bsv-sdk 0.2.0 → 0.3.0

data/lib/bsv/primitives/signed_message.rb

@@ -0,0 +1,104 @@
+# frozen_string_literal: true
+
+require 'securerandom'
+
+module BSV
+  module Primitives
+    # BRC-77 signed messages.
+    #
+    # Provides authenticated messaging using BRC-42 derived signing keys.
+    # The sender proves their identity to a specific recipient (or anyone)
+    # without encrypting the message content.
+    #
+    # @example Sign and verify for a specific recipient
+    #   sig = SignedMessage.sign(message, sender_priv, recipient_pub)
+    #   SignedMessage.verify(message, sig, recipient_priv) #=> true
+    #
+    # @example Sign for anyone to verify
+    #   sig = SignedMessage.sign(message, sender_priv)
+    #   SignedMessage.verify(message, sig) #=> true
+    #
+    # @see https://github.com/bitcoin-sv/BRCs/blob/master/peer-to-peer/0077.md
+    module SignedMessage
+      # Protocol version bytes: "BB3\x01"
+      VERSION = "\x42\x42\x33\x01".b.freeze
+
+      module_function
+
+      # Sign a message using the BRC-77 protocol.
+      #
+      # @param message [String] the message to sign
+      # @param signer [PrivateKey] the sender's private key
+      # @param verifier [PublicKey, nil] the recipient's public key (nil for anyone-can-verify)
+      # @return [String] binary signed message (version + keys + key_id + DER signature)
+      def sign(message, signer, verifier = nil)
+        anyone = verifier.nil?
+        verifier = PrivateKey.new(OpenSSL::BN.new(1)).public_key if anyone
+
+        key_id = SecureRandom.random_bytes(32)
+        invoice = "2-message signing-#{[key_id].pack('m0')}"
+
+        signing_key = signer.derive_child(verifier, invoice)
+        hash = Digest.sha256(message.b)
+        signature = signing_key.sign(hash)
+
+        VERSION +
+          signer.public_key.compressed +
+          (anyone ? "\x00".b : verifier.compressed) +
+          key_id +
+          signature.to_der
+      end
+
+      # Verify a BRC-77 signed message.
+      #
+      # @param message [String] the original message
+      # @param sig [String] the binary signature (from {.sign})
+      # @param recipient [PrivateKey, nil] the recipient's private key (nil for anyone-can-verify)
+      # @return [Boolean] true if the signature is valid
+      # @raise [ArgumentError] if the version is wrong, recipient is required but missing, or recipient doesn't match
+      def verify(message, sig, recipient = nil)
+        sig = sig.b
+        raise ArgumentError, "signed message too short: #{sig.bytesize} bytes" if sig.bytesize < 38
+
+        version = sig.byteslice(0, 4)
+        raise ArgumentError, "message version mismatch: expected #{VERSION.unpack1('H*')}, received #{version.unpack1('H*')}" if version != VERSION
+
+        sender_pub = PublicKey.from_bytes(sig.byteslice(4, 33))
+        verifier_first = sig.getbyte(37)
+
+        if verifier_first.zero?
+          # Anyone-can-verify mode
+          recipient = PrivateKey.new(OpenSSL::BN.new(1))
+          key_id_offset = 38
+        else
+          # Specific recipient
+          verifier_pub_bytes = sig.byteslice(37, 33)
+          verifier_pub_hex = verifier_pub_bytes.unpack1('H*')
+
+          if recipient.nil?
+            raise ArgumentError,
+                  "this signature can only be verified with knowledge of a specific private key. The associated public key is: #{verifier_pub_hex}"
+          end
+
+          recipient_pub_hex = recipient.public_key.compressed.unpack1('H*')
+          if verifier_pub_hex != recipient_pub_hex
+            raise ArgumentError,
+                  "the recipient public key is #{recipient_pub_hex} but the signature requires the recipient to have public key #{verifier_pub_hex}"
+          end
+
+          key_id_offset = 70
+        end
+
+        key_id = sig.byteslice(key_id_offset, 32)
+        der_bytes = sig.byteslice(key_id_offset + 32, sig.bytesize - key_id_offset - 32)
+
+        invoice = "2-message signing-#{[key_id].pack('m0')}"
+        signing_pub = sender_pub.derive_child(recipient, invoice)
+
+        signature = Signature.from_der(der_bytes)
+        hash = Digest.sha256(message.b)
+        ECDSA.verify(hash, signature, signing_pub.point)
+      end
+    end
+  end
+end

data/lib/bsv/primitives/symmetric_key.rb

@@ -0,0 +1,128 @@
+# frozen_string_literal: true
+
+require 'openssl'
+require 'securerandom'
+
+module BSV
+  module Primitives
+    # AES-256-GCM symmetric encryption.
+    #
+    # Provides authenticated encryption matching the interface used by the
+    # TS, Go, and Python reference SDKs. The wire format is:
+    #
+    #   |--- 32-byte IV ---|--- ciphertext ---|--- 16-byte auth tag ---|
+    #
+    # All three reference SDKs use a 32-byte IV (non-standard but
+    # cross-SDK compatible) and 16-byte authentication tag.
+    #
+    # @example Round-trip encryption
+    #   key = BSV::Primitives::SymmetricKey.from_random
+    #   encrypted = key.encrypt('hello world')
+    #   key.decrypt(encrypted) #=> "hello world"
+    class SymmetricKey
+      IV_SIZE = 32
+      TAG_SIZE = 16
+      KEY_SIZE = 32
+
+      # @param key_bytes [String] 32-byte binary key (shorter keys are left-zero-padded)
+      # @raise [ArgumentError] if key is empty or longer than 32 bytes
+      def initialize(key_bytes)
+        key_bytes = key_bytes.b
+        raise ArgumentError, 'key must not be empty' if key_bytes.empty?
+        raise ArgumentError, "key must be at most #{KEY_SIZE} bytes, got #{key_bytes.bytesize}" if key_bytes.bytesize > KEY_SIZE
+
+        @key = if key_bytes.bytesize < KEY_SIZE
+                 ("\x00".b * (KEY_SIZE - key_bytes.bytesize)) + key_bytes
+               else
+                 key_bytes
+               end
+      end
+
+      # Generate a random symmetric key.
+      #
+      # @return [SymmetricKey]
+      def self.from_random
+        new(SecureRandom.random_bytes(KEY_SIZE))
+      end
+
+      # Derive a symmetric key from an ECDH shared secret.
+      #
+      # Computes the shared point between the two parties and uses the
+      # X-coordinate as the key material. The X-coordinate may be 31 or
+      # 32 bytes; shorter values are left-zero-padded automatically.
+      #
+      # @example Alice and Bob derive the same key
+      #   alice_key = SymmetricKey.from_ecdh(alice_priv, bob_pub)
+      #   bob_key   = SymmetricKey.from_ecdh(bob_priv, alice_pub)
+      #   alice_key.to_bytes == bob_key.to_bytes #=> true
+      #
+      # @param private_key [PrivateKey] one party's private key
+      # @param public_key [PublicKey] the other party's public key
+      # @return [SymmetricKey]
+      def self.from_ecdh(private_key, public_key)
+        shared = private_key.derive_shared_secret(public_key)
+        # X-coordinate = bytes 1..32 of the compressed point (skip the 02/03 prefix)
+        x_bytes = shared.compressed.byteslice(1, 32)
+        new(x_bytes)
+      end
+
+      # Encrypt a message with AES-256-GCM.
+      #
+      # Generates a random 32-byte IV per call. Returns the concatenation
+      # of IV, ciphertext, and 16-byte authentication tag.
+      #
+      # @param plaintext [String] the message to encrypt
+      # @return [String] binary string: IV (32) + ciphertext + auth tag (16)
+      def encrypt(plaintext)
+        iv = SecureRandom.random_bytes(IV_SIZE)
+
+        cipher = OpenSSL::Cipher.new('aes-256-gcm')
+        cipher.encrypt
+        cipher.key = @key
+        cipher.iv_len = IV_SIZE
+        cipher.iv = iv
+        cipher.auth_data = ''.b
+
+        plaintext_bytes = plaintext.b
+        ciphertext = plaintext_bytes.empty? ? cipher.final : cipher.update(plaintext_bytes) + cipher.final
+        tag = cipher.auth_tag(TAG_SIZE)
+
+        iv + ciphertext + tag
+      end
+
+      # Decrypt an AES-256-GCM encrypted message.
+      #
+      # Expects the wire format: IV (32) + ciphertext + auth tag (16).
+      #
+      # @param data [String] the encrypted message
+      # @return [String] the decrypted plaintext (binary)
+      # @raise [ArgumentError] if the data is too short
+      # @raise [OpenSSL::Cipher::CipherError] if authentication fails (wrong key or tampered data)
+      def decrypt(data)
+        data = data.b
+        raise ArgumentError, "ciphertext too short: #{data.bytesize} bytes (minimum #{IV_SIZE + TAG_SIZE})" if data.bytesize < IV_SIZE + TAG_SIZE
+
+        iv = data.byteslice(0, IV_SIZE)
+        tag = data.byteslice(-TAG_SIZE, TAG_SIZE)
+        ciphertext = data.byteslice(IV_SIZE, data.bytesize - IV_SIZE - TAG_SIZE)
+
+        decipher = OpenSSL::Cipher.new('aes-256-gcm')
+        decipher.decrypt
+        decipher.key = @key
+        decipher.iv_len = IV_SIZE
+        decipher.iv = iv
+        decipher.auth_tag = tag
+        decipher.auth_data = ''.b
+
+        ciphertext.empty? ? decipher.final : decipher.update(ciphertext) + decipher.final
+      end
+
+      # Return the raw key bytes.
+      #
+      # @return [String] 32-byte binary key
+      def to_bytes
+        @key.dup
+      end
+    end
+  end
+end

data/lib/bsv/primitives.rb

@@ -7,17 +7,23 @@ module BSV
   # HD key derivation (BIP-32), and mnemonic phrase generation (BIP-39).
   # All cryptography uses Ruby's stdlib +openssl+ — no external gems.
   module Primitives
-    autoload :Curve,      'bsv/primitives/curve'
-    autoload :Digest,     'bsv/primitives/digest'
-    autoload :Base58,     'bsv/primitives/base58'
-    autoload :Signature,  'bsv/primitives/signature'
-    autoload :ECDSA,      'bsv/primitives/ecdsa'
-    autoload :ECIES,      'bsv/primitives/ecies'
-    autoload :BSM,        'bsv/primitives/bsm'
-    autoload :Schnorr, 'bsv/primitives/schnorr'
-    autoload :PublicKey, 'bsv/primitives/public_key'
-    autoload :PrivateKey,  'bsv/primitives/private_key'
-    autoload :ExtendedKey, 'bsv/primitives/extended_key'
-    autoload :Mnemonic,    'bsv/primitives/mnemonic'
+    autoload :Curve,        'bsv/primitives/curve'
+    autoload :Digest,       'bsv/primitives/digest'
+    autoload :Base58,       'bsv/primitives/base58'
+    autoload :Signature,    'bsv/primitives/signature'
+    autoload :ECDSA,        'bsv/primitives/ecdsa'
+    autoload :ECIES,        'bsv/primitives/ecies'
+    autoload :BSM,          'bsv/primitives/bsm'
+    autoload :Schnorr,      'bsv/primitives/schnorr'
+    autoload :PublicKey,    'bsv/primitives/public_key'
+    autoload :PrivateKey,   'bsv/primitives/private_key'
+    autoload :ExtendedKey,  'bsv/primitives/extended_key'
+    autoload :Mnemonic,     'bsv/primitives/mnemonic'
+    autoload :SymmetricKey,         'bsv/primitives/symmetric_key'
+    autoload :SignedMessage,        'bsv/primitives/signed_message'
+    autoload :EncryptedMessage,     'bsv/primitives/encrypted_message'
+    autoload :PointInFiniteField,   'bsv/primitives/point_in_finite_field'
+    autoload :Polynomial,           'bsv/primitives/polynomial'
+    autoload :KeyShares,            'bsv/primitives/key_shares'
   end
 end

data/lib/bsv/script/interpreter/interpreter.rb

@@ -96,9 +96,7 @@ module BSV
           break if @early_return && script_idx == 1
 
           # Between scripts: verify conditionals balanced
-          unless @cond_stack.empty?
-            raise ScriptError.new(ScriptErrorCode::UNBALANCED_CONDITIONAL, 'unbalanced conditional')
-          end
+          raise ScriptError.new(ScriptErrorCode::UNBALANCED_CONDITIONAL, 'unbalanced conditional') unless @cond_stack.empty?
 
           # Clear alt stack between scripts
           @astack.clear

data/lib/bsv/script/interpreter/operations/bitwise.rb

@@ -55,9 +55,7 @@ module BSV
           def pop_equal_length_pair
             a = @dstack.pop_bytes
             b = @dstack.pop_bytes
-            if a.bytesize != b.bytesize
-              raise ScriptError.new(ScriptErrorCode::INVALID_INPUT_LENGTH, 'byte arrays are not the same length')
-            end
+            raise ScriptError.new(ScriptErrorCode::INVALID_INPUT_LENGTH, 'byte arrays are not the same length') if a.bytesize != b.bytesize
 
             [a, b]
           end

data/lib/bsv/script/interpreter/operations/crypto.rb

@@ -52,9 +52,7 @@ module BSV
             result = verify_checksig(full_sig, pubkey_bytes)
 
             # NULLFAIL: non-empty signature that failed verification
-            unless result
-              raise ScriptError.new(ScriptErrorCode::SIG_NULLFAIL, 'non-empty signature failed verification')
-            end
+            raise ScriptError.new(ScriptErrorCode::SIG_NULLFAIL, 'non-empty signature failed verification') unless result
 
             @dstack.push_bool(true)
           end
@@ -85,18 +83,14 @@ module BSV
 
             # Dummy element (off-by-one bug compatibility)
             dummy = @dstack.pop_bytes
-            unless dummy.empty?
-              raise ScriptError.new(ScriptErrorCode::SIG_NULLDUMMY, 'CHECKMULTISIG dummy element must be empty')
-            end
+            raise ScriptError.new(ScriptErrorCode::SIG_NULLDUMMY, 'CHECKMULTISIG dummy element must be empty') unless dummy.empty?
 
             success = multisig_match?(signatures, pubkeys)
 
             # NULLFAIL: if failed, all signatures must be empty
             unless success
               signatures.each do |sig|
-                unless sig.empty?
-                  raise ScriptError.new(ScriptErrorCode::SIG_NULLFAIL, 'non-empty signature failed verification')
-                end
+                raise ScriptError.new(ScriptErrorCode::SIG_NULLFAIL, 'non-empty signature failed verification') unless sig.empty?
               end
             end
 

data/lib/bsv/script/interpreter/operations/flow_control.rb

@@ -30,9 +30,7 @@ module BSV
 
           # OP_ELSE: toggle conditional branch (only one ELSE per IF after genesis)
           def op_else
-            if @cond_stack.empty?
-              raise ScriptError.new(ScriptErrorCode::UNBALANCED_CONDITIONAL, 'OP_ELSE without matching OP_IF')
-            end
+            raise ScriptError.new(ScriptErrorCode::UNBALANCED_CONDITIONAL, 'OP_ELSE without matching OP_IF') if @cond_stack.empty?
 
             # After genesis: only one ELSE per IF
             raise ScriptError.new(ScriptErrorCode::UNBALANCED_CONDITIONAL, 'duplicate OP_ELSE') if @else_stack.pop
@@ -47,9 +45,7 @@ module BSV
 
           # OP_ENDIF: close conditional block
           def op_endif
-            if @cond_stack.empty?
-              raise ScriptError.new(ScriptErrorCode::UNBALANCED_CONDITIONAL, 'OP_ENDIF without matching OP_IF')
-            end
+            raise ScriptError.new(ScriptErrorCode::UNBALANCED_CONDITIONAL, 'OP_ENDIF without matching OP_IF') if @cond_stack.empty?
 
             @cond_stack.pop
             @else_stack.pop

data/lib/bsv/script/interpreter/operations/splice.rb

@@ -44,9 +44,7 @@ module BSV
             size = @dstack.pop_int.to_i32
             data = @dstack.pop_bytes
 
-            if size.negative?
-              raise ScriptError.new(ScriptErrorCode::INVALID_INPUT_LENGTH, 'OP_NUM2BIN: size is negative')
-            end
+            raise ScriptError.new(ScriptErrorCode::INVALID_INPUT_LENGTH, 'OP_NUM2BIN: size is negative') if size.negative?
 
             minimal = ScriptNumber.minimally_encode(data)
 

data/lib/bsv/script/interpreter/script_number.rb

@@ -44,10 +44,7 @@ module BSV
         return new(0) if bytes.empty?
 
         if bytes.bytesize > max_length
-          raise ScriptError.new(
-            ScriptErrorCode::NUMBER_TOO_BIG,
-            "script number overflow: #{bytes.bytesize} > #{max_length}"
-          )
+          raise ScriptError.new ScriptErrorCode::NUMBER_TOO_BIG, "script number overflow: #{bytes.bytesize} > #{max_length}"
         end
 
         check_minimal_encoding!(bytes) if require_minimal
@@ -202,9 +199,7 @@ module BSV
         return if msb.anybits?(0x7f)
 
         # Single byte that is pure sign/zero (0x00 or 0x80) — not minimal
-        if bytes.bytesize == 1
-          raise ScriptError.new(ScriptErrorCode::MINIMAL_DATA, 'non-minimal script number encoding')
-        end
+        raise ScriptError.new(ScriptErrorCode::MINIMAL_DATA, 'non-minimal script number encoding') if bytes.bytesize == 1
 
         # Padding is justified if second-to-last byte has high bit set
         return if bytes.getbyte(bytes.bytesize - 2) & 0x80 != 0