diff --git a/lib/client/Verifier.js b/lib/client/Verifier.js index 8ad79e3..dd01585 100644 --- a/lib/client/Verifier.js +++ b/lib/client/Verifier.js @@ -3,7 +3,7 @@ var _ = require('lodash'); var log = require('npmlog'); var Bitcore = require('bitcore'); -var BitcoinUtils = require('../bitcoinutils') +var WalletUtils = require('../walletutils') var SignUtils = require('../signutils'); /* @@ -13,7 +13,7 @@ var SignUtils = require('../signutils'); function Verifier(opts) {}; Verifier.checkAddress = function(data, address) { - var local = BitcoinUtils.deriveAddress(data.publicKeyRing, address.path, data.m, data.network); + var local = WalletUtils.deriveAddress(data.publicKeyRing, address.path, data.m, data.network); return (local.address == address.address && JSON.stringify(local.publicKeys) == JSON.stringify(address.publicKeys)); }; @@ -54,9 +54,9 @@ Verifier.checkCopayers = function(copayers, walletPrivKey, myXPrivKey, n) { Verifier.checkTxProposal = function(data, txp) { - var header = txp.toAddress + '|' + txp.amount + '|' + (txp.message || ''); + var hash = WalletUtils.getProposalHash(txp.toAddress, txp.amount, txp.message); var signingPubKey = Bitcore.PrivateKey.fromString(data.signingPrivKey).toPublicKey().toString(); - if (!SignUtils.verify(header, txp.proposalSignature, signingPubKey)) return false; + if (!SignUtils.verify(hash, txp.proposalSignature, signingPubKey)) return false; return Verifier.checkAddress(data, txp.changeAddress); }; diff --git a/lib/model/wallet.js b/lib/model/wallet.js index 6c91cdd..84c9cfa 100644 --- a/lib/model/wallet.js +++ b/lib/model/wallet.js @@ -8,7 +8,7 @@ var Uuid = require('uuid'); var Address = require('./address'); var Copayer = require('./copayer'); var AddressManager = require('./addressmanager'); -var BitcoinUtils = require('../bitcoinutils'); +var WalletUtils = require('../walletutils'); var VERSION = '1.0.0'; @@ -117,7 +117,7 @@ Wallet.prototype.createAddress = function(isChange) { $.checkState(this.isComplete()); var path = this.addressManager.getNewAddressPath(isChange); - return new Address(BitcoinUtils.deriveAddress(this.publicKeyRing, path, this.m, this.network)); + return new Address(WalletUtils.deriveAddress(this.publicKeyRing, path, this.m, this.network)); }; diff --git a/lib/server.js b/lib/server.js index b15ccf8..31b617a 100644 --- a/lib/server.js +++ b/lib/server.js @@ -17,6 +17,7 @@ var Explorers = require('bitcore-explorers'); var ClientError = require('./clienterror'); var Utils = require('./utils'); var Storage = require('./storage'); +var WalletUtils = require('./walletutils'); var SignUtils = require('./signutils'); var Wallet = require('./model/wallet'); @@ -464,8 +465,8 @@ CopayServer.prototype.createTx = function(opts, cb) { if (!wallet.isComplete()) return cb(new ClientError('Wallet is not complete')); var copayer = wallet.getCopayer(self.copayerId); - var msg = opts.toAddress + '|' + opts.amount + '|' + (opts.message || ''); - if (!self._verifySignature(msg, opts.proposalSignature, copayer.signingPubKey)) + var hash = WalletUtils.getProposalHash(opts.toAddress, opts.amount, opts.message); + if (!self._verifySignature(hash, opts.proposalSignature, copayer.signingPubKey)) return cb(new ClientError('Invalid proposal signature')); var toAddress; diff --git a/lib/bitcoinutils.js b/lib/walletutils.js similarity index 64% rename from lib/bitcoinutils.js rename to lib/walletutils.js index 2a29ea1..57ecf48 100644 --- a/lib/bitcoinutils.js +++ b/lib/walletutils.js @@ -1,12 +1,11 @@ - var _ = require('lodash'); var Bitcore = require('bitcore'); var BitcoreAddress = Bitcore.Address; -function BitcoinUtils () {}; +function WalletUtils() {}; -BitcoinUtils.deriveAddress = function(publicKeyRing, path, m, network) { +WalletUtils.deriveAddress = function(publicKeyRing, path, m, network) { var publicKeys = _.map(publicKeyRing, function(xPubKey) { var xpub = new Bitcore.HDPublicKey(xPubKey); @@ -22,4 +21,8 @@ BitcoinUtils.deriveAddress = function(publicKeyRing, path, m, network) { }; }; -module.exports = BitcoinUtils; +WalletUtils.getProposalHash = function(toAddress, amount, message) { + return toAddress + '|' + amount + '|' + (message || ''); +}; + +module.exports = WalletUtils; diff --git a/test/integration/server.js b/test/integration/server.js index ae8ee1c..fa9d7b2 100644 --- a/test/integration/server.js +++ b/test/integration/server.js @@ -11,6 +11,7 @@ var memdown = require('memdown'); var Bitcore = require('bitcore'); var Utils = require('../../lib/utils'); +var WalletUtils = require('../../lib/walletutils'); var SignUtils = require('../../lib/signutils'); var Storage = require('../../lib/storage'); @@ -176,9 +177,9 @@ helpers.createProposalOpts = function(toAddress, amount, message, signingKey) { message: message, proposalSignature: null, }; - var msg = opts.toAddress + '|' + opts.amount + '|' + (opts.message || ''); + var hash = WalletUtils.getProposalHash(opts.toAddress, opts.amount, opts.message); try { - opts.proposalSignature = SignUtils.sign(msg, signingKey); + opts.proposalSignature = SignUtils.sign(hash, signingKey); } catch (ex) {} return opts;