bitcoinjs-lib/src/ecsignature.js

var assert = require('assert')
var typeforce = require('typeforce')
var types = require('./types')

var BigInteger = require('bigi')

function ECSignature (r, s) {
  typeforce(types.BigInt, r)
  typeforce(types.BigInt, s)

  this.r = r
  this.s = s
}

ECSignature.parseCompact = function (buffer) {
  assert.equal(buffer.length, 65, 'Invalid signature length')
  var i = buffer.readUInt8(0) - 27

  // At most 3 bits
  assert.equal(i, i & 7, 'Invalid signature parameter')
  var compressed = !!(i & 4)

  // Recovery param only
  i = i & 3

  var r = BigInteger.fromBuffer(buffer.slice(1, 33))
  var s = BigInteger.fromBuffer(buffer.slice(33))

  return {
    compressed: compressed,
    i: i,
    signature: new ECSignature(r, s)
  }
}

// Strict DER - https://github.com/bitcoin/bips/blob/master/bip-0066.mediawiki
// NOTE: SIGHASH byte ignored
ECSignature.fromDER = function (buffer) {
  // Format: 0x30 [total-length] 0x02 [R-length] [R] 0x02 [S-length] [S]
  if (buffer.length < 8) throw new Error('DER sequence too short')
  if (buffer.length > 72) throw new Error('DER sequence too long')
  if (buffer[0] !== 0x30) throw new Error('Not a DER sequence')
  if (buffer[1] !== buffer.length - 2) throw new Error('Invalid sequence length')
  if (buffer[2] !== 0x02) throw new Error('Expected a DER integer')

  var lenR = buffer.readUInt8(3)
  if (lenR === 0) throw new Error('R length is zero')
  if (5 + lenR >= buffer.length) throw new Error('Invalid DER encoding')
  if (buffer[4 + lenR] !== 0x02) throw new Error('Expected a DER integer (2)')

  var lenS = buffer[5 + lenR]
  if (lenS === 0) throw new Error('S length is zero')
  if ((lenR + lenS + 6) !== buffer.length) throw new Error('Invalid DER encoding (2)')

  if (buffer[4] & 0x80) throw new Error('R value is negative')
  if (lenR > 1 && (buffer[4] === 0x00) && !(buffer[5] & 0x80)) throw new Error('R value excessively padded')

  if (buffer[lenR + 6] & 0x80) throw new Error('S value is negative')
  if (lenS > 1 && (buffer[lenR + 6] === 0x00) && !(buffer[lenR + 7] & 0x80)) throw new Error('S value excessively padded')

  // non-BIP66 - extract R, S values
  var rB = buffer.slice(4, 4 + lenR)
  var sB = buffer.slice(lenR + 6)
  var r = BigInteger.fromDERInteger(rB)
  var s = BigInteger.fromDERInteger(sB)

  return new ECSignature(r, s)
}

// BIP62: 1 byte hashType flag (only 0x01, 0x02, 0x03, 0x81, 0x82 and 0x83 are allowed)
ECSignature.parseScriptSignature = function (buffer) {
  var hashType = buffer.readUInt8(buffer.length - 1)
  var hashTypeMod = hashType & ~0x80

  if (hashTypeMod <= 0x00 || hashTypeMod >= 0x04) throw new Error('Invalid hashType ' + hashType)

  return {
    signature: ECSignature.fromDER(buffer.slice(0, -1)),
    hashType: hashType
  }
}

ECSignature.prototype.toCompact = function (i, compressed) {
  if (compressed) {
    i += 4
  }

  i += 27

  var buffer = new Buffer(65)
  buffer.writeUInt8(i, 0)

  this.r.toBuffer(32).copy(buffer, 1)
  this.s.toBuffer(32).copy(buffer, 33)

  return buffer
}

ECSignature.prototype.toDER = function () {
  var rBa = this.r.toDERInteger()
  var sBa = this.s.toDERInteger()

  var sequence = []

  // INTEGER
  sequence.push(0x02, rBa.length)
  sequence = sequence.concat(rBa)

  // INTEGER
  sequence.push(0x02, sBa.length)
  sequence = sequence.concat(sBa)

  // SEQUENCE
  sequence.unshift(0x30, sequence.length)

  return new Buffer(sequence)
}

ECSignature.prototype.toScriptSignature = function (hashType) {
  var hashTypeMod = hashType & ~0x80
  assert(hashTypeMod > 0x00 && hashTypeMod < 0x04, 'Invalid hashType ' + hashType)

  var hashTypeBuffer = new Buffer(1)
  hashTypeBuffer.writeUInt8(hashType, 0)

  return Buffer.concat([this.toDER(), hashTypeBuffer])
}

module.exports = ECSignature
ecdsa: moved all signature encoding to ECSignature 11 years ago			`var assert = require('assert')`
add types 10 years ago			`var typeforce = require('typeforce')`
			`var types = require('./types')`
types: enforce consistent type checking 11 years ago
ecdsa: moved all signature encoding to ECSignature 11 years ago			`var BigInteger = require('bigi')`

use standardjs formatting 10 years ago			`function ECSignature (r, s) {`
add types 10 years ago			`typeforce(types.BigInt, r)`
			`typeforce(types.BigInt, s)`
types: enforce consistent type checking 11 years ago
ecdsa: moved all signature encoding to ECSignature 11 years ago			`this.r = r`
			`this.s = s`
			`}`

use standardjs formatting 10 years ago			`ECSignature.parseCompact = function (buffer) {`
ecdsa: moved all signature encoding to ECSignature 11 years ago			`assert.equal(buffer.length, 65, 'Invalid signature length')`
			`var i = buffer.readUInt8(0) - 27`

			`// At most 3 bits`
			`assert.equal(i, i & 7, 'Invalid signature parameter')`
			`var compressed = !!(i & 4)`

			`// Recovery param only`
			`i = i & 3`

			`var r = BigInteger.fromBuffer(buffer.slice(1, 33))`
			`var s = BigInteger.fromBuffer(buffer.slice(33))`

			`return {`
			`compressed: compressed,`
			`i: i,`
			`signature: new ECSignature(r, s)`
			`}`
			`}`

adhere more closely to BIP66 10 years ago			`// Strict DER - https://github.com/bitcoin/bips/blob/master/bip-0066.mediawiki`
			`// NOTE: SIGHASH byte ignored`
use standardjs formatting 10 years ago			`ECSignature.fromDER = function (buffer) {`
ECSignature: account for SIGHASH being ignored 10 years ago			`// Format: 0x30 [total-length] 0x02 [R-length] [R] 0x02 [S-length] [S]`
			`if (buffer.length < 8) throw new Error('DER sequence too short')`
			`if (buffer.length > 72) throw new Error('DER sequence too long')`
adhere more closely to BIP66 10 years ago			`if (buffer[0] !== 0x30) throw new Error('Not a DER sequence')`
			`if (buffer[1] !== buffer.length - 2) throw new Error('Invalid sequence length')`
			`if (buffer[2] !== 0x02) throw new Error('Expected a DER integer')`
ECSignature: fixes for canonical signatures 11 years ago
adhere more closely to BIP66 10 years ago			`var lenR = buffer.readUInt8(3)`
			`if (lenR === 0) throw new Error('R length is zero')`
			`if (5 + lenR >= buffer.length) throw new Error('Invalid DER encoding')`
			`if (buffer[4 + lenR] !== 0x02) throw new Error('Expected a DER integer (2)')`

			`var lenS = buffer[5 + lenR]`
			`if (lenS === 0) throw new Error('S length is zero')`
			`if ((lenR + lenS + 6) !== buffer.length) throw new Error('Invalid DER encoding (2)')`
ECSignature: fixes for canonical signatures 11 years ago
adhere more closely to BIP66 10 years ago			`if (buffer[4] & 0x80) throw new Error('R value is negative')`
			`if (lenR > 1 && (buffer[4] === 0x00) && !(buffer[5] & 0x80)) throw new Error('R value excessively padded')`

			`if (buffer[lenR + 6] & 0x80) throw new Error('S value is negative')`
			`if (lenS > 1 && (buffer[lenR + 6] === 0x00) && !(buffer[lenR + 7] & 0x80)) throw new Error('S value excessively padded')`

			`// non-BIP66 - extract R, S values`
			`var rB = buffer.slice(4, 4 + lenR)`
			`var sB = buffer.slice(lenR + 6)`
ecdsa: moved all signature encoding to ECSignature 11 years ago			`var r = BigInteger.fromDERInteger(rB)`
			`var s = BigInteger.fromDERInteger(sB)`

			`return new ECSignature(r, s)`
			`}`

ECSignature: enforce valid hashType in toScriptSignature 10 years ago			`// BIP62: 1 byte hashType flag (only 0x01, 0x02, 0x03, 0x81, 0x82 and 0x83 are allowed)`
use standardjs formatting 10 years ago			`ECSignature.parseScriptSignature = function (buffer) {`
ECSignature: fixes for canonical signatures 11 years ago			`var hashType = buffer.readUInt8(buffer.length - 1)`
			`var hashTypeMod = hashType & ~0x80`

ECSignature: further avoidance of assert 10 years ago			`if (hashTypeMod <= 0x00 \|\| hashTypeMod >= 0x04) throw new Error('Invalid hashType ' + hashType)`
ECSignature: fixes for canonical signatures 11 years ago
ecdsa: moved all signature encoding to ECSignature 11 years ago			`return {`
			`signature: ECSignature.fromDER(buffer.slice(0, -1)),`
ECSignature: fixes for canonical signatures 11 years ago			`hashType: hashType`
ecdsa: moved all signature encoding to ECSignature 11 years ago			`}`
			`}`

use standardjs formatting 10 years ago			`ECSignature.prototype.toCompact = function (i, compressed) {`
various: more standard-format artifact fixes 10 years ago			`if (compressed) {`
use standardjs formatting 10 years ago			`i += 4`
various: more standard-format artifact fixes 10 years ago			`}`

ecdsa: moved all signature encoding to ECSignature 11 years ago			`i += 27`

			`var buffer = new Buffer(65)`
			`buffer.writeUInt8(i, 0)`

			`this.r.toBuffer(32).copy(buffer, 1)`
			`this.s.toBuffer(32).copy(buffer, 33)`

			`return buffer`
			`}`

use standardjs formatting 10 years ago			`ECSignature.prototype.toDER = function () {`
ecdsa: moved all signature encoding to ECSignature 11 years ago			`var rBa = this.r.toDERInteger()`
			`var sBa = this.s.toDERInteger()`

			`var sequence = []`
ECSignature: avoid multiple push/unshift operations 11 years ago
			`// INTEGER`
			`sequence.push(0x02, rBa.length)`
ecdsa: moved all signature encoding to ECSignature 11 years ago			`sequence = sequence.concat(rBa)`

ECSignature: avoid multiple push/unshift operations 11 years ago			`// INTEGER`
			`sequence.push(0x02, sBa.length)`
ecdsa: moved all signature encoding to ECSignature 11 years ago			`sequence = sequence.concat(sBa)`

ECSignature: avoid multiple push/unshift operations 11 years ago			`// SEQUENCE`
			`sequence.unshift(0x30, sequence.length)`
ecdsa: moved all signature encoding to ECSignature 11 years ago
			`return new Buffer(sequence)`
			`}`

use standardjs formatting 10 years ago			`ECSignature.prototype.toScriptSignature = function (hashType) {`
ECSignature: enforce valid hashType in toScriptSignature 10 years ago			`var hashTypeMod = hashType & ~0x80`
			`assert(hashTypeMod > 0x00 && hashTypeMod < 0x04, 'Invalid hashType ' + hashType)`

ecdsa: moved all signature encoding to ECSignature 11 years ago			`var hashTypeBuffer = new Buffer(1)`
			`hashTypeBuffer.writeUInt8(hashType, 0)`

			`return Buffer.concat([this.toDER(), hashTypeBuffer])`
			`}`

			`module.exports = ECSignature`