bitauth/lib/bitauth-common.js at b2053a8f871d94d9d25ff99b8952387230f8f3ba · bitpay/bitauth · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
'use strict';

var crypto = require('crypto');
var bs58 = require('bs58');
var BitAuth = {};

BitAuth.PREFIX = new Buffer('0f02', 'hex');

/**
 * Will return a key pair and identity
 *
 * @returns {Object} An object with keys: created, priv, pub and sin
 */
BitAuth.generateSin = function() {
  var pair = BitAuth._generateRandomPair();
  var sin = BitAuth.getSinFromPublicKey(pair[1]);
  var sinObj = {
    created: Math.round(Date.now() / 1000),
    priv: pair[0],
    pub: pair[1],
    sin: sin
  };
  return sinObj;
};

/**
 * Will return a public key from a private key
 *
 * @param {String} A private key in hex
 * @returns {String} A compressed public key in hex
 */
BitAuth.getPublicKeyFromPrivateKey = function(privkey) {
  var pub = BitAuth._getPublicKeyFromPrivateKey(privkey);
  var hexPubKey = pub.toString('hex');
  return hexPubKey;
};

/**
 * Will return a SIN from a compressed public key
 *
 * @param {String} A public key in hex
 * @returns {String} A SIN identity
 */
BitAuth.getSinFromPublicKey = function(pubkey) {
  var pubkeyBuffer;
  if (!Buffer.isBuffer(pubkey)) {
    pubkeyBuffer = new Buffer(pubkey, 'hex');
  } else {
    pubkeyBuffer = pubkey;
  }

  // sha256 hash the pubkey
  var pubHash = crypto.createHash('sha256').update(pubkeyBuffer).digest();

  // get the ripemd160 hash of the pubkey
  var pubRipe = crypto.createHash('rmd160').update(pubHash).digest();

  // add the version
  var pubPrefixed = Buffer.concat([BitAuth.PREFIX, pubRipe]);

  // two rounds of hashing to generate the checksum
  var hash1 = crypto.createHash('sha256').update(pubPrefixed).digest();
  var checksumTotal = crypto.createHash('sha256').update(hash1).digest();

  // slice the hash to arrive at the checksum
  var checksum = checksumTotal.slice(0, 4);

  // add the checksum to the ripemd160 pubkey
  var pubWithChecksum = Buffer.concat([pubPrefixed, checksum]);

  // encode into base58
  var sin = bs58.encode(pubWithChecksum);

  return sin;

};

/**
 * Will sign a string of data with a private key
 *
 * @param {String} data - A string of data to be signed
 * @param {String} privkey - A private key in hex
 * @returns {String} signature - A DER signature in hex
 */
BitAuth.sign = function(data, privkey) {
  var dataBuffer;
  if (!Buffer.isBuffer(data)) {
    dataBuffer = new Buffer(data, 'utf8');
  } else {
    dataBuffer = data;
  }
  var hashBuffer = crypto.createHash('sha256').update(dataBuffer).digest();
  var hexsignature = BitAuth._sign(hashBuffer, privkey);
  return hexsignature;
};

/**
 * Will verify a signature
 *
 * @param {String} data - A string of data that has been signed
 * @param {String} pubkey - The compressed public key in hex that has signed the data
 * @param {String} hexsignature - A DER signature in hex
 * @returns {Function|Boolean} - If the signature is valid
 */
BitAuth.verifySignature = function(data, pubkey, hexsignature, callback) {
  var dataBuffer;

  if (!Buffer.isBuffer(data)) {
    dataBuffer = new Buffer(data, 'utf8');
  } else {
    dataBuffer = data;
  }

  var hashBuffer = crypto.createHash('sha256').update(dataBuffer).digest();
  var signatureBuffer;

  if (!Buffer.isBuffer(hexsignature)) {
    signatureBuffer = new Buffer(hexsignature, 'hex');
  } else {
    signatureBuffer = hexsignature;
  }
  var valid = BitAuth._verifySignature(hashBuffer, signatureBuffer, pubkey);

  if (callback) {
    return callback(null, valid);
  }
  return valid;
};

/**
 * Will verify that a SIN is valid
 *
 * @param {String} sin - A SIN identity
 * @returns {Function|Boolean} - If the SIN identity is valid
 */
BitAuth.validateSin = function(sin, callback) {

  var pubWithChecksum;

  // check for non-base58 characters
  try {
    pubWithChecksum = new Buffer(bs58.decode(sin), 'hex').toString('hex');
  } catch (err) {
    if (callback) {
      return callback(err);
    }
    return false;
  }

  // check the version
  if (pubWithChecksum.slice(0, 4) !== '0f02') {
    if (callback) {
      return callback(new Error('Invalid prefix or SIN version'));
    }
    return false;
  }

  // get the checksum
  var checksum = pubWithChecksum.slice(
    pubWithChecksum.length - 8,
    pubWithChecksum.length
  );
  var pubPrefixed = pubWithChecksum.slice(0, pubWithChecksum.length - 8);

  // two rounds of hashing to generate the checksum
  var hash1 = crypto.createHash('sha256').update(new Buffer(pubPrefixed, 'hex')).digest();
  var checksumTotal = crypto.createHash('sha256').update(hash1).digest('hex');

  // check the checksum
  if (checksumTotal.slice(0, 8) === checksum) {
    if (callback) {
      return callback(null);
    }
    return true;
  } else {
    if (callback) {
      return callback(new Error('Checksum does not match'));
    }
    return false;
  }

};

module.exports = BitAuth;