recover keys.

2016-02-18 02:22:06 -08:00 · 2016-02-18 02:22:06 -08:00 · a6b1e8bdb0
commit a6b1e8bdb0
parent e68bab4ab3
1 changed files with 49 additions and 15 deletions
--- a/lib/bcoin/script.js
+++ b/lib/bcoin/script.js
@ -1740,6 +1740,23 @@ script.getOuputMN = function getOuputMN(s) {
  return { m: 1, n: 1 };
 };

+script.recoverKey = function recoverKey(sig, msg) {
+  var key;
+
+  try {
+    key = bcoin.ecdsa.recoverPubKey(msg, sig.slice(0, -1), 0);
+  } catch (e) {
+    return;
+  }
+
+  return bcoin.ecdsa.keyPair({ pub: key }).getPublic(true, 'array');
+};
+
+script.guessKey = function guessKey(sig, prev, tx, i) {
+  var msg = tx.signatureHash(i, prev, sig[sig.length - 1]);
+  return script.recoverKey(sig, msg);
+};
+
 script.isPubkey = function isPubkey(s, key) {
  var res;

@ -1894,7 +1911,7 @@ script.getInputType = function getInputType(s, prev) {
    || null;
 };

-script.isPubkeyInput = function isPubkeyInput(s, key, tx, i) {
+script.isPubkeyInput = function isPubkeyInput(s, key, tx, index) {
  if (s.length !== 1)
    return false;

@ -1906,11 +1923,17 @@ script.isPubkeyInput = function isPubkeyInput(s, key, tx, i) {
  // This will only work if the script verifies.
  if (key) {
    assert(tx);
-    assert(i != null);
-    if (!script.verify(s, [key, 'checksig'], tx, i))
+    assert(index != null);
+    if (!script.verify(s, [key, 'checksig'], tx, index))
      return false;
  }

+  // if (key) {
+  //   var recovered;
+  //   recovered = script.guessKey(s[0], [key, 'checksig'], tx, index);
+  //   return utils.isEqual(key, recovered || []);
+  // }
+
  return true;
 };

@ -1932,8 +1955,8 @@ script.isPubkeyhashInput = function isPubkeyhashInput(s, key) {
  return true;
 };

-script.isMultisigInput = function isMultisigInput(s, keys, tx, i) {
-  var i, o;
+script.isMultisigInput = function isMultisigInput(s, keys, tx, index) {
+  var i, prev;

  // We need to rule out scripthash because
  // it may look like multisig. This is
@ -1959,20 +1982,31 @@ script.isMultisigInput = function isMultisigInput(s, keys, tx, i) {
  if (keys) {
    assert(keys.length >= 2);
    assert(tx);
-    assert(i != null);
-    o = script.createMultisig(keys, s.length - 1, keys.length);
-    if (!script.verify(s, o, tx, i))
+    assert(index != null);
+    prev = script.createMultisig(keys, s.length - 1, keys.length);
+    if (!script.verify(s, prev, tx, index))
      return false;
  }

  // We also also try to recover the keys from the signatures.
-  // var recovered = [];
-  // for (i = 1; i < s.length; i++) {
-  //   var sig = s[i];
-  //   var prev = script.createMultisig(keys, s.length - 1, keys.length);
-  //   var msg = tx.signatureHash(i, prev, s[s.length - 1]);
-  //   var key = bcoin.ecdsa.recoverPubKey(msg, sig.slice(0, -1), 0).toArray();
-  //   recovered.push(key);
+  // if (keys) {
+  //   var prev, recovered, j, total;
+  //   recovered = [];
+  //   total = 0;
+  //   for (i = 1; i < s.length; i++) {
+  //     prev = script.createMultisig(keys, s.length - 1, keys.length);
+  //     recovered.push(script.guessKey(s[i], prev, tx, index) || []);
+  //   }
+  //   for (i = 0; i < recovered.length; i++) {
+  //     for (j = 0; j < keys.length; j++) {
+  //       if (utils.isEqual(recovered[i], keys[j])) {
+  //         total++;
+  //         break;
+  //       }
+  //     }
+  //   }
+  //   if (total !== s.length - 1)
+  //     return false;
  // }

  return true;