From 02c844dfbf9aebca49af7d6207d1a30fb1920e9f Mon Sep 17 00:00:00 2001 From: sairajzero Date: Thu, 24 Nov 2022 03:43:14 +0530 Subject: [PATCH] Update stdop --- btcOperator.js | 735 +++++++++++ lib.js | 3392 ++++++++++++++++++++++++++++++++++++++++++++---- 2 files changed, 3870 insertions(+), 257 deletions(-) create mode 100644 btcOperator.js diff --git a/btcOperator.js b/btcOperator.js new file mode 100644 index 0000000..d1f57fa --- /dev/null +++ b/btcOperator.js @@ -0,0 +1,735 @@ +(function (EXPORTS) { //btcOperator v1.0.14 + /* BTC Crypto and API Operator */ + const btcOperator = EXPORTS; + + //This library uses API provided by chain.so (https://chain.so/) + const URL = "https://chain.so/api/v2/"; + + const fetch_api = btcOperator.fetch = function (api) { + return new Promise((resolve, reject) => { + console.debug(URL + api); + fetch(URL + api).then(response => { + response.json() + .then(result => result.status === "success" ? resolve(result) : reject(result)) + .catch(error => reject(error)) + }).catch(error => reject(error)) + }) + }; + + const SATOSHI_IN_BTC = 1e8; + + function get_fee_rate() { + return new Promise((resolve, reject) => { + fetch('https://api.blockchain.info/mempool/fees').then(response => { + if (response.ok) + response.json() + .then(result => resolve(parseFloat((result.regular / SATOSHI_IN_BTC).toFixed(8)))) + .catch(error => reject(error)); + else + reject(response); + }).catch(error => reject(error)) + }) + } + + const broadcastTx = btcOperator.broadcastTx = rawTxHex => new Promise((resolve, reject) => { + let url = 'https://coinb.in/api/?uid=1&key=12345678901234567890123456789012&setmodule=bitcoin&request=sendrawtransaction'; + fetch(url, { + method: 'POST', + headers: { + 'Content-Type': 'application/x-www-form-urlencoded' + }, + body: "rawtx=" + rawTxHex + }).then(response => { + response.text().then(resultText => { + let r = resultText.match(/.*<\/result>/); + if (!r) + reject(resultText); + else { + r = r.pop().replace('', '').replace('', ''); + if (r == '1') { + let txid = resultText.match(/.*<\/txid>/).pop().replace('', '').replace('', ''); + resolve(txid); + } else if (r == '0') { + let error = resultText.match(/.*<\/response>/).pop().replace('', '').replace('', ''); + reject(decodeURIComponent(error.replace(/\+/g, " "))); + } else reject(resultText); + } + }).catch(error => reject(error)) + }).catch(error => reject(error)) + }); + + Object.defineProperties(btcOperator, { + newKeys: { + get: () => { + let r = coinjs.newKeys(); + r.segwitAddress = coinjs.segwitAddress(r.pubkey).address; + r.bech32Address = coinjs.bech32Address(r.pubkey).address; + return r; + } + }, + pubkey: { + value: key => key.length >= 66 ? key : (key.length == 64 ? coinjs.newPubkey(key) : coinjs.wif2pubkey(key).pubkey) + }, + address: { + value: (key, prefix = undefined) => coinjs.pubkey2address(btcOperator.pubkey(key), prefix) + }, + segwitAddress: { + value: key => coinjs.segwitAddress(btcOperator.pubkey(key)).address + }, + bech32Address: { + value: key => coinjs.bech32Address(btcOperator.pubkey(key)).address + } + }); + + coinjs.compressed = true; + + const verifyKey = btcOperator.verifyKey = function (addr, key) { + if (!addr || !key) + return undefined; + switch (coinjs.addressDecode(addr).type) { + case "standard": + return btcOperator.address(key) === addr; + case "multisig": + return btcOperator.segwitAddress(key) === addr; + case "bech32": + return btcOperator.bech32Address(key) === addr; + default: + return null; + } + } + + const validateAddress = btcOperator.validateAddress = function (addr) { + if (!addr) + return undefined; + let type = coinjs.addressDecode(addr).type; + if (["standard", "multisig", "bech32", "multisigBech32"].includes(type)) + return type; + else + return false; + } + + btcOperator.multiSigAddress = function (pubKeys, minRequired) { + if (!Array.isArray(pubKeys)) + throw "pubKeys must be an array of public keys"; + else if (pubKeys.length < minRequired) + throw "minimum required should be less than the number of pubKeys"; + return coinjs.pubkeys2MultisigAddress(pubKeys, minRequired); + } + + //convert from one blockchain to another blockchain (target version) + btcOperator.convert = {}; + + btcOperator.convert.wif = function (source_wif, target_version = coinjs.priv) { + let keyHex = decodeLegacy(source_wif).hex; + if (!keyHex || keyHex.length < 66 || !/01$/.test(keyHex)) + return null; + else + return encodeLegacy(keyHex, target_version); + } + + btcOperator.convert.legacy2legacy = function (source_addr, target_version = coinjs.pub) { + let rawHex = decodeLegacy(source_addr).hex; + if (!rawHex) + return null; + else + return encodeLegacy(rawHex, target_version); + } + + btcOperator.convert.legacy2bech = function (source_addr, target_version = coinjs.bech32.version, target_hrp = coinjs.bech32.hrp) { + let rawHex = decodeLegacy(source_addr).hex; + if (!rawHex) + return null; + else + return encodeBech32(rawHex, target_version, target_hrp); + } + + btcOperator.convert.bech2bech = function (source_addr, target_version = coinjs.bech32.version, target_hrp = coinjs.bech32.hrp) { + let rawHex = decodeBech32(source_addr).hex; + if (!rawHex) + return null; + else + return encodeBech32(rawHex, target_version, target_hrp); + } + + btcOperator.convert.bech2legacy = function (source_addr, target_version = coinjs.pub) { + let rawHex = decodeBech32(source_addr).hex; + if (!rawHex) + return null; + else + return encodeLegacy(rawHex, target_version); + } + + function decodeLegacy(source) { + var decode = coinjs.base58decode(source); + var raw = decode.slice(0, decode.length - 4), + checksum = decode.slice(decode.length - 4); + var hash = Crypto.SHA256(Crypto.SHA256(raw, { + asBytes: true + }), { + asBytes: true + }); + if (hash[0] != checksum[0] || hash[1] != checksum[1] || hash[2] != checksum[2] || hash[3] != checksum[3]) + return null; + let version = raw.shift(); + return { + version: version, + hex: Crypto.util.bytesToHex(raw) + } + } + + function encodeLegacy(hex, version) { + var bytes = Crypto.util.hexToBytes(hex); + bytes.unshift(version); + var hash = Crypto.SHA256(Crypto.SHA256(bytes, { + asBytes: true + }), { + asBytes: true + }); + var checksum = hash.slice(0, 4); + return coinjs.base58encode(bytes.concat(checksum)); + } + + function decodeBech32(source) { + let decode = coinjs.bech32_decode(source); + if (!decode) + return null; + var raw = decode.data; + let version = raw.shift(); + raw = coinjs.bech32_convert(raw, 5, 8, false); + return { + hrp: decode.hrp, + version: version, + hex: Crypto.util.bytesToHex(raw) + } + } + + function encodeBech32(hex, version, hrp) { + var bytes = Crypto.util.hexToBytes(hex); + bytes = coinjs.bech32_convert(bytes, 8, 5, true); + bytes.unshift(version) + return coinjs.bech32_encode(hrp, bytes); + } + + //BTC blockchain APIs + + btcOperator.getBalance = addr => new Promise((resolve, reject) => { + fetch_api(`get_address_balance/BTC/${addr}`) + .then(result => resolve(parseFloat(result.data.confirmed_balance))) + .catch(error => reject(error)) + }); + + const BASE_TX_SIZE = 12, + BASE_INPUT_SIZE = 41, + LEGACY_INPUT_SIZE = 107, + BECH32_INPUT_SIZE = 27, + SEGWIT_INPUT_SIZE = 59, + MULTISIG_INPUT_SIZE_ES = 351, + BASE_OUTPUT_SIZE = 9, + LEGACY_OUTPUT_SIZE = 25, + BECH32_OUTPUT_SIZE = 23, + SEGWIT_OUTPUT_SIZE = 23; + + function _redeemScript(addr, key) { + let decode = coinjs.addressDecode(addr); + switch (decode.type) { + case "standard": + return false; + case "multisig": + return key ? coinjs.segwitAddress(btcOperator.pubkey(key)).redeemscript : null; + case "bech32": + return decode.redeemscript; + default: + return null; + } + } + + function _sizePerInput(addr, rs) { + switch (coinjs.addressDecode(addr).type) { + case "standard": + return BASE_INPUT_SIZE + LEGACY_INPUT_SIZE; + case "bech32": + return BASE_INPUT_SIZE + BECH32_INPUT_SIZE; + case "multisig": + switch (coinjs.script().decodeRedeemScript(rs).type) { + case "segwit__": + return BASE_INPUT_SIZE + SEGWIT_INPUT_SIZE; + case "multisig__": + return BASE_INPUT_SIZE + MULTISIG_INPUT_SIZE_ES; + default: + return null; + }; + default: + return null; + } + } + + function _sizePerOutput(addr) { + switch (coinjs.addressDecode(addr).type) { + case "standard": + return BASE_OUTPUT_SIZE + LEGACY_OUTPUT_SIZE; + case "bech32": + return BASE_OUTPUT_SIZE + BECH32_OUTPUT_SIZE; + case "multisig": + return BASE_OUTPUT_SIZE + SEGWIT_OUTPUT_SIZE; + default: + return null; + } + } + + function validateTxParameters(parameters) { + let invalids = []; + //sender-ids + if (parameters.senders) { + if (!Array.isArray(parameters.senders)) + parameters.senders = [parameters.senders]; + parameters.senders.forEach(id => !validateAddress(id) ? invalids.push(id) : null); + if (invalids.length) + throw "Invalid senders:" + invalids; + } + if (parameters.privkeys) { + if (!Array.isArray(parameters.privkeys)) + parameters.privkeys = [parameters.privkeys]; + if (parameters.senders.length != parameters.privkeys.length) + throw "Array length for senders and privkeys should be equal"; + parameters.senders.forEach((id, i) => { + let key = parameters.privkeys[i]; + if (!verifyKey(id, key)) //verify private-key + invalids.push(id); + if (key.length === 64) //convert Hex to WIF if needed + parameters.privkeys[i] = coinjs.privkey2wif(key); + }); + if (invalids.length) + throw "Invalid keys:" + invalids; + } + //receiver-ids (and change-id) + if (!Array.isArray(parameters.receivers)) + parameters.receivers = [parameters.receivers]; + parameters.receivers.forEach(id => !validateAddress(id) ? invalids.push(id) : null); + if (invalids.length) + throw "Invalid receivers:" + invalids; + if (parameters.change_address && !validateAddress(parameters.change_address)) + throw "Invalid change_address:" + parameters.change_address; + //fee and amounts + if ((typeof parameters.fee !== "number" || parameters.fee <= 0) && parameters.fee !== null) //fee = null (auto calc) + throw "Invalid fee:" + parameters.fee; + if (!Array.isArray(parameters.amounts)) + parameters.amounts = [parameters.amounts]; + if (parameters.receivers.length != parameters.amounts.length) + throw "Array length for receivers and amounts should be equal"; + parameters.amounts.forEach(a => typeof a !== "number" || a <= 0 ? invalids.push(a) : null); + if (invalids.length) + throw "Invalid amounts:" + invalids; + //return + return parameters; + } + + function createTransaction(senders, redeemScripts, receivers, amounts, fee, change_address, fee_from_receiver) { + return new Promise((resolve, reject) => { + let total_amount = parseFloat(amounts.reduce((t, a) => t + a, 0).toFixed(8)); + const tx = coinjs.transaction(); + let output_size = addOutputs(tx, receivers, amounts, change_address); + addInputs(tx, senders, redeemScripts, total_amount, fee, output_size, fee_from_receiver).then(result => { + if (result.change_amount > 0) //add change amount if any + tx.outs[tx.outs.length - 1].value = parseInt(result.change_amount * SATOSHI_IN_BTC); //values are in satoshi + if (fee_from_receiver) { //deduce fee from receivers if fee_from_receiver + let fee_remaining = parseInt(result.fee * SATOSHI_IN_BTC); + for (let i = 0; i < tx.outs.length - 1 && fee_remaining > 0; i++) { + if (fee_remaining < tx.outs[i].value) { + tx.outs[i].value -= fee_remaining; + fee_remaining = 0; + } else { + fee_remaining -= tx.outs[i].value; + tx.outs[i].value = 0; + } + } + if (fee_remaining > 0) + return reject("Send amount is less than fee"); + + } + tx.outs = tx.outs.filter(o => o.value != 0); //remove all output with value 0 + result.output_size = output_size; + result.output_amount = total_amount - (fee_from_receiver ? result.fee : 0); + result.total_size = BASE_TX_SIZE + output_size + result.input_size; + result.transaction = tx; + resolve(result); + }).catch(error => reject(error)) + }) + } + + function addInputs(tx, senders, redeemScripts, total_amount, fee, output_size, fee_from_receiver) { + return new Promise((resolve, reject) => { + if (fee !== null) { + addUTXOs(tx, senders, redeemScripts, fee_from_receiver ? total_amount : total_amount + fee, false).then(result => { + result.fee = fee; + resolve(result); + }).catch(error => reject(error)) + } else { + get_fee_rate().then(fee_rate => { + let net_fee = BASE_TX_SIZE * fee_rate; + net_fee += (output_size * fee_rate); + (fee_from_receiver ? + addUTXOs(tx, senders, redeemScripts, total_amount, false) : + addUTXOs(tx, senders, redeemScripts, total_amount + net_fee, fee_rate) + ).then(result => { + result.fee = parseFloat((net_fee + (result.input_size * fee_rate)).toFixed(8)); + result.fee_rate = fee_rate; + resolve(result); + }).catch(error => reject(error)) + }).catch(error => reject(error)) + } + }) + } + + function addUTXOs(tx, senders, redeemScripts, required_amount, fee_rate, rec_args = {}) { + return new Promise((resolve, reject) => { + required_amount = parseFloat(required_amount.toFixed(8)); + if (typeof rec_args.n === "undefined") { + rec_args.n = 0; + rec_args.input_size = 0; + rec_args.input_amount = 0; + } + if (required_amount <= 0) + return resolve({ + input_size: rec_args.input_size, + input_amount: rec_args.input_amount, + change_amount: required_amount * -1 //required_amount will be -ve of change_amount + }); + else if (rec_args.n >= senders.length) + return reject("Insufficient Balance"); + let addr = senders[rec_args.n], + rs = redeemScripts[rec_args.n]; + let addr_type = coinjs.addressDecode(addr).type; + let size_per_input = _sizePerInput(addr, rs); + fetch_api(`get_tx_unspent/BTC/${addr}`).then(result => { + let utxos = result.data.txs; + console.debug("add-utxo", addr, rs, required_amount, utxos); + for (let i = 0; i < utxos.length && required_amount > 0; i++) { + if (!utxos[i].confirmations) //ignore unconfirmed utxo + continue; + var script; + if (!rs || !rs.length) //legacy script + script = utxos[i].script_hex; + else if (((rs.match(/^00/) && rs.length == 44)) || (rs.length == 40 && rs.match(/^[a-f0-9]+$/gi)) || addr_type === 'multisigBech32') { + //redeemScript for segwit/bech32 and multisig (bech32) + let s = coinjs.script(); + s.writeBytes(Crypto.util.hexToBytes(rs)); + s.writeOp(0); + s.writeBytes(coinjs.numToBytes((utxos[i].value * SATOSHI_IN_BTC).toFixed(0), 8)); + script = Crypto.util.bytesToHex(s.buffer); + } else //redeemScript for multisig (segwit) + script = rs; + tx.addinput(utxos[i].txid, utxos[i].output_no, script, 0xfffffffd /*sequence*/); //0xfffffffd for Replace-by-fee + //update track values + rec_args.input_size += size_per_input; + rec_args.input_amount += parseFloat(utxos[i].value); + required_amount -= parseFloat(utxos[i].value); + if (fee_rate) //automatic fee calculation (dynamic) + required_amount += size_per_input * fee_rate; + } + rec_args.n += 1; + addUTXOs(tx, senders, redeemScripts, required_amount, fee_rate, rec_args) + .then(result => resolve(result)) + .catch(error => reject(error)) + }).catch(error => reject(error)) + }) + } + + function addOutputs(tx, receivers, amounts, change_address) { + let size = 0; + for (let i in receivers) { + tx.addoutput(receivers[i], amounts[i]); + size += _sizePerOutput(receivers[i]); + } + tx.addoutput(change_address, 0); + size += _sizePerOutput(change_address); + return size; + } + + /* + function autoFeeCalc(tx) { + return new Promise((resolve, reject) => { + get_fee_rate().then(fee_rate => { + let tx_size = tx.size(); + for (var i = 0; i < this.ins.length; i++) + switch (tx.extractScriptKey(i).type) { + case 'scriptpubkey': + tx_size += SIGN_SIZE; + break; + case 'segwit': + case 'multisig': + tx_size += SIGN_SIZE * 0.25; + break; + default: + console.warn('Unknown script-type'); + tx_size += SIGN_SIZE; + } + resolve(tx_size * fee_rate); + }).catch(error => reject(error)) + }) + } + + function editFee(tx, current_fee, target_fee, index = -1) { + //values are in satoshi + index = parseInt(index >= 0 ? index : tx.outs.length - index); + if (index < 0 || index >= tx.outs.length) + throw "Invalid index"; + let edit_value = parseInt(current_fee - target_fee), //rip of any decimal places + current_value = tx.outs[index].value; //could be BigInterger + if (edit_value < 0 && edit_value > current_value) + throw "Insufficient value at vout"; + tx.outs[index].value = current_value instanceof BigInteger ? + current_value.add(new BigInteger('' + edit_value)) : parseInt(current_value + edit_value); + } + */ + + btcOperator.sendTx = function (senders, privkeys, receivers, amounts, fee = null, options = {}) { + return new Promise((resolve, reject) => { + createSignedTx(senders, privkeys, receivers, amounts, fee, options).then(result => { + debugger; + broadcastTx(result.transaction.serialize()) + .then(txid => resolve(txid)) + .catch(error => reject(error)); + }).catch(error => reject(error)) + }) + } + + const createSignedTx = btcOperator.createSignedTx = function (senders, privkeys, receivers, amounts, fee = null, options = {}) { + return new Promise((resolve, reject) => { + try { + ({ + senders, + privkeys, + receivers, + amounts + } = validateTxParameters({ + senders, + privkeys, + receivers, + amounts, + fee, + change_address: options.change_address + })); + } catch (e) { + return reject(e) + } + let redeemScripts = [], + wif_keys = []; + for (let i in senders) { + let rs = _redeemScript(senders[i], privkeys[i]); //get redeem-script (segwit/bech32) + redeemScripts.push(rs); + rs === false ? wif_keys.unshift(privkeys[i]) : wif_keys.push(privkeys[i]); //sorting private-keys (wif) + } + if (redeemScripts.includes(null)) //TODO: segwit + return reject("Unable to get redeem-script"); + //create transaction + createTransaction(senders, redeemScripts, receivers, amounts, fee, options.change_address || senders[0], options.fee_from_receiver).then(result => { + let tx = result.transaction; + console.debug("Unsigned:", tx.serialize()); + new Set(wif_keys).forEach(key => console.debug("Signing key:", key, tx.sign(key, 1 /*sighashtype*/))); //Sign the tx using private key WIF + console.debug("Signed:", tx.serialize()); + resolve(result); + }).catch(error => reject(error)); + }) + } + + btcOperator.createTx = function (senders, receivers, amounts, fee = null, options = {}) { + return new Promise((resolve, reject) => { + try { + ({ + senders, + receivers, + amounts + } = validateTxParameters({ + senders, + receivers, + amounts, + fee, + change_address: options.change_address + })); + } catch (e) { + return reject(e) + } + let redeemScripts = senders.map(id => _redeemScript(id)); + if (redeemScripts.includes(null)) //TODO: segwit + return reject("Unable to get redeem-script"); + //create transaction + createTransaction(senders, redeemScripts, receivers, amounts, fee, options.change_address || senders[0], options.fee_from_receiver).then(result => { + result.tx_hex = result.transaction.serialize(); + delete result.transaction; + resolve(result); + }).catch(error => reject(error)) + }) + } + + btcOperator.createMultiSigTx = function (sender, redeemScript, receivers, amounts, fee = null, options = {}) { + return new Promise((resolve, reject) => { + //validate tx parameters + if (validateAddress(sender) !== "multisig") + return reject("Invalid sender (multisig):" + sender); + else { + let script = coinjs.script(); + let decode = script.decodeRedeemScript(redeemScript); + if (!decode || decode.address !== sender) + return reject("Invalid redeem-script"); + } + try { + ({ + receivers, + amounts + } = validateTxParameters({ + receivers, + amounts, + fee, + change_address: options.change_address + })); + } catch (e) { + return reject(e) + } + //create transaction + createTransaction([sender], [redeemScript], receivers, amounts, fee, options.change_address || sender, options.fee_from_receiver).then(result => { + result.tx_hex = result.transaction.serialize(); + delete result.transaction; + resolve(result); + }).catch(error => reject(error)) + + }) + } + + function deserializeTx(tx) { + if (typeof tx === 'string' || Array.isArray(tx)) { + try { + tx = coinjs.transaction().deserialize(tx); + } catch { + throw "Invalid transaction hex"; + } + } else if (typeof tx !== 'object' || typeof tx.sign !== 'function') + throw "Invalid transaction object"; + return tx; + } + + btcOperator.signTx = function (tx, privkeys, sighashtype = 1) { + tx = deserializeTx(tx); + if (!Array.isArray(privkeys)) + privkeys = [privkeys]; + for (let i in privkeys) + if (privkeys[i].length === 64) + privkeys[i] = coinjs.privkey2wif(privkeys[i]); + new Set(privkeys).forEach(key => tx.sign(key, sighashtype)); //Sign the tx using private key WIF + return tx.serialize(); + } + + const checkSigned = btcOperator.checkSigned = function (tx, bool = true) { + tx = deserializeTx(tx); + let n = []; + for (let i in tx.ins) { + var s = tx.extractScriptKey(i); + if (s['type'] !== 'multisig') + n.push(s.signed == 'true' || (tx.witness[i] && tx.witness[i].length == 2)) + else { + var rs = coinjs.script().decodeRedeemScript(s.script); + let x = { + s: s['signatures'], + r: rs['signaturesRequired'], + t: rs['pubkeys'].length + }; + if (x.r > x.t) + throw "signaturesRequired is more than publicKeys"; + else if (x.s < x.r) + n.push(x); + else + n.push(true); + } + } + return bool ? !(n.filter(x => x !== true).length) : n; + } + + btcOperator.checkIfSameTx = function (tx1, tx2) { + tx1 = deserializeTx(tx1); + tx2 = deserializeTx(tx2); + if (tx1.ins.length !== tx2.ins.length || tx1.outs.length !== tx2.outs.length) + return false; + for (let i = 0; i < tx1.ins.length; i++) + if (tx1.ins[i].outpoint.hash !== tx2.ins[i].outpoint.hash || tx1.ins[i].outpoint.index !== tx2.ins[i].outpoint.index) + return false; + for (let i = 0; i < tx2.ins.length; i++) + if (tx1.outs[i].value !== tx2.outs[i].value || Crypto.util.bytesToHex(tx1.outs[i].script.buffer) !== Crypto.util.bytesToHex(tx2.outs[i].script.buffer)) + return false; + return true; + } + + const getTxOutput = (txid, i) => new Promise((resolve, reject) => { + fetch_api(`get_tx_outputs/BTC/${txid}/${i}`) + .then(result => resolve(result.data.outputs)) + .catch(error => reject(error)) + }); + + btcOperator.parseTransaction = function (tx) { + return new Promise((resolve, reject) => { + tx = deserializeTx(tx); + let result = {}; + let promises = []; + //Parse Inputs + for (let i = 0; i < tx.ins.length; i++) + promises.push(getTxOutput(tx.ins[i].outpoint.hash, tx.ins[i].outpoint.index)); + Promise.all(promises).then(inputs => { + result.inputs = inputs.map(inp => Object({ + address: inp.address, + value: parseFloat(inp.value) + })); + let signed = checkSigned(tx, false); + result.inputs.forEach((inp, i) => inp.signed = signed[i]); + //Parse Outputs + result.outputs = tx.outs.map(out => { + var address; + switch (out.script.chunks[0]) { + case 0: //bech32 + address = encodeBech32(Crypto.util.bytesToHex(out.script.chunks[1]), coinjs.bech32.version, coinjs.bech32.hrp); + break; + case 169: //multisig, segwit + address = encodeLegacy(Crypto.util.bytesToHex(out.script.chunks[1]), coinjs.multisig); + break; + case 118: //legacy + address = encodeLegacy(Crypto.util.bytesToHex(out.script.chunks[2]), coinjs.pub); + } + return { + address, + value: parseFloat(out.value / SATOSHI_IN_BTC) + } + }); + //Parse Totals + result.total_input = parseFloat(result.inputs.reduce((a, inp) => a += inp.value, 0).toFixed(8)); + result.total_output = parseFloat(result.outputs.reduce((a, out) => a += out.value, 0).toFixed(8)); + result.fee = parseFloat((result.total_input - result.total_output).toFixed(8)); + resolve(result); + }).catch(error => reject(error)) + }) + } + + btcOperator.transactionID = function (tx) { + tx = deserializeTx(tx); + let clone = coinjs.clone(tx); + clone.witness = null; + let raw_bytes = Crypto.util.hexToBytes(clone.serialize()); + let txid = Crypto.SHA256(Crypto.SHA256(raw_bytes, { asBytes: true }), { asBytes: true }).reverse(); + return Crypto.util.bytesToHex(txid); + } + + btcOperator.getTx = txid => new Promise((resolve, reject) => { + fetch_api(`get_tx/BTC/${txid}`) + .then(result => resolve(result.data)) + .catch(error => reject(error)) + }); + + btcOperator.getAddressData = addr => new Promise((resolve, reject) => { + fetch_api(`address/BTC/${addr}`) + .then(result => resolve(result.data)) + .catch(error => reject(error)) + }); + + btcOperator.getBlock = block => new Promise((resolve, reject) => { + fetch_api(`get_block/BTC/${block}`) + .then(result => resolve(result.data)) + .catch(error => reject(error)) + }); + +})('object' === typeof module ? module.exports : window.btcOperator = {}); \ No newline at end of file diff --git a/lib.js b/lib.js index 3a36bfc..8e66fea 100644 --- a/lib.js +++ b/lib.js @@ -1,12 +1,26 @@ -(function(GLOBAL) { //lib v1.2.2a (sub-set) +(function (GLOBAL) { //lib v1.3.2 (sub-set) 'use strict'; /* Utility Libraries required for Standard operations * All credits for these codes belong to their respective creators, moderators and owners. * For more info (including license and terms of use), please visit respective source. */ + GLOBAL.securedMathRandom = (function () { + if (typeof require === 'function') { + const crypto = require('crypto'); + return function () { + return crypto.randomBytes(4).readUInt32LE() / 0xffffffff; + } + } else if (GLOBAL.crypto && GLOBAL.crypto.getRandomValues) { + return function () { + return (GLOBAL.crypto.getRandomValues(new Uint32Array(1))[0] / 0xffffffff); + } + } else + throw Error('Unable to define securedMathRandom'); + })(); + //Crypto.js - (function() { + (function () { // Global Crypto object var Crypto = GLOBAL.Crypto = {}; /*! @@ -15,7 +29,7 @@ * Copyright (c) 2009-2013, Jeff Mott. All rights reserved. * http://code.google.com/p/crypto-js/wiki/License */ - (function() { + (function () { var base64map = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; @@ -23,17 +37,17 @@ var util = Crypto.util = { // Bit-wise rotate left - rotl: function(n, b) { + rotl: function (n, b) { return (n << b) | (n >>> (32 - b)); }, // Bit-wise rotate right - rotr: function(n, b) { + rotr: function (n, b) { return (n << (32 - b)) | (n >>> b); }, // Swap big-endian to little-endian and vice versa - endian: function(n) { + endian: function (n) { // If number given, swap endian if (n.constructor == Number) { @@ -49,28 +63,28 @@ }, // Generate an array of any length of random bytes - randomBytes: function(n) { + randomBytes: function (n) { for (var bytes = []; n > 0; n--) - bytes.push(Math.floor(Math.random() * 256)); + bytes.push(Math.floor(securedMathRandom() * 256)); return bytes; }, // Convert a byte array to big-endian 32-bit words - bytesToWords: function(bytes) { + bytesToWords: function (bytes) { for (var words = [], i = 0, b = 0; i < bytes.length; i++, b += 8) words[b >>> 5] |= (bytes[i] & 0xFF) << (24 - b % 32); return words; }, // Convert big-endian 32-bit words to a byte array - wordsToBytes: function(words) { + wordsToBytes: function (words) { for (var bytes = [], b = 0; b < words.length * 32; b += 8) bytes.push((words[b >>> 5] >>> (24 - b % 32)) & 0xFF); return bytes; }, // Convert a byte array to a hex string - bytesToHex: function(bytes) { + bytesToHex: function (bytes) { for (var hex = [], i = 0; i < bytes.length; i++) { hex.push((bytes[i] >>> 4).toString(16)); hex.push((bytes[i] & 0xF).toString(16)); @@ -79,14 +93,14 @@ }, // Convert a hex string to a byte array - hexToBytes: function(hex) { + hexToBytes: function (hex) { for (var bytes = [], c = 0; c < hex.length; c += 2) bytes.push(parseInt(hex.substr(c, 2), 16)); return bytes; }, // Convert a byte array to a base-64 string - bytesToBase64: function(bytes) { + bytesToBase64: function (bytes) { for (var base64 = [], i = 0; i < bytes.length; i += 3) { var triplet = (bytes[i] << 16) | (bytes[i + 1] << 8) | bytes[i + 2]; for (var j = 0; j < 4; j++) { @@ -100,7 +114,7 @@ }, // Convert a base-64 string to a byte array - base64ToBytes: function(base64) { + base64ToBytes: function (base64) { // Remove non-base-64 characters base64 = base64.replace(/[^A-Z0-9+\/]/ig, ""); @@ -122,12 +136,12 @@ var UTF8 = charenc.UTF8 = { // Convert a string to a byte array - stringToBytes: function(str) { + stringToBytes: function (str) { return Binary.stringToBytes(unescape(encodeURIComponent(str))); }, // Convert a byte array to a string - bytesToString: function(bytes) { + bytesToString: function (bytes) { return decodeURIComponent(escape(Binary.bytesToString(bytes))); } @@ -137,14 +151,14 @@ var Binary = charenc.Binary = { // Convert a string to a byte array - stringToBytes: function(str) { + stringToBytes: function (str) { for (var bytes = [], i = 0; i < str.length; i++) bytes.push(str.charCodeAt(i) & 0xFF); return bytes; }, // Convert a byte array to a string - bytesToString: function(bytes) { + bytesToString: function (bytes) { for (var str = [], i = 0; i < bytes.length; i++) str.push(String.fromCharCode(bytes[i])); return str.join(""); @@ -160,7 +174,7 @@ * (c) 2009-2012 by Jeff Mott. All rights reserved. * http://code.google.com/p/crypto-js/wiki/License */ - (function() { + (function () { // Shortcuts var C = Crypto, @@ -170,15 +184,15 @@ Binary = charenc.Binary; // Public API - var SHA1 = C.SHA1 = function(message, options) { + var SHA1 = C.SHA1 = function (message, options) { var digestbytes = util.wordsToBytes(SHA1._sha1(message)); return options && options.asBytes ? digestbytes : options && options.asString ? Binary.bytesToString(digestbytes) : - util.bytesToHex(digestbytes); + util.bytesToHex(digestbytes); }; // The core - SHA1._sha1 = function(message) { + SHA1._sha1 = function (message) { // Convert to byte array if (message.constructor == String) message = UTF8.stringToBytes(message); @@ -215,9 +229,9 @@ var t = ((H0 << 5) | (H0 >>> 27)) + H4 + (w[j] >>> 0) + ( j < 20 ? (H1 & H2 | ~H1 & H3) + 1518500249 : - j < 40 ? (H1 ^ H2 ^ H3) + 1859775393 : - j < 60 ? (H1 & H2 | H1 & H3 | H2 & H3) - 1894007588 : - (H1 ^ H2 ^ H3) - 899497514); + j < 40 ? (H1 ^ H2 ^ H3) + 1859775393 : + j < 60 ? (H1 & H2 | H1 & H3 | H2 & H3) - 1894007588 : + (H1 ^ H2 ^ H3) - 899497514); H4 = H3; H3 = H2; @@ -253,7 +267,7 @@ * (c) 2009-2012 by Jeff Mott. All rights reserved. * http://code.google.com/p/crypto-js/wiki/License */ - (function() { + (function () { // Shortcuts var C = Crypto, @@ -262,7 +276,7 @@ UTF8 = charenc.UTF8, Binary = charenc.Binary; - C.HMAC = function(hasher, message, key, options) { + C.HMAC = function (hasher, message, key, options) { // Convert to byte arrays if (message.constructor == String) message = UTF8.stringToBytes(message); @@ -291,7 +305,7 @@ return options && options.asBytes ? hmacbytes : options && options.asString ? Binary.bytesToString(hmacbytes) : - util.bytesToHex(hmacbytes); + util.bytesToHex(hmacbytes); }; @@ -305,7 +319,7 @@ * (c) 2009-2012 by Jeff Mott. All rights reserved. * http://code.google.com/p/crypto-js/wiki/License */ - (function() { + (function () { var d = Crypto, k = d.util, g = d.charenc, @@ -321,11 +335,11 @@ 506948616, 659060556, 883997877, 958139571, 1322822218, 1537002063, 1747873779, 1955562222, 2024104815, 2227730452, 2361852424, 2428436474, 2756734187, 3204031479, 3329325298 ], - e = d.SHA256 = function(b, c) { + e = d.SHA256 = function (b, c) { var f = k.wordsToBytes(e._sha256(b)); return c && c.asBytes ? f : c && c.asString ? a.bytesToString(f) : k.bytesToHex(f) }; - e._sha256 = function(a) { + e._sha256 = function (a) { a.constructor == String && (a = b.stringToBytes(a)); var e = k.bytesToWords(a), f = a.length * 8, @@ -348,7 +362,7 @@ for (h = 0; h < 64; h++) { h < 16 ? d[h] = e[h + t] : (l = d[h - 15], j = d[h - 2], d[h] = ((l << 25 | l >>> 7) ^ (l << 14 | l >>> 18) ^ l >>> 3) + (d[h - 7] >>> 0) + ((j << 15 | j >>> 17) ^ - (j << 13 | j >>> 19) ^ j >>> 10) + (d[h - 16] >>> 0)); + (j << 13 | j >>> 19) ^ j >>> 10) + (d[h - 16] >>> 0)); j = f & g ^ f & m ^ g & m; var u = (f << 30 | f >>> 2) ^ (f << 19 | f >>> 13) ^ (f << 10 | f >>> 22); l = (s >>> 0) + ((i << 26 | i >>> 6) ^ (i << 21 | i >>> 11) ^ (i << 7 | i >>> 25)) + @@ -377,13 +391,13 @@ e._blocksize = 16; e._digestsize = 32 })(); - (function() { + (function () { var d = Crypto, k = d.util, g = d.charenc, b = g.UTF8, a = g.Binary; - d.HMAC = function(c, e, d, g) { + d.HMAC = function (c, e, d, g) { e.constructor == String && (e = b.stringToBytes(e)); d.constructor == String && (d = b.stringToBytes(d)); d.length > c._blocksize * 4 && (d = c(d, { @@ -402,7 +416,7 @@ })(); //ripemd160.js - (function() { + (function () { /* CryptoJS v3.1.2 @@ -451,7 +465,7 @@ var hl = [0x00000000, 0x5A827999, 0x6ED9EBA1, 0x8F1BBCDC, 0xA953FD4E]; var hr = [0x50A28BE6, 0x5C4DD124, 0x6D703EF3, 0x7A6D76E9, 0x00000000]; - var bytesToWords = function(bytes) { + var bytesToWords = function (bytes) { var words = []; for (var i = 0, b = 0; i < bytes.length; i++, b += 8) { words[b >>> 5] |= bytes[i] << (24 - b % 32); @@ -459,7 +473,7 @@ return words; }; - var wordsToBytes = function(words) { + var wordsToBytes = function (words) { var bytes = []; for (var b = 0; b < words.length * 32; b += 8) { bytes.push((words[b >>> 5] >>> (24 - b % 32)) & 0xFF); @@ -467,7 +481,7 @@ return bytes; }; - var processBlock = function(H, M, offset) { + var processBlock = function (H, M, offset) { // Swap endian for (var i = 0; i < 16; i++) { @@ -603,7 +617,7 @@ })(); //BigInteger.js - (function() { + (function () { // Upstream 'BigInteger' here: // Original Author: http://www-cs-students.stanford.edu/~tjw/jsbn/ // Follows 'jsbn' on Github: https://github.com/jasondavies/jsbn @@ -628,7 +642,7 @@ if (a != null) if ("number" == typeof a) this.fromNumber(a, b, c); else if (b == null && "string" != typeof a) this.fromString(a, 256); - else this.fromString(a, b); + else this.fromString(a, b); }; // Bits per digit @@ -774,7 +788,7 @@ // (protected) copy this to r - BigInteger.prototype.copyTo = function(r) { + BigInteger.prototype.copyTo = function (r) { for (var i = this.t - 1; i >= 0; --i) r[i] = this[i]; r.t = this.t; r.s = this.s; @@ -782,7 +796,7 @@ // (protected) set from integer value x, -DV <= x < DV - BigInteger.prototype.fromInt = function(x) { + BigInteger.prototype.fromInt = function (x) { this.t = 1; this.s = (x < 0) ? -1 : 0; if (x > 0) this[0] = x; @@ -791,7 +805,7 @@ }; // (protected) set from string and radix - BigInteger.prototype.fromString = function(s, b) { + BigInteger.prototype.fromString = function (s, b) { var k; if (b == 16) k = 4; else if (b == 8) k = 3; @@ -835,13 +849,13 @@ // (protected) clamp off excess high words - BigInteger.prototype.clamp = function() { + BigInteger.prototype.clamp = function () { var c = this.s & this.DM; while (this.t > 0 && this[this.t - 1] == c) --this.t; }; // (protected) r = this << n*DB - BigInteger.prototype.dlShiftTo = function(n, r) { + BigInteger.prototype.dlShiftTo = function (n, r) { var i; for (i = this.t - 1; i >= 0; --i) r[i + n] = this[i]; for (i = n - 1; i >= 0; --i) r[i] = 0; @@ -850,7 +864,7 @@ }; // (protected) r = this >> n*DB - BigInteger.prototype.drShiftTo = function(n, r) { + BigInteger.prototype.drShiftTo = function (n, r) { for (var i = n; i < this.t; ++i) r[i - n] = this[i]; r.t = Math.max(this.t - n, 0); r.s = this.s; @@ -858,7 +872,7 @@ // (protected) r = this << n - BigInteger.prototype.lShiftTo = function(n, r) { + BigInteger.prototype.lShiftTo = function (n, r) { var bs = n % this.DB; var cbs = this.DB - bs; var bm = (1 << cbs) - 1; @@ -878,7 +892,7 @@ // (protected) r = this >> n - BigInteger.prototype.rShiftTo = function(n, r) { + BigInteger.prototype.rShiftTo = function (n, r) { r.s = this.s; var ds = Math.floor(n / this.DB); if (ds >= this.t) { @@ -900,7 +914,7 @@ // (protected) r = this - a - BigInteger.prototype.subTo = function(a, r) { + BigInteger.prototype.subTo = function (a, r) { var i = 0, c = 0, m = Math.min(a.t, this.t); @@ -936,7 +950,7 @@ // (protected) r = this * a, r != this,a (HAC 14.12) // "this" should be the larger one if appropriate. - BigInteger.prototype.multiplyTo = function(a, r) { + BigInteger.prototype.multiplyTo = function (a, r) { var x = this.abs(), y = a.abs(); var i = x.t; @@ -950,7 +964,7 @@ // (protected) r = this^2, r != this (HAC 14.16) - BigInteger.prototype.squareTo = function(r) { + BigInteger.prototype.squareTo = function (r) { var x = this.abs(); var i = r.t = 2 * x.t; while (--i >= 0) r[i] = 0; @@ -970,7 +984,7 @@ // (protected) divide this by m, quotient and remainder to q, r (HAC 14.20) // r != q, this != m. q or r may be null. - BigInteger.prototype.divRemTo = function(m, q, r) { + BigInteger.prototype.divRemTo = function (m, q, r) { var pm = m.abs(); if (pm.t <= 0) return; var pt = this.abs(); @@ -1039,7 +1053,7 @@ // if y is 1/x mod m, then y(2-xy) is 1/x mod m^2 // should reduce x and y(2-xy) by m^2 at each step to keep size bounded. // JS multiply "overflows" differently from C/C++, so care is needed here. - BigInteger.prototype.invDigit = function() { + BigInteger.prototype.invDigit = function () { if (this.t < 1) return 0; var x = this[0]; if ((x & 1) == 0) return 0; @@ -1056,13 +1070,13 @@ // (protected) true iff this is even - BigInteger.prototype.isEven = function() { + BigInteger.prototype.isEven = function () { return ((this.t > 0) ? (this[0] & 1) : this.s) == 0; }; // (protected) this^e, e < 2^32, doing sqr and mul with "r" (HAC 14.79) - BigInteger.prototype.exp = function(e, z) { + BigInteger.prototype.exp = function (e, z) { if (e > 0xffffffff || e < 1) return BigInteger.ONE; var r = nbi(), r2 = nbi(), @@ -1083,7 +1097,7 @@ // (public) return string representation in given radix - BigInteger.prototype.toString = function(b) { + BigInteger.prototype.toString = function (b) { if (this.s < 0) return "-" + this.negate().toString(b); var k; if (b == 16) k = 4; @@ -1122,19 +1136,19 @@ // (public) -this - BigInteger.prototype.negate = function() { + BigInteger.prototype.negate = function () { var r = nbi(); BigInteger.ZERO.subTo(this, r); return r; }; // (public) |this| - BigInteger.prototype.abs = function() { + BigInteger.prototype.abs = function () { return (this.s < 0) ? this.negate() : this; }; // (public) return + if this > a, - if this < a, 0 if equal - BigInteger.prototype.compareTo = function(a) { + BigInteger.prototype.compareTo = function (a) { var r = this.s - a.s; if (r != 0) return r; var i = this.t; @@ -1146,13 +1160,13 @@ } // (public) return the number of bits in "this" - BigInteger.prototype.bitLength = function() { + BigInteger.prototype.bitLength = function () { if (this.t <= 0) return 0; return this.DB * (this.t - 1) + nbits(this[this.t - 1] ^ (this.s & this.DM)); }; // (public) this mod a - BigInteger.prototype.mod = function(a) { + BigInteger.prototype.mod = function (a) { var r = nbi(); this.abs().divRemTo(a, null, r); if (this.s < 0 && r.compareTo(BigInteger.ZERO) > 0) a.subTo(r, r); @@ -1160,7 +1174,7 @@ } // (public) this^e % m, 0 <= e < 2^32 - BigInteger.prototype.modPowInt = function(e, m) { + BigInteger.prototype.modPowInt = function (e, m) { var z; if (e < 256 || m.isEven()) z = new Classic(m); else z = new Montgomery(m); @@ -1242,12 +1256,12 @@ // (protected) return x s.t. r^x < DV - BigInteger.prototype.chunkSize = function(r) { + BigInteger.prototype.chunkSize = function (r) { return Math.floor(Math.LN2 * this.DB / Math.log(r)); }; // (protected) convert to radix string - BigInteger.prototype.toRadix = function(b) { + BigInteger.prototype.toRadix = function (b) { if (b == null) b = 10; if (this.signum() == 0 || b < 2 || b > 36) return "0"; var cs = this.chunkSize(b); @@ -1265,7 +1279,7 @@ }; // (protected) convert from radix string - BigInteger.prototype.fromRadix = function(s, b) { + BigInteger.prototype.fromRadix = function (s, b) { this.fromInt(0); if (b == null) b = 10; var cs = this.chunkSize(b); @@ -1295,7 +1309,7 @@ }; // (protected) alternate constructor - BigInteger.prototype.fromNumber = function(a, b, c) { + BigInteger.prototype.fromNumber = function (a, b, c) { if ("number" == typeof b) { // new BigInteger(int,int,RNG) if (a < 2) this.fromInt(1); @@ -1322,7 +1336,7 @@ }; // (protected) r = this op a (bitwise) - BigInteger.prototype.bitwiseTo = function(a, op, r) { + BigInteger.prototype.bitwiseTo = function (a, op, r) { var i, f, m = Math.min(a.t, this.t); for (i = 0; i < m; ++i) r[i] = op(this[i], a[i]); if (a.t < this.t) { @@ -1339,14 +1353,14 @@ }; // (protected) this op (1<= 0, 1 < n < DV - BigInteger.prototype.dMultiply = function(n) { + BigInteger.prototype.dMultiply = function (n) { this[this.t] = this.am(0, n - 1, this, 0, 0, this.t); ++this.t; this.clamp(); }; // (protected) this += n << w words, this >= 0 - BigInteger.prototype.dAddOffset = function(n, w) { + BigInteger.prototype.dAddOffset = function (n, w) { if (n == 0) return; while (this.t <= w) this[this.t++] = 0; this[w] += n; @@ -1400,7 +1414,7 @@ // (protected) r = lower n words of "this * a", a.t <= n // "this" should be the larger one if appropriate. - BigInteger.prototype.multiplyLowerTo = function(a, n, r) { + BigInteger.prototype.multiplyLowerTo = function (a, n, r) { var i = Math.min(this.t + a.t, n); r.s = 0; // assumes a,this >= 0 r.t = i; @@ -1414,7 +1428,7 @@ // (protected) r = "this * a" without lower n words, n > 0 // "this" should be the larger one if appropriate. - BigInteger.prototype.multiplyUpperTo = function(a, n, r) { + BigInteger.prototype.multiplyUpperTo = function (a, n, r) { --n; var i = r.t = this.t + a.t - n; r.s = 0; // assumes a,this >= 0 @@ -1426,7 +1440,7 @@ }; // (protected) this % n, n < 2^26 - BigInteger.prototype.modInt = function(n) { + BigInteger.prototype.modInt = function (n) { if (n <= 0) return 0; var d = this.DV % n, r = (this.s < 0) ? n - 1 : 0; @@ -1439,7 +1453,7 @@ // (protected) true if probably prime (HAC 4.24, Miller-Rabin) - BigInteger.prototype.millerRabin = function(t) { + BigInteger.prototype.millerRabin = function (t) { var n1 = this.subtract(BigInteger.ONE); var k = n1.getLowestSetBit(); if (k <= 0) return false; @@ -1449,7 +1463,7 @@ var a = nbi(); for (var i = 0; i < t; ++i) { //Pick bases at random, instead of starting at 2 - a.fromInt(lowprimes[Math.floor(Math.random() * lowprimes.length)]); + a.fromInt(lowprimes[Math.floor(securedMathRandom() * lowprimes.length)]); var y = a.modPow(r, this); if (y.compareTo(BigInteger.ONE) != 0 && y.compareTo(n1) != 0) { var j = 1; @@ -1466,14 +1480,14 @@ // (public) - BigInteger.prototype.clone = function() { + BigInteger.prototype.clone = function () { var r = nbi(); this.copyTo(r); return r; }; // (public) return value as integer - BigInteger.prototype.intValue = function() { + BigInteger.prototype.intValue = function () { if (this.s < 0) { if (this.t == 1) return this[0] - this.DV; else if (this.t == 0) return -1; @@ -1485,17 +1499,17 @@ // (public) return value as byte - BigInteger.prototype.byteValue = function() { + BigInteger.prototype.byteValue = function () { return (this.t == 0) ? this.s : (this[0] << 24) >> 24; }; // (public) return value as short (assumes DB>=16) - BigInteger.prototype.shortValue = function() { + BigInteger.prototype.shortValue = function () { return (this.t == 0) ? this.s : (this[0] << 16) >> 16; }; // (public) 0 if this == 0, 1 if this > 0 - BigInteger.prototype.signum = function() { + BigInteger.prototype.signum = function () { if (this.s < 0) return -1; else if (this.t <= 0 || (this.t == 1 && this[0] <= 0)) return 0; else return 1; @@ -1503,7 +1517,7 @@ // (public) convert to bigendian byte array - BigInteger.prototype.toByteArray = function() { + BigInteger.prototype.toByteArray = function () { var i = this.t, r = new Array(); r[0] = this.s; @@ -1531,13 +1545,13 @@ return r; }; - BigInteger.prototype.equals = function(a) { + BigInteger.prototype.equals = function (a) { return (this.compareTo(a) == 0); }; - BigInteger.prototype.min = function(a) { + BigInteger.prototype.min = function (a) { return (this.compareTo(a) < 0) ? this : a; }; - BigInteger.prototype.max = function(a) { + BigInteger.prototype.max = function (a) { return (this.compareTo(a) > 0) ? this : a; }; @@ -1545,7 +1559,7 @@ function op_and(x, y) { return x & y; } - BigInteger.prototype.and = function(a) { + BigInteger.prototype.and = function (a) { var r = nbi(); this.bitwiseTo(a, op_and, r); return r; @@ -1555,7 +1569,7 @@ function op_or(x, y) { return x | y; } - BigInteger.prototype.or = function(a) { + BigInteger.prototype.or = function (a) { var r = nbi(); this.bitwiseTo(a, op_or, r); return r; @@ -1565,7 +1579,7 @@ function op_xor(x, y) { return x ^ y; } - BigInteger.prototype.xor = function(a) { + BigInteger.prototype.xor = function (a) { var r = nbi(); this.bitwiseTo(a, op_xor, r); return r; @@ -1575,14 +1589,14 @@ function op_andnot(x, y) { return x & ~y; } - BigInteger.prototype.andNot = function(a) { + BigInteger.prototype.andNot = function (a) { var r = nbi(); this.bitwiseTo(a, op_andnot, r); return r; }; // (public) ~this - BigInteger.prototype.not = function() { + BigInteger.prototype.not = function () { var r = nbi(); for (var i = 0; i < this.t; ++i) r[i] = this.DM & ~this[i]; r.t = this.t; @@ -1591,7 +1605,7 @@ }; // (public) this << n - BigInteger.prototype.shiftLeft = function(n) { + BigInteger.prototype.shiftLeft = function (n) { var r = nbi(); if (n < 0) this.rShiftTo(-n, r); else this.lShiftTo(n, r); @@ -1599,7 +1613,7 @@ }; // (public) this >> n - BigInteger.prototype.shiftRight = function(n) { + BigInteger.prototype.shiftRight = function (n) { var r = nbi(); if (n < 0) this.lShiftTo(-n, r); else this.rShiftTo(n, r); @@ -1607,7 +1621,7 @@ }; // (public) returns index of lowest 1-bit (or -1 if none) - BigInteger.prototype.getLowestSetBit = function() { + BigInteger.prototype.getLowestSetBit = function () { for (var i = 0; i < this.t; ++i) if (this[i] != 0) return i * this.DB + lbit(this[i]); if (this.s < 0) return this.t * this.DB; @@ -1615,7 +1629,7 @@ }; // (public) return number of set bits - BigInteger.prototype.bitCount = function() { + BigInteger.prototype.bitCount = function () { var r = 0, x = this.s & this.DM; for (var i = 0; i < this.t; ++i) r += cbit(this[i] ^ x); @@ -1623,56 +1637,56 @@ }; // (public) true iff nth bit is set - BigInteger.prototype.testBit = function(n) { + BigInteger.prototype.testBit = function (n) { var j = Math.floor(n / this.DB); if (j >= this.t) return (this.s != 0); return ((this[j] & (1 << (n % this.DB))) != 0); }; // (public) this | (1<= 1-.5^t - BigInteger.prototype.isProbablePrime = function(t) { + BigInteger.prototype.isProbablePrime = function (t) { var i, x = this.abs(); if (x.t == 1 && x[0] <= lowprimes[lowprimes.length - 1]) { for (i = 0; i < lowprimes.length; ++i) @@ -1879,7 +1893,7 @@ // JSBN-specific extension // (public) this^2 - BigInteger.prototype.square = function() { + BigInteger.prototype.square = function () { var r = nbi(); this.squareTo(r); return r; @@ -1907,13 +1921,13 @@ * This returns the absolute of the contained value in big endian * form. A value of zero results in an empty array. */ - BigInteger.prototype.toByteArrayUnsigned = function() { + BigInteger.prototype.toByteArrayUnsigned = function () { var ba = this.abs().toByteArray(); if (ba.length) { if (ba[0] == 0) { ba = ba.slice(1); } - return ba.map(function(v) { + return ba.map(function (v) { return (v < 0) ? v + 256 : v; }); } else { @@ -1928,7 +1942,7 @@ * This function will interpret a byte array as a big integer in big * endian notation and ignore leading zeros. */ - BigInteger.fromByteArrayUnsigned = function(ba) { + BigInteger.fromByteArrayUnsigned = function (ba) { if (!ba.length) { return ba.valueOf(0); } else if (ba[0] & 0x80) { @@ -1964,7 +1978,7 @@ * 62300 => 0x00f35c * -62300 => 0x80f35c */ - BigInteger.prototype.toByteArraySigned = function() { + BigInteger.prototype.toByteArraySigned = function () { var val = this.abs().toByteArrayUnsigned(); var neg = this.compareTo(BigInteger.ZERO) < 0; @@ -1988,7 +2002,7 @@ * * For details on the format please see BigInteger.toByteArraySigned. */ - BigInteger.fromByteArraySigned = function(ba) { + BigInteger.fromByteArraySigned = function (ba) { // Check for negative value if (ba[0] & 0x80) { // Remove sign bit @@ -2010,21 +2024,21 @@ var Classic = GLOBAL.Classic = function Classic(m) { this.m = m; } - Classic.prototype.convert = function(x) { + Classic.prototype.convert = function (x) { if (x.s < 0 || x.compareTo(this.m) >= 0) return x.mod(this.m); else return x; }; - Classic.prototype.revert = function(x) { + Classic.prototype.revert = function (x) { return x; }; - Classic.prototype.reduce = function(x) { + Classic.prototype.reduce = function (x) { x.divRemTo(this.m, null, x); }; - Classic.prototype.mulTo = function(x, y, r) { + Classic.prototype.mulTo = function (x, y, r) { x.multiplyTo(y, r); this.reduce(r); }; - Classic.prototype.sqrTo = function(x, r) { + Classic.prototype.sqrTo = function (x, r) { x.squareTo(r); this.reduce(r); }; @@ -2043,7 +2057,7 @@ this.mt2 = 2 * m.t; } // xR mod m - Montgomery.prototype.convert = function(x) { + Montgomery.prototype.convert = function (x) { var r = nbi(); x.abs().dlShiftTo(this.m.t, r); r.divRemTo(this.m, null, r); @@ -2051,14 +2065,14 @@ return r; } // x/R mod m - Montgomery.prototype.revert = function(x) { + Montgomery.prototype.revert = function (x) { var r = nbi(); x.copyTo(r); this.reduce(r); return r; }; // x = x/R mod m (HAC 14.32) - Montgomery.prototype.reduce = function(x) { + Montgomery.prototype.reduce = function (x) { while (x.t <= this.mt2) // pad x so am has enough room later x[x.t++] = 0; for (var i = 0; i < this.m.t; ++i) { @@ -2079,12 +2093,12 @@ if (x.compareTo(this.m) >= 0) x.subTo(this.m, x); }; // r = "xy/R mod m"; x,y != r - Montgomery.prototype.mulTo = function(x, y, r) { + Montgomery.prototype.mulTo = function (x, y, r) { x.multiplyTo(y, r); this.reduce(r); }; // r = "x^2/R mod m"; x != r - Montgomery.prototype.sqrTo = function(x, r) { + Montgomery.prototype.sqrTo = function (x, r) { x.squareTo(r); this.reduce(r); }; @@ -2094,17 +2108,17 @@ // A "null" reducer - var NullExp = GLOBAL.NullExp = function NullExp() {} - NullExp.prototype.convert = function(x) { + var NullExp = GLOBAL.NullExp = function NullExp() { } + NullExp.prototype.convert = function (x) { return x; }; - NullExp.prototype.revert = function(x) { + NullExp.prototype.revert = function (x) { return x; }; - NullExp.prototype.mulTo = function(x, y, r) { + NullExp.prototype.mulTo = function (x, y, r) { x.multiplyTo(y, r); }; - NullExp.prototype.sqrTo = function(x, r) { + NullExp.prototype.sqrTo = function (x, r) { x.squareTo(r); }; @@ -2121,7 +2135,7 @@ this.mu = this.r2.divide(m); this.m = m; } - Barrett.prototype.convert = function(x) { + Barrett.prototype.convert = function (x) { if (x.s < 0 || x.t > 2 * this.m.t) return x.mod(this.m); else if (x.compareTo(this.m) < 0) return x; else { @@ -2131,11 +2145,11 @@ return r; } }; - Barrett.prototype.revert = function(x) { + Barrett.prototype.revert = function (x) { return x; }; // x = x mod m (HAC 14.42) - Barrett.prototype.reduce = function(x) { + Barrett.prototype.reduce = function (x) { x.drShiftTo(this.m.t - 1, this.r2); if (x.t > this.m.t + 1) { x.t = this.m.t + 1; @@ -2148,12 +2162,12 @@ while (x.compareTo(this.m) >= 0) x.subTo(this.m, x); }; // r = x*y mod m; x,y != r - Barrett.prototype.mulTo = function(x, y, r) { + Barrett.prototype.mulTo = function (x, y, r) { x.multiplyTo(y, r); this.reduce(r); }; // r = x^2 mod m; x != r - Barrett.prototype.sqrTo = function(x, r) { + Barrett.prototype.sqrTo = function (x, r) { x.squareTo(r); this.reduce(r); }; @@ -2169,7 +2183,7 @@ })(); //ellipticcurve.js - (function() { + (function () { /*! * Basic Javascript Elliptic Curve implementation * Ported loosely from BouncyCastle's Java EC code @@ -2179,53 +2193,53 @@ * http://www-cs-students.stanford.edu/~tjw/jsbn/LICENSE */ // Constructor function of Global EllipticCurve object - var ec = GLOBAL.EllipticCurve = function() {}; + var ec = GLOBAL.EllipticCurve = function () { }; // ---------------- // ECFieldElementFp constructor // q instanceof BigInteger // x instanceof BigInteger - ec.FieldElementFp = function(q, x) { + ec.FieldElementFp = function (q, x) { this.x = x; // TODO if(x.compareTo(q) >= 0) error this.q = q; }; - ec.FieldElementFp.prototype.equals = function(other) { + ec.FieldElementFp.prototype.equals = function (other) { if (other == this) return true; return (this.q.equals(other.q) && this.x.equals(other.x)); }; - ec.FieldElementFp.prototype.toBigInteger = function() { + ec.FieldElementFp.prototype.toBigInteger = function () { return this.x; }; - ec.FieldElementFp.prototype.negate = function() { + ec.FieldElementFp.prototype.negate = function () { return new ec.FieldElementFp(this.q, this.x.negate().mod(this.q)); }; - ec.FieldElementFp.prototype.add = function(b) { + ec.FieldElementFp.prototype.add = function (b) { return new ec.FieldElementFp(this.q, this.x.add(b.toBigInteger()).mod(this.q)); }; - ec.FieldElementFp.prototype.subtract = function(b) { + ec.FieldElementFp.prototype.subtract = function (b) { return new ec.FieldElementFp(this.q, this.x.subtract(b.toBigInteger()).mod(this.q)); }; - ec.FieldElementFp.prototype.multiply = function(b) { + ec.FieldElementFp.prototype.multiply = function (b) { return new ec.FieldElementFp(this.q, this.x.multiply(b.toBigInteger()).mod(this.q)); }; - ec.FieldElementFp.prototype.square = function() { + ec.FieldElementFp.prototype.square = function () { return new ec.FieldElementFp(this.q, this.x.square().mod(this.q)); }; - ec.FieldElementFp.prototype.divide = function(b) { + ec.FieldElementFp.prototype.divide = function (b) { return new ec.FieldElementFp(this.q, this.x.multiply(b.toBigInteger().modInverse(this.q)).mod( this.q)); }; - ec.FieldElementFp.prototype.getByteLength = function() { + ec.FieldElementFp.prototype.getByteLength = function () { return Math.floor((this.toBigInteger().bitLength() + 7) / 8); }; @@ -2237,7 +2251,7 @@ * Copyright (c) 2000 - 2011 The Legion Of The Bouncy Castle (http://www.bouncycastle.org) * Ported to JavaScript by bitaddress.org */ - ec.FieldElementFp.prototype.sqrt = function() { + ec.FieldElementFp.prototype.sqrt = function () { if (!this.q.testBit(0)) throw new Error("even value of q"); // p mod 4 == 3 @@ -2265,7 +2279,7 @@ P = new BigInteger(this.q.bitLength(), rand); } while (P.compareTo(this.q) >= 0 || !(P.multiply(P).subtract(fourQ).modPow(legendreExponent, - this.q).equals(qMinusOne))); + this.q).equals(qMinusOne))); var result = ec.FieldElementFp.fastLucasSequence(this.q, P, Q, k); @@ -2289,7 +2303,7 @@ * contribution from Simon Greatrix */ - (function(C) { + (function (C) { // Create pad namespace var C_pad = C.pad = {}; @@ -2302,7 +2316,7 @@ } // Remove padding when the final byte gives the number of padding bytes. - var _unpadLength = function(cipher, message, alg, padding) { + var _unpadLength = function (cipher, message, alg, padding) { var pad = message.pop(); if (pad == 0) { throw new Error("Invalid zero-length padding specified for " + alg + @@ -2326,8 +2340,8 @@ // No-operation padding, used for stream ciphers C_pad.NoPadding = { - pad: function(cipher, message) {}, - unpad: function(cipher, message) {} + pad: function (cipher, message) { }, + unpad: function (cipher, message) { } }; // Zero Padding. @@ -2335,7 +2349,7 @@ // If the message is not an exact number of blocks, the final block is // completed with 0x00 bytes. There is no unpadding. C_pad.ZeroPadding = { - pad: function(cipher, message) { + pad: function (cipher, message) { var blockSizeInBytes = cipher._blocksize * 4; var reqd = message.length % blockSizeInBytes; if (reqd != 0) { @@ -2345,7 +2359,7 @@ } }, - unpad: function(cipher, message) { + unpad: function (cipher, message) { while (message[message.length - 1] == 0) { message.pop(); } @@ -2357,7 +2371,7 @@ // Pads the plain text with an 0x80 byte followed by as many 0x00 // bytes are required to complete the block. C_pad.iso7816 = { - pad: function(cipher, message) { + pad: function (cipher, message) { var reqd = _requiredPadding(cipher, message); message.push(0x80); for (; reqd > 1; reqd--) { @@ -2365,7 +2379,7 @@ } }, - unpad: function(cipher, message) { + unpad: function (cipher, message) { var padLength; for (padLength = cipher._blocksize * 4; padLength > 0; padLength--) { var b = message.pop(); @@ -2386,7 +2400,7 @@ // The final block is padded with zeros except for the last byte of the // last block which contains the number of padding bytes. C_pad.ansix923 = { - pad: function(cipher, message) { + pad: function (cipher, message) { var reqd = _requiredPadding(cipher, message); for (var i = 1; i < reqd; i++) { message.push(0x00); @@ -2394,7 +2408,7 @@ message.push(reqd); }, - unpad: function(cipher, message) { + unpad: function (cipher, message) { _unpadLength(cipher, message, "ANSI X.923", 0); } }; @@ -2404,15 +2418,15 @@ // The final block is padded with random bytes except for the last // byte of the last block which contains the number of padding bytes. C_pad.iso10126 = { - pad: function(cipher, message) { + pad: function (cipher, message) { var reqd = _requiredPadding(cipher, message); for (var i = 1; i < reqd; i++) { - message.push(Math.floor(Math.random() * 256)); + message.push(Math.floor(securedMathRandom() * 256)); } message.push(reqd); }, - unpad: function(cipher, message) { + unpad: function (cipher, message) { _unpadLength(cipher, message, "ISO 10126", undefined); } }; @@ -2423,14 +2437,14 @@ // value of each added byte is the number of bytes that are added, // i.e. N bytes, each of value N are added. C_pad.pkcs7 = { - pad: function(cipher, message) { + pad: function (cipher, message) { var reqd = _requiredPadding(cipher, message); for (var i = 0; i < reqd; i++) { message.push(reqd); } }, - unpad: function(cipher, message) { + unpad: function (cipher, message) { _unpadLength(cipher, message, "PKCS 7", message[message.length - 1]); } }; @@ -2441,19 +2455,19 @@ /** * Mode base "class". */ - var Mode = C_mode.Mode = function(padding) { + var Mode = C_mode.Mode = function (padding) { if (padding) { this._padding = padding; } }; Mode.prototype = { - encrypt: function(cipher, m, iv) { + encrypt: function (cipher, m, iv) { this._padding.pad(cipher, m); this._doEncrypt(cipher, m, iv); }, - decrypt: function(cipher, m, iv) { + decrypt: function (cipher, m, iv) { this._doDecrypt(cipher, m, iv); this._padding.unpad(cipher, m); }, @@ -2470,7 +2484,7 @@ * * ECB does not require an initialization vector. */ - var ECB = C_mode.ECB = function() { + var ECB = C_mode.ECB = function () { // Call parent constructor Mode.apply(this, arguments); }; @@ -2479,14 +2493,14 @@ var ECB_prototype = ECB.prototype = new Mode; // Concrete steps for Mode template - ECB_prototype._doEncrypt = function(cipher, m, iv) { + ECB_prototype._doEncrypt = function (cipher, m, iv) { var blockSizeInBytes = cipher._blocksize * 4; // Encrypt each block for (var offset = 0; offset < m.length; offset += blockSizeInBytes) { cipher._encryptblock(m, offset); } }; - ECB_prototype._doDecrypt = function(cipher, c, iv) { + ECB_prototype._doDecrypt = function (cipher, c, iv) { var blockSizeInBytes = cipher._blocksize * 4; // Decrypt each block for (var offset = 0; offset < c.length; offset += blockSizeInBytes) { @@ -2495,7 +2509,7 @@ }; // ECB never uses an IV - ECB_prototype.fixOptions = function(options) { + ECB_prototype.fixOptions = function (options) { options.iv = []; }; @@ -2506,7 +2520,7 @@ * The first block is XORed with the IV. Subsequent blocks are XOR with the * previous cipher output. */ - var CBC = C_mode.CBC = function() { + var CBC = C_mode.CBC = function () { // Call parent constructor Mode.apply(this, arguments); }; @@ -2515,7 +2529,7 @@ var CBC_prototype = CBC.prototype = new Mode; // Concrete steps for Mode template - CBC_prototype._doEncrypt = function(cipher, m, iv) { + CBC_prototype._doEncrypt = function (cipher, m, iv) { var blockSizeInBytes = cipher._blocksize * 4; // Encrypt each block @@ -2533,7 +2547,7 @@ cipher._encryptblock(m, offset); } }; - CBC_prototype._doDecrypt = function(cipher, c, iv) { + CBC_prototype._doDecrypt = function (cipher, c, iv) { var blockSizeInBytes = cipher._blocksize * 4; // At the start, the previously crypted block is the IV @@ -2563,7 +2577,7 @@ * * This is a stream cipher mode and does not require padding. */ - var CFB = C_mode.CFB = function() { + var CFB = C_mode.CFB = function () { // Call parent constructor Mode.apply(this, arguments); }; @@ -2575,7 +2589,7 @@ CFB_prototype._padding = C_pad.NoPadding; // Concrete steps for Mode template - CFB_prototype._doEncrypt = function(cipher, m, iv) { + CFB_prototype._doEncrypt = function (cipher, m, iv) { var blockSizeInBytes = cipher._blocksize * 4, keystream = iv.slice(0); @@ -2589,7 +2603,7 @@ keystream[j] = m[i]; } }; - CFB_prototype._doDecrypt = function(cipher, c, iv) { + CFB_prototype._doDecrypt = function (cipher, c, iv) { var blockSizeInBytes = cipher._blocksize * 4, keystream = iv.slice(0); @@ -2614,7 +2628,7 @@ * * This is a stream cipher mode and does not require padding. */ - var OFB = C_mode.OFB = function() { + var OFB = C_mode.OFB = function () { // Call parent constructor Mode.apply(this, arguments); }; @@ -2626,7 +2640,7 @@ OFB_prototype._padding = C_pad.NoPadding; // Concrete steps for Mode template - OFB_prototype._doEncrypt = function(cipher, m, iv) { + OFB_prototype._doEncrypt = function (cipher, m, iv) { var blockSizeInBytes = cipher._blocksize * 4, keystream = iv.slice(0); @@ -2654,7 +2668,7 @@ * * This is a stream cipher mode and does not require padding. */ - var CTR = C_mode.CTR = function() { + var CTR = C_mode.CTR = function () { // Call parent constructor Mode.apply(this, arguments); }; @@ -2665,7 +2679,7 @@ // Override padding CTR_prototype._padding = C_pad.NoPadding; - CTR_prototype._doEncrypt = function(cipher, m, iv) { + CTR_prototype._doEncrypt = function (cipher, m, iv) { var blockSizeInBytes = cipher._blocksize * 4; var counter = iv.slice(0); @@ -2704,7 +2718,7 @@ * Copyright (c) 2009-2013, Jeff Mott. All rights reserved. * http://code.google.com/p/crypto-js/wiki/License */ - (function() { + (function () { // Shortcuts var C = Crypto, @@ -2713,7 +2727,7 @@ UTF8 = charenc.UTF8, Binary = charenc.Binary; - C.PBKDF2 = function(password, salt, keylen, options) { + C.PBKDF2 = function (password, salt, keylen, options) { // Convert to byte arrays if (password.constructor == String) password = UTF8.stringToBytes(password); @@ -2749,7 +2763,7 @@ return options && options.asBytes ? derivedKeyBytes : options && options.asString ? Binary.bytesToString(derivedKeyBytes) : - util.bytesToHex(derivedKeyBytes); + util.bytesToHex(derivedKeyBytes); }; @@ -2777,7 +2791,7 @@ * THE SOFTWARE. */ // https://github.com/cheongwy/node-scrypt-js - (function() { + (function () { var MAX_VALUE = 2147483647; var workerUrl = null; @@ -2789,7 +2803,7 @@ * p = parallelization cost * */ - GLOBAL.Crypto_scrypt = function(passwd, salt, N, r, p, dkLen, callback) { + GLOBAL.Crypto_scrypt = function (passwd, salt, N, r, p, dkLen, callback) { if (N == 0 || (N & (N - 1)) != 0) throw Error("N must be > 0 and a power of 2"); if (N > MAX_VALUE / 128 / r) throw Error("Parameter N is too large"); @@ -2806,7 +2820,7 @@ try { var i = 0; var worksDone = 0; - var makeWorker = function() { + var makeWorker = function () { if (!workerUrl) { var code = '(' + scryptCore.toString() + ')()'; var blob; @@ -2825,7 +2839,7 @@ workerUrl = URL.createObjectURL(blob); } var worker = new Worker(workerUrl); - worker.onmessage = function(event) { + worker.onmessage = function (event) { var Bi = event.data[0], Bslice = event.data[1]; worksDone++; @@ -2853,7 +2867,7 @@ workers[1].postMessage([N, r, p, B, i++]); } } catch (e) { - GLOBAL.setTimeout(function() { + GLOBAL.setTimeout(function () { scryptCore(); callback(Crypto.PBKDF2(passwd, B, dkLen, PBKDF2_opts)); }, 0); @@ -2865,7 +2879,7 @@ V = []; if (typeof B === 'undefined') { - onmessage = function(event) { + onmessage = function (event) { var data = event.data; var N = data[0], r = data[1], @@ -3137,7 +3151,7 @@ * Copyright (c) 2009-2013, Jeff Mott. All rights reserved. * http://code.google.com/p/crypto-js/wiki/License */ - (function() { + (function () { // Shortcuts var C = Crypto, @@ -3216,11 +3230,11 @@ // Inner state var state = [ - [], - [], - [], - [] - ], + [], + [], + [], + [] + ], keylength, nrounds, keyschedule; @@ -3231,7 +3245,7 @@ * Public API */ - encrypt: function(message, password, options) { + encrypt: function (message, password, options) { options = options || {}; @@ -3246,8 +3260,8 @@ // Convert to bytes if message is a string m = ( message.constructor == String ? - UTF8.stringToBytes(message) : - message + UTF8.stringToBytes(message) : + message ), // Generate random IV @@ -3256,12 +3270,12 @@ // Generate key k = ( password.constructor == String ? - // Derive key from pass-phrase - C.PBKDF2(password, iv, 32, { - asBytes: true - }) : - // else, assume byte array representing cryptographic key - password + // Derive key from pass-phrase + C.PBKDF2(password, iv, 32, { + asBytes: true + }) : + // else, assume byte array representing cryptographic key + password ); // Encrypt @@ -3274,7 +3288,7 @@ }, - decrypt: function(ciphertext, password, options) { + decrypt: function (ciphertext, password, options) { options = options || {}; @@ -3289,8 +3303,8 @@ // Convert to bytes if ciphertext is a string c = ( ciphertext.constructor == String ? - util.base64ToBytes(ciphertext) : - ciphertext + util.base64ToBytes(ciphertext) : + ciphertext ), // Separate IV and message @@ -3299,12 +3313,12 @@ // Generate key k = ( password.constructor == String ? - // Derive key from pass-phrase - C.PBKDF2(password, iv, 32, { - asBytes: true - }) : - // else, assume byte array representing cryptographic key - password + // Derive key from pass-phrase + C.PBKDF2(password, iv, 32, { + asBytes: true + }) : + // else, assume byte array representing cryptographic key + password ); // Decrypt @@ -3323,7 +3337,7 @@ _blocksize: 4, - _encryptblock: function(m, offset) { + _encryptblock: function (m, offset) { // Set input for (var row = 0; row < AES._blocksize; row++) { @@ -3400,7 +3414,7 @@ }, - _decryptblock: function(c, offset) { + _decryptblock: function (c, offset) { // Set input for (var row = 0; row < AES._blocksize; row++) { @@ -3482,14 +3496,14 @@ * Private methods */ - _init: function(k) { + _init: function (k) { keylength = k.length / 4; nrounds = keylength + 6; AES._keyexpansion(k); }, // Generate a key schedule - _keyexpansion: function(k) { + _keyexpansion: function (k) { keyschedule = []; @@ -3553,7 +3567,7 @@ * Copyright (c) 2000 - 2011 The Legion Of The Bouncy Castle (http://www.bouncycastle.org) * Ported to JavaScript by bitaddress.org */ - ec.FieldElementFp.fastLucasSequence = function(p, P, Q, k) { + ec.FieldElementFp.fastLucasSequence = function (p, P, Q, k) { // TODO Research and apply "common-multiplicand multiplication here" var n = k.bitLength(); @@ -3596,7 +3610,7 @@ // ---------------- // ECPointFp constructor - ec.PointFp = function(curve, x, y, z, compressed) { + ec.PointFp = function (curve, x, y, z, compressed) { this.curve = curve; this.x = x; this.y = y; @@ -3612,7 +3626,7 @@ this.compressed = !!compressed; }; - ec.PointFp.prototype.getX = function() { + ec.PointFp.prototype.getX = function () { if (this.zinv == null) { this.zinv = this.z.modInverse(this.curve.q); } @@ -3621,7 +3635,7 @@ return this.curve.fromBigInteger(r); }; - ec.PointFp.prototype.getY = function() { + ec.PointFp.prototype.getY = function () { if (this.zinv == null) { this.zinv = this.z.modInverse(this.curve.q); } @@ -3630,7 +3644,7 @@ return this.curve.fromBigInteger(r); }; - ec.PointFp.prototype.equals = function(other) { + ec.PointFp.prototype.equals = function (other) { if (other == this) return true; if (this.isInfinity()) return other.isInfinity(); if (other.isInfinity()) return this.isInfinity(); @@ -3645,16 +3659,16 @@ return v.equals(BigInteger.ZERO); }; - ec.PointFp.prototype.isInfinity = function() { + ec.PointFp.prototype.isInfinity = function () { if ((this.x == null) && (this.y == null)) return true; return this.z.equals(BigInteger.ZERO) && !this.y.toBigInteger().equals(BigInteger.ZERO); }; - ec.PointFp.prototype.negate = function() { + ec.PointFp.prototype.negate = function () { return new ec.PointFp(this.curve, this.x, this.y.negate(), this.z); }; - ec.PointFp.prototype.add = function(b) { + ec.PointFp.prototype.add = function (b) { if (this.isInfinity()) return b; if (b.isInfinity()) return this; @@ -3696,7 +3710,7 @@ z3); }; - ec.PointFp.prototype.twice = function() { + ec.PointFp.prototype.twice = function () { if (this.isInfinity()) return this; if (this.y.toBigInteger().signum() == 0) return this.curve.getInfinity(); @@ -3731,7 +3745,7 @@ // Simple NAF (Non-Adjacent Form) multiplication algorithm // TODO: modularize the multiplication algorithm - ec.PointFp.prototype.multiply = function(k) { + ec.PointFp.prototype.multiply = function (k) { if (this.isInfinity()) return this; if (k.signum() == 0) return this.curve.getInfinity(); @@ -3757,7 +3771,7 @@ }; // Compute this*j + x*k (simultaneous multiplication) - ec.PointFp.prototype.multiplyTwo = function(j, x, k) { + ec.PointFp.prototype.multiplyTwo = function (j, x, k) { var i; if (j.bitLength() > k.bitLength()) i = j.bitLength() - 1; @@ -3787,7 +3801,7 @@ // patched by bitaddress.org and Casascius for use with Bitcoin.ECKey // patched by coretechs to support compressed public keys - ec.PointFp.prototype.getEncoded = function(compressed) { + ec.PointFp.prototype.getEncoded = function (compressed) { var x = this.getX().toBigInteger(); var y = this.getY().toBigInteger(); var len = 32; // integerToBytes will zero pad if integer is less than 32 bytes. 32 bytes length is required by the Bitcoin protocol. @@ -3807,7 +3821,7 @@ return enc; }; - ec.PointFp.decodeFrom = function(curve, enc) { + ec.PointFp.decodeFrom = function (curve, enc) { var type = enc[0]; var dataLen = enc.length - 1; @@ -3827,7 +3841,7 @@ return new ec.PointFp(curve, curve.fromBigInteger(x), curve.fromBigInteger(y)); }; - ec.PointFp.prototype.add2D = function(b) { + ec.PointFp.prototype.add2D = function (b) { if (this.isInfinity()) return b; if (b.isInfinity()) return this; @@ -3850,7 +3864,7 @@ return new ec.PointFp(this.curve, x3, y3); }; - ec.PointFp.prototype.twice2D = function() { + ec.PointFp.prototype.twice2D = function () { if (this.isInfinity()) return this; if (this.y.toBigInteger().signum() == 0) { // if y1 == 0, then (x1, y1) == (x1, -y1) @@ -3868,7 +3882,7 @@ return new ec.PointFp(this.curve, x3, y3); }; - ec.PointFp.prototype.multiply2D = function(k) { + ec.PointFp.prototype.multiply2D = function (k) { if (this.isInfinity()) return this; if (k.signum() == 0) return this.curve.getInfinity(); @@ -3893,7 +3907,7 @@ return R; }; - ec.PointFp.prototype.isOnCurve = function() { + ec.PointFp.prototype.isOnCurve = function () { var x = this.getX().toBigInteger(); var y = this.getY().toBigInteger(); var a = this.curve.getA().toBigInteger(); @@ -3904,7 +3918,7 @@ return lhs.equals(rhs); }; - ec.PointFp.prototype.toString = function() { + ec.PointFp.prototype.toString = function () { return '(' + this.getX().toBigInteger().toString() + ',' + this.getY().toBigInteger().toString() + ')'; }; @@ -3914,7 +3928,7 @@ * * See SEC 1, section 3.2.2.1: Elliptic Curve Public Key Validation Primitive */ - ec.PointFp.prototype.validate = function() { + ec.PointFp.prototype.validate = function () { var n = this.curve.getQ(); // Check Q != O @@ -3951,7 +3965,7 @@ // ---------------- // ECCurveFp constructor - ec.CurveFp = function(q, a, b) { + ec.CurveFp = function (q, a, b) { this.q = q; this.a = this.fromBigInteger(a); this.b = this.fromBigInteger(b); @@ -3959,38 +3973,38 @@ this.reducer = new Barrett(this.q); } - ec.CurveFp.prototype.getQ = function() { + ec.CurveFp.prototype.getQ = function () { return this.q; }; - ec.CurveFp.prototype.getA = function() { + ec.CurveFp.prototype.getA = function () { return this.a; }; - ec.CurveFp.prototype.getB = function() { + ec.CurveFp.prototype.getB = function () { return this.b; }; - ec.CurveFp.prototype.equals = function(other) { + ec.CurveFp.prototype.equals = function (other) { if (other == this) return true; return (this.q.equals(other.q) && this.a.equals(other.a) && this.b.equals(other.b)); }; - ec.CurveFp.prototype.getInfinity = function() { + ec.CurveFp.prototype.getInfinity = function () { return this.infinity; }; - ec.CurveFp.prototype.fromBigInteger = function(x) { + ec.CurveFp.prototype.fromBigInteger = function (x) { return new ec.FieldElementFp(this.q, x); }; - ec.CurveFp.prototype.reduce = function(x) { + ec.CurveFp.prototype.reduce = function (x) { this.reducer.reduce(x); }; // for now, work with hex strings because they're easier in JS // compressed support added by bitaddress.org - ec.CurveFp.prototype.decodePointHex = function(s) { + ec.CurveFp.prototype.decodePointHex = function (s) { var firstByte = parseInt(s.substr(0, 2), 16); switch (firstByte) { // first byte case 0: @@ -4017,7 +4031,7 @@ } }; - ec.CurveFp.prototype.encodePointHex = function(p) { + ec.CurveFp.prototype.encodePointHex = function (p) { if (p.isInfinity()) return "00"; var xHex = p.getX().toBigInteger().toString(16); var yHex = p.getY().toBigInteger().toString(16); @@ -4039,7 +4053,7 @@ * Number yTilde * BigInteger X1 */ - ec.CurveFp.prototype.decompressPoint = function(yTilde, X1) { + ec.CurveFp.prototype.decompressPoint = function (yTilde, X1) { var x = this.fromBigInteger(X1); var alpha = x.multiply(x.square().add(this.getA())).add(this.getB()); var beta = alpha.sqrt(); @@ -4055,11 +4069,11 @@ }; - ec.fromHex = function(s) { + ec.fromHex = function (s) { return new BigInteger(s, 16); }; - ec.integerToBytes = function(i, len) { + ec.integerToBytes = function (i, len) { var bytes = i.toByteArrayUnsigned(); if (len < bytes.length) { bytes = bytes.slice(bytes.length - len); @@ -4074,29 +4088,29 @@ // Named EC curves // ---------------- // X9ECParameters constructor - ec.X9Parameters = function(curve, g, n, h) { + ec.X9Parameters = function (curve, g, n, h) { this.curve = curve; this.g = g; this.n = n; this.h = h; } - ec.X9Parameters.prototype.getCurve = function() { + ec.X9Parameters.prototype.getCurve = function () { return this.curve; }; - ec.X9Parameters.prototype.getG = function() { + ec.X9Parameters.prototype.getG = function () { return this.g; }; - ec.X9Parameters.prototype.getN = function() { + ec.X9Parameters.prototype.getN = function () { return this.n; }; - ec.X9Parameters.prototype.getH = function() { + ec.X9Parameters.prototype.getH = function () { return this.h; }; // secp256k1 is the Curve used by Bitcoin ec.secNamedCurves = { // used by Bitcoin - "secp256k1": function() { + "secp256k1": function () { // p = 2^256 - 2^32 - 2^9 - 2^8 - 2^7 - 2^6 - 2^4 - 1 var p = ec.fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F"); var a = BigInteger.ZERO; @@ -4112,10 +4126,2874 @@ }; // secp256k1 called by Bitcoin's ECKEY - ec.getSECCurveByName = function(name) { + ec.getSECCurveByName = function (name) { if (ec.secNamedCurves[name] == undefined) return null; return ec.secNamedCurves[name](); } })(); + //sha512.js + (function () { + /* + A JavaScript implementation of the SHA family of hashes, as defined in FIPS + PUB 180-2 as well as the corresponding HMAC implementation as defined in + FIPS PUB 198a + + Copyright Brian Turek 2008-2012 + Distributed under the BSD License + See http://caligatio.github.com/jsSHA/ for more information + + Several functions taken from Paul Johnson + */ + function n(a) { + throw a; + } + var q = null; + + function s(a, b) { + this.a = a; + this.b = b + } + + function u(a, b) { + var d = [], + h = (1 << b) - 1, + f = a.length * b, + g; + for (g = 0; g < f; g += b) d[g >>> 5] |= (a.charCodeAt(g / b) & h) << 32 - b - g % 32; + return { + value: d, + binLen: f + } + } + + function x(a) { + var b = [], + d = a.length, + h, f; + 0 !== d % 2 && n("String of HEX type must be in byte increments"); + for (h = 0; h < d; h += 2) f = parseInt(a.substr(h, 2), 16), isNaN(f) && n("String of HEX type contains invalid characters"), b[h >>> 3] |= f << 24 - 4 * (h % 8); + return { + value: b, + binLen: 4 * d + } + } + + function B(a) { + var b = [], + d = 0, + h, f, g, k, m; - 1 === a.search(/^[a-zA-Z0-9=+\/]+$/) && n("Invalid character in base-64 string"); + h = a.indexOf("="); + a = a.replace(/\=/g, ""); - 1 !== h && h < a.length && n("Invalid '=' found in base-64 string"); + for (f = 0; f < a.length; f += 4) { + m = a.substr(f, 4); + for (g = k = 0; g < m.length; g += 1) h = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/".indexOf(m[g]), k |= h << 18 - 6 * g; + for (g = 0; g < m.length - 1; g += 1) b[d >> 2] |= (k >>> 16 - 8 * g & 255) << 24 - 8 * (d % 4), d += 1 + } + return { + value: b, + binLen: 8 * d + } + } + + function E(a, b) { + var d = "", + h = 4 * a.length, + f, g; + for (f = 0; f < h; f += 1) g = a[f >>> 2] >>> 8 * (3 - f % 4), d += "0123456789abcdef".charAt(g >>> 4 & 15) + "0123456789abcdef".charAt(g & 15); + return b.outputUpper ? d.toUpperCase() : d + } + + function F(a, b) { + var d = "", + h = 4 * a.length, + f, g, k; + for (f = 0; f < h; f += 3) { + k = (a[f >>> 2] >>> 8 * (3 - f % 4) & 255) << 16 | (a[f + 1 >>> 2] >>> 8 * (3 - (f + 1) % 4) & 255) << 8 | a[f + 2 >>> 2] >>> 8 * (3 - (f + 2) % 4) & 255; + for (g = 0; 4 > g; g += 1) d = 8 * f + 6 * g <= 32 * a.length ? d + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/".charAt(k >>> 6 * (3 - g) & 63) : d + b.b64Pad + } + return d + } + + function G(a) { + var b = { + outputUpper: !1, + b64Pad: "=" + }; + try { + a.hasOwnProperty("outputUpper") && (b.outputUpper = a.outputUpper), a.hasOwnProperty("b64Pad") && (b.b64Pad = a.b64Pad) + } catch (d) { } + "boolean" !== typeof b.outputUpper && n("Invalid outputUpper formatting option"); + "string" !== typeof b.b64Pad && n("Invalid b64Pad formatting option"); + return b + } + + function H(a, b) { + var d = q, + d = new s(a.a, a.b); + return d = 32 >= b ? new s(d.a >>> b | d.b << 32 - b & 4294967295, d.b >>> b | d.a << 32 - b & 4294967295) : new s(d.b >>> b - 32 | d.a << 64 - b & 4294967295, d.a >>> b - 32 | d.b << 64 - b & 4294967295) + } + + function I(a, b) { + var d = q; + return d = 32 >= b ? new s(a.a >>> b, a.b >>> b | a.a << 32 - b & 4294967295) : new s(0, a.a >>> b - 32) + } + + function J(a, b, d) { + return new s(a.a & b.a ^ ~a.a & d.a, a.b & b.b ^ ~a.b & d.b) + } + + function U(a, b, d) { + return new s(a.a & b.a ^ a.a & d.a ^ b.a & d.a, a.b & b.b ^ a.b & d.b ^ b.b & d.b) + } + + function V(a) { + var b = H(a, 28), + d = H(a, 34); + a = H(a, 39); + return new s(b.a ^ d.a ^ a.a, b.b ^ d.b ^ a.b) + } + + function W(a) { + var b = H(a, 14), + d = H(a, 18); + a = H(a, 41); + return new s(b.a ^ d.a ^ a.a, b.b ^ d.b ^ a.b) + } + + function X(a) { + var b = H(a, 1), + d = H(a, 8); + a = I(a, 7); + return new s(b.a ^ d.a ^ a.a, b.b ^ d.b ^ a.b) + } + + function Y(a) { + var b = H(a, 19), + d = H(a, 61); + a = I(a, 6); + return new s(b.a ^ d.a ^ a.a, b.b ^ d.b ^ a.b) + } + + function Z(a, b) { + var d, h, f; + d = (a.b & 65535) + (b.b & 65535); + h = (a.b >>> 16) + (b.b >>> 16) + (d >>> 16); + f = (h & 65535) << 16 | d & 65535; + d = (a.a & 65535) + (b.a & 65535) + (h >>> 16); + h = (a.a >>> 16) + (b.a >>> 16) + (d >>> 16); + return new s((h & 65535) << 16 | d & 65535, f) + } + + function aa(a, b, d, h) { + var f, g, k; + f = (a.b & 65535) + (b.b & 65535) + (d.b & 65535) + (h.b & 65535); + g = (a.b >>> 16) + (b.b >>> 16) + (d.b >>> 16) + (h.b >>> 16) + (f >>> 16); + k = (g & 65535) << 16 | f & 65535; + f = (a.a & 65535) + (b.a & 65535) + (d.a & 65535) + (h.a & 65535) + (g >>> 16); + g = (a.a >>> 16) + (b.a >>> 16) + (d.a >>> 16) + (h.a >>> 16) + (f >>> 16); + return new s((g & 65535) << 16 | f & 65535, k) + } + + function ba(a, b, d, h, f) { + var g, k, m; + g = (a.b & 65535) + (b.b & 65535) + (d.b & 65535) + (h.b & 65535) + (f.b & 65535); + k = (a.b >>> 16) + (b.b >>> 16) + (d.b >>> 16) + (h.b >>> 16) + (f.b >>> 16) + (g >>> 16); + m = (k & 65535) << 16 | g & 65535; + g = (a.a & 65535) + (b.a & 65535) + (d.a & 65535) + (h.a & 65535) + (f.a & 65535) + (k >>> 16); + k = (a.a >>> 16) + (b.a >>> 16) + (d.a >>> 16) + (h.a >>> 16) + (f.a >>> 16) + (g >>> 16); + return new s((k & 65535) << 16 | g & 65535, m) + } + + function $(a, b, d) { + var h, f, g, k, m, j, A, C, K, e, L, v, l, M, t, p, y, z, r, N, O, P, Q, R, c, S, w = [], + T, D; + "SHA-384" === d || "SHA-512" === d ? (L = 80, h = (b + 128 >>> 10 << 5) + 31, M = 32, t = 2, c = s, p = Z, y = aa, z = ba, r = X, N = Y, O = V, P = W, R = U, Q = J, S = [new c(1116352408, 3609767458), new c(1899447441, 602891725), new c(3049323471, 3964484399), new c(3921009573, 2173295548), new c(961987163, 4081628472), new c(1508970993, 3053834265), new c(2453635748, 2937671579), new c(2870763221, 3664609560), new c(3624381080, 2734883394), new c(310598401, 1164996542), new c(607225278, 1323610764), + new c(1426881987, 3590304994), new c(1925078388, 4068182383), new c(2162078206, 991336113), new c(2614888103, 633803317), new c(3248222580, 3479774868), new c(3835390401, 2666613458), new c(4022224774, 944711139), new c(264347078, 2341262773), new c(604807628, 2007800933), new c(770255983, 1495990901), new c(1249150122, 1856431235), new c(1555081692, 3175218132), new c(1996064986, 2198950837), new c(2554220882, 3999719339), new c(2821834349, 766784016), new c(2952996808, 2566594879), new c(3210313671, 3203337956), new c(3336571891, + 1034457026), new c(3584528711, 2466948901), new c(113926993, 3758326383), new c(338241895, 168717936), new c(666307205, 1188179964), new c(773529912, 1546045734), new c(1294757372, 1522805485), new c(1396182291, 2643833823), new c(1695183700, 2343527390), new c(1986661051, 1014477480), new c(2177026350, 1206759142), new c(2456956037, 344077627), new c(2730485921, 1290863460), new c(2820302411, 3158454273), new c(3259730800, 3505952657), new c(3345764771, 106217008), new c(3516065817, 3606008344), new c(3600352804, 1432725776), new c(4094571909, + 1467031594), new c(275423344, 851169720), new c(430227734, 3100823752), new c(506948616, 1363258195), new c(659060556, 3750685593), new c(883997877, 3785050280), new c(958139571, 3318307427), new c(1322822218, 3812723403), new c(1537002063, 2003034995), new c(1747873779, 3602036899), new c(1955562222, 1575990012), new c(2024104815, 1125592928), new c(2227730452, 2716904306), new c(2361852424, 442776044), new c(2428436474, 593698344), new c(2756734187, 3733110249), new c(3204031479, 2999351573), new c(3329325298, 3815920427), new c(3391569614, + 3928383900), new c(3515267271, 566280711), new c(3940187606, 3454069534), new c(4118630271, 4000239992), new c(116418474, 1914138554), new c(174292421, 2731055270), new c(289380356, 3203993006), new c(460393269, 320620315), new c(685471733, 587496836), new c(852142971, 1086792851), new c(1017036298, 365543100), new c(1126000580, 2618297676), new c(1288033470, 3409855158), new c(1501505948, 4234509866), new c(1607167915, 987167468), new c(1816402316, 1246189591) + ], e = "SHA-384" === d ? [new c(3418070365, 3238371032), new c(1654270250, 914150663), + new c(2438529370, 812702999), new c(355462360, 4144912697), new c(1731405415, 4290775857), new c(41048885895, 1750603025), new c(3675008525, 1694076839), new c(1203062813, 3204075428) + ] : [new c(1779033703, 4089235720), new c(3144134277, 2227873595), new c(1013904242, 4271175723), new c(2773480762, 1595750129), new c(1359893119, 2917565137), new c(2600822924, 725511199), new c(528734635, 4215389547), new c(1541459225, 327033209)]) : n("Unexpected error in SHA-2 implementation"); + a[b >>> 5] |= 128 << 24 - b % 32; + a[h] = b; + T = a.length; + for (v = 0; v < + T; v += M) { + b = e[0]; + h = e[1]; + f = e[2]; + g = e[3]; + k = e[4]; + m = e[5]; + j = e[6]; + A = e[7]; + for (l = 0; l < L; l += 1) w[l] = 16 > l ? new c(a[l * t + v], a[l * t + v + 1]) : y(N(w[l - 2]), w[l - 7], r(w[l - 15]), w[l - 16]), C = z(A, P(k), Q(k, m, j), S[l], w[l]), K = p(O(b), R(b, h, f)), A = j, j = m, m = k, k = p(g, C), g = f, f = h, h = b, b = p(C, K); + e[0] = p(b, e[0]); + e[1] = p(h, e[1]); + e[2] = p(f, e[2]); + e[3] = p(g, e[3]); + e[4] = p(k, e[4]); + e[5] = p(m, e[5]); + e[6] = p(j, e[6]); + e[7] = p(A, e[7]) + } + "SHA-384" === d ? D = [e[0].a, e[0].b, e[1].a, e[1].b, e[2].a, e[2].b, e[3].a, e[3].b, e[4].a, e[4].b, e[5].a, e[5].b] : "SHA-512" === d ? D = [e[0].a, e[0].b, + e[1].a, e[1].b, e[2].a, e[2].b, e[3].a, e[3].b, e[4].a, e[4].b, e[5].a, e[5].b, e[6].a, e[6].b, e[7].a, e[7].b + ] : n("Unexpected error in SHA-2 implementation"); + return D + } + GLOBAL.jsSHA = function (a, b, d) { + var h = q, + f = q, + g = 0, + k = [0], + m = 0, + j = q, + m = "undefined" !== typeof d ? d : 8; + 8 === m || 16 === m || n("charSize must be 8 or 16"); + "HEX" === b ? (0 !== a.length % 2 && n("srcString of HEX type must be in byte increments"), j = x(a), g = j.binLen, k = j.value) : "ASCII" === b || "TEXT" === b ? (j = u(a, m), g = j.binLen, k = j.value) : "B64" === b ? (j = B(a), g = j.binLen, k = j.value) : n("inputFormat must be HEX, TEXT, ASCII, or B64"); + this.getHash = function (a, b, d) { + var e = q, + m = k.slice(), + j = ""; + switch (b) { + case "HEX": + e = E; + break; + case "B64": + e = F; + break; + default: + n("format must be HEX or B64") + } + "SHA-384" === + a ? (q === h && (h = $(m, g, a)), j = e(h, G(d))) : "SHA-512" === a ? (q === f && (f = $(m, g, a)), j = e(f, G(d))) : n("Chosen SHA variant is not supported"); + return j + }; + this.getHMAC = function (a, b, d, e, f) { + var h, l, j, t, p, y = [], + z = [], + r = q; + switch (e) { + case "HEX": + h = E; + break; + case "B64": + h = F; + break; + default: + n("outputFormat must be HEX or B64") + } + "SHA-384" === d ? (j = 128, p = 384) : "SHA-512" === d ? (j = 128, p = 512) : n("Chosen SHA variant is not supported"); + "HEX" === b ? (r = x(a), t = r.binLen, l = r.value) : "ASCII" === b || "TEXT" === b ? (r = u(a, m), t = r.binLen, l = r.value) : "B64" === b ? (r = B(a), + t = r.binLen, l = r.value) : n("inputFormat must be HEX, TEXT, ASCII, or B64"); + a = 8 * j; + b = j / 4 - 1; + j < t / 8 ? (l = $(l, t, d), l[b] &= 4294967040) : j > t / 8 && (l[b] &= 4294967040); + for (j = 0; j <= b; j += 1) y[j] = l[j] ^ 909522486, z[j] = l[j] ^ 1549556828; + d = $(z.concat($(y.concat(k), a + g, d)), a + p, d); + return h(d, G(f)) + } + }; + })(); + + //coin.js + (function () { + /* + Coinjs 0.01 beta by OutCast3k{at}gmail.com + A bitcoin framework. + http://github.com/OutCast3k/coinjs or http://coinb.in/coinjs + */ + var coinjs = GLOBAL.coinjs = function () { }; + + /* public vars */ + coinjs.pub = 0x00; + coinjs.priv = 0x80; + coinjs.multisig = 0x05; + coinjs.hdkey = { + 'prv': 0x0488ade4, + 'pub': 0x0488b21e + }; + coinjs.bech32 = { + 'charset': 'qpzry9x8gf2tvdw0s3jn54khce6mua7l', + 'version': 0, + 'hrp': 'bc' + }; + + coinjs.compressed = false; + + /* other vars */ + coinjs.developer = '33tht1bKDgZVxb39MnZsWa8oxHXHvUYE4G'; //bitcoin + + /* bit(coinb.in) api vars + coinjs.hostname = ((document.location.hostname.split(".")[(document.location.hostname.split(".")).length - 1]) == 'onion') ? 'coinbin3ravkwb24f7rmxx6w3snkjw45jhs5lxbh3yfeg3vpt6janwqd.onion' : 'coinb.in'; + coinjs.host = ('https:' == document.location.protocol ? 'https://' : 'http://') + coinjs.hostname + '/api/'; + coinjs.uid = '1'; + coinjs.key = '12345678901234567890123456789012'; + */ + + /* start of address functions */ + + /* generate a private and public keypair, with address and WIF address */ + coinjs.newKeys = function (input) { + var privkey = (input) ? Crypto.SHA256(input) : this.newPrivkey(); + var pubkey = this.newPubkey(privkey); + return { + 'privkey': privkey, + 'pubkey': pubkey, + 'address': this.pubkey2address(pubkey), + 'wif': this.privkey2wif(privkey), + 'compressed': this.compressed + }; + } + + /* generate a new random private key */ + coinjs.newPrivkey = function () { + var x = GLOBAL.location; + x += (GLOBAL.screen.height * GLOBAL.screen.width * GLOBAL.screen.colorDepth); + x += coinjs.random(64); + x += (GLOBAL.screen.availHeight * GLOBAL.screen.availWidth * GLOBAL.screen.pixelDepth); + x += navigator.language; + x += GLOBAL.history.length; + x += coinjs.random(64); + x += navigator.userAgent; + x += 'coinb.in'; + x += (Crypto.util.randomBytes(64)).join(""); + x += x.length; + var dateObj = new Date(); + x += dateObj.getTimezoneOffset(); + x += coinjs.random(64); + x += (document.getElementById("entropybucket")) ? document.getElementById("entropybucket").innerHTML : ''; + x += x + '' + x; + var r = x; + for (let i = 0; i < (x).length / 25; i++) { + r = Crypto.SHA256(r.concat(x)); + } + var checkrBigInt = new BigInteger(r); + var orderBigInt = new BigInteger("fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141"); + while (checkrBigInt.compareTo(orderBigInt) >= 0 || checkrBigInt.equals(BigInteger.ZERO) || checkrBigInt.equals(BigInteger.ONE)) { + r = Crypto.SHA256(r.concat(x)); + checkrBigInt = new BigInteger(r); + } + return r; + } + + /* generate a public key from a private key */ + coinjs.newPubkey = function (hash) { + var privateKeyBigInt = BigInteger.fromByteArrayUnsigned(Crypto.util.hexToBytes(hash)); + var curve = EllipticCurve.getSECCurveByName("secp256k1"); + + var curvePt = curve.getG().multiply(privateKeyBigInt); + var x = curvePt.getX().toBigInteger(); + var y = curvePt.getY().toBigInteger(); + + var publicKeyBytes = EllipticCurve.integerToBytes(x, 32); + publicKeyBytes = publicKeyBytes.concat(EllipticCurve.integerToBytes(y, 32)); + publicKeyBytes.unshift(0x04); + + if (coinjs.compressed == true) { + var publicKeyBytesCompressed = EllipticCurve.integerToBytes(x, 32) + if (y.isEven()) { + publicKeyBytesCompressed.unshift(0x02) + } else { + publicKeyBytesCompressed.unshift(0x03) + } + return Crypto.util.bytesToHex(publicKeyBytesCompressed); + } else { + return Crypto.util.bytesToHex(publicKeyBytes); + } + } + + /* provide a public key and return address */ + coinjs.pubkey2address = function (h, byte) { + var r = ripemd160(Crypto.SHA256(Crypto.util.hexToBytes(h), { + asBytes: true + })); + r.unshift(byte || coinjs.pub); + var hash = Crypto.SHA256(Crypto.SHA256(r, { + asBytes: true + }), { + asBytes: true + }); + var checksum = hash.slice(0, 4); + return coinjs.base58encode(r.concat(checksum)); + } + + /* provide a scripthash and return address */ + coinjs.scripthash2address = function (h) { + var x = Crypto.util.hexToBytes(h); + x.unshift(coinjs.pub); + var r = x; + r = Crypto.SHA256(Crypto.SHA256(r, { + asBytes: true + }), { + asBytes: true + }); + var checksum = r.slice(0, 4); + return coinjs.base58encode(x.concat(checksum)); + } + + /* new multisig address, provide the pubkeys AND required signatures to release the funds */ + coinjs.pubkeys2MultisigAddress = function (pubkeys, required) { + var s = coinjs.script(); + s.writeOp(81 + (required * 1) - 1); //OP_1 + for (var i = 0; i < pubkeys.length; ++i) { + s.writeBytes(Crypto.util.hexToBytes(pubkeys[i])); + } + s.writeOp(81 + pubkeys.length - 1); //OP_1 + s.writeOp(174); //OP_CHECKMULTISIG + var x = ripemd160(Crypto.SHA256(s.buffer, { + asBytes: true + }), { + asBytes: true + }); + x.unshift(coinjs.multisig); + var r = x; + r = Crypto.SHA256(Crypto.SHA256(r, { + asBytes: true + }), { + asBytes: true + }); + var checksum = r.slice(0, 4); + var redeemScript = Crypto.util.bytesToHex(s.buffer); + var address = coinjs.base58encode(x.concat(checksum)); + + if (s.buffer.length > 520) { // too large + address = 'invalid'; + redeemScript = 'invalid'; + } + + return { + 'address': address, + 'redeemScript': redeemScript, + 'size': s.buffer.length + }; + } + + //Return a Bech32 address for the multisig. Format is same as above + coinjs.pubkeys2MultisigAddressBech32 = function (pubkeys, required) { + var r = coinjs.pubkeys2MultisigAddress(pubkeys, required); + var program = Crypto.SHA256(Crypto.util.hexToBytes(r.redeemScript), { + asBytes: true + }); + var address = coinjs.bech32_encode(coinjs.bech32.hrp, [coinjs.bech32.version].concat(coinjs.bech32_convert(program, 8, 5, true))); + return { + 'address': address, + 'redeemScript': r.redeemScript, + 'size': r.size + }; + } + + /* new time locked address, provide the pubkey and time necessary to unlock the funds. + when time is greater than 500000000, it should be a unix timestamp (seconds since epoch), + otherwise it should be the block height required before this transaction can be released. + + may throw a string on failure! + */ + coinjs.simpleHodlAddress = function (pubkey, checklocktimeverify) { + + if (checklocktimeverify < 0) { + throw "Parameter for OP_CHECKLOCKTIMEVERIFY is negative."; + } + + var s = coinjs.script(); + if (checklocktimeverify <= 16 && checklocktimeverify >= 1) { + s.writeOp(0x50 + checklocktimeverify); //OP_1 to OP_16 for minimal encoding + } else { + s.writeBytes(coinjs.numToScriptNumBytes(checklocktimeverify)); + } + s.writeOp(177); //OP_CHECKLOCKTIMEVERIFY + s.writeOp(117); //OP_DROP + s.writeBytes(Crypto.util.hexToBytes(pubkey)); + s.writeOp(172); //OP_CHECKSIG + + var x = ripemd160(Crypto.SHA256(s.buffer, { + asBytes: true + }), { + asBytes: true + }); + x.unshift(coinjs.multisig); + var r = x; + r = Crypto.SHA256(Crypto.SHA256(r, { + asBytes: true + }), { + asBytes: true + }); + var checksum = r.slice(0, 4); + var redeemScript = Crypto.util.bytesToHex(s.buffer); + var address = coinjs.base58encode(x.concat(checksum)); + + return { + 'address': address, + 'redeemScript': redeemScript + }; + } + + /* create a new segwit address */ + coinjs.segwitAddress = function (pubkey) { + var keyhash = [0x00, 0x14].concat(ripemd160(Crypto.SHA256(Crypto.util.hexToBytes(pubkey), { + asBytes: true + }), { + asBytes: true + })); + var x = ripemd160(Crypto.SHA256(keyhash, { + asBytes: true + }), { + asBytes: true + }); + x.unshift(coinjs.multisig); + var r = x; + r = Crypto.SHA256(Crypto.SHA256(r, { + asBytes: true + }), { + asBytes: true + }); + var checksum = r.slice(0, 4); + var address = coinjs.base58encode(x.concat(checksum)); + + return { + 'address': address, + 'type': 'segwit', + 'redeemscript': Crypto.util.bytesToHex(keyhash) + }; + } + + /* create a new segwit bech32 encoded address */ + coinjs.bech32Address = function (pubkey) { + var program = ripemd160(Crypto.SHA256(Crypto.util.hexToBytes(pubkey), { + asBytes: true + }), { + asBytes: true + }); + var address = coinjs.bech32_encode(coinjs.bech32.hrp, [coinjs.bech32.version].concat(coinjs.bech32_convert(program, 8, 5, true))); + return { + 'address': address, + 'type': 'bech32', + 'redeemscript': Crypto.util.bytesToHex(program) + }; + } + + coinjs.multisigBech32Address = function (raw_redeemscript) { + var program = Crypto.SHA256(Crypto.util.hexToBytes(raw_redeemscript), { + asBytes: true + }); + var address = coinjs.bech32_encode(coinjs.bech32.hrp, [coinjs.bech32.version].concat(coinjs.bech32_convert(program, 8, 5, true))); + return { + 'address': address, + 'type': 'multisigBech32', + 'redeemscript': Crypto.util.bytesToHex(program) + }; + } + + /* extract the redeemscript from a bech32 address */ + coinjs.bech32redeemscript = function (address) { + var r = false; + var decode = coinjs.bech32_decode(address); + if (decode) { + decode.data.shift(); + return Crypto.util.bytesToHex(coinjs.bech32_convert(decode.data, 5, 8, false)); + } + return r; + } + + /* provide a privkey and return an WIF */ + coinjs.privkey2wif = function (h) { + var r = Crypto.util.hexToBytes(h); + + if (coinjs.compressed == true) { + r.push(0x01); + } + + r.unshift(coinjs.priv); + var hash = Crypto.SHA256(Crypto.SHA256(r, { + asBytes: true + }), { + asBytes: true + }); + var checksum = hash.slice(0, 4); + + return coinjs.base58encode(r.concat(checksum)); + } + + /* convert a wif key back to a private key */ + coinjs.wif2privkey = function (wif) { + var compressed = false; + var decode = coinjs.base58decode(wif); + var key = decode.slice(0, decode.length - 4); + key = key.slice(1, key.length); + if (key.length >= 33 && key[key.length - 1] == 0x01) { + key = key.slice(0, key.length - 1); + compressed = true; + } + return { + 'privkey': Crypto.util.bytesToHex(key), + 'compressed': compressed + }; + } + + /* convert a wif to a pubkey */ + coinjs.wif2pubkey = function (wif) { + var compressed = coinjs.compressed; + var r = coinjs.wif2privkey(wif); + coinjs.compressed = r['compressed']; + var pubkey = coinjs.newPubkey(r['privkey']); + coinjs.compressed = compressed; + return { + 'pubkey': pubkey, + 'compressed': r['compressed'] + }; + } + + /* convert a wif to a address */ + coinjs.wif2address = function (wif) { + var r = coinjs.wif2pubkey(wif); + return { + 'address': coinjs.pubkey2address(r['pubkey']), + 'compressed': r['compressed'] + }; + } + + /* decode or validate an address and return the hash */ + coinjs.addressDecode = function (addr) { + try { + var bytes = coinjs.base58decode(addr); + var front = bytes.slice(0, bytes.length - 4); + var back = bytes.slice(bytes.length - 4); + var checksum = Crypto.SHA256(Crypto.SHA256(front, { + asBytes: true + }), { + asBytes: true + }).slice(0, 4); + if (checksum + "" == back + "") { + + var o = {}; + o.bytes = front.slice(1); + o.version = front[0]; + + if (o.version == coinjs.pub) { // standard address + o.type = 'standard'; + + } else if (o.version == coinjs.multisig) { // multisig address + o.type = 'multisig'; + + } else if (o.version == coinjs.multisigBech32) { // multisigBech32 added + o.type = 'multisigBech32'; + + } else if (o.version == coinjs.priv) { // wifkey + o.type = 'wifkey'; + + } else if (o.version == 42) { // stealth address + o.type = 'stealth'; + + o.option = front[1]; + if (o.option != 0) { + alert("Stealth Address option other than 0 is currently not supported!"); + return false; + }; + + o.scankey = Crypto.util.bytesToHex(front.slice(2, 35)); + o.n = front[35]; + + if (o.n > 1) { + alert("Stealth Multisig is currently not supported!"); + return false; + }; + + o.spendkey = Crypto.util.bytesToHex(front.slice(36, 69)); + o.m = front[69]; + o.prefixlen = front[70]; + + if (o.prefixlen > 0) { + alert("Stealth Address Prefixes are currently not supported!"); + return false; + }; + o.prefix = front.slice(71); + + } else { // everything else + o.type = 'other'; // address is still valid but unknown version + } + + return o; + } else { + throw "Invalid checksum"; + } + } catch (e) { + let bech32rs = coinjs.bech32redeemscript(addr); + if (bech32rs && bech32rs.length == 40) { + return { + 'type': 'bech32', + 'redeemscript': bech32rs + }; + } else if (bech32rs && bech32rs.length == 64) { + return { + 'type': 'multisigBech32', + 'redeemscript': bech32rs + }; + } else { + return false; + } + } + } + + /* retreive the balance from a given address */ + coinjs.addressBalance = function (address, callback) { + coinjs.ajax(coinjs.host + '?uid=' + coinjs.uid + '&key=' + coinjs.key + '&setmodule=addresses&request=bal&address=' + address + '&r=' + Math.random(), callback, "GET"); + } + + /* decompress an compressed public key */ + coinjs.pubkeydecompress = function (pubkey) { + if ((typeof (pubkey) == 'string') && pubkey.match(/^[a-f0-9]+$/i)) { + var curve = EllipticCurve.getSECCurveByName("secp256k1"); + try { + var pt = curve.curve.decodePointHex(pubkey); + var x = pt.getX().toBigInteger(); + var y = pt.getY().toBigInteger(); + + var publicKeyBytes = EllipticCurve.integerToBytes(x, 32); + publicKeyBytes = publicKeyBytes.concat(EllipticCurve.integerToBytes(y, 32)); + publicKeyBytes.unshift(0x04); + return Crypto.util.bytesToHex(publicKeyBytes); + } catch (e) { + // console.log(e); + return false; + } + } + return false; + } + + coinjs.bech32_polymod = function (values) { + var chk = 1; + var BECH32_GENERATOR = [0x3b6a57b2, 0x26508e6d, 0x1ea119fa, 0x3d4233dd, 0x2a1462b3]; + for (var p = 0; p < values.length; ++p) { + var top = chk >> 25; + chk = (chk & 0x1ffffff) << 5 ^ values[p]; + for (var i = 0; i < 5; ++i) { + if ((top >> i) & 1) { + chk ^= BECH32_GENERATOR[i]; + } + } + } + return chk; + } + + coinjs.bech32_hrpExpand = function (hrp) { + var ret = []; + var p; + for (p = 0; p < hrp.length; ++p) { + ret.push(hrp.charCodeAt(p) >> 5); + } + ret.push(0); + for (p = 0; p < hrp.length; ++p) { + ret.push(hrp.charCodeAt(p) & 31); + } + return ret; + } + + coinjs.bech32_verifyChecksum = function (hrp, data) { + return coinjs.bech32_polymod(coinjs.bech32_hrpExpand(hrp).concat(data)) === 1; + } + + coinjs.bech32_createChecksum = function (hrp, data) { + var values = coinjs.bech32_hrpExpand(hrp).concat(data).concat([0, 0, 0, 0, 0, 0]); + var mod = coinjs.bech32_polymod(values) ^ 1; + var ret = []; + for (var p = 0; p < 6; ++p) { + ret.push((mod >> 5 * (5 - p)) & 31); + } + return ret; + } + + coinjs.bech32_encode = function (hrp, data) { + var combined = data.concat(coinjs.bech32_createChecksum(hrp, data)); + var ret = hrp + '1'; + for (var p = 0; p < combined.length; ++p) { + ret += coinjs.bech32.charset.charAt(combined[p]); + } + return ret; + } + + coinjs.bech32_decode = function (bechString) { + var p; + var has_lower = false; + var has_upper = false; + for (p = 0; p < bechString.length; ++p) { + if (bechString.charCodeAt(p) < 33 || bechString.charCodeAt(p) > 126) { + return null; + } + if (bechString.charCodeAt(p) >= 97 && bechString.charCodeAt(p) <= 122) { + has_lower = true; + } + if (bechString.charCodeAt(p) >= 65 && bechString.charCodeAt(p) <= 90) { + has_upper = true; + } + } + if (has_lower && has_upper) { + return null; + } + bechString = bechString.toLowerCase(); + var pos = bechString.lastIndexOf('1'); + if (pos < 1 || pos + 7 > bechString.length || bechString.length > 90) { + return null; + } + var hrp = bechString.substring(0, pos); + var data = []; + for (p = pos + 1; p < bechString.length; ++p) { + var d = coinjs.bech32.charset.indexOf(bechString.charAt(p)); + if (d === -1) { + return null; + } + data.push(d); + } + if (!coinjs.bech32_verifyChecksum(hrp, data)) { + return null; + } + return { + hrp: hrp, + data: data.slice(0, data.length - 6) + }; + } + + coinjs.bech32_convert = function (data, inBits, outBits, pad) { + var value = 0; + var bits = 0; + var maxV = (1 << outBits) - 1; + + var result = []; + for (var i = 0; i < data.length; ++i) { + value = (value << inBits) | data[i]; + bits += inBits; + + while (bits >= outBits) { + bits -= outBits; + result.push((value >> bits) & maxV); + } + } + + if (pad) { + if (bits > 0) { + result.push((value << (outBits - bits)) & maxV); + } + } else { + if (bits >= inBits) throw new Error('Excess padding'); + if ((value << (outBits - bits)) & maxV) throw new Error('Non-zero padding'); + } + + return result; + } + + coinjs.testdeterministicK = function () { + // https://github.com/bitpay/bitcore/blob/9a5193d8e94b0bd5b8e7f00038e7c0b935405a03/test/crypto/ecdsa.js + // Line 21 and 22 specify digest hash and privkey for the first 2 test vectors. + // Line 96-117 tells expected result. + + var tx = coinjs.transaction(); + + var test_vectors = [{ + 'message': 'test data', + 'privkey': 'fee0a1f7afebf9d2a5a80c0c98a31c709681cce195cbcd06342b517970c0be1e', + 'k_bad00': 'fcce1de7a9bcd6b2d3defade6afa1913fb9229e3b7ddf4749b55c4848b2a196e', + 'k_bad01': '727fbcb59eb48b1d7d46f95a04991fc512eb9dbf9105628e3aec87428df28fd8', + 'k_bad15': '398f0e2c9f79728f7b3d84d447ac3a86d8b2083c8f234a0ffa9c4043d68bd258' + }, + { + 'message': 'Everything should be made as simple as possible, but not simpler.', + 'privkey': '0000000000000000000000000000000000000000000000000000000000000001', + 'k_bad00': 'ec633bd56a5774a0940cb97e27a9e4e51dc94af737596a0c5cbb3d30332d92a5', + 'k_bad01': 'df55b6d1b5c48184622b0ead41a0e02bfa5ac3ebdb4c34701454e80aabf36f56', + 'k_bad15': 'def007a9a3c2f7c769c75da9d47f2af84075af95cadd1407393dc1e26086ef87' + }, + { + 'message': 'Satoshi Nakamoto', + 'privkey': '0000000000000000000000000000000000000000000000000000000000000002', + 'k_bad00': 'd3edc1b8224e953f6ee05c8bbf7ae228f461030e47caf97cde91430b4607405e', + 'k_bad01': 'f86d8e43c09a6a83953f0ab6d0af59fb7446b4660119902e9967067596b58374', + 'k_bad15': '241d1f57d6cfd2f73b1ada7907b199951f95ef5ad362b13aed84009656e0254a' + }, + { + 'message': 'Diffie Hellman', + 'privkey': '7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f', + 'k_bad00': 'c378a41cb17dce12340788dd3503635f54f894c306d52f6e9bc4b8f18d27afcc', + 'k_bad01': '90756c96fef41152ac9abe08819c4e95f16da2af472880192c69a2b7bac29114', + 'k_bad15': '7b3f53300ab0ccd0f698f4d67db87c44cf3e9e513d9df61137256652b2e94e7c' + }, + { + 'message': 'Japan', + 'privkey': '8080808080808080808080808080808080808080808080808080808080808080', + 'k_bad00': 'f471e61b51d2d8db78f3dae19d973616f57cdc54caaa81c269394b8c34edcf59', + 'k_bad01': '6819d85b9730acc876fdf59e162bf309e9f63dd35550edf20869d23c2f3e6d17', + 'k_bad15': 'd8e8bae3ee330a198d1f5e00ad7c5f9ed7c24c357c0a004322abca5d9cd17847' + }, + { + 'message': 'Bitcoin', + 'privkey': 'fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140', + 'k_bad00': '36c848ffb2cbecc5422c33a994955b807665317c1ce2a0f59c689321aaa631cc', + 'k_bad01': '4ed8de1ec952a4f5b3bd79d1ff96446bcd45cabb00fc6ca127183e14671bcb85', + 'k_bad15': '56b6f47babc1662c011d3b1f93aa51a6e9b5f6512e9f2e16821a238d450a31f8' + }, + { + 'message': 'i2FLPP8WEus5WPjpoHwheXOMSobUJVaZM1JPMQZq', + 'privkey': 'fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140', + 'k_bad00': '6e9b434fcc6bbb081a0463c094356b47d62d7efae7da9c518ed7bac23f4e2ed6', + 'k_bad01': 'ae5323ae338d6117ce8520a43b92eacd2ea1312ae514d53d8e34010154c593bb', + 'k_bad15': '3eaa1b61d1b8ab2f1ca71219c399f2b8b3defa624719f1e96fe3957628c2c4ea' + }, + { + 'message': 'lEE55EJNP7aLrMtjkeJKKux4Yg0E8E1SAJnWTCEh', + 'privkey': '3881e5286abc580bb6139fe8e83d7c8271c6fe5e5c2d640c1f0ed0e1ee37edc9', + 'k_bad00': '5b606665a16da29cc1c5411d744ab554640479dd8abd3c04ff23bd6b302e7034', + 'k_bad01': 'f8b25263152c042807c992eacd2ac2cc5790d1e9957c394f77ea368e3d9923bd', + 'k_bad15': 'ea624578f7e7964ac1d84adb5b5087dd14f0ee78b49072aa19051cc15dab6f33' + }, + { + 'message': '2SaVPvhxkAPrayIVKcsoQO5DKA8Uv5X/esZFlf+y', + 'privkey': '7259dff07922de7f9c4c5720d68c9745e230b32508c497dd24cb95ef18856631', + 'k_bad00': '3ab6c19ab5d3aea6aa0c6da37516b1d6e28e3985019b3adb388714e8f536686b', + 'k_bad01': '19af21b05004b0ce9cdca82458a371a9d2cf0dc35a813108c557b551c08eb52e', + 'k_bad15': '117a32665fca1b7137a91c4739ac5719fec0cf2e146f40f8e7c21b45a07ebc6a' + }, + { + 'message': '00A0OwO2THi7j5Z/jp0FmN6nn7N/DQd6eBnCS+/b', + 'privkey': '0d6ea45d62b334777d6995052965c795a4f8506044b4fd7dc59c15656a28f7aa', + 'k_bad00': '79487de0c8799158294d94c0eb92ee4b567e4dc7ca18addc86e49d31ce1d2db6', + 'k_bad01': '9561d2401164a48a8f600882753b3105ebdd35e2358f4f808c4f549c91490009', + 'k_bad15': 'b0d273634129ff4dbdf0df317d4062a1dbc58818f88878ffdb4ec511c77976c0' + } + ]; + + var result_txt = '\n----------------------\nResults\n----------------------\n\n'; + + for (i = 0; i < test_vectors.length; i++) { + var hash = Crypto.SHA256(test_vectors[i]['message'].split('').map(function (c) { + return c.charCodeAt(0); + }), { + asBytes: true + }); + var wif = coinjs.privkey2wif(test_vectors[i]['privkey']); + + var KBigInt = tx.deterministicK(wif, hash); + var KBigInt0 = tx.deterministicK(wif, hash, 0); + var KBigInt1 = tx.deterministicK(wif, hash, 1); + var KBigInt15 = tx.deterministicK(wif, hash, 15); + + var K = Crypto.util.bytesToHex(KBigInt.toByteArrayUnsigned()); + var K0 = Crypto.util.bytesToHex(KBigInt0.toByteArrayUnsigned()); + var K1 = Crypto.util.bytesToHex(KBigInt1.toByteArrayUnsigned()); + var K15 = Crypto.util.bytesToHex(KBigInt15.toByteArrayUnsigned()); + + if (K != test_vectors[i]['k_bad00']) { + result_txt += 'Failed Test #' + (i + 1) + '\n K = ' + K + '\nExpected = ' + test_vectors[i]['k_bad00'] + '\n\n'; + } else if (K0 != test_vectors[i]['k_bad00']) { + result_txt += 'Failed Test #' + (i + 1) + '\n K0 = ' + K0 + '\nExpected = ' + test_vectors[i]['k_bad00'] + '\n\n'; + } else if (K1 != test_vectors[i]['k_bad01']) { + result_txt += 'Failed Test #' + (i + 1) + '\n K1 = ' + K1 + '\nExpected = ' + test_vectors[i]['k_bad01'] + '\n\n'; + } else if (K15 != test_vectors[i]['k_bad15']) { + result_txt += 'Failed Test #' + (i + 1) + '\n K15 = ' + K15 + '\nExpected = ' + test_vectors[i]['k_bad15'] + '\n\n'; + }; + }; + + if (result_txt.length < 60) { + result_txt = 'All Tests OK!'; + }; + + return result_txt; + }; + + /* start of hd functions, thanks bip32.org */ + coinjs.hd = function (data) { + + var r = {}; + + /* some hd value parsing */ + r.parse = function () { + + var bytes = []; + + // some quick validation + if (typeof (data) == 'string') { + var decoded = coinjs.base58decode(data); + if (decoded.length == 82) { + var checksum = decoded.slice(78, 82); + var hash = Crypto.SHA256(Crypto.SHA256(decoded.slice(0, 78), { + asBytes: true + }), { + asBytes: true + }); + if (checksum[0] == hash[0] && checksum[1] == hash[1] && checksum[2] == hash[2] && checksum[3] == hash[3]) { + bytes = decoded.slice(0, 78); + } + } + } + + // actual parsing code + if (bytes && bytes.length > 0) { + r.version = coinjs.uint(bytes.slice(0, 4), 4); + r.depth = coinjs.uint(bytes.slice(4, 5), 1); + r.parent_fingerprint = bytes.slice(5, 9); + r.child_index = coinjs.uint(bytes.slice(9, 13), 4); + r.chain_code = bytes.slice(13, 45); + r.key_bytes = bytes.slice(45, 78); + + var c = coinjs.compressed; // get current default + coinjs.compressed = true; + + if (r.key_bytes[0] == 0x00) { + r.type = 'private'; + var privkey = (r.key_bytes).slice(1, 33); + var privkeyHex = Crypto.util.bytesToHex(privkey); + var pubkey = coinjs.newPubkey(privkeyHex); + + r.keys = { + 'privkey': privkeyHex, + 'pubkey': pubkey, + 'address': coinjs.pubkey2address(pubkey), + 'wif': coinjs.privkey2wif(privkeyHex) + }; + + } else if (r.key_bytes[0] == 0x02 || r.key_bytes[0] == 0x03) { + r.type = 'public'; + var pubkeyHex = Crypto.util.bytesToHex(r.key_bytes); + + r.keys = { + 'pubkey': pubkeyHex, + 'address': coinjs.pubkey2address(pubkeyHex) + }; + } else { + r.type = 'invalid'; + } + + r.keys_extended = r.extend(); + + coinjs.compressed = c; // reset to default + } + + return r; + } + + // extend prv/pub key + r.extend = function () { + var hd = coinjs.hd(); + return hd.make({ + 'depth': (this.depth * 1) + 1, + 'parent_fingerprint': this.parent_fingerprint, + 'child_index': this.child_index, + 'chain_code': this.chain_code, + 'privkey': this.keys.privkey, + 'pubkey': this.keys.pubkey + }); + } + + // derive from path + r.derive_path = function (path) { + + if (path == 'm' || path == 'M' || path == 'm\'' || path == 'M\'') return this; + + var p = path.split('/'); + var hdp = coinjs.clone(this); // clone hd path + + for (var i in p) { + + if (((i == 0) && c != 'm') || i == 'remove') { + continue; + } + + var c = p[i]; + + var use_private = (c.length > 1) && (c[c.length - 1] == '\''); + var child_index = parseInt(use_private ? c.slice(0, c.length - 1) : c) & 0x7fffffff; + if (use_private) + child_index += 0x80000000; + + hdp = hdp.derive(child_index); + var key = ((hdp.keys_extended.privkey) && hdp.keys_extended.privkey != '') ? hdp.keys_extended.privkey : hdp.keys_extended.pubkey; + hdp = coinjs.hd(key); + } + return hdp; + } + + // derive key from index + r.derive = function (i) { + + i = (i) ? i : 0; + var blob = (Crypto.util.hexToBytes(this.keys.pubkey)).concat(coinjs.numToBytes(i, 4).reverse()); + + var j = new jsSHA(Crypto.util.bytesToHex(blob), 'HEX'); + var hash = j.getHMAC(Crypto.util.bytesToHex(r.chain_code), "HEX", "SHA-512", "HEX"); + + var il = new BigInteger(hash.slice(0, 64), 16); + var ir = Crypto.util.hexToBytes(hash.slice(64, 128)); + + var ecparams = EllipticCurve.getSECCurveByName("secp256k1"); + var curve = ecparams.getCurve(); + + var k, key, pubkey, o; + + o = coinjs.clone(this); + o.chain_code = ir; + o.child_index = i; + + if (this.type == 'private') { + // derive key pair from from a xprv key + k = il.add(new BigInteger([0].concat(Crypto.util.hexToBytes(this.keys.privkey)))).mod(ecparams.getN()); + key = Crypto.util.bytesToHex(k.toByteArrayUnsigned()); + + pubkey = coinjs.newPubkey(key); + + o.keys = { + 'privkey': key, + 'pubkey': pubkey, + 'wif': coinjs.privkey2wif(key), + 'address': coinjs.pubkey2address(pubkey) + }; + + } else if (this.type == 'public') { + // derive xpub key from an xpub key + q = ecparams.curve.decodePointHex(this.keys.pubkey); + var curvePt = ecparams.getG().multiply(il).add(q); + + var x = curvePt.getX().toBigInteger(); + var y = curvePt.getY().toBigInteger(); + + var publicKeyBytesCompressed = EllipticCurve.integerToBytes(x, 32) + if (y.isEven()) { + publicKeyBytesCompressed.unshift(0x02) + } else { + publicKeyBytesCompressed.unshift(0x03) + } + pubkey = Crypto.util.bytesToHex(publicKeyBytesCompressed); + + o.keys = { + 'pubkey': pubkey, + 'address': coinjs.pubkey2address(pubkey) + } + } else { + // fail + } + + o.parent_fingerprint = (ripemd160(Crypto.SHA256(Crypto.util.hexToBytes(r.keys.pubkey), { + asBytes: true + }), { + asBytes: true + })).slice(0, 4); + o.keys_extended = o.extend(); + return o; + } + + // make a master hd xprv/xpub + r.master = function (pass) { + var seed = (pass) ? Crypto.SHA256(pass) : coinjs.newPrivkey(); + var hasher = new jsSHA(seed, 'HEX'); + var I = hasher.getHMAC("Bitcoin seed", "TEXT", "SHA-512", "HEX"); + + var privkey = Crypto.util.hexToBytes(I.slice(0, 64)); + var chain = Crypto.util.hexToBytes(I.slice(64, 128)); + + var hd = coinjs.hd(); + return hd.make({ + 'depth': 0, + 'parent_fingerprint': [0, 0, 0, 0], + 'child_index': 0, + 'chain_code': chain, + 'privkey': I.slice(0, 64), + 'pubkey': coinjs.newPubkey(I.slice(0, 64)) + }); + } + + // encode data to a base58 string + r.make = function (data) { // { (int) depth, (array) parent_fingerprint, (int) child_index, (byte array) chain_code, (hex str) privkey, (hex str) pubkey} + var k = []; + + //depth + k.push(data.depth * 1); + + //parent fingerprint + k = k.concat(data.parent_fingerprint); + + //child index + k = k.concat((coinjs.numToBytes(data.child_index, 4)).reverse()); + + //Chain code + k = k.concat(data.chain_code); + + var o = {}; // results + + //encode xprv key + if (data.privkey) { + var prv = (coinjs.numToBytes(coinjs.hdkey.prv, 4)).reverse(); + prv = prv.concat(k); + prv.push(0x00); + prv = prv.concat(Crypto.util.hexToBytes(data.privkey)); + var hash = Crypto.SHA256(Crypto.SHA256(prv, { + asBytes: true + }), { + asBytes: true + }); + var checksum = hash.slice(0, 4); + var ret = prv.concat(checksum); + o.privkey = coinjs.base58encode(ret); + } + + //encode xpub key + if (data.pubkey) { + var pub = (coinjs.numToBytes(coinjs.hdkey.pub, 4)).reverse(); + pub = pub.concat(k); + pub = pub.concat(Crypto.util.hexToBytes(data.pubkey)); + var hash = Crypto.SHA256(Crypto.SHA256(pub, { + asBytes: true + }), { + asBytes: true + }); + var checksum = hash.slice(0, 4); + var ret = pub.concat(checksum); + o.pubkey = coinjs.base58encode(ret); + } + return o; + } + + return r.parse(); + } + + + /* start of script functions */ + coinjs.script = function (data) { + var r = {}; + + if (!data) { + r.buffer = []; + } else if ("string" == typeof data) { + r.buffer = Crypto.util.hexToBytes(data); + } else if (coinjs.isArray(data)) { + r.buffer = data; + } else if (data instanceof coinjs.script) { + r.buffer = data.buffer; + } else { + r.buffer = data; + } + + /* parse buffer array */ + r.parse = function () { + + var self = this; + r.chunks = []; + var i = 0; + + function readChunk(n) { + self.chunks.push(self.buffer.slice(i, i + n)); + i += n; + }; + + while (i < this.buffer.length) { + var opcode = this.buffer[i++]; + if (opcode >= 0xF0) { + opcode = (opcode << 8) | this.buffer[i++]; + } + + var len; + if (opcode > 0 && opcode < 76) { //OP_PUSHDATA1 + readChunk(opcode); + } else if (opcode == 76) { //OP_PUSHDATA1 + len = this.buffer[i++]; + readChunk(len); + } else if (opcode == 77) { //OP_PUSHDATA2 + len = (this.buffer[i++] << 8) | this.buffer[i++]; + readChunk(len); + } else if (opcode == 78) { //OP_PUSHDATA4 + len = (this.buffer[i++] << 24) | (this.buffer[i++] << 16) | (this.buffer[i++] << 8) | this.buffer[i++]; + readChunk(len); + } else { + this.chunks.push(opcode); + } + + if (i < 0x00) { + break; + } + } + + return true; + }; + + /* decode the redeemscript of a multisignature transaction */ + r.decodeRedeemScript = function (script) { + var r = false; + try { + var s = coinjs.script(Crypto.util.hexToBytes(script)); + if ((s.chunks.length >= 3) && s.chunks[s.chunks.length - 1] == 174) { //OP_CHECKMULTISIG + r = {}; + r.signaturesRequired = s.chunks[0] - 80; + var pubkeys = []; + for (var i = 1; i < s.chunks.length - 2; i++) { + pubkeys.push(Crypto.util.bytesToHex(s.chunks[i])); + } + r.pubkeys = pubkeys; + var multi = coinjs.pubkeys2MultisigAddress(pubkeys, r.signaturesRequired); + r.address = multi['address']; + r.type = 'multisig__'; // using __ for now to differentiat from the other object .type == "multisig" + var rs = Crypto.util.bytesToHex(s.buffer); + r.redeemscript = rs; + + } else if ((s.chunks.length == 2) && (s.buffer[0] == 0 && s.buffer[1] == 20)) { // SEGWIT + r = {}; + r.type = "segwit__"; + var rs = Crypto.util.bytesToHex(s.buffer); + r.address = coinjs.pubkey2address(rs, coinjs.multisig); + r.redeemscript = rs; + + } else if (s.chunks.length == 5 && s.chunks[1] == 177 && s.chunks[2] == 117 && s.chunks[4] == 172) { + // ^ OP_CHECKLOCKTIMEVERIFY OP_DROP OP_CHECKSIG ^ + r = {} + r.pubkey = Crypto.util.bytesToHex(s.chunks[3]); + r.checklocktimeverify = coinjs.bytesToNum(s.chunks[0].slice()); + r.address = coinjs.simpleHodlAddress(r.pubkey, r.checklocktimeverify).address; + var rs = Crypto.util.bytesToHex(s.buffer); + r.redeemscript = rs; + r.type = "hodl__"; + } + } catch (e) { + // console.log(e); + r = false; + } + return r; + } + + /* decode the redeemscript of a multisignature transaction for Bech32*/ + r.decodeRedeemScriptBech32 = function (script) { + var r = false; + try { + var s = coinjs.script(Crypto.util.hexToBytes(script)); + if ((s.chunks.length >= 3) && s.chunks[s.chunks.length - 1] == 174) { //OP_CHECKMULTISIG + r = {}; + r.signaturesRequired = s.chunks[0] - 80; + var pubkeys = []; + for (var i = 1; i < s.chunks.length - 2; i++) { + pubkeys.push(Crypto.util.bytesToHex(s.chunks[i])); + } + r.pubkeys = pubkeys; + var multi = coinjs.pubkeys2MultisigAddressBech32(pubkeys, r.signaturesRequired); + r.address = multi['address']; + r.type = 'multisig__'; // using __ for now to differentiat from the other object .type == "multisig" + var rs = Crypto.util.bytesToHex(s.buffer); + r.redeemscript = rs; + + } + + } catch (e) { + // console.log(e); + r = false; + } + return r; + } + + /* create output script to spend */ + r.spendToScript = function (address) { + var addr = coinjs.addressDecode(address); + var s = coinjs.script(); + if (addr.type == "bech32" || addr.type == "multisigBech32") { + s.writeOp(0); + s.writeBytes(Crypto.util.hexToBytes(addr.redeemscript)); + } else if (addr.version == coinjs.multisig) { // multisig address + s.writeOp(169); //OP_HASH160 + s.writeBytes(addr.bytes); + s.writeOp(135); //OP_EQUAL + } else { // regular address + s.writeOp(118); //OP_DUP + s.writeOp(169); //OP_HASH160 + s.writeBytes(addr.bytes); + s.writeOp(136); //OP_EQUALVERIFY + s.writeOp(172); //OP_CHECKSIG + } + return s; + } + + /* geneate a (script) pubkey hash of the address - used for when signing */ + r.pubkeyHash = function (address) { + var addr = coinjs.addressDecode(address); + var s = coinjs.script(); + s.writeOp(118); //OP_DUP + s.writeOp(169); //OP_HASH160 + s.writeBytes(addr.bytes); + s.writeOp(136); //OP_EQUALVERIFY + s.writeOp(172); //OP_CHECKSIG + return s; + } + + /* write to buffer */ + r.writeOp = function (op) { + this.buffer.push(op); + this.chunks.push(op); + return true; + } + + /* write bytes to buffer */ + r.writeBytes = function (data) { + if (data.length < 76) { //OP_PUSHDATA1 + this.buffer.push(data.length); + } else if (data.length <= 0xff) { + this.buffer.push(76); //OP_PUSHDATA1 + this.buffer.push(data.length); + } else if (data.length <= 0xffff) { + this.buffer.push(77); //OP_PUSHDATA2 + this.buffer.push(data.length & 0xff); + this.buffer.push((data.length >>> 8) & 0xff); + } else { + this.buffer.push(78); //OP_PUSHDATA4 + this.buffer.push(data.length & 0xff); + this.buffer.push((data.length >>> 8) & 0xff); + this.buffer.push((data.length >>> 16) & 0xff); + this.buffer.push((data.length >>> 24) & 0xff); + } + this.buffer = this.buffer.concat(data); + this.chunks.push(data); + return true; + } + + r.parse(); + return r; + } + + /* start of transaction functions */ + + /* create a new transaction object */ + coinjs.transaction = function () { + + var r = {}; + r.version = 1; + r.lock_time = 0; + r.ins = []; + r.outs = []; + r.witness = false; + r.timestamp = null; + r.block = null; + + /* add an input to a transaction */ + r.addinput = function (txid, index, script, sequence) { + var o = {}; + o.outpoint = { + 'hash': txid, + 'index': index + }; + o.script = coinjs.script(script || []); + o.sequence = sequence || ((r.lock_time == 0) ? 4294967295 : 0); + return this.ins.push(o); + } + + /* add an output to a transaction */ + r.addoutput = function (address, value) { + var o = {}; + o.value = new BigInteger('' + Math.round((value * 1) * 1e8), 10); + var s = coinjs.script(); + o.script = s.spendToScript(address); + + return this.outs.push(o); + } + + /* add two outputs for stealth addresses to a transaction */ + r.addstealth = function (stealth, value) { + var ephemeralKeyBigInt = BigInteger.fromByteArrayUnsigned(Crypto.util.hexToBytes(coinjs.newPrivkey())); + var curve = EllipticCurve.getSECCurveByName("secp256k1"); + + var p = EllipticCurve.fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F"); + var a = BigInteger.ZERO; + var b = EllipticCurve.fromHex("7"); + var calccurve = new EllipticCurve.CurveFp(p, a, b); + + var ephemeralPt = curve.getG().multiply(ephemeralKeyBigInt); + var scanPt = calccurve.decodePointHex(stealth.scankey); + var sharedPt = scanPt.multiply(ephemeralKeyBigInt); + var stealthindexKeyBigInt = BigInteger.fromByteArrayUnsigned(Crypto.SHA256(sharedPt.getEncoded(true), { + asBytes: true + })); + + var stealthindexPt = curve.getG().multiply(stealthindexKeyBigInt); + var spendPt = calccurve.decodePointHex(stealth.spendkey); + var addressPt = spendPt.add(stealthindexPt); + + var sendaddress = coinjs.pubkey2address(Crypto.util.bytesToHex(addressPt.getEncoded(true))); + + + var OPRETBytes = [6].concat(Crypto.util.randomBytes(4)).concat(ephemeralPt.getEncoded(true)); // ephemkey data + var q = coinjs.script(); + q.writeOp(106); // OP_RETURN + q.writeBytes(OPRETBytes); + v = {}; + v.value = 0; + v.script = q; + + this.outs.push(v); + + var o = {}; + o.value = new BigInteger('' + Math.round((value * 1) * 1e8), 10); + var s = coinjs.script(); + o.script = s.spendToScript(sendaddress); + + return this.outs.push(o); + } + + /* add data to a transaction */ + r.adddata = function (data) { + var r = false; + if (((data.match(/^[a-f0-9]+$/gi)) && data.length < 160) && (data.length % 2) == 0) { + var s = coinjs.script(); + s.writeOp(106); // OP_RETURN + s.writeBytes(Crypto.util.hexToBytes(data)); + o = {}; + o.value = 0; + o.script = s; + return this.outs.push(o); + } + return r; + } + + /* list unspent transactions */ + r.listUnspent = function (address, callback) { + coinjs.ajax(coinjs.host + '?uid=' + coinjs.uid + '&key=' + coinjs.key + '&setmodule=addresses&request=unspent&address=' + address + '&r=' + Math.random(), callback, "GET"); + } + + /* list transaction data */ + r.getTransaction = function (txid, callback) { + coinjs.ajax(coinjs.host + '?uid=' + coinjs.uid + '&key=' + coinjs.key + '&setmodule=bitcoin&request=gettransaction&txid=' + txid + '&r=' + Math.random(), callback, "GET"); + } + + /* add unspent to transaction */ + r.addUnspent = function (address, callback, script, segwit, sequence) { + var self = this; + this.listUnspent(address, function (data) { + var s = coinjs.script(); + var value = 0; + var total = 0; + var x = {}; + + if (GLOBAL.DOMParser) { + parser = new DOMParser(); + xmlDoc = parser.parseFromString(data, "text/xml"); + } else { + xmlDoc = new ActiveXObject("Microsoft.XMLDOM"); + xmlDoc.async = false; + xmlDoc.loadXML(data); + } + + var unspent = xmlDoc.getElementsByTagName("unspent")[0]; + + if (unspent) { + for (i = 1; i <= unspent.childElementCount; i++) { + var u = xmlDoc.getElementsByTagName("unspent_" + i)[0] + var txhash = (u.getElementsByTagName("tx_hash")[0].childNodes[0].nodeValue).match(/.{1,2}/g).reverse().join("") + ''; + var n = u.getElementsByTagName("tx_output_n")[0].childNodes[0].nodeValue; + var scr = script || u.getElementsByTagName("script")[0].childNodes[0].nodeValue; + + if (segwit) { //also for MULTISIG_BECH32 (p2wsh-multisig)(script = raw_redeemscript; for p2wsh-multisig) + /* this is a small hack to include the value with the redeemscript to make the signing procedure smoother. + It is not standard and removed during the signing procedure. */ + + s = coinjs.script(); + s.writeBytes(Crypto.util.hexToBytes(script)); + s.writeOp(0); + s.writeBytes(coinjs.numToBytes(u.getElementsByTagName("value")[0].childNodes[0].nodeValue * 1, 8)); + scr = Crypto.util.bytesToHex(s.buffer); + } + + var seq = sequence || false; + self.addinput(txhash, n, scr, seq); + value += u.getElementsByTagName("value")[0].childNodes[0].nodeValue * 1; + total++; + } + } + + x.result = xmlDoc.getElementsByTagName("result")[0].childNodes[0].nodeValue; + x.unspent = unspent; + x.value = value; + x.total = total; + x.response = xmlDoc.getElementsByTagName("response")[0].childNodes[0].nodeValue; + + return callback(x); + }); + } + + /* add unspent and sign */ + r.addUnspentAndSign = function (wif, callback) { + var self = this; + var address = coinjs.wif2address(wif); + self.addUnspent(address['address'], function (data) { + self.sign(wif); + return callback(data); + }); + } + + /* broadcast a transaction */ + r.broadcast = function (callback, txhex) { + var tx = txhex || this.serialize(); + coinjs.ajax(coinjs.host + '?uid=' + coinjs.uid + '&key=' + coinjs.key + '&setmodule=bitcoin&request=sendrawtransaction', callback, "POST", ["rawtx=" + tx]); + } + + /* generate the transaction hash to sign from a transaction input */ + r.transactionHash = function (index, sigHashType) { + + var clone = coinjs.clone(this); + var shType = sigHashType || 1; + + /* black out all other ins, except this one */ + for (var i = 0; i < clone.ins.length; i++) { + if (index != i) { + clone.ins[i].script = coinjs.script(); + } + } + + var extract = this.extractScriptKey(index); + clone.ins[index].script = coinjs.script(extract['script']); + + if ((clone.ins) && clone.ins[index]) { + + /* SIGHASH : For more info on sig hashs see https://en.bitcoin.it/wiki/OP_CHECKSIG + and https://bitcoin.org/en/developer-guide#signature-hash-type */ + + if (shType == 1) { + //SIGHASH_ALL 0x01 + + } else if (shType == 2) { + //SIGHASH_NONE 0x02 + clone.outs = []; + for (var i = 0; i < clone.ins.length; i++) { + if (index != i) { + clone.ins[i].sequence = 0; + } + } + + } else if (shType == 3) { + + //SIGHASH_SINGLE 0x03 + clone.outs.length = index + 1; + + for (var i = 0; i < index; i++) { + clone.outs[i].value = -1; + clone.outs[i].script.buffer = []; + } + + for (var i = 0; i < clone.ins.length; i++) { + if (index != i) { + clone.ins[i].sequence = 0; + } + } + + } else if (shType >= 128) { + //SIGHASH_ANYONECANPAY 0x80 + clone.ins = [clone.ins[index]]; + + if (shType == 129) { + // SIGHASH_ALL + SIGHASH_ANYONECANPAY + + } else if (shType == 130) { + // SIGHASH_NONE + SIGHASH_ANYONECANPAY + clone.outs = []; + + } else if (shType == 131) { + // SIGHASH_SINGLE + SIGHASH_ANYONECANPAY + clone.outs.length = index + 1; + for (var i = 0; i < index; i++) { + clone.outs[i].value = -1; + clone.outs[i].script.buffer = []; + } + } + } + + var buffer = Crypto.util.hexToBytes(clone.serialize()); + buffer = buffer.concat(coinjs.numToBytes(parseInt(shType), 4)); + var hash = Crypto.SHA256(buffer, { + asBytes: true + }); + var r = Crypto.util.bytesToHex(Crypto.SHA256(hash, { + asBytes: true + })); + return r; + } else { + return false; + } + } + + /* generate a segwit transaction hash to sign from a transaction input */ + r.transactionHashSegWitV0 = function (index, sigHashType) { + /* + Notice: coinb.in by default, deals with segwit transactions in a non-standard way. + Segwit transactions require that input values are included in the transaction hash. + To save wasting resources and potentially slowing down this service, we include the amount with the + redeem script to generate the transaction hash and remove it after its signed. + */ + + // start redeem script check + var extract = this.extractScriptKey(index); + if (extract['type'] != 'segwit' && extract['type'] != 'multisig_bech32') { + return { + 'result': 0, + 'fail': 'redeemscript', + 'response': 'redeemscript missing or not valid for segwit' + }; + } + + if (extract['value'] == -1) { + return { + 'result': 0, + 'fail': 'value', + 'response': 'unable to generate a valid segwit hash without a value' + }; + } + + var scriptcode = Crypto.util.hexToBytes(extract['script']); + + // end of redeem script check + + /* P2WPKH */ + if (scriptcode.length == 20) { + scriptcode = [0x00, 0x14].concat(scriptcode); + } + + if (scriptcode.length == 22) { + scriptcode = scriptcode.slice(1); + scriptcode.unshift(25, 118, 169); + scriptcode.push(136, 172); + } else if (scriptcode[0] > 80) { + scriptcode.unshift(scriptcode.length) + } + + var value = coinjs.numToBytes(extract['value'], 8); + + // start + + var zero = coinjs.numToBytes(0, 32); + var version = coinjs.numToBytes(parseInt(this.version), 4); + + var bufferTmp = []; + if (!(sigHashType >= 80)) { // not sighash anyonecanpay + for (var i = 0; i < this.ins.length; i++) { + bufferTmp = bufferTmp.concat(Crypto.util.hexToBytes(this.ins[i].outpoint.hash).reverse()); + bufferTmp = bufferTmp.concat(coinjs.numToBytes(this.ins[i].outpoint.index, 4)); + } + } + var hashPrevouts = bufferTmp.length >= 1 ? Crypto.SHA256(Crypto.SHA256(bufferTmp, { + asBytes: true + }), { + asBytes: true + }) : zero; + + var bufferTmp = []; + if (!(sigHashType >= 80) && sigHashType != 2 && sigHashType != 3) { // not sighash anyonecanpay & single & none + for (var i = 0; i < this.ins.length; i++) { + bufferTmp = bufferTmp.concat(coinjs.numToBytes(this.ins[i].sequence, 4)); + } + } + var hashSequence = bufferTmp.length >= 1 ? Crypto.SHA256(Crypto.SHA256(bufferTmp, { + asBytes: true + }), { + asBytes: true + }) : zero; + + var outpoint = Crypto.util.hexToBytes(this.ins[index].outpoint.hash).reverse(); + outpoint = outpoint.concat(coinjs.numToBytes(this.ins[index].outpoint.index, 4)); + + var nsequence = coinjs.numToBytes(this.ins[index].sequence, 4); + var hashOutputs = zero; + var bufferTmp = []; + if (sigHashType != 2 && sigHashType != 3) { // not sighash single & none + for (var i = 0; i < this.outs.length; i++) { + bufferTmp = bufferTmp.concat(coinjs.numToBytes(this.outs[i].value, 8)); + bufferTmp = bufferTmp.concat(coinjs.numToVarInt(this.outs[i].script.buffer.length)); + bufferTmp = bufferTmp.concat(this.outs[i].script.buffer); + } + hashOutputs = Crypto.SHA256(Crypto.SHA256(bufferTmp, { + asBytes: true + }), { + asBytes: true + }); + + } else if ((sigHashType == 2) && index < this.outs.length) { // is sighash single + bufferTmp = bufferTmp.concat(coinjs.numToBytes(this.outs[index].value, 8)); + bufferTmp = bufferTmp.concat(coinjs.numToVarInt(this.outs[i].script.buffer.length)); + bufferTmp = bufferTmp.concat(this.outs[index].script.buffer); + hashOutputs = Crypto.SHA256(Crypto.SHA256(bufferTmp, { + asBytes: true + }), { + asBytes: true + }); + } + + var locktime = coinjs.numToBytes(this.lock_time, 4); + var sighash = coinjs.numToBytes(sigHashType, 4); + + var buffer = []; + buffer = buffer.concat(version); + buffer = buffer.concat(hashPrevouts); + buffer = buffer.concat(hashSequence); + buffer = buffer.concat(outpoint); + buffer = buffer.concat(scriptcode); + buffer = buffer.concat(value); + buffer = buffer.concat(nsequence); + buffer = buffer.concat(hashOutputs); + buffer = buffer.concat(locktime); + buffer = buffer.concat(sighash); + + var hash = Crypto.SHA256(buffer, { + asBytes: true + }); + return { + 'result': 1, + 'hash': Crypto.util.bytesToHex(Crypto.SHA256(hash, { + asBytes: true + })), + 'response': 'hash generated' + }; + } + + /* extract the scriptSig, used in the transactionHash() function */ + r.extractScriptKey = function (index) { + if (this.ins[index]) { + if ((this.ins[index].script.chunks.length == 5) && this.ins[index].script.chunks[4] == 172 && coinjs.isArray(this.ins[index].script.chunks[2])) { //OP_CHECKSIG + // regular scriptPubkey (not signed) + return { + 'type': 'scriptpubkey', + 'signed': 'false', + 'signatures': 0, + 'script': Crypto.util.bytesToHex(this.ins[index].script.buffer) + }; + } else if ((this.ins[index].script.chunks.length == 2) && this.ins[index].script.chunks[0][0] == 48 && this.ins[index].script.chunks[1].length == 5 && this.ins[index].script.chunks[1][1] == 177) { //OP_CHECKLOCKTIMEVERIFY + // hodl script (signed) + return { + 'type': 'hodl', + 'signed': 'true', + 'signatures': 1, + 'script': Crypto.util.bytesToHex(this.ins[index].script.buffer) + }; + } else if ((this.ins[index].script.chunks.length == 2) && this.ins[index].script.chunks[0][0] == 48) { + // regular scriptPubkey (probably signed) + return { + 'type': 'scriptpubkey', + 'signed': 'true', + 'signatures': 1, + 'script': Crypto.util.bytesToHex(this.ins[index].script.buffer) + }; + } else if (this.ins[index].script.chunks.length == 5 && this.ins[index].script.chunks[1] == 177) { //OP_CHECKLOCKTIMEVERIFY + // hodl script (not signed) + return { + 'type': 'hodl', + 'signed': 'false', + 'signatures': 0, + 'script': Crypto.util.bytesToHex(this.ins[index].script.buffer) + }; + } else if ((this.ins[index].script.chunks.length <= 3 && this.ins[index].script.chunks.length > 0) && ((this.ins[index].script.chunks[0].length == 22 && this.ins[index].script.chunks[0][0] == 0) || (this.ins[index].script.chunks[0].length == 20 && this.ins[index].script.chunks[1] == 0))) { + var signed = ((this.witness[index]) && this.witness[index].length == 2) ? 'true' : 'false'; + var sigs = (signed == 'true') ? 1 : 0; + var value = -1; // no value found + if ((this.ins[index].script.chunks[2]) && this.ins[index].script.chunks[2].length == 8) { + value = coinjs.bytesToNum(this.ins[index].script.chunks[2]); // value found encoded in transaction (THIS IS NON STANDARD) + } + return { + 'type': 'segwit', + 'signed': signed, + 'signatures': sigs, + 'script': Crypto.util.bytesToHex(this.ins[index].script.chunks[0]), + 'value': value + }; + } else if (this.ins[index].script.chunks[0] == 0 && this.ins[index].script.chunks[this.ins[index].script.chunks.length - 1][this.ins[index].script.chunks[this.ins[index].script.chunks.length - 1].length - 1] == 174) { // OP_CHECKMULTISIG + // multisig script, with signature(s) included + var sigcount = 0; + for (let i = 1; i < this.ins[index].script.chunks.length - 1; i++) { + if (this.ins[index].script.chunks[i] != 0) { + sigcount++; + } + } + + return { + 'type': 'multisig', + 'signed': 'true', + 'signatures': sigcount, + 'script': Crypto.util.bytesToHex(this.ins[index].script.chunks[this.ins[index].script.chunks.length - 1]) + }; + } else if (this.ins[index].script.chunks[0] >= 80 && this.ins[index].script.chunks[this.ins[index].script.chunks.length - 1] == 174) { // OP_CHECKMULTISIG + // multisig script, without signature! + return { + 'type': 'multisig', + 'signed': 'false', + 'signatures': 0, + 'script': Crypto.util.bytesToHex(this.ins[index].script.buffer) + }; + } else if (this.ins[index].script.chunks.length == 3 && this.ins[index].script.chunks[0][0] >= 80 && this.ins[index].script.chunks[0][this.ins[index].script.chunks[0].length - 1] == 174 && this.ins[index].script.chunks[1] == 0) { //OP_CHECKMULTISIG_BECH32 + // multisig bech32 script + let last_index = this.ins[index].script.chunks.length - 1; + var value = -1; + if (last_index >= 2 && this.ins[index].script.chunks[last_index].length == 8) { + value = coinjs.bytesToNum(this.ins[index].script.chunks[last_index]); // value found encoded in transaction (THIS IS NON STANDARD) + } + var sigcount = (!this.witness[index]) ? 0 : this.witness[index].length - 2; + return { + 'type': 'multisig_bech32', + 'signed': 'false', + 'signatures': sigcount, + 'script': Crypto.util.bytesToHex(this.ins[index].script.chunks[0]), + 'value': value + }; + } else if (this.ins[index].script.chunks.length == 0) { + // empty + //bech32 witness check + var signed = ((this.witness[index]) && this.witness[index].length >= 2) ? 'true' : 'false'; + var sigs = (signed == 'true') ? (!this.witness[index][0] ? this.witness[index].length - 2 : 1) : 0; + return { + 'type': 'empty', + 'signed': signed, + 'signatures': sigs, + 'script': '' + }; + } else { + // something else + return { + 'type': 'unknown', + 'signed': 'false', + 'signatures': 0, + 'script': Crypto.util.bytesToHex(this.ins[index].script.buffer) + }; + } + } else { + return false; + } + } + + /* generate a signature from a transaction hash */ + r.transactionSig = function (index, wif, sigHashType, txhash) { + + function serializeSig(r, s) { + var rBa = r.toByteArraySigned(); + var sBa = s.toByteArraySigned(); + + var sequence = []; + sequence.push(0x02); // INTEGER + sequence.push(rBa.length); + sequence = sequence.concat(rBa); + + sequence.push(0x02); // INTEGER + sequence.push(sBa.length); + sequence = sequence.concat(sBa); + + sequence.unshift(sequence.length); + sequence.unshift(0x30); // SEQUENCE + + return sequence; + } + + var shType = sigHashType || 1; + var hash = txhash || Crypto.util.hexToBytes(this.transactionHash(index, shType)); + + if (hash) { + var curve = EllipticCurve.getSECCurveByName("secp256k1"); + var key = coinjs.wif2privkey(wif); + var priv = BigInteger.fromByteArrayUnsigned(Crypto.util.hexToBytes(key['privkey'])); + var n = curve.getN(); + var e = BigInteger.fromByteArrayUnsigned(hash); + var badrs = 0 + do { + var k = this.deterministicK(wif, hash, badrs); + var G = curve.getG(); + var Q = G.multiply(k); + var r = Q.getX().toBigInteger().mod(n); + var s = k.modInverse(n).multiply(e.add(priv.multiply(r))).mod(n); + badrs++ + } while (r.compareTo(BigInteger.ZERO) <= 0 || s.compareTo(BigInteger.ZERO) <= 0); + + // Force lower s values per BIP62 + var halfn = n.shiftRight(1); + if (s.compareTo(halfn) > 0) { + s = n.subtract(s); + }; + + var sig = serializeSig(r, s); + sig.push(parseInt(shType, 10)); + + return Crypto.util.bytesToHex(sig); + } else { + return false; + } + } + + // https://tools.ietf.org/html/rfc6979#section-3.2 + r.deterministicK = function (wif, hash, badrs) { + // if r or s were invalid when this function was used in signing, + // we do not want to actually compute r, s here for efficiency, so, + // we can increment badrs. explained at end of RFC 6979 section 3.2 + + // wif is b58check encoded wif privkey. + // hash is byte array of transaction digest. + // badrs is used only if the k resulted in bad r or s. + + // some necessary things out of the way for clarity. + badrs = badrs || 0; + var key = coinjs.wif2privkey(wif); + var x = Crypto.util.hexToBytes(key['privkey']) + var curve = EllipticCurve.getSECCurveByName("secp256k1"); + var N = curve.getN(); + + // Step: a + // hash is a byteArray of the message digest. so h1 == hash in our case + + // Step: b + var v = [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]; + + // Step: c + var k = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; + + // Step: d + k = Crypto.HMAC(Crypto.SHA256, v.concat([0]).concat(x).concat(hash), k, { + asBytes: true + }); + + // Step: e + v = Crypto.HMAC(Crypto.SHA256, v, k, { + asBytes: true + }); + + // Step: f + k = Crypto.HMAC(Crypto.SHA256, v.concat([1]).concat(x).concat(hash), k, { + asBytes: true + }); + + // Step: g + v = Crypto.HMAC(Crypto.SHA256, v, k, { + asBytes: true + }); + + // Step: h1 + var T = []; + + // Step: h2 (since we know tlen = qlen, just copy v to T.) + v = Crypto.HMAC(Crypto.SHA256, v, k, { + asBytes: true + }); + T = v; + + // Step: h3 + var KBigInt = BigInteger.fromByteArrayUnsigned(T); + + // loop if KBigInt is not in the range of [1, N-1] or if badrs needs incrementing. + var i = 0 + while (KBigInt.compareTo(N) >= 0 || KBigInt.compareTo(BigInteger.ZERO) <= 0 || i < badrs) { + k = Crypto.HMAC(Crypto.SHA256, v.concat([0]), k, { + asBytes: true + }); + v = Crypto.HMAC(Crypto.SHA256, v, k, { + asBytes: true + }); + v = Crypto.HMAC(Crypto.SHA256, v, k, { + asBytes: true + }); + T = v; + KBigInt = BigInteger.fromByteArrayUnsigned(T); + i++ + }; + + return KBigInt; + }; + + /* sign a "standard" input */ + r.signinput = function (index, wif, sigHashType) { + var key = coinjs.wif2pubkey(wif); + var shType = sigHashType || 1; + var signature = this.transactionSig(index, wif, shType); + var s = coinjs.script(); + s.writeBytes(Crypto.util.hexToBytes(signature)); + s.writeBytes(Crypto.util.hexToBytes(key['pubkey'])); + this.ins[index].script = s; + return true; + } + + /* signs a time locked / hodl input */ + r.signhodl = function (index, wif, sigHashType) { + var shType = sigHashType || 1; + var signature = this.transactionSig(index, wif, shType); + var redeemScript = this.ins[index].script.buffer + var s = coinjs.script(); + s.writeBytes(Crypto.util.hexToBytes(signature)); + s.writeBytes(redeemScript); + this.ins[index].script = s; + return true; + } + + r.signmultisig_bech32 = function (index, wif, sigHashType) { + + function scriptListPubkey(redeemScript) { + var r = {}; + for (var i = 1; i < redeemScript.chunks.length - 2; i++) { + r[i] = Crypto.util.hexToBytes(coinjs.pubkeydecompress(Crypto.util.bytesToHex(redeemScript.chunks[i]))); + } + return r; + } + + function scriptListSigs(sigList) { + let r = {}; + var c = 0; + if (Array.isArray(sigList)) { + for (let i = 1; i < sigList.length - 1; i++) { + c++; + r[c] = Crypto.util.hexToBytes(sigList[i]); + } + } + return r; + } + + var redeemScript = Crypto.util.bytesToHex(this.ins[index].script.chunks[0]); //redeemScript + + if (!coinjs.isArray(this.witness)) { + this.witness = new Array(this.ins.length); + this.witness.fill([]); + } + + var pubkeyList = scriptListPubkey(coinjs.script(redeemScript)); + var sigsList = scriptListSigs(this.witness[index]); + let decode_rs = coinjs.script().decodeRedeemScriptBech32(redeemScript); + + var shType = sigHashType || 1; + var txhash = this.transactionHashSegWitV0(index, shType); + + if (txhash.result == 1 && decode_rs.pubkeys.includes(coinjs.wif2pubkey(wif)['pubkey'])) { + + var segwitHash = Crypto.util.hexToBytes(txhash.hash); + var signature = Crypto.util.hexToBytes(this.transactionSig(index, wif, shType, segwitHash)); //CHECK THIS + + sigsList[coinjs.countObject(sigsList) + 1] = signature; + + var w = []; + + for (let x in pubkeyList) { + for (let y in sigsList) { + var sighash = this.transactionHashSegWitV0(index, sigsList[y].slice(-1)[0] * 1).hash + sighash = Crypto.util.hexToBytes(sighash); + if (coinjs.verifySignature(sighash, sigsList[y], pubkeyList[x])) { + w.push((Crypto.util.bytesToHex(sigsList[y]))) + } + } + } + + // when enough signatures collected, remove any non standard data we store, i.e. input value + if (w.length >= decode_rs.signaturesRequired) { + this.ins[index].script = coinjs.script(); + } + w.unshift(0); + w.push(redeemScript); + this.witness[index] = w; + } + } + + /* sign a multisig input */ + r.signmultisig = function (index, wif, sigHashType) { + + function scriptListPubkey(redeemScript) { + var r = {}; + for (var i = 1; i < redeemScript.chunks.length - 2; i++) { + r[i] = Crypto.util.hexToBytes(coinjs.pubkeydecompress(Crypto.util.bytesToHex(redeemScript.chunks[i]))); + } + return r; + } + + function scriptListSigs(scriptSig) { + var r = {}; + var c = 0; + if (scriptSig.chunks[0] == 0 && scriptSig.chunks[scriptSig.chunks.length - 1][scriptSig.chunks[scriptSig.chunks.length - 1].length - 1] == 174) { + for (var i = 1; i < scriptSig.chunks.length - 1; i++) { + if (scriptSig.chunks[i] != 0) { + c++; + r[c] = scriptSig.chunks[i]; + } + } + } + return r; + } + + var redeemScript = (this.ins[index].script.chunks[this.ins[index].script.chunks.length - 1] == 174) ? this.ins[index].script.buffer : this.ins[index].script.chunks[this.ins[index].script.chunks.length - 1]; + + var pubkeyList = scriptListPubkey(coinjs.script(redeemScript)); + var sigsList = scriptListSigs(this.ins[index].script); + + var shType = sigHashType || 1; + var sighash = Crypto.util.hexToBytes(this.transactionHash(index, shType)); + var signature = Crypto.util.hexToBytes(this.transactionSig(index, wif, shType)); + + sigsList[coinjs.countObject(sigsList) + 1] = signature; + + var s = coinjs.script(); + + s.writeOp(0); + + for (let x in pubkeyList) { + for (let y in sigsList) { + this.ins[index].script.buffer = redeemScript; + sighash = Crypto.util.hexToBytes(this.transactionHash(index, sigsList[y].slice(-1)[0] * 1)); + if (coinjs.verifySignature(sighash, sigsList[y], pubkeyList[x])) { + s.writeBytes(sigsList[y]); + } + } + } + + s.writeBytes(redeemScript); + this.ins[index].script = s; + return true; + } + + /* sign segwit input */ + r.signsegwit = function (index, wif, sigHashType) { + var shType = sigHashType || 1; + + var wif2 = coinjs.wif2pubkey(wif); + var segwit = coinjs.segwitAddress(wif2['pubkey']); + var bech32 = coinjs.bech32Address(wif2['pubkey']); + + if ((segwit['redeemscript'] == Crypto.util.bytesToHex(this.ins[index].script.chunks[0])) || (bech32['redeemscript'] == Crypto.util.bytesToHex(this.ins[index].script.chunks[0]))) { + var txhash = this.transactionHashSegWitV0(index, shType); + + if (txhash.result == 1) { + + var segwitHash = Crypto.util.hexToBytes(txhash.hash); + var signature = this.transactionSig(index, wif, shType, segwitHash); + + // remove any non standard data we store, i.e. input value + var script = coinjs.script(); + script.writeBytes(this.ins[index].script.chunks[0]); + this.ins[index].script = script; + + if (!coinjs.isArray(this.witness)) { + this.witness = new Array(this.ins.length); + this.witness.fill([]); + } + + this.witness[index] = ([signature, wif2['pubkey']]); + + // bech32, empty redeemscript + if (bech32['redeemscript'] == Crypto.util.bytesToHex(this.ins[index].script.chunks[0])) { + this.ins[index].script = coinjs.script(); + } + + /* attempt to reorder witness data as best as we can. + data can't be easily validated at this stage as + we dont have access to the inputs value and + making a web call will be too slow. */ + + /* + var witness_order = []; + var witness_used = []; + for (var i = 0; i < this.ins.length; i++) { + for (var y = 0; y < this.witness.length; y++) { + if (!witness_used.includes(y)) { + var sw = coinjs.segwitAddress(this.witness[y][1]); + var b32 = coinjs.bech32Address(this.witness[y][1]); + var rs = ''; + + if (this.ins[i].script.chunks.length >= 1) { + rs = Crypto.util.bytesToHex(this.ins[i].script.chunks[0]); + } else if (this.ins[i].script.chunks.length == 0) { + rs = b32['redeemscript']; + } + + if ((sw['redeemscript'] == rs) || (b32['redeemscript'] == rs)) { + witness_order.push(this.witness[y]); + witness_used.push(y); + + // bech32, empty redeemscript + if (b32['redeemscript'] == rs) { + this.ins[index].script = coinjs.script(); + } + break; + } + } + } + } + + this.witness = witness_order; + */ + } + } + return true; + } + + /* sign inputs */ + r.sign = function (wif, sigHashType) { + var shType = sigHashType || 1; + for (var i = 0; i < this.ins.length; i++) { + var d = this.extractScriptKey(i); + + var w2a = coinjs.wif2address(wif); + var script = coinjs.script(); + var pubkeyHash = script.pubkeyHash(w2a['address']); + + if (((d['type'] == 'scriptpubkey' && d['script'] == Crypto.util.bytesToHex(pubkeyHash.buffer)) || d['type'] == 'empty') && d['signed'] == "false") { + this.signinput(i, wif, shType); + + } else if (d['type'] == 'hodl' && d['signed'] == "false") { + this.signhodl(i, wif, shType); + + } else if (d['type'] == 'multisig') { + this.signmultisig(i, wif, shType); + + } else if (d['type'] == 'multisig_bech32' && d['signed'] == "false") { + this.signmultisig_bech32(i, wif, shType); + + } else if (d['type'] == 'segwit') { + this.signsegwit(i, wif, shType); + + } else { + // could not sign + } + } + return this.serialize(); + } + + /* serialize a transaction */ + r.serialize = function () { + var buffer = []; + buffer = buffer.concat(coinjs.numToBytes(parseInt(this.version), 4)); + + if (coinjs.isArray(this.witness)) { + buffer = buffer.concat([0x00, 0x01]); + } + + buffer = buffer.concat(coinjs.numToVarInt(this.ins.length)); + for (var i = 0; i < this.ins.length; i++) { + var txin = this.ins[i]; + buffer = buffer.concat(Crypto.util.hexToBytes(txin.outpoint.hash).reverse()); + buffer = buffer.concat(coinjs.numToBytes(parseInt(txin.outpoint.index), 4)); + var scriptBytes = txin.script.buffer; + buffer = buffer.concat(coinjs.numToVarInt(scriptBytes.length)); + buffer = buffer.concat(scriptBytes); + buffer = buffer.concat(coinjs.numToBytes(parseInt(txin.sequence), 4)); + } + buffer = buffer.concat(coinjs.numToVarInt(this.outs.length)); + + for (var i = 0; i < this.outs.length; i++) { + var txout = this.outs[i]; + buffer = buffer.concat(coinjs.numToBytes(txout.value, 8)); + var scriptBytes = txout.script.buffer; + buffer = buffer.concat(coinjs.numToVarInt(scriptBytes.length)); + buffer = buffer.concat(scriptBytes); + } + + if ((coinjs.isArray(this.witness)) && this.witness.length >= 1) { + for (var i = 0; i < this.witness.length; i++) { + buffer = buffer.concat(coinjs.numToVarInt(this.witness[i].length)); + for (var x = 0; x < this.witness[i].length; x++) { + buffer = buffer.concat(coinjs.numToVarInt(Crypto.util.hexToBytes(this.witness[i][x]).length)); + buffer = buffer.concat(Crypto.util.hexToBytes(this.witness[i][x])); + } + } + } + + buffer = buffer.concat(coinjs.numToBytes(parseInt(this.lock_time), 4)); + return Crypto.util.bytesToHex(buffer); + } + + //Utility funtion added to directly compute signatures without transaction index + r.transactionSigNoIndex = function (wif, sigHashType, txhash) { + + function serializeSig(r, s) { + var rBa = r.toByteArraySigned(); + var sBa = s.toByteArraySigned(); + + var sequence = []; + sequence.push(0x02); // INTEGER + sequence.push(rBa.length); + sequence = sequence.concat(rBa); + + sequence.push(0x02); // INTEGER + sequence.push(sBa.length); + sequence = sequence.concat(sBa); + + sequence.unshift(sequence.length); + sequence.unshift(0x30); // SEQUENCE + + return sequence; + } + + var shType = sigHashType || 1; + var hash = Crypto.util.hexToBytes(txhash); + + if (hash) { + var curve = EllipticCurve.getSECCurveByName("secp256k1"); + var key = coinjs.wif2privkey(wif); + var priv = BigInteger.fromByteArrayUnsigned(Crypto.util.hexToBytes(key['privkey'])); + var n = curve.getN(); + var e = BigInteger.fromByteArrayUnsigned(hash); + + var badrs = 0 + do { + var k = this.deterministicK(wif, hash, badrs); + var G = curve.getG(); + var Q = G.multiply(k); + var r = Q.getX().toBigInteger().mod(n); + var s = k.modInverse(n).multiply(e.add(priv.multiply(r))).mod(n); + badrs++ + } while (r.compareTo(BigInteger.ZERO) <= 0 || s.compareTo(BigInteger.ZERO) <= 0); + + // Force lower s values per BIP62 + var halfn = n.shiftRight(1); + if (s.compareTo(halfn) > 0) { + s = n.subtract(s); + }; + + var sig = serializeSig(r, s); + sig.push(parseInt(shType, 10)); + + return Crypto.util.bytesToHex(sig); + } else { + return false; + } + } + + /* deserialize a transaction */ + r.deserialize = function (buffer) { + if (typeof buffer == "string") { + buffer = Crypto.util.hexToBytes(buffer) + } + + var pos = 0; + var witness = false; + + var readAsInt = function (bytes) { + if (bytes == 0) return 0; + pos++; + return buffer[pos - 1] + readAsInt(bytes - 1) * 256; + } + + var readVarInt = function () { + pos++; + if (buffer[pos - 1] < 253) { + return buffer[pos - 1]; + } + return readAsInt(buffer[pos - 1] - 251); + } + + var readBytes = function (bytes) { + pos += bytes; + return buffer.slice(pos - bytes, pos); + } + + var readVarString = function () { + var size = readVarInt(); + return readBytes(size); + } + + var obj = new coinjs.transaction(); + obj.version = readAsInt(4); + + if (buffer[pos] == 0x00 && buffer[pos + 1] == 0x01) { + // segwit transaction + witness = true; + obj.witness = []; + pos += 2; + } + + var ins = readVarInt(); + for (var i = 0; i < ins; i++) { + obj.ins.push({ + outpoint: { + hash: Crypto.util.bytesToHex(readBytes(32).reverse()), + index: readAsInt(4) + }, + script: coinjs.script(readVarString()), + sequence: readAsInt(4) + }); + } + + var outs = readVarInt(); + for (var i = 0; i < outs; i++) { + obj.outs.push({ + value: coinjs.bytesToNum(readBytes(8)), + script: coinjs.script(readVarString()) + }); + } + + if (witness == true) { + for (i = 0; i < ins; ++i) { + var count = readVarInt(); + var vector = []; + if (!coinjs.isArray(obj.witness[i])) { + obj.witness[i] = []; + } + for (var y = 0; y < count; y++) { + var slice = readVarInt(); + pos += slice; + obj.witness[i].push(Crypto.util.bytesToHex(buffer.slice(pos - slice, pos))); + } + } + } + + obj.lock_time = readAsInt(4); + return obj; + } + + r.size = function () { + return ((this.serialize()).length / 2).toFixed(0); + } + + return r; + } + + /* start of signature vertification functions */ + + coinjs.verifySignature = function (hash, sig, pubkey) { + + function parseSig(sig) { + var cursor; + if (sig[0] != 0x30) + throw new Error("Signature not a valid DERSequence"); + + cursor = 2; + if (sig[cursor] != 0x02) + throw new Error("First element in signature must be a DERInteger");; + + var rBa = sig.slice(cursor + 2, cursor + 2 + sig[cursor + 1]); + + cursor += 2 + sig[cursor + 1]; + if (sig[cursor] != 0x02) + throw new Error("Second element in signature must be a DERInteger"); + + var sBa = sig.slice(cursor + 2, cursor + 2 + sig[cursor + 1]); + + cursor += 2 + sig[cursor + 1]; + + var r = BigInteger.fromByteArrayUnsigned(rBa); + var s = BigInteger.fromByteArrayUnsigned(sBa); + + return { + r: r, + s: s + }; + } + + var r, s; + + if (coinjs.isArray(sig)) { + var obj = parseSig(sig); + r = obj.r; + s = obj.s; + } else if ("object" === typeof sig && sig.r && sig.s) { + r = sig.r; + s = sig.s; + } else { + throw "Invalid value for signature"; + } + + var Q; + if (coinjs.isArray(pubkey)) { + var ecparams = EllipticCurve.getSECCurveByName("secp256k1"); + Q = EllipticCurve.PointFp.decodeFrom(ecparams.getCurve(), pubkey); + } else { + throw "Invalid format for pubkey value, must be byte array"; + } + var e = BigInteger.fromByteArrayUnsigned(hash); + + return coinjs.verifySignatureRaw(e, r, s, Q); + } + + coinjs.verifySignatureRaw = function (e, r, s, Q) { + var ecparams = EllipticCurve.getSECCurveByName("secp256k1"); + var n = ecparams.getN(); + var G = ecparams.getG(); + + if (r.compareTo(BigInteger.ONE) < 0 || r.compareTo(n) >= 0) + return false; + + if (s.compareTo(BigInteger.ONE) < 0 || s.compareTo(n) >= 0) + return false; + + var c = s.modInverse(n); + + var u1 = e.multiply(c).mod(n); + var u2 = r.multiply(c).mod(n); + + var point = G.multiply(u1).add(Q.multiply(u2)); + + var v = point.getX().toBigInteger().mod(n); + + return v.equals(r); + } + + /* start of privates functions */ + + /* base58 encode function */ + coinjs.base58encode = function (buffer) { + var alphabet = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"; + var base = BigInteger.valueOf(58); + + var bi = BigInteger.fromByteArrayUnsigned(buffer); + var chars = []; + + while (bi.compareTo(base) >= 0) { + var mod = bi.mod(base); + chars.unshift(alphabet[mod.intValue()]); + bi = bi.subtract(mod).divide(base); + } + + chars.unshift(alphabet[bi.intValue()]); + for (var i = 0; i < buffer.length; i++) { + if (buffer[i] == 0x00) { + chars.unshift(alphabet[0]); + } else break; + } + return chars.join(''); + } + + /* base58 decode function */ + coinjs.base58decode = function (buffer) { + var alphabet = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"; + var base = BigInteger.valueOf(58); + var validRegex = /^[1-9A-HJ-NP-Za-km-z]+$/; + + var bi = BigInteger.valueOf(0); + var leadingZerosNum = 0; + for (var i = buffer.length - 1; i >= 0; i--) { + var alphaIndex = alphabet.indexOf(buffer[i]); + if (alphaIndex < 0) { + throw "Invalid character"; + } + bi = bi.add(BigInteger.valueOf(alphaIndex).multiply(base.pow(buffer.length - 1 - i))); + + if (buffer[i] == "1") leadingZerosNum++; + else leadingZerosNum = 0; + } + + var bytes = bi.toByteArrayUnsigned(); + while (leadingZerosNum-- > 0) bytes.unshift(0); + return bytes; + } + + /* raw ajax function to avoid needing bigger frame works like jquery, mootools etc */ + coinjs.ajax = function (u, f, m, a) { + var x = false; + try { + x = new ActiveXObject('Msxml2.XMLHTTP') + } catch (e) { + try { + x = new ActiveXObject('Microsoft.XMLHTTP') + } catch (e) { + x = new XMLHttpRequest() + } + } + + if (x == false) { + return false; + } + + x.open(m, u, true); + x.onreadystatechange = function () { + if ((x.readyState == 4) && f) + f(x.responseText); + }; + + if (m == 'POST') { + x.setRequestHeader('Content-type', 'application/x-www-form-urlencoded'); + } + + x.send(a); + } + + /* clone an object */ + coinjs.clone = function (obj) { + if (obj == null || typeof (obj) != 'object') return obj; + var temp = new obj.constructor(); + + for (var key in obj) { + if (obj.hasOwnProperty(key)) { + temp[key] = coinjs.clone(obj[key]); + } + } + return temp; + } + + coinjs.numToBytes = function (num, bytes) { + if (typeof bytes === "undefined") bytes = 8; + if (bytes == 0) { + return []; + } else if (num == -1) { + return Crypto.util.hexToBytes("ffffffffffffffff"); + } else { + return [num % 256].concat(coinjs.numToBytes(Math.floor(num / 256), bytes - 1)); + } + } + + function scriptNumSize(i) { + return i > 0x7fffffff ? 5 : + i > 0x7fffff ? 4 : + i > 0x7fff ? 3 : + i > 0x7f ? 2 : + i > 0x00 ? 1 : + 0; + } + + coinjs.numToScriptNumBytes = function (_number) { + var value = Math.abs(_number); + var size = scriptNumSize(value); + var result = []; + for (var i = 0; i < size; ++i) { + result.push(0); + } + var negative = _number < 0; + for (i = 0; i < size; ++i) { + result[i] = value & 0xff; + value = Math.floor(value / 256); + } + if (negative) { + result[size - 1] |= 0x80; + } + return result; + } + + coinjs.numToVarInt = function (num) { + if (num < 253) { + return [num]; + } else if (num < 65536) { + return [253].concat(coinjs.numToBytes(num, 2)); + } else if (num < 4294967296) { + return [254].concat(coinjs.numToBytes(num, 4)); + } else { + return [255].concat(coinjs.numToBytes(num, 8)); + } + } + + coinjs.bytesToNum = function (bytes) { + if (bytes.length == 0) return 0; + else return bytes[0] + 256 * coinjs.bytesToNum(bytes.slice(1)); + } + + coinjs.uint = function (f, size) { + if (f.length < size) + throw new Error("not enough data"); + var n = 0; + for (var i = 0; i < size; i++) { + n *= 256; + n += f[i]; + } + return n; + } + + coinjs.isArray = function (o) { + return Object.prototype.toString.call(o) === '[object Array]'; + } + + coinjs.countObject = function (obj) { + var count = 0; + var i; + for (i in obj) { + if (obj.hasOwnProperty(i)) { + count++; + } + } + return count; + } + + //Nine utility functions added for generating transaction hashes and verification of signatures + coinjs.changeEndianness = (string) => { + const result = []; + let len = string.length - 2; + while (len >= 0) { + result.push(string.substr(len, 2)); + len -= 2; + } + return result.join(''); + } + + coinjs.getTransactionHash = function (transaction_in_hex, changeOutputEndianess) { + var x1, x2, x3, x4, x5; + x1 = Crypto.util.hexToBytes(transaction_in_hex); + x2 = Crypto.SHA256(x1); + x3 = Crypto.util.hexToBytes(x2); + x4 = Crypto.SHA256(x3); + x5 = coinjs.changeEndianness(x4); + if (changeOutputEndianess == true) { x5 = x5 } else if ((typeof changeOutputEndianess == 'undefined') || (changeOutputEndianess == false)) { x5 = x4 }; + return x5; + } + + coinjs.compressedToUncompressed = function (compressed) { + var t1, t2; + var curve = EllipticCurve.getSECCurveByName("secp256k1"); + t1 = curve.curve.decodePointHex(compressed); + t2 = curve.curve.encodePointHex(t1); + return t2; + } + + coinjs.uncompressedToCompressed = function (uncompressed) { + var t1, t2, t3; + t1 = uncompressed.charAt(uncompressed.length - 1) + t2 = parseInt(t1, 10); + //Check if the last digit is odd + if (t2 % 2 == 1) { t3 = "03"; } else { t3 = "02" }; + return t3 + uncompressed.substr(2, 64); + } + + coinjs.verifySignatureHex = function (hashHex, sigHex, pubHexCompressed) { + var h1, s1, p1, p2; + h1 = Crypto.util.hexToBytes(hashHex); + s1 = Crypto.util.hexToBytes(sigHex); + p1 = coinjs.compressedToUncompressed(pubHexCompressed); + p2 = Crypto.util.hexToBytes(p1); + + return coinjs.verifySignature(h1, s1, p2); + } + + coinjs.generateBitcoinSignature = function (private_key, hash, sighash_type_int = 1) { + var wif, tx1; + if (private_key.length < 60) { wif = private_key } else { wif = coinjs.privkey2wif(private_key) }; + tx1 = coinjs.transaction(); + return tx1.transactionSigNoIndex(wif, sighash_type_int, hash); + } + + coinjs.dSHA256 = function (data) { + var t1, t2, t3; + t1 = Crypto.SHA256(Crypto.util.hexToBytes(data)); + t2 = Crypto.util.hexToBytes(t1); + t3 = Crypto.SHA256(t2); + return t3; + } + + coinjs.fromBitcoinAmountFormat = function (data) { + var x1, x2, x3; + x1 = coinjs.changeEndianness(data); + x2 = parseInt(x1, 16); + x3 = x2 / (10 ** 8); + return x3; + } + + coinjs.toBitcoinAmountFormat = function (countBitcoin) { + var t2, t3, t4, t5; + t2 = countBitcoin * 10 ** 8; + t3 = t2.toString(16); + t4 = coinjs.changeEndianness(t3); + t5 = t4.padEnd(16, "0"); + return t5; + } + + coinjs.scriptcodeCreatorBasic = function (scriptpubkey) { + var t1, t2, t3, t4; + if (scriptpubkey.substr(0, 4) == "0014") { + //Scriptpubkey case + t1 = scriptpubkey.slice(2); + t2 = "1976a9" + t1 + "88ac"; + } else { + //Redeemscript case + t3 = (scriptpubkey.length) / 2; + t4 = t3.toString(16); + t2 = t4 + scriptpubkey; + } + return t2; + } + + coinjs.ripemd160sha256 = function (data) { + var t1, t2; + + t1 = ripemd160(Crypto.SHA256(Crypto.util.hexToBytes(data), { asBytes: true }), { asBytes: true }); + t2 = Crypto.util.bytesToHex(t1) + return t2; + } + + coinjs.random = function (length) { + var r = ""; + var l = length || 25; + var chars = "!$%^&*()_+{}:@~?><|\./;'#][=-abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"; + for (let x = 0; x < l; x++) { + r += chars.charAt(Math.floor(Math.random() * 62)); + } + return r; + } + + })(); + })(typeof global !== "undefined" ? global : window); \ No newline at end of file