bitcoin-cigs 0.0.1

data/.gitignore

@@ -0,0 +1,46 @@
+# rcov generated
+coverage
+
+# rdoc generated
+rdoc
+
+# yard generated
+doc
+.yardoc
+
+# bundler
+.bundle
+*.gem
+
+# jeweler generated
+pkg
+
+# Have editor/IDE/OS specific files you need to ignore? Consider using a global gitignore: 
+#
+# * Create a file at ~/.gitignore
+# * Include files you want ignored
+# * Run: git config --global core.excludesfile ~/.gitignore
+#
+# After doing this, these files will be ignored in all your git projects,
+# saving you from having to 'pollute' every project you touch with them
+#
+# Not sure what to needs to be ignored for particular editors/OSes? Here's some ideas to get you started. (Remember, remove the leading # of the line)
+#
+# For MacOS:
+
+.DS_Store
+
+# For TextMate
+*.tmproj
+tmtags
+.tmtags
+
+# For emacs:
+*~
+\#*
+.\#*
+
+# For vim:
+*.swp
+
+.rvmrc

data/Gemfile

@@ -0,0 +1,4 @@
+source "http://rubygems.org"
+
+gemspec
+

data/Gemfile.lock

@@ -0,0 +1,26 @@
+PATH
+  remote: .
+  specs:
+    bitcoin-cigs (0.0.1)
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+    diff-lcs (1.2.4)
+    rake (10.0.4)
+    rspec (2.13.0)
+      rspec-core (~> 2.13.0)
+      rspec-expectations (~> 2.13.0)
+      rspec-mocks (~> 2.13.0)
+    rspec-core (2.13.1)
+    rspec-expectations (2.13.0)
+      diff-lcs (>= 1.1.3, < 2.0)
+    rspec-mocks (2.13.1)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bitcoin-cigs!
+  rake (~> 10.0.4)
+  rspec (~> 2.13.0)

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2013 Michael Pearce
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,33 @@
+# Bitcoin Cigs - Smokin' Hot Bitcoin Signatures
+
+## Installation
+
+    gem install bitcoin-cigs
+
+## Examples
+
+Verify a message signature:
+```ruby
+require 'rubygems'
+require 'bitcoin-cigs'
+
+address = "13C5HZKutjMDeuc7f5mPj6XGpJCZu7xKh2"
+signature = "H55JIuwEi4YXzINOzx2oU6VsfBcTOScpFtp10pP/M4EWV336ClH65SObwPXnRf/fMXDu8hs8nweB42CtpWgngeM="
+message = "aaa"
+
+if BitcoinCigs.verify_message(address, signature, message)
+  puts "It looks like you own address #{address}!"
+end
+```
+
+# Credits
+
+Thanks to jackjack for pointing me to Armory's implementation of message signatures:
+https://github.com/jackjack-jj/jasvet/blob/master/jasvet.py
+
+[Bitcoin Cigs](https://github.com/michaelgpearce/bitcoin-cigs) is maintained by [Michael Pearce](https://github.com/michaelgpearce).
+
+# Copyright
+
+Copyright (c) 2013 Michael Pearce. See LICENSE.txt for further details.
+

data/Rakefile

@@ -0,0 +1,7 @@
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+
+desc 'Run Specs'
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/bin/jasvet.py

@@ -0,0 +1,615 @@
+#!/usr/bin/env python
+
+# jackjack's signing/verifying tool
+# verifies base64 signatures from Bitcoin
+# signs message in three formats:
+#   - Bitcoin base64 (compatible with Bitcoin)
+#   - ASCII armored, Clearsign
+#   - ASCII armored, Base64
+# 
+# Licence: Public domain or CC0
+
+import time
+import hashlib
+import random
+import base64
+
+FTVerbose=False
+
+
+
+def randomk():  #better make it stronger
+	rk=0
+	for i in range(8):
+		rk=long(random.random()*0xffffffff)<<(32*i)
+	return rk
+
+# Common constants/functions for Bitcoin
+	
+def hash_160_to_bc_address(h160, addrtype=0):
+	vh160 = chr(addrtype) + h160
+	h = Hash(vh160)
+	addr = vh160 + h[0:4]
+	print "b58:::", base64.b64encode(addr), b58encode(addr)
+	return b58encode(addr)
+
+def bc_address_to_hash_160(addr):
+	bytes = b58decode(addr, 25)
+	return bytes[1:21]
+
+def Hash(data):
+    print "HASH", hashlib.sha256(hashlib.sha256(data).digest()).digest()
+    return hashlib.sha256(hashlib.sha256(data).digest()).digest()
+
+def sha256(data):
+	return hashlib.sha256(data).digest()
+
+def sha1(data):
+	return hashlib.sha1(data).digest()
+
+__b58chars = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz'
+__b58base = len(__b58chars)
+
+def b58encode(v):
+	long_value = 0L
+	for (i, c) in enumerate(v[::-1]):
+		long_value += (256**i) * ord(c)
+
+	result = ''
+	while long_value >= __b58base:
+		div, mod = divmod(long_value, __b58base)
+		result = __b58chars[mod] + result
+		long_value = div
+	result = __b58chars[long_value] + result
+
+	nPad = 0
+	for c in v:
+		if c == '\0': nPad += 1
+		else: break
+
+	return (__b58chars[0]*nPad) + result
+
+def b58decode(v, length):
+	long_value = 0L
+	for (i, c) in enumerate(v[::-1]):
+		long_value += __b58chars.find(c) * (__b58base**i)
+
+	result = ''
+	while long_value >= 256:
+		div, mod = divmod(long_value, 256)
+		result = chr(mod) + result
+		long_value = div
+	result = chr(long_value) + result
+
+	nPad = 0
+	for c in v:
+		if c == __b58chars[0]: nPad += 1
+		else: break
+
+	result = chr(0)*nPad + result
+	if length is not None and len(result) != length:
+		return None
+
+	return result
+
+
+def regenerate_key(sec):
+	b = ASecretToSecret(sec)
+	if not b:
+		return False
+	b = b[0:32]
+	secret = int('0x' + b.encode('hex'), 16)
+	return EC_KEY(secret)
+
+def GetPubKey(pkey, compressed=False):
+	return i2o_ECPublicKey(pkey, compressed)
+
+def GetPrivKey(pkey, compressed=False):
+	return i2d_ECPrivateKey(pkey, compressed)
+
+def GetSecret(pkey):
+	return ('%064x' % pkey.secret).decode('hex')
+
+
+def i2d_ECPrivateKey(pkey, compressed=False):#, crypted=True):
+	part3='a081a53081a2020101302c06072a8648ce3d0101022100'  # for uncompressed keys
+	if compressed:
+		if True:#not crypted:  ## Bitcoin accepts both part3's for crypted wallets...
+			part3='a08185308182020101302c06072a8648ce3d0101022100'  # for compressed keys
+		key = '3081d30201010420' + \
+			'%064x' % pkey.secret + \
+			part3 + \
+			'%064x' % _p + \
+			'3006040100040107042102' + \
+			'%064x' % _Gx + \
+			'022100' + \
+			'%064x' % _r + \
+			'020101a124032200'
+	else:
+		key = '308201130201010420' + \
+			'%064x' % pkey.secret + \
+			part3 + \
+			'%064x' % _p + \
+			'3006040100040107044104' + \
+			'%064x' % _Gx + \
+			'%064x' % _Gy + \
+			'022100' + \
+			'%064x' % _r + \
+			'020101a144034200'
+
+	return key.decode('hex') + i2o_ECPublicKey(pkey, compressed)
+
+def i2o_ECPublicKey(pkey, compressed=False):
+	if compressed:
+		if pkey.pubkey.point.y() & 1:
+			key = '03' + '%064x' % pkey.pubkey.point.x()
+		else:
+			key = '02' + '%064x' % pkey.pubkey.point.x()
+	else:
+		key = '04' + \
+			'%064x' % pkey.pubkey.point.x() + \
+			'%064x' % pkey.pubkey.point.y()
+
+	return key.decode('hex')
+
+def hash_160(public_key):
+ 	md = hashlib.new('ripemd160')
+	md.update(hashlib.sha256(public_key).digest())
+	return md.digest()
+
+def public_key_to_bc_address(public_key, v=0):
+	h160 = hash_160(public_key)
+	return hash_160_to_bc_address(h160, v)
+
+def inverse_mod( a, m ):
+	if a < 0 or m <= a: a = a % m
+	c, d = a, m
+	uc, vc, ud, vd = 1, 0, 0, 1
+	while c != 0:
+		q, c, d = divmod( d, c ) + ( c, )
+		uc, vc, ud, vd = ud - q*uc, vd - q*vc, uc, vc
+	assert d == 1
+	if ud > 0: return ud
+	else: return ud + m
+	
+class CurveFp( object ):
+	def __init__( self, p, a, b ):
+		self.__p = p
+		self.__a = a
+		self.__b = b
+
+	def p( self ):
+		return self.__p
+
+	def a( self ):
+		return self.__a
+
+	def b( self ):
+		return self.__b
+
+	def contains_point( self, x, y ):
+		return ( y * y - ( x * x * x + self.__a * x + self.__b ) ) % self.__p == 0
+
+class Point( object ):
+	def __init__( self, curve, x, y, order = None ):
+		print "JERE", curve, x, y, order
+		self.__curve = curve
+		self.__x = x
+		self.__y = y
+		self.__order = order
+		if self.__curve: assert self.__curve.contains_point( x, y )
+		if order: assert self * order == INFINITY
+ 
+	def __add__( self, other ):
+		if other == INFINITY: return self
+		if self == INFINITY: return other
+		assert self.__curve == other.__curve
+		if self.__x == other.__x:
+			if ( self.__y + other.__y ) % self.__curve.p() == 0:
+				return INFINITY
+			else:
+				return self.double()
+
+		p = self.__curve.p()
+		l = ( ( other.__y - self.__y ) * \
+					inverse_mod( other.__x - self.__x, p ) ) % p
+		x3 = ( l * l - self.__x - other.__x ) % p
+		y3 = ( l * ( self.__x - x3 ) - self.__y ) % p
+		return Point( self.__curve, x3, y3 )
+
+	def __mul__( self, other ):
+		def leftmost_bit( x ):
+			assert x > 0
+			result = 1L
+			while result <= x: result = 2 * result
+			return result / 2
+
+		print "MULT ARG ", other
+		e = other
+		if self.__order: e = e % self.__order
+		print "EEEE ", e, self.__order
+		if e == 0: return INFINITY
+		if self == INFINITY: return INFINITY
+		assert e > 0
+		e3 = 3 * e
+		negative_self = Point( self.__curve, self.__x, -self.__y, self.__order )
+		i = leftmost_bit( e3 ) / 2
+		result = self
+		while i > 1:
+			result = result.double()
+			if ( e3 & i ) != 0 and ( e & i ) == 0: result = result + self
+			if ( e3 & i ) == 0 and ( e & i ) != 0: result = result + negative_self
+			i = i / 2
+		return result
+
+	def __rmul__( self, other ):
+		return self * other
+
+	def __str__( self ):
+		if self == INFINITY: return "infinity"
+		return "(%d,%d)" % ( self.__x, self.__y )
+
+	def double( self ):
+		if self == INFINITY:
+			return INFINITY
+
+		p = self.__curve.p()
+		a = self.__curve.a()
+		l = ( ( 3 * self.__x * self.__x + a ) * \
+					inverse_mod( 2 * self.__y, p ) ) % p
+		x3 = ( l * l - 2 * self.__x ) % p
+		y3 = ( l * ( self.__x - x3 ) - self.__y ) % p
+		return Point( self.__curve, x3, y3 )
+
+	def x( self ):
+		return self.__x
+
+	def y( self ):
+		return self.__y
+
+	def curve( self ):
+		return self.__curve
+	
+	def order( self ):
+		return self.__order
+		
+INFINITY = Point( None, None, None )
+
+def str_to_long(b):
+	res = 0
+	pos = 1
+	for a in reversed(b):
+		res += ord(a) * pos
+		pos *= 256
+	return res
+    
+class Public_key( object ):
+	def __init__( self, generator, point, c ):
+		self.curve = generator.curve()
+		self.generator = generator
+		self.point = point
+		self.compressed = c
+		n = generator.order()
+		if not n:
+			raise RuntimeError, "Generator point must have order."
+		if not n * point == INFINITY:
+			raise RuntimeError, "Generator point order is bad."
+		if point.x() < 0 or n <= point.x() or point.y() < 0 or n <= point.y():
+			raise RuntimeError, "Generator point has x or y out of range."
+
+	def verify( self, hash, signature ):
+		if isinstance(hash, str):
+			hash=str_to_long(hash)
+		G = self.generator
+		n = G.order()
+		r = signature.r
+		s = signature.s
+		if r < 1 or r > n-1: return False
+		if s < 1 or s > n-1: return False
+		c = inverse_mod( s, n )
+		u1 = ( hash * c ) % n
+		u2 = ( r * c ) % n
+		xy = u1 * G + u2 * self.point
+		v = xy.x() % n
+		return v == r
+
+	def ser(self):
+		if self.compressed:
+			if self.point.y() & 1:
+				key = '03' + '%064x' % self.point.x()
+			else:
+				key = '02' + '%064x' % self.point.x()
+		else:
+			key = '04' + \
+				'%064x' % self.point.x() + \
+				'%064x' % self.point.y()
+
+		return key.decode('hex')
+		
+
+class Signature( object ):
+	def __init__( self, r, s ):
+		self.r = r
+		self.s = s
+
+	def ser(self):
+		return ("%064x%064x"%(self.r,self.s)).decode('hex')
+        
+class Private_key( object ):
+	def __init__( self, public_key, secret_multiplier ):
+		self.public_key = public_key
+		self.secret_multiplier = secret_multiplier
+
+#	def der( self ):
+#		hex_der_key = '06052b8104000a30740201010420' + \
+#			'%064x' % self.secret_multiplier + \
+#			'a00706052b8104000aa14403420004' + \
+#			'%064x' % self.public_key.point.x() + \
+#			'%064x' % self.public_key.point.y()
+#		return hex_der_key.decode('hex')
+
+	def sign( self, hash, random_k ):
+		if isinstance(hash, str):
+			hash=str_to_long(hash)
+		G = self.public_key.generator
+		n = G.order()
+		k = random_k % n
+		p1 = k * G
+		r = p1.x()
+		if r == 0: raise RuntimeError, "amazingly unlucky random number r"
+		s = ( inverse_mod( k, n ) * \
+					( hash + ( self.secret_multiplier * r ) % n ) ) % n
+		if s == 0: raise RuntimeError, "amazingly unlucky random number s"
+		return Signature( r, s )
+
+class EC_KEY(object):
+	def __init__( self, secret, c=False):
+		curve = CurveFp( _p, _a, _b )
+		generator = Point( curve, _Gx, _Gy, _r )
+		self.pubkey = Public_key( generator, generator * secret, c )
+		self.privkey = Private_key( self.pubkey, secret )
+		self.secret = secret
+
+def format_msg_to_sign(msg):
+    return "\x18Bitcoin Signed Message:\n"+chr(len(msg))+msg  #todo: check 18
+
+def sqrt_mod(a, p):
+    return pow(a, (p+1)/4, p)
+	
+_p = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2FL
+_r = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141L
+_b = 0x0000000000000000000000000000000000000000000000000000000000000007L
+_a = 0x0000000000000000000000000000000000000000000000000000000000000000L
+_Gx = 0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798L
+_Gy = 0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8L
+
+curve_secp256k1 = CurveFp (_p, _a, _b)
+generator_secp256k1 = g = Point (curve_secp256k1, _Gx, _Gy, _r)
+randrange = random.SystemRandom().randrange
+
+# Signing/verifying
+
+def verify_message_Bitcoin(address, signature, message, pureECDSASigning=False):
+    print "DECODE"
+    print address
+    print base64.b64encode(b58decode(address, None))
+    networkversion=str_to_long(b58decode(address, None)) >> (8*24)
+    print "COOL"
+    print str_to_long(b58decode(address, None))
+    print "NETWORK VERSION"
+    print networkversion
+    msg=message
+    print msg
+    if not pureECDSASigning:
+        print "SHIT"
+        print message
+        print format_msg_to_sign(message)
+        msg=Hash(format_msg_to_sign(message))
+    print msg
+
+    compressed=False
+    curve = curve_secp256k1
+    G = generator_secp256k1
+    _a,_b,_p=curve.a(),curve.b(),curve.p()
+    
+    order = G.order()
+    print "G ORDER ", order
+    sig = base64.b64decode(signature)
+    if len(sig) != 65:
+        raise Exception("vmB","Bad signature")
+    print "SIG ", sig
+    
+    hb = ord(sig[0])
+    print "hb", hb
+    r,s = map(str_to_long,[sig[1:33],sig[33:65]])
+    print "r, s", r, s
+    
+    if hb < 27 or hb >= 35:
+        raise Exception("vmB","Bad first byte")
+    if hb >= 31:
+        compressed = True
+        hb -= 4
+    
+    recid = hb - 27
+    x = (r + (recid/2) * order) % _p
+    y2 = ( pow(x,3,_p) + _a*x + _b ) % _p
+    print "y2, p", y2, _p
+    yomy = sqrt_mod(y2, _p)
+    print "yomy", yomy
+    if (yomy - recid) % 2 == 0:
+        y=yomy
+    else:
+        y=_p - yomy
+    print "y", y
+    
+    R = Point(curve, x, y, order)
+    print "R", R
+    e = str_to_long(msg)
+    minus_e = -e % order
+    print "e, -e: ", e, minus_e
+    inv_r = inverse_mod(r,order)
+    print "inv_r", inv_r
+    print "s", s
+
+    Q = inv_r * ( R*s + G*minus_e )
+    print "Q", Q
+    
+    public_key = Public_key(G, Q, compressed)
+    print "SER", public_key.ser()
+    addr = public_key_to_bc_address(public_key.ser(), networkversion)
+    if address != addr:
+        raise Exception("vmB","Bad address. Signing: %s, received: %s"%(addr,address))
+
+
+def sign_message(secret, message, pureECDSASigning=False):
+	if len(secret) == 32:
+		pkey = EC_KEY(str_to_long(secret))
+		compressed = False
+	elif len(secret) == 33:
+		pkey = EC_KEY(str_to_long(secret[:-1]))
+		secret=secret[:-1]
+		compressed = True
+	else:
+		raise Exception("sm","Bad private key size")
+
+	msg=message
+	if not pureECDSASigning:
+		msg=Hash(format_msg_to_sign(message))
+	
+	eckey           = EC_KEY(str_to_long(secret), compressed)
+	private_key     = eckey.privkey
+	public_key      = eckey.pubkey
+	addr            = public_key_to_bc_address(GetPubKey(eckey,eckey.pubkey.compressed))
+
+	sig = private_key.sign(msg, randomk())
+	if not public_key.verify(msg, sig):
+		raise Exception("sm","Problem signing message")
+	return [sig,addr,compressed,public_key]
+	
+
+def sign_message_Bitcoin(secret, msg, pureECDSASigning=False):
+	sig,addr,compressed,public_key=sign_message(secret, msg, pureECDSASigning)
+
+	for i in range(4):
+		hb=27+i
+		if compressed:
+			hb+=4
+		sign=base64.b64encode(chr(hb)+sig.ser())
+		try:
+			verify_message_Bitcoin(addr, sign, msg, pureECDSASigning)
+			return {'address':addr, 'b64-signature':sign, 'signature':chr(hb)+sig.ser(), 'message':msg}
+		except Exception as e:
+#			print e.args
+			pass
+
+	raise Exception("smB","Unable to construct recoverable key")
+
+def FormatText(t, sigctx, verbose=False):   #sigctx: False=what is displayed, True=what is signed
+	r=''
+	te=t.split('\n')
+	for l in te:
+		while len(l) and l[len(l)-1] in [' ', '\t', chr(9)]:
+			l=l[:-1]
+		if not len(l) or l[len(l)-1]!='\r':
+			l+='\r'
+		if not sigctx:
+			if len(l) and l[0]=='-':
+				l='- '+l[1:]
+		r+=l+'\n'
+	r=r[:-2]
+
+	global FTVerbose
+	if FTVerbose:
+		print '  -- Sent:      '+t.encode('hex')
+		if sigctx:
+			print '  -- Signed:    '+r.encode('hex')
+		else:
+			print '  -- Displayed: '+r.encode('hex')
+	
+	return r
+
+	
+def crc24(m):
+	INIT = 0xB704CE
+	POLY = 0x1864CFB
+	crc = INIT
+	r = ''
+	for o in m:
+		o=ord(o)
+		crc ^= (o << 16)
+		for i in xrange(8):
+			crc <<= 1
+			if crc & 0x1000000:
+				crc ^= POLY
+	for i in range(3):
+		r += chr( ( crc & (0xff<<(8*i))) >> (8*i) )
+	return r
+	
+def chunks(t, n):
+	return [t[i:i+n] for i in range(0, len(t), n)]
+
+def ASCIIArmory(block, name):
+	r='-----BEGIN '+name+'-----\r\n'
+	r+='\r\n'.join(chunks(base64.b64encode(block), 64))+'\r\n='
+	r+=base64.b64encode(crc24(block))+'\r\n'
+	r+='-----END '+name+'-----'
+	return r
+
+
+#==============================================
+	
+def verifySignature(addr, b64sig, msg):
+	return verify_message_Bitcoin(addr, b64sig, FormatText(msg, True))
+
+def ASv0(privkey, msg):	
+	return sign_message_Bitcoin(privkey, FormatText(msg, True))
+
+def ASv1CS(privkey, msg):
+	sig=ASv0(privkey, msg)
+	r='-----BEGIN SIGNED BITCOIN MESSAGE-----\r\n\r\n'
+	r+=FormatText(msg, False)+'\r\n'
+	r+=ASCIIArmory(sig['signature'], 'BITCOIN SIGNATURE')
+	return r
+	
+def ASv1B64(privkey, msg):	
+	sig=ASv0(privkey, msg)
+	return ASCIIArmory(sig['signature']+sig['message'], 'BITCOIN SIGNED MESSAGE')
+	
+
+
+#==============================================
+
+# 
+#  Some tests with ugly output
+#  You can delete the print commands in FormatText() after testing
+# 
+
+pvk1='\x01'*32
+text0='Hello world!'
+text1='Hello world!\n'
+text2='Hello world!\n\t'
+text3='Hello world!\n-jackjack'
+text4='Hello world!\n-jackjack '
+text5='Hello world!'
+
+FTVerbose=True
+# sv0=ASv0(pvk1, text1)
+# print "STUFF TO SIGN"
+# print sv0
+# print "KK"
+# print verifySignature(sv0['address'], sv0['b64-signature'], sv0['message'])
+# print 
+# print ASv1B64(pvk1, text1)
+# print 
+# print ASv1CS(pvk1, text1)
+# print 
+# print ASv1CS(pvk1, text2)
+# print 
+# print ASv1CS(pvk1, text3)
+# print 
+# print ASv1CS(pvk1, text4)
+# print 
+# print ASv1CS(pvk1, text5)
+print verifySignature('13C5HZKutjMDeuc7f5mPj6XGpJCZu7xKh2', 'H55JIuwEi4YXzINOzx2oU6VsfBcTOScpFtp10pP/M4EWV336ClH65SObwPXnRf/fMXDu8hs8nweB42CtpWgngeM=', 'abc')
+
+#print verifySignature('13C5HZKutjMDeuc7f5mPj6XGpJCZu7xKh2', 'H55JIuwEi4YXzINOzx2oU6VsfBcTOScpFtp10pP/M4EWV336ClH65SObwPXnRf/fMXDu8hs8nweB42CtpWgngeM=', 'aaa')

data/bitcoin-cigs.gemspec

@@ -0,0 +1,23 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+
+require "bitcoin_cigs/version"
+
+Gem::Specification.new do |s|
+  s.name        = "bitcoin-cigs"
+  s.version     = BitcoinCigs::VERSION
+  s.authors     = ["Michael Pearce"]
+  s.email       = ["michaelgpearce@yahoo.com"]
+  s.homepage    = "http://github.com/michaelgpearce/bitcoin-cigs"
+  s.summary     = "Create and Verify Bitcoin Signatures"
+  s.description = "Create and Verify Bitcoin Signatures."
+
+  s.rubyforge_project = "bitcoin-cigs"
+
+  s.files = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.require_paths = ["lib"]
+
+  s.add_development_dependency 'rspec', '~> 2.13.0'
+  s.add_development_dependency 'rake', '~> 10.0.4'
+end

data/lib/bitcoin-cigs.rb

@@ -0,0 +1 @@
+require 'bitcoin_cigs'

data/lib/bitcoin_cigs.rb

@@ -0,0 +1,113 @@
+require 'base64'
+
+require 'bitcoin_cigs/error'
+require 'bitcoin_cigs/math_helper'
+require 'bitcoin_cigs/base_58'
+require 'bitcoin_cigs/curve_fp'
+require 'bitcoin_cigs/point'
+require 'bitcoin_cigs/public_key'
+
+module BitcoinCigs
+  P = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F
+  R = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141
+  B = 0x0000000000000000000000000000000000000000000000000000000000000007
+  A = 0x0000000000000000000000000000000000000000000000000000000000000000
+  Gx = 0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798
+  Gy = 0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8
+
+  CURVE_SECP256K1 = ::BitcoinCigs::CurveFp.new(P, A, B)
+  GENERATOR_SECP256K1 = ::BitcoinCigs::Point.new(CURVE_SECP256K1, Gx, Gy, R)
+  
+  class << self
+    include ::BitcoinCigs::MathHelper
+    
+    def verify_message(address, signature, message)
+      begin
+        verify_message!(address, signature, message)
+        true
+      rescue ::BitcoinCigs::Error
+        false
+      end
+    end
+    
+    def verify_message!(address, signature, message)
+      network_version = str_to_num(::BitcoinCigs::Base58.decode(address)) >> (8 * 24)
+
+      message = calculate_hash(format_message_to_sign(message))
+
+      curve = CURVE_SECP256K1
+      g = GENERATOR_SECP256K1
+      a, b, p = curve.a, curve.b, curve.p
+      
+      order = g.order
+      
+      sig = Base64.decode64(signature)
+      raise ::BitcoinCigs::Error.new("Bad signature") if sig.size != 65
+      
+      hb = sig[0].ord
+      r, s = [sig[1...33], sig[33...65]].collect { |s| str_to_num(s) }
+      
+      
+      raise ::BitcoinCigs::Error.new("Bad first byte") if hb < 27 || hb >= 35
+      
+      compressed = false
+      if hb >= 31
+        compressed = true
+        hb -= 4
+      end
+      
+      recid = hb - 27
+      x = (r + (recid / 2) * order) % p
+      y2 = ((x ** 3 % p) + a * x + b) % p
+      yomy = sqrt_mod(y2, p)
+      if (yomy - recid) % 2 == 0
+        y = yomy
+      else
+        y = p - yomy
+      end
+      
+      r_point = ::BitcoinCigs::Point.new(curve, x, y, order)
+      e = str_to_num(message)
+      minus_e = -e % order
+      
+      inv_r = inverse_mod(r, order)
+      q = (r_point * s + g * minus_e) * inv_r
+      
+    
+      public_key = ::BitcoinCigs::PublicKey.new(g, q, compressed)
+      addr = public_key_to_bc_address(public_key.ser(), network_version)
+      raise ::BitcoinCigs::Error.new("Bad address. Signing: #{addr}, Received: #{address}") if address != addr
+      
+      nil
+    end
+  
+    private
+  
+    def calculate_hash(d)
+      sha256(sha256(d))
+    end
+    
+    def format_message_to_sign(message)
+      "\x18Bitcoin Signed Message:\n#{message.length.chr}#{message}"
+    end
+    
+    def public_key_to_bc_address(public_key, network_version)
+      h160 = hash_160(public_key)
+      
+      hash_160_to_bc_address(h160, network_version)
+    end
+    
+    def hash_160_to_bc_address(h160, address_type)
+      vh160 = address_type.chr + h160
+      h = calculate_hash(vh160)
+      addr = vh160 + h[0...4]
+      
+      ::BitcoinCigs::Base58.encode(addr)
+    end
+    
+    def hash_160(public_key)
+      ripemd160(sha256(public_key))
+    end
+    
+  end
+end

data/lib/bitcoin_cigs/base_58.rb

@@ -0,0 +1,45 @@
+module BitcoinCigs
+  class Base58
+    CHARS = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz'
+    CHAR_SIZE = CHARS.size
+
+    def self.decode(s)
+      value = s.chars.reverse_each.each_with_index.inject(0) { |acc, (ch, i)| acc + (CHARS.index(ch) || -1) * (CHAR_SIZE ** i) }
+      
+      result = []
+      while value >= 256
+        div = value / 256
+        mod = value % 256
+        result.unshift(mod.chr)
+        value = div
+      end
+      result.unshift(value.chr)
+      
+      pad_size = s.chars.inject(0) { |acc, ch| acc + (CHARS[0] == ch ? 1 : 0) }
+      
+      result.unshift(0.chr * pad_size)
+      
+      result.join
+    end
+    
+    def self.encode(s)
+      value = 0
+      
+      value = s.chars.reverse_each.each_with_index.inject(0) { |acc, (ch, i)| acc + (256 ** i) * ch.ord }
+
+      result = []
+      while value >= CHAR_SIZE
+        div, mod = value / CHAR_SIZE, value % CHAR_SIZE
+        result.unshift(CHARS[mod])
+        value = div
+      end
+      result.unshift(CHARS[value])
+
+      pad_size = s.chars.inject(0) { |acc, ch| acc + (ch == "\0" ? 1 : 0) }
+      
+      result.unshift(CHARS[0] * pad_size)
+
+      result.join
+    end
+  end
+end

data/lib/bitcoin_cigs/curve_fp.rb

@@ -0,0 +1,15 @@
+module BitcoinCigs
+  class CurveFp
+    attr_accessor :p, :a, :b
+    
+    def initialize(p, a, b)
+      self.p = p
+      self.a = a
+      self.b = b
+    end
+  
+    def contains_point(x, y)
+      return (y * y - (x * x * x + a * x + b)) % p == 0
+    end
+  end
+end

data/lib/bitcoin_cigs/error.rb

@@ -0,0 +1,4 @@
+module BitcoinCigs
+  class Error < StandardError
+  end
+end

data/lib/bitcoin_cigs/math_helper.rb

@@ -0,0 +1,46 @@
+require 'openssl'
+require 'digest/sha2'
+
+module BitcoinCigs
+  module MathHelper
+    def inverse_mod(a, m)
+      a = a % m if a < 0 || m <= a
+      
+      c, d = a, m
+      
+      uc, vc, ud, vd = 1, 0, 0, 1
+      
+      while c != 0
+        q, c, d = d / c, d % c, c
+        uc, vc, ud, vd = ud - q*uc, vd - q*vc, uc, vc
+      end
+      raise ::BitcoinCigs::Error.new unless d == 1
+      
+      ud > 0 ? ud : ud + m
+    end
+    
+    def leftmost_bit(x)
+      raise ::BitcoinCigs::Error.new unless x > 0
+      
+      result = 1
+      result *= 2 while result <= x
+      result / 2
+    end
+    
+    def ripemd160(d)
+      (OpenSSL::Digest::RIPEMD160.new << d).digest
+    end
+    
+    def sha256(d)
+      (Digest::SHA2.new << d).digest
+    end
+    
+    def sqrt_mod(a, p)
+      a.to_bn.mod_exp((p + 1) / 4, p).to_i
+    end
+    
+    def str_to_num(s)
+      s.chars.reverse_each.with_index.inject(0) { |acc, (ch, i)| acc + ch.ord * (256 ** i) }
+    end
+  end
+end

data/lib/bitcoin_cigs/point.rb

@@ -0,0 +1,91 @@
+module BitcoinCigs
+  class Point
+    include MathHelper
+    
+    attr_accessor :curve, :x, :y, :order
+    
+    def self.infinity
+      ::BitcoinCigs::Point.new(nil, nil, nil)
+    end
+    
+    def initialize(curve, x, y, order = nil)
+      self.curve = curve
+      self.x = x
+      self.y = y
+      self.order = order
+      
+      return if infinite?
+      
+      raise ::BitcoinCigs::Error.new if curve && !curve.contains_point(x, y)
+      raise ::BitcoinCigs::Error.new if order && !(self * order).infinite?
+    end
+    
+    def infinite?
+      curve.nil? && x.nil? && y.nil? && order.nil?
+    end
+
+    def +(other)
+      return self if other.infinite?
+      return other if infinite?
+      
+      raise ::BitcoinCigs::Error.new if curve != other.curve
+
+      if x == other.x
+        return (y + other.y) % curve.p == 0 ? ::BitcoinCigs::Point.infinity : double
+      end
+
+      p = curve.p
+      l = ( ( other.y - y ) * inverse_mod( other.x - x, p ) ) % p
+      x3 = ( l * l - x - other.x ) % p
+      y3 = ( l * ( x - x3 ) - y ) % p
+      
+      Point.new(curve, x3, y3)
+    end
+
+    def *(other)
+      e = other
+      
+      e = e % order if order
+      
+      return ::BitcoinCigs::Point.infinity if e == 0
+      return ::BitcoinCigs::Point.infinity if infinite?
+      
+      raise ::BitcoinCigs::Error.new unless e > 0
+      
+      e3 = 3 * e
+      negative_self = ::BitcoinCigs::Point.new(curve, x, -y, order)
+      i = leftmost_bit(e3) / 2
+      result = self
+      
+      while i > 1
+        result = result.double
+        result += self if (e3 & i) != 0 && (e & i) == 0
+        result += negative_self if (e3 & i) == 0 && (e & i) != 0
+        i = i / 2
+      end
+      
+      result
+    end
+
+    def ==(other)
+      curve == other.curve && x == other.x && y == other.y && order == other.order
+    end
+    
+    def to_s
+      infinite? ? "infinity" : "(#{x},#{y})"
+    end
+
+    def double
+      return ::BitcoinCigs::Point.infinity if infinite?
+
+      p = curve.p
+      a = curve.a
+      l = ( ( 3 * x * x + a ) * \
+            inverse_mod( 2 * y, p ) ) % p
+      x3 = ( l * l - 2 * x ) % p
+      y3 = ( l * ( x - x3 ) - y ) % p
+      
+      ::BitcoinCigs::Point.new(curve, x3, y3)
+    end
+  end
+end

data/lib/bitcoin_cigs/public_key.rb

@@ -0,0 +1,35 @@
+module BitcoinCigs
+  class PublicKey
+    attr_accessor :curve, :generator, :point, :compressed
+    
+    def initialize(generator, point, compressed)
+      self.curve = generator.curve
+      self.generator = generator
+      self.point = point
+      self.compressed = compressed
+      
+      n = generator.order
+      
+      raise ::BitcoinCigs::Error.new("Generator point must have order.") if n.nil?
+      raise ::BitcoinCigs::Error.new("Generator point order is bad.") unless (point * n).infinite?
+      if point.x < 0 || n <= point.x || point.y < 0 || n <= point.y
+        raise ::BitcoinCigs::Error, "Generator point has x or y out of range."
+      end
+    end
+
+    def ser
+      if compressed
+        if point.y & 1 > 0
+          key = '03%064x' % point.x
+        else
+          key = '02%064x' % point.x
+        end
+      else
+        key = '04%064x%064x' % [point.x, point.y]
+      end
+      
+      [key].pack('H*')
+    end
+  end
+end
+  

data/lib/bitcoin_cigs/version.rb

@@ -0,0 +1,3 @@
+module BitcoinCigs
+  VERSION = "0.0.1"
+end

data/spec/bitcoin_cigs/base_58_spec.rb

@@ -0,0 +1,28 @@
+require 'spec_helper'
+require 'base64'
+
+describe BitcoinCigs::Base58 do
+  describe "decode" do
+    let(:base_58_encoded_data) { "13C5HZKutjMDeuc7f5mPj6XGpJCZu7xKh2" }
+    
+    subject { BitcoinCigs::Base58.decode(base_58_encoded_data) }
+    
+    context "with valid data" do
+      it "decodes properly" do
+        expect(Base64.encode64(subject).strip).to eq("ABgIZ4vqJRDJAqbMPNKKwHNFFgMWIJM1kQ==")
+      end
+    end
+  end
+  
+  describe "encode" do
+    let(:data) { Base64.decode64("ABgIZ4vqJRDJAqbMPNKKwHNFFgMWIJM1kQ==") }
+    
+    subject { BitcoinCigs::Base58.encode(data) }
+    
+    context "with valid data" do
+      it "encodes properly" do
+        expect(subject).to eq("13C5HZKutjMDeuc7f5mPj6XGpJCZu7xKh2")
+      end
+    end
+  end
+end

data/spec/bitcoin_cigs_spec.rb

@@ -0,0 +1,61 @@
+require 'spec_helper'
+
+describe BitcoinCigs do
+  let(:address) { "13C5HZKutjMDeuc7f5mPj6XGpJCZu7xKh2"}
+  let(:signature) { "H55JIuwEi4YXzINOzx2oU6VsfBcTOScpFtp10pP/M4EWV336ClH65SObwPXnRf/fMXDu8hs8nweB42CtpWgngeM=" }
+  let(:message) { "aaa" }
+  
+  describe "verify_message!" do
+    subject { BitcoinCigs.verify_message!(address, signature, message) }
+    
+    context "with valid data" do
+      it "verifies valid message" do
+        expect(subject).to be_nil
+      end
+    end
+    
+    context "with invalid address" do
+      let(:address) { "invalid" }
+      
+      it "raises ::BitcoinCigs::Error" do
+        expect { subject }.to raise_error(::BitcoinCigs::Error, "Bad address. Signing: 13C5HZKutjMDeuc7f5mPj6XGpJCZu7xKh2, Received: invalid")
+      end
+    end
+    
+    context "with invalid signature" do
+      let(:signature) { "invalid" }
+      
+      it "raises ::BitcoinCigs::Error" do
+        expect { subject }.to raise_error(::BitcoinCigs::Error, "Bad signature")
+      end
+    end
+    
+    context "with invalid message" do
+      let(:message) { "invalid" }
+      
+      it "raises ::BitcoinCigs::Error" do
+        # TODO: wrong message, also occurs in python version
+        expect { subject }.to raise_error(::BitcoinCigs::Error, "Bad address. Signing: 1887raouuBL3BJHMxgsGBZAWGqTjBEJP2p, Received: 13C5HZKutjMDeuc7f5mPj6XGpJCZu7xKh2")
+      end
+    end
+  end
+  
+  describe "verify_message!" do
+    subject { BitcoinCigs.verify_message(address, signature, message) }
+    
+    context "with valid data" do
+      it "verifies valid message" do
+        expect(subject).to be_true
+      end
+    end
+    
+    context "with invalid data" do
+      let(:address) { "invalid" }
+      
+      it "raises ::BitcoinCigs::Error" do
+        expect(subject).to be_false
+      end
+    end
+  end
+    
+end

data/spec/spec_helper.rb

@@ -0,0 +1,6 @@
+require 'rubygems'
+require 'rspec'
+
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+require 'bitcoin-cigs'

metadata

@@ -0,0 +1,100 @@
+--- !ruby/object:Gem::Specification
+name: bitcoin-cigs
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease: 
+platform: ruby
+authors:
+- Michael Pearce
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-06-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.13.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.13.0
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 10.0.4
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 10.0.4
+description: Create and Verify Bitcoin Signatures.
+email:
+- michaelgpearce@yahoo.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/jasvet.py
+- bitcoin-cigs.gemspec
+- lib/bitcoin-cigs.rb
+- lib/bitcoin_cigs.rb
+- lib/bitcoin_cigs/base_58.rb
+- lib/bitcoin_cigs/curve_fp.rb
+- lib/bitcoin_cigs/error.rb
+- lib/bitcoin_cigs/math_helper.rb
+- lib/bitcoin_cigs/point.rb
+- lib/bitcoin_cigs/public_key.rb
+- lib/bitcoin_cigs/version.rb
+- spec/bitcoin_cigs/base_58_spec.rb
+- spec/bitcoin_cigs_spec.rb
+- spec/spec_helper.rb
+homepage: http://github.com/michaelgpearce/bitcoin-cigs
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: bitcoin-cigs
+rubygems_version: 1.8.25
+signing_key: 
+specification_version: 3
+summary: Create and Verify Bitcoin Signatures
+test_files:
+- spec/bitcoin_cigs/base_58_spec.rb
+- spec/bitcoin_cigs_spec.rb
+- spec/spec_helper.rb