ecdsa: fix indentation

src/ecdsa.js

@@ -4,269 +4,269 @@ var crypto = require('./crypto')
 var BigInteger = require('bigi')
 var ECPointFp = require('./ec').ECPointFp
 
-  function deterministicGenerateK(ecparams, hash, D) {
-    assert(Buffer.isBuffer(hash), 'Hash must be a Buffer, not ' + hash)
-    assert.equal(hash.length, 32, 'Hash must be 256 bit')
-    assert(D instanceof BigInteger, 'Private key must be a BigInteger')
-
-    var x = D.toBuffer(32)
-    var k = new Buffer(32)
-    var v = new Buffer(32)
-    k.fill(0)
-    v.fill(1)
-
-    k = crypto.HmacSHA256(Buffer.concat([v, new Buffer([0]), x, hash]), k)
-    v = crypto.HmacSHA256(v, k)
-
-    k = crypto.HmacSHA256(Buffer.concat([v, new Buffer([1]), x, hash]), k)
-    v = crypto.HmacSHA256(v, k)
-    v = crypto.HmacSHA256(v, k)
-
-    var n = ecparams.getN()
-    var kB = BigInteger.fromBuffer(v).mod(n)
-    assert(kB.compareTo(BigInteger.ONE) > 0, 'Invalid k value')
-    assert(kB.compareTo(ecparams.getN()) < 0, 'Invalid k value')
-
-    return kB
-  }
+function deterministicGenerateK(ecparams, hash, D) {
+  assert(Buffer.isBuffer(hash), 'Hash must be a Buffer, not ' + hash)
+  assert.equal(hash.length, 32, 'Hash must be 256 bit')
+  assert(D instanceof BigInteger, 'Private key must be a BigInteger')
+
+  var x = D.toBuffer(32)
+  var k = new Buffer(32)
+  var v = new Buffer(32)
+  k.fill(0)
+  v.fill(1)
+
+  k = crypto.HmacSHA256(Buffer.concat([v, new Buffer([0]), x, hash]), k)
+  v = crypto.HmacSHA256(v, k)
+
+  k = crypto.HmacSHA256(Buffer.concat([v, new Buffer([1]), x, hash]), k)
+  v = crypto.HmacSHA256(v, k)
+  v = crypto.HmacSHA256(v, k)
+
+  var n = ecparams.getN()
+  var kB = BigInteger.fromBuffer(v).mod(n)
+  assert(kB.compareTo(BigInteger.ONE) > 0, 'Invalid k value')
+  assert(kB.compareTo(ecparams.getN()) < 0, 'Invalid k value')
+
+  return kB
+}
 
-  function sign(ecparams, hash, D) {
-    var k = deterministicGenerateK(ecparams, hash, D)
+function sign(ecparams, hash, D) {
+  var k = deterministicGenerateK(ecparams, hash, D)
 
-    var n = ecparams.getN()
-    var G = ecparams.getG()
-    var Q = G.multiply(k)
-    var e = BigInteger.fromBuffer(hash)
+  var n = ecparams.getN()
+  var G = ecparams.getG()
+  var Q = G.multiply(k)
+  var e = BigInteger.fromBuffer(hash)
 
-    var r = Q.getX().toBigInteger().mod(n)
-    assert.notEqual(r.signum(), 0, 'Invalid R value')
+  var r = Q.getX().toBigInteger().mod(n)
+  assert.notEqual(r.signum(), 0, 'Invalid R value')
 
-    var s = k.modInverse(n).multiply(e.add(D.multiply(r))).mod(n)
-    assert.notEqual(s.signum(), 0, 'Invalid S value')
+  var s = k.modInverse(n).multiply(e.add(D.multiply(r))).mod(n)
+  assert.notEqual(s.signum(), 0, 'Invalid S value')
 
-    var N_OVER_TWO = n.shiftRight(1)
+  var N_OVER_TWO = n.shiftRight(1)
 
-    // enforce low S values, see bip62: 'low s values in signatures'
-    if (s.compareTo(N_OVER_TWO) > 0) {
-      s = n.subtract(s)
-    }
-
-    return {r: r, s: s}
+  // enforce low S values, see bip62: 'low s values in signatures'
+  if (s.compareTo(N_OVER_TWO) > 0) {
+    s = n.subtract(s)
   }
 
-  function verify(ecparams, hash, r, s, Q) {
-    var e = BigInteger.fromBuffer(hash)
+  return {r: r, s: s}
+}
 
-    return verifyRaw(ecparams, e, r, s, Q)
-  }
+function verify(ecparams, hash, r, s, Q) {
+  var e = BigInteger.fromBuffer(hash)
 
-  function verifyRaw(ecparams, e, r, s, Q) {
-    var n = ecparams.getN()
-    var G = ecparams.getG()
+  return verifyRaw(ecparams, e, r, s, Q)
+}
 
-    if (r.compareTo(BigInteger.ONE) < 0 || r.compareTo(n) >= 0) {
-      return false
-    }
+function verifyRaw(ecparams, e, r, s, Q) {
+  var n = ecparams.getN()
+  var G = ecparams.getG()
 
-    if (s.compareTo(BigInteger.ONE) < 0 || s.compareTo(n) >= 0) {
-      return false
-    }
+  if (r.compareTo(BigInteger.ONE) < 0 || r.compareTo(n) >= 0) {
+    return false
+  }
+
+  if (s.compareTo(BigInteger.ONE) < 0 || s.compareTo(n) >= 0) {
+    return false
+  }
 
-    var c = s.modInverse(n)
-    var u1 = e.multiply(c).mod(n)
-    var u2 = r.multiply(c).mod(n)
+  var c = s.modInverse(n)
+  var u1 = e.multiply(c).mod(n)
+  var u2 = r.multiply(c).mod(n)
 
-    var point = G.multiplyTwo(u1, Q, u2)
-    var v = point.getX().toBigInteger().mod(n)
+  var point = G.multiplyTwo(u1, Q, u2)
+  var v = point.getX().toBigInteger().mod(n)
 
-    return v.equals(r)
-  }
+  return v.equals(r)
+}
 
-  /**
-   * Serialize a signature into DER format.
-   *
-   * Takes two BigIntegers representing r and s and returns a byte array.
-   */
-  function serializeSig(r, s) {
-    var rBa = r.toByteArraySigned()
-    var sBa = s.toByteArraySigned()
+/**
+  * Serialize a signature into DER format.
+  *
+  * Takes two BigIntegers representing r and s and returns a byte array.
+  */
+function serializeSig(r, s) {
+  var rBa = r.toByteArraySigned()
+  var sBa = s.toByteArraySigned()
 
-    var sequence = []
-    sequence.push(0x02); // INTEGER
-    sequence.push(rBa.length)
-    sequence = sequence.concat(rBa)
+  var sequence = []
+  sequence.push(0x02); // INTEGER
+  sequence.push(rBa.length)
+  sequence = sequence.concat(rBa)
 
-    sequence.push(0x02); // INTEGER
-    sequence.push(sBa.length)
-    sequence = sequence.concat(sBa)
+  sequence.push(0x02); // INTEGER
+  sequence.push(sBa.length)
+  sequence = sequence.concat(sBa)
 
-    sequence.unshift(sequence.length)
-    sequence.unshift(0x30); // SEQUENCE
+  sequence.unshift(sequence.length)
+  sequence.unshift(0x30); // SEQUENCE
 
-    return sequence
-  }
+  return sequence
+}
 
-  /**
-   * Parses a buffer containing a DER-encoded signature.
-   *
-   * This function will return an object of the form:
-   *
-   * {
-   *   r: BigInteger,
-   *   s: BigInteger
-   * }
-   */
-  function parseSig(buffer) {
-    assert.equal(buffer.readUInt8(0), 0x30, 'Not a DER sequence')
-    assert.equal(buffer.readUInt8(1), buffer.length - 2, 'Invalid sequence length')
-
-    assert.equal(buffer.readUInt8(2), 0x02, 'Expected DER integer')
-    var rLen = buffer.readUInt8(3)
-    var rB = buffer.slice(4, 4 + rLen)
-
-    var offset = 4 + rLen
-    assert.equal(buffer.readUInt8(offset), 0x02, 'Expected a 2nd DER integer')
-    var sLen = buffer.readUInt8(1 + offset)
-    var sB = buffer.slice(2 + offset)
-
-    return {
-      r: BigInteger.fromByteArraySigned(rB),
-      s: BigInteger.fromByteArraySigned(sB)
-    }
+/**
+  * Parses a buffer containing a DER-encoded signature.
+  *
+  * This function will return an object of the form:
+  *
+  * {
+  *   r: BigInteger,
+  *   s: BigInteger
+  * }
+  */
+function parseSig(buffer) {
+  assert.equal(buffer.readUInt8(0), 0x30, 'Not a DER sequence')
+  assert.equal(buffer.readUInt8(1), buffer.length - 2, 'Invalid sequence length')
+
+  assert.equal(buffer.readUInt8(2), 0x02, 'Expected DER integer')
+  var rLen = buffer.readUInt8(3)
+  var rB = buffer.slice(4, 4 + rLen)
+
+  var offset = 4 + rLen
+  assert.equal(buffer.readUInt8(offset), 0x02, 'Expected a 2nd DER integer')
+  var sLen = buffer.readUInt8(1 + offset)
+  var sB = buffer.slice(2 + offset)
+
+  return {
+    r: BigInteger.fromByteArraySigned(rB),
+    s: BigInteger.fromByteArraySigned(sB)
   }
+}
 
-  function serializeSigCompact(r, s, i, compressed) {
-    if (compressed) {
-      i += 4
-    }
+function serializeSigCompact(r, s, i, compressed) {
+  if (compressed) {
+    i += 4
+  }
 
-    i += 27
+  i += 27
 
-    var buffer = new Buffer(65)
-    buffer.writeUInt8(i, 0)
-    r.toBuffer(32).copy(buffer, 1)
-    s.toBuffer(32).copy(buffer, 33)
+  var buffer = new Buffer(65)
+  buffer.writeUInt8(i, 0)
+  r.toBuffer(32).copy(buffer, 1)
+  s.toBuffer(32).copy(buffer, 33)
 
-    return buffer
-  }
+  return buffer
+}
 
-  function parseSigCompact(buffer) {
-    assert.equal(buffer.length, 65, 'Invalid signature length')
-    var i = buffer.readUInt8(0) - 27
+function parseSigCompact(buffer) {
+  assert.equal(buffer.length, 65, 'Invalid signature length')
+  var i = buffer.readUInt8(0) - 27
 
-    // At most 3 bits
-    assert.equal(i, i & 7, 'Invalid signature type')
-    var compressed = !!(i & 4)
+  // At most 3 bits
+  assert.equal(i, i & 7, 'Invalid signature type')
+  var compressed = !!(i & 4)
 
-    // Recovery param only
-    i = i & 3
+  // Recovery param only
+  i = i & 3
 
-    var r = BigInteger.fromBuffer(buffer.slice(1, 33))
-    var s = BigInteger.fromBuffer(buffer.slice(33))
+  var r = BigInteger.fromBuffer(buffer.slice(1, 33))
+  var s = BigInteger.fromBuffer(buffer.slice(33))
 
-    return {
-      r: r,
-      s: s,
-      i: i,
-      compressed: compressed
-    }
+  return {
+    r: r,
+    s: s,
+    i: i,
+    compressed: compressed
   }
+}
 
-  /**
-   * Recover a public key from a signature.
-   *
-   * See SEC 1: Elliptic Curve Cryptography, section 4.1.6, "Public
-   * Key Recovery Operation".
-   *
-   * http://www.secg.org/download/aid-780/sec1-v2.pdf
-   */
-  function recoverPubKey(ecparams, e, r, s, i) {
-    assert.strictEqual(i & 3, i, 'The recovery param is more than two bits')
-
-    // A set LSB signifies that the y-coordinate is odd
-    // By reduction, the y-coordinate is even if it is clear
-    var isYEven = !(i & 1)
-
-    // The more significant bit specifies whether we should use the
-    // first or second candidate key.
-    var isSecondKey = i >> 1
-
-    var n = ecparams.getN()
-    var G = ecparams.getG()
-    var curve = ecparams.getCurve()
-    var p = curve.getQ()
-    var a = curve.getA().toBigInteger()
-    var b = curve.getB().toBigInteger()
-
-    // We precalculate (p + 1) / 4 where p is the field order
-    if (!curve.P_OVER_FOUR) {
-      curve.P_OVER_FOUR = p.add(BigInteger.ONE).shiftRight(2)
-    }
-
-    // 1.1 Compute x
-    var x = isSecondKey ? r.add(n) : r
+/**
+  * Recover a public key from a signature.
+  *
+  * See SEC 1: Elliptic Curve Cryptography, section 4.1.6, "Public
+  * Key Recovery Operation".
+  *
+  * http://www.secg.org/download/aid-780/sec1-v2.pdf
+  */
+function recoverPubKey(ecparams, e, r, s, i) {
+  assert.strictEqual(i & 3, i, 'The recovery param is more than two bits')
+
+  // A set LSB signifies that the y-coordinate is odd
+  // By reduction, the y-coordinate is even if it is clear
+  var isYEven = !(i & 1)
+
+  // The more significant bit specifies whether we should use the
+  // first or second candidate key.
+  var isSecondKey = i >> 1
+
+  var n = ecparams.getN()
+  var G = ecparams.getG()
+  var curve = ecparams.getCurve()
+  var p = curve.getQ()
+  var a = curve.getA().toBigInteger()
+  var b = curve.getB().toBigInteger()
+
+  // We precalculate (p + 1) / 4 where p is the field order
+  if (!curve.P_OVER_FOUR) {
+    curve.P_OVER_FOUR = p.add(BigInteger.ONE).shiftRight(2)
+  }
 
-    // 1.3 Convert x to point
-    var alpha = x.pow(3).add(a.multiply(x)).add(b).mod(p)
-    var beta = alpha.modPow(curve.P_OVER_FOUR, p)
+  // 1.1 Compute x
+  var x = isSecondKey ? r.add(n) : r
 
-    // If beta is even, but y isn't, or vice versa, then convert it,
-    // otherwise we're done and y == beta.
-    var y = (beta.isEven() ^ isYEven) ? p.subtract(beta) : beta
+  // 1.3 Convert x to point
+  var alpha = x.pow(3).add(a.multiply(x)).add(b).mod(p)
+  var beta = alpha.modPow(curve.P_OVER_FOUR, p)
 
-    // 1.4 Check that nR isn't at infinity
-    var R = new ECPointFp(curve, curve.fromBigInteger(x), curve.fromBigInteger(y))
-    R.validate()
+  // If beta is even, but y isn't, or vice versa, then convert it,
+  // otherwise we're done and y == beta.
+  var y = (beta.isEven() ^ isYEven) ? p.subtract(beta) : beta
 
-    // 1.5 Compute -e from e
-    var eNeg = e.negate().mod(n)
+  // 1.4 Check that nR isn't at infinity
+  var R = new ECPointFp(curve, curve.fromBigInteger(x), curve.fromBigInteger(y))
+  R.validate()
 
-    // 1.6 Compute Q = r^-1 (sR -  eG)
-    //             Q = r^-1 (sR + -eG)
-    var rInv = r.modInverse(n)
+  // 1.5 Compute -e from e
+  var eNeg = e.negate().mod(n)
 
-    var Q = R.multiplyTwo(s, G, eNeg).multiply(rInv)
-    Q.validate()
+  // 1.6 Compute Q = r^-1 (sR -  eG)
+  //             Q = r^-1 (sR + -eG)
+  var rInv = r.modInverse(n)
 
-    if (!verifyRaw(ecparams, e, r, s, Q)) {
-      throw new Error("Pubkey recovery unsuccessful")
-    }
+  var Q = R.multiplyTwo(s, G, eNeg).multiply(rInv)
+  Q.validate()
 
-    return Q
+  if (!verifyRaw(ecparams, e, r, s, Q)) {
+    throw new Error("Pubkey recovery unsuccessful")
   }
 
-  /**
-   * Calculate pubkey extraction parameter.
-   *
-   * When extracting a pubkey from a signature, we have to
-   * distinguish four different cases. Rather than putting this
-   * burden on the verifier, Bitcoin includes a 2-bit value with the
-   * signature.
-   *
-   * This function simply tries all four cases and returns the value
-   * that resulted in a successful pubkey recovery.
-   */
-  function calcPubKeyRecoveryParam(ecparams, e, r, s, Q) {
-    for (var i = 0; i < 4; i++) {
-      var Qprime = recoverPubKey(ecparams, e, r, s, i)
-
-      if (Qprime.equals(Q)) {
-        return i
-      }
-    }
+  return Q
+}
 
-    throw new Error('Unable to find valid recovery factor')
+/**
+  * Calculate pubkey extraction parameter.
+  *
+  * When extracting a pubkey from a signature, we have to
+  * distinguish four different cases. Rather than putting this
+  * burden on the verifier, Bitcoin includes a 2-bit value with the
+  * signature.
+  *
+  * This function simply tries all four cases and returns the value
+  * that resulted in a successful pubkey recovery.
+  */
+function calcPubKeyRecoveryParam(ecparams, e, r, s, Q) {
+  for (var i = 0; i < 4; i++) {
+    var Qprime = recoverPubKey(ecparams, e, r, s, i)
+
+    if (Qprime.equals(Q)) {
+      return i
+    }
   }
 
+  throw new Error('Unable to find valid recovery factor')
+}
+
 module.exports = {
-  calcPubKeyRecoveryParam: calcPubKeyRecoveryParam,
-  deterministicGenerateK: deterministicGenerateK,
-  recoverPubKey: recoverPubKey,
-  sign: sign,
-  verify: verify,
-  verifyRaw: verifyRaw,
-  serializeSig: serializeSig,
-  parseSig: parseSig,
-  serializeSigCompact: serializeSigCompact,
-  parseSigCompact: parseSigCompact
+calcPubKeyRecoveryParam: calcPubKeyRecoveryParam,
+deterministicGenerateK: deterministicGenerateK,
+recoverPubKey: recoverPubKey,
+sign: sign,
+verify: verify,
+verifyRaw: verifyRaw,
+serializeSig: serializeSig,
+parseSig: parseSig,
+serializeSigCompact: serializeSigCompact,
+parseSigCompact: parseSigCompact
 }