diff --git a/bower.json b/bower.json index 183089b..360abd3 100644 --- a/bower.json +++ b/bower.json @@ -1,7 +1,7 @@ { "name": "bitcore", "main": "browser/bundle.js", - "version": "0.1.23", + "version": "0.1.24", "homepage": "http://bitcore.io", "authors": [ "Ryan X. Charles ()" diff --git a/browser/bundle.js b/browser/bundle.js index 7577a5b..3a924d4 100644 --- a/browser/bundle.js +++ b/browser/bundle.js @@ -51,26930 +51,301 @@ require= // Override the current require with this new one return newRequire; }) -({"bitcore":[function(require,module,exports){ +({"tmvhGl":[function(require,module,exports){ +(function(e){var i=function(e,i){Object.defineProperty(module.exports,e,{get:function(){return require(i)}})};i("Bignum","bignum"),Object.defineProperty(module.exports,"bignum",{get:function(){return console.log('bignum (with a lower-case "b") is deprecated. Use bitcore.Bignum (capital "B") instead.'),require("bignum")}}),i("Base58","./lib/Base58"),Object.defineProperty(module.exports,"base58",{get:function(){return console.log('base58 (with a lower-case "b") is deprecated. Use bitcore.Base58 (capital "B") instead.'),require("./lib/Base58")}}),i("bufferput","bufferput"),i("buffertools","buffertools"),i("Buffers.monkey","./patches/Buffers.monkey"),i("config","./config"),i("const","./const"),i("Curve","./lib/Curve"),i("Deserialize","./lib/Deserialize"),i("ECIES","./lib/ECIES"),i("log","./util/log"),i("networks","./networks"),i("SecureRandom","./lib/SecureRandom"),i("sjcl","./lib/sjcl"),i("util","./util/util"),i("EncodedData","./util/EncodedData"),i("VersionedData","./util/VersionedData"),i("BinaryParser","./util/BinaryParser"),i("Address","./lib/Address"),i("HierarchicalKey","./lib/HierarchicalKey"),Object.defineProperty(module.exports,"BIP32",{get:function(){return console.log("BIP32 is deprecated. Use bitcore.HierarchicalKey instead."),require("./lib/HierarchicalKey")}}),i("Point","./lib/Point"),i("Opcode","./lib/Opcode"),i("Script","./lib/Script"),i("Transaction","./lib/Transaction"),i("TransactionBuilder","./lib/TransactionBuilder"),i("Connection","./lib/Connection"),i("Peer","./lib/Peer"),i("Block","./lib/Block"),i("ScriptInterpreter","./lib/ScriptInterpreter"),i("Bloom","./lib/Bloom"),i("Key","./lib/Key"),Object.defineProperty(module.exports,"KeyModule",{get:function(){return console.log("KeyModule is deprecated."),require("bindings")("KeyModule")}}),i("SINKey","./lib/SINKey"),i("SIN","./lib/SIN"),i("PrivateKey","./lib/PrivateKey"),i("RpcClient","./lib/RpcClient"),i("Wallet","./lib/Wallet"),i("WalletKey","./lib/WalletKey"),i("PeerManager","./lib/PeerManager"),i("Message","./lib/Message"),i("Electrum","./lib/Electrum"),i("Armory","./lib/Armory"),module.exports.Buffer=e}).call(this,require("buffer").Buffer); +},{"./lib/Base58":"6VqyzY","./lib/HierarchicalKey":"x1O6JW","bignum":58,"bindings":78,"buffer":85}],"bitcore":[function(require,module,exports){ module.exports=require('tmvhGl'); -},{}],"tmvhGl":[function(require,module,exports){ -(function (Buffer){ -/* -One way to require files is this simple way: -module.exports.Address = require('./Address'); - -However, that will load all classes in memory even if they are not used. -Instead, we can set the 'get' property of each class to only require them when -they are accessed, saving memory if they are not used in a given project. -*/ -var requireWhenAccessed = function(name, file) { - Object.defineProperty(module.exports, name, {get: function() {return require(file)}}); -}; - -requireWhenAccessed('Bignum', 'bignum'); -Object.defineProperty(module.exports, 'bignum', {get: function() { - console.log('bignum (with a lower-case "b") is deprecated. Use bitcore.Bignum (capital "B") instead.'); - return require('bignum'); -}}); -requireWhenAccessed('Base58', './lib/Base58'); -Object.defineProperty(module.exports, 'base58', {get: function() { - console.log('base58 (with a lower-case "b") is deprecated. Use bitcore.Base58 (capital "B") instead.'); - return require('./lib/Base58'); -}}); -requireWhenAccessed('bufferput', 'bufferput'); -requireWhenAccessed('buffertools', 'buffertools'); -requireWhenAccessed('Buffers.monkey', './patches/Buffers.monkey'); -requireWhenAccessed('config', './config'); -requireWhenAccessed('const', './const'); -requireWhenAccessed('Curve', './lib/Curve'); -requireWhenAccessed('Deserialize', './lib/Deserialize'); -requireWhenAccessed('ECIES', './lib/ECIES'); -requireWhenAccessed('log', './util/log'); -requireWhenAccessed('networks', './networks'); -requireWhenAccessed('SecureRandom', './lib/SecureRandom'); -requireWhenAccessed('sjcl', './lib/sjcl'); -requireWhenAccessed('util', './util/util'); -requireWhenAccessed('EncodedData', './util/EncodedData'); -requireWhenAccessed('VersionedData', './util/VersionedData'); -requireWhenAccessed('BinaryParser', './util/BinaryParser'); -requireWhenAccessed('Address', './lib/Address'); -requireWhenAccessed('HierarchicalKey', './lib/HierarchicalKey'); -Object.defineProperty(module.exports, 'BIP32', {get: function() { - console.log('BIP32 is deprecated. Use bitcore.HierarchicalKey instead.'); - return require('./lib/HierarchicalKey'); -}}); -requireWhenAccessed('Point', './lib/Point'); -requireWhenAccessed('Opcode', './lib/Opcode'); -requireWhenAccessed('Script', './lib/Script'); -requireWhenAccessed('Transaction', './lib/Transaction'); -requireWhenAccessed('TransactionBuilder', './lib/TransactionBuilder'); -requireWhenAccessed('Connection', './lib/Connection'); -requireWhenAccessed('Peer', './lib/Peer'); -requireWhenAccessed('Block', './lib/Block'); -requireWhenAccessed('ScriptInterpreter', './lib/ScriptInterpreter'); -requireWhenAccessed('Bloom', './lib/Bloom'); -requireWhenAccessed('Key', './lib/Key'); -Object.defineProperty(module.exports, 'KeyModule', {get: function() { - console.log('KeyModule is deprecated.'); - return require('bindings')('KeyModule'); -}}); -requireWhenAccessed('SINKey', './lib/SINKey'); -requireWhenAccessed('SIN', './lib/SIN'); -requireWhenAccessed('PrivateKey', './lib/PrivateKey'); -requireWhenAccessed('RpcClient', './lib/RpcClient'); -requireWhenAccessed('Wallet', './lib/Wallet'); -requireWhenAccessed('WalletKey', './lib/WalletKey'); -requireWhenAccessed('PeerManager', './lib/PeerManager'); -requireWhenAccessed('Message', './lib/Message'); -requireWhenAccessed('Electrum', './lib/Electrum'); -requireWhenAccessed('Armory', './lib/Armory'); -module.exports.Buffer = Buffer; - - -}).call(this,require("buffer").Buffer) -},{"./lib/Base58":"6VqyzY","./lib/HierarchicalKey":"x1O6JW","bignum":58,"bindings":78,"buffer":85}],3:[function(require,module,exports){ -if ('undefined' === typeof window) window = this; -Bitcoin = {}; -if (typeof navigator === 'undefined') { - var navigator = {}; - navigator.appName = 'NodeJS'; -} -/*! - * Crypto-JS v2.0.0 - * http://code.google.com/p/crypto-js/ - * Copyright (c) 2009, Jeff Mott. All rights reserved. - * http://code.google.com/p/crypto-js/wiki/License - */ - -var base64map = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; - -// Global Crypto object -var Crypto = window.Crypto = {}; - -// Crypto utilities -var util = Crypto.util = { - - // Bit-wise rotate left - rotl: function (n, b) { - return (n << b) | (n >>> (32 - b)); - }, - - // Bit-wise rotate right - rotr: function (n, b) { - return (n << (32 - b)) | (n >>> b); - }, - - // Swap big-endian to little-endian and vice versa - endian: function (n) { - - // If number given, swap endian - if (n.constructor == Number) { - return util.rotl(n, 8) & 0x00FF00FF | - util.rotl(n, 24) & 0xFF00FF00; - } - - // Else, assume array and swap all items - for (var i = 0; i < n.length; i++) - n[i] = util.endian(n[i]); - return n; - - }, - - // Generate an array of any length of random bytes - randomBytes: function (n) { - for (var bytes = []; n > 0; n--) - bytes.push(Math.floor(Math.random() * 256)); - return bytes; - }, - - // Convert a byte array to big-endian 32-bit words - bytesToWords: function (bytes) { - for (var words = [], i = 0, b = 0; i < bytes.length; i++, b += 8) - words[b >>> 5] |= bytes[i] << (24 - b % 32); - return words; - }, - - // Convert big-endian 32-bit words to a byte array - wordsToBytes: function (words) { - for (var bytes = [], b = 0; b < words.length * 32; b += 8) - bytes.push((words[b >>> 5] >>> (24 - b % 32)) & 0xFF); - return bytes; - }, - - // Convert a byte array to a hex string - bytesToHex: function (bytes) { - for (var hex = [], i = 0; i < bytes.length; i++) { - hex.push((bytes[i] >>> 4).toString(16)); - hex.push((bytes[i] & 0xF).toString(16)); - } - return hex.join(""); - }, - - // Convert a hex string to a byte array - hexToBytes: function (hex) { - for (var bytes = [], c = 0; c < hex.length; c += 2) - bytes.push(parseInt(hex.substr(c, 2), 16)); - return bytes; - }, - - // Convert a byte array to a base-64 string - bytesToBase64: function (bytes) { - - // Use browser-native function if it exists - if (typeof btoa == "function") return btoa(Binary.bytesToString(bytes)); - - for(var base64 = [], i = 0; i < bytes.length; i += 3) { - var triplet = (bytes[i] << 16) | (bytes[i + 1] << 8) | bytes[i + 2]; - for (var j = 0; j < 4; j++) { - if (i * 8 + j * 6 <= bytes.length * 8) - base64.push(base64map.charAt((triplet >>> 6 * (3 - j)) & 0x3F)); - else base64.push("="); - } - } - - return base64.join(""); - - }, - - // Convert a base-64 string to a byte array - base64ToBytes: function (base64) { - - // Use browser-native function if it exists - if (typeof atob == "function") return Binary.stringToBytes(atob(base64)); - - // Remove non-base-64 characters - base64 = base64.replace(/[^A-Z0-9+\/]/ig, ""); - - for (var bytes = [], i = 0, imod4 = 0; i < base64.length; imod4 = ++i % 4) { - if (imod4 == 0) continue; - bytes.push(((base64map.indexOf(base64.charAt(i - 1)) & (Math.pow(2, -2 * imod4 + 8) - 1)) << (imod4 * 2)) | - (base64map.indexOf(base64.charAt(i)) >>> (6 - imod4 * 2))); - } - - return bytes; - - } - -}; - -// Crypto mode namespace -Crypto.mode = {}; - -// Crypto character encodings -var charenc = Crypto.charenc = {}; - -// UTF-8 encoding -var UTF8 = charenc.UTF8 = { - - // Convert a string to a byte array - stringToBytes: function (str) { - return Binary.stringToBytes(unescape(encodeURIComponent(str))); - }, - - // Convert a byte array to a string - bytesToString: function (bytes) { - return decodeURIComponent(escape(Binary.bytesToString(bytes))); - } - -}; - -// Binary encoding -var Binary = charenc.Binary = { - - // Convert a string to a byte array - stringToBytes: function (str) { - for (var bytes = [], i = 0; i < str.length; i++) - bytes.push(str.charCodeAt(i)); - return bytes; - }, - - // Convert a byte array to a string - bytesToString: function (bytes) { - for (var str = [], i = 0; i < bytes.length; i++) - str.push(String.fromCharCode(bytes[i])); - return str.join(""); - } - -}; - -/* -CryptoJS v3.1.2 -code.google.com/p/crypto-js -(c) 2009-2013 by Jeff Mott. All rights reserved. -code.google.com/p/crypto-js/wiki/License -*/ -/* - -(c) 2012 by C?dric Mesnil. All rights reserved. - -Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - - - Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - - Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ -var CryptoJS=CryptoJS||function(j,k){var e={},l=e.lib={},z=function(){},t=l.Base={extend:function(a){z.prototype=this;var c=new z;a&&c.mixIn(a);c.hasOwnProperty("init")||(c.init=function(){c.$super.init.apply(this,arguments)});c.init.prototype=c;c.$super=this;return c},create:function(){var a=this.extend();a.init.apply(a,arguments);return a},init:function(){},mixIn:function(a){for(var c in a)a.hasOwnProperty(c)&&(this[c]=a[c]);a.hasOwnProperty("toString")&&(this.toString=a.toString)},clone:function(){return this.init.prototype.extend(this)}}, -u=l.WordArray=t.extend({init:function(a,c){a=this.words=a||[];this.sigBytes=c!=k?c:4*a.length},toString:function(a){return(a||D).stringify(this)},concat:function(a){var c=this.words,h=a.words,d=this.sigBytes;a=a.sigBytes;this.clamp();if(d%4)for(var b=0;b>>2]|=(h[b>>>2]>>>24-8*(b%4)&255)<<24-8*((d+b)%4);else if(65535>>2]=h[b>>>2];else c.push.apply(c,h);this.sigBytes+=a;return this},clamp:function(){var a=this.words,c=this.sigBytes;a[c>>>2]&=4294967295<< -32-8*(c%4);a.length=j.ceil(c/4)},clone:function(){var a=t.clone.call(this);a.words=this.words.slice(0);return a},random:function(a){for(var c=[],b=0;b>>2]>>>24-8*(d%4)&255;b.push((g>>>4).toString(16));b.push((g&15).toString(16))}return b.join("")},parse:function(a){for(var c=a.length,b=[],d=0;d>>3]|=parseInt(a.substr(d, -2),16)<<24-4*(d%8);return new u.init(b,c/2)}},A=w.Latin1={stringify:function(a){var c=a.words;a=a.sigBytes;for(var b=[],d=0;d>>2]>>>24-8*(d%4)&255));return b.join("")},parse:function(a){for(var b=a.length,h=[],d=0;d>>2]|=(a.charCodeAt(d)&255)<<24-8*(d%4);return new u.init(h,b)}},g=w.Utf8={stringify:function(a){try{return decodeURIComponent(escape(A.stringify(a)))}catch(b){throw Error("Malformed UTF-8 data");}},parse:function(a){return A.parse(unescape(encodeURIComponent(a)))}}, -v=l.BufferedBlockAlgorithm=t.extend({reset:function(){this._data=new u.init;this._nDataBytes=0},_append:function(a){"string"==typeof a&&(a=g.parse(a));this._data.concat(a);this._nDataBytes+=a.sigBytes},_process:function(a){var b=this._data,h=b.words,d=b.sigBytes,g=this.blockSize,v=d/(4*g),v=a?j.ceil(v):j.max((v|0)-this._minBufferSize,0);a=v*g;d=j.min(4*a,d);if(a){for(var e=0;eb;b++){var a=e+b,c=g[a];g[a]=(c<<8|c>>>24)&16711935|(c<<24|c>>>8)&4278255360}var a=this._hash.words,c=D.words,h=A.words,d=z.words,j=t.words,k=u.words,l=w.words,B,m,n,p,x,C,q,r,s,y;C=B=a[0];q=m=a[1];r=n=a[2];s=p=a[3];y=x=a[4];for(var f,b=0;80>b;b+=1)f=B+g[e+d[b]]|0,f=16>b?f+((m^n^p)+c[0]):32>b?f+((m&n|~m&p)+c[1]):48>b? -f+(((m|~n)^p)+c[2]):64>b?f+((m&p|n&~p)+c[3]):f+((m^(n|~p))+c[4]),f|=0,f=f<>>32-k[b],f=f+x|0,B=x,x=p,p=n<<10|n>>>22,n=m,m=f,f=C+g[e+j[b]]|0,f=16>b?f+((q^(r|~s))+h[0]):32>b?f+((q&s|r&~s)+h[1]):48>b?f+(((q|~r)^s)+h[2]):64>b?f+((q&r|~q&s)+h[3]):f+((q^r^s)+h[4]),f|=0,f=f<>>32-l[b],f=f+y|0,C=y,y=s,s=r<<10|r>>>22,r=q,q=f;f=a[1]+n+s|0;a[1]=a[2]+p+y|0;a[2]=a[3]+x+C|0;a[3]=a[4]+B+q|0;a[4]=a[0]+m+r|0;a[0]=f},_doFinalize:function(){var g=this._data,e=g.words,b=8*this._nDataBytes,a=8*g.sigBytes; -e[a>>>5]|=128<<24-a%32;e[(a+64>>>9<<4)+14]=(b<<8|b>>>24)&16711935|(b<<24|b>>>8)&4278255360;g.sigBytes=4*(e.length+1);this._process();g=this._hash;e=g.words;for(b=0;5>b;b++)a=e[b],e[b]=(a<<8|a>>>24)&16711935|(a<<24|a>>>8)&4278255360;return g},clone:function(){var e=l.clone.call(this);e._hash=this._hash.clone();return e}});j.RIPEMD160=l._createHelper(k);j.HmacRIPEMD160=l._createHmacHelper(k)})(Math); - -module.exports.crypto31 = CryptoJS; -// Copyright (c) 2005 Tom Wu -// All Rights Reserved. -// See "LICENSE" for details. - -// Basic JavaScript BN library - subset useful for RSA encryption. - -// Bits per digit -var dbits; - -// JavaScript engine analysis -var canary = 0xdeadbeefcafe; -var j_lm = ((canary&0xffffff)==0xefcafe); - -// (public) Constructor -function BigInteger(a,b,c) { - if(a != null) - if("number" == typeof a) this.fromNumber(a,b,c); - else if(b == null && "string" != typeof a) this.fromString(a,256); - else this.fromString(a,b); -} - -// return new, unset BigInteger -function nbi() { return new BigInteger(null); } - -// am: Compute w_j += (x*this_i), propagate carries, -// c is initial carry, returns final carry. -// c < 3*dvalue, x < 2*dvalue, this_i < dvalue -// We need to select the fastest one that works in this environment. - -// am1: use a single mult and divide to get the high bits, -// max digit bits should be 26 because -// max internal value = 2*dvalue^2-2*dvalue (< 2^53) -function am1(i,x,w,j,c,n) { - while(--n >= 0) { - var v = x*this[i++]+w[j]+c; - c = Math.floor(v/0x4000000); - w[j++] = v&0x3ffffff; - } - return c; -} -// am2 avoids a big mult-and-extract completely. -// Max digit bits should be <= 30 because we do bitwise ops -// on values up to 2*hdvalue^2-hdvalue-1 (< 2^31) -function am2(i,x,w,j,c,n) { - var xl = x&0x7fff, xh = x>>15; - while(--n >= 0) { - var l = this[i]&0x7fff; - var h = this[i++]>>15; - var m = xh*l+h*xl; - l = xl*l+((m&0x7fff)<<15)+w[j]+(c&0x3fffffff); - c = (l>>>30)+(m>>>15)+xh*h+(c>>>30); - w[j++] = l&0x3fffffff; - } - return c; -} -// Alternately, set max digit bits to 28 since some -// browsers slow down when dealing with 32-bit numbers. -function am3(i,x,w,j,c,n) { - var xl = x&0x3fff, xh = x>>14; - while(--n >= 0) { - var l = this[i]&0x3fff; - var h = this[i++]>>14; - var m = xh*l+h*xl; - l = xl*l+((m&0x3fff)<<14)+w[j]+c; - c = (l>>28)+(m>>14)+xh*h; - w[j++] = l&0xfffffff; - } - return c; -} -if(j_lm && (navigator.appName == "Microsoft Internet Explorer")) { - BigInteger.prototype.am = am2; - dbits = 30; -} -else if(j_lm && (navigator.appName != "Netscape")) { - BigInteger.prototype.am = am1; - dbits = 26; -} -else { // Mozilla/Netscape seems to prefer am3 - BigInteger.prototype.am = am3; - dbits = 28; -} - -BigInteger.prototype.DB = dbits; -BigInteger.prototype.DM = ((1<= 0; --i) r[i] = this[i]; - r.t = this.t; - r.s = this.s; -} - -// (protected) set from integer value x, -DV <= x < DV -function bnpFromInt(x) { - this.t = 1; - this.s = (x<0)?-1:0; - if(x > 0) this[0] = x; - else if(x < -1) this[0] = x+DV; - else this.t = 0; -} - -// return bigint initialized to value -function nbv(i) { var r = nbi(); r.fromInt(i); return r; } - -// (protected) set from string and radix -function bnpFromString(s,b) { - var k; - if(b == 16) k = 4; - else if(b == 8) k = 3; - else if(b == 256) k = 8; // byte array - else if(b == 2) k = 1; - else if(b == 32) k = 5; - else if(b == 4) k = 2; - else { this.fromRadix(s,b); return; } - this.t = 0; - this.s = 0; - var i = s.length, mi = false, sh = 0; - while(--i >= 0) { - var x = (k==8)?s[i]&0xff:intAt(s,i); - if(x < 0) { - if(s.charAt(i) == "-") mi = true; - continue; - } - mi = false; - if(sh == 0) - this[this.t++] = x; - else if(sh+k > this.DB) { - this[this.t-1] |= (x&((1<<(this.DB-sh))-1))<>(this.DB-sh)); - } - else - this[this.t-1] |= x<= this.DB) sh -= this.DB; - } - if(k == 8 && (s[0]&0x80) != 0) { - this.s = -1; - if(sh > 0) this[this.t-1] |= ((1<<(this.DB-sh))-1)< 0 && this[this.t-1] == c) --this.t; -} - -// (public) return string representation in given radix -function bnToString(b) { - if(this.s < 0) return "-"+this.negate().toString(b); - var k; - if(b == 16) k = 4; - else if(b == 8) k = 3; - else if(b == 2) k = 1; - else if(b == 32) k = 5; - else if(b == 4) k = 2; - else return this.toRadix(b); - var km = (1< 0) { - if(p < this.DB && (d = this[i]>>p) > 0) { m = true; r = int2char(d); } - while(i >= 0) { - if(p < k) { - d = (this[i]&((1<>(p+=this.DB-k); - } - else { - d = (this[i]>>(p-=k))&km; - if(p <= 0) { p += this.DB; --i; } - } - if(d > 0) m = true; - if(m) r += int2char(d); - } - } - return m?r:"0"; -} - -// (public) -this -function bnNegate() { var r = nbi(); BigInteger.ZERO.subTo(this,r); return r; } - -// (public) |this| -function bnAbs() { return (this.s<0)?this.negate():this; } - -// (public) return + if this > a, - if this < a, 0 if equal -function bnCompareTo(a) { - var r = this.s-a.s; - if(r != 0) return r; - var i = this.t; - r = i-a.t; - if(r != 0) return (this.s<0)?-r:r; - while(--i >= 0) if((r=this[i]-a[i]) != 0) return r; - return 0; -} - -// returns bit length of the integer x -function nbits(x) { - var r = 1, t; - if((t=x>>>16) != 0) { x = t; r += 16; } - if((t=x>>8) != 0) { x = t; r += 8; } - if((t=x>>4) != 0) { x = t; r += 4; } - if((t=x>>2) != 0) { x = t; r += 2; } - if((t=x>>1) != 0) { x = t; r += 1; } - return r; -} - -// (public) return the number of bits in "this" -function bnBitLength() { - if(this.t <= 0) return 0; - return this.DB*(this.t-1)+nbits(this[this.t-1]^(this.s&this.DM)); -} - -// (protected) r = this << n*DB -function bnpDLShiftTo(n,r) { - var i; - for(i = this.t-1; i >= 0; --i) r[i+n] = this[i]; - for(i = n-1; i >= 0; --i) r[i] = 0; - r.t = this.t+n; - r.s = this.s; -} - -// (protected) r = this >> n*DB -function bnpDRShiftTo(n,r) { - for(var i = n; i < this.t; ++i) r[i-n] = this[i]; - r.t = Math.max(this.t-n,0); - r.s = this.s; -} - -// (protected) r = this << n -function bnpLShiftTo(n,r) { - var bs = n%this.DB; - var cbs = this.DB-bs; - var bm = (1<= 0; --i) { - r[i+ds+1] = (this[i]>>cbs)|c; - c = (this[i]&bm)<= 0; --i) r[i] = 0; - r[ds] = c; - r.t = this.t+ds+1; - r.s = this.s; - r.clamp(); -} - -// (protected) r = this >> n -function bnpRShiftTo(n,r) { - r.s = this.s; - var ds = Math.floor(n/this.DB); - if(ds >= this.t) { r.t = 0; return; } - var bs = n%this.DB; - var cbs = this.DB-bs; - var bm = (1<>bs; - for(var i = ds+1; i < this.t; ++i) { - r[i-ds-1] |= (this[i]&bm)<>bs; - } - if(bs > 0) r[this.t-ds-1] |= (this.s&bm)<>= this.DB; - } - if(a.t < this.t) { - c -= a.s; - while(i < this.t) { - c += this[i]; - r[i++] = c&this.DM; - c >>= this.DB; - } - c += this.s; - } - else { - c += this.s; - while(i < a.t) { - c -= a[i]; - r[i++] = c&this.DM; - c >>= this.DB; - } - c -= a.s; - } - r.s = (c<0)?-1:0; - if(c < -1) r[i++] = this.DV+c; - else if(c > 0) r[i++] = c; - r.t = i; - r.clamp(); -} - -// (protected) r = this * a, r != this,a (HAC 14.12) -// "this" should be the larger one if appropriate. -function bnpMultiplyTo(a,r) { - var x = this.abs(), y = a.abs(); - var i = x.t; - r.t = i+y.t; - while(--i >= 0) r[i] = 0; - for(i = 0; i < y.t; ++i) r[i+x.t] = x.am(0,y[i],r,i,0,x.t); - r.s = 0; - r.clamp(); - if(this.s != a.s) BigInteger.ZERO.subTo(r,r); -} - -// (protected) r = this^2, r != this (HAC 14.16) -function bnpSquareTo(r) { - var x = this.abs(); - var i = r.t = 2*x.t; - while(--i >= 0) r[i] = 0; - for(i = 0; i < x.t-1; ++i) { - var c = x.am(i,x[i],r,2*i,0,1); - if((r[i+x.t]+=x.am(i+1,2*x[i],r,2*i+1,c,x.t-i-1)) >= x.DV) { - r[i+x.t] -= x.DV; - r[i+x.t+1] = 1; - } - } - if(r.t > 0) r[r.t-1] += x.am(i,x[i],r,2*i,0,1); - r.s = 0; - r.clamp(); -} - -// (protected) divide this by m, quotient and remainder to q, r (HAC 14.20) -// r != q, this != m. q or r may be null. -function bnpDivRemTo(m,q,r) { - var pm = m.abs(); - if(pm.t <= 0) return; - var pt = this.abs(); - if(pt.t < pm.t) { - if(q != null) q.fromInt(0); - if(r != null) this.copyTo(r); - return; - } - if(r == null) r = nbi(); - var y = nbi(), ts = this.s, ms = m.s; - var nsh = this.DB-nbits(pm[pm.t-1]); // normalize modulus - if(nsh > 0) { pm.lShiftTo(nsh,y); pt.lShiftTo(nsh,r); } - else { pm.copyTo(y); pt.copyTo(r); } - var ys = y.t; - var y0 = y[ys-1]; - if(y0 == 0) return; - var yt = y0*(1<1)?y[ys-2]>>this.F2:0); - var d1 = this.FV/yt, d2 = (1<= 0) { - r[r.t++] = 1; - r.subTo(t,r); - } - BigInteger.ONE.dlShiftTo(ys,t); - t.subTo(y,y); // "negative" y so we can replace sub with am later - while(y.t < ys) y[y.t++] = 0; - while(--j >= 0) { - // Estimate quotient digit - var qd = (r[--i]==y0)?this.DM:Math.floor(r[i]*d1+(r[i-1]+e)*d2); - if((r[i]+=y.am(0,qd,r,j,0,ys)) < qd) { // Try it out - y.dlShiftTo(j,t); - r.subTo(t,r); - while(r[i] < --qd) r.subTo(t,r); - } - } - if(q != null) { - r.drShiftTo(ys,q); - if(ts != ms) BigInteger.ZERO.subTo(q,q); - } - r.t = ys; - r.clamp(); - if(nsh > 0) r.rShiftTo(nsh,r); // Denormalize remainder - if(ts < 0) BigInteger.ZERO.subTo(r,r); -} - -// (public) this mod a -function bnMod(a) { - var r = nbi(); - this.abs().divRemTo(a,null,r); - if(this.s < 0 && r.compareTo(BigInteger.ZERO) > 0) a.subTo(r,r); - return r; -} - -// Modular reduction using "classic" algorithm -function Classic(m) { this.m = m; } -function cConvert(x) { - if(x.s < 0 || x.compareTo(this.m) >= 0) return x.mod(this.m); - else return x; -} -function cRevert(x) { return x; } -function cReduce(x) { x.divRemTo(this.m,null,x); } -function cMulTo(x,y,r) { x.multiplyTo(y,r); this.reduce(r); } -function cSqrTo(x,r) { x.squareTo(r); this.reduce(r); } - -Classic.prototype.convert = cConvert; -Classic.prototype.revert = cRevert; -Classic.prototype.reduce = cReduce; -Classic.prototype.mulTo = cMulTo; -Classic.prototype.sqrTo = cSqrTo; - -// (protected) return "-1/this % 2^DB"; useful for Mont. reduction -// justification: -// xy == 1 (mod m) -// xy = 1+km -// xy(2-xy) = (1+km)(1-km) -// x[y(2-xy)] = 1-k^2m^2 -// x[y(2-xy)] == 1 (mod m^2) -// if y is 1/x mod m, then y(2-xy) is 1/x mod m^2 -// should reduce x and y(2-xy) by m^2 at each step to keep size bounded. -// JS multiply "overflows" differently from C/C++, so care is needed here. -function bnpInvDigit() { - if(this.t < 1) return 0; - var x = this[0]; - if((x&1) == 0) return 0; - var y = x&3; // y == 1/x mod 2^2 - y = (y*(2-(x&0xf)*y))&0xf; // y == 1/x mod 2^4 - y = (y*(2-(x&0xff)*y))&0xff; // y == 1/x mod 2^8 - y = (y*(2-(((x&0xffff)*y)&0xffff)))&0xffff; // y == 1/x mod 2^16 - // last step - calculate inverse mod DV directly; - // assumes 16 < DB <= 32 and assumes ability to handle 48-bit ints - y = (y*(2-x*y%this.DV))%this.DV; // y == 1/x mod 2^dbits - // we really want the negative inverse, and -DV < y < DV - return (y>0)?this.DV-y:-y; -} - -// Montgomery reduction -function Montgomery(m) { - this.m = m; - this.mp = m.invDigit(); - this.mpl = this.mp&0x7fff; - this.mph = this.mp>>15; - this.um = (1<<(m.DB-15))-1; - this.mt2 = 2*m.t; -} - -// xR mod m -function montConvert(x) { - var r = nbi(); - x.abs().dlShiftTo(this.m.t,r); - r.divRemTo(this.m,null,r); - if(x.s < 0 && r.compareTo(BigInteger.ZERO) > 0) this.m.subTo(r,r); - return r; -} - -// x/R mod m -function montRevert(x) { - var r = nbi(); - x.copyTo(r); - this.reduce(r); - return r; -} - -// x = x/R mod m (HAC 14.32) -function montReduce(x) { - while(x.t <= this.mt2) // pad x so am has enough room later - x[x.t++] = 0; - for(var i = 0; i < this.m.t; ++i) { - // faster way of calculating u0 = x[i]*mp mod DV - var j = x[i]&0x7fff; - var u0 = (j*this.mpl+(((j*this.mph+(x[i]>>15)*this.mpl)&this.um)<<15))&x.DM; - // use am to combine the multiply-shift-add into one call - j = i+this.m.t; - x[j] += this.m.am(0,u0,x,i,0,this.m.t); - // propagate carry - while(x[j] >= x.DV) { x[j] -= x.DV; x[++j]++; } - } - x.clamp(); - x.drShiftTo(this.m.t,x); - if(x.compareTo(this.m) >= 0) x.subTo(this.m,x); -} - -// r = "x^2/R mod m"; x != r -function montSqrTo(x,r) { x.squareTo(r); this.reduce(r); } - -// r = "xy/R mod m"; x,y != r -function montMulTo(x,y,r) { x.multiplyTo(y,r); this.reduce(r); } - -Montgomery.prototype.convert = montConvert; -Montgomery.prototype.revert = montRevert; -Montgomery.prototype.reduce = montReduce; -Montgomery.prototype.mulTo = montMulTo; -Montgomery.prototype.sqrTo = montSqrTo; - -// (protected) true iff this is even -function bnpIsEven() { return ((this.t>0)?(this[0]&1):this.s) == 0; } - -// (protected) this^e, e < 2^32, doing sqr and mul with "r" (HAC 14.79) -function bnpExp(e,z) { - if(e > 0xffffffff || e < 1) return BigInteger.ONE; - var r = nbi(), r2 = nbi(), g = z.convert(this), i = nbits(e)-1; - g.copyTo(r); - while(--i >= 0) { - z.sqrTo(r,r2); - if((e&(1< 0) z.mulTo(r2,g,r); - else { var t = r; r = r2; r2 = t; } - } - return z.revert(r); -} - -// (public) this^e % m, 0 <= e < 2^32 -function bnModPowInt(e,m) { - var z; - if(e < 256 || m.isEven()) z = new Classic(m); else z = new Montgomery(m); - return this.exp(e,z); -} - -// protected -BigInteger.prototype.copyTo = bnpCopyTo; -BigInteger.prototype.fromInt = bnpFromInt; -BigInteger.prototype.fromString = bnpFromString; -BigInteger.prototype.clamp = bnpClamp; -BigInteger.prototype.dlShiftTo = bnpDLShiftTo; -BigInteger.prototype.drShiftTo = bnpDRShiftTo; -BigInteger.prototype.lShiftTo = bnpLShiftTo; -BigInteger.prototype.rShiftTo = bnpRShiftTo; -BigInteger.prototype.subTo = bnpSubTo; -BigInteger.prototype.multiplyTo = bnpMultiplyTo; -BigInteger.prototype.squareTo = bnpSquareTo; -BigInteger.prototype.divRemTo = bnpDivRemTo; -BigInteger.prototype.invDigit = bnpInvDigit; -BigInteger.prototype.isEven = bnpIsEven; -BigInteger.prototype.exp = bnpExp; - -// public -BigInteger.prototype.toString = bnToString; -BigInteger.prototype.negate = bnNegate; -BigInteger.prototype.abs = bnAbs; -BigInteger.prototype.compareTo = bnCompareTo; -BigInteger.prototype.bitLength = bnBitLength; -BigInteger.prototype.mod = bnMod; -BigInteger.prototype.modPowInt = bnModPowInt; - -// "constants" -BigInteger.ZERO = nbv(0); -BigInteger.ONE = nbv(1); -// Copyright (c) 2005-2009 Tom Wu -// All Rights Reserved. -// See "LICENSE" for details. - -// Extended JavaScript BN functions, required for RSA private ops. - -// Version 1.1: new BigInteger("0", 10) returns "proper" zero -// Version 1.2: square() API, isProbablePrime fix - -// (public) -function bnClone() { var r = nbi(); this.copyTo(r); return r; } - -// (public) return value as integer -function bnIntValue() { - if(this.s < 0) { - if(this.t == 1) return this[0]-this.DV; - else if(this.t == 0) return -1; - } - else if(this.t == 1) return this[0]; - else if(this.t == 0) return 0; - // assumes 16 < DB < 32 - return ((this[1]&((1<<(32-this.DB))-1))<>24; } - -// (public) return value as short (assumes DB>=16) -function bnShortValue() { return (this.t==0)?this.s:(this[0]<<16)>>16; } - -// (protected) return x s.t. r^x < DV -function bnpChunkSize(r) { return Math.floor(Math.LN2*this.DB/Math.log(r)); } - -// (public) 0 if this == 0, 1 if this > 0 -function bnSigNum() { - if(this.s < 0) return -1; - else if(this.t <= 0 || (this.t == 1 && this[0] <= 0)) return 0; - else return 1; -} - -// (protected) convert to radix string -function bnpToRadix(b) { - if(b == null) b = 10; - if(this.signum() == 0 || b < 2 || b > 36) return "0"; - var cs = this.chunkSize(b); - var a = Math.pow(b,cs); - var d = nbv(a), y = nbi(), z = nbi(), r = ""; - this.divRemTo(d,y,z); - while(y.signum() > 0) { - r = (a+z.intValue()).toString(b).substr(1) + r; - y.divRemTo(d,y,z); - } - return z.intValue().toString(b) + r; -} - -// (protected) convert from radix string -function bnpFromRadix(s,b) { - this.fromInt(0); - if(b == null) b = 10; - var cs = this.chunkSize(b); - var d = Math.pow(b,cs), mi = false, j = 0, w = 0; - for(var i = 0; i < s.length; ++i) { - var x = intAt(s,i); - if(x < 0) { - if(s.charAt(i) == "-" && this.signum() == 0) mi = true; - continue; - } - w = b*w+x; - if(++j >= cs) { - this.dMultiply(d); - this.dAddOffset(w,0); - j = 0; - w = 0; - } - } - if(j > 0) { - this.dMultiply(Math.pow(b,j)); - this.dAddOffset(w,0); - } - if(mi) BigInteger.ZERO.subTo(this,this); -} - -// (protected) alternate constructor -function bnpFromNumber(a,b,c) { - if("number" == typeof b) { - // new BigInteger(int,int,RNG) - if(a < 2) this.fromInt(1); - else { - this.fromNumber(a,c); - if(!this.testBit(a-1)) // force MSB set - this.bitwiseTo(BigInteger.ONE.shiftLeft(a-1),op_or,this); - if(this.isEven()) this.dAddOffset(1,0); // force odd - while(!this.isProbablePrime(b)) { - this.dAddOffset(2,0); - if(this.bitLength() > a) this.subTo(BigInteger.ONE.shiftLeft(a-1),this); - } - } - } - else { - // new BigInteger(int,RNG) - var x = new Array(), t = a&7; - x.length = (a>>3)+1; - b.nextBytes(x); - if(t > 0) x[0] &= ((1< 0) { - if(p < this.DB && (d = this[i]>>p) != (this.s&this.DM)>>p) - r[k++] = d|(this.s<<(this.DB-p)); - while(i >= 0) { - if(p < 8) { - d = (this[i]&((1<>(p+=this.DB-8); - } - else { - d = (this[i]>>(p-=8))&0xff; - if(p <= 0) { p += this.DB; --i; } - } - if((d&0x80) != 0) d |= -256; - if(k == 0 && (this.s&0x80) != (d&0x80)) ++k; - if(k > 0 || d != this.s) r[k++] = d; - } - } - return r; -} - -function bnEquals(a) { return(this.compareTo(a)==0); } -function bnMin(a) { return(this.compareTo(a)<0)?this:a; } -function bnMax(a) { return(this.compareTo(a)>0)?this:a; } - -// (protected) r = this op a (bitwise) -function bnpBitwiseTo(a,op,r) { - var i, f, m = Math.min(a.t,this.t); - for(i = 0; i < m; ++i) r[i] = op(this[i],a[i]); - if(a.t < this.t) { - f = a.s&this.DM; - for(i = m; i < this.t; ++i) r[i] = op(this[i],f); - r.t = this.t; - } - else { - f = this.s&this.DM; - for(i = m; i < a.t; ++i) r[i] = op(f,a[i]); - r.t = a.t; - } - r.s = op(this.s,a.s); - r.clamp(); -} - -// (public) this & a -function op_and(x,y) { return x&y; } -function bnAnd(a) { var r = nbi(); this.bitwiseTo(a,op_and,r); return r; } - -// (public) this | a -function op_or(x,y) { return x|y; } -function bnOr(a) { var r = nbi(); this.bitwiseTo(a,op_or,r); return r; } - -// (public) this ^ a -function op_xor(x,y) { return x^y; } -function bnXor(a) { var r = nbi(); this.bitwiseTo(a,op_xor,r); return r; } - -// (public) this & ~a -function op_andnot(x,y) { return x&~y; } -function bnAndNot(a) { var r = nbi(); this.bitwiseTo(a,op_andnot,r); return r; } - -// (public) ~this -function bnNot() { - var r = nbi(); - for(var i = 0; i < this.t; ++i) r[i] = this.DM&~this[i]; - r.t = this.t; - r.s = ~this.s; - return r; -} - -// (public) this << n -function bnShiftLeft(n) { - var r = nbi(); - if(n < 0) this.rShiftTo(-n,r); else this.lShiftTo(n,r); - return r; -} - -// (public) this >> n -function bnShiftRight(n) { - var r = nbi(); - if(n < 0) this.lShiftTo(-n,r); else this.rShiftTo(n,r); - return r; -} - -// return index of lowest 1-bit in x, x < 2^31 -function lbit(x) { - if(x == 0) return -1; - var r = 0; - if((x&0xffff) == 0) { x >>= 16; r += 16; } - if((x&0xff) == 0) { x >>= 8; r += 8; } - if((x&0xf) == 0) { x >>= 4; r += 4; } - if((x&3) == 0) { x >>= 2; r += 2; } - if((x&1) == 0) ++r; - return r; -} - -// (public) returns index of lowest 1-bit (or -1 if none) -function bnGetLowestSetBit() { - for(var i = 0; i < this.t; ++i) - if(this[i] != 0) return i*this.DB+lbit(this[i]); - if(this.s < 0) return this.t*this.DB; - return -1; -} - -// return number of 1 bits in x -function cbit(x) { - var r = 0; - while(x != 0) { x &= x-1; ++r; } - return r; -} - -// (public) return number of set bits -function bnBitCount() { - var r = 0, x = this.s&this.DM; - for(var i = 0; i < this.t; ++i) r += cbit(this[i]^x); - return r; -} - -// (public) true iff nth bit is set -function bnTestBit(n) { - var j = Math.floor(n/this.DB); - if(j >= this.t) return(this.s!=0); - return((this[j]&(1<<(n%this.DB)))!=0); -} - -// (protected) this op (1<>= this.DB; - } - if(a.t < this.t) { - c += a.s; - while(i < this.t) { - c += this[i]; - r[i++] = c&this.DM; - c >>= this.DB; - } - c += this.s; - } - else { - c += this.s; - while(i < a.t) { - c += a[i]; - r[i++] = c&this.DM; - c >>= this.DB; - } - c += a.s; - } - r.s = (c<0)?-1:0; - if(c > 0) r[i++] = c; - else if(c < -1) r[i++] = this.DV+c; - r.t = i; - r.clamp(); -} - -// (public) this + a -function bnAdd(a) { var r = nbi(); this.addTo(a,r); return r; } - -// (public) this - a -function bnSubtract(a) { var r = nbi(); this.subTo(a,r); return r; } - -// (public) this * a -function bnMultiply(a) { var r = nbi(); this.multiplyTo(a,r); return r; } - -// (public) this^2 -function bnSquare() { var r = nbi(); this.squareTo(r); return r; } - -// (public) this / a -function bnDivide(a) { var r = nbi(); this.divRemTo(a,r,null); return r; } - -// (public) this % a -function bnRemainder(a) { var r = nbi(); this.divRemTo(a,null,r); return r; } - -// (public) [this/a,this%a] -function bnDivideAndRemainder(a) { - var q = nbi(), r = nbi(); - this.divRemTo(a,q,r); - return new Array(q,r); -} - -// (protected) this *= n, this >= 0, 1 < n < DV -function bnpDMultiply(n) { - this[this.t] = this.am(0,n-1,this,0,0,this.t); - ++this.t; - this.clamp(); -} - -// (protected) this += n << w words, this >= 0 -function bnpDAddOffset(n,w) { - if(n == 0) return; - while(this.t <= w) this[this.t++] = 0; - this[w] += n; - while(this[w] >= this.DV) { - this[w] -= this.DV; - if(++w >= this.t) this[this.t++] = 0; - ++this[w]; - } -} - -// A "null" reducer -function NullExp() {} -function nNop(x) { return x; } -function nMulTo(x,y,r) { x.multiplyTo(y,r); } -function nSqrTo(x,r) { x.squareTo(r); } - -NullExp.prototype.convert = nNop; -NullExp.prototype.revert = nNop; -NullExp.prototype.mulTo = nMulTo; -NullExp.prototype.sqrTo = nSqrTo; - -// (public) this^e -function bnPow(e) { return this.exp(e,new NullExp()); } - -// (protected) r = lower n words of "this * a", a.t <= n -// "this" should be the larger one if appropriate. -function bnpMultiplyLowerTo(a,n,r) { - var i = Math.min(this.t+a.t,n); - r.s = 0; // assumes a,this >= 0 - r.t = i; - while(i > 0) r[--i] = 0; - var j; - for(j = r.t-this.t; i < j; ++i) r[i+this.t] = this.am(0,a[i],r,i,0,this.t); - for(j = Math.min(a.t,n); i < j; ++i) this.am(0,a[i],r,i,0,n-i); - r.clamp(); -} - -// (protected) r = "this * a" without lower n words, n > 0 -// "this" should be the larger one if appropriate. -function bnpMultiplyUpperTo(a,n,r) { - --n; - var i = r.t = this.t+a.t-n; - r.s = 0; // assumes a,this >= 0 - while(--i >= 0) r[i] = 0; - for(i = Math.max(n-this.t,0); i < a.t; ++i) - r[this.t+i-n] = this.am(n-i,a[i],r,0,0,this.t+i-n); - r.clamp(); - r.drShiftTo(1,r); -} - -// Barrett modular reduction -function Barrett(m) { - // setup Barrett - this.r2 = nbi(); - this.q3 = nbi(); - BigInteger.ONE.dlShiftTo(2*m.t,this.r2); - this.mu = this.r2.divide(m); - this.m = m; -} - -function barrettConvert(x) { - if(x.s < 0 || x.t > 2*this.m.t) return x.mod(this.m); - else if(x.compareTo(this.m) < 0) return x; - else { var r = nbi(); x.copyTo(r); this.reduce(r); return r; } -} - -function barrettRevert(x) { return x; } - -// x = x mod m (HAC 14.42) -function barrettReduce(x) { - x.drShiftTo(this.m.t-1,this.r2); - if(x.t > this.m.t+1) { x.t = this.m.t+1; x.clamp(); } - this.mu.multiplyUpperTo(this.r2,this.m.t+1,this.q3); - this.m.multiplyLowerTo(this.q3,this.m.t+1,this.r2); - while(x.compareTo(this.r2) < 0) x.dAddOffset(1,this.m.t+1); - x.subTo(this.r2,x); - while(x.compareTo(this.m) >= 0) x.subTo(this.m,x); -} - -// r = x^2 mod m; x != r -function barrettSqrTo(x,r) { x.squareTo(r); this.reduce(r); } - -// r = x*y mod m; x,y != r -function barrettMulTo(x,y,r) { x.multiplyTo(y,r); this.reduce(r); } - -Barrett.prototype.convert = barrettConvert; -Barrett.prototype.revert = barrettRevert; -Barrett.prototype.reduce = barrettReduce; -Barrett.prototype.mulTo = barrettMulTo; -Barrett.prototype.sqrTo = barrettSqrTo; - -// (public) this^e % m (HAC 14.85) -function bnModPow(e,m) { - var i = e.bitLength(), k, r = nbv(1), z; - if(i <= 0) return r; - else if(i < 18) k = 1; - else if(i < 48) k = 3; - else if(i < 144) k = 4; - else if(i < 768) k = 5; - else k = 6; - if(i < 8) - z = new Classic(m); - else if(m.isEven()) - z = new Barrett(m); - else - z = new Montgomery(m); - - // precomputation - var g = new Array(), n = 3, k1 = k-1, km = (1< 1) { - var g2 = nbi(); - z.sqrTo(g[1],g2); - while(n <= km) { - g[n] = nbi(); - z.mulTo(g2,g[n-2],g[n]); - n += 2; - } - } - - var j = e.t-1, w, is1 = true, r2 = nbi(), t; - i = nbits(e[j])-1; - while(j >= 0) { - if(i >= k1) w = (e[j]>>(i-k1))&km; - else { - w = (e[j]&((1<<(i+1))-1))<<(k1-i); - if(j > 0) w |= e[j-1]>>(this.DB+i-k1); - } - - n = k; - while((w&1) == 0) { w >>= 1; --n; } - if((i -= n) < 0) { i += this.DB; --j; } - if(is1) { // ret == 1, don't bother squaring or multiplying it - g[w].copyTo(r); - is1 = false; - } - else { - while(n > 1) { z.sqrTo(r,r2); z.sqrTo(r2,r); n -= 2; } - if(n > 0) z.sqrTo(r,r2); else { t = r; r = r2; r2 = t; } - z.mulTo(r2,g[w],r); - } - - while(j >= 0 && (e[j]&(1< 0) { - x.rShiftTo(g,x); - y.rShiftTo(g,y); - } - while(x.signum() > 0) { - if((i = x.getLowestSetBit()) > 0) x.rShiftTo(i,x); - if((i = y.getLowestSetBit()) > 0) y.rShiftTo(i,y); - if(x.compareTo(y) >= 0) { - x.subTo(y,x); - x.rShiftTo(1,x); - } - else { - y.subTo(x,y); - y.rShiftTo(1,y); - } - } - if(g > 0) y.lShiftTo(g,y); - return y; -} - -// (protected) this % n, n < 2^26 -function bnpModInt(n) { - if(n <= 0) return 0; - var d = this.DV%n, r = (this.s<0)?n-1:0; - if(this.t > 0) - if(d == 0) r = this[0]%n; - else for(var i = this.t-1; i >= 0; --i) r = (d*r+this[i])%n; - return r; -} - -// (public) 1/this % m (HAC 14.61) -function bnModInverse(m) { - var ac = m.isEven(); - if((this.isEven() && ac) || m.signum() == 0) return BigInteger.ZERO; - var u = m.clone(), v = this.clone(); - var a = nbv(1), b = nbv(0), c = nbv(0), d = nbv(1); - while(u.signum() != 0) { - while(u.isEven()) { - u.rShiftTo(1,u); - if(ac) { - if(!a.isEven() || !b.isEven()) { a.addTo(this,a); b.subTo(m,b); } - a.rShiftTo(1,a); - } - else if(!b.isEven()) b.subTo(m,b); - b.rShiftTo(1,b); - } - while(v.isEven()) { - v.rShiftTo(1,v); - if(ac) { - if(!c.isEven() || !d.isEven()) { c.addTo(this,c); d.subTo(m,d); } - c.rShiftTo(1,c); - } - else if(!d.isEven()) d.subTo(m,d); - d.rShiftTo(1,d); - } - if(u.compareTo(v) >= 0) { - u.subTo(v,u); - if(ac) a.subTo(c,a); - b.subTo(d,b); - } - else { - v.subTo(u,v); - if(ac) c.subTo(a,c); - d.subTo(b,d); - } - } - if(v.compareTo(BigInteger.ONE) != 0) return BigInteger.ZERO; - if(d.compareTo(m) >= 0) return d.subtract(m); - if(d.signum() < 0) d.addTo(m,d); else return d; - if(d.signum() < 0) return d.add(m); else return d; -} - -var lowprimes = [2,3,5,7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97,101,103,107,109,113,127,131,137,139,149,151,157,163,167,173,179,181,191,193,197,199,211,223,227,229,233,239,241,251,257,263,269,271,277,281,283,293,307,311,313,317,331,337,347,349,353,359,367,373,379,383,389,397,401,409,419,421,431,433,439,443,449,457,461,463,467,479,487,491,499,503,509,521,523,541,547,557,563,569,571,577,587,593,599,601,607,613,617,619,631,641,643,647,653,659,661,673,677,683,691,701,709,719,727,733,739,743,751,757,761,769,773,787,797,809,811,821,823,827,829,839,853,857,859,863,877,881,883,887,907,911,919,929,937,941,947,953,967,971,977,983,991,997]; -var lplim = (1<<26)/lowprimes[lowprimes.length-1]; - -// (public) test primality with certainty >= 1-.5^t -function bnIsProbablePrime(t) { - var i, x = this.abs(); - if(x.t == 1 && x[0] <= lowprimes[lowprimes.length-1]) { - for(i = 0; i < lowprimes.length; ++i) - if(x[0] == lowprimes[i]) return true; - return false; - } - if(x.isEven()) return false; - i = 1; - while(i < lowprimes.length) { - var m = lowprimes[i], j = i+1; - while(j < lowprimes.length && m < lplim) m *= lowprimes[j++]; - m = x.modInt(m); - while(i < j) if(m%lowprimes[i++] == 0) return false; - } - return x.millerRabin(t); -} - -// (protected) true if probably prime (HAC 4.24, Miller-Rabin) -function bnpMillerRabin(t) { - var n1 = this.subtract(BigInteger.ONE); - var k = n1.getLowestSetBit(); - if(k <= 0) return false; - var r = n1.shiftRight(k); - t = (t+1)>>1; - if(t > lowprimes.length) t = lowprimes.length; - var a = nbi(); - for(var i = 0; i < t; ++i) { - //Pick bases at random, instead of starting at 2 - a.fromInt(lowprimes[Math.floor(Math.random()*lowprimes.length)]); - var y = a.modPow(r,this); - if(y.compareTo(BigInteger.ONE) != 0 && y.compareTo(n1) != 0) { - var j = 1; - while(j++ < k && y.compareTo(n1) != 0) { - y = y.modPowInt(2,this); - if(y.compareTo(BigInteger.ONE) == 0) return false; - } - if(y.compareTo(n1) != 0) return false; - } - } - return true; -} - -// protected -BigInteger.prototype.chunkSize = bnpChunkSize; -BigInteger.prototype.toRadix = bnpToRadix; -BigInteger.prototype.fromRadix = bnpFromRadix; -BigInteger.prototype.fromNumber = bnpFromNumber; -BigInteger.prototype.bitwiseTo = bnpBitwiseTo; -BigInteger.prototype.changeBit = bnpChangeBit; -BigInteger.prototype.addTo = bnpAddTo; -BigInteger.prototype.dMultiply = bnpDMultiply; -BigInteger.prototype.dAddOffset = bnpDAddOffset; -BigInteger.prototype.multiplyLowerTo = bnpMultiplyLowerTo; -BigInteger.prototype.multiplyUpperTo = bnpMultiplyUpperTo; -BigInteger.prototype.modInt = bnpModInt; -BigInteger.prototype.millerRabin = bnpMillerRabin; - -// public -BigInteger.prototype.clone = bnClone; -BigInteger.prototype.intValue = bnIntValue; -BigInteger.prototype.byteValue = bnByteValue; -BigInteger.prototype.shortValue = bnShortValue; -BigInteger.prototype.signum = bnSigNum; -BigInteger.prototype.toByteArray = bnToByteArray; -BigInteger.prototype.equals = bnEquals; -BigInteger.prototype.min = bnMin; -BigInteger.prototype.max = bnMax; -BigInteger.prototype.and = bnAnd; -BigInteger.prototype.or = bnOr; -BigInteger.prototype.xor = bnXor; -BigInteger.prototype.andNot = bnAndNot; -BigInteger.prototype.not = bnNot; -BigInteger.prototype.shiftLeft = bnShiftLeft; -BigInteger.prototype.shiftRight = bnShiftRight; -BigInteger.prototype.getLowestSetBit = bnGetLowestSetBit; -BigInteger.prototype.bitCount = bnBitCount; -BigInteger.prototype.testBit = bnTestBit; -BigInteger.prototype.setBit = bnSetBit; -BigInteger.prototype.clearBit = bnClearBit; -BigInteger.prototype.flipBit = bnFlipBit; -BigInteger.prototype.add = bnAdd; -BigInteger.prototype.subtract = bnSubtract; -BigInteger.prototype.multiply = bnMultiply; -BigInteger.prototype.divide = bnDivide; -BigInteger.prototype.remainder = bnRemainder; -BigInteger.prototype.divideAndRemainder = bnDivideAndRemainder; -BigInteger.prototype.modPow = bnModPow; -BigInteger.prototype.modInverse = bnModInverse; -BigInteger.prototype.pow = bnPow; -BigInteger.prototype.gcd = bnGCD; -BigInteger.prototype.isProbablePrime = bnIsProbablePrime; - -// JSBN-specific extension -BigInteger.prototype.square = bnSquare; - -// BigInteger interfaces not implemented in jsbn: - -// BigInteger(int signum, byte[] magnitude) -// double doubleValue() -// float floatValue() -// int hashCode() -// long longValue() -// static BigInteger valueOf(long val) - -module.exports.BigInteger = BigInteger; -// prng4.js - uses Arcfour as a PRNG - -function Arcfour() { - this.i = 0; - this.j = 0; - this.S = new Array(); -} - -// Initialize arcfour context from key, an array of ints, each from [0..255] -function ARC4init(key) { - var i, j, t; - for(i = 0; i < 256; ++i) - this.S[i] = i; - j = 0; - for(i = 0; i < 256; ++i) { - j = (j + this.S[i] + key[i % key.length]) & 255; - t = this.S[i]; - this.S[i] = this.S[j]; - this.S[j] = t; - } - this.i = 0; - this.j = 0; -} - -function ARC4next() { - var t; - this.i = (this.i + 1) & 255; - this.j = (this.j + this.S[this.i]) & 255; - t = this.S[this.i]; - this.S[this.i] = this.S[this.j]; - this.S[this.j] = t; - return this.S[(t + this.S[this.i]) & 255]; -} - -Arcfour.prototype.init = ARC4init; -Arcfour.prototype.next = ARC4next; - -// Plug in your RNG constructor here -function prng_newstate() { - return new Arcfour(); -} - -// Pool size must be a multiple of 4 and greater than 32. -// An array of bytes the size of the pool will be passed to init() -var rng_psize = 256; -// BigInteger monkey patching -BigInteger.valueOf = nbv; - -/** - * Returns a byte array representation of the big integer. - * - * This returns the absolute of the contained value in big endian - * form. A value of zero results in an empty array. - */ -BigInteger.prototype.toByteArrayUnsigned = function () { - var ba = this.abs().toByteArray(); - if (ba.length) { - if (ba[0] == 0) { - ba = ba.slice(1); - } - return ba.map(function (v) { - return (v < 0) ? v + 256 : v; - }); - } else { - // Empty array, nothing to do - return ba; - } -}; - -/** - * Turns a byte array into a big integer. - * - * This function will interpret a byte array as a big integer in big - * endian notation and ignore leading zeros. - */ -BigInteger.fromByteArrayUnsigned = function (ba) { - if (!ba.length) { - return ba.valueOf(0); - } else if (ba[0] & 0x80) { - // Prepend a zero so the BigInteger class doesn't mistake this - // for a negative integer. - return new BigInteger([0].concat(ba)); - } else { - return new BigInteger(ba); - } -}; - -/** - * Converts big integer to signed byte representation. - * - * The format for this value uses a the most significant bit as a sign - * bit. If the most significant bit is already occupied by the - * absolute value, an extra byte is prepended and the sign bit is set - * there. - * - * Examples: - * - * 0 => 0x00 - * 1 => 0x01 - * -1 => 0x81 - * 127 => 0x7f - * -127 => 0xff - * 128 => 0x0080 - * -128 => 0x8080 - * 255 => 0x00ff - * -255 => 0x80ff - * 16300 => 0x3fac - * -16300 => 0xbfac - * 62300 => 0x00f35c - * -62300 => 0x80f35c - */ -BigInteger.prototype.toByteArraySigned = function () { - var val = this.abs().toByteArrayUnsigned(); - var neg = this.compareTo(BigInteger.ZERO) < 0; - - if (neg) { - if (val[0] & 0x80) { - val.unshift(0x80); - } else { - val[0] |= 0x80; - } - } else { - if (val[0] & 0x80) { - val.unshift(0x00); - } - } - - return val; -}; - -/** - * Parse a signed big integer byte representation. - * - * For details on the format please see BigInteger.toByteArraySigned. - */ -BigInteger.fromByteArraySigned = function (ba) { - // Check for negative value - if (ba[0] & 0x80) { - // Remove sign bit - ba[0] &= 0x7f; - - return BigInteger.fromByteArrayUnsigned(ba).negate(); - } else { - return BigInteger.fromByteArrayUnsigned(ba); - } -}; - -// Console ignore -var names = ["log", "debug", "info", "warn", "error", "assert", "dir", - "dirxml", "group", "groupEnd", "time", "timeEnd", "count", - "trace", "profile", "profileEnd"]; - -if ("undefined" == typeof window.console) window.console = {}; -for (var i = 0; i < names.length; ++i) - if ("undefined" == typeof window.console[names[i]]) - window.console[names[i]] = function() {}; - -// Bitcoin utility functions -Bitcoin.Util = { - /** - * Cross-browser compatibility version of Array.isArray. - */ - isArray: Array.isArray || function(o) - { - return Object.prototype.toString.call(o) === '[object Array]'; - }, - - /** - * Create an array of a certain length filled with a specific value. - */ - makeFilledArray: function (len, val) - { - var array = []; - var i = 0; - while (i < len) { - array[i++] = val; - } - return array; - }, - - /** - * Turn an integer into a "var_int". - * - * "var_int" is a variable length integer used by Bitcoin's binary format. - * - * Returns a byte array. - */ - numToVarInt: function (i) - { - if (i < 0xfd) { - // unsigned char - return [i]; - } else if (i < 0x10000) { - // unsigned short (LE) - return [0xfd, i & 255 , i >>> 8]; - } else if (i < 0x100000000) { - // unsigned int (LE) - return [0xfe].concat(Crypto.util.wordsToBytes([i]).reverse()); - } else { - throw 'quadword not implemented' - // unsigned long long (LE) - //return [0xff].concat(Crypto.util.wordsToBytes([i >>> 32, i])); - } - }, - - /** - * Parse a Bitcoin value byte array, returning a BigInteger. - */ - valueToBigInt: function (valueBuffer) - { - if (valueBuffer instanceof BigInteger) return valueBuffer; - - // Prepend zero byte to prevent interpretation as negative integer - return BigInteger.fromByteArrayUnsigned(valueBuffer); - }, - - /** - * Format a Bitcoin value as a string. - * - * Takes a BigInteger or byte-array and returns that amount of Bitcoins in a - * nice standard formatting. - * - * Examples: - * 12.3555 - * 0.1234 - * 900.99998888 - * 34.00 - */ - formatValue: function (valueBuffer) { - var value = this.valueToBigInt(valueBuffer).toString(); - var integerPart = value.length > 8 ? value.substr(0, value.length-8) : '0'; - var decimalPart = value.length > 8 ? value.substr(value.length-8) : value; - while (decimalPart.length < 8) decimalPart = "0"+decimalPart; - decimalPart = decimalPart.replace(/0*$/, ''); - while (decimalPart.length < 2) decimalPart += "0"; - return integerPart+"."+decimalPart; - }, - - /** - * Parse a floating point string as a Bitcoin value. - * - * Keep in mind that parsing user input is messy. You should always display - * the parsed value back to the user to make sure we understood his input - * correctly. - */ - parseValue: function (valueString) { - // TODO: Detect other number formats (e.g. comma as decimal separator) - var valueComp = valueString.split('.'); - var integralPart = valueComp[0]; - var fractionalPart = valueComp[1] || "0"; - while (fractionalPart.length < 8) fractionalPart += "0"; - fractionalPart = fractionalPart.replace(/^0+/g, ''); - var value = BigInteger.valueOf(parseInt(integralPart)); - value = value.multiply(BigInteger.valueOf(100000000)); - value = value.add(BigInteger.valueOf(parseInt(fractionalPart))); - return value; - }, - - /** - * Calculate RIPEMD160(SHA256(data)). - * - * Takes an arbitrary byte array as inputs and returns the hash as a byte - * array. - */ - sha256ripe160: function (data) { - return Crypto.RIPEMD160(Crypto.SHA256(data, {asBytes: true}), {asBytes: true}); - } -}; - -for (var i in Crypto.util) { - if (Crypto.util.hasOwnProperty(i)) { - Bitcoin.Util[i] = Crypto.util[i]; - } -} -// Random number generator - requires a PRNG backend, e.g. prng4.js - -// For best results, put code like -// -// in your main HTML document. - -var rng_state; -var rng_pool; -var rng_pptr; - -// Mix in a 32-bit integer into the pool -function rng_seed_int(x) { - rng_pool[rng_pptr++] ^= x & 255; - rng_pool[rng_pptr++] ^= (x >> 8) & 255; - rng_pool[rng_pptr++] ^= (x >> 16) & 255; - rng_pool[rng_pptr++] ^= (x >> 24) & 255; - if(rng_pptr >= rng_psize) rng_pptr -= rng_psize; -} - -// Mix in the current time (w/milliseconds) into the pool -function rng_seed_time() { - rng_seed_int(new Date().getTime()); -} - -// Initialize the pool with junk if needed. -if(rng_pool == null) { - rng_pool = new Array(); - rng_pptr = 0; - var t; - if(navigator.appName == "Netscape" && navigator.appVersion < "5" && window.crypto) { - // Extract entropy (256 bits) from NS4 RNG if available - var z = window.crypto.random(32); - for(t = 0; t < z.length; ++t) - rng_pool[rng_pptr++] = z.charCodeAt(t) & 255; - } - while(rng_pptr < rng_psize) { // extract some randomness from Math.random() - t = Math.floor(65536 * Math.random()); - rng_pool[rng_pptr++] = t >>> 8; - rng_pool[rng_pptr++] = t & 255; - } - rng_pptr = 0; - rng_seed_time(); - //rng_seed_int(window.screenX); - //rng_seed_int(window.screenY); -} - -function rng_get_byte() { - if(rng_state == null) { - rng_seed_time(); - rng_state = prng_newstate(); - rng_state.init(rng_pool); - for(rng_pptr = 0; rng_pptr < rng_pool.length; ++rng_pptr) - rng_pool[rng_pptr] = 0; - rng_pptr = 0; - //rng_pool = null; - } - // TODO: allow reseeding after first request - return rng_state.next(); -} - -function rng_get_bytes(ba) { - var i; - for(i = 0; i < ba.length; ++i) ba[i] = rng_get_byte(); -} - -function SecureRandom() {} - -SecureRandom.prototype.nextBytes = function() { - throw new Error('Should not use old RNG'); -}; -// Basic Javascript Elliptic Curve implementation -// Ported loosely from BouncyCastle's Java EC code -// Only Fp curves implemented for now - -// Requires jsbn.js and jsbn2.js - -// ---------------- -// ECFieldElementFp - -// constructor -function ECFieldElementFp(q,x) { - this.x = x; - // TODO if(x.compareTo(q) >= 0) error - this.q = q; -} - -function feFpEquals(other) { - if(other == this) return true; - return (this.q.equals(other.q) && this.x.equals(other.x)); -} - -function feFpToBigInteger() { - return this.x; -} - -function feFpNegate() { - return new ECFieldElementFp(this.q, this.x.negate().mod(this.q)); -} - -function feFpAdd(b) { - return new ECFieldElementFp(this.q, this.x.add(b.toBigInteger()).mod(this.q)); -} - -function feFpSubtract(b) { - return new ECFieldElementFp(this.q, this.x.subtract(b.toBigInteger()).mod(this.q)); -} - -function feFpMultiply(b) { - return new ECFieldElementFp(this.q, this.x.multiply(b.toBigInteger()).mod(this.q)); -} - -function feFpSquare() { - return new ECFieldElementFp(this.q, this.x.square().mod(this.q)); -} - -function feFpDivide(b) { - return new ECFieldElementFp(this.q, this.x.multiply(b.toBigInteger().modInverse(this.q)).mod(this.q)); -} - -ECFieldElementFp.prototype.equals = feFpEquals; -ECFieldElementFp.prototype.toBigInteger = feFpToBigInteger; -ECFieldElementFp.prototype.negate = feFpNegate; -ECFieldElementFp.prototype.add = feFpAdd; -ECFieldElementFp.prototype.subtract = feFpSubtract; -ECFieldElementFp.prototype.multiply = feFpMultiply; -ECFieldElementFp.prototype.square = feFpSquare; -ECFieldElementFp.prototype.divide = feFpDivide; - -// ---------------- -// ECPointFp - -// constructor -function ECPointFp(curve,x,y,z) { - this.curve = curve; - this.x = x; - this.y = y; - // Projective coordinates: either zinv == null or z * zinv == 1 - // z and zinv are just BigIntegers, not fieldElements - if(z == null) { - this.z = BigInteger.ONE; - } - else { - this.z = z; - } - this.zinv = null; - //TODO: compression flag -} - -function pointFpGetX() { - if(this.zinv == null) { - this.zinv = this.z.modInverse(this.curve.q); - } - return this.curve.fromBigInteger(this.x.toBigInteger().multiply(this.zinv).mod(this.curve.q)); -} - -function pointFpGetY() { - if(this.zinv == null) { - this.zinv = this.z.modInverse(this.curve.q); - } - return this.curve.fromBigInteger(this.y.toBigInteger().multiply(this.zinv).mod(this.curve.q)); -} - -function pointFpEquals(other) { - if(other == this) return true; - if(this.isInfinity()) return other.isInfinity(); - if(other.isInfinity()) return this.isInfinity(); - var u, v; - // u = Y2 * Z1 - Y1 * Z2 - u = other.y.toBigInteger().multiply(this.z).subtract(this.y.toBigInteger().multiply(other.z)).mod(this.curve.q); - if(!u.equals(BigInteger.ZERO)) return false; - // v = X2 * Z1 - X1 * Z2 - v = other.x.toBigInteger().multiply(this.z).subtract(this.x.toBigInteger().multiply(other.z)).mod(this.curve.q); - return v.equals(BigInteger.ZERO); -} - -function pointFpIsInfinity() { - if((this.x == null) && (this.y == null)) return true; - return this.z.equals(BigInteger.ZERO) && !this.y.toBigInteger().equals(BigInteger.ZERO); -} - -function pointFpNegate() { - return new ECPointFp(this.curve, this.x, this.y.negate(), this.z); -} - -function pointFpAdd(b) { - if(this.isInfinity()) return b; - if(b.isInfinity()) return this; - - // u = Y2 * Z1 - Y1 * Z2 - var u = b.y.toBigInteger().multiply(this.z).subtract(this.y.toBigInteger().multiply(b.z)).mod(this.curve.q); - // v = X2 * Z1 - X1 * Z2 - var v = b.x.toBigInteger().multiply(this.z).subtract(this.x.toBigInteger().multiply(b.z)).mod(this.curve.q); - - if(BigInteger.ZERO.equals(v)) { - if(BigInteger.ZERO.equals(u)) { - return this.twice(); // this == b, so double - } - return this.curve.getInfinity(); // this = -b, so infinity - } - - var THREE = new BigInteger("3"); - var x1 = this.x.toBigInteger(); - var y1 = this.y.toBigInteger(); - var x2 = b.x.toBigInteger(); - var y2 = b.y.toBigInteger(); - - var v2 = v.square(); - var v3 = v2.multiply(v); - var x1v2 = x1.multiply(v2); - var zu2 = u.square().multiply(this.z); - - // x3 = v * (z2 * (z1 * u^2 - 2 * x1 * v^2) - v^3) - var x3 = zu2.subtract(x1v2.shiftLeft(1)).multiply(b.z).subtract(v3).multiply(v).mod(this.curve.q); - // y3 = z2 * (3 * x1 * u * v^2 - y1 * v^3 - z1 * u^3) + u * v^3 - var y3 = x1v2.multiply(THREE).multiply(u).subtract(y1.multiply(v3)).subtract(zu2.multiply(u)).multiply(b.z).add(u.multiply(v3)).mod(this.curve.q); - // z3 = v^3 * z1 * z2 - var z3 = v3.multiply(this.z).multiply(b.z).mod(this.curve.q); - - return new ECPointFp(this.curve, this.curve.fromBigInteger(x3), this.curve.fromBigInteger(y3), z3); -} - -function pointFpTwice() { - if(this.isInfinity()) return this; - if(this.y.toBigInteger().signum() == 0) return this.curve.getInfinity(); - - // TODO: optimized handling of constants - var THREE = new BigInteger("3"); - var x1 = this.x.toBigInteger(); - var y1 = this.y.toBigInteger(); - - var y1z1 = y1.multiply(this.z); - var y1sqz1 = y1z1.multiply(y1).mod(this.curve.q); - var a = this.curve.a.toBigInteger(); - - // w = 3 * x1^2 + a * z1^2 - var w = x1.square().multiply(THREE); - if(!BigInteger.ZERO.equals(a)) { - w = w.add(this.z.square().multiply(a)); - } - w = w.mod(this.curve.q); - // x3 = 2 * y1 * z1 * (w^2 - 8 * x1 * y1^2 * z1) - var x3 = w.square().subtract(x1.shiftLeft(3).multiply(y1sqz1)).shiftLeft(1).multiply(y1z1).mod(this.curve.q); - // y3 = 4 * y1^2 * z1 * (3 * w * x1 - 2 * y1^2 * z1) - w^3 - var y3 = w.multiply(THREE).multiply(x1).subtract(y1sqz1.shiftLeft(1)).shiftLeft(2).multiply(y1sqz1).subtract(w.square().multiply(w)).mod(this.curve.q); - // z3 = 8 * (y1 * z1)^3 - var z3 = y1z1.square().multiply(y1z1).shiftLeft(3).mod(this.curve.q); - - return new ECPointFp(this.curve, this.curve.fromBigInteger(x3), this.curve.fromBigInteger(y3), z3); -} - -// Simple NAF (Non-Adjacent Form) multiplication algorithm -// TODO: modularize the multiplication algorithm -function pointFpMultiply(k) { - if(this.isInfinity()) return this; - if(k.signum() == 0) return this.curve.getInfinity(); - - var e = k; - var h = e.multiply(new BigInteger("3")); - - var neg = this.negate(); - var R = this; - - var i; - for(i = h.bitLength() - 2; i > 0; --i) { - R = R.twice(); - - var hBit = h.testBit(i); - var eBit = e.testBit(i); - - if (hBit != eBit) { - R = R.add(hBit ? this : neg); - } - } - - return R; -} - -// Compute this*j + x*k (simultaneous multiplication) -function pointFpMultiplyTwo(j,x,k) { - var i; - if(j.bitLength() > k.bitLength()) - i = j.bitLength() - 1; - else - i = k.bitLength() - 1; - - var R = this.curve.getInfinity(); - var both = this.add(x); - while(i >= 0) { - R = R.twice(); - if(j.testBit(i)) { - if(k.testBit(i)) { - R = R.add(both); - } - else { - R = R.add(this); - } - } - else { - if(k.testBit(i)) { - R = R.add(x); - } - } - --i; - } - - return R; -} - -ECPointFp.prototype.getX = pointFpGetX; -ECPointFp.prototype.getY = pointFpGetY; -ECPointFp.prototype.equals = pointFpEquals; -ECPointFp.prototype.isInfinity = pointFpIsInfinity; -ECPointFp.prototype.negate = pointFpNegate; -ECPointFp.prototype.add = pointFpAdd; -ECPointFp.prototype.twice = pointFpTwice; -ECPointFp.prototype.multiply = pointFpMultiply; -ECPointFp.prototype.multiplyTwo = pointFpMultiplyTwo; - -// ---------------- -// ECCurveFp - -// constructor -function ECCurveFp(q,a,b) { - this.q = q; - this.a = this.fromBigInteger(a); - this.b = this.fromBigInteger(b); - this.infinity = new ECPointFp(this, null, null); -} - -function curveFpGetQ() { - return this.q; -} - -function curveFpGetA() { - return this.a; -} - -function curveFpGetB() { - return this.b; -} - -function curveFpEquals(other) { - if(other == this) return true; - return(this.q.equals(other.q) && this.a.equals(other.a) && this.b.equals(other.b)); -} - -function curveFpGetInfinity() { - return this.infinity; -} - -function curveFpFromBigInteger(x) { - return new ECFieldElementFp(this.q, x); -} - -// for now, work with hex strings because they're easier in JS -function curveFpDecodePointHex(s) { - switch(parseInt(s.substr(0,2), 16)) { // first byte - case 0: - return this.infinity; - case 2: - case 3: - // point compression not supported yet - return null; - case 4: - case 6: - case 7: - var len = (s.length - 2) / 2; - var xHex = s.substr(2, len); - var yHex = s.substr(len+2, len); - - return new ECPointFp(this, - this.fromBigInteger(new BigInteger(xHex, 16)), - this.fromBigInteger(new BigInteger(yHex, 16))); - - default: // unsupported - return null; - } -} - -ECCurveFp.prototype.getQ = curveFpGetQ; -ECCurveFp.prototype.getA = curveFpGetA; -ECCurveFp.prototype.getB = curveFpGetB; -ECCurveFp.prototype.equals = curveFpEquals; -ECCurveFp.prototype.getInfinity = curveFpGetInfinity; -ECCurveFp.prototype.fromBigInteger = curveFpFromBigInteger; -ECCurveFp.prototype.decodePointHex = curveFpDecodePointHex; - -module.exports.ECPointFp = ECPointFp; -module.exports.ECFieldElementFp = ECFieldElementFp; -// Named EC curves - -// Requires ec.js, jsbn.js, and jsbn2.js - -// ---------------- -// X9ECParameters - -// constructor -function X9ECParameters(curve,g,n,h) { - this.curve = curve; - this.g = g; - this.n = n; - this.h = h; -} - -function x9getCurve() { - return this.curve; -} - -function x9getG() { - return this.g; -} - -function x9getN() { - return this.n; -} - -function x9getH() { - return this.h; -} - -X9ECParameters.prototype.getCurve = x9getCurve; -X9ECParameters.prototype.getG = x9getG; -X9ECParameters.prototype.getN = x9getN; -X9ECParameters.prototype.getH = x9getH; - -// ---------------- -// SECNamedCurves - -function fromHex(s) { return new BigInteger(s, 16); } - -function secp128r1() { - // p = 2^128 - 2^97 - 1 - var p = fromHex("FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF"); - var a = fromHex("FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC"); - var b = fromHex("E87579C11079F43DD824993C2CEE5ED3"); - //byte[] S = Hex.decode("000E0D4D696E6768756151750CC03A4473D03679"); - var n = fromHex("FFFFFFFE0000000075A30D1B9038A115"); - var h = BigInteger.ONE; - var curve = new ECCurveFp(p, a, b); - var G = curve.decodePointHex("04" - + "161FF7528B899B2D0C28607CA52C5B86" - + "CF5AC8395BAFEB13C02DA292DDED7A83"); - return new X9ECParameters(curve, G, n, h); -} - -function secp160k1() { - // p = 2^160 - 2^32 - 2^14 - 2^12 - 2^9 - 2^8 - 2^7 - 2^3 - 2^2 - 1 - var p = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73"); - var a = BigInteger.ZERO; - var b = fromHex("7"); - //byte[] S = null; - var n = fromHex("0100000000000000000001B8FA16DFAB9ACA16B6B3"); - var h = BigInteger.ONE; - var curve = new ECCurveFp(p, a, b); - var G = curve.decodePointHex("04" - + "3B4C382CE37AA192A4019E763036F4F5DD4D7EBB" - + "938CF935318FDCED6BC28286531733C3F03C4FEE"); - return new X9ECParameters(curve, G, n, h); -} - -function secp160r1() { - // p = 2^160 - 2^31 - 1 - var p = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF"); - var a = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC"); - var b = fromHex("1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45"); - //byte[] S = Hex.decode("1053CDE42C14D696E67687561517533BF3F83345"); - var n = fromHex("0100000000000000000001F4C8F927AED3CA752257"); - var h = BigInteger.ONE; - var curve = new ECCurveFp(p, a, b); - var G = curve.decodePointHex("04" - + "4A96B5688EF573284664698968C38BB913CBFC82" - + "23A628553168947D59DCC912042351377AC5FB32"); - return new X9ECParameters(curve, G, n, h); -} - -function secp192k1() { - // p = 2^192 - 2^32 - 2^12 - 2^8 - 2^7 - 2^6 - 2^3 - 1 - var p = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37"); - var a = BigInteger.ZERO; - var b = fromHex("3"); - //byte[] S = null; - var n = fromHex("FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D"); - var h = BigInteger.ONE; - var curve = new ECCurveFp(p, a, b); - var G = curve.decodePointHex("04" - + "DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D" - + "9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D"); - return new X9ECParameters(curve, G, n, h); -} - -function secp192r1() { - // p = 2^192 - 2^64 - 1 - var p = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF"); - var a = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC"); - var b = fromHex("64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1"); - //byte[] S = Hex.decode("3045AE6FC8422F64ED579528D38120EAE12196D5"); - var n = fromHex("FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831"); - var h = BigInteger.ONE; - var curve = new ECCurveFp(p, a, b); - var G = curve.decodePointHex("04" - + "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012" - + "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811"); - return new X9ECParameters(curve, G, n, h); -} - -function secp224r1() { - // p = 2^224 - 2^96 + 1 - var p = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001"); - var a = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE"); - var b = fromHex("B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4"); - //byte[] S = Hex.decode("BD71344799D5C7FCDC45B59FA3B9AB8F6A948BC5"); - var n = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D"); - var h = BigInteger.ONE; - var curve = new ECCurveFp(p, a, b); - var G = curve.decodePointHex("04" - + "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21" - + "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34"); - return new X9ECParameters(curve, G, n, h); -} - -function secp256k1() { - // p = 2^256 - 2^32 - 2^9 - 2^8 - 2^7 - 2^6 - 2^4 - 1 - var p = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F"); - var a = BigInteger.ZERO; - var b = fromHex("7"); - //byte[] S = null; - var n = fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141"); - var h = BigInteger.ONE; - var curve = new ECCurveFp(p, a, b); - var G = curve.decodePointHex("04" - + "79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798" - + "483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8"); - return new X9ECParameters(curve, G, n, h); -} - -function secp256r1() { - // p = 2^224 (2^32 - 1) + 2^192 + 2^96 - 1 - var p = fromHex("FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF"); - var a = fromHex("FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC"); - var b = fromHex("5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B"); - //byte[] S = Hex.decode("C49D360886E704936A6678E1139D26B7819F7E90"); - var n = fromHex("FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551"); - var h = BigInteger.ONE; - var curve = new ECCurveFp(p, a, b); - var G = curve.decodePointHex("04" - + "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296" - + "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5"); - return new X9ECParameters(curve, G, n, h); -} - -// TODO: make this into a proper hashtable -function getSECCurveByName(name) { - if(name == "secp128r1") return secp128r1(); - if(name == "secp160k1") return secp160k1(); - if(name == "secp160r1") return secp160r1(); - if(name == "secp192k1") return secp192k1(); - if(name == "secp192r1") return secp192r1(); - if(name == "secp224r1") return secp224r1(); - if(name == "secp256k1") return secp256k1(); - if(name == "secp256r1") return secp256r1(); - return null; -} - -module.exports.getSECCurveByName = getSECCurveByName; -function integerToBytes(i, len) { - var bytes = i.toByteArrayUnsigned(); - - if (len < bytes.length) { - bytes = bytes.slice(bytes.length-len); - } else while (len > bytes.length) { - bytes.unshift(0); - } - - return bytes; -}; - -ECFieldElementFp.prototype.getByteLength = function () { - return Math.floor((this.toBigInteger().bitLength() + 7) / 8); -}; - -ECPointFp.prototype.getEncoded = function (compressed) { - var x = this.getX().toBigInteger(); - var y = this.getY().toBigInteger(); - - // Get value as a 32-byte Buffer - // Fixed length based on a patch by bitaddress.org and Casascius - var enc = integerToBytes(x, 32); - - if (compressed) { - if (y.isEven()) { - // Compressed even pubkey - // M = 02 || X - enc.unshift(0x02); - } else { - // Compressed uneven pubkey - // M = 03 || X - enc.unshift(0x03); - } - } else { - // Uncompressed pubkey - // M = 04 || X || Y - enc.unshift(0x04); - enc = enc.concat(integerToBytes(y, 32)); - } - return enc; -}; - -ECPointFp.decodeFrom = function (ecparams, enc) { - var type = enc[0]; - var dataLen = enc.length-1; - - // Extract x and y as byte arrays - if (type === 4) { - var xBa = enc.slice(1, 1 + dataLen/2), - yBa = enc.slice(1 + dataLen/2, 1 + dataLen), - x = BigInteger.fromByteArrayUnsigned(xBa), - y = BigInteger.fromByteArrayUnsigned(yBa); - } - else { - var xBa = enc.slice(1), - x = BigInteger.fromByteArrayUnsigned(xBa), - p = ecparams.getQ(), - xCubedPlus7 = x.multiply(x).multiply(x).add(new BigInteger('7')).mod(p), - pPlus1Over4 = p.add(new BigInteger('1')) - .divide(new BigInteger('4')), - y = xCubedPlus7.modPow(pPlus1Over4,p); - if (y.mod(new BigInteger('2')).toString() != ''+(type % 2)) { - y = p.subtract(y) - } - } - - // Return point - return new ECPointFp(ecparams, - ecparams.fromBigInteger(x), - ecparams.fromBigInteger(y)); -}; - -ECPointFp.prototype.add2D = function (b) { - if(this.isInfinity()) return b; - if(b.isInfinity()) return this; - - if (this.x.equals(b.x)) { - if (this.y.equals(b.y)) { - // this = b, i.e. this must be doubled - return this.twice(); - } - // this = -b, i.e. the result is the point at infinity - return this.curve.getInfinity(); - } - - var x_x = b.x.subtract(this.x); - var y_y = b.y.subtract(this.y); - var gamma = y_y.divide(x_x); - - var x3 = gamma.square().subtract(this.x).subtract(b.x); - var y3 = gamma.multiply(this.x.subtract(x3)).subtract(this.y); - - return new ECPointFp(this.curve, x3, y3); -}; - -ECPointFp.prototype.twice2D = function () { - if (this.isInfinity()) return this; - if (this.y.toBigInteger().signum() == 0) { - // if y1 == 0, then (x1, y1) == (x1, -y1) - // and hence this = -this and thus 2(x1, y1) == infinity - return this.curve.getInfinity(); - } - - var TWO = this.curve.fromBigInteger(BigInteger.valueOf(2)); - var THREE = this.curve.fromBigInteger(BigInteger.valueOf(3)); - var gamma = this.x.square().multiply(THREE).add(this.curve.a).divide(this.y.multiply(TWO)); - - var x3 = gamma.square().subtract(this.x.multiply(TWO)); - var y3 = gamma.multiply(this.x.subtract(x3)).subtract(this.y); - - return new ECPointFp(this.curve, x3, y3); -}; - -ECPointFp.prototype.multiply2D = function (k) { - if(this.isInfinity()) return this; - if(k.signum() == 0) return this.curve.getInfinity(); - - var e = k; - var h = e.multiply(new BigInteger("3")); - - var neg = this.negate(); - var R = this; - - var i; - for (i = h.bitLength() - 2; i > 0; --i) { - R = R.twice(); - - var hBit = h.testBit(i); - var eBit = e.testBit(i); - - if (hBit != eBit) { - R = R.add2D(hBit ? this : neg); - } - } - - return R; -}; - -ECPointFp.prototype.isOnCurve = function () { - var x = this.getX().toBigInteger(); - var y = this.getY().toBigInteger(); - var a = this.curve.getA().toBigInteger(); - var b = this.curve.getB().toBigInteger(); - var n = this.curve.getQ(); - var lhs = y.multiply(y).mod(n); - var rhs = x.multiply(x).multiply(x) - .add(a.multiply(x)).add(b).mod(n); - return lhs.equals(rhs); -}; - -ECPointFp.prototype.toString = function () { - return '('+this.getX().toBigInteger().toString()+','+ - this.getY().toBigInteger().toString()+')'; -}; - -/** - * Validate an elliptic curve point. - * - * See SEC 1, section 3.2.2.1: Elliptic Curve Public Key Validation Primitive - */ -ECPointFp.prototype.validate = function () { - var n = this.curve.getQ(); - - // Check Q != O - if (this.isInfinity()) { - throw new Error("Point is at infinity."); - } - - // Check coordinate bounds - var x = this.getX().toBigInteger(); - var y = this.getY().toBigInteger(); - if (x.compareTo(BigInteger.ONE) < 0 || - x.compareTo(n.subtract(BigInteger.ONE)) > 0) { - throw new Error('x coordinate out of bounds'); - } - if (y.compareTo(BigInteger.ONE) < 0 || - y.compareTo(n.subtract(BigInteger.ONE)) > 0) { - throw new Error('y coordinate out of bounds'); - } - - // Check y^2 = x^3 + ax + b (mod n) - if (!this.isOnCurve()) { - throw new Error("Point is not on the curve."); - } - - // Check nQ = 0 (Q is a scalar multiple of G) - if (this.multiply(n).isInfinity()) { - // TODO: This check doesn't work - fix. - throw new Error("Point is not a scalar multiple of G."); - } - - return true; -}; - -function dmp(v) { - if (!(v instanceof BigInteger)) v = v.toBigInteger(); - return Crypto.util.bytesToHex(v.toByteArrayUnsigned()); -}; - -Bitcoin.ECDSA = (function () { - var ecparams = getSECCurveByName("secp256k1"); - var rng = new SecureRandom(); - - var P_OVER_FOUR = null; - - function implShamirsTrick(P, k, Q, l) - { - var m = Math.max(k.bitLength(), l.bitLength()); - var Z = P.add2D(Q); - var R = P.curve.getInfinity(); - - for (var i = m - 1; i >= 0; --i) { - R = R.twice2D(); - - R.z = BigInteger.ONE; - - if (k.testBit(i)) { - if (l.testBit(i)) { - R = R.add2D(Z); - } else { - R = R.add2D(P); - } - } else { - if (l.testBit(i)) { - R = R.add2D(Q); - } - } - } - - return R; - }; - - var ECDSA = { - getBigRandom: function (limit) { - return new BigInteger(limit.bitLength(), rng) - .mod(limit.subtract(BigInteger.ONE)) - .add(BigInteger.ONE) - ; - }, - sign: function (hash, priv) { - var d = priv; - var n = ecparams.getN(); - var e = BigInteger.fromByteArrayUnsigned(hash); - - do { - var k = ECDSA.getBigRandom(n); - var G = ecparams.getG(); - var Q = G.multiply(k); - var r = Q.getX().toBigInteger().mod(n); - } while (r.compareTo(BigInteger.ZERO) <= 0); - - var s = k.modInverse(n).multiply(e.add(d.multiply(r))).mod(n); - - return ECDSA.serializeSig(r, s); - }, - - verify: function (hash, sig, pubkey) { - var r,s; - if (Bitcoin.Util.isArray(sig)) { - var obj = ECDSA.parseSig(sig); - r = obj.r; - s = obj.s; - } else if ("object" === typeof sig && sig.r && sig.s) { - r = sig.r; - s = sig.s; - } else { - throw "Invalid value for signature"; - } - - var Q; - if (pubkey instanceof ECPointFp) { - Q = pubkey; - } else if (Bitcoin.Util.isArray(pubkey)) { - Q = ECPointFp.decodeFrom(ecparams.getCurve(), pubkey); - } else { - throw "Invalid format for pubkey value, must be byte array or ECPointFp"; - } - var e = BigInteger.fromByteArrayUnsigned(hash); - - return ECDSA.verifyRaw(e, r, s, Q); - }, - - verifyRaw: function (e, r, s, Q) { - var n = ecparams.getN(); - var G = ecparams.getG(); - - if (r.compareTo(BigInteger.ONE) < 0 || - r.compareTo(n) >= 0) - return false; - - if (s.compareTo(BigInteger.ONE) < 0 || - s.compareTo(n) >= 0) - return false; - - var c = s.modInverse(n); - - var u1 = e.multiply(c).mod(n); - var u2 = r.multiply(c).mod(n); - - // TODO(!!!): For some reason Shamir's trick isn't working with - // signed message verification!? Probably an implementation - // error! - //var point = implShamirsTrick(G, u1, Q, u2); - var point = G.multiply(u1).add(Q.multiply(u2)); - - var v = point.getX().toBigInteger().mod(n); - - return v.equals(r); - }, - - /** - * Serialize a signature into DER format. - * - * Takes two BigIntegers representing r and s and returns a byte array. - */ - serializeSig: function (r, s) { - var rBa = r.toByteArraySigned(); - var sBa = s.toByteArraySigned(); - - var sequence = []; - sequence.push(0x02); // INTEGER - sequence.push(rBa.length); - sequence = sequence.concat(rBa); - - sequence.push(0x02); // INTEGER - sequence.push(sBa.length); - sequence = sequence.concat(sBa); - - sequence.unshift(sequence.length); - sequence.unshift(0x30); // SEQUENCE - - return sequence; - }, - - /** - * Parses a byte array containing a DER-encoded signature. - * - * This function will return an object of the form: - * - * { - * r: BigInteger, - * s: BigInteger - * } - */ - parseSig: function (sig) { - var cursor; - if (sig[0] != 0x30) - throw new Error("Signature not a valid DERSequence"); - - cursor = 2; - if (sig[cursor] != 0x02) - throw new Error("First element in signature must be a DERInteger");; - var rBa = sig.slice(cursor+2, cursor+2+sig[cursor+1]); - - cursor += 2+sig[cursor+1]; - if (sig[cursor] != 0x02) - throw new Error("Second element in signature must be a DERInteger"); - var sBa = sig.slice(cursor+2, cursor+2+sig[cursor+1]); - - cursor += 2+sig[cursor+1]; - - //if (cursor != sig.length) - // throw new Error("Extra bytes in signature"); - - var r = BigInteger.fromByteArrayUnsigned(rBa); - var s = BigInteger.fromByteArrayUnsigned(sBa); - - return {r: r, s: s}; - }, - - parseSigCompact: function (sig) { - if (sig.length !== 65) { - throw "Signature has the wrong length"; - } - - // Signature is prefixed with a type byte storing three bits of - // information. - var i = sig[0] - 27; - if (i < 0 || i > 7) { - throw "Invalid signature type"; - } - - var n = ecparams.getN(); - var r = BigInteger.fromByteArrayUnsigned(sig.slice(1, 33)).mod(n); - var s = BigInteger.fromByteArrayUnsigned(sig.slice(33, 65)).mod(n); - - return {r: r, s: s, i: i}; - }, - - /** - * Recover a public key from a signature. - * - * See SEC 1: Elliptic Curve Cryptography, section 4.1.6, "Public - * Key Recovery Operation". - * - * http://www.secg.org/download/aid-780/sec1-v2.pdf - */ - recoverPubKey: function (r, s, hash, i) { - // The recovery parameter i has two bits. - i = i & 3; - - // The less significant bit specifies whether the y coordinate - // of the compressed point is even or not. - var isYEven = i & 1; - - // The more significant bit specifies whether we should use the - // first or second candidate key. - var isSecondKey = i >> 1; - - var n = ecparams.getN(); - var G = ecparams.getG(); - var curve = ecparams.getCurve(); - var p = curve.getQ(); - var a = curve.getA().toBigInteger(); - var b = curve.getB().toBigInteger(); - - // We precalculate (p + 1) / 4 where p is if the field order - if (!P_OVER_FOUR) { - P_OVER_FOUR = p.add(BigInteger.ONE).divide(BigInteger.valueOf(4)); - } - - // 1.1 Compute x - var x = isSecondKey ? r.add(n) : r; - - // 1.3 Convert x to point - var alpha = x.multiply(x).multiply(x).add(a.multiply(x)).add(b).mod(p); - var beta = alpha.modPow(P_OVER_FOUR, p); - - var xorOdd = beta.isEven() ? (i % 2) : ((i+1) % 2); - // If beta is even, but y isn't or vice versa, then convert it, - // otherwise we're done and y == beta. - var y = (beta.isEven() ? !isYEven : isYEven) ? beta : p.subtract(beta); - - // 1.4 Check that nR is at infinity - var R = new ECPointFp(curve, - curve.fromBigInteger(x), - curve.fromBigInteger(y)); - R.validate(); - - // 1.5 Compute e from M - var e = BigInteger.fromByteArrayUnsigned(hash); - var eNeg = BigInteger.ZERO.subtract(e).mod(n); - - // 1.6 Compute Q = r^-1 (sR - eG) - var rInv = r.modInverse(n); - var Q = implShamirsTrick(R, s, G, eNeg).multiply(rInv); - - Q.validate(); - if (!ECDSA.verifyRaw(e, r, s, Q)) { - throw "Pubkey recovery unsuccessful"; - } - - var pubKey = new Bitcoin.ECKey(); - pubKey.pub = Q; - return pubKey; - }, - - /** - * Calculate pubkey extraction parameter. - * - * When extracting a pubkey from a signature, we have to - * distinguish four different cases. Rather than putting this - * burden on the verifier, Bitcoin includes a 2-bit value with the - * signature. - * - * This function simply tries all four cases and returns the value - * that resulted in a successful pubkey recovery. - */ - calcPubkeyRecoveryParam: function (address, r, s, hash) - { - for (var i = 0; i < 4; i++) { - try { - var pubkey = Bitcoin.ECDSA.recoverPubKey(r, s, hash, i); - if (pubkey.getBitcoinAddress().toString() == address) { - return i; - } - } catch (e) {} - } - throw "Unable to find valid recovery factor"; - } - }; - - return ECDSA; -})(); -Bitcoin.ECKey = (function () { - var ECDSA = Bitcoin.ECDSA; - var ecparams = getSECCurveByName("secp256k1"); - var rng = new SecureRandom(); - - var ECKey = function (input) { - if (!input) { - // Generate new key - var n = ecparams.getN(); - //this.priv = ECDSA.getBigRandom(n); - } else if (input instanceof BigInteger) { - // Input is a private key value - this.priv = input; - } else if (Bitcoin.Util.isArray(input)) { - // Prepend zero byte to prevent interpretation as negative integer - this.priv = BigInteger.fromByteArrayUnsigned(input); - } else if ("string" == typeof input) { - if (input.length == 51 && input[0] == '5') { - // Base58 encoded private key - this.priv = BigInteger.fromByteArrayUnsigned(ECKey.decodeString(input)); - } else { - // Prepend zero byte to prevent interpretation as negative integer - this.priv = BigInteger.fromByteArrayUnsigned(Crypto.util.hexToBytes(input)); - } - } - this.compressed = !!ECKey.compressByDefault; - }; - - /** - * Whether public keys should be returned compressed by default. - */ - ECKey.compressByDefault = false; - - /** - * Set whether the public key should be returned compressed or not. - */ - ECKey.prototype.setCompressed = function (v) { - this.compressed = !!v; - }; - - /** - * Return public key in DER encoding. - */ - ECKey.prototype.getPub = function () { - return this.getPubPoint().getEncoded(this.compressed); - }; - - /** - * Return public point as ECPoint object. - */ - ECKey.prototype.getPubPoint = function () { - if (!this.pub) this.pub = ecparams.getG().multiply(this.priv); - - return this.pub; - }; - - /** - * Get the pubKeyHash for this key. - * - * This is calculated as RIPE160(SHA256([encoded pubkey])) and returned as - * a byte array. - */ - ECKey.prototype.getPubKeyHash = function () { - if (this.pubKeyHash) return this.pubKeyHash; - - return this.pubKeyHash = Bitcoin.Util.sha256ripe160(this.getPub()); - }; - - ECKey.prototype.getBitcoinAddress = function () { - var hash = this.getPubKeyHash(); - var addr = new Bitcoin.Address(hash); - return addr; - }; - - ECKey.prototype.getExportedPrivateKey = function () { - var hash = this.priv.toByteArrayUnsigned(); - while (hash.length < 32) hash.unshift(0); - hash.unshift(0x80); - var checksum = Crypto.SHA256(Crypto.SHA256(hash, {asBytes: true}), {asBytes: true}); - var bytes = hash.concat(checksum.slice(0,4)); - return Bitcoin.Base58.encode(bytes); - }; - - ECKey.prototype.setPub = function (pub) { - this.pub = ECPointFp.decodeFrom(ecparams.getCurve(), pub); - }; - - ECKey.prototype.toString = function (format) { - if (format === "base64") { - return Crypto.util.bytesToBase64(this.priv.toByteArrayUnsigned()); - } else { - return Crypto.util.bytesToHex(this.priv.toByteArrayUnsigned()); - } - }; - - ECKey.prototype.sign = function (hash) { - return ECDSA.sign(hash, this.priv); - }; - - ECKey.prototype.verify = function (hash, sig) { - return ECDSA.verify(hash, sig, this.getPub()); - }; - - /** - * Parse an exported private key contained in a string. - */ - ECKey.decodeString = function (string) { - var bytes = Bitcoin.Base58.decode(string); - - var hash = bytes.slice(0, 33); - - var checksum = Crypto.SHA256(Crypto.SHA256(hash, {asBytes: true}), {asBytes: true}); - - if (checksum[0] != bytes[33] || - checksum[1] != bytes[34] || - checksum[2] != bytes[35] || - checksum[3] != bytes[36]) { - throw "Checksum validation failed!"; - } - - var version = hash.shift(); - - if (version != 0x80) { - throw "Version "+version+" not supported!"; - } - - return hash; - }; - - return ECKey; -})(); - - -module.exports.ECKey = Bitcoin.ECKey; - -},{}],"./config":[function(require,module,exports){ -module.exports=require('4itQ50'); -},{}],"4itQ50":[function(require,module,exports){ -module.exports = { - network: 'livenet', - logger: 'normal' // none, normal, debug -}; - -},{}],"./const":[function(require,module,exports){ -module.exports=require('f08cvL'); -},{}],"f08cvL":[function(require,module,exports){ - -MSG = { - TX: 1, - BLOCK: 2, - FILTERED_BLOCK: 3, -}; - -MSG.to_str = function(t) { - switch(t) { - case MSG.TX: return 'transaction'; - case MSG.BLOCK: return 'block'; - case MSG.FILTERED_BLOCK: return 'filtered block'; - default: return 'unknown'; - } -} - -exports.MSG = MSG; - - -},{}],"G+CcXD":[function(require,module,exports){ -(function (Buffer){ -// Address -// ======= -// -// Handles a bitcoin address -// -// -// Synopsis -// -------- -// ``` -// var address = new Address('1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa'); -// if (address.isValid()) { -// //... -// } -// -// // Also an address can be created from -// // public keys -// var address = Address.fromPubKey(myPubkey); -// -// // Or from a ScriptPubKey (from a transaction output) -// var address = Address.fromScriptPubKey(scriptPubKey); -// -// // Multisig address p2sh handling -// var myPukeys = [pubkey0, pubkey1, pubkey2]; -// var p2shAddress = Address.fromPubKeys(2, myPubkeys); -// if (p2shAddress.isScript()) { //true -// } -// -// -// ``` - - -'use strict'; -var imports = require('soop').imports(); -var coinUtil = imports.coinUtil || require('../util'); -var parent = imports.parent || require('../util/VersionedData'); -var networks = imports.networks || require('../networks'); -var Script = imports.Script || require('./Script'); - -function Address() { - Address.super(this, arguments); -} - -Address.parent = parent; -parent.applyEncodingsTo(Address); - -// create a pubKeyHash address -Address.fromPubKey = function(pubKey, network) { - if (!network) - network = 'livenet'; - - if (pubKey.length !== 33 && pubKey.length !== 65) - throw new Error('Invalid public key'); - - var version = networks[network].addressVersion; - var hash = coinUtil.sha256ripe160(pubKey); - - return new Address(version, hash); -}; - -// create an address from a Key object -Address.fromKey = function(key, network) { - return Address.fromPubKey(key.public, network); -}; - -// create a p2sh m-of-n multisig address -Address.fromPubKeys = function(mReq, pubKeys, network, opts) { - if (!network) - network = 'livenet'; - - for (var i in pubKeys) { - var pubKey = pubKeys[i]; - if (pubKey.length != 33 && pubKey.length != 65) - throw new Error('Invalid public key'); - } - - var script = Script.createMultisig(mReq, pubKeys, opts); - return Address.fromScript(script, network); -}; - -//create a p2sh address from redeemScript -Address.fromScript = function(script, network) { - if (!network) - network = 'livenet'; - - if (typeof script === 'string') { - script = new Script(new Buffer(script,'hex')); - } - - var version = networks[network].P2SHVersion; - var buf = script.getBuffer(); - var hash = coinUtil.sha256ripe160(buf); - - return new Address(version, hash); -}; - -//extract and address from scriptPubKey -Address.fromScriptPubKey = function(scriptPubKey, network) { - - if (typeof scriptPubKey === 'string') { - scriptPubKey = new Script(new Buffer(scriptPubKey,'hex')); - } - - if (!network) - network = 'livenet'; - - var ret=[], version; - var payload = scriptPubKey.capture(); - - if (payload) { - var txType = scriptPubKey.classify(); - switch (txType) { - case Script.TX_PUBKEY: - payload[0] = coinUtil.sha256ripe160(payload[0]); - version = networks[network].addressVersion; - break; - case Script.TX_PUBKEYHASH: - version = networks[network].addressVersion; - break; - case Script.TX_MULTISIG: - version = networks[network].addressVersion; - for(var i in payload) - payload[i] = coinUtil.sha256ripe160(payload[i]); - break; - case Script.TX_SCRIPTHASH: - version = networks[network].P2SHVersion; - break; - } - for(var i in payload) - ret.push(new Address(version,payload[i])); - } - return ret; -}; - -// validates the address -Address.prototype.validate = function() { - this.doAsBinary(function() { - Address.super(this, 'validate', arguments); - if(this.data.length !== 21) throw new Error('invalid data length'); - }); - if (typeof this.network() === 'undefined') throw new Error('invalid network'); -}; - -Address.prototype.isValid = function() { - var answer = Address.super(this, 'isValid', arguments); - return answer; -}; - -// returns the network information (livenet or testnet, as described on networks.js) of the address -Address.prototype.network = function() { - var version = this.version(); - - var livenet = networks.livenet; - var testnet = networks.testnet; - - var answer; - if (version === livenet.addressVersion || version === livenet.P2SHVersion) - answer = livenet; - else if (version === testnet.addressVersion || version === testnet.P2SHVersion) - answer = testnet; - - return answer; -}; - -// returns true is the address is a pay-to-script (P2SH) address type. -Address.prototype.isScript = function() { - return this.isValid() && this.version() === this.network().P2SHVersion; -}; - - -module.exports = require('soop')(Address); - -}).call(this,require("buffer").Buffer) -},{"../networks":"ULNIu2","../util":143,"../util/VersionedData":"QLzNQg","./Script":"hQ0t76","buffer":85,"soop":129}],"./lib/Address":[function(require,module,exports){ -module.exports=require('G+CcXD'); -},{}],"YL/05i":[function(require,module,exports){ -(function (Buffer){ -var Point = require('./Point'), - Key = require('./Key'), - sha256 = require('../util').sha256, - twoSha256 = require('../util').twoSha256; - -/** - * For now, this class can only supports derivation from public key - * It doesn't support private key derivation (TODO). - * - * @example examples/Armory.js - */ -function Armory (chaincode, pubkey) { - this.chaincode = new Buffer(chaincode, 'hex'); - this.pubkey = new Buffer(pubkey, 'hex'); -} - -Armory.prototype.generatePubKey = function () { - var pubKey = this.pubkey; - var chainCode = this.chaincode; - var chainXor = twoSha256(pubKey); - - for (var i = 0; i < 32; i++) - chainXor[i] ^= chainCode[i]; - - var pt = Point.fromUncompressedPubKey(pubKey); - pt = Point.multiply(pt, chainXor); - - var new_pubkey = pt.toUncompressedPubKey(); - - return new_pubkey; -}; - -Armory.prototype.next = function () { - var next_pubkey = this.generatePubKey(); - return new Armory(this.chaincode, next_pubkey); -}; - -/** - * PS: MPK here represents the pubkey concatenated - * with the chain code. It is an unofficial standard. - * - * Armory will soon release an officially supported - * format: - * - * https://github.com/etotheipi/BitcoinArmory/issues/204#issuecomment-42217801 - */ -Armory.fromMasterPublicKey = function (mpk) { - var pubkey = mpk.substr(0, 130); - var chaincode = mpk.substr(130, mpk.length); - return new Armory(chaincode, pubkey); -}; - -function decode (str) { - var from = '0123456789abcdef'; - var to = 'asdfghjkwertuion'; - var res = ''; - for (var i = 0; i < str.length; i++) - res += from.charAt(to.indexOf(str.charAt(i))); - return res; -} - -Armory.decodeSeed = function (seed) { - var keys = seed.trim().split('\n'); - var lines = []; - - for (var i = 0; i < keys.length; i++) { - var k = keys[i].replace(' ',''); - var raw = new Buffer(decode(k), 'hex'); - var data = raw.slice(0, 16); - lines.push(data); - } - - var privKey = Buffer.concat([ lines[0], lines[1] ]); - var chainCode = (lines.length==4) ? - Buffer.concat([ lines[2], lines[3] ]) : Armory.deriveChaincode(privKey); - - return { - privKey: privKey, - chainCode: chainCode - }; -}; - -// Derive chain code from root key -Armory.fromSeed = function (seed) { - var res = Armory.decodeSeed(seed); - // generate first public key - var key = new Key(); - key.private = res.privKey; - key.compressed = false; - key.regenerateSync(); - - return new Armory(res.chainCode, key.public); -}; - -Armory.deriveChaincode = function (root) { - var msg = 'Derive Chaincode from Root Key'; - var hash = twoSha256(root); - - var okey = []; - var ikey = []; - for (var i = 0; i < hash.length; i++) { - okey.push(0x5c ^ hash[i]); - ikey.push(0x36 ^ hash[i]); - } - - okey = new Buffer(okey); - ikey = new Buffer(ikey); - - var m = new Buffer(msg, 'utf8'); - var a = sha256(Buffer.concat([ ikey, m ])); - var b = sha256(Buffer.concat([ okey, a ])); - return b; -}; - -module.exports = Armory; - -}).call(this,require("buffer").Buffer) -},{"../util":143,"./Key":"ALJ4PS","./Point":"6tXgqr","buffer":85}],"./lib/Armory":[function(require,module,exports){ -module.exports=require('YL/05i'); -},{}],"6VqyzY":[function(require,module,exports){ -(function (Buffer){ -var crypto = require('crypto'); -var bignum = require('bignum'); - -var globalBuffer = new Buffer(1024); -var zerobuf = new Buffer(0); -var ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz'; -var ALPHABET_ZERO = ALPHABET[0]; -var ALPHABET_BUF = new Buffer(ALPHABET, 'ascii'); -var ALPHABET_INV = {}; -for(var i=0; i < ALPHABET.length; i++) { - ALPHABET_INV[ALPHABET[i]] = i; -}; - -// Vanilla Base58 Encoding -var base58 = { - encode: function(buf) { - var str; - var x = bignum.fromBuffer(buf); - var r; - - if(buf.length < 512) { - str = globalBuffer; - } else { - str = new Buffer(buf.length << 1); - } - var i = str.length - 1; - while(x.gt(0)) { - r = x.mod(58); - x = x.div(58); - str[i] = ALPHABET_BUF[r.toNumber()]; - i--; - } - - // deal with leading zeros - var j=0; - while(buf[j] == 0) { - str[i] = ALPHABET_BUF[0]; - j++; i--; - } - - return str.slice(i+1,str.length).toString('ascii'); - }, - - decode: function(str) { - if(str.length == 0) return zerobuf; - var answer = bignum(0); - for(var i=0; i 0) { - var zb = new Buffer(i); - zb.fill(0); - if(i == str.length) return zb; - answer = answer.toBuffer(); - return Buffer.concat([zb, answer], i+answer.length); - } else { - return answer.toBuffer(); - } - }, -}; - -// Base58Check Encoding -function sha256(data) { - return new Buffer(crypto.createHash('sha256').update(data).digest('binary'), 'binary'); -}; - -function doubleSHA256(data) { - return sha256(sha256(data)); -}; - -var base58Check = { - encode: function(buf) { - var checkedBuf = new Buffer(buf.length + 4); - var hash = doubleSHA256(buf); - buf.copy(checkedBuf); - hash.copy(checkedBuf, buf.length); - return base58.encode(checkedBuf); - }, - - decode: function(s) { - var buf = base58.decode(s); - if (buf.length < 4) { - throw new Error("invalid input: too short"); - } - - var data = buf.slice(0, -4); - var csum = buf.slice(-4); - - var hash = doubleSHA256(data); - var hash4 = hash.slice(0, 4); - - if (csum.toString() != hash4.toString()) { - throw new Error("checksum mismatch"); - } - - return data; - }, -}; - -// if you frequently do base58 encodings with data larger -// than 512 bytes, you can use this method to expand the -// size of the reusable buffer -exports.setBuffer = function(buf) { - globalBuffer = buf; -}; - -exports.base58 = base58; -exports.base58Check = base58Check; -exports.encode = base58.encode; -exports.decode = base58.decode; - -}).call(this,require("buffer").Buffer) -},{"bignum":58,"buffer":85,"crypto":89}],"./lib/Base58":[function(require,module,exports){ -module.exports=require('6VqyzY'); -},{}],"./lib/Block":[function(require,module,exports){ -module.exports=require('pJEQEB'); -},{}],"pJEQEB":[function(require,module,exports){ -(function (Buffer){ -var imports = require('soop').imports(); - -var util = imports.util || require('../util'); -var Debug1 = imports.Debug1 || function() {}; -var Script = imports.Script || require('./Script'); -var Bignum = imports.Bignum || require('bignum'); -var Binary = imports.Binary || require('binary'); -var Step = imports.Step || require('step'); -var buffertools = imports.buffertools || require('buffertools'); -var Transaction = imports.Transaction || require('./Transaction'); -var TransactionIn = Transaction.In; -var TransactionOut = Transaction.Out; -var COINBASE_OP = Transaction.COINBASE_OP; -var VerificationError = imports.VerificationError || require('../util/error').VerificationError; -var BlockRules = { - maxTimeOffset: 2 * 60 * 60, // How far block timestamps can be into the future - largestHash: Bignum(2).pow(256) -}; - -function Block(data) -{ - if ("object" !== typeof data) { - data = {}; - } - this.hash = data.hash || null; - this.prev_hash = data.prev_hash || util.NULL_HASH; - this.merkle_root = data.merkle_root || util.NULL_HASH; - this.timestamp = data.timestamp || 0; - this.bits = data.bits || 0; - this.nonce = data.nonce || 0; - this.version = data.version || 0; - this.height = data.height || 0; - this.size = data.size || 0; - this.active = data.active || false; - this.chainWork = data.chainWork || util.EMPTY_BUFFER; - this.txs = data.txs || []; -} - -Block.prototype.getHeader = function getHeader() { - var buf = new Buffer(80); - var ofs = 0; - buf.writeUInt32LE(this.version, ofs); ofs += 4; - this.prev_hash.copy(buf, ofs); ofs += 32; - this.merkle_root.copy(buf, ofs); ofs += 32; - buf.writeUInt32LE(this.timestamp, ofs); ofs += 4; - buf.writeUInt32LE(this.bits, ofs); ofs += 4; - buf.writeUInt32LE(this.nonce, ofs); ofs += 4; - return buf; -}; - -Block.prototype.parse = function parse(parser, headerOnly) { - this.version = parser.word32le(); - this.prev_hash = parser.buffer(32); - this.merkle_root = parser.buffer(32); - this.timestamp = parser.word32le(); - this.bits = parser.word32le(); - this.nonce = parser.word32le(); - - this.txs = []; - this.size = 0; - - if (headerOnly) - return; - - var txCount = parser.varInt(); - - for (var i = 0; i < txCount; i++) { - var tx = new Transaction(); - tx.parse(parser); - this.txs.push(tx); - } -}; - -Block.prototype.calcHash = function calcHash() { - var header = this.getHeader(); - - return util.twoSha256(header); -}; - -Block.prototype.checkHash = function checkHash() { - if (!this.hash || !this.hash.length) return false; - return buffertools.compare(this.calcHash(), this.hash) == 0; -}; - -Block.prototype.getHash = function getHash() { - if (!this.hash || !this.hash.length) this.hash = this.calcHash(); - - return this.hash; -}; - -Block.prototype.checkProofOfWork = function checkProofOfWork() { - var target = util.decodeDiffBits(this.bits); - - // TODO: Create a compare method in node-buffertools that uses the correct - // endian so we don't have to reverse both buffers before comparing. - var reverseHash = buffertools.reverse(this.hash); - if (buffertools.compare(reverseHash, target) > 0) { - throw new VerificationError('Difficulty target not met'); - } - - return true; -}; - -/** - * Returns the amount of work that went into this block. - * - * Work is defined as the average number of tries required to meet this - * block's difficulty target. For example a target that is greater than 5% - * of all possible hashes would mean that 20 "work" is required to meet it. - */ -Block.prototype.getWork = function getWork() { - var target = util.decodeDiffBits(this.bits, true); - return BlockRules.largestHash.div(target.add(1)); -}; - -Block.prototype.checkTimestamp = function checkTimestamp() { - var currentTime = new Date().getTime() / 1000; - if (this.timestamp > currentTime + BlockRules.maxTimeOffset) { - throw new VerificationError('Timestamp too far into the future'); - } - - return true; -}; - -Block.prototype.checkTransactions = function checkTransactions(txs) { - if (!Array.isArray(txs) || txs.length <= 0) { - throw new VerificationError('No transactions'); - } - if (!txs[0].isCoinBase()) { - throw new VerificationError('First tx must be coinbase'); - } - for (var i = 1; i < txs.length; i++) { - if (txs[i].isCoinBase()) { - throw new VerificationError('Tx index '+i+' must not be coinbase'); - } - } - - return true; -}; - -/** - * Build merkle tree. - * - * Ported from Java. Original code: BitcoinJ by Mike Hearn - * Copyright (c) 2011 Google Inc. - */ -Block.prototype.getMerkleTree = function getMerkleTree(txs) { - // The merkle hash is based on a tree of hashes calculated from the transactions: - // - // merkleHash - // /\ - // / \ - // A B - // / \ / \ - // tx1 tx2 tx3 tx4 - // - // Basically transactions are hashed, then the hashes of the transactions are hashed - // again and so on upwards into the tree. The point of this scheme is to allow for - // disk space savings later on. - // - // This function is a direct translation of CBlock::BuildMerkleTree(). - - if (txs.length == 0) { - return [util.NULL_HASH.slice(0)]; - } - - // Start by adding all the hashes of the transactions as leaves of the tree. - var tree = txs.map(function (tx) { - return tx instanceof Transaction ? tx.getHash() : tx; - }); - - var j = 0; - // Now step through each level ... - for (var size = txs.length; size > 1; size = Math.floor((size + 1) / 2)) { - // and for each leaf on that level .. - for (var i = 0; i < size; i += 2) { - var i2 = Math.min(i + 1, size - 1); - var a = tree[j + i]; - var b = tree[j + i2]; - tree.push(util.twoSha256(Buffer.concat([a,b]))); - } - j += size; - } - - return tree; -}; - -Block.prototype.calcMerkleRoot = function calcMerkleRoot(txs) { - var tree = this.getMerkleTree(txs); - return tree[tree.length - 1]; -}; - -Block.prototype.checkMerkleRoot = function checkMerkleRoot(txs) { - if (!this.merkle_root || !this.merkle_root.length) { - throw new VerificationError('No merkle root'); - } - - if (buffertools.compare(this.calcMerkleRoot(txs), new Buffer(this.merkle_root)) !== 0) { - throw new VerificationError('Merkle root incorrect'); - } - - return true; -}; - -Block.prototype.checkBlock = function checkBlock(txs) { - if (!this.checkHash()) { - throw new VerificationError("Block hash invalid"); - } - this.checkProofOfWork(); - this.checkTimestamp(); - - if (txs) { - this.checkTransactions(txs); - if (!this.checkMerkleRoot(txs)) { - throw new VerificationError("Merkle hash invalid"); - } - } - return true; -}; - -Block.getBlockValue = function getBlockValue(height) { - var subsidy = Bignum(50).mul(util.COIN); - subsidy = subsidy.div(Bignum(2).pow(Math.floor(height / 210000))); - return subsidy; -}; - -Block.prototype.getBlockValue = function getBlockValue() { - return Block.getBlockValue(this.height); -}; - -Block.prototype.toString = function toString() { - return ""; -}; - - -Block.prototype.createCoinbaseTx = -function createCoinbaseTx(beneficiary) -{ - var tx = new Transaction(); - tx.ins.push(new TransactionIn({ - s: util.EMPTY_BUFFER, - q: 0xffffffff, - o: COINBASE_OP - })); - tx.outs.push(new TransactionOut({ - v: util.bigIntToValue(this.getBlockValue()), - s: Script.createPubKeyOut(beneficiary).getBuffer() - })); - return tx; -}; - -Block.prototype.solve = function solve(miner, callback) { - var header = this.getHeader(); - var target = util.decodeDiffBits(this.bits); - miner.solve(header, target, callback); -}; - -/** - * Returns an object with the same field names as jgarzik's getblock patch. - */ -Block.prototype.getStandardizedObject = -function getStandardizedObject(txs) -{ - var block = { - hash: util.formatHashFull(this.getHash()), - version: this.version, - prev_block: util.formatHashFull(this.prev_hash), - mrkl_root: util.formatHashFull(this.merkle_root), - time: this.timestamp, - bits: this.bits, - nonce: this.nonce, - height: this.height - }; - - - if (txs) { - var mrkl_tree = this.getMerkleTree(txs).map(function (buffer) { - return util.formatHashFull(buffer); - }); - block.mrkl_root = mrkl_tree[mrkl_tree.length - 1]; - - block.n_tx = txs.length; - var totalSize = 80; // Block header - totalSize += util.getVarIntSize(txs.length); // txn_count - txs = txs.map(function (tx) { - tx = tx.getStandardizedObject(); - totalSize += tx.size; - return tx; - }); - block.size = totalSize; - block.tx = txs; - - block.mrkl_tree = mrkl_tree; - } else { - block.size = this.size; - } - return block; -}; - -module.exports = require('soop')(Block); - -}).call(this,require("buffer").Buffer) -},{"../util":143,"../util/error":142,"./Script":"hQ0t76","./Transaction":"LJhYtm","bignum":58,"binary":74,"buffer":85,"buffertools":"fugeBw","soop":129,"step":130}],"./lib/Bloom":[function(require,module,exports){ -module.exports=require('KifRG4'); -},{}],"KifRG4":[function(require,module,exports){ -var MAX_BLOOM_FILTER_SIZE = 36000; // bytes -var MAX_HASH_FUNCS = 50; -var LN2SQUARED = 0.4804530139182014246671025263266649717305529515945455; -var LN2 = 0.6931471805599453094172321214581765680755001343602552; -var bit_mask = [0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80]; - -function Bloom() { - this.data = ''; - this.hashFuncs = 0; -}; - -function ROTL32(x, r) { - return (x << r) | (x >> (32 - r)); -}; - -function getBlockU32(blockIdx, data) { - var idx = blockIdx * 4; - var v = (data[idx + 0] << (0 * 8)) | - (data[idx + 1] << (1 * 8)) | - (data[idx + 2] << (2 * 8)) | - (data[idx + 3] << (3 * 8)); - return v; -}; - -Bloom.prototype.hash = function(hashNum, data) { - var h1 = hashNum * (0xffffffff / (this.hashFuncs - 1)); - var c1 = 0xcc9e2d51; - var c2 = 0x1b873593; - var nBlocks = data.length / 4; - - // data body - for (var i = -nBlocks; i; i++) { - var k1 = getBlockU32(i); - - k1 *= c1; - k1 = ROTLF32(k1, 15); - k1 *= c2; - - h1 ^= k1; - h1 = ROTFL(h1, 13); - h1 = h1 * 5 + 0xe6546b64; - } - - // tail (trailing 1-3 bytes) - var tail = data.slice(nBlocks * 4); - - var k1 = 0; - - switch (data.length & 3) { - case 3: k1 ^= tail[2] << 16; - case 2: k1 ^= tail[1] << 8; - case 1: k1 ^= tail[0]; - k1 *= c1; - k1 = ROTL32(k1, 15); - k1 *= c2; - h1 ^= k1; - } - - // finalize - h1 ^= data.length; - h1 ^= h1 >> 16; - h1 *= 0x85ebca6b; - h1 ^= h1 >> 13; - h1 *= 0xc2b2ae35; - h1 ^= h1 >> 16; - - return h1 % (this.data.length * 8); -}; - -Bloom.prototype.insert = function(data) { - for (var i = 0; i < this.hashFuncs; i++) { - var index = this.hash(i, data); - this.data[index >> 3] |= bit_mask[7 & index]; - } -}; - -Bloom.prototype.contains = function(data) { - for (var i = 0; i < this.hashFuncs; i++) { - var index = this.hash(i, data); - if (!(this.data[index >> 3] & bit_mask[7 & index])) - return false; - } - - return true; -}; - -Bloom.prototype.sizeOk = function() { - return this.data.length <= MAX_BLOOM_FILTER_SIZE && - this.hashFuncs <= MAX_HASH_FUNCS; -}; - -function toInt(v) { - return ~~v; -} - -function min(a, b) { - if (a < b) - return a; - return b; -} - -Bloom.prototype.init = function(elements, FPRate) { - var filterSize = min(toInt(-1.0 / LN2SQUARED * elements * Math.log(FPRate)), - MAX_BLOOM_FILTER_SIZE * 8) / 8; - this.data[filterSize] = 0; - this.hashFuncs = min(toInt(this.data.length * 8 / elements * LN2), - MAX_HASH_FUNCS); -}; - - -module.exports = require('soop')(Bloom); - -},{"soop":129}],"./lib/Connection":[function(require,module,exports){ -module.exports=require('DB/p3X'); -},{}],"DB/p3X":[function(require,module,exports){ -(function (Buffer){ -var imports = require('soop').imports(); - -var log = imports.log || require('../util/log'); - -var MAX_RECEIVE_BUFFER = 10000000; -var PROTOCOL_VERSION = 70000; - -var Put = imports.Put || require('bufferput'); -var Buffers = imports.Buffers || require('buffers'); -require('../patches/Buffers.monkey').patch(Buffers); - -var bitcoreDefaults = imports.config || require('../config'); -var networks = imports.networks || require('../networks'); -var Block = imports.Block || require('./Block'); -var Transaction = imports.Transaction || require('./Transaction'); -var util = imports.util || require('../util'); -var Parser = imports.Parser || require('../util/BinaryParser'); -var buffertools = imports.buffertools || require('buffertools'); -var doubleSha256 = imports.doubleSha256 || util.twoSha256; -var SecureRandom = imports.SecureRandom || require('./SecureRandom'); -var nonce = SecureRandom.getPseudoRandomBuffer(8); - -var BIP0031_VERSION = 60000; - -function Connection(socket, peer, opts) { - Connection.super(this, arguments); - - this.config = opts || bitcoreDefaults; - - this.network = networks[this.config.network] || networks.livenet; - this.socket = socket; - this.peer = peer; - - // check for socks5 proxy options and construct a proxied socket - if (this.config.proxy) { - var Socks5Client = imports.Socks5Client || require('socks5-client'); - this.socket = new Socks5Client(this.config.proxy.host, this.config.proxy.port); - } - - // A connection is considered "active" once we have received verack - this.active = false; - // The version incoming packages are interpreted as - this.recvVer = 0; - // The version outgoing packages are sent as - this.sendVer = 0; - // The (claimed) height of the remote peer's block chain - this.bestHeight = 0; - // Is this an inbound connection? - this.inbound = !!this.socket.server; - // Have we sent a getaddr on this connection? - this.getaddr = false; - - // Receive buffer - this.buffers = new Buffers(); - - // Starting 20 Feb 2012, Version 0.2 is obsolete - // This is the same behavior as the official client - if (new Date().getTime() > 1329696000000) { - this.recvVer = 209; - this.sendVer = 209; - } - - this.setupHandlers(); -} -Connection.parent = imports.parent || require('events').EventEmitter; - -Connection.prototype.open = function(callback) { - if (typeof callback === 'function') this.once('connect', callback); - this.socket.connect(this.peer.port, this.peer.host); - return this; -}; - -Connection.prototype.setupHandlers = function () { - this.socket.addListener('connect', this.handleConnect.bind(this)); - this.socket.addListener('error', this.handleError.bind(this)); - this.socket.addListener('end', this.handleDisconnect.bind(this)); - this.socket.addListener('data', (function (data) { - var dumpLen = 35; - log.debug('['+this.peer+'] '+ - 'Recieved '+data.length+' bytes of data:'); - log.debug('... '+ buffertools.toHex(data.slice(0, dumpLen > data.length ? - data.length : dumpLen)) + - (data.length > dumpLen ? '...' : '')); - }).bind(this)); - this.socket.addListener('data', this.handleData.bind(this)); -}; - -Connection.prototype.handleConnect = function () { - if (!this.inbound) { - this.sendVersion(); - } - this.emit('connect', { - conn: this, - socket: this.socket, - peer: this.peer - }); -}; - -Connection.prototype.handleError = function(err) { - if (err.errno == 110 || err.errno == 'ETIMEDOUT') { - log.info('connection timed out for '+this.peer); - } else if (err.errno == 111 || err.errno == 'ECONNREFUSED') { - log.info('connection refused for '+this.peer); - } else { - log.warn('connection with '+this.peer+' '+err.toString()); - } - this.emit('error', { - conn: this, - socket: this.socket, - peer: this.peer, - err: err - }); -}; - -Connection.prototype.handleDisconnect = function () { - this.emit('disconnect', { - conn: this, - socket: this.socket, - peer: this.peer - }); -}; - -Connection.prototype.handleMessage = function(message) { - if (!message) { - // Parser was unable to make sense of the message, drop it - return; - } - - try { - switch (message.command) { - case 'version': - // Did we connect to ourself? - if (buffertools.compare(nonce, message.nonce) === 0) { - this.socket.end(); - return; - } - - if (this.inbound) { - this.sendVersion(); - } - - if (message.version >= 209) { - this.sendMessage('verack', new Buffer([])); - } - this.sendVer = Math.min(message.version, PROTOCOL_VERSION); - if (message.version < 209) { - this.recvVer = Math.min(message.version, PROTOCOL_VERSION); - } else { - // We won't start expecting a checksum until after we've received - // the 'verack' message. - this.once('verack', (function () { - this.recvVer = message.version; - }).bind(this)); - } - this.bestHeight = message.start_height; - break; - - case 'verack': - this.recvVer = Math.min(message.version, PROTOCOL_VERSION); - this.active = true; - break; - - case 'ping': - if ('object' === typeof message.nonce) { - this.sendPong(message.nonce); - } - break; - } - } catch (e) { - log.err('Error while handling "'+message.command+'" message from ' + - this.peer + ':\n' + - (e.stack ? e.stack : e.toString())); - return; - } - this.emit(message.command, { - conn: this, - socket: this.socket, - peer: this.peer, - message: message - }); -}; - -Connection.prototype.sendPong = function (nonce) { - this.sendMessage('pong', nonce); -}; - -Connection.prototype.sendVersion = function () { - var subversion = '/BitcoinX:0.1/'; - - var put = new Put(); - put.word32le(PROTOCOL_VERSION); // version - put.word64le(1); // services - put.word64le(Math.round(new Date().getTime()/1000)); // timestamp - put.pad(26); // addr_me - put.pad(26); // addr_you - put.put(nonce); - put.varint(subversion.length); - put.put(new Buffer(subversion, 'ascii')); - put.word32le(0); - - this.sendMessage('version', put.buffer()); -}; - -Connection.prototype.sendGetBlocks = function (starts, stop, wantHeaders) { - // Default value for stop is 0 to get as many blocks as possible (500) - stop = stop || util.NULL_HASH; - - var put = new Put(); - - // https://en.bitcoin.it/wiki/Protocol_specification#getblocks - put.word32le(this.sendVer); - put.varint(starts.length); - - for (var i = 0; i < starts.length; i++) { - if (starts[i].length != 32) { - throw new Error('Invalid hash length'); - } - - put.put(starts[i]); - } - - var stopBuffer = new Buffer(stop, 'binary'); - if (stopBuffer.length != 32) { - throw new Error('Invalid hash length'); - } - - put.put(stopBuffer); - - var command = 'getblocks'; - if (wantHeaders) - command = 'getheaders'; - this.sendMessage(command, put.buffer()); -}; - -Connection.prototype.sendGetHeaders = function(starts, stop) { - this.sendGetBlocks(starts, stop, true); -}; - -Connection.prototype.sendGetData = function (invs) { - var put = new Put(); - put.varint(invs.length); - for (var i = 0; i < invs.length; i++) { - put.word32le(invs[i].type); - put.put(invs[i].hash); - } - this.sendMessage('getdata', put.buffer()); -}; - -Connection.prototype.sendGetAddr = function (invs) { - var put = new Put(); - this.sendMessage('getaddr', put.buffer()); -}; - -Connection.prototype.sendInv = function(data) { - if(!Array.isArray(data)) data = [data]; - var put = new Put(); - put.varint(data.length); - data.forEach(function (value) { - if (value instanceof Block) { - // Block - put.word32le(2); // MSG_BLOCK - } else { - // Transaction - put.word32le(1); // MSG_TX - } - put.put(value.getHash()); - }); - this.sendMessage('inv', put.buffer()); -}; - -Connection.prototype.sendHeaders = function (headers) { - var put = new Put(); - put.varint(headers.length); - headers.forEach(function (header) { - put.put(header); - - // Indicate 0 transactions - put.word8(0); - }); - this.sendMessage('headers', put.buffer()); -}; - -Connection.prototype.sendTx = function (tx) { - this.sendMessage('tx', tx.serialize()); -}; - -Connection.prototype.sendBlock = function (block, txs) { - var put = new Put(); - - // Block header - put.put(block.getHeader()); - - // List of transactions - put.varint(txs.length); - txs.forEach(function (tx) { - put.put(tx.serialize()); - }); - - this.sendMessage('block', put.buffer()); -}; - -Connection.prototype.sendMessage = function (command, payload) { - try { - var magic = this.network.magic; - var commandBuf = new Buffer(command, 'ascii'); - if (commandBuf.length > 12) throw 'Command name too long'; - - var checksum; - if (this.sendVer >= 209) { - checksum = doubleSha256(payload).slice(0, 4); - } else { - checksum = new Buffer([]); - } - - var message = new Put(); // -- HEADER -- - message.put(magic); // magic bytes - message.put(commandBuf); // command name - message.pad(12 - commandBuf.length); // zero-padded - message.word32le(payload.length); // payload length - message.put(checksum); // checksum - // -- BODY -- - message.put(payload); // payload data - - var buffer = message.buffer(); - - log.debug('['+this.peer+'] '+ - 'Sending message '+command+' ('+payload.length+' bytes)'); - - this.socket.write(buffer); - } catch (err) { - // TODO: We should catch this error one level higher in order to better - // determine how to react to it. For now though, ignoring it will do. - log.err('Error while sending message to peer '+this.peer+': '+ - (err.stack ? err.stack : err.toString())); - } -}; - -Connection.prototype.handleData = function (data) { - this.buffers.push(data); - - if (this.buffers.length > MAX_RECEIVE_BUFFER) { - log.err('Peer '+this.peer+' exceeded maxreceivebuffer, disconnecting.'+ - (err.stack ? err.stack : err.toString())); - this.socket.destroy(); - return; - } - - this.processData(); -}; - -Connection.prototype.processData = function () { - // If there are less than 20 bytes there can't be a message yet. - if (this.buffers.length < 20) return; - - var magic = this.network.magic; - var i = 0; - for (;;) { - if (this.buffers.get(i ) === magic[0] && - this.buffers.get(i+1) === magic[1] && - this.buffers.get(i+2) === magic[2] && - this.buffers.get(i+3) === magic[3]) { - if (i !== 0) { - log.debug('['+this.peer+'] '+ - 'Received '+i+ - ' bytes of inter-message garbage: '); - log.debug('... '+this.buffers.slice(0,i)); - - this.buffers.skip(i); - } - break; - } - - if (i > (this.buffers.length - 4)) { - this.buffers.skip(i); - return; - } - i++; - } - - var payloadLen = (this.buffers.get(16) ) + - (this.buffers.get(17) << 8) + - (this.buffers.get(18) << 16) + - (this.buffers.get(19) << 24); - - var startPos = (this.recvVer >= 209) ? 24 : 20; - var endPos = startPos + payloadLen; - - if (this.buffers.length < endPos) return; - - var command = this.buffers.slice(4, 16).toString('ascii').replace(/\0+$/,''); - var payload = this.buffers.slice(startPos, endPos); - var checksum = (this.recvVer >= 209) ? this.buffers.slice(20, 24) : null; - - log.debug('['+this.peer+'] ' + - 'Received message ' + command + - ' (' + payloadLen + ' bytes)'); - - if (checksum !== null) { - var checksumConfirm = doubleSha256(payload).slice(0, 4); - if (buffertools.compare(checksumConfirm, checksum) !== 0) { - log.err('['+this.peer+'] '+ - 'Checksum failed', - { cmd: command, - expected: checksumConfirm.toString('hex'), - actual: checksum.toString('hex') }); - return; - } - } - - var message; - try { - message = this.parseMessage(command, payload); - } catch (e) { - log.err('Error while parsing message '+command+' from ' + - this.peer + ':\n' + - (e.stack ? e.stack : e.toString())); - } - - if (message) { - this.handleMessage(message); - } - - this.buffers.skip(endPos); - this.processData(); -}; - -Connection.prototype.parseMessage = function (command, payload) { - var parser = new Parser(payload); - - var data = { - command: command - }; - - var i; - - switch (command) { - case 'version': // https://en.bitcoin.it/wiki/Protocol_specification#version - data.version = parser.word32le(); - data.services = parser.word64le(); - data.timestamp = parser.word64le(); - data.addr_me = parser.buffer(26); - data.addr_you = parser.buffer(26); - data.nonce = parser.buffer(8); - data.subversion = parser.varStr(); - data.start_height = parser.word32le(); - break; - - case 'inv': - case 'getdata': - data.count = parser.varInt(); - - data.invs = []; - for (i = 0; i < data.count; i++) { - data.invs.push({ - type: parser.word32le(), - hash: parser.buffer(32) - }); - } - break; - - case 'headers': - data.count = parser.varInt(); - - data.headers = []; - for (i = 0; i < data.count; i++) { - var header = new Block(); - header.parse(parser); - data.headers.push(header); - } - break; - - case 'block': - var block = new Block(); - block.parse(parser); - - data.block = block; - data.version = block.version; - data.prev_hash = block.prev_hash; - data.merkle_root = block.merkle_root; - data.timestamp = block.timestamp; - data.bits = block.bits; - data.nonce = block.nonce; - - data.txs = block.txs; - - data.size = payload.length; - break; - - case 'tx': - var tx = new Transaction(); - tx.parse(parser); - return { - command: command, - version: tx.version, - lock_time: tx.lock_time, - ins: tx.ins, - outs: tx.outs, - tx: tx, - }; - - case 'getblocks': - case 'getheaders': - // parse out the version - data.version = parser.word32le(); - - // TODO: Limit block locator size? - // reference implementation limits to 500 results - var startCount = parser.varInt(); - - data.starts = []; - for (i = 0; i < startCount; i++) { - data.starts.push(parser.buffer(32)); - } - data.stop = parser.buffer(32); - break; - - case 'addr': - var addrCount = parser.varInt(); - - // Enforce a maximum number of addresses per message - if (addrCount > 1000) { - addrCount = 1000; - } - - data.addrs = []; - for (i = 0; i < addrCount; i++) { - // TODO: Time actually depends on the version of the other peer (>=31402) - data.addrs.push({ - time: parser.word32le(), - services: parser.word64le(), - ip: parser.buffer(16), - port: parser.word16be() - }); - } - break; - - case 'alert': - data.payload = parser.varStr(); - data.signature = parser.varStr(); - break; - - case 'ping': - if (this.recvVer > BIP0031_VERSION) { - data.nonce = parser.buffer(8); - } - break; - - case 'getaddr': - case 'verack': - case 'reject': - // Empty message, nothing to parse - break; - - default: - log.err('Connection.parseMessage(): Command not implemented', - {cmd: command}); - - // This tells the calling function not to issue an event - return null; - } - - return data; -}; - -module.exports = require('soop')(Connection); - -}).call(this,require("buffer").Buffer) -},{"../config":"4itQ50","../networks":"ULNIu2","../patches/Buffers.monkey":"kytKTK","../util":143,"../util/BinaryParser":"b3ZSD7","../util/log":"AdF7pF","./Block":"pJEQEB","./SecureRandom":"p4SiC2","./Transaction":"LJhYtm","buffer":85,"bufferput":"aXRuS6","buffers":"OBo3aV","buffertools":"fugeBw","events":94,"socks5-client":122,"soop":129}],"./lib/Curve":[function(require,module,exports){ -module.exports=require('Ynul1S'); -},{}],"Ynul1S":[function(require,module,exports){ -(function (Buffer){ -"use strict"; -var imports = require('soop'); -var bignum = imports.bignum || require('bignum'); -var Point = imports.Point || require('./Point'); - -var n = bignum.fromBuffer(new Buffer("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141", 'hex'), {size: 32}); - - -var Curve = function() { -}; - -/* secp256k1 curve */ -var G; -Curve.getG = function() { - // don't use Point in top scope, causes exception in browser - // when Point is not loaded yet - - // use cached version if available - G = G || new Point(bignum.fromBuffer(new Buffer("79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798", 'hex'), {size: 32}), - bignum.fromBuffer(new Buffer("483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8", 'hex'), {size: 32})); - return G; -}; - -Curve.getN = function() { - return n; -}; - -module.exports = require('soop')(Curve); - -}).call(this,require("buffer").Buffer) -},{"./Point":"6tXgqr","bignum":58,"buffer":85,"soop":129}],"ez/meX":[function(require,module,exports){ - -exports.intFromCompact = function(c) -{ - var bytes = ((c >>> 24) & 0xff) >>> 0; - var v = ((c & 0xffffff) << (8 * (bytes - 3))) >>> 0; - return v; -} - - -},{}],"./lib/Deserialize":[function(require,module,exports){ -module.exports=require('ez/meX'); -},{}],"hdzBvq":[function(require,module,exports){ -(function (Buffer){ -var Key = require('./Key'), - Point = require('./Point'), - twoSha256 = require('../util').twoSha256, - buffertools = require('buffertools'), - bignum = require('bignum'); - -/** - * Pre-BIP32 Electrum public key derivation (electrum <2.0) - * - * For now, this class can only understands master public keys. - * It doesn't support derivation from a private master key (TODO). - * - * @example examples/ElectrumMPK.js - */ -function Electrum (master_public_key) { - this.mpk = new Buffer(master_public_key, 'hex'); -} - -Electrum.prototype.getSequence = function (for_change, n) { - var mode = for_change ? 1 : 0; - var buf = Buffer.concat([ new Buffer(n + ':' + mode + ':', 'utf8'), this.mpk ]); - return bignum.fromBuffer(twoSha256(buf)); -}; - -Electrum.prototype.generatePubKey = function (n, for_change) { - var x = bignum.fromBuffer(this.mpk.slice(0, 32), { size: 32 }); - var y = bignum.fromBuffer(this.mpk.slice(32, 64), { size: 32 }); - var mpk_pt = new Point(x, y); - - var sequence = this.getSequence(for_change, n); - var sequence_key = new Key(); - sequence_key.private = sequence.toBuffer(); - sequence_key.regenerateSync(); - sequence_key.compressed = false; - - var sequence_pt = Point.fromUncompressedPubKey(sequence_key.public); - - pt = Point.add(mpk_pt, sequence_pt); - - var xbuf = pt.x.toBuffer({ size: 32 }); - var ybuf = pt.y.toBuffer({ size: 32 }); - var prefix = new Buffer([0x04]); - - var key = new Key(); - key.compressed = false; - key.public = Buffer.concat([prefix, xbuf, ybuf]); - - return key.public; -}; - -Electrum.prototype.generateChangePubKey = function (sequence) { - return this.generatePubKey(sequence, true); -}; - -module.exports = Electrum; - -}).call(this,require("buffer").Buffer) -},{"../util":143,"./Key":"ALJ4PS","./Point":"6tXgqr","bignum":58,"buffer":85,"buffertools":"fugeBw"}],"./lib/Electrum":[function(require,module,exports){ -module.exports=require('hdzBvq'); -},{}],"./lib/HierarchicalKey":[function(require,module,exports){ -module.exports=require('x1O6JW'); -},{}],"x1O6JW":[function(require,module,exports){ -(function (Buffer){ -var imports = require('soop').imports(); -var base58 = imports.base58 || require('./Base58').base58; -var coinUtil = imports.coinUtil || require('../util'); -var Key = imports.Key || require('./Key'); -var Point = imports.Point || require('./Point'); -var SecureRandom = imports.SecureRandom || require('./SecureRandom'); -var bignum = imports.bignum || require('bignum'); -var networks = require('../networks'); - -var secp256k1_n = new bignum('FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141', 16); -var secp256k1_Gx = new bignum('79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798', 16); - -/* -random new HierarchicalKey: new HierarchicalKey(); -from extended public or private key: new HierarchicalKey(str); -new blank HierarchicalKey: new HierarchicalKey(null); -*/ -var HierarchicalKey = function(bytes) { - if (typeof bytes == 'undefined' || bytes == 'mainnet' || bytes == 'livenet') { - bytes = 'livenet'; - this.version = networks['livenet'].hkeyPrivateVersion; - } - else if (bytes == 'testnet') { - this.version = networks['testnet'].hkeyPrivateVersion; - } - if (bytes == 'livenet' || bytes == 'testnet') { - this.depth = 0x00; - this.parentFingerprint = new Buffer([0, 0, 0, 0]); - this.childIndex = new Buffer([0, 0, 0, 0]); - this.chainCode = SecureRandom.getRandomBuffer(32); - this.eckey = Key.generateSync(); - this.hasPrivateKey = true; - this.pubKeyHash = coinUtil.sha256ripe160(this.eckey.public); - this.buildExtendedPublicKey(); - this.buildExtendedPrivateKey(); - return; - } - - // decode base58 - if (typeof bytes === 'string') { - var decoded = base58.decode(bytes); - if (decoded.length != 82) - throw new Error('Not enough data, expected 82 and received '+decoded.length); - var checksum = decoded.slice(78, 82); - bytes = decoded.slice(0, 78); - - var hash = coinUtil.sha256(coinUtil.sha256(bytes)); - - if (hash[0] != checksum[0] || hash[1] != checksum[1] || hash[2] != checksum[2] || hash[3] != checksum[3]) { - throw new Error('Invalid checksum'); - } - } - - if (bytes !== undefined && bytes !== null) - this.initFromBytes(bytes); -} - -HierarchicalKey.seed = function(bytes, network) { - if (!network) - network = 'livenet'; - - if (!Buffer.isBuffer(bytes)) - bytes = new Buffer(bytes, 'hex'); //if not buffer, assume hex - if (bytes.length < 128/8) - return false; //need more entropy - if (bytes.length > 512/8) - return false; - var hash = coinUtil.sha512hmac(bytes, new Buffer('Bitcoin seed')); - - var hkey = new HierarchicalKey(null); - hkey.depth = 0x00; - hkey.parentFingerprint = new Buffer([0, 0, 0, 0]); - hkey.childIndex = new Buffer([0, 0, 0, 0]); - hkey.chainCode = hash.slice(32, 64); - hkey.version = networks[network].hkeyPrivateVersion; - hkey.eckey = new Key(); - hkey.eckey.private = hash.slice(0, 32); - hkey.eckey.regenerateSync(); - hkey.hasPrivateKey = true; - hkey.pubKeyHash = coinUtil.sha256ripe160(hkey.eckey.public); - - hkey.buildExtendedPublicKey(); - hkey.buildExtendedPrivateKey(); - - return hkey; -}; - -HierarchicalKey.prototype.initFromBytes = function(bytes) { - // Both pub and private extended keys are 78 bytes - if(bytes.length != 78) throw new Error('not enough data'); - - this.version = u32(bytes.slice(0, 4)); - this.depth = u8(bytes.slice(4, 5)); - this.parentFingerprint = bytes.slice(5, 9); - this.childIndex = u32(bytes.slice(9, 13)); - this.chainCode = bytes.slice(13, 45); - - var keyBytes = bytes.slice(45, 78); - - var isPrivate = - (this.version == networks['livenet'].hkeyPrivateVersion || - this.version == networks['testnet'].hkeyPrivateVersion ); - - var isPublic = - (this.version == networks['livenet'].hkeyPublicVersion || - this.version == networks['testnet'].hkeyPublicVersion ); - - if (isPrivate && keyBytes[0] == 0) { - this.eckey = new Key(); - this.eckey.private = keyBytes.slice(1, 33); - this.eckey.compressed = true; - this.eckey.regenerateSync(); - this.pubKeyHash = coinUtil.sha256ripe160(this.eckey.public); - this.hasPrivateKey = true; - } else if (isPublic && (keyBytes[0] == 0x02 || keyBytes[0] == 0x03)) { - this.eckey = new Key(); - this.eckey.public = keyBytes; - this.pubKeyHash = coinUtil.sha256ripe160(this.eckey.public); - this.hasPrivateKey = false; - } else { - throw new Error('Invalid key'); - } - - this.buildExtendedPublicKey(); - this.buildExtendedPrivateKey(); -} - -HierarchicalKey.prototype.buildExtendedPublicKey = function() { - this.extendedPublicKey = new Buffer([]); - - var v = null; - switch(this.version) { - case networks['livenet'].hkeyPublicVersion: - case networks['livenet'].hkeyPrivateVersion: - v = networks['livenet'].hkeyPublicVersion; - break; - case networks['testnet'].hkeyPublicVersion: - case networks['testnet'].hkeyPrivateVersion: - v = networks['testnet'].hkeyPublicVersion; - break; - default: - throw new Error('Unknown version'); - } - - // Version - this.extendedPublicKey = Buffer.concat([ - new Buffer([v >> 24]), - new Buffer([(v >> 16) & 0xff]), - new Buffer([(v >> 8) & 0xff]), - new Buffer([v & 0xff]), - new Buffer([this.depth]), - this.parentFingerprint, - new Buffer([this.childIndex >>> 24]), - new Buffer([(this.childIndex >>> 16) & 0xff]), - new Buffer([(this.childIndex >>> 8) & 0xff]), - new Buffer([this.childIndex & 0xff]), - this.chainCode, - this.eckey.public - ]); -} - -HierarchicalKey.prototype.extendedPublicKeyString = function(format) { - if (format === undefined || format === 'base58') { - var hash = coinUtil.sha256(coinUtil.sha256(this.extendedPublicKey)); - var checksum = hash.slice(0, 4); - var data = Buffer.concat([this.extendedPublicKey, checksum]); - return base58.encode(data); - } else if (format === 'hex') { - return this.extendedPublicKey.toString('hex');; - } else { - throw new Error('bad format'); - } -} - -HierarchicalKey.prototype.buildExtendedPrivateKey = function() { - if (!this.hasPrivateKey) return; - this.extendedPrivateKey = new Buffer([]); - - var v = this.version; - - this.extendedPrivateKey = Buffer.concat([ - new Buffer([v >> 24]), - new Buffer([(v >> 16) & 0xff]), - new Buffer([(v >> 8) & 0xff]), - new Buffer([v & 0xff]), - new Buffer([this.depth]), - this.parentFingerprint, - new Buffer([this.childIndex >>> 24]), - new Buffer([(this.childIndex >>> 16) & 0xff]), - new Buffer([(this.childIndex >>> 8) & 0xff]), - new Buffer([this.childIndex & 0xff]), - this.chainCode, - new Buffer([0]), - this.eckey.private - ]); -} - -HierarchicalKey.prototype.extendedPrivateKeyString = function(format) { - if (format === undefined || format === 'base58') { - var hash = coinUtil.sha256(coinUtil.sha256(this.extendedPrivateKey)); - var checksum = hash.slice(0, 4); - var data = Buffer.concat([this.extendedPrivateKey, checksum]); - return base58.encode(data); - } else if (format === 'hex') { - return this.extendedPrivateKey.toString('hex'); - } else { - throw new Error('bad format'); - } -} - - -HierarchicalKey.prototype.derive = function(path) { - var e = path.split('/'); - - // Special cases: - if (path == 'm' || path == 'M' || path == 'm\'' || path == 'M\'') - return this; - - var hkey = this; - for (var i in e) { - var c = e[i]; - - if (i == 0 ) { - if (c != 'm') throw new Error('invalid path'); - continue; - } - - var usePrivate = (c.length > 1) && (c[c.length-1] == '\''); - var childIndex = parseInt(usePrivate ? c.slice(0, c.length - 1) : c) & 0x7fffffff; - - if (usePrivate) - childIndex += 0x80000000; - - hkey = hkey.deriveChild(childIndex); - } - - return hkey; -} - -HierarchicalKey.prototype.deriveChild = function(i) { - var ib = []; - ib.push((i >> 24) & 0xff); - ib.push((i >> 16) & 0xff); - ib.push((i >> 8) & 0xff); - ib.push(i & 0xff); - ib = new Buffer(ib); - - var usePrivate = (i & 0x80000000) != 0; - - var isPrivate = - (this.version == networks['livenet'].hkeyPrivateVersion || - this.version == networks['testnet'].hkeyPrivateVersion ); - - if (usePrivate && (!this.hasPrivateKey || !isPrivate)) - throw new Error('Cannot do private key derivation without private key'); - - var ret = null; - if (this.hasPrivateKey) { - var data = null; - - if (usePrivate) { - data = Buffer.concat([new Buffer([0]), this.eckey.private, ib]); - } else { - data = Buffer.concat([this.eckey.public, ib]); - } - - var hash = coinUtil.sha512hmac(data, this.chainCode); - var il = bignum.fromBuffer(hash.slice(0, 32), {size: 32}); - var ir = hash.slice(32, 64); - - // ki = IL + kpar (mod n). - var priv = bignum.fromBuffer(this.eckey.private, {size: 32}); - var k = il.add(priv).mod(secp256k1_n); - - ret = new HierarchicalKey(null); - ret.chainCode = ir; - - ret.eckey = new Key(); - ret.eckey.private = k.toBuffer({size: 32}); - ret.eckey.regenerateSync(); - ret.hasPrivateKey = true; - - } else { - var data = Buffer.concat([this.eckey.public, ib]); - var hash = coinUtil.sha512hmac(data, this.chainCode); - var il = hash.slice(0, 32); - var ir = hash.slice(32, 64); - - // Ki = (IL + kpar)*G = IL*G + Kpar - var ilGkey = new Key(); - ilGkey.private = il; - ilGkey.regenerateSync(); - ilGkey.compressed = false; - var ilG = Point.fromUncompressedPubKey(ilGkey.public); - var oldkey = new Key(); - oldkey.public = this.eckey.public; - oldkey.compressed = false; - var Kpar = Point.fromUncompressedPubKey(oldkey.public); - var newpub = Point.add(ilG, Kpar).toUncompressedPubKey(); - - ret = new HierarchicalKey(null); - ret.chainCode = new Buffer(ir); - - var eckey = new Key(); - eckey.public = newpub; - eckey.compressed = true; - ret.eckey = eckey; - ret.hasPrivateKey = false; - } - - ret.childIndex = i; - ret.parentFingerprint = this.pubKeyHash.slice(0,4); - ret.version = this.version; - ret.depth = this.depth + 1; - - ret.eckey.compressed = true; - ret.pubKeyHash = coinUtil.sha256ripe160(ret.eckey.public); - - ret.buildExtendedPublicKey(); - ret.buildExtendedPrivateKey(); - - return ret; -} - - -function uint(f, size) { - if (f.length < size) - throw new Error('not enough data'); - var n = 0; - for (var i = 0; i < size; i++) { - n *= 256; - n += f[i]; - } - return n; -} - -function u8(f) {return uint(f,1);} -function u16(f) {return uint(f,2);} -function u32(f) {return uint(f,4);} -function u64(f) {return uint(f,8);} - -module.exports = require('soop')(HierarchicalKey); - -}).call(this,require("buffer").Buffer) -},{"../networks":"ULNIu2","../util":143,"./Base58":"6VqyzY","./Key":"ALJ4PS","./Point":"6tXgqr","./SecureRandom":"p4SiC2","bignum":58,"buffer":85,"soop":129}],"CBDCgz":[function(require,module,exports){ -(function (Buffer){ -'use strict'; -var imports = require('soop').imports(); -var coinUtil = imports.coinUtil || require('../util'); -var Key = imports.Key || require('./Key'); - -var Message = function() { -}; - -Message.sign = function(str, key) { - var hash = Message.magicHash(str); - var sig = key.signSync(hash); - return sig; -}; - -Message.verifyWithPubKey = function(pubkey, message, sig) { - var hash = Message.magicHash(message); - var key = new Key(); - if (pubkey.length == 65) - key.compressed = false; - key.public = pubkey; - - return key.verifySignatureSync(hash, sig); -}; - -//TODO: Message.verify ... with address, not pubkey - -Message.magicBytes = new Buffer('Bitcoin Signed Message:\n'); - -Message.magicHash = function(str) { - var magicBytes = Message.magicBytes; - var prefix1 = coinUtil.varIntBuf(magicBytes.length); - var message = new Buffer(str); - var prefix2 = coinUtil.varIntBuf(message.length); - - var buf = Buffer.concat([prefix1, magicBytes, prefix2, message]); - - var hash = coinUtil.twoSha256(buf); - - return hash; -}; - -module.exports = require('soop')(Message); - -}).call(this,require("buffer").Buffer) -},{"../util":143,"./Key":"ALJ4PS","buffer":85,"soop":129}],"./lib/Message":[function(require,module,exports){ -module.exports=require('CBDCgz'); -},{}],"./lib/Opcode":[function(require,module,exports){ -module.exports=require('Zm7/h9'); -},{}],"Zm7/h9":[function(require,module,exports){ -var imports = require('soop').imports(); - -function Opcode(num) { - this.code = num; -}; - -Opcode.prototype.toString = function () { - return Opcode.reverseMap[this.code]; -}; - -Opcode.map = { - // push value - OP_FALSE : 0, - OP_0 : 0, - OP_PUSHDATA1 : 76, - OP_PUSHDATA2 : 77, - OP_PUSHDATA4 : 78, - OP_1NEGATE : 79, - OP_RESERVED : 80, - OP_TRUE : 81, - OP_1 : 81, - OP_2 : 82, - OP_3 : 83, - OP_4 : 84, - OP_5 : 85, - OP_6 : 86, - OP_7 : 87, - OP_8 : 88, - OP_9 : 89, - OP_10 : 90, - OP_11 : 91, - OP_12 : 92, - OP_13 : 93, - OP_14 : 94, - OP_15 : 95, - OP_16 : 96, - - // control - OP_NOP : 97, - OP_VER : 98, - OP_IF : 99, - OP_NOTIF : 100, - OP_VERIF : 101, - OP_VERNOTIF : 102, - OP_ELSE : 103, - OP_ENDIF : 104, - OP_VERIFY : 105, - OP_RETURN : 106, - - // stack ops - OP_TOALTSTACK : 107, - OP_FROMALTSTACK : 108, - OP_2DROP : 109, - OP_2DUP : 110, - OP_3DUP : 111, - OP_2OVER : 112, - OP_2ROT : 113, - OP_2SWAP : 114, - OP_IFDUP : 115, - OP_DEPTH : 116, - OP_DROP : 117, - OP_DUP : 118, - OP_NIP : 119, - OP_OVER : 120, - OP_PICK : 121, - OP_ROLL : 122, - OP_ROT : 123, - OP_SWAP : 124, - OP_TUCK : 125, - - // splice ops - OP_CAT : 126, - OP_SUBSTR : 127, - OP_LEFT : 128, - OP_RIGHT : 129, - OP_SIZE : 130, - - // bit logic - OP_INVERT : 131, - OP_AND : 132, - OP_OR : 133, - OP_XOR : 134, - OP_EQUAL : 135, - OP_EQUALVERIFY : 136, - OP_RESERVED1 : 137, - OP_RESERVED2 : 138, - - // numeric - OP_1ADD : 139, - OP_1SUB : 140, - OP_2MUL : 141, - OP_2DIV : 142, - OP_NEGATE : 143, - OP_ABS : 144, - OP_NOT : 145, - OP_0NOTEQUAL : 146, - - OP_ADD : 147, - OP_SUB : 148, - OP_MUL : 149, - OP_DIV : 150, - OP_MOD : 151, - OP_LSHIFT : 152, - OP_RSHIFT : 153, - - OP_BOOLAND : 154, - OP_BOOLOR : 155, - OP_NUMEQUAL : 156, - OP_NUMEQUALVERIFY : 157, - OP_NUMNOTEQUAL : 158, - OP_LESSTHAN : 159, - OP_GREATERTHAN : 160, - OP_LESSTHANOREQUAL : 161, - OP_GREATERTHANOREQUAL : 162, - OP_MIN : 163, - OP_MAX : 164, - - OP_WITHIN : 165, - - // crypto - OP_RIPEMD160 : 166, - OP_SHA1 : 167, - OP_SHA256 : 168, - OP_HASH160 : 169, - OP_HASH256 : 170, - OP_CODESEPARATOR : 171, - OP_CHECKSIG : 172, - OP_CHECKSIGVERIFY : 173, - OP_CHECKMULTISIG : 174, - OP_CHECKMULTISIGVERIFY : 175, - - // expansion - OP_NOP1 : 176, - OP_NOP2 : 177, - OP_NOP3 : 178, - OP_NOP4 : 179, - OP_NOP5 : 180, - OP_NOP6 : 181, - OP_NOP7 : 182, - OP_NOP8 : 183, - OP_NOP9 : 184, - OP_NOP10 : 185, - - // template matching params - OP_PUBKEYHASH : 253, - OP_PUBKEY : 254, - OP_INVALIDOPCODE : 255 -}; - -Opcode.reverseMap = []; - -for (var k in Opcode.map) { - if(Opcode.map.hasOwnProperty(k)) { - Opcode.reverseMap[Opcode.map[k]] = k.substr(3); - } -} - -Opcode.asList = function() { - var keys = []; - for (var prop in Opcode.map) { - if (Opcode.map.hasOwnProperty(prop)) { - keys.push(prop); - } - } - return keys; -}; - -module.exports = require('soop')(Opcode); - -},{"soop":129}],"oolY81":[function(require,module,exports){ -(function (Buffer){ -var imports = require('soop').imports(); - -var Net = imports.Net || require('net'); -var Binary = imports.Binary || require('binary'); -var buffertools = imports.buffertools || require('buffertools'); - -function Peer(host, port, services) { - if ("string" === typeof host) { - if (host.indexOf(':') && !port) { - var parts = host.split(':'); - host = parts[0]; - port = parts[1]; - } - this.host = host; - this.port = +port || 8333; - } else if (host instanceof Peer) { - this.host = host.host; - this.port = host.port; - } else if (Buffer.isBuffer(host)) { - if (buffertools.compare(Peer.IPV6_IPV4_PADDING, host.slice(0, 12)) != 0) { - throw new Error('IPV6 not supported yet! Cannot instantiate host.'); - } - this.host = Array.prototype.slice.apply(host.slice(12)).join('.'); - this.port = +port || 8333; - } else { - throw new Error('Could not instantiate peer, invalid parameter type: ' + - typeof host); - } - - this.services = (services) ? services : null; - this.lastSeen = 0; -}; - -Peer.IPV6_IPV4_PADDING = new Buffer([0,0,0,0,0,0,0,0,0,0,255,255]); - -Peer.prototype.createConnection = function () { - this.connection = Net.createConnection(this.port, this.host); - return this.connection; -}; - -Peer.prototype.getHostAsBuffer = function () { - return new Buffer(this.host.split('.')); -}; - -Peer.prototype.toString = function () { - return this.host + ":" + this.port; -}; - -Peer.prototype.toBuffer = function () { - var put = Binary.put(); - put.word32le(this.lastSeen); - put.word64le(this.services); - put.put(this.getHostAsBuffer()); - put.word16be(this.port); - return put.buffer(); -}; - -module.exports = require('soop')(Peer); - -}).call(this,require("buffer").Buffer) -},{"binary":74,"buffer":85,"buffertools":"fugeBw","net":81,"soop":129}],"./lib/Peer":[function(require,module,exports){ -module.exports=require('oolY81'); -},{}],"./lib/PeerManager":[function(require,module,exports){ -module.exports=require('nsqKeP'); -},{}],"nsqKeP":[function(require,module,exports){ -var imports = require('soop').imports(); -var log = imports.log || require('../util/log'); -var bitcoreDefaults = imports.config || require('../config'); -var Connection = imports.Connection || require ('./Connection'); -var Peer = imports.Peer || require('./Peer'); - -GetAdjustedTime = imports.GetAdjustedTime || function () { - // TODO: Implement actual adjustment - return Math.floor(new Date().getTime() / 1000); -}; - -function PeerManager(config) { - // extend defaults with config - this.config = config || {}; - for (var i in bitcoreDefaults) - if (bitcoreDefaults.hasOwnProperty(i) && this.config[i] === undefined) - this.config[i] = bitcoreDefaults[i]; - - this.active = false; - this.timer = null; - - this.peers = []; - this.pool = []; - this.connections = []; - this.isConnected = false; - this.peerDiscovery = false; - - // Move these to the Node's settings object - this.interval = 5000; - this.minConnections = 8; - this.minKnownPeers = 10; - - // keep track of tried seeds and results - this.seeds = { - resolved: [], - failed: [] - }; -} - -PeerManager.parent = imports.parent || require('events').EventEmitter; -PeerManager.Connection = Connection; - -PeerManager.prototype.start = function() { - this.active = true; - if(!this.timer) { - this.timer = setInterval(this.checkStatus.bind(this), this.interval); - } -}; - -PeerManager.prototype.stop = function() { - this.active = false; - if(this.timer) { - clearInterval(this.timer); - this.timer = null; - } - for(var i=0; i= 31402 || this.peers.length < 1000)) { - e.conn.sendGetAddr(); - e.conn.getaddr = true; - } -}; - -PeerManager.prototype.handleReady = function (e) { - log.info('connected to '+e.conn.peer.host+':'+e.conn.peer.port); - this.emit('connect', { - pm: this, - conn: e.conn, - socket: e.socket, - peer: e.peer - }); - - if(this.isConnected == false) { - this.emit('netConnected', e); - this.isConnected = true; - } -}; - -PeerManager.prototype.handleAddr = function (e) { - if(!this.peerDiscovery) return; - - var now = GetAdjustedTime(); - e.message.addrs.forEach(function (addr) { - try { - // In case of an invalid time, assume "5 days ago" - if (addr.time <= 100000000 || addr.time > (now + 10 * 60)) { - addr.time = now - 5 * 24 * 60 * 60; - } - var peer = new Peer(addr.ip, addr.port, addr.services); - peer.lastSeen = addr.time; - - // TODO: Handle duplicate peers - this.peers.push(peer); - - // TODO: Handle addr relay - } catch(e) { - log.warn("Invalid addr received: "+e.message); - } - }.bind(this)); - if (e.message.addrs.length < 1000 ) { - e.conn.getaddr = false; - } -}; - -PeerManager.prototype.handleGetAddr = function(e) { - // TODO: Reply with addr message. -}; - -PeerManager.prototype.handleError = function(e) { - log.err('unkown error with peer '+e.peer+' (disconnecting): '+e.err); - this.handleDisconnect.apply(this, [].slice.call(arguments)); -}; - -PeerManager.prototype.handleDisconnect = function(e) { - log.info('disconnected from peer ' + e.peer); - var i = this.connections.indexOf(e.conn); - if(i != -1) this.connections.splice(i, 1); - - this.removePeer(e.peer); - if (this.pool.length) { - log.info('replacing peer using the pool of ' + this.pool.length + ' seeds'); - this.addPeer(this.pool.pop()); - } - - if(!this.connections.length) { - this.emit('netDisconnected'); - this.isConnected = false; - } -}; - -PeerManager.prototype.getActiveConnection = function () { - var activeConnections = this.connections.filter(function (conn) { - return conn.active; - }); - - if (activeConnections.length) { - var randomIndex = Math.floor(Math.random()*activeConnections.length); - var candidate = activeConnections[randomIndex]; - if (candidate.socket.writable) { - return candidate; - } else { - // Socket is not writable, remove it from active connections - activeConnections.splice(randomIndex, 1); - - // Then try again - // TODO: This causes an infinite recursion when all connections are dead, - // although it shouldn't. - return this.getActiveConnection(); - } - } else { - return null; - } -}; - -PeerManager.prototype.getActiveConnections = function () { - return this.connections.slice(0); -}; - -PeerManager.prototype.discover = function(options, callback) { - var self = this; - var async = imports.async || require('async'); - var dns = imports.dns || require('dns'); - var networks = imports.networks || require('../networks'); - var seeds = networks[self.config.network].dnsSeeds; - - self.limit = options.limit || 12; - - var dnsExecutor = seeds.map(function(seed) { - return function(done) { - // have we already resolved this seed? - if (~self.seeds.resolved.indexOf(seed)) { - // if so, just pass back cached peer list - return done(null, self.seeds.results[seed]); - } - - // has this seed failed to resolve? - if (~self.seeds.failed.indexOf(seed)) { - // if so, pass back empty results - return done(null, []); - } - - log.info('resolving dns seed '+ seed); - - dns.resolve(seed, function(err, peers) { - if (err) { - log.err('failed to resolve dns seed '+ seed, err); - self.seeds.failed.push(seed); - return done(null, []); - } - - log.info('found '+ peers.length + ' peers from ' + seed); - self.seeds.resolved.push(seed); - - // transform that list into a list of Peer instances - peers = peers.map(function(ip) { - return new Peer(ip, networks[self.config.network].defaultClientPort); - }); - - peers.forEach(function(p) { - if (self.peers.length < self.limit) self.addPeer(p); - else self.pool.push(p); - }); - - self.emit('peers', peers); - - return done(null, peers); - }); - - }; - }); - - // try resolving all seeds - async.parallel(dnsExecutor, function(err, results) { - var peers = []; - - // consolidate all resolved peers into one list - results.forEach(function(peerlist) { - peers = peers.concat(peerlist); - }); - - if (typeof callback === 'function') callback(null, peers); - }); - - return self; -}; - -module.exports = require('soop')(PeerManager); - -},{"../config":"4itQ50","../networks":"ULNIu2","../util/log":"AdF7pF","./Connection":"DB/p3X","./Peer":"oolY81","async":73,"dns":81,"events":94,"soop":129}],"izTl9z":[function(require,module,exports){ -(function (Buffer){ -var imports = require('soop').imports(); - -var parent = imports.parent || require('../util/VersionedData'); -var networks= imports.networks || require('../networks'); - -//compressed is true if public key is compressed; false otherwise -function PrivateKey(version, buf, compressed) { - PrivateKey.super(this, arguments); - if (compressed !== undefined) - this.compressed(compressed); -}; - -PrivateKey.parent = parent; -parent.applyEncodingsTo(PrivateKey); - -PrivateKey.prototype.validate = function() { - this.doAsBinary(function() { - PrivateKey.super(this, 'validate', arguments); - if (this.data.length < 32 || (this.data.length > 1+32 && !this.compressed()) || (this.data.length==1+32+1 && this.data[1+32+1-1]!=1) || this.data.length>1+32+1) - throw new Error('invalid data length'); - }); - if (typeof this.network() === 'undefined') throw new Error('invalid network'); -}; - -// get or set the payload data (as a Buffer object) -// overloaded from VersionedData -PrivateKey.prototype.payload = function(data) { - if(data) { - this.doAsBinary(function() {data.copy(this.data,1);}); - return data; - } - var buf=this.as('binary'); - if (buf.length==1+32+1) - return buf.slice(1,1+32); - else if (buf.length==1+32) - return buf.slice(1); -}; - -// get or set whether the corresponding public key is compressed -PrivateKey.prototype.compressed = function(compressed) { - if (compressed !== undefined) { - this.doAsBinary(function(){ - var len=1+32+1; - if (compressed) { - var data=new Buffer(len); - this.data.copy(data); - this.data=data; - this.data[len-1]=1; - } else { - this.data=this.data.slice(0,len-1); - } - }); - } - else { - var len=1+32+1; - var data=this.as('binary'); - if (data.length==len && data[len-1]==1) - return true; - else if (data.length==len-1) - return false; - else - throw new Error('invalid private key'); - } -}; - -PrivateKey.prototype.network = function() { - var version = this.version(); - - var livenet = networks.livenet; - var testnet = networks.testnet; - - var answer; - if (version === livenet.privKeyVersion) - answer = livenet; - else if (version === testnet.privKeyVersion) - answer = testnet; - - return answer; -}; - -module.exports = require('soop')(PrivateKey); - -}).call(this,require("buffer").Buffer) -},{"../networks":"ULNIu2","../util/VersionedData":"QLzNQg","buffer":85,"soop":129}],"./lib/PrivateKey":[function(require,module,exports){ -module.exports=require('izTl9z'); -},{}],"./lib/RpcClient":[function(require,module,exports){ -module.exports=require('7siE1N'); -},{}],"7siE1N":[function(require,module,exports){ -(function (Buffer){ -// RpcClient.js -// MIT/X11-like license. See LICENSE.txt. -// Copyright 2013 BitPay, Inc. -// -var imports = require('soop').imports(); -var http = imports.http || require('http'); -var https = imports.https || require('https'); -var log = imports.log || require('../util/log'); - -function RpcClient(opts) { - opts = opts || {}; - this.host = opts.host || '127.0.0.1'; - this.port = opts.port || 8332; - this.user = opts.user || 'user'; - this.pass = opts.pass || 'pass'; - this.protocol = (opts.protocol == 'http') ? http : https; - this.batchedCalls = null; - this.disableAgent = opts.disableAgent || false; -} - -RpcClient.prototype.batch = function(batchCallback, resultCallback) { - this.batchedCalls = []; - batchCallback(); - rpc.call(this, this.batchedCalls, resultCallback); - this.batchedCalls = null; -} - -var callspec = { - addMultiSigAddress: '', - addNode: '', - backupWallet: '', - createMultiSig: '', - createRawTransaction: '', - decodeRawTransaction: '', - dumpPrivKey: '', - encryptWallet: '', - getAccount: '', - getAccountAddress: 'str', - getAddedNodeInfo: '', - getAddressesByAccount: '', - getBalance: 'str int', - getBestBlockHash: '', - getBlock: '', - getBlockCount: '', - getBlockHash: 'int', - getBlockNumber: '', - getBlockTemplate: '', - getConnectionCount: '', - getDifficulty: '', - getGenerate: '', - getHashesPerSec: '', - getInfo: '', - getMemoryPool: '', - getMiningInfo: '', - getNewAddress: '', - getPeerInfo: '', - getRawMemPool: '', - getRawTransaction: 'str int', - getReceivedByAccount: 'str int', - getReceivedByAddress: 'str int', - getTransaction: '', - getTxOut: 'str int bool', - getTxOutSetInfo: '', - getWork: '', - help: '', - importAddress: 'str str bool', - importPrivKey: 'str str bool', - keyPoolRefill: '', - listAccounts: 'int', - listAddressGroupings: '', - listReceivedByAccount: 'int bool', - listReceivedByAddress: 'int bool', - listSinceBlock: 'str int', - listTransactions: 'str int int', - listUnspent: 'int int', - listLockUnspent: 'bool', - lockUnspent: '', - move: 'str str float int str', - sendFrom: 'str str float int str str', - sendMany: 'str str int str', //not sure this is will work - sendRawTransaction: '', - sendToAddress: 'str float str str', - setAccount: '', - setGenerate: 'bool int', - setTxFee: 'float', - signMessage: '', - signRawTransaction: '', - stop: '', - submitBlock: '', - validateAddress: '', - verifyMessage: '', - walletLock: '', - walletPassPhrase: 'string int', - walletPassphraseChange: '', -}; - -var slice = function(arr, start, end) { - return Array.prototype.slice.call(arr, start, end); -}; - -function generateRPCMethods(constructor, apiCalls, rpc) { - function createRPCMethod(methodName, argMap) { - return function() { - var limit = arguments.length - 1; - if(this.batchedCalls) var limit = arguments.length; - for (var i=0; i 0 && opcode < Opcode.map.OP_PUSHDATA1) { - // Read some bytes of data, opcode value is the length of data - this.chunks.push(parser.buffer(opcode)); - } else if (opcode === Opcode.map.OP_PUSHDATA1) { - len = parser.word8(); - chunk = parser.buffer(len); - this.chunks.push(chunk); - } else if (opcode === Opcode.map.OP_PUSHDATA2) { - len = parser.word16le(); - chunk = parser.buffer(len); - this.chunks.push(chunk); - } else if (opcode === Opcode.map.OP_PUSHDATA4) { - len = parser.word32le(); - chunk = parser.buffer(len); - this.chunks.push(chunk); - } else { - this.chunks.push(opcode); - } - } -}; - -Script.prototype.isPushOnly = function() { - for (var i = 0; i < this.chunks.length; i++) { - var op = this.chunks[i]; - if (!Buffer.isBuffer(op) && op > Opcode.map.OP_16) { - return false; - } - } - - return true; -}; - -Script.prototype.isP2SH = function() { - return (this.chunks.length == 3 && - this.chunks[0] == Opcode.map.OP_HASH160 && - Buffer.isBuffer(this.chunks[1]) && - this.chunks[1].length == 20 && - this.chunks[2] == Opcode.map.OP_EQUAL); -}; - -Script.prototype.isPubkey = function() { - return (this.chunks.length == 2 && - Buffer.isBuffer(this.chunks[0]) && - this.chunks[1] == Opcode.map.OP_CHECKSIG); -}; - -Script.prototype.isPubkeyHash = function() { - return (this.chunks.length == 5 && - this.chunks[0] == Opcode.map.OP_DUP && - this.chunks[1] == Opcode.map.OP_HASH160 && - Buffer.isBuffer(this.chunks[2]) && - this.chunks[2].length == 20 && - this.chunks[3] == Opcode.map.OP_EQUALVERIFY && - this.chunks[4] == Opcode.map.OP_CHECKSIG); -}; - -function isSmallIntOp(opcode) { - return ((opcode == Opcode.map.OP_0) || - ((opcode >= Opcode.map.OP_1) && (opcode <= Opcode.map.OP_16))); -}; - -Script.prototype.isMultiSig = function() { - return (this.chunks.length > 3 && - isSmallIntOp(this.chunks[0]) && - this.chunks.slice(1,this.chunks.length-2).every(function(i){return Buffer.isBuffer(i);}) && - isSmallIntOp(this.chunks[this.chunks.length - 2]) && - this.chunks[this.chunks.length - 1] == Opcode.map.OP_CHECKMULTISIG); -}; - -Script.prototype.isP2shScriptSig = function() { - if( !isSmallIntOp(this.chunks[0]) || this.chunks[0] !==0 ) - return false; - - var redeemScript = new Script(this.chunks[this.chunks.length-1]); - var type=redeemScript.classify(); - return type !== TX_UNKNOWN; -}; - -Script.prototype.isMultiSigScriptSig = function() { - if( !isSmallIntOp(this.chunks[0]) || this.chunks[0] !==0 ) - return false; - return !this.isP2shScriptSig(); -}; - -Script.prototype.countSignatures = function() { - var ret = 0; - var l =this.chunks.length; - - // Multisig? - if (this.isMultiSigScriptSig()){ - ret = l - 1; - } - else if (this.isP2shScriptSig()) { - ret = l - 2; - } - // p2pubkey or p2pubkeyhash - else { - ret = buffertools.compare(this.getBuffer(), util.EMPTY_BUFFER)===0?0:1; - } - return ret; -}; - -Script.prototype.countMissingSignatures = function() { - if (this.isMultiSig()) { - log.debug("Can not count missing signatures on normal Multisig script"); - return null; - } - - var ret = 0; - var l =this.chunks.length; - // P2SH? - if (isSmallIntOp(this.chunks[0]) && this.chunks[0] ===0) { - var redeemScript = new Script(this.chunks[l-1]); - if (!isSmallIntOp(redeemScript.chunks[0])) { - log.debug("Unrecognized script type"); - } - else { - var nreq = redeemScript.chunks[0] - 80; //see OP_2-OP_16 - ret = nreq - (l - 2); // 2-> marked 0 + redeemScript - } - } - // p2pubkey or p2pubkeyhash - else { - if (buffertools.compare(this.getBuffer(), util.EMPTY_BUFFER) === 0) { - ret = 1; - } - } - return ret; -}; - -Script.prototype.finishedMultiSig = function() { - var missing = this.countMissingSignatures(); - if (missing === null) return null; - - return missing === 0; -}; - -Script.prototype.getMultiSigInfo = function() { - if (!this.isMultiSig()) { - throw new Error("Script.getMultiSigInfo(): Not a multiSig script."); - } - - var nsigs = this.chunks[0] - 80; //see OP_2-OP_16; - var npubkeys = this.chunks[this.chunks.length - 2] - 80; //see OP_2-OP_16; - - var pubkeys = []; - for (var i = 1; i < this.chunks.length - 2; i++) { - pubkeys.push(this.chunks[i]); - } - - if (pubkeys.length != npubkeys) { - throw new Error("Script.getMultiSigInfo(): Amount of PKs does not match what the script specifies."); - } - - return { - nsigs : nsigs, - npubkeys : npubkeys, - pubkeys : pubkeys - } -}; - -Script.prototype.prependOp0 = function() { - var chunks = [0]; - for (i in this.chunks) { - if (this.chunks.hasOwnProperty(i)) { - chunks.push(this.chunks[i]); - } - } - this.chunks = chunks; - this.updateBuffer(); - return this; -}; - -// is this a script form we know? -Script.prototype.classify = function() { - if (this.isPubkeyHash()) - return TX_PUBKEYHASH; - if (this.isP2SH()) - return TX_SCRIPTHASH; - if (this.isMultiSig()) - return TX_MULTISIG; - if (this.isPubkey()) - return TX_PUBKEY; - return TX_UNKNOWN; -}; - -// extract useful data items from known scripts -Script.prototype.capture = function() { - var txType = this.classify(); - var res = []; - switch (txType) { - case TX_PUBKEY: - res.push(this.chunks[0]); - break; - case TX_PUBKEYHASH: - res.push(this.chunks[2]); - break; - case TX_MULTISIG: - for (var i = 1; i < (this.chunks.length - 2); i++) - res.push(this.chunks[i]); - break; - case TX_SCRIPTHASH: - res.push(this.chunks[1]); - break; - - case TX_UNKNOWN: - default: - // do nothing - break; - } - - return res; -}; - -// return first extracted data item from script -Script.prototype.captureOne = function() { - var arr = this.capture(); - return arr[0]; -}; - -Script.prototype.getOutType = function() { - var txType = this.classify(); - switch (txType) { - case TX_PUBKEY: - return 'Pubkey'; - case TX_PUBKEYHASH: - return 'Address'; - default: - return 'Strange'; - } -}; - -Script.prototype.getRawOutType = function() { - return TX_TYPES[this.classify()]; -}; - -Script.prototype.simpleOutHash = function() { - switch (this.getOutType()) { - case 'Address': - return this.chunks[2]; - case 'Pubkey': - return util.sha256ripe160(this.chunks[0]); - default: - log.debug("Encountered non-standard scriptPubKey"); - log.debug("Strange script was: " + this.toString()); - return null; - } -}; - -Script.prototype.getInType = function() { - if (this.chunks.length == 1) { - // Direct IP to IP transactions only have the public key in their scriptSig. - return 'Pubkey'; - } else if (this.chunks.length == 2 && - Buffer.isBuffer(this.chunks[0]) && - Buffer.isBuffer(this.chunks[1])) { - return 'Address'; - } else { - return 'Strange'; - } -}; - -Script.prototype.simpleInPubKey = function() { - switch (this.getInType()) { - case 'Address': - return this.chunks[1]; - case 'Pubkey': - return null; - default: - log.debug("Encountered non-standard scriptSig"); - log.debug("Strange script was: " + this.toString()); - return null; - } -}; - -Script.prototype.getBuffer = function() { - return this.buffer; -}; - -Script.prototype.serialize = Script.prototype.getBuffer; - -Script.prototype.getStringContent = function(truncate, maxEl) { - if (truncate === null) { - truncate = true; - } - - if ('undefined' === typeof maxEl) { - maxEl = 15; - } - - var s = ''; - for (var i = 0, l = this.chunks.length; i < l; i++) { - var chunk = this.chunks[i]; - - if (i > 0) { - s += ' '; - } - - if (Buffer.isBuffer(chunk)) { - s += '0x' + util.formatBuffer(chunk, truncate ? null : 0); - } else { - s += Opcode.reverseMap[chunk]; - } - - if (maxEl && i > maxEl) { - s += ' ...'; - break; - } - } - return s; -}; - -Script.prototype.toString = function(truncate, maxEl) { - var script = "