+	return key
+}

vendor/github.com/muun/libwallet/segwit.go

@@ -0,0 +1,46 @@
+package libwallet
+
+import (
+	"crypto/sha256"
+
+	"github.com/btcsuite/btcd/txscript"
+	"github.com/btcsuite/btcd/wire"
+	"github.com/pkg/errors"
+)
+
+func createNonNativeSegwitRedeemScript(witnessScript []byte) ([]byte, error) {
+	witnessScriptHash := sha256.Sum256(witnessScript)
+
+	builder := txscript.NewScriptBuilder()
+	builder.AddInt64(0)
+	builder.AddData(witnessScriptHash[:])
+
+	return builder.Script()
+}
+
+func signNonNativeSegwitInput(input Input, index int, tx *wire.MsgTx, privateKey *HDPrivateKey,
+	redeemScript, witnessScript []byte) ([]byte, error) {
+
+	txInput := tx.TxIn[index]
+
+	builder := txscript.NewScriptBuilder()
+	builder.AddData(redeemScript)
+	script, err := builder.Script()
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed to generate signing script")
+	}
+	txInput.SignatureScript = script
+
+	privKey, err := privateKey.key.ECPrivKey()
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed to produce EC priv key for signing")
+	}
+
+	sigHashes := txscript.NewTxSigHashes(tx)
+	sig, err := txscript.RawTxInWitnessSignature(tx, sigHashes, index, input.OutPoint().Amount(), witnessScript, txscript.SigHashAll, privKey)
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed to sign V3 input")
+	}
+
+	return sig, nil
+}

vendor/github.com/muun/libwallet/submarineSwap.go

@@ -0,0 +1,215 @@
+package libwallet
+
+import (
+	"bytes"
+	"crypto/sha256"
+	"encoding/hex"
+
+	"github.com/btcsuite/btcd/txscript"
+	"github.com/btcsuite/btcd/wire"
+	"github.com/btcsuite/btcutil"
+	"github.com/pkg/errors"
+)
+
+type SubmarineSwap interface {
+	SwapUuid() string
+	Invoice() string
+	Receiver() SubmarineSwapReceiver
+	FundingOutput() SubmarineSwapFundingOutput
+
+	PreimageInHex() string
+}
+
+type SubmarineSwapReceiver interface {
+	Alias() string
+	PublicKey() string
+}
+
+type SubmarineSwapFundingOutput interface {
+	OutputAddress() string
+	OutputAmount() int64
+	ConfirmationsNeeded() int
+	UserLockTime() int64
+	UserRefundAddress() MuunAddress
+	ServerPaymentHashInHex() string
+	ServerPublicKeyInHex() string
+}
+
+func CreateAddressSubmarineSwap(publicKey *HDPublicKey) (MuunAddress, error) {
+	pubkey, err := btcutil.NewAddressPubKey(publicKey.Raw(), publicKey.Network.network)
+	if err != nil {
+		return nil, err
+	}
+
+	pubkeyHash := pubkey.AddressPubKeyHash()
+	address := pubkeyHash.String()
+
+	return &muunAddress{address: address, version: addressSubmarineSwap, derivationPath: publicKey.Path}, nil
+}
+
+func addUserSignatureInputSubmarineSwap(input Input, index int, tx *wire.MsgTx, privateKey *HDPrivateKey,
+	muunKey *HDPublicKey) (*wire.TxIn, error) {
+
+	submarineSwap := input.SubmarineSwap()
+	if submarineSwap == nil {
+		return nil, errors.Errorf("submarine swap data is nil for ss input")
+	}
+
+	witnessScript, err := createWitnessScriptSubmarineSwap(submarineSwap.RefundAddress(),
+		submarineSwap.PaymentHash256(),
+		submarineSwap.ServerPublicKey(),
+		submarineSwap.LockTime(),
+		privateKey.Network)
+	if err != nil {
+		return nil, err
+	}
+
+	redeemScript, err := createNonNativeSegwitRedeemScript(witnessScript)
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed to build reedem script for signing")
+	}
+
+	sig, err := signNonNativeSegwitInput(input, index, tx, privateKey, redeemScript, witnessScript)
+	if err != nil {
+		return nil, err
+	}
+
+	txInput := tx.TxIn[index]
+	txInput.Witness = wire.TxWitness{sig, privateKey.PublicKey().Raw(), witnessScript}
+
+	return txInput, nil
+}
+
+func createRedeemScriptSubmarineSwapForUser(publicKey *HDPublicKey) {
+
+}
+
+func createWitnessScriptSubmarineSwap(refundAddress string, paymentHash []byte, swapServerPubKey []byte, lockTime int64, network *Network) ([]byte, error) {
+
+	// It turns out that the payment hash present in an invoice is just the SHA256 of the
+	// payment preimage, so we still have to do a pass of RIPEMD160 before pushing it to the
+	// script
+	paymentHash160 := ripemd160(paymentHash)
+	decodedRefundAddress, err := btcutil.DecodeAddress(refundAddress, network.network)
+	if err != nil {
+		return nil, errors.Wrapf(err, "refund address is invalid")
+	}
+
+	refundAddressHash := decodedRefundAddress.ScriptAddress()
+
+	builder := txscript.NewScriptBuilder()
+	builder.AddOp(txscript.OP_DUP)
+
+	// Condition to decide which branch to follow:
+	builder.AddOp(txscript.OP_HASH160).
+		AddData(paymentHash160).
+		AddOp(txscript.OP_EQUAL)
+
+	// SubmarineSwap service spending script, for successful LN payments:
+	builder.AddOp(txscript.OP_IF).
+		AddOp(txscript.OP_DROP).
+		AddData(swapServerPubKey)
+
+	// User spending script, for failed LN payments:
+	builder.AddOp(txscript.OP_ELSE).
+		AddInt64(lockTime).
+		AddOp(txscript.OP_CHECKLOCKTIMEVERIFY).
+		AddOp(txscript.OP_DROP).
+		AddOp(txscript.OP_DUP).
+		AddOp(txscript.OP_HASH160).
+		AddData(refundAddressHash).
+		AddOp(txscript.OP_EQUALVERIFY)
+
+	// Final verification for both branches:
+	builder.AddOp(txscript.OP_ENDIF).
+		AddOp(txscript.OP_CHECKSIG)
+
+	return builder.Script()
+}
+
+func ValidateSubmarineSwap(rawInvoice string, userPublicKey *HDPublicKey, muunPublicKey *HDPublicKey, swap SubmarineSwap, network *Network) error {
+
+	invoice, err := ParseInvoice(rawInvoice, network)
+	if err != nil {
+		return errors.Wrapf(err, "failed to decode invoice")
+	}
+
+	// Check the payment hash matches
+
+	serverPaymentHash, err := hex.DecodeString(swap.FundingOutput().ServerPaymentHashInHex())
+	if err != nil {
+		return errors.Wrapf(err, "server payment hash is not valid hex")
+	}
+
+	if !bytes.Equal(invoice.PaymentHash[:], serverPaymentHash) {
+		return errors.Errorf("payment hash doesn't match %v != %v", invoice.PaymentHash, swap.FundingOutput().ServerPaymentHashInHex())
+	}
+
+	// TODO: check that timelock is acceptable
+
+	// Validate that the refund address is one we can derive
+
+	swapRefundAddress := swap.FundingOutput().UserRefundAddress()
+	derivedUserKey, err := userPublicKey.DeriveTo(swapRefundAddress.DerivationPath())
+	if err != nil {
+		return errors.Wrapf(err, "failed to derive user key")
+	}
+	derivedMuunKey, err := muunPublicKey.DeriveTo(swapRefundAddress.DerivationPath())
+	if err != nil {
+		return errors.Wrapf(err, "failed to derive muun key")
+	}
+
+	refundAddress, err := newMuunAddress(AddressVersion(swapRefundAddress.Version()), derivedUserKey, derivedMuunKey)
+	if err != nil {
+		return errors.Wrapf(err, "failed to generate refund address")
+	}
+
+	if refundAddress.Address() != swapRefundAddress.Address() {
+		return errors.Errorf("refund address doesn't match generated (%v != %v)", swapRefundAddress.Address(), refundAddress.Address())
+	}
+
+	// Check the swap's witness script is a valid swap script
+
+	serverPubKey, err := hex.DecodeString(swap.FundingOutput().ServerPublicKeyInHex())
+	if err != nil {
+		return errors.Wrapf(err, "server pub key is not hex")
+	}
+
+	witnessScript, err := createWitnessScriptSubmarineSwap(
+		swapRefundAddress.Address(),
+		serverPaymentHash,
+		serverPubKey,
+		swap.FundingOutput().UserLockTime(),
+		network)
+	if err != nil {
+		return errors.Wrapf(err, "failed to compute witness script")
+	}
+
+	redeemScript, err := createNonNativeSegwitRedeemScript(witnessScript)
+	if err != nil {
+		return errors.Wrapf(err, "failed to build redeem script")
+	}
+
+	address, err := btcutil.NewAddressScriptHash(redeemScript, network.network)
+	if err != nil {
+		return errors.Wrapf(err, "failed to build address for swap script")
+	}
+
+	if address.EncodeAddress() != swap.FundingOutput().OutputAddress() {
+		return errors.Errorf("address for swap script mismatch (%v != %v)", address.EncodeAddress(), swap.FundingOutput().OutputAddress())
+	}
+
+	if len(swap.PreimageInHex()) > 0 {
+		preimage, err := hex.DecodeString(swap.PreimageInHex())
+		if err != nil {
+			return errors.Wrapf(err, "preimagehex is not actually hex 🤔")
+		}
+
+		calculatedPaymentHash := sha256.Sum256(preimage)
+		if !bytes.Equal(invoice.PaymentHash[:], calculatedPaymentHash[:]) {
+			return errors.Errorf("payment hash doesn't match preimage (%v != hash(%v)", invoice.PaymentHash, swap.PreimageInHex())
+		}
+	}
+
+	return nil
+}