From c9db90dc4d925110b9821daa6aab77a3721539fd Mon Sep 17 00:00:00 2001 From: Daniel Cousens Date: Fri, 28 Nov 2014 11:35:11 +1100 Subject: [PATCH] ECSignature: enforce valid hashType in toScriptSignature --- src/ecsignature.js | 7 +++++-- test/ecsignature.js | 17 +++++++++++++++-- test/fixtures/ecsignature.json | 20 ++++++++++++++++++++ 3 files changed, 40 insertions(+), 4 deletions(-) diff --git a/src/ecsignature.js b/src/ecsignature.js index 073d7f1..63f1426 100644 --- a/src/ecsignature.js +++ b/src/ecsignature.js @@ -69,12 +69,12 @@ ECSignature.fromDER = function(buffer) { return new ECSignature(r, s) } -// FIXME: 0x00, 0x04, 0x80 are SIGHASH_* boundary constants, importing Transaction causes a circular dependency +// BIP62: 1 byte hashType flag (only 0x01, 0x02, 0x03, 0x81, 0x82 and 0x83 are allowed) ECSignature.parseScriptSignature = function(buffer) { var hashType = buffer.readUInt8(buffer.length - 1) var hashTypeMod = hashType & ~0x80 - assert(hashTypeMod > 0x00 && hashTypeMod < 0x04, 'Invalid hashType') + assert(hashTypeMod > 0x00 && hashTypeMod < 0x04, 'Invalid hashType ' + hashType) return { signature: ECSignature.fromDER(buffer.slice(0, -1)), @@ -117,6 +117,9 @@ ECSignature.prototype.toDER = function() { } ECSignature.prototype.toScriptSignature = function(hashType) { + var hashTypeMod = hashType & ~0x80 + assert(hashTypeMod > 0x00 && hashTypeMod < 0x04, 'Invalid hashType ' + hashType) + var hashTypeBuffer = new Buffer(1) hashTypeBuffer.writeUInt8(hashType, 0) diff --git a/test/ecsignature.js b/test/ecsignature.js index dac7fb2..1866ac2 100644 --- a/test/ecsignature.js +++ b/test/ecsignature.js @@ -92,6 +92,19 @@ describe('ECSignature', function() { assert.equal(scriptSignature.toString('hex'), f.scriptSignature.hex) }) }) + + fixtures.invalid.scriptSignature.forEach(function(f) { + it('throws ' + f.exception, function() { + var signature = new ECSignature( + new BigInteger(f.signature.r), + new BigInteger(f.signature.s) + ) + + assert.throws(function() { + signature.toScriptSignature(f.hashType) + }, new RegExp(f.exception)) + }) + }) }) describe('parseScriptSignature', function() { @@ -106,9 +119,9 @@ describe('ECSignature', function() { }) }) - fixtures.invalid.DER.forEach(function(f) { + fixtures.invalid.scriptSignature.forEach(function(f) { it('throws on ' + f.hex, function() { - var buffer = new Buffer(f.hex + '01', 'hex') + var buffer = new Buffer(f.hex, 'hex') assert.throws(function() { ECSignature.parseScriptSignature(buffer) diff --git a/test/fixtures/ecsignature.json b/test/fixtures/ecsignature.json index 3a18a81..2c72182 100644 --- a/test/fixtures/ecsignature.json +++ b/test/fixtures/ecsignature.json @@ -173,6 +173,26 @@ "exception": "S value excessively padded", "hex": "300c020400ffffff02040000ffff" } + ], + "scriptSignature": [ + { + "exception": "Invalid hashType 7", + "hashType": 7, + "hex": "3044022033a69cd2065432a30f3d1ce4eb0d59b8ab58c74f27c41a7fdb5696ad4e6108c902206f807982866f785d3f6418d24163ddae117b7db4d5fdf0071de069fa5434226207", + "signature": { + "r": "23362334225185207751494092901091441011938859014081160902781146257181456271561", + "s": "50433721247292933944369538617440297985091596895097604618403996029256432099938" + } + }, + { + "exception": "Invalid hashType 140", + "hashType": 140, + "hex": "3044022033a69cd2065432a30f3d1ce4eb0d59b8ab58c74f27c41a7fdb5696ad4e6108c902206f807982866f785d3f6418d24163ddae117b7db4d5fdf0071de069fa543422628c", + "signature": { + "r": "23362334225185207751494092901091441011938859014081160902781146257181456271561", + "s": "50433721247292933944369538617440297985091596895097604618403996029256432099938" + } + } ] } }