lukechilds
/
bitcoinjs-lib
mirror of https://github.com/lukechilds/bitcoinjs-lib.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

ecdsa: remove unused functions

hk-custom-address
Daniel Cousens 10 years ago
parent
87cb018466
commit
7cdabef954
3 changed files with 0 additions and 206 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 85
      src/ecdsa.js
  2. 49
      test/ecdsa.js
  3. 72
      test/fixtures/ecdsa.json

85
src/ecdsa.js
View File

@ -154,93 +154,8 @@ function verify (hash, signature, Q) {
return v.equals(r)
}
/**
* Recover a public key from a signature.
*
* See SEC 1: Elliptic Curve Cryptography, section 4.1.6, "Public
* Key Recovery Operation".
*
* http://www.secg.org/download/aid-780/sec1-v2.pdf
*/
function recoverPubKey (e, signature, i) {
typeforce(types.tuple(
types.BigInt,
types.ECSignature,
types.UInt2
), arguments)
var n = secp256k1.n
var G = secp256k1.G
var r = signature.r
var s = signature.s
if (r.signum() <= 0 || r.compareTo(n) >= 0) throw new Error('Invalid r value')
if (s.signum() <= 0 || s.compareTo(n) >= 0) throw new Error('Invalid s value')
// A set LSB signifies that the y-coordinate is odd
var isYOdd = i & 1
// The more significant bit specifies whether we should use the
// first or second candidate key.
var isSecondKey = i >> 1
// 1.1 Let x = r + jn
var x = isSecondKey ? r.add(n) : r
var R = secp256k1.pointFromX(isYOdd, x)
// 1.4 Check that nR is at infinity
var nR = R.multiply(n)
if (!secp256k1.isInfinity(nR)) throw new Error('nR is not a valid curve point')
// Compute r^-1
var rInv = r.modInverse(n)
// Compute -e from e
var eNeg = e.negate().mod(n)
// 1.6.1 Compute Q = r^-1 (sR - eG)
// Q = r^-1 (sR + -eG)
var Q = R.multiplyTwo(s, G, eNeg).multiply(rInv)
secp256k1.validate(Q)
return Q
}
/**
* Calculate pubkey extraction parameter.
*
* When extracting a pubkey from a signature, we have to
* distinguish four different cases. Rather than putting this
* burden on the verifier, Bitcoin includes a 2-bit value with the
* signature.
*
* This function simply tries all four cases and returns the value
* that resulted in a successful pubkey recovery.
*/
function calcPubKeyRecoveryParam (e, signature, Q) {
typeforce(types.tuple(
types.BigInt,
types.ECSignature,
types.ECPoint
), arguments)
for (var i = 0; i < 4; i++) {
var Qprime = recoverPubKey(e, signature, i)
// 1.6.2 Verify Q
if (Qprime.equals(Q)) {
return i
}
}
throw new Error('Unable to find valid recovery factor')
}
module.exports = {
calcPubKeyRecoveryParam: calcPubKeyRecoveryParam,
deterministicGenerateK: deterministicGenerateK,
recoverPubKey: recoverPubKey,
sign: sign,
verify: verify,

49
test/ecdsa.js
View File

@ -81,55 +81,6 @@ describe('ecdsa', function () {
})
})
describe('recoverPubKey', function () {
fixtures.valid.ecdsa.forEach(function (f) {
it('recovers the pubKey for ' + f.d, function () {
var d = BigInteger.fromHex(f.d)
var Q = curve.G.multiply(d)
var signature = ECSignature.fromDER(new Buffer(f.signature, 'hex'))
var h1 = bcrypto.sha256(f.message)
var e = BigInteger.fromBuffer(h1)
var Qprime = ecdsa.recoverPubKey(e, signature, f.i)
assert(Qprime.equals(Q))
})
})
describe('with i ∈ {0,1,2,3}', function () {
var hash = new Buffer('feef89995d7575f12d65ccc9d28ccaf7ab224c2e59dad4cc7f6a2b0708d24696', 'hex')
var e = BigInteger.fromBuffer(hash)
var signatureBuffer = new Buffer('INcvXVVEFyIfHLbDX+xoxlKFn3Wzj9g0UbhObXdMq+YMKC252o5RHFr0/cKdQe1WsBLUBi4morhgZ77obDJVuV0=', 'base64')
var signature = ECSignature.parseCompact(signatureBuffer).signature
var points = [
'03e3a8c44a8bf712f1fbacee274fb19c0239b1a9e877eff0075ea335f2be8ff380',
'0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798',
'03d49e765f0bc27525c51a1b98fb1c99dacd59abe85a203af90f758260550b56c5',
'027eea09d46ac7fb6aa2e96f9c576677214ffdc238eb167734a9b39d1eb4c3d30d'
]
points.forEach(function (expectedHex, i) {
it('recovers an expected point for i of ' + i, function () {
var Qprime = ecdsa.recoverPubKey(e, signature, i)
var QprimeHex = Qprime.getEncoded().toString('hex')
assert.strictEqual(QprimeHex, expectedHex)
})
})
})
fixtures.invalid.recoverPubKey.forEach(function (f) {
it('throws on ' + f.description + ' (' + f.exception + ')', function () {
var e = BigInteger.fromHex(f.e)
var signature = new ECSignature(new BigInteger(f.signatureRaw.r, 16), new BigInteger(f.signatureRaw.s, 16))
assert.throws(function () {
ecdsa.recoverPubKey(e, signature, f.i)
}, new RegExp(f.exception))
})
})
})
describe('sign', function () {
fixtures.valid.ecdsa.forEach(function (f) {
it('produces a deterministic signature for "' + f.message + '"', function () {

72
test/fixtures/ecdsa.json
View File

@ -125,78 +125,6 @@
]
},
"invalid": {
"recoverPubKey": [
{
"description": "Invalid r value (< 0)",
"exception": "Invalid r value",
"e": "01",
"signatureRaw": {
"r": "-01",
"s": "02"
},
"i": 0
},
{
"description": "Invalid r value (== 0)",
"exception": "Invalid r value",
"e": "01",
"signatureRaw": {
"r": "00",
"s": "02"
},
"i": 0
},
{
"description": "Invalid s value (< 0)",
"exception": "Invalid s value",
"e": "01",
"signatureRaw": {
"r": "02",
"s": "-01"
},
"i": 0
},
{
"description": "Invalid s value (== 0)",
"exception": "Invalid s value",
"e": "01",
"signatureRaw": {
"r": "02",
"s": "00"
},
"i": 0
},
{
"description": "Invalid r value (nR is infinity)",
"exception": "nR is not a valid curve point",
"e": "01",
"signatureRaw": {
"r": "fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140",
"s": "01"
},
"i": 0
},
{
"description": "Invalid curve point",
"exception": "Point is not on the curve",
"e": "01",
"signatureRaw": {
"r": "4b3b4ca85a86c47a098a223fffffffff",
"s": "01"
},
"i": 0
},
{
"description": "Invalid i value (> 3)",
"exception": "Expected property \"2\" of type UInt2, got Number 4",
"e": "01",
"signatureRaw": {
"r": "00",
"s": "02"
},
"i": 4
}
],
"verify": [
{
"description": "The wrong signature",

Write Preview
Loading…
Cancel
Save