Merge pull request #181 from dcousens/mesnet
Message signing and altcoins
This commit is contained in:
commit
aafbe46b35
5 changed files with 69 additions and 62 deletions
|
@ -3,25 +3,27 @@ var Address = require('./address')
|
|||
var bufferutils = require('./bufferutils')
|
||||
var crypto = require('./crypto')
|
||||
var ecdsa = require('./ecdsa')
|
||||
var networks = require('./networks')
|
||||
|
||||
var Address = require('./address')
|
||||
var ECPubKey = require('./ecpubkey')
|
||||
|
||||
// FIXME: incompatible with other networks (Litecoin etc)
|
||||
var MAGIC_PREFIX = new Buffer('\x18Bitcoin Signed Message:\n')
|
||||
|
||||
function magicHash(message) {
|
||||
function magicHash(message, network) {
|
||||
var magicPrefix = new Buffer(network.magicPrefix)
|
||||
var messageBuffer = new Buffer(message)
|
||||
var lengthBuffer = new Buffer(bufferutils.varIntSize(messageBuffer.length))
|
||||
bufferutils.writeVarInt(lengthBuffer, messageBuffer.length, 0)
|
||||
|
||||
var buffer = Buffer.concat([
|
||||
MAGIC_PREFIX, lengthBuffer, messageBuffer
|
||||
magicPrefix, lengthBuffer, messageBuffer
|
||||
])
|
||||
return crypto.hash256(buffer)
|
||||
}
|
||||
|
||||
// TODO: parameterize compression instead of using ECKey.compressed
|
||||
function sign(key, message) {
|
||||
var hash = magicHash(message)
|
||||
function sign(key, message, network) {
|
||||
network = network || networks.bitcoin
|
||||
|
||||
var hash = magicHash(message, network)
|
||||
var sig = ecdsa.parseSig(key.sign(hash))
|
||||
var i = ecdsa.calcPubKeyRecoveryParam(key.pub.Q, sig.r, sig.s, hash)
|
||||
|
||||
|
@ -36,17 +38,20 @@ function sign(key, message) {
|
|||
return Buffer.concat([new Buffer([i]), rB, sB], 65)
|
||||
}
|
||||
|
||||
// FIXME: stricter API?
|
||||
function verify(address, sig, message) {
|
||||
// TODO: network could be implied from address
|
||||
function verify(address, compactSig, message, network) {
|
||||
if (typeof address === 'string') {
|
||||
address = Address.fromBase58Check(address)
|
||||
}
|
||||
|
||||
sig = ecdsa.parseSigCompact(sig)
|
||||
network = network || networks.bitcoin
|
||||
|
||||
var pubKey = new ECPubKey(ecdsa.recoverPubKey(sig.r, sig.s, magicHash(message), sig.i))
|
||||
pubKey.compressed = !!(sig.i & 4)
|
||||
var hash = magicHash(message, network)
|
||||
var sig = ecdsa.parseSigCompact(compactSig)
|
||||
var Q = ecdsa.recoverPubKey(sig.r, sig.s, hash, sig.i)
|
||||
var compressed = !!(sig.i & 4)
|
||||
|
||||
var pubKey = new ECPubKey(Q, compressed)
|
||||
return pubKey.getAddress(address.version).toString() === address.toString()
|
||||
}
|
||||
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
// Dogecoin BIP32 is a proposed standard: https://bitcointalk.org/index.php?topic=409731
|
||||
module.exports = {
|
||||
bitcoin: {
|
||||
magicPrefix: '\x18Bitcoin Signed Message:\n',
|
||||
bip32: {
|
||||
pub: 0x0488b21e,
|
||||
priv: 0x0488ade4
|
||||
|
@ -11,6 +12,7 @@ module.exports = {
|
|||
wif: 0x80
|
||||
},
|
||||
dogecoin: {
|
||||
magicPrefix: '\x19Dogecoin Signed Message:\n',
|
||||
bip32: {
|
||||
pub: 0x02facafd,
|
||||
priv: 0x02fac398
|
||||
|
@ -20,6 +22,7 @@ module.exports = {
|
|||
wif: 0x9e
|
||||
},
|
||||
litecoin: {
|
||||
magicPrefix: '\x19Litecoin Signed Message:\n',
|
||||
bip32: {
|
||||
pub: 0x019da462,
|
||||
priv: 0x019d9cfe
|
||||
|
@ -29,6 +32,7 @@ module.exports = {
|
|||
wif: 0xb0
|
||||
},
|
||||
testnet: {
|
||||
magicPrefix: '\x18Bitcoin Signed Message:\n',
|
||||
bip32: {
|
||||
pub: 0x043587cf,
|
||||
priv: 0x04358394
|
||||
|
@ -37,4 +41,4 @@ module.exports = {
|
|||
scriptHash: 0xc4,
|
||||
wif: 0xef
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
var assert = require('assert')
|
||||
var crypto = require('../src/crypto')
|
||||
var ecdsa = require('../src/ecdsa')
|
||||
var message = require('../src/message')
|
||||
var networks = require('../src/networks')
|
||||
|
||||
var sec = require('../src/sec')
|
||||
var ecparams = sec("secp256k1")
|
||||
|
@ -8,7 +10,6 @@ var ecparams = sec("secp256k1")
|
|||
var BigInteger = require('bigi')
|
||||
var ECKey = require('../src/eckey')
|
||||
var ECPubKey = require('../src/ecpubkey')
|
||||
var Message = require('../src/message')
|
||||
|
||||
var fixtures = require('./fixtures/ecdsa.js')
|
||||
|
||||
|
@ -27,10 +28,12 @@ describe('ecdsa', function() {
|
|||
|
||||
describe('recoverPubKey', function() {
|
||||
it('succesfully recovers a public key', function() {
|
||||
var addr = 'mgQK8S6CfSXKjPmnujArSmVxafeJfrZsa3'
|
||||
var signature = new Buffer('H0PG6+PUo96UPTJ/DVj8aBU5it+Nuli4YdsLuTMvfJxoHH9Jb7jYTQXCCOX2jrTChD5S1ic3vCrUQHdmB5/sEQY=', 'base64')
|
||||
|
||||
var obj = ecdsa.parseSigCompact(signature)
|
||||
var pubKey = new ECPubKey(ecdsa.recoverPubKey(obj.r, obj.s, Message.magicHash('1111'), obj.i))
|
||||
var hash = message.magicHash('1111', networks.bitcoin)
|
||||
|
||||
var pubKey = new ECPubKey(ecdsa.recoverPubKey(obj.r, obj.s, hash, obj.i))
|
||||
|
||||
assert.equal(pubKey.toHex(), '02e8fcf4d749b35879bc1f3b14b49e67ab7301da3558c5a9b74a54f1e6339c334c')
|
||||
})
|
||||
|
|
11
test/fixtures/message.js
vendored
11
test/fixtures/message.js
vendored
|
@ -1,12 +1,19 @@
|
|||
module.exports = {
|
||||
magicHash: [
|
||||
{
|
||||
network: 'bitcoin',
|
||||
message: '',
|
||||
hash256: '80e795d4a4caadd7047af389d9f7f220562feb6196032e2131e10563352c4bcc'
|
||||
magicHash: '80e795d4a4caadd7047af389d9f7f220562feb6196032e2131e10563352c4bcc'
|
||||
},
|
||||
{
|
||||
network: 'bitcoin',
|
||||
message: 'Vires is Numeris',
|
||||
hash256: 'f8a5affbef4a3241b19067aa694562f64f513310817297089a8929a930f4f933'
|
||||
magicHash: 'f8a5affbef4a3241b19067aa694562f64f513310817297089a8929a930f4f933'
|
||||
},
|
||||
{
|
||||
network: 'dogecoin',
|
||||
message: 'Vires is Numeris',
|
||||
magicHash: 'c0963d20d0accd0ea0df6c1020bf85a7e629a40e7b5363f2c3e9dcafd5638f12'
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
|
@ -1,25 +1,26 @@
|
|||
var assert = require('assert')
|
||||
var networks = require('../src/networks')
|
||||
|
||||
var BigInteger = require('bigi')
|
||||
var ECKey = require('../src/eckey')
|
||||
var Message = require('../src/message')
|
||||
|
||||
var fixtures = require('./fixtures/message')
|
||||
|
||||
describe('Message', function() {
|
||||
var msg
|
||||
var message
|
||||
|
||||
beforeEach(function() {
|
||||
msg = 'vires is numeris'
|
||||
message = 'vires is numeris'
|
||||
})
|
||||
|
||||
describe('magicHash', function() {
|
||||
it('matches the test vectors', function() {
|
||||
fixtures.magicHash.forEach(function(f) {
|
||||
var actual = Message.magicHash(f.message)
|
||||
var expected = f.hash256
|
||||
var network = networks[f.network]
|
||||
var actual = Message.magicHash(f.message, network)
|
||||
|
||||
assert.equal(actual.toString('hex'), expected)
|
||||
assert.equal(actual.toString('hex'), f.magicHash)
|
||||
})
|
||||
})
|
||||
})
|
||||
|
@ -31,65 +32,52 @@ describe('Message', function() {
|
|||
addr = '16UwLL9Risc3QfPqBUvKofHmBQ7wMtjvM' // uncompressed
|
||||
caddr = '1PMycacnJaSqwwJqjawXBErnLsZ7RkXUAs' // compressed
|
||||
|
||||
sig = new Buffer('1bc25ac0fb503abc9bad23f558742740fafaec1f52deaaf106b9759a5ce84c93921c4a669c5ec3dfeb7e2d7d177a2f49db407900874f6de2f701a4c16783776d8d', 'hex')
|
||||
csig = new Buffer('1fc25ac0fb503abc9bad23f558742740fafaec1f52deaaf106b9759a5ce84c93921c4a669c5ec3dfeb7e2d7d177a2f49db407900874f6de2f701a4c16783776d8d', 'hex')
|
||||
sig = new Buffer('G8JawPtQOrybrSP1WHQnQPr67B9S3qrxBrl1mlzoTJOSHEpmnF7D3+t+LX0Xei9J20B5AIdPbeL3AaTBZ4N3bY0=', 'base64')
|
||||
csig = new Buffer('H8JawPtQOrybrSP1WHQnQPr67B9S3qrxBrl1mlzoTJOSHEpmnF7D3+t+LX0Xei9J20B5AIdPbeL3AaTBZ4N3bY0=', 'base64')
|
||||
})
|
||||
|
||||
it('can verify a signed message', function() {
|
||||
assert.ok(Message.verify(addr, sig, msg))
|
||||
assert.ok(Message.verify(caddr, csig, msg))
|
||||
assert.ok(Message.verify(addr, sig, message))
|
||||
})
|
||||
|
||||
it('will fail for the wrong message', function() {
|
||||
assert.ok(!Message.verify(addr, sig, 'foobar'))
|
||||
assert.ok(!Message.verify(caddr, csig, 'foobar'))
|
||||
})
|
||||
|
||||
it('will fail for the wrong public key', function() {
|
||||
assert.ok(!Message.verify('1MsHWS1BnwMc3tLE8G35UXsS58fKipzB7a', sig, msg))
|
||||
assert.ok(!Message.verify('1Q1pE5vPGEEMqRcVRMbtBK842Y6Pzo6nK9', csig, msg))
|
||||
})
|
||||
|
||||
it('supports alternate network addresses', function() {
|
||||
var taddr = 'mxnQZKxSKjzaMgrdXzk35rif3u62TLDrg9'
|
||||
var tsig = new Buffer('IGucnrTku3KLCCHUMwq9anawfrlN8RK1HWMN+10LhsHJeysBdWfj5ohJcS/+oqrlVFNvEgbgEeAQUL6r3sZwnj8=', 'base64')
|
||||
|
||||
assert.ok(Message.verify(taddr, tsig, msg))
|
||||
assert.ok(!Message.verify(taddr, tsig, 'foobar'))
|
||||
it('will fail for the wrong address', function() {
|
||||
assert.ok(!Message.verify('1MsHWS1BnwMc3tLE8G35UXsS58fKipzB7a', sig, message))
|
||||
})
|
||||
|
||||
it('does not cross verify (compressed/uncompressed)', function() {
|
||||
assert.ok(!Message.verify(addr, csig, msg))
|
||||
assert.ok(!Message.verify(caddr, sig, msg))
|
||||
assert.ok(!Message.verify(addr, csig, message))
|
||||
assert.ok(!Message.verify(caddr, sig, message))
|
||||
})
|
||||
|
||||
it('supports alternate networks', function() {
|
||||
var dogeaddr = 'DFpN6QqFfUm3gKNaxN6tNcab1FArL9cZLE'
|
||||
var dogesig = new Buffer('H6k+dZwJ8oOei3PCSpdj603fDvhlhQ+sqaFNIDvo/bI+Xh6zyIKGzZpyud6YhZ1a5mcrwMVtTWL+VXq/hC5Zj7s=', 'base64')
|
||||
|
||||
assert.ok(Message.verify(dogeaddr, dogesig, message, networks.dogecoin))
|
||||
})
|
||||
})
|
||||
|
||||
describe('signing', function() {
|
||||
describe('using the uncompressed public key', function(){
|
||||
it('gives same signature as a compressed public key', function() {
|
||||
var key = ECKey.makeRandom(false) // uncompressed
|
||||
var sig = Message.sign(key, msg)
|
||||
it('gives matching signatures irrespective of point compression', function() {
|
||||
var privKey = new ECKey(BigInteger.ONE, false)
|
||||
var compressedKey = new ECKey(privKey.D, true)
|
||||
|
||||
var compressedKey = new ECKey(key.D, true) // compressed clone
|
||||
var csig = Message.sign(compressedKey, msg)
|
||||
var sig = Message.sign(privKey, message)
|
||||
var csig = Message.sign(compressedKey, message)
|
||||
|
||||
var addr = key.pub.getAddress()
|
||||
var caddr = compressedKey.pub.getAddress()
|
||||
assert.ok(Message.verify(addr, sig, msg))
|
||||
assert.ok(Message.verify(caddr, csig, msg))
|
||||
assert.notDeepEqual(sig.slice(0, 2), csig.slice(0, 2)) // unequal compression flags
|
||||
assert.deepEqual(sig.slice(2), csig.slice(2)) // equal signatures
|
||||
})
|
||||
assert.notDeepEqual(sig.slice(0, 2), csig.slice(0, 2)) // unequal compression flags
|
||||
assert.deepEqual(sig.slice(2), csig.slice(2)) // equal signatures
|
||||
})
|
||||
|
||||
describe('testnet address', function(){
|
||||
it('works', function(){
|
||||
var key = ECKey.makeRandom()
|
||||
var sig = Message.sign(key, msg)
|
||||
it('supports alternate networks', function() {
|
||||
var privKey = new ECKey(BigInteger.ONE)
|
||||
var signature = Message.sign(privKey, message, networks.dogecoin)
|
||||
|
||||
var addr = key.pub.getAddress(networks.testnet.pubKeyHash)
|
||||
assert(Message.verify(addr, sig, msg))
|
||||
})
|
||||
assert.equal(signature.toString('base64'), 'H6k+dZwJ8oOei3PCSpdj603fDvhlhQ+sqaFNIDvo/bI+Xh6zyIKGzZpyud6YhZ1a5mcrwMVtTWL+VXq/hC5Zj7s=')
|
||||
})
|
||||
})
|
||||
})
|
||||
|
|
Loading…
Reference in a new issue