@exodus/bip322-js 3.0.0 → 3.2.0

package/CHANGELOG.md

@@ -3,6 +3,18 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [3.2.0](https://github.com/ExodusMovement/exodus-hydra/compare/@exodus/bip322-js@3.1.0...@exodus/bip322-js@3.2.0) (2025-12-26)
+
+### Features
+
+- feat(bip322-js): export Verifier for BIP-322 signature verification (#14641)
+
+## [3.1.0](https://github.com/ExodusMovement/exodus-hydra/compare/@exodus/bip322-js@3.0.0...@exodus/bip322-js@3.1.0) (2025-09-16)
+
+### Features
+
+- feat: update bip322-js and bitcoinjs (#13812)
+
 ## [3.0.0](https://github.com/ExodusMovement/exodus-hydra/compare/@exodus/bip322-js@2.2.0...@exodus/bip322-js@3.0.0) (2025-09-10)
 
 ### ⚠ BREAKING CHANGES

package/dist/Signer.js

@@ -34,8 +34,8 @@ export const createSigner = (encodedKey, network) => {
                     format: 'buffer',
                 });
             }
-            assert(signatureType === 'ecdsa');
-            assert(enc === 'sig' || enc === 'sig,rec');
+            assert(signatureType === 'ecdsa', 'Invalid signature type');
+            assert(enc === 'sig' || enc === 'sig,rec', 'Invalid encoding');
             return secp256k1.ecdsaSignHash({
                 hash: data,
                 privateKey,

package/dist/Verifier.d.ts

@@ -0,0 +1,8 @@
+declare class Verifier {
+    static verifySignature(signerAddress: string, message: string, signature: Buffer): Promise<boolean>;
+    private static verifyBIP137Signature;
+    private static getHashForSigP2WPKH;
+    private static getHashForSigP2SHInP2WPKH;
+    private static getHashForSigP2TR;
+}
+export default Verifier;

package/dist/Verifier.js

@@ -0,0 +1,127 @@
+import * as bitcoin from '@exodus/bitcoinjs';
+import { ecdsaVerifyHashSync, schnorrVerify } from '@exodus/crypto/secp256k1';
+import Address from './Address.js';
+import BIP322 from './BIP322.js';
+import { decodeScriptSignature } from './bitcoinjs/DecodeScriptSignature.js';
+import * as bitcoinMessage from './bitcoinjs-message-verify.js';
+import BIP137 from './helpers/BIP137.js';
+class Verifier {
+    static async verifySignature(signerAddress, message, signature) {
+        if (!Buffer.isBuffer(signature)) {
+            throw new TypeError('signature must be a Buffer');
+        }
+        if (Address.isP2PKH(signerAddress) || BIP137.isBIP137Signature(signature)) {
+            return this.verifyBIP137Signature(signerAddress, message, signature);
+        }
+        const scriptPubKey = Address.convertAdressToScriptPubkey(signerAddress);
+        const toSpendTx = BIP322.buildToSpendTx(message, scriptPubKey);
+        const toSignTx = BIP322.buildToSignTx(toSpendTx.getId(), scriptPubKey);
+        toSignTx.updateInput(0, {
+            finalScriptWitness: signature,
+        });
+        const witness = toSignTx.extractTransaction().ins[0].witness;
+        const encodedSignature = witness[0];
+        if (Address.isP2WPKHWitness(witness)) {
+            const publicKey = witness[1];
+            const { signature } = decodeScriptSignature(encodedSignature);
+            const hashedPubkey = bitcoin.crypto.hash160(publicKey);
+            let hashToSign;
+            if (Address.isP2SH(signerAddress)) {
+                hashToSign = this.getHashForSigP2SHInP2WPKH(toSignTx, hashedPubkey);
+                const lockingScript = Buffer.concat([Buffer.from([0x00, 0x14]), hashedPubkey]);
+                const hashedLockingScript = bitcoin.crypto.hash160(lockingScript);
+                const hashedLockingScriptInScriptPubKey = scriptPubKey.subarray(2, -1);
+                if (Buffer.compare(hashedLockingScript, hashedLockingScriptInScriptPubKey) !== 0) {
+                    return false;
+                }
+            }
+            else {
+                hashToSign = this.getHashForSigP2WPKH(toSignTx);
+                const hashedPubkeyInScriptPubkey = scriptPubKey.subarray(2);
+                if (Buffer.compare(hashedPubkey, hashedPubkeyInScriptPubkey) !== 0) {
+                    return false;
+                }
+            }
+            return ecdsaVerifyHashSync({ hash: hashToSign, publicKey, signature });
+        }
+        if (Address.isP2TR(signerAddress)) {
+            if (!Address.isSingleKeyP2TRWitness(witness)) {
+                throw new Error('BIP-322 verification from script-spend P2TR is unsupported.');
+            }
+            const publicKey = scriptPubKey.subarray(2);
+            let hashToSign;
+            let signature;
+            if (encodedSignature.byteLength === 64) {
+                hashToSign = this.getHashForSigP2TR(toSignTx, 0x00);
+                signature = encodedSignature;
+            }
+            else if (encodedSignature.byteLength === 65) {
+                hashToSign = this.getHashForSigP2TR(toSignTx, encodedSignature[64]);
+                signature = encodedSignature.subarray(0, -1);
+            }
+            else {
+                throw new Error('Invalid Schnorr signature provided.');
+            }
+            return schnorrVerify({ data: hashToSign, xOnly: publicKey, signature });
+        }
+        throw new Error('Only P2WPKH, P2SH-P2WPKH, and single-key-spend P2TR BIP-322 verification is supported. Unsupported address is provided.');
+    }
+    static verifyBIP137Signature(signerAddress, message, signature) {
+        if (Address.isP2PKH(signerAddress)) {
+            return bitcoinMessage.verify(message, signerAddress, signature);
+        }
+        const publicKeySigned = BIP137.derivePubKey(message, signature);
+        const legacySigningAddress = Address.convertPubKeyIntoAddress(publicKeySigned, 'p2pkh').mainnet;
+        if (Address.isP2SH(signerAddress)) {
+            const p2shAddressDerived = Address.convertPubKeyIntoAddress(publicKeySigned, 'p2sh-p2wpkh');
+            if (p2shAddressDerived.mainnet !== signerAddress &&
+                p2shAddressDerived.testnet !== signerAddress) {
+                return false;
+            }
+        }
+        else if (Address.isP2WPKH(signerAddress)) {
+            const p2wpkhAddressDerived = Address.convertPubKeyIntoAddress(publicKeySigned, 'p2wpkh');
+            if (p2wpkhAddressDerived.mainnet !== signerAddress &&
+                p2wpkhAddressDerived.testnet !== signerAddress) {
+                return false;
+            }
+        }
+        else if (Address.isP2TR(signerAddress)) {
+            const p2trAddressDerived = Address.convertPubKeyIntoAddress(publicKeySigned, 'p2tr');
+            if (p2trAddressDerived.mainnet !== signerAddress &&
+                p2trAddressDerived.testnet !== signerAddress) {
+                return false;
+            }
+        }
+        else {
+            return false;
+        }
+        return bitcoinMessage.verify(message, legacySigningAddress, signature);
+    }
+    static getHashForSigP2WPKH(toSignTx) {
+        const signingScript = bitcoin.payments.p2pkh({
+            hash: toSignTx.data.inputs[0].witnessUtxo.script.subarray(2),
+        }).output;
+        return toSignTx
+            .extractTransaction()
+            .hashForWitnessV0(0, signingScript, 0, bitcoin.Transaction.SIGHASH_ALL);
+    }
+    static getHashForSigP2SHInP2WPKH(toSignTx, hashedPubkey) {
+        const signingScript = bitcoin.payments.p2pkh({
+            hash: hashedPubkey,
+        }).output;
+        return toSignTx
+            .extractTransaction()
+            .hashForWitnessV0(0, signingScript, 0, bitcoin.Transaction.SIGHASH_ALL);
+    }
+    static getHashForSigP2TR(toSignTx, hashType) {
+        if (hashType !== bitcoin.Transaction.SIGHASH_DEFAULT &&
+            hashType !== bitcoin.Transaction.SIGHASH_ALL) {
+            throw new Error('Invalid SIGHASH used in signature. Must be either SIGHASH_ALL or SIGHASH_DEFAULT.');
+        }
+        return toSignTx
+            .extractTransaction()
+            .hashForWitnessV1(0, [toSignTx.data.inputs[0].witnessUtxo.script], [0], hashType);
+    }
+}
+export default Verifier;

package/dist/bitcoinjs/DecodeScriptSignature.d.ts

@@ -0,0 +1,6 @@
+interface ScriptSignature {
+    signature: Buffer;
+    hashType: number;
+}
+export declare function decodeScriptSignature(buffer: Buffer): ScriptSignature;
+export {};

package/dist/bitcoinjs/DecodeScriptSignature.js

@@ -0,0 +1,57 @@
+export function decodeScriptSignature(buffer) {
+    const hashType = buffer.readUInt8(buffer.length - 1);
+    const hashTypeMod = hashType & ~0x80;
+    if (hashTypeMod <= 0 || hashTypeMod >= 4)
+        throw new Error('Invalid hashType ' + hashType);
+    const decoded = decode2(buffer.slice(0, -1));
+    const r = fromDER(decoded.r);
+    const s = fromDER(decoded.s);
+    const signature = Buffer.concat([r, s], 64);
+    return { signature, hashType };
+}
+function fromDER(x) {
+    if (x[0] === 0x00)
+        x = x.slice(1);
+    const buffer = Buffer.alloc(32, 0);
+    const bstart = Math.max(0, 32 - x.length);
+    x.copy(buffer, bstart);
+    return buffer;
+}
+function decode2(buffer) {
+    if (buffer.length < 8)
+        throw new Error('DER sequence length is too short');
+    if (buffer.length > 72)
+        throw new Error('DER sequence length is too long');
+    if (buffer[0] !== 0x30)
+        throw new Error('Expected DER sequence');
+    if (buffer[1] !== buffer.length - 2)
+        throw new Error('DER sequence length is invalid');
+    if (buffer[2] !== 0x02)
+        throw new Error('Expected DER integer');
+    const lenR = buffer[3];
+    if (lenR === 0)
+        throw new Error('R length is zero');
+    if (5 + lenR >= buffer.length)
+        throw new Error('R length is too long');
+    if (buffer[4 + lenR] !== 0x02)
+        throw new Error('Expected DER integer (2)');
+    const lenS = buffer[5 + lenR];
+    if (lenS === 0)
+        throw new Error('S length is zero');
+    if (6 + lenR + lenS !== buffer.length)
+        throw new Error('S length is invalid');
+    if (buffer[4] & 0x80)
+        throw new Error('R value is negative');
+    if (lenR > 1 && buffer[4] === 0x00 && !(buffer[5] & 0x80)) {
+        throw new Error('R value excessively padded');
+    }
+    if (buffer[lenR + 6] & 0x80)
+        throw new Error('S value is negative');
+    if (lenS > 1 && buffer[lenR + 6] === 0x00 && !(buffer[lenR + 7] & 0x80)) {
+        throw new Error('S value excessively padded');
+    }
+    return {
+        r: buffer.slice(4, 4 + lenR),
+        s: buffer.slice(6 + lenR),
+    };
+}

package/dist/bitcoinjs-message-verify.d.ts

@@ -0,0 +1 @@
+export declare function verify(message: string, address: string, signature: Buffer, messagePrefix?: string, checkSegwitAlways?: boolean): boolean;

package/dist/bitcoinjs-message-verify.js

@@ -0,0 +1,87 @@
+import { fromBase58checkSync } from '@exodus/bytes/base58check.js';
+import { hashSync } from '@exodus/crypto/hash';
+import { recoverPublicKey } from '@noble/secp256k1';
+import bech32 from 'bech32';
+import varuint from 'varuint-bitcoin';
+const SEGWIT_TYPES = {
+    P2WPKH: 'p2wpkh',
+    P2SH_P2WPKH: 'p2sh(p2wpkh)',
+};
+const hash256 = (buffer) => hashSync('sha256', hashSync('sha256', buffer), 'buffer');
+const hash160 = (buffer) => hashSync('hash160', buffer, 'buffer');
+const bufferEquals = (buffer1, buffer2) => {
+    return Buffer.compare(buffer1, buffer2) === 0;
+};
+function decodeSignature(buffer) {
+    if (buffer.length !== 65)
+        throw new Error('Invalid signature length');
+    const flagByte = buffer.readUInt8(0) - 27;
+    if (flagByte > 15 || flagByte < 0)
+        throw new Error('Invalid signature parameter');
+    return {
+        compressed: !!(flagByte & 12),
+        segwitType: flagByte & 8 ? (flagByte & 4 ? SEGWIT_TYPES.P2WPKH : SEGWIT_TYPES.P2SH_P2WPKH) : null,
+        recovery: flagByte & 3,
+        signature: buffer.slice(1),
+    };
+}
+function magicHash(message, messagePrefix = '\u0018Bitcoin Signed Message:\n') {
+    if (!Buffer.isBuffer(messagePrefix))
+        messagePrefix = Buffer.from(messagePrefix, 'utf8');
+    if (!Buffer.isBuffer(message))
+        message = Buffer.from(message, 'utf8');
+    const messageVISize = varuint.encodingLength(message.length);
+    const buffer = Buffer.alloc(messagePrefix.length + messageVISize + message.length);
+    messagePrefix.copy(buffer, 0);
+    varuint.encode(message.length, buffer, messagePrefix.length);
+    message.copy(buffer, messagePrefix.length + messageVISize);
+    return hash256(buffer);
+}
+function segwitRedeemHash(publicKeyHash) {
+    const redeemScript = Buffer.concat([Buffer.from('0014', 'hex'), publicKeyHash]);
+    return hash160(redeemScript);
+}
+function decodeBech32(address) {
+    const result = bech32.decode(address);
+    const data = bech32.fromWords(result.words.slice(1));
+    return Buffer.from(data);
+}
+export function verify(message, address, signature, messagePrefix, checkSegwitAlways) {
+    if (!Buffer.isBuffer(signature)) {
+        throw new TypeError('signature must be a Buffer');
+    }
+    const parsed = decodeSignature(signature);
+    if (checkSegwitAlways && !parsed.compressed) {
+        throw new Error('checkSegwitAlways can only be used with a compressed pubkey signature flagbyte');
+    }
+    const hash = magicHash(message, messagePrefix);
+    const publicKey = Buffer.from(recoverPublicKey(hash, parsed.signature, parsed.recovery, parsed.compressed));
+    const publicKeyHash = hash160(publicKey);
+    let actual, expected;
+    if (parsed.segwitType) {
+        if (parsed.segwitType === SEGWIT_TYPES.P2SH_P2WPKH) {
+            actual = segwitRedeemHash(publicKeyHash);
+            expected = Buffer.from(fromBase58checkSync(address).slice(1));
+        }
+        else {
+            actual = publicKeyHash;
+            expected = decodeBech32(address);
+        }
+    }
+    else if (checkSegwitAlways) {
+        try {
+            expected = decodeBech32(address);
+            return bufferEquals(publicKeyHash, expected);
+        }
+        catch {
+            const redeemHash = segwitRedeemHash(publicKeyHash);
+            expected = Buffer.from(fromBase58checkSync(address).slice(1));
+            return bufferEquals(publicKeyHash, expected) || bufferEquals(redeemHash, expected);
+        }
+    }
+    else {
+        actual = publicKeyHash;
+        expected = Buffer.from(fromBase58checkSync(address).slice(1));
+    }
+    return bufferEquals(actual, expected);
+}

package/dist/helpers/BIP137.d.ts

@@ -0,0 +1,6 @@
+declare class BIP137 {
+    static isBIP137Signature(signature: Buffer): boolean;
+    static derivePubKey(message: string, signature: Buffer): Buffer;
+    private static decodeSignature;
+}
+export default BIP137;

package/dist/helpers/BIP137.js

@@ -0,0 +1,27 @@
+import * as bitcoinMessage from '@exodus/bitcoinjs/message';
+import { recoverPublicKey } from '@noble/secp256k1';
+class BIP137 {
+    static isBIP137Signature(signature) {
+        return signature.byteLength === 65;
+    }
+    static derivePubKey(message, signature) {
+        const messageHash = bitcoinMessage.magicHash(message);
+        const signatureDecoded = this.decodeSignature(signature);
+        const recoveredPublicKey = recoverPublicKey(messageHash, signatureDecoded.signature, signatureDecoded.recovery, signatureDecoded.compressed);
+        return Buffer.from(recoveredPublicKey);
+    }
+    static decodeSignature(signature) {
+        if (signature.length !== 65)
+            throw new Error('Invalid signature length');
+        const flagByte = signature.readUInt8(0) - 27;
+        if (flagByte > 19 || flagByte < 0) {
+            throw new Error('Invalid signature parameter');
+        }
+        return {
+            compressed: !!(flagByte & 12),
+            recovery: flagByte & 3,
+            signature: signature.subarray(1),
+        };
+    }
+}
+export default BIP137;

package/dist/index.d.ts

@@ -1,3 +1,4 @@
 export { default as Address } from './Address.js';
 export { default as BIP322 } from './BIP322.js';
 export { default as Signer } from './Signer.js';
+export { default as Verifier } from './Verifier.js';

package/dist/index.js

@@ -1,3 +1,4 @@
 export { default as Address } from './Address.js';
 export { default as BIP322 } from './BIP322.js';
 export { default as Signer } from './Signer.js';
+export { default as Verifier } from './Verifier.js';

package/package.json

@@ -1,12 +1,13 @@
 {
   "name": "@exodus/bip322-js",
-  "version": "3.0.0",
+  "version": "3.2.0",
   "description": "A Javascript library that provides utility functions related to the BIP-322 signature scheme",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "type": "module",
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": false
   },
   "files": [
     "dist",
@@ -35,27 +36,26 @@
   },
   "license": "MIT",
   "devDependencies": {
-    "@noble/secp256k1": "^1.7.1",
     "@types/minimalistic-assert": "^1.0.1",
     "@types/node": "^20.2.5",
-    "bech32": "^1.1.3",
-    "bs58check": "^3.0.1",
-    "buffer-equals": "^1.0.3",
     "ecpair": "^2.0.1",
     "typedoc": "^0.24.8",
-    "typescript": "^5.1.3",
-    "varuint-bitcoin": "^1.0.1"
+    "typescript": "^5.1.3"
   },
   "dependencies": {
     "@exodus/asset-types": "^0.3.0",
-    "@exodus/bitcoinjs": "^1.4.0",
-    "@exodus/crypto": "^1.0.0-rc.14",
+    "@exodus/bitcoinjs": "^2.0.0",
+    "@exodus/bytes": "^1.0.0-rc.8",
+    "@exodus/crypto": "^1.0.0-rc.26",
+    "@noble/secp256k1": "^1.7.1",
+    "bech32": "^1.1.3",
     "minimalistic-assert": "^1.0.1",
+    "varuint-bitcoin": "^1.0.1",
     "wif": "^4.0.0"
   },
   "homepage": "https://github.com/ExodusMovement/exodus-hydra/tree/master/libraries/bip322-js",
   "bugs": {
     "url": "https://github.com/ExodusMovement/exodus-hydra/issues?q=is%3Aissue+is%3Aopen+label%3Abip322-js"
   },
-  "gitHead": "91ee7841b5a4bf6b8762aa04ba621746b86fef87"
+  "gitHead": "dab4f446f30bf73babe598463627eaad6e14fa4b"
 }