message: support alternate networks

src/message.js

@@ -3,25 +3,27 @@ var Address = require('./address')
 var bufferutils = require('./bufferutils')
 var crypto = require('./crypto')
 var ecdsa = require('./ecdsa')
+var networks = require('./networks')
+
+var Address = require('./address')
 var ECPubKey = require('./ecpubkey')
 
-// FIXME: incompatible with other networks (Litecoin etc)
-var MAGIC_PREFIX = new Buffer('\x18Bitcoin Signed Message:\n')
-
-function magicHash(message) {
+function magicHash(message, network) {
+  var magicPrefix = new Buffer(network.magicPrefix)
   var messageBuffer = new Buffer(message)
   var lengthBuffer = new Buffer(bufferutils.varIntSize(messageBuffer.length))
   bufferutils.writeVarInt(lengthBuffer, messageBuffer.length, 0)
 
   var buffer = Buffer.concat([
-    MAGIC_PREFIX, lengthBuffer, messageBuffer
+    magicPrefix, lengthBuffer, messageBuffer
   ])
   return crypto.hash256(buffer)
 }
 
-// TODO: parameterize compression instead of using ECKey.compressed
-function sign(key, message) {
-  var hash = magicHash(message)
+function sign(key, message, network) {
+  network = network || networks.bitcoin
+
+  var hash = magicHash(message, network)
   var sig = ecdsa.parseSig(key.sign(hash))
   var i = ecdsa.calcPubKeyRecoveryParam(key.pub.Q, sig.r, sig.s, hash)
 
@@ -36,17 +38,20 @@ function sign(key, message) {
   return Buffer.concat([new Buffer([i]), rB, sB], 65)
 }
 
-// FIXME: stricter API?
-function verify(address, sig, message) {
+// TODO: network could be implied from address
+function verify(address, compactSig, message, network) {
   if (typeof address === 'string') {
     address = Address.fromBase58Check(address)
   }
 
-  sig = ecdsa.parseSigCompact(sig)
+  network = network || networks.bitcoin
 
-  var pubKey = new ECPubKey(ecdsa.recoverPubKey(sig.r, sig.s, magicHash(message), sig.i))
-  pubKey.compressed = !!(sig.i & 4)
+  var hash = magicHash(message, network)
+  var sig = ecdsa.parseSigCompact(compactSig)
+  var Q = ecdsa.recoverPubKey(sig.r, sig.s, hash, sig.i)
+  var compressed = !!(sig.i & 4)
 
+  var pubKey = new ECPubKey(Q, compressed)
   return pubKey.getAddress(address.version).toString() === address.toString()
 }
 

src/networks.js

@@ -2,6 +2,7 @@
 // Dogecoin BIP32 is a proposed standard: https://bitcointalk.org/index.php?topic=409731
 module.exports = {
   bitcoin: {
+    magicPrefix: '\x18Bitcoin Signed Message:\n',
     bip32: {
       pub: 0x0488b21e,
       priv: 0x0488ade4
@@ -11,6 +12,7 @@ module.exports = {
     wif: 0x80
   },
   dogecoin: {
+    magicPrefix: '\x19Dogecoin Signed Message:\n',
     bip32: {
       pub: 0x02facafd,
       priv: 0x02fac398
@@ -20,6 +22,7 @@ module.exports = {
     wif: 0x9e
   },
   litecoin: {
+    magicPrefix: '\x19Litecoin Signed Message:\n',
     bip32: {
       pub: 0x019da462,
       priv: 0x019d9cfe
@@ -29,6 +32,7 @@ module.exports = {
     wif: 0xb0
   },
   testnet: {
+    magicPrefix: '\x18Bitcoin Signed Message:\n',
     bip32: {
       pub: 0x043587cf,
       priv: 0x04358394

test/ecdsa.js

@@ -1,6 +1,8 @@
 var assert = require('assert')
 var crypto = require('../src/crypto')
 var ecdsa = require('../src/ecdsa')
+var message = require('../src/message')
+var networks = require('../src/networks')
 
 var sec = require('../src/sec')
 var ecparams = sec("secp256k1")
@@ -8,7 +10,6 @@ var ecparams = sec("secp256k1")
 var BigInteger = require('bigi')
 var ECKey = require('../src/eckey')
 var ECPubKey = require('../src/ecpubkey')
-var Message = require('../src/message')
 
 var fixtures = require('./fixtures/ecdsa.js')
 
@@ -27,10 +28,12 @@ describe('ecdsa', function() {
 
   describe('recoverPubKey', function() {
     it('succesfully recovers a public key', function() {
-      var addr = 'mgQK8S6CfSXKjPmnujArSmVxafeJfrZsa3'
       var signature = new Buffer('H0PG6+PUo96UPTJ/DVj8aBU5it+Nuli4YdsLuTMvfJxoHH9Jb7jYTQXCCOX2jrTChD5S1ic3vCrUQHdmB5/sEQY=', 'base64')
+
       var obj = ecdsa.parseSigCompact(signature)
-      var pubKey = new ECPubKey(ecdsa.recoverPubKey(obj.r, obj.s, Message.magicHash('1111'), obj.i))
+      var hash = message.magicHash('1111', networks.bitcoin)
+
+      var pubKey = new ECPubKey(ecdsa.recoverPubKey(obj.r, obj.s, hash, obj.i))
 
       assert.equal(pubKey.toHex(), '02e8fcf4d749b35879bc1f3b14b49e67ab7301da3558c5a9b74a54f1e6339c334c')
     })

test/fixtures/message.js

@@ -1,12 +1,19 @@
 module.exports = {
   magicHash: [
     {
+      network: 'bitcoin',
       message: '',
-      hash256: '80e795d4a4caadd7047af389d9f7f220562feb6196032e2131e10563352c4bcc'
+      magicHash: '80e795d4a4caadd7047af389d9f7f220562feb6196032e2131e10563352c4bcc'
     },
     {
+      network: 'bitcoin',
       message: 'Vires is Numeris',
-      hash256: 'f8a5affbef4a3241b19067aa694562f64f513310817297089a8929a930f4f933'
+      magicHash: 'f8a5affbef4a3241b19067aa694562f64f513310817297089a8929a930f4f933'
+    },
+    {
+      network: 'dogecoin',
+      message: 'Vires is Numeris',
+      magicHash: 'c0963d20d0accd0ea0df6c1020bf85a7e629a40e7b5363f2c3e9dcafd5638f12'
     }
   ]
 }

test/message.js

@@ -1,6 +1,7 @@
 var assert = require('assert')
 var networks = require('../src/networks')
 
+var BigInteger = require('bigi')
 var ECKey = require('../src/eckey')
 var Message = require('../src/message')
 
@@ -16,10 +17,10 @@ describe('Message', function() {
   describe('magicHash', function() {
     it('matches the test vectors', function() {
       fixtures.magicHash.forEach(function(f) {
-        var actual = Message.magicHash(f.message)
-        var expected = f.hash256
+        var network = networks[f.network]
+        var actual = Message.magicHash(f.message, network)
 
-        assert.equal(actual.toString('hex'), expected)
+        assert.equal(actual.toString('hex'), f.magicHash)
       })
     })
   })
@@ -50,23 +51,22 @@ describe('Message', function() {
       assert.ok(!Message.verify('1Q1pE5vPGEEMqRcVRMbtBK842Y6Pzo6nK9', csig, message))
     })
 
-    it('supports alternate network addresses', function() {
-      var taddr = 'mxnQZKxSKjzaMgrdXzk35rif3u62TLDrg9'
-      var tsig = new Buffer('IGucnrTku3KLCCHUMwq9anawfrlN8RK1HWMN+10LhsHJeysBdWfj5ohJcS/+oqrlVFNvEgbgEeAQUL6r3sZwnj8=', 'base64')
-
-      assert.ok(Message.verify(taddr, tsig, message))
-      assert.ok(!Message.verify(taddr, tsig, 'foobar'))
-    })
-
     it('does not cross verify (compressed/uncompressed)', function() {
       assert.ok(!Message.verify(addr, csig, message))
       assert.ok(!Message.verify(caddr, sig, message))
     })
+
+    it('supports alternate networks', function() {
+      var dogeaddr = 'DFpN6QqFfUm3gKNaxN6tNcab1FArL9cZLE'
+      var dogesig = new Buffer('H6k+dZwJ8oOei3PCSpdj603fDvhlhQ+sqaFNIDvo/bI+Xh6zyIKGzZpyud6YhZ1a5mcrwMVtTWL+VXq/hC5Zj7s=', 'base64')
+
+      assert.ok(Message.verify(dogeaddr, dogesig, message, networks.dogecoin))
+    })
   })
 
   describe('signing', function() {
     it('gives matching signatures irrespective of point compression', function() {
-      var privKey = ECKey.makeRandom(false)
+      var privKey = new ECKey(BigInteger.ONE, false)
       var compressedKey = new ECKey(privKey.D, true)
 
       var sig = Message.sign(privKey, message)
@@ -75,5 +75,12 @@ describe('Message', function() {
       assert.notDeepEqual(sig.slice(0, 2), csig.slice(0, 2)) // unequal compression flags
       assert.deepEqual(sig.slice(2), csig.slice(2)) // equal signatures
     })
+
+    it('supports alternate networks', function() {
+      var privKey = new ECKey(BigInteger.ONE)
+      var signature = Message.sign(privKey, message, networks.dogecoin)
+
+      assert.equal(signature.toString('base64'), 'H6k+dZwJ8oOei3PCSpdj603fDvhlhQ+sqaFNIDvo/bI+Xh6zyIKGzZpyud6YhZ1a5mcrwMVtTWL+VXq/hC5Zj7s=')
+    })
   })
 })