From 7ec046f797d132760dc558164cbc9434c7ebc3b7 Mon Sep 17 00:00:00 2001
From: Daniel Cousens <daniel210x@gmail.com>
Date: Sat, 29 Mar 2014 06:03:43 +1100
Subject: [PATCH 1/4] Changes Message.*Message function names to Message.*
---
src/message.js | 38 ++++++++++++++++++--------------------
test/message.js | 30 +++++++++++++-----------------
2 files changed, 31 insertions(+), 37 deletions(-)
diff --git a/src/message.js b/src/message.js
index 998c751..9582dec 100644
--- a/src/message.js
+++ b/src/message.js
@@ -5,33 +5,28 @@ var convert = require('./convert')
var ecdsa = require('./ecdsa')
var SHA256 = require('crypto-js/sha256')
-var Message = {}
+// FIXME: magicHash is incompatible with other magic messages
+var magicBytes = convert.stringToBytes('Bitcoin Signed Message:\n')
-Message.magicPrefix = "Bitcoin Signed Message:\n"
-
-Message.makeMagicMessage = function (message) {
- var magicBytes = convert.stringToBytes(Message.magicPrefix)
+function magicHash(message) {
var messageBytes = convert.stringToBytes(message)
- return [].concat(
+ var buffer = [].concat(
convert.numToVarInt(magicBytes.length),
magicBytes,
convert.numToVarInt(messageBytes.length),
messageBytes
)
-}
-
-Message.getHash = function (message) {
- var buffer = Message.makeMagicMessage(message)
return convert.wordArrayToBytes(SHA256(SHA256(convert.bytesToWordArray(buffer))))
}
-Message.signMessage = function (key, message) {
- var hash = Message.getHash(message)
+// TODO: parameterize compression instead of using ECKey.compressed
+function sign(key, message) {
+ var hash = magicHash(message)
var sig = key.sign(hash)
var obj = ecdsa.parseSig(sig)
- var i = ecdsa.calcPubkeyRecoveryParam(key, obj.r, obj.s, hash)
+ var i = ecdsa.calcPubkeyRecoveryParam(key.getPub(), obj.r, obj.s, hash)
i += 27
if (key.compressed) {
@@ -50,18 +45,21 @@ Message.signMessage = function (key, message) {
return convert.bytesToHex(sig)
}
-Message.verifyMessage = function (address, sig, message) {
+function verify(address, sig, message) {
+ address = new Address(address)
sig = ecdsa.parseSigCompact(convert.hexToBytes(sig))
- var hash = Message.getHash(message)
-
var isCompressed = !!(sig.i & 4)
+ var hash = magicHash(message)
+
var pubKey = ecdsa.recoverPubKey(sig.r, sig.s, hash, sig.i)
pubKey.compressed = isCompressed
- // Compare address to expected address
- address = new Address(address)
- return address.toString() === pubKey.getAddress(address.version).toString()
+ return pubKey.getAddress(address.version).toString() === address.toString()
}
-module.exports = Message
+module.exports = {
+ magicHash: magicHash,
+ sign: sign,
+ verify: verify
+}
diff --git a/test/message.js b/test/message.js
index 6d6a07a..ef60c9c 100644
--- a/test/message.js
+++ b/test/message.js
@@ -5,17 +5,13 @@ var ECKey = require('../src/eckey').ECKey
var testnet = require('../src/network.js').testnet.addressVersion
describe('Message', function() {
- var msg
+ var msg = 'vires is numeris'
- beforeEach(function(){
- msg = 'vires is numeris'
- })
-
- describe('verifyMessage', function(){
+ describe('verify', function(){
it('works for mainnet address, messaged signed with uncompressed key', function() {
var addr = '16UwLL9Risc3QfPqBUvKofHmBQ7wMtjvM';
var sig = '1bc25ac0fb503abc9bad23f558742740fafaec1f52deaaf106b9759a5ce84c93921c4a669c5ec3dfeb7e2d7d177a2f49db407900874f6de2f701a4c16783776d8d'
- assert.ok(Message.verifyMessage(addr, sig, msg));
+ assert.ok(Message.verify(addr, sig, msg));
verifyNegativeCases(addr, sig, msg)
})
@@ -23,47 +19,47 @@ describe('Message', function() {
var addr = 'mgdnNWji2bXYSi7E9c1DQBSp64kCemaS7V'
var sig = '1feece860e952253ddf465cd1c5aea76ab16287aee093be6f67d196c39f5075436f0407a4e50694e6956c06108fab8608debf9554d75e57c110f7c512a6eb15d0a'
- assert(Message.verifyMessage(addr, sig, msg))
+ assert(Message.verify(addr, sig, msg))
verifyNegativeCases(addr, sig, msg)
})
function verifyNegativeCases(addr, sig, msg){
var wrongMsg = 'vires in numeris'
- assert.ok(!Message.verifyMessage(addr, sig, wrongMsg));
+ assert.ok(!Message.verify(addr, sig, wrongMsg));
var wrongAddress = new ECKey(null).getAddress()
- assert.ok(!Message.verifyMessage(wrongAddress, sig, msg));
+ assert.ok(!Message.verify(wrongAddress, sig, msg));
}
})
- describe('signMessage', function() {
+ describe('sign', function() {
describe('uncompressed key', function(){
it('works', function(){
var key = new ECKey(null)
- var sig = Message.signMessage(key, msg);
+ var sig = Message.sign(key, msg);
var addr = key.getAddress()
- assert(Message.verifyMessage(addr, sig, msg));
+ assert(Message.verify(addr, sig, msg));
})
})
describe('compressed key', function(){
it('works', function(){
var key = new ECKey(null, true)
- var sig = Message.signMessage(key, msg);
+ var sig = Message.sign(key, msg);
var addr = key.getAddress()
- assert(Message.verifyMessage(addr, sig, msg));
+ assert(Message.verify(addr, sig, msg));
})
})
describe('testnet address', function(){
it('works', function(){
var key = new ECKey(null)
- var sig = Message.signMessage(key, msg);
+ var sig = Message.sign(key, msg);
var addr = key.getAddress(testnet)
- assert(Message.verifyMessage(addr, sig, msg));
+ assert(Message.verify(addr, sig, msg));
})
})
})
From 38f09b49e9311d998bdd946e22d858a6bea5b73e Mon Sep 17 00:00:00 2001
From: Daniel Cousens <daniel210x@gmail.com>
Date: Sat, 29 Mar 2014 06:05:07 +1100
Subject: [PATCH 2/4] Now using Bytes consistently for signatures
---
src/message.js | 4 ++--
test/message.js | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/message.js b/src/message.js
index 9582dec..56a4324 100644
--- a/src/message.js
+++ b/src/message.js
@@ -42,12 +42,12 @@ function sign(key, message) {
sig = [i].concat(rBa, sBa)
- return convert.bytesToHex(sig)
+ return sig
}
function verify(address, sig, message) {
address = new Address(address)
- sig = ecdsa.parseSigCompact(convert.hexToBytes(sig))
+ sig = ecdsa.parseSigCompact(sig)
var isCompressed = !!(sig.i & 4)
var hash = magicHash(message)
diff --git a/test/message.js b/test/message.js
index ef60c9c..81c1bbe 100644
--- a/test/message.js
+++ b/test/message.js
@@ -10,14 +10,14 @@ describe('Message', function() {
describe('verify', function(){
it('works for mainnet address, messaged signed with uncompressed key', function() {
var addr = '16UwLL9Risc3QfPqBUvKofHmBQ7wMtjvM';
- var sig = '1bc25ac0fb503abc9bad23f558742740fafaec1f52deaaf106b9759a5ce84c93921c4a669c5ec3dfeb7e2d7d177a2f49db407900874f6de2f701a4c16783776d8d'
+ var sig = convert.hexToBytes('1bc25ac0fb503abc9bad23f558742740fafaec1f52deaaf106b9759a5ce84c93921c4a669c5ec3dfeb7e2d7d177a2f49db407900874f6de2f701a4c16783776d8d')
assert.ok(Message.verify(addr, sig, msg));
verifyNegativeCases(addr, sig, msg)
})
it('works for testnet address, message signed with compressed key', function() {
var addr = 'mgdnNWji2bXYSi7E9c1DQBSp64kCemaS7V'
- var sig = '1feece860e952253ddf465cd1c5aea76ab16287aee093be6f67d196c39f5075436f0407a4e50694e6956c06108fab8608debf9554d75e57c110f7c512a6eb15d0a'
+ var sig = convert.hexToBytes('1feece860e952253ddf465cd1c5aea76ab16287aee093be6f67d196c39f5075436f0407a4e50694e6956c06108fab8608debf9554d75e57c110f7c512a6eb15d0a')
assert(Message.verify(addr, sig, msg))
verifyNegativeCases(addr, sig, msg)
From 78e91e8648ac61fdd1c5fa74c91a7290b4d80746 Mon Sep 17 00:00:00 2001
From: Daniel Cousens <daniel210x@gmail.com>
Date: Sat, 29 Mar 2014 05:52:15 +1100
Subject: [PATCH 3/4] Further isolates failure tests and joins [un]/compressed
key tests
---
src/message.js | 2 +-
test/message.js | 87 +++++++++++++++++++++++++++----------------------
2 files changed, 49 insertions(+), 40 deletions(-)
diff --git a/src/message.js b/src/message.js
index 56a4324..47dc342 100644
--- a/src/message.js
+++ b/src/message.js
@@ -26,7 +26,7 @@ function sign(key, message) {
var hash = magicHash(message)
var sig = key.sign(hash)
var obj = ecdsa.parseSig(sig)
- var i = ecdsa.calcPubkeyRecoveryParam(key.getPub(), obj.r, obj.s, hash)
+ var i = ecdsa.calcPubkeyRecoveryParam(key.getPub(key.compressed), obj.r, obj.s, hash)
i += 27
if (key.compressed) {
diff --git a/test/message.js b/test/message.js
index 81c1bbe..0a565b3 100644
--- a/test/message.js
+++ b/test/message.js
@@ -1,65 +1,74 @@
-var assert = require('assert');
-var Message = require('../src/message')
-var convert = require('../src/convert')
+var assert = require('assert')
+var convert = require('../').convert
var ECKey = require('../src/eckey').ECKey
-var testnet = require('../src/network.js').testnet.addressVersion
+var Message = require('../').Message
+var testnet = require('../').network.testnet.addressVersion
describe('Message', function() {
var msg = 'vires is numeris'
- describe('verify', function(){
- it('works for mainnet address, messaged signed with uncompressed key', function() {
- var addr = '16UwLL9Risc3QfPqBUvKofHmBQ7wMtjvM';
- var sig = convert.hexToBytes('1bc25ac0fb503abc9bad23f558742740fafaec1f52deaaf106b9759a5ce84c93921c4a669c5ec3dfeb7e2d7d177a2f49db407900874f6de2f701a4c16783776d8d')
- assert.ok(Message.verify(addr, sig, msg));
- verifyNegativeCases(addr, sig, msg)
+ describe('verify', function() {
+ var addr = '16UwLL9Risc3QfPqBUvKofHmBQ7wMtjvM' // uncompressed
+ var caddr = '1PMycacnJaSqwwJqjawXBErnLsZ7RkXUAs' // compressed
+
+ var sig = convert.hexToBytes('1bc25ac0fb503abc9bad23f558742740fafaec1f52deaaf106b9759a5ce84c93921c4a669c5ec3dfeb7e2d7d177a2f49db407900874f6de2f701a4c16783776d8d')
+ var csig = convert.hexToBytes('1fc25ac0fb503abc9bad23f558742740fafaec1f52deaaf106b9759a5ce84c93921c4a669c5ec3dfeb7e2d7d177a2f49db407900874f6de2f701a4c16783776d8d')
+
+ it('can verify a signed message', function() {
+ assert.ok(Message.verify(addr, sig, msg))
+ assert.ok(Message.verify(caddr, csig, msg))
})
- it('works for testnet address, message signed with compressed key', function() {
- var addr = 'mgdnNWji2bXYSi7E9c1DQBSp64kCemaS7V'
- var sig = convert.hexToBytes('1feece860e952253ddf465cd1c5aea76ab16287aee093be6f67d196c39f5075436f0407a4e50694e6956c06108fab8608debf9554d75e57c110f7c512a6eb15d0a')
-
- assert(Message.verify(addr, sig, msg))
- verifyNegativeCases(addr, sig, msg)
+ it('will fail for the wrong message', function() {
+ assert.ok(!Message.verify(addr, sig, 'foobar'))
+ assert.ok(!Message.verify(caddr, csig, 'foobar'))
})
- function verifyNegativeCases(addr, sig, msg){
- var wrongMsg = 'vires in numeris'
- assert.ok(!Message.verify(addr, sig, wrongMsg));
+ it('will fail for the wrong public key', function() {
+ assert.ok(!Message.verify('1MsHWS1BnwMc3tLE8G35UXsS58fKipzB7a', sig, msg))
+ assert.ok(!Message.verify('1Q1pE5vPGEEMqRcVRMbtBK842Y6Pzo6nK9', csig, msg))
+ })
- var wrongAddress = new ECKey(null).getAddress()
- assert.ok(!Message.verify(wrongAddress, sig, msg));
- }
+ it('supports alternate network addresses', function() {
+ var taddr = 'mxnQZKxSKjzaMgrdXzk35rif3u62TLDrg9'
+ var tsig = convert.base64ToBytes('IGucnrTku3KLCCHUMwq9anawfrlN8RK1HWMN+10LhsHJeysBdWfj5ohJcS/+oqrlVFNvEgbgEeAQUL6r3sZwnj8=')
+
+ assert.ok(Message.verify(taddr, tsig, msg))
+ assert.ok(!Message.verify(taddr, tsig, 'foobar'))
+ })
+
+ it('does not cross verify (compressed/uncompressed)', function() {
+ assert.ok(!Message.verify(addr, csig, msg))
+ assert.ok(!Message.verify(caddr, sig, msg))
+ })
})
- describe('sign', function() {
- describe('uncompressed key', function(){
- it('works', function(){
- var key = new ECKey(null)
- var sig = Message.sign(key, msg);
+ describe('signing', function() {
+ var key = new ECKey(null) // uncompressed
- var addr = key.getAddress()
- assert(Message.verify(addr, sig, msg));
- })
- })
+ describe('using the uncompressed public key', function(){
+ it('gives same signature as a compressed public key', function() {
+ var sig = Message.sign(key, msg)
- describe('compressed key', function(){
- it('works', function(){
- var key = new ECKey(null, true)
- var sig = Message.sign(key, msg);
+ var compressedKey = new ECKey(key, true) // compressed clone
+ var csig = Message.sign(compressedKey, msg) // FIXME: bad compression support
- var addr = key.getAddress()
- assert(Message.verify(addr, sig, msg));
+ var addr = key.getPub().getAddress()
+ var caddr = compressedKey.getPub().getAddress()
+ assert.ok(Message.verify(addr, sig, msg))
+ assert.ok(Message.verify(caddr, csig, msg))
+ assert.notDeepEqual(sig.slice(0, 2), csig.slice(0, 2)) // unequal compression flags
+ assert.deepEqual(sig.slice(2), csig.slice(2)) // equal signatures
})
})
describe('testnet address', function(){
it('works', function(){
var key = new ECKey(null)
- var sig = Message.sign(key, msg);
+ var sig = Message.sign(key, msg)
var addr = key.getAddress(testnet)
- assert(Message.verify(addr, sig, msg));
+ assert(Message.verify(addr, sig, msg))
})
})
})
From c521add619df4ff77f89073ab423adc7355e1422 Mon Sep 17 00:00:00 2001
From: Daniel Cousens <daniel210x@gmail.com>
Date: Mon, 31 Mar 2014 08:21:38 +1100
Subject: [PATCH 4/4] Moves shared constants initialization to beforeEach
---
test/message.js | 21 ++++++++++++++-------
1 file changed, 14 insertions(+), 7 deletions(-)
diff --git a/test/message.js b/test/message.js
index 0a565b3..9e257b5 100644
--- a/test/message.js
+++ b/test/message.js
@@ -5,14 +5,22 @@ var Message = require('../').Message
var testnet = require('../').network.testnet.addressVersion
describe('Message', function() {
- var msg = 'vires is numeris'
+ var msg
+
+ beforeEach(function() {
+ msg = 'vires is numeris'
+ })
describe('verify', function() {
- var addr = '16UwLL9Risc3QfPqBUvKofHmBQ7wMtjvM' // uncompressed
- var caddr = '1PMycacnJaSqwwJqjawXBErnLsZ7RkXUAs' // compressed
+ var addr, sig, caddr, csig
- var sig = convert.hexToBytes('1bc25ac0fb503abc9bad23f558742740fafaec1f52deaaf106b9759a5ce84c93921c4a669c5ec3dfeb7e2d7d177a2f49db407900874f6de2f701a4c16783776d8d')
- var csig = convert.hexToBytes('1fc25ac0fb503abc9bad23f558742740fafaec1f52deaaf106b9759a5ce84c93921c4a669c5ec3dfeb7e2d7d177a2f49db407900874f6de2f701a4c16783776d8d')
+ beforeEach(function() {
+ addr = '16UwLL9Risc3QfPqBUvKofHmBQ7wMtjvM' // uncompressed
+ caddr = '1PMycacnJaSqwwJqjawXBErnLsZ7RkXUAs' // compressed
+
+ sig = convert.hexToBytes('1bc25ac0fb503abc9bad23f558742740fafaec1f52deaaf106b9759a5ce84c93921c4a669c5ec3dfeb7e2d7d177a2f49db407900874f6de2f701a4c16783776d8d')
+ csig = convert.hexToBytes('1fc25ac0fb503abc9bad23f558742740fafaec1f52deaaf106b9759a5ce84c93921c4a669c5ec3dfeb7e2d7d177a2f49db407900874f6de2f701a4c16783776d8d')
+ })
it('can verify a signed message', function() {
assert.ok(Message.verify(addr, sig, msg))
@@ -44,10 +52,9 @@ describe('Message', function() {
})
describe('signing', function() {
- var key = new ECKey(null) // uncompressed
-
describe('using the uncompressed public key', function(){
it('gives same signature as a compressed public key', function() {
+ var key = new ECKey(null) // uncompressed
var sig = Message.sign(key, msg)
var compressedKey = new ECKey(key, true) // compressed clone