Merge pull request #327 from bitcoinjs/cryptoint
Add advanced cryptographic integration tests
This commit is contained in:
commit
953cb567c3
6 changed files with 207 additions and 62 deletions
|
@ -73,11 +73,13 @@ The below examples are implemented as integration tests, they should be very eas
|
|||
- [Create a Transaction](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/basic.js#L36)
|
||||
- [Sign a Bitcoin message](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/advanced.js#L9)
|
||||
- [Verify a Bitcoin message](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/advanced.js#L17)
|
||||
- [Generate a single-key stealth address](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/advanced.js#L25)
|
||||
- [Generate a dual-key stealth address](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/advanced.js#L58)
|
||||
- [Create an OP RETURN transaction](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/advanced.js#L60)
|
||||
- [Create an OP RETURN transaction](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/advanced.js#L24)
|
||||
- [Create a 2-of-3 multisig P2SH address](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/multisig.js#L8)
|
||||
- [Spend from a 2-of-2 multisig P2SH address](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/multisig.js#L22)
|
||||
- [Generate a single-key stealth address](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/crypto.js#L7)
|
||||
- [Generate a dual-key stealth address](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/crypto.js#L40)
|
||||
- [Recover a BIP32 parent private key from the parent public key and a derived non-hardened child private key](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/crypto.js#L42)
|
||||
- [Recover a Private key from duplicate R values in a signature](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/crypto.js#L90)
|
||||
|
||||
|
||||
## Projects utilizing BitcoinJS
|
||||
|
|
|
@ -54,10 +54,11 @@
|
|||
"ecurve": "1.0.0"
|
||||
},
|
||||
"devDependencies": {
|
||||
"async": "^0.9.0",
|
||||
"browserify": "^5.12.0",
|
||||
"bs58": "^2.0.0",
|
||||
"cb-helloblock": "^0.4.7",
|
||||
"coveralls": "^2.11.2",
|
||||
"helloblock-js": "^0.2.5",
|
||||
"istanbul": "^0.3.2",
|
||||
"jshint": "^2.5.6",
|
||||
"mocha": "^1.21.4",
|
||||
|
|
|
@ -37,6 +37,7 @@ function HDNode(K, chainCode, network) {
|
|||
this.chainCode = chainCode
|
||||
this.depth = 0
|
||||
this.index = 0
|
||||
this.parentFingerprint = 0x00000000
|
||||
this.network = network
|
||||
|
||||
if (K instanceof BigInteger) {
|
||||
|
@ -196,8 +197,7 @@ HDNode.prototype.toBuffer = function(isPrivate, __ignoreDeprecation) {
|
|||
buffer.writeUInt8(this.depth, 4)
|
||||
|
||||
// 4 bytes: the fingerprint of the parent's key (0x00000000 if master key)
|
||||
var fingerprint = (this.depth === 0) ? 0x00000000 : this.parentFingerprint
|
||||
buffer.writeUInt32BE(fingerprint, 5)
|
||||
buffer.writeUInt32BE(this.parentFingerprint, 5)
|
||||
|
||||
// 4 bytes: child number. This is the number i in xi = xpar/i, with xi the key being serialized.
|
||||
// This is encoded in Big endian. (0x00000000 if master key)
|
||||
|
|
|
@ -1,9 +1,6 @@
|
|||
var assert = require('assert')
|
||||
var bigi = require('bigi')
|
||||
var bitcoin = require('../../')
|
||||
var helloblock = require('helloblock-js')({
|
||||
network: 'testnet'
|
||||
})
|
||||
var blockchain = new (require('cb-helloblock'))('testnet')
|
||||
|
||||
describe('bitcoinjs-lib (advanced)', function() {
|
||||
it('can sign a Bitcoin message', function() {
|
||||
|
@ -22,51 +19,16 @@ describe('bitcoinjs-lib (advanced)', function() {
|
|||
assert(bitcoin.Message.verify(address, signature, message))
|
||||
})
|
||||
|
||||
it('can generate a single-key stealth address', function() {
|
||||
var receiver = bitcoin.ECKey.fromWIF('5KYZdUEo39z3FPrtuX2QbbwGnNP5zTd7yyr2SC1j299sBCnWjss')
|
||||
|
||||
// XXX: ephemeral, must be random (and secret to sender) to preserve privacy
|
||||
var sender = bitcoin.ECKey.fromWIF('Kxr9tQED9H44gCmp6HAdmemAzU3n84H3dGkuWTKvE23JgHMW8gct')
|
||||
|
||||
var G = bitcoin.ECKey.curve.G
|
||||
var d = receiver.d // secret (receiver only)
|
||||
var Q = receiver.pub.Q // shared
|
||||
|
||||
var e = sender.d // secret (sender only)
|
||||
var P = sender.pub.Q // shared
|
||||
|
||||
// derived shared secret
|
||||
var eQ = Q.multiply(e) // sender
|
||||
var dP = P.multiply(d) // receiver
|
||||
assert.deepEqual(eQ.getEncoded(), dP.getEncoded())
|
||||
|
||||
var c = bigi.fromBuffer(bitcoin.crypto.sha256(eQ.getEncoded()))
|
||||
var cG = G.multiply(c)
|
||||
|
||||
// derived public key
|
||||
var QprimeS = Q.add(cG)
|
||||
var QprimeR = G.multiply(d.add(c))
|
||||
assert.deepEqual(QprimeR.getEncoded(), QprimeS.getEncoded())
|
||||
|
||||
// derived shared-secret address
|
||||
var address = new bitcoin.ECPubKey(QprimeS).getAddress().toString()
|
||||
|
||||
assert.equal(address, '1EwCNJNZM5q58YPPTnjR1H5BvYRNeyZi47')
|
||||
})
|
||||
|
||||
// TODO
|
||||
it.skip('can generate a dual-key stealth address', function() {})
|
||||
|
||||
it('can create an OP_RETURN transaction', function(done) {
|
||||
this.timeout(20000)
|
||||
|
||||
var key = bitcoin.ECKey.fromWIF("L1uyy5qTuGrVXrmrsvHWHgVzW9kKdrp27wBC7Vs6nZDTF2BRUVwy")
|
||||
var address = key.pub.getAddress(bitcoin.networks.testnet).toString()
|
||||
|
||||
helloblock.faucet.withdraw(address, 2e4, function(err) {
|
||||
blockchain.addresses.__faucetWithdraw(address, 2e4, function(err) {
|
||||
if (err) return done(err)
|
||||
|
||||
helloblock.addresses.getUnspents(address, function(err, _, unspents) {
|
||||
blockchain.addresses.unspents(address, function(err, unspents) {
|
||||
if (err) return done(err)
|
||||
|
||||
// filter small unspents
|
||||
|
@ -80,20 +42,19 @@ describe('bitcoinjs-lib (advanced)', function() {
|
|||
var data = new Buffer('cafedeadbeef', 'hex')
|
||||
var dataScript = bitcoin.scripts.nullDataOutput(data)
|
||||
|
||||
tx.addInput(unspent.txHash, unspent.index)
|
||||
tx.addInput(unspent.txId, unspent.vout)
|
||||
tx.addOutput(dataScript, 1000)
|
||||
tx.sign(0, key)
|
||||
|
||||
helloblock.transactions.propagate(tx.build().toHex(), function(err) {
|
||||
blockchain.transactions.propagate(tx.build().toHex(), function(err) {
|
||||
if (err) return done(err)
|
||||
|
||||
// check that the message was propagated
|
||||
helloblock.addresses.getTransactions(address, function(err, res, transactions) {
|
||||
blockchain.addresses.transactions(address, function(err, transactions) {
|
||||
if (err) return done(err)
|
||||
|
||||
var transaction = transactions[0]
|
||||
var output = transaction.outputs[0]
|
||||
var dataScript2 = bitcoin.Script.fromHex(output.scriptPubKey)
|
||||
var transaction = bitcoin.Transaction.fromHex(transactions[0].txHex)
|
||||
var dataScript2 = transaction.outs[0].script
|
||||
var data2 = dataScript2.chunks[1]
|
||||
|
||||
assert.deepEqual(dataScript, dataScript2)
|
||||
|
|
183
test/integration/crypto.js
Normal file
183
test/integration/crypto.js
Normal file
|
@ -0,0 +1,183 @@
|
|||
var assert = require('assert')
|
||||
var async = require('async')
|
||||
var bigi = require('bigi')
|
||||
var bitcoin = require('../../')
|
||||
var blockchain = new (require('cb-helloblock'))('bitcoin')
|
||||
var crypto = require('crypto')
|
||||
|
||||
describe('bitcoinjs-lib (crypto)', function() {
|
||||
it('can generate a single-key stealth address', function() {
|
||||
var receiver = bitcoin.ECKey.fromWIF('5KYZdUEo39z3FPrtuX2QbbwGnNP5zTd7yyr2SC1j299sBCnWjss')
|
||||
|
||||
// XXX: ephemeral, must be random (and secret to sender) to preserve privacy
|
||||
var sender = bitcoin.ECKey.fromWIF('Kxr9tQED9H44gCmp6HAdmemAzU3n84H3dGkuWTKvE23JgHMW8gct')
|
||||
|
||||
var G = bitcoin.ECKey.curve.G
|
||||
var d = receiver.d // secret (receiver only)
|
||||
var Q = receiver.pub.Q // shared
|
||||
|
||||
var e = sender.d // secret (sender only)
|
||||
var P = sender.pub.Q // shared
|
||||
|
||||
// derived shared secret
|
||||
var eQ = Q.multiply(e) // sender
|
||||
var dP = P.multiply(d) // receiver
|
||||
assert.deepEqual(eQ.getEncoded(), dP.getEncoded())
|
||||
|
||||
var c = bigi.fromBuffer(bitcoin.crypto.sha256(eQ.getEncoded()))
|
||||
var cG = G.multiply(c)
|
||||
|
||||
// derived public key
|
||||
var QprimeS = Q.add(cG)
|
||||
var QprimeR = G.multiply(d.add(c))
|
||||
assert.deepEqual(QprimeR.getEncoded(), QprimeS.getEncoded())
|
||||
|
||||
// derived shared-secret address
|
||||
var address = new bitcoin.ECPubKey(QprimeS).getAddress().toString()
|
||||
|
||||
assert.equal(address, '1EwCNJNZM5q58YPPTnjR1H5BvYRNeyZi47')
|
||||
})
|
||||
|
||||
// TODO
|
||||
it.skip('can generate a dual-key stealth address', function() {})
|
||||
|
||||
it('can recover a parent private key from the parent\'s public key and a derived non-hardened child private key', function() {
|
||||
function recoverParent(master, child) {
|
||||
assert(!master.privKey, 'You already have the parent private key')
|
||||
assert(child.privKey, 'Missing child private key')
|
||||
|
||||
var curve = bitcoin.ECKey.curve
|
||||
var QP = master.pubKey.toBuffer()
|
||||
var QP64 = QP.toString('base64')
|
||||
var d1 = child.privKey.d
|
||||
var d2
|
||||
var indexBuffer = new Buffer(4)
|
||||
|
||||
// search index space until we find it
|
||||
for (var i = 0; i < bitcoin.HDNode.HIGHEST_BIT; ++i) {
|
||||
indexBuffer.writeUInt32BE(i, 0)
|
||||
|
||||
// calculate I
|
||||
var data = Buffer.concat([QP, indexBuffer])
|
||||
var I = crypto.createHmac('sha512', master.chainCode).update(data).digest()
|
||||
var IL = I.slice(0, 32)
|
||||
var pIL = bigi.fromBuffer(IL)
|
||||
|
||||
// See hdnode.js:273 to understand
|
||||
d2 = d1.subtract(pIL).mod(curve.n)
|
||||
|
||||
var Qp = new bitcoin.ECKey(d2, true).pub.toBuffer()
|
||||
if (Qp.toString('base64') === QP64) break
|
||||
}
|
||||
|
||||
var node = new bitcoin.HDNode(d2, master.chainCode, master.network)
|
||||
node.depth = master.depth
|
||||
node.index = master.index
|
||||
node.masterFingerprint = master.masterFingerprint
|
||||
return node
|
||||
}
|
||||
|
||||
var seed = crypto.randomBytes(32)
|
||||
var master = bitcoin.HDNode.fromSeedBuffer(seed)
|
||||
var child = master.derive(6) // m/6
|
||||
|
||||
// now for the recovery
|
||||
var neuteredMaster = master.neutered()
|
||||
var recovered = recoverParent(neuteredMaster, child)
|
||||
assert.equal(recovered.toBase58(), master.toBase58())
|
||||
})
|
||||
|
||||
it('can recover a private key from duplicate R values', function() {
|
||||
var inputs = [
|
||||
{
|
||||
txId: "f4c16475f2a6e9c602e4a287f9db3040e319eb9ece74761a4b84bc820fbeef50",
|
||||
vout: 0
|
||||
},
|
||||
{
|
||||
txId: "f4c16475f2a6e9c602e4a287f9db3040e319eb9ece74761a4b84bc820fbeef50",
|
||||
vout: 1
|
||||
}
|
||||
]
|
||||
|
||||
var txIds = inputs.map(function(x) { return x.txId })
|
||||
|
||||
// first retrieve the relevant transactions
|
||||
blockchain.transactions.get(txIds, function(err, results) {
|
||||
assert.ifError(err)
|
||||
|
||||
var transactions = {}
|
||||
results.forEach(function(tx) {
|
||||
transactions[tx.txId] = bitcoin.Transaction.fromHex(tx.txHex)
|
||||
})
|
||||
|
||||
var tasks = []
|
||||
|
||||
// now we need to collect/transform a bit of data from the selected inputs
|
||||
inputs.forEach(function(input) {
|
||||
var transaction = transactions[input.txId]
|
||||
var script = transaction.ins[input.vout].script
|
||||
assert(bitcoin.scripts.isPubKeyHashInput(script), 'Expected pubKeyHash script')
|
||||
|
||||
var prevOutTxId = bitcoin.bufferutils.reverse(transaction.ins[input.vout].hash).toString('hex')
|
||||
var prevVout = transaction.ins[input.vout].index
|
||||
|
||||
tasks.push(function(callback) {
|
||||
blockchain.transactions.get(prevOutTxId, function(err, result) {
|
||||
if (err) return callback(err)
|
||||
|
||||
var prevOut = bitcoin.Transaction.fromHex(result.txHex)
|
||||
var prevOutScript = prevOut.outs[prevVout].script
|
||||
|
||||
var scriptSignature = bitcoin.ECSignature.parseScriptSignature(script.chunks[0])
|
||||
var publicKey = bitcoin.ECPubKey.fromBuffer(script.chunks[1])
|
||||
|
||||
var m = transaction.hashForSignature(input.vout, prevOutScript, scriptSignature.hashType)
|
||||
assert(publicKey.verify(m, scriptSignature.signature), 'Invalid m')
|
||||
|
||||
// store the required information
|
||||
input.signature = scriptSignature.signature
|
||||
input.z = bigi.fromBuffer(m)
|
||||
|
||||
return callback()
|
||||
})
|
||||
})
|
||||
})
|
||||
|
||||
// finally, run the tasks, then on to the math
|
||||
async.parallel(tasks, function(err) {
|
||||
if (err) throw err
|
||||
var n = bitcoin.ECKey.curve.n
|
||||
|
||||
for (var i = 0; i < inputs.length; ++i) {
|
||||
for (var j = i + 1; j < inputs.length; ++j) {
|
||||
var inputA = inputs[i]
|
||||
var inputB = inputs[j]
|
||||
|
||||
// enforce matching r values
|
||||
assert.equal(inputA.signature.r.toString(), inputB.signature.r.toString())
|
||||
var r = inputA.signature.r
|
||||
var rInv = r.modInverse(n)
|
||||
|
||||
var s1 = inputA.signature.s
|
||||
var s2 = inputB.signature.s
|
||||
var z1 = inputA.z
|
||||
var z2 = inputB.z
|
||||
|
||||
var zz = z1.subtract(z2).mod(n)
|
||||
var ss = s1.subtract(s2).mod(n)
|
||||
|
||||
// k = (z1 - z2) / (s1 - s2)
|
||||
// d1 = (s1 * k - z1) / r
|
||||
// d2 = (s2 * k - z2) / r
|
||||
var k = zz.multiply(ss.modInverse(n)).mod(n)
|
||||
var d1 = (( s1.multiply(k).mod(n) ).subtract(z1).mod(n) ).multiply(rInv).mod(n)
|
||||
var d2 = (( s2.multiply(k).mod(n) ).subtract(z2).mod(n) ).multiply(rInv).mod(n)
|
||||
|
||||
// enforce matching private keys
|
||||
assert.equal(d1.toString(), d2.toString())
|
||||
}
|
||||
}
|
||||
})
|
||||
})
|
||||
})
|
||||
})
|
|
@ -1,8 +1,6 @@
|
|||
var assert = require('assert')
|
||||
var bitcoin = require('../../')
|
||||
var helloblock = require('helloblock-js')({
|
||||
network: 'testnet'
|
||||
})
|
||||
var blockchain = new (require('cb-helloblock'))('testnet')
|
||||
|
||||
describe('bitcoinjs-lib (multisig)', function() {
|
||||
it('can create a 2-of-3 multisig P2SH address', function() {
|
||||
|
@ -33,11 +31,11 @@ describe('bitcoinjs-lib (multisig)', function() {
|
|||
var address = bitcoin.Address.fromOutputScript(scriptPubKey, bitcoin.networks.testnet).toString()
|
||||
|
||||
// Attempt to send funds to the source address
|
||||
helloblock.faucet.withdraw(address, 2e4, function(err) {
|
||||
blockchain.addresses.__faucetWithdraw(address, 2e4, function(err) {
|
||||
if (err) return done(err)
|
||||
|
||||
// get latest unspents from the address
|
||||
helloblock.addresses.getUnspents(address, function(err, _, unspents) {
|
||||
blockchain.addresses.unspents(address, function(err, unspents) {
|
||||
if (err) return done(err)
|
||||
|
||||
// filter small unspents
|
||||
|
@ -50,7 +48,7 @@ describe('bitcoinjs-lib (multisig)', function() {
|
|||
var targetAddress = bitcoin.ECKey.makeRandom().pub.getAddress(bitcoin.networks.testnet).toString()
|
||||
|
||||
var txb = new bitcoin.TransactionBuilder()
|
||||
txb.addInput(unspent.txHash, unspent.index)
|
||||
txb.addInput(unspent.txId, unspent.vout)
|
||||
txb.addOutput(targetAddress, 1e4)
|
||||
|
||||
// sign w/ each private key
|
||||
|
@ -59,14 +57,14 @@ describe('bitcoinjs-lib (multisig)', function() {
|
|||
})
|
||||
|
||||
// broadcast our transaction
|
||||
helloblock.transactions.propagate(txb.build().toHex(), function(err) {
|
||||
blockchain.transactions.propagate(txb.build().toHex(), function(err) {
|
||||
if (err) return done(err)
|
||||
|
||||
// check that the funds (1e4 Satoshis) indeed arrived at the intended address
|
||||
helloblock.addresses.get(targetAddress, function(err, res, addrInfo) {
|
||||
blockchain.addresses.summary(targetAddress, function(err, result) {
|
||||
if (err) return done(err)
|
||||
|
||||
assert.equal(addrInfo.balance, 1e4)
|
||||
assert.equal(result.balance, 1e4)
|
||||
done()
|
||||
})
|
||||
})
|
||||
|
|
Loading…
Reference in a new issue