2013-03-02 18:28:13 +01:00
|
|
|
/// Implements Bitcoin's feature for signing arbitrary messages.
|
|
|
|
|
|
2014-03-28 06:20:46 +01:00
|
|
|
var Address = require('./address')
|
2014-05-04 08:37:18 +02:00
|
|
|
var BufferExt = require('./buffer')
|
2014-04-08 14:13:03 +02:00
|
|
|
var crypto = require('./crypto')
|
2014-03-28 06:20:46 +01:00
|
|
|
var ecdsa = require('./ecdsa')
|
2014-03-29 07:44:03 +01:00
|
|
|
var ECPubKey = require('./eckey').ECPubKey
|
2013-03-02 18:28:13 +01:00
|
|
|
|
2014-05-04 08:37:18 +02:00
|
|
|
// FIXME: incompatible with other networks (Litecoin etc)
|
2014-05-04 23:44:51 +02:00
|
|
|
var MAGIC_PREFIX = new Buffer('\x18Bitcoin Signed Message:\n')
|
2012-08-16 00:25:06 +02:00
|
|
|
|
2014-03-28 20:03:43 +01:00
|
|
|
function magicHash(message) {
|
2014-05-04 23:44:51 +02:00
|
|
|
var messageBuffer = new Buffer(message)
|
|
|
|
|
var lengthBuffer = new Buffer(BufferExt.varIntSize(messageBuffer.length))
|
|
|
|
|
BufferExt.writeVarInt(lengthBuffer, messageBuffer.length, 0)
|
2012-08-16 00:25:06 +02:00
|
|
|
|
2014-05-04 23:44:51 +02:00
|
|
|
var buffer = Buffer.concat([
|
|
|
|
|
MAGIC_PREFIX, lengthBuffer, messageBuffer
|
|
|
|
|
])
|
2014-04-08 14:13:03 +02:00
|
|
|
return crypto.hash256(buffer)
|
2014-03-27 02:00:08 +01:00
|
|
|
}
|
2012-08-16 00:25:06 +02:00
|
|
|
|
2014-03-28 20:03:43 +01:00
|
|
|
// TODO: parameterize compression instead of using ECKey.compressed
|
|
|
|
|
function sign(key, message) {
|
|
|
|
|
var hash = magicHash(message)
|
2014-04-23 23:22:10 +02:00
|
|
|
var sig = ecdsa.parseSig(key.sign(hash))
|
|
|
|
|
var i = ecdsa.calcPubKeyRecoveryParam(key.pub.Q, sig.r, sig.s, hash)
|
2012-08-16 00:25:06 +02:00
|
|
|
|
2014-03-27 02:00:08 +01:00
|
|
|
i += 27
|
2014-04-17 11:08:16 +02:00
|
|
|
if (key.pub.compressed) {
|
2014-03-27 02:00:08 +01:00
|
|
|
i += 4
|
|
|
|
|
}
|
2012-08-16 00:25:06 +02:00
|
|
|
|
2014-04-24 16:18:13 +02:00
|
|
|
var rB = sig.r.toBuffer(32)
|
|
|
|
|
var sB = sig.s.toBuffer(32)
|
2012-08-16 00:25:06 +02:00
|
|
|
|
2014-04-23 23:22:10 +02:00
|
|
|
return Buffer.concat([new Buffer([i]), rB, sB], 65)
|
2014-03-27 02:00:08 +01:00
|
|
|
}
|
2012-08-16 00:25:06 +02:00
|
|
|
|
2014-04-19 20:54:50 +02:00
|
|
|
// FIXME: stricter API?
|
2014-03-28 20:03:43 +01:00
|
|
|
function verify(address, sig, message) {
|
2014-04-19 20:54:50 +02:00
|
|
|
if (typeof address === 'string') {
|
2014-04-17 15:31:45 +02:00
|
|
|
address = Address.fromBase58Check(address)
|
|
|
|
|
}
|
|
|
|
|
|
2014-03-28 20:05:07 +01:00
|
|
|
sig = ecdsa.parseSigCompact(sig)
|
2012-08-16 00:25:06 +02:00
|
|
|
|
2014-03-31 04:08:25 +02:00
|
|
|
var pubKey = new ECPubKey(ecdsa.recoverPubKey(sig.r, sig.s, magicHash(message), sig.i))
|
2014-04-17 11:08:16 +02:00
|
|
|
pubKey.compressed = !!(sig.i & 4)
|
2012-08-16 00:25:06 +02:00
|
|
|
|
2014-03-28 20:03:43 +01:00
|
|
|
return pubKey.getAddress(address.version).toString() === address.toString()
|
2014-03-27 02:00:08 +01:00
|
|
|
}
|
2012-08-16 00:25:06 +02:00
|
|
|
|
2014-03-28 20:03:43 +01:00
|
|
|
module.exports = {
|
|
|
|
|
magicHash: magicHash,
|
|
|
|
|
sign: sign,
|
|
|
|
|
verify: verify
|
|
|
|
|
}
|
