Merge pull request #181 from dcousens/mesnet

Message signing and altcoins
This commit is contained in:
Wei Lu 2014-05-19 00:12:42 +10:00
commit aafbe46b35
5 changed files with 69 additions and 62 deletions

View file

@ -3,25 +3,27 @@ var Address = require('./address')
var bufferutils = require('./bufferutils')
var crypto = require('./crypto')
var ecdsa = require('./ecdsa')
var networks = require('./networks')
var Address = require('./address')
var ECPubKey = require('./ecpubkey')
// FIXME: incompatible with other networks (Litecoin etc)
var MAGIC_PREFIX = new Buffer('\x18Bitcoin Signed Message:\n')
function magicHash(message) {
function magicHash(message, network) {
var magicPrefix = new Buffer(network.magicPrefix)
var messageBuffer = new Buffer(message)
var lengthBuffer = new Buffer(bufferutils.varIntSize(messageBuffer.length))
bufferutils.writeVarInt(lengthBuffer, messageBuffer.length, 0)
var buffer = Buffer.concat([
MAGIC_PREFIX, lengthBuffer, messageBuffer
magicPrefix, lengthBuffer, messageBuffer
])
return crypto.hash256(buffer)
}
// TODO: parameterize compression instead of using ECKey.compressed
function sign(key, message) {
var hash = magicHash(message)
function sign(key, message, network) {
network = network || networks.bitcoin
var hash = magicHash(message, network)
var sig = ecdsa.parseSig(key.sign(hash))
var i = ecdsa.calcPubKeyRecoveryParam(key.pub.Q, sig.r, sig.s, hash)
@ -36,17 +38,20 @@ function sign(key, message) {
return Buffer.concat([new Buffer([i]), rB, sB], 65)
}
// FIXME: stricter API?
function verify(address, sig, message) {
// TODO: network could be implied from address
function verify(address, compactSig, message, network) {
if (typeof address === 'string') {
address = Address.fromBase58Check(address)
}
sig = ecdsa.parseSigCompact(sig)
network = network || networks.bitcoin
var pubKey = new ECPubKey(ecdsa.recoverPubKey(sig.r, sig.s, magicHash(message), sig.i))
pubKey.compressed = !!(sig.i & 4)
var hash = magicHash(message, network)
var sig = ecdsa.parseSigCompact(compactSig)
var Q = ecdsa.recoverPubKey(sig.r, sig.s, hash, sig.i)
var compressed = !!(sig.i & 4)
var pubKey = new ECPubKey(Q, compressed)
return pubKey.getAddress(address.version).toString() === address.toString()
}

View file

@ -2,6 +2,7 @@
// Dogecoin BIP32 is a proposed standard: https://bitcointalk.org/index.php?topic=409731
module.exports = {
bitcoin: {
magicPrefix: '\x18Bitcoin Signed Message:\n',
bip32: {
pub: 0x0488b21e,
priv: 0x0488ade4
@ -11,6 +12,7 @@ module.exports = {
wif: 0x80
},
dogecoin: {
magicPrefix: '\x19Dogecoin Signed Message:\n',
bip32: {
pub: 0x02facafd,
priv: 0x02fac398
@ -20,6 +22,7 @@ module.exports = {
wif: 0x9e
},
litecoin: {
magicPrefix: '\x19Litecoin Signed Message:\n',
bip32: {
pub: 0x019da462,
priv: 0x019d9cfe
@ -29,6 +32,7 @@ module.exports = {
wif: 0xb0
},
testnet: {
magicPrefix: '\x18Bitcoin Signed Message:\n',
bip32: {
pub: 0x043587cf,
priv: 0x04358394
@ -37,4 +41,4 @@ module.exports = {
scriptHash: 0xc4,
wif: 0xef
}
}
}

View file

@ -1,6 +1,8 @@
var assert = require('assert')
var crypto = require('../src/crypto')
var ecdsa = require('../src/ecdsa')
var message = require('../src/message')
var networks = require('../src/networks')
var sec = require('../src/sec')
var ecparams = sec("secp256k1")
@ -8,7 +10,6 @@ var ecparams = sec("secp256k1")
var BigInteger = require('bigi')
var ECKey = require('../src/eckey')
var ECPubKey = require('../src/ecpubkey')
var Message = require('../src/message')
var fixtures = require('./fixtures/ecdsa.js')
@ -27,10 +28,12 @@ describe('ecdsa', function() {
describe('recoverPubKey', function() {
it('succesfully recovers a public key', function() {
var addr = 'mgQK8S6CfSXKjPmnujArSmVxafeJfrZsa3'
var signature = new Buffer('H0PG6+PUo96UPTJ/DVj8aBU5it+Nuli4YdsLuTMvfJxoHH9Jb7jYTQXCCOX2jrTChD5S1ic3vCrUQHdmB5/sEQY=', 'base64')
var obj = ecdsa.parseSigCompact(signature)
var pubKey = new ECPubKey(ecdsa.recoverPubKey(obj.r, obj.s, Message.magicHash('1111'), obj.i))
var hash = message.magicHash('1111', networks.bitcoin)
var pubKey = new ECPubKey(ecdsa.recoverPubKey(obj.r, obj.s, hash, obj.i))
assert.equal(pubKey.toHex(), '02e8fcf4d749b35879bc1f3b14b49e67ab7301da3558c5a9b74a54f1e6339c334c')
})

View file

@ -1,12 +1,19 @@
module.exports = {
magicHash: [
{
network: 'bitcoin',
message: '',
hash256: '80e795d4a4caadd7047af389d9f7f220562feb6196032e2131e10563352c4bcc'
magicHash: '80e795d4a4caadd7047af389d9f7f220562feb6196032e2131e10563352c4bcc'
},
{
network: 'bitcoin',
message: 'Vires is Numeris',
hash256: 'f8a5affbef4a3241b19067aa694562f64f513310817297089a8929a930f4f933'
magicHash: 'f8a5affbef4a3241b19067aa694562f64f513310817297089a8929a930f4f933'
},
{
network: 'dogecoin',
message: 'Vires is Numeris',
magicHash: 'c0963d20d0accd0ea0df6c1020bf85a7e629a40e7b5363f2c3e9dcafd5638f12'
}
]
}

View file

@ -1,25 +1,26 @@
var assert = require('assert')
var networks = require('../src/networks')
var BigInteger = require('bigi')
var ECKey = require('../src/eckey')
var Message = require('../src/message')
var fixtures = require('./fixtures/message')
describe('Message', function() {
var msg
var message
beforeEach(function() {
msg = 'vires is numeris'
message = 'vires is numeris'
})
describe('magicHash', function() {
it('matches the test vectors', function() {
fixtures.magicHash.forEach(function(f) {
var actual = Message.magicHash(f.message)
var expected = f.hash256
var network = networks[f.network]
var actual = Message.magicHash(f.message, network)
assert.equal(actual.toString('hex'), expected)
assert.equal(actual.toString('hex'), f.magicHash)
})
})
})
@ -31,65 +32,52 @@ describe('Message', function() {
addr = '16UwLL9Risc3QfPqBUvKofHmBQ7wMtjvM' // uncompressed
caddr = '1PMycacnJaSqwwJqjawXBErnLsZ7RkXUAs' // compressed
sig = new Buffer('1bc25ac0fb503abc9bad23f558742740fafaec1f52deaaf106b9759a5ce84c93921c4a669c5ec3dfeb7e2d7d177a2f49db407900874f6de2f701a4c16783776d8d', 'hex')
csig = new Buffer('1fc25ac0fb503abc9bad23f558742740fafaec1f52deaaf106b9759a5ce84c93921c4a669c5ec3dfeb7e2d7d177a2f49db407900874f6de2f701a4c16783776d8d', 'hex')
sig = new Buffer('G8JawPtQOrybrSP1WHQnQPr67B9S3qrxBrl1mlzoTJOSHEpmnF7D3+t+LX0Xei9J20B5AIdPbeL3AaTBZ4N3bY0=', 'base64')
csig = new Buffer('H8JawPtQOrybrSP1WHQnQPr67B9S3qrxBrl1mlzoTJOSHEpmnF7D3+t+LX0Xei9J20B5AIdPbeL3AaTBZ4N3bY0=', 'base64')
})
it('can verify a signed message', function() {
assert.ok(Message.verify(addr, sig, msg))
assert.ok(Message.verify(caddr, csig, msg))
assert.ok(Message.verify(addr, sig, message))
})
it('will fail for the wrong message', function() {
assert.ok(!Message.verify(addr, sig, 'foobar'))
assert.ok(!Message.verify(caddr, csig, 'foobar'))
})
it('will fail for the wrong public key', function() {
assert.ok(!Message.verify('1MsHWS1BnwMc3tLE8G35UXsS58fKipzB7a', sig, msg))
assert.ok(!Message.verify('1Q1pE5vPGEEMqRcVRMbtBK842Y6Pzo6nK9', csig, msg))
})
it('supports alternate network addresses', function() {
var taddr = 'mxnQZKxSKjzaMgrdXzk35rif3u62TLDrg9'
var tsig = new Buffer('IGucnrTku3KLCCHUMwq9anawfrlN8RK1HWMN+10LhsHJeysBdWfj5ohJcS/+oqrlVFNvEgbgEeAQUL6r3sZwnj8=', 'base64')
assert.ok(Message.verify(taddr, tsig, msg))
assert.ok(!Message.verify(taddr, tsig, 'foobar'))
it('will fail for the wrong address', function() {
assert.ok(!Message.verify('1MsHWS1BnwMc3tLE8G35UXsS58fKipzB7a', sig, message))
})
it('does not cross verify (compressed/uncompressed)', function() {
assert.ok(!Message.verify(addr, csig, msg))
assert.ok(!Message.verify(caddr, sig, msg))
assert.ok(!Message.verify(addr, csig, message))
assert.ok(!Message.verify(caddr, sig, message))
})
it('supports alternate networks', function() {
var dogeaddr = 'DFpN6QqFfUm3gKNaxN6tNcab1FArL9cZLE'
var dogesig = new Buffer('H6k+dZwJ8oOei3PCSpdj603fDvhlhQ+sqaFNIDvo/bI+Xh6zyIKGzZpyud6YhZ1a5mcrwMVtTWL+VXq/hC5Zj7s=', 'base64')
assert.ok(Message.verify(dogeaddr, dogesig, message, networks.dogecoin))
})
})
describe('signing', function() {
describe('using the uncompressed public key', function(){
it('gives same signature as a compressed public key', function() {
var key = ECKey.makeRandom(false) // uncompressed
var sig = Message.sign(key, msg)
it('gives matching signatures irrespective of point compression', function() {
var privKey = new ECKey(BigInteger.ONE, false)
var compressedKey = new ECKey(privKey.D, true)
var compressedKey = new ECKey(key.D, true) // compressed clone
var csig = Message.sign(compressedKey, msg)
var sig = Message.sign(privKey, message)
var csig = Message.sign(compressedKey, message)
var addr = key.pub.getAddress()
var caddr = compressedKey.pub.getAddress()
assert.ok(Message.verify(addr, sig, msg))
assert.ok(Message.verify(caddr, csig, msg))
assert.notDeepEqual(sig.slice(0, 2), csig.slice(0, 2)) // unequal compression flags
assert.deepEqual(sig.slice(2), csig.slice(2)) // equal signatures
})
assert.notDeepEqual(sig.slice(0, 2), csig.slice(0, 2)) // unequal compression flags
assert.deepEqual(sig.slice(2), csig.slice(2)) // equal signatures
})
describe('testnet address', function(){
it('works', function(){
var key = ECKey.makeRandom()
var sig = Message.sign(key, msg)
it('supports alternate networks', function() {
var privKey = new ECKey(BigInteger.ONE)
var signature = Message.sign(privKey, message, networks.dogecoin)
var addr = key.pub.getAddress(networks.testnet.pubKeyHash)
assert(Message.verify(addr, sig, msg))
})
assert.equal(signature.toString('base64'), 'H6k+dZwJ8oOei3PCSpdj603fDvhlhQ+sqaFNIDvo/bI+Xh6zyIKGzZpyud6YhZ1a5mcrwMVtTWL+VXq/hC5Zj7s=')
})
})
})