replace ECKey/ECPubKey with ECPair

2015-03-02 16:48:36 +11:00 · 2015-03-02 16:48:36 +11:00 · 4c8b0f38ea
commit 4c8b0f38ea
parent 31832293dd
20 changed files with 266 additions and 670 deletions
--- a/src/hdnode.js
+++ b/src/hdnode.js
@ -6,8 +6,7 @@ var typeForce = require('typeforce')
 var networks = require('./networks')

 var BigInteger = require('bigi')
-var ECKey = require('./eckey')
-var ECPubKey = require('./ecpubkey')
+var ECPair = require('./ecpair')

 var ecurve = require('ecurve')
 var curve = ecurve.getCurveByName('secp256k1')
@ -24,32 +23,19 @@ function findBIP32NetworkByVersion (version) {
  assert(false, 'Could not find network for ' + version.toString(16))
 }

-function HDNode (K, chainCode, network) {
-  network = network || networks.bitcoin
-
+function HDNode (keyPair, chainCode) {
+  typeForce('ECPair', keyPair)
  typeForce('Buffer', chainCode)

  assert.equal(chainCode.length, 32, 'Expected chainCode length of 32, got ' + chainCode.length)
-  assert(network.bip32, 'Unknown BIP32 constants for network')
+  assert('bip32' in keyPair.network, 'Unknown BIP32 constants for network')
+  assert.equal(keyPair.compressed, true, 'BIP32 only allows compressed keyPairs')

+  this.keyPair = keyPair
  this.chainCode = chainCode
  this.depth = 0
  this.index = 0
  this.parentFingerprint = 0x00000000
-  this.network = network
-
-  if (K instanceof BigInteger) {
-    this.privKey = new ECKey(K, true)
-    this.pubKey = this.privKey.pub
-  } else if (K instanceof ECKey) {
-    assert(K.pub.compressed, 'ECKey must be compressed')
-    this.privKey = K
-  } else if (K instanceof ECPubKey) {
-    assert(K.compressed, 'ECPubKey must be compressed')
-    this.pubKey = K
-  } else {
-    this.pubKey = new ECPubKey(K, true)
-  }
 }

 HDNode.MASTER_SECRET = new Buffer('Bitcoin seed')
@ -67,10 +53,13 @@ HDNode.fromSeedBuffer = function (seed, network) {
  var IR = I.slice(32)

  // In case IL is 0 or >= n, the master key is invalid
-  // This is handled by `new ECKey` in the HDNode constructor
+  // This is handled by the ECPair constructor
  var pIL = BigInteger.fromBuffer(IL)
+  var keyPair = new ECPair(pIL, null, {
+    network: network
+  })

-  return new HDNode(pIL, IR, network)
+  return new HDNode(keyPair, IR)
 }

 HDNode.fromSeedHex = function (hex, network) {
@ -108,14 +97,17 @@ HDNode.fromBase58 = function (string, network) {

  // 32 bytes: the chain code
  var chainCode = buffer.slice(13, 45)
-  var data, hd
+  var data, keyPair

-  // 33 bytes: private key data (0x00 + k)
+    // 33 bytes: private key data (0x00 + k)
  if (version === network.bip32.private) {
    assert.strictEqual(buffer.readUInt8(45), 0x00, 'Invalid private key')
    data = buffer.slice(46, 78)
    var d = BigInteger.fromBuffer(data)
-    hd = new HDNode(d, chainCode, network)
+
+    keyPair = new ECPair(d, null, {
+      network: network
+    })

  // 33 bytes: public key data (0x02 + X or 0x03 + X)
  } else {
@ -127,9 +119,12 @@ HDNode.fromBase58 = function (string, network) {
    // If not, the extended public key is invalid.
    curve.validate(Q)

-    hd = new HDNode(Q, chainCode, network)
+    keyPair = new ECPair(null, Q, {
+      network: network
+    })
  }

+  var hd = new HDNode(keyPair, chainCode)
  hd.depth = depth
  hd.index = index
  hd.parentFingerprint = parentFingerprint
@ -138,7 +133,7 @@ HDNode.fromBase58 = function (string, network) {
 }

 HDNode.prototype.getIdentifier = function () {
-  return bcrypto.hash160(this.pubKey.toBuffer())
+  return bcrypto.hash160(this.keyPair.getPublicKeyBuffer())
 }

 HDNode.prototype.getFingerprint = function () {
@ -146,11 +141,15 @@ HDNode.prototype.getFingerprint = function () {
 }

 HDNode.prototype.getAddress = function () {
-  return this.pubKey.getAddress(this.network)
+  return this.keyPair.getAddress()
 }

 HDNode.prototype.neutered = function () {
-  var neutered = new HDNode(this.pubKey.Q, this.chainCode, this.network)
+  var neuteredKeyPair = new ECPair(null, this.keyPair.Q, {
+    network: this.keyPair.network
+  })
+
+  var neutered = new HDNode(neuteredKeyPair, this.chainCode)
  neutered.depth = this.depth
  neutered.index = this.index
  neutered.parentFingerprint = this.parentFingerprint
@ -162,7 +161,8 @@ HDNode.prototype.toBase58 = function (__isPrivate) {
  assert.strictEqual(__isPrivate, undefined, 'Unsupported argument in 2.0.0')

  // Version
-  var version = this.privKey ? this.network.bip32.private : this.network.bip32.public
+  var network = this.keyPair.network
+  var version = this.keyPair.d ? network.bip32.private : network.bip32.public
  var buffer = new Buffer(HDNode.LENGTH)

  // 4 bytes: version bytes
@ -182,16 +182,16 @@ HDNode.prototype.toBase58 = function (__isPrivate) {
  // 32 bytes: the chain code
  this.chainCode.copy(buffer, 13)

-  // 33 bytes: the private key, or
-  if (this.privKey) {
+  // 33 bytes: the public key or private key data
+  if (this.keyPair.d) {
    // 0x00 + k for private keys
    buffer.writeUInt8(0, 45)
-    this.privKey.d.toBuffer(32).copy(buffer, 46)
+    this.keyPair.d.toBuffer(32).copy(buffer, 46)

  // 33 bytes: the public key
  } else {
    // X9.62 encoding for public keys
-    this.pubKey.toBuffer().copy(buffer, 45)
+    this.keyPair.getPublicKeyBuffer().copy(buffer, 45)
  }

  return base58check.encode(buffer)
@ -207,11 +207,11 @@ HDNode.prototype.derive = function (index) {

  // Hardened child
  if (isHardened) {
-    assert(this.privKey, 'Could not derive hardened child key')
+    assert(this.keyPair.d, 'Could not derive hardened child key')

    // data = 0x00 || ser256(kpar) || ser32(index)
    data = Buffer.concat([
-      this.privKey.d.toBuffer(33),
+      this.keyPair.d.toBuffer(33),
      indexBuffer
    ])

@ -220,7 +220,7 @@ HDNode.prototype.derive = function (index) {
    // data = serP(point(kpar)) || ser32(index)
    //      = serP(Kpar) || ser32(index)
    data = Buffer.concat([
-      this.pubKey.toBuffer(),
+      this.keyPair.getPublicKeyBuffer(),
      indexBuffer
    ])
  }
@ -237,32 +237,37 @@ HDNode.prototype.derive = function (index) {
  }

  // Private parent key -> private child key
-  var hd
-  if (this.privKey) {
+  var derivedKeyPair
+  if (this.keyPair.d) {
    // ki = parse256(IL) + kpar (mod n)
-    var ki = pIL.add(this.privKey.d).mod(curve.n)
+    var ki = pIL.add(this.keyPair.d).mod(curve.n)

    // In case ki == 0, proceed with the next value for i
    if (ki.signum() === 0) {
      return this.derive(index + 1)
    }

-    hd = new HDNode(ki, IR, this.network)
+    derivedKeyPair = new ECPair(ki, null, {
+      network: this.keyPair.network
+    })

  // Public parent key -> public child key
  } else {
    // Ki = point(parse256(IL)) + Kpar
    //    = G*IL + Kpar
-    var Ki = curve.G.multiply(pIL).add(this.pubKey.Q)
+    var Ki = curve.G.multiply(pIL).add(this.keyPair.Q)

    // In case Ki is the point at infinity, proceed with the next value for i
    if (curve.isInfinity(Ki)) {
      return this.derive(index + 1)
    }

-    hd = new HDNode(Ki, IR, this.network)
+    derivedKeyPair = new ECPair(null, Ki, {
+      network: this.keyPair.network
+    })
  }

+  var hd = new HDNode(derivedKeyPair, IR)
  hd.depth = this.depth + 1
  hd.index = index
  hd.parentFingerprint = this.getFingerprint().readUInt32BE(0)
--- a/src/index.js
+++ b/src/index.js
@ -4,8 +4,7 @@ module.exports = {
  bufferutils: require('./bufferutils'),
  crypto: require('./crypto'),
  ecdsa: require('./ecdsa'),
-  ECKey: require('./eckey'),
-  ECPubKey: require('./ecpubkey'),
+  ECPair: require('./ecpair'),
  ECSignature: require('./ecsignature'),
  message: require('./message'),
  opcodes: require('./opcodes'),
--- a/src/message.js
+++ b/src/message.js
@ -4,7 +4,7 @@ var ecdsa = require('./ecdsa')
 var networks = require('./networks')

 var BigInteger = require('bigi')
-var ECPubKey = require('./ecpubkey')
+var ECPair = require('./ecpair')
 var ECSignature = require('./ecsignature')

 var ecurve = require('ecurve')
@ -19,15 +19,15 @@ function magicHash (message, network) {
  return crypto.hash256(buffer)
 }

-function sign (privKey, message, network) {
+function sign (keyPair, message, network) {
  network = network || networks.bitcoin

  var hash = magicHash(message, network)
-  var signature = privKey.sign(hash)
+  var signature = keyPair.sign(hash)
  var e = BigInteger.fromBuffer(hash)
-  var i = ecdsa.calcPubKeyRecoveryParam(ecparams, e, signature, privKey.pub.Q)
+  var i = ecdsa.calcPubKeyRecoveryParam(ecparams, e, signature, keyPair.Q)

-  return signature.toCompact(i, privKey.pub.compressed)
+  return signature.toCompact(i, keyPair.compressed)
 }

 // TODO: network could be implied from address
@ -42,9 +42,12 @@ function verify (address, signature, message, network) {
  var parsed = ECSignature.parseCompact(signature)
  var e = BigInteger.fromBuffer(hash)
  var Q = ecdsa.recoverPubKey(ecparams, e, parsed.signature, parsed.i)
+  var keyPair = new ECPair(null, Q, {
+    compressed: parsed.compressed,
+    network: network
+  })

-  var pubKey = new ECPubKey(Q, parsed.compressed)
-  return pubKey.getAddress(network).toString() === address.toString()
+  return keyPair.getAddress().toString() === address.toString()
 }

 module.exports = {
--- a/src/scripts.js
+++ b/src/scripts.js
@ -170,7 +170,7 @@ function classifyInput (script, allowIncomplete) {
 // {pubKey} OP_CHECKSIG
 function pubKeyOutput (pubKey) {
  return Script.fromChunks([
-    pubKey.toBuffer(),
+    pubKey,
    ops.OP_CHECKSIG
  ])
 }
@ -201,18 +201,14 @@ function scriptHashOutput (hash) {

 // m [pubKeys ...] n OP_CHECKMULTISIG
 function multisigOutput (m, pubKeys) {
-  typeForce(['ECPubKey'], pubKeys)
+  typeForce(['Buffer'], pubKeys)

-  assert(pubKeys.length >= m, 'Not enough pubKeys provided')
-
-  var pubKeyBuffers = pubKeys.map(function (pubKey) {
-    return pubKey.toBuffer()
-  })
  var n = pubKeys.length
+  assert(n >= m, 'Not enough pubKeys provided')

  return Script.fromChunks([].concat(
    (ops.OP_1 - 1) + m,
-    pubKeyBuffers,
+    pubKeys,
    (ops.OP_1 - 1) + n,
    ops.OP_CHECKMULTISIG
  ))
@ -228,8 +224,9 @@ function pubKeyInput (signature) {
 // {signature} {pubKey}
 function pubKeyHashInput (signature, pubKey) {
  typeForce('Buffer', signature)
+  typeForce('Buffer', pubKey)

-  return Script.fromChunks([signature, pubKey.toBuffer()])
+  return Script.fromChunks([signature, pubKey])
 }

 // <scriptSig> {serialized scriptPubKey script}
--- a/src/transaction_builder.js
+++ b/src/transaction_builder.js
@ -1,9 +1,10 @@
 var assert = require('assert')
+var bufferutils = require('./bufferutils')
 var ops = require('./opcodes')
 var scripts = require('./scripts')

 var Address = require('./address')
-var ECPubKey = require('./ecpubkey')
+var ECPair = require('./ecpair')
 var ECSignature = require('./ecsignature')
 var Script = require('./script')
 var Transaction = require('./transaction')
@ -33,9 +34,9 @@ function extractInput (txIn) {
    case 'pubkeyhash': {
      parsed = ECSignature.parseScriptSignature(scriptSig.chunks[0])
      hashType = parsed.hashType
-      pubKeys = [ECPubKey.fromBuffer(scriptSig.chunks[1])]
+      pubKeys = scriptSig.chunks.slice(1)
      signatures = [parsed.signature]
-      prevOutScript = pubKeys[0].getAddress().toOutputScript()
+      prevOutScript = ECPair.fromPublicKeyBuffer(pubKeys[0]).getAddress().toOutputScript()

      break
    }
@ -46,7 +47,7 @@ function extractInput (txIn) {
      signatures = [parsed.signature]

      if (redeemScript) {
-        pubKeys = [ECPubKey.fromBuffer(redeemScript.chunks[0])]
+        pubKeys = redeemScript.chunks.slice(0, 1)
      }

      break
@ -63,7 +64,7 @@ function extractInput (txIn) {
      })

      if (redeemScript) {
-        pubKeys = redeemScript.chunks.slice(1, -2).map(ECPubKey.fromBuffer)
+        pubKeys = redeemScript.chunks.slice(1, -2)
      }

      break
@ -141,12 +142,12 @@ TransactionBuilder.prototype.addInput = function (txHash, vout, sequence, prevOu
    // if we can, extract pubKey information
    switch (prevOutType) {
      case 'multisig': {
-        input.pubKeys = prevOutScript.chunks.slice(1, -2).map(ECPubKey.fromBuffer)
+        input.pubKeys = prevOutScript.chunks.slice(1, -2)
        break
      }

      case 'pubkey': {
-        input.pubKeys = prevOutScript.chunks.slice(0, 1).map(ECPubKey.fromBuffer)
+        input.pubKeys = prevOutScript.chunks.slice(0, 1)
        break
      }
    }
@ -280,7 +281,7 @@ TransactionBuilder.prototype.__build = function (allowIncomplete) {
  return tx
 }

-TransactionBuilder.prototype.sign = function (index, privKey, redeemScript, hashType) {
+TransactionBuilder.prototype.sign = function (index, keyPair, redeemScript, hashType) {
  assert(index in this.inputs, 'No input at index: ' + index)
  hashType = hashType || Transaction.SIGHASH_ALL

@ -292,6 +293,8 @@ TransactionBuilder.prototype.sign = function (index, privKey, redeemScript, hash
    input.scriptType &&
    input.signatures

+  var kpPubKey = keyPair.getPublicKeyBuffer()
+
  // are we almost ready to sign?
  if (canSign) {
    // if redeemScript was provided, enforce consistency
@ -319,21 +322,21 @@ TransactionBuilder.prototype.sign = function (index, privKey, redeemScript, hash
      var pubKeys = []
      switch (scriptType) {
        case 'multisig': {
-          pubKeys = redeemScript.chunks.slice(1, -2).map(ECPubKey.fromBuffer)
+          pubKeys = redeemScript.chunks.slice(1, -2)
          break
        }

        case 'pubkeyhash': {
          var pkh1 = redeemScript.chunks[2]
-          var pkh2 = privKey.pub.getAddress().hash
+          var pkh2 = keyPair.getAddress().hash

          assert.deepEqual(pkh1, pkh2, 'privateKey cannot sign for this input')
-          pubKeys = [privKey.pub]
+          pubKeys = [kpPubKey]
          break
        }

        case 'pubkey': {
-          pubKeys = redeemScript.chunks.slice(0, 1).map(ECPubKey.fromBuffer)
+          pubKeys = redeemScript.chunks.slice(0, 1)
          break
        }
      }
@ -357,9 +360,9 @@ TransactionBuilder.prototype.sign = function (index, privKey, redeemScript, hash

      // we know nothin' Jon Snow, assume pubKeyHash
      } else {
-        input.prevOutScript = privKey.pub.getAddress().toOutputScript()
+        input.prevOutScript = keyPair.getAddress().toOutputScript()
        input.prevOutType = 'pubkeyhash'
-        input.pubKeys = [privKey.pub]
+        input.pubKeys = [kpPubKey]
        input.scriptType = input.prevOutType
      }
    }
@ -378,10 +381,11 @@ TransactionBuilder.prototype.sign = function (index, privKey, redeemScript, hash

    input.signatures = input.pubKeys.map(function (pubKey) {
      var match
+      var keyPair2 = ECPair.fromPublicKeyBuffer(pubKey)

      // check for any matching signatures
      unmatched.some(function (signature, i) {
-        if (!pubKey.verify(signatureHash, signature)) return false
+        if (!keyPair2.verify(signatureHash, signature)) return false
        match = signature

        // remove matched signature from unmatched
@ -396,14 +400,15 @@ TransactionBuilder.prototype.sign = function (index, privKey, redeemScript, hash

  // enforce in order signing of public keys
  assert(input.pubKeys.some(function (pubKey, i) {
-    if (!privKey.pub.Q.equals(pubKey.Q)) return false
+    if (!bufferutils.equal(kpPubKey, pubKey)) return false

    assert(!input.signatures[i], 'Signature already exists')
-    var signature = privKey.sign(signatureHash)
+
+    var signature = keyPair.sign(signatureHash)
    input.signatures[i] = signature

    return true
-  }, this), 'privateKey cannot sign for this input')
+  }, this), 'key pair cannot sign for this input')
 }

 module.exports = TransactionBuilder