bitcoinjs-lib/src/message.js

/// Implements Bitcoin's feature for signing arbitrary messages.

var Address = require('./address')
var BufferExt = require('./buffer')
var crypto = require('./crypto')
var ecdsa = require('./ecdsa')
var ECPubKey = require('./eckey').ECPubKey

// FIXME: incompatible with other networks (Litecoin etc)
var magicBuffer = new Buffer('\x18Bitcoin Signed Message:\n')

function magicHash(message) {
  var mB = new Buffer(message)
  var mVI = new Buffer(BufferExt.varIntSize(mB.length))
  BufferExt.writeVarInt(mVI, mB.length, 0)

  var buffer = Buffer.concat([magicBuffer, mVI, mB])
  return crypto.hash256(buffer)
}

// TODO: parameterize compression instead of using ECKey.compressed
function sign(key, message) {
  var hash = magicHash(message)
  var sig = ecdsa.parseSig(key.sign(hash))
  var i = ecdsa.calcPubKeyRecoveryParam(key.pub.Q, sig.r, sig.s, hash)

  i += 27
  if (key.pub.compressed) {
    i += 4
  }

  var rB = sig.r.toBuffer(32)
  var sB = sig.s.toBuffer(32)

  return Buffer.concat([new Buffer([i]), rB, sB], 65)
}

// FIXME: stricter API?
function verify(address, sig, message) {
  if (typeof address === 'string') {
    address = Address.fromBase58Check(address)
  }

  sig = ecdsa.parseSigCompact(sig)

  var pubKey = new ECPubKey(ecdsa.recoverPubKey(sig.r, sig.s, magicHash(message), sig.i))
  pubKey.compressed = !!(sig.i & 4)

  return pubKey.getAddress(address.version).toString() === address.toString()
}

module.exports = {
  magicHash: magicHash,
  sign: sign,
  verify: verify
}
port message to common.js style and add tests 2013-03-02 12:28:13 -05:00			`/// Implements Bitcoin's feature for signing arbitrary messages.`

Adds version support to Message.verifyMessage 2014-03-28 16:20:46 +11:00			`var Address = require('./address')`
Removes redundant convert functions 2014-05-04 16:37:18 +10:00			`var BufferExt = require('./buffer')`
Migrates all usage of crypto-js/sha256 to ./crypto 2014-04-08 22:13:03 +10:00			`var crypto = require('./crypto')`
Adds version support to Message.verifyMessage 2014-03-28 16:20:46 +11:00			`var ecdsa = require('./ecdsa')`
Removes circular dependancy of ECKey 2014-03-29 17:44:03 +11:00			`var ECPubKey = require('./eckey').ECPubKey`
port message to common.js style and add tests 2013-03-02 12:28:13 -05:00
Removes redundant convert functions 2014-05-04 16:37:18 +10:00			`// FIXME: incompatible with other networks (Litecoin etc)`
			`var magicBuffer = new Buffer('\x18Bitcoin Signed Message:\n')`
Implement Bitcoin's method for arbitrary message signatures. 2012-08-16 00:25:06 +02:00
Changes Message.Message function names to Message. 2014-03-29 06:03:43 +11:00			`function magicHash(message) {`
Removes redundant convert functions 2014-05-04 16:37:18 +10:00			`var mB = new Buffer(message)`
			`var mVI = new Buffer(BufferExt.varIntSize(mB.length))`
			`BufferExt.writeVarInt(mVI, mB.length, 0)`
Implement Bitcoin's method for arbitrary message signatures. 2012-08-16 00:25:06 +02:00
Removes redundant convert functions 2014-05-04 16:37:18 +10:00			`var buffer = Buffer.concat([magicBuffer, mVI, mB])`
Migrates all usage of crypto-js/sha256 to ./crypto 2014-04-08 22:13:03 +10:00			`return crypto.hash256(buffer)`
Cleaning up message.js 2014-03-26 21:00:08 -04:00			`}`
Implement Bitcoin's method for arbitrary message signatures. 2012-08-16 00:25:06 +02:00
Changes Message.Message function names to Message. 2014-03-29 06:03:43 +11:00			`// TODO: parameterize compression instead of using ECKey.compressed`
			`function sign(key, message) {`
			`var hash = magicHash(message)`
Adds BI.toPaddedBuffer and toBuffer 2014-04-24 07:22:10 +10:00			`var sig = ecdsa.parseSig(key.sign(hash))`
			`var i = ecdsa.calcPubKeyRecoveryParam(key.pub.Q, sig.r, sig.s, hash)`
Implement Bitcoin's method for arbitrary message signatures. 2012-08-16 00:25:06 +02:00
Cleaning up message.js 2014-03-26 21:00:08 -04:00			`i += 27`
Migrates ECKey to stricter API 2014-04-17 19:08:16 +10:00			`if (key.pub.compressed) {`
Cleaning up message.js 2014-03-26 21:00:08 -04:00			`i += 4`
			`}`
Implement Bitcoin's method for arbitrary message signatures. 2012-08-16 00:25:06 +02:00
Removes toPaddedBuffer and extends toBuffer 2014-04-25 00:18:13 +10:00			`var rB = sig.r.toBuffer(32)`
			`var sB = sig.s.toBuffer(32)`
Implement Bitcoin's method for arbitrary message signatures. 2012-08-16 00:25:06 +02:00
Adds BI.toPaddedBuffer and toBuffer 2014-04-24 07:22:10 +10:00			`return Buffer.concat([new Buffer([i]), rB, sB], 65)`
Cleaning up message.js 2014-03-26 21:00:08 -04:00			`}`
Implement Bitcoin's method for arbitrary message signatures. 2012-08-16 00:25:06 +02:00
Uses typeof address === 'string' instead 2014-04-20 04:54:50 +10:00			`// FIXME: stricter API?`
Changes Message.Message function names to Message. 2014-03-29 06:03:43 +11:00			`function verify(address, sig, message) {`
Uses typeof address === 'string' instead 2014-04-20 04:54:50 +10:00			`if (typeof address === 'string') {`
Migrates Address to stricter API subset 2014-04-17 23:31:45 +10:00			`address = Address.fromBase58Check(address)`
			`}`

Now using Bytes consistently for signatures 2014-03-29 06:05:07 +11:00			`sig = ecdsa.parseSigCompact(sig)`
Implement Bitcoin's method for arbitrary message signatures. 2012-08-16 00:25:06 +02:00
Merge branch 'msgvers-patch2' of github.com:dcousens/bitcoinjs-lib into dcousens-msgvers-patch2 Conflicts: src/message.js 2014-03-31 10:08:25 +08:00			`var pubKey = new ECPubKey(ecdsa.recoverPubKey(sig.r, sig.s, magicHash(message), sig.i))`
Migrates ECKey to stricter API 2014-04-17 19:08:16 +10:00			`pubKey.compressed = !!(sig.i & 4)`
Implement Bitcoin's method for arbitrary message signatures. 2012-08-16 00:25:06 +02:00
Changes Message.Message function names to Message. 2014-03-29 06:03:43 +11:00			`return pubKey.getAddress(address.version).toString() === address.toString()`
Cleaning up message.js 2014-03-26 21:00:08 -04:00			`}`
Implement Bitcoin's method for arbitrary message signatures. 2012-08-16 00:25:06 +02:00
Changes Message.Message function names to Message. 2014-03-29 06:03:43 +11:00			`module.exports = {`
			`magicHash: magicHash,`
			`sign: sign,`
			`verify: verify`
			`}`