diff --git a/src/message.js b/src/message.js index 526c665..58715b4 100644 --- a/src/message.js +++ b/src/message.js @@ -3,25 +3,27 @@ var Address = require('./address') var bufferutils = require('./bufferutils') var crypto = require('./crypto') var ecdsa = require('./ecdsa') -var ECPubKey = require('./ecpubkey') +var networks = require('./networks') -// FIXME: incompatible with other networks (Litecoin etc) -var MAGIC_PREFIX = new Buffer('\x18Bitcoin Signed Message:\n') +var Address = require('./address') +var ECPubKey = require('./ecpubkey') -function magicHash(message) { +function magicHash(message, network) { + var magicPrefix = new Buffer(network.magicPrefix) var messageBuffer = new Buffer(message) var lengthBuffer = new Buffer(bufferutils.varIntSize(messageBuffer.length)) bufferutils.writeVarInt(lengthBuffer, messageBuffer.length, 0) var buffer = Buffer.concat([ - MAGIC_PREFIX, lengthBuffer, messageBuffer + magicPrefix, lengthBuffer, messageBuffer ]) return crypto.hash256(buffer) } -// TODO: parameterize compression instead of using ECKey.compressed -function sign(key, message) { - var hash = magicHash(message) +function sign(key, message, network) { + network = network || networks.bitcoin + + var hash = magicHash(message, network) var sig = ecdsa.parseSig(key.sign(hash)) var i = ecdsa.calcPubKeyRecoveryParam(key.pub.Q, sig.r, sig.s, hash) @@ -36,17 +38,20 @@ function sign(key, message) { return Buffer.concat([new Buffer([i]), rB, sB], 65) } -// FIXME: stricter API? -function verify(address, sig, message) { +// TODO: network could be implied from address +function verify(address, compactSig, message, network) { if (typeof address === 'string') { address = Address.fromBase58Check(address) } - sig = ecdsa.parseSigCompact(sig) + network = network || networks.bitcoin - var pubKey = new ECPubKey(ecdsa.recoverPubKey(sig.r, sig.s, magicHash(message), sig.i)) - pubKey.compressed = !!(sig.i & 4) + var hash = magicHash(message, network) + var sig = ecdsa.parseSigCompact(compactSig) + var Q = ecdsa.recoverPubKey(sig.r, sig.s, hash, sig.i) + var compressed = !!(sig.i & 4) + var pubKey = new ECPubKey(Q, compressed) return pubKey.getAddress(address.version).toString() === address.toString() } diff --git a/src/networks.js b/src/networks.js index fc77f8c..5a9ed3e 100644 --- a/src/networks.js +++ b/src/networks.js @@ -2,6 +2,7 @@ // Dogecoin BIP32 is a proposed standard: https://bitcointalk.org/index.php?topic=409731 module.exports = { bitcoin: { + magicPrefix: '\x18Bitcoin Signed Message:\n', bip32: { pub: 0x0488b21e, priv: 0x0488ade4 @@ -11,6 +12,7 @@ module.exports = { wif: 0x80 }, dogecoin: { + magicPrefix: '\x19Dogecoin Signed Message:\n', bip32: { pub: 0x02facafd, priv: 0x02fac398 @@ -20,6 +22,7 @@ module.exports = { wif: 0x9e }, litecoin: { + magicPrefix: '\x19Litecoin Signed Message:\n', bip32: { pub: 0x019da462, priv: 0x019d9cfe @@ -29,6 +32,7 @@ module.exports = { wif: 0xb0 }, testnet: { + magicPrefix: '\x18Bitcoin Signed Message:\n', bip32: { pub: 0x043587cf, priv: 0x04358394 @@ -37,4 +41,4 @@ module.exports = { scriptHash: 0xc4, wif: 0xef } -} \ No newline at end of file +} diff --git a/test/ecdsa.js b/test/ecdsa.js index b4014a7..f42c76e 100644 --- a/test/ecdsa.js +++ b/test/ecdsa.js @@ -1,6 +1,8 @@ var assert = require('assert') var crypto = require('../src/crypto') var ecdsa = require('../src/ecdsa') +var message = require('../src/message') +var networks = require('../src/networks') var sec = require('../src/sec') var ecparams = sec("secp256k1") @@ -8,7 +10,6 @@ var ecparams = sec("secp256k1") var BigInteger = require('bigi') var ECKey = require('../src/eckey') var ECPubKey = require('../src/ecpubkey') -var Message = require('../src/message') var fixtures = require('./fixtures/ecdsa.js') @@ -27,10 +28,12 @@ describe('ecdsa', function() { describe('recoverPubKey', function() { it('succesfully recovers a public key', function() { - var addr = 'mgQK8S6CfSXKjPmnujArSmVxafeJfrZsa3' var signature = new Buffer('H0PG6+PUo96UPTJ/DVj8aBU5it+Nuli4YdsLuTMvfJxoHH9Jb7jYTQXCCOX2jrTChD5S1ic3vCrUQHdmB5/sEQY=', 'base64') + var obj = ecdsa.parseSigCompact(signature) - var pubKey = new ECPubKey(ecdsa.recoverPubKey(obj.r, obj.s, Message.magicHash('1111'), obj.i)) + var hash = message.magicHash('1111', networks.bitcoin) + + var pubKey = new ECPubKey(ecdsa.recoverPubKey(obj.r, obj.s, hash, obj.i)) assert.equal(pubKey.toHex(), '02e8fcf4d749b35879bc1f3b14b49e67ab7301da3558c5a9b74a54f1e6339c334c') }) diff --git a/test/fixtures/message.js b/test/fixtures/message.js index 0210c38..756dcdd 100644 --- a/test/fixtures/message.js +++ b/test/fixtures/message.js @@ -1,12 +1,19 @@ module.exports = { magicHash: [ { + network: 'bitcoin', message: '', - hash256: '80e795d4a4caadd7047af389d9f7f220562feb6196032e2131e10563352c4bcc' + magicHash: '80e795d4a4caadd7047af389d9f7f220562feb6196032e2131e10563352c4bcc' }, { + network: 'bitcoin', message: 'Vires is Numeris', - hash256: 'f8a5affbef4a3241b19067aa694562f64f513310817297089a8929a930f4f933' + magicHash: 'f8a5affbef4a3241b19067aa694562f64f513310817297089a8929a930f4f933' + }, + { + network: 'dogecoin', + message: 'Vires is Numeris', + magicHash: 'c0963d20d0accd0ea0df6c1020bf85a7e629a40e7b5363f2c3e9dcafd5638f12' } ] } diff --git a/test/message.js b/test/message.js index f2edc87..7f31545 100644 --- a/test/message.js +++ b/test/message.js @@ -1,25 +1,26 @@ var assert = require('assert') var networks = require('../src/networks') +var BigInteger = require('bigi') var ECKey = require('../src/eckey') var Message = require('../src/message') var fixtures = require('./fixtures/message') describe('Message', function() { - var msg + var message beforeEach(function() { - msg = 'vires is numeris' + message = 'vires is numeris' }) describe('magicHash', function() { it('matches the test vectors', function() { fixtures.magicHash.forEach(function(f) { - var actual = Message.magicHash(f.message) - var expected = f.hash256 + var network = networks[f.network] + var actual = Message.magicHash(f.message, network) - assert.equal(actual.toString('hex'), expected) + assert.equal(actual.toString('hex'), f.magicHash) }) }) }) @@ -31,65 +32,52 @@ describe('Message', function() { addr = '16UwLL9Risc3QfPqBUvKofHmBQ7wMtjvM' // uncompressed caddr = '1PMycacnJaSqwwJqjawXBErnLsZ7RkXUAs' // compressed - sig = new Buffer('1bc25ac0fb503abc9bad23f558742740fafaec1f52deaaf106b9759a5ce84c93921c4a669c5ec3dfeb7e2d7d177a2f49db407900874f6de2f701a4c16783776d8d', 'hex') - csig = new Buffer('1fc25ac0fb503abc9bad23f558742740fafaec1f52deaaf106b9759a5ce84c93921c4a669c5ec3dfeb7e2d7d177a2f49db407900874f6de2f701a4c16783776d8d', 'hex') + sig = new Buffer('G8JawPtQOrybrSP1WHQnQPr67B9S3qrxBrl1mlzoTJOSHEpmnF7D3+t+LX0Xei9J20B5AIdPbeL3AaTBZ4N3bY0=', 'base64') + csig = new Buffer('H8JawPtQOrybrSP1WHQnQPr67B9S3qrxBrl1mlzoTJOSHEpmnF7D3+t+LX0Xei9J20B5AIdPbeL3AaTBZ4N3bY0=', 'base64') }) it('can verify a signed message', function() { - assert.ok(Message.verify(addr, sig, msg)) - assert.ok(Message.verify(caddr, csig, msg)) + assert.ok(Message.verify(addr, sig, message)) }) it('will fail for the wrong message', function() { assert.ok(!Message.verify(addr, sig, 'foobar')) - assert.ok(!Message.verify(caddr, csig, 'foobar')) }) - it('will fail for the wrong public key', function() { - assert.ok(!Message.verify('1MsHWS1BnwMc3tLE8G35UXsS58fKipzB7a', sig, msg)) - assert.ok(!Message.verify('1Q1pE5vPGEEMqRcVRMbtBK842Y6Pzo6nK9', csig, msg)) + it('will fail for the wrong address', function() { + assert.ok(!Message.verify('1MsHWS1BnwMc3tLE8G35UXsS58fKipzB7a', sig, message)) }) - it('supports alternate network addresses', function() { - var taddr = 'mxnQZKxSKjzaMgrdXzk35rif3u62TLDrg9' - var tsig = new Buffer('IGucnrTku3KLCCHUMwq9anawfrlN8RK1HWMN+10LhsHJeysBdWfj5ohJcS/+oqrlVFNvEgbgEeAQUL6r3sZwnj8=', 'base64') - - assert.ok(Message.verify(taddr, tsig, msg)) - assert.ok(!Message.verify(taddr, tsig, 'foobar')) + it('does not cross verify (compressed/uncompressed)', function() { + assert.ok(!Message.verify(addr, csig, message)) + assert.ok(!Message.verify(caddr, sig, message)) }) - it('does not cross verify (compressed/uncompressed)', function() { - assert.ok(!Message.verify(addr, csig, msg)) - assert.ok(!Message.verify(caddr, sig, msg)) + it('supports alternate networks', function() { + var dogeaddr = 'DFpN6QqFfUm3gKNaxN6tNcab1FArL9cZLE' + var dogesig = new Buffer('H6k+dZwJ8oOei3PCSpdj603fDvhlhQ+sqaFNIDvo/bI+Xh6zyIKGzZpyud6YhZ1a5mcrwMVtTWL+VXq/hC5Zj7s=', 'base64') + + assert.ok(Message.verify(dogeaddr, dogesig, message, networks.dogecoin)) }) }) describe('signing', function() { - describe('using the uncompressed public key', function(){ - it('gives same signature as a compressed public key', function() { - var key = ECKey.makeRandom(false) // uncompressed - var sig = Message.sign(key, msg) - - var compressedKey = new ECKey(key.D, true) // compressed clone - var csig = Message.sign(compressedKey, msg) - - var addr = key.pub.getAddress() - var caddr = compressedKey.pub.getAddress() - assert.ok(Message.verify(addr, sig, msg)) - assert.ok(Message.verify(caddr, csig, msg)) - assert.notDeepEqual(sig.slice(0, 2), csig.slice(0, 2)) // unequal compression flags - assert.deepEqual(sig.slice(2), csig.slice(2)) // equal signatures - }) + it('gives matching signatures irrespective of point compression', function() { + var privKey = new ECKey(BigInteger.ONE, false) + var compressedKey = new ECKey(privKey.D, true) + + var sig = Message.sign(privKey, message) + var csig = Message.sign(compressedKey, message) + + assert.notDeepEqual(sig.slice(0, 2), csig.slice(0, 2)) // unequal compression flags + assert.deepEqual(sig.slice(2), csig.slice(2)) // equal signatures }) - describe('testnet address', function(){ - it('works', function(){ - var key = ECKey.makeRandom() - var sig = Message.sign(key, msg) + it('supports alternate networks', function() { + var privKey = new ECKey(BigInteger.ONE) + var signature = Message.sign(privKey, message, networks.dogecoin) - var addr = key.pub.getAddress(networks.testnet.pubKeyHash) - assert(Message.verify(addr, sig, msg)) - }) + assert.equal(signature.toString('base64'), 'H6k+dZwJ8oOei3PCSpdj603fDvhlhQ+sqaFNIDvo/bI+Xh6zyIKGzZpyud6YhZ1a5mcrwMVtTWL+VXq/hC5Zj7s=') }) }) })