2013-03-02 18:28:13 +01:00
|
|
|
/// Implements Bitcoin's feature for signing arbitrary messages.
|
|
|
|
|
|
|
|
var Crypto = require('./crypto-js/crypto');
|
|
|
|
var ecdsa = require('./ecdsa');
|
|
|
|
var conv = require('./convert');
|
|
|
|
var util = require('./util');
|
|
|
|
|
2013-02-17 06:39:15 +01:00
|
|
|
var Message = {};
|
2012-08-16 00:25:06 +02:00
|
|
|
|
2013-02-17 06:39:15 +01:00
|
|
|
Message.magicPrefix = "Bitcoin Signed Message:\n";
|
2012-08-16 00:25:06 +02:00
|
|
|
|
2013-02-17 06:39:15 +01:00
|
|
|
Message.makeMagicMessage = function (message) {
|
2013-11-19 05:47:56 +01:00
|
|
|
var magicBytes = conv.stringToBytes(Message.magicPrefix);
|
|
|
|
var messageBytes = conv.stringToBytes(message);
|
2012-08-16 00:25:06 +02:00
|
|
|
|
2013-02-17 06:39:15 +01:00
|
|
|
var buffer = [];
|
2013-03-02 18:28:13 +01:00
|
|
|
buffer = buffer.concat(util.numToVarInt(magicBytes.length));
|
2013-02-17 06:39:15 +01:00
|
|
|
buffer = buffer.concat(magicBytes);
|
2013-03-02 18:28:13 +01:00
|
|
|
buffer = buffer.concat(util.numToVarInt(messageBytes.length));
|
2013-02-17 06:39:15 +01:00
|
|
|
buffer = buffer.concat(messageBytes);
|
2012-08-16 00:25:06 +02:00
|
|
|
|
2013-02-17 06:39:15 +01:00
|
|
|
return buffer;
|
|
|
|
};
|
2012-08-16 00:25:06 +02:00
|
|
|
|
2013-02-17 06:39:15 +01:00
|
|
|
Message.getHash = function (message) {
|
|
|
|
var buffer = Message.makeMagicMessage(message);
|
|
|
|
return Crypto.SHA256(Crypto.SHA256(buffer, {asBytes: true}), {asBytes: true});
|
|
|
|
};
|
2012-08-16 00:25:06 +02:00
|
|
|
|
2014-03-11 18:26:40 +01:00
|
|
|
Message.signMessage = function (key, message) {
|
2013-02-17 06:39:15 +01:00
|
|
|
var hash = Message.getHash(message);
|
2012-08-16 00:25:06 +02:00
|
|
|
|
2013-02-17 06:39:15 +01:00
|
|
|
var sig = key.sign(hash);
|
2012-08-16 00:25:06 +02:00
|
|
|
|
2013-03-02 18:28:13 +01:00
|
|
|
var obj = ecdsa.parseSig(sig);
|
2012-08-16 00:25:06 +02:00
|
|
|
|
2013-11-28 20:01:55 +01:00
|
|
|
var i = ecdsa.calcPubkeyRecoveryParam(key, obj.r, obj.s, hash);
|
2012-08-16 00:25:06 +02:00
|
|
|
|
2013-02-17 06:39:15 +01:00
|
|
|
i += 27;
|
2014-03-11 18:26:40 +01:00
|
|
|
if (key.compressed) i += 4;
|
2012-08-16 00:25:06 +02:00
|
|
|
|
2013-02-17 06:39:15 +01:00
|
|
|
var rBa = obj.r.toByteArrayUnsigned();
|
|
|
|
var sBa = obj.s.toByteArrayUnsigned();
|
2012-08-16 00:25:06 +02:00
|
|
|
|
2013-02-17 06:39:15 +01:00
|
|
|
// Pad to 32 bytes per value
|
|
|
|
while (rBa.length < 32) rBa.unshift(0);
|
|
|
|
while (sBa.length < 32) sBa.unshift(0);
|
2012-08-16 00:25:06 +02:00
|
|
|
|
2013-02-17 06:39:15 +01:00
|
|
|
sig = [i].concat(rBa).concat(sBa);
|
2012-08-16 00:25:06 +02:00
|
|
|
|
2013-10-07 21:27:19 +02:00
|
|
|
return conv.bytesToHex(sig);
|
2013-02-17 06:39:15 +01:00
|
|
|
};
|
2012-08-16 00:25:06 +02:00
|
|
|
|
2013-02-17 06:39:15 +01:00
|
|
|
Message.verifyMessage = function (address, sig, message) {
|
2013-10-07 21:27:19 +02:00
|
|
|
sig = conv.hexToBytes(sig);
|
2013-03-02 18:28:13 +01:00
|
|
|
sig = ecdsa.parseSigCompact(sig);
|
2012-08-16 00:25:06 +02:00
|
|
|
|
2013-02-17 06:39:15 +01:00
|
|
|
var hash = Message.getHash(message);
|
2012-08-16 00:25:06 +02:00
|
|
|
|
2013-02-17 06:39:15 +01:00
|
|
|
var isCompressed = !!(sig.i & 4);
|
2013-03-02 18:28:13 +01:00
|
|
|
var pubKey = ecdsa.recoverPubKey(sig.r, sig.s, hash, sig.i);
|
2012-08-16 00:25:06 +02:00
|
|
|
|
2013-02-17 06:39:15 +01:00
|
|
|
var expectedAddress = pubKey.getBitcoinAddress().toString();
|
2012-08-16 00:25:06 +02:00
|
|
|
|
2013-02-17 06:39:15 +01:00
|
|
|
return (address === expectedAddress);
|
|
|
|
};
|
2012-08-16 00:25:06 +02:00
|
|
|
|
2013-02-17 06:39:15 +01:00
|
|
|
module.exports = Message;
|