bitcore-lib-zcash/lib/crypto/signature.js

'use strict';

var BN = require('./bn');
var _ = require('lodash');
var $ = require('../util/preconditions');
var BufferUtil = require('../util/buffer');

var Signature = function Signature(r, s) {
  if (!(this instanceof Signature)) {
    return new Signature(r, s);
  }
  if (r instanceof BN) {
    this.set({
      r: r,
      s: s
    });
  } else if (r) {
    var obj = r;
    this.set(obj);
  }
};

/* jshint maxcomplexity: 7 */
Signature.prototype.set = function(obj) {
  this.r = obj.r || this.r || undefined;
  this.s = obj.s || this.s || undefined;
  this.i = typeof obj.i !== 'undefined' ? obj.i : this.i; //public key recovery parameter in range [0, 3]
  this.compressed = typeof obj.compressed !== 'undefined' ?
    obj.compressed : this.compressed; //whether the recovered pubkey is compressed
  return this;
};

Signature.fromCompact = function(buf) {
  var sig = new Signature();
  //TODO: handle uncompressed pubkeys
  var compressed = true;
  var i = buf.slice(0, 1)[0] - 27 - 4;
  var b2 = buf.slice(1, 33);
  var b3 = buf.slice(33, 65);

  $.checkArgument(i === 0 || i === 1 || i === 2 || i === 3, new Error('i must be 0, 1, 2, or 3'));
  $.checkArgument(b2.length === 32, new Error('r must be 32 bytes'));
  $.checkArgument(b3.length === 32, new Error('s must be 32 bytes'));

  sig.compressed = compressed;
  sig.i = i;
  sig.r = BN.fromBuffer(b2);
  sig.s = BN.fromBuffer(b3);

  return sig;
};

Signature.fromDER = Signature.fromBuffer = function(buf, strict) {
  var obj = Signature.parseDER(buf, strict);
  var sig = new Signature();

  sig.r = obj.r;
  sig.s = obj.s;

  return sig;
};

// The format used in a tx
Signature.fromTxFormat = function(buf) {
  var nhashtype = buf.readUInt8(buf.length - 1);
  var derbuf = buf.slice(0, buf.length - 1);
  var sig = new Signature.fromDER(derbuf, false);
  sig.nhashtype = nhashtype;
  return sig;
};

Signature.fromString = function(str) {
  var buf = new Buffer(str, 'hex');
  return Signature.fromDER(buf);
};


/**
 * In order to mimic the non-strict DER encoding of OpenSSL, set strict = false.
 */
Signature.parseDER = function(buf, strict) {
  $.checkArgument(BufferUtil.isBuffer(buf), new Error('DER formatted signature should be a buffer'));
  if (_.isUndefined(strict)) {
    strict = true;
  }

  var header = buf[0];
  $.checkArgument(header === 0x30, new Error('Header byte should be 0x30'));

  var length = buf[1];
  var buflength = buf.slice(2).length;
  $.checkArgument(!strict || length === buflength, new Error('Length byte should length of what follows'));

  length = length < buflength ? length : buflength;

  var rheader = buf[2 + 0];
  $.checkArgument(rheader === 0x02, new Error('Integer byte for r should be 0x02'));

  var rlength = buf[2 + 1];
  var rbuf = buf.slice(2 + 2, 2 + 2 + rlength);
  var r = BN.fromBuffer(rbuf);
  var rneg = buf[2 + 1 + 1] === 0x00 ? true : false;
  $.checkArgument(rlength === rbuf.length, new Error('Length of r incorrect'));

  var sheader = buf[2 + 2 + rlength + 0];
  $.checkArgument(sheader === 0x02, new Error('Integer byte for s should be 0x02'));

  var slength = buf[2 + 2 + rlength + 1];
  var sbuf = buf.slice(2 + 2 + rlength + 2, 2 + 2 + rlength + 2 + slength);
  var s = BN.fromBuffer(sbuf);
  var sneg = buf[2 + 2 + rlength + 2 + 2] === 0x00 ? true : false;
  $.checkArgument(slength === sbuf.length, new Error('Length of s incorrect'));

  var sumlength = 2 + 2 + rlength + 2 + slength;
  $.checkArgument(length === sumlength - 2, new Error('Length of signature incorrect'));

  var obj = {
    header: header,
    length: length,
    rheader: rheader,
    rlength: rlength,
    rneg: rneg,
    rbuf: rbuf,
    r: r,
    sheader: sheader,
    slength: slength,
    sneg: sneg,
    sbuf: sbuf,
    s: s
  };

  return obj;
};


Signature.prototype.toCompact = function(i, compressed) {
  i = typeof i === 'number' ? i : this.i;
  compressed = typeof compressed === 'boolean' ? compressed : this.compressed;

  if (!(i === 0 || i === 1 || i === 2 || i === 3)) {
    throw new Error('i must be equal to 0, 1, 2, or 3');
  }

  var val = i + 27 + 4;
  if (compressed === false)
    val = val - 4;
  var b1 = new Buffer([val]);
  var b2 = this.r.toBuffer({
    size: 32
  });
  var b3 = this.s.toBuffer({
    size: 32
  });
  return Buffer.concat([b1, b2, b3]);
};

Signature.prototype.toBuffer = Signature.prototype.toDER = function() {
  var rnbuf = this.r.toBuffer();
  var snbuf = this.s.toBuffer();

  var rneg = rnbuf[0] & 0x80 ? true : false;
  var sneg = snbuf[0] & 0x80 ? true : false;

  var rbuf = rneg ? Buffer.concat([new Buffer([0x00]), rnbuf]) : rnbuf;
  var sbuf = sneg ? Buffer.concat([new Buffer([0x00]), snbuf]) : snbuf;

  var rlength = rbuf.length;
  var slength = sbuf.length;
  var length = 2 + rlength + 2 + slength;
  var rheader = 0x02;
  var sheader = 0x02;
  var header = 0x30;

  var der = Buffer.concat([new Buffer([header, length, rheader, rlength]), rbuf, new Buffer([sheader, slength]), sbuf]);
  return der;
};

Signature.prototype.toString = function() {
  var buf = this.toDER();
  return buf.toString('hex');
};

/**
 * This function is translated from bitcoind's IsDERSignature and is used in
 * the script interpreter.  This "DER" format actually includes an extra byte,
 * the nhashtype, at the end. It is really the tx format, not DER format.
 *
 * A canonical signature exists of: [30] [total len] [02] [len R] [R] [02] [len S] [S] [hashtype]
 * Where R and S are not negative (their first byte has its highest bit not set), and not
 * excessively padded (do not start with a 0 byte, unless an otherwise negative number follows,
 * in which case a single 0 byte is necessary and even required).
 *
 * See https://bitcointalk.org/index.php?topic=8392.msg127623#msg127623
 */
Signature.isTxDER = function(buf) {
  if (buf.length < 9) {
    //  Non-canonical signature: too short
    return false;
  }
  if (buf.length > 73) {
    // Non-canonical signature: too long
    return false;
  }
  if (buf[0] !== 0x30) {
    //  Non-canonical signature: wrong type
    return false;
  }
  if (buf[1] !== buf.length - 3) {
    //  Non-canonical signature: wrong length marker
    return false;
  }
  var nLenR = buf[3];
  if (5 + nLenR >= buf.length) {
    //  Non-canonical signature: S length misplaced
    return false;
  }
  var nLenS = buf[5 + nLenR];
  if ((nLenR + nLenS + 7) !== buf.length) {
    //  Non-canonical signature: R+S length mismatch
    return false;
  }

  var R = buf.slice(4);
  if (buf[4 - 2] !== 0x02) {
    //  Non-canonical signature: R value type mismatch
    return false;
  }
  if (nLenR === 0) {
    //  Non-canonical signature: R length is zero
    return false;
  }
  if (R[0] & 0x80) {
    //  Non-canonical signature: R value negative
    return false;
  }
  if (nLenR > 1 && (R[0] === 0x00) && !(R[1] & 0x80)) {
    //  Non-canonical signature: R value excessively padded
    return false;
  }

  var S = buf.slice(6 + nLenR);
  if (buf[6 + nLenR - 2] !== 0x02) {
    //  Non-canonical signature: S value type mismatch
    return false;
  }
  if (nLenS === 0) {
    //  Non-canonical signature: S length is zero
    return false;
  }
  if (S[0] & 0x80) {
    //  Non-canonical signature: S value negative
    return false;
  }
  if (nLenS > 1 && (S[0] === 0x00) && !(S[1] & 0x80)) {
    //  Non-canonical signature: S value excessively padded
    return false;
  }
  return true;
};

/**
 * Compares to bitcoind's IsLowDERSignature
 * See also ECDSA signature algorithm which enforces this.
 * See also BIP 62, "low S values in signatures"
 */
Signature.prototype.hasLowS = function() {
  if (this.s.lt(new BN(1)) ||
    this.s.gt(new BN('7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0'))) {
    return false;
  }
  return true;
};

/**
 * @returns true if the nhashtype is exactly equal to one of the standard options or combinations thereof.
 * Translated from bitcoind's IsDefinedHashtypeSignature
 */
Signature.prototype.hasDefinedHashtype = function() {
  if (this.nhashtype < Signature.SIGHASH_ALL || this.nhashtype > Signature.SIGHASH_SINGLE) {
    return false;
  }
  return true;
};

Signature.prototype.toTxFormat = function() {
  var derbuf = this.toDER();
  var buf = new Buffer(1);
  buf.writeUInt8(this.nhashtype, 0);
  return Buffer.concat([derbuf, buf]);
};

Signature.SIGHASH_ALL = 0x01;
Signature.SIGHASH_NONE = 0x02;
Signature.SIGHASH_SINGLE = 0x03;
Signature.SIGHASH_ANYONECANPAY = 0x80;

module.exports = Signature;
use strict to core 2014-11-20 07:56:35 -08:00			`'use strict';`

move Signature to crypto/ 2014-11-27 11:42:44 -08:00			`var BN = require('./bn');`
refactoring interpreter 2014-12-19 13:28:52 -08:00			`var _ = require('lodash');`
			`var $ = require('../util/preconditions');`
			`var BufferUtil = require('../util/buffer');`
signature 2014-08-09 14:42:23 -07:00
add Signature(r, s) convenience 2014-09-01 21:08:16 -07:00			`var Signature = function Signature(r, s) {`
refactoring interpreter 2014-12-19 13:28:52 -08:00			`if (!(this instanceof Signature)) {`
Signature(r, s) should work 2014-09-02 11:59:42 -07:00			`return new Signature(r, s);`
refactoring interpreter 2014-12-19 13:28:52 -08:00			`}`
add Signature(r, s) convenience 2014-09-01 21:08:16 -07:00			`if (r instanceof BN) {`
			`this.set({`
			`r: r,`
			`s: s`
			`});`
adding some signature methods for script interpreting 2014-12-12 14:21:37 -08:00			`} else if (r) {`
add Signature(r, s) convenience 2014-09-01 21:08:16 -07:00			`var obj = r;`
Signature.prototype.set 2014-08-28 16:38:21 -07:00			`this.set(obj);`
add Signature(r, s) convenience 2014-09-01 21:08:16 -07:00			`}`
Signature.prototype.set 2014-08-28 16:38:21 -07:00			`};`
include i in sig obj + cosmetic improvements 2014-08-19 16:27:28 -07:00
refactoring interpreter 2014-12-19 13:28:52 -08:00			`/* jshint maxcomplexity: 7 */`
Signature.prototype.set 2014-08-28 16:38:21 -07:00			`Signature.prototype.set = function(obj) {`
			`this.r = obj.r \|\| this.r \|\| undefined;`
			`this.s = obj.s \|\| this.s \|\| undefined;`
			`this.i = typeof obj.i !== 'undefined' ? obj.i : this.i; //public key recovery parameter in range [0, 3]`
refactoring interpreter 2014-12-19 13:28:52 -08:00			`this.compressed = typeof obj.compressed !== 'undefined' ?`
			`obj.compressed : this.compressed; //whether the recovered pubkey is compressed`
Signature.prototype.set 2014-08-28 16:38:21 -07:00			`return this;`
signature 2014-08-09 14:42:23 -07:00			`};`

make creation methods class methods 2014-12-12 14:31:10 -08:00			`Signature.fromCompact = function(buf) {`
			`var sig = new Signature();`
refactoring interpreter 2014-12-19 13:28:52 -08:00			`//TODO: handle uncompressed pubkeys`
sign/verify with uncompressed pubkeys 2014-08-22 19:43:32 -07:00			`var compressed = true;`
use strict to core 2014-11-20 07:56:35 -08:00			`var i = buf.slice(0, 1)[0] - 27 - 4;`
signature 2014-08-09 14:42:23 -07:00			`var b2 = buf.slice(1, 33);`
			`var b3 = buf.slice(33, 65);`

refactoring interpreter 2014-12-19 13:28:52 -08:00			`$.checkArgument(i === 0 \|\| i === 1 \|\| i === 2 \|\| i === 3, new Error('i must be 0, 1, 2, or 3'));`
			`$.checkArgument(b2.length === 32, new Error('r must be 32 bytes'));`
			`$.checkArgument(b3.length === 32, new Error('s must be 32 bytes'));`
signature 2014-08-09 14:42:23 -07:00
make creation methods class methods 2014-12-12 14:31:10 -08:00			`sig.compressed = compressed;`
			`sig.i = i;`
refactoring interpreter 2014-12-19 13:28:52 -08:00			`sig.r = BN.fromBuffer(b2);`
			`sig.s = BN.fromBuffer(b3);`
verify signed messages ...and fix bug where i (recover param) was stored incorrectly 2014-08-22 16:15:44 -07:00
make creation methods class methods 2014-12-12 14:31:10 -08:00			`return sig;`
signature 2014-08-09 14:42:23 -07:00			`};`

Add Signature subclass for Transaction Signatures 2015-02-11 06:04:04 -08:00			`Signature.fromDER = Signature.fromBuffer = function(buf, strict) {`
fix some more tests 2014-12-15 14:50:34 -08:00			`var obj = Signature.parseDER(buf, strict);`
make creation methods class methods 2014-12-12 14:31:10 -08:00			`var sig = new Signature();`
verify signed messages ...and fix bug where i (recover param) was stored incorrectly 2014-08-22 16:15:44 -07:00
make creation methods class methods 2014-12-12 14:31:10 -08:00			`sig.r = obj.r;`
			`sig.s = obj.s;`

			`return sig;`
signature 2014-08-09 14:42:23 -07:00			`};`

make creation methods class methods 2014-12-12 14:31:10 -08:00			`// The format used in a tx`
			`Signature.fromTxFormat = function(buf) {`
			`var nhashtype = buf.readUInt8(buf.length - 1);`
			`var derbuf = buf.slice(0, buf.length - 1);`
			`var sig = new Signature.fromDER(derbuf, false);`
			`sig.nhashtype = nhashtype;`
			`return sig;`
			`};`
verify signed messages ...and fix bug where i (recover param) was stored incorrectly 2014-08-22 16:15:44 -07:00
make creation methods class methods 2014-12-12 14:31:10 -08:00			`Signature.fromString = function(str) {`
			`var buf = new Buffer(str, 'hex');`
			`return Signature.fromDER(buf);`
signature 2014-08-09 14:42:23 -07:00			`};`

fix some more tests 2014-12-15 14:50:34 -08:00
			`/**`
			`* In order to mimic the non-strict DER encoding of OpenSSL, set strict = false.`
			`*/`
			`Signature.parseDER = function(buf, strict) {`
refactoring interpreter 2014-12-19 13:28:52 -08:00			`$.checkArgument(BufferUtil.isBuffer(buf), new Error('DER formatted signature should be a buffer'));`
			`if (_.isUndefined(strict)) {`
fix some more tests 2014-12-15 14:50:34 -08:00			`strict = true;`
			`}`

signature 2014-08-09 14:42:23 -07:00			`var header = buf[0];`
refactoring interpreter 2014-12-19 13:28:52 -08:00			`$.checkArgument(header === 0x30, new Error('Header byte should be 0x30'));`
signature 2014-08-09 14:42:23 -07:00
			`var length = buf[1];`
fix some more tests 2014-12-15 14:50:34 -08:00			`var buflength = buf.slice(2).length;`
refactoring interpreter 2014-12-19 13:28:52 -08:00			`$.checkArgument(!strict \|\| length === buflength, new Error('Length byte should length of what follows'));`

			`length = length < buflength ? length : buflength;`
signature 2014-08-09 14:42:23 -07:00
			`var rheader = buf[2 + 0];`
refactoring interpreter 2014-12-19 13:28:52 -08:00			`$.checkArgument(rheader === 0x02, new Error('Integer byte for r should be 0x02'));`
signature 2014-08-09 14:42:23 -07:00
			`var rlength = buf[2 + 1];`
			`var rbuf = buf.slice(2 + 2, 2 + 2 + rlength);`
refactoring interpreter 2014-12-19 13:28:52 -08:00			`var r = BN.fromBuffer(rbuf);`
signature 2014-08-09 14:42:23 -07:00			`var rneg = buf[2 + 1 + 1] === 0x00 ? true : false;`
refactoring interpreter 2014-12-19 13:28:52 -08:00			`$.checkArgument(rlength === rbuf.length, new Error('Length of r incorrect'));`
signature 2014-08-09 14:42:23 -07:00
			`var sheader = buf[2 + 2 + rlength + 0];`
refactoring interpreter 2014-12-19 13:28:52 -08:00			`$.checkArgument(sheader === 0x02, new Error('Integer byte for s should be 0x02'));`
signature 2014-08-09 14:42:23 -07:00
			`var slength = buf[2 + 2 + rlength + 1];`
			`var sbuf = buf.slice(2 + 2 + rlength + 2, 2 + 2 + rlength + 2 + slength);`
refactoring interpreter 2014-12-19 13:28:52 -08:00			`var s = BN.fromBuffer(sbuf);`
signature 2014-08-09 14:42:23 -07:00			`var sneg = buf[2 + 2 + rlength + 2 + 2] === 0x00 ? true : false;`
refactoring interpreter 2014-12-19 13:28:52 -08:00			`$.checkArgument(slength === sbuf.length, new Error('Length of s incorrect'));`
signature 2014-08-09 14:42:23 -07:00
			`var sumlength = 2 + 2 + rlength + 2 + slength;`
refactoring interpreter 2014-12-19 13:28:52 -08:00			`$.checkArgument(length === sumlength - 2, new Error('Length of signature incorrect'));`
signature 2014-08-09 14:42:23 -07:00
			`var obj = {`
			`header: header,`
			`length: length,`
			`rheader: rheader,`
			`rlength: rlength,`
			`rneg: rneg,`
			`rbuf: rbuf,`
			`r: r,`
			`sheader: sheader,`
			`slength: slength,`
			`sneg: sneg,`
			`sbuf: sbuf,`
			`s: s`
			`};`

			`return obj;`
			`};`

fix some more tests 2014-12-15 14:50:34 -08:00
sign/verify with uncompressed pubkeys 2014-08-22 19:43:32 -07:00			`Signature.prototype.toCompact = function(i, compressed) {`
include i in sig obj + cosmetic improvements 2014-08-19 16:27:28 -07:00			`i = typeof i === 'number' ? i : this.i;`
sign/verify with uncompressed pubkeys 2014-08-22 19:43:32 -07:00			`compressed = typeof compressed === 'boolean' ? compressed : this.compressed;`

all script_valid tests passing! 2014-12-15 18:49:08 -08:00			`if (!(i === 0 \|\| i === 1 \|\| i === 2 \|\| i === 3)) {`
remove "(classname): " from tests ...to reduce the burden on writing new code 2014-08-20 13:03:07 -07:00			`throw new Error('i must be equal to 0, 1, 2, or 3');`
all script_valid tests passing! 2014-12-15 18:49:08 -08:00			`}`
adding some signature methods for script interpreting 2014-12-12 14:21:37 -08:00
sign/verify with uncompressed pubkeys 2014-08-22 19:43:32 -07:00			`var val = i + 27 + 4;`
			`if (compressed === false)`
			`val = val - 4;`
			`var b1 = new Buffer([val]);`
adding some signature methods for script interpreting 2014-12-12 14:21:37 -08:00			`var b2 = this.r.toBuffer({`
			`size: 32`
			`});`
			`var b3 = this.s.toBuffer({`
			`size: 32`
			`});`
signature 2014-08-09 14:42:23 -07:00			`return Buffer.concat([b1, b2, b3]);`
			`};`

add Interpreter docs and refactor a bit 2014-12-17 12:24:33 -08:00			`Signature.prototype.toBuffer = Signature.prototype.toDER = function() {`
signature 2014-08-09 14:42:23 -07:00			`var rnbuf = this.r.toBuffer();`
			`var snbuf = this.s.toBuffer();`

			`var rneg = rnbuf[0] & 0x80 ? true : false;`
			`var sneg = snbuf[0] & 0x80 ? true : false;`

			`var rbuf = rneg ? Buffer.concat([new Buffer([0x00]), rnbuf]) : rnbuf;`
			`var sbuf = sneg ? Buffer.concat([new Buffer([0x00]), snbuf]) : snbuf;`

			`var rlength = rbuf.length;`
			`var slength = sbuf.length;`
Refactor transaction to match new API * Refactor transaction into a different subfolder * Added a lot of tests for sighash and transaction serialization (from reddit's and Ryan X. Charles' `fullnode`) * Drop "only" from sighash tests and consolidate logs 2014-11-29 16:49:28 -08:00			`var length = 2 + rlength + 2 + slength;`
signature 2014-08-09 14:42:23 -07:00			`var rheader = 0x02;`
			`var sheader = 0x02;`
			`var header = 0x30;`

			`var der = Buffer.concat([new Buffer([header, length, rheader, rlength]), rbuf, new Buffer([sheader, slength]), sbuf]);`
			`return der;`
			`};`

			`Signature.prototype.toString = function() {`
			`var buf = this.toDER();`
			`return buf.toString('hex');`
			`};`
formatting 2014-08-19 12:02:34 -07:00
adding some signature methods for script interpreting 2014-12-12 14:21:37 -08:00			`/**`
			`* This function is translated from bitcoind's IsDERSignature and is used in`
			`* the script interpreter. This "DER" format actually includes an extra byte,`
			`* the nhashtype, at the end. It is really the tx format, not DER format.`
			`*`
			`* A canonical signature exists of: [30] [total len] [02] [len R] [R] [02] [len S] [S] [hashtype]`
			`* Where R and S are not negative (their first byte has its highest bit not set), and not`
			`* excessively padded (do not start with a 0 byte, unless an otherwise negative number follows,`
			`* in which case a single 0 byte is necessary and even required).`
			`*`
			`* See https://bitcointalk.org/index.php?topic=8392.msg127623#msg127623`
			`*/`
			`Signature.isTxDER = function(buf) {`
			`if (buf.length < 9) {`
			`// Non-canonical signature: too short`
			`return false;`
			`}`
			`if (buf.length > 73) {`
			`// Non-canonical signature: too long`
			`return false;`
			`}`
			`if (buf[0] !== 0x30) {`
			`// Non-canonical signature: wrong type`
			`return false;`
			`}`
			`if (buf[1] !== buf.length - 3) {`
			`// Non-canonical signature: wrong length marker`
			`return false;`
			`}`
			`var nLenR = buf[3];`
			`if (5 + nLenR >= buf.length) {`
			`// Non-canonical signature: S length misplaced`
			`return false;`
			`}`
			`var nLenS = buf[5 + nLenR];`
			`if ((nLenR + nLenS + 7) !== buf.length) {`
			`// Non-canonical signature: R+S length mismatch`
			`return false;`
			`}`

			`var R = buf.slice(4);`
			`if (buf[4 - 2] !== 0x02) {`
			`// Non-canonical signature: R value type mismatch`
			`return false;`
			`}`
			`if (nLenR === 0) {`
			`// Non-canonical signature: R length is zero`
			`return false;`
			`}`
			`if (R[0] & 0x80) {`
			`// Non-canonical signature: R value negative`
			`return false;`
			`}`
			`if (nLenR > 1 && (R[0] === 0x00) && !(R[1] & 0x80)) {`
			`// Non-canonical signature: R value excessively padded`
			`return false;`
			`}`

			`var S = buf.slice(6 + nLenR);`
			`if (buf[6 + nLenR - 2] !== 0x02) {`
			`// Non-canonical signature: S value type mismatch`
			`return false;`
			`}`
			`if (nLenS === 0) {`
			`// Non-canonical signature: S length is zero`
			`return false;`
			`}`
			`if (S[0] & 0x80) {`
			`// Non-canonical signature: S value negative`
			`return false;`
			`}`
			`if (nLenS > 1 && (S[0] === 0x00) && !(S[1] & 0x80)) {`
			`// Non-canonical signature: S value excessively padded`
			`return false;`
			`}`
			`return true;`
			`};`

			`/**`
			`* Compares to bitcoind's IsLowDERSignature`
			`* See also ECDSA signature algorithm which enforces this.`
			`* See also BIP 62, "low S values in signatures"`
			`*/`
			`Signature.prototype.hasLowS = function() {`
Fix invocations to binary operations called on numbers 2015-02-05 12:24:48 -08:00			`if (this.s.lt(new BN(1)) \|\|`
			`this.s.gt(new BN('7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0'))) {`
adding some signature methods for script interpreting 2014-12-12 14:21:37 -08:00			`return false;`
			`}`
			`return true;`
			`};`

			`/**`
			`* @returns true if the nhashtype is exactly equal to one of the standard options or combinations thereof.`
			`* Translated from bitcoind's IsDefinedHashtypeSignature`
			`*/`
			`Signature.prototype.hasDefinedHashtype = function() {`
			`if (this.nhashtype < Signature.SIGHASH_ALL \|\| this.nhashtype > Signature.SIGHASH_SINGLE) {`
			`return false;`
			`}`
			`return true;`
			`};`

			`Signature.prototype.toTxFormat = function() {`
			`var derbuf = this.toDER();`
			`var buf = new Buffer(1);`
			`buf.writeUInt8(this.nhashtype, 0);`
			`return Buffer.concat([derbuf, buf]);`
			`};`

Backport changes to ecdsa from fullnode 2014-12-09 06:15:31 -08:00			`Signature.SIGHASH_ALL = 0x01;`
			`Signature.SIGHASH_NONE = 0x02;`
			`Signature.SIGHASH_SINGLE = 0x03;`
			`Signature.SIGHASH_ANYONECANPAY = 0x80;`

signature 2014-08-09 14:42:23 -07:00			`module.exports = Signature;`