lukechilds
/
bitcoinjs-lib
mirror of https://github.com/lukechilds/bitcoinjs-lib.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge pull request #456 from bitcoinjs/nomessage 

Remove message module
hk-custom-address
JP Richardson 8 years ago
committed by GitHub
parent
80b1b50155 de6671ecaa
commit
038c0f08d2
9 changed files with 5 additions and 437 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 8
      README.md
  2. 85
      src/ecdsa.js
  3. 1
      src/index.js
  4. 54
      src/message.js
  5. 51
      test/ecdsa.js
  6. 72
      test/fixtures/ecdsa.json
  7. 86
      test/fixtures/message.json
  8. 21
      test/integration/advanced.js
  9. 64
      test/message.js

8
README.md
View File

@ -100,11 +100,9 @@ The below examples are implemented as integration tests, they should be very eas
- [Generate a random address](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/basic.js#L9)
- [Generate a address from a SHA256 hash](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/basic.js#L20)
- [Generate a address and WIF for Litecoin](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/basic.js#L30)
- [Import an address via WIF](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/basic.js#L44)
- [Create a Transaction](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/basic.js#L51)
- [Sign a Bitcoin message](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/advanced.js#L8)
- [Verify a Bitcoin message](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/advanced.js#L16)
- [Generate a address and WIF for Litecoin](https://github.com/bitcoin/bitcoinjs-lib/blob/master/test/integration/basic.js#L29)
- [Import an address via WIF](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/basic.js#L43)
- [Create a Transaction](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/basic.js#L50)
- [Create an OP RETURN transaction](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/advanced.js#L24)
- [Create a 2-of-3 multisig P2SH address](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/multisig.js#L9)
- [Spend from a 2-of-4 multisig P2SH address](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/multisig.js#L25)

85
src/ecdsa.js
View File

@ -154,93 +154,8 @@ function verify (hash, signature, Q) {
return v.equals(r)
}
/**
* Recover a public key from a signature.
*
* See SEC 1: Elliptic Curve Cryptography, section 4.1.6, "Public
* Key Recovery Operation".
*
* http://www.secg.org/download/aid-780/sec1-v2.pdf
*/
function recoverPubKey (e, signature, i) {
typeforce(types.tuple(
types.BigInt,
types.ECSignature,
types.UInt2
), arguments)
var n = secp256k1.n
var G = secp256k1.G
var r = signature.r
var s = signature.s
if (r.signum() <= 0 || r.compareTo(n) >= 0) throw new Error('Invalid r value')
if (s.signum() <= 0 || s.compareTo(n) >= 0) throw new Error('Invalid s value')
// A set LSB signifies that the y-coordinate is odd
var isYOdd = i & 1
// The more significant bit specifies whether we should use the
// first or second candidate key.
var isSecondKey = i >> 1
// 1.1 Let x = r + jn
var x = isSecondKey ? r.add(n) : r
var R = secp256k1.pointFromX(isYOdd, x)
// 1.4 Check that nR is at infinity
var nR = R.multiply(n)
if (!secp256k1.isInfinity(nR)) throw new Error('nR is not a valid curve point')
// Compute r^-1
var rInv = r.modInverse(n)
// Compute -e from e
var eNeg = e.negate().mod(n)
// 1.6.1 Compute Q = r^-1 (sR - eG)
// Q = r^-1 (sR + -eG)
var Q = R.multiplyTwo(s, G, eNeg).multiply(rInv)
secp256k1.validate(Q)
return Q
}
/**
* Calculate pubkey extraction parameter.
*
* When extracting a pubkey from a signature, we have to
* distinguish four different cases. Rather than putting this
* burden on the verifier, Bitcoin includes a 2-bit value with the
* signature.
*
* This function simply tries all four cases and returns the value
* that resulted in a successful pubkey recovery.
*/
function calcPubKeyRecoveryParam (e, signature, Q) {
typeforce(types.tuple(
types.BigInt,
types.ECSignature,
types.ECPoint
), arguments)
for (var i = 0; i < 4; i++) {
var Qprime = recoverPubKey(e, signature, i)
// 1.6.2 Verify Q
if (Qprime.equals(Q)) {
return i
}
}
throw new Error('Unable to find valid recovery factor')
}
module.exports = {
calcPubKeyRecoveryParam: calcPubKeyRecoveryParam,
deterministicGenerateK: deterministicGenerateK,
recoverPubKey: recoverPubKey,
sign: sign,
verify: verify,

1
src/index.js
View File

@ -9,7 +9,6 @@ module.exports = {
address: require('./address'),
bufferutils: require('./bufferutils'),
crypto: require('./crypto'),
message: require('./message'),
networks: require('./networks'),
opcodes: require('./opcodes.json'),
script: require('./script')

54
src/message.js
View File

@ -1,54 +0,0 @@
var bufferutils = require('./bufferutils')
var bcrypto = require('./crypto')
var ecdsa = require('./ecdsa')
var networks = require('./networks')
var BigInteger = require('bigi')
var ECPair = require('./ecpair')
var ECSignature = require('./ecsignature')
function magicHash (message, network) {
var messagePrefix = new Buffer(network.messagePrefix)
var messageBuffer = new Buffer(message)
var lengthBuffer = bufferutils.varIntBuffer(messageBuffer.length)
var buffer = Buffer.concat([messagePrefix, lengthBuffer, messageBuffer])
return bcrypto.hash256(buffer)
}
function sign (keyPair, message, network) {
network = network || networks.bitcoin
var hash = magicHash(message, network)
var signature = keyPair.sign(hash)
var e = BigInteger.fromBuffer(hash)
var i = ecdsa.calcPubKeyRecoveryParam(e, signature, keyPair.Q)
return signature.toCompact(i, keyPair.compressed)
}
function verify (address, signature, message, network) {
if (!Buffer.isBuffer(signature)) {
signature = new Buffer(signature, 'base64')
}
network = network || networks.bitcoin
var hash = magicHash(message, network)
var parsed = ECSignature.parseCompact(signature)
var e = BigInteger.fromBuffer(hash)
var Q = ecdsa.recoverPubKey(e, parsed.signature, parsed.i)
var keyPair = new ECPair(null, Q, {
compressed: parsed.compressed,
network: network
})
return keyPair.getAddress() === address
}
module.exports = {
magicHash: magicHash,
sign: sign,
verify: verify
}

51
test/ecdsa.js
View File

@ -3,8 +3,6 @@
var assert = require('assert')
var bcrypto = require('../src/crypto')
var ecdsa = require('../src/ecdsa')
var message = require('../src/message')
var networks = require('../src/networks')
var sinon = require('sinon')
var BigInteger = require('bigi')
@ -83,55 +81,6 @@ describe('ecdsa', function () {
})
})
describe('recoverPubKey', function () {
fixtures.valid.ecdsa.forEach(function (f) {
it('recovers the pubKey for ' + f.d, function () {
var d = BigInteger.fromHex(f.d)
var Q = curve.G.multiply(d)
var signature = ECSignature.fromDER(new Buffer(f.signature, 'hex'))
var h1 = bcrypto.sha256(f.message)
var e = BigInteger.fromBuffer(h1)
var Qprime = ecdsa.recoverPubKey(e, signature, f.i)
assert(Qprime.equals(Q))
})
})
describe('with i ∈ {0,1,2,3}', function () {
var hash = message.magicHash('1111', networks.bitcoin)
var e = BigInteger.fromBuffer(hash)
var signatureBuffer = new Buffer('INcvXVVEFyIfHLbDX+xoxlKFn3Wzj9g0UbhObXdMq+YMKC252o5RHFr0/cKdQe1WsBLUBi4morhgZ77obDJVuV0=', 'base64')
var signature = ECSignature.parseCompact(signatureBuffer).signature
var points = [
'03e3a8c44a8bf712f1fbacee274fb19c0239b1a9e877eff0075ea335f2be8ff380',
'0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798',
'03d49e765f0bc27525c51a1b98fb1c99dacd59abe85a203af90f758260550b56c5',
'027eea09d46ac7fb6aa2e96f9c576677214ffdc238eb167734a9b39d1eb4c3d30d'
]
points.forEach(function (expectedHex, i) {
it('recovers an expected point for i of ' + i, function () {
var Qprime = ecdsa.recoverPubKey(e, signature, i)
var QprimeHex = Qprime.getEncoded().toString('hex')
assert.strictEqual(QprimeHex, expectedHex)
})
})
})
fixtures.invalid.recoverPubKey.forEach(function (f) {
it('throws on ' + f.description + ' (' + f.exception + ')', function () {
var e = BigInteger.fromHex(f.e)
var signature = new ECSignature(new BigInteger(f.signatureRaw.r, 16), new BigInteger(f.signatureRaw.s, 16))
assert.throws(function () {
ecdsa.recoverPubKey(e, signature, f.i)
}, new RegExp(f.exception))
})
})
})
describe('sign', function () {
fixtures.valid.ecdsa.forEach(function (f) {
it('produces a deterministic signature for "' + f.message + '"', function () {

72
test/fixtures/ecdsa.json
View File

@ -125,78 +125,6 @@
]
},
"invalid": {
"recoverPubKey": [
{
"description": "Invalid r value (< 0)",
"exception": "Invalid r value",
"e": "01",
"signatureRaw": {
"r": "-01",
"s": "02"
},
"i": 0
},
{
"description": "Invalid r value (== 0)",
"exception": "Invalid r value",
"e": "01",
"signatureRaw": {
"r": "00",
"s": "02"
},
"i": 0
},
{
"description": "Invalid s value (< 0)",
"exception": "Invalid s value",
"e": "01",
"signatureRaw": {
"r": "02",
"s": "-01"
},
"i": 0
},
{
"description": "Invalid s value (== 0)",
"exception": "Invalid s value",
"e": "01",
"signatureRaw": {
"r": "02",
"s": "00"
},
"i": 0
},
{
"description": "Invalid r value (nR is infinity)",
"exception": "nR is not a valid curve point",
"e": "01",
"signatureRaw": {
"r": "fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140",
"s": "01"
},
"i": 0
},
{
"description": "Invalid curve point",
"exception": "Point is not on the curve",
"e": "01",
"signatureRaw": {
"r": "4b3b4ca85a86c47a098a223fffffffff",
"s": "01"
},
"i": 0
},
{
"description": "Invalid i value (> 3)",
"exception": "Expected property \"2\" of type UInt2, got Number 4",
"e": "01",
"signatureRaw": {
"r": "00",
"s": "02"
},
"i": 4
}
],
"verify": [
{
"description": "The wrong signature",

86
test/fixtures/message.json
View File

@ -1,86 +0,0 @@
{
"valid": {
"magicHash": [
{
"network": "bitcoin",
"message": "",
"magicHash": "80e795d4a4caadd7047af389d9f7f220562feb6196032e2131e10563352c4bcc"
},
{
"network": "bitcoin",
"message": "Vires is Numeris",
"magicHash": "f8a5affbef4a3241b19067aa694562f64f513310817297089a8929a930f4f933"
},
{
"network": "dogecoin",
"message": "Vires is Numeris",
"magicHash": "c0963d20d0accd0ea0df6c1020bf85a7e629a40e7b5363f2c3e9dcafd5638f12"
}
],
"verify": [
{
"message": "vires is numeris",
"network": "bitcoin",
"address": "16UwLL9Risc3QfPqBUvKofHmBQ7wMtjvM",
"signature": "G8JawPtQOrybrSP1WHQnQPr67B9S3qrxBrl1mlzoTJOSHEpmnF7D3+t+LX0Xei9J20B5AIdPbeL3AaTBZ4N3bY0=",
"compressed": {
"address": "1PMycacnJaSqwwJqjawXBErnLsZ7RkXUAs",
"signature": "H8JawPtQOrybrSP1WHQnQPr67B9S3qrxBrl1mlzoTJOSHEpmnF7D3+t+LX0Xei9J20B5AIdPbeL3AaTBZ4N3bY0="
}
},
{
"message": "vires is numeris",
"network": "dogecoin",
"address": "DFpN6QqFfUm3gKNaxN6tNcab1FArL9cZLE",
"signature": "H6k+dZwJ8oOei3PCSpdj603fDvhlhQ+sqaFNIDvo/bI+Xh6zyIKGzZpyud6YhZ1a5mcrwMVtTWL+VXq/hC5Zj7s="
}
],
"signing": [
{
"description": "gives equal r, s values irrespective of point compression",
"message": "vires is numeris",
"network": "bitcoin",
"d": "1",
"signature": "HF8nHqFr3K2UKYahhX3soVeoW8W1ECNbr0wfck7lzyXjCS5Q16Ek45zyBuy1Fiy9sTPKVgsqqOuPvbycuVSSVl8=",
"compressed": {
"signature": "IF8nHqFr3K2UKYahhX3soVeoW8W1ECNbr0wfck7lzyXjCS5Q16Ek45zyBuy1Fiy9sTPKVgsqqOuPvbycuVSSVl8="
}
},
{
"description": "supports alternative networks",
"message": "vires is numeris",
"network": "dogecoin",
"d": "1",
"signature": "G6k+dZwJ8oOei3PCSpdj603fDvhlhQ+sqaFNIDvo/bI+Xh6zyIKGzZpyud6YhZ1a5mcrwMVtTWL+VXq/hC5Zj7s="
}
]
},
"invalid": {
"verify": [
{
"description": "will fail for the wrong message",
"message": "foobar",
"address": "16UwLL9Risc3QfPqBUvKofHmBQ7wMtjvM",
"signature": "G8JawPtQOrybrSP1WHQnQPr67B9S3qrxBrl1mlzoTJOSHEpmnF7D3+t+LX0Xei9J20B5AIdPbeL3AaTBZ4N3bY0="
},
{
"description": "will fail for the wrong address",
"message": "vires is numeris",
"address": "1111111111111111111114oLvT2",
"signature": "H8JawPtQOrybrSP1WHQnQPr67B9S3qrxBrl1mlzoTJOSHEpmnF7D3+t+LX0Xei9J20B5AIdPbeL3AaTBZ4N3bY0="
},
{
"description": "does not cross verify (uncompressed address, compressed signature)",
"message": "vires is numeris",
"address": "16UwLL9Risc3QfPqBUvKofHmBQ7wMtjvM",
"signature": "H8JawPtQOrybrSP1WHQnQPr67B9S3qrxBrl1mlzoTJOSHEpmnF7D3+t+LX0Xei9J20B5AIdPbeL3AaTBZ4N3bY0="
},
{
"description": "does not cross verify (compressed address, uncompressed signature)",
"message": "vires is numeris",
"address": "1PMycacnJaSqwwJqjawXBErnLsZ7RkXUAs",
"signature": "G8JawPtQOrybrSP1WHQnQPr67B9S3qrxBrl1mlzoTJOSHEpmnF7D3+t+LX0Xei9J20B5AIdPbeL3AaTBZ4N3bY0="
}
]
}
}

21
test/integration/advanced.js
View File

@ -1,28 +1,11 @@
/* global describe, it */
var assert = require('assert')
var bitcoin = require('../../')
var blockchain = require('./_blockchain')
describe('bitcoinjs-lib (advanced)', function () {
it('can sign a Bitcoin message', function () {
var keyPair = bitcoin.ECPair.fromWIF('5KYZdUEo39z3FPrtuX2QbbwGnNP5zTd7yyr2SC1j299sBCnWjss')
var message = 'This is an example of a signed message.'
var signature = bitcoin.message.sign(keyPair, message)
assert.strictEqual(signature.toString('base64'), 'G9L5yLFjti0QTHhPyFrZCT1V/MMnBtXKmoiKDZ78NDBjERki6ZTQZdSMCtkgoNmp17By9ItJr8o7ChX0XxY91nk=')
})
it('can verify a Bitcoin message', function () {
var address = '1HZwkjkeaoZfTSaJxDw6aKkxp45agDiEzN'
var signature = 'HJLQlDWLyb1Ef8bQKEISzFbDAKctIlaqOpGbrk3YVtRsjmC61lpE5ErkPRUFtDKtx98vHFGUWlFhsh3DiW6N0rE'
var message = 'This is an example of a signed message.'
assert(bitcoin.message.verify(address, signature, message))
})
it('can create a transaction using OP_RETURN', function (done) {
this.timeout(30000)
it('can create an OP_RETURN transaction', function (done) {
this.timeout(20000)
var network = bitcoin.networks.testnet
var keyPair = bitcoin.ECPair.makeRandom({ network: network })

64
test/message.js
View File

@ -1,64 +0,0 @@
/* global describe, it */
var assert = require('assert')
var message = require('../src/message')
var networks = require('../src/networks')
var BigInteger = require('bigi')
var ECPair = require('../src/ecpair')
var fixtures = require('./fixtures/message.json')
describe('message', function () {
describe('magicHash', function () {
fixtures.valid.magicHash.forEach(function (f) {
it('produces the correct magicHash for "' + f.message + '" (' + f.network + ')', function () {
var network = networks[f.network]
var actual = message.magicHash(f.message, network)
assert.strictEqual(actual.toString('hex'), f.magicHash)
})
})
})
describe('verify', function () {
fixtures.valid.verify.forEach(function (f) {
it('verifies a valid signature for "' + f.message + '" (' + f.network + ')', function () {
var network = networks[f.network]
assert(message.verify(f.address, f.signature, f.message, network))
if (f.compressed) {
assert(message.verify(f.compressed.address, f.compressed.signature, f.message, network))
}
})
})
fixtures.invalid.verify.forEach(function (f) {
it(f.description, function () {
assert(!message.verify(f.address, f.signature, f.message))
})
})
})
describe('signing', function () {
fixtures.valid.signing.forEach(function (f) {
it(f.description, function () {
var network = networks[f.network]
var keyPair = new ECPair(new BigInteger(f.d), null, {
compressed: false
})
var signature = message.sign(keyPair, f.message, network)
assert.strictEqual(signature.toString('base64'), f.signature)
if (f.compressed) {
var compressedPrivKey = new ECPair(new BigInteger(f.d))
var compressedSignature = message.sign(compressedPrivKey, f.message)
assert.strictEqual(compressedSignature.toString('base64'), f.compressed.signature)
}
})
})
})
})
Write Preview
Loading…
Cancel
Save