Added BIP32 support

This commit is contained in:
vub 2013-11-18 23:47:56 -05:00
parent aa22b9d89e
commit 5e2a9f0c26
16 changed files with 546 additions and 313 deletions

6
bitcoinjs-min.js vendored

File diff suppressed because one or more lines are too long

View file

@ -83,7 +83,7 @@ module.exports.decode = function (input) {
}
module.exports.decodeHex = function (input) {
return module.exports.decode(Crypto.util.hexToBytes(input));
return module.exports.decode(conv.hexToBytes(input));
}
module.exports.checkEncode = function(input, vbyte) {
@ -113,7 +113,7 @@ module.exports.checkDecode = function(input) {
}
module.exports.checkDecodeHex = function (input) {
return module.exports.checkDecode(Crypto.util.hexToBytes(input));
return module.exports.checkDecode(conv.hexToBytes(input));
}

139
src/bip32.js Normal file
View file

@ -0,0 +1,139 @@
var Script = require('./script'),
util = require('./util'),
conv = require('./convert'),
key = require('./eckey'),
base58 = require('./base58'),
Crypto = require('./crypto-js/crypto'),
ECPointFp = require('./jsbn/ec').ECPointFp,
sec = require('./jsbn/sec'),
ecparams = sec("secp256k1");
var BIP32key = function(opts) {
if (!opts) opts = {}
if (typeof opts == "string") {
try {
opts = BIP32key.prototype.deserialize(opts);
}
catch(e) {
opts = BIP32key.prototype.fromMasterKey(opts);
}
}
this.vbytes = opts.vbytes;
this.depth = opts.depth;
this.fingerprint = opts.fingerprint;
this.i = opts.i;
this.chaincode = opts.chaincode;
this.key = opts.key;
this.type = conv.bytesToString(this.vbytes) == PRIVDERIV ? 'priv' : 'pub'
return this;
}
var PRIVDERIV = BIP32key.PRIVDERIV = '\x04\x88\xAD\xE4'
var PUBDERIV = BIP32key.PUBDERIV = '\x04\x88\xB2\x1E'
BIP32key.prototype.deserialize = function(str) {
var bytes = base58.decode(str)
var front = bytes.slice(0,bytes.length-4),
back = bytes.slice(bytes.length-4);
var checksum = Crypto.SHA256(Crypto.SHA256(front,{asBytes: true}), {asBytes: true})
.slice(0,4);
if (""+checksum != ""+back) {
throw new Error("Checksum failed");
}
var type = conv.bytesToString(bytes.slice(0,4)) == PRIVDERIV ? 'priv' : 'pub';
return new BIP32key({
type: type,
vbytes: bytes.slice(0,4),
depth: bytes[4],
fingerprint: bytes.slice(5,9),
i: util.bytesToNum(bytes.slice(9,13).reverse()),
chaincode: bytes.slice(13,45),
key: new key(type == 'priv' ? bytes.slice(46,78).concat([1]) : bytes.slice(45,78))
})
}
BIP32key.prototype.serialize = function() {
var bytes = this.vbytes.concat(
[this.depth],
this.fingerprint,
util.numToBytes(this.i,4).reverse(),
this.chaincode,
this.type == 'priv' ? [0].concat(this.key.export('bytes').slice(0,32))
: this.key)
var checksum = Crypto.SHA256(Crypto.SHA256(bytes,{asBytes: true}), {asBytes: true})
.slice(0,4)
return base58.encode(bytes.concat(checksum))
}
BIP32key.prototype.ckd = function(i) {
var priv, pub, newkey, fingerprint, blob, I;
if (this.type == 'priv') {
priv = this.key.export('bytes')
pub = this.key.getPub()
}
else pub = this.key
if (i >= 2147483648) {
if (this.priv) throw new Error("Can't do private derivation on public key!")
blob = [0].concat(priv.slice(0,32),util.numToBytes(this.i,4).reverse())
}
else blob = pub.concat(util.numToBytes(this.i,4).reverse())
I = Crypto.HMAC(Crypto.SHA512,blob,this.chaincode,{ asBytes: true })
if (this.type == 'priv') {
Ikey = Bitcoin.BigInteger.fromByteArrayUnsigned(I.slice(0,32))
newkey = new key(this.key.priv.add(Ikey))
newkey.compressed = true
fingerprint = util.sha256ripe160(this.key.getPub()).slice(0,4)
}
else {
newkey = ECPointFp.decodeFrom(ecparams.getCurve(),this.key)
.add(new key(I.slice(0,32).concat([1])).getPubPoint())
.getEncoded(true);
fingerprint = util.sha256ripe160(this.key).slice(0,4)
}
return new BIP32key({
vbytes: this.vbytes,
type: this.type,
depth: this.depth + 1,
fingerprint: fingerprint,
i: i,
chaincode: I.slice(32),
key: newkey
})
}
BIP32key.prototype.clone = function() {
return new BIP32key(this);
}
BIP32key.prototype.privtopub = BIP32key.prototype.getPub = function() {
if (this.type == 'pub') return this.clone()
return new BIP32key({
vbytes: conv.stringToBytes(PUBDERIV),
type: 'pub',
depth: this.depth,
fingerprint: this.fingerprint,
i: this.i,
chaincode: this.chaincode,
key: this.key.getPub()
})
}
BIP32key.prototype.fromMasterKey = function(seed) {
var I = Bitcoin.Crypto.HMAC(Bitcoin.Crypto.SHA512,seed,"Bitcoin seed",{ asBytes: true })
return new BIP32key({
vbytes: conv.stringToBytes(PRIVDERIV),
type: 'priv',
depth: 0,
fingerprint: [0,0,0,0],
i: 0,
chaincode: I.slice(32),
key: new key(I.slice(0,32).concat([1]))
})
}
BIP32key.prototype.getKey = function() { return this.key }
module.exports = BIP32key;

View file

@ -1,165 +0,0 @@
/*
function makeKeypair()
{
// Generate private key
var n = ecparams.getN();
var n1 = n.subtract(BigInteger.ONE);
var r = new BigInteger(n.bitLength(), rng);
var privateKey = r.mod(n1).add(BigInteger.ONE);
// Generate public key
var G = ecparams.getG();
var publicPoint = G.multiply(privateKey);
return {priv: privateKey, pubkey: publicPoint};
};
function serializeTransaction(tx)
{
var buffer = [];
buffer = buffer.concat(Crypto.util.wordsToBytes([parseInt(tx.version)]));
buffer = buffer.concat(numToVarInt(tx.ins.length));
for (var i = 0; i < tx.ins.length; i++) {
var txin = tx.ins[i];
buffer = buffer.concat(Crypto.util.hexToBytes(txin.outpoint.hash));
buffer = buffer.concat(Crypto.util.wordsToBytes([parseInt(txin.index)]));
var scriptBytes = Crypto.util.hexToBytes(txin.script);
buffer = buffer.concat(numToVarInt(scriptBytes.length));
buffer = buffer.concat(scriptBytes);
buffer = buffer.concat(Crypto.util.wordsToBytes([parseInt(txin.sequence)]));
}
buffer = buffer.concat(numToVarInt(tx.outs.length));
for (var i = 0; i < tx.outs.length; i++) {
var txout = tx.outs[i];
var valueHex = txout.value.toString(16);
while (valueHex.length < 16) valueHex = "0" + valueHex;
buffer = buffer.concat(Crypto.util.hexToBytes(valueHex));
var scriptBytes = Crypto.util.hexToBytes(txout.script);
buffer = buffer.concat(numToVarInt(scriptBytes.length));
buffer = buffer.concat(scriptBytes);
}
buffer = buffer.concat(Crypto.util.wordsToBytes([parseInt(tx.lock_time)]));
return buffer;
};
var OP_CODESEPARATOR = 171;
var SIGHASH_ALL = 1;
var SIGHASH_NONE = 2;
var SIGHASH_SINGLE = 3;
var SIGHASH_ANYONECANPAY = 80;
function hashTransactionForSignature(scriptCode, tx, inIndex, hashType)
{
// TODO: We need to actually deep copy here
var txTmp = tx;
// In case concatenating two scripts ends up with two codeseparators,
// or an extra one at the end, this prevents all those possible incompatibilities.
scriptCode = scriptCode.filter(function (val) {
return val !== OP_CODESEPARATOR;
});
// Blank out other inputs' signatures
for (var i = 0; i < txTmp.ins.length; i++) {
txTmp.ins[i].script = Crypto.util.bytesToHex([]);
}
txTmp.ins[inIndex].script = Crypto.util.bytesToHex(scriptCode);
// Blank out some of the outputs
if ((hashType & 0x1f) == SIGHASH_NONE) {
txTmp.outs = [];
// Let the others update at will
for (var i = 0; i < txTmp.ins.length; i++)
if (i != inIndex)
txTmp.ins[i].sequence = 0;
} else if ((hashType & 0x1f) == SIGHASH_SINGLE) {
// TODO: Implement
}
// Blank out other inputs completely, not recommended for open transactions
if (hashType & SIGHASH_ANYONECANPAY) {
txTmp.ins = [txTmp.ins[inIndex]];
}
var buffer = serializeTransaction(txTmp);
buffer.concat(Crypto.util.wordsToBytes([parseInt(hashType)]));
console.log(buffer);
return Crypto.SHA256(Crypto.SHA256(buffer, {asBytes: true}), {asBytes: true});
};
function verifyTransactionSignature(tx) {
var hash = hashTransactionForSignature([], tx, 0, 0);
return Crypto.util.bytesToHex(hash);
};
function numToVarInt(i)
{
// TODO: THIS IS TOTALLY UNTESTED!
if (i < 0xfd) {
// unsigned char
return [i];
} else if (i <= 1<<16) {
// unsigned short (LE)
return [0xfd, i >>> 8, i & 255];
} else if (i <= 1<<32) {
// unsigned int (LE)
return [0xfe].concat(Crypto.util.wordsToBytes([i]));
} else {
// unsigned long long (LE)
return [0xff].concat(Crypto.util.wordsToBytes([i >>> 32, i]));
}
};
var testTx = {
"version":"1",
"lock_time":"0",
"block": {
"hash":"N/A",
"height":115806
},
"index":6,
"hash":"WUFzjKubG1kqfJWMb4qZdlhU2F3l5NGXN7AUg8Jwl14=",
"ins":[{
"outpoint":{
"hash":"nqcbMM1oRhfLdZga11q7x0CpUMujm+vtxHXO9V0gnwE=",
"index":0
},
"script":"RzBEAiB2XXkx1pca9SlfCmCGNUVf+h2sAFBttcxG1VnypIcvEgIgXrOp7LSdYBYp3nPsQAz8BOLD3K4pAlXfZImP1rkzk2EBQQRi7NcODzNfnVqLtG79Axp5UF6EhFIhCmzqKqssfKpfCIOmzCuXEeDFUFvFzeGLJx5N+wp2qRS1TqYezGD3yERk",
"sequence":4294967295
}],
"outs":[{
"value":"3000000000",
"script":"dqkUBLZwqhAPRVgZvwI8MN5gLHbU8NOIrA=="
},{
"value":"25937000000",
"script":"dqkUQ82gJ0O5vOBg6yK5/yorLLV5zLKIrA=="
}]
};
TODO: Make this stuff into test cases ;)
$(function () {
var key = new Bitcoin.ECKey(Crypto.util.hexToBytes("5c0b98e524ad188ddef35dc6abba13c34a351a05409e5d285403718b93336a4a"));
key = new Bitcoin.ECKey(Crypto.util.hexToBytes("180cb41c7c600be951b5d3d0a7334acc7506173875834f7a6c4c786a28fcbb19"));
//console.log(key.getBitcoinAddress().toString());
//var message = Crypto.util.hexToBytes("2aec28d323ee7b06a799d540d224b351161fe48967174ca5e43164e86137da11");
//message = [0];
//var out = key.sign(message);
//console.log("pubkey: "+Crypto.util.bytesToHex(key.getPub()));
//console.log("sig: "+Crypto.util.bytesToHex(out));
//console.log(key.verify(message, out));
//console.log(Bitcoin.ECDSA.verify(message, Crypto.util.hexToBytes("3046022100dffbc26774fc841bbe1c1362fd643609c6e42dcb274763476d87af2c0597e89e022100c59e3c13b96b316cae9fa0ab0260612c7a133a6fe2b3445b6bf80b3123bf274d"), Crypto.util.hexToBytes("0401de173aa944eacf7e44e5073baca93fb34fe4b7897a1c82c92dfdc8a1f75ef58cd1b06e8052096980cb6e1ad6d3df143c34b3d7394bae2782a4df570554c2fb")));
//console.log(Bitcoin.ECDSA.verify(Crypto.util.hexToBytes("230aba77ccde46bb17fcb0295a92c0cc42a6ea9f439aaadeb0094625f49e6ed8"), Crypto.util.hexToBytes("3046022100a3ee5408f0003d8ef00ff2e0537f54ba09771626ff70dca1f01296b05c510e85022100d4dc70a5bb50685b65833a97e536909a6951dd247a2fdbde6688c33ba6d6407501"),Crypto.util.hexToBytes("04a19c1f07c7a0868d86dbb37510305843cc730eb3bea8a99d92131f44950cecd923788419bfef2f635fad621d753f30d4b4b63b29da44b4f3d92db974537ad5a4")));
//console.log(Bitcoin.ECDSA.verify(Crypto.util.hexToBytes("c2c75bb77d7a5acddceb1d45ceef58e7451fd0d3abc9d4c16df7848eefafe00d"), Crypto.util.hexToBytes("3045022100ff9362dadcbf1f6ef954bc8eb27144bbb4f49abd32be1eb04c311151dcf4bcf802205112c2ca6a25aefb8be98bf460c5a9056c01253f31e118d80b81ec9604e3201a01"),Crypto.util.hexToBytes("04fe62ce7892ec209310c176ef7f06565865e286e8699e884603657efa9aa51086785099d544d4e04f1f7b4b065205c1783fade8daf4ba1e0d1962292e8eb722cd")));
});
//
*/

View file

@ -51,7 +51,7 @@ module.exports.base64ToBytes = function(base64) {
// Hex only (allowing bin would be potentially risky, as 01010101 = \x01 * 4 or 85)
module.exports.coerceToBytes = function(input) {
if (typeof input == "string") return Crypto.util.hexToBytes(input);
if (typeof input == "string") return module.exports.hexToBytes(input);
return input;
}

View file

@ -61,4 +61,6 @@ var Binary = charenc.Binary = {
};
module.exports.SHA256 = require('./sha256');
module.exports.SHA512 = require('./sha512');
module.exports.RIPEMD160 = require('./ripemd160');
module.exports.HMAC = require('./hmac');

38
src/crypto-js/hmac.js Normal file
View file

@ -0,0 +1,38 @@
/*!
* Crypto-JS v2.0.0
* http://code.google.com/p/crypto-js/
* Copyright (c) 2009, Jeff Mott. All rights reserved.
* http://code.google.com/p/crypto-js/wiki/License
*/
var conv = require('../convert'),
util = require('../util');
// Shortcuts
module.exports = function (hasher, message, key, options) {
// Convert to byte arrays
if (message.constructor == String) message = conv.stringToBytes(message);
if (key.constructor == String) key = conv.stringToBytes(key);
/* else, assume byte arrays already */
// Allow arbitrary length keys
if (key.length > hasher._blocksize)
key = hasher(key, { asBytes: true });
// XOR keys with pad constants
var okey = key.slice(0),
ikey = key.slice(0);
for (var i = 0; i < hasher._blocksize; i++) {
okey[i] ^= 0x5C;
ikey[i] ^= 0x36;
}
var hmacbytes = hasher(okey.concat(hasher(ikey.concat(message), { asBytes: true })), { asBytes: true });
return options && options.asBytes ? hmacbytes :
options && options.asString ? conv.bytesToString(hmacbytes) :
conv.bytesToHex(hmacbytes);
};

View file

@ -5,8 +5,8 @@ code.google.com/p/crypto-js
code.google.com/p/crypto-js/wiki/License
*/
var conv = require('../convert');
var UTF8 = require('./crypto').charenc.UTF8;
var conv = require('../convert'),
util = require('../util');
// Initialization round constants tables
var K = [];
@ -40,22 +40,6 @@ var K = [];
}
}());
var bytesToWords = function (bytes) {
var words = [];
for (var i = 0, b = 0; i < bytes.length; i++, b += 8) {
words[b >>> 5] |= bytes[i] << (24 - b % 32);
}
return words;
};
var wordsToBytes = function (words) {
var bytes = [];
for (var b = 0; b < words.length * 32; b += 8) {
bytes.push((words[b >>> 5] >>> (24 - b % 32)) & 0xFF);
}
return bytes;
};
// Reusable object
var W = [];
@ -128,10 +112,10 @@ module.exports = function(message, options) {;
0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19 ];
if (message.constructor === String) {
message = UTF8.stringToBytes(message);
message = conv.stringToBytes(message);
}
var m = bytesToWords(message);
var m = util.bytesToWords(message);
var l = message.length * 8;
m[l >> 5] |= 0x80 << (24 - l % 32);
@ -141,8 +125,10 @@ module.exports = function(message, options) {;
processBlock(H, m, i);
}
var digestbytes = wordsToBytes(H);
var digestbytes = util.wordsToBytes(H);
return options && options.asBytes ? digestbytes :
options && options.asString ? Binary.bytesToString(digestbytes) :
conv.bytesToHex(digestbytes);
};
module.exports._blocksize = 64

240
src/crypto-js/sha512.js Normal file
View file

@ -0,0 +1,240 @@
var conv = require('../convert');
var util = require('../util');
var K = [
[0x428a2f98, 0xd728ae22], [0x71374491, 0x23ef65cd],
[0xb5c0fbcf, 0xec4d3b2f], [0xe9b5dba5, 0x8189dbbc],
[0x3956c25b, 0xf348b538], [0x59f111f1, 0xb605d019],
[0x923f82a4, 0xaf194f9b], [0xab1c5ed5, 0xda6d8118],
[0xd807aa98, 0xa3030242], [0x12835b01, 0x45706fbe],
[0x243185be, 0x4ee4b28c], [0x550c7dc3, 0xd5ffb4e2],
[0x72be5d74, 0xf27b896f], [0x80deb1fe, 0x3b1696b1],
[0x9bdc06a7, 0x25c71235], [0xc19bf174, 0xcf692694],
[0xe49b69c1, 0x9ef14ad2], [0xefbe4786, 0x384f25e3],
[0x0fc19dc6, 0x8b8cd5b5], [0x240ca1cc, 0x77ac9c65],
[0x2de92c6f, 0x592b0275], [0x4a7484aa, 0x6ea6e483],
[0x5cb0a9dc, 0xbd41fbd4], [0x76f988da, 0x831153b5],
[0x983e5152, 0xee66dfab], [0xa831c66d, 0x2db43210],
[0xb00327c8, 0x98fb213f], [0xbf597fc7, 0xbeef0ee4],
[0xc6e00bf3, 0x3da88fc2], [0xd5a79147, 0x930aa725],
[0x06ca6351, 0xe003826f], [0x14292967, 0x0a0e6e70],
[0x27b70a85, 0x46d22ffc], [0x2e1b2138, 0x5c26c926],
[0x4d2c6dfc, 0x5ac42aed], [0x53380d13, 0x9d95b3df],
[0x650a7354, 0x8baf63de], [0x766a0abb, 0x3c77b2a8],
[0x81c2c92e, 0x47edaee6], [0x92722c85, 0x1482353b],
[0xa2bfe8a1, 0x4cf10364], [0xa81a664b, 0xbc423001],
[0xc24b8b70, 0xd0f89791], [0xc76c51a3, 0x0654be30],
[0xd192e819, 0xd6ef5218], [0xd6990624, 0x5565a910],
[0xf40e3585, 0x5771202a], [0x106aa070, 0x32bbd1b8],
[0x19a4c116, 0xb8d2d0c8], [0x1e376c08, 0x5141ab53],
[0x2748774c, 0xdf8eeb99], [0x34b0bcb5, 0xe19b48a8],
[0x391c0cb3, 0xc5c95a63], [0x4ed8aa4a, 0xe3418acb],
[0x5b9cca4f, 0x7763e373], [0x682e6ff3, 0xd6b2b8a3],
[0x748f82ee, 0x5defb2fc], [0x78a5636f, 0x43172f60],
[0x84c87814, 0xa1f0ab72], [0x8cc70208, 0x1a6439ec],
[0x90befffa, 0x23631e28], [0xa4506ceb, 0xde82bde9],
[0xbef9a3f7, 0xb2c67915], [0xc67178f2, 0xe372532b],
[0xca273ece, 0xea26619c], [0xd186b8c7, 0x21c0c207],
[0xeada7dd6, 0xcde0eb1e], [0xf57d4f7f, 0xee6ed178],
[0x06f067aa, 0x72176fba], [0x0a637dc5, 0xa2c898a6],
[0x113f9804, 0xbef90dae], [0x1b710b35, 0x131c471b],
[0x28db77f5, 0x23047d84], [0x32caab7b, 0x40c72493],
[0x3c9ebe0a, 0x15c9bebc], [0x431d67c4, 0x9c100d4c],
[0x4cc5d4be, 0xcb3e42b6], [0x597f299c, 0xfc657e2a],
[0x5fcb6fab, 0x3ad6faec], [0x6c44198c, 0x4a475817]
];
// Reusable objects
var W = [];
for (var i = 0; i < 80; i++) W.push([0,0])
/**
* SHA-512 hash algorithm.
*/
var processBlock = function (H, M, offset) {
// Shortcuts
var H0 = H[0];
var H1 = H[1];
var H2 = H[2];
var H3 = H[3];
var H4 = H[4];
var H5 = H[5];
var H6 = H[6];
var H7 = H[7];
var H0h = H0[0];
var H0l = H0[1];
var H1h = H1[0];
var H1l = H1[1];
var H2h = H2[0];
var H2l = H2[1];
var H3h = H3[0];
var H3l = H3[1];
var H4h = H4[0];
var H4l = H4[1];
var H5h = H5[0];
var H5l = H5[1];
var H6h = H6[0];
var H6l = H6[1];
var H7h = H7[0];
var H7l = H7[1];
// Working variables
var ah = H0h;
var al = H0l;
var bh = H1h;
var bl = H1l;
var ch = H2h;
var cl = H2l;
var dh = H3h;
var dl = H3l;
var eh = H4h;
var el = H4l;
var fh = H5h;
var fl = H5l;
var gh = H6h;
var gl = H6l;
var hh = H7h;
var hl = H7l;
// Rounds
for (var i = 0; i < 80; i++) {
// Shortcut
var Wi = W[i];
// Extend message
if (i < 16) {
var Wih = Wi[0] = M[offset + i * 2] | 0;
var Wil = Wi[1] = M[offset + i * 2 + 1] | 0;
} else {
// Gamma0
var gamma0x = W[i - 15];
var gamma0xh = gamma0x[0];
var gamma0xl = gamma0x[1];
var gamma0h = ((gamma0xh >>> 1) | (gamma0xl << 31)) ^ ((gamma0xh >>> 8) | (gamma0xl << 24)) ^ (gamma0xh >>> 7);
var gamma0l = ((gamma0xl >>> 1) | (gamma0xh << 31)) ^ ((gamma0xl >>> 8) | (gamma0xh << 24)) ^ ((gamma0xl >>> 7) | (gamma0xh << 25));
// Gamma1
var gamma1x = W[i - 2];
var gamma1xh = gamma1x[0];
var gamma1xl = gamma1x[1];
var gamma1h = ((gamma1xh >>> 19) | (gamma1xl << 13)) ^ ((gamma1xh << 3) | (gamma1xl >>> 29)) ^ (gamma1xh >>> 6);
var gamma1l = ((gamma1xl >>> 19) | (gamma1xh << 13)) ^ ((gamma1xl << 3) | (gamma1xh >>> 29)) ^ ((gamma1xl >>> 6) | (gamma1xh << 26));
// W[i] = gamma0 + W[i - 7] + gamma1 + W[i - 16]
var Wi7 = W[i - 7];
var Wi7h = Wi7[0];
var Wi7l = Wi7[1];
var Wi16 = W[i - 16];
var Wi16h = Wi16[0];
var Wi16l = Wi16[1];
var Wil = gamma0l + Wi7l;
var Wih = gamma0h + Wi7h + ((Wil >>> 0) < (gamma0l >>> 0) ? 1 : 0);
var Wil = Wil + gamma1l;
var Wih = Wih + gamma1h + ((Wil >>> 0) < (gamma1l >>> 0) ? 1 : 0);
var Wil = Wil + Wi16l;
var Wih = Wih + Wi16h + ((Wil >>> 0) < (Wi16l >>> 0) ? 1 : 0);
Wi[0] = Wih;
Wi[1] = Wil;
}
var chh = (eh & fh) ^ (~eh & gh);
var chl = (el & fl) ^ (~el & gl);
var majh = (ah & bh) ^ (ah & ch) ^ (bh & ch);
var majl = (al & bl) ^ (al & cl) ^ (bl & cl);
var sigma0h = ((ah >>> 28) | (al << 4)) ^ ((ah << 30) | (al >>> 2)) ^ ((ah << 25) | (al >>> 7));
var sigma0l = ((al >>> 28) | (ah << 4)) ^ ((al << 30) | (ah >>> 2)) ^ ((al << 25) | (ah >>> 7));
var sigma1h = ((eh >>> 14) | (el << 18)) ^ ((eh >>> 18) | (el << 14)) ^ ((eh << 23) | (el >>> 9));
var sigma1l = ((el >>> 14) | (eh << 18)) ^ ((el >>> 18) | (eh << 14)) ^ ((el << 23) | (eh >>> 9));
// t1 = h + sigma1 + ch + K[i] + W[i]
var Ki = K[i];
var Kih = Ki[0];
var Kil = Ki[1];
var t1l = hl + sigma1l;
var t1h = hh + sigma1h + ((t1l >>> 0) < (hl >>> 0) ? 1 : 0);
var t1l = t1l + chl;
var t1h = t1h + chh + ((t1l >>> 0) < (chl >>> 0) ? 1 : 0);
var t1l = t1l + Kil;
var t1h = t1h + Kih + ((t1l >>> 0) < (Kil >>> 0) ? 1 : 0);
var t1l = t1l + Wil;
var t1h = t1h + Wih + ((t1l >>> 0) < (Wil >>> 0) ? 1 : 0);
// t2 = sigma0 + maj
var t2l = sigma0l + majl;
var t2h = sigma0h + majh + ((t2l >>> 0) < (sigma0l >>> 0) ? 1 : 0);
// Update working variables
hh = gh;
hl = gl;
gh = fh;
gl = fl;
fh = eh;
fl = el;
el = (dl + t1l) | 0;
eh = (dh + t1h + ((el >>> 0) < (dl >>> 0) ? 1 : 0)) | 0;
dh = ch;
dl = cl;
ch = bh;
cl = bl;
bh = ah;
bl = al;
al = (t1l + t2l) | 0;
ah = (t1h + t2h + ((al >>> 0) < (t1l >>> 0) ? 1 : 0)) | 0;
}
// Intermediate hash value
H0l = H0[1] = (H0l + al);
H0[0] = (H0h + ah + ((H0l >>> 0) < (al >>> 0) ? 1 : 0));
H1l = H1[1] = (H1l + bl);
H1[0] = (H1h + bh + ((H1l >>> 0) < (bl >>> 0) ? 1 : 0));
H2l = H2[1] = (H2l + cl);
H2[0] = (H2h + ch + ((H2l >>> 0) < (cl >>> 0) ? 1 : 0));
H3l = H3[1] = (H3l + dl);
H3[0] = (H3h + dh + ((H3l >>> 0) < (dl >>> 0) ? 1 : 0));
H4l = H4[1] = (H4l + el);
H4[0] = (H4h + eh + ((H4l >>> 0) < (el >>> 0) ? 1 : 0));
H5l = H5[1] = (H5l + fl);
H5[0] = (H5h + fh + ((H5l >>> 0) < (fl >>> 0) ? 1 : 0));
H6l = H6[1] = (H6l + gl);
H6[0] = (H6h + gh + ((H6l >>> 0) < (gl >>> 0) ? 1 : 0));
H7l = H7[1] = (H7l + hl);
H7[0] = (H7h + hh + ((H7l >>> 0) < (hl >>> 0) ? 1 : 0));
return H
}
module.exports = function(message, options) {;
var H = [
[0x6a09e667, 0xf3bcc908], [0xbb67ae85, 0x84caa73b],
[0x3c6ef372, 0xfe94f82b], [0xa54ff53a, 0x5f1d36f1],
[0x510e527f, 0xade682d1], [0x9b05688c, 0x2b3e6c1f],
[0x1f83d9ab, 0xfb41bd6b], [0x5be0cd19, 0x137e2179]
];
if (message.constructor === String) {
message = conv.stringToBytes(message);
}
var m = util.bytesToWords(message);
var l = message.length * 8;
m[l >> 5] |= 0x80 << (24 - l % 32);
m[((l + 64 >> 10) << 5) + 31] = l;
for (var i=0 ; i<m.length; i += 32) {
processBlock(H, m, i);
}
var digestbytes = util.wordsToBytes(Array.prototype.concat.apply([],H))
return options && options.asBytes ? digestbytes :
options && options.asString ? Binary.bytesToString(digestbytes) :
conv.bytesToHex(digestbytes);
};
module.exports._blocksize = 128

View file

@ -6,59 +6,26 @@ var util = require('./util');
var conv = require('./convert');
var Address = require('./address');
var ecdsa = require('./ecdsa');
var ECPointFp = require('./jsbn/ec').ECPointFp;
var ecparams = sec("secp256k1");
// input can be nothing, array of bytes, hex string, or base58 string
var ECKey = function (input) {
if (!(this instanceof ECKey)) {
return new ECKey(input);
}
this.compressed = !!ECKey.compressByDefault;
if (!input) {
// Generate new key
var n = ecparams.getN();
this.priv = ecdsa.getBigRandom(n);
} else if (input instanceof ECKey) {
this.priv = input.priv;
} else if (input instanceof BigInteger) {
// Input is a private key value
this.priv = input;
} else if (util.isArray(input)) {
// Prepend zero byte to prevent interpretation as negative integer
this.priv = BigInteger.fromByteArrayUnsigned(input);
this.compressed = false;
} else if ("string" == typeof input) {
if (input.length == 51 && input[0] == '5') {
// Base58 encoded private key
this.priv = BigInteger.fromByteArrayUnsigned(ECKey.decodeString(input));
this.compressed = false;
if (!(this instanceof ECKey)) {
return new ECKey(input);
}
else if (input.length == 52 && (input[0] === 'K' || input[0] === 'L')) {
// Base58 encoded private key
this.priv = BigInteger.fromByteArrayUnsigned(ECKey.decodeString(input));
this.compressed = true;
} else {
// hex string?
this.priv = BigInteger.fromByteArrayUnsigned(conv.hexToBytes(input));
this.compressed = !!ECKey.compressByDefault;
if (!input) {
// Generate new key
var n = ecparams.getN();
this.priv = ecdsa.getBigRandom(n);
}
}
else if (input.constructor == [].constructor) {
this.priv = BigInteger.fromByteArrayUnsigned(input);
}
else this.import(input)
};
// TODO(shtylman) methods
// wallet import format (base58 check with meta info)
// fromWIF
// toWIF
// fromBytes
// toBytes
// fromHex
// toHex
/**
* Whether public keys should be returned compressed by default.
*/
@ -75,16 +42,15 @@ ECKey.prototype.setCompressed = function (v) {
* Return public key in DER encoding.
*/
ECKey.prototype.getPub = function () {
return this.getPubPoint().getEncoded(this.compressed);
return this.getPubPoint().getEncoded(this.compressed);
};
/**
* Return public point as ECPoint object.
*/
ECKey.prototype.getPubPoint = function () {
if (!this.pub) this.pub = ecparams.getG().multiply(this.priv);
return this.pub;
if (!this.pub) this.pub = ecparams.getG().multiply(this.priv);
return this.pub;
};
/**
@ -94,37 +60,37 @@ ECKey.prototype.getPubPoint = function () {
* a byte array.
*/
ECKey.prototype.getPubKeyHash = function () {
if (this.pubKeyHash) return this.pubKeyHash;
return this.pubKeyHash = util.sha256ripe160(this.getPub());
if (this.pubKeyHash) return this.pubKeyHash;
return this.pubKeyHash = util.sha256ripe160(this.getPub());
};
ECKey.prototype.getBitcoinAddress = function () {
var hash = this.getPubKeyHash();
var addr = new Address(hash);
return addr;
};
ECKey.prototype.getExportedPrivateKey = function () {
var hash = this.priv.toByteArrayUnsigned();
while (hash.length < 32) hash.unshift(0);
hash.unshift(0x80);
var checksum = Crypto.SHA256(Crypto.SHA256(hash, {asBytes: true}), {asBytes: true});
var bytes = hash.concat(checksum.slice(0,4));
return base58.encode(bytes);
var hash = this.getPubKeyHash();
var addr = new Address(hash);
return addr;
};
ECKey.prototype.setPub = function (pub) {
this.pub = ECPointFp.decodeFrom(ecparams.getCurve(), pub);
this.pub = ECPointFp.decodeFrom(ecparams.getCurve(), pub);
this.compressed = (pub[0] < 4)
return this
};
ECKey.prototype.toString = function (format) {
if (format === "base58") {
return base58.checkEncode(this.priv.toByteArrayUnsigned(),128);
} else {
return conv.bytesToHex(this.priv.toByteArrayUnsigned());
}
ECKey.prototype.export = function (format) {
var bytes = this.priv.toByteArrayUnsigned();
if (this.compressed)
bytes.push(1)
return format === "base58" ? base58.checkEncode(bytes,128)
: format === "bin" ? conv.bytesToString(bytes)
: format === "bytes" ? bytes
: format === "hex" ? conv.bytesToHex(bytes)
: bytes
};
ECKey.prototype.getExportedPrivateKey = ECKey.prototype.export;
ECKey.prototype.toString = function (format) {
return ''+this.export(format)
}
ECKey.prototype.sign = function (hash) {
return ecdsa.sign(hash, this.priv);
@ -137,43 +103,38 @@ ECKey.prototype.verify = function (hash, sig) {
/**
* Parse an exported private key contained in a string.
*/
ECKey.decodeString = function (string) {
var bytes = base58.decode(string);
if (bytes.length !== 37 && bytes.length !== 38) {
throw new Error('not a valid base58 encoded private key');
}
//Format:
//* uncompressed: 0x80 + [32-byte secret] + [4 bytes of Hash() of
//previous 33 bytes], base58 encoded
//* compressed: 0x80 + [32-byte secret] + 0x01 + [4 bytes of Hash()
//previous 34 bytes], base58 encoded
if (bytes[33] === 0x01) {
// compressed
}
var hash = bytes.slice(0, 33);
/*
var checksum = Crypto.SHA256(Crypto.SHA256(hash, {asBytes: true}), {asBytes: true});
if (checksum[0] != bytes[33] ||
checksum[1] != bytes[34] ||
checksum[2] != bytes[35] ||
checksum[3] != bytes[36]) {
throw "Checksum validation failed!";
}
*/
var version = hash.shift();
if (version != 0x80) {
throw "Version "+version+" not supported!";
}
return hash;
ECKey.prototype.import = function (input) {
if (input instanceof ECKey) {
this.priv = input.priv;
this.compressed = input.compressed;
}
else if (input instanceof BigInteger) {
// Input is a private key value
this.priv = input;
this.compressed = ECKey.compressByDefault;
}
else if (util.isArray(input)) {
// Prepend zero byte to prevent interpretation as negative integer
this.priv = BigInteger.fromByteArrayUnsigned(input.slice(0,32));
this.compressed = (input.length == 33);
}
else if ("string" == typeof input) {
if (input.length == 51 && input[0] == '5') {
// Base58 encoded private key
this.priv = BigInteger.fromByteArrayUnsigned(base58.checkDecode(input));
this.compressed = false;
}
else if (input.length == 52 && (input[0] === 'K' || input[0] === 'L')) {
// Base58 encoded private key
this.priv = BigInteger.fromByteArrayUnsigned(base58.checkDecode(input));
this.compressed = true;
}
else if (input.length >= 64) {
// hex string?
this.priv = BigInteger.fromByteArrayUnsigned(conv.hexToBytes(input.slice(0,64)));
this.compressed = (input.length == 66)
}
}
};
module.exports = ECKey;

View file

@ -38,6 +38,7 @@ module.exports = {
Wallet: require('./wallet'),
ecdsa: require('./ecdsa'),
BIP32key: require('./bip32'),
// base58 encoding/decoding to bytes
base58: require('./base58'),

View file

@ -2,7 +2,8 @@
// Ported loosely from BouncyCastle's Java EC code
// Only Fp curves implemented for now
var BigInteger = require('./jsbn');
var BigInteger = require('./jsbn'),
sec = require('./sec');
// ----------------
// ECFieldElementFp
@ -360,24 +361,38 @@ ECPointFp.prototype.getEncoded = function (compressed) {
return enc;
};
ECPointFp.decodeFrom = function (curve, enc) {
ECPointFp.decodeFrom = function (ecparams, enc) {
var type = enc[0];
var dataLen = enc.length-1;
// Extract x and y as byte arrays
var xBa = enc.slice(1, 1 + dataLen/2);
var yBa = enc.slice(1 + dataLen/2, 1 + dataLen);
if (type == 4) {
var xBa = enc.slice(1, 1 + dataLen/2),
yBa = enc.slice(1 + dataLen/2, 1 + dataLen),
x = BigInteger.fromByteArrayUnsigned(xBa),
y = BigInteger.fromByteArrayUnsigned(yBa);
}
else {
var xBa = enc.slice(1),
x = BigInteger.fromByteArrayUnsigned(xBa),
p = ecparams.getQ(),
xCubedPlus7 = x.multiply(x).multiply(x).add(new Bitcoin.BigInteger('7')).mod(p),
pPlus1Over4 = p.add(new Bitcoin.BigInteger('1'))
.divide(new Bitcoin.BigInteger('4')),
y = xCubedPlus7.modPow(pPlus1Over4,p);
if (y.mod(new Bitcoin.BigInteger('2')).toString() != ''+(type % 2)) {
y = p.subtract(y)
}
}
// Prepend zero byte to prevent interpretation as negative integer
xBa.unshift(0);
yBa.unshift(0);
// Convert to BigIntegers
var x = new BigInteger(xBa);
var y = new BigInteger(yBa);
// Return point
return new ECPointFp(curve, curve.fromBigInteger(x), curve.fromBigInteger(y));
return new ECPointFp(ecparams,
ecparams.fromBigInteger(x),
ecparams.fromBigInteger(y));
};
ECPointFp.prototype.add2D = function (b) {

View file

@ -10,8 +10,8 @@ var Message = {};
Message.magicPrefix = "Bitcoin Signed Message:\n";
Message.makeMagicMessage = function (message) {
var magicBytes = Crypto.charenc.UTF8.stringToBytes(Message.magicPrefix);
var messageBytes = Crypto.charenc.UTF8.stringToBytes(message);
var magicBytes = conv.stringToBytes(Message.magicPrefix);
var messageBytes = conv.stringToBytes(message);
var buffer = [];
buffer = buffer.concat(util.numToVarInt(magicBytes.length));

View file

@ -7,7 +7,7 @@ var Script = function (data) {
if (!data) {
this.buffer = [];
} else if ("string" == typeof data) {
this.buffer = Crypto.util.hexToBytes(data);
this.buffer = conv.hexToBytes(data);
} else if (util.isArray(data)) {
this.buffer = data;
} else if (data instanceof Script) {

View file

@ -32,7 +32,7 @@ module.exports = {
},
/**
* Create a byte array representing a number with the given length
* Convert a byte array to the number that it represents
*/
bytesToNum: function(bytes) {
if (bytes.length == 0) return 0;
@ -106,6 +106,22 @@ module.exports = {
return value;
},
bytesToWords: function (bytes) {
var words = [];
for (var i = 0, b = 0; i < bytes.length; i++, b += 8) {
words[b >>> 5] |= bytes[i] << (24 - b % 32);
}
return words;
},
wordsToBytes: function (words) {
var bytes = [];
for (var b = 0; b < words.length * 32; b += 8) {
bytes.push((words[b >>> 5] >>> (24 - b % 32)) & 0xFF);
}
return bytes;
},
/**
* Calculate RIPEMD160(SHA256(data)).
*

View file

@ -44,7 +44,7 @@ var Wallet = function () {
if (pub) {
if ("string" === typeof pub) {
pub = Crypto.util.hexToBytes(pub);
pub = conv.hexToBytes(pub);
}
key.setPub(pub);
}