From ddea2d22964f60b1fc109256f355409f1d3f5ba6 Mon Sep 17 00:00:00 2001 From: Daniel Cousens Date: Sat, 13 Aug 2016 11:42:16 +1000 Subject: [PATCH 1/3] tests/integration: separate CLTV tests, add failing expiry (in future) --- test/integration/advanced.js | 95 +----------------------- test/integration/cltv.js | 140 +++++++++++++++++++++++++++++++++++ 2 files changed, 141 insertions(+), 94 deletions(-) create mode 100644 test/integration/cltv.js diff --git a/test/integration/advanced.js b/test/integration/advanced.js index 16c09cf..c231266 100644 --- a/test/integration/advanced.js +++ b/test/integration/advanced.js @@ -1,4 +1,4 @@ -/* global describe, it, beforeEach */ +/* global describe, it */ var assert = require('assert') var bitcoin = require('../../') @@ -43,97 +43,4 @@ describe('bitcoinjs-lib (advanced)', function () { blockchain.t.transactions.propagate(txRaw.toHex(), done) }) }) - - describe('can create transactions using OP_CHECKLOCKTIMEVERIFY', function (done) { - var network = bitcoin.networks.testnet - var alice = bitcoin.ECPair.fromWIF('cScfkGjbzzoeewVWmU2hYPUHeVGJRDdFt7WhmrVVGkxpmPP8BHWe', network) - var bob = bitcoin.ECPair.fromWIF('cMkopUXKWsEzAjfa1zApksGRwjVpJRB3831qM9W4gKZsLwjHXA9x', network) - - // now - 3 hours - var threeHoursAgo = Math.floor(Date.now() / 1000) - (3600 * 3) - var redeemScript = bitcoin.script.compile([ - bitcoin.opcodes.OP_IF, - - bitcoin.script.number.encode(threeHoursAgo), - bitcoin.opcodes.OP_CHECKLOCKTIMEVERIFY, - bitcoin.opcodes.OP_DROP, - - bitcoin.opcodes.OP_ELSE, - - bob.getPublicKeyBuffer(), - bitcoin.opcodes.OP_CHECKSIGVERIFY, - - bitcoin.opcodes.OP_ENDIF, - - alice.getPublicKeyBuffer(), - bitcoin.opcodes.OP_CHECKSIG - ]) - var scriptPubKey = bitcoin.script.scriptHashOutput(bitcoin.crypto.hash160(redeemScript)) - - var txId - beforeEach(function (done) { - this.timeout(10000) - - blockchain.t.faucet(alice.getAddress(), 2e4, function (err, unspent) { - if (err) return done(err) - - // build the transaction - var tx = new bitcoin.TransactionBuilder(network) - tx.addInput(unspent.txId, unspent.vout) - tx.addOutput(scriptPubKey, 1e4) - tx.sign(0, alice) - var txRaw = tx.build() - - txId = txRaw.getId() - - blockchain.t.transactions.propagate(txRaw.toHex(), done) - }) - }) - - // expiry past, {Alice's signature} OP_TRUE - it('where Alice can redeem after the expiry is past', function (done) { - this.timeout(30000) - - var tx2 = new bitcoin.TransactionBuilder(network) - tx2.setLockTime(threeHoursAgo) - tx2.addInput(txId, 0, 0xfffffffe) - tx2.addOutput(alice.getAddress(), 1000) - - var tx2Raw = tx2.buildIncomplete() - var hashType = bitcoin.Transaction.SIGHASH_ALL - var signatureHash = tx2Raw.hashForSignature(0, redeemScript, hashType) - var signature = alice.sign(signatureHash) - - var redeemScriptSig = bitcoin.script.scriptHashInput([ - signature.toScriptSignature(hashType), bitcoin.opcodes.OP_TRUE - ], redeemScript) - - tx2Raw.setInputScript(0, redeemScriptSig) - - blockchain.t.transactions.propagate(tx2Raw.toHex(), done) - }) - - // {Bob's signature} {Alice's signature} OP_FALSE - it('where Alice and Bob can redeem at any time', function (done) { - this.timeout(30000) - - var tx2 = new bitcoin.TransactionBuilder(network) - tx2.setLockTime(threeHoursAgo) - tx2.addInput(txId, 0, 0xfffffffe) - tx2.addOutput(alice.getAddress(), 1000) - - var tx2Raw = tx2.buildIncomplete() - var hashType = bitcoin.Transaction.SIGHASH_ALL - var signatureHash = tx2Raw.hashForSignature(0, redeemScript, hashType) - var signatureA = alice.sign(signatureHash) - var signatureB = bob.sign(signatureHash) - var redeemScriptSig = bitcoin.script.scriptHashInput([ - signatureA.toScriptSignature(hashType), signatureB.toScriptSignature(hashType), bitcoin.opcodes.OP_FALSE - ], redeemScript) - - tx2Raw.setInputScript(0, redeemScriptSig) - - blockchain.t.transactions.propagate(tx2Raw.toHex(), done) - }) - }) }) diff --git a/test/integration/cltv.js b/test/integration/cltv.js new file mode 100644 index 0000000..dcd2b6e --- /dev/null +++ b/test/integration/cltv.js @@ -0,0 +1,140 @@ +/* global describe, it */ + +var assert = require('assert') +var bitcoin = require('../../') +var blockchain = require('./_blockchain') + +var network = bitcoin.networks.testnet +var alice = bitcoin.ECPair.fromWIF('cScfkGjbzzoeewVWmU2hYPUHeVGJRDdFt7WhmrVVGkxpmPP8BHWe', network) +var bob = bitcoin.ECPair.fromWIF('cMkopUXKWsEzAjfa1zApksGRwjVpJRB3831qM9W4gKZsLwjHXA9x', network) + +describe('bitcoinjs-lib (CLTV)', function () { + var hashType = bitcoin.Transaction.SIGHASH_ALL + + function cltvCheckSigInput (aQ, bQ, utcSeconds) { + return bitcoin.script.compile([ + bitcoin.opcodes.OP_IF, + bitcoin.script.number.encode(utcSeconds), + bitcoin.opcodes.OP_CHECKLOCKTIMEVERIFY, + bitcoin.opcodes.OP_DROP, + + bitcoin.opcodes.OP_ELSE, + bQ.getPublicKeyBuffer(), + bitcoin.opcodes.OP_CHECKSIGVERIFY, + bitcoin.opcodes.OP_ENDIF, + + aQ.getPublicKeyBuffer(), + bitcoin.opcodes.OP_CHECKSIG + ]) + } + + function utcNow () { + return Math.floor(Date.now() / 1000) + } + + // expiry past, {Alice's signature} OP_TRUE + it('where Alice can redeem after the expiry is past', function (done) { + this.timeout(30000) + + // three hours ago + var timeUtc = utcNow() - (3600 * 3) + var redeemScript = cltvCheckSigInput(alice, bob, timeUtc) + var scriptPubKey = bitcoin.script.scriptHashOutput(bitcoin.crypto.hash160(redeemScript)) + var address = bitcoin.address.fromOutputScript(scriptPubKey, network) + + // fund the P2SH(CLTV) address + blockchain.t.faucet(address, 2e4, function (err, unspent) { + if (err) return done(err) + + var tx = new bitcoin.TransactionBuilder(network) + tx.setLockTime(timeUtc) + tx.addInput(unspent.txId, 0, 0xfffffffe) + tx.addOutput(alice.getAddress(), 1000) + + var txRaw = tx.buildIncomplete() + var signatureHash = txRaw.hashForSignature(0, redeemScript, hashType) + + // {Alice's signature} OP_TRUE + var redeemScriptSig = bitcoin.script.scriptHashInput([ + alice.sign(signatureHash).toScriptSignature(hashType), + bitcoin.opcodes.OP_TRUE + ], redeemScript) + + txRaw.setInputScript(0, redeemScriptSig) + + blockchain.t.transactions.propagate(txRaw.toHex(), done) + }) + }) + + // expiry ignored, {Bob's signature} {Alice's signature} OP_FALSE + it('where Alice and Bob can redeem at any time', function (done) { + this.timeout(30000) + + // two hours ago + var timeUtc = utcNow() - (3600 * 2) + var redeemScript = cltvCheckSigInput(alice, bob, timeUtc) + var scriptPubKey = bitcoin.script.scriptHashOutput(bitcoin.crypto.hash160(redeemScript)) + var address = bitcoin.address.fromOutputScript(scriptPubKey, network) + + // fund the P2SH(CLTV) address + blockchain.t.faucet(address, 2e4, function (err, unspent) { + if (err) return done(err) + + var tx = new bitcoin.TransactionBuilder(network) + tx.addInput(unspent.txId, 0, 0xfffffffe) + tx.addOutput(alice.getAddress(), 1000) + + var txRaw = tx.buildIncomplete() + var signatureHash = txRaw.hashForSignature(0, redeemScript, hashType) + var redeemScriptSig = bitcoin.script.scriptHashInput([ + alice.sign(signatureHash).toScriptSignature(hashType), + bob.sign(signatureHash).toScriptSignature(hashType), + bitcoin.opcodes.OP_FALSE + ], redeemScript) + + txRaw.setInputScript(0, redeemScriptSig) + + blockchain.t.transactions.propagate(txRaw.toHex(), done) + }) + }) + + // expiry in the future, {Alice's signature} OP_TRUE + it('fails when still time-locked', function (done) { + this.timeout(30000) + + // two hours from now + var timeUtc = utcNow() + (3600 * 2) + var redeemScript = cltvCheckSigInput(alice, bob, timeUtc) + var scriptPubKey = bitcoin.script.scriptHashOutput(bitcoin.crypto.hash160(redeemScript)) + var address = bitcoin.address.fromOutputScript(scriptPubKey, network) + + // fund the P2SH(CLTV) address + blockchain.t.faucet(address, 2e4, function (err, unspent) { + if (err) return done(err) + + var tx = new bitcoin.TransactionBuilder(network) + tx.setLockTime(timeUtc) + tx.addInput(unspent.txId, 0, 0xfffffffe) + tx.addOutput(alice.getAddress(), 1000) + + var txRaw = tx.buildIncomplete() + var signatureHash = txRaw.hashForSignature(0, redeemScript, hashType) + + // {Alice's signature} OP_TRUE + var redeemScriptSig = bitcoin.script.scriptHashInput([ + alice.sign(signatureHash).toScriptSignature(hashType), + bitcoin.opcodes.OP_TRUE + ], redeemScript) + + txRaw.setInputScript(0, redeemScriptSig) + + blockchain.t.transactions.propagate(txRaw.toHex(), function (err) { + assert.throws(function () { + if (err) throw err + }, /Error: 64: non-final/) + + done() + }) + }) + }) +}) From f2ecbeb90f0b1b4dd2e0af2a33d9e8eb1510dbfc Mon Sep 17 00:00:00 2001 From: Daniel Cousens Date: Sat, 13 Aug 2016 11:42:53 +1000 Subject: [PATCH 2/3] tests/integration: separate crypto tests --- test/integration/crypto.js | 41 +------------------------------ test/integration/stealth.js | 49 +++++++++++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+), 40 deletions(-) create mode 100644 test/integration/stealth.js diff --git a/test/integration/crypto.js b/test/integration/crypto.js index c3cb237..0644129 100644 --- a/test/integration/crypto.js +++ b/test/integration/crypto.js @@ -11,46 +11,7 @@ var ecurve = require('ecurve') var secp256k1 = ecurve.getCurveByName('secp256k1') describe('bitcoinjs-lib (crypto)', function () { - it('can generate a single-key stealth address', function () { - var G = secp256k1.G - var n = secp256k1.n - - function stealthSend (Q) { - var noncePair = bitcoin.ECPair.makeRandom() - var e = noncePair.d - var eQ = Q.multiply(e) // shared secret - var c = bigi.fromBuffer(bitcoin.crypto.sha256(eQ.getEncoded())) - var cG = G.multiply(c) - var Qprime = Q.add(cG) - - return { - shared: new bitcoin.ECPair(null, Qprime), - nonce: noncePair.Q - } - } - - function stealthReceive (d, P) { - var dP = P.multiply(d) // shared secret - var c = bigi.fromBuffer(bitcoin.crypto.sha256(dP.getEncoded())) - return new bitcoin.ECPair(d.add(c).mod(n)) - } - - // receiver private key - var receiver = bitcoin.ECPair.fromWIF('5KYZdUEo39z3FPrtuX2QbbwGnNP5zTd7yyr2SC1j299sBCnWjss') - - var stealthS = stealthSend(receiver.Q) // public, done by sender - // ... sender now reveals nonce to receiver - - var stealthR = stealthReceive(receiver.d, stealthS.nonce) // private, done by receiver - - // and check that we derived both sides correctly - assert.equal(stealthS.shared.getAddress(), stealthR.getAddress()) - }) - - // TODO - it.skip('can generate a dual-key stealth address', function () {}) - - it("can recover a parent private key from the parent's public key and a derived non-hardened child private key", function () { + it('can recover a BIP32 parent private key from the parent public key, and a derived, non-hardened child private key', function () { function recoverParent (master, child) { assert(!master.keyPair.d, 'You already have the parent private key') assert(child.keyPair.d, 'Missing child private key') diff --git a/test/integration/stealth.js b/test/integration/stealth.js new file mode 100644 index 0000000..e7b27ad --- /dev/null +++ b/test/integration/stealth.js @@ -0,0 +1,49 @@ +/* global describe, it */ + +var assert = require('assert') +var bigi = require('bigi') +var bitcoin = require('../../') + +var ecurve = require('ecurve') +var secp256k1 = ecurve.getCurveByName('secp256k1') + +describe('bitcoinjs-lib (crypto)', function () { + it('can generate a single-key stealth address', function () { + var G = secp256k1.G + var n = secp256k1.n + + function stealthSend (Q) { + var noncePair = bitcoin.ECPair.makeRandom() + var e = noncePair.d + var eQ = Q.multiply(e) // shared secret + var c = bigi.fromBuffer(bitcoin.crypto.sha256(eQ.getEncoded())) + var cG = G.multiply(c) + var Qprime = Q.add(cG) + + return { + shared: new bitcoin.ECPair(null, Qprime), + nonce: noncePair.Q + } + } + + function stealthReceive (d, P) { + var dP = P.multiply(d) // shared secret + var c = bigi.fromBuffer(bitcoin.crypto.sha256(dP.getEncoded())) + return new bitcoin.ECPair(d.add(c).mod(n)) + } + + // receiver private key + var receiver = bitcoin.ECPair.fromWIF('5KYZdUEo39z3FPrtuX2QbbwGnNP5zTd7yyr2SC1j299sBCnWjss') + + var stealthS = stealthSend(receiver.Q) // public, done by sender + // ... sender now reveals nonce to receiver + + var stealthR = stealthReceive(receiver.d, stealthS.nonce) // private, done by receiver + + // and check that we derived both sides correctly + assert.equal(stealthS.shared.getAddress(), stealthR.getAddress()) + }) + + // TODO + it.skip('can generate a dual-key stealth address', function () {}) +}) From 49564c2c3f82f978564c5f51dade2c5de40339c5 Mon Sep 17 00:00:00 2001 From: Daniel Cousens Date: Sat, 13 Aug 2016 11:46:42 +1000 Subject: [PATCH 3/3] README: fix example links --- README.md | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 4334530..0001848 100644 --- a/README.md +++ b/README.md @@ -91,7 +91,7 @@ Definitions for [Flow typechecker](https://flowtype.org/) are available in flow- # npm install -g flow-typed $ flow-typed install -f 0.27 bitcoinjs-lib@2.2.0 # 0.27 for flow version, 2.2.0 for bitcoinjs-lib version - + The definitions are complete and up to date with version 2.2.0. The definitions are maintained by [@runn1ng](https://github.com/runn1ng). ## Examples @@ -108,10 +108,13 @@ The below examples are implemented as integration tests, they should be very eas - [Create an OP RETURN transaction](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/advanced.js#L24) - [Create a 2-of-3 multisig P2SH address](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/multisig.js#L9) - [Spend from a 2-of-4 multisig P2SH address](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/multisig.js#L25) -- [Generate a single-key stealth address](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/crypto.js#L14) -- [Generate a dual-key stealth address](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/crypto.js#L53) -- [Recover a BIP32 parent private key from the parent public key and a derived non-hardened child private key](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/crypto.js#L55) -- [Recover a Private key from duplicate R values in a signature](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/crypto.js#L102) +- [Generate a single-key stealth address](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/stealth.js#L11) +- [Generate a dual-key stealth address](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/stealth.js#L48) +- [Recover a BIP32 parent private key from the parent public key and a derived non-hardened child private key](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/crypto.js#L14) +- [Recover a Private key from duplicate R values in a signature](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/crypto.js#L60) +- [Create a CLTV locked transaction where the expiry is past](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/cltv.js#L36) +- [Create a CLTV locked transaction where the parties bypass the expiry](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/cltv.js#L70) +- [Create a CLTV locked transaction which fails due to expiry in the future](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/test/integration/cltv.js#L102) If you have a use case that you feel could be listed here, please [ask for it](https://github.com/bitcoinjs/bitcoinjs-lib/issues/new)!