Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support signing and verifying messages signed with a segwit address. #874

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Support signing and verifying messages signed with a segwit address. #874

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a3fa058
Support signing and verifying messages signed with a segwit address.
sanderkruger Apr 7, 2021
275217b
Add testcase for ScriptHashAddress and checks for allowed address for…
sanderkruger Apr 8, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 15 additions & 3 deletions src/MessageSigner/MessageSigner.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

namespace BitWasp\Bitcoin\MessageSigner;

use BitWasp\Bitcoin\Address\PayToPubKeyHashAddress;
use BitWasp\Bitcoin\Address\Address;
use BitWasp\Bitcoin\Bitcoin;
use BitWasp\Bitcoin\Crypto\EcAdapter\Adapter\EcAdapterInterface;
use BitWasp\Bitcoin\Crypto\EcAdapter\Key\PrivateKeyInterface;
Expand All @@ -14,6 +14,9 @@
use BitWasp\Buffertools\Buffer;
use BitWasp\Buffertools\BufferInterface;
use BitWasp\Buffertools\Buffertools;
use BitWasp\Bitcoin\Address\SegwitAddress;
use BitWasp\Bitcoin\Address\PayToPubKeyHashAddress;
use BitWasp\Bitcoin\Exceptions\SignerException;

class MessageSigner
{
Expand Down Expand Up @@ -60,12 +63,21 @@ public function calculateMessageHash(NetworkInterface $network, string $message)

/**
* @param SignedMessage $signedMessage
* @param PayToPubKeyHashAddress $address
* @param Address $address
* @param NetworkInterface|null $network
* @return bool
* @throws SignerException
*/
public function verify(SignedMessage $signedMessage, PayToPubKeyHashAddress $address, NetworkInterface $network = null): bool
public function verify(SignedMessage $signedMessage, Address $address, NetworkInterface $network = null): bool
Copy link
Member

@afk11 afk11 Apr 8, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To my knowledge P2SH, V1 segwit addresses, V0 segwit script-hash addresses shouldn't be accepted, so this would need a check that the address type is P2PKH or P2WPKH (V0 segwit && hash->getSize() == 20)

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To be honest, I'm a bit new to this. I just noticed that the test wallet I use (Embit Wallet) allows signing of segwit addresses (P2WPKH with a tb1 prefix), tried my changes to this project and saw that it worked. Apparently, both use the same signature algorithm.
I'll look into the verification.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I looked into this a bit further. If I figured it out correctly, BIP322 says that messages can only be signed with bech32 segwit addresses of v0 (besides legacy P2PKH). To check this in the verify method, I'm going to verify that the address is either a PayToPubKeyHashAddress object, or, if it is a SegwitAddress, that the witness program version equals 0.
Wrapped segwit addresses are represented as ScriptHashAddress, so they will fall out too.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tried to create a test case for a v1+ address, but it looks like the AddressCreator doesn't handle bech32m, at least no v1 address I could find on-line is recognized. So for now, the MessageSigner will only sign P2PKH or Segwit v0.

{
if ($address instanceof SegwitAddress) {
$version = $address->getWitnessProgram()->getVersion();
if ($version > 0) {
throw new SignerException('Wrong segwit address version');
}
} elseif (!$address instanceof PayToPubKeyHashAddress) {
throw new SignerException('Wrong address format');
}
$network = $network ?: Bitcoin::getNetwork();
$hash = $this->calculateMessageHash($network, $signedMessage->getMessage());

Expand Down
70 changes: 69 additions & 1 deletion tests/SignedMessage/SignedMessageTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,21 @@ public function sampleMessage()
];
}

public function sampleSegwitMessage()
{
return
[
'hi',
'tb1q9p35ug38k0tvuj542452f3275t3uc3py5pwt82',
'-----BEGIN BITCOIN SIGNED MESSAGE-----
hi
-----BEGIN SIGNATURE-----
H6KhveLOgDCpIt13HbUxGtEGgtgVInY/bDiW9UR8TF36KgO1TZOnZ66pR1vyTS+ylvuoiwdaIGT/c3aminfCa/8=
-----END BITCOIN SIGNED MESSAGE-----',
NetworkFactory::bitcoinTestnet()
];
}

/**
* @dataProvider getEcAdapters
* @param EcAdapterInterface $ecAdapter
Expand All @@ -48,7 +63,7 @@ public function testParsesMessage(EcAdapterInterface $ecAdapter)
EcSerializer::getSerializer(CompactSignatureSerializerInterface::class, true, $ecAdapter)
);

$signed = $serializer->parse($content);
$signed = $serializer->parse(str_replace("\r\n", "\n", $content));
$signer = new MessageSigner($ecAdapter);

$this->assertSame($message, $signed->getMessage());
Expand Down Expand Up @@ -143,4 +158,57 @@ public function testLitecoinFixture()
$result = $signer->verify($signedMessage, $address, $network);
$this->assertTrue($result);
}

/**
* @dataProvider getEcAdapters
* @param EcAdapterInterface $ecAdapter
*/
public function testParsesSegwitMessage(EcAdapterInterface $ecAdapter)
{
list ($message, $addressString, $content, $network) = $this->sampleSegwitMessage();

$addrCreator = new AddressCreator();
/** @var SegwitAddress $address */
$address = $addrCreator->fromString($addressString, $network);
$serializer = new SignedMessageSerializer(
EcSerializer::getSerializer(CompactSignatureSerializerInterface::class, true, $ecAdapter)
);

$signed = $serializer->parse(str_replace("\r\n", "\n", $content));
$signer = new MessageSigner($ecAdapter);

$this->assertSame($message, $signed->getMessage());
$this->assertSame('73560454392673031410410110112528757574906118603913228462684770364360586190330', gmp_strval($signed->getCompactSignature()->getR(), 10));
$this->assertSame('19003691489245959228844184723526227573581591575474947180245750135893235231743', gmp_strval($signed->getCompactSignature()->getS(), 10));
$this->assertEquals(0, $signed->getCompactSignature()->getRecoveryId());
$this->assertSame(true, $signed->getCompactSignature()->isCompressed());
$this->assertTrue($signer->verify($signed, $address));
$this->assertSame($content, $signed->getBuffer()->getBinary());
}

/**
* @dataProvider getEcAdapters
* @param EcAdapterInterface $ecAdapter
*/
public function testParsesScriptHashMessage(EcAdapterInterface $ecAdapter)
{
$this->expectException(\BitWasp\Bitcoin\Exceptions\SignerException::class);
$this->expectExceptionMessage('Wrong address format');
$sample = $this->sampleMessage();
$content = $sample[2];
$network = $sample[3];
$addressString = '2MzQwSSnBHWHqSAqtTVQ6v47XtaisrJa1Vc';

$addrCreator = new AddressCreator();
/** @var ScriptHashAddress $address */
$address = $addrCreator->fromString($addressString, $network);
$serializer = new SignedMessageSerializer(
EcSerializer::getSerializer(CompactSignatureSerializerInterface::class, true, $ecAdapter)
);

$signed = $serializer->parse(str_replace("\r\n", "\n", $content));
$signer = new MessageSigner($ecAdapter);

$signer->verify($signed, $address);
}
}