I have often made the error of using a public key rather than the hash of the
public key when creating an address, leading to invalid addresses. I'm sure I'm
not the only one. This commit follows the principle of "fail early, fail often"
and simply throws an error if you try to insert something other than 20 bytes
long when creating an address, which would be the case when using a public key.
This way that common mistake should be reduced.
eval is unsafe, and the way it was being used in Script and Script interpreter
was not a good enough reason. This commit removes both uses of eval, then
replaces all uses of OP_XXX with Opcode.map.OP_XXX since there's no reason for
those constants to be global.
Signing a message with ECDSA involves using a random number, and this means
that two signatures should never be the same. This commit adds some basic tests
to Key.signSync and Message.sign to make sure this is the case. Also, a new
bitcore.Key should never have the same private key twice. This commit also adds
a basic test to make sure that is the case.
In the browser, sometimes the config for bignum wasn't being set up if (somehow
... still not sure how this is possible) you use bitcore without using
require('bitcore'). This would by pass the code that set the config for bignum.
Solution is to put the config for bignum in bignum itself (in the browser).
This fixes, in particular, an issue with base58 where it was depending on
bignum having the proper config.
Also I add the base58 tests to run in the browser which they weren't
previously.
And finally I add a small test for Bignum in the browser that makes sure the
config is set properly.
...no longer relies on Manuel's repo hostig a version of "bignum" that actually
contained bignumber.js. This moves bignumber.js internally and removes bignum
from the browser build process. Also adds a bitcore.Bignum that links to the
right thing. In node, browser.Bignum is require('bignum'). And in the browser,
bitcore.Bignum is is now Bignumber.js (same as before ... except bignumber.js
is now inside bitcore).
Generating random numbers properly depends on the platform. The new
getRandomBuffer method does the right thing on the right platform. It will
sometimes fail due to insufficient entropy. The getPseudoRandomBuffer class is
also provided that will never fail, but it is not cryptographically secure and
should not be used for keys.
This adds a new Message class with static methods for signing and verifying a
message the same way as bitcoind. (In a nutshell, messages a prepended with
"Bitcoin Signed Message:" before being hashed and signed).
There is one important piece missing ... verifying a signature with an address,
and not a public key. I have not yet implemented this because the cryptography
interface of bitcore does not allow me to derive the public key from a
signature. This will need to be added before verifying from an address is
possible.
This means fewer code-duplication. Also added another test for fromScript to
make sure it is thoroughly tested. Also pass through opts to createMultisig so
that you can choose to lot let it be sorted if you want.
To create an address from a public key or script, you used to have to do the
hashing yourself, and find the version yourself. For example:
var hash = bitcore.util.sha256ripe160(pubkey);
var version = bitcore.networks['livenet'].addressVersion;
var addr = new Address(version, hash);
But with this interface, things are much simpler:
var addr = Address.fromPubKey(pubkey);
The new convenience methods are:
Address.fromPubKey (for regular pubkeyhash addresses)
Address.fromPubKeys (for p2sh multisig addresses)
Address.fromScript (for any p2sh address)
The addUncompressed function is for node-only, and is a temporary workaround
until we expose a better crypto interface in both node and the browser. I wrote
tests for this function that were node-only, but were broken in the browser. I
also wrote tests for the Point class that should have worked in both node and
the browser, and did, but I was using the wrong module such that it worked only
in node. This update makes the tests work in the browser by using the correct
module.
The way I was outputting the pubkeys would be incorrect if the first byte of
one of the coordinates was 0, since it would print the first non-zero byte
first. The solution was to use the standard openssl function that outputs a
public key to oct.
BIP32 needs to be able to add two points on the secp256k1 curve. This
functionality was not already being exposed from OpenSSL in bitcore. I have
added an "addUncompressed" function to the Key class which takes in two points
in uncompressed form, adds them, and returns the result. This is necessary for
BIP32.
Added the ability to create a new master bip32 with new private key and chain code. The way this works is like this:
var bip32 = new BIP32('mainnet');
or:
var bip32 = new BIP32('testnet');
I removed the skip over the tx_valid.json file and made some tweaks to get most of the test cases passing. There are still two test cases that fail, as pointed out by the TODO comment I added above them. Oddly, running the test suite reports 3 failing test cases, but if I delete the two marked with the TODO there are 0 reported failures. So, there may be some kind of interaction with these test cases and the others. More investigation is needed.
I updated the two test cases that were testing transaction `23b397edccd3740a74adb603c9756370fafcde9bcc4483eb271ecad09a94dd63` with the input script I found on blockchain.info https://blockchain.info/tx/23b397edccd3740a74adb603c9756370fafcde9bcc4483eb271ecad09a94dd63. A quick search found one other person who was using this same script (23b397edcccc4483eb271ecad09a94dd63.json) and the test passes now, so I'm not sure why the old script was being used.
All of the other changes are simply re-formatting decimal numbers as hex (i.e. `1` => `0x01`).
Furthermore, I added some code in the test fixture itself to verify each of the inputs.
Test Plan:
`mocha -R spec test/test.Transaction.js`
Ryan X. Charles
Manan Patel
Manuel Araoz
Gustavo Cortez
Devrandom
Matias Alejo Garcia
olalonde
Gordon Hall
Ruben de Vries
MattFaus