Merge pull request #327 from bitcoinjs/cryptoint

Add advanced cryptographic integration tests
This commit is contained in:
Daniel Cousens 2014-12-12 10:03:55 +11:00
commit 953cb567c3
6 changed files with 207 additions and 62 deletions

View file

@ -73,11 +73,13 @@ The below examples are implemented as integration tests, they should be very eas
- [Create a Transaction](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/basic.js#L36) - [Create a Transaction](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/basic.js#L36)
- [Sign a Bitcoin message](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/advanced.js#L9) - [Sign a Bitcoin message](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/advanced.js#L9)
- [Verify a Bitcoin message](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/advanced.js#L17) - [Verify a Bitcoin message](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/advanced.js#L17)
- [Generate a single-key stealth address](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/advanced.js#L25) - [Create an OP RETURN transaction](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/advanced.js#L24)
- [Generate a dual-key stealth address](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/advanced.js#L58)
- [Create an OP RETURN transaction](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/advanced.js#L60)
- [Create a 2-of-3 multisig P2SH address](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/multisig.js#L8) - [Create a 2-of-3 multisig P2SH address](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/multisig.js#L8)
- [Spend from a 2-of-2 multisig P2SH address](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/multisig.js#L22) - [Spend from a 2-of-2 multisig P2SH address](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/multisig.js#L22)
- [Generate a single-key stealth address](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/crypto.js#L7)
- [Generate a dual-key stealth address](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/crypto.js#L40)
- [Recover a BIP32 parent private key from the parent public key and a derived non-hardened child private key](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/crypto.js#L42)
- [Recover a Private key from duplicate R values in a signature](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/crypto.js#L90)
## Projects utilizing BitcoinJS ## Projects utilizing BitcoinJS

View file

@ -54,10 +54,11 @@
"ecurve": "1.0.0" "ecurve": "1.0.0"
}, },
"devDependencies": { "devDependencies": {
"async": "^0.9.0",
"browserify": "^5.12.0", "browserify": "^5.12.0",
"bs58": "^2.0.0", "bs58": "^2.0.0",
"cb-helloblock": "^0.4.7",
"coveralls": "^2.11.2", "coveralls": "^2.11.2",
"helloblock-js": "^0.2.5",
"istanbul": "^0.3.2", "istanbul": "^0.3.2",
"jshint": "^2.5.6", "jshint": "^2.5.6",
"mocha": "^1.21.4", "mocha": "^1.21.4",

View file

@ -37,6 +37,7 @@ function HDNode(K, chainCode, network) {
this.chainCode = chainCode this.chainCode = chainCode
this.depth = 0 this.depth = 0
this.index = 0 this.index = 0
this.parentFingerprint = 0x00000000
this.network = network this.network = network
if (K instanceof BigInteger) { if (K instanceof BigInteger) {
@ -196,8 +197,7 @@ HDNode.prototype.toBuffer = function(isPrivate, __ignoreDeprecation) {
buffer.writeUInt8(this.depth, 4) buffer.writeUInt8(this.depth, 4)
// 4 bytes: the fingerprint of the parent's key (0x00000000 if master key) // 4 bytes: the fingerprint of the parent's key (0x00000000 if master key)
var fingerprint = (this.depth === 0) ? 0x00000000 : this.parentFingerprint buffer.writeUInt32BE(this.parentFingerprint, 5)
buffer.writeUInt32BE(fingerprint, 5)
// 4 bytes: child number. This is the number i in xi = xpar/i, with xi the key being serialized. // 4 bytes: child number. This is the number i in xi = xpar/i, with xi the key being serialized.
// This is encoded in Big endian. (0x00000000 if master key) // This is encoded in Big endian. (0x00000000 if master key)

View file

@ -1,9 +1,6 @@
var assert = require('assert') var assert = require('assert')
var bigi = require('bigi')
var bitcoin = require('../../') var bitcoin = require('../../')
var helloblock = require('helloblock-js')({ var blockchain = new (require('cb-helloblock'))('testnet')
network: 'testnet'
})
describe('bitcoinjs-lib (advanced)', function() { describe('bitcoinjs-lib (advanced)', function() {
it('can sign a Bitcoin message', function() { it('can sign a Bitcoin message', function() {
@ -22,51 +19,16 @@ describe('bitcoinjs-lib (advanced)', function() {
assert(bitcoin.Message.verify(address, signature, message)) assert(bitcoin.Message.verify(address, signature, message))
}) })
it('can generate a single-key stealth address', function() {
var receiver = bitcoin.ECKey.fromWIF('5KYZdUEo39z3FPrtuX2QbbwGnNP5zTd7yyr2SC1j299sBCnWjss')
// XXX: ephemeral, must be random (and secret to sender) to preserve privacy
var sender = bitcoin.ECKey.fromWIF('Kxr9tQED9H44gCmp6HAdmemAzU3n84H3dGkuWTKvE23JgHMW8gct')
var G = bitcoin.ECKey.curve.G
var d = receiver.d // secret (receiver only)
var Q = receiver.pub.Q // shared
var e = sender.d // secret (sender only)
var P = sender.pub.Q // shared
// derived shared secret
var eQ = Q.multiply(e) // sender
var dP = P.multiply(d) // receiver
assert.deepEqual(eQ.getEncoded(), dP.getEncoded())
var c = bigi.fromBuffer(bitcoin.crypto.sha256(eQ.getEncoded()))
var cG = G.multiply(c)
// derived public key
var QprimeS = Q.add(cG)
var QprimeR = G.multiply(d.add(c))
assert.deepEqual(QprimeR.getEncoded(), QprimeS.getEncoded())
// derived shared-secret address
var address = new bitcoin.ECPubKey(QprimeS).getAddress().toString()
assert.equal(address, '1EwCNJNZM5q58YPPTnjR1H5BvYRNeyZi47')
})
// TODO
it.skip('can generate a dual-key stealth address', function() {})
it('can create an OP_RETURN transaction', function(done) { it('can create an OP_RETURN transaction', function(done) {
this.timeout(20000) this.timeout(20000)
var key = bitcoin.ECKey.fromWIF("L1uyy5qTuGrVXrmrsvHWHgVzW9kKdrp27wBC7Vs6nZDTF2BRUVwy") var key = bitcoin.ECKey.fromWIF("L1uyy5qTuGrVXrmrsvHWHgVzW9kKdrp27wBC7Vs6nZDTF2BRUVwy")
var address = key.pub.getAddress(bitcoin.networks.testnet).toString() var address = key.pub.getAddress(bitcoin.networks.testnet).toString()
helloblock.faucet.withdraw(address, 2e4, function(err) { blockchain.addresses.__faucetWithdraw(address, 2e4, function(err) {
if (err) return done(err) if (err) return done(err)
helloblock.addresses.getUnspents(address, function(err, _, unspents) { blockchain.addresses.unspents(address, function(err, unspents) {
if (err) return done(err) if (err) return done(err)
// filter small unspents // filter small unspents
@ -80,20 +42,19 @@ describe('bitcoinjs-lib (advanced)', function() {
var data = new Buffer('cafedeadbeef', 'hex') var data = new Buffer('cafedeadbeef', 'hex')
var dataScript = bitcoin.scripts.nullDataOutput(data) var dataScript = bitcoin.scripts.nullDataOutput(data)
tx.addInput(unspent.txHash, unspent.index) tx.addInput(unspent.txId, unspent.vout)
tx.addOutput(dataScript, 1000) tx.addOutput(dataScript, 1000)
tx.sign(0, key) tx.sign(0, key)
helloblock.transactions.propagate(tx.build().toHex(), function(err) { blockchain.transactions.propagate(tx.build().toHex(), function(err) {
if (err) return done(err) if (err) return done(err)
// check that the message was propagated // check that the message was propagated
helloblock.addresses.getTransactions(address, function(err, res, transactions) { blockchain.addresses.transactions(address, function(err, transactions) {
if (err) return done(err) if (err) return done(err)
var transaction = transactions[0] var transaction = bitcoin.Transaction.fromHex(transactions[0].txHex)
var output = transaction.outputs[0] var dataScript2 = transaction.outs[0].script
var dataScript2 = bitcoin.Script.fromHex(output.scriptPubKey)
var data2 = dataScript2.chunks[1] var data2 = dataScript2.chunks[1]
assert.deepEqual(dataScript, dataScript2) assert.deepEqual(dataScript, dataScript2)

183
test/integration/crypto.js Normal file
View file

@ -0,0 +1,183 @@
var assert = require('assert')
var async = require('async')
var bigi = require('bigi')
var bitcoin = require('../../')
var blockchain = new (require('cb-helloblock'))('bitcoin')
var crypto = require('crypto')
describe('bitcoinjs-lib (crypto)', function() {
it('can generate a single-key stealth address', function() {
var receiver = bitcoin.ECKey.fromWIF('5KYZdUEo39z3FPrtuX2QbbwGnNP5zTd7yyr2SC1j299sBCnWjss')
// XXX: ephemeral, must be random (and secret to sender) to preserve privacy
var sender = bitcoin.ECKey.fromWIF('Kxr9tQED9H44gCmp6HAdmemAzU3n84H3dGkuWTKvE23JgHMW8gct')
var G = bitcoin.ECKey.curve.G
var d = receiver.d // secret (receiver only)
var Q = receiver.pub.Q // shared
var e = sender.d // secret (sender only)
var P = sender.pub.Q // shared
// derived shared secret
var eQ = Q.multiply(e) // sender
var dP = P.multiply(d) // receiver
assert.deepEqual(eQ.getEncoded(), dP.getEncoded())
var c = bigi.fromBuffer(bitcoin.crypto.sha256(eQ.getEncoded()))
var cG = G.multiply(c)
// derived public key
var QprimeS = Q.add(cG)
var QprimeR = G.multiply(d.add(c))
assert.deepEqual(QprimeR.getEncoded(), QprimeS.getEncoded())
// derived shared-secret address
var address = new bitcoin.ECPubKey(QprimeS).getAddress().toString()
assert.equal(address, '1EwCNJNZM5q58YPPTnjR1H5BvYRNeyZi47')
})
// TODO
it.skip('can generate a dual-key stealth address', function() {})
it('can recover a parent private key from the parent\'s public key and a derived non-hardened child private key', function() {
function recoverParent(master, child) {
assert(!master.privKey, 'You already have the parent private key')
assert(child.privKey, 'Missing child private key')
var curve = bitcoin.ECKey.curve
var QP = master.pubKey.toBuffer()
var QP64 = QP.toString('base64')
var d1 = child.privKey.d
var d2
var indexBuffer = new Buffer(4)
// search index space until we find it
for (var i = 0; i < bitcoin.HDNode.HIGHEST_BIT; ++i) {
indexBuffer.writeUInt32BE(i, 0)
// calculate I
var data = Buffer.concat([QP, indexBuffer])
var I = crypto.createHmac('sha512', master.chainCode).update(data).digest()
var IL = I.slice(0, 32)
var pIL = bigi.fromBuffer(IL)
// See hdnode.js:273 to understand
d2 = d1.subtract(pIL).mod(curve.n)
var Qp = new bitcoin.ECKey(d2, true).pub.toBuffer()
if (Qp.toString('base64') === QP64) break
}
var node = new bitcoin.HDNode(d2, master.chainCode, master.network)
node.depth = master.depth
node.index = master.index
node.masterFingerprint = master.masterFingerprint
return node
}
var seed = crypto.randomBytes(32)
var master = bitcoin.HDNode.fromSeedBuffer(seed)
var child = master.derive(6) // m/6
// now for the recovery
var neuteredMaster = master.neutered()
var recovered = recoverParent(neuteredMaster, child)
assert.equal(recovered.toBase58(), master.toBase58())
})
it('can recover a private key from duplicate R values', function() {
var inputs = [
{
txId: "f4c16475f2a6e9c602e4a287f9db3040e319eb9ece74761a4b84bc820fbeef50",
vout: 0
},
{
txId: "f4c16475f2a6e9c602e4a287f9db3040e319eb9ece74761a4b84bc820fbeef50",
vout: 1
}
]
var txIds = inputs.map(function(x) { return x.txId })
// first retrieve the relevant transactions
blockchain.transactions.get(txIds, function(err, results) {
assert.ifError(err)
var transactions = {}
results.forEach(function(tx) {
transactions[tx.txId] = bitcoin.Transaction.fromHex(tx.txHex)
})
var tasks = []
// now we need to collect/transform a bit of data from the selected inputs
inputs.forEach(function(input) {
var transaction = transactions[input.txId]
var script = transaction.ins[input.vout].script
assert(bitcoin.scripts.isPubKeyHashInput(script), 'Expected pubKeyHash script')
var prevOutTxId = bitcoin.bufferutils.reverse(transaction.ins[input.vout].hash).toString('hex')
var prevVout = transaction.ins[input.vout].index
tasks.push(function(callback) {
blockchain.transactions.get(prevOutTxId, function(err, result) {
if (err) return callback(err)
var prevOut = bitcoin.Transaction.fromHex(result.txHex)
var prevOutScript = prevOut.outs[prevVout].script
var scriptSignature = bitcoin.ECSignature.parseScriptSignature(script.chunks[0])
var publicKey = bitcoin.ECPubKey.fromBuffer(script.chunks[1])
var m = transaction.hashForSignature(input.vout, prevOutScript, scriptSignature.hashType)
assert(publicKey.verify(m, scriptSignature.signature), 'Invalid m')
// store the required information
input.signature = scriptSignature.signature
input.z = bigi.fromBuffer(m)
return callback()
})
})
})
// finally, run the tasks, then on to the math
async.parallel(tasks, function(err) {
if (err) throw err
var n = bitcoin.ECKey.curve.n
for (var i = 0; i < inputs.length; ++i) {
for (var j = i + 1; j < inputs.length; ++j) {
var inputA = inputs[i]
var inputB = inputs[j]
// enforce matching r values
assert.equal(inputA.signature.r.toString(), inputB.signature.r.toString())
var r = inputA.signature.r
var rInv = r.modInverse(n)
var s1 = inputA.signature.s
var s2 = inputB.signature.s
var z1 = inputA.z
var z2 = inputB.z
var zz = z1.subtract(z2).mod(n)
var ss = s1.subtract(s2).mod(n)
// k = (z1 - z2) / (s1 - s2)
// d1 = (s1 * k - z1) / r
// d2 = (s2 * k - z2) / r
var k = zz.multiply(ss.modInverse(n)).mod(n)
var d1 = (( s1.multiply(k).mod(n) ).subtract(z1).mod(n) ).multiply(rInv).mod(n)
var d2 = (( s2.multiply(k).mod(n) ).subtract(z2).mod(n) ).multiply(rInv).mod(n)
// enforce matching private keys
assert.equal(d1.toString(), d2.toString())
}
}
})
})
})
})

View file

@ -1,8 +1,6 @@
var assert = require('assert') var assert = require('assert')
var bitcoin = require('../../') var bitcoin = require('../../')
var helloblock = require('helloblock-js')({ var blockchain = new (require('cb-helloblock'))('testnet')
network: 'testnet'
})
describe('bitcoinjs-lib (multisig)', function() { describe('bitcoinjs-lib (multisig)', function() {
it('can create a 2-of-3 multisig P2SH address', function() { it('can create a 2-of-3 multisig P2SH address', function() {
@ -33,11 +31,11 @@ describe('bitcoinjs-lib (multisig)', function() {
var address = bitcoin.Address.fromOutputScript(scriptPubKey, bitcoin.networks.testnet).toString() var address = bitcoin.Address.fromOutputScript(scriptPubKey, bitcoin.networks.testnet).toString()
// Attempt to send funds to the source address // Attempt to send funds to the source address
helloblock.faucet.withdraw(address, 2e4, function(err) { blockchain.addresses.__faucetWithdraw(address, 2e4, function(err) {
if (err) return done(err) if (err) return done(err)
// get latest unspents from the address // get latest unspents from the address
helloblock.addresses.getUnspents(address, function(err, _, unspents) { blockchain.addresses.unspents(address, function(err, unspents) {
if (err) return done(err) if (err) return done(err)
// filter small unspents // filter small unspents
@ -50,7 +48,7 @@ describe('bitcoinjs-lib (multisig)', function() {
var targetAddress = bitcoin.ECKey.makeRandom().pub.getAddress(bitcoin.networks.testnet).toString() var targetAddress = bitcoin.ECKey.makeRandom().pub.getAddress(bitcoin.networks.testnet).toString()
var txb = new bitcoin.TransactionBuilder() var txb = new bitcoin.TransactionBuilder()
txb.addInput(unspent.txHash, unspent.index) txb.addInput(unspent.txId, unspent.vout)
txb.addOutput(targetAddress, 1e4) txb.addOutput(targetAddress, 1e4)
// sign w/ each private key // sign w/ each private key
@ -59,14 +57,14 @@ describe('bitcoinjs-lib (multisig)', function() {
}) })
// broadcast our transaction // broadcast our transaction
helloblock.transactions.propagate(txb.build().toHex(), function(err) { blockchain.transactions.propagate(txb.build().toHex(), function(err) {
if (err) return done(err) if (err) return done(err)
// check that the funds (1e4 Satoshis) indeed arrived at the intended address // check that the funds (1e4 Satoshis) indeed arrived at the intended address
helloblock.addresses.get(targetAddress, function(err, res, addrInfo) { blockchain.addresses.summary(targetAddress, function(err, result) {
if (err) return done(err) if (err) return done(err)
assert.equal(addrInfo.balance, 1e4) assert.equal(result.balance, 1e4)
done() done()
}) })
}) })