diff --git a/README.md b/README.md index 0001848fb..abc1b5188 100644 --- a/README.md +++ b/README.md @@ -100,11 +100,9 @@ The below examples are implemented as integration tests, they should be very eas - [Generate a random address](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/basic.js#L9) - [Generate a address from a SHA256 hash](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/basic.js#L20) -- [Generate a address and WIF for Litecoin](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/basic.js#L30) -- [Import an address via WIF](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/basic.js#L44) -- [Create a Transaction](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/basic.js#L51) -- [Sign a Bitcoin message](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/advanced.js#L8) -- [Verify a Bitcoin message](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/advanced.js#L16) +- [Generate a address and WIF for Litecoin](https://github.com/bitcoin/bitcoinjs-lib/blob/master/test/integration/basic.js#L29) +- [Import an address via WIF](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/basic.js#L43) +- [Create a Transaction](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/basic.js#L50) - [Create an OP RETURN transaction](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/advanced.js#L24) - [Create a 2-of-3 multisig P2SH address](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/multisig.js#L9) - [Spend from a 2-of-4 multisig P2SH address](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/multisig.js#L25) diff --git a/src/ecdsa.js b/src/ecdsa.js index 103095dbd..ae4a369c0 100644 --- a/src/ecdsa.js +++ b/src/ecdsa.js @@ -154,93 +154,8 @@ function verify (hash, signature, Q) { return v.equals(r) } -/** - * Recover a public key from a signature. - * - * See SEC 1: Elliptic Curve Cryptography, section 4.1.6, "Public - * Key Recovery Operation". - * - * http://www.secg.org/download/aid-780/sec1-v2.pdf - */ -function recoverPubKey (e, signature, i) { - typeforce(types.tuple( - types.BigInt, - types.ECSignature, - types.UInt2 - ), arguments) - - var n = secp256k1.n - var G = secp256k1.G - var r = signature.r - var s = signature.s - - if (r.signum() <= 0 || r.compareTo(n) >= 0) throw new Error('Invalid r value') - if (s.signum() <= 0 || s.compareTo(n) >= 0) throw new Error('Invalid s value') - - // A set LSB signifies that the y-coordinate is odd - var isYOdd = i & 1 - - // The more significant bit specifies whether we should use the - // first or second candidate key. - var isSecondKey = i >> 1 - - // 1.1 Let x = r + jn - var x = isSecondKey ? r.add(n) : r - var R = secp256k1.pointFromX(isYOdd, x) - - // 1.4 Check that nR is at infinity - var nR = R.multiply(n) - if (!secp256k1.isInfinity(nR)) throw new Error('nR is not a valid curve point') - - // Compute r^-1 - var rInv = r.modInverse(n) - - // Compute -e from e - var eNeg = e.negate().mod(n) - - // 1.6.1 Compute Q = r^-1 (sR - eG) - // Q = r^-1 (sR + -eG) - var Q = R.multiplyTwo(s, G, eNeg).multiply(rInv) - - secp256k1.validate(Q) - - return Q -} - -/** - * Calculate pubkey extraction parameter. - * - * When extracting a pubkey from a signature, we have to - * distinguish four different cases. Rather than putting this - * burden on the verifier, Bitcoin includes a 2-bit value with the - * signature. - * - * This function simply tries all four cases and returns the value - * that resulted in a successful pubkey recovery. - */ -function calcPubKeyRecoveryParam (e, signature, Q) { - typeforce(types.tuple( - types.BigInt, - types.ECSignature, - types.ECPoint - ), arguments) - - for (var i = 0; i < 4; i++) { - var Qprime = recoverPubKey(e, signature, i) - - // 1.6.2 Verify Q - if (Qprime.equals(Q)) { - return i - } - } - - throw new Error('Unable to find valid recovery factor') -} - module.exports = { - calcPubKeyRecoveryParam: calcPubKeyRecoveryParam, deterministicGenerateK: deterministicGenerateK, - recoverPubKey: recoverPubKey, sign: sign, verify: verify, diff --git a/src/index.js b/src/index.js index ed9d56270..25b3da51c 100644 --- a/src/index.js +++ b/src/index.js @@ -9,7 +9,6 @@ module.exports = { address: require('./address'), bufferutils: require('./bufferutils'), crypto: require('./crypto'), - message: require('./message'), networks: require('./networks'), opcodes: require('./opcodes.json'), script: require('./script') diff --git a/src/message.js b/src/message.js deleted file mode 100644 index 29fe7dc8b..000000000 --- a/src/message.js +++ /dev/null @@ -1,54 +0,0 @@ -var bufferutils = require('./bufferutils') -var bcrypto = require('./crypto') -var ecdsa = require('./ecdsa') -var networks = require('./networks') - -var BigInteger = require('bigi') -var ECPair = require('./ecpair') -var ECSignature = require('./ecsignature') - -function magicHash (message, network) { - var messagePrefix = new Buffer(network.messagePrefix) - var messageBuffer = new Buffer(message) - var lengthBuffer = bufferutils.varIntBuffer(messageBuffer.length) - - var buffer = Buffer.concat([messagePrefix, lengthBuffer, messageBuffer]) - return bcrypto.hash256(buffer) -} - -function sign (keyPair, message, network) { - network = network || networks.bitcoin - - var hash = magicHash(message, network) - var signature = keyPair.sign(hash) - var e = BigInteger.fromBuffer(hash) - var i = ecdsa.calcPubKeyRecoveryParam(e, signature, keyPair.Q) - - return signature.toCompact(i, keyPair.compressed) -} - -function verify (address, signature, message, network) { - if (!Buffer.isBuffer(signature)) { - signature = new Buffer(signature, 'base64') - } - - network = network || networks.bitcoin - - var hash = magicHash(message, network) - var parsed = ECSignature.parseCompact(signature) - var e = BigInteger.fromBuffer(hash) - var Q = ecdsa.recoverPubKey(e, parsed.signature, parsed.i) - - var keyPair = new ECPair(null, Q, { - compressed: parsed.compressed, - network: network - }) - - return keyPair.getAddress() === address -} - -module.exports = { - magicHash: magicHash, - sign: sign, - verify: verify -} diff --git a/test/ecdsa.js b/test/ecdsa.js index db7c8b36d..f6e141048 100644 --- a/test/ecdsa.js +++ b/test/ecdsa.js @@ -3,8 +3,6 @@ var assert = require('assert') var bcrypto = require('../src/crypto') var ecdsa = require('../src/ecdsa') -var message = require('../src/message') -var networks = require('../src/networks') var sinon = require('sinon') var BigInteger = require('bigi') @@ -83,55 +81,6 @@ describe('ecdsa', function () { }) }) - describe('recoverPubKey', function () { - fixtures.valid.ecdsa.forEach(function (f) { - it('recovers the pubKey for ' + f.d, function () { - var d = BigInteger.fromHex(f.d) - var Q = curve.G.multiply(d) - var signature = ECSignature.fromDER(new Buffer(f.signature, 'hex')) - var h1 = bcrypto.sha256(f.message) - var e = BigInteger.fromBuffer(h1) - var Qprime = ecdsa.recoverPubKey(e, signature, f.i) - - assert(Qprime.equals(Q)) - }) - }) - - describe('with i ∈ {0,1,2,3}', function () { - var hash = message.magicHash('1111', networks.bitcoin) - var e = BigInteger.fromBuffer(hash) - - var signatureBuffer = new Buffer('INcvXVVEFyIfHLbDX+xoxlKFn3Wzj9g0UbhObXdMq+YMKC252o5RHFr0/cKdQe1WsBLUBi4morhgZ77obDJVuV0=', 'base64') - var signature = ECSignature.parseCompact(signatureBuffer).signature - var points = [ - '03e3a8c44a8bf712f1fbacee274fb19c0239b1a9e877eff0075ea335f2be8ff380', - '0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798', - '03d49e765f0bc27525c51a1b98fb1c99dacd59abe85a203af90f758260550b56c5', - '027eea09d46ac7fb6aa2e96f9c576677214ffdc238eb167734a9b39d1eb4c3d30d' - ] - - points.forEach(function (expectedHex, i) { - it('recovers an expected point for i of ' + i, function () { - var Qprime = ecdsa.recoverPubKey(e, signature, i) - var QprimeHex = Qprime.getEncoded().toString('hex') - - assert.strictEqual(QprimeHex, expectedHex) - }) - }) - }) - - fixtures.invalid.recoverPubKey.forEach(function (f) { - it('throws on ' + f.description + ' (' + f.exception + ')', function () { - var e = BigInteger.fromHex(f.e) - var signature = new ECSignature(new BigInteger(f.signatureRaw.r, 16), new BigInteger(f.signatureRaw.s, 16)) - - assert.throws(function () { - ecdsa.recoverPubKey(e, signature, f.i) - }, new RegExp(f.exception)) - }) - }) - }) - describe('sign', function () { fixtures.valid.ecdsa.forEach(function (f) { it('produces a deterministic signature for "' + f.message + '"', function () { diff --git a/test/fixtures/ecdsa.json b/test/fixtures/ecdsa.json index 404759d1e..bd2fc3c8e 100644 --- a/test/fixtures/ecdsa.json +++ b/test/fixtures/ecdsa.json @@ -125,78 +125,6 @@ ] }, "invalid": { - "recoverPubKey": [ - { - "description": "Invalid r value (< 0)", - "exception": "Invalid r value", - "e": "01", - "signatureRaw": { - "r": "-01", - "s": "02" - }, - "i": 0 - }, - { - "description": "Invalid r value (== 0)", - "exception": "Invalid r value", - "e": "01", - "signatureRaw": { - "r": "00", - "s": "02" - }, - "i": 0 - }, - { - "description": "Invalid s value (< 0)", - "exception": "Invalid s value", - "e": "01", - "signatureRaw": { - "r": "02", - "s": "-01" - }, - "i": 0 - }, - { - "description": "Invalid s value (== 0)", - "exception": "Invalid s value", - "e": "01", - "signatureRaw": { - "r": "02", - "s": "00" - }, - "i": 0 - }, - { - "description": "Invalid r value (nR is infinity)", - "exception": "nR is not a valid curve point", - "e": "01", - "signatureRaw": { - "r": "fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140", - "s": "01" - }, - "i": 0 - }, - { - "description": "Invalid curve point", - "exception": "Point is not on the curve", - "e": "01", - "signatureRaw": { - "r": "4b3b4ca85a86c47a098a223fffffffff", - "s": "01" - }, - "i": 0 - }, - { - "description": "Invalid i value (> 3)", - "exception": "Expected property \"2\" of type UInt2, got Number 4", - "e": "01", - "signatureRaw": { - "r": "00", - "s": "02" - }, - "i": 4 - } - ], "verify": [ { "description": "The wrong signature", diff --git a/test/fixtures/message.json b/test/fixtures/message.json deleted file mode 100644 index efedb4d1f..000000000 --- a/test/fixtures/message.json +++ /dev/null @@ -1,86 +0,0 @@ -{ - "valid": { - "magicHash": [ - { - "network": "bitcoin", - "message": "", - "magicHash": "80e795d4a4caadd7047af389d9f7f220562feb6196032e2131e10563352c4bcc" - }, - { - "network": "bitcoin", - "message": "Vires is Numeris", - "magicHash": "f8a5affbef4a3241b19067aa694562f64f513310817297089a8929a930f4f933" - }, - { - "network": "dogecoin", - "message": "Vires is Numeris", - "magicHash": "c0963d20d0accd0ea0df6c1020bf85a7e629a40e7b5363f2c3e9dcafd5638f12" - } - ], - "verify": [ - { - "message": "vires is numeris", - "network": "bitcoin", - "address": "16UwLL9Risc3QfPqBUvKofHmBQ7wMtjvM", - "signature": "G8JawPtQOrybrSP1WHQnQPr67B9S3qrxBrl1mlzoTJOSHEpmnF7D3+t+LX0Xei9J20B5AIdPbeL3AaTBZ4N3bY0=", - "compressed": { - "address": "1PMycacnJaSqwwJqjawXBErnLsZ7RkXUAs", - "signature": "H8JawPtQOrybrSP1WHQnQPr67B9S3qrxBrl1mlzoTJOSHEpmnF7D3+t+LX0Xei9J20B5AIdPbeL3AaTBZ4N3bY0=" - } - }, - { - "message": "vires is numeris", - "network": "dogecoin", - "address": "DFpN6QqFfUm3gKNaxN6tNcab1FArL9cZLE", - "signature": "H6k+dZwJ8oOei3PCSpdj603fDvhlhQ+sqaFNIDvo/bI+Xh6zyIKGzZpyud6YhZ1a5mcrwMVtTWL+VXq/hC5Zj7s=" - } - ], - "signing": [ - { - "description": "gives equal r, s values irrespective of point compression", - "message": "vires is numeris", - "network": "bitcoin", - "d": "1", - "signature": "HF8nHqFr3K2UKYahhX3soVeoW8W1ECNbr0wfck7lzyXjCS5Q16Ek45zyBuy1Fiy9sTPKVgsqqOuPvbycuVSSVl8=", - "compressed": { - "signature": "IF8nHqFr3K2UKYahhX3soVeoW8W1ECNbr0wfck7lzyXjCS5Q16Ek45zyBuy1Fiy9sTPKVgsqqOuPvbycuVSSVl8=" - } - }, - { - "description": "supports alternative networks", - "message": "vires is numeris", - "network": "dogecoin", - "d": "1", - "signature": "G6k+dZwJ8oOei3PCSpdj603fDvhlhQ+sqaFNIDvo/bI+Xh6zyIKGzZpyud6YhZ1a5mcrwMVtTWL+VXq/hC5Zj7s=" - } - ] - }, - "invalid": { - "verify": [ - { - "description": "will fail for the wrong message", - "message": "foobar", - "address": "16UwLL9Risc3QfPqBUvKofHmBQ7wMtjvM", - "signature": "G8JawPtQOrybrSP1WHQnQPr67B9S3qrxBrl1mlzoTJOSHEpmnF7D3+t+LX0Xei9J20B5AIdPbeL3AaTBZ4N3bY0=" - }, - { - "description": "will fail for the wrong address", - "message": "vires is numeris", - "address": "1111111111111111111114oLvT2", - "signature": "H8JawPtQOrybrSP1WHQnQPr67B9S3qrxBrl1mlzoTJOSHEpmnF7D3+t+LX0Xei9J20B5AIdPbeL3AaTBZ4N3bY0=" - }, - { - "description": "does not cross verify (uncompressed address, compressed signature)", - "message": "vires is numeris", - "address": "16UwLL9Risc3QfPqBUvKofHmBQ7wMtjvM", - "signature": "H8JawPtQOrybrSP1WHQnQPr67B9S3qrxBrl1mlzoTJOSHEpmnF7D3+t+LX0Xei9J20B5AIdPbeL3AaTBZ4N3bY0=" - }, - { - "description": "does not cross verify (compressed address, uncompressed signature)", - "message": "vires is numeris", - "address": "1PMycacnJaSqwwJqjawXBErnLsZ7RkXUAs", - "signature": "G8JawPtQOrybrSP1WHQnQPr67B9S3qrxBrl1mlzoTJOSHEpmnF7D3+t+LX0Xei9J20B5AIdPbeL3AaTBZ4N3bY0=" - } - ] - } -} diff --git a/test/integration/advanced.js b/test/integration/advanced.js index c231266dd..e90a10468 100644 --- a/test/integration/advanced.js +++ b/test/integration/advanced.js @@ -1,28 +1,11 @@ /* global describe, it */ -var assert = require('assert') var bitcoin = require('../../') var blockchain = require('./_blockchain') describe('bitcoinjs-lib (advanced)', function () { - it('can sign a Bitcoin message', function () { - var keyPair = bitcoin.ECPair.fromWIF('5KYZdUEo39z3FPrtuX2QbbwGnNP5zTd7yyr2SC1j299sBCnWjss') - var message = 'This is an example of a signed message.' - - var signature = bitcoin.message.sign(keyPair, message) - assert.strictEqual(signature.toString('base64'), 'G9L5yLFjti0QTHhPyFrZCT1V/MMnBtXKmoiKDZ78NDBjERki6ZTQZdSMCtkgoNmp17By9ItJr8o7ChX0XxY91nk=') - }) - - it('can verify a Bitcoin message', function () { - var address = '1HZwkjkeaoZfTSaJxDw6aKkxp45agDiEzN' - var signature = 'HJLQlDWLyb1Ef8bQKEISzFbDAKctIlaqOpGbrk3YVtRsjmC61lpE5ErkPRUFtDKtx98vHFGUWlFhsh3DiW6N0rE' - var message = 'This is an example of a signed message.' - - assert(bitcoin.message.verify(address, signature, message)) - }) - - it('can create a transaction using OP_RETURN', function (done) { - this.timeout(30000) + it('can create an OP_RETURN transaction', function (done) { + this.timeout(20000) var network = bitcoin.networks.testnet var keyPair = bitcoin.ECPair.makeRandom({ network: network }) diff --git a/test/message.js b/test/message.js deleted file mode 100644 index fb116b0d1..000000000 --- a/test/message.js +++ /dev/null @@ -1,64 +0,0 @@ -/* global describe, it */ - -var assert = require('assert') -var message = require('../src/message') -var networks = require('../src/networks') - -var BigInteger = require('bigi') -var ECPair = require('../src/ecpair') - -var fixtures = require('./fixtures/message.json') - -describe('message', function () { - describe('magicHash', function () { - fixtures.valid.magicHash.forEach(function (f) { - it('produces the correct magicHash for "' + f.message + '" (' + f.network + ')', function () { - var network = networks[f.network] - var actual = message.magicHash(f.message, network) - - assert.strictEqual(actual.toString('hex'), f.magicHash) - }) - }) - }) - - describe('verify', function () { - fixtures.valid.verify.forEach(function (f) { - it('verifies a valid signature for "' + f.message + '" (' + f.network + ')', function () { - var network = networks[f.network] - - assert(message.verify(f.address, f.signature, f.message, network)) - - if (f.compressed) { - assert(message.verify(f.compressed.address, f.compressed.signature, f.message, network)) - } - }) - }) - - fixtures.invalid.verify.forEach(function (f) { - it(f.description, function () { - assert(!message.verify(f.address, f.signature, f.message)) - }) - }) - }) - - describe('signing', function () { - fixtures.valid.signing.forEach(function (f) { - it(f.description, function () { - var network = networks[f.network] - - var keyPair = new ECPair(new BigInteger(f.d), null, { - compressed: false - }) - var signature = message.sign(keyPair, f.message, network) - assert.strictEqual(signature.toString('base64'), f.signature) - - if (f.compressed) { - var compressedPrivKey = new ECPair(new BigInteger(f.d)) - var compressedSignature = message.sign(compressedPrivKey, f.message) - - assert.strictEqual(compressedSignature.toString('base64'), f.compressed.signature) - } - }) - }) - }) -})