ECSignature: enforce valid hashType in toScriptSignature

2014-11-28 11:35:11 +11:00 · 2014-11-28 11:35:11 +11:00 · c9db90dc4d
commit c9db90dc4d
parent abf870fb37
3 changed files with 40 additions and 4 deletions
--- a/src/ecsignature.js
+++ b/src/ecsignature.js
@ -69,12 +69,12 @@ ECSignature.fromDER = function(buffer) {
  return new ECSignature(r, s)
 }

-// FIXME: 0x00, 0x04, 0x80 are SIGHASH_* boundary constants, importing Transaction causes a circular dependency
+// BIP62: 1 byte hashType flag (only 0x01, 0x02, 0x03, 0x81, 0x82 and 0x83 are allowed)
 ECSignature.parseScriptSignature = function(buffer) {
  var hashType = buffer.readUInt8(buffer.length - 1)
  var hashTypeMod = hashType & ~0x80

-  assert(hashTypeMod > 0x00 && hashTypeMod < 0x04, 'Invalid hashType')
+  assert(hashTypeMod > 0x00 && hashTypeMod < 0x04, 'Invalid hashType ' + hashType)

  return {
    signature: ECSignature.fromDER(buffer.slice(0, -1)),
@ -117,6 +117,9 @@ ECSignature.prototype.toDER = function() {
 }

 ECSignature.prototype.toScriptSignature = function(hashType) {
+  var hashTypeMod = hashType & ~0x80
+  assert(hashTypeMod > 0x00 && hashTypeMod < 0x04, 'Invalid hashType ' + hashType)
+
  var hashTypeBuffer = new Buffer(1)
  hashTypeBuffer.writeUInt8(hashType, 0)

--- a/test/ecsignature.js
+++ b/test/ecsignature.js
@ -92,6 +92,19 @@ describe('ECSignature', function() {
        assert.equal(scriptSignature.toString('hex'), f.scriptSignature.hex)
      })
    })
+
+    fixtures.invalid.scriptSignature.forEach(function(f) {
+      it('throws ' + f.exception, function() {
+        var signature = new ECSignature(
+          new BigInteger(f.signature.r),
+          new BigInteger(f.signature.s)
+        )
+
+        assert.throws(function() {
+          signature.toScriptSignature(f.hashType)
+        }, new RegExp(f.exception))
+      })
+    })
  })

  describe('parseScriptSignature', function() {
@ -106,9 +119,9 @@ describe('ECSignature', function() {
      })
    })

-    fixtures.invalid.DER.forEach(function(f) {
+    fixtures.invalid.scriptSignature.forEach(function(f) {
      it('throws on ' + f.hex, function() {
-        var buffer = new Buffer(f.hex + '01', 'hex')
+        var buffer = new Buffer(f.hex, 'hex')

        assert.throws(function() {
          ECSignature.parseScriptSignature(buffer)
--- a/test/fixtures/ecsignature.json
+++ b/test/fixtures/ecsignature.json
@ -173,6 +173,26 @@
        "exception": "S value excessively padded",
        "hex": "300c020400ffffff02040000ffff"
      }
+    ],
+    "scriptSignature": [
+      {
+        "exception": "Invalid hashType 7",
+        "hashType": 7,
+        "hex": "3044022033a69cd2065432a30f3d1ce4eb0d59b8ab58c74f27c41a7fdb5696ad4e6108c902206f807982866f785d3f6418d24163ddae117b7db4d5fdf0071de069fa5434226207",
+        "signature": {
+          "r": "23362334225185207751494092901091441011938859014081160902781146257181456271561",
+          "s": "50433721247292933944369538617440297985091596895097604618403996029256432099938"
+        }
+      },
+      {
+        "exception": "Invalid hashType 140",
+        "hashType": 140,
+        "hex": "3044022033a69cd2065432a30f3d1ce4eb0d59b8ab58c74f27c41a7fdb5696ad4e6108c902206f807982866f785d3f6418d24163ddae117b7db4d5fdf0071de069fa543422628c",
+        "signature": {
+          "r": "23362334225185207751494092901091441011938859014081160902781146257181456271561",
+          "s": "50433721247292933944369538617440297985091596895097604618403996029256432099938"
+        }
+      }
    ]
  }
 }