ecdsa: remove unused functions

src/ecdsa.js

@@ -154,93 +154,8 @@ function verify (hash, signature, Q) {
   return v.equals(r)
 }
 
-/**
-  * Recover a public key from a signature.
-  *
-  * See SEC 1: Elliptic Curve Cryptography, section 4.1.6, "Public
-  * Key Recovery Operation".
-  *
-  * http://www.secg.org/download/aid-780/sec1-v2.pdf
-  */
-function recoverPubKey (e, signature, i) {
-  typeforce(types.tuple(
-    types.BigInt,
-    types.ECSignature,
-    types.UInt2
-  ), arguments)
-
-  var n = secp256k1.n
-  var G = secp256k1.G
-  var r = signature.r
-  var s = signature.s
-
-  if (r.signum() <= 0 || r.compareTo(n) >= 0) throw new Error('Invalid r value')
-  if (s.signum() <= 0 || s.compareTo(n) >= 0) throw new Error('Invalid s value')
-
-  // A set LSB signifies that the y-coordinate is odd
-  var isYOdd = i & 1
-
-  // The more significant bit specifies whether we should use the
-  // first or second candidate key.
-  var isSecondKey = i >> 1
-
-  // 1.1 Let x = r + jn
-  var x = isSecondKey ? r.add(n) : r
-  var R = secp256k1.pointFromX(isYOdd, x)
-
-  // 1.4 Check that nR is at infinity
-  var nR = R.multiply(n)
-  if (!secp256k1.isInfinity(nR)) throw new Error('nR is not a valid curve point')
-
-  // Compute r^-1
-  var rInv = r.modInverse(n)
-
-  // Compute -e from e
-  var eNeg = e.negate().mod(n)
-
-  // 1.6.1 Compute Q = r^-1 (sR -  eG)
-  //               Q = r^-1 (sR + -eG)
-  var Q = R.multiplyTwo(s, G, eNeg).multiply(rInv)
-
-  secp256k1.validate(Q)
-
-  return Q
-}
-
-/**
-  * Calculate pubkey extraction parameter.
-  *
-  * When extracting a pubkey from a signature, we have to
-  * distinguish four different cases. Rather than putting this
-  * burden on the verifier, Bitcoin includes a 2-bit value with the
-  * signature.
-  *
-  * This function simply tries all four cases and returns the value
-  * that resulted in a successful pubkey recovery.
-  */
-function calcPubKeyRecoveryParam (e, signature, Q) {
-  typeforce(types.tuple(
-    types.BigInt,
-    types.ECSignature,
-    types.ECPoint
-  ), arguments)
-
-  for (var i = 0; i < 4; i++) {
-    var Qprime = recoverPubKey(e, signature, i)
-
-    // 1.6.2 Verify Q
-    if (Qprime.equals(Q)) {
-      return i
-    }
-  }
-
-  throw new Error('Unable to find valid recovery factor')
-}
-
 module.exports = {
-  calcPubKeyRecoveryParam: calcPubKeyRecoveryParam,
   deterministicGenerateK: deterministicGenerateK,
-  recoverPubKey: recoverPubKey,
   sign: sign,
   verify: verify,
 

test/ecdsa.js

@@ -81,55 +81,6 @@ describe('ecdsa', function () {
     })
   })
 
-  describe('recoverPubKey', function () {
-    fixtures.valid.ecdsa.forEach(function (f) {
-      it('recovers the pubKey for ' + f.d, function () {
-        var d = BigInteger.fromHex(f.d)
-        var Q = curve.G.multiply(d)
-        var signature = ECSignature.fromDER(new Buffer(f.signature, 'hex'))
-        var h1 = bcrypto.sha256(f.message)
-        var e = BigInteger.fromBuffer(h1)
-        var Qprime = ecdsa.recoverPubKey(e, signature, f.i)
-
-        assert(Qprime.equals(Q))
-      })
-    })
-
-    describe('with i ∈ {0,1,2,3}', function () {
-      var hash = new Buffer('feef89995d7575f12d65ccc9d28ccaf7ab224c2e59dad4cc7f6a2b0708d24696', 'hex')
-      var e = BigInteger.fromBuffer(hash)
-
-      var signatureBuffer = new Buffer('INcvXVVEFyIfHLbDX+xoxlKFn3Wzj9g0UbhObXdMq+YMKC252o5RHFr0/cKdQe1WsBLUBi4morhgZ77obDJVuV0=', 'base64')
-      var signature = ECSignature.parseCompact(signatureBuffer).signature
-      var points = [
-        '03e3a8c44a8bf712f1fbacee274fb19c0239b1a9e877eff0075ea335f2be8ff380',
-        '0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798',
-        '03d49e765f0bc27525c51a1b98fb1c99dacd59abe85a203af90f758260550b56c5',
-        '027eea09d46ac7fb6aa2e96f9c576677214ffdc238eb167734a9b39d1eb4c3d30d'
-      ]
-
-      points.forEach(function (expectedHex, i) {
-        it('recovers an expected point for i of ' + i, function () {
-          var Qprime = ecdsa.recoverPubKey(e, signature, i)
-          var QprimeHex = Qprime.getEncoded().toString('hex')
-
-          assert.strictEqual(QprimeHex, expectedHex)
-        })
-      })
-    })
-
-    fixtures.invalid.recoverPubKey.forEach(function (f) {
-      it('throws on ' + f.description + ' (' + f.exception + ')', function () {
-        var e = BigInteger.fromHex(f.e)
-        var signature = new ECSignature(new BigInteger(f.signatureRaw.r, 16), new BigInteger(f.signatureRaw.s, 16))
-
-        assert.throws(function () {
-          ecdsa.recoverPubKey(e, signature, f.i)
-        }, new RegExp(f.exception))
-      })
-    })
-  })
-
   describe('sign', function () {
     fixtures.valid.ecdsa.forEach(function (f) {
       it('produces a deterministic signature for "' + f.message + '"', function () {

test/fixtures/ecdsa.json

@@ -125,78 +125,6 @@
     ]
   },
   "invalid": {
-    "recoverPubKey": [
-      {
-        "description": "Invalid r value (< 0)",
-        "exception": "Invalid r value",
-        "e": "01",
-        "signatureRaw": {
-          "r": "-01",
-          "s": "02"
-        },
-        "i": 0
-      },
-      {
-        "description": "Invalid r value (== 0)",
-        "exception": "Invalid r value",
-        "e": "01",
-        "signatureRaw": {
-          "r": "00",
-          "s": "02"
-        },
-        "i": 0
-      },
-      {
-        "description": "Invalid s value (< 0)",
-        "exception": "Invalid s value",
-        "e": "01",
-        "signatureRaw": {
-          "r": "02",
-          "s": "-01"
-        },
-        "i": 0
-      },
-      {
-        "description": "Invalid s value (== 0)",
-        "exception": "Invalid s value",
-        "e": "01",
-        "signatureRaw": {
-          "r": "02",
-          "s": "00"
-        },
-        "i": 0
-      },
-      {
-        "description": "Invalid r value (nR is infinity)",
-        "exception": "nR is not a valid curve point",
-        "e": "01",
-        "signatureRaw": {
-          "r": "fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140",
-          "s": "01"
-        },
-        "i": 0
-      },
-      {
-        "description": "Invalid curve point",
-        "exception": "Point is not on the curve",
-        "e": "01",
-        "signatureRaw": {
-          "r": "4b3b4ca85a86c47a098a223fffffffff",
-          "s": "01"
-        },
-        "i": 0
-      },
-      {
-        "description": "Invalid i value (> 3)",
-        "exception": "Expected property \"2\" of type UInt2, got Number 4",
-        "e": "01",
-        "signatureRaw": {
-          "r": "00",
-          "s": "02"
-        },
-        "i": 4
-      }
-    ],
     "verify": [
       {
         "description": "The wrong signature",