@opcat-labs/opcat 1.0.0

package/lib/crypto/signature.js

@@ -0,0 +1,325 @@
+'use strict';
+
+var BN = require('./bn');
+var _ = require('../util/_');
+var $ = require('../util/preconditions');
+var JSUtil = require('../util/js');
+
+var Signature = function Signature(r, s) {
+  if (!(this instanceof Signature)) {
+    return new Signature(r, s);
+  }
+  if (r instanceof BN) {
+    this.set({
+      r: r,
+      s: s,
+    });
+  } else if (r) {
+    var obj = r;
+    this.set(obj);
+  }
+};
+
+Signature.prototype.set = function (obj) {
+  this.r = obj.r || this.r || undefined;
+  this.s = obj.s || this.s || undefined;
+
+  this.i = typeof obj.i !== 'undefined' ? obj.i : this.i; // public key recovery parameter in range [0, 3]
+  this.compressed = typeof obj.compressed !== 'undefined' ? obj.compressed : this.compressed; // whether the recovered pubkey is compressed
+  this.nhashtype = obj.nhashtype || this.nhashtype || undefined;
+  return this;
+};
+
+Signature.fromCompact = function (buf) {
+  $.checkArgument(Buffer.isBuffer(buf), 'Argument is expected to be a Buffer');
+
+  var sig = new Signature();
+
+  var compressed = true;
+  var i = buf.slice(0, 1)[0] - 27 - 4;
+  if (i < 0) {
+    compressed = false;
+    i = i + 4;
+  }
+
+  var b2 = buf.slice(1, 33);
+  var b3 = buf.slice(33, 65);
+
+  $.checkArgument(i === 0 || i === 1 || i === 2 || i === 3, new Error('i must be 0, 1, 2, or 3'));
+  $.checkArgument(b2.length === 32, new Error('r must be 32 bytes'));
+  $.checkArgument(b3.length === 32, new Error('s must be 32 bytes'));
+
+  sig.compressed = compressed;
+  sig.i = i;
+  sig.r = BN.fromBuffer(b2);
+  sig.s = BN.fromBuffer(b3);
+
+  return sig;
+};
+
+Signature.fromDER = Signature.fromBuffer = function (buf, strict) {
+  var obj = Signature.parseDER(buf, strict);
+  var sig = new Signature();
+
+  sig.r = obj.r;
+  sig.s = obj.s;
+
+  return sig;
+};
+
+// The format used in a tx
+Signature.fromTxFormat = function (buf) {
+  var nhashtype = buf.readUInt8(buf.length - 1);
+  var derbuf = buf.slice(0, buf.length - 1);
+  var sig = Signature.fromDER(derbuf, false);
+  sig.nhashtype = nhashtype;
+  return sig;
+};
+
+Signature.fromString = function (str) {
+  var buf = Buffer.from(str, 'hex');
+  return Signature.fromDER(buf);
+};
+
+/**
+ * In order to mimic the non-strict DER encoding of OpenSSL, set strict = false.
+ */
+Signature.parseDER = function (buf, strict) {
+  $.checkArgument(Buffer.isBuffer(buf), new Error('DER formatted signature should be a buffer'));
+  if (_.isUndefined(strict)) {
+    strict = true;
+  }
+
+  var header = buf[0];
+  $.checkArgument(header === 0x30, new Error('Header byte should be 0x30'));
+
+  var length = buf[1];
+  var buflength = buf.slice(2).length;
+  $.checkArgument(
+    !strict || length === buflength,
+    new Error('Length byte should length of what follows'),
+  );
+
+  length = length < buflength ? length : buflength;
+
+  var rheader = buf[2 + 0];
+  $.checkArgument(rheader === 0x02, new Error('Integer byte for r should be 0x02'));
+
+  var rlength = buf[2 + 1];
+  var rbuf = buf.slice(2 + 2, 2 + 2 + rlength);
+  var r = BN.fromBuffer(rbuf);
+  var rneg = buf[2 + 1 + 1] === 0x00;
+  $.checkArgument(rlength === rbuf.length, new Error('Length of r incorrect'));
+
+  var sheader = buf[2 + 2 + rlength + 0];
+  $.checkArgument(sheader === 0x02, new Error('Integer byte for s should be 0x02'));
+
+  var slength = buf[2 + 2 + rlength + 1];
+  var sbuf = buf.slice(2 + 2 + rlength + 2, 2 + 2 + rlength + 2 + slength);
+  var s = BN.fromBuffer(sbuf);
+  var sneg = buf[2 + 2 + rlength + 2 + 2] === 0x00;
+  $.checkArgument(slength === sbuf.length, new Error('Length of s incorrect'));
+
+  var sumlength = 2 + 2 + rlength + 2 + slength;
+  $.checkArgument(length === sumlength - 2, new Error('Length of signature incorrect'));
+
+  var obj = {
+    header: header,
+    length: length,
+    rheader: rheader,
+    rlength: rlength,
+    rneg: rneg,
+    rbuf: rbuf,
+    r: r,
+    sheader: sheader,
+    slength: slength,
+    sneg: sneg,
+    sbuf: sbuf,
+    s: s,
+  };
+
+  return obj;
+};
+
+Signature.prototype.toCompact = function (i, compressed) {
+  i = typeof i === 'number' ? i : this.i;
+  compressed = typeof compressed === 'boolean' ? compressed : this.compressed;
+
+  if (!(i === 0 || i === 1 || i === 2 || i === 3)) {
+    throw new Error('i must be equal to 0, 1, 2, or 3');
+  }
+
+  var val = i + 27 + 4;
+  if (compressed === false) {
+    val = val - 4;
+  }
+  var b1 = Buffer.from([val]);
+  var b2 = this.r.toBuffer({
+    size: 32,
+  });
+  var b3 = this.s.toBuffer({
+    size: 32,
+  });
+  return Buffer.concat([b1, b2, b3]);
+};
+
+Signature.prototype.toBuffer = Signature.prototype.toDER = function () {
+  var rnbuf = this.r.toBuffer();
+  var snbuf = this.s.toBuffer();
+
+  var rneg = !!(rnbuf[0] & 0x80);
+  var sneg = !!(snbuf[0] & 0x80);
+
+  var rbuf = rneg ? Buffer.concat([Buffer.from([0x00]), rnbuf]) : rnbuf;
+  var sbuf = sneg ? Buffer.concat([Buffer.from([0x00]), snbuf]) : snbuf;
+
+  var rlength = rbuf.length;
+  var slength = sbuf.length;
+  var length = 2 + rlength + 2 + slength;
+  var rheader = 0x02;
+  var sheader = 0x02;
+  var header = 0x30;
+
+  var der = Buffer.concat([
+    Buffer.from([header, length, rheader, rlength]),
+    rbuf,
+    Buffer.from([sheader, slength]),
+    sbuf,
+  ]);
+  return der;
+};
+
+Signature.prototype.toString = function () {
+  var buf = this.toDER();
+  return buf.toString('hex');
+};
+
+/**
+ * This function is translated from bitcoind's IsDERSignature and is used in
+ * the script interpreter.  This "DER" format actually includes an extra byte,
+ * the nhashtype, at the end. It is really the tx format, not DER format.
+ *
+ * A canonical signature exists of: [30] [total len] [02] [len R] [R] [02] [len S] [S] [hashtype]
+ * Where R and S are not negative (their first byte has its highest bit not set), and not
+ * excessively padded (do not start with a 0 byte, unless an otherwise negative number follows,
+ * in which case a single 0 byte is necessary and even required).
+ *
+ * See https://bitcointalk.org/index.php?topic=8392.msg127623#msg127623
+ */
+Signature.isTxDER = function (buf) {
+  if (buf.length < 9) {
+    //  Non-canonical signature: too short
+    return false;
+  }
+  if (buf.length > 73) {
+    // Non-canonical signature: too long
+    return false;
+  }
+  if (buf[0] !== 0x30) {
+    //  Non-canonical signature: wrong type
+    return false;
+  }
+  if (buf[1] !== buf.length - 3) {
+    //  Non-canonical signature: wrong length marker
+    return false;
+  }
+  var nLenR = buf[3];
+  if (5 + nLenR >= buf.length) {
+    //  Non-canonical signature: S length misplaced
+    return false;
+  }
+  var nLenS = buf[5 + nLenR];
+  if (nLenR + nLenS + 7 !== buf.length) {
+    //  Non-canonical signature: R+S length mismatch
+    return false;
+  }
+
+  var R = buf.slice(4);
+  if (buf[4 - 2] !== 0x02) {
+    //  Non-canonical signature: R value type mismatch
+    return false;
+  }
+  if (nLenR === 0) {
+    //  Non-canonical signature: R length is zero
+    return false;
+  }
+  if (R[0] & 0x80) {
+    //  Non-canonical signature: R value negative
+    return false;
+  }
+  if (nLenR > 1 && R[0] === 0x00 && !(R[1] & 0x80)) {
+    //  Non-canonical signature: R value excessively padded
+    return false;
+  }
+
+  var S = buf.slice(6 + nLenR);
+  if (buf[6 + nLenR - 2] !== 0x02) {
+    //  Non-canonical signature: S value type mismatch
+    return false;
+  }
+  if (nLenS === 0) {
+    //  Non-canonical signature: S length is zero
+    return false;
+  }
+  if (S[0] & 0x80) {
+    //  Non-canonical signature: S value negative
+    return false;
+  }
+  if (nLenS > 1 && S[0] === 0x00 && !(S[1] & 0x80)) {
+    //  Non-canonical signature: S value excessively padded
+    return false;
+  }
+  return true;
+};
+
+/**
+ * Compares to bitcoind's IsLowDERSignature
+ * See also ECDSA signature algorithm which enforces this.
+ * See also BIP 62, "low S values in signatures"
+ */
+Signature.prototype.hasLowS = function () {
+  if (
+    this.s.lt(new BN(1)) ||
+    this.s.gt(new BN('7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0', 'hex'))
+  ) {
+    return false;
+  }
+  return true;
+};
+
+/**
+ * @returns true if the nhashtype is exactly equal to one of the standard options or combinations thereof.
+ * Translated from bitcoind's IsDefinedHashtypeSignature
+ */
+Signature.prototype.hasDefinedHashtype = function () {
+  if (!JSUtil.isNaturalNumber(this.nhashtype)) {
+    return false;
+  }
+  // accept with or without Signature.SIGHASH_ANYONECANPAY by ignoring the bit
+  var temp = this.nhashtype & 0x1f;
+  if (temp < Signature.SIGHASH_ALL || temp > Signature.SIGHASH_SINGLE) {
+    return false;
+  }
+  return true;
+};
+
+Signature.prototype.toTxFormat = function () {
+  var derbuf = this.toDER();
+  var buf = Buffer.alloc(1);
+  buf.writeUInt8(this.nhashtype, 0);
+  return Buffer.concat([derbuf, buf]);
+};
+
+Signature.SIGHASH_ALL = 0x01;
+Signature.SIGHASH_NONE = 0x02;
+Signature.SIGHASH_SINGLE = 0x03;
+Signature.SIGHASH_ANYONECANPAY = 0x80;
+
+Signature.ALL = Signature.SIGHASH_ALL
+Signature.NONE = Signature.SIGHASH_NONE
+Signature.SINGLE = Signature.SIGHASH_SINGLE
+Signature.ANYONECANPAY_ALL = Signature.SIGHASH_ALL | Signature.SIGHASH_ANYONECANPAY
+Signature.ANYONECANPAY_NONE = Signature.SIGHASH_NONE | Signature.SIGHASH_ANYONECANPAY
+Signature.ANYONECANPAY_SINGLE = Signature.SIGHASH_SINGLE | Signature.SIGHASH_ANYONECANPAY
+
+module.exports = Signature;

package/lib/encoding/base58.js

@@ -0,0 +1,111 @@
+'use strict';
+
+var _ = require('../util/_');
+var bs58 = require('bs58');
+
+/**
+ * The alphabet for the Bitcoin-specific Base 58 encoding distinguishes between
+ * lower case L and upper case i - neither of those characters are allowed to
+ * prevent accidentaly miscopying of letters.
+ */
+var ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz'.split('');
+
+/**
+ * A Base58 object can encode/decoded Base 58, which is used primarily for
+ * string-formatted Bitcoin addresses and private keys. Addresses and private
+ * keys actually use an additional checksum, and so they actually use the
+ * Base58Check class.
+ *
+ * @param {object} obj Can be a string or buffer.
+ */
+var Base58 = function Base58(obj) {
+  if (!(this instanceof Base58)) {
+    return new Base58(obj);
+  }
+  if (Buffer.isBuffer(obj)) {
+    var buf = obj;
+    this.fromBuffer(buf);
+  } else if (typeof obj === 'string') {
+    var str = obj;
+    this.fromString(str);
+  }
+};
+
+Base58.validCharacters = function validCharacters(chars) {
+  if (Buffer.isBuffer(chars)) {
+    chars = chars.toString();
+  }
+  return _.every(
+    _.map(chars, function (char) {
+      return _.includes(ALPHABET, char);
+    }),
+  );
+};
+
+Base58.prototype.set = function (obj) {
+  this.buf = obj.buf || this.buf || undefined;
+  return this;
+};
+
+/**
+ * Encode a buffer to Bsae 58.
+ *
+ * @param {Buffer} buf Any buffer to be encoded.
+ * @returns {string} A Base 58 encoded string.
+ */
+Base58.encode = function (buf) {
+  if (!Buffer.isBuffer(buf)) {
+    throw new Error('Input should be a buffer');
+  }
+  return bs58.encode(buf);
+};
+
+/**
+ * Decode a Base 58 string to a buffer.
+ *
+ * @param {string} str A Base 58 encoded string.
+ * @returns {Buffer} The decoded buffer.
+ */
+Base58.decode = function (str) {
+  if (typeof str !== 'string') {
+    throw new Error('Input should be a string');
+  }
+  return Buffer.from(bs58.decode(str));
+};
+
+Base58.prototype.fromBuffer = function (buf) {
+  this.buf = buf;
+  return this;
+};
+
+Base58.fromBuffer = function (buf) {
+  return new Base58().fromBuffer(buf);
+};
+
+Base58.fromHex = function (hex) {
+  return Base58.fromBuffer(Buffer.from(hex, 'hex'));
+};
+
+Base58.prototype.fromString = function (str) {
+  var buf = Base58.decode(str);
+  this.buf = buf;
+  return this;
+};
+
+Base58.fromString = function (str) {
+  return new Base58().fromString(str);
+};
+
+Base58.prototype.toBuffer = function () {
+  return this.buf;
+};
+
+Base58.prototype.toHex = function () {
+  return this.toBuffer().toString('hex');
+};
+
+Base58.prototype.toString = function () {
+  return Base58.encode(this.buf);
+};
+
+module.exports = Base58;

package/lib/encoding/base58check.js

@@ -0,0 +1,121 @@
+'use strict';
+
+var _ = require('../util/_');
+var Base58 = require('./base58');
+var sha256sha256 = require('../crypto/hash').sha256sha256;
+
+/**
+ * A Base58check object can encode/decodd Base 58, which is used primarily for
+ * string-formatted Bitcoin addresses and private keys. This is the same as
+ * Base58, except that it includes a checksum to prevent accidental mistypings.
+ *
+ * @param {object} obj Can be a string or buffer.
+ */
+var Base58Check = function Base58Check(obj) {
+  if (!(this instanceof Base58Check)) {
+    return new Base58Check(obj);
+  }
+  if (Buffer.isBuffer(obj)) {
+    var buf = obj;
+    this.fromBuffer(buf);
+  } else if (typeof obj === 'string') {
+    var str = obj;
+    this.fromString(str);
+  }
+};
+
+Base58Check.prototype.set = function (obj) {
+  this.buf = obj.buf || this.buf || undefined;
+  return this;
+};
+
+Base58Check.validChecksum = function validChecksum(data, checksum) {
+  if (_.isString(data)) {
+    data = Buffer.from(Base58.decode(data));
+  }
+  if (_.isString(checksum)) {
+    checksum = Buffer.from(Base58.decode(checksum));
+  }
+  if (!checksum) {
+    checksum = data.slice(-4);
+    data = data.slice(0, -4);
+  }
+  return Base58Check.checksum(data).toString('hex') === checksum.toString('hex');
+};
+
+Base58Check.decode = function (s) {
+  if (typeof s !== 'string') {
+    throw new Error('Input must be a string');
+  }
+
+  var buf = Buffer.from(Base58.decode(s));
+
+  if (buf.length < 4) {
+    throw new Error('Input string too short');
+  }
+
+  var data = buf.slice(0, -4);
+  var csum = buf.slice(-4);
+
+  var hash = sha256sha256(data);
+  var hash4 = hash.slice(0, 4);
+
+  if (csum.toString('hex') !== hash4.toString('hex')) {
+    throw new Error('Checksum mismatch');
+  }
+
+  return data;
+};
+
+Base58Check.checksum = function (buffer) {
+  return sha256sha256(buffer).slice(0, 4);
+};
+
+Base58Check.encode = function (buf) {
+  if (!Buffer.isBuffer(buf)) {
+    throw new Error('Input must be a buffer');
+  }
+  var checkedBuf = Buffer.alloc(buf.length + 4);
+  var hash = Base58Check.checksum(buf);
+  buf.copy(checkedBuf);
+  hash.copy(checkedBuf, buf.length);
+  return Base58.encode(checkedBuf);
+};
+
+Base58Check.prototype.fromBuffer = function (buf) {
+  this.buf = buf;
+  return this;
+};
+
+Base58Check.fromBuffer = function (buf) {
+  return new Base58Check().fromBuffer(buf);
+};
+
+Base58Check.fromHex = function (hex) {
+  return Base58Check.fromBuffer(Buffer.from(hex, 'hex'));
+};
+
+Base58Check.prototype.fromString = function (str) {
+  var buf = Base58Check.decode(str);
+  this.buf = buf;
+  return this;
+};
+
+Base58Check.fromString = function (str) {
+  var buf = Base58Check.decode(str);
+  return new Base58(buf);
+};
+
+Base58Check.prototype.toBuffer = function () {
+  return this.buf;
+};
+
+Base58Check.prototype.toHex = function () {
+  return this.toBuffer().toString('hex');
+};
+
+Base58Check.prototype.toString = function () {
+  return Base58Check.encode(this.buf);
+};
+
+module.exports = Base58Check;