LBRYCommunity/bitcoinjs-lib
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

ecdsa: remove unused functions

Browse source
This commit is contained in:
Daniel Cousens 2015-09-08 15:59:32 +10:00
parent 87cb018466
commit 7cdabef954
3 changed files with 0 additions and 206 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

85
src/ecdsa.js
View file

@ -154,93 +154,8 @@ function verify (hash, signature, Q) {
return v.equals(r)
}
/**
* Recover a public key from a signature.
*
* See SEC 1: Elliptic Curve Cryptography, section 4.1.6, "Public
* Key Recovery Operation".
*
* http://www.secg.org/download/aid-780/sec1-v2.pdf
*/
function recoverPubKey (e, signature, i) {
typeforce(types.tuple(
types.BigInt,
types.ECSignature,
types.UInt2
), arguments)
var n = secp256k1.n
var G = secp256k1.G
var r = signature.r
var s = signature.s
if (r.signum() <= 0 || r.compareTo(n) >= 0) throw new Error('Invalid r value')
if (s.signum() <= 0 || s.compareTo(n) >= 0) throw new Error('Invalid s value')
// A set LSB signifies that the y-coordinate is odd
var isYOdd = i & 1
// The more significant bit specifies whether we should use the
// first or second candidate key.
var isSecondKey = i >> 1
// 1.1 Let x = r + jn
var x = isSecondKey ? r.add(n) : r
var R = secp256k1.pointFromX(isYOdd, x)
// 1.4 Check that nR is at infinity
var nR = R.multiply(n)
if (!secp256k1.isInfinity(nR)) throw new Error('nR is not a valid curve point')
// Compute r^-1
var rInv = r.modInverse(n)
// Compute -e from e
var eNeg = e.negate().mod(n)
// 1.6.1 Compute Q = r^-1 (sR - eG)
// Q = r^-1 (sR + -eG)
var Q = R.multiplyTwo(s, G, eNeg).multiply(rInv)
secp256k1.validate(Q)
return Q
}
/**
* Calculate pubkey extraction parameter.
*
* When extracting a pubkey from a signature, we have to
* distinguish four different cases. Rather than putting this
* burden on the verifier, Bitcoin includes a 2-bit value with the
* signature.
*
* This function simply tries all four cases and returns the value
* that resulted in a successful pubkey recovery.
*/
function calcPubKeyRecoveryParam (e, signature, Q) {
typeforce(types.tuple(
types.BigInt,
types.ECSignature,
types.ECPoint
), arguments)
for (var i = 0; i < 4; i++) {
var Qprime = recoverPubKey(e, signature, i)
// 1.6.2 Verify Q
if (Qprime.equals(Q)) {
return i
}
}
throw new Error('Unable to find valid recovery factor')
}
module.exports = {
calcPubKeyRecoveryParam: calcPubKeyRecoveryParam,
deterministicGenerateK: deterministicGenerateK,
recoverPubKey: recoverPubKey,
sign: sign,
verify: verify,

49
test/ecdsa.js
View file

@ -81,55 +81,6 @@ describe('ecdsa', function () {
})
})
describe('recoverPubKey', function () {
fixtures.valid.ecdsa.forEach(function (f) {
it('recovers the pubKey for ' + f.d, function () {
var d = BigInteger.fromHex(f.d)
var Q = curve.G.multiply(d)
var signature = ECSignature.fromDER(new Buffer(f.signature, 'hex'))
var h1 = bcrypto.sha256(f.message)
var e = BigInteger.fromBuffer(h1)
var Qprime = ecdsa.recoverPubKey(e, signature, f.i)
assert(Qprime.equals(Q))
})
})
describe('with i ∈ {0,1,2,3}', function () {
var hash = new Buffer('feef89995d7575f12d65ccc9d28ccaf7ab224c2e59dad4cc7f6a2b0708d24696', 'hex')
var e = BigInteger.fromBuffer(hash)
var signatureBuffer = new Buffer('INcvXVVEFyIfHLbDX+xoxlKFn3Wzj9g0UbhObXdMq+YMKC252o5RHFr0/cKdQe1WsBLUBi4morhgZ77obDJVuV0=', 'base64')
var signature = ECSignature.parseCompact(signatureBuffer).signature
var points = [
'03e3a8c44a8bf712f1fbacee274fb19c0239b1a9e877eff0075ea335f2be8ff380',
'0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798',
'03d49e765f0bc27525c51a1b98fb1c99dacd59abe85a203af90f758260550b56c5',
'027eea09d46ac7fb6aa2e96f9c576677214ffdc238eb167734a9b39d1eb4c3d30d'
]
points.forEach(function (expectedHex, i) {
it('recovers an expected point for i of ' + i, function () {
var Qprime = ecdsa.recoverPubKey(e, signature, i)
var QprimeHex = Qprime.getEncoded().toString('hex')
assert.strictEqual(QprimeHex, expectedHex)
})
})
})
fixtures.invalid.recoverPubKey.forEach(function (f) {
it('throws on ' + f.description + ' (' + f.exception + ')', function () {
var e = BigInteger.fromHex(f.e)
var signature = new ECSignature(new BigInteger(f.signatureRaw.r, 16), new BigInteger(f.signatureRaw.s, 16))
assert.throws(function () {
ecdsa.recoverPubKey(e, signature, f.i)
}, new RegExp(f.exception))
})
})
})
describe('sign', function () {
fixtures.valid.ecdsa.forEach(function (f) {
it('produces a deterministic signature for "' + f.message + '"', function () {

72
test/fixtures/ecdsa.json vendored
View file

@ -125,78 +125,6 @@
]
},
"invalid": {
"recoverPubKey": [
{
"description": "Invalid r value (< 0)",
"exception": "Invalid r value",
"e": "01",
"signatureRaw": {
"r": "-01",
"s": "02"
},
"i": 0
},
{
"description": "Invalid r value (== 0)",
"exception": "Invalid r value",
"e": "01",
"signatureRaw": {
"r": "00",
"s": "02"
},
"i": 0
},
{
"description": "Invalid s value (< 0)",
"exception": "Invalid s value",
"e": "01",
"signatureRaw": {
"r": "02",
"s": "-01"
},
"i": 0
},
{
"description": "Invalid s value (== 0)",
"exception": "Invalid s value",
"e": "01",
"signatureRaw": {
"r": "02",
"s": "00"
},
"i": 0
},
{
"description": "Invalid r value (nR is infinity)",
"exception": "nR is not a valid curve point",
"e": "01",
"signatureRaw": {
"r": "fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140",
"s": "01"
},
"i": 0
},
{
"description": "Invalid curve point",
"exception": "Point is not on the curve",
"e": "01",
"signatureRaw": {
"r": "4b3b4ca85a86c47a098a223fffffffff",
"s": "01"
},
"i": 0
},
{
"description": "Invalid i value (> 3)",
"exception": "Expected property \"2\" of type UInt2, got Number 4",
"e": "01",
"signatureRaw": {
"r": "00",
"s": "02"
},
"i": 4
}
],
"verify": [
{
"description": "The wrong signature",