From 7ec046f797d132760dc558164cbc9434c7ebc3b7 Mon Sep 17 00:00:00 2001 From: Daniel Cousens Date: Sat, 29 Mar 2014 06:03:43 +1100 Subject: [PATCH 1/4] Changes Message.*Message function names to Message.* --- src/message.js | 38 ++++++++++++++++++-------------------- test/message.js | 30 +++++++++++++----------------- 2 files changed, 31 insertions(+), 37 deletions(-) diff --git a/src/message.js b/src/message.js index 998c751..9582dec 100644 --- a/src/message.js +++ b/src/message.js @@ -5,33 +5,28 @@ var convert = require('./convert') var ecdsa = require('./ecdsa') var SHA256 = require('crypto-js/sha256') -var Message = {} +// FIXME: magicHash is incompatible with other magic messages +var magicBytes = convert.stringToBytes('Bitcoin Signed Message:\n') -Message.magicPrefix = "Bitcoin Signed Message:\n" - -Message.makeMagicMessage = function (message) { - var magicBytes = convert.stringToBytes(Message.magicPrefix) +function magicHash(message) { var messageBytes = convert.stringToBytes(message) - return [].concat( + var buffer = [].concat( convert.numToVarInt(magicBytes.length), magicBytes, convert.numToVarInt(messageBytes.length), messageBytes ) -} - -Message.getHash = function (message) { - var buffer = Message.makeMagicMessage(message) return convert.wordArrayToBytes(SHA256(SHA256(convert.bytesToWordArray(buffer)))) } -Message.signMessage = function (key, message) { - var hash = Message.getHash(message) +// TODO: parameterize compression instead of using ECKey.compressed +function sign(key, message) { + var hash = magicHash(message) var sig = key.sign(hash) var obj = ecdsa.parseSig(sig) - var i = ecdsa.calcPubkeyRecoveryParam(key, obj.r, obj.s, hash) + var i = ecdsa.calcPubkeyRecoveryParam(key.getPub(), obj.r, obj.s, hash) i += 27 if (key.compressed) { @@ -50,18 +45,21 @@ Message.signMessage = function (key, message) { return convert.bytesToHex(sig) } -Message.verifyMessage = function (address, sig, message) { +function verify(address, sig, message) { + address = new Address(address) sig = ecdsa.parseSigCompact(convert.hexToBytes(sig)) - var hash = Message.getHash(message) - var isCompressed = !!(sig.i & 4) + var hash = magicHash(message) + var pubKey = ecdsa.recoverPubKey(sig.r, sig.s, hash, sig.i) pubKey.compressed = isCompressed - // Compare address to expected address - address = new Address(address) - return address.toString() === pubKey.getAddress(address.version).toString() + return pubKey.getAddress(address.version).toString() === address.toString() } -module.exports = Message +module.exports = { + magicHash: magicHash, + sign: sign, + verify: verify +} diff --git a/test/message.js b/test/message.js index 6d6a07a..ef60c9c 100644 --- a/test/message.js +++ b/test/message.js @@ -5,17 +5,13 @@ var ECKey = require('../src/eckey').ECKey var testnet = require('../src/network.js').testnet.addressVersion describe('Message', function() { - var msg + var msg = 'vires is numeris' - beforeEach(function(){ - msg = 'vires is numeris' - }) - - describe('verifyMessage', function(){ + describe('verify', function(){ it('works for mainnet address, messaged signed with uncompressed key', function() { var addr = '16UwLL9Risc3QfPqBUvKofHmBQ7wMtjvM'; var sig = '1bc25ac0fb503abc9bad23f558742740fafaec1f52deaaf106b9759a5ce84c93921c4a669c5ec3dfeb7e2d7d177a2f49db407900874f6de2f701a4c16783776d8d' - assert.ok(Message.verifyMessage(addr, sig, msg)); + assert.ok(Message.verify(addr, sig, msg)); verifyNegativeCases(addr, sig, msg) }) @@ -23,47 +19,47 @@ describe('Message', function() { var addr = 'mgdnNWji2bXYSi7E9c1DQBSp64kCemaS7V' var sig = '1feece860e952253ddf465cd1c5aea76ab16287aee093be6f67d196c39f5075436f0407a4e50694e6956c06108fab8608debf9554d75e57c110f7c512a6eb15d0a' - assert(Message.verifyMessage(addr, sig, msg)) + assert(Message.verify(addr, sig, msg)) verifyNegativeCases(addr, sig, msg) }) function verifyNegativeCases(addr, sig, msg){ var wrongMsg = 'vires in numeris' - assert.ok(!Message.verifyMessage(addr, sig, wrongMsg)); + assert.ok(!Message.verify(addr, sig, wrongMsg)); var wrongAddress = new ECKey(null).getAddress() - assert.ok(!Message.verifyMessage(wrongAddress, sig, msg)); + assert.ok(!Message.verify(wrongAddress, sig, msg)); } }) - describe('signMessage', function() { + describe('sign', function() { describe('uncompressed key', function(){ it('works', function(){ var key = new ECKey(null) - var sig = Message.signMessage(key, msg); + var sig = Message.sign(key, msg); var addr = key.getAddress() - assert(Message.verifyMessage(addr, sig, msg)); + assert(Message.verify(addr, sig, msg)); }) }) describe('compressed key', function(){ it('works', function(){ var key = new ECKey(null, true) - var sig = Message.signMessage(key, msg); + var sig = Message.sign(key, msg); var addr = key.getAddress() - assert(Message.verifyMessage(addr, sig, msg)); + assert(Message.verify(addr, sig, msg)); }) }) describe('testnet address', function(){ it('works', function(){ var key = new ECKey(null) - var sig = Message.signMessage(key, msg); + var sig = Message.sign(key, msg); var addr = key.getAddress(testnet) - assert(Message.verifyMessage(addr, sig, msg)); + assert(Message.verify(addr, sig, msg)); }) }) }) From 38f09b49e9311d998bdd946e22d858a6bea5b73e Mon Sep 17 00:00:00 2001 From: Daniel Cousens Date: Sat, 29 Mar 2014 06:05:07 +1100 Subject: [PATCH 2/4] Now using Bytes consistently for signatures --- src/message.js | 4 ++-- test/message.js | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/message.js b/src/message.js index 9582dec..56a4324 100644 --- a/src/message.js +++ b/src/message.js @@ -42,12 +42,12 @@ function sign(key, message) { sig = [i].concat(rBa, sBa) - return convert.bytesToHex(sig) + return sig } function verify(address, sig, message) { address = new Address(address) - sig = ecdsa.parseSigCompact(convert.hexToBytes(sig)) + sig = ecdsa.parseSigCompact(sig) var isCompressed = !!(sig.i & 4) var hash = magicHash(message) diff --git a/test/message.js b/test/message.js index ef60c9c..81c1bbe 100644 --- a/test/message.js +++ b/test/message.js @@ -10,14 +10,14 @@ describe('Message', function() { describe('verify', function(){ it('works for mainnet address, messaged signed with uncompressed key', function() { var addr = '16UwLL9Risc3QfPqBUvKofHmBQ7wMtjvM'; - var sig = '1bc25ac0fb503abc9bad23f558742740fafaec1f52deaaf106b9759a5ce84c93921c4a669c5ec3dfeb7e2d7d177a2f49db407900874f6de2f701a4c16783776d8d' + var sig = convert.hexToBytes('1bc25ac0fb503abc9bad23f558742740fafaec1f52deaaf106b9759a5ce84c93921c4a669c5ec3dfeb7e2d7d177a2f49db407900874f6de2f701a4c16783776d8d') assert.ok(Message.verify(addr, sig, msg)); verifyNegativeCases(addr, sig, msg) }) it('works for testnet address, message signed with compressed key', function() { var addr = 'mgdnNWji2bXYSi7E9c1DQBSp64kCemaS7V' - var sig = '1feece860e952253ddf465cd1c5aea76ab16287aee093be6f67d196c39f5075436f0407a4e50694e6956c06108fab8608debf9554d75e57c110f7c512a6eb15d0a' + var sig = convert.hexToBytes('1feece860e952253ddf465cd1c5aea76ab16287aee093be6f67d196c39f5075436f0407a4e50694e6956c06108fab8608debf9554d75e57c110f7c512a6eb15d0a') assert(Message.verify(addr, sig, msg)) verifyNegativeCases(addr, sig, msg) From 78e91e8648ac61fdd1c5fa74c91a7290b4d80746 Mon Sep 17 00:00:00 2001 From: Daniel Cousens Date: Sat, 29 Mar 2014 05:52:15 +1100 Subject: [PATCH 3/4] Further isolates failure tests and joins [un]/compressed key tests --- src/message.js | 2 +- test/message.js | 87 +++++++++++++++++++++++++++---------------------- 2 files changed, 49 insertions(+), 40 deletions(-) diff --git a/src/message.js b/src/message.js index 56a4324..47dc342 100644 --- a/src/message.js +++ b/src/message.js @@ -26,7 +26,7 @@ function sign(key, message) { var hash = magicHash(message) var sig = key.sign(hash) var obj = ecdsa.parseSig(sig) - var i = ecdsa.calcPubkeyRecoveryParam(key.getPub(), obj.r, obj.s, hash) + var i = ecdsa.calcPubkeyRecoveryParam(key.getPub(key.compressed), obj.r, obj.s, hash) i += 27 if (key.compressed) { diff --git a/test/message.js b/test/message.js index 81c1bbe..0a565b3 100644 --- a/test/message.js +++ b/test/message.js @@ -1,65 +1,74 @@ -var assert = require('assert'); -var Message = require('../src/message') -var convert = require('../src/convert') +var assert = require('assert') +var convert = require('../').convert var ECKey = require('../src/eckey').ECKey -var testnet = require('../src/network.js').testnet.addressVersion +var Message = require('../').Message +var testnet = require('../').network.testnet.addressVersion describe('Message', function() { var msg = 'vires is numeris' - describe('verify', function(){ - it('works for mainnet address, messaged signed with uncompressed key', function() { - var addr = '16UwLL9Risc3QfPqBUvKofHmBQ7wMtjvM'; - var sig = convert.hexToBytes('1bc25ac0fb503abc9bad23f558742740fafaec1f52deaaf106b9759a5ce84c93921c4a669c5ec3dfeb7e2d7d177a2f49db407900874f6de2f701a4c16783776d8d') - assert.ok(Message.verify(addr, sig, msg)); - verifyNegativeCases(addr, sig, msg) + describe('verify', function() { + var addr = '16UwLL9Risc3QfPqBUvKofHmBQ7wMtjvM' // uncompressed + var caddr = '1PMycacnJaSqwwJqjawXBErnLsZ7RkXUAs' // compressed + + var sig = convert.hexToBytes('1bc25ac0fb503abc9bad23f558742740fafaec1f52deaaf106b9759a5ce84c93921c4a669c5ec3dfeb7e2d7d177a2f49db407900874f6de2f701a4c16783776d8d') + var csig = convert.hexToBytes('1fc25ac0fb503abc9bad23f558742740fafaec1f52deaaf106b9759a5ce84c93921c4a669c5ec3dfeb7e2d7d177a2f49db407900874f6de2f701a4c16783776d8d') + + it('can verify a signed message', function() { + assert.ok(Message.verify(addr, sig, msg)) + assert.ok(Message.verify(caddr, csig, msg)) }) - it('works for testnet address, message signed with compressed key', function() { - var addr = 'mgdnNWji2bXYSi7E9c1DQBSp64kCemaS7V' - var sig = convert.hexToBytes('1feece860e952253ddf465cd1c5aea76ab16287aee093be6f67d196c39f5075436f0407a4e50694e6956c06108fab8608debf9554d75e57c110f7c512a6eb15d0a') - - assert(Message.verify(addr, sig, msg)) - verifyNegativeCases(addr, sig, msg) + it('will fail for the wrong message', function() { + assert.ok(!Message.verify(addr, sig, 'foobar')) + assert.ok(!Message.verify(caddr, csig, 'foobar')) }) - function verifyNegativeCases(addr, sig, msg){ - var wrongMsg = 'vires in numeris' - assert.ok(!Message.verify(addr, sig, wrongMsg)); + it('will fail for the wrong public key', function() { + assert.ok(!Message.verify('1MsHWS1BnwMc3tLE8G35UXsS58fKipzB7a', sig, msg)) + assert.ok(!Message.verify('1Q1pE5vPGEEMqRcVRMbtBK842Y6Pzo6nK9', csig, msg)) + }) - var wrongAddress = new ECKey(null).getAddress() - assert.ok(!Message.verify(wrongAddress, sig, msg)); - } + it('supports alternate network addresses', function() { + var taddr = 'mxnQZKxSKjzaMgrdXzk35rif3u62TLDrg9' + var tsig = convert.base64ToBytes('IGucnrTku3KLCCHUMwq9anawfrlN8RK1HWMN+10LhsHJeysBdWfj5ohJcS/+oqrlVFNvEgbgEeAQUL6r3sZwnj8=') + + assert.ok(Message.verify(taddr, tsig, msg)) + assert.ok(!Message.verify(taddr, tsig, 'foobar')) + }) + + it('does not cross verify (compressed/uncompressed)', function() { + assert.ok(!Message.verify(addr, csig, msg)) + assert.ok(!Message.verify(caddr, sig, msg)) + }) }) - describe('sign', function() { - describe('uncompressed key', function(){ - it('works', function(){ - var key = new ECKey(null) - var sig = Message.sign(key, msg); + describe('signing', function() { + var key = new ECKey(null) // uncompressed - var addr = key.getAddress() - assert(Message.verify(addr, sig, msg)); - }) - }) + describe('using the uncompressed public key', function(){ + it('gives same signature as a compressed public key', function() { + var sig = Message.sign(key, msg) - describe('compressed key', function(){ - it('works', function(){ - var key = new ECKey(null, true) - var sig = Message.sign(key, msg); + var compressedKey = new ECKey(key, true) // compressed clone + var csig = Message.sign(compressedKey, msg) // FIXME: bad compression support - var addr = key.getAddress() - assert(Message.verify(addr, sig, msg)); + var addr = key.getPub().getAddress() + var caddr = compressedKey.getPub().getAddress() + assert.ok(Message.verify(addr, sig, msg)) + assert.ok(Message.verify(caddr, csig, msg)) + assert.notDeepEqual(sig.slice(0, 2), csig.slice(0, 2)) // unequal compression flags + assert.deepEqual(sig.slice(2), csig.slice(2)) // equal signatures }) }) describe('testnet address', function(){ it('works', function(){ var key = new ECKey(null) - var sig = Message.sign(key, msg); + var sig = Message.sign(key, msg) var addr = key.getAddress(testnet) - assert(Message.verify(addr, sig, msg)); + assert(Message.verify(addr, sig, msg)) }) }) }) From c521add619df4ff77f89073ab423adc7355e1422 Mon Sep 17 00:00:00 2001 From: Daniel Cousens Date: Mon, 31 Mar 2014 08:21:38 +1100 Subject: [PATCH 4/4] Moves shared constants initialization to beforeEach --- test/message.js | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/test/message.js b/test/message.js index 0a565b3..9e257b5 100644 --- a/test/message.js +++ b/test/message.js @@ -5,14 +5,22 @@ var Message = require('../').Message var testnet = require('../').network.testnet.addressVersion describe('Message', function() { - var msg = 'vires is numeris' + var msg + + beforeEach(function() { + msg = 'vires is numeris' + }) describe('verify', function() { - var addr = '16UwLL9Risc3QfPqBUvKofHmBQ7wMtjvM' // uncompressed - var caddr = '1PMycacnJaSqwwJqjawXBErnLsZ7RkXUAs' // compressed + var addr, sig, caddr, csig - var sig = convert.hexToBytes('1bc25ac0fb503abc9bad23f558742740fafaec1f52deaaf106b9759a5ce84c93921c4a669c5ec3dfeb7e2d7d177a2f49db407900874f6de2f701a4c16783776d8d') - var csig = convert.hexToBytes('1fc25ac0fb503abc9bad23f558742740fafaec1f52deaaf106b9759a5ce84c93921c4a669c5ec3dfeb7e2d7d177a2f49db407900874f6de2f701a4c16783776d8d') + beforeEach(function() { + addr = '16UwLL9Risc3QfPqBUvKofHmBQ7wMtjvM' // uncompressed + caddr = '1PMycacnJaSqwwJqjawXBErnLsZ7RkXUAs' // compressed + + sig = convert.hexToBytes('1bc25ac0fb503abc9bad23f558742740fafaec1f52deaaf106b9759a5ce84c93921c4a669c5ec3dfeb7e2d7d177a2f49db407900874f6de2f701a4c16783776d8d') + csig = convert.hexToBytes('1fc25ac0fb503abc9bad23f558742740fafaec1f52deaaf106b9759a5ce84c93921c4a669c5ec3dfeb7e2d7d177a2f49db407900874f6de2f701a4c16783776d8d') + }) it('can verify a signed message', function() { assert.ok(Message.verify(addr, sig, msg)) @@ -44,10 +52,9 @@ describe('Message', function() { }) describe('signing', function() { - var key = new ECKey(null) // uncompressed - describe('using the uncompressed public key', function(){ it('gives same signature as a compressed public key', function() { + var key = new ECKey(null) // uncompressed var sig = Message.sign(key, msg) var compressedKey = new ECKey(key, true) // compressed clone