bitcore/lib/transaction/sighash.js

'use strict';

var buffer = require('buffer');

var Signature = require('../crypto/signature');
var Script = require('../script');
var Output = require('./output');
var BufferReader = require('../encoding/bufferreader');
var BufferWriter = require('../encoding/bufferwriter');
var BN = require('../crypto/bn');
var Hash = require('../crypto/hash');
var ECDSA = require('../crypto/ecdsa');
var $ = require('../util/preconditions');

var SIGHASH_SINGLE_BUG = '0000000000000000000000000000000000000000000000000000000000000001';
var BITS_64_ON = 'ffffffffffffffff';

/**
 * Returns a buffer of length 32 bytes with the hash that needs to be signed
 * for OP_CHECKSIG.
 *
 * @param {Transaction} transaction the transaction to sign
 * @param {number} sighashType the type of the hash
 * @param {number} inputNumber the input index for the signature
 * @param {Script} subscript the script that will be signed
 */
var sighash = function sighash(transaction, sighashType, inputNumber, subscript) {
  var Transaction = require('./transaction');
  var Input = require('./input');

  var i;
  // Copy transaction
  var txcopy = Transaction.shallowCopy(transaction);

  // Copy script
  subscript = new Script(subscript);
  subscript.removeCodeseparators();

  for (i = 0; i < txcopy.inputs.length; i++) {
    // Blank signatures for other inputs
    txcopy.inputs[i] = new Input(txcopy.inputs[i]).setScript(Script.empty());
  }

  txcopy.inputs[inputNumber] = new Input(txcopy.inputs[inputNumber]).setScript(subscript);

  if ((sighashType & 31) === Signature.SIGHASH_NONE ||
    (sighashType & 31) === Signature.SIGHASH_SINGLE) {

    // clear all sequenceNumbers
    for (i = 0; i < txcopy.inputs.length; i++) {
      if (i !== inputNumber) {
        txcopy.inputs[i].sequenceNumber = 0;
      }
    }
  }

  if ((sighashType & 31) === Signature.SIGHASH_NONE) {
    txcopy.outputs = [];

  } else if ((sighashType & 31) === Signature.SIGHASH_SINGLE) {
    // The SIGHASH_SINGLE bug.
    // https://bitcointalk.org/index.php?topic=260595.0
    if (inputNumber > txcopy.outputs.length - 1) {
      return new Buffer(SIGHASH_SINGLE_BUG, 'hex');
    }
    if (txcopy.outputs.length <= inputNumber) {
      throw new Error('Missing output to sign');
    }

    txcopy.outputs.length = inputNumber + 1;

    for (i = 0; i < inputNumber; i++) {
      txcopy.outputs[i] = new Output({
        satoshis: BN().fromBuffer(new buffer.Buffer(BITS_64_ON, 'hex')),
        script: Script.empty()
      });
    }
  }

  if (sighashType & Signature.SIGHASH_ANYONECANPAY) {
    txcopy.inputs = [txcopy.inputs[inputNumber]];
  }

  var buf = BufferWriter()
    .write(txcopy.toBuffer())
    .writeInt32LE(sighashType)
    .toBuffer();
  var ret = Hash.sha256sha256(buf);
  ret = new BufferReader(ret).readReverse();
  return ret;
};

var sign = function sign(transaction, keypair, nhashtype, nin, subscript) {
  var hashbuf = sighash(transaction, nhashtype, nin, subscript);
  var sig = ECDSA.sign(hashbuf, keypair, 'little').set({
    nhashtype: nhashtype
  });
  return sig;
};

var verify = function verify(transaction, sig, pubkey, nin, subscript) {
  $.checkArgument(transaction);
  $.checkArgument(sig && sig.nhashtype);
  var hashbuf = sighash(transaction, sig.nhashtype, nin, subscript);
  return ECDSA.verify(hashbuf, sig, pubkey, 'little');
};

module.exports = {
  sighash: sighash,
  sign: sign,
  verify: verify
};
Refactor transaction to match new API * Refactor transaction into a different subfolder * Added a lot of tests for sighash and transaction serialization (from reddit's and Ryan X. Charles' `fullnode`) * Drop "only" from sighash tests and consolidate logs 2014-11-29 16:49:28 -08:00			`'use strict';`

			`var buffer = require('buffer');`

			`var Signature = require('../crypto/signature');`
			`var Script = require('../script');`
			`var Output = require('./output');`
			`var BufferReader = require('../encoding/bufferreader');`
			`var BufferWriter = require('../encoding/bufferwriter');`
			`var BN = require('../crypto/bn');`
			`var Hash = require('../crypto/hash');`
			`var ECDSA = require('../crypto/ecdsa');`
fix some more tests 2014-12-15 14:50:34 -08:00			`var $ = require('../util/preconditions');`
Refactor transaction to match new API * Refactor transaction into a different subfolder * Added a lot of tests for sighash and transaction serialization (from reddit's and Ryan X. Charles' `fullnode`) * Drop "only" from sighash tests and consolidate logs 2014-11-29 16:49:28 -08:00
			`var SIGHASH_SINGLE_BUG = '0000000000000000000000000000000000000000000000000000000000000001';`
			`var BITS_64_ON = 'ffffffffffffffff';`

			`/**`
			`* Returns a buffer of length 32 bytes with the hash that needs to be signed`
			`* for OP_CHECKSIG.`
			`*`
			`* @param {Transaction} transaction the transaction to sign`
			`* @param {number} sighashType the type of the hash`
			`* @param {number} inputNumber the input index for the signature`
			`* @param {Script} subscript the script that will be signed`
			`*/`
script interpreting working 2014-12-15 22:11:55 -08:00			`var sighash = function sighash(transaction, sighashType, inputNumber, subscript) {`
Modify Transaction to use Multisig * Allow `Script#add` to add a Script causing concatenation of opcodes * Add `Script#equals` to compare scripts * Add `Script#fromAddress` * Drop `_payTo` methods * Add `Script.buildP2SHMultisigIn` Greatly simplifying the internal transaction object 2014-12-11 08:58:32 -08:00			`var Transaction = require('./transaction');`
			`var Input = require('./input');`

Refactor transaction to match new API * Refactor transaction into a different subfolder * Added a lot of tests for sighash and transaction serialization (from reddit's and Ryan X. Charles' `fullnode`) * Drop "only" from sighash tests and consolidate logs 2014-11-29 16:49:28 -08:00			`var i;`
			`// Copy transaction`
			`var txcopy = Transaction.shallowCopy(transaction);`

			`// Copy script`
			`subscript = new Script(subscript);`
			`subscript.removeCodeseparators();`

			`for (i = 0; i < txcopy.inputs.length; i++) {`
			`// Blank signatures for other inputs`
			`txcopy.inputs[i] = new Input(txcopy.inputs[i]).setScript(Script.empty());`
			`}`
script interpreting working 2014-12-15 22:11:55 -08:00
Refactor transaction to match new API * Refactor transaction into a different subfolder * Added a lot of tests for sighash and transaction serialization (from reddit's and Ryan X. Charles' `fullnode`) * Drop "only" from sighash tests and consolidate logs 2014-11-29 16:49:28 -08:00			`txcopy.inputs[inputNumber] = new Input(txcopy.inputs[inputNumber]).setScript(subscript);`

			`if ((sighashType & 31) === Signature.SIGHASH_NONE \|\|`
script interpreting working 2014-12-15 22:11:55 -08:00			`(sighashType & 31) === Signature.SIGHASH_SINGLE) {`
Refactor transaction to match new API * Refactor transaction into a different subfolder * Added a lot of tests for sighash and transaction serialization (from reddit's and Ryan X. Charles' `fullnode`) * Drop "only" from sighash tests and consolidate logs 2014-11-29 16:49:28 -08:00
			`// clear all sequenceNumbers`
			`for (i = 0; i < txcopy.inputs.length; i++) {`
			`if (i !== inputNumber) {`
			`txcopy.inputs[i].sequenceNumber = 0;`
			`}`
			`}`
			`}`

			`if ((sighashType & 31) === Signature.SIGHASH_NONE) {`
			`txcopy.outputs = [];`

			`} else if ((sighashType & 31) === Signature.SIGHASH_SINGLE) {`
			`// The SIGHASH_SINGLE bug.`
			`// https://bitcointalk.org/index.php?topic=260595.0`
			`if (inputNumber > txcopy.outputs.length - 1) {`
			`return new Buffer(SIGHASH_SINGLE_BUG, 'hex');`
			`}`
			`if (txcopy.outputs.length <= inputNumber) {`
			`throw new Error('Missing output to sign');`
			`}`

			`txcopy.outputs.length = inputNumber + 1;`

			`for (i = 0; i < inputNumber; i++) {`
			`txcopy.outputs[i] = new Output({`
			`satoshis: BN().fromBuffer(new buffer.Buffer(BITS_64_ON, 'hex')),`
			`script: Script.empty()`
			`});`
			`}`
			`}`

			`if (sighashType & Signature.SIGHASH_ANYONECANPAY) {`
			`txcopy.inputs = [txcopy.inputs[inputNumber]];`
			`}`

			`var buf = BufferWriter()`
			`.write(txcopy.toBuffer())`
			`.writeInt32LE(sighashType)`
			`.toBuffer();`
script interpreting working 2014-12-15 22:11:55 -08:00			`var ret = Hash.sha256sha256(buf);`
			`ret = new BufferReader(ret).readReverse();`
			`return ret;`
			`};`
Refactor transaction to match new API * Refactor transaction into a different subfolder * Added a lot of tests for sighash and transaction serialization (from reddit's and Ryan X. Charles' `fullnode`) * Drop "only" from sighash tests and consolidate logs 2014-11-29 16:49:28 -08:00
script interpreting working 2014-12-15 22:11:55 -08:00			`var sign = function sign(transaction, keypair, nhashtype, nin, subscript) {`
Refactor transaction to match new API * Refactor transaction into a different subfolder * Added a lot of tests for sighash and transaction serialization (from reddit's and Ryan X. Charles' `fullnode`) * Drop "only" from sighash tests and consolidate logs 2014-11-29 16:49:28 -08:00			`var hashbuf = sighash(transaction, nhashtype, nin, subscript);`
script interpreting working 2014-12-15 22:11:55 -08:00			`var sig = ECDSA.sign(hashbuf, keypair, 'little').set({`
			`nhashtype: nhashtype`
			`});`
Refactor transaction to match new API * Refactor transaction into a different subfolder * Added a lot of tests for sighash and transaction serialization (from reddit's and Ryan X. Charles' `fullnode`) * Drop "only" from sighash tests and consolidate logs 2014-11-29 16:49:28 -08:00			`return sig;`
script interpreting working 2014-12-15 22:11:55 -08:00			`};`
Refactor transaction to match new API * Refactor transaction into a different subfolder * Added a lot of tests for sighash and transaction serialization (from reddit's and Ryan X. Charles' `fullnode`) * Drop "only" from sighash tests and consolidate logs 2014-11-29 16:49:28 -08:00
script interpreting working 2014-12-15 22:11:55 -08:00			`var verify = function verify(transaction, sig, pubkey, nin, subscript) {`
fix some more tests 2014-12-15 14:50:34 -08:00			`$.checkArgument(transaction);`
			`$.checkArgument(sig && sig.nhashtype);`
Refactor transaction to match new API * Refactor transaction into a different subfolder * Added a lot of tests for sighash and transaction serialization (from reddit's and Ryan X. Charles' `fullnode`) * Drop "only" from sighash tests and consolidate logs 2014-11-29 16:49:28 -08:00			`var hashbuf = sighash(transaction, sig.nhashtype, nin, subscript);`
			`return ECDSA.verify(hashbuf, sig, pubkey, 'little');`
script interpreting working 2014-12-15 22:11:55 -08:00			`};`
Refactor transaction to match new API * Refactor transaction into a different subfolder * Added a lot of tests for sighash and transaction serialization (from reddit's and Ryan X. Charles' `fullnode`) * Drop "only" from sighash tests and consolidate logs 2014-11-29 16:49:28 -08:00
			`module.exports = {`
			`sighash: sighash,`
			`sign: sign,`
			`verify: verify`
			`};`