Merge pull request #615 from bitcoinjs/hltc

Add another CLTV test, isolate tests and cleanup
9 years ago · da6aea4039
5 changed files with 199 additions and 139 deletions
--- a/README.md
+++ b/README.md
@ -108,10 +108,13 @@ The below examples are implemented as integration tests, they should be very eas
 - [Create an OP RETURN transaction](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/advanced.js#L24)
 - [Create a 2-of-3 multisig P2SH address](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/multisig.js#L9)
 - [Spend from a 2-of-4 multisig P2SH address](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/multisig.js#L25)
- [Generate a single-key stealth address](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/crypto.js#L14)
+- [Generate a single-key stealth address](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/stealth.js#L11)
- [Generate a dual-key stealth address](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/crypto.js#L53)
+- [Generate a dual-key stealth address](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/stealth.js#L48)
- [Recover a BIP32 parent private key from the parent public key and a derived non-hardened child private key](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/crypto.js#L55)
+- [Recover a BIP32 parent private key from the parent public key and a derived non-hardened child private key](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/crypto.js#L14)
- [Recover a Private key from duplicate R values in a signature](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/crypto.js#L102)
+- [Recover a Private key from duplicate R values in a signature](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/crypto.js#L60)
 - [Create a CLTV locked transaction where the expiry is past](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/cltv.js#L36)
 - [Create a CLTV locked transaction where the parties bypass the expiry](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/cltv.js#L70)
 - [Create a CLTV locked transaction which fails due to expiry in the future](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/cltv.js#L102)
 If you have a use case that you feel could be listed here, please [ask for it](https://github.com/bitcoinjs/bitcoinjs-lib/issues/new)!
--- a/test/integration/advanced.js
+++ b/test/integration/advanced.js
@ -1,4 +1,4 @@
-/* global describe, it, beforeEach */
+/* global describe, it */
 var assert = require('assert')
 var bitcoin = require('../../')
@ -43,97 +43,4 @@ describe('bitcoinjs-lib (advanced)', function () {
      blockchain.t.transactions.propagate(txRaw.toHex(), done)
    })
  })
  describe('can create transactions using OP_CHECKLOCKTIMEVERIFY', function (done) {
    var network = bitcoin.networks.testnet
    var alice = bitcoin.ECPair.fromWIF('cScfkGjbzzoeewVWmU2hYPUHeVGJRDdFt7WhmrVVGkxpmPP8BHWe', network)
    var bob = bitcoin.ECPair.fromWIF('cMkopUXKWsEzAjfa1zApksGRwjVpJRB3831qM9W4gKZsLwjHXA9x', network)
    // now - 3 hours
    var threeHoursAgo = Math.floor(Date.now() / 1000) - (3600 * 3)
    var redeemScript = bitcoin.script.compile([
      bitcoin.opcodes.OP_IF,
      bitcoin.script.number.encode(threeHoursAgo),
      bitcoin.opcodes.OP_CHECKLOCKTIMEVERIFY,
      bitcoin.opcodes.OP_DROP,
      bitcoin.opcodes.OP_ELSE,
      bob.getPublicKeyBuffer(),
      bitcoin.opcodes.OP_CHECKSIGVERIFY,
      bitcoin.opcodes.OP_ENDIF,
      alice.getPublicKeyBuffer(),
      bitcoin.opcodes.OP_CHECKSIG
    ])
    var scriptPubKey = bitcoin.script.scriptHashOutput(bitcoin.crypto.hash160(redeemScript))
    var txId
    beforeEach(function (done) {
      this.timeout(10000)
      blockchain.t.faucet(alice.getAddress(), 2e4, function (err, unspent) {
        if (err) return done(err)
        // build the transaction
        var tx = new bitcoin.TransactionBuilder(network)
        tx.addInput(unspent.txId, unspent.vout)
        tx.addOutput(scriptPubKey, 1e4)
        tx.sign(0, alice)
        var txRaw = tx.build()
        txId = txRaw.getId()
        blockchain.t.transactions.propagate(txRaw.toHex(), done)
      })
    })
    // expiry past, {Alice's signature} OP_TRUE
    it('where Alice can redeem after the expiry is past', function (done) {
      this.timeout(30000)
      var tx2 = new bitcoin.TransactionBuilder(network)
      tx2.setLockTime(threeHoursAgo)
      tx2.addInput(txId, 0, 0xfffffffe)
      tx2.addOutput(alice.getAddress(), 1000)
      var tx2Raw = tx2.buildIncomplete()
      var hashType = bitcoin.Transaction.SIGHASH_ALL
      var signatureHash = tx2Raw.hashForSignature(0, redeemScript, hashType)
      var signature = alice.sign(signatureHash)
      var redeemScriptSig = bitcoin.script.scriptHashInput([
        signature.toScriptSignature(hashType), bitcoin.opcodes.OP_TRUE
      ], redeemScript)
      tx2Raw.setInputScript(0, redeemScriptSig)
      blockchain.t.transactions.propagate(tx2Raw.toHex(), done)
    })
    // {Bob's signature} {Alice's signature} OP_FALSE
    it('where Alice and Bob can redeem at any time', function (done) {
      this.timeout(30000)
      var tx2 = new bitcoin.TransactionBuilder(network)
      tx2.setLockTime(threeHoursAgo)
      tx2.addInput(txId, 0, 0xfffffffe)
      tx2.addOutput(alice.getAddress(), 1000)
      var tx2Raw = tx2.buildIncomplete()
      var hashType = bitcoin.Transaction.SIGHASH_ALL
      var signatureHash = tx2Raw.hashForSignature(0, redeemScript, hashType)
      var signatureA = alice.sign(signatureHash)
      var signatureB = bob.sign(signatureHash)
      var redeemScriptSig = bitcoin.script.scriptHashInput([
        signatureA.toScriptSignature(hashType), signatureB.toScriptSignature(hashType), bitcoin.opcodes.OP_FALSE
      ], redeemScript)
      tx2Raw.setInputScript(0, redeemScriptSig)
      blockchain.t.transactions.propagate(tx2Raw.toHex(), done)
    })
  })
 })
--- a/test/integration/cltv.js
+++ b/test/integration/cltv.js
@ -0,0 +1,140 @@
 /* global describe, it */
 var assert = require('assert')
 var bitcoin = require('../../')
 var blockchain = require('./_blockchain')
 var network = bitcoin.networks.testnet
 var alice = bitcoin.ECPair.fromWIF('cScfkGjbzzoeewVWmU2hYPUHeVGJRDdFt7WhmrVVGkxpmPP8BHWe', network)
 var bob = bitcoin.ECPair.fromWIF('cMkopUXKWsEzAjfa1zApksGRwjVpJRB3831qM9W4gKZsLwjHXA9x', network)
 describe('bitcoinjs-lib (CLTV)', function () {
  var hashType = bitcoin.Transaction.SIGHASH_ALL
  function cltvCheckSigInput (aQ, bQ, utcSeconds) {
    return bitcoin.script.compile([
      bitcoin.opcodes.OP_IF,
      bitcoin.script.number.encode(utcSeconds),
      bitcoin.opcodes.OP_CHECKLOCKTIMEVERIFY,
      bitcoin.opcodes.OP_DROP,
      bitcoin.opcodes.OP_ELSE,
      bQ.getPublicKeyBuffer(),
      bitcoin.opcodes.OP_CHECKSIGVERIFY,
      bitcoin.opcodes.OP_ENDIF,
      aQ.getPublicKeyBuffer(),
      bitcoin.opcodes.OP_CHECKSIG
    ])
  }
  function utcNow () {
    return Math.floor(Date.now() / 1000)
  }
  // expiry past, {Alice's signature} OP_TRUE
  it('where Alice can redeem after the expiry is past', function (done) {
    this.timeout(30000)
    // three hours ago
    var timeUtc = utcNow() - (3600 * 3)
    var redeemScript = cltvCheckSigInput(alice, bob, timeUtc)
    var scriptPubKey = bitcoin.script.scriptHashOutput(bitcoin.crypto.hash160(redeemScript))
    var address = bitcoin.address.fromOutputScript(scriptPubKey, network)
    // fund the P2SH(CLTV) address
    blockchain.t.faucet(address, 2e4, function (err, unspent) {
      if (err) return done(err)
      var tx = new bitcoin.TransactionBuilder(network)
      tx.setLockTime(timeUtc)
      tx.addInput(unspent.txId, 0, 0xfffffffe)
      tx.addOutput(alice.getAddress(), 1000)
      var txRaw = tx.buildIncomplete()
      var signatureHash = txRaw.hashForSignature(0, redeemScript, hashType)
      // {Alice's signature} OP_TRUE
      var redeemScriptSig = bitcoin.script.scriptHashInput([
        alice.sign(signatureHash).toScriptSignature(hashType),
        bitcoin.opcodes.OP_TRUE
      ], redeemScript)
      txRaw.setInputScript(0, redeemScriptSig)
      blockchain.t.transactions.propagate(txRaw.toHex(), done)
    })
  })
  // expiry ignored, {Bob's signature} {Alice's signature} OP_FALSE
  it('where Alice and Bob can redeem at any time', function (done) {
    this.timeout(30000)
    // two hours ago
    var timeUtc = utcNow() - (3600 * 2)
    var redeemScript = cltvCheckSigInput(alice, bob, timeUtc)
    var scriptPubKey = bitcoin.script.scriptHashOutput(bitcoin.crypto.hash160(redeemScript))
    var address = bitcoin.address.fromOutputScript(scriptPubKey, network)
    // fund the P2SH(CLTV) address
    blockchain.t.faucet(address, 2e4, function (err, unspent) {
      if (err) return done(err)
      var tx = new bitcoin.TransactionBuilder(network)
      tx.addInput(unspent.txId, 0, 0xfffffffe)
      tx.addOutput(alice.getAddress(), 1000)
      var txRaw = tx.buildIncomplete()
      var signatureHash = txRaw.hashForSignature(0, redeemScript, hashType)
      var redeemScriptSig = bitcoin.script.scriptHashInput([
        alice.sign(signatureHash).toScriptSignature(hashType),
        bob.sign(signatureHash).toScriptSignature(hashType),
        bitcoin.opcodes.OP_FALSE
      ], redeemScript)
      txRaw.setInputScript(0, redeemScriptSig)
      blockchain.t.transactions.propagate(txRaw.toHex(), done)
    })
  })
  // expiry in the future, {Alice's signature} OP_TRUE
  it('fails when still time-locked', function (done) {
    this.timeout(30000)
    // two hours from now
    var timeUtc = utcNow() + (3600 * 2)
    var redeemScript = cltvCheckSigInput(alice, bob, timeUtc)
    var scriptPubKey = bitcoin.script.scriptHashOutput(bitcoin.crypto.hash160(redeemScript))
    var address = bitcoin.address.fromOutputScript(scriptPubKey, network)
    // fund the P2SH(CLTV) address
    blockchain.t.faucet(address, 2e4, function (err, unspent) {
      if (err) return done(err)
      var tx = new bitcoin.TransactionBuilder(network)
      tx.setLockTime(timeUtc)
      tx.addInput(unspent.txId, 0, 0xfffffffe)
      tx.addOutput(alice.getAddress(), 1000)
      var txRaw = tx.buildIncomplete()
      var signatureHash = txRaw.hashForSignature(0, redeemScript, hashType)
      // {Alice's signature} OP_TRUE
      var redeemScriptSig = bitcoin.script.scriptHashInput([
        alice.sign(signatureHash).toScriptSignature(hashType),
        bitcoin.opcodes.OP_TRUE
      ], redeemScript)
      txRaw.setInputScript(0, redeemScriptSig)
      blockchain.t.transactions.propagate(txRaw.toHex(), function (err) {
        assert.throws(function () {
          if (err) throw err
        }, /Error: 64: non-final/)
        done()
      })
    })
  })
 })
--- a/test/integration/crypto.js
+++ b/test/integration/crypto.js
@ -11,46 +11,7 @@ var ecurve = require('ecurve')
 var secp256k1 = ecurve.getCurveByName('secp256k1')
 describe('bitcoinjs-lib (crypto)', function () {
-  it('can generate a single-key stealth address', function () {
+  it('can recover a BIP32 parent private key from the parent public key, and a derived, non-hardened child private key', function () {
    var G = secp256k1.G
    var n = secp256k1.n
    function stealthSend (Q) {
      var noncePair = bitcoin.ECPair.makeRandom()
      var e = noncePair.d
      var eQ = Q.multiply(e) // shared secret
      var c = bigi.fromBuffer(bitcoin.crypto.sha256(eQ.getEncoded()))
      var cG = G.multiply(c)
      var Qprime = Q.add(cG)
      return {
        shared: new bitcoin.ECPair(null, Qprime),
        nonce: noncePair.Q
      }
    }
    function stealthReceive (d, P) {
      var dP = P.multiply(d) // shared secret
      var c = bigi.fromBuffer(bitcoin.crypto.sha256(dP.getEncoded()))
      return new bitcoin.ECPair(d.add(c).mod(n))
    }
    // receiver private key
    var receiver = bitcoin.ECPair.fromWIF('5KYZdUEo39z3FPrtuX2QbbwGnNP5zTd7yyr2SC1j299sBCnWjss')
    var stealthS = stealthSend(receiver.Q) // public, done by sender
    // ... sender now reveals nonce to receiver
    var stealthR = stealthReceive(receiver.d, stealthS.nonce) // private, done by receiver
    // and check that we derived both sides correctly
    assert.equal(stealthS.shared.getAddress(), stealthR.getAddress())
  })
  // TODO
  it.skip('can generate a dual-key stealth address', function () {})
  it("can recover a parent private key from the parent's public key and a derived non-hardened child private key", function () {
    function recoverParent (master, child) {
      assert(!master.keyPair.d, 'You already have the parent private key')
      assert(child.keyPair.d, 'Missing child private key')
--- a/test/integration/stealth.js
+++ b/test/integration/stealth.js
@ -0,0 +1,49 @@
 /* global describe, it */
 var assert = require('assert')
 var bigi = require('bigi')
 var bitcoin = require('../../')
 var ecurve = require('ecurve')
 var secp256k1 = ecurve.getCurveByName('secp256k1')
 describe('bitcoinjs-lib (crypto)', function () {
  it('can generate a single-key stealth address', function () {
    var G = secp256k1.G
    var n = secp256k1.n
    function stealthSend (Q) {
      var noncePair = bitcoin.ECPair.makeRandom()
      var e = noncePair.d
      var eQ = Q.multiply(e) // shared secret
      var c = bigi.fromBuffer(bitcoin.crypto.sha256(eQ.getEncoded()))
      var cG = G.multiply(c)
      var Qprime = Q.add(cG)
      return {
        shared: new bitcoin.ECPair(null, Qprime),
        nonce: noncePair.Q
      }
    }
    function stealthReceive (d, P) {
      var dP = P.multiply(d) // shared secret
      var c = bigi.fromBuffer(bitcoin.crypto.sha256(dP.getEncoded()))
      return new bitcoin.ECPair(d.add(c).mod(n))
    }
    // receiver private key
    var receiver = bitcoin.ECPair.fromWIF('5KYZdUEo39z3FPrtuX2QbbwGnNP5zTd7yyr2SC1j299sBCnWjss')
    var stealthS = stealthSend(receiver.Q) // public, done by sender
    // ... sender now reveals nonce to receiver
    var stealthR = stealthReceive(receiver.d, stealthS.nonce) // private, done by receiver
    // and check that we derived both sides correctly
    assert.equal(stealthS.shared.getAddress(), stealthR.getAddress())
  })
  // TODO
  it.skip('can generate a dual-key stealth address', function () {})
 })