bitcoin-ruby 0.0.1 → 0.0.2

data/lib/bitcoin/builder.rb

@@ -1,3 +1,5 @@
+# encoding: ascii-8bit
+
 module Bitcoin
 
   # Optional DSL to help create blocks and transactions.
@@ -7,19 +9,21 @@ module Bitcoin
 
     # build a Bitcoin::Protocol::Block matching the given +target+.
     # see BlockBuilder for details.
-    def blk(target = "00".ljust(32, 'f'))
+    def build_block(target = "00".ljust(64, 'f'))
       c = BlockBuilder.new
       yield c
       c.block(target)
     end
+    alias :blk :build_block
 
     # build a Bitcoin::Protocol::Tx.
     # see TxBuilder for details.
-    def tx
+    def build_tx
       c = TxBuilder.new
       yield c
       c.tx
     end
+    alias :tx :build_tx
 
     # build a Bitcoin::Script.
     # see ScriptBuilder for details.
@@ -29,7 +33,7 @@ module Bitcoin
       c.script
     end
 
-    # DSL to create a Bitcoin::Protocol::Block used by Builder#blk.
+    # DSL to create a Bitcoin::Protocol::Block used by Builder#create_block.
     #  block = blk("00".ljust(32, 'f')) do |b|
     #    b.prev_block "\x00"*32
     #    b.tx do |t|
@@ -46,7 +50,7 @@ module Bitcoin
     class BlockBuilder
 
       def initialize
-        @block = Bitcoin::P::Block.new(nil)
+        @block = P::Block.new(nil)
       end
 
       # specify block version. this is usually not necessary. defaults to 1.
@@ -59,6 +63,11 @@ module Bitcoin
         @prev_block = hash
       end
 
+      # set the block timestamp (defaults to current time).
+      def time time
+        @time = time
+      end
+
       # add transactions to the block (see TxBuilder).
       def tx
         c = TxBuilder.new
@@ -69,14 +78,15 @@ module Bitcoin
       # create the block according to values specified via DSL.
       def block target
         @block.ver = @version || 1
-        @block.prev_block = [@prev_block].pack("H*").reverse
+        @block.prev_block = @prev_block.htb.reverse
         @block.mrkl_root = @mrkl_root
-        @block.time = Time.now.to_i
+        @block.time = @time || Time.now.to_i
         @block.nonce = 0
-        @block.mrkl_root = [Bitcoin.hash_mrkl_tree(@block.tx.map {|t|
-              t.hash }).last].pack("H*")
+        @block.mrkl_root = Bitcoin.hash_mrkl_tree(@block.tx.map(&:hash)).last.htb.reverse
         find_hash(target)
-        Bitcoin::P::Block.new(@block.to_payload)
+        block = P::Block.new(@block.to_payload)
+        raise "Payload Error"  unless block.to_payload == @block.to_payload
+        block
       end
 
       private
@@ -104,22 +114,25 @@ module Bitcoin
 
     end
 
-    # DSL to create Bitcoin::Protocol::Tx used by Builder#tx.
-    # tx = tx do |t|
-    #   t.input do |i|
-    #     i.prev_out prev_tx  # previous transaction
-    #     i.prev_out_index 0  # index of previous output
-    #     i.signature_key key # Bitcoin::Key used to sign the input
-    #   end
-    #   t.output do |o|
-    #     o.value 12345 # 0.00012345 BTC
-    #     o.script {|s| s.type :address; s.recipient key.addr }
-    #   end
-    # end
+    # DSL to create Bitcoin::Protocol::Tx used by Builder#build_tx.
+    #  tx = tx do |t|
+    #    t.input do |i|
+    #      i.prev_out prev_tx  # previous transaction
+    #      i.prev_out_index 0  # index of previous output
+    #      i.signature_key key # Bitcoin::Key used to sign the input
+    #    end
+    #    t.output do |o|
+    #      o.value 12345 # 0.00012345 BTC
+    #      o.script {|s| s.type :address; s.recipient key.addr }
+    #    end
+    #  end
+    #
+    # signs every input that has a signature key. if the signature key is
+    # not specified, the input will include the #sig_hash that needs to be signed.
     class TxBuilder
 
       def initialize
-        @tx = Bitcoin::P::Tx.new(nil)
+        @tx = P::Tx.new(nil)
         @tx.ver, @tx.lock_time = 1, 0
         @ins, @outs = [], []
       end
@@ -148,7 +161,10 @@ module Bitcoin
         @outs << c
       end
 
-      # create the transaction according to values specified via DSL and sign inputs.
+      # create the transaction according to values specified via DSL.
+      # sign each input that has a signature key specified. if there is
+      # no key, store the sig_hash in the input, so it can easily be
+      # signed later.
       def tx
         @ins.each {|i| @tx.add_in(i.txin) }
         @outs.each {|o| @tx.add_out(o.txout) }
@@ -160,26 +176,36 @@ module Bitcoin
             next
           end
           prev_tx = inc.instance_variable_get(:@prev_out)
-          sig_hash = @tx.signature_hash_for_input(i, prev_tx)
-          sig = inc.key.sign(sig_hash)
-          script_sig = Bitcoin::Script.to_signature_pubkey_script(sig, [inc.key.pub].pack("H*"))
-          @tx.in[i].script_sig_length = script_sig.bytesize
-          @tx.in[i].script_sig = script_sig
-          raise "Signature error"  unless @tx.verify_input_signature(i, prev_tx)
+          @sig_hash = @tx.signature_hash_for_input(i, prev_tx)
+          if inc.key && inc.key.priv
+            sig = inc.key.sign(@sig_hash)
+            script_sig = Script.to_signature_pubkey_script(sig, [inc.key.pub].pack("H*"))
+            @tx.in[i].script_sig_length = script_sig.bytesize
+            @tx.in[i].script_sig = script_sig
+            raise "Signature error"  unless @tx.verify_input_signature(i, prev_tx)
+          else
+            @tx.in[i].script_sig_length = 0
+            @tx.in[i].script_sig = ""
+            @tx.in[i].sig_hash = @sig_hash
+            @tx.in[i].sig_address = Script.new(prev_tx.out[@tx.in[i].prev_out_index].pk_script).get_address
+          end
         end
-        Bitcoin::P::Tx.new(@tx.to_payload)
+        data = @tx.in.map {|i| [i.sig_hash, i.sig_address] }
+        tx = P::Tx.new(@tx.to_payload)
+        data.each.with_index {|d, i| i = tx.in[i]; i.sig_hash = d[0]; i.sig_address = d[1] }
+        raise "Payload Error"  unless tx.to_payload == @tx.to_payload
+        tx
       end
     end
 
     # create a Bitcoin::Protocol::TxIn used by TxBuilder#input.
     #
-    # inputs can be either 'coinbase', in which case they only need to specify #coinbase,
-    # or they have to define a #prev_out, #prev_out_index and #signature key.
+    # inputs need a #prev_out tx and #prev_out_index of the output they spend.
     class TxInBuilder
       attr_reader :key, :coinbase_data
 
       def initialize
-        @txin = Bitcoin::P::TxIn.new
+        @txin = P::TxIn.new
       end
 
       # previous transaction that contains the output we want to use.
@@ -224,7 +250,7 @@ module Bitcoin
       attr_reader :script
 
       def initialize
-        @type = nil
+        @type = :address
         @script = nil
       end
 
@@ -236,7 +262,7 @@ module Bitcoin
       # recipient(s) of the script.
       # depending on the #type, either an address, hash160 pubkey, etc.
       def recipient *data
-        @script = Bitcoin::Script.send("to_#{@type}_script", *data)
+        @script = Script.send("to_#{@type}_script", *data)
       end
     end
 
@@ -245,7 +271,7 @@ module Bitcoin
       attr_reader :txout
 
       def initialize
-        @txout = Bitcoin::P::TxOut.new
+        @txout = P::TxOut.new
       end
 
       # set output value (in base units / "satoshis")

data/lib/bitcoin/config.rb

@@ -1,3 +1,5 @@
+# encoding: ascii-8bit
+
 require 'yaml'
 module Bitcoin
 

data/lib/bitcoin/connection.rb

@@ -1,3 +1,5 @@
+# encoding: ascii-8bit
+
 require 'socket'
 require 'eventmachine'
 require 'bitcoin'
@@ -5,27 +7,24 @@ require 'bitcoin'
 module Bitcoin
 
   module ConnectionHandler
-    def hth(h); h.unpack("H*")[0]; end
-    def htb(h); [h].pack("H*"); end
-
     def on_inv_transaction(hash)
-      p ['inv transaction', hth(hash)]
+      p ['inv transaction', hash.hth]
       pkt = Protocol.getdata_pkt(:tx, [hash])
       send_data(pkt)
     end
 
     def on_inv_block(hash)
-      p ['inv block', hth(hash)]
+      p ['inv block', hash.hth]
       pkt = Protocol.getdata_pkt(:block, [hash])
       send_data(pkt)
     end
 
     def on_get_transaction(hash)
-      p ['get transaction', hth(hash)]
+      p ['get transaction', hash.hth]
     end
 
     def on_get_block(hash)
-      p ['get block', hth(hash)]
+      p ['get block', hash.hth]
     end
 
     def on_addr(addr)
@@ -43,10 +42,14 @@ module Bitcoin
     end
 
     def on_version(version)
-      p [@sockaddr, 'version', version, version.timestamp - Time.now.to_i]
+      p [@sockaddr, 'version', version, version.time - Time.now.to_i]
       send_data( Protocol.verack_pkt )
     end
 
+    def on_verack
+      on_handshake_complete
+    end
+
     def on_handshake_complete
       p [@sockaddr, 'handshake complete']
       @connected = true

data/lib/bitcoin/electrum/mnemonic.rb

@@ -0,0 +1,162 @@
+# encoding: ascii-8bit
+
+class Mnemonic
+  # ruby version of: https://github.com/spesmilo/electrum/blob/master/lib/mnemonic.py
+
+  # list of words from http://en.wiktionary.org/wiki/Wiktionary:Frequency_lists/Contemporary_poetry
+  Words = (<<-TEXT).split
+    like just love know never want time out there make look eye down only think
+    heart back then into about more away still them take thing even through long always
+    world too friend tell try hand thought over here other need smile again much cry
+    been night ever little said end some those around mind people girl leave dream left
+    turn myself give nothing really off before something find walk wish good once place ask
+    stop keep watch seem everything wait got yet made remember start alone run hope maybe
+    believe body hate after close talk stand own each hurt help home god soul new
+    many two inside should true first fear mean better play another gone change use wonder
+    someone hair cold open best any behind happen water dark laugh stay forever name work
+    show sky break came deep door put black together upon happy such great white matter
+    fill past please burn cause enough touch moment soon voice scream anything stare sound red
+    everyone hide kiss truth death beautiful mine blood broken very pass next forget tree wrong
+    air mother understand lip hit wall memory sleep free high realize school might skin sweet
+    perfect blue kill breath dance against fly between grow strong under listen bring sometimes speak
+    pull person become family begin ground real small father sure feet rest young finally land
+    across today different guy line fire reason reach second slowly write eat smell mouth step
+    learn three floor promise breathe darkness push earth guess save song above along both color
+    house almost sorry anymore brother okay dear game fade already apart warm beauty heard notice
+    question shine began piece whole shadow secret street within finger point morning whisper child moon
+    green story glass kid silence since soft yourself empty shall angel answer baby bright dad
+    path worry hour drop follow power war half flow heaven act chance fact least tired
+    children near quite afraid rise sea taste window cover nice trust lot sad cool force
+    peace return blind easy ready roll rose drive held music beneath hang mom paint emotion
+    quiet clear cloud few pretty bird outside paper picture front rock simple anyone meant reality
+    road sense waste bit leaf thank happiness meet men smoke truly decide self age book
+    form alive carry escape damn instead able ice minute throw catch leg ring course goodbye
+    lead poem sick corner desire known problem remind shoulder suppose toward wave drink jump woman
+    pretend sister week human joy crack grey pray surprise dry knee less search bleed caught
+    clean embrace future king son sorrow chest hug remain sat worth blow daddy final parent
+    tight also create lonely safe cross dress evil silent bone fate perhaps anger class scar
+    snow tiny tonight continue control dog edge mirror month suddenly comfort given loud quickly gaze
+    plan rush stone town battle ignore spirit stood stupid yours brown build dust hey kept
+    pay phone twist although ball beyond hidden nose taken fail float pure somehow wash wrap
+    angry cheek creature forgotten heat rip single space special weak whatever yell anyway blame job
+    choose country curse drift echo figure grew laughter neck suffer worse yeah disappear foot forward
+    knife mess somewhere stomach storm beg idea lift offer breeze field five often simply stuck
+    win allow confuse enjoy except flower seek strength calm grin gun heavy hill large ocean
+    shoe sigh straight summer tongue accept crazy everyday exist grass mistake sent shut surround table
+    ache brain destroy heal nature shout sign stain choice doubt glance glow mountain queen stranger
+    throat tomorrow city either fish flame rather shape spin spread ash distance finish image imagine
+    important nobody shatter warmth became feed flesh funny lust shirt trouble yellow attention bare bite
+    money protect amaze appear born choke completely daughter fresh friendship gentle probably six deserve expect
+    grab middle nightmare river thousand weight worst wound barely bottle cream regret relationship stick test
+    crush endless fault itself rule spill art circle join kick mask master passion quick raise
+    smooth unless wander actually broke chair deal favorite gift note number sweat box chill clothes
+    lady mark park poor sadness tie animal belong brush consume dawn forest innocent pen pride
+    stream thick clay complete count draw faith press silver struggle surface taught teach wet bless
+    chase climb enter letter melt metal movie stretch swing vision wife beside crash forgot guide
+    haunt joke knock plant pour prove reveal steal stuff trip wood wrist bother bottom crawl
+    crowd fix forgive frown grace loose lucky party release surely survive teacher gently grip speed
+    suicide travel treat vein written cage chain conversation date enemy however interest million page pink
+    proud sway themselves winter church cruel cup demon experience freedom pair pop purpose respect shoot
+    softly state strange bar birth curl dirt excuse lord lovely monster order pack pants pool
+    scene seven shame slide ugly among blade blonde closet creek deny drug eternity gain grade
+    handle key linger pale prepare swallow swim tremble wheel won cast cigarette claim college direction
+    dirty gather ghost hundred loss lung orange present swear swirl twice wild bitter blanket doctor
+    everywhere flash grown knowledge numb pressure radio repeat ruin spend unknown buy clock devil early
+    false fantasy pound precious refuse sheet teeth welcome add ahead block bury caress content depth
+    despite distant marry purple threw whenever bomb dull easily grasp hospital innocence normal receive reply
+    rhyme shade someday sword toe visit asleep bought center consider flat hero history ink insane
+    muscle mystery pocket reflection shove silently smart soldier spot stress train type view whether bus
+    energy explain holy hunger inch magic mix noise nowhere prayer presence shock snap spider study
+    thunder trail admit agree bag bang bound butterfly cute exactly explode familiar fold further pierce
+    reflect scent selfish sharp sink spring stumble universe weep women wonderful action ancient attempt avoid
+    birthday branch chocolate core depress drunk especially focus fruit honest match palm perfectly pillow pity
+    poison roar shift slightly thump truck tune twenty unable wipe wrote coat constant dinner drove
+    egg eternal flight flood frame freak gasp glad hollow motion peer plastic root screen season
+    sting strike team unlike victim volume warn weird attack await awake built charm crave despair
+    fought grant grief horse limit message ripple sanity scatter serve split string trick annoy blur
+    boat brave clearly cling connect fist forth imagination iron jock judge lesson milk misery nail
+    naked ourselves poet possible princess sail size snake society stroke torture toss trace wise bloom
+    bullet cell check cost darling during footstep fragile hallway hardly horizon invisible journey midnight mud
+    nod pause relax shiver sudden value youth abuse admire blink breast bruise constantly couple creep
+    curve difference dumb emptiness gotta honor plain planet recall rub ship slam soar somebody tightly
+    weather adore approach bond bread burst candle coffee cousin crime desert flutter frozen grand heel
+    hello language level movement pleasure powerful random rhythm settle silly slap sort spoken steel threaten
+    tumble upset aside awkward bee blank board button card carefully complain crap deeply discover drag
+    dread effort entire fairy giant gotten greet illusion jeans leap liquid march mend nervous nine
+    replace rope spine stole terror accident apple balance boom childhood collect demand depression eventually faint
+    glare goal group honey kitchen laid limb machine mere mold murder nerve painful poetry prince
+    rabbit shelter shore shower soothe stair steady sunlight tangle tease treasure uncle begun bliss canvas
+    cheer claw clutch commit crimson crystal delight doll existence express fog football gay goose guard
+    hatred illuminate mass math mourn rich rough skip stir student style support thorn tough yard
+    yearn yesterday advice appreciate autumn bank beam bowl capture carve collapse confusion creation dove feather
+    girlfriend glory government harsh hop inner loser moonlight neighbor neither peach pig praise screw shield
+    shimmer sneak stab subject throughout thrown tower twirl wow army arrive bathroom bump cease cookie
+    couch courage dim guilt howl hum husband insult led lunch mock mostly natural nearly needle
+    nerd peaceful perfection pile price remove roam sanctuary serious shiny shook sob stolen tap vain
+    void warrior wrinkle affection apologize blossom bounce bridge cheap crumble decision descend desperately dig dot
+    flip frighten heartbeat huge lazy lick odd opinion process puzzle quietly retreat score sentence separate
+    situation skill soak square stray taint task tide underneath veil whistle anywhere bedroom bid bloody
+    burden careful compare concern curtain decay defeat describe double dreamer driver dwell evening flare flicker
+    grandma guitar harm horrible hungry indeed lace melody monkey nation object obviously rainbow salt scratch
+    shown shy stage stun third tickle useless weakness worship worthless afternoon beard boyfriend bubble busy
+    certain chin concrete desk diamond doom drawn due felicity freeze frost garden glide harmony hopefully
+    hunt jealous lightning mama mercy peel physical position pulse punch quit rant respond salty sane
+    satisfy savior sheep slept social sport tuck utter valley wolf aim alas alter arrow awaken
+    beaten belief brand ceiling cheese clue confidence connection daily disguise eager erase essence everytime expression
+    fan flag flirt foul fur giggle glorious ignorance law lifeless measure mighty muse north opposite
+    paradise patience patient pencil petal plate ponder possibly practice slice spell stock strife strip suffocate
+    suit tender tool trade velvet verse waist witch aunt bench bold cap certainly click companion
+    creator dart delicate determine dish dragon drama drum dude everybody feast forehead former fright fully
+    gas hook hurl invite juice manage moral possess raw rebel royal scale scary several slight
+    stubborn swell talent tea terrible thread torment trickle usually vast violence weave acid agony ashamed
+    awe belly blend blush character cheat common company coward creak danger deadly defense define depend
+    desperate destination dew duck dusty embarrass engine example explore foe freely frustrate generation glove guilty
+    health hurry idiot impossible inhale jaw kingdom mention mist moan mumble mutter observe ode pathetic
+    pattern pie prefer puff rape rare revenge rude scrape spiral squeeze strain sunset suspend sympathy
+    thigh throne total unseen weapon weary
+  TEXT
+
+  def self.encode(hex, words=Words)
+    n = words.size
+    [hex].pack("H*").unpack("N*").map{|x|
+      w1 = x % n
+      w2 = ((x / n) + w1) % n
+      w3 = ((x / n / n) + w2) % n
+      [ words[w1], words[w2], words[w3] ]
+    }.flatten
+  end
+
+  def self.decode(word_list, words=Words)
+    n = words.size
+    word_list.each_slice(3).map{|three_words|
+      w1, w2, w3 = three_words.map{|word| words.index(word) % n }
+      '%08x' % ( w1 + n*((w2-w1)%n) + n*n*((w3-w2)%n) )
+    }.join
+  end
+
+end
+
+
+
+if $0 == __FILE__
+  hex = "4c7d10656aa55383a5d88e3f63300af5e169918f4058bf349d99b20239909b61"
+  expected_words = ['horse', 'love', 'nose', 'speak', 'diamond', 'gaze', 'wash', 'drag', 'glance',
+                    'money', 'cease', 'soft', 'complete', 'huge', 'aside', 'confusion', 'touch',
+                    'grass', 'pie', 'play', 'bread', 'exactly', 'bubble', 'great']
+
+  # from http://brainwallet.org/#chains
+  hex = "ff64b72c431f75799f0c5ebe438e46dd"
+  expected_words = %w[muscle lot sea got revenge crack wait yeah gas study embrace spend]
+  hex = "18cfaf96961750c7a4e4e39c861d1415"
+  expected_words = %w[example poor twice expect decision master blame rub forward easy jump carve]
+
+  # from  https://en.bitcoin.it/wiki/Electrum#Brain_Wallet
+  hex = "431a62f1c86555d3c45e5c4d9e10c8c7"
+  expected_words = %w[constant forest adore false green weave stop guy fur freeze giggle clock]
+
+  #p Mnemonic.encode(hex)
+  p Mnemonic.encode(hex) == expected_words
+  #p Mnemonic.decode(expected_words)
+  p Mnemonic.decode(expected_words) == hex
+end
+

data/lib/bitcoin/ffi/openssl.rb

@@ -1,8 +1,9 @@
+# encoding: ascii-8bit
+
 # autoload when you need to re-generate a public_key from only its private_key.
 # ported from: https://github.com/sipa/bitcoin/blob/2d40fe4da9ea82af4b652b691a4185431d6e47a8/key.h
 
-Bitcoin.require_dependency :ffi, exit: false, message:
-  "Skipping FFI needed for OpenSSL_EC.regenerate_key."
+Bitcoin.require_dependency :ffi, exit: false, message: "Skipping FFI needed for OpenSSL_EC methods."
 
 module Bitcoin
 module OpenSSL_EC
@@ -10,32 +11,54 @@ module OpenSSL_EC
   ffi_lib 'ssl'
 
   NID_secp256k1 = 714
+  POINT_CONVERSION_COMPRESSED = 2
+  POINT_CONVERSION_UNCOMPRESSED = 4
 
   attach_function :SSL_library_init, [], :int
   attach_function :ERR_load_crypto_strings, [], :void
   attach_function :SSL_load_error_strings, [], :void
   attach_function :RAND_poll, [], :int
 
-  #attach_function :BN_bin2bn, [:string, :int, :pointer], :pointer
+  attach_function :BN_CTX_free, [:pointer], :int
+  attach_function :BN_CTX_new, [], :pointer
+  attach_function :BN_add, [:pointer, :pointer, :pointer], :int
   attach_function :BN_bin2bn, [:pointer, :int, :pointer], :pointer
-  attach_function :EC_KEY_new_by_curve_name, [:int], :pointer
-  attach_function :EC_KEY_get0_group, [:pointer], :pointer
+  attach_function :BN_bn2bin, [:pointer, :pointer], :void
+  attach_function :BN_cmp, [:pointer, :pointer], :int
+  attach_function :BN_copy, [:pointer, :pointer], :pointer
+  attach_function :BN_dup, [:pointer], :pointer
+  attach_function :BN_free, [:pointer], :int
+  attach_function :BN_mod_inverse, [:pointer, :pointer, :pointer, :pointer], :pointer
+  attach_function :BN_mod_mul, [:pointer, :pointer, :pointer, :pointer, :pointer], :int
+  attach_function :BN_mod_sub, [:pointer, :pointer, :pointer, :pointer, :pointer], :int
+  attach_function :BN_mul_word, [:pointer, :int], :int
   attach_function :BN_new, [], :pointer
-  attach_function :BN_CTX_new, [], :pointer
+  attach_function :BN_rshift, [:pointer, :pointer, :int], :int
+  attach_function :BN_set_word, [:pointer, :int], :int
+  attach_function :EC_GROUP_get_curve_GFp, [:pointer, :pointer, :pointer, :pointer, :pointer], :int
+  attach_function :EC_GROUP_get_degree, [:pointer], :int
   attach_function :EC_GROUP_get_order, [:pointer, :pointer, :pointer], :int
-  attach_function :EC_POINT_new, [:pointer], :pointer
-  attach_function :EC_POINT_mul, [:pointer, :pointer, :pointer, :pointer, :pointer, :pointer], :int
+  attach_function :EC_KEY_free, [:pointer], :int
+  attach_function :EC_KEY_get0_group, [:pointer], :pointer
+  attach_function :EC_KEY_get0_private_key, [:pointer], :pointer
+  attach_function :EC_KEY_new_by_curve_name, [:int], :pointer
+  attach_function :EC_KEY_set_conv_form, [:pointer, :int], :void
   attach_function :EC_KEY_set_private_key, [:pointer, :pointer], :int
   attach_function :EC_KEY_set_public_key,  [:pointer, :pointer], :int
-  attach_function :BN_free, [:pointer], :int
   attach_function :EC_POINT_free, [:pointer], :int
-  attach_function :BN_CTX_free, [:pointer], :int
-  attach_function :EC_KEY_free, [:pointer], :int
-  attach_function :i2o_ECPublicKey, [:pointer, :pointer], :uint
-  attach_function :i2d_ECPrivateKey, [:pointer, :pointer], :int
+  attach_function :EC_POINT_is_at_infinity, [:pointer, :pointer], :int
+  attach_function :EC_POINT_mul, [:pointer, :pointer, :pointer, :pointer, :pointer, :pointer], :int
+  attach_function :EC_POINT_new, [:pointer], :pointer
+  attach_function :EC_POINT_set_compressed_coordinates_GFp, [:pointer, :pointer, :pointer, :int, :pointer], :int
   attach_function :d2i_ECPrivateKey, [:pointer, :pointer, :long], :pointer
-  attach_function :EC_KEY_get0_private_key, [:pointer], :pointer
-  attach_function :BN_bn2bin, [:pointer, :pointer], :void
+  attach_function :i2d_ECPrivateKey, [:pointer, :pointer], :int
+  attach_function :i2o_ECPublicKey, [:pointer, :pointer], :uint
+  attach_function :EC_KEY_check_key, [:pointer], :uint
+  attach_function :ECDSA_do_sign, [:pointer, :uint, :pointer], :pointer
+  attach_function :BN_num_bits, [:pointer], :int
+  attach_function :ECDSA_SIG_free, [:pointer], :void
+
+  def self.BN_num_bytes(ptr); (BN_num_bits(ptr) + 7) / 8; end
 
 
   # resolve public from private key, using ffi and libssl.so
@@ -48,7 +71,7 @@ module OpenSSL_EC
     #private_key = FFI::MemoryPointer.new(:uint8, private_key.bytesize)
     #                .put_bytes(0, private_key, 0, private_key.bytesize)
     private_key = FFI::MemoryPointer.from_string(private_key)
- 
+
     init_ffi_ssl
     eckey = EC_KEY_new_by_curve_name(NID_secp256k1)
     #priv_key = BN_bin2bn(private_key, private_key.size, BN_new())
@@ -69,10 +92,11 @@ module OpenSSL_EC
 
 
     length = i2d_ECPrivateKey(eckey, nil)
-    ptr = FFI::MemoryPointer.new(:pointer)
+    buf = FFI::MemoryPointer.new(:uint8, length)
+    ptr = FFI::MemoryPointer.new(:pointer).put_pointer(0, buf)
     priv_hex = if i2d_ECPrivateKey(eckey, ptr) == length
-      size = ptr.read_pointer.get_array_of_uint8(8, 1)[0]
-      ptr.read_pointer.get_array_of_uint8(9, size).pack("C*").rjust(32, "\x00").unpack("H*")[0]
+      size = buf.get_array_of_uint8(8, 1)[0]
+      buf.get_array_of_uint8(9, size).pack("C*").rjust(32, "\x00").unpack("H*")[0]
       #der_to_private_key( ptr.read_pointer.read_string(length).unpack("H*")[0] )
     end
 
@@ -82,9 +106,10 @@ module OpenSSL_EC
 
 
     length = i2o_ECPublicKey(eckey, nil)
-    ptr = FFI::MemoryPointer.new(:pointer)
+    buf = FFI::MemoryPointer.new(:uint8, length)
+    ptr = FFI::MemoryPointer.new(:pointer).put_pointer(0, buf)
     pub_hex = if i2o_ECPublicKey(eckey, ptr) == length
-      ptr.read_pointer.read_string(length).unpack("H*")[0]
+      buf.read_string(length).unpack("H*")[0]
     end
 
     EC_KEY_free(eckey)
@@ -109,6 +134,147 @@ module OpenSSL_EC
     buf.read_string(32).unpack("H*")[0]
   end
 
+  # Given the components of a signature and a selector value, recover and
+  # return the public key that generated the signature according to the
+  # algorithm in SEC1v2 section 4.1.6.
+  #
+  # rec_id is an index from 0 to 3 that indicates which of the 4 possible
+  # keys is the correct one. Because the key recovery operation yields
+  # multiple potential keys, the correct key must either be stored alongside
+  # the signature, or you must be willing to try each rec_id in turn until
+  # you find one that outputs the key you are expecting.
+  #
+  # If this method returns nil, it means recovery was not possible and rec_id
+  # should be iterated.
+  #
+  # Given the above two points, a correct usage of this method is inside a
+  # for loop from 0 to 3, and if the output is nil OR a key that is not the
+  # one you expect, you try again with the next rec_id.
+  #
+  #   message_hash = hash of the signed message.
+  #   signature = the R and S components of the signature, wrapped.
+  #   rec_id = which possible key to recover.
+  #   is_compressed = whether or not the original pubkey was compressed.
+  def self.recover_public_key_from_signature(message_hash, signature, rec_id, is_compressed)
+    return nil if rec_id < 0 or signature.bytesize != 65
+    init_ffi_ssl
+
+    signature = FFI::MemoryPointer.from_string(signature)
+    #signature_bn = BN_bin2bn(signature, 65, BN_new())
+    r = BN_bin2bn(signature[1], 32, BN_new())
+    s = BN_bin2bn(signature[33], 32, BN_new())
+
+    n, i = 0, rec_id / 2
+    eckey = EC_KEY_new_by_curve_name(NID_secp256k1)
+
+    EC_KEY_set_conv_form(eckey, POINT_CONVERSION_COMPRESSED) if is_compressed
+
+    group = EC_KEY_get0_group(eckey)
+    order = BN_new()
+    EC_GROUP_get_order(group, order, nil)
+    x = BN_dup(order)
+    BN_mul_word(x, i)
+    BN_add(x, x, r)
+
+    field = BN_new()
+    EC_GROUP_get_curve_GFp(group, field, nil, nil, nil)
+
+    if BN_cmp(x, field) >= 0
+      [r, s, order, x, field].each{|i| BN_free(i) }
+      EC_KEY_free(eckey)
+      return nil
+    end
+
+    big_r = EC_POINT_new(group)
+    EC_POINT_set_compressed_coordinates_GFp(group, big_r, x, rec_id % 2, nil)
+
+    big_q = EC_POINT_new(group)
+    n = EC_GROUP_get_degree(group)
+    e = BN_bin2bn(message_hash, message_hash.bytesize, BN_new())
+    BN_rshift(e, e, 8 - (n & 7)) if 8 * message_hash.bytesize > n
+
+    ctx = BN_CTX_new()
+    zero, rr, sor, eor = BN_new(), BN_new(), BN_new(), BN_new()
+    BN_set_word(zero, 0)
+    BN_mod_sub(e, zero, e, order, ctx)
+    BN_mod_inverse(rr, r, order, ctx)
+    BN_mod_mul(sor, s, rr, order, ctx)
+    BN_mod_mul(eor, e, rr, order, ctx)
+    EC_POINT_mul(group, big_q, eor, big_r, sor, ctx)
+    EC_KEY_set_public_key(eckey, big_q)
+    BN_CTX_free(ctx)
+
+    [r, s, order, x, field, e, zero, rr, sor, eor].each{|i| BN_free(i) }
+    [big_r, big_q].each{|i| EC_POINT_free(i) }
+
+    length = i2o_ECPublicKey(eckey, nil)
+    buf = FFI::MemoryPointer.new(:uint8, length)
+    ptr = FFI::MemoryPointer.new(:pointer).put_pointer(0, buf)
+    pub_hex = if i2o_ECPublicKey(eckey, ptr) == length
+      buf.read_string(length).unpack("H*")[0]
+    end
+
+    EC_KEY_free(eckey)
+
+    pub_hex
+  end
+
+  def self.sign_compact(hash, private_key, public_key_hex = nil, pubkey_compressed = nil)
+    private_key = [private_key].pack("H*") if private_key.bytesize >= 64
+    private_key_hex = private_key.unpack("H*")[0]
+
+    public_key_hex = regenerate_key(private_key_hex).last unless public_key_hex
+    pubkey_compressed = (public_key_hex[0..1] == "04" ? false : true) unless pubkey_compressed
+
+    init_ffi_ssl
+    eckey = EC_KEY_new_by_curve_name(NID_secp256k1)
+    priv_key = BN_bin2bn(private_key, private_key.bytesize, BN_new())
+
+    group, order, ctx = EC_KEY_get0_group(eckey), BN_new(), BN_CTX_new()
+    EC_GROUP_get_order(group, order, ctx)
+
+    pub_key = EC_POINT_new(group)
+    EC_POINT_mul(group, pub_key, priv_key, nil, nil, ctx)
+    EC_KEY_set_private_key(eckey, priv_key)
+    EC_KEY_set_public_key(eckey, pub_key)
+
+    signature = ECDSA_do_sign(hash, hash.bytesize, eckey)
+
+    BN_free(order)
+    BN_CTX_free(ctx)
+    EC_POINT_free(pub_key)
+    BN_free(priv_key)
+    EC_KEY_free(eckey)
+
+    buf, rec_id, head = FFI::MemoryPointer.new(:uint8, 32), nil, nil
+    r, s = signature.get_array_of_pointer(0, 2).map{|i| BN_bn2bin(i, buf); buf.read_string(BN_num_bytes(i)).rjust(32, "\x00") }
+
+    if signature.get_array_of_pointer(0, 2).all?{|i| BN_num_bits(i) <= 256 }
+      4.times{|i|
+        head = [ 27 + i + (pubkey_compressed ? 4 : 0) ].pack("C")
+        if public_key_hex == recover_public_key_from_signature(hash, [head, r, s].join, i, pubkey_compressed)
+          rec_id = i; break
+        end
+      }
+    end
+
+    ECDSA_SIG_free(signature)
+
+    [ head, [r,s] ].join if rec_id
+  end
+
+  def self.recover_compact(hash, signature)
+    return false if signature.bytesize != 65
+    #i = signature.unpack("C")[0] - 27
+    #pubkey = recover_public_key_from_signature(hash, signature, (i & ~4), i >= 4)
+
+    version = signature.unpack('C')[0]
+    return false if version < 27 or version > 34
+
+    compressed = (version >= 31) ? (version -= 4; true) : false
+    pubkey = recover_public_key_from_signature(hash, signature, version-27, compressed)
+  end
+
   def self.init_ffi_ssl
     return if @ssl_loaded
     SSL_library_init()