From 7bd1bc200ddacb91de9f63a4c3ec4e8aac6e74b0 Mon Sep 17 00:00:00 2001 From: Milad Mostavi Date: Wed, 17 Aug 2016 12:43:47 +0300 Subject: [PATCH 1/4] Updated buffer and browserify --- dist/lightwallet.js | 120938 +++++++++++++++++++------------------ dist/lightwallet.min.js | 42 - package.json | 9 +- 3 files changed, 60846 insertions(+), 60143 deletions(-) diff --git a/dist/lightwallet.js b/dist/lightwallet.js index 7d349657..c789cf75 100644 --- a/dist/lightwallet.js +++ b/dist/lightwallet.js @@ -192,7 +192,7 @@ module.exports = { }; }).call(this,require("buffer").Buffer) -},{"buffer":94,"ethereumjs-util":377,"tweetnacl":429}],3:[function(require,module,exports){ +},{"buffer":158,"ethereumjs-util":247,"tweetnacl":332}],3:[function(require,module,exports){ (function (Buffer){ var CryptoJS = require('crypto-js'); var Transaction = require('ethereumjs-tx'); @@ -775,7 +775,7 @@ KeyStore.prototype.signTransaction = function (txParams, callback) { module.exports = KeyStore; }).call(this,require("buffer").Buffer) -},{"./encryption":2,"./signing":4,"bitcore-lib":7,"bitcore-mnemonic":80,"buffer":94,"crypto-js":325,"elliptic":351,"ethereumjs-tx":374,"scrypt-async":428,"tweetnacl":429}],4:[function(require,module,exports){ +},{"./encryption":2,"./signing":4,"bitcore-lib":25,"bitcore-mnemonic":98,"buffer":158,"crypto-js":193,"elliptic":230,"ethereumjs-tx":246,"scrypt-async":298,"tweetnacl":332}],4:[function(require,module,exports){ (function (Buffer){ var Transaction = require("ethereumjs-tx") var util = require("ethereumjs-util") @@ -861,7 +861,7 @@ var concatSig = function (signature) { module.exports.concatSig = concatSig; }).call(this,require("buffer").Buffer) -},{"buffer":94,"ethereumjs-tx":374,"ethereumjs-util":377}],5:[function(require,module,exports){ +},{"buffer":158,"ethereumjs-tx":246,"ethereumjs-util":247}],5:[function(require,module,exports){ (function (Buffer){ var Transaction = require('ethereumjs-tx'); var coder = require('web3/lib/solidity/coder'); @@ -971,7 +971,7 @@ module.exports = { }; }).call(this,require("buffer").Buffer) -},{"buffer":94,"crypto-js":325,"ethereumjs-tx":374,"rlp":427,"web3/lib/solidity/coder":433}],6:[function(require,module,exports){ +},{"buffer":158,"crypto-js":193,"ethereumjs-tx":246,"rlp":297,"web3/lib/solidity/coder":344}],6:[function(require,module,exports){ var CryptoJS = require('crypto-js'); var keystore = require('./keystore'); @@ -1025,51175 +1025,46630 @@ var upgradeOldSerialized = function (oldSerialized, password, callback) { module.exports.upgradeOldSerialized = upgradeOldSerialized; -},{"./keystore":3,"bitcore-lib":7,"bitcore-mnemonic":80,"crypto-js":325,"elliptic":351,"ethereumjs-tx":374,"scrypt-async":428,"tweetnacl":429}],7:[function(require,module,exports){ -(function (global,Buffer){ -'use strict'; +},{"./keystore":3,"bitcore-lib":25,"bitcore-mnemonic":98,"crypto-js":193,"elliptic":230,"ethereumjs-tx":246,"scrypt-async":298,"tweetnacl":332}],7:[function(require,module,exports){ +var asn1 = exports; -var bitcore = module.exports; +asn1.bignum = require('bn.js'); -// module information -bitcore.version = 'v' + require('./package.json').version; -bitcore.versionGuard = function(version) { - if (version !== undefined) { - var message = 'More than one instance of bitcore-lib found. ' + - 'Please make sure to require bitcore-lib and check that submodules do' + - ' not also include their own bitcore-lib dependency.'; - throw new Error(message); - } -}; -bitcore.versionGuard(global._bitcore); -global._bitcore = bitcore.version; +asn1.define = require('./asn1/api').define; +asn1.base = require('./asn1/base'); +asn1.constants = require('./asn1/constants'); +asn1.decoders = require('./asn1/decoders'); +asn1.encoders = require('./asn1/encoders'); -// crypto -bitcore.crypto = {}; -bitcore.crypto.BN = require('./lib/crypto/bn'); -bitcore.crypto.ECDSA = require('./lib/crypto/ecdsa'); -bitcore.crypto.Hash = require('./lib/crypto/hash'); -bitcore.crypto.Random = require('./lib/crypto/random'); -bitcore.crypto.Point = require('./lib/crypto/point'); -bitcore.crypto.Signature = require('./lib/crypto/signature'); +},{"./asn1/api":8,"./asn1/base":10,"./asn1/constants":14,"./asn1/decoders":16,"./asn1/encoders":19,"bn.js":21}],8:[function(require,module,exports){ +var asn1 = require('../asn1'); +var inherits = require('inherits'); -// encoding -bitcore.encoding = {}; -bitcore.encoding.Base58 = require('./lib/encoding/base58'); -bitcore.encoding.Base58Check = require('./lib/encoding/base58check'); -bitcore.encoding.BufferReader = require('./lib/encoding/bufferreader'); -bitcore.encoding.BufferWriter = require('./lib/encoding/bufferwriter'); -bitcore.encoding.Varint = require('./lib/encoding/varint'); +var api = exports; -// utilities -bitcore.util = {}; -bitcore.util.buffer = require('./lib/util/buffer'); -bitcore.util.js = require('./lib/util/js'); -bitcore.util.preconditions = require('./lib/util/preconditions'); +api.define = function define(name, body) { + return new Entity(name, body); +}; -// errors thrown by the library -bitcore.errors = require('./lib/errors'); +function Entity(name, body) { + this.name = name; + this.body = body; -// main bitcoin library -bitcore.Address = require('./lib/address'); -bitcore.Block = require('./lib/block'); -bitcore.MerkleBlock = require('./lib/block/merkleblock'); -bitcore.BlockHeader = require('./lib/block/blockheader'); -bitcore.HDPrivateKey = require('./lib/hdprivatekey.js'); -bitcore.HDPublicKey = require('./lib/hdpublickey.js'); -bitcore.Networks = require('./lib/networks'); -bitcore.Opcode = require('./lib/opcode'); -bitcore.PrivateKey = require('./lib/privatekey'); -bitcore.PublicKey = require('./lib/publickey'); -bitcore.Script = require('./lib/script'); -bitcore.Transaction = require('./lib/transaction'); -bitcore.URI = require('./lib/uri'); -bitcore.Unit = require('./lib/unit'); + this.decoders = {}; + this.encoders = {}; +}; -// dependencies, subject to change -bitcore.deps = {}; -bitcore.deps.bnjs = require('bn.js'); -bitcore.deps.bs58 = require('bs58'); -bitcore.deps.Buffer = Buffer; -bitcore.deps.elliptic = require('elliptic'); -bitcore.deps._ = require('lodash'); +Entity.prototype._createNamed = function createNamed(base) { + var named; + try { + named = require('vm').runInThisContext( + '(function ' + this.name + '(entity) {\n' + + ' this._initNamed(entity);\n' + + '})' + ); + } catch (e) { + named = function (entity) { + this._initNamed(entity); + }; + } + inherits(named, base); + named.prototype._initNamed = function initnamed(entity) { + base.call(this, entity); + }; -// Internal usage, exposed for testing/advanced tweaking -bitcore._HDKeyCache = require('./lib/hdkeycache'); -bitcore.Transaction.sighash = require('./lib/transaction/sighash'); + return new named(this); +}; -}).call(this,typeof global !== "undefined" ? global : typeof self !== "undefined" ? self : typeof window !== "undefined" ? window : {},require("buffer").Buffer) -},{"./lib/address":8,"./lib/block":11,"./lib/block/blockheader":10,"./lib/block/merkleblock":12,"./lib/crypto/bn":13,"./lib/crypto/ecdsa":14,"./lib/crypto/hash":15,"./lib/crypto/point":16,"./lib/crypto/random":17,"./lib/crypto/signature":18,"./lib/encoding/base58":19,"./lib/encoding/base58check":20,"./lib/encoding/bufferreader":21,"./lib/encoding/bufferwriter":22,"./lib/encoding/varint":23,"./lib/errors":24,"./lib/hdkeycache":26,"./lib/hdprivatekey.js":27,"./lib/hdpublickey.js":28,"./lib/networks":29,"./lib/opcode":30,"./lib/privatekey":31,"./lib/publickey":32,"./lib/script":33,"./lib/transaction":36,"./lib/transaction/sighash":44,"./lib/unit":48,"./lib/uri":49,"./lib/util/buffer":50,"./lib/util/js":51,"./lib/util/preconditions":52,"./package.json":79,"bn.js":53,"bs58":54,"buffer":94,"elliptic":56,"lodash":78}],8:[function(require,module,exports){ -(function (Buffer){ -'use strict'; +Entity.prototype._getDecoder = function _getDecoder(enc) { + enc = enc || 'der'; + // Lazily create decoder + if (!this.decoders.hasOwnProperty(enc)) + this.decoders[enc] = this._createNamed(asn1.decoders[enc]); + return this.decoders[enc]; +}; -var _ = require('lodash'); -var $ = require('./util/preconditions'); -var errors = require('./errors'); -var Base58Check = require('./encoding/base58check'); -var Networks = require('./networks'); -var Hash = require('./crypto/hash'); -var JSUtil = require('./util/js'); -var PublicKey = require('./publickey'); +Entity.prototype.decode = function decode(data, enc, options) { + return this._getDecoder(enc).decode(data, options); +}; -/** - * Instantiate an address from an address String or Buffer, a public key or script hash Buffer, - * or an instance of {@link PublicKey} or {@link Script}. - * - * This is an immutable class, and if the first parameter provided to this constructor is an - * `Address` instance, the same argument will be returned. - * - * An address has two key properties: `network` and `type`. The type is either - * `Address.PayToPublicKeyHash` (value is the `'pubkeyhash'` string) - * or `Address.PayToScriptHash` (the string `'scripthash'`). The network is an instance of {@link Network}. - * You can quickly check whether an address is of a given kind by using the methods - * `isPayToPublicKeyHash` and `isPayToScriptHash` - * - * @example - * ```javascript - * // validate that an input field is valid - * var error = Address.getValidationError(input, 'testnet'); - * if (!error) { - * var address = Address(input, 'testnet'); - * } else { - * // invalid network or checksum (typo?) - * var message = error.messsage; - * } - * - * // get an address from a public key - * var address = Address(publicKey, 'testnet').toString(); - * ``` - * - * @param {*} data - The encoded data in various formats - * @param {Network|String|number=} network - The network: 'livenet' or 'testnet' - * @param {string=} type - The type of address: 'script' or 'pubkey' - * @returns {Address} A new valid and frozen instance of an Address - * @constructor - */ -function Address(data, network, type) { - /* jshint maxcomplexity: 12 */ - /* jshint maxstatements: 20 */ +Entity.prototype._getEncoder = function _getEncoder(enc) { + enc = enc || 'der'; + // Lazily create encoder + if (!this.encoders.hasOwnProperty(enc)) + this.encoders[enc] = this._createNamed(asn1.encoders[enc]); + return this.encoders[enc]; +}; - if (!(this instanceof Address)) { - return new Address(data, network, type); - } +Entity.prototype.encode = function encode(data, enc, /* internal */ reporter) { + return this._getEncoder(enc).encode(data, reporter); +}; - if (_.isArray(data) && _.isNumber(network)) { - return Address.createMultisig(data, network, type); - } +},{"../asn1":7,"inherits":259,"vm":340}],9:[function(require,module,exports){ +var inherits = require('inherits'); +var Reporter = require('../base').Reporter; +var Buffer = require('buffer').Buffer; - if (data instanceof Address) { - // Immutable instance - return data; +function DecoderBuffer(base, options) { + Reporter.call(this, options); + if (!Buffer.isBuffer(base)) { + this.error('Input not Buffer'); + return; } - $.checkArgument(data, 'First argument is required, please include address data.', 'guide/address.html'); + this.base = base; + this.offset = 0; + this.length = base.length; +} +inherits(DecoderBuffer, Reporter); +exports.DecoderBuffer = DecoderBuffer; - if (network && !Networks.get(network)) { - throw new TypeError('Second argument must be "livenet" or "testnet".'); - } +DecoderBuffer.prototype.save = function save() { + return { offset: this.offset, reporter: Reporter.prototype.save.call(this) }; +}; - if (type && (type !== Address.PayToPublicKeyHash && type !== Address.PayToScriptHash)) { - throw new TypeError('Third argument must be "pubkeyhash" or "scripthash".'); - } +DecoderBuffer.prototype.restore = function restore(save) { + // Return skipped data + var res = new DecoderBuffer(this.base); + res.offset = save.offset; + res.length = this.offset; - var info = this._classifyArguments(data, network, type); + this.offset = save.offset; + Reporter.prototype.restore.call(this, save.reporter); - // set defaults if not set - info.network = info.network || Networks.get(network) || Networks.defaultNetwork; - info.type = info.type || type || Address.PayToPublicKeyHash; + return res; +}; - JSUtil.defineImmutable(this, { - hashBuffer: info.hashBuffer, - network: info.network, - type: info.type - }); +DecoderBuffer.prototype.isEmpty = function isEmpty() { + return this.offset === this.length; +}; - return this; +DecoderBuffer.prototype.readUInt8 = function readUInt8(fail) { + if (this.offset + 1 <= this.length) + return this.base.readUInt8(this.offset++, true); + else + return this.error(fail || 'DecoderBuffer overrun'); } -/** - * Internal function used to split different kinds of arguments of the constructor - * @param {*} data - The encoded data in various formats - * @param {Network|String|number=} network - The network: 'livenet' or 'testnet' - * @param {string=} type - The type of address: 'script' or 'pubkey' - * @returns {Object} An "info" object with "type", "network", and "hashBuffer" - */ -Address.prototype._classifyArguments = function(data, network, type) { - /* jshint maxcomplexity: 10 */ - // transform and validate input data - if ((data instanceof Buffer || data instanceof Uint8Array) && data.length === 20) { - return Address._transformHash(data); - } else if ((data instanceof Buffer || data instanceof Uint8Array) && data.length === 21) { - return Address._transformBuffer(data, network, type); - } else if (data instanceof PublicKey) { - return Address._transformPublicKey(data); - } else if (data instanceof Script) { - return Address._transformScript(data, network); - } else if (typeof(data) === 'string') { - return Address._transformString(data, network, type); - } else if (_.isObject(data)) { - return Address._transformObject(data); +DecoderBuffer.prototype.skip = function skip(bytes, fail) { + if (!(this.offset + bytes <= this.length)) + return this.error(fail || 'DecoderBuffer overrun'); + + var res = new DecoderBuffer(this.base); + + // Share reporter state + res._reporterState = this._reporterState; + + res.offset = this.offset; + res.length = this.offset + bytes; + this.offset += bytes; + return res; +} + +DecoderBuffer.prototype.raw = function raw(save) { + return this.base.slice(save ? save.offset : this.offset, this.length); +} + +function EncoderBuffer(value, reporter) { + if (Array.isArray(value)) { + this.length = 0; + this.value = value.map(function(item) { + if (!(item instanceof EncoderBuffer)) + item = new EncoderBuffer(item, reporter); + this.length += item.length; + return item; + }, this); + } else if (typeof value === 'number') { + if (!(0 <= value && value <= 0xff)) + return reporter.error('non-byte EncoderBuffer value'); + this.value = value; + this.length = 1; + } else if (typeof value === 'string') { + this.value = value; + this.length = Buffer.byteLength(value); + } else if (Buffer.isBuffer(value)) { + this.value = value; + this.length = value.length; } else { - throw new TypeError('First argument is an unrecognized data format.'); + return reporter.error('Unsupported type: ' + typeof value); } -}; +} +exports.EncoderBuffer = EncoderBuffer; -/** @static */ -Address.PayToPublicKeyHash = 'pubkeyhash'; -/** @static */ -Address.PayToScriptHash = 'scripthash'; +EncoderBuffer.prototype.join = function join(out, offset) { + if (!out) + out = new Buffer(this.length); + if (!offset) + offset = 0; -/** - * @param {Buffer} hash - An instance of a hash Buffer - * @returns {Object} An object with keys: hashBuffer - * @private - */ -Address._transformHash = function(hash) { - var info = {}; - if (!(hash instanceof Buffer) && !(hash instanceof Uint8Array)) { - throw new TypeError('Address supplied is not a buffer.'); - } - if (hash.length !== 20) { - throw new TypeError('Address hashbuffers must be exactly 20 bytes.'); + if (this.length === 0) + return out; + + if (Array.isArray(this.value)) { + this.value.forEach(function(item) { + item.join(out, offset); + offset += item.length; + }); + } else { + if (typeof this.value === 'number') + out[offset] = this.value; + else if (typeof this.value === 'string') + out.write(this.value, offset); + else if (Buffer.isBuffer(this.value)) + this.value.copy(out, offset); + offset += this.length; } - info.hashBuffer = hash; - return info; -}; -/** - * Deserializes an address serialized through `Address#toObject()` - * @param {Object} data - * @param {string} data.hash - the hash that this address encodes - * @param {string} data.type - either 'pubkeyhash' or 'scripthash' - * @param {Network=} data.network - the name of the network associated - * @return {Address} - */ -Address._transformObject = function(data) { - $.checkArgument(data.hash || data.hashBuffer, 'Must provide a `hash` or `hashBuffer` property'); - $.checkArgument(data.type, 'Must provide a `type` property'); - return { - hashBuffer: data.hash ? new Buffer(data.hash, 'hex') : data.hashBuffer, - network: Networks.get(data.network) || Networks.defaultNetwork, - type: data.type - }; + return out; }; -/** - * Internal function to discover the network and type based on the first data byte - * - * @param {Buffer} buffer - An instance of a hex encoded address Buffer - * @returns {Object} An object with keys: network and type - * @private - */ -Address._classifyFromVersion = function(buffer) { - var version = {}; +},{"../base":10,"buffer":158,"inherits":259}],10:[function(require,module,exports){ +var base = exports; - var pubkeyhashNetwork = Networks.get(buffer[0], 'pubkeyhash'); - var scripthashNetwork = Networks.get(buffer[0], 'scripthash'); +base.Reporter = require('./reporter').Reporter; +base.DecoderBuffer = require('./buffer').DecoderBuffer; +base.EncoderBuffer = require('./buffer').EncoderBuffer; +base.Node = require('./node'); - if (pubkeyhashNetwork) { - version.network = pubkeyhashNetwork; - version.type = Address.PayToPublicKeyHash; - } else if (scripthashNetwork) { - version.network = scripthashNetwork; - version.type = Address.PayToScriptHash; - } +},{"./buffer":9,"./node":11,"./reporter":12}],11:[function(require,module,exports){ +var Reporter = require('../base').Reporter; +var EncoderBuffer = require('../base').EncoderBuffer; +var DecoderBuffer = require('../base').DecoderBuffer; +var assert = require('minimalistic-assert'); - return version; -}; +// Supported tags +var tags = [ + 'seq', 'seqof', 'set', 'setof', 'objid', 'bool', + 'gentime', 'utctime', 'null_', 'enum', 'int', + 'bitstr', 'bmpstr', 'charstr', 'genstr', 'graphstr', 'ia5str', 'iso646str', + 'numstr', 'octstr', 'printstr', 't61str', 'unistr', 'utf8str', 'videostr' +]; -/** - * Internal function to transform a bitcoin address buffer - * - * @param {Buffer} buffer - An instance of a hex encoded address Buffer - * @param {string=} network - The network: 'livenet' or 'testnet' - * @param {string=} type - The type: 'pubkeyhash' or 'scripthash' - * @returns {Object} An object with keys: hashBuffer, network and type - * @private - */ -Address._transformBuffer = function(buffer, network, type) { - /* jshint maxcomplexity: 9 */ - var info = {}; - if (!(buffer instanceof Buffer) && !(buffer instanceof Uint8Array)) { - throw new TypeError('Address supplied is not a buffer.'); - } - if (buffer.length !== 1 + 20) { - throw new TypeError('Address buffers must be exactly 21 bytes.'); - } +// Public methods list +var methods = [ + 'key', 'obj', 'use', 'optional', 'explicit', 'implicit', 'def', 'choice', + 'any', 'contains' +].concat(tags); - network = Networks.get(network); - var bufferVersion = Address._classifyFromVersion(buffer); +// Overrided methods list +var overrided = [ + '_peekTag', '_decodeTag', '_use', + '_decodeStr', '_decodeObjid', '_decodeTime', + '_decodeNull', '_decodeInt', '_decodeBool', '_decodeList', - if (!bufferVersion.network || (network && network !== bufferVersion.network)) { - throw new TypeError('Address has mismatched network type.'); - } + '_encodeComposite', '_encodeStr', '_encodeObjid', '_encodeTime', + '_encodeNull', '_encodeInt', '_encodeBool' +]; - if (!bufferVersion.type || (type && type !== bufferVersion.type)) { - throw new TypeError('Address has mismatched type.'); - } +function Node(enc, parent) { + var state = {}; + this._baseState = state; - info.hashBuffer = buffer.slice(1); - info.network = bufferVersion.network; - info.type = bufferVersion.type; - return info; -}; + state.enc = enc; -/** - * Internal function to transform a {@link PublicKey} - * - * @param {PublicKey} pubkey - An instance of PublicKey - * @returns {Object} An object with keys: hashBuffer, type - * @private - */ -Address._transformPublicKey = function(pubkey) { - var info = {}; - if (!(pubkey instanceof PublicKey)) { - throw new TypeError('Address must be an instance of PublicKey.'); + state.parent = parent || null; + state.children = null; + + // State + state.tag = null; + state.args = null; + state.reverseArgs = null; + state.choice = null; + state.optional = false; + state.any = false; + state.obj = false; + state.use = null; + state.useDecoder = null; + state.key = null; + state['default'] = null; + state.explicit = null; + state.implicit = null; + state.contains = null; + + // Should create new instance on each method + if (!state.parent) { + state.children = []; + this._wrap(); } - info.hashBuffer = Hash.sha256ripemd160(pubkey.toBuffer()); - info.type = Address.PayToPublicKeyHash; - return info; +} +module.exports = Node; + +var stateProps = [ + 'enc', 'parent', 'children', 'tag', 'args', 'reverseArgs', 'choice', + 'optional', 'any', 'obj', 'use', 'alteredUse', 'key', 'default', 'explicit', + 'implicit', 'contains' +]; + +Node.prototype.clone = function clone() { + var state = this._baseState; + var cstate = {}; + stateProps.forEach(function(prop) { + cstate[prop] = state[prop]; + }); + var res = new this.constructor(cstate.parent); + res._baseState = cstate; + return res; }; -/** - * Internal function to transform a {@link Script} into a `info` object. - * - * @param {Script} script - An instance of Script - * @returns {Object} An object with keys: hashBuffer, type - * @private - */ -Address._transformScript = function(script, network) { - $.checkArgument(script instanceof Script, 'script must be a Script instance'); - var info = script.getAddressInfo(network); - if (!info) { - throw new errors.Script.CantDeriveAddress(script); - } - return info; +Node.prototype._wrap = function wrap() { + var state = this._baseState; + methods.forEach(function(method) { + this[method] = function _wrappedMethod() { + var clone = new this.constructor(this); + state.children.push(clone); + return clone[method].apply(clone, arguments); + }; + }, this); }; -/** - * Creates a P2SH address from a set of public keys and a threshold. - * - * The addresses will be sorted lexicographically, as that is the trend in bitcoin. - * To create an address from unsorted public keys, use the {@link Script#buildMultisigOut} - * interface. - * - * @param {Array} publicKeys - a set of public keys to create an address - * @param {number} threshold - the number of signatures needed to release the funds - * @param {String|Network} network - either a Network instance, 'livenet', or 'testnet' - * @return {Address} - */ -Address.createMultisig = function(publicKeys, threshold, network) { - network = network || publicKeys[0].network || Networks.defaultNetwork; - return Address.payingTo(Script.buildMultisigOut(publicKeys, threshold), network); +Node.prototype._init = function init(body) { + var state = this._baseState; + + assert(state.parent === null); + body.call(this); + + // Filter children + state.children = state.children.filter(function(child) { + return child._baseState.parent === this; + }, this); + assert.equal(state.children.length, 1, 'Root node can have only one child'); }; -/** - * Internal function to transform a bitcoin address string - * - * @param {string} data - * @param {String|Network=} network - either a Network instance, 'livenet', or 'testnet' - * @param {string=} type - The type: 'pubkeyhash' or 'scripthash' - * @returns {Object} An object with keys: hashBuffer, network and type - * @private - */ -Address._transformString = function(data, network, type) { - if (typeof(data) !== 'string') { - throw new TypeError('data parameter supplied is not a string.'); +Node.prototype._useArgs = function useArgs(args) { + var state = this._baseState; + + // Filter children and args + var children = args.filter(function(arg) { + return arg instanceof this.constructor; + }, this); + args = args.filter(function(arg) { + return !(arg instanceof this.constructor); + }, this); + + if (children.length !== 0) { + assert(state.children === null); + state.children = children; + + // Replace parent to maintain backward link + children.forEach(function(child) { + child._baseState.parent = this; + }, this); } - data = data.trim(); - var addressBuffer = Base58Check.decode(data); - var info = Address._transformBuffer(addressBuffer, network, type); - return info; -}; + if (args.length !== 0) { + assert(state.args === null); + state.args = args; + state.reverseArgs = args.map(function(arg) { + if (typeof arg !== 'object' || arg.constructor !== Object) + return arg; -/** - * Instantiate an address from a PublicKey instance - * - * @param {PublicKey} data - * @param {String|Network} network - either a Network instance, 'livenet', or 'testnet' - * @returns {Address} A new valid and frozen instance of an Address - */ -Address.fromPublicKey = function(data, network) { - var info = Address._transformPublicKey(data); - network = network || Networks.defaultNetwork; - return new Address(info.hashBuffer, network, info.type); + var res = {}; + Object.keys(arg).forEach(function(key) { + if (key == (key | 0)) + key |= 0; + var value = arg[key]; + res[value] = key; + }); + return res; + }); + } }; -/** - * Instantiate an address from a ripemd160 public key hash - * - * @param {Buffer} hash - An instance of buffer of the hash - * @param {String|Network} network - either a Network instance, 'livenet', or 'testnet' - * @returns {Address} A new valid and frozen instance of an Address - */ -Address.fromPublicKeyHash = function(hash, network) { - var info = Address._transformHash(hash); - return new Address(info.hashBuffer, network, Address.PayToPublicKeyHash); -}; +// +// Overrided methods +// -/** - * Instantiate an address from a ripemd160 script hash - * - * @param {Buffer} hash - An instance of buffer of the hash - * @param {String|Network} network - either a Network instance, 'livenet', or 'testnet' - * @returns {Address} A new valid and frozen instance of an Address - */ -Address.fromScriptHash = function(hash, network) { - $.checkArgument(hash, 'hash parameter is required'); - var info = Address._transformHash(hash); - return new Address(info.hashBuffer, network, Address.PayToScriptHash); -}; +overrided.forEach(function(method) { + Node.prototype[method] = function _overrided() { + var state = this._baseState; + throw new Error(method + ' not implemented for encoding: ' + state.enc); + }; +}); -/** - * Builds a p2sh address paying to script. This will hash the script and - * use that to create the address. - * If you want to extract an address associated with a script instead, - * see {{Address#fromScript}} - * - * @param {Script} script - An instance of Script - * @param {String|Network} network - either a Network instance, 'livenet', or 'testnet' - * @returns {Address} A new valid and frozen instance of an Address - */ -Address.payingTo = function(script, network) { - $.checkArgument(script, 'script is required'); - $.checkArgument(script instanceof Script, 'script must be instance of Script'); +// +// Public methods +// - return Address.fromScriptHash(Hash.sha256ripemd160(script.toBuffer()), network); -}; +tags.forEach(function(tag) { + Node.prototype[tag] = function _tagMethod() { + var state = this._baseState; + var args = Array.prototype.slice.call(arguments); -/** - * Extract address from a Script. The script must be of one - * of the following types: p2pkh input, p2pkh output, p2sh input - * or p2sh output. - * This will analyze the script and extract address information from it. - * If you want to transform any script to a p2sh Address paying - * to that script's hash instead, use {{Address#payingTo}} - * - * @param {Script} script - An instance of Script - * @param {String|Network} network - either a Network instance, 'livenet', or 'testnet' - * @returns {Address} A new valid and frozen instance of an Address - */ -Address.fromScript = function(script, network) { - $.checkArgument(script instanceof Script, 'script must be a Script instance'); - var info = Address._transformScript(script, network); - return new Address(info.hashBuffer, network, info.type); -}; + assert(state.tag === null); + state.tag = tag; -/** - * Instantiate an address from a buffer of the address - * - * @param {Buffer} buffer - An instance of buffer of the address - * @param {String|Network=} network - either a Network instance, 'livenet', or 'testnet' - * @param {string=} type - The type of address: 'script' or 'pubkey' - * @returns {Address} A new valid and frozen instance of an Address - */ -Address.fromBuffer = function(buffer, network, type) { - var info = Address._transformBuffer(buffer, network, type); - return new Address(info.hashBuffer, info.network, info.type); -}; + this._useArgs(args); -/** - * Instantiate an address from an address string - * - * @param {string} str - An string of the bitcoin address - * @param {String|Network=} network - either a Network instance, 'livenet', or 'testnet' - * @param {string=} type - The type of address: 'script' or 'pubkey' - * @returns {Address} A new valid and frozen instance of an Address - */ -Address.fromString = function(str, network, type) { - var info = Address._transformString(str, network, type); - return new Address(info.hashBuffer, info.network, info.type); -}; + return this; + }; +}); -/** - * Instantiate an address from an Object - * - * @param {string} json - An JSON string or Object with keys: hash, network and type - * @returns {Address} A new valid instance of an Address - */ -Address.fromObject = function fromObject(obj) { - $.checkState( - JSUtil.isHexa(obj.hash), - 'Unexpected hash property, "' + obj.hash + '", expected to be hex.' - ); - var hashBuffer = new Buffer(obj.hash, 'hex'); - return new Address(hashBuffer, obj.network, obj.type); -}; +Node.prototype.use = function use(item) { + var state = this._baseState; -/** - * Will return a validation error if exists - * - * @example - * ```javascript - * // a network mismatch error - * var error = Address.getValidationError('15vkcKf7gB23wLAnZLmbVuMiiVDc1Nm4a2', 'testnet'); - * ``` - * - * @param {string} data - The encoded data - * @param {String|Network} network - either a Network instance, 'livenet', or 'testnet' - * @param {string} type - The type of address: 'script' or 'pubkey' - * @returns {null|Error} The corresponding error message - */ -Address.getValidationError = function(data, network, type) { - var error; - try { - /* jshint nonew: false */ - new Address(data, network, type); - } catch (e) { - error = e; - } - return error; -}; + assert(state.use === null); + state.use = item; -/** - * Will return a boolean if an address is valid - * - * @example - * ```javascript - * assert(Address.isValid('15vkcKf7gB23wLAnZLmbVuMiiVDc1Nm4a2', 'livenet')); - * ``` - * - * @param {string} data - The encoded data - * @param {String|Network} network - either a Network instance, 'livenet', or 'testnet' - * @param {string} type - The type of address: 'script' or 'pubkey' - * @returns {boolean} The corresponding error message - */ -Address.isValid = function(data, network, type) { - return !Address.getValidationError(data, network, type); + return this; }; -/** - * Returns true if an address is of pay to public key hash type - * @return boolean - */ -Address.prototype.isPayToPublicKeyHash = function() { - return this.type === Address.PayToPublicKeyHash; -}; +Node.prototype.optional = function optional() { + var state = this._baseState; -/** - * Returns true if an address is of pay to script hash type - * @return boolean - */ -Address.prototype.isPayToScriptHash = function() { - return this.type === Address.PayToScriptHash; -}; + state.optional = true; -/** - * Will return a buffer representation of the address - * - * @returns {Buffer} Bitcoin address buffer - */ -Address.prototype.toBuffer = function() { - var version = new Buffer([this.network[this.type]]); - var buf = Buffer.concat([version, this.hashBuffer]); - return buf; + return this; }; -/** - * @returns {Object} A plain object with the address information - */ -Address.prototype.toObject = Address.prototype.toJSON = function toObject() { - return { - hash: this.hashBuffer.toString('hex'), - type: this.type, - network: this.network.toString() - }; -}; +Node.prototype.def = function def(val) { + var state = this._baseState; -/** - * Will return a the string representation of the address - * - * @returns {string} Bitcoin address - */ -Address.prototype.toString = function() { - return Base58Check.encode(this.toBuffer()); -}; + assert(state['default'] === null); + state['default'] = val; + state.optional = true; -/** - * Will return a string formatted for the console - * - * @returns {string} Bitcoin address - */ -Address.prototype.inspect = function() { - return ''; + return this; }; -module.exports = Address; +Node.prototype.explicit = function explicit(num) { + var state = this._baseState; -var Script = require('./script'); + assert(state.explicit === null && state.implicit === null); + state.explicit = num; -}).call(this,require("buffer").Buffer) -},{"./crypto/hash":15,"./encoding/base58check":20,"./errors":24,"./networks":29,"./publickey":32,"./script":33,"./util/js":51,"./util/preconditions":52,"buffer":94,"lodash":78}],9:[function(require,module,exports){ -(function (Buffer){ -'use strict'; + return this; +}; -var _ = require('lodash'); -var BlockHeader = require('./blockheader'); -var BN = require('../crypto/bn'); -var BufferUtil = require('../util/buffer'); -var BufferReader = require('../encoding/bufferreader'); -var BufferWriter = require('../encoding/bufferwriter'); -var Hash = require('../crypto/hash'); -var Transaction = require('../transaction'); -var $ = require('../util/preconditions'); +Node.prototype.implicit = function implicit(num) { + var state = this._baseState; + + assert(state.explicit === null && state.implicit === null); + state.implicit = num; -/** - * Instantiate a Block from a Buffer, JSON object, or Object with - * the properties of the Block - * - * @param {*} - A Buffer, JSON string, or Object - * @returns {Block} - * @constructor - */ -function Block(arg) { - if (!(this instanceof Block)) { - return new Block(arg); - } - _.extend(this, Block._from(arg)); return this; -} +}; -// https://github.com/bitcoin/bitcoin/blob/b5fa132329f0377d787a4a21c1686609c2bfaece/src/primitives/block.h#L14 -Block.MAX_BLOCK_SIZE = 1000000; +Node.prototype.obj = function obj() { + var state = this._baseState; + var args = Array.prototype.slice.call(arguments); -/** - * @param {*} - A Buffer, JSON string or Object - * @returns {Object} - An object representing block data - * @throws {TypeError} - If the argument was not recognized - * @private - */ -Block._from = function _from(arg) { - var info = {}; - if (BufferUtil.isBuffer(arg)) { - info = Block._fromBufferReader(BufferReader(arg)); - } else if (_.isObject(arg)) { - info = Block._fromObject(arg); - } else { - throw new TypeError('Unrecognized argument for Block'); - } - return info; -}; + state.obj = true; -/** - * @param {Object} - A plain JavaScript object - * @returns {Object} - An object representing block data - * @private - */ -Block._fromObject = function _fromObject(data) { - var transactions = []; - data.transactions.forEach(function(tx) { - if (tx instanceof Transaction) { - transactions.push(tx); - } else { - transactions.push(Transaction().fromObject(tx)); - } - }); - var info = { - header: BlockHeader.fromObject(data.header), - transactions: transactions - }; - return info; -}; + if (args.length !== 0) + this._useArgs(args); -/** - * @param {Object} - A plain JavaScript object - * @returns {Block} - An instance of block - */ -Block.fromObject = function fromObject(obj) { - var info = Block._fromObject(obj); - return new Block(info); + return this; }; -/** - * @param {BufferReader} - Block data - * @returns {Object} - An object representing the block data - * @private - */ -Block._fromBufferReader = function _fromBufferReader(br) { - var info = {}; - $.checkState(!br.finished(), 'No block data received'); - info.header = BlockHeader.fromBufferReader(br); - var transactions = br.readVarintNum(); - info.transactions = []; - for (var i = 0; i < transactions; i++) { - info.transactions.push(Transaction().fromBufferReader(br)); - } - return info; -}; +Node.prototype.key = function key(newKey) { + var state = this._baseState; -/** - * @param {BufferReader} - A buffer reader of the block - * @returns {Block} - An instance of block - */ -Block.fromBufferReader = function fromBufferReader(br) { - $.checkArgument(br, 'br is required'); - var info = Block._fromBufferReader(br); - return new Block(info); -}; + assert(state.key === null); + state.key = newKey; -/** - * @param {Buffer} - A buffer of the block - * @returns {Block} - An instance of block - */ -Block.fromBuffer = function fromBuffer(buf) { - return Block.fromBufferReader(new BufferReader(buf)); + return this; }; -/** - * @param {string} - str - A hex encoded string of the block - * @returns {Block} - A hex encoded string of the block - */ -Block.fromString = function fromString(str) { - var buf = new Buffer(str, 'hex'); - return Block.fromBuffer(buf); -}; +Node.prototype.any = function any() { + var state = this._baseState; -/** - * @param {Binary} - Raw block binary data or buffer - * @returns {Block} - An instance of block - */ -Block.fromRawBlock = function fromRawBlock(data) { - if (!BufferUtil.isBuffer(data)) { - data = new Buffer(data, 'binary'); - } - var br = BufferReader(data); - br.pos = Block.Values.START_OF_BLOCK; - var info = Block._fromBufferReader(br); - return new Block(info); -}; + state.any = true; -/** - * @returns {Object} - A plain object with the block properties - */ -Block.prototype.toObject = Block.prototype.toJSON = function toObject() { - var transactions = []; - this.transactions.forEach(function(tx) { - transactions.push(tx.toObject()); - }); - return { - header: this.header.toObject(), - transactions: transactions - }; + return this; }; -/** - * @returns {Buffer} - A buffer of the block - */ -Block.prototype.toBuffer = function toBuffer() { - return this.toBufferWriter().concat(); -}; +Node.prototype.choice = function choice(obj) { + var state = this._baseState; -/** - * @returns {string} - A hex encoded string of the block - */ -Block.prototype.toString = function toString() { - return this.toBuffer().toString('hex'); -}; + assert(state.choice === null); + state.choice = obj; + this._useArgs(Object.keys(obj).map(function(key) { + return obj[key]; + })); -/** - * @param {BufferWriter} - An existing instance of BufferWriter - * @returns {BufferWriter} - An instance of BufferWriter representation of the Block - */ -Block.prototype.toBufferWriter = function toBufferWriter(bw) { - if (!bw) { - bw = new BufferWriter(); - } - bw.write(this.header.toBuffer()); - bw.writeVarintNum(this.transactions.length); - for (var i = 0; i < this.transactions.length; i++) { - this.transactions[i].toBufferWriter(bw); - } - return bw; + return this; }; -/** - * Will iterate through each transaction and return an array of hashes - * @returns {Array} - An array with transaction hashes - */ -Block.prototype.getTransactionHashes = function getTransactionHashes() { - var hashes = []; - if (this.transactions.length === 0) { - return [Block.Values.NULL_HASH]; - } - for (var t = 0; t < this.transactions.length; t++) { - hashes.push(this.transactions[t]._getHash()); - } - return hashes; -}; - -/** - * Will build a merkle tree of all the transactions, ultimately arriving at - * a single point, the merkle root. - * @link https://en.bitcoin.it/wiki/Protocol_specification#Merkle_Trees - * @returns {Array} - An array with each level of the tree after the other. - */ -Block.prototype.getMerkleTree = function getMerkleTree() { - - var tree = this.getTransactionHashes(); - - var j = 0; - for (var size = this.transactions.length; size > 1; size = Math.floor((size + 1) / 2)) { - for (var i = 0; i < size; i += 2) { - var i2 = Math.min(i + 1, size - 1); - var buf = Buffer.concat([tree[j + i], tree[j + i2]]); - tree.push(Hash.sha256sha256(buf)); - } - j += size; - } +Node.prototype.contains = function contains(item) { + var state = this._baseState; - return tree; -}; + assert(state.use === null); + state.contains = item; -/** - * Calculates the merkleRoot from the transactions. - * @returns {Buffer} - A buffer of the merkle root hash - */ -Block.prototype.getMerkleRoot = function getMerkleRoot() { - var tree = this.getMerkleTree(); - return tree[tree.length - 1]; + return this; }; -/** - * Verifies that the transactions in the block match the header merkle root - * @returns {Boolean} - If the merkle roots match - */ -Block.prototype.validMerkleRoot = function validMerkleRoot() { +// +// Decoding +// - var h = new BN(this.header.merkleRoot.toString('hex'), 'hex'); - var c = new BN(this.getMerkleRoot().toString('hex'), 'hex'); +Node.prototype._decode = function decode(input, options) { + var state = this._baseState; - if (h.cmp(c) !== 0) { - return false; - } + // Decode root node + if (state.parent === null) + return input.wrapResult(state.children[0]._decode(input, options)); - return true; -}; + var result = state['default']; + var present = true; -/** - * @returns {Buffer} - The little endian hash buffer of the header - */ -Block.prototype._getHash = function() { - return this.header._getHash(); -}; + var prevKey = null; + if (state.key !== null) + prevKey = input.enterKey(state.key); -var idProperty = { - configurable: false, - enumerable: true, - /** - * @returns {string} - The big endian hash buffer of the header - */ - get: function() { - if (!this._id) { - this._id = this.header.id; - } - return this._id; - }, - set: _.noop -}; -Object.defineProperty(Block.prototype, 'id', idProperty); -Object.defineProperty(Block.prototype, 'hash', idProperty); + // Check if tag is there + if (state.optional) { + var tag = null; + if (state.explicit !== null) + tag = state.explicit; + else if (state.implicit !== null) + tag = state.implicit; + else if (state.tag !== null) + tag = state.tag; -/** - * @returns {string} - A string formatted for the console - */ -Block.prototype.inspect = function inspect() { - return ''; -}; + if (tag === null && !state.any) { + // Trial and Error + var save = input.save(); + try { + if (state.choice === null) + this._decodeGeneric(state.tag, input, options); + else + this._decodeChoice(input, options); + present = true; + } catch (e) { + present = false; + } + input.restore(save); + } else { + present = this._peekTag(input, tag, state.any); -Block.Values = { - START_OF_BLOCK: 8, // Start of block in raw block data - NULL_HASH: new Buffer('0000000000000000000000000000000000000000000000000000000000000000', 'hex') -}; + if (input.isError(present)) + return present; + } + } -module.exports = Block; + // Push object on stack + var prevObj; + if (state.obj && present) + prevObj = input.enterObject(); -}).call(this,require("buffer").Buffer) -},{"../crypto/bn":13,"../crypto/hash":15,"../encoding/bufferreader":21,"../encoding/bufferwriter":22,"../transaction":36,"../util/buffer":50,"../util/preconditions":52,"./blockheader":10,"buffer":94,"lodash":78}],10:[function(require,module,exports){ -(function (Buffer){ -'use strict'; + if (present) { + // Unwrap explicit values + if (state.explicit !== null) { + var explicit = this._decodeTag(input, state.explicit); + if (input.isError(explicit)) + return explicit; + input = explicit; + } -var _ = require('lodash'); -var BN = require('../crypto/bn'); -var BufferUtil = require('../util/buffer'); -var BufferReader = require('../encoding/bufferreader'); -var BufferWriter = require('../encoding/bufferwriter'); -var Hash = require('../crypto/hash'); -var JSUtil = require('../util/js'); -var $ = require('../util/preconditions'); + var start = input.offset; -var GENESIS_BITS = 0x1d00ffff; + // Unwrap implicit and normal values + if (state.use === null && state.choice === null) { + if (state.any) + var save = input.save(); + var body = this._decodeTag( + input, + state.implicit !== null ? state.implicit : state.tag, + state.any + ); + if (input.isError(body)) + return body; -/** - * Instantiate a BlockHeader from a Buffer, JSON object, or Object with - * the properties of the BlockHeader - * - * @param {*} - A Buffer, JSON string, or Object - * @returns {BlockHeader} - An instance of block header - * @constructor - */ -var BlockHeader = function BlockHeader(arg) { - if (!(this instanceof BlockHeader)) { - return new BlockHeader(arg); - } - var info = BlockHeader._from(arg); - this.version = info.version; - this.prevHash = info.prevHash; - this.merkleRoot = info.merkleRoot; - this.time = info.time; - this.timestamp = info.time; - this.bits = info.bits; - this.nonce = info.nonce; + if (state.any) + result = input.raw(save); + else + input = body; + } - if (info.hash) { - $.checkState( - this.hash === info.hash, - 'Argument object hash property does not match block hash.' - ); - } + if (options && options.track && state.tag !== null) + options.track(input.path(), start, input.length, 'tagged'); - return this; -}; + if (options && options.track && state.tag !== null) + options.track(input.path(), input.offset, input.length, 'content'); -/** - * @param {*} - A Buffer, JSON string or Object - * @returns {Object} - An object representing block header data - * @throws {TypeError} - If the argument was not recognized - * @private - */ -BlockHeader._from = function _from(arg) { - var info = {}; - if (BufferUtil.isBuffer(arg)) { - info = BlockHeader._fromBufferReader(BufferReader(arg)); - } else if (_.isObject(arg)) { - info = BlockHeader._fromObject(arg); - } else { - throw new TypeError('Unrecognized argument for BlockHeader'); - } - return info; -}; + // Select proper method for tag + if (state.any) + result = result; + else if (state.choice === null) + result = this._decodeGeneric(state.tag, input, options); + else + result = this._decodeChoice(input, options); -/** - * @param {Object} - A JSON string - * @returns {Object} - An object representing block header data - * @private - */ -BlockHeader._fromObject = function _fromObject(data) { - $.checkArgument(data, 'data is required'); - var prevHash = data.prevHash; - var merkleRoot = data.merkleRoot; - if (_.isString(data.prevHash)) { - prevHash = BufferUtil.reverse(new Buffer(data.prevHash, 'hex')); - } - if (_.isString(data.merkleRoot)) { - merkleRoot = BufferUtil.reverse(new Buffer(data.merkleRoot, 'hex')); - } - var info = { - hash: data.hash, - version: data.version, - prevHash: prevHash, - merkleRoot: merkleRoot, - time: data.time, - timestamp: data.time, - bits: data.bits, - nonce: data.nonce - }; - return info; -}; + if (input.isError(result)) + return result; -/** - * @param {Object} - A plain JavaScript object - * @returns {BlockHeader} - An instance of block header - */ -BlockHeader.fromObject = function fromObject(obj) { - var info = BlockHeader._fromObject(obj); - return new BlockHeader(info); -}; + // Decode children + if (!state.any && state.choice === null && state.children !== null) { + state.children.forEach(function decodeChildren(child) { + // NOTE: We are ignoring errors here, to let parser continue with other + // parts of encoded data + child._decode(input, options); + }); + } -/** - * @param {Binary} - Raw block binary data or buffer - * @returns {BlockHeader} - An instance of block header - */ -BlockHeader.fromRawBlock = function fromRawBlock(data) { - if (!BufferUtil.isBuffer(data)) { - data = new Buffer(data, 'binary'); + // Decode contained/encoded by schema, only in bit or octet strings + if (state.contains && (state.tag === 'octstr' || state.tag === 'bitstr')) { + var data = new DecoderBuffer(result); + result = this._getUse(state.contains, input._reporterState.obj) + ._decode(data, options); + } } - var br = BufferReader(data); - br.pos = BlockHeader.Constants.START_OF_HEADER; - var info = BlockHeader._fromBufferReader(br); - return new BlockHeader(info); -}; - -/** - * @param {Buffer} - A buffer of the block header - * @returns {BlockHeader} - An instance of block header - */ -BlockHeader.fromBuffer = function fromBuffer(buf) { - var info = BlockHeader._fromBufferReader(BufferReader(buf)); - return new BlockHeader(info); -}; - -/** - * @param {string} - A hex encoded buffer of the block header - * @returns {BlockHeader} - An instance of block header - */ -BlockHeader.fromString = function fromString(str) { - var buf = new Buffer(str, 'hex'); - return BlockHeader.fromBuffer(buf); -}; -/** - * @param {BufferReader} - A BufferReader of the block header - * @returns {Object} - An object representing block header data - * @private - */ -BlockHeader._fromBufferReader = function _fromBufferReader(br) { - var info = {}; - info.version = br.readUInt32LE(); - info.prevHash = br.read(32); - info.merkleRoot = br.read(32); - info.time = br.readUInt32LE(); - info.bits = br.readUInt32LE(); - info.nonce = br.readUInt32LE(); - return info; -}; + // Pop object + if (state.obj && present) + result = input.leaveObject(prevObj); -/** - * @param {BufferReader} - A BufferReader of the block header - * @returns {BlockHeader} - An instance of block header - */ -BlockHeader.fromBufferReader = function fromBufferReader(br) { - var info = BlockHeader._fromBufferReader(br); - return new BlockHeader(info); -}; + // Set key + if (state.key !== null && (result !== null || present === true)) + input.leaveKey(prevKey, state.key, result); + else if (prevKey !== null) + input.exitKey(prevKey); -/** - * @returns {Object} - A plain object of the BlockHeader - */ -BlockHeader.prototype.toObject = BlockHeader.prototype.toJSON = function toObject() { - return { - hash: this.hash, - version: this.version, - prevHash: BufferUtil.reverse(this.prevHash).toString('hex'), - merkleRoot: BufferUtil.reverse(this.merkleRoot).toString('hex'), - time: this.time, - bits: this.bits, - nonce: this.nonce - }; + return result; }; -/** - * @returns {Buffer} - A Buffer of the BlockHeader - */ -BlockHeader.prototype.toBuffer = function toBuffer() { - return this.toBufferWriter().concat(); -}; +Node.prototype._decodeGeneric = function decodeGeneric(tag, input, options) { + var state = this._baseState; -/** - * @returns {string} - A hex encoded string of the BlockHeader - */ -BlockHeader.prototype.toString = function toString() { - return this.toBuffer().toString('hex'); -}; + if (tag === 'seq' || tag === 'set') + return null; + if (tag === 'seqof' || tag === 'setof') + return this._decodeList(input, tag, state.args[0], options); + else if (/str$/.test(tag)) + return this._decodeStr(input, tag, options); + else if (tag === 'objid' && state.args) + return this._decodeObjid(input, state.args[0], state.args[1], options); + else if (tag === 'objid') + return this._decodeObjid(input, null, null, options); + else if (tag === 'gentime' || tag === 'utctime') + return this._decodeTime(input, tag, options); + else if (tag === 'null_') + return this._decodeNull(input, options); + else if (tag === 'bool') + return this._decodeBool(input, options); + else if (tag === 'int' || tag === 'enum') + return this._decodeInt(input, state.args && state.args[0], options); -/** - * @param {BufferWriter} - An existing instance BufferWriter - * @returns {BufferWriter} - An instance of BufferWriter representation of the BlockHeader - */ -BlockHeader.prototype.toBufferWriter = function toBufferWriter(bw) { - if (!bw) { - bw = new BufferWriter(); + if (state.use !== null) { + return this._getUse(state.use, input._reporterState.obj) + ._decode(input, options); + } else { + return input.error('unknown tag: ' + tag); } - bw.writeUInt32LE(this.version); - bw.write(this.prevHash); - bw.write(this.merkleRoot); - bw.writeUInt32LE(this.time); - bw.writeUInt32LE(this.bits); - bw.writeUInt32LE(this.nonce); - return bw; }; -/** - * Returns the target difficulty for this block - * @param {Number} bits - * @returns {BN} An instance of BN with the decoded difficulty bits - */ -BlockHeader.prototype.getTargetDifficulty = function getTargetDifficulty(bits) { - bits = bits || this.bits; +Node.prototype._getUse = function _getUse(entity, obj) { - var target = new BN(bits & 0xffffff); - var mov = 8 * ((bits >>> 24) - 3); - while (mov-- > 0) { - target = target.mul(new BN(2)); + var state = this._baseState; + // Create altered use decoder if implicit is set + state.useDecoder = this._use(entity, obj); + assert(state.useDecoder._baseState.parent === null); + state.useDecoder = state.useDecoder._baseState.children[0]; + if (state.implicit !== state.useDecoder._baseState.implicit) { + state.useDecoder = state.useDecoder.clone(); + state.useDecoder._baseState.implicit = state.implicit; } - return target; + return state.useDecoder; }; -/** - * @link https://en.bitcoin.it/wiki/Difficulty - * @return {Number} - */ -BlockHeader.prototype.getDifficulty = function getDifficulty() { - var difficulty1TargetBN = this.getTargetDifficulty(GENESIS_BITS).mul(new BN(Math.pow(10, 8))); - var currentTargetBN = this.getTargetDifficulty(); +Node.prototype._decodeChoice = function decodeChoice(input, options) { + var state = this._baseState; + var result = null; + var match = false; - var difficultyString = difficulty1TargetBN.div(currentTargetBN).toString(10); - var decimalPos = difficultyString.length - 8; - difficultyString = difficultyString.slice(0, decimalPos) + '.' + difficultyString.slice(decimalPos); + Object.keys(state.choice).some(function(key) { + var save = input.save(); + var node = state.choice[key]; + try { + var value = node._decode(input, options); + if (input.isError(value)) + return false; - return parseFloat(difficultyString); -}; + result = { type: key, value: value }; + match = true; + } catch (e) { + input.restore(save); + return false; + } + return true; + }, this); -/** - * @returns {Buffer} - The little endian hash buffer of the header - */ -BlockHeader.prototype._getHash = function hash() { - var buf = this.toBuffer(); - return Hash.sha256sha256(buf); -}; + if (!match) + return input.error('Choice not matched'); -var idProperty = { - configurable: false, - enumerable: true, - /** - * @returns {string} - The big endian hash buffer of the header - */ - get: function() { - if (!this._id) { - this._id = BufferReader(this._getHash()).readReverse().toString('hex'); - } - return this._id; - }, - set: _.noop + return result; }; -Object.defineProperty(BlockHeader.prototype, 'id', idProperty); -Object.defineProperty(BlockHeader.prototype, 'hash', idProperty); -/** - * @returns {Boolean} - If timestamp is not too far in the future - */ -BlockHeader.prototype.validTimestamp = function validTimestamp() { - var currentTime = Math.round(new Date().getTime() / 1000); - if (this.time > currentTime + BlockHeader.Constants.MAX_TIME_OFFSET) { - return false; - } - return true; +// +// Encoding +// + +Node.prototype._createEncoderBuffer = function createEncoderBuffer(data) { + return new EncoderBuffer(data, this.reporter); }; -/** - * @returns {Boolean} - If the proof-of-work hash satisfies the target difficulty - */ -BlockHeader.prototype.validProofOfWork = function validProofOfWork() { - var pow = new BN(this.id, 'hex'); - var target = this.getTargetDifficulty(); +Node.prototype._encode = function encode(data, reporter, parent) { + var state = this._baseState; + if (state['default'] !== null && state['default'] === data) + return; - if (pow.cmp(target) > 0) { - return false; - } - return true; -}; + var result = this._encodeValue(data, reporter, parent); + if (result === undefined) + return; -/** - * @returns {string} - A string formatted for the console - */ -BlockHeader.prototype.inspect = function inspect() { - return ''; -}; + if (this._skipDefault(result, reporter, parent)) + return; -BlockHeader.Constants = { - START_OF_HEADER: 8, // Start buffer position in raw block data - MAX_TIME_OFFSET: 2 * 60 * 60, // The max a timestamp can be in the future - LARGEST_HASH: new BN('10000000000000000000000000000000000000000000000000000000000000000', 'hex') + return result; }; -module.exports = BlockHeader; +Node.prototype._encodeValue = function encode(data, reporter, parent) { + var state = this._baseState; -}).call(this,require("buffer").Buffer) -},{"../crypto/bn":13,"../crypto/hash":15,"../encoding/bufferreader":21,"../encoding/bufferwriter":22,"../util/buffer":50,"../util/js":51,"../util/preconditions":52,"buffer":94,"lodash":78}],11:[function(require,module,exports){ -module.exports = require('./block'); + // Decode root node + if (state.parent === null) + return state.children[0]._encode(data, reporter || new Reporter()); -module.exports.BlockHeader = require('./blockheader'); -module.exports.MerkleBlock = require('./merkleblock'); + var result = null; -},{"./block":9,"./blockheader":10,"./merkleblock":12}],12:[function(require,module,exports){ -(function (Buffer){ -'use strict'; + // Set reporter to share it with a child class + this.reporter = reporter; -var _ = require('lodash'); -var BlockHeader = require('./blockheader'); -var BufferUtil = require('../util/buffer'); -var BufferReader = require('../encoding/bufferreader'); -var BufferWriter = require('../encoding/bufferwriter'); -var Hash = require('../crypto/hash'); -var JSUtil = require('../util/js'); -var Transaction = require('../transaction'); -var $ = require('../util/preconditions'); - -/** - * Instantiate a MerkleBlock from a Buffer, JSON object, or Object with - * the properties of the Block - * - * @param {*} - A Buffer, JSON string, or Object representing a MerkleBlock - * @returns {MerkleBlock} - * @constructor - */ -function MerkleBlock(arg) { - /* jshint maxstatements: 18 */ - - if (!(this instanceof MerkleBlock)) { - return new MerkleBlock(arg); + // Check if data is there + if (state.optional && data === undefined) { + if (state['default'] !== null) + data = state['default'] + else + return; } - var info = {}; - if (BufferUtil.isBuffer(arg)) { - info = MerkleBlock._fromBufferReader(BufferReader(arg)); - } else if (_.isObject(arg)) { - var header; - if(arg.header instanceof BlockHeader) { - header = arg.header; - } else { - header = BlockHeader.fromObject(arg.header); - } - info = { - /** - * @name MerkleBlock#header - * @type {BlockHeader} - */ - header: header, - /** - * @name MerkleBlock#numTransactions - * @type {Number} - */ - numTransactions: arg.numTransactions, - /** - * @name MerkleBlock#hashes - * @type {String[]} - */ - hashes: arg.hashes, - /** - * @name MerkleBlock#flags - * @type {Number[]} - */ - flags: arg.flags - }; - } else { - throw new TypeError('Unrecognized argument for MerkleBlock'); - } - _.extend(this,info); - this._flagBitsUsed = 0; - this._hashesUsed = 0; - return this; -} + // Encode children first + var content = null; + var primitive = false; + if (state.any) { + // Anything that was given is translated to buffer + result = this._createEncoderBuffer(data); + } else if (state.choice) { + result = this._encodeChoice(data, reporter); + } else if (state.contains) { + content = this._getUse(state.contains, parent)._encode(data, reporter); + primitive = true; + } else if (state.children) { + content = state.children.map(function(child) { + if (child._baseState.tag === 'null_') + return child._encode(null, reporter, data); -/** - * @param {Buffer} - MerkleBlock data in a Buffer object - * @returns {MerkleBlock} - A MerkleBlock object - */ -MerkleBlock.fromBuffer = function fromBuffer(buf) { - return MerkleBlock.fromBufferReader(BufferReader(buf)); -}; + if (child._baseState.key === null) + return reporter.error('Child should have a key'); + var prevKey = reporter.enterKey(child._baseState.key); -/** - * @param {BufferReader} - MerkleBlock data in a BufferReader object - * @returns {MerkleBlock} - A MerkleBlock object - */ -MerkleBlock.fromBufferReader = function fromBufferReader(br) { - return new MerkleBlock(MerkleBlock._fromBufferReader(br)); -}; + if (typeof data !== 'object') + return reporter.error('Child expected, but input is not object'); -/** - * @returns {Buffer} - A buffer of the block - */ -MerkleBlock.prototype.toBuffer = function toBuffer() { - return this.toBufferWriter().concat(); -}; + var res = child._encode(data[child._baseState.key], reporter, data); + reporter.leaveKey(prevKey); -/** - * @param {BufferWriter} - An existing instance of BufferWriter - * @returns {BufferWriter} - An instance of BufferWriter representation of the MerkleBlock - */ -MerkleBlock.prototype.toBufferWriter = function toBufferWriter(bw) { - if (!bw) { - bw = new BufferWriter(); - } - bw.write(this.header.toBuffer()); - bw.writeUInt32LE(this.numTransactions); - bw.writeVarintNum(this.hashes.length); - for (var i = 0; i < this.hashes.length; i++) { - bw.write(new Buffer(this.hashes[i], 'hex')); - } - bw.writeVarintNum(this.flags.length); - for (i = 0; i < this.flags.length; i++) { - bw.writeUInt8(this.flags[i]); - } - return bw; -}; + return res; + }, this).filter(function(child) { + return child; + }); + content = this._createEncoderBuffer(content); + } else { + if (state.tag === 'seqof' || state.tag === 'setof') { + // TODO(indutny): this should be thrown on DSL level + if (!(state.args && state.args.length === 1)) + return reporter.error('Too many args for : ' + state.tag); -/** - * @returns {Object} - A plain object with the MerkleBlock properties - */ -MerkleBlock.prototype.toObject = MerkleBlock.prototype.toJSON = function toObject() { - return { - header: this.header.toObject(), - numTransactions: this.numTransactions, - hashes: this.hashes, - flags: this.flags - }; -}; + if (!Array.isArray(data)) + return reporter.error('seqof/setof, but data is not Array'); -/** - * Verify that the MerkleBlock is valid - * @returns {Boolean} - True/False whether this MerkleBlock is Valid - */ -MerkleBlock.prototype.validMerkleTree = function validMerkleTree() { - $.checkState(_.isArray(this.flags), 'MerkleBlock flags is not an array'); - $.checkState(_.isArray(this.hashes), 'MerkleBlock hashes is not an array'); + var child = this.clone(); + child._baseState.implicit = null; + content = this._createEncoderBuffer(data.map(function(item) { + var state = this._baseState; - // Can't have more hashes than numTransactions - if(this.hashes.length > this.numTransactions) { - return false; + return this._getUse(state.args[0], data)._encode(item, reporter); + }, child)); + } else if (state.use !== null) { + result = this._getUse(state.use, parent)._encode(data, reporter); + } else { + content = this._encodePrimitive(state.tag, data); + primitive = true; + } } - // Can't have more flag bits than num hashes - if(this.flags.length * 8 < this.hashes.length) { - return false; - } + // Encode data itself + var result; + if (!state.any && state.choice === null) { + var tag = state.implicit !== null ? state.implicit : state.tag; + var cls = state.implicit === null ? 'universal' : 'context'; - var height = this._calcTreeHeight(); - var opts = { hashesUsed: 0, flagBitsUsed: 0 }; - var root = this._traverseMerkleTree(height, 0, opts); - if(opts.hashesUsed !== this.hashes.length) { - return false; + if (tag === null) { + if (state.use === null) + reporter.error('Tag could be ommited only for .use()'); + } else { + if (state.use === null) + result = this._encodeComposite(tag, primitive, cls, content); + } } - return BufferUtil.equals(root, this.header.merkleRoot); -}; - -/** - * Traverse a the tree in this MerkleBlock, validating it along the way - * Modeled after Bitcoin Core merkleblock.cpp TraverseAndExtract() - * @param {Number} - depth - Current height - * @param {Number} - pos - Current position in the tree - * @param {Object} - opts - Object with values that need to be mutated throughout the traversal - * @param {Number} - opts.flagBitsUsed - Number of flag bits used, should start at 0 - * @param {Number} - opts.hashesUsed - Number of hashes used, should start at 0 - * @param {Array} - opts.txs - Will finish populated by transactions found during traversal - * @returns {Buffer|null} - Buffer containing the Merkle Hash for that height - * @private - */ -MerkleBlock.prototype._traverseMerkleTree = function traverseMerkleTree(depth, pos, opts) { - /* jshint maxcomplexity: 12*/ - /* jshint maxstatements: 20 */ - opts = opts || {}; - opts.txs = opts.txs || []; - opts.flagBitsUsed = opts.flagBitsUsed || 0; - opts.hashesUsed = opts.hashesUsed || 0; + // Wrap in explicit + if (state.explicit !== null) + result = this._encodeComposite(state.explicit, false, 'context', result); - if(opts.flagBitsUsed > this.flags.length * 8) { - return null; - } - var isParentOfMatch = (this.flags[opts.flagBitsUsed >> 3] >>> (opts.flagBitsUsed++ & 7)) & 1; - if(depth === 0 || !isParentOfMatch) { - if(opts.hashesUsed >= this.hashes.length) { - return null; - } - var hash = this.hashes[opts.hashesUsed++]; - if(depth === 0 && isParentOfMatch) { - opts.txs.push(hash); - } - return new Buffer(hash, 'hex'); - } else { - var left = this._traverseMerkleTree(depth-1, pos*2, opts); - var right = left; - if(pos*2+1 < this._calcTreeWidth(depth-1)) { - right = this._traverseMerkleTree(depth-1, pos*2+1, opts); - } - return Hash.sha256sha256(new Buffer.concat([left, right])); - } + return result; }; -/** Calculates the width of a merkle tree at a given height. - * Modeled after Bitcoin Core merkleblock.h CalcTreeWidth() - * @param {Number} - Height at which we want the tree width - * @returns {Number} - Width of the tree at a given height - * @private - */ -MerkleBlock.prototype._calcTreeWidth = function calcTreeWidth(height) { - return (this.numTransactions + (1 << height) - 1) >> height; -}; +Node.prototype._encodeChoice = function encodeChoice(data, reporter) { + var state = this._baseState; -/** Calculates the height of the merkle tree in this MerkleBlock - * @param {Number} - Height at which we want the tree width - * @returns {Number} - Height of the merkle tree in this MerkleBlock - * @private - */ -MerkleBlock.prototype._calcTreeHeight = function calcTreeHeight() { - var height = 0; - while (this._calcTreeWidth(height) > 1) { - height++; + var node = state.choice[data.type]; + if (!node) { + assert( + false, + data.type + ' not found in ' + + JSON.stringify(Object.keys(state.choice))); } - return height; + return node._encode(data.value, reporter); }; -/** - * @param {Transaction|String} - Transaction or Transaction ID Hash - * @returns {Boolean} - return true/false if this MerkleBlock has the TX or not - * @private - */ -MerkleBlock.prototype.hasTransaction = function hasTransaction(tx) { - $.checkArgument(!_.isUndefined(tx), 'tx cannot be undefined'); - $.checkArgument(tx instanceof Transaction || typeof tx === 'string', - 'Invalid tx given, tx must be a "string" or "Transaction"'); - - var hash = tx; - if(tx instanceof Transaction) { - // We need to reverse the id hash for the lookup - hash = BufferUtil.reverse(new Buffer(tx.id, 'hex')).toString('hex'); - } +Node.prototype._encodePrimitive = function encodePrimitive(tag, data) { + var state = this._baseState; - var txs = []; - var height = this._calcTreeHeight(); - this._traverseMerkleTree(height, 0, { txs: txs }); - return txs.indexOf(hash) !== -1; + if (/str$/.test(tag)) + return this._encodeStr(data, tag); + else if (tag === 'objid' && state.args) + return this._encodeObjid(data, state.reverseArgs[0], state.args[1]); + else if (tag === 'objid') + return this._encodeObjid(data, null, null); + else if (tag === 'gentime' || tag === 'utctime') + return this._encodeTime(data, tag); + else if (tag === 'null_') + return this._encodeNull(); + else if (tag === 'int' || tag === 'enum') + return this._encodeInt(data, state.args && state.reverseArgs[0]); + else if (tag === 'bool') + return this._encodeBool(data); + else + throw new Error('Unsupported tag: ' + tag); }; -/** - * @param {Buffer} - MerkleBlock data - * @returns {Object} - An Object representing merkleblock data - * @private - */ -MerkleBlock._fromBufferReader = function _fromBufferReader(br) { - $.checkState(!br.finished(), 'No merkleblock data received'); - var info = {}; - info.header = BlockHeader.fromBufferReader(br); - info.numTransactions = br.readUInt32LE(); - var numHashes = br.readVarintNum(); - info.hashes = []; - for (var i = 0; i < numHashes; i++) { - info.hashes.push(br.read(32).toString('hex')); - } - var numFlags = br.readVarintNum(); - info.flags = []; - for (i = 0; i < numFlags; i++) { - info.flags.push(br.readUInt8()); - } - return info; +Node.prototype._isNumstr = function isNumstr(str) { + return /^[0-9 ]*$/.test(str); }; -/** - * @param {Object} - A plain JavaScript object - * @returns {Block} - An instance of block - */ -MerkleBlock.fromObject = function fromObject(obj) { - return new MerkleBlock(obj); +Node.prototype._isPrintstr = function isPrintstr(str) { + return /^[A-Za-z0-9 '\(\)\+,\-\.\/:=\?]*$/.test(str); }; -module.exports = MerkleBlock; +},{"../base":10,"minimalistic-assert":266}],12:[function(require,module,exports){ +var inherits = require('inherits'); -}).call(this,require("buffer").Buffer) -},{"../crypto/hash":15,"../encoding/bufferreader":21,"../encoding/bufferwriter":22,"../transaction":36,"../util/buffer":50,"../util/js":51,"../util/preconditions":52,"./blockheader":10,"buffer":94,"lodash":78}],13:[function(require,module,exports){ -(function (Buffer){ -'use strict'; +function Reporter(options) { + this._reporterState = { + obj: null, + path: [], + options: options || {}, + errors: [] + }; +} +exports.Reporter = Reporter; -var BN = require('bn.js'); -var $ = require('../util/preconditions'); -var _ = require('lodash'); +Reporter.prototype.isError = function isError(obj) { + return obj instanceof ReporterError; +}; -var reversebuf = function(buf) { - var buf2 = new Buffer(buf.length); - for (var i = 0; i < buf.length; i++) { - buf2[i] = buf[buf.length - 1 - i]; - } - return buf2; +Reporter.prototype.save = function save() { + var state = this._reporterState; + + return { obj: state.obj, pathLen: state.path.length }; }; -BN.Zero = new BN(0); -BN.One = new BN(1); -BN.Minus1 = new BN(-1); +Reporter.prototype.restore = function restore(data) { + var state = this._reporterState; -BN.fromNumber = function(n) { - $.checkArgument(_.isNumber(n)); - return new BN(n); + state.obj = data.obj; + state.path = state.path.slice(0, data.pathLen); }; -BN.fromString = function(str, base) { - $.checkArgument(_.isString(str)); - return new BN(str, base); +Reporter.prototype.enterKey = function enterKey(key) { + return this._reporterState.path.push(key); }; -BN.fromBuffer = function(buf, opts) { - if (typeof opts !== 'undefined' && opts.endian === 'little') { - buf = reversebuf(buf); - } - var hex = buf.toString('hex'); - var bn = new BN(hex, 16); - return bn; +Reporter.prototype.exitKey = function exitKey(index) { + var state = this._reporterState; + + state.path = state.path.slice(0, index - 1); }; -/** - * Instantiate a BigNumber from a "signed magnitude buffer" - * (a buffer where the most significant bit represents the sign (0 = positive, -1 = negative)) - */ -BN.fromSM = function(buf, opts) { - var ret; - if (buf.length === 0) { - return BN.fromBuffer(new Buffer([0])); - } +Reporter.prototype.leaveKey = function leaveKey(index, key, value) { + var state = this._reporterState; - var endian = 'big'; - if (opts) { - endian = opts.endian; - } - if (endian === 'little') { - buf = reversebuf(buf); - } + this.exitKey(index); + if (state.obj !== null) + state.obj[key] = value; +}; - if (buf[0] & 0x80) { - buf[0] = buf[0] & 0x7f; - ret = BN.fromBuffer(buf); - ret.neg().copy(ret); - } else { - ret = BN.fromBuffer(buf); - } - return ret; +Reporter.prototype.path = function path() { + return this._reporterState.path.join('/'); }; +Reporter.prototype.enterObject = function enterObject() { + var state = this._reporterState; -BN.prototype.toNumber = function() { - return parseInt(this.toString(10), 10); + var prev = state.obj; + state.obj = {}; + return prev; }; -BN.prototype.toBuffer = function(opts) { - var buf, hex; - if (opts && opts.size) { - hex = this.toString(16, 2); - var natlen = hex.length / 2; - buf = new Buffer(hex, 'hex'); +Reporter.prototype.leaveObject = function leaveObject(prev) { + var state = this._reporterState; - if (natlen === opts.size) { - buf = buf; - } else if (natlen > opts.size) { - buf = BN.trim(buf, natlen); - } else if (natlen < opts.size) { - buf = BN.pad(buf, natlen, opts.size); - } + var now = state.obj; + state.obj = prev; + return now; +}; + +Reporter.prototype.error = function error(msg) { + var err; + var state = this._reporterState; + + var inherited = msg instanceof ReporterError; + if (inherited) { + err = msg; } else { - hex = this.toString(16, 2); - buf = new Buffer(hex, 'hex'); + err = new ReporterError(state.path.map(function(elem) { + return '[' + JSON.stringify(elem) + ']'; + }).join(''), msg.message || msg, msg.stack); } - if (typeof opts !== 'undefined' && opts.endian === 'little') { - buf = reversebuf(buf); - } + if (!state.options.partial) + throw err; - return buf; + if (!inherited) + state.errors.push(err); + + return err; }; -BN.prototype.toSMBigEndian = function() { - var buf; - if (this.cmp(BN.Zero) === -1) { - buf = this.neg().toBuffer(); - if (buf[0] & 0x80) { - buf = Buffer.concat([new Buffer([0x80]), buf]); - } else { - buf[0] = buf[0] | 0x80; - } - } else { - buf = this.toBuffer(); - if (buf[0] & 0x80) { - buf = Buffer.concat([new Buffer([0x00]), buf]); - } - } +Reporter.prototype.wrapResult = function wrapResult(result) { + var state = this._reporterState; + if (!state.options.partial) + return result; - if (buf.length === 1 & buf[0] === 0) { - buf = new Buffer([]); - } - return buf; + return { + result: this.isError(result) ? null : result, + errors: state.errors + }; }; -BN.prototype.toSM = function(opts) { - var endian = opts ? opts.endian : 'big'; - var buf = this.toSMBigEndian(); - - if (endian === 'little') { - buf = reversebuf(buf); - } - return buf; +function ReporterError(path, msg) { + this.path = path; + this.rethrow(msg); }; +inherits(ReporterError, Error); -/** - * Create a BN from a "ScriptNum": - * This is analogous to the constructor for CScriptNum in bitcoind. Many ops in - * bitcoind's script interpreter use CScriptNum, which is not really a proper - * bignum. Instead, an error is thrown if trying to input a number bigger than - * 4 bytes. We copy that behavior here. A third argument, `size`, is provided to - * extend the hard limit of 4 bytes, as some usages require more than 4 bytes. - */ -BN.fromScriptNumBuffer = function(buf, fRequireMinimal, size) { - var nMaxNumSize = size || 4; - $.checkArgument(buf.length <= nMaxNumSize, new Error('script number overflow')); - if (fRequireMinimal && buf.length > 0) { - // Check that the number is encoded with the minimum possible - // number of bytes. - // - // If the most-significant-byte - excluding the sign bit - is zero - // then we're not minimal. Note how this test also rejects the - // negative-zero encoding, 0x80. - if ((buf[buf.length - 1] & 0x7f) === 0) { - // One exception: if there's more than one byte and the most - // significant bit of the second-most-significant-byte is set - // it would conflict with the sign bit. An example of this case - // is +-255, which encode to 0xff00 and 0xff80 respectively. - // (big-endian). - if (buf.length <= 1 || (buf[buf.length - 2] & 0x80) === 0) { - throw new Error('non-minimally encoded script number'); - } +ReporterError.prototype.rethrow = function rethrow(msg) { + this.message = msg + ' at: ' + (this.path || '(shallow)'); + if (Error.captureStackTrace) + Error.captureStackTrace(this, ReporterError); + + if (!this.stack) { + try { + // IE only adds stack when thrown + throw new Error(this.message); + } catch (e) { + this.stack = e.stack; } } - return BN.fromSM(buf, { - endian: 'little' - }); -}; - -/** - * The corollary to the above, with the notable exception that we do not throw - * an error if the output is larger than four bytes. (Which can happen if - * performing a numerical operation that results in an overflow to more than 4 - * bytes). - */ -BN.prototype.toScriptNumBuffer = function() { - return this.toSM({ - endian: 'little' - }); -}; - -BN.prototype.gt = function(b) { - return this.cmp(b) > 0; -}; - -BN.prototype.gte = function(b) { - return this.cmp(b) >= 0; + return this; }; -BN.prototype.lt = function(b) { - return this.cmp(b) < 0; -}; +},{"inherits":259}],13:[function(require,module,exports){ +var constants = require('../constants'); -BN.trim = function(buf, natlen) { - return buf.slice(natlen - buf.length, buf.length); +exports.tagClass = { + 0: 'universal', + 1: 'application', + 2: 'context', + 3: 'private' }; +exports.tagClassByName = constants._reverse(exports.tagClass); -BN.pad = function(buf, natlen, size) { - var rbuf = new Buffer(size); - for (var i = 0; i < buf.length; i++) { - rbuf[rbuf.length - 1 - i] = buf[buf.length - 1 - i]; - } - for (i = 0; i < size - natlen; i++) { - rbuf[i] = 0; - } - return rbuf; +exports.tag = { + 0x00: 'end', + 0x01: 'bool', + 0x02: 'int', + 0x03: 'bitstr', + 0x04: 'octstr', + 0x05: 'null_', + 0x06: 'objid', + 0x07: 'objDesc', + 0x08: 'external', + 0x09: 'real', + 0x0a: 'enum', + 0x0b: 'embed', + 0x0c: 'utf8str', + 0x0d: 'relativeOid', + 0x10: 'seq', + 0x11: 'set', + 0x12: 'numstr', + 0x13: 'printstr', + 0x14: 't61str', + 0x15: 'videostr', + 0x16: 'ia5str', + 0x17: 'utctime', + 0x18: 'gentime', + 0x19: 'graphstr', + 0x1a: 'iso646str', + 0x1b: 'genstr', + 0x1c: 'unistr', + 0x1d: 'charstr', + 0x1e: 'bmpstr' }; +exports.tagByName = constants._reverse(exports.tag); -module.exports = BN; +},{"../constants":14}],14:[function(require,module,exports){ +var constants = exports; -}).call(this,require("buffer").Buffer) -},{"../util/preconditions":52,"bn.js":53,"buffer":94,"lodash":78}],14:[function(require,module,exports){ -(function (Buffer){ -'use strict'; +// Helper +constants._reverse = function reverse(map) { + var res = {}; -var BN = require('./bn'); -var Point = require('./point'); -var Signature = require('./signature'); -var PublicKey = require('../publickey'); -var Random = require('./random'); -var Hash = require('./hash'); -var BufferUtil = require('../util/buffer'); -var _ = require('lodash'); -var $ = require('../util/preconditions'); + Object.keys(map).forEach(function(key) { + // Convert key to integer if it is stringified + if ((key | 0) == key) + key = key | 0; -var ECDSA = function ECDSA(obj) { - if (!(this instanceof ECDSA)) { - return new ECDSA(obj); - } - if (obj) { - this.set(obj); - } -}; + var value = map[key]; + res[value] = key; + }); -/* jshint maxcomplexity: 9 */ -ECDSA.prototype.set = function(obj) { - this.hashbuf = obj.hashbuf || this.hashbuf; - this.endian = obj.endian || this.endian; //the endianness of hashbuf - this.privkey = obj.privkey || this.privkey; - this.pubkey = obj.pubkey || (this.privkey ? this.privkey.publicKey : this.pubkey); - this.sig = obj.sig || this.sig; - this.k = obj.k || this.k; - this.verified = obj.verified || this.verified; - return this; + return res; }; -ECDSA.prototype.privkey2pubkey = function() { - this.pubkey = this.privkey.toPublicKey(); -}; +constants.der = require('./der'); -ECDSA.prototype.calci = function() { - for (var i = 0; i < 4; i++) { - this.sig.i = i; - var Qprime; - try { - Qprime = this.toPublicKey(); - } catch (e) { - console.error(e); - continue; - } +},{"./der":13}],15:[function(require,module,exports){ +var inherits = require('inherits'); - if (Qprime.point.eq(this.pubkey.point)) { - this.sig.compressed = this.pubkey.compressed; - return this; - } - } +var asn1 = require('../../asn1'); +var base = asn1.base; +var bignum = asn1.bignum; - this.sig.i = undefined; - throw new Error('Unable to find valid recovery factor'); -}; +// Import DER constants +var der = asn1.constants.der; -ECDSA.fromString = function(str) { - var obj = JSON.parse(str); - return new ECDSA(obj); -}; +function DERDecoder(entity) { + this.enc = 'der'; + this.name = entity.name; + this.entity = entity; -ECDSA.prototype.randomK = function() { - var N = Point.getN(); - var k; - do { - k = BN.fromBuffer(Random.getRandomBuffer(32)); - } while (!(k.lt(N) && k.gt(BN.Zero))); - this.k = k; - return this; + // Construct base tree + this.tree = new DERNode(); + this.tree._init(entity.body); }; +module.exports = DERDecoder; +DERDecoder.prototype.decode = function decode(data, options) { + if (!(data instanceof base.DecoderBuffer)) + data = new base.DecoderBuffer(data, options); -// https://tools.ietf.org/html/rfc6979#section-3.2 -ECDSA.prototype.deterministicK = function(badrs) { - /* jshint maxstatements: 25 */ - // if r or s were invalid when this function was used in signing, - // we do not want to actually compute r, s here for efficiency, so, - // we can increment badrs. explained at end of RFC 6979 section 3.2 - if (_.isUndefined(badrs)) { - badrs = 0; - } - var v = new Buffer(32); - v.fill(0x01); - var k = new Buffer(32); - k.fill(0x00); - var x = this.privkey.bn.toBuffer({ - size: 32 - }); - var hashbuf = this.endian === 'little' ? BufferUtil.reverse(this.hashbuf) : this.hashbuf - k = Hash.sha256hmac(Buffer.concat([v, new Buffer([0x00]), x, hashbuf]), k); - v = Hash.sha256hmac(v, k); - k = Hash.sha256hmac(Buffer.concat([v, new Buffer([0x01]), x, hashbuf]), k); - v = Hash.sha256hmac(v, k); - v = Hash.sha256hmac(v, k); - var T = BN.fromBuffer(v); - var N = Point.getN(); - - // also explained in 3.2, we must ensure T is in the proper range (0, N) - for (var i = 0; i < badrs || !(T.lt(N) && T.gt(BN.Zero)); i++) { - k = Hash.sha256hmac(Buffer.concat([v, new Buffer([0x00])]), k); - v = Hash.sha256hmac(v, k); - v = Hash.sha256hmac(v, k); - T = BN.fromBuffer(v); - } - - this.k = T; - return this; + return this.tree._decode(data, options); }; -// Information about public key recovery: -// https://bitcointalk.org/index.php?topic=6430.0 -// http://stackoverflow.com/questions/19665491/how-do-i-get-an-ecdsa-public-key-from-just-a-bitcoin-signature-sec1-4-1-6-k -ECDSA.prototype.toPublicKey = function() { - /* jshint maxstatements: 25 */ - var i = this.sig.i; - $.checkArgument(i === 0 || i === 1 || i === 2 || i === 3, new Error('i must be equal to 0, 1, 2, or 3')); +// Tree methods - var e = BN.fromBuffer(this.hashbuf); - var r = this.sig.r; - var s = this.sig.s; +function DERNode(parent) { + base.Node.call(this, 'der', parent); +} +inherits(DERNode, base.Node); - // A set LSB signifies that the y-coordinate is odd - var isYOdd = i & 1; +DERNode.prototype._peekTag = function peekTag(buffer, tag, any) { + if (buffer.isEmpty()) + return false; - // The more significant bit specifies whether we should use the - // first or second candidate key. - var isSecondKey = i >> 1; + var state = buffer.save(); + var decodedTag = derDecodeTag(buffer, 'Failed to peek tag: "' + tag + '"'); + if (buffer.isError(decodedTag)) + return decodedTag; - var n = Point.getN(); - var G = Point.getG(); + buffer.restore(state); - // 1.1 Let x = r + jn - var x = isSecondKey ? r.add(n) : r; - var R = Point.fromX(isYOdd, x); + return decodedTag.tag === tag || decodedTag.tagStr === tag || + (decodedTag.tagStr + 'of') === tag || any; +}; - // 1.4 Check that nR is at infinity - var nR = R.mul(n); +DERNode.prototype._decodeTag = function decodeTag(buffer, tag, any) { + var decodedTag = derDecodeTag(buffer, + 'Failed to decode tag of "' + tag + '"'); + if (buffer.isError(decodedTag)) + return decodedTag; - if (!nR.isInfinity()) { - throw new Error('nR is not a valid curve point'); - } + var len = derDecodeLen(buffer, + decodedTag.primitive, + 'Failed to get length of "' + tag + '"'); - // Compute -e from e - var eNeg = e.neg().mod(n); + // Failure + if (buffer.isError(len)) + return len; - // 1.6.1 Compute Q = r^-1 (sR - eG) - // Q = r^-1 (sR + -eG) - var rInv = r.invm(n); + if (!any && + decodedTag.tag !== tag && + decodedTag.tagStr !== tag && + decodedTag.tagStr + 'of' !== tag) { + return buffer.error('Failed to match tag: "' + tag + '"'); + } - //var Q = R.multiplyTwo(s, G, eNeg).mul(rInv); - var Q = R.mul(s).add(G.mul(eNeg)).mul(rInv); + if (decodedTag.primitive || len !== null) + return buffer.skip(len, 'Failed to match body of: "' + tag + '"'); - var pubkey = PublicKey.fromPoint(Q, this.sig.compressed); + // Indefinite length... find END tag + var state = buffer.save(); + var res = this._skipUntilEnd( + buffer, + 'Failed to skip indefinite length body: "' + this.tag + '"'); + if (buffer.isError(res)) + return res; - return pubkey; + len = buffer.offset - state.offset; + buffer.restore(state); + return buffer.skip(len, 'Failed to match body of: "' + tag + '"'); }; -ECDSA.prototype.sigError = function() { - /* jshint maxstatements: 25 */ - if (!BufferUtil.isBuffer(this.hashbuf) || this.hashbuf.length !== 32) { - return 'hashbuf must be a 32 byte buffer'; - } +DERNode.prototype._skipUntilEnd = function skipUntilEnd(buffer, fail) { + while (true) { + var tag = derDecodeTag(buffer, fail); + if (buffer.isError(tag)) + return tag; + var len = derDecodeLen(buffer, tag.primitive, fail); + if (buffer.isError(len)) + return len; - var r = this.sig.r; - var s = this.sig.s; - if (!(r.gt(BN.Zero) && r.lt(Point.getN())) || !(s.gt(BN.Zero) && s.lt(Point.getN()))) { - return 'r and s not in range'; - } + var res; + if (tag.primitive || len !== null) + res = buffer.skip(len) + else + res = this._skipUntilEnd(buffer, fail); - var e = BN.fromBuffer(this.hashbuf, this.endian ? { - endian: this.endian - } : undefined); - var n = Point.getN(); - var sinv = s.invm(n); - var u1 = sinv.mul(e).mod(n); - var u2 = sinv.mul(r).mod(n); + // Failure + if (buffer.isError(res)) + return res; - var p = Point.getG().mulAdd(u1, this.pubkey.point, u2); - if (p.isInfinity()) { - return 'p is infinity'; + if (tag.tagStr === 'end') + break; } +}; - if (p.getX().mod(n).cmp(r) !== 0) { - return 'Invalid signature'; - } else { - return false; +DERNode.prototype._decodeList = function decodeList(buffer, tag, decoder, + options) { + var result = []; + while (!buffer.isEmpty()) { + var possibleEnd = this._peekTag(buffer, 'end'); + if (buffer.isError(possibleEnd)) + return possibleEnd; + + var res = decoder.decode(buffer, 'der', options); + if (buffer.isError(res) && possibleEnd) + break; + result.push(res); } + return result; }; -ECDSA.toLowS = function(s) { - //enforce low s - //see BIP 62, "low S values in signatures" - if (s.gt(BN.fromBuffer(new Buffer('7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0', 'hex')))) { - s = Point.getN().sub(s); +DERNode.prototype._decodeStr = function decodeStr(buffer, tag) { + if (tag === 'bitstr') { + var unused = buffer.readUInt8(); + if (buffer.isError(unused)) + return unused; + return { unused: unused, data: buffer.raw() }; + } else if (tag === 'bmpstr') { + var raw = buffer.raw(); + if (raw.length % 2 === 1) + return buffer.error('Decoding of string type: bmpstr length mismatch'); + + var str = ''; + for (var i = 0; i < raw.length / 2; i++) { + str += String.fromCharCode(raw.readUInt16BE(i * 2)); + } + return str; + } else if (tag === 'numstr') { + var numstr = buffer.raw().toString('ascii'); + if (!this._isNumstr(numstr)) { + return buffer.error('Decoding of string type: ' + + 'numstr unsupported characters'); + } + return numstr; + } else if (tag === 'octstr') { + return buffer.raw(); + } else if (tag === 'printstr') { + var printstr = buffer.raw().toString('ascii'); + if (!this._isPrintstr(printstr)) { + return buffer.error('Decoding of string type: ' + + 'printstr unsupported characters'); + } + return printstr; + } else if (/str$/.test(tag)) { + return buffer.raw().toString(); + } else { + return buffer.error('Decoding of string type: ' + tag + ' unsupported'); } - return s; }; -ECDSA.prototype._findSignature = function(d, e) { - var N = Point.getN(); - var G = Point.getG(); - // try different values of k until r, s are valid - var badrs = 0; - var k, Q, r, s; - do { - if (!this.k || badrs > 0) { - this.deterministicK(badrs); +DERNode.prototype._decodeObjid = function decodeObjid(buffer, values, relative) { + var result; + var identifiers = []; + var ident = 0; + while (!buffer.isEmpty()) { + var subident = buffer.readUInt8(); + ident <<= 7; + ident |= subident & 0x7f; + if ((subident & 0x80) === 0) { + identifiers.push(ident); + ident = 0; } - badrs++; - k = this.k; - Q = G.mul(k); - r = Q.x.mod(N); - s = k.invm(N).mul(e.add(d.mul(r))).mod(N); - } while (r.cmp(BN.Zero) <= 0 || s.cmp(BN.Zero) <= 0); - - s = ECDSA.toLowS(s); - return { - s: s, - r: r - }; + } + if (subident & 0x80) + identifiers.push(ident); -}; + var first = (identifiers[0] / 40) | 0; + var second = identifiers[0] % 40; -ECDSA.prototype.sign = function() { - var hashbuf = this.hashbuf; - var privkey = this.privkey; - var d = privkey.bn; + if (relative) + result = identifiers; + else + result = [first, second].concat(identifiers.slice(1)); - $.checkState(hashbuf && privkey && d, new Error('invalid parameters')); - $.checkState(BufferUtil.isBuffer(hashbuf) && hashbuf.length === 32, new Error('hashbuf must be a 32 byte buffer')); + if (values) { + var tmp = values[result.join(' ')]; + if (tmp === undefined) + tmp = values[result.join('.')]; + if (tmp !== undefined) + result = tmp; + } - var e = BN.fromBuffer(hashbuf, this.endian ? { - endian: this.endian - } : undefined); + return result; +}; - var obj = this._findSignature(d, e); - obj.compressed = this.pubkey.compressed; +DERNode.prototype._decodeTime = function decodeTime(buffer, tag) { + var str = buffer.raw().toString(); + if (tag === 'gentime') { + var year = str.slice(0, 4) | 0; + var mon = str.slice(4, 6) | 0; + var day = str.slice(6, 8) | 0; + var hour = str.slice(8, 10) | 0; + var min = str.slice(10, 12) | 0; + var sec = str.slice(12, 14) | 0; + } else if (tag === 'utctime') { + var year = str.slice(0, 2) | 0; + var mon = str.slice(2, 4) | 0; + var day = str.slice(4, 6) | 0; + var hour = str.slice(6, 8) | 0; + var min = str.slice(8, 10) | 0; + var sec = str.slice(10, 12) | 0; + if (year < 70) + year = 2000 + year; + else + year = 1900 + year; + } else { + return buffer.error('Decoding ' + tag + ' time is not supported yet'); + } - this.sig = new Signature(obj); - return this; + return Date.UTC(year, mon - 1, day, hour, min, sec, 0); }; -ECDSA.prototype.signRandomK = function() { - this.randomK(); - return this.sign(); +DERNode.prototype._decodeNull = function decodeNull(buffer) { + return null; }; -ECDSA.prototype.toString = function() { - var obj = {}; - if (this.hashbuf) { - obj.hashbuf = this.hashbuf.toString('hex'); - } - if (this.privkey) { - obj.privkey = this.privkey.toString(); - } - if (this.pubkey) { - obj.pubkey = this.pubkey.toString(); - } - if (this.sig) { - obj.sig = this.sig.toString(); - } - if (this.k) { - obj.k = this.k.toString(); - } - return JSON.stringify(obj); +DERNode.prototype._decodeBool = function decodeBool(buffer) { + var res = buffer.readUInt8(); + if (buffer.isError(res)) + return res; + else + return res !== 0; }; -ECDSA.prototype.verify = function() { - if (!this.sigError()) { - this.verified = true; - } else { - this.verified = false; - } - return this; -}; +DERNode.prototype._decodeInt = function decodeInt(buffer, values) { + // Bigint, return as it is (assume big endian) + var raw = buffer.raw(); + var res = new bignum(raw); -ECDSA.sign = function(hashbuf, privkey, endian) { - return ECDSA().set({ - hashbuf: hashbuf, - endian: endian, - privkey: privkey - }).sign().sig; -}; + if (values) + res = values[res.toString(10)] || res; -ECDSA.verify = function(hashbuf, sig, pubkey, endian) { - return ECDSA().set({ - hashbuf: hashbuf, - endian: endian, - sig: sig, - pubkey: pubkey - }).verify().verified; + return res; }; -module.exports = ECDSA; - -}).call(this,require("buffer").Buffer) -},{"../publickey":32,"../util/buffer":50,"../util/preconditions":52,"./bn":13,"./hash":15,"./point":16,"./random":17,"./signature":18,"buffer":94,"lodash":78}],15:[function(require,module,exports){ -(function (Buffer){ -'use strict'; - -var crypto = require('crypto'); -var BufferUtil = require('../util/buffer'); -var $ = require('../util/preconditions'); - -var Hash = module.exports; - -Hash.sha1 = function(buf) { - $.checkArgument(BufferUtil.isBuffer(buf)); - return crypto.createHash('sha1').update(buf).digest(); +DERNode.prototype._use = function use(entity, obj) { + if (typeof entity === 'function') + entity = entity(obj); + return entity._getDecoder('der').tree; }; -Hash.sha1.blocksize = 512; +// Utility methods -Hash.sha256 = function(buf) { - $.checkArgument(BufferUtil.isBuffer(buf)); - return crypto.createHash('sha256').update(buf).digest(); -}; +function derDecodeTag(buf, fail) { + var tag = buf.readUInt8(fail); + if (buf.isError(tag)) + return tag; -Hash.sha256.blocksize = 512; + var cls = der.tagClass[tag >> 6]; + var primitive = (tag & 0x20) === 0; -Hash.sha256sha256 = function(buf) { - $.checkArgument(BufferUtil.isBuffer(buf)); - return Hash.sha256(Hash.sha256(buf)); -}; + // Multi-octet tag - load + if ((tag & 0x1f) === 0x1f) { + var oct = tag; + tag = 0; + while ((oct & 0x80) === 0x80) { + oct = buf.readUInt8(fail); + if (buf.isError(oct)) + return oct; -Hash.ripemd160 = function(buf) { - $.checkArgument(BufferUtil.isBuffer(buf)); - return crypto.createHash('ripemd160').update(buf).digest(); -}; + tag <<= 7; + tag |= oct & 0x7f; + } + } else { + tag &= 0x1f; + } + var tagStr = der.tag[tag]; -Hash.sha256ripemd160 = function(buf) { - $.checkArgument(BufferUtil.isBuffer(buf)); - return Hash.ripemd160(Hash.sha256(buf)); -}; + return { + cls: cls, + primitive: primitive, + tag: tag, + tagStr: tagStr + }; +} -Hash.sha512 = function(buf) { - $.checkArgument(BufferUtil.isBuffer(buf)); - return crypto.createHash('sha512').update(buf).digest(); -}; +function derDecodeLen(buf, primitive, fail) { + var len = buf.readUInt8(fail); + if (buf.isError(len)) + return len; -Hash.sha512.blocksize = 1024; + // Indefinite form + if (!primitive && len === 0x80) + return null; -Hash.hmac = function(hashf, data, key) { - //http://en.wikipedia.org/wiki/Hash-based_message_authentication_code - //http://tools.ietf.org/html/rfc4868#section-2 - $.checkArgument(BufferUtil.isBuffer(data)); - $.checkArgument(BufferUtil.isBuffer(key)); - $.checkArgument(hashf.blocksize); + // Definite form + if ((len & 0x80) === 0) { + // Short form + return len; + } - var blocksize = hashf.blocksize / 8; + // Long form + var num = len & 0x7f; + if (num >= 4) + return buf.error('length octect is too long'); - if (key.length > blocksize) { - key = hashf(key); - } else if (key < blocksize) { - var fill = new Buffer(blocksize); - fill.fill(0); - key.copy(fill); - key = fill; + len = 0; + for (var i = 0; i < num; i++) { + len <<= 8; + var j = buf.readUInt8(fail); + if (buf.isError(j)) + return j; + len |= j; } - var o_key = new Buffer(blocksize); - o_key.fill(0x5c); + return len; +} - var i_key = new Buffer(blocksize); - i_key.fill(0x36); +},{"../../asn1":7,"inherits":259}],16:[function(require,module,exports){ +var decoders = exports; - var o_key_pad = new Buffer(blocksize); - var i_key_pad = new Buffer(blocksize); - for (var i = 0; i < blocksize; i++) { - o_key_pad[i] = o_key[i] ^ key[i]; - i_key_pad[i] = i_key[i] ^ key[i]; - } +decoders.der = require('./der'); +decoders.pem = require('./pem'); - return hashf(Buffer.concat([o_key_pad, hashf(Buffer.concat([i_key_pad, data]))])); -}; +},{"./der":15,"./pem":17}],17:[function(require,module,exports){ +var inherits = require('inherits'); +var Buffer = require('buffer').Buffer; -Hash.sha256hmac = function(data, key) { - return Hash.hmac(Hash.sha256, data, key); -}; +var DERDecoder = require('./der'); -Hash.sha512hmac = function(data, key) { - return Hash.hmac(Hash.sha512, data, key); +function PEMDecoder(entity) { + DERDecoder.call(this, entity); + this.enc = 'pem'; }; +inherits(PEMDecoder, DERDecoder); +module.exports = PEMDecoder; -}).call(this,require("buffer").Buffer) -},{"../util/buffer":50,"../util/preconditions":52,"buffer":94,"crypto":98}],16:[function(require,module,exports){ -(function (Buffer){ -'use strict'; +PEMDecoder.prototype.decode = function decode(data, options) { + var lines = data.toString().split(/[\r\n]+/g); -var BN = require('./bn'); -var BufferUtil = require('../util/buffer'); -var ec = require('elliptic').curves.secp256k1; -var ecPoint = ec.curve.point.bind(ec.curve); -var ecPointFromX = ec.curve.pointFromX.bind(ec.curve); + var label = options.label.toUpperCase(); -/** - * - * Instantiate a valid secp256k1 Point from the X and Y coordinates. - * - * @param {BN|String} x - The X coordinate - * @param {BN|String} y - The Y coordinate - * @link https://github.com/indutny/elliptic - * @augments elliptic.curve.point - * @throws {Error} A validation error if exists - * @returns {Point} An instance of Point - * @constructor - */ -var Point = function Point(x, y, isRed) { - var point = ecPoint(x, y, isRed); - point.validate(); - return point; -}; + var re = /^-----(BEGIN|END) ([^-]+)-----$/; + var start = -1; + var end = -1; + for (var i = 0; i < lines.length; i++) { + var match = lines[i].match(re); + if (match === null) + continue; -Point.prototype = Object.getPrototypeOf(ec.curve.point()); + if (match[2] !== label) + continue; -/** - * - * Instantiate a valid secp256k1 Point from only the X coordinate - * - * @param {boolean} odd - If the Y coordinate is odd - * @param {BN|String} x - The X coordinate - * @throws {Error} A validation error if exists - * @returns {Point} An instance of Point - */ -Point.fromX = function fromX(odd, x){ - var point = ecPointFromX(odd, x); - point.validate(); - return point; -}; + if (start === -1) { + if (match[1] !== 'BEGIN') + break; + start = i; + } else { + if (match[1] !== 'END') + break; + end = i; + break; + } + } + if (start === -1 || end === -1) + throw new Error('PEM section not found for: ' + label); -/** - * - * Will return a secp256k1 ECDSA base point. - * - * @link https://en.bitcoin.it/wiki/Secp256k1 - * @returns {Point} An instance of the base point. - */ -Point.getG = function getG() { - return ec.curve.g; -}; + var base64 = lines.slice(start + 1, end).join(''); + // Remove excessive symbols + base64.replace(/[^a-z0-9\+\/=]+/gi, ''); -/** - * - * Will return the max of range of valid private keys as governed by the secp256k1 ECDSA standard. - * - * @link https://en.bitcoin.it/wiki/Private_key#Range_of_valid_ECDSA_private_keys - * @returns {BN} A BN instance of the number of points on the curve - */ -Point.getN = function getN() { - return new BN(ec.curve.n.toArray()); + var input = new Buffer(base64, 'base64'); + return DERDecoder.prototype.decode.call(this, input, options); }; -Point.prototype._getX = Point.prototype.getX; +},{"./der":15,"buffer":158,"inherits":259}],18:[function(require,module,exports){ +var inherits = require('inherits'); +var Buffer = require('buffer').Buffer; -/** - * - * Will return the X coordinate of the Point - * - * @returns {BN} A BN instance of the X coordinate - */ -Point.prototype.getX = function getX() { - return new BN(this._getX().toArray()); -}; +var asn1 = require('../../asn1'); +var base = asn1.base; -Point.prototype._getY = Point.prototype.getY; +// Import DER constants +var der = asn1.constants.der; -/** - * - * Will return the Y coordinate of the Point - * - * @returns {BN} A BN instance of the Y coordinate - */ -Point.prototype.getY = function getY() { - return new BN(this._getY().toArray()); +function DEREncoder(entity) { + this.enc = 'der'; + this.name = entity.name; + this.entity = entity; + + // Construct base tree + this.tree = new DERNode(); + this.tree._init(entity.body); }; +module.exports = DEREncoder; -/** - * - * Will determine if the point is valid - * - * @link https://www.iacr.org/archive/pkc2003/25670211/25670211.pdf - * @param {Point} An instance of Point - * @throws {Error} A validation error if exists - * @returns {Point} An instance of the same Point - */ -Point.prototype.validate = function validate() { +DEREncoder.prototype.encode = function encode(data, reporter) { + return this.tree._encode(data, reporter).join(); +}; - if (this.isInfinity()){ - throw new Error('Point cannot be equal to Infinity'); - } +// Tree methods - if (this.getX().cmp(BN.Zero) === 0 || this.getY().cmp(BN.Zero) === 0){ - throw new Error('Invalid x,y value for curve, cannot equal 0.'); - } +function DERNode(parent) { + base.Node.call(this, 'der', parent); +} +inherits(DERNode, base.Node); - var p2 = ecPointFromX(this.getY().isOdd(), this.getX()); +DERNode.prototype._encodeComposite = function encodeComposite(tag, + primitive, + cls, + content) { + var encodedTag = encodeTag(tag, primitive, cls, this.reporter); - if (p2.y.cmp(this.y) !== 0) { - throw new Error('Invalid y value for curve.'); + // Short form + if (content.length < 0x80) { + var header = new Buffer(2); + header[0] = encodedTag; + header[1] = content.length; + return this._createEncoderBuffer([ header, content ]); } - var xValidRange = (this.getX().gt(BN.Minus1) && this.getX().lt(Point.getN())); - var yValidRange = (this.getY().gt(BN.Minus1) && this.getY().lt(Point.getN())); - - if ( !xValidRange || !yValidRange ) { - throw new Error('Point does not lie on the curve'); - } + // Long form + // Count octets required to store length + var lenOctets = 1; + for (var i = content.length; i >= 0x100; i >>= 8) + lenOctets++; - //todo: needs test case - if (!(this.mul(Point.getN()).isInfinity())) { - throw new Error('Point times N must be infinity'); - } + var header = new Buffer(1 + 1 + lenOctets); + header[0] = encodedTag; + header[1] = 0x80 | lenOctets; - return this; + for (var i = 1 + lenOctets, j = content.length; j > 0; i--, j >>= 8) + header[i] = j & 0xff; + return this._createEncoderBuffer([ header, content ]); }; -Point.pointToCompressed = function pointToCompressed(point) { - var xbuf = point.getX().toBuffer({size: 32}); - var ybuf = point.getY().toBuffer({size: 32}); - - var prefix; - var odd = ybuf[ybuf.length - 1] % 2; - if (odd) { - prefix = new Buffer([0x03]); +DERNode.prototype._encodeStr = function encodeStr(str, tag) { + if (tag === 'bitstr') { + return this._createEncoderBuffer([ str.unused | 0, str.data ]); + } else if (tag === 'bmpstr') { + var buf = new Buffer(str.length * 2); + for (var i = 0; i < str.length; i++) { + buf.writeUInt16BE(str.charCodeAt(i), i * 2); + } + return this._createEncoderBuffer(buf); + } else if (tag === 'numstr') { + if (!this._isNumstr(str)) { + return this.reporter.error('Encoding of string type: numstr supports ' + + 'only digits and space'); + } + return this._createEncoderBuffer(str); + } else if (tag === 'printstr') { + if (!this._isPrintstr(str)) { + return this.reporter.error('Encoding of string type: printstr supports ' + + 'only latin upper and lower case letters, ' + + 'digits, space, apostrophe, left and rigth ' + + 'parenthesis, plus sign, comma, hyphen, ' + + 'dot, slash, colon, equal sign, ' + + 'question mark'); + } + return this._createEncoderBuffer(str); + } else if (/str$/.test(tag)) { + return this._createEncoderBuffer(str); } else { - prefix = new Buffer([0x02]); + return this.reporter.error('Encoding of string type: ' + tag + + ' unsupported'); } - return BufferUtil.concat([prefix, xbuf]); }; -module.exports = Point; +DERNode.prototype._encodeObjid = function encodeObjid(id, values, relative) { + if (typeof id === 'string') { + if (!values) + return this.reporter.error('string objid given, but no values map found'); + if (!values.hasOwnProperty(id)) + return this.reporter.error('objid not found in values map'); + id = values[id].split(/[\s\.]+/g); + for (var i = 0; i < id.length; i++) + id[i] |= 0; + } else if (Array.isArray(id)) { + id = id.slice(); + for (var i = 0; i < id.length; i++) + id[i] |= 0; + } -}).call(this,require("buffer").Buffer) -},{"../util/buffer":50,"./bn":13,"buffer":94,"elliptic":56}],17:[function(require,module,exports){ -(function (process,Buffer){ -'use strict'; + if (!Array.isArray(id)) { + return this.reporter.error('objid() should be either array or string, ' + + 'got: ' + JSON.stringify(id)); + } -function Random() { -} + if (!relative) { + if (id[1] >= 40) + return this.reporter.error('Second objid identifier OOB'); + id.splice(0, 2, id[0] * 40 + id[1]); + } -/* secure random bytes that sometimes throws an error due to lack of entropy */ -Random.getRandomBuffer = function(size) { - if (process.browser) - return Random.getRandomBufferBrowser(size); - else - return Random.getRandomBufferNode(size); -}; + // Count number of octets + var size = 0; + for (var i = 0; i < id.length; i++) { + var ident = id[i]; + for (size++; ident >= 0x80; ident >>= 7) + size++; + } -Random.getRandomBufferNode = function(size) { - var crypto = require('crypto'); - return crypto.randomBytes(size); -}; + var objid = new Buffer(size); + var offset = objid.length - 1; + for (var i = id.length - 1; i >= 0; i--) { + var ident = id[i]; + objid[offset--] = ident & 0x7f; + while ((ident >>= 7) > 0) + objid[offset--] = 0x80 | (ident & 0x7f); + } -Random.getRandomBufferBrowser = function(size) { - if (!window.crypto && !window.msCrypto) - throw new Error('window.crypto not available'); + return this._createEncoderBuffer(objid); +}; - if (window.crypto && window.crypto.getRandomValues) - var crypto = window.crypto; - else if (window.msCrypto && window.msCrypto.getRandomValues) //internet explorer - var crypto = window.msCrypto; +function two(num) { + if (num < 10) + return '0' + num; else - throw new Error('window.crypto.getRandomValues not available'); + return num; +} - var bbuf = new Uint8Array(size); - crypto.getRandomValues(bbuf); - var buf = new Buffer(bbuf); +DERNode.prototype._encodeTime = function encodeTime(time, tag) { + var str; + var date = new Date(time); - return buf; + if (tag === 'gentime') { + str = [ + two(date.getFullYear()), + two(date.getUTCMonth() + 1), + two(date.getUTCDate()), + two(date.getUTCHours()), + two(date.getUTCMinutes()), + two(date.getUTCSeconds()), + 'Z' + ].join(''); + } else if (tag === 'utctime') { + str = [ + two(date.getFullYear() % 100), + two(date.getUTCMonth() + 1), + two(date.getUTCDate()), + two(date.getUTCHours()), + two(date.getUTCMinutes()), + two(date.getUTCSeconds()), + 'Z' + ].join(''); + } else { + this.reporter.error('Encoding ' + tag + ' time is not supported yet'); + } + + return this._encodeStr(str, 'octstr'); }; -/* insecure random bytes, but it never fails */ -Random.getPseudoRandomBuffer = function(size) { - var b32 = 0x100000000; - var b = new Buffer(size); - var r; +DERNode.prototype._encodeNull = function encodeNull() { + return this._createEncoderBuffer(''); +}; - for (var i = 0; i <= size; i++) { - var j = Math.floor(i / 4); - var k = i - j * 4; - if (k === 0) { - r = Math.random() * b32; - b[i] = r & 0xff; - } else { - b[i] = (r = r >>> 8) & 0xff; +DERNode.prototype._encodeInt = function encodeInt(num, values) { + if (typeof num === 'string') { + if (!values) + return this.reporter.error('String int or enum given, but no values map'); + if (!values.hasOwnProperty(num)) { + return this.reporter.error('Values map doesn\'t contain: ' + + JSON.stringify(num)); } + num = values[num]; } - return b; -}; - -module.exports = Random; - -}).call(this,require('_process'),require("buffer").Buffer) -},{"_process":294,"buffer":94,"crypto":98}],18:[function(require,module,exports){ -(function (Buffer){ -'use strict'; + // Bignum, assume big endian + if (typeof num !== 'number' && !Buffer.isBuffer(num)) { + var numArray = num.toArray(); + if (!num.sign && numArray[0] & 0x80) { + numArray.unshift(0); + } + num = new Buffer(numArray); + } -var BN = require('./bn'); -var _ = require('lodash'); -var $ = require('../util/preconditions'); -var BufferUtil = require('../util/buffer'); -var JSUtil = require('../util/js'); + if (Buffer.isBuffer(num)) { + var size = num.length; + if (num.length === 0) + size++; -var Signature = function Signature(r, s) { - if (!(this instanceof Signature)) { - return new Signature(r, s); - } - if (r instanceof BN) { - this.set({ - r: r, - s: s - }); - } else if (r) { - var obj = r; - this.set(obj); + var out = new Buffer(size); + num.copy(out); + if (num.length === 0) + out[0] = 0 + return this._createEncoderBuffer(out); } -}; -/* jshint maxcomplexity: 7 */ -Signature.prototype.set = function(obj) { - this.r = obj.r || this.r || undefined; - this.s = obj.s || this.s || undefined; - this.i = typeof obj.i !== 'undefined' ? obj.i : this.i; //public key recovery parameter in range [0, 3] - this.compressed = typeof obj.compressed !== 'undefined' ? - obj.compressed : this.compressed; //whether the recovered pubkey is compressed - this.nhashtype = obj.nhashtype || this.nhashtype || undefined; - return this; -}; + if (num < 0x80) + return this._createEncoderBuffer(num); -Signature.fromCompact = function(buf) { - $.checkArgument(BufferUtil.isBuffer(buf), 'Argument is expected to be a Buffer'); + if (num < 0x100) + return this._createEncoderBuffer([0, num]); - var sig = new Signature(); + var size = 1; + for (var i = num; i >= 0x100; i >>= 8) + size++; - var compressed = true; - var i = buf.slice(0, 1)[0] - 27 - 4; - if (i < 0) { - compressed = false; - i = i + 4; + var out = new Array(size); + for (var i = out.length - 1; i >= 0; i--) { + out[i] = num & 0xff; + num >>= 8; + } + if(out[0] & 0x80) { + out.unshift(0); } - var b2 = buf.slice(1, 33); - var b3 = buf.slice(33, 65); - - $.checkArgument(i === 0 || i === 1 || i === 2 || i === 3, new Error('i must be 0, 1, 2, or 3')); - $.checkArgument(b2.length === 32, new Error('r must be 32 bytes')); - $.checkArgument(b3.length === 32, new Error('s must be 32 bytes')); + return this._createEncoderBuffer(new Buffer(out)); +}; - sig.compressed = compressed; - sig.i = i; - sig.r = BN.fromBuffer(b2); - sig.s = BN.fromBuffer(b3); +DERNode.prototype._encodeBool = function encodeBool(value) { + return this._createEncoderBuffer(value ? 0xff : 0); +}; - return sig; +DERNode.prototype._use = function use(entity, obj) { + if (typeof entity === 'function') + entity = entity(obj); + return entity._getEncoder('der').tree; }; -Signature.fromDER = Signature.fromBuffer = function(buf, strict) { - var obj = Signature.parseDER(buf, strict); - var sig = new Signature(); +DERNode.prototype._skipDefault = function skipDefault(dataBuffer, reporter, parent) { + var state = this._baseState; + var i; + if (state['default'] === null) + return false; - sig.r = obj.r; - sig.s = obj.s; + var data = dataBuffer.join(); + if (state.defaultBuffer === undefined) + state.defaultBuffer = this._encodeValue(state['default'], reporter, parent).join(); - return sig; -}; + if (data.length !== state.defaultBuffer.length) + return false; -// The format used in a tx -Signature.fromTxFormat = function(buf) { - var nhashtype = buf.readUInt8(buf.length - 1); - var derbuf = buf.slice(0, buf.length - 1); - var sig = new Signature.fromDER(derbuf, false); - sig.nhashtype = nhashtype; - return sig; -}; + for (i=0; i < data.length; i++) + if (data[i] !== state.defaultBuffer[i]) + return false; -Signature.fromString = function(str) { - var buf = new Buffer(str, 'hex'); - return Signature.fromDER(buf); + return true; }; +// Utility methods -/** - * In order to mimic the non-strict DER encoding of OpenSSL, set strict = false. - */ -Signature.parseDER = function(buf, strict) { - $.checkArgument(BufferUtil.isBuffer(buf), new Error('DER formatted signature should be a buffer')); - if (_.isUndefined(strict)) { - strict = true; - } +function encodeTag(tag, primitive, cls, reporter) { + var res; - var header = buf[0]; - $.checkArgument(header === 0x30, new Error('Header byte should be 0x30')); + if (tag === 'seqof') + tag = 'seq'; + else if (tag === 'setof') + tag = 'set'; - var length = buf[1]; - var buflength = buf.slice(2).length; - $.checkArgument(!strict || length === buflength, new Error('Length byte should length of what follows')); + if (der.tagByName.hasOwnProperty(tag)) + res = der.tagByName[tag]; + else if (typeof tag === 'number' && (tag | 0) === tag) + res = tag; + else + return reporter.error('Unknown tag: ' + tag); - length = length < buflength ? length : buflength; + if (res >= 0x1f) + return reporter.error('Multi-octet tag encoding unsupported'); - var rheader = buf[2 + 0]; - $.checkArgument(rheader === 0x02, new Error('Integer byte for r should be 0x02')); + if (!primitive) + res |= 0x20; - var rlength = buf[2 + 1]; - var rbuf = buf.slice(2 + 2, 2 + 2 + rlength); - var r = BN.fromBuffer(rbuf); - var rneg = buf[2 + 1 + 1] === 0x00 ? true : false; - $.checkArgument(rlength === rbuf.length, new Error('Length of r incorrect')); + res |= (der.tagClassByName[cls || 'universal'] << 6); - var sheader = buf[2 + 2 + rlength + 0]; - $.checkArgument(sheader === 0x02, new Error('Integer byte for s should be 0x02')); + return res; +} - var slength = buf[2 + 2 + rlength + 1]; - var sbuf = buf.slice(2 + 2 + rlength + 2, 2 + 2 + rlength + 2 + slength); - var s = BN.fromBuffer(sbuf); - var sneg = buf[2 + 2 + rlength + 2 + 2] === 0x00 ? true : false; - $.checkArgument(slength === sbuf.length, new Error('Length of s incorrect')); +},{"../../asn1":7,"buffer":158,"inherits":259}],19:[function(require,module,exports){ +var encoders = exports; - var sumlength = 2 + 2 + rlength + 2 + slength; - $.checkArgument(length === sumlength - 2, new Error('Length of signature incorrect')); +encoders.der = require('./der'); +encoders.pem = require('./pem'); - var obj = { - header: header, - length: length, - rheader: rheader, - rlength: rlength, - rneg: rneg, - rbuf: rbuf, - r: r, - sheader: sheader, - slength: slength, - sneg: sneg, - sbuf: sbuf, - s: s - }; +},{"./der":18,"./pem":20}],20:[function(require,module,exports){ +var inherits = require('inherits'); - return obj; +var DEREncoder = require('./der'); + +function PEMEncoder(entity) { + DEREncoder.call(this, entity); + this.enc = 'pem'; }; +inherits(PEMEncoder, DEREncoder); +module.exports = PEMEncoder; +PEMEncoder.prototype.encode = function encode(data, options) { + var buf = DEREncoder.prototype.encode.call(this, data); -Signature.prototype.toCompact = function(i, compressed) { - i = typeof i === 'number' ? i : this.i; - compressed = typeof compressed === 'boolean' ? compressed : this.compressed; + var p = buf.toString('base64'); + var out = [ '-----BEGIN ' + options.label + '-----' ]; + for (var i = 0; i < p.length; i += 64) + out.push(p.slice(i, i + 64)); + out.push('-----END ' + options.label + '-----'); + return out.join('\n'); +}; - if (!(i === 0 || i === 1 || i === 2 || i === 3)) { - throw new Error('i must be equal to 0, 1, 2, or 3'); - } +},{"./der":18,"inherits":259}],21:[function(require,module,exports){ +(function (module, exports) { + 'use strict'; - var val = i + 27 + 4; - if (compressed === false) { - val = val - 4; + // Utils + function assert (val, msg) { + if (!val) throw new Error(msg || 'Assertion failed'); } - var b1 = new Buffer([val]); - var b2 = this.r.toBuffer({ - size: 32 - }); - var b3 = this.s.toBuffer({ - size: 32 - }); - return Buffer.concat([b1, b2, b3]); -}; -Signature.prototype.toBuffer = Signature.prototype.toDER = function() { - var rnbuf = this.r.toBuffer(); - var snbuf = this.s.toBuffer(); + // Could use `inherits` module, but don't want to move from single file + // architecture yet. + function inherits (ctor, superCtor) { + ctor.super_ = superCtor; + var TempCtor = function () {}; + TempCtor.prototype = superCtor.prototype; + ctor.prototype = new TempCtor(); + ctor.prototype.constructor = ctor; + } - var rneg = rnbuf[0] & 0x80 ? true : false; - var sneg = snbuf[0] & 0x80 ? true : false; + // BN - var rbuf = rneg ? Buffer.concat([new Buffer([0x00]), rnbuf]) : rnbuf; - var sbuf = sneg ? Buffer.concat([new Buffer([0x00]), snbuf]) : snbuf; + function BN (number, base, endian) { + if (BN.isBN(number)) { + return number; + } - var rlength = rbuf.length; - var slength = sbuf.length; - var length = 2 + rlength + 2 + slength; - var rheader = 0x02; - var sheader = 0x02; - var header = 0x30; + this.negative = 0; + this.words = null; + this.length = 0; - var der = Buffer.concat([new Buffer([header, length, rheader, rlength]), rbuf, new Buffer([sheader, slength]), sbuf]); - return der; -}; + // Reduction context + this.red = null; -Signature.prototype.toString = function() { - var buf = this.toDER(); - return buf.toString('hex'); -}; + if (number !== null) { + if (base === 'le' || base === 'be') { + endian = base; + base = 10; + } -/** - * This function is translated from bitcoind's IsDERSignature and is used in - * the script interpreter. This "DER" format actually includes an extra byte, - * the nhashtype, at the end. It is really the tx format, not DER format. - * - * A canonical signature exists of: [30] [total len] [02] [len R] [R] [02] [len S] [S] [hashtype] - * Where R and S are not negative (their first byte has its highest bit not set), and not - * excessively padded (do not start with a 0 byte, unless an otherwise negative number follows, - * in which case a single 0 byte is necessary and even required). - * - * See https://bitcointalk.org/index.php?topic=8392.msg127623#msg127623 - */ -Signature.isTxDER = function(buf) { - if (buf.length < 9) { - // Non-canonical signature: too short - return false; - } - if (buf.length > 73) { - // Non-canonical signature: too long - return false; - } - if (buf[0] !== 0x30) { - // Non-canonical signature: wrong type - return false; - } - if (buf[1] !== buf.length - 3) { - // Non-canonical signature: wrong length marker - return false; - } - var nLenR = buf[3]; - if (5 + nLenR >= buf.length) { - // Non-canonical signature: S length misplaced - return false; + this._init(number || 0, base || 10, endian || 'be'); + } } - var nLenS = buf[5 + nLenR]; - if ((nLenR + nLenS + 7) !== buf.length) { - // Non-canonical signature: R+S length mismatch - return false; + if (typeof module === 'object') { + module.exports = BN; + } else { + exports.BN = BN; } - var R = buf.slice(4); - if (buf[4 - 2] !== 0x02) { - // Non-canonical signature: R value type mismatch - return false; - } - if (nLenR === 0) { - // Non-canonical signature: R length is zero - return false; - } - if (R[0] & 0x80) { - // Non-canonical signature: R value negative - return false; - } - if (nLenR > 1 && (R[0] === 0x00) && !(R[1] & 0x80)) { - // Non-canonical signature: R value excessively padded - return false; - } + BN.BN = BN; + BN.wordSize = 26; - var S = buf.slice(6 + nLenR); - if (buf[6 + nLenR - 2] !== 0x02) { - // Non-canonical signature: S value type mismatch - return false; - } - if (nLenS === 0) { - // Non-canonical signature: S length is zero - return false; - } - if (S[0] & 0x80) { - // Non-canonical signature: S value negative - return false; - } - if (nLenS > 1 && (S[0] === 0x00) && !(S[1] & 0x80)) { - // Non-canonical signature: S value excessively padded - return false; + var Buffer; + try { + Buffer = require('buf' + 'fer').Buffer; + } catch (e) { } - return true; -}; -/** - * Compares to bitcoind's IsLowDERSignature - * See also ECDSA signature algorithm which enforces this. - * See also BIP 62, "low S values in signatures" - */ -Signature.prototype.hasLowS = function() { - if (this.s.lt(new BN(1)) || - this.s.gt(new BN('7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0', 'hex'))) { - return false; - } - return true; -}; + BN.isBN = function isBN (num) { + if (num instanceof BN) { + return true; + } -/** - * @returns true if the nhashtype is exactly equal to one of the standard options or combinations thereof. - * Translated from bitcoind's IsDefinedHashtypeSignature - */ -Signature.prototype.hasDefinedHashtype = function() { - if (!JSUtil.isNaturalNumber(this.nhashtype)) { - return false; - } - // accept with or without Signature.SIGHASH_ANYONECANPAY by ignoring the bit - var temp = this.nhashtype & ~Signature.SIGHASH_ANYONECANPAY; - if (temp < Signature.SIGHASH_ALL || temp > Signature.SIGHASH_SINGLE) { - return false; - } - return true; -}; + return num !== null && typeof num === 'object' && + num.constructor.wordSize === BN.wordSize && Array.isArray(num.words); + }; -Signature.prototype.toTxFormat = function() { - var derbuf = this.toDER(); - var buf = new Buffer(1); - buf.writeUInt8(this.nhashtype, 0); - return Buffer.concat([derbuf, buf]); -}; + BN.max = function max (left, right) { + if (left.cmp(right) > 0) return left; + return right; + }; -Signature.SIGHASH_ALL = 0x01; -Signature.SIGHASH_NONE = 0x02; -Signature.SIGHASH_SINGLE = 0x03; -Signature.SIGHASH_ANYONECANPAY = 0x80; + BN.min = function min (left, right) { + if (left.cmp(right) < 0) return left; + return right; + }; -module.exports = Signature; + BN.prototype._init = function init (number, base, endian) { + if (typeof number === 'number') { + return this._initNumber(number, base, endian); + } -}).call(this,require("buffer").Buffer) -},{"../util/buffer":50,"../util/js":51,"../util/preconditions":52,"./bn":13,"buffer":94,"lodash":78}],19:[function(require,module,exports){ -(function (Buffer){ -'use strict'; + if (typeof number === 'object') { + return this._initArray(number, base, endian); + } -var _ = require('lodash'); -var bs58 = require('bs58'); -var buffer = require('buffer'); + if (base === 'hex') { + base = 16; + } + assert(base === (base | 0) && base >= 2 && base <= 36); -var ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz'.split(''); + number = number.toString().replace(/\s+/g, ''); + var start = 0; + if (number[0] === '-') { + start++; + } -var Base58 = function Base58(obj) { - /* jshint maxcomplexity: 8 */ - if (!(this instanceof Base58)) { - return new Base58(obj); - } - if (Buffer.isBuffer(obj)) { - var buf = obj; - this.fromBuffer(buf); - } else if (typeof obj === 'string') { - var str = obj; - this.fromString(str); - } else if (obj) { - this.set(obj); - } -}; + if (base === 16) { + this._parseHex(number, start); + } else { + this._parseBase(number, base, start); + } -Base58.validCharacters = function validCharacters(chars) { - if (buffer.Buffer.isBuffer(chars)) { - chars = chars.toString(); - } - return _.all(_.map(chars, function(char) { return _.contains(ALPHABET, char); })); -}; + if (number[0] === '-') { + this.negative = 1; + } -Base58.prototype.set = function(obj) { - this.buf = obj.buf || this.buf || undefined; - return this; -}; + this.strip(); -Base58.encode = function(buf) { - if (!buffer.Buffer.isBuffer(buf)) { - throw new Error('Input should be a buffer'); - } - return bs58.encode(buf); -}; + if (endian !== 'le') return; -Base58.decode = function(str) { - if (typeof str !== 'string') { - throw new Error('Input should be a string'); - } - return new Buffer(bs58.decode(str)); -}; + this._initArray(this.toArray(), base, endian); + }; -Base58.prototype.fromBuffer = function(buf) { - this.buf = buf; - return this; -}; + BN.prototype._initNumber = function _initNumber (number, base, endian) { + if (number < 0) { + this.negative = 1; + number = -number; + } + if (number < 0x4000000) { + this.words = [ number & 0x3ffffff ]; + this.length = 1; + } else if (number < 0x10000000000000) { + this.words = [ + number & 0x3ffffff, + (number / 0x4000000) & 0x3ffffff + ]; + this.length = 2; + } else { + assert(number < 0x20000000000000); // 2 ^ 53 (unsafe) + this.words = [ + number & 0x3ffffff, + (number / 0x4000000) & 0x3ffffff, + 1 + ]; + this.length = 3; + } -Base58.prototype.fromString = function(str) { - var buf = Base58.decode(str); - this.buf = buf; - return this; -}; + if (endian !== 'le') return; -Base58.prototype.toBuffer = function() { - return this.buf; -}; + // Reverse the bytes + this._initArray(this.toArray(), base, endian); + }; -Base58.prototype.toString = function() { - return Base58.encode(this.buf); -}; + BN.prototype._initArray = function _initArray (number, base, endian) { + // Perhaps a Uint8Array + assert(typeof number.length === 'number'); + if (number.length <= 0) { + this.words = [ 0 ]; + this.length = 1; + return this; + } -module.exports = Base58; + this.length = Math.ceil(number.length / 3); + this.words = new Array(this.length); + for (var i = 0; i < this.length; i++) { + this.words[i] = 0; + } -}).call(this,require("buffer").Buffer) -},{"bs58":54,"buffer":94,"lodash":78}],20:[function(require,module,exports){ -(function (Buffer){ -'use strict'; + var j, w; + var off = 0; + if (endian === 'be') { + for (i = number.length - 1, j = 0; i >= 0; i -= 3) { + w = number[i] | (number[i - 1] << 8) | (number[i - 2] << 16); + this.words[j] |= (w << off) & 0x3ffffff; + this.words[j + 1] = (w >>> (26 - off)) & 0x3ffffff; + off += 24; + if (off >= 26) { + off -= 26; + j++; + } + } + } else if (endian === 'le') { + for (i = 0, j = 0; i < number.length; i += 3) { + w = number[i] | (number[i + 1] << 8) | (number[i + 2] << 16); + this.words[j] |= (w << off) & 0x3ffffff; + this.words[j + 1] = (w >>> (26 - off)) & 0x3ffffff; + off += 24; + if (off >= 26) { + off -= 26; + j++; + } + } + } + return this.strip(); + }; -var _ = require('lodash'); -var Base58 = require('./base58'); -var buffer = require('buffer'); -var sha256sha256 = require('../crypto/hash').sha256sha256; + function parseHex (str, start, end) { + var r = 0; + var len = Math.min(str.length, end); + for (var i = start; i < len; i++) { + var c = str.charCodeAt(i) - 48; -var Base58Check = function Base58Check(obj) { - if (!(this instanceof Base58Check)) - return new Base58Check(obj); - if (Buffer.isBuffer(obj)) { - var buf = obj; - this.fromBuffer(buf); - } else if (typeof obj === 'string') { - var str = obj; - this.fromString(str); - } else if (obj) { - this.set(obj); - } -}; + r <<= 4; -Base58Check.prototype.set = function(obj) { - this.buf = obj.buf || this.buf || undefined; - return this; -}; + // 'a' - 'f' + if (c >= 49 && c <= 54) { + r |= c - 49 + 0xa; -Base58Check.validChecksum = function validChecksum(data, checksum) { - if (_.isString(data)) { - data = new buffer.Buffer(Base58.decode(data)); - } - if (_.isString(checksum)) { - checksum = new buffer.Buffer(Base58.decode(checksum)); - } - if (!checksum) { - checksum = data.slice(-4); - data = data.slice(0, -4); + // 'A' - 'F' + } else if (c >= 17 && c <= 22) { + r |= c - 17 + 0xa; + + // '0' - '9' + } else { + r |= c & 0xf; + } + } + return r; } - return Base58Check.checksum(data).toString('hex') === checksum.toString('hex'); -}; -Base58Check.decode = function(s) { - if (typeof s !== 'string') - throw new Error('Input must be a string'); + BN.prototype._parseHex = function _parseHex (number, start) { + // Create possibly bigger array to ensure that it fits the number + this.length = Math.ceil((number.length - start) / 6); + this.words = new Array(this.length); + for (var i = 0; i < this.length; i++) { + this.words[i] = 0; + } - var buf = new Buffer(Base58.decode(s)); + var j, w; + // Scan 24-bit chunks and add them to the number + var off = 0; + for (i = number.length - 6, j = 0; i >= start; i -= 6) { + w = parseHex(number, i, i + 6); + this.words[j] |= (w << off) & 0x3ffffff; + // NOTE: `0x3fffff` is intentional here, 26bits max shift + 24bit hex limb + this.words[j + 1] |= w >>> (26 - off) & 0x3fffff; + off += 24; + if (off >= 26) { + off -= 26; + j++; + } + } + if (i + 6 !== start) { + w = parseHex(number, start, i + 6); + this.words[j] |= (w << off) & 0x3ffffff; + this.words[j + 1] |= w >>> (26 - off) & 0x3fffff; + } + this.strip(); + }; - if (buf.length < 4) - throw new Error("Input string too short"); + function parseBase (str, start, end, mul) { + var r = 0; + var len = Math.min(str.length, end); + for (var i = start; i < len; i++) { + var c = str.charCodeAt(i) - 48; - var data = buf.slice(0, -4); - var csum = buf.slice(-4); + r *= mul; - var hash = sha256sha256(data); - var hash4 = hash.slice(0, 4); + // 'a' + if (c >= 49) { + r += c - 49 + 0xa; - if (csum.toString('hex') !== hash4.toString('hex')) - throw new Error("Checksum mismatch"); + // 'A' + } else if (c >= 17) { + r += c - 17 + 0xa; - return data; -}; + // '0' - '9' + } else { + r += c; + } + } + return r; + } -Base58Check.checksum = function(buffer) { - return sha256sha256(buffer).slice(0, 4); -}; + BN.prototype._parseBase = function _parseBase (number, base, start) { + // Initialize as zero + this.words = [ 0 ]; + this.length = 1; -Base58Check.encode = function(buf) { - if (!Buffer.isBuffer(buf)) - throw new Error('Input must be a buffer'); - var checkedBuf = new Buffer(buf.length + 4); - var hash = Base58Check.checksum(buf); - buf.copy(checkedBuf); - hash.copy(checkedBuf, buf.length); - return Base58.encode(checkedBuf); -}; + // Find length of limb in base + for (var limbLen = 0, limbPow = 1; limbPow <= 0x3ffffff; limbPow *= base) { + limbLen++; + } + limbLen--; + limbPow = (limbPow / base) | 0; -Base58Check.prototype.fromBuffer = function(buf) { - this.buf = buf; - return this; -}; + var total = number.length - start; + var mod = total % limbLen; + var end = Math.min(total, total - mod) + start; -Base58Check.prototype.fromString = function(str) { - var buf = Base58Check.decode(str); - this.buf = buf; - return this; -}; + var word = 0; + for (var i = start; i < end; i += limbLen) { + word = parseBase(number, i, i + limbLen, base); -Base58Check.prototype.toBuffer = function() { - return this.buf; -}; + this.imuln(limbPow); + if (this.words[0] + word < 0x4000000) { + this.words[0] += word; + } else { + this._iaddn(word); + } + } -Base58Check.prototype.toString = function() { - return Base58Check.encode(this.buf); -}; + if (mod !== 0) { + var pow = 1; + word = parseBase(number, i, number.length, base); -module.exports = Base58Check; + for (i = 0; i < mod; i++) { + pow *= base; + } -}).call(this,require("buffer").Buffer) -},{"../crypto/hash":15,"./base58":19,"buffer":94,"lodash":78}],21:[function(require,module,exports){ -(function (Buffer){ -'use strict'; + this.imuln(pow); + if (this.words[0] + word < 0x4000000) { + this.words[0] += word; + } else { + this._iaddn(word); + } + } + }; -var _ = require('lodash'); -var $ = require('../util/preconditions'); -var BufferUtil = require('../util/buffer'); -var BN = require('../crypto/bn'); + BN.prototype.copy = function copy (dest) { + dest.words = new Array(this.length); + for (var i = 0; i < this.length; i++) { + dest.words[i] = this.words[i]; + } + dest.length = this.length; + dest.negative = this.negative; + dest.red = this.red; + }; -var BufferReader = function BufferReader(buf) { - if (!(this instanceof BufferReader)) { - return new BufferReader(buf); - } - if (_.isUndefined(buf)) { - return; - } - if (Buffer.isBuffer(buf)) { - this.set({ - buf: buf - }); - } else if (_.isString(buf)) { - this.set({ - buf: new Buffer(buf, 'hex'), - }); - } else if (_.isObject(buf)) { - var obj = buf; - this.set(obj); - } else { - throw new TypeError('Unrecognized argument for BufferReader'); - } -}; + BN.prototype.clone = function clone () { + var r = new BN(null); + this.copy(r); + return r; + }; -BufferReader.prototype.set = function(obj) { - this.buf = obj.buf || this.buf || undefined; - this.pos = obj.pos || this.pos || 0; - return this; -}; + BN.prototype._expand = function _expand (size) { + while (this.length < size) { + this.words[this.length++] = 0; + } + return this; + }; -BufferReader.prototype.eof = function() { - return this.pos >= this.buf.length; -}; + // Remove leading `0` from `this` + BN.prototype.strip = function strip () { + while (this.length > 1 && this.words[this.length - 1] === 0) { + this.length--; + } + return this._normSign(); + }; -BufferReader.prototype.finished = BufferReader.prototype.eof; + BN.prototype._normSign = function _normSign () { + // -0 = 0 + if (this.length === 1 && this.words[0] === 0) { + this.negative = 0; + } + return this; + }; -BufferReader.prototype.read = function(len) { - $.checkArgument(!_.isUndefined(len), 'Must specify a length'); - var buf = this.buf.slice(this.pos, this.pos + len); - this.pos = this.pos + len; - return buf; -}; + BN.prototype.inspect = function inspect () { + return (this.red ? ''; + }; -BufferReader.prototype.readAll = function() { - var buf = this.buf.slice(this.pos, this.buf.length); - this.pos = this.buf.length; - return buf; -}; + /* -BufferReader.prototype.readUInt8 = function() { - var val = this.buf.readUInt8(this.pos); - this.pos = this.pos + 1; - return val; -}; + var zeros = []; + var groupSizes = []; + var groupBases = []; -BufferReader.prototype.readUInt16BE = function() { - var val = this.buf.readUInt16BE(this.pos); - this.pos = this.pos + 2; - return val; -}; + var s = ''; + var i = -1; + while (++i < BN.wordSize) { + zeros[i] = s; + s += '0'; + } + groupSizes[0] = 0; + groupSizes[1] = 0; + groupBases[0] = 0; + groupBases[1] = 0; + var base = 2 - 1; + while (++base < 36 + 1) { + var groupSize = 0; + var groupBase = 1; + while (groupBase < (1 << BN.wordSize) / base) { + groupBase *= base; + groupSize += 1; + } + groupSizes[base] = groupSize; + groupBases[base] = groupBase; + } -BufferReader.prototype.readUInt16LE = function() { - var val = this.buf.readUInt16LE(this.pos); - this.pos = this.pos + 2; - return val; -}; + */ -BufferReader.prototype.readUInt32BE = function() { - var val = this.buf.readUInt32BE(this.pos); - this.pos = this.pos + 4; - return val; -}; + var zeros = [ + '', + '0', + '00', + '000', + '0000', + '00000', + '000000', + '0000000', + '00000000', + '000000000', + '0000000000', + '00000000000', + '000000000000', + '0000000000000', + '00000000000000', + '000000000000000', + '0000000000000000', + '00000000000000000', + '000000000000000000', + '0000000000000000000', + '00000000000000000000', + '000000000000000000000', + '0000000000000000000000', + '00000000000000000000000', + '000000000000000000000000', + '0000000000000000000000000' + ]; -BufferReader.prototype.readUInt32LE = function() { - var val = this.buf.readUInt32LE(this.pos); - this.pos = this.pos + 4; - return val; -}; + var groupSizes = [ + 0, 0, + 25, 16, 12, 11, 10, 9, 8, + 8, 7, 7, 7, 7, 6, 6, + 6, 6, 6, 6, 6, 5, 5, + 5, 5, 5, 5, 5, 5, 5, + 5, 5, 5, 5, 5, 5, 5 + ]; -BufferReader.prototype.readUInt64BEBN = function() { - var buf = this.buf.slice(this.pos, this.pos + 8); - var bn = BN.fromBuffer(buf); - this.pos = this.pos + 8; - return bn; -}; + var groupBases = [ + 0, 0, + 33554432, 43046721, 16777216, 48828125, 60466176, 40353607, 16777216, + 43046721, 10000000, 19487171, 35831808, 62748517, 7529536, 11390625, + 16777216, 24137569, 34012224, 47045881, 64000000, 4084101, 5153632, + 6436343, 7962624, 9765625, 11881376, 14348907, 17210368, 20511149, + 24300000, 28629151, 33554432, 39135393, 45435424, 52521875, 60466176 + ]; -BufferReader.prototype.readUInt64LEBN = function() { - var second = this.buf.readUInt32LE(this.pos); - var first = this.buf.readUInt32LE(this.pos + 4); - var combined = (first * 0x100000000) + second; - // Instantiating an instance of BN with a number is faster than with an - // array or string. However, the maximum safe number for a double precision - // floating point is 2 ^ 52 - 1 (0x1fffffffffffff), thus we can safely use - // non-floating point numbers less than this amount (52 bits). And in the case - // that the number is larger, we can instatiate an instance of BN by passing - // an array from the buffer (slower) and specifying the endianness. - var bn; - if (combined <= 0x1fffffffffffff) { - bn = new BN(combined); - } else { - var data = Array.prototype.slice.call(this.buf, this.pos, this.pos + 8); - bn = new BN(data, 10, 'le'); - } - this.pos = this.pos + 8; - return bn; -}; + BN.prototype.toString = function toString (base, padding) { + base = base || 10; + padding = padding | 0 || 1; -BufferReader.prototype.readVarintNum = function() { - var first = this.readUInt8(); - switch (first) { - case 0xFD: - return this.readUInt16LE(); - case 0xFE: - return this.readUInt32LE(); - case 0xFF: - var bn = this.readUInt64LEBN(); - var n = bn.toNumber(); - if (n <= Math.pow(2, 53)) { - return n; - } else { - throw new Error('number too large to retain precision - use readVarintBN'); + var out; + if (base === 16 || base === 'hex') { + out = ''; + var off = 0; + var carry = 0; + for (var i = 0; i < this.length; i++) { + var w = this.words[i]; + var word = (((w << off) | carry) & 0xffffff).toString(16); + carry = (w >>> (24 - off)) & 0xffffff; + if (carry !== 0 || i !== this.length - 1) { + out = zeros[6 - word.length] + word + out; + } else { + out = word + out; + } + off += 2; + if (off >= 26) { + off -= 26; + i--; + } } - break; - default: - return first; - } -}; - -/** - * reads a length prepended buffer - */ -BufferReader.prototype.readVarLengthBuffer = function() { - var len = this.readVarintNum(); - var buf = this.read(len); - $.checkState(buf.length === len, 'Invalid length while reading varlength buffer. ' + - 'Expected to read: ' + len + ' and read ' + buf.length); - return buf; -}; - -BufferReader.prototype.readVarintBuf = function() { - var first = this.buf.readUInt8(this.pos); - switch (first) { - case 0xFD: - return this.read(1 + 2); - case 0xFE: - return this.read(1 + 4); - case 0xFF: - return this.read(1 + 8); - default: - return this.read(1); - } -}; + if (carry !== 0) { + out = carry.toString(16) + out; + } + while (out.length % padding !== 0) { + out = '0' + out; + } + if (this.negative !== 0) { + out = '-' + out; + } + return out; + } -BufferReader.prototype.readVarintBN = function() { - var first = this.readUInt8(); - switch (first) { - case 0xFD: - return new BN(this.readUInt16LE()); - case 0xFE: - return new BN(this.readUInt32LE()); - case 0xFF: - return this.readUInt64LEBN(); - default: - return new BN(first); - } -}; + if (base === (base | 0) && base >= 2 && base <= 36) { + // var groupSize = Math.floor(BN.wordSize * Math.LN2 / Math.log(base)); + var groupSize = groupSizes[base]; + // var groupBase = Math.pow(base, groupSize); + var groupBase = groupBases[base]; + out = ''; + var c = this.clone(); + c.negative = 0; + while (!c.isZero()) { + var r = c.modn(groupBase).toString(base); + c = c.idivn(groupBase); -BufferReader.prototype.reverse = function() { - var buf = new Buffer(this.buf.length); - for (var i = 0; i < buf.length; i++) { - buf[i] = this.buf[this.buf.length - 1 - i]; - } - this.buf = buf; - return this; -}; + if (!c.isZero()) { + out = zeros[groupSize - r.length] + r + out; + } else { + out = r + out; + } + } + if (this.isZero()) { + out = '0' + out; + } + while (out.length % padding !== 0) { + out = '0' + out; + } + if (this.negative !== 0) { + out = '-' + out; + } + return out; + } -BufferReader.prototype.readReverse = function(len) { - if (_.isUndefined(len)) { - len = this.buf.length; - } - var buf = this.buf.slice(this.pos, this.pos + len); - this.pos = this.pos + len; - return BufferUtil.reverse(buf); -}; + assert(false, 'Base should be between 2 and 36'); + }; -module.exports = BufferReader; + BN.prototype.toNumber = function toNumber () { + var ret = this.words[0]; + if (this.length === 2) { + ret += this.words[1] * 0x4000000; + } else if (this.length === 3 && this.words[2] === 0x01) { + // NOTE: at this stage it is known that the top bit is set + ret += 0x10000000000000 + (this.words[1] * 0x4000000); + } else if (this.length > 2) { + assert(false, 'Number can only safely store up to 53 bits'); + } + return (this.negative !== 0) ? -ret : ret; + }; -}).call(this,require("buffer").Buffer) -},{"../crypto/bn":13,"../util/buffer":50,"../util/preconditions":52,"buffer":94,"lodash":78}],22:[function(require,module,exports){ -(function (Buffer){ -'use strict'; + BN.prototype.toJSON = function toJSON () { + return this.toString(16); + }; -var bufferUtil = require('../util/buffer'); -var assert = require('assert'); + BN.prototype.toBuffer = function toBuffer (endian, length) { + assert(typeof Buffer !== 'undefined'); + return this.toArrayLike(Buffer, endian, length); + }; -var BufferWriter = function BufferWriter(obj) { - if (!(this instanceof BufferWriter)) - return new BufferWriter(obj); - if (obj) - this.set(obj); - else - this.bufs = []; -}; + BN.prototype.toArray = function toArray (endian, length) { + return this.toArrayLike(Array, endian, length); + }; -BufferWriter.prototype.set = function(obj) { - this.bufs = obj.bufs || this.bufs || []; - return this; -}; + BN.prototype.toArrayLike = function toArrayLike (ArrayType, endian, length) { + var byteLength = this.byteLength(); + var reqLength = length || Math.max(1, byteLength); + assert(byteLength <= reqLength, 'byte array longer than desired length'); + assert(reqLength > 0, 'Requested array length <= 0'); -BufferWriter.prototype.toBuffer = function() { - return this.concat(); -}; + this.strip(); + var littleEndian = endian === 'le'; + var res = new ArrayType(reqLength); -BufferWriter.prototype.concat = function() { - return Buffer.concat(this.bufs); -}; + var b, i; + var q = this.clone(); + if (!littleEndian) { + // Assume big-endian + for (i = 0; i < reqLength - byteLength; i++) { + res[i] = 0; + } -BufferWriter.prototype.write = function(buf) { - assert(bufferUtil.isBuffer(buf)); - this.bufs.push(buf); - return this; -}; + for (i = 0; !q.isZero(); i++) { + b = q.andln(0xff); + q.iushrn(8); -BufferWriter.prototype.writeReverse = function(buf) { - assert(bufferUtil.isBuffer(buf)); - this.bufs.push(bufferUtil.reverse(buf)); - return this; -}; + res[reqLength - i - 1] = b; + } + } else { + for (i = 0; !q.isZero(); i++) { + b = q.andln(0xff); + q.iushrn(8); -BufferWriter.prototype.writeUInt8 = function(n) { - var buf = new Buffer(1); - buf.writeUInt8(n, 0); - this.write(buf); - return this; -}; + res[i] = b; + } -BufferWriter.prototype.writeUInt16BE = function(n) { - var buf = new Buffer(2); - buf.writeUInt16BE(n, 0); - this.write(buf); - return this; -}; + for (; i < reqLength; i++) { + res[i] = 0; + } + } -BufferWriter.prototype.writeUInt16LE = function(n) { - var buf = new Buffer(2); - buf.writeUInt16LE(n, 0); - this.write(buf); - return this; -}; + return res; + }; -BufferWriter.prototype.writeUInt32BE = function(n) { - var buf = new Buffer(4); - buf.writeUInt32BE(n, 0); - this.write(buf); - return this; -}; + if (Math.clz32) { + BN.prototype._countBits = function _countBits (w) { + return 32 - Math.clz32(w); + }; + } else { + BN.prototype._countBits = function _countBits (w) { + var t = w; + var r = 0; + if (t >= 0x1000) { + r += 13; + t >>>= 13; + } + if (t >= 0x40) { + r += 7; + t >>>= 7; + } + if (t >= 0x8) { + r += 4; + t >>>= 4; + } + if (t >= 0x02) { + r += 2; + t >>>= 2; + } + return r + t; + }; + } -BufferWriter.prototype.writeInt32LE = function(n) { - var buf = new Buffer(4); - buf.writeInt32LE(n, 0); - this.write(buf); - return this; -}; + BN.prototype._zeroBits = function _zeroBits (w) { + // Short-cut + if (w === 0) return 26; -BufferWriter.prototype.writeUInt32LE = function(n) { - var buf = new Buffer(4); - buf.writeUInt32LE(n, 0); - this.write(buf); - return this; -}; + var t = w; + var r = 0; + if ((t & 0x1fff) === 0) { + r += 13; + t >>>= 13; + } + if ((t & 0x7f) === 0) { + r += 7; + t >>>= 7; + } + if ((t & 0xf) === 0) { + r += 4; + t >>>= 4; + } + if ((t & 0x3) === 0) { + r += 2; + t >>>= 2; + } + if ((t & 0x1) === 0) { + r++; + } + return r; + }; -BufferWriter.prototype.writeUInt64BEBN = function(bn) { - var buf = bn.toBuffer({size: 8}); - this.write(buf); - return this; -}; + // Return number of used bits in a BN + BN.prototype.bitLength = function bitLength () { + var w = this.words[this.length - 1]; + var hi = this._countBits(w); + return (this.length - 1) * 26 + hi; + }; -BufferWriter.prototype.writeUInt64LEBN = function(bn) { - var buf = bn.toBuffer({size: 8}); - this.writeReverse(buf); - return this; -}; + function toBitArray (num) { + var w = new Array(num.bitLength()); -BufferWriter.prototype.writeVarintNum = function(n) { - var buf = BufferWriter.varintBufNum(n); - this.write(buf); - return this; -}; + for (var bit = 0; bit < w.length; bit++) { + var off = (bit / 26) | 0; + var wbit = bit % 26; -BufferWriter.prototype.writeVarintBN = function(bn) { - var buf = BufferWriter.varintBufBN(bn); - this.write(buf); - return this; -}; + w[bit] = (num.words[off] & (1 << wbit)) >>> wbit; + } -BufferWriter.varintBufNum = function(n) { - var buf = undefined; - if (n < 253) { - buf = new Buffer(1); - buf.writeUInt8(n, 0); - } else if (n < 0x10000) { - buf = new Buffer(1 + 2); - buf.writeUInt8(253, 0); - buf.writeUInt16LE(n, 1); - } else if (n < 0x100000000) { - buf = new Buffer(1 + 4); - buf.writeUInt8(254, 0); - buf.writeUInt32LE(n, 1); - } else { - buf = new Buffer(1 + 8); - buf.writeUInt8(255, 0); - buf.writeInt32LE(n & -1, 1); - buf.writeUInt32LE(Math.floor(n / 0x100000000), 5); + return w; } - return buf; -}; -BufferWriter.varintBufBN = function(bn) { - var buf = undefined; - var n = bn.toNumber(); - if (n < 253) { - buf = new Buffer(1); - buf.writeUInt8(n, 0); - } else if (n < 0x10000) { - buf = new Buffer(1 + 2); - buf.writeUInt8(253, 0); - buf.writeUInt16LE(n, 1); - } else if (n < 0x100000000) { - buf = new Buffer(1 + 4); - buf.writeUInt8(254, 0); - buf.writeUInt32LE(n, 1); - } else { - var bw = new BufferWriter(); - bw.writeUInt8(255); - bw.writeUInt64LEBN(bn); - var buf = bw.concat(); - } - return buf; -}; + // Number of trailing zero bits + BN.prototype.zeroBits = function zeroBits () { + if (this.isZero()) return 0; -module.exports = BufferWriter; + var r = 0; + for (var i = 0; i < this.length; i++) { + var b = this._zeroBits(this.words[i]); + r += b; + if (b !== 26) break; + } + return r; + }; -}).call(this,require("buffer").Buffer) -},{"../util/buffer":50,"assert":92,"buffer":94}],23:[function(require,module,exports){ -(function (Buffer){ -'use strict'; + BN.prototype.byteLength = function byteLength () { + return Math.ceil(this.bitLength() / 8); + }; -var BufferWriter = require('./bufferwriter'); -var BufferReader = require('./bufferreader'); -var BN = require('../crypto/bn'); + BN.prototype.toTwos = function toTwos (width) { + if (this.negative !== 0) { + return this.abs().inotn(width).iaddn(1); + } + return this.clone(); + }; -var Varint = function Varint(buf) { - if (!(this instanceof Varint)) - return new Varint(buf); - if (Buffer.isBuffer(buf)) { - this.buf = buf; - } else if (typeof buf === 'number') { - var num = buf; - this.fromNumber(num); - } else if (buf instanceof BN) { - var bn = buf; - this.fromBN(bn); - } else if (buf) { - var obj = buf; - this.set(obj); - } -}; + BN.prototype.fromTwos = function fromTwos (width) { + if (this.testn(width - 1)) { + return this.notn(width).iaddn(1).ineg(); + } + return this.clone(); + }; -Varint.prototype.set = function(obj) { - this.buf = obj.buf || this.buf; - return this; -}; + BN.prototype.isNeg = function isNeg () { + return this.negative !== 0; + }; -Varint.prototype.fromString = function(str) { - this.set({ - buf: new Buffer(str, 'hex') - }); - return this; -}; + // Return negative clone of `this` + BN.prototype.neg = function neg () { + return this.clone().ineg(); + }; -Varint.prototype.toString = function() { - return this.buf.toString('hex'); -}; + BN.prototype.ineg = function ineg () { + if (!this.isZero()) { + this.negative ^= 1; + } -Varint.prototype.fromBuffer = function(buf) { - this.buf = buf; - return this; -}; + return this; + }; -Varint.prototype.fromBufferReader = function(br) { - this.buf = br.readVarintBuf(); - return this; -}; + // Or `num` with `this` in-place + BN.prototype.iuor = function iuor (num) { + while (this.length < num.length) { + this.words[this.length++] = 0; + } -Varint.prototype.fromBN = function(bn) { - this.buf = BufferWriter().writeVarintBN(bn).concat(); - return this; -}; + for (var i = 0; i < num.length; i++) { + this.words[i] = this.words[i] | num.words[i]; + } -Varint.prototype.fromNumber = function(num) { - this.buf = BufferWriter().writeVarintNum(num).concat(); - return this; -}; + return this.strip(); + }; -Varint.prototype.toBuffer = function() { - return this.buf; -}; + BN.prototype.ior = function ior (num) { + assert((this.negative | num.negative) === 0); + return this.iuor(num); + }; -Varint.prototype.toBN = function() { - return BufferReader(this.buf).readVarintBN(); -}; + // Or `num` with `this` + BN.prototype.or = function or (num) { + if (this.length > num.length) return this.clone().ior(num); + return num.clone().ior(this); + }; -Varint.prototype.toNumber = function() { - return BufferReader(this.buf).readVarintNum(); -}; + BN.prototype.uor = function uor (num) { + if (this.length > num.length) return this.clone().iuor(num); + return num.clone().iuor(this); + }; -module.exports = Varint; + // And `num` with `this` in-place + BN.prototype.iuand = function iuand (num) { + // b = min-length(num, this) + var b; + if (this.length > num.length) { + b = num; + } else { + b = this; + } -}).call(this,require("buffer").Buffer) -},{"../crypto/bn":13,"./bufferreader":21,"./bufferwriter":22,"buffer":94}],24:[function(require,module,exports){ -'use strict'; + for (var i = 0; i < b.length; i++) { + this.words[i] = this.words[i] & num.words[i]; + } -var _ = require('lodash'); + this.length = b.length; -function format(message, args) { - return message - .replace('{0}', args[0]) - .replace('{1}', args[1]) - .replace('{2}', args[2]); -} -var traverseNode = function(parent, errorDefinition) { - var NodeError = function() { - if (_.isString(errorDefinition.message)) { - this.message = format(errorDefinition.message, arguments); - } else if (_.isFunction(errorDefinition.message)) { - this.message = errorDefinition.message.apply(null, arguments); - } else { - throw new Error('Invalid error definition for ' + errorDefinition.name); - } - this.stack = this.message + '\n' + (new Error()).stack; + return this.strip(); }; - NodeError.prototype = Object.create(parent.prototype); - NodeError.prototype.name = parent.prototype.name + errorDefinition.name; - parent[errorDefinition.name] = NodeError; - if (errorDefinition.errors) { - childDefinitions(NodeError, errorDefinition.errors); - } - return NodeError; -}; -/* jshint latedef: false */ -var childDefinitions = function(parent, childDefinitions) { - _.each(childDefinitions, function(childDefinition) { - traverseNode(parent, childDefinition); - }); -}; -/* jshint latedef: true */ + BN.prototype.iand = function iand (num) { + assert((this.negative | num.negative) === 0); + return this.iuand(num); + }; -var traverseRoot = function(parent, errorsDefinition) { - childDefinitions(parent, errorsDefinition); - return parent; -}; + // And `num` with `this` + BN.prototype.and = function and (num) { + if (this.length > num.length) return this.clone().iand(num); + return num.clone().iand(this); + }; + BN.prototype.uand = function uand (num) { + if (this.length > num.length) return this.clone().iuand(num); + return num.clone().iuand(this); + }; -var bitcore = {}; -bitcore.Error = function() { - this.message = 'Internal error'; - this.stack = this.message + '\n' + (new Error()).stack; -}; -bitcore.Error.prototype = Object.create(Error.prototype); -bitcore.Error.prototype.name = 'bitcore.Error'; + // Xor `num` with `this` in-place + BN.prototype.iuxor = function iuxor (num) { + // a.length > b.length + var a; + var b; + if (this.length > num.length) { + a = this; + b = num; + } else { + a = num; + b = this; + } + for (var i = 0; i < b.length; i++) { + this.words[i] = a.words[i] ^ b.words[i]; + } -var data = require('./spec'); -traverseRoot(bitcore.Error, data); + if (this !== a) { + for (; i < a.length; i++) { + this.words[i] = a.words[i]; + } + } -module.exports = bitcore.Error; + this.length = a.length; -module.exports.extend = function(spec) { - return traverseNode(bitcore.Error, spec); -}; + return this.strip(); + }; -},{"./spec":25,"lodash":78}],25:[function(require,module,exports){ -'use strict'; + BN.prototype.ixor = function ixor (num) { + assert((this.negative | num.negative) === 0); + return this.iuxor(num); + }; -var docsURL = 'http://bitcore.io/'; + // Xor `num` with `this` + BN.prototype.xor = function xor (num) { + if (this.length > num.length) return this.clone().ixor(num); + return num.clone().ixor(this); + }; -module.exports = [{ - name: 'InvalidB58Char', - message: 'Invalid Base58 character: {0} in {1}' -}, { - name: 'InvalidB58Checksum', - message: 'Invalid Base58 checksum for {0}' -}, { - name: 'InvalidNetwork', - message: 'Invalid version for network: got {0}' -}, { - name: 'InvalidState', - message: 'Invalid state: {0}' -}, { - name: 'NotImplemented', - message: 'Function {0} was not implemented yet' -}, { - name: 'InvalidNetworkArgument', - message: 'Invalid network: must be "livenet" or "testnet", got {0}' -}, { - name: 'InvalidArgument', - message: function() { - return 'Invalid Argument' + (arguments[0] ? (': ' + arguments[0]) : '') + - (arguments[1] ? (' Documentation: ' + docsURL + arguments[1]) : ''); - } -}, { - name: 'AbstractMethodInvoked', - message: 'Abstract Method Invocation: {0}' -}, { - name: 'InvalidArgumentType', - message: function() { - return 'Invalid Argument for ' + arguments[2] + ', expected ' + arguments[1] + ' but got ' + typeof arguments[0]; - } -}, { - name: 'Unit', - message: 'Internal Error on Unit {0}', - errors: [{ - 'name': 'UnknownCode', - 'message': 'Unrecognized unit code: {0}' - }, { - 'name': 'InvalidRate', - 'message': 'Invalid exchange rate: {0}' - }] -}, { - name: 'Transaction', - message: 'Internal Error on Transaction {0}', - errors: [{ - name: 'Input', - message: 'Internal Error on Input {0}', - errors: [{ - name: 'MissingScript', - message: 'Need a script to create an input' - }, { - name: 'UnsupportedScript', - message: 'Unsupported input script type: {0}' - }, { - name: 'MissingPreviousOutput', - message: 'No previous output information.' - }] - }, { - name: 'NeedMoreInfo', - message: '{0}' - }, { - name: 'InvalidSorting', - message: 'The sorting function provided did not return the change output as one of the array elements' - }, { - name: 'InvalidOutputAmountSum', - message: '{0}' - }, { - name: 'MissingSignatures', - message: 'Some inputs have not been fully signed' - }, { - name: 'InvalidIndex', - message: 'Invalid index: {0} is not between 0, {1}' - }, { - name: 'UnableToVerifySignature', - message: 'Unable to verify signature: {0}' - }, { - name: 'DustOutputs', - message: 'Dust amount detected in one output' - }, { - name: 'InvalidSatoshis', - message: 'Output satoshis are invalid', - }, { - name: 'FeeError', - message: 'Internal Error on Fee {0}', - errors: [{ - name: 'TooSmall', - message: 'Fee is too small: {0}', - }, { - name: 'TooLarge', - message: 'Fee is too large: {0}', - }, { - name: 'Different', - message: 'Unspent value is different from specified fee: {0}', - }] - }, { - name: 'ChangeAddressMissing', - message: 'Change address is missing' - }, { - name: 'BlockHeightTooHigh', - message: 'Block Height can be at most 2^32 -1' - }, { - name: 'NLockTimeOutOfRange', - message: 'Block Height can only be between 0 and 499 999 999' - }, { - name: 'LockTimeTooEarly', - message: 'Lock Time can\'t be earlier than UNIX date 500 000 000' - }] -}, { - name: 'Script', - message: 'Internal Error on Script {0}', - errors: [{ - name: 'UnrecognizedAddress', - message: 'Expected argument {0} to be an address' - }, { - name: 'CantDeriveAddress', - message: 'Can\'t derive address associated with script {0}, needs to be p2pkh in, p2pkh out, p2sh in, or p2sh out.' - }, { - name: 'InvalidBuffer', - message: 'Invalid script buffer: can\'t parse valid script from given buffer {0}' - }] -}, { - name: 'HDPrivateKey', - message: 'Internal Error on HDPrivateKey {0}', - errors: [{ - name: 'InvalidDerivationArgument', - message: 'Invalid derivation argument {0}, expected string, or number and boolean' - }, { - name: 'InvalidEntropyArgument', - message: 'Invalid entropy: must be an hexa string or binary buffer, got {0}', - errors: [{ - name: 'TooMuchEntropy', - message: 'Invalid entropy: more than 512 bits is non standard, got "{0}"' - }, { - name: 'NotEnoughEntropy', - message: 'Invalid entropy: at least 128 bits needed, got "{0}"' - }] - }, { - name: 'InvalidLength', - message: 'Invalid length for xprivkey string in {0}' - }, { - name: 'InvalidPath', - message: 'Invalid derivation path: {0}' - }, { - name: 'UnrecognizedArgument', - message: 'Invalid argument: creating a HDPrivateKey requires a string, buffer, json or object, got "{0}"' - }] -}, { - name: 'HDPublicKey', - message: 'Internal Error on HDPublicKey {0}', - errors: [{ - name: 'ArgumentIsPrivateExtended', - message: 'Argument is an extended private key: {0}' - }, { - name: 'InvalidDerivationArgument', - message: 'Invalid derivation argument: got {0}' - }, { - name: 'InvalidLength', - message: 'Invalid length for xpubkey: got "{0}"' - }, { - name: 'InvalidPath', - message: 'Invalid derivation path, it should look like: "m/1/100", got "{0}"' - }, { - name: 'InvalidIndexCantDeriveHardened', - message: 'Invalid argument: creating a hardened path requires an HDPrivateKey' - }, { - name: 'MustSupplyArgument', - message: 'Must supply an argument to create a HDPublicKey' - }, { - name: 'UnrecognizedArgument', - message: 'Invalid argument for creation, must be string, json, buffer, or object' - }] -}]; + BN.prototype.uxor = function uxor (num) { + if (this.length > num.length) return this.clone().iuxor(num); + return num.clone().iuxor(this); + }; -},{}],26:[function(require,module,exports){ -'use strict'; + // Not ``this`` with ``width`` bitwidth + BN.prototype.inotn = function inotn (width) { + assert(typeof width === 'number' && width >= 0); -module.exports = { - _cache: {}, - _count: 0, - _eraseIndex: 0, - _usedList: {}, - _usedIndex: {}, - _CACHE_SIZE: 5000, + var bytesNeeded = Math.ceil(width / 26) | 0; + var bitsLeft = width % 26; - get: function(xkey, number, hardened) { - hardened = !!hardened; - var key = xkey + '/' + number + '/' + hardened; - if (this._cache[key]) { - this._cacheHit(key); - return this._cache[key]; + // Extend the buffer with leading zeroes + this._expand(bytesNeeded); + + if (bitsLeft > 0) { + bytesNeeded--; } - }, - set: function(xkey, number, hardened, derived) { - hardened = !!hardened; - var key = xkey + '/' + number + '/' + hardened; - this._cache[key] = derived; - this._cacheHit(key); - }, - _cacheHit: function(key) { - if (this._usedIndex[key]) { - delete this._usedList[this._usedIndex[key]]; + + // Handle complete words + for (var i = 0; i < bytesNeeded; i++) { + this.words[i] = ~this.words[i] & 0x3ffffff; } - this._usedList[this._count] = key; - this._usedIndex[key] = this._count; - this._count++; - this._cacheRemove(); - }, - _cacheRemove: function() { - while (this._eraseIndex < this._count - this._CACHE_SIZE) { - if (this._usedList[this._eraseIndex]) { - var removeKey = this._usedList[this._eraseIndex]; - delete this._usedIndex[removeKey]; - delete this._cache[removeKey]; - } - delete this._usedList[this._eraseIndex]; - this._eraseIndex++; + + // Handle the residue + if (bitsLeft > 0) { + this.words[i] = ~this.words[i] & (0x3ffffff >> (26 - bitsLeft)); } - } -}; -},{}],27:[function(require,module,exports){ -(function (Buffer){ -'use strict'; + // And remove leading zeroes + return this.strip(); + }; + BN.prototype.notn = function notn (width) { + return this.clone().inotn(width); + }; -var assert = require('assert'); -var buffer = require('buffer'); -var _ = require('lodash'); -var $ = require('./util/preconditions'); + // Set `bit` of `this` + BN.prototype.setn = function setn (bit, val) { + assert(typeof bit === 'number' && bit >= 0); -var BN = require('./crypto/bn'); -var Base58 = require('./encoding/base58'); -var Base58Check = require('./encoding/base58check'); -var Hash = require('./crypto/hash'); -var Network = require('./networks'); -var HDKeyCache = require('./hdkeycache'); -var Point = require('./crypto/point'); -var PrivateKey = require('./privatekey'); -var Random = require('./crypto/random'); + var off = (bit / 26) | 0; + var wbit = bit % 26; -var errors = require('./errors'); -var hdErrors = errors.HDPrivateKey; -var BufferUtil = require('./util/buffer'); -var JSUtil = require('./util/js'); + this._expand(off + 1); -var MINIMUM_ENTROPY_BITS = 128; -var BITS_TO_BYTES = 1 / 8; -var MAXIMUM_ENTROPY_BITS = 512; + if (val) { + this.words[off] = this.words[off] | (1 << wbit); + } else { + this.words[off] = this.words[off] & ~(1 << wbit); + } + return this.strip(); + }; -/** - * Represents an instance of an hierarchically derived private key. - * - * More info on https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki - * - * @constructor - * @param {string|Buffer|Object} arg - */ -function HDPrivateKey(arg) { - /* jshint maxcomplexity: 10 */ - if (arg instanceof HDPrivateKey) { - return arg; - } - if (!(this instanceof HDPrivateKey)) { - return new HDPrivateKey(arg); - } - if (!arg) { - return this._generateRandomly(); - } + // Add `num` to `this` in-place + BN.prototype.iadd = function iadd (num) { + var r; - if (Network.get(arg)) { - return this._generateRandomly(arg); - } else if (_.isString(arg) || BufferUtil.isBuffer(arg)) { - if (HDPrivateKey.isValidSerialized(arg)) { - this._buildFromSerialized(arg); - } else if (JSUtil.isValidJSON(arg)) { - this._buildFromJSON(arg); - } else if (BufferUtil.isBuffer(arg) && HDPrivateKey.isValidSerialized(arg.toString())) { - this._buildFromSerialized(arg.toString()); + // negative + positive + if (this.negative !== 0 && num.negative === 0) { + this.negative = 0; + r = this.isub(num); + this.negative ^= 1; + return this._normSign(); + + // positive + negative + } else if (this.negative === 0 && num.negative !== 0) { + num.negative = 0; + r = this.isub(num); + num.negative = 1; + return r._normSign(); + } + + // a.length > b.length + var a, b; + if (this.length > num.length) { + a = this; + b = num; } else { - throw HDPrivateKey.getSerializedError(arg); + a = num; + b = this; } - } else if (_.isObject(arg)) { - this._buildFromObject(arg); - } else { - throw new hdErrors.UnrecognizedArgument(arg); - } -} -/** - * Verifies that a given path is valid. - * - * @param {string|number} arg - * @param {boolean?} hardened - * @return {boolean} - */ -HDPrivateKey.isValidPath = function(arg, hardened) { - if (_.isString(arg)) { - var indexes = HDPrivateKey._getDerivationIndexes(arg); - return indexes !== null && _.all(indexes, HDPrivateKey.isValidPath); - } + var carry = 0; + for (var i = 0; i < b.length; i++) { + r = (a.words[i] | 0) + (b.words[i] | 0) + carry; + this.words[i] = r & 0x3ffffff; + carry = r >>> 26; + } + for (; carry !== 0 && i < a.length; i++) { + r = (a.words[i] | 0) + carry; + this.words[i] = r & 0x3ffffff; + carry = r >>> 26; + } - if (_.isNumber(arg)) { - if (arg < HDPrivateKey.Hardened && hardened === true) { - arg += HDPrivateKey.Hardened; + this.length = a.length; + if (carry !== 0) { + this.words[this.length] = carry; + this.length++; + // Copy the rest of the words + } else if (a !== this) { + for (; i < a.length; i++) { + this.words[i] = a.words[i]; + } } - return arg >= 0 && arg < HDPrivateKey.MaxIndex; - } - return false; -}; + return this; + }; -/** - * Internal function that splits a string path into a derivation index array. - * It will return null if the string path is malformed. - * It does not validate if indexes are in bounds. - * - * @param {string} path - * @return {Array} - */ -HDPrivateKey._getDerivationIndexes = function(path) { - var steps = path.split('/'); + // Add `num` to `this` + BN.prototype.add = function add (num) { + var res; + if (num.negative !== 0 && this.negative === 0) { + num.negative = 0; + res = this.sub(num); + num.negative ^= 1; + return res; + } else if (num.negative === 0 && this.negative !== 0) { + this.negative = 0; + res = num.sub(this); + this.negative = 1; + return res; + } - // Special cases: - if (_.contains(HDPrivateKey.RootElementAlias, path)) { - return []; - } + if (this.length > num.length) return this.clone().iadd(num); - if (!_.contains(HDPrivateKey.RootElementAlias, steps[0])) { - return null; - } + return num.clone().iadd(this); + }; - var indexes = steps.slice(1).map(function(step) { - var isHardened = step.slice(-1) === '\''; - if (isHardened) { - step = step.slice(0, -1); - } - if (!step || step[0] === '-') { - return NaN; - } - var index = +step; // cast to number - if (isHardened) { - index += HDPrivateKey.Hardened; + // Subtract `num` from `this` in-place + BN.prototype.isub = function isub (num) { + // this - (-num) = this + num + if (num.negative !== 0) { + num.negative = 0; + var r = this.iadd(num); + num.negative = 1; + return r._normSign(); + + // -this - num = -(this + num) + } else if (this.negative !== 0) { + this.negative = 0; + this.iadd(num); + this.negative = 1; + return this._normSign(); } - return index; - }); + // At this point both numbers are positive + var cmp = this.cmp(num); - return _.any(indexes, isNaN) ? null : indexes; -}; - -/** - * Get a derived child based on a string or number. - * - * If the first argument is a string, it's parsed as the full path of - * derivation. Valid values for this argument include "m" (which returns the - * same private key), "m/0/1/40/2'/1000", where the ' quote means a hardened - * derivation. - * - * If the first argument is a number, the child with that index will be - * derived. If the second argument is truthy, the hardened version will be - * derived. See the example usage for clarification. - * - * @example - * ```javascript - * var parent = new HDPrivateKey('xprv...'); - * var child_0_1_2h = parent.derive(0).derive(1).derive(2, true); - * var copy_of_child_0_1_2h = parent.derive("m/0/1/2'"); - * assert(child_0_1_2h.xprivkey === copy_of_child_0_1_2h); - * ``` - * - * @param {string|number} arg - * @param {boolean?} hardened - */ -HDPrivateKey.prototype.derive = function(arg, hardened) { - if (_.isNumber(arg)) { - return this._deriveWithNumber(arg, hardened); - } else if (_.isString(arg)) { - return this._deriveFromString(arg); - } else { - throw new hdErrors.InvalidDerivationArgument(arg); - } -}; - -HDPrivateKey.prototype._deriveWithNumber = function(index, hardened) { - /* jshint maxstatements: 20 */ - /* jshint maxcomplexity: 10 */ - if (!HDPrivateKey.isValidPath(index, hardened)) { - throw new hdErrors.InvalidPath(index); - } - - hardened = index >= HDPrivateKey.Hardened ? true : hardened; - if (index < HDPrivateKey.Hardened && hardened === true) { - index += HDPrivateKey.Hardened; - } - - var cached = HDKeyCache.get(this.xprivkey, index, hardened); - if (cached) { - return cached; - } - - var indexBuffer = BufferUtil.integerAsBuffer(index); - var data; - if (hardened) { - data = BufferUtil.concat([new buffer.Buffer([0]), this.privateKey.toBuffer(), indexBuffer]); - } else { - data = BufferUtil.concat([this.publicKey.toBuffer(), indexBuffer]); - } - var hash = Hash.sha512hmac(data, this._buffers.chainCode); - var leftPart = BN.fromBuffer(hash.slice(0, 32), { - size: 32 - }); - var chainCode = hash.slice(32, 64); - - var privateKey = leftPart.add(this.privateKey.toBigNumber()).mod(Point.getN()).toBuffer({ - size: 32 - }); - - var derived = new HDPrivateKey({ - network: this.network, - depth: this.depth + 1, - parentFingerPrint: this.fingerPrint, - childIndex: index, - chainCode: chainCode, - privateKey: privateKey - }); - HDKeyCache.set(this.xprivkey, index, hardened, derived); - return derived; -}; - -HDPrivateKey.prototype._deriveFromString = function(path) { - if (!HDPrivateKey.isValidPath(path)) { - throw new hdErrors.InvalidPath(path); - } - - var indexes = HDPrivateKey._getDerivationIndexes(path); - var derived = indexes.reduce(function(prev, index) { - return prev._deriveWithNumber(index); - }, this); - - return derived; -}; - -/** - * Verifies that a given serialized private key in base58 with checksum format - * is valid. - * - * @param {string|Buffer} data - the serialized private key - * @param {string|Network=} network - optional, if present, checks that the - * network provided matches the network serialized. - * @return {boolean} - */ -HDPrivateKey.isValidSerialized = function(data, network) { - return !HDPrivateKey.getSerializedError(data, network); -}; + // Optimization - zeroify + if (cmp === 0) { + this.negative = 0; + this.length = 1; + this.words[0] = 0; + return this; + } -/** - * Checks what's the error that causes the validation of a serialized private key - * in base58 with checksum to fail. - * - * @param {string|Buffer} data - the serialized private key - * @param {string|Network=} network - optional, if present, checks that the - * network provided matches the network serialized. - * @return {errors.InvalidArgument|null} - */ -HDPrivateKey.getSerializedError = function(data, network) { - /* jshint maxcomplexity: 10 */ - if (!(_.isString(data) || BufferUtil.isBuffer(data))) { - return new hdErrors.UnrecognizedArgument('Expected string or buffer'); - } - if (!Base58.validCharacters(data)) { - return new errors.InvalidB58Char('(unknown)', data); - } - try { - data = Base58Check.decode(data); - } catch (e) { - return new errors.InvalidB58Checksum(data); - } - if (data.length !== HDPrivateKey.DataLength) { - return new hdErrors.InvalidLength(data); - } - if (!_.isUndefined(network)) { - var error = HDPrivateKey._validateNetwork(data, network); - if (error) { - return error; + // a > b + var a, b; + if (cmp > 0) { + a = this; + b = num; + } else { + a = num; + b = this; } - } - return null; -}; -HDPrivateKey._validateNetwork = function(data, networkArg) { - var network = Network.get(networkArg); - if (!network) { - return new errors.InvalidNetworkArgument(networkArg); - } - var version = data.slice(0, 4); - if (BufferUtil.integerFromBuffer(version) !== network.xprivkey) { - return new errors.InvalidNetwork(version); - } - return null; -}; + var carry = 0; + for (var i = 0; i < b.length; i++) { + r = (a.words[i] | 0) - (b.words[i] | 0) + carry; + carry = r >> 26; + this.words[i] = r & 0x3ffffff; + } + for (; carry !== 0 && i < a.length; i++) { + r = (a.words[i] | 0) + carry; + carry = r >> 26; + this.words[i] = r & 0x3ffffff; + } -HDPrivateKey.fromString = function(arg) { - $.checkArgument(_.isString(arg), 'No valid string was provided'); - return new HDPrivateKey(arg); -}; + // Copy rest of the words + if (carry === 0 && i < a.length && a !== this) { + for (; i < a.length; i++) { + this.words[i] = a.words[i]; + } + } -HDPrivateKey.fromObject = function(arg) { - $.checkArgument(_.isObject(arg), 'No valid argument was provided'); - return new HDPrivateKey(arg); -}; + this.length = Math.max(this.length, i); -HDPrivateKey.prototype._buildFromJSON = function(arg) { - return this._buildFromObject(JSON.parse(arg)); -}; + if (a !== this) { + this.negative = 1; + } -HDPrivateKey.prototype._buildFromObject = function(arg) { - /* jshint maxcomplexity: 12 */ - // TODO: Type validation - var buffers = { - version: arg.network ? BufferUtil.integerAsBuffer(Network.get(arg.network).xprivkey) : arg.version, - depth: _.isNumber(arg.depth) ? BufferUtil.integerAsSingleByteBuffer(arg.depth) : arg.depth, - parentFingerPrint: _.isNumber(arg.parentFingerPrint) ? BufferUtil.integerAsBuffer(arg.parentFingerPrint) : arg.parentFingerPrint, - childIndex: _.isNumber(arg.childIndex) ? BufferUtil.integerAsBuffer(arg.childIndex) : arg.childIndex, - chainCode: _.isString(arg.chainCode) ? BufferUtil.hexToBuffer(arg.chainCode) : arg.chainCode, - privateKey: (_.isString(arg.privateKey) && JSUtil.isHexa(arg.privateKey)) ? BufferUtil.hexToBuffer(arg.privateKey) : arg.privateKey, - checksum: arg.checksum ? (arg.checksum.length ? arg.checksum : BufferUtil.integerAsBuffer(arg.checksum)) : undefined + return this.strip(); }; - return this._buildFromBuffers(buffers); -}; -HDPrivateKey.prototype._buildFromSerialized = function(arg) { - var decoded = Base58Check.decode(arg); - var buffers = { - version: decoded.slice(HDPrivateKey.VersionStart, HDPrivateKey.VersionEnd), - depth: decoded.slice(HDPrivateKey.DepthStart, HDPrivateKey.DepthEnd), - parentFingerPrint: decoded.slice(HDPrivateKey.ParentFingerPrintStart, - HDPrivateKey.ParentFingerPrintEnd), - childIndex: decoded.slice(HDPrivateKey.ChildIndexStart, HDPrivateKey.ChildIndexEnd), - chainCode: decoded.slice(HDPrivateKey.ChainCodeStart, HDPrivateKey.ChainCodeEnd), - privateKey: decoded.slice(HDPrivateKey.PrivateKeyStart, HDPrivateKey.PrivateKeyEnd), - checksum: decoded.slice(HDPrivateKey.ChecksumStart, HDPrivateKey.ChecksumEnd), - xprivkey: arg + // Subtract `num` from `this` + BN.prototype.sub = function sub (num) { + return this.clone().isub(num); }; - return this._buildFromBuffers(buffers); -}; - -HDPrivateKey.prototype._generateRandomly = function(network) { - return HDPrivateKey.fromSeed(Random.getRandomBuffer(64), network); -}; - -/** - * Generate a private key from a seed, as described in BIP32 - * - * @param {string|Buffer} hexa - * @param {*} network - * @return HDPrivateKey - */ -HDPrivateKey.fromSeed = function(hexa, network) { - /* jshint maxcomplexity: 8 */ - if (JSUtil.isHexaString(hexa)) { - hexa = BufferUtil.hexToBuffer(hexa); - } - if (!Buffer.isBuffer(hexa)) { - throw new hdErrors.InvalidEntropyArgument(hexa); - } - if (hexa.length < MINIMUM_ENTROPY_BITS * BITS_TO_BYTES) { - throw new hdErrors.InvalidEntropyArgument.NotEnoughEntropy(hexa); - } - if (hexa.length > MAXIMUM_ENTROPY_BITS * BITS_TO_BYTES) { - throw new hdErrors.InvalidEntropyArgument.TooMuchEntropy(hexa); - } - var hash = Hash.sha512hmac(hexa, new buffer.Buffer('Bitcoin seed')); - - return new HDPrivateKey({ - network: Network.get(network) || Network.defaultNetwork, - depth: 0, - parentFingerPrint: 0, - childIndex: 0, - privateKey: hash.slice(0, 32), - chainCode: hash.slice(32, 64) - }); -}; - - - -HDPrivateKey.prototype._calcHDPublicKey = function() { - if (!this._hdPublicKey) { - var HDPublicKey = require('./hdpublickey'); - this._hdPublicKey = new HDPublicKey(this); - } -}; - -/** - * Receives a object with buffers in all the properties and populates the - * internal structure - * - * @param {Object} arg - * @param {buffer.Buffer} arg.version - * @param {buffer.Buffer} arg.depth - * @param {buffer.Buffer} arg.parentFingerPrint - * @param {buffer.Buffer} arg.childIndex - * @param {buffer.Buffer} arg.chainCode - * @param {buffer.Buffer} arg.privateKey - * @param {buffer.Buffer} arg.checksum - * @param {string=} arg.xprivkey - if set, don't recalculate the base58 - * representation - * @return {HDPrivateKey} this - */ -HDPrivateKey.prototype._buildFromBuffers = function(arg) { - /* jshint maxcomplexity: 8 */ - /* jshint maxstatements: 20 */ - - HDPrivateKey._validateBufferArguments(arg); - - JSUtil.defineImmutable(this, { - _buffers: arg - }); - - var sequence = [ - arg.version, arg.depth, arg.parentFingerPrint, arg.childIndex, arg.chainCode, - BufferUtil.emptyBuffer(1), arg.privateKey - ]; - var concat = buffer.Buffer.concat(sequence); - if (!arg.checksum || !arg.checksum.length) { - arg.checksum = Base58Check.checksum(concat); - } else { - if (arg.checksum.toString() !== Base58Check.checksum(concat).toString()) { - throw new errors.InvalidB58Checksum(concat); - } - } - - var network = Network.get(BufferUtil.integerFromBuffer(arg.version)); - var xprivkey; - xprivkey = Base58Check.encode(buffer.Buffer.concat(sequence)); - arg.xprivkey = new Buffer(xprivkey); - var privateKey = new PrivateKey(BN.fromBuffer(arg.privateKey), network); - var publicKey = privateKey.toPublicKey(); - var size = HDPrivateKey.ParentFingerPrintSize; - var fingerPrint = Hash.sha256ripemd160(publicKey.toBuffer()).slice(0, size); + function smallMulTo (self, num, out) { + out.negative = num.negative ^ self.negative; + var len = (self.length + num.length) | 0; + out.length = len; + len = (len - 1) | 0; - JSUtil.defineImmutable(this, { - xprivkey: xprivkey, - network: network, - depth: BufferUtil.integerFromSingleByteBuffer(arg.depth), - privateKey: privateKey, - publicKey: publicKey, - fingerPrint: fingerPrint - }); + // Peel one iteration (compiler can't do it, because of code complexity) + var a = self.words[0] | 0; + var b = num.words[0] | 0; + var r = a * b; - this._hdPublicKey = null; + var lo = r & 0x3ffffff; + var carry = (r / 0x4000000) | 0; + out.words[0] = lo; - Object.defineProperty(this, 'hdPublicKey', { - configurable: false, - enumerable: true, - get: function() { - this._calcHDPublicKey(); - return this._hdPublicKey; + for (var k = 1; k < len; k++) { + // Sum all words with the same `i + j = k` and accumulate `ncarry`, + // note that ncarry could be >= 0x3ffffff + var ncarry = carry >>> 26; + var rword = carry & 0x3ffffff; + var maxJ = Math.min(k, num.length - 1); + for (var j = Math.max(0, k - self.length + 1); j <= maxJ; j++) { + var i = (k - j) | 0; + a = self.words[i] | 0; + b = num.words[j] | 0; + r = a * b + rword; + ncarry += (r / 0x4000000) | 0; + rword = r & 0x3ffffff; + } + out.words[k] = rword | 0; + carry = ncarry | 0; } - }); - Object.defineProperty(this, 'xpubkey', { - configurable: false, - enumerable: true, - get: function() { - this._calcHDPublicKey(); - return this._hdPublicKey.xpubkey; + if (carry !== 0) { + out.words[k] = carry | 0; + } else { + out.length--; } - }); - return this; -}; -HDPrivateKey._validateBufferArguments = function(arg) { - var checkBuffer = function(name, size) { - var buff = arg[name]; - assert(BufferUtil.isBuffer(buff), name + ' argument is not a buffer'); - assert( - buff.length === size, - name + ' has not the expected size: found ' + buff.length + ', expected ' + size - ); - }; - checkBuffer('version', HDPrivateKey.VersionSize); - checkBuffer('depth', HDPrivateKey.DepthSize); - checkBuffer('parentFingerPrint', HDPrivateKey.ParentFingerPrintSize); - checkBuffer('childIndex', HDPrivateKey.ChildIndexSize); - checkBuffer('chainCode', HDPrivateKey.ChainCodeSize); - checkBuffer('privateKey', HDPrivateKey.PrivateKeySize); - if (arg.checksum && arg.checksum.length) { - checkBuffer('checksum', HDPrivateKey.CheckSumSize); + return out.strip(); } -}; - -/** - * Returns the string representation of this private key (a string starting - * with "xprv..." - * - * @return string - */ -HDPrivateKey.prototype.toString = function() { - return this.xprivkey; -}; -/** - * Returns the console representation of this extended private key. - * @return string - */ -HDPrivateKey.prototype.inspect = function() { - return ''; -}; + // TODO(indutny): it may be reasonable to omit it for users who don't need + // to work with 256-bit numbers, otherwise it gives 20% improvement for 256-bit + // multiplication (like elliptic secp256k1). + var comb10MulTo = function comb10MulTo (self, num, out) { + var a = self.words; + var b = num.words; + var o = out.words; + var c = 0; + var lo; + var mid; + var hi; + var a0 = a[0] | 0; + var al0 = a0 & 0x1fff; + var ah0 = a0 >>> 13; + var a1 = a[1] | 0; + var al1 = a1 & 0x1fff; + var ah1 = a1 >>> 13; + var a2 = a[2] | 0; + var al2 = a2 & 0x1fff; + var ah2 = a2 >>> 13; + var a3 = a[3] | 0; + var al3 = a3 & 0x1fff; + var ah3 = a3 >>> 13; + var a4 = a[4] | 0; + var al4 = a4 & 0x1fff; + var ah4 = a4 >>> 13; + var a5 = a[5] | 0; + var al5 = a5 & 0x1fff; + var ah5 = a5 >>> 13; + var a6 = a[6] | 0; + var al6 = a6 & 0x1fff; + var ah6 = a6 >>> 13; + var a7 = a[7] | 0; + var al7 = a7 & 0x1fff; + var ah7 = a7 >>> 13; + var a8 = a[8] | 0; + var al8 = a8 & 0x1fff; + var ah8 = a8 >>> 13; + var a9 = a[9] | 0; + var al9 = a9 & 0x1fff; + var ah9 = a9 >>> 13; + var b0 = b[0] | 0; + var bl0 = b0 & 0x1fff; + var bh0 = b0 >>> 13; + var b1 = b[1] | 0; + var bl1 = b1 & 0x1fff; + var bh1 = b1 >>> 13; + var b2 = b[2] | 0; + var bl2 = b2 & 0x1fff; + var bh2 = b2 >>> 13; + var b3 = b[3] | 0; + var bl3 = b3 & 0x1fff; + var bh3 = b3 >>> 13; + var b4 = b[4] | 0; + var bl4 = b4 & 0x1fff; + var bh4 = b4 >>> 13; + var b5 = b[5] | 0; + var bl5 = b5 & 0x1fff; + var bh5 = b5 >>> 13; + var b6 = b[6] | 0; + var bl6 = b6 & 0x1fff; + var bh6 = b6 >>> 13; + var b7 = b[7] | 0; + var bl7 = b7 & 0x1fff; + var bh7 = b7 >>> 13; + var b8 = b[8] | 0; + var bl8 = b8 & 0x1fff; + var bh8 = b8 >>> 13; + var b9 = b[9] | 0; + var bl9 = b9 & 0x1fff; + var bh9 = b9 >>> 13; -/** - * Returns a plain object with a representation of this private key. - * - * Fields include:
    - *
  • network: either 'livenet' or 'testnet' - *
  • depth: a number ranging from 0 to 255 - *
  • fingerPrint: a number ranging from 0 to 2^32-1, taken from the hash of the - *
  • associated public key - *
  • parentFingerPrint: a number ranging from 0 to 2^32-1, taken from the hash - *
  • of this parent's associated public key or zero. - *
  • childIndex: the index from which this child was derived (or zero) - *
  • chainCode: an hexa string representing a number used in the derivation - *
  • privateKey: the private key associated, in hexa representation - *
  • xprivkey: the representation of this extended private key in checksum - *
  • base58 format - *
  • checksum: the base58 checksum of xprivkey - *
- * @return {Object} - */ -HDPrivateKey.prototype.toObject = HDPrivateKey.prototype.toJSON = function toObject() { - return { - network: Network.get(BufferUtil.integerFromBuffer(this._buffers.version), 'xprivkey').name, - depth: BufferUtil.integerFromSingleByteBuffer(this._buffers.depth), - fingerPrint: BufferUtil.integerFromBuffer(this.fingerPrint), - parentFingerPrint: BufferUtil.integerFromBuffer(this._buffers.parentFingerPrint), - childIndex: BufferUtil.integerFromBuffer(this._buffers.childIndex), - chainCode: BufferUtil.bufferToHex(this._buffers.chainCode), - privateKey: this.privateKey.toBuffer().toString('hex'), - checksum: BufferUtil.integerFromBuffer(this._buffers.checksum), - xprivkey: this.xprivkey + out.negative = self.negative ^ num.negative; + out.length = 19; + /* k = 0 */ + lo = Math.imul(al0, bl0); + mid = Math.imul(al0, bh0); + mid = (mid + Math.imul(ah0, bl0)) | 0; + hi = Math.imul(ah0, bh0); + var w0 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; + c = (((hi + (mid >>> 13)) | 0) + (w0 >>> 26)) | 0; + w0 &= 0x3ffffff; + /* k = 1 */ + lo = Math.imul(al1, bl0); + mid = Math.imul(al1, bh0); + mid = (mid + Math.imul(ah1, bl0)) | 0; + hi = Math.imul(ah1, bh0); + lo = (lo + Math.imul(al0, bl1)) | 0; + mid = (mid + Math.imul(al0, bh1)) | 0; + mid = (mid + Math.imul(ah0, bl1)) | 0; + hi = (hi + Math.imul(ah0, bh1)) | 0; + var w1 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; + c = (((hi + (mid >>> 13)) | 0) + (w1 >>> 26)) | 0; + w1 &= 0x3ffffff; + /* k = 2 */ + lo = Math.imul(al2, bl0); + mid = Math.imul(al2, bh0); + mid = (mid + Math.imul(ah2, bl0)) | 0; + hi = Math.imul(ah2, bh0); + lo = (lo + Math.imul(al1, bl1)) | 0; + mid = (mid + Math.imul(al1, bh1)) | 0; + mid = (mid + Math.imul(ah1, bl1)) | 0; + hi = (hi + Math.imul(ah1, bh1)) | 0; + lo = (lo + Math.imul(al0, bl2)) | 0; + mid = (mid + Math.imul(al0, bh2)) | 0; + mid = (mid + Math.imul(ah0, bl2)) | 0; + hi = (hi + Math.imul(ah0, bh2)) | 0; + var w2 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; + c = (((hi + (mid >>> 13)) | 0) + (w2 >>> 26)) | 0; + w2 &= 0x3ffffff; + /* k = 3 */ + lo = Math.imul(al3, bl0); + mid = Math.imul(al3, bh0); + mid = (mid + Math.imul(ah3, bl0)) | 0; + hi = Math.imul(ah3, bh0); + lo = (lo + Math.imul(al2, bl1)) | 0; + mid = (mid + Math.imul(al2, bh1)) | 0; + mid = (mid + Math.imul(ah2, bl1)) | 0; + hi = (hi + Math.imul(ah2, bh1)) | 0; + lo = (lo + Math.imul(al1, bl2)) | 0; + mid = (mid + Math.imul(al1, bh2)) | 0; + mid = (mid + Math.imul(ah1, bl2)) | 0; + hi = (hi + Math.imul(ah1, bh2)) | 0; + lo = (lo + Math.imul(al0, bl3)) | 0; + mid = (mid + Math.imul(al0, bh3)) | 0; + mid = (mid + Math.imul(ah0, bl3)) | 0; + hi = (hi + Math.imul(ah0, bh3)) | 0; + var w3 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; + c = (((hi + (mid >>> 13)) | 0) + (w3 >>> 26)) | 0; + w3 &= 0x3ffffff; + /* k = 4 */ + lo = Math.imul(al4, bl0); + mid = Math.imul(al4, bh0); + mid = (mid + Math.imul(ah4, bl0)) | 0; + hi = Math.imul(ah4, bh0); + lo = (lo + Math.imul(al3, bl1)) | 0; + mid = (mid + Math.imul(al3, bh1)) | 0; + mid = (mid + Math.imul(ah3, bl1)) | 0; + hi = (hi + Math.imul(ah3, bh1)) | 0; + lo = (lo + Math.imul(al2, bl2)) | 0; + mid = (mid + Math.imul(al2, bh2)) | 0; + mid = (mid + Math.imul(ah2, bl2)) | 0; + hi = (hi + Math.imul(ah2, bh2)) | 0; + lo = (lo + Math.imul(al1, bl3)) | 0; + mid = (mid + Math.imul(al1, bh3)) | 0; + mid = (mid + Math.imul(ah1, bl3)) | 0; + hi = (hi + Math.imul(ah1, bh3)) | 0; + lo = (lo + Math.imul(al0, bl4)) | 0; + mid = (mid + Math.imul(al0, bh4)) | 0; + mid = (mid + Math.imul(ah0, bl4)) | 0; + hi = (hi + Math.imul(ah0, bh4)) | 0; + var w4 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; + c = (((hi + (mid >>> 13)) | 0) + (w4 >>> 26)) | 0; + w4 &= 0x3ffffff; + /* k = 5 */ + lo = Math.imul(al5, bl0); + mid = Math.imul(al5, bh0); + mid = (mid + Math.imul(ah5, bl0)) | 0; + hi = Math.imul(ah5, bh0); + lo = (lo + Math.imul(al4, bl1)) | 0; + mid = (mid + Math.imul(al4, bh1)) | 0; + mid = (mid + Math.imul(ah4, bl1)) | 0; + hi = (hi + Math.imul(ah4, bh1)) | 0; + lo = (lo + Math.imul(al3, bl2)) | 0; + mid = (mid + Math.imul(al3, bh2)) | 0; + mid = (mid + Math.imul(ah3, bl2)) | 0; + hi = (hi + Math.imul(ah3, bh2)) | 0; + lo = (lo + Math.imul(al2, bl3)) | 0; + mid = (mid + Math.imul(al2, bh3)) | 0; + mid = (mid + Math.imul(ah2, bl3)) | 0; + hi = (hi + Math.imul(ah2, bh3)) | 0; + lo = (lo + Math.imul(al1, bl4)) | 0; + mid = (mid + Math.imul(al1, bh4)) | 0; + mid = (mid + Math.imul(ah1, bl4)) | 0; + hi = (hi + Math.imul(ah1, bh4)) | 0; + lo = (lo + Math.imul(al0, bl5)) | 0; + mid = (mid + Math.imul(al0, bh5)) | 0; + mid = (mid + Math.imul(ah0, bl5)) | 0; + hi = (hi + Math.imul(ah0, bh5)) | 0; + var w5 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; + c = (((hi + (mid >>> 13)) | 0) + (w5 >>> 26)) | 0; + w5 &= 0x3ffffff; + /* k = 6 */ + lo = Math.imul(al6, bl0); + mid = Math.imul(al6, bh0); + mid = (mid + Math.imul(ah6, bl0)) | 0; + hi = Math.imul(ah6, bh0); + lo = (lo + Math.imul(al5, bl1)) | 0; + mid = (mid + Math.imul(al5, bh1)) | 0; + mid = (mid + Math.imul(ah5, bl1)) | 0; + hi = (hi + Math.imul(ah5, bh1)) | 0; + lo = (lo + Math.imul(al4, bl2)) | 0; + mid = (mid + Math.imul(al4, bh2)) | 0; + mid = (mid + Math.imul(ah4, bl2)) | 0; + hi = (hi + Math.imul(ah4, bh2)) | 0; + lo = (lo + Math.imul(al3, bl3)) | 0; + mid = (mid + Math.imul(al3, bh3)) | 0; + mid = (mid + Math.imul(ah3, bl3)) | 0; + hi = (hi + Math.imul(ah3, bh3)) | 0; + lo = (lo + Math.imul(al2, bl4)) | 0; + mid = (mid + Math.imul(al2, bh4)) | 0; + mid = (mid + Math.imul(ah2, bl4)) | 0; + hi = (hi + Math.imul(ah2, bh4)) | 0; + lo = (lo + Math.imul(al1, bl5)) | 0; + mid = (mid + Math.imul(al1, bh5)) | 0; + mid = (mid + Math.imul(ah1, bl5)) | 0; + hi = (hi + Math.imul(ah1, bh5)) | 0; + lo = (lo + Math.imul(al0, bl6)) | 0; + mid = (mid + Math.imul(al0, bh6)) | 0; + mid = (mid + Math.imul(ah0, bl6)) | 0; + hi = (hi + Math.imul(ah0, bh6)) | 0; + var w6 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; + c = (((hi + (mid >>> 13)) | 0) + (w6 >>> 26)) | 0; + w6 &= 0x3ffffff; + /* k = 7 */ + lo = Math.imul(al7, bl0); + mid = Math.imul(al7, bh0); + mid = (mid + Math.imul(ah7, bl0)) | 0; + hi = Math.imul(ah7, bh0); + lo = (lo + Math.imul(al6, bl1)) | 0; + mid = (mid + Math.imul(al6, bh1)) | 0; + mid = (mid + Math.imul(ah6, bl1)) | 0; + hi = (hi + Math.imul(ah6, bh1)) | 0; + lo = (lo + Math.imul(al5, bl2)) | 0; + mid = (mid + Math.imul(al5, bh2)) | 0; + mid = (mid + Math.imul(ah5, bl2)) | 0; + hi = (hi + Math.imul(ah5, bh2)) | 0; + lo = (lo + Math.imul(al4, bl3)) | 0; + mid = (mid + Math.imul(al4, bh3)) | 0; + mid = (mid + Math.imul(ah4, bl3)) | 0; + hi = (hi + Math.imul(ah4, bh3)) | 0; + lo = (lo + Math.imul(al3, bl4)) | 0; + mid = (mid + Math.imul(al3, bh4)) | 0; + mid = (mid + Math.imul(ah3, bl4)) | 0; + hi = (hi + Math.imul(ah3, bh4)) | 0; + lo = (lo + Math.imul(al2, bl5)) | 0; + mid = (mid + Math.imul(al2, bh5)) | 0; + mid = (mid + Math.imul(ah2, bl5)) | 0; + hi = (hi + Math.imul(ah2, bh5)) | 0; + lo = (lo + Math.imul(al1, bl6)) | 0; + mid = (mid + Math.imul(al1, bh6)) | 0; + mid = (mid + Math.imul(ah1, bl6)) | 0; + hi = (hi + Math.imul(ah1, bh6)) | 0; + lo = (lo + Math.imul(al0, bl7)) | 0; + mid = (mid + Math.imul(al0, bh7)) | 0; + mid = (mid + Math.imul(ah0, bl7)) | 0; + hi = (hi + Math.imul(ah0, bh7)) | 0; + var w7 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; + c = (((hi + (mid >>> 13)) | 0) + (w7 >>> 26)) | 0; + w7 &= 0x3ffffff; + /* k = 8 */ + lo = Math.imul(al8, bl0); + mid = Math.imul(al8, bh0); + mid = (mid + Math.imul(ah8, bl0)) | 0; + hi = Math.imul(ah8, bh0); + lo = (lo + Math.imul(al7, bl1)) | 0; + mid = (mid + Math.imul(al7, bh1)) | 0; + mid = (mid + Math.imul(ah7, bl1)) | 0; + hi = (hi + Math.imul(ah7, bh1)) | 0; + lo = (lo + Math.imul(al6, bl2)) | 0; + mid = (mid + Math.imul(al6, bh2)) | 0; + mid = (mid + Math.imul(ah6, bl2)) | 0; + hi = (hi + Math.imul(ah6, bh2)) | 0; + lo = (lo + Math.imul(al5, bl3)) | 0; + mid = (mid + Math.imul(al5, bh3)) | 0; + mid = (mid + Math.imul(ah5, bl3)) | 0; + hi = (hi + Math.imul(ah5, bh3)) | 0; + lo = (lo + Math.imul(al4, bl4)) | 0; + mid = (mid + Math.imul(al4, bh4)) | 0; + mid = (mid + Math.imul(ah4, bl4)) | 0; + hi = (hi + Math.imul(ah4, bh4)) | 0; + lo = (lo + Math.imul(al3, bl5)) | 0; + mid = (mid + Math.imul(al3, bh5)) | 0; + mid = (mid + Math.imul(ah3, bl5)) | 0; + hi = (hi + Math.imul(ah3, bh5)) | 0; + lo = (lo + Math.imul(al2, bl6)) | 0; + mid = (mid + Math.imul(al2, bh6)) | 0; + mid = (mid + Math.imul(ah2, bl6)) | 0; + hi = (hi + Math.imul(ah2, bh6)) | 0; + lo = (lo + Math.imul(al1, bl7)) | 0; + mid = (mid + Math.imul(al1, bh7)) | 0; + mid = (mid + Math.imul(ah1, bl7)) | 0; + hi = (hi + Math.imul(ah1, bh7)) | 0; + lo = (lo + Math.imul(al0, bl8)) | 0; + mid = (mid + Math.imul(al0, bh8)) | 0; + mid = (mid + Math.imul(ah0, bl8)) | 0; + hi = (hi + Math.imul(ah0, bh8)) | 0; + var w8 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; + c = (((hi + (mid >>> 13)) | 0) + (w8 >>> 26)) | 0; + w8 &= 0x3ffffff; + /* k = 9 */ + lo = Math.imul(al9, bl0); + mid = Math.imul(al9, bh0); + mid = (mid + Math.imul(ah9, bl0)) | 0; + hi = Math.imul(ah9, bh0); + lo = (lo + Math.imul(al8, bl1)) | 0; + mid = (mid + Math.imul(al8, bh1)) | 0; + mid = (mid + Math.imul(ah8, bl1)) | 0; + hi = (hi + Math.imul(ah8, bh1)) | 0; + lo = (lo + Math.imul(al7, bl2)) | 0; + mid = (mid + Math.imul(al7, bh2)) | 0; + mid = (mid + Math.imul(ah7, bl2)) | 0; + hi = (hi + Math.imul(ah7, bh2)) | 0; + lo = (lo + Math.imul(al6, bl3)) | 0; + mid = (mid + Math.imul(al6, bh3)) | 0; + mid = (mid + Math.imul(ah6, bl3)) | 0; + hi = (hi + Math.imul(ah6, bh3)) | 0; + lo = (lo + Math.imul(al5, bl4)) | 0; + mid = (mid + Math.imul(al5, bh4)) | 0; + mid = (mid + Math.imul(ah5, bl4)) | 0; + hi = (hi + Math.imul(ah5, bh4)) | 0; + lo = (lo + Math.imul(al4, bl5)) | 0; + mid = (mid + Math.imul(al4, bh5)) | 0; + mid = (mid + Math.imul(ah4, bl5)) | 0; + hi = (hi + Math.imul(ah4, bh5)) | 0; + lo = (lo + Math.imul(al3, bl6)) | 0; + mid = (mid + Math.imul(al3, bh6)) | 0; + mid = (mid + Math.imul(ah3, bl6)) | 0; + hi = (hi + Math.imul(ah3, bh6)) | 0; + lo = (lo + Math.imul(al2, bl7)) | 0; + mid = (mid + Math.imul(al2, bh7)) | 0; + mid = (mid + Math.imul(ah2, bl7)) | 0; + hi = (hi + Math.imul(ah2, bh7)) | 0; + lo = (lo + Math.imul(al1, bl8)) | 0; + mid = (mid + Math.imul(al1, bh8)) | 0; + mid = (mid + Math.imul(ah1, bl8)) | 0; + hi = (hi + Math.imul(ah1, bh8)) | 0; + lo = (lo + Math.imul(al0, bl9)) | 0; + mid = (mid + Math.imul(al0, bh9)) | 0; + mid = (mid + Math.imul(ah0, bl9)) | 0; + hi = (hi + Math.imul(ah0, bh9)) | 0; + var w9 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; + c = (((hi + (mid >>> 13)) | 0) + (w9 >>> 26)) | 0; + w9 &= 0x3ffffff; + /* k = 10 */ + lo = Math.imul(al9, bl1); + mid = Math.imul(al9, bh1); + mid = (mid + Math.imul(ah9, bl1)) | 0; + hi = Math.imul(ah9, bh1); + lo = (lo + Math.imul(al8, bl2)) | 0; + mid = (mid + Math.imul(al8, bh2)) | 0; + mid = (mid + Math.imul(ah8, bl2)) | 0; + hi = (hi + Math.imul(ah8, bh2)) | 0; + lo = (lo + Math.imul(al7, bl3)) | 0; + mid = (mid + Math.imul(al7, bh3)) | 0; + mid = (mid + Math.imul(ah7, bl3)) | 0; + hi = (hi + Math.imul(ah7, bh3)) | 0; + lo = (lo + Math.imul(al6, bl4)) | 0; + mid = (mid + Math.imul(al6, bh4)) | 0; + mid = (mid + Math.imul(ah6, bl4)) | 0; + hi = (hi + Math.imul(ah6, bh4)) | 0; + lo = (lo + Math.imul(al5, bl5)) | 0; + mid = (mid + Math.imul(al5, bh5)) | 0; + mid = (mid + Math.imul(ah5, bl5)) | 0; + hi = (hi + Math.imul(ah5, bh5)) | 0; + lo = (lo + Math.imul(al4, bl6)) | 0; + mid = (mid + Math.imul(al4, bh6)) | 0; + mid = (mid + Math.imul(ah4, bl6)) | 0; + hi = (hi + Math.imul(ah4, bh6)) | 0; + lo = (lo + Math.imul(al3, bl7)) | 0; + mid = (mid + Math.imul(al3, bh7)) | 0; + mid = (mid + Math.imul(ah3, bl7)) | 0; + hi = (hi + Math.imul(ah3, bh7)) | 0; + lo = (lo + Math.imul(al2, bl8)) | 0; + mid = (mid + Math.imul(al2, bh8)) | 0; + mid = (mid + Math.imul(ah2, bl8)) | 0; + hi = (hi + Math.imul(ah2, bh8)) | 0; + lo = (lo + Math.imul(al1, bl9)) | 0; + mid = (mid + Math.imul(al1, bh9)) | 0; + mid = (mid + Math.imul(ah1, bl9)) | 0; + hi = (hi + Math.imul(ah1, bh9)) | 0; + var w10 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; + c = (((hi + (mid >>> 13)) | 0) + (w10 >>> 26)) | 0; + w10 &= 0x3ffffff; + /* k = 11 */ + lo = Math.imul(al9, bl2); + mid = Math.imul(al9, bh2); + mid = (mid + Math.imul(ah9, bl2)) | 0; + hi = Math.imul(ah9, bh2); + lo = (lo + Math.imul(al8, bl3)) | 0; + mid = (mid + Math.imul(al8, bh3)) | 0; + mid = (mid + Math.imul(ah8, bl3)) | 0; + hi = (hi + Math.imul(ah8, bh3)) | 0; + lo = (lo + Math.imul(al7, bl4)) | 0; + mid = (mid + Math.imul(al7, bh4)) | 0; + mid = (mid + Math.imul(ah7, bl4)) | 0; + hi = (hi + Math.imul(ah7, bh4)) | 0; + lo = (lo + Math.imul(al6, bl5)) | 0; + mid = (mid + Math.imul(al6, bh5)) | 0; + mid = (mid + Math.imul(ah6, bl5)) | 0; + hi = (hi + Math.imul(ah6, bh5)) | 0; + lo = (lo + Math.imul(al5, bl6)) | 0; + mid = (mid + Math.imul(al5, bh6)) | 0; + mid = (mid + Math.imul(ah5, bl6)) | 0; + hi = (hi + Math.imul(ah5, bh6)) | 0; + lo = (lo + Math.imul(al4, bl7)) | 0; + mid = (mid + Math.imul(al4, bh7)) | 0; + mid = (mid + Math.imul(ah4, bl7)) | 0; + hi = (hi + Math.imul(ah4, bh7)) | 0; + lo = (lo + Math.imul(al3, bl8)) | 0; + mid = (mid + Math.imul(al3, bh8)) | 0; + mid = (mid + Math.imul(ah3, bl8)) | 0; + hi = (hi + Math.imul(ah3, bh8)) | 0; + lo = (lo + Math.imul(al2, bl9)) | 0; + mid = (mid + Math.imul(al2, bh9)) | 0; + mid = (mid + Math.imul(ah2, bl9)) | 0; + hi = (hi + Math.imul(ah2, bh9)) | 0; + var w11 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; + c = (((hi + (mid >>> 13)) | 0) + (w11 >>> 26)) | 0; + w11 &= 0x3ffffff; + /* k = 12 */ + lo = Math.imul(al9, bl3); + mid = Math.imul(al9, bh3); + mid = (mid + Math.imul(ah9, bl3)) | 0; + hi = Math.imul(ah9, bh3); + lo = (lo + Math.imul(al8, bl4)) | 0; + mid = (mid + Math.imul(al8, bh4)) | 0; + mid = (mid + Math.imul(ah8, bl4)) | 0; + hi = (hi + Math.imul(ah8, bh4)) | 0; + lo = (lo + Math.imul(al7, bl5)) | 0; + mid = (mid + Math.imul(al7, bh5)) | 0; + mid = (mid + Math.imul(ah7, bl5)) | 0; + hi = (hi + Math.imul(ah7, bh5)) | 0; + lo = (lo + Math.imul(al6, bl6)) | 0; + mid = (mid + Math.imul(al6, bh6)) | 0; + mid = (mid + Math.imul(ah6, bl6)) | 0; + hi = (hi + Math.imul(ah6, bh6)) | 0; + lo = (lo + Math.imul(al5, bl7)) | 0; + mid = (mid + Math.imul(al5, bh7)) | 0; + mid = (mid + Math.imul(ah5, bl7)) | 0; + hi = (hi + Math.imul(ah5, bh7)) | 0; + lo = (lo + Math.imul(al4, bl8)) | 0; + mid = (mid + Math.imul(al4, bh8)) | 0; + mid = (mid + Math.imul(ah4, bl8)) | 0; + hi = (hi + Math.imul(ah4, bh8)) | 0; + lo = (lo + Math.imul(al3, bl9)) | 0; + mid = (mid + Math.imul(al3, bh9)) | 0; + mid = (mid + Math.imul(ah3, bl9)) | 0; + hi = (hi + Math.imul(ah3, bh9)) | 0; + var w12 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; + c = (((hi + (mid >>> 13)) | 0) + (w12 >>> 26)) | 0; + w12 &= 0x3ffffff; + /* k = 13 */ + lo = Math.imul(al9, bl4); + mid = Math.imul(al9, bh4); + mid = (mid + Math.imul(ah9, bl4)) | 0; + hi = Math.imul(ah9, bh4); + lo = (lo + Math.imul(al8, bl5)) | 0; + mid = (mid + Math.imul(al8, bh5)) | 0; + mid = (mid + Math.imul(ah8, bl5)) | 0; + hi = (hi + Math.imul(ah8, bh5)) | 0; + lo = (lo + Math.imul(al7, bl6)) | 0; + mid = (mid + Math.imul(al7, bh6)) | 0; + mid = (mid + Math.imul(ah7, bl6)) | 0; + hi = (hi + Math.imul(ah7, bh6)) | 0; + lo = (lo + Math.imul(al6, bl7)) | 0; + mid = (mid + Math.imul(al6, bh7)) | 0; + mid = (mid + Math.imul(ah6, bl7)) | 0; + hi = (hi + Math.imul(ah6, bh7)) | 0; + lo = (lo + Math.imul(al5, bl8)) | 0; + mid = (mid + Math.imul(al5, bh8)) | 0; + mid = (mid + Math.imul(ah5, bl8)) | 0; + hi = (hi + Math.imul(ah5, bh8)) | 0; + lo = (lo + Math.imul(al4, bl9)) | 0; + mid = (mid + Math.imul(al4, bh9)) | 0; + mid = (mid + Math.imul(ah4, bl9)) | 0; + hi = (hi + Math.imul(ah4, bh9)) | 0; + var w13 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; + c = (((hi + (mid >>> 13)) | 0) + (w13 >>> 26)) | 0; + w13 &= 0x3ffffff; + /* k = 14 */ + lo = Math.imul(al9, bl5); + mid = Math.imul(al9, bh5); + mid = (mid + Math.imul(ah9, bl5)) | 0; + hi = Math.imul(ah9, bh5); + lo = (lo + Math.imul(al8, bl6)) | 0; + mid = (mid + Math.imul(al8, bh6)) | 0; + mid = (mid + Math.imul(ah8, bl6)) | 0; + hi = (hi + Math.imul(ah8, bh6)) | 0; + lo = (lo + Math.imul(al7, bl7)) | 0; + mid = (mid + Math.imul(al7, bh7)) | 0; + mid = (mid + Math.imul(ah7, bl7)) | 0; + hi = (hi + Math.imul(ah7, bh7)) | 0; + lo = (lo + Math.imul(al6, bl8)) | 0; + mid = (mid + Math.imul(al6, bh8)) | 0; + mid = (mid + Math.imul(ah6, bl8)) | 0; + hi = (hi + Math.imul(ah6, bh8)) | 0; + lo = (lo + Math.imul(al5, bl9)) | 0; + mid = (mid + Math.imul(al5, bh9)) | 0; + mid = (mid + Math.imul(ah5, bl9)) | 0; + hi = (hi + Math.imul(ah5, bh9)) | 0; + var w14 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; + c = (((hi + (mid >>> 13)) | 0) + (w14 >>> 26)) | 0; + w14 &= 0x3ffffff; + /* k = 15 */ + lo = Math.imul(al9, bl6); + mid = Math.imul(al9, bh6); + mid = (mid + Math.imul(ah9, bl6)) | 0; + hi = Math.imul(ah9, bh6); + lo = (lo + Math.imul(al8, bl7)) | 0; + mid = (mid + Math.imul(al8, bh7)) | 0; + mid = (mid + Math.imul(ah8, bl7)) | 0; + hi = (hi + Math.imul(ah8, bh7)) | 0; + lo = (lo + Math.imul(al7, bl8)) | 0; + mid = (mid + Math.imul(al7, bh8)) | 0; + mid = (mid + Math.imul(ah7, bl8)) | 0; + hi = (hi + Math.imul(ah7, bh8)) | 0; + lo = (lo + Math.imul(al6, bl9)) | 0; + mid = (mid + Math.imul(al6, bh9)) | 0; + mid = (mid + Math.imul(ah6, bl9)) | 0; + hi = (hi + Math.imul(ah6, bh9)) | 0; + var w15 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; + c = (((hi + (mid >>> 13)) | 0) + (w15 >>> 26)) | 0; + w15 &= 0x3ffffff; + /* k = 16 */ + lo = Math.imul(al9, bl7); + mid = Math.imul(al9, bh7); + mid = (mid + Math.imul(ah9, bl7)) | 0; + hi = Math.imul(ah9, bh7); + lo = (lo + Math.imul(al8, bl8)) | 0; + mid = (mid + Math.imul(al8, bh8)) | 0; + mid = (mid + Math.imul(ah8, bl8)) | 0; + hi = (hi + Math.imul(ah8, bh8)) | 0; + lo = (lo + Math.imul(al7, bl9)) | 0; + mid = (mid + Math.imul(al7, bh9)) | 0; + mid = (mid + Math.imul(ah7, bl9)) | 0; + hi = (hi + Math.imul(ah7, bh9)) | 0; + var w16 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; + c = (((hi + (mid >>> 13)) | 0) + (w16 >>> 26)) | 0; + w16 &= 0x3ffffff; + /* k = 17 */ + lo = Math.imul(al9, bl8); + mid = Math.imul(al9, bh8); + mid = (mid + Math.imul(ah9, bl8)) | 0; + hi = Math.imul(ah9, bh8); + lo = (lo + Math.imul(al8, bl9)) | 0; + mid = (mid + Math.imul(al8, bh9)) | 0; + mid = (mid + Math.imul(ah8, bl9)) | 0; + hi = (hi + Math.imul(ah8, bh9)) | 0; + var w17 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; + c = (((hi + (mid >>> 13)) | 0) + (w17 >>> 26)) | 0; + w17 &= 0x3ffffff; + /* k = 18 */ + lo = Math.imul(al9, bl9); + mid = Math.imul(al9, bh9); + mid = (mid + Math.imul(ah9, bl9)) | 0; + hi = Math.imul(ah9, bh9); + var w18 = (((c + lo) | 0) + ((mid & 0x1fff) << 13)) | 0; + c = (((hi + (mid >>> 13)) | 0) + (w18 >>> 26)) | 0; + w18 &= 0x3ffffff; + o[0] = w0; + o[1] = w1; + o[2] = w2; + o[3] = w3; + o[4] = w4; + o[5] = w5; + o[6] = w6; + o[7] = w7; + o[8] = w8; + o[9] = w9; + o[10] = w10; + o[11] = w11; + o[12] = w12; + o[13] = w13; + o[14] = w14; + o[15] = w15; + o[16] = w16; + o[17] = w17; + o[18] = w18; + if (c !== 0) { + o[19] = c; + out.length++; + } + return out; }; -}; -/** - * Build a HDPrivateKey from a buffer - * - * @param {Buffer} arg - * @return {HDPrivateKey} - */ -HDPrivateKey.fromBuffer = function(arg) { - return new HDPrivateKey(arg.toString()); -}; + // Polyfill comb + if (!Math.imul) { + comb10MulTo = smallMulTo; + } -/** - * Returns a buffer representation of the HDPrivateKey - * - * @return {string} - */ -HDPrivateKey.prototype.toBuffer = function() { - return BufferUtil.copy(this._buffers.xprivkey); -}; + function bigMulTo (self, num, out) { + out.negative = num.negative ^ self.negative; + out.length = self.length + num.length; -HDPrivateKey.DefaultDepth = 0; -HDPrivateKey.DefaultFingerprint = 0; -HDPrivateKey.DefaultChildIndex = 0; -HDPrivateKey.Hardened = 0x80000000; -HDPrivateKey.MaxIndex = 2 * HDPrivateKey.Hardened; + var carry = 0; + var hncarry = 0; + for (var k = 0; k < out.length - 1; k++) { + // Sum all words with the same `i + j = k` and accumulate `ncarry`, + // note that ncarry could be >= 0x3ffffff + var ncarry = hncarry; + hncarry = 0; + var rword = carry & 0x3ffffff; + var maxJ = Math.min(k, num.length - 1); + for (var j = Math.max(0, k - self.length + 1); j <= maxJ; j++) { + var i = k - j; + var a = self.words[i] | 0; + var b = num.words[j] | 0; + var r = a * b; -HDPrivateKey.RootElementAlias = ['m', 'M', 'm\'', 'M\'']; + var lo = r & 0x3ffffff; + ncarry = (ncarry + ((r / 0x4000000) | 0)) | 0; + lo = (lo + rword) | 0; + rword = lo & 0x3ffffff; + ncarry = (ncarry + (lo >>> 26)) | 0; -HDPrivateKey.VersionSize = 4; -HDPrivateKey.DepthSize = 1; -HDPrivateKey.ParentFingerPrintSize = 4; -HDPrivateKey.ChildIndexSize = 4; -HDPrivateKey.ChainCodeSize = 32; -HDPrivateKey.PrivateKeySize = 32; -HDPrivateKey.CheckSumSize = 4; + hncarry += ncarry >>> 26; + ncarry &= 0x3ffffff; + } + out.words[k] = rword; + carry = ncarry; + ncarry = hncarry; + } + if (carry !== 0) { + out.words[k] = carry; + } else { + out.length--; + } -HDPrivateKey.DataLength = 78; -HDPrivateKey.SerializedByteSize = 82; + return out.strip(); + } -HDPrivateKey.VersionStart = 0; -HDPrivateKey.VersionEnd = HDPrivateKey.VersionStart + HDPrivateKey.VersionSize; -HDPrivateKey.DepthStart = HDPrivateKey.VersionEnd; -HDPrivateKey.DepthEnd = HDPrivateKey.DepthStart + HDPrivateKey.DepthSize; -HDPrivateKey.ParentFingerPrintStart = HDPrivateKey.DepthEnd; -HDPrivateKey.ParentFingerPrintEnd = HDPrivateKey.ParentFingerPrintStart + HDPrivateKey.ParentFingerPrintSize; -HDPrivateKey.ChildIndexStart = HDPrivateKey.ParentFingerPrintEnd; -HDPrivateKey.ChildIndexEnd = HDPrivateKey.ChildIndexStart + HDPrivateKey.ChildIndexSize; -HDPrivateKey.ChainCodeStart = HDPrivateKey.ChildIndexEnd; -HDPrivateKey.ChainCodeEnd = HDPrivateKey.ChainCodeStart + HDPrivateKey.ChainCodeSize; -HDPrivateKey.PrivateKeyStart = HDPrivateKey.ChainCodeEnd + 1; -HDPrivateKey.PrivateKeyEnd = HDPrivateKey.PrivateKeyStart + HDPrivateKey.PrivateKeySize; -HDPrivateKey.ChecksumStart = HDPrivateKey.PrivateKeyEnd; -HDPrivateKey.ChecksumEnd = HDPrivateKey.ChecksumStart + HDPrivateKey.CheckSumSize; + function jumboMulTo (self, num, out) { + var fftm = new FFTM(); + return fftm.mulp(self, num, out); + } -assert(HDPrivateKey.ChecksumEnd === HDPrivateKey.SerializedByteSize); + BN.prototype.mulTo = function mulTo (num, out) { + var res; + var len = this.length + num.length; + if (this.length === 10 && num.length === 10) { + res = comb10MulTo(this, num, out); + } else if (len < 63) { + res = smallMulTo(this, num, out); + } else if (len < 1024) { + res = bigMulTo(this, num, out); + } else { + res = jumboMulTo(this, num, out); + } -module.exports = HDPrivateKey; + return res; + }; -}).call(this,require("buffer").Buffer) -},{"./crypto/bn":13,"./crypto/hash":15,"./crypto/point":16,"./crypto/random":17,"./encoding/base58":19,"./encoding/base58check":20,"./errors":24,"./hdkeycache":26,"./hdpublickey":28,"./networks":29,"./privatekey":31,"./util/buffer":50,"./util/js":51,"./util/preconditions":52,"assert":92,"buffer":94,"lodash":78}],28:[function(require,module,exports){ -(function (Buffer){ -'use strict'; + // Cooley-Tukey algorithm for FFT + // slightly revisited to rely on looping instead of recursion -var _ = require('lodash'); -var $ = require('./util/preconditions'); + function FFTM (x, y) { + this.x = x; + this.y = y; + } -var BN = require('./crypto/bn'); -var Base58 = require('./encoding/base58'); -var Base58Check = require('./encoding/base58check'); -var Hash = require('./crypto/hash'); -var HDPrivateKey = require('./hdprivatekey'); -var HDKeyCache = require('./hdkeycache'); -var Network = require('./networks'); -var Point = require('./crypto/point'); -var PublicKey = require('./publickey'); + FFTM.prototype.makeRBT = function makeRBT (N) { + var t = new Array(N); + var l = BN.prototype._countBits(N) - 1; + for (var i = 0; i < N; i++) { + t[i] = this.revBin(i, l, N); + } -var bitcoreErrors = require('./errors'); -var errors = bitcoreErrors; -var hdErrors = bitcoreErrors.HDPublicKey; -var assert = require('assert'); + return t; + }; -var JSUtil = require('./util/js'); -var BufferUtil = require('./util/buffer'); + // Returns binary-reversed representation of `x` + FFTM.prototype.revBin = function revBin (x, l, N) { + if (x === 0 || x === N - 1) return x; -/** - * The representation of an hierarchically derived public key. - * - * See https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki - * - * @constructor - * @param {Object|string|Buffer} arg - */ -function HDPublicKey(arg) { - /* jshint maxcomplexity: 12 */ - /* jshint maxstatements: 20 */ - if (arg instanceof HDPublicKey) { - return arg; - } - if (!(this instanceof HDPublicKey)) { - return new HDPublicKey(arg); - } - if (arg) { - if (_.isString(arg) || BufferUtil.isBuffer(arg)) { - var error = HDPublicKey.getSerializedError(arg); - if (!error) { - return this._buildFromSerialized(arg); - } else if (BufferUtil.isBuffer(arg) && !HDPublicKey.getSerializedError(arg.toString())) { - return this._buildFromSerialized(arg.toString()); - } else { - if (error instanceof hdErrors.ArgumentIsPrivateExtended) { - return new HDPrivateKey(arg).hdPublicKey; - } - throw error; - } - } else { - if (_.isObject(arg)) { - if (arg instanceof HDPrivateKey) { - return this._buildFromPrivate(arg); - } else { - return this._buildFromObject(arg); - } - } else { - throw new hdErrors.UnrecognizedArgument(arg); - } + var rb = 0; + for (var i = 0; i < l; i++) { + rb |= (x & 1) << (l - i - 1); + x >>= 1; } - } else { - throw new hdErrors.MustSupplyArgument(); - } -} -/** - * Verifies that a given path is valid. - * - * @param {string|number} arg - * @return {boolean} - */ -HDPublicKey.isValidPath = function(arg) { - if (_.isString(arg)) { - var indexes = HDPrivateKey._getDerivationIndexes(arg); - return indexes !== null && _.all(indexes, HDPublicKey.isValidPath); - } + return rb; + }; - if (_.isNumber(arg)) { - return arg >= 0 && arg < HDPublicKey.Hardened; - } + // Performs "tweedling" phase, therefore 'emulating' + // behaviour of the recursive algorithm + FFTM.prototype.permute = function permute (rbt, rws, iws, rtws, itws, N) { + for (var i = 0; i < N; i++) { + rtws[i] = rws[rbt[i]]; + itws[i] = iws[rbt[i]]; + } + }; - return false; -}; + FFTM.prototype.transform = function transform (rws, iws, rtws, itws, N, rbt) { + this.permute(rbt, rws, iws, rtws, itws, N); -/** - * Get a derivated child based on a string or number. - * - * If the first argument is a string, it's parsed as the full path of - * derivation. Valid values for this argument include "m" (which returns the - * same public key), "m/0/1/40/2/1000". - * - * Note that hardened keys can't be derived from a public extended key. - * - * If the first argument is a number, the child with that index will be - * derived. See the example usage for clarification. - * - * @example - * ```javascript - * var parent = new HDPublicKey('xpub...'); - * var child_0_1_2 = parent.derive(0).derive(1).derive(2); - * var copy_of_child_0_1_2 = parent.derive("m/0/1/2"); - * assert(child_0_1_2.xprivkey === copy_of_child_0_1_2); - * ``` - * - * @param {string|number} arg - */ -HDPublicKey.prototype.derive = function(arg, hardened) { - if (_.isNumber(arg)) { - return this._deriveWithNumber(arg, hardened); - } else if (_.isString(arg)) { - return this._deriveFromString(arg); - } else { - throw new hdErrors.InvalidDerivationArgument(arg); - } -}; + for (var s = 1; s < N; s <<= 1) { + var l = s << 1; -HDPublicKey.prototype._deriveWithNumber = function(index, hardened) { - if (index >= HDPublicKey.Hardened || hardened) { - throw new hdErrors.InvalidIndexCantDeriveHardened(); - } - if (index < 0) { - throw new hdErrors.InvalidPath(index); - } - var cached = HDKeyCache.get(this.xpubkey, index, false); - if (cached) { - return cached; - } + var rtwdf = Math.cos(2 * Math.PI / l); + var itwdf = Math.sin(2 * Math.PI / l); - var indexBuffer = BufferUtil.integerAsBuffer(index); - var data = BufferUtil.concat([this.publicKey.toBuffer(), indexBuffer]); - var hash = Hash.sha512hmac(data, this._buffers.chainCode); - var leftPart = BN.fromBuffer(hash.slice(0, 32), {size: 32}); - var chainCode = hash.slice(32, 64); + for (var p = 0; p < N; p += l) { + var rtwdf_ = rtwdf; + var itwdf_ = itwdf; - var publicKey = PublicKey.fromPoint(Point.getG().mul(leftPart).add(this.publicKey.point)); + for (var j = 0; j < s; j++) { + var re = rtws[p + j]; + var ie = itws[p + j]; - var derived = new HDPublicKey({ - network: this.network, - depth: this.depth + 1, - parentFingerPrint: this.fingerPrint, - childIndex: index, - chainCode: chainCode, - publicKey: publicKey - }); - HDKeyCache.set(this.xpubkey, index, false, derived); - return derived; -}; + var ro = rtws[p + j + s]; + var io = itws[p + j + s]; -HDPublicKey.prototype._deriveFromString = function(path) { - /* jshint maxcomplexity: 8 */ - if (_.contains(path, "'")) { - throw new hdErrors.InvalidIndexCantDeriveHardened(); - } else if (!HDPublicKey.isValidPath(path)) { - throw new hdErrors.InvalidPath(path); - } + var rx = rtwdf_ * ro - itwdf_ * io; - var indexes = HDPrivateKey._getDerivationIndexes(path); - var derived = indexes.reduce(function(prev, index) { - return prev._deriveWithNumber(index); - }, this); + io = rtwdf_ * io + itwdf_ * ro; + ro = rx; - return derived; -}; + rtws[p + j] = re + ro; + itws[p + j] = ie + io; -/** - * Verifies that a given serialized public key in base58 with checksum format - * is valid. - * - * @param {string|Buffer} data - the serialized public key - * @param {string|Network=} network - optional, if present, checks that the - * network provided matches the network serialized. - * @return {boolean} - */ -HDPublicKey.isValidSerialized = function(data, network) { - return _.isNull(HDPublicKey.getSerializedError(data, network)); -}; + rtws[p + j + s] = re - ro; + itws[p + j + s] = ie - io; -/** - * Checks what's the error that causes the validation of a serialized public key - * in base58 with checksum to fail. - * - * @param {string|Buffer} data - the serialized public key - * @param {string|Network=} network - optional, if present, checks that the - * network provided matches the network serialized. - * @return {errors|null} - */ -HDPublicKey.getSerializedError = function(data, network) { - /* jshint maxcomplexity: 10 */ - /* jshint maxstatements: 20 */ - if (!(_.isString(data) || BufferUtil.isBuffer(data))) { - return new hdErrors.UnrecognizedArgument('expected buffer or string'); - } - if (!Base58.validCharacters(data)) { - return new errors.InvalidB58Char('(unknown)', data); - } - try { - data = Base58Check.decode(data); - } catch (e) { - return new errors.InvalidB58Checksum(data); - } - if (data.length !== HDPublicKey.DataSize) { - return new hdErrors.InvalidLength(data); - } - if (!_.isUndefined(network)) { - var error = HDPublicKey._validateNetwork(data, network); - if (error) { - return error; - } - } - var version = BufferUtil.integerFromBuffer(data.slice(0, 4)); - if (version === Network.livenet.xprivkey || version === Network.testnet.xprivkey ) { - return new hdErrors.ArgumentIsPrivateExtended(); - } - return null; -}; + /* jshint maxdepth : false */ + if (j !== l) { + rx = rtwdf * rtwdf_ - itwdf * itwdf_; -HDPublicKey._validateNetwork = function(data, networkArg) { - var network = Network.get(networkArg); - if (!network) { - return new errors.InvalidNetworkArgument(networkArg); - } - var version = data.slice(HDPublicKey.VersionStart, HDPublicKey.VersionEnd); - if (BufferUtil.integerFromBuffer(version) !== network.xpubkey) { - return new errors.InvalidNetwork(version); - } - return null; -}; + itwdf_ = rtwdf * itwdf_ + itwdf * rtwdf_; + rtwdf_ = rx; + } + } + } + } + }; -HDPublicKey.prototype._buildFromPrivate = function (arg) { - var args = _.clone(arg._buffers); - var point = Point.getG().mul(BN.fromBuffer(args.privateKey)); - args.publicKey = Point.pointToCompressed(point); - args.version = BufferUtil.integerAsBuffer(Network.get(BufferUtil.integerFromBuffer(args.version)).xpubkey); - args.privateKey = undefined; - args.checksum = undefined; - args.xprivkey = undefined; - return this._buildFromBuffers(args); -}; + FFTM.prototype.guessLen13b = function guessLen13b (n, m) { + var N = Math.max(m, n) | 1; + var odd = N & 1; + var i = 0; + for (N = N / 2 | 0; N; N = N >>> 1) { + i++; + } -HDPublicKey.prototype._buildFromObject = function(arg) { - /* jshint maxcomplexity: 10 */ - // TODO: Type validation - var buffers = { - version: arg.network ? BufferUtil.integerAsBuffer(Network.get(arg.network).xpubkey) : arg.version, - depth: _.isNumber(arg.depth) ? BufferUtil.integerAsSingleByteBuffer(arg.depth) : arg.depth, - parentFingerPrint: _.isNumber(arg.parentFingerPrint) ? BufferUtil.integerAsBuffer(arg.parentFingerPrint) : arg.parentFingerPrint, - childIndex: _.isNumber(arg.childIndex) ? BufferUtil.integerAsBuffer(arg.childIndex) : arg.childIndex, - chainCode: _.isString(arg.chainCode) ? BufferUtil.hexToBuffer(arg.chainCode) : arg.chainCode, - publicKey: _.isString(arg.publicKey) ? BufferUtil.hexToBuffer(arg.publicKey) : - BufferUtil.isBuffer(arg.publicKey) ? arg.publicKey : arg.publicKey.toBuffer(), - checksum: _.isNumber(arg.checksum) ? BufferUtil.integerAsBuffer(arg.checksum) : arg.checksum + return 1 << i + 1 + odd; }; - return this._buildFromBuffers(buffers); -}; -HDPublicKey.prototype._buildFromSerialized = function(arg) { - var decoded = Base58Check.decode(arg); - var buffers = { - version: decoded.slice(HDPublicKey.VersionStart, HDPublicKey.VersionEnd), - depth: decoded.slice(HDPublicKey.DepthStart, HDPublicKey.DepthEnd), - parentFingerPrint: decoded.slice(HDPublicKey.ParentFingerPrintStart, - HDPublicKey.ParentFingerPrintEnd), - childIndex: decoded.slice(HDPublicKey.ChildIndexStart, HDPublicKey.ChildIndexEnd), - chainCode: decoded.slice(HDPublicKey.ChainCodeStart, HDPublicKey.ChainCodeEnd), - publicKey: decoded.slice(HDPublicKey.PublicKeyStart, HDPublicKey.PublicKeyEnd), - checksum: decoded.slice(HDPublicKey.ChecksumStart, HDPublicKey.ChecksumEnd), - xpubkey: arg - }; - return this._buildFromBuffers(buffers); -}; + FFTM.prototype.conjugate = function conjugate (rws, iws, N) { + if (N <= 1) return; -/** - * Receives a object with buffers in all the properties and populates the - * internal structure - * - * @param {Object} arg - * @param {buffer.Buffer} arg.version - * @param {buffer.Buffer} arg.depth - * @param {buffer.Buffer} arg.parentFingerPrint - * @param {buffer.Buffer} arg.childIndex - * @param {buffer.Buffer} arg.chainCode - * @param {buffer.Buffer} arg.publicKey - * @param {buffer.Buffer} arg.checksum - * @param {string=} arg.xpubkey - if set, don't recalculate the base58 - * representation - * @return {HDPublicKey} this - */ -HDPublicKey.prototype._buildFromBuffers = function(arg) { - /* jshint maxcomplexity: 8 */ - /* jshint maxstatements: 20 */ + for (var i = 0; i < N / 2; i++) { + var t = rws[i]; - HDPublicKey._validateBufferArguments(arg); + rws[i] = rws[N - i - 1]; + rws[N - i - 1] = t; - JSUtil.defineImmutable(this, { - _buffers: arg - }); + t = iws[i]; - var sequence = [ - arg.version, arg.depth, arg.parentFingerPrint, arg.childIndex, arg.chainCode, - arg.publicKey - ]; - var concat = BufferUtil.concat(sequence); - var checksum = Base58Check.checksum(concat); - if (!arg.checksum || !arg.checksum.length) { - arg.checksum = checksum; - } else { - if (arg.checksum.toString('hex') !== checksum.toString('hex')) { - throw new errors.InvalidB58Checksum(concat, checksum); + iws[i] = -iws[N - i - 1]; + iws[N - i - 1] = -t; } - } - var network = Network.get(BufferUtil.integerFromBuffer(arg.version)); - - var xpubkey; - xpubkey = Base58Check.encode(BufferUtil.concat(sequence)); - arg.xpubkey = new Buffer(xpubkey); + }; - var publicKey = new PublicKey(arg.publicKey, {network: network}); - var size = HDPublicKey.ParentFingerPrintSize; - var fingerPrint = Hash.sha256ripemd160(publicKey.toBuffer()).slice(0, size); + FFTM.prototype.normalize13b = function normalize13b (ws, N) { + var carry = 0; + for (var i = 0; i < N / 2; i++) { + var w = Math.round(ws[2 * i + 1] / N) * 0x2000 + + Math.round(ws[2 * i] / N) + + carry; - JSUtil.defineImmutable(this, { - xpubkey: xpubkey, - network: network, - depth: BufferUtil.integerFromSingleByteBuffer(arg.depth), - publicKey: publicKey, - fingerPrint: fingerPrint - }); + ws[i] = w & 0x3ffffff; - return this; -}; + if (w < 0x4000000) { + carry = 0; + } else { + carry = w / 0x4000000 | 0; + } + } -HDPublicKey._validateBufferArguments = function(arg) { - var checkBuffer = function(name, size) { - var buff = arg[name]; - assert(BufferUtil.isBuffer(buff), name + ' argument is not a buffer, it\'s ' + typeof buff); - assert( - buff.length === size, - name + ' has not the expected size: found ' + buff.length + ', expected ' + size - ); + return ws; }; - checkBuffer('version', HDPublicKey.VersionSize); - checkBuffer('depth', HDPublicKey.DepthSize); - checkBuffer('parentFingerPrint', HDPublicKey.ParentFingerPrintSize); - checkBuffer('childIndex', HDPublicKey.ChildIndexSize); - checkBuffer('chainCode', HDPublicKey.ChainCodeSize); - checkBuffer('publicKey', HDPublicKey.PublicKeySize); - if (arg.checksum && arg.checksum.length) { - checkBuffer('checksum', HDPublicKey.CheckSumSize); - } -}; -HDPublicKey.fromString = function(arg) { - $.checkArgument(_.isString(arg), 'No valid string was provided'); - return new HDPublicKey(arg); -}; + FFTM.prototype.convert13b = function convert13b (ws, len, rws, N) { + var carry = 0; + for (var i = 0; i < len; i++) { + carry = carry + (ws[i] | 0); -HDPublicKey.fromObject = function(arg) { - $.checkArgument(_.isObject(arg), 'No valid argument was provided'); - return new HDPublicKey(arg); -}; + rws[2 * i] = carry & 0x1fff; carry = carry >>> 13; + rws[2 * i + 1] = carry & 0x1fff; carry = carry >>> 13; + } -/** - * Returns the base58 checked representation of the public key - * @return {string} a string starting with "xpub..." in livenet - */ -HDPublicKey.prototype.toString = function() { - return this.xpubkey; -}; + // Pad with zeroes + for (i = 2 * len; i < N; ++i) { + rws[i] = 0; + } -/** - * Returns the console representation of this extended public key. - * @return string - */ -HDPublicKey.prototype.inspect = function() { - return ''; -}; + assert(carry === 0); + assert((carry & ~0x1fff) === 0); + }; -/** - * Returns a plain JavaScript object with information to reconstruct a key. - * - * Fields are:
    - *
  • network: 'livenet' or 'testnet' - *
  • depth: a number from 0 to 255, the depth to the master extended key - *
  • fingerPrint: a number of 32 bits taken from the hash of the public key - *
  • fingerPrint: a number of 32 bits taken from the hash of this key's - *
  • parent's public key - *
  • childIndex: index with which this key was derived - *
  • chainCode: string in hexa encoding used for derivation - *
  • publicKey: string, hexa encoded, in compressed key format - *
  • checksum: BufferUtil.integerFromBuffer(this._buffers.checksum), - *
  • xpubkey: the string with the base58 representation of this extended key - *
  • checksum: the base58 checksum of xpubkey - *
- */ -HDPublicKey.prototype.toObject = HDPublicKey.prototype.toJSON = function toObject() { - return { - network: Network.get(BufferUtil.integerFromBuffer(this._buffers.version)).name, - depth: BufferUtil.integerFromSingleByteBuffer(this._buffers.depth), - fingerPrint: BufferUtil.integerFromBuffer(this.fingerPrint), - parentFingerPrint: BufferUtil.integerFromBuffer(this._buffers.parentFingerPrint), - childIndex: BufferUtil.integerFromBuffer(this._buffers.childIndex), - chainCode: BufferUtil.bufferToHex(this._buffers.chainCode), - publicKey: this.publicKey.toString(), - checksum: BufferUtil.integerFromBuffer(this._buffers.checksum), - xpubkey: this.xpubkey + FFTM.prototype.stub = function stub (N) { + var ph = new Array(N); + for (var i = 0; i < N; i++) { + ph[i] = 0; + } + + return ph; }; -}; -/** - * Create a HDPublicKey from a buffer argument - * - * @param {Buffer} arg - * @return {HDPublicKey} - */ -HDPublicKey.fromBuffer = function(arg) { - return new HDPublicKey(arg); -}; + FFTM.prototype.mulp = function mulp (x, y, out) { + var N = 2 * this.guessLen13b(x.length, y.length); -/** - * Return a buffer representation of the xpubkey - * - * @return {Buffer} - */ -HDPublicKey.prototype.toBuffer = function() { - return BufferUtil.copy(this._buffers.xpubkey); -}; + var rbt = this.makeRBT(N); -HDPublicKey.Hardened = 0x80000000; -HDPublicKey.RootElementAlias = ['m', 'M']; + var _ = this.stub(N); -HDPublicKey.VersionSize = 4; -HDPublicKey.DepthSize = 1; -HDPublicKey.ParentFingerPrintSize = 4; -HDPublicKey.ChildIndexSize = 4; -HDPublicKey.ChainCodeSize = 32; -HDPublicKey.PublicKeySize = 33; -HDPublicKey.CheckSumSize = 4; + var rws = new Array(N); + var rwst = new Array(N); + var iwst = new Array(N); -HDPublicKey.DataSize = 78; -HDPublicKey.SerializedByteSize = 82; + var nrws = new Array(N); + var nrwst = new Array(N); + var niwst = new Array(N); -HDPublicKey.VersionStart = 0; -HDPublicKey.VersionEnd = HDPublicKey.VersionStart + HDPublicKey.VersionSize; -HDPublicKey.DepthStart = HDPublicKey.VersionEnd; -HDPublicKey.DepthEnd = HDPublicKey.DepthStart + HDPublicKey.DepthSize; -HDPublicKey.ParentFingerPrintStart = HDPublicKey.DepthEnd; -HDPublicKey.ParentFingerPrintEnd = HDPublicKey.ParentFingerPrintStart + HDPublicKey.ParentFingerPrintSize; -HDPublicKey.ChildIndexStart = HDPublicKey.ParentFingerPrintEnd; -HDPublicKey.ChildIndexEnd = HDPublicKey.ChildIndexStart + HDPublicKey.ChildIndexSize; -HDPublicKey.ChainCodeStart = HDPublicKey.ChildIndexEnd; -HDPublicKey.ChainCodeEnd = HDPublicKey.ChainCodeStart + HDPublicKey.ChainCodeSize; -HDPublicKey.PublicKeyStart = HDPublicKey.ChainCodeEnd; -HDPublicKey.PublicKeyEnd = HDPublicKey.PublicKeyStart + HDPublicKey.PublicKeySize; -HDPublicKey.ChecksumStart = HDPublicKey.PublicKeyEnd; -HDPublicKey.ChecksumEnd = HDPublicKey.ChecksumStart + HDPublicKey.CheckSumSize; + var rmws = out.words; + rmws.length = N; -assert(HDPublicKey.PublicKeyEnd === HDPublicKey.DataSize); -assert(HDPublicKey.ChecksumEnd === HDPublicKey.SerializedByteSize); + this.convert13b(x.words, x.length, rws, N); + this.convert13b(y.words, y.length, nrws, N); -module.exports = HDPublicKey; + this.transform(rws, _, rwst, iwst, N, rbt); + this.transform(nrws, _, nrwst, niwst, N, rbt); -}).call(this,require("buffer").Buffer) -},{"./crypto/bn":13,"./crypto/hash":15,"./crypto/point":16,"./encoding/base58":19,"./encoding/base58check":20,"./errors":24,"./hdkeycache":26,"./hdprivatekey":27,"./networks":29,"./publickey":32,"./util/buffer":50,"./util/js":51,"./util/preconditions":52,"assert":92,"buffer":94,"lodash":78}],29:[function(require,module,exports){ -'use strict'; -var _ = require('lodash'); + for (var i = 0; i < N; i++) { + var rx = rwst[i] * nrwst[i] - iwst[i] * niwst[i]; + iwst[i] = rwst[i] * niwst[i] + iwst[i] * nrwst[i]; + rwst[i] = rx; + } -var BufferUtil = require('./util/buffer'); -var JSUtil = require('./util/js'); -var networks = []; -var networkMaps = {}; + this.conjugate(rwst, iwst, N); + this.transform(rwst, iwst, rmws, _, N, rbt); + this.conjugate(rmws, _, N); + this.normalize13b(rmws, N); -/** - * A network is merely a map containing values that correspond to version - * numbers for each bitcoin network. Currently only supporting "livenet" - * (a.k.a. "mainnet") and "testnet". - * @constructor - */ -function Network() {} + out.negative = x.negative ^ y.negative; + out.length = x.length + y.length; + return out.strip(); + }; -Network.prototype.toString = function toString() { - return this.name; -}; + // Multiply `this` by `num` + BN.prototype.mul = function mul (num) { + var out = new BN(null); + out.words = new Array(this.length + num.length); + return this.mulTo(num, out); + }; -/** - * @function - * @member Networks#get - * Retrieves the network associated with a magic number or string. - * @param {string|number|Network} arg - * @param {string|Array} keys - if set, only check if the magic number associated with this name matches - * @return Network - */ -function get(arg, keys) { - if (~networks.indexOf(arg)) { - return arg; - } - if (keys) { - if (!_.isArray(keys)) { - keys = [keys]; + // Multiply employing FFT + BN.prototype.mulf = function mulf (num) { + var out = new BN(null); + out.words = new Array(this.length + num.length); + return jumboMulTo(this, num, out); + }; + + // In-place Multiplication + BN.prototype.imul = function imul (num) { + return this.clone().mulTo(num, this); + }; + + BN.prototype.imuln = function imuln (num) { + assert(typeof num === 'number'); + assert(num < 0x4000000); + + // Carry + var carry = 0; + for (var i = 0; i < this.length; i++) { + var w = (this.words[i] | 0) * num; + var lo = (w & 0x3ffffff) + (carry & 0x3ffffff); + carry >>= 26; + carry += (w / 0x4000000) | 0; + // NOTE: lo is 27bit maximum + carry += lo >>> 26; + this.words[i] = lo & 0x3ffffff; } - var containsArg = function(key) { - return networks[index][key] === arg; - }; - for (var index in networks) { - if (_.any(keys, containsArg)) { - return networks[index]; - } + + if (carry !== 0) { + this.words[i] = carry; + this.length++; } - return undefined; - } - return networkMaps[arg]; -} -/** - * @function - * @member Networks#add - * Will add a custom Network - * @param {Object} data - * @param {string} data.name - The name of the network - * @param {string} data.alias - The aliased name of the network - * @param {Number} data.pubkeyhash - The publickey hash prefix - * @param {Number} data.privatekey - The privatekey prefix - * @param {Number} data.scripthash - The scripthash prefix - * @param {Number} data.xpubkey - The extended public key magic - * @param {Number} data.xprivkey - The extended private key magic - * @param {Number} data.networkMagic - The network magic number - * @param {Number} data.port - The network port - * @param {Array} data.dnsSeeds - An array of dns seeds - * @return Network - */ -function addNetwork(data) { + return this; + }; - var network = new Network(); + BN.prototype.muln = function muln (num) { + return this.clone().imuln(num); + }; - JSUtil.defineImmutable(network, { - name: data.name, - alias: data.alias, - pubkeyhash: data.pubkeyhash, - privatekey: data.privatekey, - scripthash: data.scripthash, - xpubkey: data.xpubkey, - xprivkey: data.xprivkey - }); + // `this` * `this` + BN.prototype.sqr = function sqr () { + return this.mul(this); + }; - if (data.networkMagic) { - JSUtil.defineImmutable(network, { - networkMagic: BufferUtil.integerAsBuffer(data.networkMagic) - }); - } + // `this` * `this` in-place + BN.prototype.isqr = function isqr () { + return this.imul(this.clone()); + }; - if (data.port) { - JSUtil.defineImmutable(network, { - port: data.port - }); - } + // Math.pow(`this`, `num`) + BN.prototype.pow = function pow (num) { + var w = toBitArray(num); + if (w.length === 0) return new BN(1); - if (data.dnsSeeds) { - JSUtil.defineImmutable(network, { - dnsSeeds: data.dnsSeeds - }); - } - _.each(network, function(value) { - if (!_.isUndefined(value) && !_.isObject(value)) { - networkMaps[value] = network; + // Skip leading zeroes + var res = this; + for (var i = 0; i < w.length; i++, res = res.sqr()) { + if (w[i] !== 0) break; } - }); - networks.push(network); + if (++i < w.length) { + for (var q = res.sqr(); i < w.length; i++, q = q.sqr()) { + if (w[i] === 0) continue; - return network; + res = res.mul(q); + } + } -} + return res; + }; -/** - * @function - * @member Networks#remove - * Will remove a custom network - * @param {Network} network - */ -function removeNetwork(network) { - for (var i = 0; i < networks.length; i++) { - if (networks[i] === network) { - networks.splice(i, 1); - } - } - for (var key in networkMaps) { - if (networkMaps[key] === network) { - delete networkMaps[key]; + // Shift-left in-place + BN.prototype.iushln = function iushln (bits) { + assert(typeof bits === 'number' && bits >= 0); + var r = bits % 26; + var s = (bits - r) / 26; + var carryMask = (0x3ffffff >>> (26 - r)) << (26 - r); + var i; + + if (r !== 0) { + var carry = 0; + + for (i = 0; i < this.length; i++) { + var newCarry = this.words[i] & carryMask; + var c = ((this.words[i] | 0) - newCarry) << r; + this.words[i] = c | carry; + carry = newCarry >>> (26 - r); + } + + if (carry) { + this.words[i] = carry; + this.length++; + } } - } -} -addNetwork({ - name: 'livenet', - alias: 'mainnet', - pubkeyhash: 0x00, - privatekey: 0x80, - scripthash: 0x05, - xpubkey: 0x0488b21e, - xprivkey: 0x0488ade4, - networkMagic: 0xf9beb4d9, - port: 8333, - dnsSeeds: [ - 'seed.bitcoin.sipa.be', - 'dnsseed.bluematt.me', - 'dnsseed.bitcoin.dashjr.org', - 'seed.bitcoinstats.com', - 'seed.bitnodes.io', - 'bitseed.xf2.org' - ] -}); + if (s !== 0) { + for (i = this.length - 1; i >= 0; i--) { + this.words[i + s] = this.words[i]; + } -/** - * @instance - * @member Networks#livenet - */ -var livenet = get('livenet'); + for (i = 0; i < s; i++) { + this.words[i] = 0; + } -addNetwork({ - name: 'testnet', - alias: 'regtest', - pubkeyhash: 0x6f, - privatekey: 0xef, - scripthash: 0xc4, - xpubkey: 0x043587cf, - xprivkey: 0x04358394 -}); + this.length += s; + } -/** - * @instance - * @member Networks#testnet - */ -var testnet = get('testnet'); + return this.strip(); + }; -// Add configurable values for testnet/regtest + BN.prototype.ishln = function ishln (bits) { + // TODO(indutny): implement me + assert(this.negative === 0); + return this.iushln(bits); + }; -var TESTNET = { - PORT: 18333, - NETWORK_MAGIC: BufferUtil.integerAsBuffer(0x0b110907), - DNS_SEEDS: [ - 'testnet-seed.bitcoin.petertodd.org', - 'testnet-seed.bluematt.me', - 'testnet-seed.alexykot.me', - 'testnet-seed.bitcoin.schildbach.de' - ] -}; + // Shift-right in-place + // NOTE: `hint` is a lowest bit before trailing zeroes + // NOTE: if `extended` is present - it will be filled with destroyed bits + BN.prototype.iushrn = function iushrn (bits, hint, extended) { + assert(typeof bits === 'number' && bits >= 0); + var h; + if (hint) { + h = (hint - (hint % 26)) / 26; + } else { + h = 0; + } -for (var key in TESTNET) { - if (!_.isObject(TESTNET[key])) { - networkMaps[TESTNET[key]] = testnet; - } -} + var r = bits % 26; + var s = Math.min((bits - r) / 26, this.length); + var mask = 0x3ffffff ^ ((0x3ffffff >>> r) << r); + var maskedWords = extended; -var REGTEST = { - PORT: 18444, - NETWORK_MAGIC: BufferUtil.integerAsBuffer(0xfabfb5da), - DNS_SEEDS: [] -}; + h -= s; + h = Math.max(0, h); -for (var key in REGTEST) { - if (!_.isObject(REGTEST[key])) { - networkMaps[REGTEST[key]] = testnet; - } -} + // Extended mode, copy masked part + if (maskedWords) { + for (var i = 0; i < s; i++) { + maskedWords.words[i] = this.words[i]; + } + maskedWords.length = s; + } -Object.defineProperty(testnet, 'port', { - enumerable: true, - configurable: false, - get: function() { - if (this.regtestEnabled) { - return REGTEST.PORT; + if (s === 0) { + // No-op, we should not move anything at all + } else if (this.length > s) { + this.length -= s; + for (i = 0; i < this.length; i++) { + this.words[i] = this.words[i + s]; + } } else { - return TESTNET.PORT; + this.words[0] = 0; + this.length = 1; } - } -}); -Object.defineProperty(testnet, 'networkMagic', { - enumerable: true, - configurable: false, - get: function() { - if (this.regtestEnabled) { - return REGTEST.NETWORK_MAGIC; - } else { - return TESTNET.NETWORK_MAGIC; + var carry = 0; + for (i = this.length - 1; i >= 0 && (carry !== 0 || i >= h); i--) { + var word = this.words[i] | 0; + this.words[i] = (carry << (26 - r)) | (word >>> r); + carry = word & mask; } - } -}); -Object.defineProperty(testnet, 'dnsSeeds', { - enumerable: true, - configurable: false, - get: function() { - if (this.regtestEnabled) { - return REGTEST.DNS_SEEDS; - } else { - return TESTNET.DNS_SEEDS; + // Push carried bits as a mask + if (maskedWords && carry !== 0) { + maskedWords.words[maskedWords.length++] = carry; } - } -}); -/** - * @function - * @member Networks#enableRegtest - * Will enable regtest features for testnet - */ -function enableRegtest() { - testnet.regtestEnabled = true; -} + if (this.length === 0) { + this.words[0] = 0; + this.length = 1; + } -/** - * @function - * @member Networks#disableRegtest - * Will disable regtest features for testnet - */ -function disableRegtest() { - testnet.regtestEnabled = false; -} + return this.strip(); + }; -/** - * @namespace Networks - */ -module.exports = { - add: addNetwork, - remove: removeNetwork, - defaultNetwork: livenet, - livenet: livenet, - mainnet: livenet, - testnet: testnet, - get: get, - enableRegtest: enableRegtest, - disableRegtest: disableRegtest -}; + BN.prototype.ishrn = function ishrn (bits, hint, extended) { + // TODO(indutny): implement me + assert(this.negative === 0); + return this.iushrn(bits, hint, extended); + }; -},{"./util/buffer":50,"./util/js":51,"lodash":78}],30:[function(require,module,exports){ -(function (Buffer){ -'use strict'; + // Shift-left + BN.prototype.shln = function shln (bits) { + return this.clone().ishln(bits); + }; -var _ = require('lodash'); -var $ = require('./util/preconditions'); -var BufferUtil = require('./util/buffer'); -var JSUtil = require('./util/js'); + BN.prototype.ushln = function ushln (bits) { + return this.clone().iushln(bits); + }; -function Opcode(num) { - if (!(this instanceof Opcode)) { - return new Opcode(num); - } + // Shift-right + BN.prototype.shrn = function shrn (bits) { + return this.clone().ishrn(bits); + }; - var value; + BN.prototype.ushrn = function ushrn (bits) { + return this.clone().iushrn(bits); + }; - if (_.isNumber(num)) { - value = num; - } else if (_.isString(num)) { - value = Opcode.map[num]; - } else { - throw new TypeError('Unrecognized num type: "' + typeof(num) + '" for Opcode'); - } + // Test if n bit is set + BN.prototype.testn = function testn (bit) { + assert(typeof bit === 'number' && bit >= 0); + var r = bit % 26; + var s = (bit - r) / 26; + var q = 1 << r; - JSUtil.defineImmutable(this, { - num: value - }); + // Fast case: bit is much higher than all existing words + if (this.length <= s) return false; - return this; -} + // Check bit and return + var w = this.words[s]; -Opcode.fromBuffer = function(buf) { - $.checkArgument(BufferUtil.isBuffer(buf)); - return new Opcode(Number('0x' + buf.toString('hex'))); -}; + return !!(w & q); + }; -Opcode.fromNumber = function(num) { - $.checkArgument(_.isNumber(num)); - return new Opcode(num); -}; + // Return only lowers bits of number (in-place) + BN.prototype.imaskn = function imaskn (bits) { + assert(typeof bits === 'number' && bits >= 0); + var r = bits % 26; + var s = (bits - r) / 26; -Opcode.fromString = function(str) { - $.checkArgument(_.isString(str)); - var value = Opcode.map[str]; - if (typeof value === 'undefined') { - throw new TypeError('Invalid opcodestr'); - } - return new Opcode(value); -}; + assert(this.negative === 0, 'imaskn works only with positive numbers'); -Opcode.prototype.toHex = function() { - return this.num.toString(16); -}; + if (this.length <= s) { + return this; + } -Opcode.prototype.toBuffer = function() { - return new Buffer(this.toHex(), 'hex'); -}; + if (r !== 0) { + s++; + } + this.length = Math.min(s, this.length); -Opcode.prototype.toNumber = function() { - return this.num; -}; + if (r !== 0) { + var mask = 0x3ffffff ^ ((0x3ffffff >>> r) << r); + this.words[this.length - 1] &= mask; + } -Opcode.prototype.toString = function() { - var str = Opcode.reverseMap[this.num]; - if (typeof str === 'undefined') { - throw new Error('Opcode does not have a string representation'); - } - return str; -}; + return this.strip(); + }; -Opcode.smallInt = function(n) { - $.checkArgument(_.isNumber(n), 'Invalid Argument: n should be number'); - $.checkArgument(n >= 0 && n <= 16, 'Invalid Argument: n must be between 0 and 16'); - if (n === 0) { - return Opcode('OP_0'); - } - return new Opcode(Opcode.map.OP_1 + n - 1); -}; + // Return only lowers bits of number + BN.prototype.maskn = function maskn (bits) { + return this.clone().imaskn(bits); + }; -Opcode.map = { - // push value - OP_FALSE: 0, - OP_0: 0, - OP_PUSHDATA1: 76, - OP_PUSHDATA2: 77, - OP_PUSHDATA4: 78, - OP_1NEGATE: 79, - OP_RESERVED: 80, - OP_TRUE: 81, - OP_1: 81, - OP_2: 82, - OP_3: 83, - OP_4: 84, - OP_5: 85, - OP_6: 86, - OP_7: 87, - OP_8: 88, - OP_9: 89, - OP_10: 90, - OP_11: 91, - OP_12: 92, - OP_13: 93, - OP_14: 94, - OP_15: 95, - OP_16: 96, + // Add plain number `num` to `this` + BN.prototype.iaddn = function iaddn (num) { + assert(typeof num === 'number'); + assert(num < 0x4000000); + if (num < 0) return this.isubn(-num); - // control - OP_NOP: 97, - OP_VER: 98, - OP_IF: 99, - OP_NOTIF: 100, - OP_VERIF: 101, - OP_VERNOTIF: 102, - OP_ELSE: 103, - OP_ENDIF: 104, - OP_VERIFY: 105, - OP_RETURN: 106, + // Possible sign change + if (this.negative !== 0) { + if (this.length === 1 && (this.words[0] | 0) < num) { + this.words[0] = num - (this.words[0] | 0); + this.negative = 0; + return this; + } - // stack ops - OP_TOALTSTACK: 107, - OP_FROMALTSTACK: 108, - OP_2DROP: 109, - OP_2DUP: 110, - OP_3DUP: 111, - OP_2OVER: 112, - OP_2ROT: 113, - OP_2SWAP: 114, - OP_IFDUP: 115, - OP_DEPTH: 116, - OP_DROP: 117, - OP_DUP: 118, - OP_NIP: 119, - OP_OVER: 120, - OP_PICK: 121, - OP_ROLL: 122, - OP_ROT: 123, - OP_SWAP: 124, - OP_TUCK: 125, + this.negative = 0; + this.isubn(num); + this.negative = 1; + return this; + } - // splice ops - OP_CAT: 126, - OP_SUBSTR: 127, - OP_LEFT: 128, - OP_RIGHT: 129, - OP_SIZE: 130, + // Add without checks + return this._iaddn(num); + }; - // bit logic - OP_INVERT: 131, - OP_AND: 132, - OP_OR: 133, - OP_XOR: 134, - OP_EQUAL: 135, - OP_EQUALVERIFY: 136, - OP_RESERVED1: 137, - OP_RESERVED2: 138, + BN.prototype._iaddn = function _iaddn (num) { + this.words[0] += num; - // numeric - OP_1ADD: 139, - OP_1SUB: 140, - OP_2MUL: 141, - OP_2DIV: 142, - OP_NEGATE: 143, - OP_ABS: 144, - OP_NOT: 145, - OP_0NOTEQUAL: 146, + // Carry + for (var i = 0; i < this.length && this.words[i] >= 0x4000000; i++) { + this.words[i] -= 0x4000000; + if (i === this.length - 1) { + this.words[i + 1] = 1; + } else { + this.words[i + 1]++; + } + } + this.length = Math.max(this.length, i + 1); - OP_ADD: 147, - OP_SUB: 148, - OP_MUL: 149, - OP_DIV: 150, - OP_MOD: 151, - OP_LSHIFT: 152, - OP_RSHIFT: 153, + return this; + }; - OP_BOOLAND: 154, - OP_BOOLOR: 155, - OP_NUMEQUAL: 156, - OP_NUMEQUALVERIFY: 157, - OP_NUMNOTEQUAL: 158, - OP_LESSTHAN: 159, - OP_GREATERTHAN: 160, - OP_LESSTHANOREQUAL: 161, - OP_GREATERTHANOREQUAL: 162, - OP_MIN: 163, - OP_MAX: 164, + // Subtract plain number `num` from `this` + BN.prototype.isubn = function isubn (num) { + assert(typeof num === 'number'); + assert(num < 0x4000000); + if (num < 0) return this.iaddn(-num); - OP_WITHIN: 165, + if (this.negative !== 0) { + this.negative = 0; + this.iaddn(num); + this.negative = 1; + return this; + } - // crypto - OP_RIPEMD160: 166, - OP_SHA1: 167, - OP_SHA256: 168, - OP_HASH160: 169, - OP_HASH256: 170, - OP_CODESEPARATOR: 171, - OP_CHECKSIG: 172, - OP_CHECKSIGVERIFY: 173, - OP_CHECKMULTISIG: 174, - OP_CHECKMULTISIGVERIFY: 175, + this.words[0] -= num; - OP_CHECKLOCKTIMEVERIFY: 177, + if (this.length === 1 && this.words[0] < 0) { + this.words[0] = -this.words[0]; + this.negative = 1; + } else { + // Carry + for (var i = 0; i < this.length && this.words[i] < 0; i++) { + this.words[i] += 0x4000000; + this.words[i + 1] -= 1; + } + } - // expansion - OP_NOP1: 176, - OP_NOP2: 177, - OP_NOP3: 178, - OP_NOP4: 179, - OP_NOP5: 180, - OP_NOP6: 181, - OP_NOP7: 182, - OP_NOP8: 183, - OP_NOP9: 184, - OP_NOP10: 185, + return this.strip(); + }; - // template matching params - OP_PUBKEYHASH: 253, - OP_PUBKEY: 254, - OP_INVALIDOPCODE: 255 -}; + BN.prototype.addn = function addn (num) { + return this.clone().iaddn(num); + }; -Opcode.reverseMap = []; + BN.prototype.subn = function subn (num) { + return this.clone().isubn(num); + }; -for (var k in Opcode.map) { - Opcode.reverseMap[Opcode.map[k]] = k; -} + BN.prototype.iabs = function iabs () { + this.negative = 0; -// Easier access to opcodes -_.extend(Opcode, Opcode.map); + return this; + }; -/** - * @returns true if opcode is one of OP_0, OP_1, ..., OP_16 - */ -Opcode.isSmallIntOp = function(opcode) { - if (opcode instanceof Opcode) { - opcode = opcode.toNumber(); - } - return ((opcode === Opcode.map.OP_0) || - ((opcode >= Opcode.map.OP_1) && (opcode <= Opcode.map.OP_16))); -}; + BN.prototype.abs = function abs () { + return this.clone().iabs(); + }; -/** - * Will return a string formatted for the console - * - * @returns {string} Script opcode - */ -Opcode.prototype.inspect = function() { - return ''; -}; + BN.prototype._ishlnsubmul = function _ishlnsubmul (num, mul, shift) { + var len = num.length + shift; + var i; -module.exports = Opcode; + this._expand(len); -}).call(this,require("buffer").Buffer) -},{"./util/buffer":50,"./util/js":51,"./util/preconditions":52,"buffer":94,"lodash":78}],31:[function(require,module,exports){ -(function (Buffer){ -'use strict'; + var w; + var carry = 0; + for (i = 0; i < num.length; i++) { + w = (this.words[i + shift] | 0) + carry; + var right = (num.words[i] | 0) * mul; + w -= right & 0x3ffffff; + carry = (w >> 26) - ((right / 0x4000000) | 0); + this.words[i + shift] = w & 0x3ffffff; + } + for (; i < this.length - shift; i++) { + w = (this.words[i + shift] | 0) + carry; + carry = w >> 26; + this.words[i + shift] = w & 0x3ffffff; + } -var _ = require('lodash'); -var Address = require('./address'); -var Base58Check = require('./encoding/base58check'); -var BN = require('./crypto/bn'); -var JSUtil = require('./util/js'); -var Networks = require('./networks'); -var Point = require('./crypto/point'); -var PublicKey = require('./publickey'); -var Random = require('./crypto/random'); -var $ = require('./util/preconditions'); + if (carry === 0) return this.strip(); -/** - * Instantiate a PrivateKey from a BN, Buffer and WIF. - * - * @example - * ```javascript - * // generate a new random key - * var key = PrivateKey(); - * - * // get the associated address - * var address = key.toAddress(); - * - * // encode into wallet export format - * var exported = key.toWIF(); - * - * // instantiate from the exported (and saved) private key - * var imported = PrivateKey.fromWIF(exported); - * ``` - * - * @param {string} data - The encoded data in various formats - * @param {Network|string=} network - a {@link Network} object, or a string with the network name - * @returns {PrivateKey} A new valid instance of an PrivateKey - * @constructor - */ -function PrivateKey(data, network) { - /* jshint maxstatements: 20 */ - /* jshint maxcomplexity: 8 */ + // Subtraction overflow + assert(carry === -1); + carry = 0; + for (i = 0; i < this.length; i++) { + w = -(this.words[i] | 0) + carry; + carry = w >> 26; + this.words[i] = w & 0x3ffffff; + } + this.negative = 1; - if (!(this instanceof PrivateKey)) { - return new PrivateKey(data, network); - } - if (data instanceof PrivateKey) { - return data; - } + return this.strip(); + }; - var info = this._classifyArguments(data, network); + BN.prototype._wordDiv = function _wordDiv (num, mode) { + var shift = this.length - num.length; - // validation - if (!info.bn || info.bn.cmp(new BN(0)) === 0){ - throw new TypeError('Number can not be equal to zero, undefined, null or false'); - } - if (!info.bn.lt(Point.getN())) { - throw new TypeError('Number must be less than N'); - } - if (typeof(info.network) === 'undefined') { - throw new TypeError('Must specify the network ("livenet" or "testnet")'); - } + var a = this.clone(); + var b = num; - JSUtil.defineImmutable(this, { - bn: info.bn, - compressed: info.compressed, - network: info.network - }); + // Normalize + var bhi = b.words[b.length - 1] | 0; + var bhiBits = this._countBits(bhi); + shift = 26 - bhiBits; + if (shift !== 0) { + b = b.ushln(shift); + a.iushln(shift); + bhi = b.words[b.length - 1] | 0; + } - Object.defineProperty(this, 'publicKey', { - configurable: false, - enumerable: true, - get: this.toPublicKey.bind(this) - }); + // Initialize quotient + var m = a.length - b.length; + var q; - return this; + if (mode !== 'mod') { + q = new BN(null); + q.length = m + 1; + q.words = new Array(q.length); + for (var i = 0; i < q.length; i++) { + q.words[i] = 0; + } + } -}; + var diff = a.clone()._ishlnsubmul(b, 1, m); + if (diff.negative === 0) { + a = diff; + if (q) { + q.words[m] = 1; + } + } -/** - * Internal helper to instantiate PrivateKey internal `info` object from - * different kinds of arguments passed to the constructor. - * - * @param {*} data - * @param {Network|string=} network - a {@link Network} object, or a string with the network name - * @return {Object} - */ -PrivateKey.prototype._classifyArguments = function(data, network) { - /* jshint maxcomplexity: 10 */ - var info = { - compressed: true, - network: network ? Networks.get(network) : Networks.defaultNetwork - }; + for (var j = m - 1; j >= 0; j--) { + var qj = (a.words[b.length + j] | 0) * 0x4000000 + + (a.words[b.length + j - 1] | 0); - // detect type of data - if (_.isUndefined(data) || _.isNull(data)){ - info.bn = PrivateKey._getRandomBN(); - } else if (data instanceof BN) { - info.bn = data; - } else if (data instanceof Buffer || data instanceof Uint8Array) { - info = PrivateKey._transformBuffer(data, network); - } else if (data.bn && data.network){ - info = PrivateKey._transformObject(data); - } else if (!network && Networks.get(data)) { - info.bn = PrivateKey._getRandomBN(); - info.network = Networks.get(data); - } else if (typeof(data) === 'string'){ - if (JSUtil.isHexa(data)) { - info.bn = new BN(new Buffer(data, 'hex')); - } else { - info = PrivateKey._transformWIF(data, network); + // NOTE: (qj / bhi) is (0x3ffffff * 0x4000000 + 0x3ffffff) / 0x2000000 max + // (0x7ffffff) + qj = Math.min((qj / bhi) | 0, 0x3ffffff); + + a._ishlnsubmul(b, qj, j); + while (a.negative !== 0) { + qj--; + a.negative = 0; + a._ishlnsubmul(b, 1, j); + if (!a.isZero()) { + a.negative ^= 1; + } + } + if (q) { + q.words[j] = qj; + } } - } else { - throw new TypeError('First argument is an unrecognized data type.'); - } - return info; -}; + if (q) { + q.strip(); + } + a.strip(); -/** - * Internal function to get a random Big Number (BN) - * - * @returns {BN} A new randomly generated BN - * @private - */ -PrivateKey._getRandomBN = function(){ - var condition; - var bn; - do { - var privbuf = Random.getRandomBuffer(32); - bn = BN.fromBuffer(privbuf); - condition = bn.lt(Point.getN()); - } while (!condition); - return bn; -}; + // Denormalize + if (mode !== 'div' && shift !== 0) { + a.iushrn(shift); + } -/** - * Internal function to transform a WIF Buffer into a private key - * - * @param {Buffer} buf - An WIF string - * @param {Network|string=} network - a {@link Network} object, or a string with the network name - * @returns {Object} An object with keys: bn, network and compressed - * @private - */ -PrivateKey._transformBuffer = function(buf, network) { + return { + div: q || null, + mod: a + }; + }; - var info = {}; + // NOTE: 1) `mode` can be set to `mod` to request mod only, + // to `div` to request div only, or be absent to + // request both div & mod + // 2) `positive` is true if unsigned mod is requested + BN.prototype.divmod = function divmod (num, mode, positive) { + assert(!num.isZero()); - if (buf.length === 32) { - return PrivateKey._transformBNBuffer(buf, network); - } + if (this.isZero()) { + return { + div: new BN(0), + mod: new BN(0) + }; + } - info.network = Networks.get(buf[0], 'privatekey'); + var div, mod, res; + if (this.negative !== 0 && num.negative === 0) { + res = this.neg().divmod(num, mode); - if (!info.network) { - throw new Error('Invalid network'); - } + if (mode !== 'mod') { + div = res.div.neg(); + } - if (network && info.network !== Networks.get(network)) { - throw new TypeError('Private key network mismatch'); - } + if (mode !== 'div') { + mod = res.mod.neg(); + if (positive && mod.negative !== 0) { + mod.iadd(num); + } + } - if (buf.length === 1 + 32 + 1 && buf[1 + 32 + 1 - 1] === 1) { - info.compressed = true; - } else if (buf.length === 1 + 32) { - info.compressed = false; - } else { - throw new Error('Length of buffer must be 33 (uncompressed) or 34 (compressed)'); - } + return { + div: div, + mod: mod + }; + } - info.bn = BN.fromBuffer(buf.slice(1, 32 + 1)); + if (this.negative === 0 && num.negative !== 0) { + res = this.divmod(num.neg(), mode); - return info; -}; + if (mode !== 'mod') { + div = res.div.neg(); + } -/** - * Internal function to transform a BN buffer into a private key - * - * @param {Buffer} buf - * @param {Network|string=} network - a {@link Network} object, or a string with the network name - * @returns {object} an Object with keys: bn, network, and compressed - * @private - */ -PrivateKey._transformBNBuffer = function(buf, network) { - var info = {}; - info.network = Networks.get(network) || Networks.defaultNetwork; - info.bn = BN.fromBuffer(buf); - info.compressed = false; - return info; -}; + return { + div: div, + mod: res.mod + }; + } -/** - * Internal function to transform a WIF string into a private key - * - * @param {string} buf - An WIF string - * @returns {Object} An object with keys: bn, network and compressed - * @private - */ -PrivateKey._transformWIF = function(str, network) { - return PrivateKey._transformBuffer(Base58Check.decode(str), network); -}; + if ((this.negative & num.negative) !== 0) { + res = this.neg().divmod(num.neg(), mode); -/** - * Instantiate a PrivateKey from a Buffer with the DER or WIF representation - * - * @param {Buffer} arg - * @param {Network} network - * @return {PrivateKey} - */ -PrivateKey.fromBuffer = function(arg, network) { - return new PrivateKey(arg, network); -}; + if (mode !== 'div') { + mod = res.mod.neg(); + if (positive && mod.negative !== 0) { + mod.isub(num); + } + } -/** - * Internal function to transform a JSON string on plain object into a private key - * return this. - * - * @param {string} json - A JSON string or plain object - * @returns {Object} An object with keys: bn, network and compressed - * @private - */ -PrivateKey._transformObject = function(json) { - var bn = new BN(json.bn, 'hex'); - var network = Networks.get(json.network); - return { - bn: bn, - network: network, - compressed: json.compressed - }; -}; + return { + div: res.div, + mod: mod + }; + } -/** - * Instantiate a PrivateKey from a WIF string - * - * @param {string} str - The WIF encoded private key string - * @returns {PrivateKey} A new valid instance of PrivateKey - */ -PrivateKey.fromString = PrivateKey.fromWIF = function(str) { - $.checkArgument(_.isString(str), 'First argument is expected to be a string.'); - return new PrivateKey(str); -}; + // Both numbers are positive at this point -/** - * Instantiate a PrivateKey from a plain JavaScript object - * - * @param {Object} obj - The output from privateKey.toObject() - */ -PrivateKey.fromObject = function(obj) { - $.checkArgument(_.isObject(obj), 'First argument is expected to be an object.'); - return new PrivateKey(obj); -}; + // Strip both numbers to approximate shift value + if (num.length > this.length || this.cmp(num) < 0) { + return { + div: new BN(0), + mod: this + }; + } -/** - * Instantiate a PrivateKey from random bytes - * - * @param {string=} network - Either "livenet" or "testnet" - * @returns {PrivateKey} A new valid instance of PrivateKey - */ -PrivateKey.fromRandom = function(network) { - var bn = PrivateKey._getRandomBN(); - return new PrivateKey(bn, network); -}; + // Very short reduction + if (num.length === 1) { + if (mode === 'div') { + return { + div: this.divn(num.words[0]), + mod: null + }; + } -/** - * Check if there would be any errors when initializing a PrivateKey - * - * @param {string} data - The encoded data in various formats - * @param {string=} network - Either "livenet" or "testnet" - * @returns {null|Error} An error if exists - */ + if (mode === 'mod') { + return { + div: null, + mod: new BN(this.modn(num.words[0])) + }; + } -PrivateKey.getValidationError = function(data, network) { - var error; - try { - /* jshint nonew: false */ - new PrivateKey(data, network); - } catch (e) { - error = e; - } - return error; -}; + return { + div: this.divn(num.words[0]), + mod: new BN(this.modn(num.words[0])) + }; + } -/** - * Check if the parameters are valid - * - * @param {string} data - The encoded data in various formats - * @param {string=} network - Either "livenet" or "testnet" - * @returns {Boolean} If the private key is would be valid - */ -PrivateKey.isValid = function(data, network){ - if (!data) { - return false; - } - return !PrivateKey.getValidationError(data, network); -}; + return this._wordDiv(num, mode); + }; -/** - * Will output the PrivateKey encoded as hex string - * - * @returns {string} - */ -PrivateKey.prototype.toString = function() { - return this.toBuffer().toString('hex'); -}; + // Find `this` / `num` + BN.prototype.div = function div (num) { + return this.divmod(num, 'div', false).div; + }; -/** - * Will output the PrivateKey to a WIF string - * - * @returns {string} A WIP representation of the private key - */ -PrivateKey.prototype.toWIF = function() { - var network = this.network; - var compressed = this.compressed; + // Find `this` % `num` + BN.prototype.mod = function mod (num) { + return this.divmod(num, 'mod', false).mod; + }; - var buf; - if (compressed) { - buf = Buffer.concat([new Buffer([network.privatekey]), - this.bn.toBuffer({size: 32}), - new Buffer([0x01])]); - } else { - buf = Buffer.concat([new Buffer([network.privatekey]), - this.bn.toBuffer({size: 32})]); - } + BN.prototype.umod = function umod (num) { + return this.divmod(num, 'mod', true).mod; + }; - return Base58Check.encode(buf); -}; + // Find Round(`this` / `num`) + BN.prototype.divRound = function divRound (num) { + var dm = this.divmod(num); -/** - * Will return the private key as a BN instance - * - * @returns {BN} A BN instance of the private key - */ -PrivateKey.prototype.toBigNumber = function(){ - return this.bn; -}; + // Fast case - exact division + if (dm.mod.isZero()) return dm.div; -/** - * Will return the private key as a BN buffer - * - * @returns {Buffer} A buffer of the private key - */ -PrivateKey.prototype.toBuffer = function(){ - return this.bn.toBuffer(); -}; + var mod = dm.div.negative !== 0 ? dm.mod.isub(num) : dm.mod; -/** - * Will return the corresponding public key - * - * @returns {PublicKey} A public key generated from the private key - */ -PrivateKey.prototype.toPublicKey = function(){ - if (!this._pubkey) { - this._pubkey = PublicKey.fromPrivateKey(this); - } - return this._pubkey; -}; + var half = num.ushrn(1); + var r2 = num.andln(1); + var cmp = mod.cmp(half); -/** - * Will return an address for the private key - * @param {Network=} network - optional parameter specifying - * the desired network for the address - * - * @returns {Address} An address generated from the private key - */ -PrivateKey.prototype.toAddress = function(network) { - var pubkey = this.toPublicKey(); - return Address.fromPublicKey(pubkey, network || this.network); -}; + // Round down + if (cmp < 0 || r2 === 1 && cmp === 0) return dm.div; -/** - * @returns {Object} A plain object representation - */ -PrivateKey.prototype.toObject = PrivateKey.prototype.toJSON = function toObject() { - return { - bn: this.bn.toString('hex'), - compressed: this.compressed, - network: this.network.toString() + // Round up + return dm.div.negative !== 0 ? dm.div.isubn(1) : dm.div.iaddn(1); }; -}; -/** - * Will return a string formatted for the console - * - * @returns {string} Private key - */ -PrivateKey.prototype.inspect = function() { - var uncompressed = !this.compressed ? ', uncompressed' : ''; - return ''; -}; + BN.prototype.modn = function modn (num) { + assert(num <= 0x3ffffff); + var p = (1 << 26) % num; -module.exports = PrivateKey; + var acc = 0; + for (var i = this.length - 1; i >= 0; i--) { + acc = (p * acc + (this.words[i] | 0)) % num; + } -}).call(this,require("buffer").Buffer) -},{"./address":8,"./crypto/bn":13,"./crypto/point":16,"./crypto/random":17,"./encoding/base58check":20,"./networks":29,"./publickey":32,"./util/js":51,"./util/preconditions":52,"buffer":94,"lodash":78}],32:[function(require,module,exports){ -(function (Buffer){ -'use strict'; + return acc; + }; -var BN = require('./crypto/bn'); -var Point = require('./crypto/point'); -var Hash = require('./crypto/hash'); -var JSUtil = require('./util/js'); -var Network = require('./networks'); -var _ = require('lodash'); -var $ = require('./util/preconditions'); + // In-place division by number + BN.prototype.idivn = function idivn (num) { + assert(num <= 0x3ffffff); -/** - * Instantiate a PublicKey from a {@link PrivateKey}, {@link Point}, `string`, or `Buffer`. - * - * There are two internal properties, `network` and `compressed`, that deal with importing - * a PublicKey from a PrivateKey in WIF format. More details described on {@link PrivateKey} - * - * @example - * ```javascript - * // instantiate from a private key - * var key = PublicKey(privateKey, true); - * - * // export to as a DER hex encoded string - * var exported = key.toString(); - * - * // import the public key - * var imported = PublicKey.fromString(exported); - * ``` - * - * @param {string} data - The encoded data in various formats - * @param {Object} extra - additional options - * @param {Network=} extra.network - Which network should the address for this public key be for - * @param {String=} extra.compressed - If the public key is compressed - * @returns {PublicKey} A new valid instance of an PublicKey - * @constructor - */ -function PublicKey(data, extra) { + var carry = 0; + for (var i = this.length - 1; i >= 0; i--) { + var w = (this.words[i] | 0) + carry * 0x4000000; + this.words[i] = (w / num) | 0; + carry = w % num; + } - if (!(this instanceof PublicKey)) { - return new PublicKey(data, extra); - } + return this.strip(); + }; - $.checkArgument(data, 'First argument is required, please include public key data.'); + BN.prototype.divn = function divn (num) { + return this.clone().idivn(num); + }; - if (data instanceof PublicKey) { - // Return copy, but as it's an immutable object, return same argument - return data; - } - extra = extra || {}; + BN.prototype.egcd = function egcd (p) { + assert(p.negative === 0); + assert(!p.isZero()); - var info = this._classifyArgs(data, extra); + var x = this; + var y = p.clone(); - // validation - info.point.validate(); + if (x.negative !== 0) { + x = x.umod(p); + } else { + x = x.clone(); + } - JSUtil.defineImmutable(this, { - point: info.point, - compressed: info.compressed, - network: info.network || Network.defaultNetwork - }); + // A * x + B * y = x + var A = new BN(1); + var B = new BN(0); - return this; -}; + // C * x + D * y = y + var C = new BN(0); + var D = new BN(1); -/** - * Internal function to differentiate between arguments passed to the constructor - * @param {*} data - * @param {Object} extra - */ -PublicKey.prototype._classifyArgs = function(data, extra) { - /* jshint maxcomplexity: 10 */ - var info = { - compressed: _.isUndefined(extra.compressed) || extra.compressed - }; + var g = 0; - // detect type of data - if (data instanceof Point) { - info.point = data; - } else if (data.x && data.y) { - info = PublicKey._transformObject(data); - } else if (typeof(data) === 'string') { - info = PublicKey._transformDER(new Buffer(data, 'hex')); - } else if (PublicKey._isBuffer(data)) { - info = PublicKey._transformDER(data); - } else if (PublicKey._isPrivateKey(data)) { - info = PublicKey._transformPrivateKey(data); - } else { - throw new TypeError('First argument is an unrecognized data format.'); - } - if (!info.network) { - info.network = _.isUndefined(extra.network) ? undefined : Network.get(extra.network); - } - return info; -}; - -/** - * Internal function to detect if an object is a {@link PrivateKey} - * - * @param {*} param - object to test - * @returns {boolean} - * @private - */ -PublicKey._isPrivateKey = function(param) { - var PrivateKey = require('./privatekey'); - return param instanceof PrivateKey; -}; + while (x.isEven() && y.isEven()) { + x.iushrn(1); + y.iushrn(1); + ++g; + } -/** - * Internal function to detect if an object is a Buffer - * - * @param {*} param - object to test - * @returns {boolean} - * @private - */ -PublicKey._isBuffer = function(param) { - return (param instanceof Buffer) || (param instanceof Uint8Array); -}; + var yp = y.clone(); + var xp = x.clone(); -/** - * Internal function to transform a private key into a public key point - * - * @param {PrivateKey} privkey - An instance of PrivateKey - * @returns {Object} An object with keys: point and compressed - * @private - */ -PublicKey._transformPrivateKey = function(privkey) { - $.checkArgument(PublicKey._isPrivateKey(privkey), 'Must be an instance of PrivateKey'); - var info = {}; - info.point = Point.getG().mul(privkey.bn); - info.compressed = privkey.compressed; - info.network = privkey.network; - return info; -}; + while (!x.isZero()) { + for (var i = 0, im = 1; (x.words[0] & im) === 0 && i < 26; ++i, im <<= 1); + if (i > 0) { + x.iushrn(i); + while (i-- > 0) { + if (A.isOdd() || B.isOdd()) { + A.iadd(yp); + B.isub(xp); + } -/** - * Internal function to transform DER into a public key point - * - * @param {Buffer} buf - An hex encoded buffer - * @param {bool=} strict - if set to false, will loosen some conditions - * @returns {Object} An object with keys: point and compressed - * @private - */ -PublicKey._transformDER = function(buf, strict) { - /* jshint maxstatements: 30 */ - /* jshint maxcomplexity: 12 */ - $.checkArgument(PublicKey._isBuffer(buf), 'Must be a hex buffer of DER encoded public key'); - var info = {}; + A.iushrn(1); + B.iushrn(1); + } + } - strict = _.isUndefined(strict) ? true : strict; + for (var j = 0, jm = 1; (y.words[0] & jm) === 0 && j < 26; ++j, jm <<= 1); + if (j > 0) { + y.iushrn(j); + while (j-- > 0) { + if (C.isOdd() || D.isOdd()) { + C.iadd(yp); + D.isub(xp); + } - var x; - var y; - var xbuf; - var ybuf; + C.iushrn(1); + D.iushrn(1); + } + } - if (buf[0] === 0x04 || (!strict && (buf[0] === 0x06 || buf[0] === 0x07))) { - xbuf = buf.slice(1, 33); - ybuf = buf.slice(33, 65); - if (xbuf.length !== 32 || ybuf.length !== 32 || buf.length !== 65) { - throw new TypeError('Length of x and y must be 32 bytes'); + if (x.cmp(y) >= 0) { + x.isub(y); + A.isub(C); + B.isub(D); + } else { + y.isub(x); + C.isub(A); + D.isub(B); + } } - x = new BN(xbuf); - y = new BN(ybuf); - info.point = new Point(x, y); - info.compressed = false; - } else if (buf[0] === 0x03) { - xbuf = buf.slice(1); - x = new BN(xbuf); - info = PublicKey._transformX(true, x); - info.compressed = true; - } else if (buf[0] === 0x02) { - xbuf = buf.slice(1); - x = new BN(xbuf); - info = PublicKey._transformX(false, x); - info.compressed = true; - } else { - throw new TypeError('Invalid DER format public key'); - } - return info; -}; - -/** - * Internal function to transform X into a public key point - * - * @param {Boolean} odd - If the point is above or below the x axis - * @param {Point} x - The x point - * @returns {Object} An object with keys: point and compressed - * @private - */ -PublicKey._transformX = function(odd, x) { - $.checkArgument(typeof odd === 'boolean', 'Must specify whether y is odd or not (true or false)'); - var info = {}; - info.point = Point.fromX(odd, x); - return info; -}; -/** - * Internal function to transform a JSON into a public key point - * - * @param {String|Object} json - a JSON string or plain object - * @returns {Object} An object with keys: point and compressed - * @private - */ -PublicKey._transformObject = function(json) { - var x = new BN(json.x, 'hex'); - var y = new BN(json.y, 'hex'); - var point = new Point(x, y); - return new PublicKey(point, { - compressed: json.compressed - }); -}; + return { + a: C, + b: D, + gcd: y.iushln(g) + }; + }; -/** - * Instantiate a PublicKey from a PrivateKey - * - * @param {PrivateKey} privkey - An instance of PrivateKey - * @returns {PublicKey} A new valid instance of PublicKey - */ -PublicKey.fromPrivateKey = function(privkey) { - $.checkArgument(PublicKey._isPrivateKey(privkey), 'Must be an instance of PrivateKey'); - var info = PublicKey._transformPrivateKey(privkey); - return new PublicKey(info.point, { - compressed: info.compressed, - network: info.network - }); -}; + // This is reduced incarnation of the binary EEA + // above, designated to invert members of the + // _prime_ fields F(p) at a maximal speed + BN.prototype._invmp = function _invmp (p) { + assert(p.negative === 0); + assert(!p.isZero()); -/** - * Instantiate a PublicKey from a Buffer - * @param {Buffer} buf - A DER hex buffer - * @param {bool=} strict - if set to false, will loosen some conditions - * @returns {PublicKey} A new valid instance of PublicKey - */ -PublicKey.fromDER = PublicKey.fromBuffer = function(buf, strict) { - $.checkArgument(PublicKey._isBuffer(buf), 'Must be a hex buffer of DER encoded public key'); - var info = PublicKey._transformDER(buf, strict); - return new PublicKey(info.point, { - compressed: info.compressed - }); -}; + var a = this; + var b = p.clone(); -/** - * Instantiate a PublicKey from a Point - * - * @param {Point} point - A Point instance - * @param {boolean=} compressed - whether to store this public key as compressed format - * @returns {PublicKey} A new valid instance of PublicKey - */ -PublicKey.fromPoint = function(point, compressed) { - $.checkArgument(point instanceof Point, 'First argument must be an instance of Point.'); - return new PublicKey(point, { - compressed: compressed - }); -}; + if (a.negative !== 0) { + a = a.umod(p); + } else { + a = a.clone(); + } -/** - * Instantiate a PublicKey from a DER hex encoded string - * - * @param {string} str - A DER hex string - * @param {String=} encoding - The type of string encoding - * @returns {PublicKey} A new valid instance of PublicKey - */ -PublicKey.fromString = function(str, encoding) { - var buf = new Buffer(str, encoding || 'hex'); - var info = PublicKey._transformDER(buf); - return new PublicKey(info.point, { - compressed: info.compressed - }); -}; + var x1 = new BN(1); + var x2 = new BN(0); -/** - * Instantiate a PublicKey from an X Point - * - * @param {Boolean} odd - If the point is above or below the x axis - * @param {Point} x - The x point - * @returns {PublicKey} A new valid instance of PublicKey - */ -PublicKey.fromX = function(odd, x) { - var info = PublicKey._transformX(odd, x); - return new PublicKey(info.point, { - compressed: info.compressed - }); -}; + var delta = b.clone(); -/** - * Check if there would be any errors when initializing a PublicKey - * - * @param {string} data - The encoded data in various formats - * @returns {null|Error} An error if exists - */ -PublicKey.getValidationError = function(data) { - var error; - try { - /* jshint nonew: false */ - new PublicKey(data); - } catch (e) { - error = e; - } - return error; -}; + while (a.cmpn(1) > 0 && b.cmpn(1) > 0) { + for (var i = 0, im = 1; (a.words[0] & im) === 0 && i < 26; ++i, im <<= 1); + if (i > 0) { + a.iushrn(i); + while (i-- > 0) { + if (x1.isOdd()) { + x1.iadd(delta); + } -/** - * Check if the parameters are valid - * - * @param {string} data - The encoded data in various formats - * @returns {Boolean} If the public key would be valid - */ -PublicKey.isValid = function(data) { - return !PublicKey.getValidationError(data); -}; + x1.iushrn(1); + } + } -/** - * @returns {Object} A plain object of the PublicKey - */ -PublicKey.prototype.toObject = PublicKey.prototype.toJSON = function toObject() { - return { - x: this.point.getX().toString('hex', 2), - y: this.point.getY().toString('hex', 2), - compressed: this.compressed - }; -}; + for (var j = 0, jm = 1; (b.words[0] & jm) === 0 && j < 26; ++j, jm <<= 1); + if (j > 0) { + b.iushrn(j); + while (j-- > 0) { + if (x2.isOdd()) { + x2.iadd(delta); + } -/** - * Will output the PublicKey to a DER Buffer - * - * @returns {Buffer} A DER hex encoded buffer - */ -PublicKey.prototype.toBuffer = PublicKey.prototype.toDER = function() { - var x = this.point.getX(); - var y = this.point.getY(); + x2.iushrn(1); + } + } - var xbuf = x.toBuffer({ - size: 32 - }); - var ybuf = y.toBuffer({ - size: 32 - }); + if (a.cmp(b) >= 0) { + a.isub(b); + x1.isub(x2); + } else { + b.isub(a); + x2.isub(x1); + } + } - var prefix; - if (!this.compressed) { - prefix = new Buffer([0x04]); - return Buffer.concat([prefix, xbuf, ybuf]); - } else { - var odd = ybuf[ybuf.length - 1] % 2; - if (odd) { - prefix = new Buffer([0x03]); + var res; + if (a.cmpn(1) === 0) { + res = x1; } else { - prefix = new Buffer([0x02]); + res = x2; } - return Buffer.concat([prefix, xbuf]); - } -}; -/** - * Will return a sha256 + ripemd160 hash of the serialized public key - * @see https://github.com/bitcoin/bitcoin/blob/master/src/pubkey.h#L141 - * @returns {Buffer} - */ -PublicKey.prototype._getID = function _getID() { - return Hash.sha256ripemd160(this.toBuffer()); -}; + if (res.cmpn(0) < 0) { + res.iadd(p); + } -/** - * Will return an address for the public key - * - * @param {String|Network=} network - Which network should the address be for - * @returns {Address} An address generated from the public key - */ -PublicKey.prototype.toAddress = function(network) { - var Address = require('./address'); - return Address.fromPublicKey(this, network || this.network); -}; + return res; + }; -/** - * Will output the PublicKey to a DER encoded hex string - * - * @returns {string} A DER hex encoded string - */ -PublicKey.prototype.toString = function() { - return this.toDER().toString('hex'); -}; + BN.prototype.gcd = function gcd (num) { + if (this.isZero()) return num.abs(); + if (num.isZero()) return this.abs(); -/** - * Will return a string formatted for the console - * - * @returns {string} Public key - */ -PublicKey.prototype.inspect = function() { - return ''; -}; + var a = this.clone(); + var b = num.clone(); + a.negative = 0; + b.negative = 0; + // Remove common factor of two + for (var shift = 0; a.isEven() && b.isEven(); shift++) { + a.iushrn(1); + b.iushrn(1); + } -module.exports = PublicKey; + do { + while (a.isEven()) { + a.iushrn(1); + } + while (b.isEven()) { + b.iushrn(1); + } -}).call(this,require("buffer").Buffer) -},{"./address":8,"./crypto/bn":13,"./crypto/hash":15,"./crypto/point":16,"./networks":29,"./privatekey":31,"./util/js":51,"./util/preconditions":52,"buffer":94,"lodash":78}],33:[function(require,module,exports){ -module.exports = require('./script'); + var r = a.cmp(b); + if (r < 0) { + // Swap `a` and `b` to make `a` always bigger than `b` + var t = a; + a = b; + b = t; + } else if (r === 0 || b.cmpn(1) === 0) { + break; + } -module.exports.Interpreter = require('./interpreter'); + a.isub(b); + } while (true); -},{"./interpreter":34,"./script":35}],34:[function(require,module,exports){ -(function (Buffer){ -'use strict'; + return b.iushln(shift); + }; -var _ = require('lodash'); + // Invert number in the field F(num) + BN.prototype.invm = function invm (num) { + return this.egcd(num).a.umod(num); + }; -var Script = require('./script'); -var Opcode = require('../opcode'); -var BN = require('../crypto/bn'); -var Hash = require('../crypto/hash'); -var Signature = require('../crypto/signature'); -var PublicKey = require('../publickey'); + BN.prototype.isEven = function isEven () { + return (this.words[0] & 1) === 0; + }; -/** - * Bitcoin transactions contain scripts. Each input has a script called the - * scriptSig, and each output has a script called the scriptPubkey. To validate - * an input, the input's script is concatenated with the referenced output script, - * and the result is executed. If at the end of execution the stack contains a - * "true" value, then the transaction is valid. - * - * The primary way to use this class is via the verify function. - * e.g., Interpreter().verify( ... ); - */ -var Interpreter = function Interpreter(obj) { - if (!(this instanceof Interpreter)) { - return new Interpreter(obj); - } - if (obj) { - this.initialize(); - this.set(obj); - } else { - this.initialize(); - } -}; + BN.prototype.isOdd = function isOdd () { + return (this.words[0] & 1) === 1; + }; -/** - * Verifies a Script by executing it and returns true if it is valid. - * This function needs to be provided with the scriptSig and the scriptPubkey - * separately. - * @param {Script} scriptSig - the script's first part (corresponding to the tx input) - * @param {Script} scriptPubkey - the script's last part (corresponding to the tx output) - * @param {Transaction=} tx - the Transaction containing the scriptSig in one input (used - * to check signature validity for some opcodes like OP_CHECKSIG) - * @param {number} nin - index of the transaction input containing the scriptSig verified. - * @param {number} flags - evaluation flags. See Interpreter.SCRIPT_* constants - * - * Translated from bitcoind's VerifyScript - */ -Interpreter.prototype.verify = function(scriptSig, scriptPubkey, tx, nin, flags) { - var Transaction = require('../transaction'); - if (_.isUndefined(tx)) { - tx = new Transaction(); - } - if (_.isUndefined(nin)) { - nin = 0; - } - if (_.isUndefined(flags)) { - flags = 0; - } - this.set({ - script: scriptSig, - tx: tx, - nin: nin, - flags: flags - }); - var stackCopy; + // And first word and num + BN.prototype.andln = function andln (num) { + return this.words[0] & num; + }; - if ((flags & Interpreter.SCRIPT_VERIFY_SIGPUSHONLY) !== 0 && !scriptSig.isPushOnly()) { - this.errstr = 'SCRIPT_ERR_SIG_PUSHONLY'; - return false; - } + // Increment at the bit position in-line + BN.prototype.bincn = function bincn (bit) { + assert(typeof bit === 'number'); + var r = bit % 26; + var s = (bit - r) / 26; + var q = 1 << r; - // evaluate scriptSig - if (!this.evaluate()) { - return false; - } + // Fast case: bit is much higher than all existing words + if (this.length <= s) { + this._expand(s + 1); + this.words[s] |= q; + return this; + } - if (flags & Interpreter.SCRIPT_VERIFY_P2SH) { - stackCopy = this.stack.slice(); - } + // Add bit and propagate, if needed + var carry = q; + for (var i = s; carry !== 0 && i < this.length; i++) { + var w = this.words[i] | 0; + w += carry; + carry = w >>> 26; + w &= 0x3ffffff; + this.words[i] = w; + } + if (carry !== 0) { + this.words[i] = carry; + this.length++; + } + return this; + }; - var stack = this.stack; - this.initialize(); - this.set({ - script: scriptPubkey, - stack: stack, - tx: tx, - nin: nin, - flags: flags - }); + BN.prototype.isZero = function isZero () { + return this.length === 1 && this.words[0] === 0; + }; - // evaluate scriptPubkey - if (!this.evaluate()) { - return false; - } + BN.prototype.cmpn = function cmpn (num) { + var negative = num < 0; - if (this.stack.length === 0) { - this.errstr = 'SCRIPT_ERR_EVAL_FALSE_NO_RESULT'; - return false; - } + if (this.negative !== 0 && !negative) return -1; + if (this.negative === 0 && negative) return 1; - var buf = this.stack[this.stack.length - 1]; - if (!Interpreter.castToBool(buf)) { - this.errstr = 'SCRIPT_ERR_EVAL_FALSE_IN_STACK'; - return false; - } + this.strip(); - // Additional validation for spend-to-script-hash transactions: - if ((flags & Interpreter.SCRIPT_VERIFY_P2SH) && scriptPubkey.isScriptHashOut()) { - // scriptSig must be literals-only or validation fails - if (!scriptSig.isPushOnly()) { - this.errstr = 'SCRIPT_ERR_SIG_PUSHONLY'; - return false; - } + var res; + if (this.length > 1) { + res = 1; + } else { + if (negative) { + num = -num; + } - // stackCopy cannot be empty here, because if it was the - // P2SH HASH <> EQUAL scriptPubKey would be evaluated with - // an empty stack and the EvalScript above would return false. - if (stackCopy.length === 0) { - throw new Error('internal error - stack copy empty'); + assert(num <= 0x3ffffff, 'Number is too big'); + + var w = this.words[0] | 0; + res = w === num ? 0 : w < num ? -1 : 1; } + if (this.negative !== 0) return -res | 0; + return res; + }; - var redeemScriptSerialized = stackCopy[stackCopy.length - 1]; - var redeemScript = Script.fromBuffer(redeemScriptSerialized); - stackCopy.pop(); + // Compare two numbers and return: + // 1 - if `this` > `num` + // 0 - if `this` == `num` + // -1 - if `this` < `num` + BN.prototype.cmp = function cmp (num) { + if (this.negative !== 0 && num.negative === 0) return -1; + if (this.negative === 0 && num.negative !== 0) return 1; - this.initialize(); - this.set({ - script: redeemScript, - stack: stackCopy, - tx: tx, - nin: nin, - flags: flags - }); + var res = this.ucmp(num); + if (this.negative !== 0) return -res | 0; + return res; + }; - // evaluate redeemScript - if (!this.evaluate()) { - return false; - } + // Unsigned comparison + BN.prototype.ucmp = function ucmp (num) { + // At this point both numbers have the same sign + if (this.length > num.length) return 1; + if (this.length < num.length) return -1; - if (stackCopy.length === 0) { - this.errstr = 'SCRIPT_ERR_EVAL_FALSE_NO_P2SH_STACK'; - return false; - } + var res = 0; + for (var i = this.length - 1; i >= 0; i--) { + var a = this.words[i] | 0; + var b = num.words[i] | 0; - if (!Interpreter.castToBool(stackCopy[stackCopy.length - 1])) { - this.errstr = 'SCRIPT_ERR_EVAL_FALSE_IN_P2SH_STACK'; - return false; - } else { - return true; + if (a === b) continue; + if (a < b) { + res = -1; + } else if (a > b) { + res = 1; + } + break; } - } + return res; + }; - return true; -}; + BN.prototype.gtn = function gtn (num) { + return this.cmpn(num) === 1; + }; -module.exports = Interpreter; + BN.prototype.gt = function gt (num) { + return this.cmp(num) === 1; + }; -Interpreter.prototype.initialize = function(obj) { - this.stack = []; - this.altstack = []; - this.pc = 0; - this.pbegincodehash = 0; - this.nOpCount = 0; - this.vfExec = []; - this.errstr = ''; - this.flags = 0; -}; + BN.prototype.gten = function gten (num) { + return this.cmpn(num) >= 0; + }; -Interpreter.prototype.set = function(obj) { - this.script = obj.script || this.script; - this.tx = obj.tx || this.tx; - this.nin = typeof obj.nin !== 'undefined' ? obj.nin : this.nin; - this.stack = obj.stack || this.stack; - this.altstack = obj.altack || this.altstack; - this.pc = typeof obj.pc !== 'undefined' ? obj.pc : this.pc; - this.pbegincodehash = typeof obj.pbegincodehash !== 'undefined' ? obj.pbegincodehash : this.pbegincodehash; - this.nOpCount = typeof obj.nOpCount !== 'undefined' ? obj.nOpCount : this.nOpCount; - this.vfExec = obj.vfExec || this.vfExec; - this.errstr = obj.errstr || this.errstr; - this.flags = typeof obj.flags !== 'undefined' ? obj.flags : this.flags; -}; + BN.prototype.gte = function gte (num) { + return this.cmp(num) >= 0; + }; -Interpreter.true = new Buffer([1]); -Interpreter.false = new Buffer([]); + BN.prototype.ltn = function ltn (num) { + return this.cmpn(num) === -1; + }; -Interpreter.MAX_SCRIPT_ELEMENT_SIZE = 520; + BN.prototype.lt = function lt (num) { + return this.cmp(num) === -1; + }; -Interpreter.LOCKTIME_THRESHOLD = 500000000; -Interpreter.LOCKTIME_THRESHOLD_BN = new BN(Interpreter.LOCKTIME_THRESHOLD); + BN.prototype.lten = function lten (num) { + return this.cmpn(num) <= 0; + }; -// flags taken from bitcoind -// bitcoind commit: b5d1b1092998bc95313856d535c632ea5a8f9104 -Interpreter.SCRIPT_VERIFY_NONE = 0; + BN.prototype.lte = function lte (num) { + return this.cmp(num) <= 0; + }; -// Evaluate P2SH subscripts (softfork safe, BIP16). -Interpreter.SCRIPT_VERIFY_P2SH = (1 << 0); + BN.prototype.eqn = function eqn (num) { + return this.cmpn(num) === 0; + }; -// Passing a non-strict-DER signature or one with undefined hashtype to a checksig operation causes script failure. -// Passing a pubkey that is not (0x04 + 64 bytes) or (0x02 or 0x03 + 32 bytes) to checksig causes that pubkey to be -// skipped (not softfork safe: this flag can widen the validity of OP_CHECKSIG OP_NOT). -Interpreter.SCRIPT_VERIFY_STRICTENC = (1 << 1); + BN.prototype.eq = function eq (num) { + return this.cmp(num) === 0; + }; -// Passing a non-strict-DER signature to a checksig operation causes script failure (softfork safe, BIP62 rule 1) -Interpreter.SCRIPT_VERIFY_DERSIG = (1 << 2); + // + // A reduce context, could be using montgomery or something better, depending + // on the `m` itself. + // + BN.red = function red (num) { + return new Red(num); + }; -// Passing a non-strict-DER signature or one with S > order/2 to a checksig operation causes script failure -// (softfork safe, BIP62 rule 5). -Interpreter.SCRIPT_VERIFY_LOW_S = (1 << 3); + BN.prototype.toRed = function toRed (ctx) { + assert(!this.red, 'Already a number in reduction context'); + assert(this.negative === 0, 'red works only with positives'); + return ctx.convertTo(this)._forceRed(ctx); + }; -// verify dummy stack item consumed by CHECKMULTISIG is of zero-length (softfork safe, BIP62 rule 7). -Interpreter.SCRIPT_VERIFY_NULLDUMMY = (1 << 4); + BN.prototype.fromRed = function fromRed () { + assert(this.red, 'fromRed works only with numbers in reduction context'); + return this.red.convertFrom(this); + }; -// Using a non-push operator in the scriptSig causes script failure (softfork safe, BIP62 rule 2). -Interpreter.SCRIPT_VERIFY_SIGPUSHONLY = (1 << 5); + BN.prototype._forceRed = function _forceRed (ctx) { + this.red = ctx; + return this; + }; -// Require minimal encodings for all push operations (OP_0... OP_16, OP_1NEGATE where possible, direct -// pushes up to 75 bytes, OP_PUSHDATA up to 255 bytes, OP_PUSHDATA2 for anything larger). Evaluating -// any other push causes the script to fail (BIP62 rule 3). -// In addition, whenever a stack element is interpreted as a number, it must be of minimal length (BIP62 rule 4). -// (softfork safe) -Interpreter.SCRIPT_VERIFY_MINIMALDATA = (1 << 6); + BN.prototype.forceRed = function forceRed (ctx) { + assert(!this.red, 'Already a number in reduction context'); + return this._forceRed(ctx); + }; -// Discourage use of NOPs reserved for upgrades (NOP1-10) -// -// Provided so that nodes can avoid accepting or mining transactions -// containing executed NOP's whose meaning may change after a soft-fork, -// thus rendering the script invalid; with this flag set executing -// discouraged NOPs fails the script. This verification flag will never be -// a mandatory flag applied to scripts in a block. NOPs that are not -// executed, e.g. within an unexecuted IF ENDIF block, are *not* rejected. -Interpreter.SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_NOPS = (1 << 7); + BN.prototype.redAdd = function redAdd (num) { + assert(this.red, 'redAdd works only with red numbers'); + return this.red.add(this, num); + }; -// CLTV See BIP65 for details. -Interpreter.SCRIPT_VERIFY_CHECKLOCKTIMEVERIFY = (1 << 9); + BN.prototype.redIAdd = function redIAdd (num) { + assert(this.red, 'redIAdd works only with red numbers'); + return this.red.iadd(this, num); + }; -Interpreter.castToBool = function(buf) { - for (var i = 0; i < buf.length; i++) { - if (buf[i] !== 0) { - // can be negative zero - if (i === buf.length - 1 && buf[i] === 0x80) { - return false; - } - return true; - } - } - return false; -}; + BN.prototype.redSub = function redSub (num) { + assert(this.red, 'redSub works only with red numbers'); + return this.red.sub(this, num); + }; -/** - * Translated from bitcoind's CheckSignatureEncoding - */ -Interpreter.prototype.checkSignatureEncoding = function(buf) { - var sig; - if ((this.flags & (Interpreter.SCRIPT_VERIFY_DERSIG | Interpreter.SCRIPT_VERIFY_LOW_S | Interpreter.SCRIPT_VERIFY_STRICTENC)) !== 0 && !Signature.isTxDER(buf)) { - this.errstr = 'SCRIPT_ERR_SIG_DER_INVALID_FORMAT'; - return false; - } else if ((this.flags & Interpreter.SCRIPT_VERIFY_LOW_S) !== 0) { - sig = Signature.fromTxFormat(buf); - if (!sig.hasLowS()) { - this.errstr = 'SCRIPT_ERR_SIG_DER_HIGH_S'; - return false; - } - } else if ((this.flags & Interpreter.SCRIPT_VERIFY_STRICTENC) !== 0) { - sig = Signature.fromTxFormat(buf); - if (!sig.hasDefinedHashtype()) { - this.errstr = 'SCRIPT_ERR_SIG_HASHTYPE'; - return false; - } - } - return true; -}; + BN.prototype.redISub = function redISub (num) { + assert(this.red, 'redISub works only with red numbers'); + return this.red.isub(this, num); + }; -/** - * Translated from bitcoind's CheckPubKeyEncoding - */ -Interpreter.prototype.checkPubkeyEncoding = function(buf) { - if ((this.flags & Interpreter.SCRIPT_VERIFY_STRICTENC) !== 0 && !PublicKey.isValid(buf)) { - this.errstr = 'SCRIPT_ERR_PUBKEYTYPE'; - return false; - } - return true; -}; + BN.prototype.redShl = function redShl (num) { + assert(this.red, 'redShl works only with red numbers'); + return this.red.shl(this, num); + }; -/** - * Based on bitcoind's EvalScript function, with the inner loop moved to - * Interpreter.prototype.step() - * bitcoind commit: b5d1b1092998bc95313856d535c632ea5a8f9104 - */ -Interpreter.prototype.evaluate = function() { - if (this.script.toBuffer().length > 10000) { - this.errstr = 'SCRIPT_ERR_SCRIPT_SIZE'; - return false; - } + BN.prototype.redMul = function redMul (num) { + assert(this.red, 'redMul works only with red numbers'); + this.red._verify2(this, num); + return this.red.mul(this, num); + }; - try { - while (this.pc < this.script.chunks.length) { - var fSuccess = this.step(); - if (!fSuccess) { - return false; - } - } + BN.prototype.redIMul = function redIMul (num) { + assert(this.red, 'redMul works only with red numbers'); + this.red._verify2(this, num); + return this.red.imul(this, num); + }; - // Size limits - if (this.stack.length + this.altstack.length > 1000) { - this.errstr = 'SCRIPT_ERR_STACK_SIZE'; - return false; - } - } catch (e) { - this.errstr = 'SCRIPT_ERR_UNKNOWN_ERROR: ' + e; - return false; - } + BN.prototype.redSqr = function redSqr () { + assert(this.red, 'redSqr works only with red numbers'); + this.red._verify1(this); + return this.red.sqr(this); + }; - if (this.vfExec.length > 0) { - this.errstr = 'SCRIPT_ERR_UNBALANCED_CONDITIONAL'; - return false; - } + BN.prototype.redISqr = function redISqr () { + assert(this.red, 'redISqr works only with red numbers'); + this.red._verify1(this); + return this.red.isqr(this); + }; - return true; -}; + // Square root over p + BN.prototype.redSqrt = function redSqrt () { + assert(this.red, 'redSqrt works only with red numbers'); + this.red._verify1(this); + return this.red.sqrt(this); + }; -/** - * Checks a locktime parameter with the transaction's locktime. - * There are two times of nLockTime: lock-by-blockheight and lock-by-blocktime, - * distinguished by whether nLockTime < LOCKTIME_THRESHOLD = 500000000 - * - * See the corresponding code on bitcoin core: - * https://github.com/bitcoin/bitcoin/blob/ffd75adce01a78b3461b3ff05bcc2b530a9ce994/src/script/interpreter.cpp#L1129 - * - * @param {BN} nLockTime the locktime read from the script - * @return {boolean} true if the transaction's locktime is less than or equal to - * the transaction's locktime - */ -Interpreter.prototype.checkLockTime = function(nLockTime) { + BN.prototype.redInvm = function redInvm () { + assert(this.red, 'redInvm works only with red numbers'); + this.red._verify1(this); + return this.red.invm(this); + }; - // We want to compare apples to apples, so fail the script - // unless the type of nLockTime being tested is the same as - // the nLockTime in the transaction. - if (!( - (this.tx.nLockTime < Interpreter.LOCKTIME_THRESHOLD && nLockTime.lt(Interpreter.LOCKTIME_THRESHOLD_BN)) || - (this.tx.nLockTime >= Interpreter.LOCKTIME_THRESHOLD && nLockTime.gte(Interpreter.LOCKTIME_THRESHOLD_BN)) - )) { - return false; - } + // Return negative clone of `this` % `red modulo` + BN.prototype.redNeg = function redNeg () { + assert(this.red, 'redNeg works only with red numbers'); + this.red._verify1(this); + return this.red.neg(this); + }; - // Now that we know we're comparing apples-to-apples, the - // comparison is a simple numeric one. - if (nLockTime.gt(new BN(this.tx.nLockTime))) { - return false; - } + BN.prototype.redPow = function redPow (num) { + assert(this.red && !num.red, 'redPow(normalNum)'); + this.red._verify1(this); + return this.red.pow(this, num); + }; - // Finally the nLockTime feature can be disabled and thus - // CHECKLOCKTIMEVERIFY bypassed if every txin has been - // finalized by setting nSequence to maxint. The - // transaction would be allowed into the blockchain, making - // the opcode ineffective. - // - // Testing if this vin is not final is sufficient to - // prevent this condition. Alternatively we could test all - // inputs, but testing just this input minimizes the data - // required to prove correct CHECKLOCKTIMEVERIFY execution. - if (!this.tx.inputs[this.nin].isFinal()) { - return false; + // Prime numbers with efficient reduction + var primes = { + k256: null, + p224: null, + p192: null, + p25519: null + }; + + // Pseudo-Mersenne prime + function MPrime (name, p) { + // P = 2 ^ N - K + this.name = name; + this.p = new BN(p, 16); + this.n = this.p.bitLength(); + this.k = new BN(1).iushln(this.n).isub(this.p); + + this.tmp = this._tmp(); } - return true; -} + MPrime.prototype._tmp = function _tmp () { + var tmp = new BN(null); + tmp.words = new Array(Math.ceil(this.n / 13)); + return tmp; + }; -/** - * Based on the inner loop of bitcoind's EvalScript function - * bitcoind commit: b5d1b1092998bc95313856d535c632ea5a8f9104 - */ -Interpreter.prototype.step = function() { + MPrime.prototype.ireduce = function ireduce (num) { + // Assumes that `num` is less than `P^2` + // num = HI * (2 ^ N - K) + HI * K + LO = HI * K + LO (mod P) + var r = num; + var rlen; - var fRequireMinimal = (this.flags & Interpreter.SCRIPT_VERIFY_MINIMALDATA) !== 0; + do { + this.split(r, this.tmp); + r = this.imulK(r); + r = r.iadd(this.tmp); + rlen = r.bitLength(); + } while (rlen > this.n); - //bool fExec = !count(vfExec.begin(), vfExec.end(), false); - var fExec = (this.vfExec.indexOf(false) === -1); - var buf, buf1, buf2, spliced, n, x1, x2, bn, bn1, bn2, bufSig, bufPubkey, subscript; - var sig, pubkey; - var fValue, fSuccess; + var cmp = rlen < this.n ? -1 : r.ucmp(this.p); + if (cmp === 0) { + r.words[0] = 0; + r.length = 1; + } else if (cmp > 0) { + r.isub(this.p); + } else { + r.strip(); + } - // Read instruction - var chunk = this.script.chunks[this.pc]; - this.pc++; - var opcodenum = chunk.opcodenum; - if (_.isUndefined(opcodenum)) { - this.errstr = 'SCRIPT_ERR_UNDEFINED_OPCODE'; - return false; - } - if (chunk.buf && chunk.buf.length > Interpreter.MAX_SCRIPT_ELEMENT_SIZE) { - this.errstr = 'SCRIPT_ERR_PUSH_SIZE'; - return false; - } + return r; + }; - // Note how Opcode.OP_RESERVED does not count towards the opcode limit. - if (opcodenum > Opcode.OP_16 && ++(this.nOpCount) > 201) { - this.errstr = 'SCRIPT_ERR_OP_COUNT'; - return false; - } + MPrime.prototype.split = function split (input, out) { + input.iushrn(this.n, 0, out); + }; + MPrime.prototype.imulK = function imulK (num) { + return num.imul(this.k); + }; - if (opcodenum === Opcode.OP_CAT || - opcodenum === Opcode.OP_SUBSTR || - opcodenum === Opcode.OP_LEFT || - opcodenum === Opcode.OP_RIGHT || - opcodenum === Opcode.OP_INVERT || - opcodenum === Opcode.OP_AND || - opcodenum === Opcode.OP_OR || - opcodenum === Opcode.OP_XOR || - opcodenum === Opcode.OP_2MUL || - opcodenum === Opcode.OP_2DIV || - opcodenum === Opcode.OP_MUL || - opcodenum === Opcode.OP_DIV || - opcodenum === Opcode.OP_MOD || - opcodenum === Opcode.OP_LSHIFT || - opcodenum === Opcode.OP_RSHIFT) { - this.errstr = 'SCRIPT_ERR_DISABLED_OPCODE'; - return false; + function K256 () { + MPrime.call( + this, + 'k256', + 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f'); } + inherits(K256, MPrime); - if (fExec && 0 <= opcodenum && opcodenum <= Opcode.OP_PUSHDATA4) { - if (fRequireMinimal && !this.script.checkMinimalPush(this.pc - 1)) { - this.errstr = 'SCRIPT_ERR_MINIMALDATA'; - return false; + K256.prototype.split = function split (input, output) { + // 256 = 9 * 26 + 22 + var mask = 0x3fffff; + + var outLen = Math.min(input.length, 9); + for (var i = 0; i < outLen; i++) { + output.words[i] = input.words[i]; } - if (!chunk.buf) { - this.stack.push(Interpreter.false); - } else if (chunk.len !== chunk.buf.length) { - throw new Error('Length of push value not equal to length of data'); + output.length = outLen; + + if (input.length <= 9) { + input.words[0] = 0; + input.length = 1; + return; + } + + // Shift by 9 limbs + var prev = input.words[9]; + output.words[output.length++] = prev & mask; + + for (i = 10; i < input.length; i++) { + var next = input.words[i] | 0; + input.words[i - 10] = ((next & mask) << 4) | (prev >>> 22); + prev = next; + } + prev >>>= 22; + input.words[i - 10] = prev; + if (prev === 0 && input.length > 10) { + input.length -= 10; } else { - this.stack.push(chunk.buf); + input.length -= 9; } - } else if (fExec || (Opcode.OP_IF <= opcodenum && opcodenum <= Opcode.OP_ENDIF)) { - switch (opcodenum) { - // Push value - case Opcode.OP_1NEGATE: - case Opcode.OP_1: - case Opcode.OP_2: - case Opcode.OP_3: - case Opcode.OP_4: - case Opcode.OP_5: - case Opcode.OP_6: - case Opcode.OP_7: - case Opcode.OP_8: - case Opcode.OP_9: - case Opcode.OP_10: - case Opcode.OP_11: - case Opcode.OP_12: - case Opcode.OP_13: - case Opcode.OP_14: - case Opcode.OP_15: - case Opcode.OP_16: - { - // ( -- value) - // ScriptNum bn((int)opcode - (int)(Opcode.OP_1 - 1)); - n = opcodenum - (Opcode.OP_1 - 1); - buf = new BN(n).toScriptNumBuffer(); - this.stack.push(buf); - // The result of these opcodes should always be the minimal way to push the data - // they push, so no need for a CheckMinimalPush here. - } - break; + }; + K256.prototype.imulK = function imulK (num) { + // K = 0x1000003d1 = [ 0x40, 0x3d1 ] + num.words[num.length] = 0; + num.words[num.length + 1] = 0; + num.length += 2; - // - // Control - // - case Opcode.OP_NOP: - break; + // bounded at: 0x40 * 0x3ffffff + 0x3d0 = 0x100000390 + var lo = 0; + for (var i = 0; i < num.length; i++) { + var w = num.words[i] | 0; + lo += w * 0x3d1; + num.words[i] = lo & 0x3ffffff; + lo = w * 0x40 + ((lo / 0x4000000) | 0); + } - case Opcode.OP_NOP2: - case Opcode.OP_CHECKLOCKTIMEVERIFY: + // Fast length reduction + if (num.words[num.length - 1] === 0) { + num.length--; + if (num.words[num.length - 1] === 0) { + num.length--; + } + } + return num; + }; - if (!(this.flags & Interpreter.SCRIPT_VERIFY_CHECKLOCKTIMEVERIFY)) { - // not enabled; treat as a NOP2 - if (this.flags & Interpreter.SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_NOPS) { - this.errstr = 'SCRIPT_ERR_DISCOURAGE_UPGRADABLE_NOPS'; - return false; - } - break; - } + function P224 () { + MPrime.call( + this, + 'p224', + 'ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001'); + } + inherits(P224, MPrime); - if (this.stack.length < 1) { - this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; - return false; - } + function P192 () { + MPrime.call( + this, + 'p192', + 'ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff'); + } + inherits(P192, MPrime); - // Note that elsewhere numeric opcodes are limited to - // operands in the range -2**31+1 to 2**31-1, however it is - // legal for opcodes to produce results exceeding that - // range. This limitation is implemented by CScriptNum's - // default 4-byte limit. - // - // If we kept to that limit we'd have a year 2038 problem, - // even though the nLockTime field in transactions - // themselves is uint32 which only becomes meaningless - // after the year 2106. - // - // Thus as a special case we tell CScriptNum to accept up - // to 5-byte bignums, which are good until 2**39-1, well - // beyond the 2**32-1 limit of the nLockTime field itself. - var nLockTime = BN.fromScriptNumBuffer(this.stack[this.stack.length - 1], fRequireMinimal, 5); + function P25519 () { + // 2 ^ 255 - 19 + MPrime.call( + this, + '25519', + '7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed'); + } + inherits(P25519, MPrime); - // In the rare event that the argument may be < 0 due to - // some arithmetic being done first, you can always use - // 0 MAX CHECKLOCKTIMEVERIFY. - if (nLockTime.lt(new BN(0))) { - this.errstr = 'SCRIPT_ERR_NEGATIVE_LOCKTIME'; - return false; - } + P25519.prototype.imulK = function imulK (num) { + // K = 0x13 + var carry = 0; + for (var i = 0; i < num.length; i++) { + var hi = (num.words[i] | 0) * 0x13 + carry; + var lo = hi & 0x3ffffff; + hi >>>= 26; - // Actually compare the specified lock time with the transaction. - if (!this.checkLockTime(nLockTime)) { - this.errstr = 'SCRIPT_ERR_UNSATISFIED_LOCKTIME'; - return false; - } - break; + num.words[i] = lo; + carry = hi; + } + if (carry !== 0) { + num.words[num.length++] = carry; + } + return num; + }; - case Opcode.OP_NOP1: - case Opcode.OP_NOP3: - case Opcode.OP_NOP4: - case Opcode.OP_NOP5: - case Opcode.OP_NOP6: - case Opcode.OP_NOP7: - case Opcode.OP_NOP8: - case Opcode.OP_NOP9: - case Opcode.OP_NOP10: - { - if (this.flags & Interpreter.SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_NOPS) { - this.errstr = 'SCRIPT_ERR_DISCOURAGE_UPGRADABLE_NOPS'; - return false; - } - } - break; + // Exported mostly for testing purposes, use plain name instead + BN._prime = function prime (name) { + // Cached version of prime + if (primes[name]) return primes[name]; - case Opcode.OP_IF: - case Opcode.OP_NOTIF: - { - // if [statements] [else [statements]] endif - // bool fValue = false; - fValue = false; - if (fExec) { - if (this.stack.length < 1) { - this.errstr = 'SCRIPT_ERR_UNBALANCED_CONDITIONAL'; - return false; - } - buf = this.stack.pop(); - fValue = Interpreter.castToBool(buf); - if (opcodenum === Opcode.OP_NOTIF) { - fValue = !fValue; - } - } - this.vfExec.push(fValue); - } - break; + var prime; + if (name === 'k256') { + prime = new K256(); + } else if (name === 'p224') { + prime = new P224(); + } else if (name === 'p192') { + prime = new P192(); + } else if (name === 'p25519') { + prime = new P25519(); + } else { + throw new Error('Unknown prime ' + name); + } + primes[name] = prime; - case Opcode.OP_ELSE: - { - if (this.vfExec.length === 0) { - this.errstr = 'SCRIPT_ERR_UNBALANCED_CONDITIONAL'; - return false; - } - this.vfExec[this.vfExec.length - 1] = !this.vfExec[this.vfExec.length - 1]; - } - break; + return prime; + }; - case Opcode.OP_ENDIF: - { - if (this.vfExec.length === 0) { - this.errstr = 'SCRIPT_ERR_UNBALANCED_CONDITIONAL'; - return false; - } - this.vfExec.pop(); - } - break; + // + // Base reduction engine + // + function Red (m) { + if (typeof m === 'string') { + var prime = BN._prime(m); + this.m = prime.p; + this.prime = prime; + } else { + assert(m.gtn(1), 'modulus must be greater than 1'); + this.m = m; + this.prime = null; + } + } - case Opcode.OP_VERIFY: - { - // (true -- ) or - // (false -- false) and return - if (this.stack.length < 1) { - this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; - return false; - } - buf = this.stack[this.stack.length - 1]; - fValue = Interpreter.castToBool(buf); - if (fValue) { - this.stack.pop(); - } else { - this.errstr = 'SCRIPT_ERR_VERIFY'; - return false; - } - } - break; + Red.prototype._verify1 = function _verify1 (a) { + assert(a.negative === 0, 'red works only with positives'); + assert(a.red, 'red works only with red numbers'); + }; - case Opcode.OP_RETURN: - { - this.errstr = 'SCRIPT_ERR_OP_RETURN'; - return false; - } - break; + Red.prototype._verify2 = function _verify2 (a, b) { + assert((a.negative | b.negative) === 0, 'red works only with positives'); + assert(a.red && a.red === b.red, + 'red works only with red numbers'); + }; + Red.prototype.imod = function imod (a) { + if (this.prime) return this.prime.ireduce(a)._forceRed(this); + return a.umod(this.m)._forceRed(this); + }; - // - // Stack ops - // - case Opcode.OP_TOALTSTACK: - { - if (this.stack.length < 1) { - this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; - return false; - } - this.altstack.push(this.stack.pop()); - } - break; + Red.prototype.neg = function neg (a) { + if (a.isZero()) { + return a.clone(); + } - case Opcode.OP_FROMALTSTACK: - { - if (this.altstack.length < 1) { - this.errstr = 'SCRIPT_ERR_INVALID_ALTSTACK_OPERATION'; - return false; - } - this.stack.push(this.altstack.pop()); - } - break; + return this.m.sub(a)._forceRed(this); + }; - case Opcode.OP_2DROP: - { - // (x1 x2 -- ) - if (this.stack.length < 2) { - this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; - return false; - } - this.stack.pop(); - this.stack.pop(); - } - break; + Red.prototype.add = function add (a, b) { + this._verify2(a, b); - case Opcode.OP_2DUP: - { - // (x1 x2 -- x1 x2 x1 x2) - if (this.stack.length < 2) { - this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; - return false; - } - buf1 = this.stack[this.stack.length - 2]; - buf2 = this.stack[this.stack.length - 1]; - this.stack.push(buf1); - this.stack.push(buf2); - } - break; + var res = a.add(b); + if (res.cmp(this.m) >= 0) { + res.isub(this.m); + } + return res._forceRed(this); + }; - case Opcode.OP_3DUP: - { - // (x1 x2 x3 -- x1 x2 x3 x1 x2 x3) - if (this.stack.length < 3) { - this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; - return false; - } - buf1 = this.stack[this.stack.length - 3]; - buf2 = this.stack[this.stack.length - 2]; - var buf3 = this.stack[this.stack.length - 1]; - this.stack.push(buf1); - this.stack.push(buf2); - this.stack.push(buf3); - } - break; + Red.prototype.iadd = function iadd (a, b) { + this._verify2(a, b); - case Opcode.OP_2OVER: - { - // (x1 x2 x3 x4 -- x1 x2 x3 x4 x1 x2) - if (this.stack.length < 4) { - this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; - return false; - } - buf1 = this.stack[this.stack.length - 4]; - buf2 = this.stack[this.stack.length - 3]; - this.stack.push(buf1); - this.stack.push(buf2); - } - break; + var res = a.iadd(b); + if (res.cmp(this.m) >= 0) { + res.isub(this.m); + } + return res; + }; - case Opcode.OP_2ROT: - { - // (x1 x2 x3 x4 x5 x6 -- x3 x4 x5 x6 x1 x2) - if (this.stack.length < 6) { - this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; - return false; - } - spliced = this.stack.splice(this.stack.length - 6, 2); - this.stack.push(spliced[0]); - this.stack.push(spliced[1]); - } - break; + Red.prototype.sub = function sub (a, b) { + this._verify2(a, b); - case Opcode.OP_2SWAP: - { - // (x1 x2 x3 x4 -- x3 x4 x1 x2) - if (this.stack.length < 4) { - this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; - return false; - } - spliced = this.stack.splice(this.stack.length - 4, 2); - this.stack.push(spliced[0]); - this.stack.push(spliced[1]); - } - break; + var res = a.sub(b); + if (res.cmpn(0) < 0) { + res.iadd(this.m); + } + return res._forceRed(this); + }; - case Opcode.OP_IFDUP: - { - // (x - 0 | x x) - if (this.stack.length < 1) { - this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; - return false; - } - buf = this.stack[this.stack.length - 1]; - fValue = Interpreter.castToBool(buf); - if (fValue) { - this.stack.push(buf); - } - } - break; + Red.prototype.isub = function isub (a, b) { + this._verify2(a, b); - case Opcode.OP_DEPTH: - { - // -- stacksize - buf = new BN(this.stack.length).toScriptNumBuffer(); - this.stack.push(buf); - } - break; + var res = a.isub(b); + if (res.cmpn(0) < 0) { + res.iadd(this.m); + } + return res; + }; - case Opcode.OP_DROP: - { - // (x -- ) - if (this.stack.length < 1) { - this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; - return false; - } - this.stack.pop(); - } - break; + Red.prototype.shl = function shl (a, num) { + this._verify1(a); + return this.imod(a.ushln(num)); + }; - case Opcode.OP_DUP: - { - // (x -- x x) - if (this.stack.length < 1) { - this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; - return false; - } - this.stack.push(this.stack[this.stack.length - 1]); - } - break; + Red.prototype.imul = function imul (a, b) { + this._verify2(a, b); + return this.imod(a.imul(b)); + }; - case Opcode.OP_NIP: - { - // (x1 x2 -- x2) - if (this.stack.length < 2) { - this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; - return false; - } - this.stack.splice(this.stack.length - 2, 1); - } - break; + Red.prototype.mul = function mul (a, b) { + this._verify2(a, b); + return this.imod(a.mul(b)); + }; - case Opcode.OP_OVER: - { - // (x1 x2 -- x1 x2 x1) - if (this.stack.length < 2) { - this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; - return false; - } - this.stack.push(this.stack[this.stack.length - 2]); - } - break; + Red.prototype.isqr = function isqr (a) { + return this.imul(a, a.clone()); + }; - case Opcode.OP_PICK: - case Opcode.OP_ROLL: - { - // (xn ... x2 x1 x0 n - xn ... x2 x1 x0 xn) - // (xn ... x2 x1 x0 n - ... x2 x1 x0 xn) - if (this.stack.length < 2) { - this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; - return false; - } - buf = this.stack[this.stack.length - 1]; - bn = BN.fromScriptNumBuffer(buf, fRequireMinimal); - n = bn.toNumber(); - this.stack.pop(); - if (n < 0 || n >= this.stack.length) { - this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; - return false; - } - buf = this.stack[this.stack.length - n - 1]; - if (opcodenum === Opcode.OP_ROLL) { - this.stack.splice(this.stack.length - n - 1, 1); - } - this.stack.push(buf); - } - break; + Red.prototype.sqr = function sqr (a) { + return this.mul(a, a); + }; - case Opcode.OP_ROT: - { - // (x1 x2 x3 -- x2 x3 x1) - // x2 x1 x3 after first swap - // x2 x3 x1 after second swap - if (this.stack.length < 3) { - this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; - return false; - } - x1 = this.stack[this.stack.length - 3]; - x2 = this.stack[this.stack.length - 2]; - var x3 = this.stack[this.stack.length - 1]; - this.stack[this.stack.length - 3] = x2; - this.stack[this.stack.length - 2] = x3; - this.stack[this.stack.length - 1] = x1; - } - break; + Red.prototype.sqrt = function sqrt (a) { + if (a.isZero()) return a.clone(); - case Opcode.OP_SWAP: - { - // (x1 x2 -- x2 x1) - if (this.stack.length < 2) { - this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; - return false; - } - x1 = this.stack[this.stack.length - 2]; - x2 = this.stack[this.stack.length - 1]; - this.stack[this.stack.length - 2] = x2; - this.stack[this.stack.length - 1] = x1; - } - break; + var mod3 = this.m.andln(3); + assert(mod3 % 2 === 1); - case Opcode.OP_TUCK: - { - // (x1 x2 -- x2 x1 x2) - if (this.stack.length < 2) { - this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; - return false; - } - this.stack.splice(this.stack.length - 2, 0, this.stack[this.stack.length - 1]); - } - break; + // Fast case + if (mod3 === 3) { + var pow = this.m.add(new BN(1)).iushrn(2); + return this.pow(a, pow); + } + // Tonelli-Shanks algorithm (Totally unoptimized and slow) + // + // Find Q and S, that Q * 2 ^ S = (P - 1) + var q = this.m.subn(1); + var s = 0; + while (!q.isZero() && q.andln(1) === 0) { + s++; + q.iushrn(1); + } + assert(!q.isZero()); - case Opcode.OP_SIZE: - { - // (in -- in size) - if (this.stack.length < 1) { - this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; - return false; - } - bn = new BN(this.stack[this.stack.length - 1].length); - this.stack.push(bn.toScriptNumBuffer()); - } - break; + var one = new BN(1).toRed(this); + var nOne = one.redNeg(); + // Find quadratic non-residue + // NOTE: Max is such because of generalized Riemann hypothesis. + var lpow = this.m.subn(1).iushrn(1); + var z = this.m.bitLength(); + z = new BN(2 * z * z).toRed(this); - // - // Bitwise logic - // - case Opcode.OP_EQUAL: - case Opcode.OP_EQUALVERIFY: - //case Opcode.OP_NOTEQUAL: // use Opcode.OP_NUMNOTEQUAL - { - // (x1 x2 - bool) - if (this.stack.length < 2) { - this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; - return false; - } - buf1 = this.stack[this.stack.length - 2]; - buf2 = this.stack[this.stack.length - 1]; - var fEqual = buf1.toString('hex') === buf2.toString('hex'); - this.stack.pop(); - this.stack.pop(); - this.stack.push(fEqual ? Interpreter.true : Interpreter.false); - if (opcodenum === Opcode.OP_EQUALVERIFY) { - if (fEqual) { - this.stack.pop(); - } else { - this.errstr = 'SCRIPT_ERR_EQUALVERIFY'; - return false; - } - } - } - break; + while (this.pow(z, lpow).cmp(nOne) !== 0) { + z.redIAdd(nOne); + } + var c = this.pow(z, q); + var r = this.pow(a, q.addn(1).iushrn(1)); + var t = this.pow(a, q); + var m = s; + while (t.cmp(one) !== 0) { + var tmp = t; + for (var i = 0; tmp.cmp(one) !== 0; i++) { + tmp = tmp.redSqr(); + } + assert(i < m); + var b = this.pow(c, new BN(1).iushln(m - i - 1)); - // - // Numeric - // - case Opcode.OP_1ADD: - case Opcode.OP_1SUB: - case Opcode.OP_NEGATE: - case Opcode.OP_ABS: - case Opcode.OP_NOT: - case Opcode.OP_0NOTEQUAL: - { - // (in -- out) - if (this.stack.length < 1) { - this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; - return false; - } - buf = this.stack[this.stack.length - 1]; - bn = BN.fromScriptNumBuffer(buf, fRequireMinimal); - switch (opcodenum) { - case Opcode.OP_1ADD: - bn = bn.add(BN.One); - break; - case Opcode.OP_1SUB: - bn = bn.sub(BN.One); - break; - case Opcode.OP_NEGATE: - bn = bn.neg(); - break; - case Opcode.OP_ABS: - if (bn.cmp(BN.Zero) < 0) { - bn = bn.neg(); - } - break; - case Opcode.OP_NOT: - bn = new BN((bn.cmp(BN.Zero) === 0) + 0); - break; - case Opcode.OP_0NOTEQUAL: - bn = new BN((bn.cmp(BN.Zero) !== 0) + 0); - break; - //default: assert(!'invalid opcode'); break; // TODO: does this ever occur? - } - this.stack.pop(); - this.stack.push(bn.toScriptNumBuffer()); - } - break; + r = r.redMul(b); + c = b.redSqr(); + t = t.redMul(c); + m = i; + } - case Opcode.OP_ADD: - case Opcode.OP_SUB: - case Opcode.OP_BOOLAND: - case Opcode.OP_BOOLOR: - case Opcode.OP_NUMEQUAL: - case Opcode.OP_NUMEQUALVERIFY: - case Opcode.OP_NUMNOTEQUAL: - case Opcode.OP_LESSTHAN: - case Opcode.OP_GREATERTHAN: - case Opcode.OP_LESSTHANOREQUAL: - case Opcode.OP_GREATERTHANOREQUAL: - case Opcode.OP_MIN: - case Opcode.OP_MAX: - { - // (x1 x2 -- out) - if (this.stack.length < 2) { - this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; - return false; - } - bn1 = BN.fromScriptNumBuffer(this.stack[this.stack.length - 2], fRequireMinimal); - bn2 = BN.fromScriptNumBuffer(this.stack[this.stack.length - 1], fRequireMinimal); - bn = new BN(0); + return r; + }; - switch (opcodenum) { - case Opcode.OP_ADD: - bn = bn1.add(bn2); - break; + Red.prototype.invm = function invm (a) { + var inv = a._invmp(this.m); + if (inv.negative !== 0) { + inv.negative = 0; + return this.imod(inv).redNeg(); + } else { + return this.imod(inv); + } + }; - case Opcode.OP_SUB: - bn = bn1.sub(bn2); - break; + Red.prototype.pow = function pow (a, num) { + if (num.isZero()) return new BN(1); + if (num.cmpn(1) === 0) return a.clone(); - // case Opcode.OP_BOOLAND: bn = (bn1 != bnZero && bn2 != bnZero); break; - case Opcode.OP_BOOLAND: - bn = new BN(((bn1.cmp(BN.Zero) !== 0) && (bn2.cmp(BN.Zero) !== 0)) + 0); - break; - // case Opcode.OP_BOOLOR: bn = (bn1 != bnZero || bn2 != bnZero); break; - case Opcode.OP_BOOLOR: - bn = new BN(((bn1.cmp(BN.Zero) !== 0) || (bn2.cmp(BN.Zero) !== 0)) + 0); - break; - // case Opcode.OP_NUMEQUAL: bn = (bn1 == bn2); break; - case Opcode.OP_NUMEQUAL: - bn = new BN((bn1.cmp(bn2) === 0) + 0); - break; - // case Opcode.OP_NUMEQUALVERIFY: bn = (bn1 == bn2); break; - case Opcode.OP_NUMEQUALVERIFY: - bn = new BN((bn1.cmp(bn2) === 0) + 0); - break; - // case Opcode.OP_NUMNOTEQUAL: bn = (bn1 != bn2); break; - case Opcode.OP_NUMNOTEQUAL: - bn = new BN((bn1.cmp(bn2) !== 0) + 0); - break; - // case Opcode.OP_LESSTHAN: bn = (bn1 < bn2); break; - case Opcode.OP_LESSTHAN: - bn = new BN((bn1.cmp(bn2) < 0) + 0); - break; - // case Opcode.OP_GREATERTHAN: bn = (bn1 > bn2); break; - case Opcode.OP_GREATERTHAN: - bn = new BN((bn1.cmp(bn2) > 0) + 0); - break; - // case Opcode.OP_LESSTHANOREQUAL: bn = (bn1 <= bn2); break; - case Opcode.OP_LESSTHANOREQUAL: - bn = new BN((bn1.cmp(bn2) <= 0) + 0); - break; - // case Opcode.OP_GREATERTHANOREQUAL: bn = (bn1 >= bn2); break; - case Opcode.OP_GREATERTHANOREQUAL: - bn = new BN((bn1.cmp(bn2) >= 0) + 0); - break; - case Opcode.OP_MIN: - bn = (bn1.cmp(bn2) < 0 ? bn1 : bn2); - break; - case Opcode.OP_MAX: - bn = (bn1.cmp(bn2) > 0 ? bn1 : bn2); - break; - // default: assert(!'invalid opcode'); break; //TODO: does this ever occur? - } - this.stack.pop(); - this.stack.pop(); - this.stack.push(bn.toScriptNumBuffer()); + var windowSize = 4; + var wnd = new Array(1 << windowSize); + wnd[0] = new BN(1).toRed(this); + wnd[1] = a; + for (var i = 2; i < wnd.length; i++) { + wnd[i] = this.mul(wnd[i - 1], a); + } - if (opcodenum === Opcode.OP_NUMEQUALVERIFY) { - // if (CastToBool(stacktop(-1))) - if (Interpreter.castToBool(this.stack[this.stack.length - 1])) { - this.stack.pop(); - } else { - this.errstr = 'SCRIPT_ERR_NUMEQUALVERIFY'; - return false; - } - } - } - break; + var res = wnd[0]; + var current = 0; + var currentLen = 0; + var start = num.bitLength() % 26; + if (start === 0) { + start = 26; + } - case Opcode.OP_WITHIN: - { - // (x min max -- out) - if (this.stack.length < 3) { - this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; - return false; - } - bn1 = BN.fromScriptNumBuffer(this.stack[this.stack.length - 3], fRequireMinimal); - bn2 = BN.fromScriptNumBuffer(this.stack[this.stack.length - 2], fRequireMinimal); - var bn3 = BN.fromScriptNumBuffer(this.stack[this.stack.length - 1], fRequireMinimal); - //bool fValue = (bn2 <= bn1 && bn1 < bn3); - fValue = (bn2.cmp(bn1) <= 0) && (bn1.cmp(bn3) < 0); - this.stack.pop(); - this.stack.pop(); - this.stack.pop(); - this.stack.push(fValue ? Interpreter.true : Interpreter.false); + for (i = num.length - 1; i >= 0; i--) { + var word = num.words[i]; + for (var j = start - 1; j >= 0; j--) { + var bit = (word >> j) & 1; + if (res !== wnd[0]) { + res = this.sqr(res); } - break; - - // - // Crypto - // - case Opcode.OP_RIPEMD160: - case Opcode.OP_SHA1: - case Opcode.OP_SHA256: - case Opcode.OP_HASH160: - case Opcode.OP_HASH256: - { - // (in -- hash) - if (this.stack.length < 1) { - this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; - return false; - } - buf = this.stack[this.stack.length - 1]; - //valtype vchHash((opcode == Opcode.OP_RIPEMD160 || - // opcode == Opcode.OP_SHA1 || opcode == Opcode.OP_HASH160) ? 20 : 32); - var bufHash; - if (opcodenum === Opcode.OP_RIPEMD160) { - bufHash = Hash.ripemd160(buf); - } else if (opcodenum === Opcode.OP_SHA1) { - bufHash = Hash.sha1(buf); - } else if (opcodenum === Opcode.OP_SHA256) { - bufHash = Hash.sha256(buf); - } else if (opcodenum === Opcode.OP_HASH160) { - bufHash = Hash.sha256ripemd160(buf); - } else if (opcodenum === Opcode.OP_HASH256) { - bufHash = Hash.sha256sha256(buf); - } - this.stack.pop(); - this.stack.push(bufHash); + if (bit === 0 && current === 0) { + currentLen = 0; + continue; } - break; - case Opcode.OP_CODESEPARATOR: - { - // Hash starts after the code separator - this.pbegincodehash = this.pc; - } - break; + current <<= 1; + current |= bit; + currentLen++; + if (currentLen !== windowSize && (i !== 0 || j !== 0)) continue; - case Opcode.OP_CHECKSIG: - case Opcode.OP_CHECKSIGVERIFY: - { - // (sig pubkey -- bool) - if (this.stack.length < 2) { - this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; - return false; - } + res = this.mul(res, wnd[current]); + currentLen = 0; + current = 0; + } + start = 26; + } - bufSig = this.stack[this.stack.length - 2]; - bufPubkey = this.stack[this.stack.length - 1]; + return res; + }; - // Subset of script starting at the most recent codeseparator - // CScript scriptCode(pbegincodehash, pend); - subscript = new Script().set({ - chunks: this.script.chunks.slice(this.pbegincodehash) - }); + Red.prototype.convertTo = function convertTo (num) { + var r = num.umod(this.m); - // Drop the signature, since there's no way for a signature to sign itself - var tmpScript = new Script().add(bufSig); - subscript.findAndDelete(tmpScript); + return r === num ? r.clone() : r; + }; - if (!this.checkSignatureEncoding(bufSig) || !this.checkPubkeyEncoding(bufPubkey)) { - return false; - } + Red.prototype.convertFrom = function convertFrom (num) { + var res = num.clone(); + res.red = null; + return res; + }; - try { - sig = Signature.fromTxFormat(bufSig); - pubkey = PublicKey.fromBuffer(bufPubkey, false); - fSuccess = this.tx.verifySignature(sig, pubkey, this.nin, subscript); - } catch (e) { - //invalid sig or pubkey - fSuccess = false; - } + // + // Montgomery method engine + // - this.stack.pop(); - this.stack.pop(); - // stack.push_back(fSuccess ? vchTrue : vchFalse); - this.stack.push(fSuccess ? Interpreter.true : Interpreter.false); - if (opcodenum === Opcode.OP_CHECKSIGVERIFY) { - if (fSuccess) { - this.stack.pop(); - } else { - this.errstr = 'SCRIPT_ERR_CHECKSIGVERIFY'; - return false; - } - } - } - break; + BN.mont = function mont (num) { + return new Mont(num); + }; - case Opcode.OP_CHECKMULTISIG: - case Opcode.OP_CHECKMULTISIGVERIFY: - { - // ([sig ...] num_of_signatures [pubkey ...] num_of_pubkeys -- bool) + function Mont (m) { + Red.call(this, m); - var i = 1; - if (this.stack.length < i) { - this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; - return false; - } + this.shift = this.m.bitLength(); + if (this.shift % 26 !== 0) { + this.shift += 26 - (this.shift % 26); + } - var nKeysCount = BN.fromScriptNumBuffer(this.stack[this.stack.length - i], fRequireMinimal).toNumber(); - if (nKeysCount < 0 || nKeysCount > 20) { - this.errstr = 'SCRIPT_ERR_PUBKEY_COUNT'; - return false; - } - this.nOpCount += nKeysCount; - if (this.nOpCount > 201) { - this.errstr = 'SCRIPT_ERR_OP_COUNT'; - return false; - } - // int ikey = ++i; - var ikey = ++i; - i += nKeysCount; - if (this.stack.length < i) { - this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; - return false; - } + this.r = new BN(1).iushln(this.shift); + this.r2 = this.imod(this.r.sqr()); + this.rinv = this.r._invmp(this.m); - var nSigsCount = BN.fromScriptNumBuffer(this.stack[this.stack.length - i], fRequireMinimal).toNumber(); - if (nSigsCount < 0 || nSigsCount > nKeysCount) { - this.errstr = 'SCRIPT_ERR_SIG_COUNT'; - return false; - } - // int isig = ++i; - var isig = ++i; - i += nSigsCount; - if (this.stack.length < i) { - this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; - return false; - } + this.minv = this.rinv.mul(this.r).isubn(1).div(this.m); + this.minv = this.minv.umod(this.r); + this.minv = this.r.sub(this.minv); + } + inherits(Mont, Red); - // Subset of script starting at the most recent codeseparator - subscript = new Script().set({ - chunks: this.script.chunks.slice(this.pbegincodehash) - }); + Mont.prototype.convertTo = function convertTo (num) { + return this.imod(num.ushln(this.shift)); + }; - // Drop the signatures, since there's no way for a signature to sign itself - for (var k = 0; k < nSigsCount; k++) { - bufSig = this.stack[this.stack.length - isig - k]; - subscript.findAndDelete(new Script().add(bufSig)); - } + Mont.prototype.convertFrom = function convertFrom (num) { + var r = this.imod(num.mul(this.rinv)); + r.red = null; + return r; + }; - fSuccess = true; - while (fSuccess && nSigsCount > 0) { - // valtype& vchSig = stacktop(-isig); - bufSig = this.stack[this.stack.length - isig]; - // valtype& vchPubKey = stacktop(-ikey); - bufPubkey = this.stack[this.stack.length - ikey]; + Mont.prototype.imul = function imul (a, b) { + if (a.isZero() || b.isZero()) { + a.words[0] = 0; + a.length = 1; + return a; + } - if (!this.checkSignatureEncoding(bufSig) || !this.checkPubkeyEncoding(bufPubkey)) { - return false; - } + var t = a.imul(b); + var c = t.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m); + var u = t.isub(c).iushrn(this.shift); + var res = u; - var fOk; - try { - sig = Signature.fromTxFormat(bufSig); - pubkey = PublicKey.fromBuffer(bufPubkey, false); - fOk = this.tx.verifySignature(sig, pubkey, this.nin, subscript); - } catch (e) { - //invalid sig or pubkey - fOk = false; - } + if (u.cmp(this.m) >= 0) { + res = u.isub(this.m); + } else if (u.cmpn(0) < 0) { + res = u.iadd(this.m); + } - if (fOk) { - isig++; - nSigsCount--; - } - ikey++; - nKeysCount--; + return res._forceRed(this); + }; - // If there are more signatures left than keys left, - // then too many signatures have failed - if (nSigsCount > nKeysCount) { - fSuccess = false; - } - } + Mont.prototype.mul = function mul (a, b) { + if (a.isZero() || b.isZero()) return new BN(0)._forceRed(this); - // Clean up stack of actual arguments - while (i-- > 1) { - this.stack.pop(); - } + var t = a.mul(b); + var c = t.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m); + var u = t.isub(c).iushrn(this.shift); + var res = u; + if (u.cmp(this.m) >= 0) { + res = u.isub(this.m); + } else if (u.cmpn(0) < 0) { + res = u.iadd(this.m); + } - // A bug causes CHECKMULTISIG to consume one extra argument - // whose contents were not checked in any way. - // - // Unfortunately this is a potential source of mutability, - // so optionally verify it is exactly equal to zero prior - // to removing it from the stack. - if (this.stack.length < 1) { - this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; - return false; - } - if ((this.flags & Interpreter.SCRIPT_VERIFY_NULLDUMMY) && this.stack[this.stack.length - 1].length) { - this.errstr = 'SCRIPT_ERR_SIG_NULLDUMMY'; - return false; - } - this.stack.pop(); + return res._forceRed(this); + }; - this.stack.push(fSuccess ? Interpreter.true : Interpreter.false); + Mont.prototype.invm = function invm (a) { + // (AR)^-1 * R^2 = (A^-1 * R^-1) * R^2 = A^-1 * R + var res = this.imod(a._invmp(this.m).mul(this.r2)); + return res._forceRed(this); + }; +})(typeof module === 'undefined' || module, this); - if (opcodenum === Opcode.OP_CHECKMULTISIGVERIFY) { - if (fSuccess) { - this.stack.pop(); - } else { - this.errstr = 'SCRIPT_ERR_CHECKMULTISIGVERIFY'; - return false; - } - } - } - break; +},{}],22:[function(require,module,exports){ +// http://wiki.commonjs.org/wiki/Unit_Testing/1.0 +// +// THIS IS NOT TESTED NOR LIKELY TO WORK OUTSIDE V8! +// +// Originally from narwhal.js (http://narwhaljs.org) +// Copyright (c) 2009 Thomas Robinson <280north.com> +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the 'Software'), to +// deal in the Software without restriction, including without limitation the +// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or +// sell copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN +// ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - default: - this.errstr = 'SCRIPT_ERR_BAD_OPCODE'; - return false; - } - } +// when used in node, this will actually load the util module we depend on +// versus loading the builtin util module as happens otherwise +// this is a bug in node module loading as far as I am concerned +var util = require('util/'); - return true; -}; +var pSlice = Array.prototype.slice; +var hasOwn = Object.prototype.hasOwnProperty; +// 1. The assert module provides functions that throw +// AssertionError's when particular conditions are not met. The +// assert module must conform to the following interface. -}).call(this,require("buffer").Buffer) -},{"../crypto/bn":13,"../crypto/hash":15,"../crypto/signature":18,"../opcode":30,"../publickey":32,"../transaction":36,"./script":35,"buffer":94,"lodash":78}],35:[function(require,module,exports){ -(function (Buffer){ -'use strict'; +var assert = module.exports = ok; -var Address = require('../address'); -var BufferReader = require('../encoding/bufferreader'); -var BufferWriter = require('../encoding/bufferwriter'); -var Hash = require('../crypto/hash'); -var Opcode = require('../opcode'); -var PublicKey = require('../publickey'); -var Signature = require('../crypto/signature'); -var Networks = require('../networks'); -var $ = require('../util/preconditions'); -var _ = require('lodash'); -var errors = require('../errors'); -var buffer = require('buffer'); -var BufferUtil = require('../util/buffer'); -var JSUtil = require('../util/js'); +// 2. The AssertionError is defined in assert. +// new assert.AssertionError({ message: message, +// actual: actual, +// expected: expected }) -/** - * A bitcoin transaction script. Each transaction's inputs and outputs - * has a script that is evaluated to validate it's spending. - * - * See https://en.bitcoin.it/wiki/Script - * - * @constructor - * @param {Object|string|Buffer=} from optional data to populate script - */ -var Script = function Script(from) { - if (!(this instanceof Script)) { - return new Script(from); +assert.AssertionError = function AssertionError(options) { + this.name = 'AssertionError'; + this.actual = options.actual; + this.expected = options.expected; + this.operator = options.operator; + if (options.message) { + this.message = options.message; + this.generatedMessage = false; + } else { + this.message = getMessage(this); + this.generatedMessage = true; } - this.chunks = []; + var stackStartFunction = options.stackStartFunction || fail; - if (BufferUtil.isBuffer(from)) { - return Script.fromBuffer(from); - } else if (from instanceof Address) { - return Script.fromAddress(from); - } else if (from instanceof Script) { - return Script.fromBuffer(from.toBuffer()); - } else if (typeof from === 'string') { - return Script.fromString(from); - } else if (typeof from !== 'undefined') { - this.set(from); + if (Error.captureStackTrace) { + Error.captureStackTrace(this, stackStartFunction); } -}; - -Script.prototype.set = function(obj) { - this.chunks = obj.chunks || this.chunks; - return this; -}; - -Script.fromBuffer = function(buffer) { - var script = new Script(); - script.chunks = []; - - var br = new BufferReader(buffer); - while (!br.finished()) { - try { - var opcodenum = br.readUInt8(); + else { + // non v8 browsers so we can have a stacktrace + var err = new Error(); + if (err.stack) { + var out = err.stack; - var len, buf; - if (opcodenum > 0 && opcodenum < Opcode.OP_PUSHDATA1) { - len = opcodenum; - script.chunks.push({ - buf: br.read(len), - len: len, - opcodenum: opcodenum - }); - } else if (opcodenum === Opcode.OP_PUSHDATA1) { - len = br.readUInt8(); - buf = br.read(len); - script.chunks.push({ - buf: buf, - len: len, - opcodenum: opcodenum - }); - } else if (opcodenum === Opcode.OP_PUSHDATA2) { - len = br.readUInt16LE(); - buf = br.read(len); - script.chunks.push({ - buf: buf, - len: len, - opcodenum: opcodenum - }); - } else if (opcodenum === Opcode.OP_PUSHDATA4) { - len = br.readUInt32LE(); - buf = br.read(len); - script.chunks.push({ - buf: buf, - len: len, - opcodenum: opcodenum - }); - } else { - script.chunks.push({ - opcodenum: opcodenum - }); - } - } catch (e) { - if (e instanceof RangeError) { - throw new errors.Script.InvalidBuffer(buffer.toString('hex')); + // try to strip useless frames + var fn_name = stackStartFunction.name; + var idx = out.indexOf('\n' + fn_name); + if (idx >= 0) { + // once we have located the function frame + // we need to strip out everything before it (and its line) + var next_line = out.indexOf('\n', idx + 1); + out = out.substring(next_line + 1); } - throw e; + + this.stack = out; } } - - return script; }; -Script.prototype.toBuffer = function() { - var bw = new BufferWriter(); +// assert.AssertionError instanceof Error +util.inherits(assert.AssertionError, Error); - for (var i = 0; i < this.chunks.length; i++) { - var chunk = this.chunks[i]; - var opcodenum = chunk.opcodenum; - bw.writeUInt8(chunk.opcodenum); - if (chunk.buf) { - if (opcodenum < Opcode.OP_PUSHDATA1) { - bw.write(chunk.buf); - } else if (opcodenum === Opcode.OP_PUSHDATA1) { - bw.writeUInt8(chunk.len); - bw.write(chunk.buf); - } else if (opcodenum === Opcode.OP_PUSHDATA2) { - bw.writeUInt16LE(chunk.len); - bw.write(chunk.buf); - } else if (opcodenum === Opcode.OP_PUSHDATA4) { - bw.writeUInt32LE(chunk.len); - bw.write(chunk.buf); - } - } +function replacer(key, value) { + if (util.isUndefined(value)) { + return '' + value; + } + if (util.isNumber(value) && !isFinite(value)) { + return value.toString(); + } + if (util.isFunction(value) || util.isRegExp(value)) { + return value.toString(); } + return value; +} - return bw.concat(); -}; +function truncate(s, n) { + if (util.isString(s)) { + return s.length < n ? s : s.slice(0, n); + } else { + return s; + } +} -Script.fromASM = function(str) { - var script = new Script(); - script.chunks = []; +function getMessage(self) { + return truncate(JSON.stringify(self.actual, replacer), 128) + ' ' + + self.operator + ' ' + + truncate(JSON.stringify(self.expected, replacer), 128); +} - var tokens = str.split(' '); - var i = 0; - while (i < tokens.length) { - var token = tokens[i]; - var opcode = Opcode(token); - var opcodenum = opcode.toNumber(); +// At present only the three keys mentioned above are used and +// understood by the spec. Implementations or sub modules can pass +// other keys to the AssertionError's constructor - they will be +// ignored. - if (_.isUndefined(opcodenum)) { - var buf = new Buffer(tokens[i], 'hex'); - script.chunks.push({ - buf: buf, - len: buf.length, - opcodenum: buf.length - }); - i = i + 1; - } else if (opcodenum === Opcode.OP_PUSHDATA1 || - opcodenum === Opcode.OP_PUSHDATA2 || - opcodenum === Opcode.OP_PUSHDATA4) { - script.chunks.push({ - buf: new Buffer(tokens[i + 2], 'hex'), - len: parseInt(tokens[i + 1]), - opcodenum: opcodenum - }); - i = i + 3; - } else { - script.chunks.push({ - opcodenum: opcodenum - }); - i = i + 1; - } - } - return script; -}; +// 3. All of the following functions must throw an AssertionError +// when a corresponding condition is not met, with a message that +// may be undefined if not provided. All assertion methods provide +// both the actual and expected values to the assertion error for +// display purposes. -Script.fromHex = function(str) { - return new Script(new buffer.Buffer(str, 'hex')); -}; +function fail(actual, expected, message, operator, stackStartFunction) { + throw new assert.AssertionError({ + message: message, + actual: actual, + expected: expected, + operator: operator, + stackStartFunction: stackStartFunction + }); +} -Script.fromString = function(str) { - if (JSUtil.isHexa(str) || str.length === 0) { - return new Script(new buffer.Buffer(str, 'hex')); - } - var script = new Script(); - script.chunks = []; +// EXTENSION! allows for well behaved errors defined elsewhere. +assert.fail = fail; - var tokens = str.split(' '); - var i = 0; - while (i < tokens.length) { - var token = tokens[i]; - var opcode = Opcode(token); - var opcodenum = opcode.toNumber(); +// 4. Pure assertion tests whether a value is truthy, as determined +// by !!guard. +// assert.ok(guard, message_opt); +// This statement is equivalent to assert.equal(true, !!guard, +// message_opt);. To test strictly for the value true, use +// assert.strictEqual(true, guard, message_opt);. - if (_.isUndefined(opcodenum)) { - opcodenum = parseInt(token); - if (opcodenum > 0 && opcodenum < Opcode.OP_PUSHDATA1) { - script.chunks.push({ - buf: new Buffer(tokens[i + 1].slice(2), 'hex'), - len: opcodenum, - opcodenum: opcodenum - }); - i = i + 2; - } else { - throw new Error('Invalid script: ' + JSON.stringify(str)); - } - } else if (opcodenum === Opcode.OP_PUSHDATA1 || - opcodenum === Opcode.OP_PUSHDATA2 || - opcodenum === Opcode.OP_PUSHDATA4) { - if (tokens[i + 2].slice(0, 2) !== '0x') { - throw new Error('Pushdata data must start with 0x'); - } - script.chunks.push({ - buf: new Buffer(tokens[i + 2].slice(2), 'hex'), - len: parseInt(tokens[i + 1]), - opcodenum: opcodenum - }); - i = i + 3; - } else { - script.chunks.push({ - opcodenum: opcodenum - }); - i = i + 1; - } - } - return script; -}; +function ok(value, message) { + if (!value) fail(value, true, message, '==', assert.ok); +} +assert.ok = ok; -Script.prototype._chunkToString = function(chunk, type) { - var opcodenum = chunk.opcodenum; - var asm = (type === 'asm'); - var str = ''; - if (!chunk.buf) { - // no data chunk - if (typeof Opcode.reverseMap[opcodenum] !== 'undefined') { - str = str + ' ' + Opcode(opcodenum).toString(); - } else { - var numstr = opcodenum.toString(16); - if (numstr.length % 2 !== 0) { - numstr = '0' + numstr; - } - if (asm) { - str = str + ' ' + numstr; - } else { - str = str + ' ' + '0x' + numstr; - } - } - } else { - // data chunk - if (opcodenum === Opcode.OP_PUSHDATA1 || - opcodenum === Opcode.OP_PUSHDATA2 || - opcodenum === Opcode.OP_PUSHDATA4) { - str = str + ' ' + Opcode(opcodenum).toString(); - } - if (chunk.len > 0) { - if (asm) { - str = str + ' ' + chunk.buf.toString('hex'); - } else { - str = str + ' ' + chunk.len + ' ' + '0x' + chunk.buf.toString('hex'); - } - } - } - return str; +// 5. The equality assertion tests shallow, coercive equality with +// ==. +// assert.equal(actual, expected, message_opt); + +assert.equal = function equal(actual, expected, message) { + if (actual != expected) fail(actual, expected, message, '==', assert.equal); }; -Script.prototype.toASM = function() { - var str = ''; - for (var i = 0; i < this.chunks.length; i++) { - var chunk = this.chunks[i]; - str += this._chunkToString(chunk, 'asm'); - } +// 6. The non-equality assertion tests for whether two objects are not equal +// with != assert.notEqual(actual, expected, message_opt); - return str.substr(1); +assert.notEqual = function notEqual(actual, expected, message) { + if (actual == expected) { + fail(actual, expected, message, '!=', assert.notEqual); + } }; -Script.prototype.toString = function() { - var str = ''; - for (var i = 0; i < this.chunks.length; i++) { - var chunk = this.chunks[i]; - str += this._chunkToString(chunk); - } +// 7. The equivalence assertion tests a deep equality relation. +// assert.deepEqual(actual, expected, message_opt); - return str.substr(1); +assert.deepEqual = function deepEqual(actual, expected, message) { + if (!_deepEqual(actual, expected)) { + fail(actual, expected, message, 'deepEqual', assert.deepEqual); + } }; -Script.prototype.toHex = function() { - return this.toBuffer().toString('hex'); -}; - -Script.prototype.inspect = function() { - return ''; -}; - -// script classification methods +function _deepEqual(actual, expected) { + // 7.1. All identical values are equivalent, as determined by ===. + if (actual === expected) { + return true; -/** - * @returns {boolean} if this is a pay to pubkey hash output script - */ -Script.prototype.isPublicKeyHashOut = function() { - return !!(this.chunks.length === 5 && - this.chunks[0].opcodenum === Opcode.OP_DUP && - this.chunks[1].opcodenum === Opcode.OP_HASH160 && - this.chunks[2].buf && - this.chunks[2].buf.length === 20 && - this.chunks[3].opcodenum === Opcode.OP_EQUALVERIFY && - this.chunks[4].opcodenum === Opcode.OP_CHECKSIG); -}; + } else if (util.isBuffer(actual) && util.isBuffer(expected)) { + if (actual.length != expected.length) return false; -/** - * @returns {boolean} if this is a pay to public key hash input script - */ -Script.prototype.isPublicKeyHashIn = function() { - if (this.chunks.length === 2) { - var signatureBuf = this.chunks[0].buf; - var pubkeyBuf = this.chunks[1].buf; - if (signatureBuf && - signatureBuf.length && - signatureBuf[0] === 0x30 && - pubkeyBuf && - pubkeyBuf.length - ) { - var version = pubkeyBuf[0]; - if ((version === 0x04 || - version === 0x06 || - version === 0x07) && pubkeyBuf.length === 65) { - return true; - } else if ((version === 0x03 || version === 0x02) && pubkeyBuf.length === 33) { - return true; - } + for (var i = 0; i < actual.length; i++) { + if (actual[i] !== expected[i]) return false; } - } - return false; -}; -Script.prototype.getPublicKey = function() { - $.checkState(this.isPublicKeyOut(), 'Can\'t retreive PublicKey from a non-PK output'); - return this.chunks[0].buf; -}; + return true; -Script.prototype.getPublicKeyHash = function() { - $.checkState(this.isPublicKeyHashOut(), 'Can\'t retrieve PublicKeyHash from a non-PKH output'); - return this.chunks[2].buf; -}; + // 7.2. If the expected value is a Date object, the actual value is + // equivalent if it is also a Date object that refers to the same time. + } else if (util.isDate(actual) && util.isDate(expected)) { + return actual.getTime() === expected.getTime(); -/** - * @returns {boolean} if this is a public key output script - */ -Script.prototype.isPublicKeyOut = function() { - if (this.chunks.length === 2 && - this.chunks[0].buf && - this.chunks[0].buf.length && - this.chunks[1].opcodenum === Opcode.OP_CHECKSIG) { - var pubkeyBuf = this.chunks[0].buf; - var version = pubkeyBuf[0]; - var isVersion = false; - if ((version === 0x04 || - version === 0x06 || - version === 0x07) && pubkeyBuf.length === 65) { - isVersion = true; - } else if ((version === 0x03 || version === 0x02) && pubkeyBuf.length === 33) { - isVersion = true; - } - if (isVersion) { - return PublicKey.isValid(pubkeyBuf); - } - } - return false; -}; + // 7.3 If the expected value is a RegExp object, the actual value is + // equivalent if it is also a RegExp object with the same source and + // properties (`global`, `multiline`, `lastIndex`, `ignoreCase`). + } else if (util.isRegExp(actual) && util.isRegExp(expected)) { + return actual.source === expected.source && + actual.global === expected.global && + actual.multiline === expected.multiline && + actual.lastIndex === expected.lastIndex && + actual.ignoreCase === expected.ignoreCase; -/** - * @returns {boolean} if this is a pay to public key input script - */ -Script.prototype.isPublicKeyIn = function() { - if (this.chunks.length === 1) { - var signatureBuf = this.chunks[0].buf; - if (signatureBuf && - signatureBuf.length && - signatureBuf[0] === 0x30) { - return true; - } + // 7.4. Other pairs that do not both pass typeof value == 'object', + // equivalence is determined by ==. + } else if (!util.isObject(actual) && !util.isObject(expected)) { + return actual == expected; + + // 7.5 For all other Object pairs, including Array objects, equivalence is + // determined by having the same number of owned properties (as verified + // with Object.prototype.hasOwnProperty.call), the same set of keys + // (although not necessarily the same order), equivalent values for every + // corresponding key, and an identical 'prototype' property. Note: this + // accounts for both named and indexed properties on Arrays. + } else { + return objEquiv(actual, expected); } - return false; -}; +} -/** - * @returns {boolean} if this is a p2sh output script - */ -Script.prototype.isScriptHashOut = function() { - var buf = this.toBuffer(); - return (buf.length === 23 && - buf[0] === Opcode.OP_HASH160 && - buf[1] === 0x14 && - buf[buf.length - 1] === Opcode.OP_EQUAL); -}; +function isArguments(object) { + return Object.prototype.toString.call(object) == '[object Arguments]'; +} -/** - * @returns {boolean} if this is a p2sh input script - * Note that these are frequently indistinguishable from pubkeyhashin - */ -Script.prototype.isScriptHashIn = function() { - if (this.chunks.length <= 1) { +function objEquiv(a, b) { + if (util.isNullOrUndefined(a) || util.isNullOrUndefined(b)) return false; + // an identical 'prototype' property. + if (a.prototype !== b.prototype) return false; + // if one is a primitive, the other must be same + if (util.isPrimitive(a) || util.isPrimitive(b)) { + return a === b; } - var redeemChunk = this.chunks[this.chunks.length - 1]; - var redeemBuf = redeemChunk.buf; - if (!redeemBuf) { + var aIsArgs = isArguments(a), + bIsArgs = isArguments(b); + if ((aIsArgs && !bIsArgs) || (!aIsArgs && bIsArgs)) return false; + if (aIsArgs) { + a = pSlice.call(a); + b = pSlice.call(b); + return _deepEqual(a, b); } - - var redeemScript; - try { - redeemScript = Script.fromBuffer(redeemBuf); - } catch (e) { - if (e instanceof errors.Script.InvalidBuffer) { + var ka = objectKeys(a), + kb = objectKeys(b), + key, i; + // having the same number of owned properties (keys incorporates + // hasOwnProperty) + if (ka.length != kb.length) + return false; + //the same set of keys (although not necessarily the same order), + ka.sort(); + kb.sort(); + //~~~cheap key test + for (i = ka.length - 1; i >= 0; i--) { + if (ka[i] != kb[i]) return false; - } - throw e; } - var type = redeemScript.classify(); - return type !== Script.types.UNKNOWN; -}; + //equivalent values for every corresponding key, and + //~~~possibly expensive deep test + for (i = ka.length - 1; i >= 0; i--) { + key = ka[i]; + if (!_deepEqual(a[key], b[key])) return false; + } + return true; +} -/** - * @returns {boolean} if this is a mutlsig output script - */ -Script.prototype.isMultisigOut = function() { - return (this.chunks.length > 3 && - Opcode.isSmallIntOp(this.chunks[0].opcodenum) && - this.chunks.slice(1, this.chunks.length - 2).every(function(obj) { - return obj.buf && BufferUtil.isBuffer(obj.buf); - }) && - Opcode.isSmallIntOp(this.chunks[this.chunks.length - 2].opcodenum) && - this.chunks[this.chunks.length - 1].opcodenum === Opcode.OP_CHECKMULTISIG); +// 8. The non-equivalence assertion tests for any deep inequality. +// assert.notDeepEqual(actual, expected, message_opt); + +assert.notDeepEqual = function notDeepEqual(actual, expected, message) { + if (_deepEqual(actual, expected)) { + fail(actual, expected, message, 'notDeepEqual', assert.notDeepEqual); + } }; +// 9. The strict equality assertion tests strict equality, as determined by ===. +// assert.strictEqual(actual, expected, message_opt); -/** - * @returns {boolean} if this is a multisig input script - */ -Script.prototype.isMultisigIn = function() { - return this.chunks.length >= 2 && - this.chunks[0].opcodenum === 0 && - this.chunks.slice(1, this.chunks.length).every(function(obj) { - return obj.buf && - BufferUtil.isBuffer(obj.buf) && - Signature.isTxDER(obj.buf); - }); +assert.strictEqual = function strictEqual(actual, expected, message) { + if (actual !== expected) { + fail(actual, expected, message, '===', assert.strictEqual); + } }; -/** - * @returns {boolean} true if this is a valid standard OP_RETURN output - */ -Script.prototype.isDataOut = function() { - return this.chunks.length >= 1 && - this.chunks[0].opcodenum === Opcode.OP_RETURN && - (this.chunks.length === 1 || - (this.chunks.length === 2 && - this.chunks[1].buf && - this.chunks[1].buf.length <= Script.OP_RETURN_STANDARD_SIZE && - this.chunks[1].length === this.chunks.len)); +// 10. The strict non-equality assertion tests for strict inequality, as +// determined by !==. assert.notStrictEqual(actual, expected, message_opt); + +assert.notStrictEqual = function notStrictEqual(actual, expected, message) { + if (actual === expected) { + fail(actual, expected, message, '!==', assert.notStrictEqual); + } }; -/** - * Retrieve the associated data for this script. - * In the case of a pay to public key hash or P2SH, return the hash. - * In the case of a standard OP_RETURN, return the data - * @returns {Buffer} - */ -Script.prototype.getData = function() { - if (this.isDataOut() || this.isScriptHashOut()) { - if (_.isUndefined(this.chunks[1])) { - return new Buffer(0); - } else { - return new Buffer(this.chunks[1].buf); - } +function expectedException(actual, expected) { + if (!actual || !expected) { + return false; } - if (this.isPublicKeyHashOut()) { - return new Buffer(this.chunks[2].buf); + + if (Object.prototype.toString.call(expected) == '[object RegExp]') { + return expected.test(actual); + } else if (actual instanceof expected) { + return true; + } else if (expected.call({}, actual) === true) { + return true; } - throw new Error('Unrecognized script type to get data from'); -}; -/** - * @returns {boolean} if the script is only composed of data pushing - * opcodes or small int opcodes (OP_0, OP_1, ..., OP_16) - */ -Script.prototype.isPushOnly = function() { - return _.every(this.chunks, function(chunk) { - return chunk.opcodenum <= Opcode.OP_16; - }); -}; + return false; +} +function _throws(shouldThrow, block, expected, message) { + var actual; -Script.types = {}; -Script.types.UNKNOWN = 'Unknown'; -Script.types.PUBKEY_OUT = 'Pay to public key'; -Script.types.PUBKEY_IN = 'Spend from public key'; -Script.types.PUBKEYHASH_OUT = 'Pay to public key hash'; -Script.types.PUBKEYHASH_IN = 'Spend from public key hash'; -Script.types.SCRIPTHASH_OUT = 'Pay to script hash'; -Script.types.SCRIPTHASH_IN = 'Spend from script hash'; -Script.types.MULTISIG_OUT = 'Pay to multisig'; -Script.types.MULTISIG_IN = 'Spend from multisig'; -Script.types.DATA_OUT = 'Data push'; + if (util.isString(expected)) { + message = expected; + expected = null; + } -Script.OP_RETURN_STANDARD_SIZE = 80; + try { + block(); + } catch (e) { + actual = e; + } -Script.identifiers = {}; -Script.identifiers.PUBKEY_OUT = Script.prototype.isPublicKeyOut; -Script.identifiers.PUBKEY_IN = Script.prototype.isPublicKeyIn; -Script.identifiers.PUBKEYHASH_OUT = Script.prototype.isPublicKeyHashOut; -Script.identifiers.PUBKEYHASH_IN = Script.prototype.isPublicKeyHashIn; -Script.identifiers.MULTISIG_OUT = Script.prototype.isMultisigOut; -Script.identifiers.MULTISIG_IN = Script.prototype.isMultisigIn; -Script.identifiers.SCRIPTHASH_OUT = Script.prototype.isScriptHashOut; -Script.identifiers.SCRIPTHASH_IN = Script.prototype.isScriptHashIn; -Script.identifiers.DATA_OUT = Script.prototype.isDataOut; + message = (expected && expected.name ? ' (' + expected.name + ').' : '.') + + (message ? ' ' + message : '.'); -/** - * @returns {object} The Script type if it is a known form, - * or Script.UNKNOWN if it isn't - */ -Script.prototype.classify = function() { - for (var type in Script.identifiers) { - if (Script.identifiers[type].bind(this)()) { - return Script.types[type]; - } + if (shouldThrow && !actual) { + fail(actual, expected, 'Missing expected exception' + message); } - return Script.types.UNKNOWN; -}; + if (!shouldThrow && expectedException(actual, expected)) { + fail(actual, expected, 'Got unwanted exception' + message); + } -/** - * @returns {boolean} if script is one of the known types - */ -Script.prototype.isStandard = function() { - // TODO: Add BIP62 compliance - return this.classify() !== Script.types.UNKNOWN; -}; + if ((shouldThrow && actual && expected && + !expectedException(actual, expected)) || (!shouldThrow && actual)) { + throw actual; + } +} +// 11. Expected to throw an error: +// assert.throws(block, Error_opt, message_opt); -// Script construction methods +assert.throws = function(block, /*optional*/error, /*optional*/message) { + _throws.apply(this, [true].concat(pSlice.call(arguments))); +}; -/** - * Adds a script element at the start of the script. - * @param {*} obj a string, number, Opcode, Buffer, or object to add - * @returns {Script} this script instance - */ -Script.prototype.prepend = function(obj) { - this._addByType(obj, true); - return this; +// EXTENSION! This is annoying to write outside this module. +assert.doesNotThrow = function(block, /*optional*/message) { + _throws.apply(this, [false].concat(pSlice.call(arguments))); }; -/** - * Compares a script with another script - */ -Script.prototype.equals = function(script) { - $.checkState(script instanceof Script, 'Must provide another script'); - if (this.chunks.length !== script.chunks.length) { - return false; - } - var i; - for (i = 0; i < this.chunks.length; i++) { - if (BufferUtil.isBuffer(this.chunks[i].buf) && !BufferUtil.isBuffer(script.chunks[i].buf)) { - return false; - } - if (BufferUtil.isBuffer(this.chunks[i].buf) && !BufferUtil.equals(this.chunks[i].buf, script.chunks[i].buf)) { - return false; - } else if (this.chunks[i].opcodenum !== script.chunks[i].opcodenum) { - return false; - } +assert.ifError = function(err) { if (err) {throw err;}}; + +var objectKeys = Object.keys || function (obj) { + var keys = []; + for (var key in obj) { + if (hasOwn.call(obj, key)) keys.push(key); } - return true; + return keys; }; -/** - * Adds a script element to the end of the script. - * - * @param {*} obj a string, number, Opcode, Buffer, or object to add - * @returns {Script} this script instance - * - */ -Script.prototype.add = function(obj) { - this._addByType(obj, false); - return this; -}; +},{"util/":339}],23:[function(require,module,exports){ +'use strict' -Script.prototype._addByType = function(obj, prepend) { - if (typeof obj === 'string') { - this._addOpcode(obj, prepend); - } else if (typeof obj === 'number') { - this._addOpcode(obj, prepend); - } else if (obj instanceof Opcode) { - this._addOpcode(obj, prepend); - } else if (BufferUtil.isBuffer(obj)) { - this._addBuffer(obj, prepend); - } else if (obj instanceof Script) { - this.chunks = this.chunks.concat(obj.chunks); - } else if (typeof obj === 'object') { - this._insertAtPosition(obj, prepend); - } else { - throw new Error('Invalid script chunk'); +exports.toByteArray = toByteArray +exports.fromByteArray = fromByteArray + +var lookup = [] +var revLookup = [] +var Arr = typeof Uint8Array !== 'undefined' ? Uint8Array : Array + +function init () { + var code = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/' + for (var i = 0, len = code.length; i < len; ++i) { + lookup[i] = code[i] + revLookup[code.charCodeAt(i)] = i } -}; -Script.prototype._insertAtPosition = function(op, prepend) { - if (prepend) { - this.chunks.unshift(op); - } else { - this.chunks.push(op); + revLookup['-'.charCodeAt(0)] = 62 + revLookup['_'.charCodeAt(0)] = 63 +} + +init() + +function toByteArray (b64) { + var i, j, l, tmp, placeHolders, arr + var len = b64.length + + if (len % 4 > 0) { + throw new Error('Invalid string. Length must be a multiple of 4') } -}; -Script.prototype._addOpcode = function(opcode, prepend) { - var op; - if (typeof opcode === 'number') { - op = opcode; - } else if (opcode instanceof Opcode) { - op = opcode.toNumber(); - } else { - op = Opcode(opcode).toNumber(); + // the number of equal signs (place holders) + // if there are two placeholders, than the two characters before it + // represent one byte + // if there is only one, then the three characters before it represent 2 bytes + // this is just a cheap hack to not do indexOf twice + placeHolders = b64[len - 2] === '=' ? 2 : b64[len - 1] === '=' ? 1 : 0 + + // base64 is 4/3 + up to two characters of the original data + arr = new Arr(len * 3 / 4 - placeHolders) + + // if there are placeholders, only get up to the last complete 4 chars + l = placeHolders > 0 ? len - 4 : len + + var L = 0 + + for (i = 0, j = 0; i < l; i += 4, j += 3) { + tmp = (revLookup[b64.charCodeAt(i)] << 18) | (revLookup[b64.charCodeAt(i + 1)] << 12) | (revLookup[b64.charCodeAt(i + 2)] << 6) | revLookup[b64.charCodeAt(i + 3)] + arr[L++] = (tmp >> 16) & 0xFF + arr[L++] = (tmp >> 8) & 0xFF + arr[L++] = tmp & 0xFF } - this._insertAtPosition({ - opcodenum: op - }, prepend); - return this; -}; -Script.prototype._addBuffer = function(buf, prepend) { - var opcodenum; - var len = buf.length; - if (len >= 0 && len < Opcode.OP_PUSHDATA1) { - opcodenum = len; - } else if (len < Math.pow(2, 8)) { - opcodenum = Opcode.OP_PUSHDATA1; - } else if (len < Math.pow(2, 16)) { - opcodenum = Opcode.OP_PUSHDATA2; - } else if (len < Math.pow(2, 32)) { - opcodenum = Opcode.OP_PUSHDATA4; - } else { - throw new Error('You can\'t push that much data'); + if (placeHolders === 2) { + tmp = (revLookup[b64.charCodeAt(i)] << 2) | (revLookup[b64.charCodeAt(i + 1)] >> 4) + arr[L++] = tmp & 0xFF + } else if (placeHolders === 1) { + tmp = (revLookup[b64.charCodeAt(i)] << 10) | (revLookup[b64.charCodeAt(i + 1)] << 4) | (revLookup[b64.charCodeAt(i + 2)] >> 2) + arr[L++] = (tmp >> 8) & 0xFF + arr[L++] = tmp & 0xFF } - this._insertAtPosition({ - buf: buf, - len: len, - opcodenum: opcodenum - }, prepend); - return this; -}; -Script.prototype.removeCodeseparators = function() { - var chunks = []; - for (var i = 0; i < this.chunks.length; i++) { - if (this.chunks[i].opcodenum !== Opcode.OP_CODESEPARATOR) { - chunks.push(this.chunks[i]); - } + return arr +} + +function tripletToBase64 (num) { + return lookup[num >> 18 & 0x3F] + lookup[num >> 12 & 0x3F] + lookup[num >> 6 & 0x3F] + lookup[num & 0x3F] +} + +function encodeChunk (uint8, start, end) { + var tmp + var output = [] + for (var i = start; i < end; i += 3) { + tmp = (uint8[i] << 16) + (uint8[i + 1] << 8) + (uint8[i + 2]) + output.push(tripletToBase64(tmp)) } - this.chunks = chunks; - return this; -}; + return output.join('') +} -// high level script builder methods +function fromByteArray (uint8) { + var tmp + var len = uint8.length + var extraBytes = len % 3 // if we have 1 byte left, pad 2 bytes + var output = '' + var parts = [] + var maxChunkLength = 16383 // must be multiple of 3 -/** - * @returns {Script} a new Multisig output script for given public keys, - * requiring m of those public keys to spend - * @param {PublicKey[]} publicKeys - list of all public keys controlling the output - * @param {number} threshold - amount of required signatures to spend the output - * @param {Object=} opts - Several options: - * - noSorting: defaults to false, if true, don't sort the given - * public keys before creating the script - */ -Script.buildMultisigOut = function(publicKeys, threshold, opts) { - $.checkArgument(threshold <= publicKeys.length, - 'Number of required signatures must be less than or equal to the number of public keys'); - opts = opts || {}; - var script = new Script(); - script.add(Opcode.smallInt(threshold)); - publicKeys = _.map(publicKeys, PublicKey); - var sorted = publicKeys; - if (!opts.noSorting) { - sorted = _.sortBy(publicKeys, function(publicKey) { - return publicKey.toString('hex'); - }); + // go through the array every three bytes, we'll deal with trailing stuff later + for (var i = 0, len2 = len - extraBytes; i < len2; i += maxChunkLength) { + parts.push(encodeChunk(uint8, i, (i + maxChunkLength) > len2 ? len2 : (i + maxChunkLength))) } - for (var i = 0; i < sorted.length; i++) { - var publicKey = sorted[i]; - script.add(publicKey.toBuffer()); + + // pad the end with zeros, but make sure to not forget the extra bytes + if (extraBytes === 1) { + tmp = uint8[len - 1] + output += lookup[tmp >> 2] + output += lookup[(tmp << 4) & 0x3F] + output += '==' + } else if (extraBytes === 2) { + tmp = (uint8[len - 2] << 8) + (uint8[len - 1]) + output += lookup[tmp >> 10] + output += lookup[(tmp >> 4) & 0x3F] + output += lookup[(tmp << 2) & 0x3F] + output += '=' } - script.add(Opcode.smallInt(publicKeys.length)); - script.add(Opcode.OP_CHECKMULTISIG); - return script; -}; -/** - * A new Multisig input script for the given public keys, requiring m of those public keys to spend - * - * @param {PublicKey[]} pubkeys list of all public keys controlling the output - * @param {number} threshold amount of required signatures to spend the output - * @param {Array} signatures and array of signature buffers to append to the script - * @param {Object=} opts - * @param {boolean=} opts.noSorting don't sort the given public keys before creating the script (false by default) - * @param {Script=} opts.cachedMultisig don't recalculate the redeemScript - * - * @returns {Script} - */ -Script.buildMultisigIn = function(pubkeys, threshold, signatures, opts) { - $.checkArgument(_.isArray(pubkeys)); - $.checkArgument(_.isNumber(threshold)); - $.checkArgument(_.isArray(signatures)); - opts = opts || {}; - var s = new Script(); - s.add(Opcode.OP_0); - _.each(signatures, function(signature) { - $.checkArgument(BufferUtil.isBuffer(signature), 'Signatures must be an array of Buffers'); - // TODO: allow signatures to be an array of Signature objects - s.add(signature); - }); - return s; -}; + parts.push(output) -/** - * A new P2SH Multisig input script for the given public keys, requiring m of those public keys to spend + return parts.join('') +} + +},{}],24:[function(require,module,exports){ +(function (Buffer){ +// Reference https://github.com/bitcoin/bips/blob/master/bip-0066.mediawiki +// Format: 0x30 [total-length] 0x02 [R-length] [R] 0x02 [S-length] [S] +// NOTE: SIGHASH byte ignored AND restricted, truncate before use + +function check (buffer) { + if (buffer.length < 8) return false + if (buffer.length > 72) return false + if (buffer[0] !== 0x30) return false + if (buffer[1] !== buffer.length - 2) return false + if (buffer[2] !== 0x02) return false + + var lenR = buffer[3] + if (lenR === 0) return false + if (5 + lenR >= buffer.length) return false + if (buffer[4 + lenR] !== 0x02) return false + + var lenS = buffer[5 + lenR] + if (lenS === 0) return false + if ((6 + lenR + lenS) !== buffer.length) return false + + if (buffer[4] & 0x80) return false + if (lenR > 1 && (buffer[4] === 0x00) && !(buffer[5] & 0x80)) return false + + if (buffer[lenR + 6] & 0x80) return false + if (lenS > 1 && (buffer[lenR + 6] === 0x00) && !(buffer[lenR + 7] & 0x80)) return false + return true +} + +function decode (buffer) { + if (buffer.length < 8) throw new Error('DER sequence length is too short') + if (buffer.length > 72) throw new Error('DER sequence length is too long') + if (buffer[0] !== 0x30) throw new Error('Expected DER sequence') + if (buffer[1] !== buffer.length - 2) throw new Error('DER sequence length is invalid') + if (buffer[2] !== 0x02) throw new Error('Expected DER integer') + + var lenR = buffer[3] + if (lenR === 0) throw new Error('R length is zero') + if (5 + lenR >= buffer.length) throw new Error('R length is too long') + if (buffer[4 + lenR] !== 0x02) throw new Error('Expected DER integer (2)') + + var lenS = buffer[5 + lenR] + if (lenS === 0) throw new Error('S length is zero') + if ((6 + lenR + lenS) !== buffer.length) throw new Error('S length is invalid') + + if (buffer[4] & 0x80) throw new Error('R value is negative') + if (lenR > 1 && (buffer[4] === 0x00) && !(buffer[5] & 0x80)) throw new Error('R value excessively padded') + + if (buffer[lenR + 6] & 0x80) throw new Error('S value is negative') + if (lenS > 1 && (buffer[lenR + 6] === 0x00) && !(buffer[lenR + 7] & 0x80)) throw new Error('S value excessively padded') + + // non-BIP66 - extract R, S values + return { + r: buffer.slice(4, 4 + lenR), + s: buffer.slice(6 + lenR) + } +} + +/* + * Expects r and s to be positive DER integers. * - * @param {PublicKey[]} pubkeys list of all public keys controlling the output - * @param {number} threshold amount of required signatures to spend the output - * @param {Array} signatures and array of signature buffers to append to the script - * @param {Object=} opts - * @param {boolean=} opts.noSorting don't sort the given public keys before creating the script (false by default) - * @param {Script=} opts.cachedMultisig don't recalculate the redeemScript + * The DER format uses the most significant bit as a sign bit (& 0x80). + * If the significant bit is set AND the integer is positive, a 0x00 is prepended. * - * @returns {Script} - */ -Script.buildP2SHMultisigIn = function(pubkeys, threshold, signatures, opts) { - $.checkArgument(_.isArray(pubkeys)); - $.checkArgument(_.isNumber(threshold)); - $.checkArgument(_.isArray(signatures)); - opts = opts || {}; - var s = new Script(); - s.add(Opcode.OP_0); - _.each(signatures, function(signature) { - $.checkArgument(BufferUtil.isBuffer(signature), 'Signatures must be an array of Buffers'); - // TODO: allow signatures to be an array of Signature objects - s.add(signature); - }); - s.add((opts.cachedMultisig || Script.buildMultisigOut(pubkeys, threshold, opts)).toBuffer()); - return s; -}; + * Examples: + * + * 0 => 0x00 + * 1 => 0x01 + * -1 => 0xff + * 127 => 0x7f + * -127 => 0x81 + * 128 => 0x0080 + * -128 => 0x80 + * 255 => 0x00ff + * -255 => 0xff01 + * 16300 => 0x3fac + * -16300 => 0xc054 + * 62300 => 0x00f35c + * -62300 => 0xff0ca4 +*/ +function encode (r, s) { + var lenR = r.length + var lenS = s.length + if (lenR === 0) throw new Error('R length is zero') + if (lenS === 0) throw new Error('S length is zero') + if (lenR > 33) throw new Error('R length is too long') + if (lenS > 33) throw new Error('S length is too long') + if (r[0] & 0x80) throw new Error('R value is negative') + if (s[0] & 0x80) throw new Error('S value is negative') + if (lenR > 1 && (r[0] === 0x00) && !(r[1] & 0x80)) throw new Error('R value excessively padded') + if (lenS > 1 && (s[0] === 0x00) && !(s[1] & 0x80)) throw new Error('S value excessively padded') -/** - * @returns {Script} a new pay to public key hash output for the given - * address or public key - * @param {(Address|PublicKey)} to - destination address or public key - */ -Script.buildPublicKeyHashOut = function(to) { - $.checkArgument(!_.isUndefined(to)); - $.checkArgument(to instanceof PublicKey || to instanceof Address || _.isString(to)); - if (to instanceof PublicKey) { - to = to.toAddress(); - } else if (_.isString(to)) { - to = new Address(to); - } - var s = new Script(); - s.add(Opcode.OP_DUP) - .add(Opcode.OP_HASH160) - .add(to.hashBuffer) - .add(Opcode.OP_EQUALVERIFY) - .add(Opcode.OP_CHECKSIG); - s._network = to.network; - return s; -}; + var signature = new Buffer(6 + lenR + lenS) -/** - * @returns {Script} a new pay to public key output for the given - * public key - */ -Script.buildPublicKeyOut = function(pubkey) { - $.checkArgument(pubkey instanceof PublicKey); - var s = new Script(); - s.add(pubkey.toBuffer()) - .add(Opcode.OP_CHECKSIG); - return s; -}; + // 0x30 [total-length] 0x02 [R-length] [R] 0x02 [S-length] [S] + signature[0] = 0x30 + signature[1] = signature.length - 2 + signature[2] = 0x02 + signature[3] = r.length + r.copy(signature, 4) + signature[4 + lenR] = 0x02 + signature[5 + lenR] = s.length + s.copy(signature, 6 + lenR) -/** - * @returns {Script} a new OP_RETURN script with data - * @param {(string|Buffer)} data - the data to embed in the output - * @param {(string)} encoding - the type of encoding of the string - */ -Script.buildDataOut = function(data, encoding) { - $.checkArgument(_.isUndefined(data) || _.isString(data) || BufferUtil.isBuffer(data)); - if (_.isString(data)) { - data = new Buffer(data, encoding); - } - var s = new Script(); - s.add(Opcode.OP_RETURN); - if (!_.isUndefined(data)) { - s.add(data); + return signature +} + +module.exports = { + check: check, + decode: decode, + encode: encode +} + +}).call(this,require("buffer").Buffer) +},{"buffer":158}],25:[function(require,module,exports){ +(function (global,Buffer){ +'use strict'; + +var bitcore = module.exports; + +// module information +bitcore.version = 'v' + require('./package.json').version; +bitcore.versionGuard = function(version) { + if (version !== undefined) { + var message = 'More than one instance of bitcore-lib found. ' + + 'Please make sure to require bitcore-lib and check that submodules do' + + ' not also include their own bitcore-lib dependency.'; + throw new Error(message); } - return s; }; +bitcore.versionGuard(global._bitcore); +global._bitcore = bitcore.version; -/** - * @param {Script|Address} script - the redeemScript for the new p2sh output. - * It can also be a p2sh address - * @returns {Script} new pay to script hash script for given script - */ -Script.buildScriptHashOut = function(script) { - $.checkArgument(script instanceof Script || - (script instanceof Address && script.isPayToScriptHash())); - var s = new Script(); - s.add(Opcode.OP_HASH160) - .add(script instanceof Address ? script.hashBuffer : Hash.sha256ripemd160(script.toBuffer())) - .add(Opcode.OP_EQUAL); +// crypto +bitcore.crypto = {}; +bitcore.crypto.BN = require('./lib/crypto/bn'); +bitcore.crypto.ECDSA = require('./lib/crypto/ecdsa'); +bitcore.crypto.Hash = require('./lib/crypto/hash'); +bitcore.crypto.Random = require('./lib/crypto/random'); +bitcore.crypto.Point = require('./lib/crypto/point'); +bitcore.crypto.Signature = require('./lib/crypto/signature'); - s._network = script._network || script.network; - return s; -}; +// encoding +bitcore.encoding = {}; +bitcore.encoding.Base58 = require('./lib/encoding/base58'); +bitcore.encoding.Base58Check = require('./lib/encoding/base58check'); +bitcore.encoding.BufferReader = require('./lib/encoding/bufferreader'); +bitcore.encoding.BufferWriter = require('./lib/encoding/bufferwriter'); +bitcore.encoding.Varint = require('./lib/encoding/varint'); + +// utilities +bitcore.util = {}; +bitcore.util.buffer = require('./lib/util/buffer'); +bitcore.util.js = require('./lib/util/js'); +bitcore.util.preconditions = require('./lib/util/preconditions'); + +// errors thrown by the library +bitcore.errors = require('./lib/errors'); + +// main bitcoin library +bitcore.Address = require('./lib/address'); +bitcore.Block = require('./lib/block'); +bitcore.MerkleBlock = require('./lib/block/merkleblock'); +bitcore.BlockHeader = require('./lib/block/blockheader'); +bitcore.HDPrivateKey = require('./lib/hdprivatekey.js'); +bitcore.HDPublicKey = require('./lib/hdpublickey.js'); +bitcore.Networks = require('./lib/networks'); +bitcore.Opcode = require('./lib/opcode'); +bitcore.PrivateKey = require('./lib/privatekey'); +bitcore.PublicKey = require('./lib/publickey'); +bitcore.Script = require('./lib/script'); +bitcore.Transaction = require('./lib/transaction'); +bitcore.URI = require('./lib/uri'); +bitcore.Unit = require('./lib/unit'); + +// dependencies, subject to change +bitcore.deps = {}; +bitcore.deps.bnjs = require('bn.js'); +bitcore.deps.bs58 = require('bs58'); +bitcore.deps.Buffer = Buffer; +bitcore.deps.elliptic = require('elliptic'); +bitcore.deps._ = require('lodash'); + +// Internal usage, exposed for testing/advanced tweaking +bitcore._HDKeyCache = require('./lib/hdkeycache'); +bitcore.Transaction.sighash = require('./lib/transaction/sighash'); + +}).call(this,typeof global !== "undefined" ? global : typeof self !== "undefined" ? self : typeof window !== "undefined" ? window : {},require("buffer").Buffer) +},{"./lib/address":26,"./lib/block":29,"./lib/block/blockheader":28,"./lib/block/merkleblock":30,"./lib/crypto/bn":31,"./lib/crypto/ecdsa":32,"./lib/crypto/hash":33,"./lib/crypto/point":34,"./lib/crypto/random":35,"./lib/crypto/signature":36,"./lib/encoding/base58":37,"./lib/encoding/base58check":38,"./lib/encoding/bufferreader":39,"./lib/encoding/bufferwriter":40,"./lib/encoding/varint":41,"./lib/errors":42,"./lib/hdkeycache":44,"./lib/hdprivatekey.js":45,"./lib/hdpublickey.js":46,"./lib/networks":47,"./lib/opcode":48,"./lib/privatekey":49,"./lib/publickey":50,"./lib/script":51,"./lib/transaction":54,"./lib/transaction/sighash":62,"./lib/unit":66,"./lib/uri":67,"./lib/util/buffer":68,"./lib/util/js":69,"./lib/util/preconditions":70,"./package.json":97,"bn.js":71,"bs58":72,"buffer":158,"elliptic":74,"lodash":96}],26:[function(require,module,exports){ +(function (Buffer){ +'use strict'; + +var _ = require('lodash'); +var $ = require('./util/preconditions'); +var errors = require('./errors'); +var Base58Check = require('./encoding/base58check'); +var Networks = require('./networks'); +var Hash = require('./crypto/hash'); +var JSUtil = require('./util/js'); +var PublicKey = require('./publickey'); /** - * Builds a scriptSig (a script for an input) that signs a public key output script. + * Instantiate an address from an address String or Buffer, a public key or script hash Buffer, + * or an instance of {@link PublicKey} or {@link Script}. * - * @param {Signature|Buffer} signature - a Signature object, or the signature in DER canonical encoding - * @param {number=} sigtype - the type of the signature (defaults to SIGHASH_ALL) + * This is an immutable class, and if the first parameter provided to this constructor is an + * `Address` instance, the same argument will be returned. + * + * An address has two key properties: `network` and `type`. The type is either + * `Address.PayToPublicKeyHash` (value is the `'pubkeyhash'` string) + * or `Address.PayToScriptHash` (the string `'scripthash'`). The network is an instance of {@link Network}. + * You can quickly check whether an address is of a given kind by using the methods + * `isPayToPublicKeyHash` and `isPayToScriptHash` + * + * @example + * ```javascript + * // validate that an input field is valid + * var error = Address.getValidationError(input, 'testnet'); + * if (!error) { + * var address = Address(input, 'testnet'); + * } else { + * // invalid network or checksum (typo?) + * var message = error.messsage; + * } + * + * // get an address from a public key + * var address = Address(publicKey, 'testnet').toString(); + * ``` + * + * @param {*} data - The encoded data in various formats + * @param {Network|String|number=} network - The network: 'livenet' or 'testnet' + * @param {string=} type - The type of address: 'script' or 'pubkey' + * @returns {Address} A new valid and frozen instance of an Address + * @constructor */ -Script.buildPublicKeyIn = function(signature, sigtype) { - $.checkArgument(signature instanceof Signature || BufferUtil.isBuffer(signature)); - $.checkArgument(_.isUndefined(sigtype) || _.isNumber(sigtype)); - if (signature instanceof Signature) { - signature = signature.toBuffer(); +function Address(data, network, type) { + /* jshint maxcomplexity: 12 */ + /* jshint maxstatements: 20 */ + + if (!(this instanceof Address)) { + return new Address(data, network, type); } - var script = new Script(); - script.add(BufferUtil.concat([ - signature, - BufferUtil.integerAsSingleByteBuffer(sigtype || Signature.SIGHASH_ALL) - ])); - return script; -}; -/** - * Builds a scriptSig (a script for an input) that signs a public key hash - * output script. - * - * @param {Buffer|string|PublicKey} publicKey - * @param {Signature|Buffer} signature - a Signature object, or the signature in DER canonical encoding - * @param {number=} sigtype - the type of the signature (defaults to SIGHASH_ALL) - */ -Script.buildPublicKeyHashIn = function(publicKey, signature, sigtype) { - $.checkArgument(signature instanceof Signature || BufferUtil.isBuffer(signature)); - $.checkArgument(_.isUndefined(sigtype) || _.isNumber(sigtype)); - if (signature instanceof Signature) { - signature = signature.toBuffer(); + if (_.isArray(data) && _.isNumber(network)) { + return Address.createMultisig(data, network, type); } - var script = new Script() - .add(BufferUtil.concat([ - signature, - BufferUtil.integerAsSingleByteBuffer(sigtype || Signature.SIGHASH_ALL) - ])) - .add(new PublicKey(publicKey).toBuffer()); - return script; -}; -/** - * @returns {Script} an empty script - */ -Script.empty = function() { - return new Script(); -}; + if (data instanceof Address) { + // Immutable instance + return data; + } -/** - * @returns {Script} a new pay to script hash script that pays to this script - */ -Script.prototype.toScriptHashOut = function() { - return Script.buildScriptHashOut(this); -}; + $.checkArgument(data, 'First argument is required, please include address data.', 'guide/address.html'); -/** - * @return {Script} an output script built from the address - */ -Script.fromAddress = function(address) { - address = Address(address); - if (address.isPayToScriptHash()) { - return Script.buildScriptHashOut(address); - } else if (address.isPayToPublicKeyHash()) { - return Script.buildPublicKeyHashOut(address); + if (network && !Networks.get(network)) { + throw new TypeError('Second argument must be "livenet" or "testnet".'); + } + + if (type && (type !== Address.PayToPublicKeyHash && type !== Address.PayToScriptHash)) { + throw new TypeError('Third argument must be "pubkeyhash" or "scripthash".'); } - throw new errors.Script.UnrecognizedAddress(address); -}; + + var info = this._classifyArguments(data, network, type); + + // set defaults if not set + info.network = info.network || Networks.get(network) || Networks.defaultNetwork; + info.type = info.type || type || Address.PayToPublicKeyHash; + + JSUtil.defineImmutable(this, { + hashBuffer: info.hashBuffer, + network: info.network, + type: info.type + }); + + return this; +} /** - * Will return the associated address information object - * @return {Address|boolean} + * Internal function used to split different kinds of arguments of the constructor + * @param {*} data - The encoded data in various formats + * @param {Network|String|number=} network - The network: 'livenet' or 'testnet' + * @param {string=} type - The type of address: 'script' or 'pubkey' + * @returns {Object} An "info" object with "type", "network", and "hashBuffer" */ -Script.prototype.getAddressInfo = function(opts) { - if (this._isInput) { - return this._getInputAddressInfo(); - } else if (this._isOutput) { - return this._getOutputAddressInfo(); +Address.prototype._classifyArguments = function(data, network, type) { + /* jshint maxcomplexity: 10 */ + // transform and validate input data + if ((data instanceof Buffer || data instanceof Uint8Array) && data.length === 20) { + return Address._transformHash(data); + } else if ((data instanceof Buffer || data instanceof Uint8Array) && data.length === 21) { + return Address._transformBuffer(data, network, type); + } else if (data instanceof PublicKey) { + return Address._transformPublicKey(data); + } else if (data instanceof Script) { + return Address._transformScript(data, network); + } else if (typeof(data) === 'string') { + return Address._transformString(data, network, type); + } else if (_.isObject(data)) { + return Address._transformObject(data); } else { - var info = this._getOutputAddressInfo(); - if (!info) { - return this._getInputAddressInfo(); - } - return info; + throw new TypeError('First argument is an unrecognized data format.'); } }; +/** @static */ +Address.PayToPublicKeyHash = 'pubkeyhash'; +/** @static */ +Address.PayToScriptHash = 'scripthash'; + /** - * Will return the associated output scriptPubKey address information object - * @return {Address|boolean} + * @param {Buffer} hash - An instance of a hash Buffer + * @returns {Object} An object with keys: hashBuffer * @private */ -Script.prototype._getOutputAddressInfo = function() { +Address._transformHash = function(hash) { var info = {}; - if (this.isScriptHashOut()) { - info.hashBuffer = this.getData(); - info.type = Address.PayToScriptHash; - } else if (this.isPublicKeyHashOut()) { - info.hashBuffer = this.getData(); - info.type = Address.PayToPublicKeyHash; - } else { - return false; + if (!(hash instanceof Buffer) && !(hash instanceof Uint8Array)) { + throw new TypeError('Address supplied is not a buffer.'); + } + if (hash.length !== 20) { + throw new TypeError('Address hashbuffers must be exactly 20 bytes.'); } + info.hashBuffer = hash; return info; }; /** - * Will return the associated input scriptSig address information object - * @return {Address|boolean} - * @private + * Deserializes an address serialized through `Address#toObject()` + * @param {Object} data + * @param {string} data.hash - the hash that this address encodes + * @param {string} data.type - either 'pubkeyhash' or 'scripthash' + * @param {Network=} data.network - the name of the network associated + * @return {Address} */ -Script.prototype._getInputAddressInfo = function() { - var info = {}; - if (this.isPublicKeyHashIn()) { - // hash the publickey found in the scriptSig - info.hashBuffer = Hash.sha256ripemd160(this.chunks[1].buf); - info.type = Address.PayToPublicKeyHash; - } else if (this.isScriptHashIn()) { - // hash the redeemscript found at the end of the scriptSig - info.hashBuffer = Hash.sha256ripemd160(this.chunks[this.chunks.length - 1].buf); - info.type = Address.PayToScriptHash; - } else { - return false; - } - return info; +Address._transformObject = function(data) { + $.checkArgument(data.hash || data.hashBuffer, 'Must provide a `hash` or `hashBuffer` property'); + $.checkArgument(data.type, 'Must provide a `type` property'); + return { + hashBuffer: data.hash ? new Buffer(data.hash, 'hex') : data.hashBuffer, + network: Networks.get(data.network) || Networks.defaultNetwork, + type: data.type + }; }; /** - * @param {Network=} network - * @return {Address|boolean} the associated address for this script if possible, or false + * Internal function to discover the network and type based on the first data byte + * + * @param {Buffer} buffer - An instance of a hex encoded address Buffer + * @returns {Object} An object with keys: network and type + * @private */ -Script.prototype.toAddress = function(network) { - var info = this.getAddressInfo(); - if (!info) { - return false; +Address._classifyFromVersion = function(buffer) { + var version = {}; + + var pubkeyhashNetwork = Networks.get(buffer[0], 'pubkeyhash'); + var scripthashNetwork = Networks.get(buffer[0], 'scripthash'); + + if (pubkeyhashNetwork) { + version.network = pubkeyhashNetwork; + version.type = Address.PayToPublicKeyHash; + } else if (scripthashNetwork) { + version.network = scripthashNetwork; + version.type = Address.PayToScriptHash; } - info.network = Networks.get(network) || this._network || Networks.defaultNetwork; - return new Address(info); + + return version; }; /** - * Analogous to bitcoind's FindAndDelete. Find and delete equivalent chunks, - * typically used with push data chunks. Note that this will find and delete - * not just the same data, but the same data with the same push data op as - * produced by default. i.e., if a pushdata in a tx does not use the minimal - * pushdata op, then when you try to remove the data it is pushing, it will not - * be removed, because they do not use the same pushdata op. + * Internal function to transform a bitcoin address buffer + * + * @param {Buffer} buffer - An instance of a hex encoded address Buffer + * @param {string=} network - The network: 'livenet' or 'testnet' + * @param {string=} type - The type: 'pubkeyhash' or 'scripthash' + * @returns {Object} An object with keys: hashBuffer, network and type + * @private */ -Script.prototype.findAndDelete = function(script) { - var buf = script.toBuffer(); - var hex = buf.toString('hex'); - for (var i = 0; i < this.chunks.length; i++) { - var script2 = Script({ - chunks: [this.chunks[i]] - }); - var buf2 = script2.toBuffer(); - var hex2 = buf2.toString('hex'); - if (hex === hex2) { - this.chunks.splice(i, 1); - } +Address._transformBuffer = function(buffer, network, type) { + /* jshint maxcomplexity: 9 */ + var info = {}; + if (!(buffer instanceof Buffer) && !(buffer instanceof Uint8Array)) { + throw new TypeError('Address supplied is not a buffer.'); } - return this; + if (buffer.length !== 1 + 20) { + throw new TypeError('Address buffers must be exactly 21 bytes.'); + } + + network = Networks.get(network); + var bufferVersion = Address._classifyFromVersion(buffer); + + if (!bufferVersion.network || (network && network !== bufferVersion.network)) { + throw new TypeError('Address has mismatched network type.'); + } + + if (!bufferVersion.type || (type && type !== bufferVersion.type)) { + throw new TypeError('Address has mismatched type.'); + } + + info.hashBuffer = buffer.slice(1); + info.network = bufferVersion.network; + info.type = bufferVersion.type; + return info; }; /** - * Comes from bitcoind's script interpreter CheckMinimalPush function - * @returns {boolean} if the chunk {i} is the smallest way to push that particular data. + * Internal function to transform a {@link PublicKey} + * + * @param {PublicKey} pubkey - An instance of PublicKey + * @returns {Object} An object with keys: hashBuffer, type + * @private */ -Script.prototype.checkMinimalPush = function(i) { - var chunk = this.chunks[i]; - var buf = chunk.buf; - var opcodenum = chunk.opcodenum; - if (!buf) { - return true; - } - if (buf.length === 0) { - // Could have used OP_0. - return opcodenum === Opcode.OP_0; - } else if (buf.length === 1 && buf[0] >= 1 && buf[0] <= 16) { - // Could have used OP_1 .. OP_16. - return opcodenum === Opcode.OP_1 + (buf[0] - 1); - } else if (buf.length === 1 && buf[0] === 0x81) { - // Could have used OP_1NEGATE - return opcodenum === Opcode.OP_1NEGATE; - } else if (buf.length <= 75) { - // Could have used a direct push (opcode indicating number of bytes pushed + those bytes). - return opcodenum === buf.length; - } else if (buf.length <= 255) { - // Could have used OP_PUSHDATA. - return opcodenum === Opcode.OP_PUSHDATA1; - } else if (buf.length <= 65535) { - // Could have used OP_PUSHDATA2. - return opcodenum === Opcode.OP_PUSHDATA2; +Address._transformPublicKey = function(pubkey) { + var info = {}; + if (!(pubkey instanceof PublicKey)) { + throw new TypeError('Address must be an instance of PublicKey.'); } - return true; + info.hashBuffer = Hash.sha256ripemd160(pubkey.toBuffer()); + info.type = Address.PayToPublicKeyHash; + return info; }; /** - * Comes from bitcoind's script DecodeOP_N function - * @param {number} opcode - * @returns {number} numeric value in range of 0 to 16 + * Internal function to transform a {@link Script} into a `info` object. + * + * @param {Script} script - An instance of Script + * @returns {Object} An object with keys: hashBuffer, type + * @private */ -Script.prototype._decodeOP_N = function(opcode) { - if (opcode === Opcode.OP_0) { - return 0; - } else if (opcode >= Opcode.OP_1 && opcode <= Opcode.OP_16) { - return opcode - (Opcode.OP_1 - 1); - } else { - throw new Error('Invalid opcode: ' + JSON.stringify(opcode)); +Address._transformScript = function(script, network) { + $.checkArgument(script instanceof Script, 'script must be a Script instance'); + var info = script.getAddressInfo(network); + if (!info) { + throw new errors.Script.CantDeriveAddress(script); } + return info; }; /** - * Comes from bitcoind's script GetSigOpCount(boolean) function - * @param {boolean} use current (true) or pre-version-0.6 (false) logic - * @returns {number} number of signature operations required by this script + * Creates a P2SH address from a set of public keys and a threshold. + * + * The addresses will be sorted lexicographically, as that is the trend in bitcoin. + * To create an address from unsorted public keys, use the {@link Script#buildMultisigOut} + * interface. + * + * @param {Array} publicKeys - a set of public keys to create an address + * @param {number} threshold - the number of signatures needed to release the funds + * @param {String|Network} network - either a Network instance, 'livenet', or 'testnet' + * @return {Address} */ -Script.prototype.getSignatureOperationsCount = function(accurate) { - accurate = (_.isUndefined(accurate) ? true : accurate); - var self = this; - var n = 0; - var lastOpcode = Opcode.OP_INVALIDOPCODE; - _.each(self.chunks, function getChunk(chunk) { - var opcode = chunk.opcodenum; - if (opcode == Opcode.OP_CHECKSIG || opcode == Opcode.OP_CHECKSIGVERIFY) { - n++; - } else if (opcode == Opcode.OP_CHECKMULTISIG || opcode == Opcode.OP_CHECKMULTISIGVERIFY) { - if (accurate && lastOpcode >= Opcode.OP_1 && lastOpcode <= Opcode.OP_16) { - n += self._decodeOP_N(lastOpcode); - } else { - n += 20; - } - } - lastOpcode = opcode; - }); - return n; +Address.createMultisig = function(publicKeys, threshold, network) { + network = network || publicKeys[0].network || Networks.defaultNetwork; + return Address.payingTo(Script.buildMultisigOut(publicKeys, threshold), network); }; -module.exports = Script; - -}).call(this,require("buffer").Buffer) -},{"../address":8,"../crypto/hash":15,"../crypto/signature":18,"../encoding/bufferreader":21,"../encoding/bufferwriter":22,"../errors":24,"../networks":29,"../opcode":30,"../publickey":32,"../util/buffer":50,"../util/js":51,"../util/preconditions":52,"buffer":94,"lodash":78}],36:[function(require,module,exports){ -module.exports = require('./transaction'); - -module.exports.Input = require('./input'); -module.exports.Output = require('./output'); -module.exports.UnspentOutput = require('./unspentoutput'); -module.exports.Signature = require('./signature'); -module.exports.Sighash = require('./sighash'); - -},{"./input":37,"./output":43,"./sighash":44,"./signature":45,"./transaction":46,"./unspentoutput":47}],37:[function(require,module,exports){ -module.exports = require('./input'); - -module.exports.PublicKey = require('./publickey'); -module.exports.PublicKeyHash = require('./publickeyhash'); -module.exports.MultiSig = require('./multisig.js'); -module.exports.MultiSigScriptHash = require('./multisigscripthash.js'); - -},{"./input":38,"./multisig.js":39,"./multisigscripthash.js":40,"./publickey":41,"./publickeyhash":42}],38:[function(require,module,exports){ -'use strict'; - -var _ = require('lodash'); -var $ = require('../../util/preconditions'); -var errors = require('../../errors'); -var BufferWriter = require('../../encoding/bufferwriter'); -var buffer = require('buffer'); -var BufferUtil = require('../../util/buffer'); -var JSUtil = require('../../util/js'); -var Script = require('../../script'); -var Sighash = require('../sighash'); -var Output = require('../output'); - - -var DEFAULT_SEQNUMBER = 0xFFFFFFFF; -var DEFAULT_LOCKTIME_SEQNUMBER = 0x00000000; - -function Input(params) { - if (!(this instanceof Input)) { - return new Input(params); - } - if (params) { - return this._fromObject(params); +/** + * Internal function to transform a bitcoin address string + * + * @param {string} data + * @param {String|Network=} network - either a Network instance, 'livenet', or 'testnet' + * @param {string=} type - The type: 'pubkeyhash' or 'scripthash' + * @returns {Object} An object with keys: hashBuffer, network and type + * @private + */ +Address._transformString = function(data, network, type) { + if (typeof(data) !== 'string') { + throw new TypeError('data parameter supplied is not a string.'); } -} - -Input.DEFAULT_SEQNUMBER = DEFAULT_SEQNUMBER; -Input.DEFAULT_LOCKTIME_SEQNUMBER = DEFAULT_LOCKTIME_SEQNUMBER; + data = data.trim(); + var addressBuffer = Base58Check.decode(data); + var info = Address._transformBuffer(addressBuffer, network, type); + return info; +}; -Object.defineProperty(Input.prototype, 'script', { - configurable: false, - enumerable: true, - get: function() { - if (this.isNull()) { - return null; - } - if (!this._script) { - this._script = new Script(this._scriptBuffer); - this._script._isInput = true; - } - return this._script; - } -}); +/** + * Instantiate an address from a PublicKey instance + * + * @param {PublicKey} data + * @param {String|Network} network - either a Network instance, 'livenet', or 'testnet' + * @returns {Address} A new valid and frozen instance of an Address + */ +Address.fromPublicKey = function(data, network) { + var info = Address._transformPublicKey(data); + network = network || Networks.defaultNetwork; + return new Address(info.hashBuffer, network, info.type); +}; -Input.fromObject = function(obj) { - $.checkArgument(_.isObject(obj)); - var input = new Input(); - return input._fromObject(obj); +/** + * Instantiate an address from a ripemd160 public key hash + * + * @param {Buffer} hash - An instance of buffer of the hash + * @param {String|Network} network - either a Network instance, 'livenet', or 'testnet' + * @returns {Address} A new valid and frozen instance of an Address + */ +Address.fromPublicKeyHash = function(hash, network) { + var info = Address._transformHash(hash); + return new Address(info.hashBuffer, network, Address.PayToPublicKeyHash); }; -Input.prototype._fromObject = function(params) { - var prevTxId; - if (_.isString(params.prevTxId) && JSUtil.isHexa(params.prevTxId)) { - prevTxId = new buffer.Buffer(params.prevTxId, 'hex'); - } else { - prevTxId = params.prevTxId; - } - this.output = params.output ? - (params.output instanceof Output ? params.output : new Output(params.output)) : undefined; - this.prevTxId = prevTxId || params.txidbuf; - this.outputIndex = _.isUndefined(params.outputIndex) ? params.txoutnum : params.outputIndex; - this.sequenceNumber = _.isUndefined(params.sequenceNumber) ? - (_.isUndefined(params.seqnum) ? DEFAULT_SEQNUMBER : params.seqnum) : params.sequenceNumber; - if (_.isUndefined(params.script) && _.isUndefined(params.scriptBuffer)) { - throw new errors.Transaction.Input.MissingScript(); - } - this.setScript(params.scriptBuffer || params.script); - return this; +/** + * Instantiate an address from a ripemd160 script hash + * + * @param {Buffer} hash - An instance of buffer of the hash + * @param {String|Network} network - either a Network instance, 'livenet', or 'testnet' + * @returns {Address} A new valid and frozen instance of an Address + */ +Address.fromScriptHash = function(hash, network) { + $.checkArgument(hash, 'hash parameter is required'); + var info = Address._transformHash(hash); + return new Address(info.hashBuffer, network, Address.PayToScriptHash); }; -Input.prototype.toObject = Input.prototype.toJSON = function toObject() { - var obj = { - prevTxId: this.prevTxId.toString('hex'), - outputIndex: this.outputIndex, - sequenceNumber: this.sequenceNumber, - script: this._scriptBuffer.toString('hex'), - }; - // add human readable form if input contains valid script - if (this.script) { - obj.scriptString = this.script.toString(); - } - if (this.output) { - obj.output = this.output.toObject(); - } - return obj; +/** + * Builds a p2sh address paying to script. This will hash the script and + * use that to create the address. + * If you want to extract an address associated with a script instead, + * see {{Address#fromScript}} + * + * @param {Script} script - An instance of Script + * @param {String|Network} network - either a Network instance, 'livenet', or 'testnet' + * @returns {Address} A new valid and frozen instance of an Address + */ +Address.payingTo = function(script, network) { + $.checkArgument(script, 'script is required'); + $.checkArgument(script instanceof Script, 'script must be instance of Script'); + + return Address.fromScriptHash(Hash.sha256ripemd160(script.toBuffer()), network); }; -Input.fromBufferReader = function(br) { - var input = new Input(); - input.prevTxId = br.readReverse(32); - input.outputIndex = br.readUInt32LE(); - input._scriptBuffer = br.readVarLengthBuffer(); - input.sequenceNumber = br.readUInt32LE(); - // TODO: return different classes according to which input it is - // e.g: CoinbaseInput, PublicKeyHashInput, MultiSigScriptHashInput, etc. - return input; +/** + * Extract address from a Script. The script must be of one + * of the following types: p2pkh input, p2pkh output, p2sh input + * or p2sh output. + * This will analyze the script and extract address information from it. + * If you want to transform any script to a p2sh Address paying + * to that script's hash instead, use {{Address#payingTo}} + * + * @param {Script} script - An instance of Script + * @param {String|Network} network - either a Network instance, 'livenet', or 'testnet' + * @returns {Address} A new valid and frozen instance of an Address + */ +Address.fromScript = function(script, network) { + $.checkArgument(script instanceof Script, 'script must be a Script instance'); + var info = Address._transformScript(script, network); + return new Address(info.hashBuffer, network, info.type); }; -Input.prototype.toBufferWriter = function(writer) { - if (!writer) { - writer = new BufferWriter(); - } - writer.writeReverse(this.prevTxId); - writer.writeUInt32LE(this.outputIndex); - var script = this._scriptBuffer; - writer.writeVarintNum(script.length); - writer.write(script); - writer.writeUInt32LE(this.sequenceNumber); - return writer; +/** + * Instantiate an address from a buffer of the address + * + * @param {Buffer} buffer - An instance of buffer of the address + * @param {String|Network=} network - either a Network instance, 'livenet', or 'testnet' + * @param {string=} type - The type of address: 'script' or 'pubkey' + * @returns {Address} A new valid and frozen instance of an Address + */ +Address.fromBuffer = function(buffer, network, type) { + var info = Address._transformBuffer(buffer, network, type); + return new Address(info.hashBuffer, info.network, info.type); }; -Input.prototype.setScript = function(script) { - this._script = null; - if (script instanceof Script) { - this._script = script; - this._script._isInput = true; - this._scriptBuffer = script.toBuffer(); - } else if (JSUtil.isHexa(script)) { - // hex string script - this._scriptBuffer = new buffer.Buffer(script, 'hex'); - } else if (_.isString(script)) { - // human readable string script - this._script = new Script(script); - this._script._isInput = true; - this._scriptBuffer = this._script.toBuffer(); - } else if (BufferUtil.isBuffer(script)) { - // buffer script - this._scriptBuffer = new buffer.Buffer(script); - } else { - throw new TypeError('Invalid argument type: script'); - } - return this; +/** + * Instantiate an address from an address string + * + * @param {string} str - An string of the bitcoin address + * @param {String|Network=} network - either a Network instance, 'livenet', or 'testnet' + * @param {string=} type - The type of address: 'script' or 'pubkey' + * @returns {Address} A new valid and frozen instance of an Address + */ +Address.fromString = function(str, network, type) { + var info = Address._transformString(str, network, type); + return new Address(info.hashBuffer, info.network, info.type); }; /** - * Retrieve signatures for the provided PrivateKey. + * Instantiate an address from an Object * - * @param {Transaction} transaction - the transaction to be signed - * @param {PrivateKey} privateKey - the private key to use when signing - * @param {number} inputIndex - the index of this input in the provided transaction - * @param {number} sigType - defaults to Signature.SIGHASH_ALL - * @param {Buffer} addressHash - if provided, don't calculate the hash of the - * public key associated with the private key provided - * @abstract + * @param {string} json - An JSON string or Object with keys: hash, network and type + * @returns {Address} A new valid instance of an Address */ -Input.prototype.getSignatures = function() { - throw new errors.AbstractMethodInvoked( - 'Trying to sign unsupported output type (only P2PKH and P2SH multisig inputs are supported)' + - ' for input: ' + JSON.stringify(this) +Address.fromObject = function fromObject(obj) { + $.checkState( + JSUtil.isHexa(obj.hash), + 'Unexpected hash property, "' + obj.hash + '", expected to be hex.' ); + var hashBuffer = new Buffer(obj.hash, 'hex'); + return new Address(hashBuffer, obj.network, obj.type); }; -Input.prototype.isFullySigned = function() { - throw new errors.AbstractMethodInvoked('Input#isFullySigned'); +/** + * Will return a validation error if exists + * + * @example + * ```javascript + * // a network mismatch error + * var error = Address.getValidationError('15vkcKf7gB23wLAnZLmbVuMiiVDc1Nm4a2', 'testnet'); + * ``` + * + * @param {string} data - The encoded data + * @param {String|Network} network - either a Network instance, 'livenet', or 'testnet' + * @param {string} type - The type of address: 'script' or 'pubkey' + * @returns {null|Error} The corresponding error message + */ +Address.getValidationError = function(data, network, type) { + var error; + try { + /* jshint nonew: false */ + new Address(data, network, type); + } catch (e) { + error = e; + } + return error; }; -Input.prototype.isFinal = function() { - return this.sequenceNumber !== 4294967295; +/** + * Will return a boolean if an address is valid + * + * @example + * ```javascript + * assert(Address.isValid('15vkcKf7gB23wLAnZLmbVuMiiVDc1Nm4a2', 'livenet')); + * ``` + * + * @param {string} data - The encoded data + * @param {String|Network} network - either a Network instance, 'livenet', or 'testnet' + * @param {string} type - The type of address: 'script' or 'pubkey' + * @returns {boolean} The corresponding error message + */ +Address.isValid = function(data, network, type) { + return !Address.getValidationError(data, network, type); }; -Input.prototype.addSignature = function() { - throw new errors.AbstractMethodInvoked('Input#addSignature'); +/** + * Returns true if an address is of pay to public key hash type + * @return boolean + */ +Address.prototype.isPayToPublicKeyHash = function() { + return this.type === Address.PayToPublicKeyHash; }; -Input.prototype.clearSignatures = function() { - throw new errors.AbstractMethodInvoked('Input#clearSignatures'); +/** + * Returns true if an address is of pay to script hash type + * @return boolean + */ +Address.prototype.isPayToScriptHash = function() { + return this.type === Address.PayToScriptHash; }; -Input.prototype.isValidSignature = function(transaction, signature) { - // FIXME: Refactor signature so this is not necessary - signature.signature.nhashtype = signature.sigtype; - return Sighash.verify( - transaction, - signature.signature, - signature.publicKey, - signature.inputIndex, - this.output.script - ); +/** + * Will return a buffer representation of the address + * + * @returns {Buffer} Bitcoin address buffer + */ +Address.prototype.toBuffer = function() { + var version = new Buffer([this.network[this.type]]); + var buf = Buffer.concat([version, this.hashBuffer]); + return buf; }; /** - * @returns true if this is a coinbase input (represents no input) + * @returns {Object} A plain object with the address information */ -Input.prototype.isNull = function() { - return this.prevTxId.toString('hex') === '0000000000000000000000000000000000000000000000000000000000000000' && - this.outputIndex === 0xffffffff; +Address.prototype.toObject = Address.prototype.toJSON = function toObject() { + return { + hash: this.hashBuffer.toString('hex'), + type: this.type, + network: this.network.toString() + }; }; -Input.prototype._estimateSize = function() { - return this.toBufferWriter().toBuffer().length; +/** + * Will return a the string representation of the address + * + * @returns {string} Bitcoin address + */ +Address.prototype.toString = function() { + return Base58Check.encode(this.toBuffer()); }; -module.exports = Input; +/** + * Will return a string formatted for the console + * + * @returns {string} Bitcoin address + */ +Address.prototype.inspect = function() { + return ''; +}; + +module.exports = Address; -},{"../../encoding/bufferwriter":22,"../../errors":24,"../../script":33,"../../util/buffer":50,"../../util/js":51,"../../util/preconditions":52,"../output":43,"../sighash":44,"buffer":94,"lodash":78}],39:[function(require,module,exports){ +var Script = require('./script'); + +}).call(this,require("buffer").Buffer) +},{"./crypto/hash":33,"./encoding/base58check":38,"./errors":42,"./networks":47,"./publickey":50,"./script":51,"./util/js":69,"./util/preconditions":70,"buffer":158,"lodash":96}],27:[function(require,module,exports){ +(function (Buffer){ 'use strict'; var _ = require('lodash'); -var inherits = require('inherits'); +var BlockHeader = require('./blockheader'); +var BN = require('../crypto/bn'); +var BufferUtil = require('../util/buffer'); +var BufferReader = require('../encoding/bufferreader'); +var BufferWriter = require('../encoding/bufferwriter'); +var Hash = require('../crypto/hash'); var Transaction = require('../transaction'); -var Input = require('./input'); -var Output = require('../output'); -var $ = require('../../util/preconditions'); - -var Script = require('../../script'); -var Signature = require('../../crypto/signature'); -var Sighash = require('../sighash'); -var PublicKey = require('../../publickey'); -var BufferUtil = require('../../util/buffer'); -var TransactionSignature = require('../signature'); +var $ = require('../util/preconditions'); /** + * Instantiate a Block from a Buffer, JSON object, or Object with + * the properties of the Block + * + * @param {*} - A Buffer, JSON string, or Object + * @returns {Block} * @constructor */ -function MultiSigInput(input, pubkeys, threshold, signatures) { - Input.apply(this, arguments); - var self = this; - pubkeys = pubkeys || input.publicKeys; - threshold = threshold || input.threshold; - signatures = signatures || input.signatures; - this.publicKeys = _.sortBy(pubkeys, function(publicKey) { return publicKey.toString('hex'); }); - $.checkState(Script.buildMultisigOut(this.publicKeys, threshold).equals(this.output.script), - 'Provided public keys don\'t match to the provided output script'); - this.publicKeyIndex = {}; - _.each(this.publicKeys, function(publicKey, index) { - self.publicKeyIndex[publicKey.toString()] = index; - }); - this.threshold = threshold; - // Empty array of signatures - this.signatures = signatures ? this._deserializeSignatures(signatures) : new Array(this.publicKeys.length); +function Block(arg) { + if (!(this instanceof Block)) { + return new Block(arg); + } + _.extend(this, Block._from(arg)); + return this; } -inherits(MultiSigInput, Input); -MultiSigInput.prototype.toObject = function() { - var obj = Input.prototype.toObject.apply(this, arguments); - obj.threshold = this.threshold; - obj.publicKeys = _.map(this.publicKeys, function(publicKey) { return publicKey.toString(); }); - obj.signatures = this._serializeSignatures(); - return obj; +// https://github.com/bitcoin/bitcoin/blob/b5fa132329f0377d787a4a21c1686609c2bfaece/src/primitives/block.h#L14 +Block.MAX_BLOCK_SIZE = 1000000; + +/** + * @param {*} - A Buffer, JSON string or Object + * @returns {Object} - An object representing block data + * @throws {TypeError} - If the argument was not recognized + * @private + */ +Block._from = function _from(arg) { + var info = {}; + if (BufferUtil.isBuffer(arg)) { + info = Block._fromBufferReader(BufferReader(arg)); + } else if (_.isObject(arg)) { + info = Block._fromObject(arg); + } else { + throw new TypeError('Unrecognized argument for Block'); + } + return info; }; -MultiSigInput.prototype._deserializeSignatures = function(signatures) { - return _.map(signatures, function(signature) { - if (!signature) { - return undefined; +/** + * @param {Object} - A plain JavaScript object + * @returns {Object} - An object representing block data + * @private + */ +Block._fromObject = function _fromObject(data) { + var transactions = []; + data.transactions.forEach(function(tx) { + if (tx instanceof Transaction) { + transactions.push(tx); + } else { + transactions.push(Transaction().fromObject(tx)); } - return new TransactionSignature(signature); }); + var info = { + header: BlockHeader.fromObject(data.header), + transactions: transactions + }; + return info; }; -MultiSigInput.prototype._serializeSignatures = function() { - return _.map(this.signatures, function(signature) { - if (!signature) { - return undefined; - } - return signature.toObject(); - }); +/** + * @param {Object} - A plain JavaScript object + * @returns {Block} - An instance of block + */ +Block.fromObject = function fromObject(obj) { + var info = Block._fromObject(obj); + return new Block(info); }; -MultiSigInput.prototype.getSignatures = function(transaction, privateKey, index, sigtype) { - $.checkState(this.output instanceof Output); - sigtype = sigtype || Signature.SIGHASH_ALL; +/** + * @param {BufferReader} - Block data + * @returns {Object} - An object representing the block data + * @private + */ +Block._fromBufferReader = function _fromBufferReader(br) { + var info = {}; + $.checkState(!br.finished(), 'No block data received'); + info.header = BlockHeader.fromBufferReader(br); + var transactions = br.readVarintNum(); + info.transactions = []; + for (var i = 0; i < transactions; i++) { + info.transactions.push(Transaction().fromBufferReader(br)); + } + return info; +}; - var self = this; - var results = []; - _.each(this.publicKeys, function(publicKey) { - if (publicKey.toString() === privateKey.publicKey.toString()) { - results.push(new TransactionSignature({ - publicKey: privateKey.publicKey, - prevTxId: self.prevTxId, - outputIndex: self.outputIndex, - inputIndex: index, - signature: Sighash.sign(transaction, privateKey, sigtype, index, self.output.script), - sigtype: sigtype - })); - } - }); +/** + * @param {BufferReader} - A buffer reader of the block + * @returns {Block} - An instance of block + */ +Block.fromBufferReader = function fromBufferReader(br) { + $.checkArgument(br, 'br is required'); + var info = Block._fromBufferReader(br); + return new Block(info); +}; - return results; +/** + * @param {Buffer} - A buffer of the block + * @returns {Block} - An instance of block + */ +Block.fromBuffer = function fromBuffer(buf) { + return Block.fromBufferReader(new BufferReader(buf)); }; -MultiSigInput.prototype.addSignature = function(transaction, signature) { - $.checkState(!this.isFullySigned(), 'All needed signatures have already been added'); - $.checkArgument(!_.isUndefined(this.publicKeyIndex[signature.publicKey.toString()]), - 'Signature has no matching public key'); - $.checkState(this.isValidSignature(transaction, signature)); - this.signatures[this.publicKeyIndex[signature.publicKey.toString()]] = signature; - this._updateScript(); - return this; +/** + * @param {string} - str - A hex encoded string of the block + * @returns {Block} - A hex encoded string of the block + */ +Block.fromString = function fromString(str) { + var buf = new Buffer(str, 'hex'); + return Block.fromBuffer(buf); }; -MultiSigInput.prototype._updateScript = function() { - this.setScript(Script.buildMultisigIn( - this.publicKeys, - this.threshold, - this._createSignatures() - )); - return this; +/** + * @param {Binary} - Raw block binary data or buffer + * @returns {Block} - An instance of block + */ +Block.fromRawBlock = function fromRawBlock(data) { + if (!BufferUtil.isBuffer(data)) { + data = new Buffer(data, 'binary'); + } + var br = BufferReader(data); + br.pos = Block.Values.START_OF_BLOCK; + var info = Block._fromBufferReader(br); + return new Block(info); }; -MultiSigInput.prototype._createSignatures = function() { - return _.map( - _.filter(this.signatures, function(signature) { return !_.isUndefined(signature); }), - function(signature) { - return BufferUtil.concat([ - signature.signature.toDER(), - BufferUtil.integerAsSingleByteBuffer(signature.sigtype) - ]); - } - ); +/** + * @returns {Object} - A plain object with the block properties + */ +Block.prototype.toObject = Block.prototype.toJSON = function toObject() { + var transactions = []; + this.transactions.forEach(function(tx) { + transactions.push(tx.toObject()); + }); + return { + header: this.header.toObject(), + transactions: transactions + }; }; -MultiSigInput.prototype.clearSignatures = function() { - this.signatures = new Array(this.publicKeys.length); - this._updateScript(); +/** + * @returns {Buffer} - A buffer of the block + */ +Block.prototype.toBuffer = function toBuffer() { + return this.toBufferWriter().concat(); }; -MultiSigInput.prototype.isFullySigned = function() { - return this.countSignatures() === this.threshold; +/** + * @returns {string} - A hex encoded string of the block + */ +Block.prototype.toString = function toString() { + return this.toBuffer().toString('hex'); }; -MultiSigInput.prototype.countMissingSignatures = function() { - return this.threshold - this.countSignatures(); +/** + * @param {BufferWriter} - An existing instance of BufferWriter + * @returns {BufferWriter} - An instance of BufferWriter representation of the Block + */ +Block.prototype.toBufferWriter = function toBufferWriter(bw) { + if (!bw) { + bw = new BufferWriter(); + } + bw.write(this.header.toBuffer()); + bw.writeVarintNum(this.transactions.length); + for (var i = 0; i < this.transactions.length; i++) { + this.transactions[i].toBufferWriter(bw); + } + return bw; }; -MultiSigInput.prototype.countSignatures = function() { - return _.reduce(this.signatures, function(sum, signature) { - return sum + (!!signature); - }, 0); +/** + * Will iterate through each transaction and return an array of hashes + * @returns {Array} - An array with transaction hashes + */ +Block.prototype.getTransactionHashes = function getTransactionHashes() { + var hashes = []; + if (this.transactions.length === 0) { + return [Block.Values.NULL_HASH]; + } + for (var t = 0; t < this.transactions.length; t++) { + hashes.push(this.transactions[t]._getHash()); + } + return hashes; }; -MultiSigInput.prototype.publicKeysWithoutSignature = function() { - var self = this; - return _.filter(this.publicKeys, function(publicKey) { - return !(self.signatures[self.publicKeyIndex[publicKey.toString()]]); - }); +/** + * Will build a merkle tree of all the transactions, ultimately arriving at + * a single point, the merkle root. + * @link https://en.bitcoin.it/wiki/Protocol_specification#Merkle_Trees + * @returns {Array} - An array with each level of the tree after the other. + */ +Block.prototype.getMerkleTree = function getMerkleTree() { + + var tree = this.getTransactionHashes(); + + var j = 0; + for (var size = this.transactions.length; size > 1; size = Math.floor((size + 1) / 2)) { + for (var i = 0; i < size; i += 2) { + var i2 = Math.min(i + 1, size - 1); + var buf = Buffer.concat([tree[j + i], tree[j + i2]]); + tree.push(Hash.sha256sha256(buf)); + } + j += size; + } + + return tree; }; -MultiSigInput.prototype.isValidSignature = function(transaction, signature) { - // FIXME: Refactor signature so this is not necessary - signature.signature.nhashtype = signature.sigtype; - return Sighash.verify( - transaction, - signature.signature, - signature.publicKey, - signature.inputIndex, - this.output.script - ); +/** + * Calculates the merkleRoot from the transactions. + * @returns {Buffer} - A buffer of the merkle root hash + */ +Block.prototype.getMerkleRoot = function getMerkleRoot() { + var tree = this.getMerkleTree(); + return tree[tree.length - 1]; }; /** - * - * @param {Buffer[]} signatures - * @param {PublicKey[]} publicKeys - * @param {Transaction} transaction - * @param {Integer} inputIndex - * @param {Input} input - * @returns {TransactionSignature[]} + * Verifies that the transactions in the block match the header merkle root + * @returns {Boolean} - If the merkle roots match */ -MultiSigInput.normalizeSignatures = function(transaction, input, inputIndex, signatures, publicKeys) { - return publicKeys.map(function (pubKey) { - var signatureMatch = null; - signatures = signatures.filter(function (signatureBuffer) { - if (signatureMatch) { - return true; - } +Block.prototype.validMerkleRoot = function validMerkleRoot() { - var signature = new TransactionSignature({ - signature: Signature.fromTxFormat(signatureBuffer), - publicKey: pubKey, - prevTxId: input.prevTxId, - outputIndex: input.outputIndex, - inputIndex: inputIndex, - sigtype: Signature.SIGHASH_ALL - }); + var h = new BN(this.header.merkleRoot.toString('hex'), 'hex'); + var c = new BN(this.getMerkleRoot().toString('hex'), 'hex'); - signature.signature.nhashtype = signature.sigtype; - var isMatch = Sighash.verify( - transaction, - signature.signature, - signature.publicKey, - signature.inputIndex, - input.output.script - ); + if (h.cmp(c) !== 0) { + return false; + } - if (isMatch) { - signatureMatch = signature; - return false; - } + return true; +}; - return true; - }); +/** + * @returns {Buffer} - The little endian hash buffer of the header + */ +Block.prototype._getHash = function() { + return this.header._getHash(); +}; - return signatureMatch ? signatureMatch : null; - }); +var idProperty = { + configurable: false, + enumerable: true, + /** + * @returns {string} - The big endian hash buffer of the header + */ + get: function() { + if (!this._id) { + this._id = this.header.id; + } + return this._id; + }, + set: _.noop }; +Object.defineProperty(Block.prototype, 'id', idProperty); +Object.defineProperty(Block.prototype, 'hash', idProperty); -MultiSigInput.OPCODES_SIZE = 1; // 0 -MultiSigInput.SIGNATURE_SIZE = 73; // size (1) + DER (<=72) +/** + * @returns {string} - A string formatted for the console + */ +Block.prototype.inspect = function inspect() { + return ''; +}; -MultiSigInput.prototype._estimateSize = function() { - return MultiSigInput.OPCODES_SIZE + - this.threshold * MultiSigInput.SIGNATURE_SIZE; +Block.Values = { + START_OF_BLOCK: 8, // Start of block in raw block data + NULL_HASH: new Buffer('0000000000000000000000000000000000000000000000000000000000000000', 'hex') }; -module.exports = MultiSigInput; +module.exports = Block; -},{"../../crypto/signature":18,"../../publickey":32,"../../script":33,"../../util/buffer":50,"../../util/preconditions":52,"../output":43,"../sighash":44,"../signature":45,"../transaction":46,"./input":38,"inherits":77,"lodash":78}],40:[function(require,module,exports){ +}).call(this,require("buffer").Buffer) +},{"../crypto/bn":31,"../crypto/hash":33,"../encoding/bufferreader":39,"../encoding/bufferwriter":40,"../transaction":54,"../util/buffer":68,"../util/preconditions":70,"./blockheader":28,"buffer":158,"lodash":96}],28:[function(require,module,exports){ +(function (Buffer){ 'use strict'; var _ = require('lodash'); -var inherits = require('inherits'); -var Input = require('./input'); -var Output = require('../output'); -var $ = require('../../util/preconditions'); +var BN = require('../crypto/bn'); +var BufferUtil = require('../util/buffer'); +var BufferReader = require('../encoding/bufferreader'); +var BufferWriter = require('../encoding/bufferwriter'); +var Hash = require('../crypto/hash'); +var JSUtil = require('../util/js'); +var $ = require('../util/preconditions'); -var Script = require('../../script'); -var Signature = require('../../crypto/signature'); -var Sighash = require('../sighash'); -var PublicKey = require('../../publickey'); -var BufferUtil = require('../../util/buffer'); -var TransactionSignature = require('../signature'); +var GENESIS_BITS = 0x1d00ffff; /** + * Instantiate a BlockHeader from a Buffer, JSON object, or Object with + * the properties of the BlockHeader + * + * @param {*} - A Buffer, JSON string, or Object + * @returns {BlockHeader} - An instance of block header * @constructor */ -function MultiSigScriptHashInput(input, pubkeys, threshold, signatures) { - Input.apply(this, arguments); - var self = this; - pubkeys = pubkeys || input.publicKeys; - threshold = threshold || input.threshold; - signatures = signatures || input.signatures; - this.publicKeys = _.sortBy(pubkeys, function(publicKey) { return publicKey.toString('hex'); }); - this.redeemScript = Script.buildMultisigOut(this.publicKeys, threshold); - $.checkState(Script.buildScriptHashOut(this.redeemScript).equals(this.output.script), - 'Provided public keys don\'t hash to the provided output'); - this.publicKeyIndex = {}; - _.each(this.publicKeys, function(publicKey, index) { - self.publicKeyIndex[publicKey.toString()] = index; - }); - this.threshold = threshold; - // Empty array of signatures - this.signatures = signatures ? this._deserializeSignatures(signatures) : new Array(this.publicKeys.length); -} -inherits(MultiSigScriptHashInput, Input); +var BlockHeader = function BlockHeader(arg) { + if (!(this instanceof BlockHeader)) { + return new BlockHeader(arg); + } + var info = BlockHeader._from(arg); + this.version = info.version; + this.prevHash = info.prevHash; + this.merkleRoot = info.merkleRoot; + this.time = info.time; + this.timestamp = info.time; + this.bits = info.bits; + this.nonce = info.nonce; -MultiSigScriptHashInput.prototype.toObject = function() { - var obj = Input.prototype.toObject.apply(this, arguments); - obj.threshold = this.threshold; - obj.publicKeys = _.map(this.publicKeys, function(publicKey) { return publicKey.toString(); }); - obj.signatures = this._serializeSignatures(); - return obj; -}; + if (info.hash) { + $.checkState( + this.hash === info.hash, + 'Argument object hash property does not match block hash.' + ); + } -MultiSigScriptHashInput.prototype._deserializeSignatures = function(signatures) { - return _.map(signatures, function(signature) { - if (!signature) { - return undefined; - } - return new TransactionSignature(signature); - }); + return this; }; -MultiSigScriptHashInput.prototype._serializeSignatures = function() { - return _.map(this.signatures, function(signature) { - if (!signature) { - return undefined; - } - return signature.toObject(); - }); +/** + * @param {*} - A Buffer, JSON string or Object + * @returns {Object} - An object representing block header data + * @throws {TypeError} - If the argument was not recognized + * @private + */ +BlockHeader._from = function _from(arg) { + var info = {}; + if (BufferUtil.isBuffer(arg)) { + info = BlockHeader._fromBufferReader(BufferReader(arg)); + } else if (_.isObject(arg)) { + info = BlockHeader._fromObject(arg); + } else { + throw new TypeError('Unrecognized argument for BlockHeader'); + } + return info; }; -MultiSigScriptHashInput.prototype.getSignatures = function(transaction, privateKey, index, sigtype) { - $.checkState(this.output instanceof Output); - sigtype = sigtype || Signature.SIGHASH_ALL; - - var self = this; - var results = []; - _.each(this.publicKeys, function(publicKey) { - if (publicKey.toString() === privateKey.publicKey.toString()) { - results.push(new TransactionSignature({ - publicKey: privateKey.publicKey, - prevTxId: self.prevTxId, - outputIndex: self.outputIndex, - inputIndex: index, - signature: Sighash.sign(transaction, privateKey, sigtype, index, self.redeemScript), - sigtype: sigtype - })); - } - }); - return results; +/** + * @param {Object} - A JSON string + * @returns {Object} - An object representing block header data + * @private + */ +BlockHeader._fromObject = function _fromObject(data) { + $.checkArgument(data, 'data is required'); + var prevHash = data.prevHash; + var merkleRoot = data.merkleRoot; + if (_.isString(data.prevHash)) { + prevHash = BufferUtil.reverse(new Buffer(data.prevHash, 'hex')); + } + if (_.isString(data.merkleRoot)) { + merkleRoot = BufferUtil.reverse(new Buffer(data.merkleRoot, 'hex')); + } + var info = { + hash: data.hash, + version: data.version, + prevHash: prevHash, + merkleRoot: merkleRoot, + time: data.time, + timestamp: data.time, + bits: data.bits, + nonce: data.nonce + }; + return info; }; -MultiSigScriptHashInput.prototype.addSignature = function(transaction, signature) { - $.checkState(!this.isFullySigned(), 'All needed signatures have already been added'); - $.checkArgument(!_.isUndefined(this.publicKeyIndex[signature.publicKey.toString()]), - 'Signature has no matching public key'); - $.checkState(this.isValidSignature(transaction, signature)); - this.signatures[this.publicKeyIndex[signature.publicKey.toString()]] = signature; - this._updateScript(); - return this; +/** + * @param {Object} - A plain JavaScript object + * @returns {BlockHeader} - An instance of block header + */ +BlockHeader.fromObject = function fromObject(obj) { + var info = BlockHeader._fromObject(obj); + return new BlockHeader(info); }; -MultiSigScriptHashInput.prototype._updateScript = function() { - this.setScript(Script.buildP2SHMultisigIn( - this.publicKeys, - this.threshold, - this._createSignatures(), - { cachedMultisig: this.redeemScript } - )); - return this; +/** + * @param {Binary} - Raw block binary data or buffer + * @returns {BlockHeader} - An instance of block header + */ +BlockHeader.fromRawBlock = function fromRawBlock(data) { + if (!BufferUtil.isBuffer(data)) { + data = new Buffer(data, 'binary'); + } + var br = BufferReader(data); + br.pos = BlockHeader.Constants.START_OF_HEADER; + var info = BlockHeader._fromBufferReader(br); + return new BlockHeader(info); }; -MultiSigScriptHashInput.prototype._createSignatures = function() { - return _.map( - _.filter(this.signatures, function(signature) { return !_.isUndefined(signature); }), - function(signature) { - return BufferUtil.concat([ - signature.signature.toDER(), - BufferUtil.integerAsSingleByteBuffer(signature.sigtype) - ]); - } - ); +/** + * @param {Buffer} - A buffer of the block header + * @returns {BlockHeader} - An instance of block header + */ +BlockHeader.fromBuffer = function fromBuffer(buf) { + var info = BlockHeader._fromBufferReader(BufferReader(buf)); + return new BlockHeader(info); }; -MultiSigScriptHashInput.prototype.clearSignatures = function() { - this.signatures = new Array(this.publicKeys.length); - this._updateScript(); +/** + * @param {string} - A hex encoded buffer of the block header + * @returns {BlockHeader} - An instance of block header + */ +BlockHeader.fromString = function fromString(str) { + var buf = new Buffer(str, 'hex'); + return BlockHeader.fromBuffer(buf); }; -MultiSigScriptHashInput.prototype.isFullySigned = function() { - return this.countSignatures() === this.threshold; +/** + * @param {BufferReader} - A BufferReader of the block header + * @returns {Object} - An object representing block header data + * @private + */ +BlockHeader._fromBufferReader = function _fromBufferReader(br) { + var info = {}; + info.version = br.readUInt32LE(); + info.prevHash = br.read(32); + info.merkleRoot = br.read(32); + info.time = br.readUInt32LE(); + info.bits = br.readUInt32LE(); + info.nonce = br.readUInt32LE(); + return info; }; -MultiSigScriptHashInput.prototype.countMissingSignatures = function() { - return this.threshold - this.countSignatures(); +/** + * @param {BufferReader} - A BufferReader of the block header + * @returns {BlockHeader} - An instance of block header + */ +BlockHeader.fromBufferReader = function fromBufferReader(br) { + var info = BlockHeader._fromBufferReader(br); + return new BlockHeader(info); }; -MultiSigScriptHashInput.prototype.countSignatures = function() { - return _.reduce(this.signatures, function(sum, signature) { - return sum + (!!signature); - }, 0); +/** + * @returns {Object} - A plain object of the BlockHeader + */ +BlockHeader.prototype.toObject = BlockHeader.prototype.toJSON = function toObject() { + return { + hash: this.hash, + version: this.version, + prevHash: BufferUtil.reverse(this.prevHash).toString('hex'), + merkleRoot: BufferUtil.reverse(this.merkleRoot).toString('hex'), + time: this.time, + bits: this.bits, + nonce: this.nonce + }; }; -MultiSigScriptHashInput.prototype.publicKeysWithoutSignature = function() { - var self = this; - return _.filter(this.publicKeys, function(publicKey) { - return !(self.signatures[self.publicKeyIndex[publicKey.toString()]]); - }); +/** + * @returns {Buffer} - A Buffer of the BlockHeader + */ +BlockHeader.prototype.toBuffer = function toBuffer() { + return this.toBufferWriter().concat(); }; -MultiSigScriptHashInput.prototype.isValidSignature = function(transaction, signature) { - // FIXME: Refactor signature so this is not necessary - signature.signature.nhashtype = signature.sigtype; - return Sighash.verify( - transaction, - signature.signature, - signature.publicKey, - signature.inputIndex, - this.redeemScript - ); +/** + * @returns {string} - A hex encoded string of the BlockHeader + */ +BlockHeader.prototype.toString = function toString() { + return this.toBuffer().toString('hex'); }; -MultiSigScriptHashInput.OPCODES_SIZE = 7; // serialized size (<=3) + 0 .. N .. M OP_CHECKMULTISIG -MultiSigScriptHashInput.SIGNATURE_SIZE = 74; // size (1) + DER (<=72) + sighash (1) -MultiSigScriptHashInput.PUBKEY_SIZE = 34; // size (1) + DER (<=33) - -MultiSigScriptHashInput.prototype._estimateSize = function() { - return MultiSigScriptHashInput.OPCODES_SIZE + - this.threshold * MultiSigScriptHashInput.SIGNATURE_SIZE + - this.publicKeys.length * MultiSigScriptHashInput.PUBKEY_SIZE; +/** + * @param {BufferWriter} - An existing instance BufferWriter + * @returns {BufferWriter} - An instance of BufferWriter representation of the BlockHeader + */ +BlockHeader.prototype.toBufferWriter = function toBufferWriter(bw) { + if (!bw) { + bw = new BufferWriter(); + } + bw.writeUInt32LE(this.version); + bw.write(this.prevHash); + bw.write(this.merkleRoot); + bw.writeUInt32LE(this.time); + bw.writeUInt32LE(this.bits); + bw.writeUInt32LE(this.nonce); + return bw; }; -module.exports = MultiSigScriptHashInput; +/** + * Returns the target difficulty for this block + * @param {Number} bits + * @returns {BN} An instance of BN with the decoded difficulty bits + */ +BlockHeader.prototype.getTargetDifficulty = function getTargetDifficulty(bits) { + bits = bits || this.bits; -},{"../../crypto/signature":18,"../../publickey":32,"../../script":33,"../../util/buffer":50,"../../util/preconditions":52,"../output":43,"../sighash":44,"../signature":45,"./input":38,"inherits":77,"lodash":78}],41:[function(require,module,exports){ -'use strict'; + var target = new BN(bits & 0xffffff); + var mov = 8 * ((bits >>> 24) - 3); + while (mov-- > 0) { + target = target.mul(new BN(2)); + } + return target; +}; -var inherits = require('inherits'); +/** + * @link https://en.bitcoin.it/wiki/Difficulty + * @return {Number} + */ +BlockHeader.prototype.getDifficulty = function getDifficulty() { + var difficulty1TargetBN = this.getTargetDifficulty(GENESIS_BITS).mul(new BN(Math.pow(10, 8))); + var currentTargetBN = this.getTargetDifficulty(); -var $ = require('../../util/preconditions'); -var BufferUtil = require('../../util/buffer'); + var difficultyString = difficulty1TargetBN.div(currentTargetBN).toString(10); + var decimalPos = difficultyString.length - 8; + difficultyString = difficultyString.slice(0, decimalPos) + '.' + difficultyString.slice(decimalPos); -var Input = require('./input'); -var Output = require('../output'); -var Sighash = require('../sighash'); -var Script = require('../../script'); -var Signature = require('../../crypto/signature'); -var TransactionSignature = require('../signature'); + return parseFloat(difficultyString); +}; /** - * Represents a special kind of input of PayToPublicKey kind. - * @constructor + * @returns {Buffer} - The little endian hash buffer of the header */ -function PublicKeyInput() { - Input.apply(this, arguments); -} -inherits(PublicKeyInput, Input); +BlockHeader.prototype._getHash = function hash() { + var buf = this.toBuffer(); + return Hash.sha256sha256(buf); +}; -/** - * @param {Transaction} transaction - the transaction to be signed - * @param {PrivateKey} privateKey - the private key with which to sign the transaction - * @param {number} index - the index of the input in the transaction input vector - * @param {number=} sigtype - the type of signature, defaults to Signature.SIGHASH_ALL - * @return {Array} of objects that can be - */ -PublicKeyInput.prototype.getSignatures = function(transaction, privateKey, index, sigtype) { - $.checkState(this.output instanceof Output); - sigtype = sigtype || Signature.SIGHASH_ALL; - var publicKey = privateKey.toPublicKey(); - if (publicKey.toString() === this.output.script.getPublicKey().toString('hex')) { - return [new TransactionSignature({ - publicKey: publicKey, - prevTxId: this.prevTxId, - outputIndex: this.outputIndex, - inputIndex: index, - signature: Sighash.sign(transaction, privateKey, sigtype, index, this.output.script), - sigtype: sigtype - })]; - } - return []; +var idProperty = { + configurable: false, + enumerable: true, + /** + * @returns {string} - The big endian hash buffer of the header + */ + get: function() { + if (!this._id) { + this._id = BufferReader(this._getHash()).readReverse().toString('hex'); + } + return this._id; + }, + set: _.noop }; +Object.defineProperty(BlockHeader.prototype, 'id', idProperty); +Object.defineProperty(BlockHeader.prototype, 'hash', idProperty); /** - * Add the provided signature - * - * @param {Object} signature - * @param {PublicKey} signature.publicKey - * @param {Signature} signature.signature - * @param {number=} signature.sigtype - * @return {PublicKeyInput} this, for chaining + * @returns {Boolean} - If timestamp is not too far in the future */ -PublicKeyInput.prototype.addSignature = function(transaction, signature) { - $.checkState(this.isValidSignature(transaction, signature), 'Signature is invalid'); - this.setScript(Script.buildPublicKeyIn( - signature.signature.toDER(), - signature.sigtype - )); - return this; +BlockHeader.prototype.validTimestamp = function validTimestamp() { + var currentTime = Math.round(new Date().getTime() / 1000); + if (this.time > currentTime + BlockHeader.Constants.MAX_TIME_OFFSET) { + return false; + } + return true; }; /** - * Clear the input's signature - * @return {PublicKeyHashInput} this, for chaining + * @returns {Boolean} - If the proof-of-work hash satisfies the target difficulty */ -PublicKeyInput.prototype.clearSignatures = function() { - this.setScript(Script.empty()); - return this; +BlockHeader.prototype.validProofOfWork = function validProofOfWork() { + var pow = new BN(this.id, 'hex'); + var target = this.getTargetDifficulty(); + + if (pow.cmp(target) > 0) { + return false; + } + return true; }; /** - * Query whether the input is signed - * @return {boolean} + * @returns {string} - A string formatted for the console */ -PublicKeyInput.prototype.isFullySigned = function() { - return this.script.isPublicKeyIn(); +BlockHeader.prototype.inspect = function inspect() { + return ''; }; -PublicKeyInput.SCRIPT_MAX_SIZE = 73; // sigsize (1 + 72) - -PublicKeyInput.prototype._estimateSize = function() { - return PublicKeyInput.SCRIPT_MAX_SIZE; +BlockHeader.Constants = { + START_OF_HEADER: 8, // Start buffer position in raw block data + MAX_TIME_OFFSET: 2 * 60 * 60, // The max a timestamp can be in the future + LARGEST_HASH: new BN('10000000000000000000000000000000000000000000000000000000000000000', 'hex') }; -module.exports = PublicKeyInput; +module.exports = BlockHeader; -},{"../../crypto/signature":18,"../../script":33,"../../util/buffer":50,"../../util/preconditions":52,"../output":43,"../sighash":44,"../signature":45,"./input":38,"inherits":77}],42:[function(require,module,exports){ -'use strict'; +}).call(this,require("buffer").Buffer) +},{"../crypto/bn":31,"../crypto/hash":33,"../encoding/bufferreader":39,"../encoding/bufferwriter":40,"../util/buffer":68,"../util/js":69,"../util/preconditions":70,"buffer":158,"lodash":96}],29:[function(require,module,exports){ +module.exports = require('./block'); -var inherits = require('inherits'); +module.exports.BlockHeader = require('./blockheader'); +module.exports.MerkleBlock = require('./merkleblock'); -var $ = require('../../util/preconditions'); -var BufferUtil = require('../../util/buffer'); +},{"./block":27,"./blockheader":28,"./merkleblock":30}],30:[function(require,module,exports){ +(function (Buffer){ +'use strict'; -var Hash = require('../../crypto/hash'); -var Input = require('./input'); -var Output = require('../output'); -var Sighash = require('../sighash'); -var Script = require('../../script'); -var Signature = require('../../crypto/signature'); -var TransactionSignature = require('../signature'); +var _ = require('lodash'); +var BlockHeader = require('./blockheader'); +var BufferUtil = require('../util/buffer'); +var BufferReader = require('../encoding/bufferreader'); +var BufferWriter = require('../encoding/bufferwriter'); +var Hash = require('../crypto/hash'); +var JSUtil = require('../util/js'); +var Transaction = require('../transaction'); +var $ = require('../util/preconditions'); /** - * Represents a special kind of input of PayToPublicKeyHash kind. + * Instantiate a MerkleBlock from a Buffer, JSON object, or Object with + * the properties of the Block + * + * @param {*} - A Buffer, JSON string, or Object representing a MerkleBlock + * @returns {MerkleBlock} * @constructor */ -function PublicKeyHashInput() { - Input.apply(this, arguments); +function MerkleBlock(arg) { + /* jshint maxstatements: 18 */ + + if (!(this instanceof MerkleBlock)) { + return new MerkleBlock(arg); + } + + var info = {}; + if (BufferUtil.isBuffer(arg)) { + info = MerkleBlock._fromBufferReader(BufferReader(arg)); + } else if (_.isObject(arg)) { + var header; + if(arg.header instanceof BlockHeader) { + header = arg.header; + } else { + header = BlockHeader.fromObject(arg.header); + } + info = { + /** + * @name MerkleBlock#header + * @type {BlockHeader} + */ + header: header, + /** + * @name MerkleBlock#numTransactions + * @type {Number} + */ + numTransactions: arg.numTransactions, + /** + * @name MerkleBlock#hashes + * @type {String[]} + */ + hashes: arg.hashes, + /** + * @name MerkleBlock#flags + * @type {Number[]} + */ + flags: arg.flags + }; + } else { + throw new TypeError('Unrecognized argument for MerkleBlock'); + } + _.extend(this,info); + this._flagBitsUsed = 0; + this._hashesUsed = 0; + return this; } -inherits(PublicKeyHashInput, Input); -/* jshint maxparams: 5 */ /** - * @param {Transaction} transaction - the transaction to be signed - * @param {PrivateKey} privateKey - the private key with which to sign the transaction - * @param {number} index - the index of the input in the transaction input vector - * @param {number=} sigtype - the type of signature, defaults to Signature.SIGHASH_ALL - * @param {Buffer=} hashData - the precalculated hash of the public key associated with the privateKey provided - * @return {Array} of objects that can be + * @param {Buffer} - MerkleBlock data in a Buffer object + * @returns {MerkleBlock} - A MerkleBlock object */ -PublicKeyHashInput.prototype.getSignatures = function(transaction, privateKey, index, sigtype, hashData) { - $.checkState(this.output instanceof Output); - hashData = hashData || Hash.sha256ripemd160(privateKey.publicKey.toBuffer()); - sigtype = sigtype || Signature.SIGHASH_ALL; - - if (BufferUtil.equals(hashData, this.output.script.getPublicKeyHash())) { - return [new TransactionSignature({ - publicKey: privateKey.publicKey, - prevTxId: this.prevTxId, - outputIndex: this.outputIndex, - inputIndex: index, - signature: Sighash.sign(transaction, privateKey, sigtype, index, this.output.script), - sigtype: sigtype - })]; - } - return []; +MerkleBlock.fromBuffer = function fromBuffer(buf) { + return MerkleBlock.fromBufferReader(BufferReader(buf)); }; -/* jshint maxparams: 3 */ /** - * Add the provided signature - * - * @param {Object} signature - * @param {PublicKey} signature.publicKey - * @param {Signature} signature.signature - * @param {number=} signature.sigtype - * @return {PublicKeyHashInput} this, for chaining + * @param {BufferReader} - MerkleBlock data in a BufferReader object + * @returns {MerkleBlock} - A MerkleBlock object */ -PublicKeyHashInput.prototype.addSignature = function(transaction, signature) { - $.checkState(this.isValidSignature(transaction, signature), 'Signature is invalid'); - this.setScript(Script.buildPublicKeyHashIn( - signature.publicKey, - signature.signature.toDER(), - signature.sigtype - )); - return this; +MerkleBlock.fromBufferReader = function fromBufferReader(br) { + return new MerkleBlock(MerkleBlock._fromBufferReader(br)); }; /** - * Clear the input's signature - * @return {PublicKeyHashInput} this, for chaining + * @returns {Buffer} - A buffer of the block */ -PublicKeyHashInput.prototype.clearSignatures = function() { - this.setScript(Script.empty()); - return this; +MerkleBlock.prototype.toBuffer = function toBuffer() { + return this.toBufferWriter().concat(); }; /** - * Query whether the input is signed - * @return {boolean} + * @param {BufferWriter} - An existing instance of BufferWriter + * @returns {BufferWriter} - An instance of BufferWriter representation of the MerkleBlock */ -PublicKeyHashInput.prototype.isFullySigned = function() { - return this.script.isPublicKeyHashIn(); +MerkleBlock.prototype.toBufferWriter = function toBufferWriter(bw) { + if (!bw) { + bw = new BufferWriter(); + } + bw.write(this.header.toBuffer()); + bw.writeUInt32LE(this.numTransactions); + bw.writeVarintNum(this.hashes.length); + for (var i = 0; i < this.hashes.length; i++) { + bw.write(new Buffer(this.hashes[i], 'hex')); + } + bw.writeVarintNum(this.flags.length); + for (i = 0; i < this.flags.length; i++) { + bw.writeUInt8(this.flags[i]); + } + return bw; }; -PublicKeyHashInput.SCRIPT_MAX_SIZE = 73 + 34; // sigsize (1 + 72) + pubkey (1 + 33) - -PublicKeyHashInput.prototype._estimateSize = function() { - return PublicKeyHashInput.SCRIPT_MAX_SIZE; +/** + * @returns {Object} - A plain object with the MerkleBlock properties + */ +MerkleBlock.prototype.toObject = MerkleBlock.prototype.toJSON = function toObject() { + return { + header: this.header.toObject(), + numTransactions: this.numTransactions, + hashes: this.hashes, + flags: this.flags + }; }; -module.exports = PublicKeyHashInput; - -},{"../../crypto/hash":15,"../../crypto/signature":18,"../../script":33,"../../util/buffer":50,"../../util/preconditions":52,"../output":43,"../sighash":44,"../signature":45,"./input":38,"inherits":77}],43:[function(require,module,exports){ -'use strict'; - -var _ = require('lodash'); -var BN = require('../crypto/bn'); -var buffer = require('buffer'); -var bufferUtil = require('../util/buffer'); -var JSUtil = require('../util/js'); -var BufferWriter = require('../encoding/bufferwriter'); -var Script = require('../script'); -var $ = require('../util/preconditions'); -var errors = require('../errors'); - -var MAX_SAFE_INTEGER = 0x1fffffffffffff; - -function Output(args) { - if (!(this instanceof Output)) { - return new Output(args); - } - if (_.isObject(args)) { - this.satoshis = args.satoshis; - if (bufferUtil.isBuffer(args.script)) { - this._scriptBuffer = args.script; - } else { - var script; - if (_.isString(args.script) && JSUtil.isHexa(args.script)) { - script = new buffer.Buffer(args.script, 'hex'); - } else { - script = args.script; - } - this.setScript(script); - } - } else { - throw new TypeError('Unrecognized argument for Output'); - } -} - -Object.defineProperty(Output.prototype, 'script', { - configurable: false, - enumerable: true, - get: function() { - if (this._script) { - return this._script; - } else { - this.setScriptFromBuffer(this._scriptBuffer); - return this._script; - } +/** + * Verify that the MerkleBlock is valid + * @returns {Boolean} - True/False whether this MerkleBlock is Valid + */ +MerkleBlock.prototype.validMerkleTree = function validMerkleTree() { + $.checkState(_.isArray(this.flags), 'MerkleBlock flags is not an array'); + $.checkState(_.isArray(this.hashes), 'MerkleBlock hashes is not an array'); + // Can't have more hashes than numTransactions + if(this.hashes.length > this.numTransactions) { + return false; } -}); -Object.defineProperty(Output.prototype, 'satoshis', { - configurable: false, - enumerable: true, - get: function() { - return this._satoshis; - }, - set: function(num) { - if (num instanceof BN) { - this._satoshisBN = num; - this._satoshis = num.toNumber(); - } else if (_.isString(num)) { - this._satoshis = parseInt(num); - this._satoshisBN = BN.fromNumber(this._satoshis); - } else { - $.checkArgument( - JSUtil.isNaturalNumber(num), - 'Output satoshis is not a natural number' - ); - this._satoshisBN = BN.fromNumber(num); - this._satoshis = num; - } - $.checkState( - JSUtil.isNaturalNumber(this._satoshis), - 'Output satoshis is not a natural number' - ); + // Can't have more flag bits than num hashes + if(this.flags.length * 8 < this.hashes.length) { + return false; } -}); -Output.prototype.invalidSatoshis = function() { - if (this._satoshis > MAX_SAFE_INTEGER) { - return 'transaction txout satoshis greater than max safe integer'; - } - if (this._satoshis !== this._satoshisBN.toNumber()) { - return 'transaction txout satoshis has corrupted value'; - } - if (this._satoshis < 0) { - return 'transaction txout negative'; + var height = this._calcTreeHeight(); + var opts = { hashesUsed: 0, flagBitsUsed: 0 }; + var root = this._traverseMerkleTree(height, 0, opts); + if(opts.hashesUsed !== this.hashes.length) { + return false; } - return false; + return BufferUtil.equals(root, this.header.merkleRoot); }; -Output.prototype.toObject = Output.prototype.toJSON = function toObject() { - var obj = { - satoshis: this.satoshis - }; - obj.script = this._scriptBuffer.toString('hex'); - return obj; -}; +/** + * Traverse a the tree in this MerkleBlock, validating it along the way + * Modeled after Bitcoin Core merkleblock.cpp TraverseAndExtract() + * @param {Number} - depth - Current height + * @param {Number} - pos - Current position in the tree + * @param {Object} - opts - Object with values that need to be mutated throughout the traversal + * @param {Number} - opts.flagBitsUsed - Number of flag bits used, should start at 0 + * @param {Number} - opts.hashesUsed - Number of hashes used, should start at 0 + * @param {Array} - opts.txs - Will finish populated by transactions found during traversal + * @returns {Buffer|null} - Buffer containing the Merkle Hash for that height + * @private + */ +MerkleBlock.prototype._traverseMerkleTree = function traverseMerkleTree(depth, pos, opts) { + /* jshint maxcomplexity: 12*/ + /* jshint maxstatements: 20 */ -Output.fromObject = function(data) { - return new Output(data); -}; + opts = opts || {}; + opts.txs = opts.txs || []; + opts.flagBitsUsed = opts.flagBitsUsed || 0; + opts.hashesUsed = opts.hashesUsed || 0; -Output.prototype.setScriptFromBuffer = function(buffer) { - this._scriptBuffer = buffer; - try { - this._script = Script.fromBuffer(this._scriptBuffer); - this._script._isOutput = true; - } catch(e) { - if (e instanceof errors.Script.InvalidBuffer) { - this._script = null; - } else { - throw e; + if(opts.flagBitsUsed > this.flags.length * 8) { + return null; + } + var isParentOfMatch = (this.flags[opts.flagBitsUsed >> 3] >>> (opts.flagBitsUsed++ & 7)) & 1; + if(depth === 0 || !isParentOfMatch) { + if(opts.hashesUsed >= this.hashes.length) { + return null; + } + var hash = this.hashes[opts.hashesUsed++]; + if(depth === 0 && isParentOfMatch) { + opts.txs.push(hash); + } + return new Buffer(hash, 'hex'); + } else { + var left = this._traverseMerkleTree(depth-1, pos*2, opts); + var right = left; + if(pos*2+1 < this._calcTreeWidth(depth-1)) { + right = this._traverseMerkleTree(depth-1, pos*2+1, opts); } + return Hash.sha256sha256(new Buffer.concat([left, right])); } }; -Output.prototype.setScript = function(script) { - if (script instanceof Script) { - this._scriptBuffer = script.toBuffer(); - this._script = script; - this._script._isOutput = true; - } else if (_.isString(script)) { - this._script = Script.fromString(script); - this._scriptBuffer = this._script.toBuffer(); - this._script._isOutput = true; - } else if (bufferUtil.isBuffer(script)) { - this.setScriptFromBuffer(script); - } else { - throw new TypeError('Invalid argument type: script'); - } - return this; +/** Calculates the width of a merkle tree at a given height. + * Modeled after Bitcoin Core merkleblock.h CalcTreeWidth() + * @param {Number} - Height at which we want the tree width + * @returns {Number} - Width of the tree at a given height + * @private + */ +MerkleBlock.prototype._calcTreeWidth = function calcTreeWidth(height) { + return (this.numTransactions + (1 << height) - 1) >> height; }; -Output.prototype.inspect = function() { - var scriptStr; - if (this.script) { - scriptStr = this.script.inspect(); - } else { - scriptStr = this._scriptBuffer.toString('hex'); +/** Calculates the height of the merkle tree in this MerkleBlock + * @param {Number} - Height at which we want the tree width + * @returns {Number} - Height of the merkle tree in this MerkleBlock + * @private + */ +MerkleBlock.prototype._calcTreeHeight = function calcTreeHeight() { + var height = 0; + while (this._calcTreeWidth(height) > 1) { + height++; } - return ''; + return height; }; -Output.fromBufferReader = function(br) { - var obj = {}; - obj.satoshis = br.readUInt64LEBN(); - var size = br.readVarintNum(); - if (size !== 0) { - obj.script = br.read(size); - } else { - obj.script = new buffer.Buffer([]); +/** + * @param {Transaction|String} - Transaction or Transaction ID Hash + * @returns {Boolean} - return true/false if this MerkleBlock has the TX or not + * @private + */ +MerkleBlock.prototype.hasTransaction = function hasTransaction(tx) { + $.checkArgument(!_.isUndefined(tx), 'tx cannot be undefined'); + $.checkArgument(tx instanceof Transaction || typeof tx === 'string', + 'Invalid tx given, tx must be a "string" or "Transaction"'); + + var hash = tx; + if(tx instanceof Transaction) { + // We need to reverse the id hash for the lookup + hash = BufferUtil.reverse(new Buffer(tx.id, 'hex')).toString('hex'); } - return new Output(obj); + + var txs = []; + var height = this._calcTreeHeight(); + this._traverseMerkleTree(height, 0, { txs: txs }); + return txs.indexOf(hash) !== -1; }; -Output.prototype.toBufferWriter = function(writer) { - if (!writer) { - writer = new BufferWriter(); +/** + * @param {Buffer} - MerkleBlock data + * @returns {Object} - An Object representing merkleblock data + * @private + */ +MerkleBlock._fromBufferReader = function _fromBufferReader(br) { + $.checkState(!br.finished(), 'No merkleblock data received'); + var info = {}; + info.header = BlockHeader.fromBufferReader(br); + info.numTransactions = br.readUInt32LE(); + var numHashes = br.readVarintNum(); + info.hashes = []; + for (var i = 0; i < numHashes; i++) { + info.hashes.push(br.read(32).toString('hex')); } - writer.writeUInt64LEBN(this._satoshisBN); - var script = this._scriptBuffer; - writer.writeVarintNum(script.length); - writer.write(script); - return writer; + var numFlags = br.readVarintNum(); + info.flags = []; + for (i = 0; i < numFlags; i++) { + info.flags.push(br.readUInt8()); + } + return info; }; -module.exports = Output; +/** + * @param {Object} - A plain JavaScript object + * @returns {Block} - An instance of block + */ +MerkleBlock.fromObject = function fromObject(obj) { + return new MerkleBlock(obj); +}; + +module.exports = MerkleBlock; -},{"../crypto/bn":13,"../encoding/bufferwriter":22,"../errors":24,"../script":33,"../util/buffer":50,"../util/js":51,"../util/preconditions":52,"buffer":94,"lodash":78}],44:[function(require,module,exports){ +}).call(this,require("buffer").Buffer) +},{"../crypto/hash":33,"../encoding/bufferreader":39,"../encoding/bufferwriter":40,"../transaction":54,"../util/buffer":68,"../util/js":69,"../util/preconditions":70,"./blockheader":28,"buffer":158,"lodash":96}],31:[function(require,module,exports){ (function (Buffer){ 'use strict'; -var buffer = require('buffer'); - -var Signature = require('../crypto/signature'); -var Script = require('../script'); -var Output = require('./output'); -var BufferReader = require('../encoding/bufferreader'); -var BufferWriter = require('../encoding/bufferwriter'); -var BN = require('../crypto/bn'); -var Hash = require('../crypto/hash'); -var ECDSA = require('../crypto/ecdsa'); +var BN = require('bn.js'); var $ = require('../util/preconditions'); var _ = require('lodash'); -var SIGHASH_SINGLE_BUG = '0000000000000000000000000000000000000000000000000000000000000001'; -var BITS_64_ON = 'ffffffffffffffff'; +var reversebuf = function(buf) { + var buf2 = new Buffer(buf.length); + for (var i = 0; i < buf.length; i++) { + buf2[i] = buf[buf.length - 1 - i]; + } + return buf2; +}; -/** - * Returns a buffer of length 32 bytes with the hash that needs to be signed - * for OP_CHECKSIG. - * - * @name Signing.sighash - * @param {Transaction} transaction the transaction to sign - * @param {number} sighashType the type of the hash - * @param {number} inputNumber the input index for the signature - * @param {Script} subscript the script that will be signed - */ -var sighash = function sighash(transaction, sighashType, inputNumber, subscript) { - var Transaction = require('./transaction'); - var Input = require('./input'); +BN.Zero = new BN(0); +BN.One = new BN(1); +BN.Minus1 = new BN(-1); - var i; - // Copy transaction - var txcopy = Transaction.shallowCopy(transaction); +BN.fromNumber = function(n) { + $.checkArgument(_.isNumber(n)); + return new BN(n); +}; - // Copy script - subscript = new Script(subscript); - subscript.removeCodeseparators(); +BN.fromString = function(str, base) { + $.checkArgument(_.isString(str)); + return new BN(str, base); +}; - for (i = 0; i < txcopy.inputs.length; i++) { - // Blank signatures for other inputs - txcopy.inputs[i] = new Input(txcopy.inputs[i]).setScript(Script.empty()); +BN.fromBuffer = function(buf, opts) { + if (typeof opts !== 'undefined' && opts.endian === 'little') { + buf = reversebuf(buf); } + var hex = buf.toString('hex'); + var bn = new BN(hex, 16); + return bn; +}; - txcopy.inputs[inputNumber] = new Input(txcopy.inputs[inputNumber]).setScript(subscript); +/** + * Instantiate a BigNumber from a "signed magnitude buffer" + * (a buffer where the most significant bit represents the sign (0 = positive, -1 = negative)) + */ +BN.fromSM = function(buf, opts) { + var ret; + if (buf.length === 0) { + return BN.fromBuffer(new Buffer([0])); + } - if ((sighashType & 31) === Signature.SIGHASH_NONE || - (sighashType & 31) === Signature.SIGHASH_SINGLE) { + var endian = 'big'; + if (opts) { + endian = opts.endian; + } + if (endian === 'little') { + buf = reversebuf(buf); + } - // clear all sequenceNumbers - for (i = 0; i < txcopy.inputs.length; i++) { - if (i !== inputNumber) { - txcopy.inputs[i].sequenceNumber = 0; - } - } + if (buf[0] & 0x80) { + buf[0] = buf[0] & 0x7f; + ret = BN.fromBuffer(buf); + ret.neg().copy(ret); + } else { + ret = BN.fromBuffer(buf); } + return ret; +}; - if ((sighashType & 31) === Signature.SIGHASH_NONE) { - txcopy.outputs = []; - } else if ((sighashType & 31) === Signature.SIGHASH_SINGLE) { - // The SIGHASH_SINGLE bug. - // https://bitcointalk.org/index.php?topic=260595.0 - if (inputNumber >= txcopy.outputs.length) { - return new Buffer(SIGHASH_SINGLE_BUG, 'hex'); +BN.prototype.toNumber = function() { + return parseInt(this.toString(10), 10); +}; + +BN.prototype.toBuffer = function(opts) { + var buf, hex; + if (opts && opts.size) { + hex = this.toString(16, 2); + var natlen = hex.length / 2; + buf = new Buffer(hex, 'hex'); + + if (natlen === opts.size) { + buf = buf; + } else if (natlen > opts.size) { + buf = BN.trim(buf, natlen); + } else if (natlen < opts.size) { + buf = BN.pad(buf, natlen, opts.size); } + } else { + hex = this.toString(16, 2); + buf = new Buffer(hex, 'hex'); + } - txcopy.outputs.length = inputNumber + 1; + if (typeof opts !== 'undefined' && opts.endian === 'little') { + buf = reversebuf(buf); + } - for (i = 0; i < inputNumber; i++) { - txcopy.outputs[i] = new Output({ - satoshis: BN.fromBuffer(new buffer.Buffer(BITS_64_ON, 'hex')), - script: Script.empty() - }); + return buf; +}; + +BN.prototype.toSMBigEndian = function() { + var buf; + if (this.cmp(BN.Zero) === -1) { + buf = this.neg().toBuffer(); + if (buf[0] & 0x80) { + buf = Buffer.concat([new Buffer([0x80]), buf]); + } else { + buf[0] = buf[0] | 0x80; + } + } else { + buf = this.toBuffer(); + if (buf[0] & 0x80) { + buf = Buffer.concat([new Buffer([0x00]), buf]); } } - if (sighashType & Signature.SIGHASH_ANYONECANPAY) { - txcopy.inputs = [txcopy.inputs[inputNumber]]; + if (buf.length === 1 & buf[0] === 0) { + buf = new Buffer([]); } + return buf; +}; - var buf = new BufferWriter() - .write(txcopy.toBuffer()) - .writeInt32LE(sighashType) - .toBuffer(); - var ret = Hash.sha256sha256(buf); - ret = new BufferReader(ret).readReverse(); - return ret; +BN.prototype.toSM = function(opts) { + var endian = opts ? opts.endian : 'big'; + var buf = this.toSMBigEndian(); + + if (endian === 'little') { + buf = reversebuf(buf); + } + return buf; }; /** - * Create a signature - * - * @name Signing.sign - * @param {Transaction} transaction - * @param {PrivateKey} privateKey - * @param {number} sighash - * @param {number} inputIndex - * @param {Script} subscript - * @return {Signature} + * Create a BN from a "ScriptNum": + * This is analogous to the constructor for CScriptNum in bitcoind. Many ops in + * bitcoind's script interpreter use CScriptNum, which is not really a proper + * bignum. Instead, an error is thrown if trying to input a number bigger than + * 4 bytes. We copy that behavior here. A third argument, `size`, is provided to + * extend the hard limit of 4 bytes, as some usages require more than 4 bytes. */ -function sign(transaction, privateKey, sighashType, inputIndex, subscript) { - var hashbuf = sighash(transaction, sighashType, inputIndex, subscript); - var sig = ECDSA.sign(hashbuf, privateKey, 'little').set({ - nhashtype: sighashType +BN.fromScriptNumBuffer = function(buf, fRequireMinimal, size) { + var nMaxNumSize = size || 4; + $.checkArgument(buf.length <= nMaxNumSize, new Error('script number overflow')); + if (fRequireMinimal && buf.length > 0) { + // Check that the number is encoded with the minimum possible + // number of bytes. + // + // If the most-significant-byte - excluding the sign bit - is zero + // then we're not minimal. Note how this test also rejects the + // negative-zero encoding, 0x80. + if ((buf[buf.length - 1] & 0x7f) === 0) { + // One exception: if there's more than one byte and the most + // significant bit of the second-most-significant-byte is set + // it would conflict with the sign bit. An example of this case + // is +-255, which encode to 0xff00 and 0xff80 respectively. + // (big-endian). + if (buf.length <= 1 || (buf[buf.length - 2] & 0x80) === 0) { + throw new Error('non-minimally encoded script number'); + } + } + } + return BN.fromSM(buf, { + endian: 'little' }); - return sig; -} - -/** - * Verify a signature - * - * @name Signing.verify - * @param {Transaction} transaction - * @param {Signature} signature - * @param {PublicKey} publicKey - * @param {number} inputIndex - * @param {Script} subscript - * @return {boolean} - */ -function verify(transaction, signature, publicKey, inputIndex, subscript) { - $.checkArgument(!_.isUndefined(transaction)); - $.checkArgument(!_.isUndefined(signature) && !_.isUndefined(signature.nhashtype)); - var hashbuf = sighash(transaction, signature.nhashtype, inputIndex, subscript); - return ECDSA.verify(hashbuf, signature, publicKey, 'little'); -} +}; /** - * @namespace Signing + * The corollary to the above, with the notable exception that we do not throw + * an error if the output is larger than four bytes. (Which can happen if + * performing a numerical operation that results in an overflow to more than 4 + * bytes). */ -module.exports = { - sighash: sighash, - sign: sign, - verify: verify +BN.prototype.toScriptNumBuffer = function() { + return this.toSM({ + endian: 'little' + }); }; -}).call(this,require("buffer").Buffer) -},{"../crypto/bn":13,"../crypto/ecdsa":14,"../crypto/hash":15,"../crypto/signature":18,"../encoding/bufferreader":21,"../encoding/bufferwriter":22,"../script":33,"../util/preconditions":52,"./input":37,"./output":43,"./transaction":46,"buffer":94,"lodash":78}],45:[function(require,module,exports){ -(function (Buffer){ -'use strict'; +BN.prototype.gt = function(b) { + return this.cmp(b) > 0; +}; -var _ = require('lodash'); -var $ = require('../util/preconditions'); -var inherits = require('inherits'); -var BufferUtil = require('../util/buffer'); -var JSUtil = require('../util/js'); - -var PublicKey = require('../publickey'); -var errors = require('../errors'); -var Signature = require('../crypto/signature'); - -/** - * @desc - * Wrapper around Signature with fields related to signing a transaction specifically - * - * @param {Object|string|TransactionSignature} arg - * @constructor - */ -function TransactionSignature(arg) { - if (!(this instanceof TransactionSignature)) { - return new TransactionSignature(arg); - } - if (arg instanceof TransactionSignature) { - return arg; - } - if (_.isObject(arg)) { - return this._fromObject(arg); - } - throw new errors.InvalidArgument('TransactionSignatures must be instantiated from an object'); -} -inherits(TransactionSignature, Signature); - -TransactionSignature.prototype._fromObject = function(arg) { - this._checkObjectArgs(arg); - this.publicKey = new PublicKey(arg.publicKey); - this.prevTxId = BufferUtil.isBuffer(arg.prevTxId) ? arg.prevTxId : new Buffer(arg.prevTxId, 'hex'); - this.outputIndex = arg.outputIndex; - this.inputIndex = arg.inputIndex; - this.signature = (arg.signature instanceof Signature) ? arg.signature : - BufferUtil.isBuffer(arg.signature) ? Signature.fromBuffer(arg.signature) : - Signature.fromString(arg.signature); - this.sigtype = arg.sigtype; - return this; +BN.prototype.gte = function(b) { + return this.cmp(b) >= 0; }; -TransactionSignature.prototype._checkObjectArgs = function(arg) { - $.checkArgument(PublicKey(arg.publicKey), 'publicKey'); - $.checkArgument(!_.isUndefined(arg.inputIndex), 'inputIndex'); - $.checkArgument(!_.isUndefined(arg.outputIndex), 'outputIndex'); - $.checkState(_.isNumber(arg.inputIndex), 'inputIndex must be a number'); - $.checkState(_.isNumber(arg.outputIndex), 'outputIndex must be a number'); - $.checkArgument(arg.signature, 'signature'); - $.checkArgument(arg.prevTxId, 'prevTxId'); - $.checkState(arg.signature instanceof Signature || - BufferUtil.isBuffer(arg.signature) || - JSUtil.isHexa(arg.signature), 'signature must be a buffer or hexa value'); - $.checkState(BufferUtil.isBuffer(arg.prevTxId) || - JSUtil.isHexa(arg.prevTxId), 'prevTxId must be a buffer or hexa value'); - $.checkArgument(arg.sigtype, 'sigtype'); - $.checkState(_.isNumber(arg.sigtype), 'sigtype must be a number'); +BN.prototype.lt = function(b) { + return this.cmp(b) < 0; }; -/** - * Serializes a transaction to a plain JS object - * @return {Object} - */ -TransactionSignature.prototype.toObject = TransactionSignature.prototype.toJSON = function toObject() { - return { - publicKey: this.publicKey.toString(), - prevTxId: this.prevTxId.toString('hex'), - outputIndex: this.outputIndex, - inputIndex: this.inputIndex, - signature: this.signature.toString(), - sigtype: this.sigtype - }; +BN.trim = function(buf, natlen) { + return buf.slice(natlen - buf.length, buf.length); }; -/** - * Builds a TransactionSignature from an object - * @param {Object} object - * @return {TransactionSignature} - */ -TransactionSignature.fromObject = function(object) { - $.checkArgument(object); - return new TransactionSignature(object); +BN.pad = function(buf, natlen, size) { + var rbuf = new Buffer(size); + for (var i = 0; i < buf.length; i++) { + rbuf[rbuf.length - 1 - i] = buf[buf.length - 1 - i]; + } + for (i = 0; i < size - natlen; i++) { + rbuf[i] = 0; + } + return rbuf; }; -module.exports = TransactionSignature; +module.exports = BN; }).call(this,require("buffer").Buffer) -},{"../crypto/signature":18,"../errors":24,"../publickey":32,"../util/buffer":50,"../util/js":51,"../util/preconditions":52,"buffer":94,"inherits":77,"lodash":78}],46:[function(require,module,exports){ +},{"../util/preconditions":70,"bn.js":71,"buffer":158,"lodash":96}],32:[function(require,module,exports){ (function (Buffer){ 'use strict'; +var BN = require('./bn'); +var Point = require('./point'); +var Signature = require('./signature'); +var PublicKey = require('../publickey'); +var Random = require('./random'); +var Hash = require('./hash'); +var BufferUtil = require('../util/buffer'); var _ = require('lodash'); var $ = require('../util/preconditions'); -var buffer = require('buffer'); -var compare = Buffer.compare || require('buffer-compare'); -var errors = require('../errors'); -var BufferUtil = require('../util/buffer'); -var JSUtil = require('../util/js'); -var BufferReader = require('../encoding/bufferreader'); -var BufferWriter = require('../encoding/bufferwriter'); -var Hash = require('../crypto/hash'); -var Signature = require('../crypto/signature'); -var Sighash = require('./sighash'); +var ECDSA = function ECDSA(obj) { + if (!(this instanceof ECDSA)) { + return new ECDSA(obj); + } + if (obj) { + this.set(obj); + } +}; -var Address = require('../address'); -var UnspentOutput = require('./unspentoutput'); -var Input = require('./input'); -var PublicKeyHashInput = Input.PublicKeyHash; -var PublicKeyInput = Input.PublicKey; -var MultiSigScriptHashInput = Input.MultiSigScriptHash; -var MultiSigInput = Input.MultiSig; -var Output = require('./output'); -var Script = require('../script'); -var PrivateKey = require('../privatekey'); -var BN = require('../crypto/bn'); +/* jshint maxcomplexity: 9 */ +ECDSA.prototype.set = function(obj) { + this.hashbuf = obj.hashbuf || this.hashbuf; + this.endian = obj.endian || this.endian; //the endianness of hashbuf + this.privkey = obj.privkey || this.privkey; + this.pubkey = obj.pubkey || (this.privkey ? this.privkey.publicKey : this.pubkey); + this.sig = obj.sig || this.sig; + this.k = obj.k || this.k; + this.verified = obj.verified || this.verified; + return this; +}; -/** - * Represents a transaction, a set of inputs and outputs to change ownership of tokens - * - * @param {*} serialized - * @constructor - */ -function Transaction(serialized) { - if (!(this instanceof Transaction)) { - return new Transaction(serialized); - } - this.inputs = []; - this.outputs = []; - this._inputAmount = undefined; - this._outputAmount = undefined; +ECDSA.prototype.privkey2pubkey = function() { + this.pubkey = this.privkey.toPublicKey(); +}; - if (serialized) { - if (serialized instanceof Transaction) { - return Transaction.shallowCopy(serialized); - } else if (JSUtil.isHexa(serialized)) { - this.fromString(serialized); - } else if (BufferUtil.isBuffer(serialized)) { - this.fromBuffer(serialized); - } else if (_.isObject(serialized)) { - this.fromObject(serialized); - } else { - throw new errors.InvalidArgument('Must provide an object or string to deserialize a transaction'); +ECDSA.prototype.calci = function() { + for (var i = 0; i < 4; i++) { + this.sig.i = i; + var Qprime; + try { + Qprime = this.toPublicKey(); + } catch (e) { + console.error(e); + continue; } - } else { - this._newTransaction(); - } -} -var CURRENT_VERSION = 1; -var DEFAULT_NLOCKTIME = 0; -var MAX_BLOCK_SIZE = 1000000; + if (Qprime.point.eq(this.pubkey.point)) { + this.sig.compressed = this.pubkey.compressed; + return this; + } + } -// Minimum amount for an output for it not to be considered a dust output -Transaction.DUST_AMOUNT = 546; + this.sig.i = undefined; + throw new Error('Unable to find valid recovery factor'); +}; -// Margin of error to allow fees in the vecinity of the expected value but doesn't allow a big difference -Transaction.FEE_SECURITY_MARGIN = 15; +ECDSA.fromString = function(str) { + var obj = JSON.parse(str); + return new ECDSA(obj); +}; -// max amount of satoshis in circulation -Transaction.MAX_MONEY = 21000000 * 1e8; +ECDSA.prototype.randomK = function() { + var N = Point.getN(); + var k; + do { + k = BN.fromBuffer(Random.getRandomBuffer(32)); + } while (!(k.lt(N) && k.gt(BN.Zero))); + this.k = k; + return this; +}; -// nlocktime limit to be considered block height rather than a timestamp -Transaction.NLOCKTIME_BLOCKHEIGHT_LIMIT = 5e8; -// Max value for an unsigned 32 bit value -Transaction.NLOCKTIME_MAX_VALUE = 4294967295; +// https://tools.ietf.org/html/rfc6979#section-3.2 +ECDSA.prototype.deterministicK = function(badrs) { + /* jshint maxstatements: 25 */ + // if r or s were invalid when this function was used in signing, + // we do not want to actually compute r, s here for efficiency, so, + // we can increment badrs. explained at end of RFC 6979 section 3.2 + if (_.isUndefined(badrs)) { + badrs = 0; + } + var v = new Buffer(32); + v.fill(0x01); + var k = new Buffer(32); + k.fill(0x00); + var x = this.privkey.bn.toBuffer({ + size: 32 + }); + var hashbuf = this.endian === 'little' ? BufferUtil.reverse(this.hashbuf) : this.hashbuf + k = Hash.sha256hmac(Buffer.concat([v, new Buffer([0x00]), x, hashbuf]), k); + v = Hash.sha256hmac(v, k); + k = Hash.sha256hmac(Buffer.concat([v, new Buffer([0x01]), x, hashbuf]), k); + v = Hash.sha256hmac(v, k); + v = Hash.sha256hmac(v, k); + var T = BN.fromBuffer(v); + var N = Point.getN(); -// Value used for fee estimation (satoshis per kilobyte) -Transaction.FEE_PER_KB = 10000; + // also explained in 3.2, we must ensure T is in the proper range (0, N) + for (var i = 0; i < badrs || !(T.lt(N) && T.gt(BN.Zero)); i++) { + k = Hash.sha256hmac(Buffer.concat([v, new Buffer([0x00])]), k); + v = Hash.sha256hmac(v, k); + v = Hash.sha256hmac(v, k); + T = BN.fromBuffer(v); + } -// Safe upper bound for change address script size in bytes -Transaction.CHANGE_OUTPUT_MAX_SIZE = 20 + 4 + 34 + 4; -Transaction.MAXIMUM_EXTRA_SIZE = 4 + 9 + 9 + 4; + this.k = T; + return this; +}; -/* Constructors and Serialization */ +// Information about public key recovery: +// https://bitcointalk.org/index.php?topic=6430.0 +// http://stackoverflow.com/questions/19665491/how-do-i-get-an-ecdsa-public-key-from-just-a-bitcoin-signature-sec1-4-1-6-k +ECDSA.prototype.toPublicKey = function() { + /* jshint maxstatements: 25 */ + var i = this.sig.i; + $.checkArgument(i === 0 || i === 1 || i === 2 || i === 3, new Error('i must be equal to 0, 1, 2, or 3')); -/** - * Create a 'shallow' copy of the transaction, by serializing and deserializing - * it dropping any additional information that inputs and outputs may have hold - * - * @param {Transaction} transaction - * @return {Transaction} - */ -Transaction.shallowCopy = function(transaction) { - var copy = new Transaction(transaction.toBuffer()); - return copy; -}; + var e = BN.fromBuffer(this.hashbuf); + var r = this.sig.r; + var s = this.sig.s; -var hashProperty = { - configurable: false, - enumerable: true, - get: function() { - return new BufferReader(this._getHash()).readReverse().toString('hex'); - } -}; -Object.defineProperty(Transaction.prototype, 'hash', hashProperty); -Object.defineProperty(Transaction.prototype, 'id', hashProperty); + // A set LSB signifies that the y-coordinate is odd + var isYOdd = i & 1; -var ioProperty = { - configurable: false, - enumerable: true, - get: function() { - return this._getInputAmount(); - } -}; -Object.defineProperty(Transaction.prototype, 'inputAmount', ioProperty); -ioProperty.get = function() { - return this._getOutputAmount(); -}; -Object.defineProperty(Transaction.prototype, 'outputAmount', ioProperty); + // The more significant bit specifies whether we should use the + // first or second candidate key. + var isSecondKey = i >> 1; -/** - * Retrieve the little endian hash of the transaction (used for serialization) - * @return {Buffer} - */ -Transaction.prototype._getHash = function() { - return Hash.sha256sha256(this.toBuffer()); -}; + var n = Point.getN(); + var G = Point.getG(); -/** - * Retrieve a hexa string that can be used with bitcoind's CLI interface - * (decoderawtransaction, sendrawtransaction) - * - * @param {Object|boolean=} unsafe if true, skip all tests. if it's an object, - * it's expected to contain a set of flags to skip certain tests: - * * `disableAll`: disable all checks - * * `disableSmallFees`: disable checking for fees that are too small - * * `disableLargeFees`: disable checking for fees that are too large - * * `disableIsFullySigned`: disable checking if all inputs are fully signed - * * `disableDustOutputs`: disable checking if there are no outputs that are dust amounts - * * `disableMoreOutputThanInput`: disable checking if the transaction spends more bitcoins than the sum of the input amounts - * @return {string} - */ -Transaction.prototype.serialize = function(unsafe) { - if (true === unsafe || unsafe && unsafe.disableAll) { - return this.uncheckedSerialize(); - } else { - return this.checkedSerialize(unsafe); - } -}; + // 1.1 Let x = r + jn + var x = isSecondKey ? r.add(n) : r; + var R = Point.fromX(isYOdd, x); -Transaction.prototype.uncheckedSerialize = Transaction.prototype.toString = function() { - return this.toBuffer().toString('hex'); -}; + // 1.4 Check that nR is at infinity + var nR = R.mul(n); -/** - * Retrieve a hexa string that can be used with bitcoind's CLI interface - * (decoderawtransaction, sendrawtransaction) - * - * @param {Object} opts allows to skip certain tests. {@see Transaction#serialize} - * @return {string} - */ -Transaction.prototype.checkedSerialize = function(opts) { - var serializationError = this.getSerializationError(opts); - if (serializationError) { - serializationError.message += ' Use Transaction#uncheckedSerialize if you want to skip security checks. ' + - 'See http://bitcore.io/guide/transaction.html#Serialization for more info.'; - throw serializationError; + if (!nR.isInfinity()) { + throw new Error('nR is not a valid curve point'); } - return this.uncheckedSerialize(); -}; -Transaction.prototype.invalidSatoshis = function() { - var invalid = false; - for (var i = 0; i < this.outputs.length; i++) { - if (this.outputs[i].invalidSatoshis()) { - invalid = true; - } - } - return invalid; -}; + // Compute -e from e + var eNeg = e.neg().mod(n); -/** - * Retrieve a possible error that could appear when trying to serialize and - * broadcast this transaction. - * - * @param {Object} opts allows to skip certain tests. {@see Transaction#serialize} - * @return {bitcore.Error} - */ -Transaction.prototype.getSerializationError = function(opts) { - opts = opts || {}; + // 1.6.1 Compute Q = r^-1 (sR - eG) + // Q = r^-1 (sR + -eG) + var rInv = r.invm(n); - if (this.invalidSatoshis()) { - return new errors.Transaction.InvalidSatoshis(); - } + //var Q = R.multiplyTwo(s, G, eNeg).mul(rInv); + var Q = R.mul(s).add(G.mul(eNeg)).mul(rInv); - var unspent = this._getUnspentValue(); - var unspentError; - if (unspent < 0) { - if (!opts.disableMoreOutputThanInput) { - unspentError = new errors.Transaction.InvalidOutputAmountSum(); - } - } else { - unspentError = this._hasFeeError(opts, unspent); - } + var pubkey = PublicKey.fromPoint(Q, this.sig.compressed); - return unspentError || - this._hasDustOutputs(opts) || - this._isMissingSignatures(opts); + return pubkey; }; -Transaction.prototype._hasFeeError = function(opts, unspent) { +ECDSA.prototype.sigError = function() { + /* jshint maxstatements: 25 */ + if (!BufferUtil.isBuffer(this.hashbuf) || this.hashbuf.length !== 32) { + return 'hashbuf must be a 32 byte buffer'; + } - if (!_.isUndefined(this._fee) && this._fee !== unspent) { - return new errors.Transaction.FeeError.Different( - 'Unspent value is ' + unspent + ' but specified fee is ' + this._fee - ); + var r = this.sig.r; + var s = this.sig.s; + if (!(r.gt(BN.Zero) && r.lt(Point.getN())) || !(s.gt(BN.Zero) && s.lt(Point.getN()))) { + return 'r and s not in range'; } - if (!opts.disableLargeFees) { - var maximumFee = Math.floor(Transaction.FEE_SECURITY_MARGIN * this._estimateFee()); - if (unspent > maximumFee) { - if (this._missingChange()) { - return new errors.Transaction.ChangeAddressMissing( - 'Fee is too large and no change address was provided' - ); - } - return new errors.Transaction.FeeError.TooLarge( - 'expected less than ' + maximumFee + ' but got ' + unspent - ); - } + var e = BN.fromBuffer(this.hashbuf, this.endian ? { + endian: this.endian + } : undefined); + var n = Point.getN(); + var sinv = s.invm(n); + var u1 = sinv.mul(e).mod(n); + var u2 = sinv.mul(r).mod(n); + + var p = Point.getG().mulAdd(u1, this.pubkey.point, u2); + if (p.isInfinity()) { + return 'p is infinity'; } - if (!opts.disableSmallFees) { - var minimumFee = Math.ceil(this._estimateFee() / Transaction.FEE_SECURITY_MARGIN); - if (unspent < minimumFee) { - return new errors.Transaction.FeeError.TooSmall( - 'expected more than ' + minimumFee + ' but got ' + unspent - ); - } + if (p.getX().mod(n).cmp(r) !== 0) { + return 'Invalid signature'; + } else { + return false; } }; -Transaction.prototype._missingChange = function() { - return !this._changeScript; +ECDSA.toLowS = function(s) { + //enforce low s + //see BIP 62, "low S values in signatures" + if (s.gt(BN.fromBuffer(new Buffer('7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0', 'hex')))) { + s = Point.getN().sub(s); + } + return s; }; -Transaction.prototype._hasDustOutputs = function(opts) { - if (opts.disableDustOutputs) { - return; - } - var index, output; - for (index in this.outputs) { - output = this.outputs[index]; - if (output.satoshis < Transaction.DUST_AMOUNT && !output.script.isDataOut()) { - return new errors.Transaction.DustOutputs(); +ECDSA.prototype._findSignature = function(d, e) { + var N = Point.getN(); + var G = Point.getG(); + // try different values of k until r, s are valid + var badrs = 0; + var k, Q, r, s; + do { + if (!this.k || badrs > 0) { + this.deterministicK(badrs); } - } -}; + badrs++; + k = this.k; + Q = G.mul(k); + r = Q.x.mod(N); + s = k.invm(N).mul(e.add(d.mul(r))).mod(N); + } while (r.cmp(BN.Zero) <= 0 || s.cmp(BN.Zero) <= 0); -Transaction.prototype._isMissingSignatures = function(opts) { - if (opts.disableIsFullySigned) { - return; - } - if (!this.isFullySigned()) { - return new errors.Transaction.MissingSignatures(); - } -}; + s = ECDSA.toLowS(s); + return { + s: s, + r: r + }; -Transaction.prototype.inspect = function() { - return ''; }; -Transaction.prototype.toBuffer = function() { - var writer = new BufferWriter(); - return this.toBufferWriter(writer).toBuffer(); -}; +ECDSA.prototype.sign = function() { + var hashbuf = this.hashbuf; + var privkey = this.privkey; + var d = privkey.bn; -Transaction.prototype.toBufferWriter = function(writer) { - writer.writeUInt32LE(this.version); - writer.writeVarintNum(this.inputs.length); - _.each(this.inputs, function(input) { - input.toBufferWriter(writer); - }); - writer.writeVarintNum(this.outputs.length); - _.each(this.outputs, function(output) { - output.toBufferWriter(writer); - }); - writer.writeUInt32LE(this.nLockTime); - return writer; -}; + $.checkState(hashbuf && privkey && d, new Error('invalid parameters')); + $.checkState(BufferUtil.isBuffer(hashbuf) && hashbuf.length === 32, new Error('hashbuf must be a 32 byte buffer')); -Transaction.prototype.fromBuffer = function(buffer) { - var reader = new BufferReader(buffer); - return this.fromBufferReader(reader); -}; + var e = BN.fromBuffer(hashbuf, this.endian ? { + endian: this.endian + } : undefined); -Transaction.prototype.fromBufferReader = function(reader) { - $.checkArgument(!reader.finished(), 'No transaction data received'); - var i, sizeTxIns, sizeTxOuts; + var obj = this._findSignature(d, e); + obj.compressed = this.pubkey.compressed; - this.version = reader.readUInt32LE(); - sizeTxIns = reader.readVarintNum(); - for (i = 0; i < sizeTxIns; i++) { - var input = Input.fromBufferReader(reader); - this.inputs.push(input); - } - sizeTxOuts = reader.readVarintNum(); - for (i = 0; i < sizeTxOuts; i++) { - this.outputs.push(Output.fromBufferReader(reader)); - } - this.nLockTime = reader.readUInt32LE(); + this.sig = new Signature(obj); return this; }; -Transaction.prototype.toObject = Transaction.prototype.toJSON = function toObject() { - var inputs = []; - this.inputs.forEach(function(input) { - inputs.push(input.toObject()); - }); - var outputs = []; - this.outputs.forEach(function(output) { - outputs.push(output.toObject()); - }); - var obj = { - hash: this.hash, - version: this.version, - inputs: inputs, - outputs: outputs, - nLockTime: this.nLockTime - }; - if (this._changeScript) { - obj.changeScript = this._changeScript.toString(); +ECDSA.prototype.signRandomK = function() { + this.randomK(); + return this.sign(); +}; + +ECDSA.prototype.toString = function() { + var obj = {}; + if (this.hashbuf) { + obj.hashbuf = this.hashbuf.toString('hex'); } - if (!_.isUndefined(this._changeIndex)) { - obj.changeIndex = this._changeIndex; + if (this.privkey) { + obj.privkey = this.privkey.toString(); } - if (!_.isUndefined(this._fee)) { - obj.fee = this._fee; + if (this.pubkey) { + obj.pubkey = this.pubkey.toString(); } - return obj; + if (this.sig) { + obj.sig = this.sig.toString(); + } + if (this.k) { + obj.k = this.k.toString(); + } + return JSON.stringify(obj); }; -Transaction.prototype.fromObject = function fromObject(arg) { - /* jshint maxstatements: 20 */ - $.checkArgument(_.isObject(arg) || arg instanceof Transaction); - var self = this; - var transaction; - if (arg instanceof Transaction) { - transaction = transaction.toObject(); +ECDSA.prototype.verify = function() { + if (!this.sigError()) { + this.verified = true; } else { - transaction = arg; - } - _.each(transaction.inputs, function(input) { - if (!input.output || !input.output.script) { - self.uncheckedAddInput(new Input(input)); - return; - } - var script = new Script(input.output.script); - var txin; - if (script.isPublicKeyHashOut()) { - txin = new Input.PublicKeyHash(input); - } else if (script.isScriptHashOut() && input.publicKeys && input.threshold) { - txin = new Input.MultiSigScriptHash( - input, input.publicKeys, input.threshold, input.signatures - ); - } else if (script.isPublicKeyOut()) { - txin = new Input.PublicKey(input); - } else { - throw new errors.Transaction.Input.UnsupportedScript(input.output.script); - } - self.addInput(txin); - }); - _.each(transaction.outputs, function(output) { - self.addOutput(new Output(output)); - }); - if (transaction.changeIndex) { - this._changeIndex = transaction.changeIndex; - } - if (transaction.changeScript) { - this._changeScript = new Script(transaction.changeScript); - } - if (transaction.fee) { - this._fee = transaction.fee; + this.verified = false; } - this.nLockTime = transaction.nLockTime; - this.version = transaction.version; - this._checkConsistency(arg); return this; }; -Transaction.prototype._checkConsistency = function(arg) { - if (!_.isUndefined(this._changeIndex)) { - $.checkState(this._changeScript); - $.checkState(this.outputs[this._changeIndex]); - $.checkState(this.outputs[this._changeIndex].script.toString() === - this._changeScript.toString()); - } - if (arg && arg.hash) { - $.checkState(arg.hash === this.hash, 'Hash in object does not match transaction hash'); - } +ECDSA.sign = function(hashbuf, privkey, endian) { + return ECDSA().set({ + hashbuf: hashbuf, + endian: endian, + privkey: privkey + }).sign().sig; }; -/** - * Sets nLockTime so that transaction is not valid until the desired date(a - * timestamp in seconds since UNIX epoch is also accepted) - * - * @param {Date | Number} time - * @return {Transaction} this - */ -Transaction.prototype.lockUntilDate = function(time) { - $.checkArgument(time); - if (_.isNumber(time) && time < Transaction.NLOCKTIME_BLOCKHEIGHT_LIMIT) { - throw new errors.Transaction.LockTimeTooEarly(); - } - if (_.isDate(time)) { - time = time.getTime() / 1000; - } +ECDSA.verify = function(hashbuf, sig, pubkey, endian) { + return ECDSA().set({ + hashbuf: hashbuf, + endian: endian, + sig: sig, + pubkey: pubkey + }).verify().verified; +}; - for (var i = 0; i < this.inputs.length; i++) { - if (this.inputs[i].sequenceNumber === Input.DEFAULT_SEQNUMBER){ - this.inputs[i].sequenceNumber = Input.DEFAULT_LOCKTIME_SEQNUMBER; - } - } +module.exports = ECDSA; - this.nLockTime = time; - return this; +}).call(this,require("buffer").Buffer) +},{"../publickey":50,"../util/buffer":68,"../util/preconditions":70,"./bn":31,"./hash":33,"./point":34,"./random":35,"./signature":36,"buffer":158,"lodash":96}],33:[function(require,module,exports){ +(function (Buffer){ +'use strict'; + +var crypto = require('crypto'); +var BufferUtil = require('../util/buffer'); +var $ = require('../util/preconditions'); + +var Hash = module.exports; + +Hash.sha1 = function(buf) { + $.checkArgument(BufferUtil.isBuffer(buf)); + return crypto.createHash('sha1').update(buf).digest(); }; -/** - * Sets nLockTime so that transaction is not valid until the desired block - * height. - * - * @param {Number} height - * @return {Transaction} this - */ -Transaction.prototype.lockUntilBlockHeight = function(height) { - $.checkArgument(_.isNumber(height)); - if (height >= Transaction.NLOCKTIME_BLOCKHEIGHT_LIMIT) { - throw new errors.Transaction.BlockHeightTooHigh(); - } - if (height < 0) { - throw new errors.Transaction.NLockTimeOutOfRange(); - } +Hash.sha1.blocksize = 512; - for (var i = 0; i < this.inputs.length; i++) { - if (this.inputs[i].sequenceNumber === Input.DEFAULT_SEQNUMBER){ - this.inputs[i].sequenceNumber = Input.DEFAULT_LOCKTIME_SEQNUMBER; - } - } +Hash.sha256 = function(buf) { + $.checkArgument(BufferUtil.isBuffer(buf)); + return crypto.createHash('sha256').update(buf).digest(); +}; +Hash.sha256.blocksize = 512; - this.nLockTime = height; - return this; +Hash.sha256sha256 = function(buf) { + $.checkArgument(BufferUtil.isBuffer(buf)); + return Hash.sha256(Hash.sha256(buf)); }; -/** - * Returns a semantic version of the transaction's nLockTime. - * @return {Number|Date} - * If nLockTime is 0, it returns null, - * if it is < 500000000, it returns a block height (number) - * else it returns a Date object. - */ -Transaction.prototype.getLockTime = function() { - if (!this.nLockTime) { - return null; - } - if (this.nLockTime < Transaction.NLOCKTIME_BLOCKHEIGHT_LIMIT) { - return this.nLockTime; - } - return new Date(1000 * this.nLockTime); +Hash.ripemd160 = function(buf) { + $.checkArgument(BufferUtil.isBuffer(buf)); + return crypto.createHash('ripemd160').update(buf).digest(); }; -Transaction.prototype.fromString = function(string) { - this.fromBuffer(new buffer.Buffer(string, 'hex')); +Hash.sha256ripemd160 = function(buf) { + $.checkArgument(BufferUtil.isBuffer(buf)); + return Hash.ripemd160(Hash.sha256(buf)); }; -Transaction.prototype._newTransaction = function() { - this.version = CURRENT_VERSION; - this.nLockTime = DEFAULT_NLOCKTIME; +Hash.sha512 = function(buf) { + $.checkArgument(BufferUtil.isBuffer(buf)); + return crypto.createHash('sha512').update(buf).digest(); }; -/* Transaction creation interface */ +Hash.sha512.blocksize = 1024; -/** - * @typedef {Object} Transaction~fromObject - * @property {string} prevTxId - * @property {number} outputIndex - * @property {(Buffer|string|Script)} script - * @property {number} satoshis - */ +Hash.hmac = function(hashf, data, key) { + //http://en.wikipedia.org/wiki/Hash-based_message_authentication_code + //http://tools.ietf.org/html/rfc4868#section-2 + $.checkArgument(BufferUtil.isBuffer(data)); + $.checkArgument(BufferUtil.isBuffer(key)); + $.checkArgument(hashf.blocksize); -/** - * Add an input to this transaction. This is a high level interface - * to add an input, for more control, use @{link Transaction#addInput}. - * - * Can receive, as output information, the output of bitcoind's `listunspent` command, - * and a slightly fancier format recognized by bitcore: - * - * ``` - * { - * address: 'mszYqVnqKoQx4jcTdJXxwKAissE3Jbrrc1', - * txId: 'a477af6b2667c29670467e4e0728b685ee07b240235771862318e29ddbe58458', - * outputIndex: 0, - * script: Script.empty(), - * satoshis: 1020000 - * } - * ``` - * Where `address` can be either a string or a bitcore Address object. The - * same is true for `script`, which can be a string or a bitcore Script. - * - * Beware that this resets all the signatures for inputs (in further versions, - * SIGHASH_SINGLE or SIGHASH_NONE signatures will not be reset). - * - * @example - * ```javascript - * var transaction = new Transaction(); - * - * // From a pay to public key hash output from bitcoind's listunspent - * transaction.from({'txid': '0000...', vout: 0, amount: 0.1, scriptPubKey: 'OP_DUP ...'}); - * - * // From a pay to public key hash output - * transaction.from({'txId': '0000...', outputIndex: 0, satoshis: 1000, script: 'OP_DUP ...'}); - * - * // From a multisig P2SH output - * transaction.from({'txId': '0000...', inputIndex: 0, satoshis: 1000, script: '... OP_HASH'}, - * ['03000...', '02000...'], 2); - * ``` - * - * @param {(Array.|Transaction~fromObject)} utxo - * @param {Array=} pubkeys - * @param {number=} threshold - */ -Transaction.prototype.from = function(utxo, pubkeys, threshold) { - if (_.isArray(utxo)) { - var self = this; - _.each(utxo, function(utxo) { - self.from(utxo, pubkeys, threshold); - }); - return this; - } - var exists = _.any(this.inputs, function(input) { - // TODO: Maybe prevTxId should be a string? Or defined as read only property? - return input.prevTxId.toString('hex') === utxo.txId && input.outputIndex === utxo.outputIndex; - }); - if (exists) { - return; + var blocksize = hashf.blocksize / 8; + + if (key.length > blocksize) { + key = hashf(key); + } else if (key < blocksize) { + var fill = new Buffer(blocksize); + fill.fill(0); + key.copy(fill); + key = fill; } - if (pubkeys && threshold) { - this._fromMultisigUtxo(utxo, pubkeys, threshold); - } else { - this._fromNonP2SH(utxo); + + var o_key = new Buffer(blocksize); + o_key.fill(0x5c); + + var i_key = new Buffer(blocksize); + i_key.fill(0x36); + + var o_key_pad = new Buffer(blocksize); + var i_key_pad = new Buffer(blocksize); + for (var i = 0; i < blocksize; i++) { + o_key_pad[i] = o_key[i] ^ key[i]; + i_key_pad[i] = i_key[i] ^ key[i]; } - return this; + + return hashf(Buffer.concat([o_key_pad, hashf(Buffer.concat([i_key_pad, data]))])); }; -Transaction.prototype._fromNonP2SH = function(utxo) { - var clazz; - utxo = new UnspentOutput(utxo); - if (utxo.script.isPublicKeyHashOut()) { - clazz = PublicKeyHashInput; - } else if (utxo.script.isPublicKeyOut()) { - clazz = PublicKeyInput; - } else { - clazz = Input; - } - this.addInput(new clazz({ - output: new Output({ - script: utxo.script, - satoshis: utxo.satoshis - }), - prevTxId: utxo.txId, - outputIndex: utxo.outputIndex, - script: Script.empty() - })); +Hash.sha256hmac = function(data, key) { + return Hash.hmac(Hash.sha256, data, key); }; -Transaction.prototype._fromMultisigUtxo = function(utxo, pubkeys, threshold) { - $.checkArgument(threshold <= pubkeys.length, - 'Number of required signatures must be greater than the number of public keys'); - var clazz; - utxo = new UnspentOutput(utxo); - if (utxo.script.isMultisigOut()) { - clazz = MultiSigInput; - } else if (utxo.script.isScriptHashOut()) { - clazz = MultiSigScriptHashInput; - } else { - throw new Error("@TODO"); - } - this.addInput(new clazz({ - output: new Output({ - script: utxo.script, - satoshis: utxo.satoshis - }), - prevTxId: utxo.txId, - outputIndex: utxo.outputIndex, - script: Script.empty() - }, pubkeys, threshold)); +Hash.sha512hmac = function(data, key) { + return Hash.hmac(Hash.sha512, data, key); }; +}).call(this,require("buffer").Buffer) +},{"../util/buffer":68,"../util/preconditions":70,"buffer":158,"crypto":184}],34:[function(require,module,exports){ +(function (Buffer){ +'use strict'; + +var BN = require('./bn'); +var BufferUtil = require('../util/buffer'); +var ec = require('elliptic').curves.secp256k1; +var ecPoint = ec.curve.point.bind(ec.curve); +var ecPointFromX = ec.curve.pointFromX.bind(ec.curve); + /** - * Add an input to this transaction. The input must be an instance of the `Input` class. - * It should have information about the Output that it's spending, but if it's not already - * set, two additional parameters, `outputScript` and `satoshis` can be provided. * - * @param {Input} input - * @param {String|Script} outputScript - * @param {number} satoshis - * @return Transaction this, for chaining + * Instantiate a valid secp256k1 Point from the X and Y coordinates. + * + * @param {BN|String} x - The X coordinate + * @param {BN|String} y - The Y coordinate + * @link https://github.com/indutny/elliptic + * @augments elliptic.curve.point + * @throws {Error} A validation error if exists + * @returns {Point} An instance of Point + * @constructor */ -Transaction.prototype.addInput = function(input, outputScript, satoshis) { - $.checkArgumentType(input, Input, 'input'); - if (!input.output && (_.isUndefined(outputScript) || _.isUndefined(satoshis))) { - throw new errors.Transaction.NeedMoreInfo('Need information about the UTXO script and satoshis'); - } - if (!input.output && outputScript && !_.isUndefined(satoshis)) { - outputScript = outputScript instanceof Script ? outputScript : new Script(outputScript); - $.checkArgumentType(satoshis, 'number', 'satoshis'); - input.output = new Output({ - script: outputScript, - satoshis: satoshis - }); - } - return this.uncheckedAddInput(input); +var Point = function Point(x, y, isRed) { + var point = ecPoint(x, y, isRed); + point.validate(); + return point; }; +Point.prototype = Object.getPrototypeOf(ec.curve.point()); + /** - * Add an input to this transaction, without checking that the input has information about - * the output that it's spending. * - * @param {Input} input - * @return Transaction this, for chaining + * Instantiate a valid secp256k1 Point from only the X coordinate + * + * @param {boolean} odd - If the Y coordinate is odd + * @param {BN|String} x - The X coordinate + * @throws {Error} A validation error if exists + * @returns {Point} An instance of Point */ -Transaction.prototype.uncheckedAddInput = function(input) { - $.checkArgumentType(input, Input, 'input'); - this.inputs.push(input); - this._inputAmount = undefined; - this._updateChangeOutput(); - return this; +Point.fromX = function fromX(odd, x){ + var point = ecPointFromX(odd, x); + point.validate(); + return point; }; /** - * Returns true if the transaction has enough info on all inputs to be correctly validated * - * @return {boolean} + * Will return a secp256k1 ECDSA base point. + * + * @link https://en.bitcoin.it/wiki/Secp256k1 + * @returns {Point} An instance of the base point. */ -Transaction.prototype.hasAllUtxoInfo = function() { - return _.all(this.inputs.map(function(input) { - return !!input.output; - })); +Point.getG = function getG() { + return ec.curve.g; }; /** - * Manually set the fee for this transaction. Beware that this resets all the signatures - * for inputs (in further versions, SIGHASH_SINGLE or SIGHASH_NONE signatures will not - * be reset). * - * @param {number} amount satoshis to be sent - * @return {Transaction} this, for chaining + * Will return the max of range of valid private keys as governed by the secp256k1 ECDSA standard. + * + * @link https://en.bitcoin.it/wiki/Private_key#Range_of_valid_ECDSA_private_keys + * @returns {BN} A BN instance of the number of points on the curve */ -Transaction.prototype.fee = function(amount) { - $.checkArgument(_.isNumber(amount), 'amount must be a number'); - this._fee = amount; - this._updateChangeOutput(); - return this; +Point.getN = function getN() { + return new BN(ec.curve.n.toArray()); }; +Point.prototype._getX = Point.prototype.getX; + /** - * Manually set the fee per KB for this transaction. Beware that this resets all the signatures - * for inputs (in further versions, SIGHASH_SINGLE or SIGHASH_NONE signatures will not - * be reset). * - * @param {number} amount satoshis per KB to be sent - * @return {Transaction} this, for chaining + * Will return the X coordinate of the Point + * + * @returns {BN} A BN instance of the X coordinate */ -Transaction.prototype.feePerKb = function(amount) { - $.checkArgument(_.isNumber(amount), 'amount must be a number'); - this._feePerKb = amount; - this._updateChangeOutput(); - return this; +Point.prototype.getX = function getX() { + return new BN(this._getX().toArray()); }; -/* Output management */ +Point.prototype._getY = Point.prototype.getY; /** - * Set the change address for this transaction * - * Beware that this resets all the signatures for inputs (in further versions, - * SIGHASH_SINGLE or SIGHASH_NONE signatures will not be reset). + * Will return the Y coordinate of the Point * - * @param {Address} address An address for change to be sent to. - * @return {Transaction} this, for chaining + * @returns {BN} A BN instance of the Y coordinate */ -Transaction.prototype.change = function(address) { - $.checkArgument(address, 'address is required'); - this._changeScript = Script.fromAddress(address); - this._updateChangeOutput(); - return this; +Point.prototype.getY = function getY() { + return new BN(this._getY().toArray()); }; - /** - * @return {Output} change output, if it exists + * + * Will determine if the point is valid + * + * @link https://www.iacr.org/archive/pkc2003/25670211/25670211.pdf + * @param {Point} An instance of Point + * @throws {Error} A validation error if exists + * @returns {Point} An instance of the same Point */ -Transaction.prototype.getChangeOutput = function() { - if (!_.isUndefined(this._changeIndex)) { - return this.outputs[this._changeIndex]; +Point.prototype.validate = function validate() { + + if (this.isInfinity()){ + throw new Error('Point cannot be equal to Infinity'); } - return null; -}; -/** - * @typedef {Object} Transaction~toObject - * @property {(string|Address)} address - * @property {number} satoshis - */ + if (this.getX().cmp(BN.Zero) === 0 || this.getY().cmp(BN.Zero) === 0){ + throw new Error('Invalid x,y value for curve, cannot equal 0.'); + } -/** - * Add an output to the transaction. - * - * Beware that this resets all the signatures for inputs (in further versions, - * SIGHASH_SINGLE or SIGHASH_NONE signatures will not be reset). - * - * @param {(string|Address|Array.)} address - * @param {number} amount in satoshis - * @return {Transaction} this, for chaining - */ -Transaction.prototype.to = function(address, amount) { - if (_.isArray(address)) { - var self = this; - _.each(address, function(to) { - self.to(to.address, to.satoshis); - }); - return this; + var p2 = ecPointFromX(this.getY().isOdd(), this.getX()); + + if (p2.y.cmp(this.y) !== 0) { + throw new Error('Invalid y value for curve.'); } - $.checkArgument( - JSUtil.isNaturalNumber(amount), - 'Amount is expected to be a positive integer' - ); - this.addOutput(new Output({ - script: Script(new Address(address)), - satoshis: amount - })); - return this; -}; + var xValidRange = (this.getX().gt(BN.Minus1) && this.getX().lt(Point.getN())); + var yValidRange = (this.getY().gt(BN.Minus1) && this.getY().lt(Point.getN())); -/** - * Add an OP_RETURN output to the transaction. - * - * Beware that this resets all the signatures for inputs (in further versions, - * SIGHASH_SINGLE or SIGHASH_NONE signatures will not be reset). - * - * @param {Buffer|string} value the data to be stored in the OP_RETURN output. - * In case of a string, the UTF-8 representation will be stored - * @return {Transaction} this, for chaining - */ -Transaction.prototype.addData = function(value) { - this.addOutput(new Output({ - script: Script.buildDataOut(value), - satoshis: 0 - })); - return this; -}; + if ( !xValidRange || !yValidRange ) { + throw new Error('Point does not lie on the curve'); + } + //todo: needs test case + if (!(this.mul(Point.getN()).isInfinity())) { + throw new Error('Point times N must be infinity'); + } -/** - * Add an output to the transaction. - * - * @param {Output} output the output to add. - * @return {Transaction} this, for chaining - */ -Transaction.prototype.addOutput = function(output) { - $.checkArgumentType(output, Output, 'output'); - this._addOutput(output); - this._updateChangeOutput(); return this; + }; +Point.pointToCompressed = function pointToCompressed(point) { + var xbuf = point.getX().toBuffer({size: 32}); + var ybuf = point.getY().toBuffer({size: 32}); -/** - * Remove all outputs from the transaction. - * - * @return {Transaction} this, for chaining - */ -Transaction.prototype.clearOutputs = function() { - this.outputs = []; - this._clearSignatures(); - this._outputAmount = undefined; - this._changeIndex = undefined; - this._updateChangeOutput(); - return this; + var prefix; + var odd = ybuf[ybuf.length - 1] % 2; + if (odd) { + prefix = new Buffer([0x03]); + } else { + prefix = new Buffer([0x02]); + } + return BufferUtil.concat([prefix, xbuf]); }; +module.exports = Point; -Transaction.prototype._addOutput = function(output) { - this.outputs.push(output); - this._outputAmount = undefined; -}; +}).call(this,require("buffer").Buffer) +},{"../util/buffer":68,"./bn":31,"buffer":158,"elliptic":74}],35:[function(require,module,exports){ +(function (process,Buffer){ +'use strict'; +function Random() { +} -/** - * Calculates or gets the total output amount in satoshis - * - * @return {Number} the transaction total output amount - */ -Transaction.prototype._getOutputAmount = function() { - if (_.isUndefined(this._outputAmount)) { - var self = this; - this._outputAmount = 0; - _.each(this.outputs, function(output) { - self._outputAmount += output.satoshis; - }); - } - return this._outputAmount; +/* secure random bytes that sometimes throws an error due to lack of entropy */ +Random.getRandomBuffer = function(size) { + if (process.browser) + return Random.getRandomBufferBrowser(size); + else + return Random.getRandomBufferNode(size); }; +Random.getRandomBufferNode = function(size) { + var crypto = require('crypto'); + return crypto.randomBytes(size); +}; -/** - * Calculates or gets the total input amount in satoshis - * - * @return {Number} the transaction total input amount - */ -Transaction.prototype._getInputAmount = function() { - if (_.isUndefined(this._inputAmount)) { - var self = this; - this._inputAmount = 0; - _.each(this.inputs, function(input) { - if (_.isUndefined(input.output)) { - throw new errors.Transaction.Input.MissingPreviousOutput(); - } - self._inputAmount += input.output.satoshis; - }); - } - return this._inputAmount; +Random.getRandomBufferBrowser = function(size) { + if (!window.crypto && !window.msCrypto) + throw new Error('window.crypto not available'); + + if (window.crypto && window.crypto.getRandomValues) + var crypto = window.crypto; + else if (window.msCrypto && window.msCrypto.getRandomValues) //internet explorer + var crypto = window.msCrypto; + else + throw new Error('window.crypto.getRandomValues not available'); + + var bbuf = new Uint8Array(size); + crypto.getRandomValues(bbuf); + var buf = new Buffer(bbuf); + + return buf; }; -Transaction.prototype._updateChangeOutput = function() { - if (!this._changeScript) { - return; - } - this._clearSignatures(); - if (!_.isUndefined(this._changeIndex)) { - this._removeOutput(this._changeIndex); - } - var available = this._getUnspentValue(); - var fee = this.getFee(); - var changeAmount = available - fee; - if (changeAmount > 0) { - this._changeIndex = this.outputs.length; - this._addOutput(new Output({ - script: this._changeScript, - satoshis: changeAmount - })); - } else { - this._changeIndex = undefined; +/* insecure random bytes, but it never fails */ +Random.getPseudoRandomBuffer = function(size) { + var b32 = 0x100000000; + var b = new Buffer(size); + var r; + + for (var i = 0; i <= size; i++) { + var j = Math.floor(i / 4); + var k = i - j * 4; + if (k === 0) { + r = Math.random() * b32; + b[i] = r & 0xff; + } else { + b[i] = (r = r >>> 8) & 0xff; + } } + + return b; }; -/** - * Calculates the fee of the transaction. - * - * If there's a fixed fee set, return that. - * - * If there is no change output set, the fee is the - * total value of the outputs minus inputs. Note that - * a serialized transaction only specifies the value - * of its outputs. (The value of inputs are recorded - * in the previous transaction outputs being spent.) - * This method therefore raises a "MissingPreviousOutput" - * error when called on a serialized transaction. - * - * If there's no fee set and no change address, - * estimate the fee based on size. - * - * @return {Number} fee of this transaction in satoshis - */ -Transaction.prototype.getFee = function() { - if (this.isCoinbase()) { - return 0; - } - if (!_.isUndefined(this._fee)) { - return this._fee; + +module.exports = Random; + +}).call(this,require('_process'),require("buffer").Buffer) +},{"_process":273,"buffer":158,"crypto":184}],36:[function(require,module,exports){ +(function (Buffer){ +'use strict'; + +var BN = require('./bn'); +var _ = require('lodash'); +var $ = require('../util/preconditions'); +var BufferUtil = require('../util/buffer'); +var JSUtil = require('../util/js'); + +var Signature = function Signature(r, s) { + if (!(this instanceof Signature)) { + return new Signature(r, s); } - // if no change output is set, fees should equal all the unspent amount - if (!this._changeScript) { - return this._getUnspentValue(); + if (r instanceof BN) { + this.set({ + r: r, + s: s + }); + } else if (r) { + var obj = r; + this.set(obj); } - return this._estimateFee(); }; -/** - * Estimates fee from serialized transaction size in bytes. - */ -Transaction.prototype._estimateFee = function() { - var estimatedSize = this._estimateSize(); - var available = this._getUnspentValue(); - return Transaction._estimateFee(estimatedSize, available, this._feePerKb); +/* jshint maxcomplexity: 7 */ +Signature.prototype.set = function(obj) { + this.r = obj.r || this.r || undefined; + this.s = obj.s || this.s || undefined; + this.i = typeof obj.i !== 'undefined' ? obj.i : this.i; //public key recovery parameter in range [0, 3] + this.compressed = typeof obj.compressed !== 'undefined' ? + obj.compressed : this.compressed; //whether the recovered pubkey is compressed + this.nhashtype = obj.nhashtype || this.nhashtype || undefined; + return this; }; -Transaction.prototype._getUnspentValue = function() { - return this._getInputAmount() - this._getOutputAmount(); -}; +Signature.fromCompact = function(buf) { + $.checkArgument(BufferUtil.isBuffer(buf), 'Argument is expected to be a Buffer'); -Transaction.prototype._clearSignatures = function() { - _.each(this.inputs, function(input) { - input.clearSignatures(); - }); -}; + var sig = new Signature(); -Transaction._estimateFee = function(size, amountAvailable, feePerKb) { - var fee = Math.ceil(size / 1000) * (feePerKb || Transaction.FEE_PER_KB); - if (amountAvailable > fee) { - size += Transaction.CHANGE_OUTPUT_MAX_SIZE; + var compressed = true; + var i = buf.slice(0, 1)[0] - 27 - 4; + if (i < 0) { + compressed = false; + i = i + 4; } - return Math.ceil(size / 1000) * (feePerKb || Transaction.FEE_PER_KB); -}; -Transaction.prototype._estimateSize = function() { - var result = Transaction.MAXIMUM_EXTRA_SIZE; - _.each(this.inputs, function(input) { - result += input._estimateSize(); - }); - _.each(this.outputs, function(output) { - result += output.script.toBuffer().length + 9; - }); - return result; -}; + var b2 = buf.slice(1, 33); + var b3 = buf.slice(33, 65); -Transaction.prototype._removeOutput = function(index) { - var output = this.outputs[index]; - this.outputs = _.without(this.outputs, output); - this._outputAmount = undefined; -}; + $.checkArgument(i === 0 || i === 1 || i === 2 || i === 3, new Error('i must be 0, 1, 2, or 3')); + $.checkArgument(b2.length === 32, new Error('r must be 32 bytes')); + $.checkArgument(b3.length === 32, new Error('s must be 32 bytes')); -Transaction.prototype.removeOutput = function(index) { - this._removeOutput(index); - this._updateChangeOutput(); + sig.compressed = compressed; + sig.i = i; + sig.r = BN.fromBuffer(b2); + sig.s = BN.fromBuffer(b3); + + return sig; }; -/** - * Sort a transaction's inputs and outputs according to BIP69 - * - * @see {https://github.com/bitcoin/bips/blob/master/bip-0069.mediawiki} - * @return {Transaction} this - */ -Transaction.prototype.sort = function() { - this.sortInputs(function(inputs) { - var copy = Array.prototype.concat.apply([], inputs); - copy.sort(function(first, second) { - return compare(first.prevTxId, second.prevTxId) - || first.outputIndex - second.outputIndex; - }); - return copy; - }); - this.sortOutputs(function(outputs) { - var copy = Array.prototype.concat.apply([], outputs); - copy.sort(function(first, second) { - return first.satoshis - second.satoshis - || compare(first.script.toBuffer(), second.script.toBuffer()); - }); - return copy; - }); - return this; +Signature.fromDER = Signature.fromBuffer = function(buf, strict) { + var obj = Signature.parseDER(buf, strict); + var sig = new Signature(); + + sig.r = obj.r; + sig.s = obj.s; + + return sig; }; -/** - * Randomize this transaction's outputs ordering. The shuffling algorithm is a - * version of the Fisher-Yates shuffle, provided by lodash's _.shuffle(). - * - * @return {Transaction} this - */ -Transaction.prototype.shuffleOutputs = function() { - return this.sortOutputs(_.shuffle); +// The format used in a tx +Signature.fromTxFormat = function(buf) { + var nhashtype = buf.readUInt8(buf.length - 1); + var derbuf = buf.slice(0, buf.length - 1); + var sig = new Signature.fromDER(derbuf, false); + sig.nhashtype = nhashtype; + return sig; }; -/** - * Sort this transaction's outputs, according to a given sorting function that - * takes an array as argument and returns a new array, with the same elements - * but with a different order. The argument function MUST NOT modify the order - * of the original array - * - * @param {Function} sortingFunction - * @return {Transaction} this - */ -Transaction.prototype.sortOutputs = function(sortingFunction) { - var outs = sortingFunction(this.outputs); - return this._newOutputOrder(outs); +Signature.fromString = function(str) { + var buf = new Buffer(str, 'hex'); + return Signature.fromDER(buf); }; + /** - * Sort this transaction's inputs, according to a given sorting function that - * takes an array as argument and returns a new array, with the same elements - * but with a different order. - * - * @param {Function} sortingFunction - * @return {Transaction} this + * In order to mimic the non-strict DER encoding of OpenSSL, set strict = false. */ -Transaction.prototype.sortInputs = function(sortingFunction) { - this.inputs = sortingFunction(this.inputs); - this._clearSignatures(); - return this; -}; - -Transaction.prototype._newOutputOrder = function(newOutputs) { - var isInvalidSorting = (this.outputs.length !== newOutputs.length || - _.difference(this.outputs, newOutputs).length !== 0); - if (isInvalidSorting) { - throw new errors.Transaction.InvalidSorting(); +Signature.parseDER = function(buf, strict) { + $.checkArgument(BufferUtil.isBuffer(buf), new Error('DER formatted signature should be a buffer')); + if (_.isUndefined(strict)) { + strict = true; } - if (!_.isUndefined(this._changeIndex)) { - var changeOutput = this.outputs[this._changeIndex]; - this._changeIndex = _.findIndex(newOutputs, changeOutput); - } + var header = buf[0]; + $.checkArgument(header === 0x30, new Error('Header byte should be 0x30')); - this.outputs = newOutputs; - return this; + var length = buf[1]; + var buflength = buf.slice(2).length; + $.checkArgument(!strict || length === buflength, new Error('Length byte should length of what follows')); + + length = length < buflength ? length : buflength; + + var rheader = buf[2 + 0]; + $.checkArgument(rheader === 0x02, new Error('Integer byte for r should be 0x02')); + + var rlength = buf[2 + 1]; + var rbuf = buf.slice(2 + 2, 2 + 2 + rlength); + var r = BN.fromBuffer(rbuf); + var rneg = buf[2 + 1 + 1] === 0x00 ? true : false; + $.checkArgument(rlength === rbuf.length, new Error('Length of r incorrect')); + + var sheader = buf[2 + 2 + rlength + 0]; + $.checkArgument(sheader === 0x02, new Error('Integer byte for s should be 0x02')); + + var slength = buf[2 + 2 + rlength + 1]; + var sbuf = buf.slice(2 + 2 + rlength + 2, 2 + 2 + rlength + 2 + slength); + var s = BN.fromBuffer(sbuf); + var sneg = buf[2 + 2 + rlength + 2 + 2] === 0x00 ? true : false; + $.checkArgument(slength === sbuf.length, new Error('Length of s incorrect')); + + var sumlength = 2 + 2 + rlength + 2 + slength; + $.checkArgument(length === sumlength - 2, new Error('Length of signature incorrect')); + + var obj = { + header: header, + length: length, + rheader: rheader, + rlength: rlength, + rneg: rneg, + rbuf: rbuf, + r: r, + sheader: sheader, + slength: slength, + sneg: sneg, + sbuf: sbuf, + s: s + }; + + return obj; }; -Transaction.prototype.removeInput = function(txId, outputIndex) { - var index; - if (!outputIndex && _.isNumber(txId)) { - index = txId; - } else { - index = _.findIndex(this.inputs, function(input) { - return input.prevTxId.toString('hex') === txId && input.outputIndex === outputIndex; - }); + +Signature.prototype.toCompact = function(i, compressed) { + i = typeof i === 'number' ? i : this.i; + compressed = typeof compressed === 'boolean' ? compressed : this.compressed; + + if (!(i === 0 || i === 1 || i === 2 || i === 3)) { + throw new Error('i must be equal to 0, 1, 2, or 3'); } - if (index < 0 || index >= this.inputs.length) { - throw new errors.Transaction.InvalidIndex(index, this.inputs.length); + + var val = i + 27 + 4; + if (compressed === false) { + val = val - 4; } - var input = this.inputs[index]; - this.inputs = _.without(this.inputs, input); - this._inputAmount = undefined; - this._updateChangeOutput(); + var b1 = new Buffer([val]); + var b2 = this.r.toBuffer({ + size: 32 + }); + var b3 = this.s.toBuffer({ + size: 32 + }); + return Buffer.concat([b1, b2, b3]); }; -/* Signature handling */ +Signature.prototype.toBuffer = Signature.prototype.toDER = function() { + var rnbuf = this.r.toBuffer(); + var snbuf = this.s.toBuffer(); -/** - * Sign the transaction using one or more private keys. - * - * It tries to sign each input, verifying that the signature will be valid - * (matches a public key). - * - * @param {Array|String|PrivateKey} privateKey - * @param {number} sigtype - * @return {Transaction} this, for chaining - */ -Transaction.prototype.sign = function(privateKey, sigtype) { - $.checkState(this.hasAllUtxoInfo()); - var self = this; - if (_.isArray(privateKey)) { - _.each(privateKey, function(privateKey) { - self.sign(privateKey, sigtype); - }); - return this; - } - _.each(this.getSignatures(privateKey, sigtype), function(signature) { - self.applySignature(signature); - }); - return this; -}; - -Transaction.prototype.getSignatures = function(privKey, sigtype) { - privKey = new PrivateKey(privKey); - sigtype = sigtype || Signature.SIGHASH_ALL; - var transaction = this; - var results = []; - var hashData = Hash.sha256ripemd160(privKey.publicKey.toBuffer()); - _.each(this.inputs, function forEachInput(input, index) { - _.each(input.getSignatures(transaction, privKey, index, sigtype, hashData), function(signature) { - results.push(signature); - }); - }); - return results; -}; + var rneg = rnbuf[0] & 0x80 ? true : false; + var sneg = snbuf[0] & 0x80 ? true : false; -/** - * Add a signature to the transaction - * - * @param {Object} signature - * @param {number} signature.inputIndex - * @param {number} signature.sigtype - * @param {PublicKey} signature.publicKey - * @param {Signature} signature.signature - * @return {Transaction} this, for chaining - */ -Transaction.prototype.applySignature = function(signature) { - this.inputs[signature.inputIndex].addSignature(this, signature); - return this; -}; + var rbuf = rneg ? Buffer.concat([new Buffer([0x00]), rnbuf]) : rnbuf; + var sbuf = sneg ? Buffer.concat([new Buffer([0x00]), snbuf]) : snbuf; -Transaction.prototype.isFullySigned = function() { - _.each(this.inputs, function(input) { - if (input.isFullySigned === Input.prototype.isFullySigned) { - throw new errors.Transaction.UnableToVerifySignature( - 'Unrecognized script kind, or not enough information to execute script.' + - 'This usually happens when creating a transaction from a serialized transaction' - ); - } - }); - return _.all(_.map(this.inputs, function(input) { - return input.isFullySigned(); - })); -}; + var rlength = rbuf.length; + var slength = sbuf.length; + var length = 2 + rlength + 2 + slength; + var rheader = 0x02; + var sheader = 0x02; + var header = 0x30; -Transaction.prototype.isValidSignature = function(signature) { - var self = this; - if (this.inputs[signature.inputIndex].isValidSignature === Input.prototype.isValidSignature) { - throw new errors.Transaction.UnableToVerifySignature( - 'Unrecognized script kind, or not enough information to execute script.' + - 'This usually happens when creating a transaction from a serialized transaction' - ); - } - return this.inputs[signature.inputIndex].isValidSignature(self, signature); + var der = Buffer.concat([new Buffer([header, length, rheader, rlength]), rbuf, new Buffer([sheader, slength]), sbuf]); + return der; }; -/** - * @returns {bool} whether the signature is valid for this transaction input - */ -Transaction.prototype.verifySignature = function(sig, pubkey, nin, subscript) { - return Sighash.verify(this, sig, pubkey, nin, subscript); +Signature.prototype.toString = function() { + var buf = this.toDER(); + return buf.toString('hex'); }; /** - * Check that a transaction passes basic sanity tests. If not, return a string - * describing the error. This function contains the same logic as - * CheckTransaction in bitcoin core. + * This function is translated from bitcoind's IsDERSignature and is used in + * the script interpreter. This "DER" format actually includes an extra byte, + * the nhashtype, at the end. It is really the tx format, not DER format. + * + * A canonical signature exists of: [30] [total len] [02] [len R] [R] [02] [len S] [S] [hashtype] + * Where R and S are not negative (their first byte has its highest bit not set), and not + * excessively padded (do not start with a 0 byte, unless an otherwise negative number follows, + * in which case a single 0 byte is necessary and even required). + * + * See https://bitcointalk.org/index.php?topic=8392.msg127623#msg127623 */ -Transaction.prototype.verify = function() { - // Basic checks that don't depend on any context - if (this.inputs.length === 0) { - return 'transaction txins empty'; +Signature.isTxDER = function(buf) { + if (buf.length < 9) { + // Non-canonical signature: too short + return false; } - - if (this.outputs.length === 0) { - return 'transaction txouts empty'; + if (buf.length > 73) { + // Non-canonical signature: too long + return false; } - - // Check for negative or overflow output values - var valueoutbn = new BN(0); - for (var i = 0; i < this.outputs.length; i++) { - var txout = this.outputs[i]; - - if (txout.invalidSatoshis()) { - return 'transaction txout ' + i + ' satoshis is invalid'; - } - if (txout._satoshisBN.gt(new BN(Transaction.MAX_MONEY, 10))) { - return 'transaction txout ' + i + ' greater than MAX_MONEY'; - } - valueoutbn = valueoutbn.add(txout._satoshisBN); - if (valueoutbn.gt(new BN(Transaction.MAX_MONEY))) { - return 'transaction txout ' + i + ' total output greater than MAX_MONEY'; - } + if (buf[0] !== 0x30) { + // Non-canonical signature: wrong type + return false; } - - // Size limits - if (this.toBuffer().length > MAX_BLOCK_SIZE) { - return 'transaction over the maximum block size'; + if (buf[1] !== buf.length - 3) { + // Non-canonical signature: wrong length marker + return false; + } + var nLenR = buf[3]; + if (5 + nLenR >= buf.length) { + // Non-canonical signature: S length misplaced + return false; + } + var nLenS = buf[5 + nLenR]; + if ((nLenR + nLenS + 7) !== buf.length) { + // Non-canonical signature: R+S length mismatch + return false; } - // Check for duplicate inputs - var txinmap = {}; - for (i = 0; i < this.inputs.length; i++) { - var txin = this.inputs[i]; + var R = buf.slice(4); + if (buf[4 - 2] !== 0x02) { + // Non-canonical signature: R value type mismatch + return false; + } + if (nLenR === 0) { + // Non-canonical signature: R length is zero + return false; + } + if (R[0] & 0x80) { + // Non-canonical signature: R value negative + return false; + } + if (nLenR > 1 && (R[0] === 0x00) && !(R[1] & 0x80)) { + // Non-canonical signature: R value excessively padded + return false; + } - var inputid = txin.prevTxId + ':' + txin.outputIndex; - if (!_.isUndefined(txinmap[inputid])) { - return 'transaction input ' + i + ' duplicate input'; - } - txinmap[inputid] = true; + var S = buf.slice(6 + nLenR); + if (buf[6 + nLenR - 2] !== 0x02) { + // Non-canonical signature: S value type mismatch + return false; + } + if (nLenS === 0) { + // Non-canonical signature: S length is zero + return false; + } + if (S[0] & 0x80) { + // Non-canonical signature: S value negative + return false; + } + if (nLenS > 1 && (S[0] === 0x00) && !(S[1] & 0x80)) { + // Non-canonical signature: S value excessively padded + return false; } + return true; +}; - var isCoinbase = this.isCoinbase(); - if (isCoinbase) { - var buf = this.inputs[0]._scriptBuffer; - if (buf.length < 2 || buf.length > 100) { - return 'coinbase transaction script size invalid'; - } - } else { - for (i = 0; i < this.inputs.length; i++) { - if (this.inputs[i].isNull()) { - return 'transaction input ' + i + ' has null input'; - } - } +/** + * Compares to bitcoind's IsLowDERSignature + * See also ECDSA signature algorithm which enforces this. + * See also BIP 62, "low S values in signatures" + */ +Signature.prototype.hasLowS = function() { + if (this.s.lt(new BN(1)) || + this.s.gt(new BN('7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0', 'hex'))) { + return false; } return true; }; /** - * Analogous to bitcoind's IsCoinBase function in transaction.h + * @returns true if the nhashtype is exactly equal to one of the standard options or combinations thereof. + * Translated from bitcoind's IsDefinedHashtypeSignature */ -Transaction.prototype.isCoinbase = function() { - return (this.inputs.length === 1 && this.inputs[0].isNull()); +Signature.prototype.hasDefinedHashtype = function() { + if (!JSUtil.isNaturalNumber(this.nhashtype)) { + return false; + } + // accept with or without Signature.SIGHASH_ANYONECANPAY by ignoring the bit + var temp = this.nhashtype & ~Signature.SIGHASH_ANYONECANPAY; + if (temp < Signature.SIGHASH_ALL || temp > Signature.SIGHASH_SINGLE) { + return false; + } + return true; +}; + +Signature.prototype.toTxFormat = function() { + var derbuf = this.toDER(); + var buf = new Buffer(1); + buf.writeUInt8(this.nhashtype, 0); + return Buffer.concat([derbuf, buf]); }; +Signature.SIGHASH_ALL = 0x01; +Signature.SIGHASH_NONE = 0x02; +Signature.SIGHASH_SINGLE = 0x03; +Signature.SIGHASH_ANYONECANPAY = 0x80; -module.exports = Transaction; +module.exports = Signature; }).call(this,require("buffer").Buffer) -},{"../address":8,"../crypto/bn":13,"../crypto/hash":15,"../crypto/signature":18,"../encoding/bufferreader":21,"../encoding/bufferwriter":22,"../errors":24,"../privatekey":31,"../script":33,"../util/buffer":50,"../util/js":51,"../util/preconditions":52,"./input":37,"./output":43,"./sighash":44,"./unspentoutput":47,"buffer":94,"buffer-compare":55,"lodash":78}],47:[function(require,module,exports){ +},{"../util/buffer":68,"../util/js":69,"../util/preconditions":70,"./bn":31,"buffer":158,"lodash":96}],37:[function(require,module,exports){ +(function (Buffer){ 'use strict'; var _ = require('lodash'); -var $ = require('../util/preconditions'); -var JSUtil = require('../util/js'); +var bs58 = require('bs58'); +var buffer = require('buffer'); -var Script = require('../script'); -var Address = require('../address'); -var Unit = require('../unit'); +var ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz'.split(''); -/** - * Represents an unspent output information: its script, associated amount and address, - * transaction id and output index. - * - * @constructor - * @param {object} data - * @param {string} data.txid the previous transaction id - * @param {string=} data.txId alias for `txid` - * @param {number} data.vout the index in the transaction - * @param {number=} data.outputIndex alias for `vout` - * @param {string|Script} data.scriptPubKey the script that must be resolved to release the funds - * @param {string|Script=} data.script alias for `scriptPubKey` - * @param {number} data.amount amount of bitcoins associated - * @param {number=} data.satoshis alias for `amount`, but expressed in satoshis (1 BTC = 1e8 satoshis) - * @param {string|Address=} data.address the associated address to the script, if provided - */ -function UnspentOutput(data) { - /* jshint maxcomplexity: 20 */ - /* jshint maxstatements: 20 */ - if (!(this instanceof UnspentOutput)) { - return new UnspentOutput(data); +var Base58 = function Base58(obj) { + /* jshint maxcomplexity: 8 */ + if (!(this instanceof Base58)) { + return new Base58(obj); } - $.checkArgument(_.isObject(data), 'Must provide an object from where to extract data'); - var address = data.address ? new Address(data.address) : undefined; - var txId = data.txid ? data.txid : data.txId; - if (!txId || !JSUtil.isHexaString(txId) || txId.length > 64) { - // TODO: Use the errors library - throw new Error('Invalid TXID in object', data); + if (Buffer.isBuffer(obj)) { + var buf = obj; + this.fromBuffer(buf); + } else if (typeof obj === 'string') { + var str = obj; + this.fromString(str); + } else if (obj) { + this.set(obj); } - var outputIndex = _.isUndefined(data.vout) ? data.outputIndex : data.vout; - if (!_.isNumber(outputIndex)) { - throw new Error('Invalid outputIndex, received ' + outputIndex); +}; + +Base58.validCharacters = function validCharacters(chars) { + if (buffer.Buffer.isBuffer(chars)) { + chars = chars.toString(); } - $.checkArgument(!_.isUndefined(data.scriptPubKey) || !_.isUndefined(data.script), - 'Must provide the scriptPubKey for that output!'); - var script = new Script(data.scriptPubKey || data.script); - $.checkArgument(!_.isUndefined(data.amount) || !_.isUndefined(data.satoshis), - 'Must provide an amount for the output'); - var amount = !_.isUndefined(data.amount) ? new Unit.fromBTC(data.amount).toSatoshis() : data.satoshis; - $.checkArgument(_.isNumber(amount), 'Amount must be a number'); - JSUtil.defineImmutable(this, { - address: address, - txId: txId, - outputIndex: outputIndex, - script: script, - satoshis: amount - }); -} + return _.all(_.map(chars, function(char) { return _.contains(ALPHABET, char); })); +}; -/** - * Provide an informative output when displaying this object in the console - * @returns string - */ -UnspentOutput.prototype.inspect = function() { - return ''; +Base58.prototype.set = function(obj) { + this.buf = obj.buf || this.buf || undefined; + return this; }; -/** - * String representation: just "txid:index" - * @returns string - */ -UnspentOutput.prototype.toString = function() { - return this.txId + ':' + this.outputIndex; +Base58.encode = function(buf) { + if (!buffer.Buffer.isBuffer(buf)) { + throw new Error('Input should be a buffer'); + } + return bs58.encode(buf); }; -/** - * Deserialize an UnspentOutput from an object - * @param {object|string} data - * @return UnspentOutput - */ -UnspentOutput.fromObject = function(data) { - return new UnspentOutput(data); +Base58.decode = function(str) { + if (typeof str !== 'string') { + throw new Error('Input should be a string'); + } + return new Buffer(bs58.decode(str)); }; -/** - * Returns a plain object (no prototype or methods) with the associated info for this output - * @return {object} - */ -UnspentOutput.prototype.toObject = UnspentOutput.prototype.toJSON = function toObject() { - return { - address: this.address ? this.address.toString() : undefined, - txid: this.txId, - vout: this.outputIndex, - scriptPubKey: this.script.toBuffer().toString('hex'), - amount: Unit.fromSatoshis(this.satoshis).toBTC() - }; +Base58.prototype.fromBuffer = function(buf) { + this.buf = buf; + return this; }; -module.exports = UnspentOutput; +Base58.prototype.fromString = function(str) { + var buf = Base58.decode(str); + this.buf = buf; + return this; +}; + +Base58.prototype.toBuffer = function() { + return this.buf; +}; + +Base58.prototype.toString = function() { + return Base58.encode(this.buf); +}; + +module.exports = Base58; -},{"../address":8,"../script":33,"../unit":48,"../util/js":51,"../util/preconditions":52,"lodash":78}],48:[function(require,module,exports){ +}).call(this,require("buffer").Buffer) +},{"bs58":72,"buffer":158,"lodash":96}],38:[function(require,module,exports){ +(function (Buffer){ 'use strict'; var _ = require('lodash'); +var Base58 = require('./base58'); +var buffer = require('buffer'); +var sha256sha256 = require('../crypto/hash').sha256sha256; -var errors = require('./errors'); -var $ = require('./util/preconditions'); +var Base58Check = function Base58Check(obj) { + if (!(this instanceof Base58Check)) + return new Base58Check(obj); + if (Buffer.isBuffer(obj)) { + var buf = obj; + this.fromBuffer(buf); + } else if (typeof obj === 'string') { + var str = obj; + this.fromString(str); + } else if (obj) { + this.set(obj); + } +}; -var UNITS = { - 'BTC' : [1e8, 8], - 'mBTC' : [1e5, 5], - 'uBTC' : [1e2, 2], - 'bits' : [1e2, 2], - 'satoshis' : [1, 0] +Base58Check.prototype.set = function(obj) { + this.buf = obj.buf || this.buf || undefined; + return this; }; -/** - * Utility for handling and converting bitcoins units. The supported units are - * BTC, mBTC, bits (also named uBTC) and satoshis. A unit instance can be created with an - * amount and a unit code, or alternatively using static methods like {fromBTC}. - * It also allows to be created from a fiat amount and the exchange rate, or - * alternatively using the {fromFiat} static method. - * You can consult for different representation of a unit instance using it's - * {to} method, the fixed unit methods like {toSatoshis} or alternatively using - * the unit accessors. It also can be converted to a fiat amount by providing the - * corresponding BTC/fiat exchange rate. - * - * @example - * ```javascript - * var sats = Unit.fromBTC(1.3).toSatoshis(); - * var mili = Unit.fromBits(1.3).to(Unit.mBTC); - * var bits = Unit.fromFiat(1.3, 350).bits; - * var btc = new Unit(1.3, Unit.bits).BTC; - * ``` - * - * @param {Number} amount - The amount to be represented - * @param {String|Number} code - The unit of the amount or the exchange rate - * @returns {Unit} A new instance of an Unit - * @constructor - */ -function Unit(amount, code) { - if (!(this instanceof Unit)) { - return new Unit(amount, code); +Base58Check.validChecksum = function validChecksum(data, checksum) { + if (_.isString(data)) { + data = new buffer.Buffer(Base58.decode(data)); } - - // convert fiat to BTC - if (_.isNumber(code)) { - if (code <= 0) { - throw new errors.Unit.InvalidRate(code); - } - amount = amount / code; - code = Unit.BTC; + if (_.isString(checksum)) { + checksum = new buffer.Buffer(Base58.decode(checksum)); } + if (!checksum) { + checksum = data.slice(-4); + data = data.slice(0, -4); + } + return Base58Check.checksum(data).toString('hex') === checksum.toString('hex'); +}; - this._value = this._from(amount, code); +Base58Check.decode = function(s) { + if (typeof s !== 'string') + throw new Error('Input must be a string'); - var self = this; - var defineAccesor = function(key) { - Object.defineProperty(self, key, { - get: function() { return self.to(key); }, - enumerable: true, - }); - }; + var buf = new Buffer(Base58.decode(s)); - Object.keys(UNITS).forEach(defineAccesor); -} + if (buf.length < 4) + throw new Error("Input string too short"); -Object.keys(UNITS).forEach(function(key) { - Unit[key] = key; -}); + var data = buf.slice(0, -4); + var csum = buf.slice(-4); -/** - * Returns a Unit instance created from JSON string or object - * - * @param {String|Object} json - JSON with keys: amount and code - * @returns {Unit} A Unit instance - */ -Unit.fromObject = function fromObject(data){ - $.checkArgument(_.isObject(data), 'Argument is expected to be an object'); - return new Unit(data.amount, data.code); + var hash = sha256sha256(data); + var hash4 = hash.slice(0, 4); + + if (csum.toString('hex') !== hash4.toString('hex')) + throw new Error("Checksum mismatch"); + + return data; }; -/** - * Returns a Unit instance created from an amount in BTC - * - * @param {Number} amount - The amount in BTC - * @returns {Unit} A Unit instance - */ -Unit.fromBTC = function(amount) { - return new Unit(amount, Unit.BTC); +Base58Check.checksum = function(buffer) { + return sha256sha256(buffer).slice(0, 4); }; -/** - * Returns a Unit instance created from an amount in mBTC - * - * @param {Number} amount - The amount in mBTC - * @returns {Unit} A Unit instance - */ -Unit.fromMillis = Unit.fromMilis = function(amount) { - return new Unit(amount, Unit.mBTC); +Base58Check.encode = function(buf) { + if (!Buffer.isBuffer(buf)) + throw new Error('Input must be a buffer'); + var checkedBuf = new Buffer(buf.length + 4); + var hash = Base58Check.checksum(buf); + buf.copy(checkedBuf); + hash.copy(checkedBuf, buf.length); + return Base58.encode(checkedBuf); }; -/** - * Returns a Unit instance created from an amount in bits - * - * @param {Number} amount - The amount in bits - * @returns {Unit} A Unit instance - */ -Unit.fromMicros = Unit.fromBits = function(amount) { - return new Unit(amount, Unit.bits); +Base58Check.prototype.fromBuffer = function(buf) { + this.buf = buf; + return this; }; -/** - * Returns a Unit instance created from an amount in satoshis - * - * @param {Number} amount - The amount in satoshis - * @returns {Unit} A Unit instance - */ -Unit.fromSatoshis = function(amount) { - return new Unit(amount, Unit.satoshis); +Base58Check.prototype.fromString = function(str) { + var buf = Base58Check.decode(str); + this.buf = buf; + return this; }; -/** - * Returns a Unit instance created from a fiat amount and exchange rate. - * - * @param {Number} amount - The amount in fiat - * @param {Number} rate - The exchange rate BTC/fiat - * @returns {Unit} A Unit instance - */ -Unit.fromFiat = function(amount, rate) { - return new Unit(amount, rate); +Base58Check.prototype.toBuffer = function() { + return this.buf; }; -Unit.prototype._from = function(amount, code) { - if (!UNITS[code]) { - throw new errors.Unit.UnknownCode(code); - } - return parseInt((amount * UNITS[code][0]).toFixed()); +Base58Check.prototype.toString = function() { + return Base58Check.encode(this.buf); }; -/** - * Returns the value represented in the specified unit - * - * @param {String|Number} code - The unit code or exchange rate - * @returns {Number} The converted value - */ -Unit.prototype.to = function(code) { - if (_.isNumber(code)) { - if (code <= 0) { - throw new errors.Unit.InvalidRate(code); - } - return parseFloat((this.BTC * code).toFixed(2)); - } +module.exports = Base58Check; - if (!UNITS[code]) { - throw new errors.Unit.UnknownCode(code); - } +}).call(this,require("buffer").Buffer) +},{"../crypto/hash":33,"./base58":37,"buffer":158,"lodash":96}],39:[function(require,module,exports){ +(function (Buffer){ +'use strict'; - var value = this._value / UNITS[code][0]; - return parseFloat(value.toFixed(UNITS[code][1])); -}; +var _ = require('lodash'); +var $ = require('../util/preconditions'); +var BufferUtil = require('../util/buffer'); +var BN = require('../crypto/bn'); -/** - * Returns the value represented in BTC - * - * @returns {Number} The value converted to BTC - */ -Unit.prototype.toBTC = function() { - return this.to(Unit.BTC); +var BufferReader = function BufferReader(buf) { + if (!(this instanceof BufferReader)) { + return new BufferReader(buf); + } + if (_.isUndefined(buf)) { + return; + } + if (Buffer.isBuffer(buf)) { + this.set({ + buf: buf + }); + } else if (_.isString(buf)) { + this.set({ + buf: new Buffer(buf, 'hex'), + }); + } else if (_.isObject(buf)) { + var obj = buf; + this.set(obj); + } else { + throw new TypeError('Unrecognized argument for BufferReader'); + } }; -/** - * Returns the value represented in mBTC - * - * @returns {Number} The value converted to mBTC - */ -Unit.prototype.toMillis = Unit.prototype.toMilis = function() { - return this.to(Unit.mBTC); +BufferReader.prototype.set = function(obj) { + this.buf = obj.buf || this.buf || undefined; + this.pos = obj.pos || this.pos || 0; + return this; }; -/** - * Returns the value represented in bits - * - * @returns {Number} The value converted to bits - */ -Unit.prototype.toMicros = Unit.prototype.toBits = function() { - return this.to(Unit.bits); +BufferReader.prototype.eof = function() { + return this.pos >= this.buf.length; }; -/** - * Returns the value represented in satoshis - * - * @returns {Number} The value converted to satoshis - */ -Unit.prototype.toSatoshis = function() { - return this.to(Unit.satoshis); -}; +BufferReader.prototype.finished = BufferReader.prototype.eof; -/** - * Returns the value represented in fiat - * - * @param {string} rate - The exchange rate between BTC/currency - * @returns {Number} The value converted to satoshis - */ -Unit.prototype.atRate = function(rate) { - return this.to(rate); +BufferReader.prototype.read = function(len) { + $.checkArgument(!_.isUndefined(len), 'Must specify a length'); + var buf = this.buf.slice(this.pos, this.pos + len); + this.pos = this.pos + len; + return buf; }; -/** - * Returns a the string representation of the value in satoshis - * - * @returns {string} the value in satoshis - */ -Unit.prototype.toString = function() { - return this.satoshis + ' satoshis'; +BufferReader.prototype.readAll = function() { + var buf = this.buf.slice(this.pos, this.buf.length); + this.pos = this.buf.length; + return buf; }; -/** - * Returns a plain object representation of the Unit - * - * @returns {Object} An object with the keys: amount and code - */ -Unit.prototype.toObject = Unit.prototype.toJSON = function toObject() { - return { - amount: this.BTC, - code: Unit.BTC - }; +BufferReader.prototype.readUInt8 = function() { + var val = this.buf.readUInt8(this.pos); + this.pos = this.pos + 1; + return val; }; -/** - * Returns a string formatted for the console - * - * @returns {string} the value in satoshis - */ -Unit.prototype.inspect = function() { - return ''; +BufferReader.prototype.readUInt16BE = function() { + var val = this.buf.readUInt16BE(this.pos); + this.pos = this.pos + 2; + return val; }; -module.exports = Unit; - -},{"./errors":24,"./util/preconditions":52,"lodash":78}],49:[function(require,module,exports){ -'use strict'; - -var _ = require('lodash'); -var URL = require('url'); +BufferReader.prototype.readUInt16LE = function() { + var val = this.buf.readUInt16LE(this.pos); + this.pos = this.pos + 2; + return val; +}; -var Address = require('./address'); -var Unit = require('./unit'); +BufferReader.prototype.readUInt32BE = function() { + var val = this.buf.readUInt32BE(this.pos); + this.pos = this.pos + 4; + return val; +}; -/** - * Bitcore URI - * - * Instantiate an URI from a bitcoin URI String or an Object. An URI instance - * can be created with a bitcoin uri string or an object. All instances of - * URI are valid, the static method isValid allows checking before instantiation. - * - * All standard parameters can be found as members of the class, the address - * is represented using an {Address} instance and the amount is represented in - * satoshis. Any other non-standard parameters can be found under the extra member. - * - * @example - * ```javascript - * - * var uri = new URI('bitcoin:12A1MyfXbW6RhdRAZEqofac5jCQQjwEPBu?amount=1.2'); - * console.log(uri.address, uri.amount); - * ``` - * - * @param {string|Object} data - A bitcoin URI string or an Object - * @param {Array.=} knownParams - Required non-standard params - * @throws {TypeError} Invalid bitcoin address - * @throws {TypeError} Invalid amount - * @throws {Error} Unknown required argument - * @returns {URI} A new valid and frozen instance of URI - * @constructor - */ -var URI = function(data, knownParams) { - if (!(this instanceof URI)) { - return new URI(data, knownParams); - } +BufferReader.prototype.readUInt32LE = function() { + var val = this.buf.readUInt32LE(this.pos); + this.pos = this.pos + 4; + return val; +}; - this.extras = {}; - this.knownParams = knownParams || []; - this.address = this.network = this.amount = this.message = null; +BufferReader.prototype.readUInt64BEBN = function() { + var buf = this.buf.slice(this.pos, this.pos + 8); + var bn = BN.fromBuffer(buf); + this.pos = this.pos + 8; + return bn; +}; - if (typeof(data) === 'string') { - var params = URI.parse(data); - if (params.amount) { - params.amount = this._parseAmount(params.amount); - } - this._fromObject(params); - } else if (typeof(data) === 'object') { - this._fromObject(data); +BufferReader.prototype.readUInt64LEBN = function() { + var second = this.buf.readUInt32LE(this.pos); + var first = this.buf.readUInt32LE(this.pos + 4); + var combined = (first * 0x100000000) + second; + // Instantiating an instance of BN with a number is faster than with an + // array or string. However, the maximum safe number for a double precision + // floating point is 2 ^ 52 - 1 (0x1fffffffffffff), thus we can safely use + // non-floating point numbers less than this amount (52 bits). And in the case + // that the number is larger, we can instatiate an instance of BN by passing + // an array from the buffer (slower) and specifying the endianness. + var bn; + if (combined <= 0x1fffffffffffff) { + bn = new BN(combined); } else { - throw new TypeError('Unrecognized data format.'); + var data = Array.prototype.slice.call(this.buf, this.pos, this.pos + 8); + bn = new BN(data, 10, 'le'); } + this.pos = this.pos + 8; + return bn; }; -/** - * Instantiate a URI from a String - * - * @param {string} str - JSON string or object of the URI - * @returns {URI} A new instance of a URI - */ -URI.fromString = function fromString(str) { - if (typeof(str) !== 'string') { - throw new TypeError('Expected a string'); +BufferReader.prototype.readVarintNum = function() { + var first = this.readUInt8(); + switch (first) { + case 0xFD: + return this.readUInt16LE(); + case 0xFE: + return this.readUInt32LE(); + case 0xFF: + var bn = this.readUInt64LEBN(); + var n = bn.toNumber(); + if (n <= Math.pow(2, 53)) { + return n; + } else { + throw new Error('number too large to retain precision - use readVarintBN'); + } + break; + default: + return first; } - return new URI(str); }; /** - * Instantiate a URI from an Object - * - * @param {Object} data - object of the URI - * @returns {URI} A new instance of a URI + * reads a length prepended buffer */ -URI.fromObject = function fromObject(json) { - return new URI(json); +BufferReader.prototype.readVarLengthBuffer = function() { + var len = this.readVarintNum(); + var buf = this.read(len); + $.checkState(buf.length === len, 'Invalid length while reading varlength buffer. ' + + 'Expected to read: ' + len + ' and read ' + buf.length); + return buf; }; -/** - * Check if an bitcoin URI string is valid - * - * @example - * ```javascript - * - * var valid = URI.isValid('bitcoin:12A1MyfXbW6RhdRAZEqofac5jCQQjwEPBu'); - * // true - * ``` - * - * @param {string|Object} data - A bitcoin URI string or an Object - * @param {Array.=} knownParams - Required non-standard params - * @returns {boolean} Result of uri validation - */ -URI.isValid = function(arg, knownParams) { - try { - new URI(arg, knownParams); - } catch (err) { - return false; +BufferReader.prototype.readVarintBuf = function() { + var first = this.buf.readUInt8(this.pos); + switch (first) { + case 0xFD: + return this.read(1 + 2); + case 0xFE: + return this.read(1 + 4); + case 0xFF: + return this.read(1 + 8); + default: + return this.read(1); } - return true; }; -/** - * Convert a bitcoin URI string into a simple object. - * - * @param {string} uri - A bitcoin URI string - * @throws {TypeError} Invalid bitcoin URI - * @returns {Object} An object with the parsed params - */ -URI.parse = function(uri) { - var info = URL.parse(uri, true); - - if (info.protocol !== 'bitcoin:') { - throw new TypeError('Invalid bitcoin URI'); +BufferReader.prototype.readVarintBN = function() { + var first = this.readUInt8(); + switch (first) { + case 0xFD: + return new BN(this.readUInt16LE()); + case 0xFE: + return new BN(this.readUInt32LE()); + case 0xFF: + return this.readUInt64LEBN(); + default: + return new BN(first); } - - // workaround to host insensitiveness - var group = /[^:]*:\/?\/?([^?]*)/.exec(uri); - info.query.address = group && group[1] || undefined; - - return info.query; }; -URI.Members = ['address', 'amount', 'message', 'label', 'r']; - -/** - * Internal function to load the URI instance with an object. - * - * @param {Object} obj - Object with the information - * @throws {TypeError} Invalid bitcoin address - * @throws {TypeError} Invalid amount - * @throws {Error} Unknown required argument - */ -URI.prototype._fromObject = function(obj) { - /* jshint maxcomplexity: 10 */ +BufferReader.prototype.reverse = function() { + var buf = new Buffer(this.buf.length); + for (var i = 0; i < buf.length; i++) { + buf[i] = this.buf[this.buf.length - 1 - i]; + } + this.buf = buf; + return this; +}; - if (!Address.isValid(obj.address)) { - throw new TypeError('Invalid bitcoin address'); +BufferReader.prototype.readReverse = function(len) { + if (_.isUndefined(len)) { + len = this.buf.length; } + var buf = this.buf.slice(this.pos, this.pos + len); + this.pos = this.pos + len; + return BufferUtil.reverse(buf); +}; - this.address = new Address(obj.address); - this.network = this.address.network; - this.amount = obj.amount; +module.exports = BufferReader; - for (var key in obj) { - if (key === 'address' || key === 'amount') { - continue; - } +}).call(this,require("buffer").Buffer) +},{"../crypto/bn":31,"../util/buffer":68,"../util/preconditions":70,"buffer":158,"lodash":96}],40:[function(require,module,exports){ +(function (Buffer){ +'use strict'; - if (/^req-/.exec(key) && this.knownParams.indexOf(key) === -1) { - throw Error('Unknown required argument ' + key); - } +var bufferUtil = require('../util/buffer'); +var assert = require('assert'); - var destination = URI.Members.indexOf(key) > -1 ? this : this.extras; - destination[key] = obj[key]; - } +var BufferWriter = function BufferWriter(obj) { + if (!(this instanceof BufferWriter)) + return new BufferWriter(obj); + if (obj) + this.set(obj); + else + this.bufs = []; }; -/** - * Internal function to transform a BTC string amount into satoshis - * - * @param {string} amount - Amount BTC string - * @throws {TypeError} Invalid amount - * @returns {Object} Amount represented in satoshis - */ -URI.prototype._parseAmount = function(amount) { - amount = Number(amount); - if (isNaN(amount)) { - throw new TypeError('Invalid amount'); - } - return Unit.fromBTC(amount).toSatoshis(); +BufferWriter.prototype.set = function(obj) { + this.bufs = obj.bufs || this.bufs || []; + return this; }; -URI.prototype.toObject = URI.prototype.toJSON = function toObject() { - var json = {}; - for (var i = 0; i < URI.Members.length; i++) { - var m = URI.Members[i]; - if (this.hasOwnProperty(m) && typeof(this[m]) !== 'undefined') { - json[m] = this[m].toString(); - } - } - _.extend(json, this.extras); - return json; +BufferWriter.prototype.toBuffer = function() { + return this.concat(); }; -/** - * Will return a the string representation of the URI - * - * @returns {string} Bitcoin URI string - */ -URI.prototype.toString = function() { - var query = {}; - if (this.amount) { - query.amount = Unit.fromSatoshis(this.amount).toBTC(); - } - if (this.message) { - query.message = this.message; - } - if (this.label) { - query.label = this.label; - } - if (this.r) { - query.r = this.r; - } - _.extend(query, this.extras); - - return URL.format({ - protocol: 'bitcoin:', - host: this.address, - query: query - }); +BufferWriter.prototype.concat = function() { + return Buffer.concat(this.bufs); }; -/** - * Will return a string formatted for the console - * - * @returns {string} Bitcoin URI - */ -URI.prototype.inspect = function() { - return ''; +BufferWriter.prototype.write = function(buf) { + assert(bufferUtil.isBuffer(buf)); + this.bufs.push(buf); + return this; }; -module.exports = URI; +BufferWriter.prototype.writeReverse = function(buf) { + assert(bufferUtil.isBuffer(buf)); + this.bufs.push(bufferUtil.reverse(buf)); + return this; +}; -},{"./address":8,"./unit":48,"lodash":78,"url":312}],50:[function(require,module,exports){ -(function (Buffer){ -'use strict'; +BufferWriter.prototype.writeUInt8 = function(n) { + var buf = new Buffer(1); + buf.writeUInt8(n, 0); + this.write(buf); + return this; +}; -var buffer = require('buffer'); -var assert = require('assert'); - -var js = require('./js'); -var $ = require('./preconditions'); +BufferWriter.prototype.writeUInt16BE = function(n) { + var buf = new Buffer(2); + buf.writeUInt16BE(n, 0); + this.write(buf); + return this; +}; -function equals(a, b) { - if (a.length !== b.length) { - return false; - } - var length = a.length; - for (var i = 0; i < length; i++) { - if (a[i] !== b[i]) { - return false; - } - } - return true; -} +BufferWriter.prototype.writeUInt16LE = function(n) { + var buf = new Buffer(2); + buf.writeUInt16LE(n, 0); + this.write(buf); + return this; +}; -module.exports = { - /** - * Fill a buffer with a value. - * - * @param {Buffer} buffer - * @param {number} value - * @return {Buffer} - */ - fill: function fill(buffer, value) { - $.checkArgumentType(buffer, 'Buffer', 'buffer'); - $.checkArgumentType(value, 'number', 'value'); - var length = buffer.length; - for (var i = 0; i < length; i++) { - buffer[i] = value; - } - return buffer; - }, +BufferWriter.prototype.writeUInt32BE = function(n) { + var buf = new Buffer(4); + buf.writeUInt32BE(n, 0); + this.write(buf); + return this; +}; - /** - * Return a copy of a buffer - * - * @param {Buffer} original - * @return {Buffer} - */ - copy: function(original) { - var buffer = new Buffer(original.length); - original.copy(buffer); - return buffer; - }, +BufferWriter.prototype.writeInt32LE = function(n) { + var buf = new Buffer(4); + buf.writeInt32LE(n, 0); + this.write(buf); + return this; +}; - /** - * Returns true if the given argument is an instance of a buffer. Tests for - * both node's Buffer and Uint8Array - * - * @param {*} arg - * @return {boolean} - */ - isBuffer: function isBuffer(arg) { - return buffer.Buffer.isBuffer(arg) || arg instanceof Uint8Array; - }, +BufferWriter.prototype.writeUInt32LE = function(n) { + var buf = new Buffer(4); + buf.writeUInt32LE(n, 0); + this.write(buf); + return this; +}; - /** - * Returns a zero-filled byte array - * - * @param {number} bytes - * @return {Buffer} - */ - emptyBuffer: function emptyBuffer(bytes) { - $.checkArgumentType(bytes, 'number', 'bytes'); - var result = new buffer.Buffer(bytes); - for (var i = 0; i < bytes; i++) { - result.write('\0', i); - } - return result; - }, +BufferWriter.prototype.writeUInt64BEBN = function(bn) { + var buf = bn.toBuffer({size: 8}); + this.write(buf); + return this; +}; - /** - * Concatenates a buffer - * - * Shortcut for buffer.Buffer.concat - */ - concat: buffer.Buffer.concat, +BufferWriter.prototype.writeUInt64LEBN = function(bn) { + var buf = bn.toBuffer({size: 8}); + this.writeReverse(buf); + return this; +}; - equals: equals, - equal: equals, +BufferWriter.prototype.writeVarintNum = function(n) { + var buf = BufferWriter.varintBufNum(n); + this.write(buf); + return this; +}; - /** - * Transforms a number from 0 to 255 into a Buffer of size 1 with that value - * - * @param {number} integer - * @return {Buffer} - */ - integerAsSingleByteBuffer: function integerAsSingleByteBuffer(integer) { - $.checkArgumentType(integer, 'number', 'integer'); - return new buffer.Buffer([integer & 0xff]); - }, +BufferWriter.prototype.writeVarintBN = function(bn) { + var buf = BufferWriter.varintBufBN(bn); + this.write(buf); + return this; +}; - /** - * Transform a 4-byte integer into a Buffer of length 4. - * - * @param {number} integer - * @return {Buffer} - */ - integerAsBuffer: function integerAsBuffer(integer) { - $.checkArgumentType(integer, 'number', 'integer'); - var bytes = []; - bytes.push((integer >> 24) & 0xff); - bytes.push((integer >> 16) & 0xff); - bytes.push((integer >> 8) & 0xff); - bytes.push(integer & 0xff); - return new Buffer(bytes); - }, +BufferWriter.varintBufNum = function(n) { + var buf = undefined; + if (n < 253) { + buf = new Buffer(1); + buf.writeUInt8(n, 0); + } else if (n < 0x10000) { + buf = new Buffer(1 + 2); + buf.writeUInt8(253, 0); + buf.writeUInt16LE(n, 1); + } else if (n < 0x100000000) { + buf = new Buffer(1 + 4); + buf.writeUInt8(254, 0); + buf.writeUInt32LE(n, 1); + } else { + buf = new Buffer(1 + 8); + buf.writeUInt8(255, 0); + buf.writeInt32LE(n & -1, 1); + buf.writeUInt32LE(Math.floor(n / 0x100000000), 5); + } + return buf; +}; - /** - * Transform the first 4 values of a Buffer into a number, in little endian encoding - * - * @param {Buffer} buffer - * @return {number} - */ - integerFromBuffer: function integerFromBuffer(buffer) { - $.checkArgumentType(buffer, 'Buffer', 'buffer'); - return buffer[0] << 24 | buffer[1] << 16 | buffer[2] << 8 | buffer[3]; - }, +BufferWriter.varintBufBN = function(bn) { + var buf = undefined; + var n = bn.toNumber(); + if (n < 253) { + buf = new Buffer(1); + buf.writeUInt8(n, 0); + } else if (n < 0x10000) { + buf = new Buffer(1 + 2); + buf.writeUInt8(253, 0); + buf.writeUInt16LE(n, 1); + } else if (n < 0x100000000) { + buf = new Buffer(1 + 4); + buf.writeUInt8(254, 0); + buf.writeUInt32LE(n, 1); + } else { + var bw = new BufferWriter(); + bw.writeUInt8(255); + bw.writeUInt64LEBN(bn); + var buf = bw.concat(); + } + return buf; +}; - /** - * Transforms the first byte of an array into a number ranging from -128 to 127 - * @param {Buffer} buffer - * @return {number} - */ - integerFromSingleByteBuffer: function integerFromBuffer(buffer) { - $.checkArgumentType(buffer, 'Buffer', 'buffer'); - return buffer[0]; - }, +module.exports = BufferWriter; - /** - * Transforms a buffer into a string with a number in hexa representation - * - * Shorthand for buffer.toString('hex') - * - * @param {Buffer} buffer - * @return {string} - */ - bufferToHex: function bufferToHex(buffer) { - $.checkArgumentType(buffer, 'Buffer', 'buffer'); - return buffer.toString('hex'); - }, +}).call(this,require("buffer").Buffer) +},{"../util/buffer":68,"assert":22,"buffer":158}],41:[function(require,module,exports){ +(function (Buffer){ +'use strict'; - /** - * Reverse a buffer - * @param {Buffer} param - * @return {Buffer} - */ - reverse: function reverse(param) { - var ret = new buffer.Buffer(param.length); - for (var i = 0; i < param.length; i++) { - ret[i] = param[param.length - i - 1]; - } - return ret; - }, +var BufferWriter = require('./bufferwriter'); +var BufferReader = require('./bufferreader'); +var BN = require('../crypto/bn'); - /** - * Transforms an hexa encoded string into a Buffer with binary values - * - * Shorthand for Buffer(string, 'hex') - * - * @param {string} string - * @return {Buffer} - */ - hexToBuffer: function hexToBuffer(string) { - assert(js.isHexa(string)); - return new buffer.Buffer(string, 'hex'); +var Varint = function Varint(buf) { + if (!(this instanceof Varint)) + return new Varint(buf); + if (Buffer.isBuffer(buf)) { + this.buf = buf; + } else if (typeof buf === 'number') { + var num = buf; + this.fromNumber(num); + } else if (buf instanceof BN) { + var bn = buf; + this.fromBN(bn); + } else if (buf) { + var obj = buf; + this.set(obj); } }; -module.exports.NULL_HASH = module.exports.fill(new Buffer(32), 0); -module.exports.EMPTY_BUFFER = new Buffer(0); +Varint.prototype.set = function(obj) { + this.buf = obj.buf || this.buf; + return this; +}; -}).call(this,require("buffer").Buffer) -},{"./js":51,"./preconditions":52,"assert":92,"buffer":94}],51:[function(require,module,exports){ -'use strict'; +Varint.prototype.fromString = function(str) { + this.set({ + buf: new Buffer(str, 'hex') + }); + return this; +}; -var _ = require('lodash'); +Varint.prototype.toString = function() { + return this.buf.toString('hex'); +}; -/** - * Determines whether a string contains only hexadecimal values - * - * @name JSUtil.isHexa - * @param {string} value - * @return {boolean} true if the string is the hexa representation of a number - */ -var isHexa = function isHexa(value) { - if (!_.isString(value)) { - return false; - } - return /^[0-9a-fA-F]+$/.test(value); +Varint.prototype.fromBuffer = function(buf) { + this.buf = buf; + return this; }; -/** - * @namespace JSUtil - */ -module.exports = { - /** - * Test if an argument is a valid JSON object. If it is, returns a truthy - * value (the json object decoded), so no double JSON.parse call is necessary - * - * @param {string} arg - * @return {Object|boolean} false if the argument is not a JSON string. - */ - isValidJSON: function isValidJSON(arg) { - var parsed; - if (!_.isString(arg)) { - return false; - } - try { - parsed = JSON.parse(arg); - } catch (e) { - return false; - } - if (typeof(parsed) === 'object') { - return true; - } - return false; - }, - isHexa: isHexa, - isHexaString: isHexa, +Varint.prototype.fromBufferReader = function(br) { + this.buf = br.readVarintBuf(); + return this; +}; - /** - * Clone an array - */ - cloneArray: function(array) { - return [].concat(array); - }, +Varint.prototype.fromBN = function(bn) { + this.buf = BufferWriter().writeVarintBN(bn).concat(); + return this; +}; - /** - * Define immutable properties on a target object - * - * @param {Object} target - An object to be extended - * @param {Object} values - An object of properties - * @return {Object} The target object - */ - defineImmutable: function defineImmutable(target, values) { - Object.keys(values).forEach(function(key){ - Object.defineProperty(target, key, { - configurable: false, - enumerable: true, - value: values[key] - }); - }); - return target; - }, - /** - * Checks that a value is a natural number, a positive integer or zero. - * - * @param {*} value - * @return {Boolean} - */ - isNaturalNumber: function isNaturalNumber(value) { - return typeof value === 'number' && - isFinite(value) && - Math.floor(value) === value && - value >= 0; - } +Varint.prototype.fromNumber = function(num) { + this.buf = BufferWriter().writeVarintNum(num).concat(); + return this; +}; + +Varint.prototype.toBuffer = function() { + return this.buf; +}; + +Varint.prototype.toBN = function() { + return BufferReader(this.buf).readVarintBN(); +}; + +Varint.prototype.toNumber = function() { + return BufferReader(this.buf).readVarintNum(); }; -},{"lodash":78}],52:[function(require,module,exports){ +module.exports = Varint; + +}).call(this,require("buffer").Buffer) +},{"../crypto/bn":31,"./bufferreader":39,"./bufferwriter":40,"buffer":158}],42:[function(require,module,exports){ 'use strict'; -var errors = require('../errors'); var _ = require('lodash'); -module.exports = { - checkState: function(condition, message) { - if (!condition) { - throw new errors.InvalidState(message); - } - }, - checkArgument: function(condition, argumentName, message, docsPath) { - if (!condition) { - throw new errors.InvalidArgument(argumentName, message, docsPath); - } - }, - checkArgumentType: function(argument, type, argumentName) { - argumentName = argumentName || '(unknown name)'; - if (_.isString(type)) { - if (type === 'Buffer') { - var BufferUtil = require('./buffer'); - if (!BufferUtil.isBuffer(argument)) { - throw new errors.InvalidArgumentType(argument, type, argumentName); - } - } else if (typeof argument !== type) { - throw new errors.InvalidArgumentType(argument, type, argumentName); - } +function format(message, args) { + return message + .replace('{0}', args[0]) + .replace('{1}', args[1]) + .replace('{2}', args[2]); +} +var traverseNode = function(parent, errorDefinition) { + var NodeError = function() { + if (_.isString(errorDefinition.message)) { + this.message = format(errorDefinition.message, arguments); + } else if (_.isFunction(errorDefinition.message)) { + this.message = errorDefinition.message.apply(null, arguments); } else { - if (!(argument instanceof type)) { - throw new errors.InvalidArgumentType(argument, type.name, argumentName); - } + throw new Error('Invalid error definition for ' + errorDefinition.name); } + this.stack = this.message + '\n' + (new Error()).stack; + }; + NodeError.prototype = Object.create(parent.prototype); + NodeError.prototype.name = parent.prototype.name + errorDefinition.name; + parent[errorDefinition.name] = NodeError; + if (errorDefinition.errors) { + childDefinitions(NodeError, errorDefinition.errors); } + return NodeError; }; -},{"../errors":24,"./buffer":50,"lodash":78}],53:[function(require,module,exports){ -(function (module, exports) { - -'use strict'; - -// Utils +/* jshint latedef: false */ +var childDefinitions = function(parent, childDefinitions) { + _.each(childDefinitions, function(childDefinition) { + traverseNode(parent, childDefinition); + }); +}; +/* jshint latedef: true */ -function assert(val, msg) { - if (!val) - throw new Error(msg || 'Assertion failed'); -} +var traverseRoot = function(parent, errorsDefinition) { + childDefinitions(parent, errorsDefinition); + return parent; +}; -// Could use `inherits` module, but don't want to move from single file -// architecture yet. -function inherits(ctor, superCtor) { - ctor.super_ = superCtor; - var TempCtor = function () {}; - TempCtor.prototype = superCtor.prototype; - ctor.prototype = new TempCtor(); - ctor.prototype.constructor = ctor; -} -// BN +var bitcore = {}; +bitcore.Error = function() { + this.message = 'Internal error'; + this.stack = this.message + '\n' + (new Error()).stack; +}; +bitcore.Error.prototype = Object.create(Error.prototype); +bitcore.Error.prototype.name = 'bitcore.Error'; -function BN(number, base, endian) { - // May be `new BN(bn)` ? - if (number !== null && - typeof number === 'object' && - Array.isArray(number.words)) { - return number; - } - this.sign = false; - this.words = null; - this.length = 0; +var data = require('./spec'); +traverseRoot(bitcore.Error, data); - // Reduction context - this.red = null; +module.exports = bitcore.Error; - if (base === 'le' || base === 'be') { - endian = base; - base = 10; - } +module.exports.extend = function(spec) { + return traverseNode(bitcore.Error, spec); +}; - if (number !== null) - this._init(number || 0, base || 10, endian || 'be'); -} -if (typeof module === 'object') - module.exports = BN; -else - exports.BN = BN; +},{"./spec":43,"lodash":96}],43:[function(require,module,exports){ +'use strict'; -BN.BN = BN; -BN.wordSize = 26; +var docsURL = 'http://bitcore.io/'; -BN.prototype._init = function init(number, base, endian) { - if (typeof number === 'number') { - if (number < 0) { - this.sign = true; - number = -number; - } - if (number < 0x4000000) { - this.words = [ number & 0x3ffffff ]; - this.length = 1; - } else if (number < 0x10000000000000) { - this.words = [ - number & 0x3ffffff, - (number / 0x4000000) & 0x3ffffff - ]; - this.length = 2; - } else { - assert(number < 0x20000000000000); // 2 ^ 53 (unsafe) - this.words = [ - number & 0x3ffffff, - (number / 0x4000000) & 0x3ffffff, - 1 - ]; - this.length = 3; - } - return; - } else if (typeof number === 'object') { - return this._initArray(number, base, endian); +module.exports = [{ + name: 'InvalidB58Char', + message: 'Invalid Base58 character: {0} in {1}' +}, { + name: 'InvalidB58Checksum', + message: 'Invalid Base58 checksum for {0}' +}, { + name: 'InvalidNetwork', + message: 'Invalid version for network: got {0}' +}, { + name: 'InvalidState', + message: 'Invalid state: {0}' +}, { + name: 'NotImplemented', + message: 'Function {0} was not implemented yet' +}, { + name: 'InvalidNetworkArgument', + message: 'Invalid network: must be "livenet" or "testnet", got {0}' +}, { + name: 'InvalidArgument', + message: function() { + return 'Invalid Argument' + (arguments[0] ? (': ' + arguments[0]) : '') + + (arguments[1] ? (' Documentation: ' + docsURL + arguments[1]) : ''); } - if (base === 'hex') - base = 16; - assert(base === (base | 0) && base >= 2 && base <= 36); - - number = number.toString().replace(/\s+/g, ''); - var start = 0; - if (number[0] === '-') - start++; - - if (base === 16) - this._parseHex(number, start); - else - this._parseBase(number, base, start); - - if (number[0] === '-') - this.sign = true; - - this.strip(); -}; - -BN.prototype._initArray = function _initArray(number, base, endian) { - // Perhaps a Uint8Array - assert(typeof number.length === 'number'); - if (number.length <= 0) { - this.words = [ 0 ]; - this.length = 1; - return this; +}, { + name: 'AbstractMethodInvoked', + message: 'Abstract Method Invocation: {0}' +}, { + name: 'InvalidArgumentType', + message: function() { + return 'Invalid Argument for ' + arguments[2] + ', expected ' + arguments[1] + ' but got ' + typeof arguments[0]; } +}, { + name: 'Unit', + message: 'Internal Error on Unit {0}', + errors: [{ + 'name': 'UnknownCode', + 'message': 'Unrecognized unit code: {0}' + }, { + 'name': 'InvalidRate', + 'message': 'Invalid exchange rate: {0}' + }] +}, { + name: 'Transaction', + message: 'Internal Error on Transaction {0}', + errors: [{ + name: 'Input', + message: 'Internal Error on Input {0}', + errors: [{ + name: 'MissingScript', + message: 'Need a script to create an input' + }, { + name: 'UnsupportedScript', + message: 'Unsupported input script type: {0}' + }, { + name: 'MissingPreviousOutput', + message: 'No previous output information.' + }] + }, { + name: 'NeedMoreInfo', + message: '{0}' + }, { + name: 'InvalidSorting', + message: 'The sorting function provided did not return the change output as one of the array elements' + }, { + name: 'InvalidOutputAmountSum', + message: '{0}' + }, { + name: 'MissingSignatures', + message: 'Some inputs have not been fully signed' + }, { + name: 'InvalidIndex', + message: 'Invalid index: {0} is not between 0, {1}' + }, { + name: 'UnableToVerifySignature', + message: 'Unable to verify signature: {0}' + }, { + name: 'DustOutputs', + message: 'Dust amount detected in one output' + }, { + name: 'InvalidSatoshis', + message: 'Output satoshis are invalid', + }, { + name: 'FeeError', + message: 'Internal Error on Fee {0}', + errors: [{ + name: 'TooSmall', + message: 'Fee is too small: {0}', + }, { + name: 'TooLarge', + message: 'Fee is too large: {0}', + }, { + name: 'Different', + message: 'Unspent value is different from specified fee: {0}', + }] + }, { + name: 'ChangeAddressMissing', + message: 'Change address is missing' + }, { + name: 'BlockHeightTooHigh', + message: 'Block Height can be at most 2^32 -1' + }, { + name: 'NLockTimeOutOfRange', + message: 'Block Height can only be between 0 and 499 999 999' + }, { + name: 'LockTimeTooEarly', + message: 'Lock Time can\'t be earlier than UNIX date 500 000 000' + }] +}, { + name: 'Script', + message: 'Internal Error on Script {0}', + errors: [{ + name: 'UnrecognizedAddress', + message: 'Expected argument {0} to be an address' + }, { + name: 'CantDeriveAddress', + message: 'Can\'t derive address associated with script {0}, needs to be p2pkh in, p2pkh out, p2sh in, or p2sh out.' + }, { + name: 'InvalidBuffer', + message: 'Invalid script buffer: can\'t parse valid script from given buffer {0}' + }] +}, { + name: 'HDPrivateKey', + message: 'Internal Error on HDPrivateKey {0}', + errors: [{ + name: 'InvalidDerivationArgument', + message: 'Invalid derivation argument {0}, expected string, or number and boolean' + }, { + name: 'InvalidEntropyArgument', + message: 'Invalid entropy: must be an hexa string or binary buffer, got {0}', + errors: [{ + name: 'TooMuchEntropy', + message: 'Invalid entropy: more than 512 bits is non standard, got "{0}"' + }, { + name: 'NotEnoughEntropy', + message: 'Invalid entropy: at least 128 bits needed, got "{0}"' + }] + }, { + name: 'InvalidLength', + message: 'Invalid length for xprivkey string in {0}' + }, { + name: 'InvalidPath', + message: 'Invalid derivation path: {0}' + }, { + name: 'UnrecognizedArgument', + message: 'Invalid argument: creating a HDPrivateKey requires a string, buffer, json or object, got "{0}"' + }] +}, { + name: 'HDPublicKey', + message: 'Internal Error on HDPublicKey {0}', + errors: [{ + name: 'ArgumentIsPrivateExtended', + message: 'Argument is an extended private key: {0}' + }, { + name: 'InvalidDerivationArgument', + message: 'Invalid derivation argument: got {0}' + }, { + name: 'InvalidLength', + message: 'Invalid length for xpubkey: got "{0}"' + }, { + name: 'InvalidPath', + message: 'Invalid derivation path, it should look like: "m/1/100", got "{0}"' + }, { + name: 'InvalidIndexCantDeriveHardened', + message: 'Invalid argument: creating a hardened path requires an HDPrivateKey' + }, { + name: 'MustSupplyArgument', + message: 'Must supply an argument to create a HDPublicKey' + }, { + name: 'UnrecognizedArgument', + message: 'Invalid argument for creation, must be string, json, buffer, or object' + }] +}]; - this.length = Math.ceil(number.length / 3); - this.words = new Array(this.length); - for (var i = 0; i < this.length; i++) - this.words[i] = 0; +},{}],44:[function(require,module,exports){ +'use strict'; - var off = 0; - if (endian === 'be') { - for (var i = number.length - 1, j = 0; i >= 0; i -= 3) { - var w = number[i] | (number[i - 1] << 8) | (number[i - 2] << 16); - this.words[j] |= (w << off) & 0x3ffffff; - this.words[j + 1] = (w >>> (26 - off)) & 0x3ffffff; - off += 24; - if (off >= 26) { - off -= 26; - j++; - } +module.exports = { + _cache: {}, + _count: 0, + _eraseIndex: 0, + _usedList: {}, + _usedIndex: {}, + _CACHE_SIZE: 5000, + + get: function(xkey, number, hardened) { + hardened = !!hardened; + var key = xkey + '/' + number + '/' + hardened; + if (this._cache[key]) { + this._cacheHit(key); + return this._cache[key]; } - } else if (endian === 'le') { - for (var i = 0, j = 0; i < number.length; i += 3) { - var w = number[i] | (number[i + 1] << 8) | (number[i + 2] << 16); - this.words[j] |= (w << off) & 0x3ffffff; - this.words[j + 1] = (w >>> (26 - off)) & 0x3ffffff; - off += 24; - if (off >= 26) { - off -= 26; - j++; + }, + set: function(xkey, number, hardened, derived) { + hardened = !!hardened; + var key = xkey + '/' + number + '/' + hardened; + this._cache[key] = derived; + this._cacheHit(key); + }, + _cacheHit: function(key) { + if (this._usedIndex[key]) { + delete this._usedList[this._usedIndex[key]]; + } + this._usedList[this._count] = key; + this._usedIndex[key] = this._count; + this._count++; + this._cacheRemove(); + }, + _cacheRemove: function() { + while (this._eraseIndex < this._count - this._CACHE_SIZE) { + if (this._usedList[this._eraseIndex]) { + var removeKey = this._usedList[this._eraseIndex]; + delete this._usedIndex[removeKey]; + delete this._cache[removeKey]; } + delete this._usedList[this._eraseIndex]; + this._eraseIndex++; } } - return this.strip(); }; -function parseHex(str, start, end) { - var r = 0; - var len = Math.min(str.length, end); - for (var i = start; i < len; i++) { - var c = str.charCodeAt(i) - 48; +},{}],45:[function(require,module,exports){ +(function (Buffer){ +'use strict'; - r <<= 4; - // 'a' - 'f' - if (c >= 49 && c <= 54) - r |= c - 49 + 0xa; +var assert = require('assert'); +var buffer = require('buffer'); +var _ = require('lodash'); +var $ = require('./util/preconditions'); - // 'A' - 'F' - else if (c >= 17 && c <= 22) - r |= c - 17 + 0xa; +var BN = require('./crypto/bn'); +var Base58 = require('./encoding/base58'); +var Base58Check = require('./encoding/base58check'); +var Hash = require('./crypto/hash'); +var Network = require('./networks'); +var HDKeyCache = require('./hdkeycache'); +var Point = require('./crypto/point'); +var PrivateKey = require('./privatekey'); +var Random = require('./crypto/random'); - // '0' - '9' - else - r |= c & 0xf; - } - return r; -} +var errors = require('./errors'); +var hdErrors = errors.HDPrivateKey; +var BufferUtil = require('./util/buffer'); +var JSUtil = require('./util/js'); -BN.prototype._parseHex = function _parseHex(number, start) { - // Create possibly bigger array to ensure that it fits the number - this.length = Math.ceil((number.length - start) / 6); - this.words = new Array(this.length); - for (var i = 0; i < this.length; i++) - this.words[i] = 0; +var MINIMUM_ENTROPY_BITS = 128; +var BITS_TO_BYTES = 1 / 8; +var MAXIMUM_ENTROPY_BITS = 512; - // Scan 24-bit chunks and add them to the number - var off = 0; - for (var i = number.length - 6, j = 0; i >= start; i -= 6) { - var w = parseHex(number, i, i + 6); - this.words[j] |= (w << off) & 0x3ffffff; - this.words[j + 1] |= w >>> (26 - off) & 0x3fffff; - off += 24; - if (off >= 26) { - off -= 26; - j++; - } + +/** + * Represents an instance of an hierarchically derived private key. + * + * More info on https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki + * + * @constructor + * @param {string|Buffer|Object} arg + */ +function HDPrivateKey(arg) { + /* jshint maxcomplexity: 10 */ + if (arg instanceof HDPrivateKey) { + return arg; } - if (i + 6 !== start) { - var w = parseHex(number, start, i + 6); - this.words[j] |= (w << off) & 0x3ffffff; - this.words[j + 1] |= w >>> (26 - off) & 0x3fffff; + if (!(this instanceof HDPrivateKey)) { + return new HDPrivateKey(arg); + } + if (!arg) { + return this._generateRandomly(); } - this.strip(); -}; - -function parseBase(str, start, end, mul) { - var r = 0; - var len = Math.min(str.length, end); - for (var i = start; i < len; i++) { - var c = str.charCodeAt(i) - 48; - - r *= mul; - - // 'a' - if (c >= 49) - r += c - 49 + 0xa; - - // 'A' - else if (c >= 17) - r += c - 17 + 0xa; - // '0' - '9' - else - r += c; + if (Network.get(arg)) { + return this._generateRandomly(arg); + } else if (_.isString(arg) || BufferUtil.isBuffer(arg)) { + if (HDPrivateKey.isValidSerialized(arg)) { + this._buildFromSerialized(arg); + } else if (JSUtil.isValidJSON(arg)) { + this._buildFromJSON(arg); + } else if (BufferUtil.isBuffer(arg) && HDPrivateKey.isValidSerialized(arg.toString())) { + this._buildFromSerialized(arg.toString()); + } else { + throw HDPrivateKey.getSerializedError(arg); + } + } else if (_.isObject(arg)) { + this._buildFromObject(arg); + } else { + throw new hdErrors.UnrecognizedArgument(arg); } - return r; } -BN.prototype._parseBase = function _parseBase(number, base, start) { - // Initialize as zero - this.words = [ 0 ]; - this.length = 1; +/** + * Verifies that a given path is valid. + * + * @param {string|number} arg + * @param {boolean?} hardened + * @return {boolean} + */ +HDPrivateKey.isValidPath = function(arg, hardened) { + if (_.isString(arg)) { + var indexes = HDPrivateKey._getDerivationIndexes(arg); + return indexes !== null && _.all(indexes, HDPrivateKey.isValidPath); + } - // Find length of limb in base - for (var limbLen = 0, limbPow = 1; limbPow <= 0x3ffffff; limbPow *= base) - limbLen++; - limbLen--; - limbPow = (limbPow / base) | 0; + if (_.isNumber(arg)) { + if (arg < HDPrivateKey.Hardened && hardened === true) { + arg += HDPrivateKey.Hardened; + } + return arg >= 0 && arg < HDPrivateKey.MaxIndex; + } - var total = number.length - start; - var mod = total % limbLen; - var end = Math.min(total, total - mod) + start; + return false; +}; - var word = 0; - for (var i = start; i < end; i += limbLen) { - word = parseBase(number, i, i + limbLen, base); +/** + * Internal function that splits a string path into a derivation index array. + * It will return null if the string path is malformed. + * It does not validate if indexes are in bounds. + * + * @param {string} path + * @return {Array} + */ +HDPrivateKey._getDerivationIndexes = function(path) { + var steps = path.split('/'); - this.imuln(limbPow); - if (this.words[0] + word < 0x4000000) - this.words[0] += word; - else - this._iaddn(word); + // Special cases: + if (_.contains(HDPrivateKey.RootElementAlias, path)) { + return []; } - if (mod !== 0) { - var pow = 1; - var word = parseBase(number, i, number.length, base); - - for (var i = 0; i < mod; i++) - pow *= base; - this.imuln(pow); - if (this.words[0] + word < 0x4000000) - this.words[0] += word; - else - this._iaddn(word); + if (!_.contains(HDPrivateKey.RootElementAlias, steps[0])) { + return null; } -}; - -BN.prototype.copy = function copy(dest) { - dest.words = new Array(this.length); - for (var i = 0; i < this.length; i++) - dest.words[i] = this.words[i]; - dest.length = this.length; - dest.sign = this.sign; - dest.red = this.red; -}; -BN.prototype.clone = function clone() { - var r = new BN(null); - this.copy(r); - return r; -}; + var indexes = steps.slice(1).map(function(step) { + var isHardened = step.slice(-1) === '\''; + if (isHardened) { + step = step.slice(0, -1); + } + if (!step || step[0] === '-') { + return NaN; + } + var index = +step; // cast to number + if (isHardened) { + index += HDPrivateKey.Hardened; + } -// Remove leading `0` from `this` -BN.prototype.strip = function strip() { - while (this.length > 1 && this.words[this.length - 1] === 0) - this.length--; - return this._normSign(); -}; + return index; + }); -BN.prototype._normSign = function _normSign() { - // -0 = 0 - if (this.length === 1 && this.words[0] === 0) - this.sign = false; - return this; + return _.any(indexes, isNaN) ? null : indexes; }; -BN.prototype.inspect = function inspect() { - return (this.red ? ''; +/** + * Get a derived child based on a string or number. + * + * If the first argument is a string, it's parsed as the full path of + * derivation. Valid values for this argument include "m" (which returns the + * same private key), "m/0/1/40/2'/1000", where the ' quote means a hardened + * derivation. + * + * If the first argument is a number, the child with that index will be + * derived. If the second argument is truthy, the hardened version will be + * derived. See the example usage for clarification. + * + * @example + * ```javascript + * var parent = new HDPrivateKey('xprv...'); + * var child_0_1_2h = parent.derive(0).derive(1).derive(2, true); + * var copy_of_child_0_1_2h = parent.derive("m/0/1/2'"); + * assert(child_0_1_2h.xprivkey === copy_of_child_0_1_2h); + * ``` + * + * @param {string|number} arg + * @param {boolean?} hardened + */ +HDPrivateKey.prototype.derive = function(arg, hardened) { + if (_.isNumber(arg)) { + return this._deriveWithNumber(arg, hardened); + } else if (_.isString(arg)) { + return this._deriveFromString(arg); + } else { + throw new hdErrors.InvalidDerivationArgument(arg); + } }; -/* - -var zeros = []; -var groupSizes = []; -var groupBases = []; - -var s = ''; -var i = -1; -while (++i < BN.wordSize) { - zeros[i] = s; - s += '0'; -} -groupSizes[0] = 0; -groupSizes[1] = 0; -groupBases[0] = 0; -groupBases[1] = 0; -var base = 2 - 1; -while (++base < 36 + 1) { - var groupSize = 0; - var groupBase = 1; - while (groupBase < (1 << BN.wordSize) / base) { - groupBase *= base; - groupSize += 1; +HDPrivateKey.prototype._deriveWithNumber = function(index, hardened) { + /* jshint maxstatements: 20 */ + /* jshint maxcomplexity: 10 */ + if (!HDPrivateKey.isValidPath(index, hardened)) { + throw new hdErrors.InvalidPath(index); } - groupSizes[base] = groupSize; - groupBases[base] = groupBase; -} - -*/ -var zeros = [ - '', - '0', - '00', - '000', - '0000', - '00000', - '000000', - '0000000', - '00000000', - '000000000', - '0000000000', - '00000000000', - '000000000000', - '0000000000000', - '00000000000000', - '000000000000000', - '0000000000000000', - '00000000000000000', - '000000000000000000', - '0000000000000000000', - '00000000000000000000', - '000000000000000000000', - '0000000000000000000000', - '00000000000000000000000', - '000000000000000000000000', - '0000000000000000000000000' -]; - -var groupSizes = [ - 0, 0, - 25, 16, 12, 11, 10, 9, 8, - 8, 7, 7, 7, 7, 6, 6, - 6, 6, 6, 6, 6, 5, 5, - 5, 5, 5, 5, 5, 5, 5, - 5, 5, 5, 5, 5, 5, 5 -]; - -var groupBases = [ - 0, 0, - 33554432, 43046721, 16777216, 48828125, 60466176, 40353607, 16777216, - 43046721, 10000000, 19487171, 35831808, 62748517, 7529536, 11390625, - 16777216, 24137569, 34012224, 47045881, 64000000, 4084101, 5153632, - 6436343, 7962624, 9765625, 11881376, 14348907, 17210368, 20511149, - 24300000, 28629151, 33554432, 39135393, 45435424, 52521875, 60466176 -]; + hardened = index >= HDPrivateKey.Hardened ? true : hardened; + if (index < HDPrivateKey.Hardened && hardened === true) { + index += HDPrivateKey.Hardened; + } -BN.prototype.toString = function toString(base, padding) { - base = base || 10; - if (base === 16 || base === 'hex') { - var out = ''; - var off = 0; - var padding = padding | 0 || 1; - var carry = 0; - for (var i = 0; i < this.length; i++) { - var w = this.words[i]; - var word = (((w << off) | carry) & 0xffffff).toString(16); - carry = (w >>> (24 - off)) & 0xffffff; - if (carry !== 0 || i !== this.length - 1) - out = zeros[6 - word.length] + word + out; - else - out = word + out; - off += 2; - if (off >= 26) { - off -= 26; - i--; - } - } - if (carry !== 0) - out = carry.toString(16) + out; - while (out.length % padding !== 0) - out = '0' + out; - if (this.sign) - out = '-' + out; - return out; - } else if (base === (base | 0) && base >= 2 && base <= 36) { - // var groupSize = Math.floor(BN.wordSize * Math.LN2 / Math.log(base)); - var groupSize = groupSizes[base]; - // var groupBase = Math.pow(base, groupSize); - var groupBase = groupBases[base]; - var out = ''; - var c = this.clone(); - c.sign = false; - while (c.cmpn(0) !== 0) { - var r = c.modn(groupBase).toString(base); - c = c.idivn(groupBase); + var cached = HDKeyCache.get(this.xprivkey, index, hardened); + if (cached) { + return cached; + } - if (c.cmpn(0) !== 0) - out = zeros[groupSize - r.length] + r + out; - else - out = r + out; - } - if (this.cmpn(0) === 0) - out = '0' + out; - if (this.sign) - out = '-' + out; - return out; + var indexBuffer = BufferUtil.integerAsBuffer(index); + var data; + if (hardened) { + data = BufferUtil.concat([new buffer.Buffer([0]), this.privateKey.toBuffer(), indexBuffer]); } else { - assert(false, 'Base should be between 2 and 36'); + data = BufferUtil.concat([this.publicKey.toBuffer(), indexBuffer]); } -}; - -BN.prototype.toJSON = function toJSON() { - return this.toString(16); -}; + var hash = Hash.sha512hmac(data, this._buffers.chainCode); + var leftPart = BN.fromBuffer(hash.slice(0, 32), { + size: 32 + }); + var chainCode = hash.slice(32, 64); -BN.prototype.toArray = function toArray() { - this.strip(); - var res = new Array(this.byteLength()); - res[0] = 0; + var privateKey = leftPart.add(this.privateKey.toBigNumber()).mod(Point.getN()).toBuffer({ + size: 32 + }); - var q = this.clone(); - for (var i = 0; q.cmpn(0) !== 0; i++) { - var b = q.andln(0xff); - q.ishrn(8); + var derived = new HDPrivateKey({ + network: this.network, + depth: this.depth + 1, + parentFingerPrint: this.fingerPrint, + childIndex: index, + chainCode: chainCode, + privateKey: privateKey + }); + HDKeyCache.set(this.xprivkey, index, hardened, derived); + return derived; +}; - // Assume big-endian - res[res.length - i - 1] = b; +HDPrivateKey.prototype._deriveFromString = function(path) { + if (!HDPrivateKey.isValidPath(path)) { + throw new hdErrors.InvalidPath(path); } - return res; -}; + var indexes = HDPrivateKey._getDerivationIndexes(path); + var derived = indexes.reduce(function(prev, index) { + return prev._deriveWithNumber(index); + }, this); -if (Math.clz32) { - BN.prototype._countBits = function _countBits(w) { - return 32 - Math.clz32(w); - }; -} else { - BN.prototype._countBits = function _countBits(w) { - var t = w; - var r = 0; - if (t >= 0x1000) { - r += 13; - t >>>= 13; - } - if (t >= 0x40) { - r += 7; - t >>>= 7; - } - if (t >= 0x8) { - r += 4; - t >>>= 4; - } - if (t >= 0x02) { - r += 2; - t >>>= 2; - } - return r + t; - }; -} + return derived; +}; -BN.prototype._zeroBits = function _zeroBits(w) { - // Short-cut - if (w === 0) - return 26; +/** + * Verifies that a given serialized private key in base58 with checksum format + * is valid. + * + * @param {string|Buffer} data - the serialized private key + * @param {string|Network=} network - optional, if present, checks that the + * network provided matches the network serialized. + * @return {boolean} + */ +HDPrivateKey.isValidSerialized = function(data, network) { + return !HDPrivateKey.getSerializedError(data, network); +}; - var t = w; - var r = 0; - if ((t & 0x1fff) === 0) { - r += 13; - t >>>= 13; +/** + * Checks what's the error that causes the validation of a serialized private key + * in base58 with checksum to fail. + * + * @param {string|Buffer} data - the serialized private key + * @param {string|Network=} network - optional, if present, checks that the + * network provided matches the network serialized. + * @return {errors.InvalidArgument|null} + */ +HDPrivateKey.getSerializedError = function(data, network) { + /* jshint maxcomplexity: 10 */ + if (!(_.isString(data) || BufferUtil.isBuffer(data))) { + return new hdErrors.UnrecognizedArgument('Expected string or buffer'); } - if ((t & 0x7f) === 0) { - r += 7; - t >>>= 7; + if (!Base58.validCharacters(data)) { + return new errors.InvalidB58Char('(unknown)', data); } - if ((t & 0xf) === 0) { - r += 4; - t >>>= 4; + try { + data = Base58Check.decode(data); + } catch (e) { + return new errors.InvalidB58Checksum(data); } - if ((t & 0x3) === 0) { - r += 2; - t >>>= 2; + if (data.length !== HDPrivateKey.DataLength) { + return new hdErrors.InvalidLength(data); } - if ((t & 0x1) === 0) - r++; - return r; -}; - -// Return number of used bits in a BN -BN.prototype.bitLength = function bitLength() { - var hi = 0; - var w = this.words[this.length - 1]; - var hi = this._countBits(w); - return (this.length - 1) * 26 + hi; + if (!_.isUndefined(network)) { + var error = HDPrivateKey._validateNetwork(data, network); + if (error) { + return error; + } + } + return null; }; -// Number of trailing zero bits -BN.prototype.zeroBits = function zeroBits() { - if (this.cmpn(0) === 0) - return 0; - - var r = 0; - for (var i = 0; i < this.length; i++) { - var b = this._zeroBits(this.words[i]); - r += b; - if (b !== 26) - break; +HDPrivateKey._validateNetwork = function(data, networkArg) { + var network = Network.get(networkArg); + if (!network) { + return new errors.InvalidNetworkArgument(networkArg); } - return r; + var version = data.slice(0, 4); + if (BufferUtil.integerFromBuffer(version) !== network.xprivkey) { + return new errors.InvalidNetwork(version); + } + return null; }; -BN.prototype.byteLength = function byteLength() { - return Math.ceil(this.bitLength() / 8); +HDPrivateKey.fromString = function(arg) { + $.checkArgument(_.isString(arg), 'No valid string was provided'); + return new HDPrivateKey(arg); }; -// Return negative clone of `this` -BN.prototype.neg = function neg() { - if (this.cmpn(0) === 0) - return this.clone(); - - var r = this.clone(); - r.sign = !this.sign; - return r; +HDPrivateKey.fromObject = function(arg) { + $.checkArgument(_.isObject(arg), 'No valid argument was provided'); + return new HDPrivateKey(arg); }; - -// Or `num` with `this` in-place -BN.prototype.ior = function ior(num) { - this.sign = this.sign || num.sign; - - while (this.length < num.length) - this.words[this.length++] = 0; - - for (var i = 0; i < num.length; i++) - this.words[i] = this.words[i] | num.words[i]; - - return this.strip(); +HDPrivateKey.prototype._buildFromJSON = function(arg) { + return this._buildFromObject(JSON.parse(arg)); }; +HDPrivateKey.prototype._buildFromObject = function(arg) { + /* jshint maxcomplexity: 12 */ + // TODO: Type validation + var buffers = { + version: arg.network ? BufferUtil.integerAsBuffer(Network.get(arg.network).xprivkey) : arg.version, + depth: _.isNumber(arg.depth) ? BufferUtil.integerAsSingleByteBuffer(arg.depth) : arg.depth, + parentFingerPrint: _.isNumber(arg.parentFingerPrint) ? BufferUtil.integerAsBuffer(arg.parentFingerPrint) : arg.parentFingerPrint, + childIndex: _.isNumber(arg.childIndex) ? BufferUtil.integerAsBuffer(arg.childIndex) : arg.childIndex, + chainCode: _.isString(arg.chainCode) ? BufferUtil.hexToBuffer(arg.chainCode) : arg.chainCode, + privateKey: (_.isString(arg.privateKey) && JSUtil.isHexa(arg.privateKey)) ? BufferUtil.hexToBuffer(arg.privateKey) : arg.privateKey, + checksum: arg.checksum ? (arg.checksum.length ? arg.checksum : BufferUtil.integerAsBuffer(arg.checksum)) : undefined + }; + return this._buildFromBuffers(buffers); +}; -// Or `num` with `this` -BN.prototype.or = function or(num) { - if (this.length > num.length) - return this.clone().ior(num); - else - return num.clone().ior(this); +HDPrivateKey.prototype._buildFromSerialized = function(arg) { + var decoded = Base58Check.decode(arg); + var buffers = { + version: decoded.slice(HDPrivateKey.VersionStart, HDPrivateKey.VersionEnd), + depth: decoded.slice(HDPrivateKey.DepthStart, HDPrivateKey.DepthEnd), + parentFingerPrint: decoded.slice(HDPrivateKey.ParentFingerPrintStart, + HDPrivateKey.ParentFingerPrintEnd), + childIndex: decoded.slice(HDPrivateKey.ChildIndexStart, HDPrivateKey.ChildIndexEnd), + chainCode: decoded.slice(HDPrivateKey.ChainCodeStart, HDPrivateKey.ChainCodeEnd), + privateKey: decoded.slice(HDPrivateKey.PrivateKeyStart, HDPrivateKey.PrivateKeyEnd), + checksum: decoded.slice(HDPrivateKey.ChecksumStart, HDPrivateKey.ChecksumEnd), + xprivkey: arg + }; + return this._buildFromBuffers(buffers); }; +HDPrivateKey.prototype._generateRandomly = function(network) { + return HDPrivateKey.fromSeed(Random.getRandomBuffer(64), network); +}; -// And `num` with `this` in-place -BN.prototype.iand = function iand(num) { - this.sign = this.sign && num.sign; +/** + * Generate a private key from a seed, as described in BIP32 + * + * @param {string|Buffer} hexa + * @param {*} network + * @return HDPrivateKey + */ +HDPrivateKey.fromSeed = function(hexa, network) { + /* jshint maxcomplexity: 8 */ + if (JSUtil.isHexaString(hexa)) { + hexa = BufferUtil.hexToBuffer(hexa); + } + if (!Buffer.isBuffer(hexa)) { + throw new hdErrors.InvalidEntropyArgument(hexa); + } + if (hexa.length < MINIMUM_ENTROPY_BITS * BITS_TO_BYTES) { + throw new hdErrors.InvalidEntropyArgument.NotEnoughEntropy(hexa); + } + if (hexa.length > MAXIMUM_ENTROPY_BITS * BITS_TO_BYTES) { + throw new hdErrors.InvalidEntropyArgument.TooMuchEntropy(hexa); + } + var hash = Hash.sha512hmac(hexa, new buffer.Buffer('Bitcoin seed')); - // b = min-length(num, this) - var b; - if (this.length > num.length) - b = num; - else - b = this; + return new HDPrivateKey({ + network: Network.get(network) || Network.defaultNetwork, + depth: 0, + parentFingerPrint: 0, + childIndex: 0, + privateKey: hash.slice(0, 32), + chainCode: hash.slice(32, 64) + }); +}; - for (var i = 0; i < b.length; i++) - this.words[i] = this.words[i] & num.words[i]; - this.length = b.length; - return this.strip(); +HDPrivateKey.prototype._calcHDPublicKey = function() { + if (!this._hdPublicKey) { + var HDPublicKey = require('./hdpublickey'); + this._hdPublicKey = new HDPublicKey(this); + } }; +/** + * Receives a object with buffers in all the properties and populates the + * internal structure + * + * @param {Object} arg + * @param {buffer.Buffer} arg.version + * @param {buffer.Buffer} arg.depth + * @param {buffer.Buffer} arg.parentFingerPrint + * @param {buffer.Buffer} arg.childIndex + * @param {buffer.Buffer} arg.chainCode + * @param {buffer.Buffer} arg.privateKey + * @param {buffer.Buffer} arg.checksum + * @param {string=} arg.xprivkey - if set, don't recalculate the base58 + * representation + * @return {HDPrivateKey} this + */ +HDPrivateKey.prototype._buildFromBuffers = function(arg) { + /* jshint maxcomplexity: 8 */ + /* jshint maxstatements: 20 */ -// And `num` with `this` -BN.prototype.and = function and(num) { - if (this.length > num.length) - return this.clone().iand(num); - else - return num.clone().iand(this); -}; - + HDPrivateKey._validateBufferArguments(arg); -// Xor `num` with `this` in-place -BN.prototype.ixor = function ixor(num) { - this.sign = this.sign || num.sign; + JSUtil.defineImmutable(this, { + _buffers: arg + }); - // a.length > b.length - var a; - var b; - if (this.length > num.length) { - a = this; - b = num; + var sequence = [ + arg.version, arg.depth, arg.parentFingerPrint, arg.childIndex, arg.chainCode, + BufferUtil.emptyBuffer(1), arg.privateKey + ]; + var concat = buffer.Buffer.concat(sequence); + if (!arg.checksum || !arg.checksum.length) { + arg.checksum = Base58Check.checksum(concat); } else { - a = num; - b = this; + if (arg.checksum.toString() !== Base58Check.checksum(concat).toString()) { + throw new errors.InvalidB58Checksum(concat); + } } - for (var i = 0; i < b.length; i++) - this.words[i] = a.words[i] ^ b.words[i]; + var network = Network.get(BufferUtil.integerFromBuffer(arg.version)); + var xprivkey; + xprivkey = Base58Check.encode(buffer.Buffer.concat(sequence)); + arg.xprivkey = new Buffer(xprivkey); - if (this !== a) - for (; i < a.length; i++) - this.words[i] = a.words[i]; - - this.length = a.length; + var privateKey = new PrivateKey(BN.fromBuffer(arg.privateKey), network); + var publicKey = privateKey.toPublicKey(); + var size = HDPrivateKey.ParentFingerPrintSize; + var fingerPrint = Hash.sha256ripemd160(publicKey.toBuffer()).slice(0, size); - return this.strip(); -}; + JSUtil.defineImmutable(this, { + xprivkey: xprivkey, + network: network, + depth: BufferUtil.integerFromSingleByteBuffer(arg.depth), + privateKey: privateKey, + publicKey: publicKey, + fingerPrint: fingerPrint + }); + this._hdPublicKey = null; -// Xor `num` with `this` -BN.prototype.xor = function xor(num) { - if (this.length > num.length) - return this.clone().ixor(num); - else - return num.clone().ixor(this); + Object.defineProperty(this, 'hdPublicKey', { + configurable: false, + enumerable: true, + get: function() { + this._calcHDPublicKey(); + return this._hdPublicKey; + } + }); + Object.defineProperty(this, 'xpubkey', { + configurable: false, + enumerable: true, + get: function() { + this._calcHDPublicKey(); + return this._hdPublicKey.xpubkey; + } + }); + return this; }; +HDPrivateKey._validateBufferArguments = function(arg) { + var checkBuffer = function(name, size) { + var buff = arg[name]; + assert(BufferUtil.isBuffer(buff), name + ' argument is not a buffer'); + assert( + buff.length === size, + name + ' has not the expected size: found ' + buff.length + ', expected ' + size + ); + }; + checkBuffer('version', HDPrivateKey.VersionSize); + checkBuffer('depth', HDPrivateKey.DepthSize); + checkBuffer('parentFingerPrint', HDPrivateKey.ParentFingerPrintSize); + checkBuffer('childIndex', HDPrivateKey.ChildIndexSize); + checkBuffer('chainCode', HDPrivateKey.ChainCodeSize); + checkBuffer('privateKey', HDPrivateKey.PrivateKeySize); + if (arg.checksum && arg.checksum.length) { + checkBuffer('checksum', HDPrivateKey.CheckSumSize); + } +}; -// Set `bit` of `this` -BN.prototype.setn = function setn(bit, val) { - assert(typeof bit === 'number' && bit >= 0); +/** + * Returns the string representation of this private key (a string starting + * with "xprv..." + * + * @return string + */ +HDPrivateKey.prototype.toString = function() { + return this.xprivkey; +}; - var off = (bit / 26) | 0; - var wbit = bit % 26; +/** + * Returns the console representation of this extended private key. + * @return string + */ +HDPrivateKey.prototype.inspect = function() { + return ''; +}; - while (this.length <= off) - this.words[this.length++] = 0; +/** + * Returns a plain object with a representation of this private key. + * + * Fields include:
    + *
  • network: either 'livenet' or 'testnet' + *
  • depth: a number ranging from 0 to 255 + *
  • fingerPrint: a number ranging from 0 to 2^32-1, taken from the hash of the + *
  • associated public key + *
  • parentFingerPrint: a number ranging from 0 to 2^32-1, taken from the hash + *
  • of this parent's associated public key or zero. + *
  • childIndex: the index from which this child was derived (or zero) + *
  • chainCode: an hexa string representing a number used in the derivation + *
  • privateKey: the private key associated, in hexa representation + *
  • xprivkey: the representation of this extended private key in checksum + *
  • base58 format + *
  • checksum: the base58 checksum of xprivkey + *
+ * @return {Object} + */ +HDPrivateKey.prototype.toObject = HDPrivateKey.prototype.toJSON = function toObject() { + return { + network: Network.get(BufferUtil.integerFromBuffer(this._buffers.version), 'xprivkey').name, + depth: BufferUtil.integerFromSingleByteBuffer(this._buffers.depth), + fingerPrint: BufferUtil.integerFromBuffer(this.fingerPrint), + parentFingerPrint: BufferUtil.integerFromBuffer(this._buffers.parentFingerPrint), + childIndex: BufferUtil.integerFromBuffer(this._buffers.childIndex), + chainCode: BufferUtil.bufferToHex(this._buffers.chainCode), + privateKey: this.privateKey.toBuffer().toString('hex'), + checksum: BufferUtil.integerFromBuffer(this._buffers.checksum), + xprivkey: this.xprivkey + }; +}; - if (val) - this.words[off] = this.words[off] | (1 << wbit); - else - this.words[off] = this.words[off] & ~(1 << wbit); +/** + * Build a HDPrivateKey from a buffer + * + * @param {Buffer} arg + * @return {HDPrivateKey} + */ +HDPrivateKey.fromBuffer = function(arg) { + return new HDPrivateKey(arg.toString()); +}; - return this.strip(); +/** + * Returns a buffer representation of the HDPrivateKey + * + * @return {string} + */ +HDPrivateKey.prototype.toBuffer = function() { + return BufferUtil.copy(this._buffers.xprivkey); }; +HDPrivateKey.DefaultDepth = 0; +HDPrivateKey.DefaultFingerprint = 0; +HDPrivateKey.DefaultChildIndex = 0; +HDPrivateKey.Hardened = 0x80000000; +HDPrivateKey.MaxIndex = 2 * HDPrivateKey.Hardened; -// Add `num` to `this` in-place -BN.prototype.iadd = function iadd(num) { - // negative + positive - if (this.sign && !num.sign) { - this.sign = false; - var r = this.isub(num); - this.sign = !this.sign; - return this._normSign(); +HDPrivateKey.RootElementAlias = ['m', 'M', 'm\'', 'M\'']; - // positive + negative - } else if (!this.sign && num.sign) { - num.sign = false; - var r = this.isub(num); - num.sign = true; - return r._normSign(); - } +HDPrivateKey.VersionSize = 4; +HDPrivateKey.DepthSize = 1; +HDPrivateKey.ParentFingerPrintSize = 4; +HDPrivateKey.ChildIndexSize = 4; +HDPrivateKey.ChainCodeSize = 32; +HDPrivateKey.PrivateKeySize = 32; +HDPrivateKey.CheckSumSize = 4; - // a.length > b.length - var a; - var b; - if (this.length > num.length) { - a = this; - b = num; - } else { - a = num; - b = this; - } +HDPrivateKey.DataLength = 78; +HDPrivateKey.SerializedByteSize = 82; - var carry = 0; - for (var i = 0; i < b.length; i++) { - var r = a.words[i] + b.words[i] + carry; - this.words[i] = r & 0x3ffffff; - carry = r >>> 26; - } - for (; carry !== 0 && i < a.length; i++) { - var r = a.words[i] + carry; - this.words[i] = r & 0x3ffffff; - carry = r >>> 26; - } +HDPrivateKey.VersionStart = 0; +HDPrivateKey.VersionEnd = HDPrivateKey.VersionStart + HDPrivateKey.VersionSize; +HDPrivateKey.DepthStart = HDPrivateKey.VersionEnd; +HDPrivateKey.DepthEnd = HDPrivateKey.DepthStart + HDPrivateKey.DepthSize; +HDPrivateKey.ParentFingerPrintStart = HDPrivateKey.DepthEnd; +HDPrivateKey.ParentFingerPrintEnd = HDPrivateKey.ParentFingerPrintStart + HDPrivateKey.ParentFingerPrintSize; +HDPrivateKey.ChildIndexStart = HDPrivateKey.ParentFingerPrintEnd; +HDPrivateKey.ChildIndexEnd = HDPrivateKey.ChildIndexStart + HDPrivateKey.ChildIndexSize; +HDPrivateKey.ChainCodeStart = HDPrivateKey.ChildIndexEnd; +HDPrivateKey.ChainCodeEnd = HDPrivateKey.ChainCodeStart + HDPrivateKey.ChainCodeSize; +HDPrivateKey.PrivateKeyStart = HDPrivateKey.ChainCodeEnd + 1; +HDPrivateKey.PrivateKeyEnd = HDPrivateKey.PrivateKeyStart + HDPrivateKey.PrivateKeySize; +HDPrivateKey.ChecksumStart = HDPrivateKey.PrivateKeyEnd; +HDPrivateKey.ChecksumEnd = HDPrivateKey.ChecksumStart + HDPrivateKey.CheckSumSize; - this.length = a.length; - if (carry !== 0) { - this.words[this.length] = carry; - this.length++; - // Copy the rest of the words - } else if (a !== this) { - for (; i < a.length; i++) - this.words[i] = a.words[i]; - } +assert(HDPrivateKey.ChecksumEnd === HDPrivateKey.SerializedByteSize); - return this; -}; +module.exports = HDPrivateKey; -// Add `num` to `this` -BN.prototype.add = function add(num) { - if (num.sign && !this.sign) { - num.sign = false; - var res = this.sub(num); - num.sign = true; - return res; - } else if (!num.sign && this.sign) { - this.sign = false; - var res = num.sub(this); - this.sign = true; - return res; - } +}).call(this,require("buffer").Buffer) +},{"./crypto/bn":31,"./crypto/hash":33,"./crypto/point":34,"./crypto/random":35,"./encoding/base58":37,"./encoding/base58check":38,"./errors":42,"./hdkeycache":44,"./hdpublickey":46,"./networks":47,"./privatekey":49,"./util/buffer":68,"./util/js":69,"./util/preconditions":70,"assert":22,"buffer":158,"lodash":96}],46:[function(require,module,exports){ +(function (Buffer){ +'use strict'; - if (this.length > num.length) - return this.clone().iadd(num); - else - return num.clone().iadd(this); -}; +var _ = require('lodash'); +var $ = require('./util/preconditions'); -// Subtract `num` from `this` in-place -BN.prototype.isub = function isub(num) { - // this - (-num) = this + num - if (num.sign) { - num.sign = false; - var r = this.iadd(num); - num.sign = true; - return r._normSign(); +var BN = require('./crypto/bn'); +var Base58 = require('./encoding/base58'); +var Base58Check = require('./encoding/base58check'); +var Hash = require('./crypto/hash'); +var HDPrivateKey = require('./hdprivatekey'); +var HDKeyCache = require('./hdkeycache'); +var Network = require('./networks'); +var Point = require('./crypto/point'); +var PublicKey = require('./publickey'); - // -this - num = -(this + num) - } else if (this.sign) { - this.sign = false; - this.iadd(num); - this.sign = true; - return this._normSign(); - } +var bitcoreErrors = require('./errors'); +var errors = bitcoreErrors; +var hdErrors = bitcoreErrors.HDPublicKey; +var assert = require('assert'); - // At this point both numbers are positive - var cmp = this.cmp(num); +var JSUtil = require('./util/js'); +var BufferUtil = require('./util/buffer'); - // Optimization - zeroify - if (cmp === 0) { - this.sign = false; - this.length = 1; - this.words[0] = 0; - return this; +/** + * The representation of an hierarchically derived public key. + * + * See https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki + * + * @constructor + * @param {Object|string|Buffer} arg + */ +function HDPublicKey(arg) { + /* jshint maxcomplexity: 12 */ + /* jshint maxstatements: 20 */ + if (arg instanceof HDPublicKey) { + return arg; } - - // a > b - var a; - var b; - if (cmp > 0) { - a = this; - b = num; + if (!(this instanceof HDPublicKey)) { + return new HDPublicKey(arg); + } + if (arg) { + if (_.isString(arg) || BufferUtil.isBuffer(arg)) { + var error = HDPublicKey.getSerializedError(arg); + if (!error) { + return this._buildFromSerialized(arg); + } else if (BufferUtil.isBuffer(arg) && !HDPublicKey.getSerializedError(arg.toString())) { + return this._buildFromSerialized(arg.toString()); + } else { + if (error instanceof hdErrors.ArgumentIsPrivateExtended) { + return new HDPrivateKey(arg).hdPublicKey; + } + throw error; + } + } else { + if (_.isObject(arg)) { + if (arg instanceof HDPrivateKey) { + return this._buildFromPrivate(arg); + } else { + return this._buildFromObject(arg); + } + } else { + throw new hdErrors.UnrecognizedArgument(arg); + } + } } else { - a = num; - b = this; + throw new hdErrors.MustSupplyArgument(); } +} - var carry = 0; - for (var i = 0; i < b.length; i++) { - var r = a.words[i] - b.words[i] + carry; - carry = r >> 26; - this.words[i] = r & 0x3ffffff; - } - for (; carry !== 0 && i < a.length; i++) { - var r = a.words[i] + carry; - carry = r >> 26; - this.words[i] = r & 0x3ffffff; +/** + * Verifies that a given path is valid. + * + * @param {string|number} arg + * @return {boolean} + */ +HDPublicKey.isValidPath = function(arg) { + if (_.isString(arg)) { + var indexes = HDPrivateKey._getDerivationIndexes(arg); + return indexes !== null && _.all(indexes, HDPublicKey.isValidPath); } - // Copy rest of the words - if (carry === 0 && i < a.length && a !== this) - for (; i < a.length; i++) - this.words[i] = a.words[i]; - this.length = Math.max(this.length, i); - - if (a !== this) - this.sign = true; + if (_.isNumber(arg)) { + return arg >= 0 && arg < HDPublicKey.Hardened; + } - return this.strip(); + return false; }; -// Subtract `num` from `this` -BN.prototype.sub = function sub(num) { - return this.clone().isub(num); +/** + * Get a derivated child based on a string or number. + * + * If the first argument is a string, it's parsed as the full path of + * derivation. Valid values for this argument include "m" (which returns the + * same public key), "m/0/1/40/2/1000". + * + * Note that hardened keys can't be derived from a public extended key. + * + * If the first argument is a number, the child with that index will be + * derived. See the example usage for clarification. + * + * @example + * ```javascript + * var parent = new HDPublicKey('xpub...'); + * var child_0_1_2 = parent.derive(0).derive(1).derive(2); + * var copy_of_child_0_1_2 = parent.derive("m/0/1/2"); + * assert(child_0_1_2.xprivkey === copy_of_child_0_1_2); + * ``` + * + * @param {string|number} arg + */ +HDPublicKey.prototype.derive = function(arg, hardened) { + if (_.isNumber(arg)) { + return this._deriveWithNumber(arg, hardened); + } else if (_.isString(arg)) { + return this._deriveFromString(arg); + } else { + throw new hdErrors.InvalidDerivationArgument(arg); + } }; -/* -// NOTE: This could be potentionally used to generate loop-less multiplications -function _genCombMulTo(alen, blen) { - var len = alen + blen - 1; - var src = [ - 'var a = this.words, b = num.words, o = out.words, c = 0, w, ' + - 'mask = 0x3ffffff, shift = 0x4000000;', - 'out.length = ' + len + ';' - ]; - for (var k = 0; k < len; k++) { - var minJ = Math.max(0, k - alen + 1); - var maxJ = Math.min(k, blen - 1); - - for (var j = minJ; j <= maxJ; j++) { - var i = k - j; - var mul = 'a[' + i + '] * b[' + j + ']'; - - if (j === minJ) { - src.push('w = ' + mul + ' + c;'); - src.push('c = (w / shift) | 0;'); - } else { - src.push('w += ' + mul + ';'); - src.push('c += (w / shift) | 0;'); - } - src.push('w &= mask;'); - } - src.push('o[' + k + '] = w;'); +HDPublicKey.prototype._deriveWithNumber = function(index, hardened) { + if (index >= HDPublicKey.Hardened || hardened) { + throw new hdErrors.InvalidIndexCantDeriveHardened(); + } + if (index < 0) { + throw new hdErrors.InvalidPath(index); + } + var cached = HDKeyCache.get(this.xpubkey, index, false); + if (cached) { + return cached; } - src.push('if (c !== 0) {', - ' o[' + k + '] = c;', - ' out.length++;', - '}', - 'return out;'); - return src.join('\n'); -} -*/ + var indexBuffer = BufferUtil.integerAsBuffer(index); + var data = BufferUtil.concat([this.publicKey.toBuffer(), indexBuffer]); + var hash = Hash.sha512hmac(data, this._buffers.chainCode); + var leftPart = BN.fromBuffer(hash.slice(0, 32), {size: 32}); + var chainCode = hash.slice(32, 64); -BN.prototype._smallMulTo = function _smallMulTo(num, out) { - out.sign = num.sign !== this.sign; - out.length = this.length + num.length; + var publicKey = PublicKey.fromPoint(Point.getG().mul(leftPart).add(this.publicKey.point)); - var carry = 0; - for (var k = 0; k < out.length - 1; k++) { - // Sum all words with the same `i + j = k` and accumulate `ncarry`, - // note that ncarry could be >= 0x3ffffff - var ncarry = carry >>> 26; - var rword = carry & 0x3ffffff; - var maxJ = Math.min(k, num.length - 1); - for (var j = Math.max(0, k - this.length + 1); j <= maxJ; j++) { - var i = k - j; - var a = this.words[i] | 0; - var b = num.words[j] | 0; - var r = a * b; + var derived = new HDPublicKey({ + network: this.network, + depth: this.depth + 1, + parentFingerPrint: this.fingerPrint, + childIndex: index, + chainCode: chainCode, + publicKey: publicKey + }); + HDKeyCache.set(this.xpubkey, index, false, derived); + return derived; +}; - var lo = r & 0x3ffffff; - ncarry = (ncarry + ((r / 0x4000000) | 0)) | 0; - lo = (lo + rword) | 0; - rword = lo & 0x3ffffff; - ncarry = (ncarry + (lo >>> 26)) | 0; - } - out.words[k] = rword; - carry = ncarry; - } - if (carry !== 0) { - out.words[k] = carry; - } else { - out.length--; +HDPublicKey.prototype._deriveFromString = function(path) { + /* jshint maxcomplexity: 8 */ + if (_.contains(path, "'")) { + throw new hdErrors.InvalidIndexCantDeriveHardened(); + } else if (!HDPublicKey.isValidPath(path)) { + throw new hdErrors.InvalidPath(path); } - return out.strip(); + var indexes = HDPrivateKey._getDerivationIndexes(path); + var derived = indexes.reduce(function(prev, index) { + return prev._deriveWithNumber(index); + }, this); + + return derived; }; -BN.prototype._bigMulTo = function _bigMulTo(num, out) { - out.sign = num.sign !== this.sign; - out.length = this.length + num.length; +/** + * Verifies that a given serialized public key in base58 with checksum format + * is valid. + * + * @param {string|Buffer} data - the serialized public key + * @param {string|Network=} network - optional, if present, checks that the + * network provided matches the network serialized. + * @return {boolean} + */ +HDPublicKey.isValidSerialized = function(data, network) { + return _.isNull(HDPublicKey.getSerializedError(data, network)); +}; - var carry = 0; - var hncarry = 0; - for (var k = 0; k < out.length - 1; k++) { - // Sum all words with the same `i + j = k` and accumulate `ncarry`, - // note that ncarry could be >= 0x3ffffff - var ncarry = hncarry; - hncarry = 0; - var rword = carry & 0x3ffffff; - var maxJ = Math.min(k, num.length - 1); - for (var j = Math.max(0, k - this.length + 1); j <= maxJ; j++) { - var i = k - j; - var a = this.words[i] | 0; - var b = num.words[j] | 0; - var r = a * b; - - var lo = r & 0x3ffffff; - ncarry = (ncarry + ((r / 0x4000000) | 0)) | 0; - lo = (lo + rword) | 0; - rword = lo & 0x3ffffff; - ncarry = (ncarry + (lo >>> 26)) | 0; - - hncarry += ncarry >>> 26; - ncarry &= 0x3ffffff; - } - out.words[k] = rword; - carry = ncarry; - ncarry = hncarry; +/** + * Checks what's the error that causes the validation of a serialized public key + * in base58 with checksum to fail. + * + * @param {string|Buffer} data - the serialized public key + * @param {string|Network=} network - optional, if present, checks that the + * network provided matches the network serialized. + * @return {errors|null} + */ +HDPublicKey.getSerializedError = function(data, network) { + /* jshint maxcomplexity: 10 */ + /* jshint maxstatements: 20 */ + if (!(_.isString(data) || BufferUtil.isBuffer(data))) { + return new hdErrors.UnrecognizedArgument('expected buffer or string'); } - if (carry !== 0) { - out.words[k] = carry; - } else { - out.length--; + if (!Base58.validCharacters(data)) { + return new errors.InvalidB58Char('(unknown)', data); } - - return out.strip(); -}; - -BN.prototype.mulTo = function mulTo(num, out) { - var res; - if (this.length + num.length < 63) - res = this._smallMulTo(num, out); - else - res = this._bigMulTo(num, out); - return res; -}; - -// Multiply `this` by `num` -BN.prototype.mul = function mul(num) { - var out = new BN(null); - out.words = new Array(this.length + num.length); - return this.mulTo(num, out); -}; - -// In-place Multiplication -BN.prototype.imul = function imul(num) { - if (this.cmpn(0) === 0 || num.cmpn(0) === 0) { - this.words[0] = 0; - this.length = 1; - return this; + try { + data = Base58Check.decode(data); + } catch (e) { + return new errors.InvalidB58Checksum(data); } - - var tlen = this.length; - var nlen = num.length; - - this.sign = num.sign !== this.sign; - this.length = this.length + num.length; - this.words[this.length - 1] = 0; - - for (var k = this.length - 2; k >= 0; k--) { - // Sum all words with the same `i + j = k` and accumulate `carry`, - // note that carry could be >= 0x3ffffff - var carry = 0; - var rword = 0; - var maxJ = Math.min(k, nlen - 1); - for (var j = Math.max(0, k - tlen + 1); j <= maxJ; j++) { - var i = k - j; - var a = this.words[i]; - var b = num.words[j]; - var r = a * b; - - var lo = r & 0x3ffffff; - carry += (r / 0x4000000) | 0; - lo += rword; - rword = lo & 0x3ffffff; - carry += lo >>> 26; + if (data.length !== HDPublicKey.DataSize) { + return new hdErrors.InvalidLength(data); + } + if (!_.isUndefined(network)) { + var error = HDPublicKey._validateNetwork(data, network); + if (error) { + return error; } - this.words[k] = rword; - this.words[k + 1] += carry; - carry = 0; } - - // Propagate overflows - var carry = 0; - for (var i = 1; i < this.length; i++) { - var w = this.words[i] + carry; - this.words[i] = w & 0x3ffffff; - carry = w >>> 26; + var version = BufferUtil.integerFromBuffer(data.slice(0, 4)); + if (version === Network.livenet.xprivkey || version === Network.testnet.xprivkey ) { + return new hdErrors.ArgumentIsPrivateExtended(); } - - return this.strip(); + return null; }; -BN.prototype.imuln = function imuln(num) { - assert(typeof num === 'number'); - - // Carry - var carry = 0; - for (var i = 0; i < this.length; i++) { - var w = this.words[i] * num; - var lo = (w & 0x3ffffff) + (carry & 0x3ffffff); - carry >>= 26; - carry += (w / 0x4000000) | 0; - // NOTE: lo is 27bit maximum - carry += lo >>> 26; - this.words[i] = lo & 0x3ffffff; +HDPublicKey._validateNetwork = function(data, networkArg) { + var network = Network.get(networkArg); + if (!network) { + return new errors.InvalidNetworkArgument(networkArg); } - - if (carry !== 0) { - this.words[i] = carry; - this.length++; + var version = data.slice(HDPublicKey.VersionStart, HDPublicKey.VersionEnd); + if (BufferUtil.integerFromBuffer(version) !== network.xpubkey) { + return new errors.InvalidNetwork(version); } - - return this; + return null; }; -// `this` * `this` -BN.prototype.sqr = function sqr() { - return this.mul(this); +HDPublicKey.prototype._buildFromPrivate = function (arg) { + var args = _.clone(arg._buffers); + var point = Point.getG().mul(BN.fromBuffer(args.privateKey)); + args.publicKey = Point.pointToCompressed(point); + args.version = BufferUtil.integerAsBuffer(Network.get(BufferUtil.integerFromBuffer(args.version)).xpubkey); + args.privateKey = undefined; + args.checksum = undefined; + args.xprivkey = undefined; + return this._buildFromBuffers(args); }; -// `this` * `this` in-place -BN.prototype.isqr = function isqr() { - return this.mul(this); +HDPublicKey.prototype._buildFromObject = function(arg) { + /* jshint maxcomplexity: 10 */ + // TODO: Type validation + var buffers = { + version: arg.network ? BufferUtil.integerAsBuffer(Network.get(arg.network).xpubkey) : arg.version, + depth: _.isNumber(arg.depth) ? BufferUtil.integerAsSingleByteBuffer(arg.depth) : arg.depth, + parentFingerPrint: _.isNumber(arg.parentFingerPrint) ? BufferUtil.integerAsBuffer(arg.parentFingerPrint) : arg.parentFingerPrint, + childIndex: _.isNumber(arg.childIndex) ? BufferUtil.integerAsBuffer(arg.childIndex) : arg.childIndex, + chainCode: _.isString(arg.chainCode) ? BufferUtil.hexToBuffer(arg.chainCode) : arg.chainCode, + publicKey: _.isString(arg.publicKey) ? BufferUtil.hexToBuffer(arg.publicKey) : + BufferUtil.isBuffer(arg.publicKey) ? arg.publicKey : arg.publicKey.toBuffer(), + checksum: _.isNumber(arg.checksum) ? BufferUtil.integerAsBuffer(arg.checksum) : arg.checksum + }; + return this._buildFromBuffers(buffers); }; -// Shift-left in-place -BN.prototype.ishln = function ishln(bits) { - assert(typeof bits === 'number' && bits >= 0); - var r = bits % 26; - var s = (bits - r) / 26; - var carryMask = (0x3ffffff >>> (26 - r)) << (26 - r); - - if (r !== 0) { - var carry = 0; - for (var i = 0; i < this.length; i++) { - var newCarry = this.words[i] & carryMask; - var c = (this.words[i] - newCarry) << r; - this.words[i] = c | carry; - carry = newCarry >>> (26 - r); - } - if (carry) { - this.words[i] = carry; - this.length++; - } - } - - if (s !== 0) { - for (var i = this.length - 1; i >= 0; i--) - this.words[i + s] = this.words[i]; - for (var i = 0; i < s; i++) - this.words[i] = 0; - this.length += s; - } - - return this.strip(); +HDPublicKey.prototype._buildFromSerialized = function(arg) { + var decoded = Base58Check.decode(arg); + var buffers = { + version: decoded.slice(HDPublicKey.VersionStart, HDPublicKey.VersionEnd), + depth: decoded.slice(HDPublicKey.DepthStart, HDPublicKey.DepthEnd), + parentFingerPrint: decoded.slice(HDPublicKey.ParentFingerPrintStart, + HDPublicKey.ParentFingerPrintEnd), + childIndex: decoded.slice(HDPublicKey.ChildIndexStart, HDPublicKey.ChildIndexEnd), + chainCode: decoded.slice(HDPublicKey.ChainCodeStart, HDPublicKey.ChainCodeEnd), + publicKey: decoded.slice(HDPublicKey.PublicKeyStart, HDPublicKey.PublicKeyEnd), + checksum: decoded.slice(HDPublicKey.ChecksumStart, HDPublicKey.ChecksumEnd), + xpubkey: arg + }; + return this._buildFromBuffers(buffers); }; -// Shift-right in-place -// NOTE: `hint` is a lowest bit before trailing zeroes -// NOTE: if `extended` is present - it will be filled with destroyed bits -BN.prototype.ishrn = function ishrn(bits, hint, extended) { - assert(typeof bits === 'number' && bits >= 0); - var h; - if (hint) - h = (hint - (hint % 26)) / 26; - else - h = 0; - - var r = bits % 26; - var s = Math.min((bits - r) / 26, this.length); - var mask = 0x3ffffff ^ ((0x3ffffff >>> r) << r); - var maskedWords = extended; +/** + * Receives a object with buffers in all the properties and populates the + * internal structure + * + * @param {Object} arg + * @param {buffer.Buffer} arg.version + * @param {buffer.Buffer} arg.depth + * @param {buffer.Buffer} arg.parentFingerPrint + * @param {buffer.Buffer} arg.childIndex + * @param {buffer.Buffer} arg.chainCode + * @param {buffer.Buffer} arg.publicKey + * @param {buffer.Buffer} arg.checksum + * @param {string=} arg.xpubkey - if set, don't recalculate the base58 + * representation + * @return {HDPublicKey} this + */ +HDPublicKey.prototype._buildFromBuffers = function(arg) { + /* jshint maxcomplexity: 8 */ + /* jshint maxstatements: 20 */ - h -= s; - h = Math.max(0, h); + HDPublicKey._validateBufferArguments(arg); - // Extended mode, copy masked part - if (maskedWords) { - for (var i = 0; i < s; i++) - maskedWords.words[i] = this.words[i]; - maskedWords.length = s; - } + JSUtil.defineImmutable(this, { + _buffers: arg + }); - if (s === 0) { - // No-op, we should not move anything at all - } else if (this.length > s) { - this.length -= s; - for (var i = 0; i < this.length; i++) - this.words[i] = this.words[i + s]; + var sequence = [ + arg.version, arg.depth, arg.parentFingerPrint, arg.childIndex, arg.chainCode, + arg.publicKey + ]; + var concat = BufferUtil.concat(sequence); + var checksum = Base58Check.checksum(concat); + if (!arg.checksum || !arg.checksum.length) { + arg.checksum = checksum; } else { - this.words[0] = 0; - this.length = 1; - } - - var carry = 0; - for (var i = this.length - 1; i >= 0 && (carry !== 0 || i >= h); i--) { - var word = this.words[i]; - this.words[i] = (carry << (26 - r)) | (word >>> r); - carry = word & mask; + if (arg.checksum.toString('hex') !== checksum.toString('hex')) { + throw new errors.InvalidB58Checksum(concat, checksum); + } } + var network = Network.get(BufferUtil.integerFromBuffer(arg.version)); - // Push carried bits as a mask - if (maskedWords && carry !== 0) - maskedWords.words[maskedWords.length++] = carry; + var xpubkey; + xpubkey = Base58Check.encode(BufferUtil.concat(sequence)); + arg.xpubkey = new Buffer(xpubkey); - if (this.length === 0) { - this.words[0] = 0; - this.length = 1; - } + var publicKey = new PublicKey(arg.publicKey, {network: network}); + var size = HDPublicKey.ParentFingerPrintSize; + var fingerPrint = Hash.sha256ripemd160(publicKey.toBuffer()).slice(0, size); - this.strip(); + JSUtil.defineImmutable(this, { + xpubkey: xpubkey, + network: network, + depth: BufferUtil.integerFromSingleByteBuffer(arg.depth), + publicKey: publicKey, + fingerPrint: fingerPrint + }); return this; }; -// Shift-left -BN.prototype.shln = function shln(bits) { - return this.clone().ishln(bits); +HDPublicKey._validateBufferArguments = function(arg) { + var checkBuffer = function(name, size) { + var buff = arg[name]; + assert(BufferUtil.isBuffer(buff), name + ' argument is not a buffer, it\'s ' + typeof buff); + assert( + buff.length === size, + name + ' has not the expected size: found ' + buff.length + ', expected ' + size + ); + }; + checkBuffer('version', HDPublicKey.VersionSize); + checkBuffer('depth', HDPublicKey.DepthSize); + checkBuffer('parentFingerPrint', HDPublicKey.ParentFingerPrintSize); + checkBuffer('childIndex', HDPublicKey.ChildIndexSize); + checkBuffer('chainCode', HDPublicKey.ChainCodeSize); + checkBuffer('publicKey', HDPublicKey.PublicKeySize); + if (arg.checksum && arg.checksum.length) { + checkBuffer('checksum', HDPublicKey.CheckSumSize); + } }; -// Shift-right -BN.prototype.shrn = function shrn(bits) { - return this.clone().ishrn(bits); +HDPublicKey.fromString = function(arg) { + $.checkArgument(_.isString(arg), 'No valid string was provided'); + return new HDPublicKey(arg); }; -// Test if n bit is set -BN.prototype.testn = function testn(bit) { - assert(typeof bit === 'number' && bit >= 0); - var r = bit % 26; - var s = (bit - r) / 26; - var q = 1 << r; - - // Fast case: bit is much higher than all existing words - if (this.length <= s) { - return false; - } - - // Check bit and return - var w = this.words[s]; - - return !!(w & q); +HDPublicKey.fromObject = function(arg) { + $.checkArgument(_.isObject(arg), 'No valid argument was provided'); + return new HDPublicKey(arg); }; -// Return only lowers bits of number (in-place) -BN.prototype.imaskn = function imaskn(bits) { - assert(typeof bits === 'number' && bits >= 0); - var r = bits % 26; - var s = (bits - r) / 26; - - assert(!this.sign, 'imaskn works only with positive numbers'); +/** + * Returns the base58 checked representation of the public key + * @return {string} a string starting with "xpub..." in livenet + */ +HDPublicKey.prototype.toString = function() { + return this.xpubkey; +}; - if (r !== 0) - s++; - this.length = Math.min(s, this.length); +/** + * Returns the console representation of this extended public key. + * @return string + */ +HDPublicKey.prototype.inspect = function() { + return ''; +}; - if (r !== 0) { - var mask = 0x3ffffff ^ ((0x3ffffff >>> r) << r); - this.words[this.length - 1] &= mask; - } +/** + * Returns a plain JavaScript object with information to reconstruct a key. + * + * Fields are:
    + *
  • network: 'livenet' or 'testnet' + *
  • depth: a number from 0 to 255, the depth to the master extended key + *
  • fingerPrint: a number of 32 bits taken from the hash of the public key + *
  • fingerPrint: a number of 32 bits taken from the hash of this key's + *
  • parent's public key + *
  • childIndex: index with which this key was derived + *
  • chainCode: string in hexa encoding used for derivation + *
  • publicKey: string, hexa encoded, in compressed key format + *
  • checksum: BufferUtil.integerFromBuffer(this._buffers.checksum), + *
  • xpubkey: the string with the base58 representation of this extended key + *
  • checksum: the base58 checksum of xpubkey + *
+ */ +HDPublicKey.prototype.toObject = HDPublicKey.prototype.toJSON = function toObject() { + return { + network: Network.get(BufferUtil.integerFromBuffer(this._buffers.version)).name, + depth: BufferUtil.integerFromSingleByteBuffer(this._buffers.depth), + fingerPrint: BufferUtil.integerFromBuffer(this.fingerPrint), + parentFingerPrint: BufferUtil.integerFromBuffer(this._buffers.parentFingerPrint), + childIndex: BufferUtil.integerFromBuffer(this._buffers.childIndex), + chainCode: BufferUtil.bufferToHex(this._buffers.chainCode), + publicKey: this.publicKey.toString(), + checksum: BufferUtil.integerFromBuffer(this._buffers.checksum), + xpubkey: this.xpubkey + }; +}; - return this.strip(); +/** + * Create a HDPublicKey from a buffer argument + * + * @param {Buffer} arg + * @return {HDPublicKey} + */ +HDPublicKey.fromBuffer = function(arg) { + return new HDPublicKey(arg); }; -// Return only lowers bits of number -BN.prototype.maskn = function maskn(bits) { - return this.clone().imaskn(bits); +/** + * Return a buffer representation of the xpubkey + * + * @return {Buffer} + */ +HDPublicKey.prototype.toBuffer = function() { + return BufferUtil.copy(this._buffers.xpubkey); }; -// Add plain number `num` to `this` -BN.prototype.iaddn = function iaddn(num) { - assert(typeof num === 'number'); - if (num < 0) - return this.isubn(-num); +HDPublicKey.Hardened = 0x80000000; +HDPublicKey.RootElementAlias = ['m', 'M']; - // Possible sign change - if (this.sign) { - if (this.length === 1 && this.words[0] < num) { - this.words[0] = num - this.words[0]; - this.sign = false; - return this; - } +HDPublicKey.VersionSize = 4; +HDPublicKey.DepthSize = 1; +HDPublicKey.ParentFingerPrintSize = 4; +HDPublicKey.ChildIndexSize = 4; +HDPublicKey.ChainCodeSize = 32; +HDPublicKey.PublicKeySize = 33; +HDPublicKey.CheckSumSize = 4; - this.sign = false; - this.isubn(num); - this.sign = true; - return this; - } +HDPublicKey.DataSize = 78; +HDPublicKey.SerializedByteSize = 82; - // Add without checks - return this._iaddn(num); -}; +HDPublicKey.VersionStart = 0; +HDPublicKey.VersionEnd = HDPublicKey.VersionStart + HDPublicKey.VersionSize; +HDPublicKey.DepthStart = HDPublicKey.VersionEnd; +HDPublicKey.DepthEnd = HDPublicKey.DepthStart + HDPublicKey.DepthSize; +HDPublicKey.ParentFingerPrintStart = HDPublicKey.DepthEnd; +HDPublicKey.ParentFingerPrintEnd = HDPublicKey.ParentFingerPrintStart + HDPublicKey.ParentFingerPrintSize; +HDPublicKey.ChildIndexStart = HDPublicKey.ParentFingerPrintEnd; +HDPublicKey.ChildIndexEnd = HDPublicKey.ChildIndexStart + HDPublicKey.ChildIndexSize; +HDPublicKey.ChainCodeStart = HDPublicKey.ChildIndexEnd; +HDPublicKey.ChainCodeEnd = HDPublicKey.ChainCodeStart + HDPublicKey.ChainCodeSize; +HDPublicKey.PublicKeyStart = HDPublicKey.ChainCodeEnd; +HDPublicKey.PublicKeyEnd = HDPublicKey.PublicKeyStart + HDPublicKey.PublicKeySize; +HDPublicKey.ChecksumStart = HDPublicKey.PublicKeyEnd; +HDPublicKey.ChecksumEnd = HDPublicKey.ChecksumStart + HDPublicKey.CheckSumSize; -BN.prototype._iaddn = function _iaddn(num) { - this.words[0] += num; +assert(HDPublicKey.PublicKeyEnd === HDPublicKey.DataSize); +assert(HDPublicKey.ChecksumEnd === HDPublicKey.SerializedByteSize); - // Carry - for (var i = 0; i < this.length && this.words[i] >= 0x4000000; i++) { - this.words[i] -= 0x4000000; - if (i === this.length - 1) - this.words[i + 1] = 1; - else - this.words[i + 1]++; - } - this.length = Math.max(this.length, i + 1); +module.exports = HDPublicKey; - return this; -}; +}).call(this,require("buffer").Buffer) +},{"./crypto/bn":31,"./crypto/hash":33,"./crypto/point":34,"./encoding/base58":37,"./encoding/base58check":38,"./errors":42,"./hdkeycache":44,"./hdprivatekey":45,"./networks":47,"./publickey":50,"./util/buffer":68,"./util/js":69,"./util/preconditions":70,"assert":22,"buffer":158,"lodash":96}],47:[function(require,module,exports){ +'use strict'; +var _ = require('lodash'); -// Subtract plain number `num` from `this` -BN.prototype.isubn = function isubn(num) { - assert(typeof num === 'number'); - if (num < 0) - return this.iaddn(-num); +var BufferUtil = require('./util/buffer'); +var JSUtil = require('./util/js'); +var networks = []; +var networkMaps = {}; - if (this.sign) { - this.sign = false; - this.iaddn(num); - this.sign = true; - return this; - } - - this.words[0] -= num; - - // Carry - for (var i = 0; i < this.length && this.words[i] < 0; i++) { - this.words[i] += 0x4000000; - this.words[i + 1] -= 1; - } - - return this.strip(); -}; +/** + * A network is merely a map containing values that correspond to version + * numbers for each bitcoin network. Currently only supporting "livenet" + * (a.k.a. "mainnet") and "testnet". + * @constructor + */ +function Network() {} -BN.prototype.addn = function addn(num) { - return this.clone().iaddn(num); +Network.prototype.toString = function toString() { + return this.name; }; -BN.prototype.subn = function subn(num) { - return this.clone().isubn(num); -}; +/** + * @function + * @member Networks#get + * Retrieves the network associated with a magic number or string. + * @param {string|number|Network} arg + * @param {string|Array} keys - if set, only check if the magic number associated with this name matches + * @return Network + */ +function get(arg, keys) { + if (~networks.indexOf(arg)) { + return arg; + } + if (keys) { + if (!_.isArray(keys)) { + keys = [keys]; + } + var containsArg = function(key) { + return networks[index][key] === arg; + }; + for (var index in networks) { + if (_.any(keys, containsArg)) { + return networks[index]; + } + } + return undefined; + } + return networkMaps[arg]; +} -BN.prototype.iabs = function iabs() { - this.sign = false; +/** + * @function + * @member Networks#add + * Will add a custom Network + * @param {Object} data + * @param {string} data.name - The name of the network + * @param {string} data.alias - The aliased name of the network + * @param {Number} data.pubkeyhash - The publickey hash prefix + * @param {Number} data.privatekey - The privatekey prefix + * @param {Number} data.scripthash - The scripthash prefix + * @param {Number} data.xpubkey - The extended public key magic + * @param {Number} data.xprivkey - The extended private key magic + * @param {Number} data.networkMagic - The network magic number + * @param {Number} data.port - The network port + * @param {Array} data.dnsSeeds - An array of dns seeds + * @return Network + */ +function addNetwork(data) { - return this; -}; + var network = new Network(); -BN.prototype.abs = function abs() { - return this.clone().iabs(); -}; + JSUtil.defineImmutable(network, { + name: data.name, + alias: data.alias, + pubkeyhash: data.pubkeyhash, + privatekey: data.privatekey, + scripthash: data.scripthash, + xpubkey: data.xpubkey, + xprivkey: data.xprivkey + }); -BN.prototype._ishlnsubmul = function _ishlnsubmul(num, mul, shift) { - // Bigger storage is needed - var len = num.length + shift; - var i; - if (this.words.length < len) { - var t = new Array(len); - for (var i = 0; i < this.length; i++) - t[i] = this.words[i]; - this.words = t; - } else { - i = this.length; + if (data.networkMagic) { + JSUtil.defineImmutable(network, { + networkMagic: BufferUtil.integerAsBuffer(data.networkMagic) + }); } - // Zeroify rest - this.length = Math.max(this.length, len); - for (; i < this.length; i++) - this.words[i] = 0; - - var carry = 0; - for (var i = 0; i < num.length; i++) { - var w = this.words[i + shift] + carry; - var right = num.words[i] * mul; - w -= right & 0x3ffffff; - carry = (w >> 26) - ((right / 0x4000000) | 0); - this.words[i + shift] = w & 0x3ffffff; - } - for (; i < this.length - shift; i++) { - var w = this.words[i + shift] + carry; - carry = w >> 26; - this.words[i + shift] = w & 0x3ffffff; + if (data.port) { + JSUtil.defineImmutable(network, { + port: data.port + }); } - if (carry === 0) - return this.strip(); - - // Subtraction overflow - assert(carry === -1); - carry = 0; - for (var i = 0; i < this.length; i++) { - var w = -this.words[i] + carry; - carry = w >> 26; - this.words[i] = w & 0x3ffffff; + if (data.dnsSeeds) { + JSUtil.defineImmutable(network, { + dnsSeeds: data.dnsSeeds + }); } - this.sign = true; + _.each(network, function(value) { + if (!_.isUndefined(value) && !_.isObject(value)) { + networkMaps[value] = network; + } + }); - return this.strip(); -}; + networks.push(network); -BN.prototype._wordDiv = function _wordDiv(num, mode) { - var shift = this.length - num.length; + return network; - var a = this.clone(); - var b = num; +} - // Normalize - var bhi = b.words[b.length - 1]; - var bhiBits = this._countBits(bhi); - shift = 26 - bhiBits; - if (shift !== 0) { - b = b.shln(shift); - a.ishln(shift); - bhi = b.words[b.length - 1]; +/** + * @function + * @member Networks#remove + * Will remove a custom network + * @param {Network} network + */ +function removeNetwork(network) { + for (var i = 0; i < networks.length; i++) { + if (networks[i] === network) { + networks.splice(i, 1); + } + } + for (var key in networkMaps) { + if (networkMaps[key] === network) { + delete networkMaps[key]; + } } +} - // Initialize quotient - var m = a.length - b.length; - var q; +addNetwork({ + name: 'livenet', + alias: 'mainnet', + pubkeyhash: 0x00, + privatekey: 0x80, + scripthash: 0x05, + xpubkey: 0x0488b21e, + xprivkey: 0x0488ade4, + networkMagic: 0xf9beb4d9, + port: 8333, + dnsSeeds: [ + 'seed.bitcoin.sipa.be', + 'dnsseed.bluematt.me', + 'dnsseed.bitcoin.dashjr.org', + 'seed.bitcoinstats.com', + 'seed.bitnodes.io', + 'bitseed.xf2.org' + ] +}); - if (mode !== 'mod') { - q = new BN(null); - q.length = m + 1; - q.words = new Array(q.length); - for (var i = 0; i < q.length; i++) - q.words[i] = 0; - } +/** + * @instance + * @member Networks#livenet + */ +var livenet = get('livenet'); - var diff = a.clone()._ishlnsubmul(b, 1, m); - if (!diff.sign) { - a = diff; - if (q) - q.words[m] = 1; - } +addNetwork({ + name: 'testnet', + alias: 'regtest', + pubkeyhash: 0x6f, + privatekey: 0xef, + scripthash: 0xc4, + xpubkey: 0x043587cf, + xprivkey: 0x04358394 +}); - for (var j = m - 1; j >= 0; j--) { - var qj = a.words[b.length + j] * 0x4000000 + a.words[b.length + j - 1]; +/** + * @instance + * @member Networks#testnet + */ +var testnet = get('testnet'); - // NOTE: (qj / bhi) is (0x3ffffff * 0x4000000 + 0x3ffffff) / 0x2000000 max - // (0x7ffffff) - qj = Math.min((qj / bhi) | 0, 0x3ffffff); +// Add configurable values for testnet/regtest - a._ishlnsubmul(b, qj, j); - while (a.sign) { - qj--; - a.sign = false; - a._ishlnsubmul(b, 1, j); - if (a.cmpn(0) !== 0) - a.sign = !a.sign; - } - if (q) - q.words[j] = qj; +var TESTNET = { + PORT: 18333, + NETWORK_MAGIC: BufferUtil.integerAsBuffer(0x0b110907), + DNS_SEEDS: [ + 'testnet-seed.bitcoin.petertodd.org', + 'testnet-seed.bluematt.me', + 'testnet-seed.alexykot.me', + 'testnet-seed.bitcoin.schildbach.de' + ] +}; + +for (var key in TESTNET) { + if (!_.isObject(TESTNET[key])) { + networkMaps[TESTNET[key]] = testnet; } - if (q) - q.strip(); - a.strip(); +} - // Denormalize - if (mode !== 'div' && shift !== 0) - a.ishrn(shift); - return { div: q ? q : null, mod: a }; +var REGTEST = { + PORT: 18444, + NETWORK_MAGIC: BufferUtil.integerAsBuffer(0xfabfb5da), + DNS_SEEDS: [] }; -BN.prototype.divmod = function divmod(num, mode) { - assert(num.cmpn(0) !== 0); - - if (this.sign && !num.sign) { - var res = this.neg().divmod(num, mode); - var div; - var mod; - if (mode !== 'mod') - div = res.div.neg(); - if (mode !== 'div') - mod = res.mod.cmpn(0) === 0 ? res.mod : num.sub(res.mod); - return { - div: div, - mod: mod - }; - } else if (!this.sign && num.sign) { - var res = this.divmod(num.neg(), mode); - var div; - if (mode !== 'mod') - div = res.div.neg(); - return { div: div, mod: res.mod }; - } else if (this.sign && num.sign) { - return this.neg().divmod(num.neg(), mode); +for (var key in REGTEST) { + if (!_.isObject(REGTEST[key])) { + networkMaps[REGTEST[key]] = testnet; } +} - // Both numbers are positive at this point +Object.defineProperty(testnet, 'port', { + enumerable: true, + configurable: false, + get: function() { + if (this.regtestEnabled) { + return REGTEST.PORT; + } else { + return TESTNET.PORT; + } + } +}); - // Strip both numbers to approximate shift value - if (num.length > this.length || this.cmp(num) < 0) - return { div: new BN(0), mod: this }; +Object.defineProperty(testnet, 'networkMagic', { + enumerable: true, + configurable: false, + get: function() { + if (this.regtestEnabled) { + return REGTEST.NETWORK_MAGIC; + } else { + return TESTNET.NETWORK_MAGIC; + } + } +}); - // Very short reduction - if (num.length === 1) { - if (mode === 'div') - return { div: this.divn(num.words[0]), mod: null }; - else if (mode === 'mod') - return { div: null, mod: new BN(this.modn(num.words[0])) }; - return { - div: this.divn(num.words[0]), - mod: new BN(this.modn(num.words[0])) - }; +Object.defineProperty(testnet, 'dnsSeeds', { + enumerable: true, + configurable: false, + get: function() { + if (this.regtestEnabled) { + return REGTEST.DNS_SEEDS; + } else { + return TESTNET.DNS_SEEDS; + } } +}); - return this._wordDiv(num, mode); -}; +/** + * @function + * @member Networks#enableRegtest + * Will enable regtest features for testnet + */ +function enableRegtest() { + testnet.regtestEnabled = true; +} -// Find `this` / `num` -BN.prototype.div = function div(num) { - return this.divmod(num, 'div').div; -}; +/** + * @function + * @member Networks#disableRegtest + * Will disable regtest features for testnet + */ +function disableRegtest() { + testnet.regtestEnabled = false; +} -// Find `this` % `num` -BN.prototype.mod = function mod(num) { - return this.divmod(num, 'mod').mod; +/** + * @namespace Networks + */ +module.exports = { + add: addNetwork, + remove: removeNetwork, + defaultNetwork: livenet, + livenet: livenet, + mainnet: livenet, + testnet: testnet, + get: get, + enableRegtest: enableRegtest, + disableRegtest: disableRegtest }; -// Find Round(`this` / `num`) -BN.prototype.divRound = function divRound(num) { - var dm = this.divmod(num); - - // Fast case - exact division - if (dm.mod.cmpn(0) === 0) - return dm.div; +},{"./util/buffer":68,"./util/js":69,"lodash":96}],48:[function(require,module,exports){ +(function (Buffer){ +'use strict'; - var mod = dm.div.sign ? dm.mod.isub(num) : dm.mod; +var _ = require('lodash'); +var $ = require('./util/preconditions'); +var BufferUtil = require('./util/buffer'); +var JSUtil = require('./util/js'); - var half = num.shrn(1); - var r2 = num.andln(1); - var cmp = mod.cmp(half); +function Opcode(num) { + if (!(this instanceof Opcode)) { + return new Opcode(num); + } - // Round down - if (cmp < 0 || r2 === 1 && cmp === 0) - return dm.div; + var value; - // Round up - return dm.div.sign ? dm.div.isubn(1) : dm.div.iaddn(1); -}; + if (_.isNumber(num)) { + value = num; + } else if (_.isString(num)) { + value = Opcode.map[num]; + } else { + throw new TypeError('Unrecognized num type: "' + typeof(num) + '" for Opcode'); + } -BN.prototype.modn = function modn(num) { - assert(num <= 0x3ffffff); - var p = (1 << 26) % num; + JSUtil.defineImmutable(this, { + num: value + }); - var acc = 0; - for (var i = this.length - 1; i >= 0; i--) - acc = (p * acc + this.words[i]) % num; + return this; +} - return acc; +Opcode.fromBuffer = function(buf) { + $.checkArgument(BufferUtil.isBuffer(buf)); + return new Opcode(Number('0x' + buf.toString('hex'))); }; -// In-place division by number -BN.prototype.idivn = function idivn(num) { - assert(num <= 0x3ffffff); +Opcode.fromNumber = function(num) { + $.checkArgument(_.isNumber(num)); + return new Opcode(num); +}; - var carry = 0; - for (var i = this.length - 1; i >= 0; i--) { - var w = this.words[i] + carry * 0x4000000; - this.words[i] = (w / num) | 0; - carry = w % num; +Opcode.fromString = function(str) { + $.checkArgument(_.isString(str)); + var value = Opcode.map[str]; + if (typeof value === 'undefined') { + throw new TypeError('Invalid opcodestr'); } - - return this.strip(); + return new Opcode(value); }; -BN.prototype.divn = function divn(num) { - return this.clone().idivn(num); +Opcode.prototype.toHex = function() { + return this.num.toString(16); }; -BN.prototype.egcd = function egcd(p) { - assert(!p.sign); - assert(p.cmpn(0) !== 0); - - var x = this; - var y = p.clone(); - - if (x.sign) - x = x.mod(p); - else - x = x.clone(); - - // A * x + B * y = x - var A = new BN(1); - var B = new BN(0); - - // C * x + D * y = y - var C = new BN(0); - var D = new BN(1); +Opcode.prototype.toBuffer = function() { + return new Buffer(this.toHex(), 'hex'); +}; - var g = 0; +Opcode.prototype.toNumber = function() { + return this.num; +}; - while (x.isEven() && y.isEven()) { - x.ishrn(1); - y.ishrn(1); - ++g; +Opcode.prototype.toString = function() { + var str = Opcode.reverseMap[this.num]; + if (typeof str === 'undefined') { + throw new Error('Opcode does not have a string representation'); } + return str; +}; - var yp = y.clone(); - var xp = x.clone(); +Opcode.smallInt = function(n) { + $.checkArgument(_.isNumber(n), 'Invalid Argument: n should be number'); + $.checkArgument(n >= 0 && n <= 16, 'Invalid Argument: n must be between 0 and 16'); + if (n === 0) { + return Opcode('OP_0'); + } + return new Opcode(Opcode.map.OP_1 + n - 1); +}; - while (x.cmpn(0) !== 0) { - while (x.isEven()) { - x.ishrn(1); - if (A.isEven() && B.isEven()) { - A.ishrn(1); - B.ishrn(1); - } else { - A.iadd(yp).ishrn(1); - B.isub(xp).ishrn(1); - } - } +Opcode.map = { + // push value + OP_FALSE: 0, + OP_0: 0, + OP_PUSHDATA1: 76, + OP_PUSHDATA2: 77, + OP_PUSHDATA4: 78, + OP_1NEGATE: 79, + OP_RESERVED: 80, + OP_TRUE: 81, + OP_1: 81, + OP_2: 82, + OP_3: 83, + OP_4: 84, + OP_5: 85, + OP_6: 86, + OP_7: 87, + OP_8: 88, + OP_9: 89, + OP_10: 90, + OP_11: 91, + OP_12: 92, + OP_13: 93, + OP_14: 94, + OP_15: 95, + OP_16: 96, - while (y.isEven()) { - y.ishrn(1); - if (C.isEven() && D.isEven()) { - C.ishrn(1); - D.ishrn(1); - } else { - C.iadd(yp).ishrn(1); - D.isub(xp).ishrn(1); - } - } + // control + OP_NOP: 97, + OP_VER: 98, + OP_IF: 99, + OP_NOTIF: 100, + OP_VERIF: 101, + OP_VERNOTIF: 102, + OP_ELSE: 103, + OP_ENDIF: 104, + OP_VERIFY: 105, + OP_RETURN: 106, - if (x.cmp(y) >= 0) { - x.isub(y); - A.isub(C); - B.isub(D); - } else { - y.isub(x); - C.isub(A); - D.isub(B); - } - } + // stack ops + OP_TOALTSTACK: 107, + OP_FROMALTSTACK: 108, + OP_2DROP: 109, + OP_2DUP: 110, + OP_3DUP: 111, + OP_2OVER: 112, + OP_2ROT: 113, + OP_2SWAP: 114, + OP_IFDUP: 115, + OP_DEPTH: 116, + OP_DROP: 117, + OP_DUP: 118, + OP_NIP: 119, + OP_OVER: 120, + OP_PICK: 121, + OP_ROLL: 122, + OP_ROT: 123, + OP_SWAP: 124, + OP_TUCK: 125, - return { - a: C, - b: D, - gcd: y.ishln(g) - }; -}; + // splice ops + OP_CAT: 126, + OP_SUBSTR: 127, + OP_LEFT: 128, + OP_RIGHT: 129, + OP_SIZE: 130, -// This is reduced incarnation of the binary EEA -// above, designated to invert members of the -// _prime_ fields F(p) at a maximal speed -BN.prototype._invmp = function _invmp(p) { - assert(!p.sign); - assert(p.cmpn(0) !== 0); + // bit logic + OP_INVERT: 131, + OP_AND: 132, + OP_OR: 133, + OP_XOR: 134, + OP_EQUAL: 135, + OP_EQUALVERIFY: 136, + OP_RESERVED1: 137, + OP_RESERVED2: 138, - var a = this; - var b = p.clone(); + // numeric + OP_1ADD: 139, + OP_1SUB: 140, + OP_2MUL: 141, + OP_2DIV: 142, + OP_NEGATE: 143, + OP_ABS: 144, + OP_NOT: 145, + OP_0NOTEQUAL: 146, - if (a.sign) - a = a.mod(p); - else - a = a.clone(); + OP_ADD: 147, + OP_SUB: 148, + OP_MUL: 149, + OP_DIV: 150, + OP_MOD: 151, + OP_LSHIFT: 152, + OP_RSHIFT: 153, - var x1 = new BN(1); - var x2 = new BN(0); + OP_BOOLAND: 154, + OP_BOOLOR: 155, + OP_NUMEQUAL: 156, + OP_NUMEQUALVERIFY: 157, + OP_NUMNOTEQUAL: 158, + OP_LESSTHAN: 159, + OP_GREATERTHAN: 160, + OP_LESSTHANOREQUAL: 161, + OP_GREATERTHANOREQUAL: 162, + OP_MIN: 163, + OP_MAX: 164, - var delta = b.clone(); + OP_WITHIN: 165, - while (a.cmpn(1) > 0 && b.cmpn(1) > 0) { - while (a.isEven()) { - a.ishrn(1); - if (x1.isEven()) - x1.ishrn(1); - else - x1.iadd(delta).ishrn(1); - } - while (b.isEven()) { - b.ishrn(1); - if (x2.isEven()) - x2.ishrn(1); - else - x2.iadd(delta).ishrn(1); - } - if (a.cmp(b) >= 0) { - a.isub(b); - x1.isub(x2); - } else { - b.isub(a); - x2.isub(x1); - } - } - if (a.cmpn(1) === 0) - return x1; - else - return x2; -}; + // crypto + OP_RIPEMD160: 166, + OP_SHA1: 167, + OP_SHA256: 168, + OP_HASH160: 169, + OP_HASH256: 170, + OP_CODESEPARATOR: 171, + OP_CHECKSIG: 172, + OP_CHECKSIGVERIFY: 173, + OP_CHECKMULTISIG: 174, + OP_CHECKMULTISIGVERIFY: 175, -BN.prototype.gcd = function gcd(num) { - if (this.cmpn(0) === 0) - return num.clone(); - if (num.cmpn(0) === 0) - return this.clone(); + OP_CHECKLOCKTIMEVERIFY: 177, - var a = this.clone(); - var b = num.clone(); - a.sign = false; - b.sign = false; + // expansion + OP_NOP1: 176, + OP_NOP2: 177, + OP_NOP3: 178, + OP_NOP4: 179, + OP_NOP5: 180, + OP_NOP6: 181, + OP_NOP7: 182, + OP_NOP8: 183, + OP_NOP9: 184, + OP_NOP10: 185, - // Remove common factor of two - for (var shift = 0; a.isEven() && b.isEven(); shift++) { - a.ishrn(1); - b.ishrn(1); - } + // template matching params + OP_PUBKEYHASH: 253, + OP_PUBKEY: 254, + OP_INVALIDOPCODE: 255 +}; - do { - while (a.isEven()) - a.ishrn(1); - while (b.isEven()) - b.ishrn(1); +Opcode.reverseMap = []; - var r = a.cmp(b); - if (r < 0) { - // Swap `a` and `b` to make `a` always bigger than `b` - var t = a; - a = b; - b = t; - } else if (r === 0 || b.cmpn(1) === 0) { - break; - } +for (var k in Opcode.map) { + Opcode.reverseMap[Opcode.map[k]] = k; +} - a.isub(b); - } while (true); +// Easier access to opcodes +_.extend(Opcode, Opcode.map); - return b.ishln(shift); +/** + * @returns true if opcode is one of OP_0, OP_1, ..., OP_16 + */ +Opcode.isSmallIntOp = function(opcode) { + if (opcode instanceof Opcode) { + opcode = opcode.toNumber(); + } + return ((opcode === Opcode.map.OP_0) || + ((opcode >= Opcode.map.OP_1) && (opcode <= Opcode.map.OP_16))); }; -// Invert number in the field F(num) -BN.prototype.invm = function invm(num) { - return this.egcd(num).a.mod(num); +/** + * Will return a string formatted for the console + * + * @returns {string} Script opcode + */ +Opcode.prototype.inspect = function() { + return ''; }; -BN.prototype.isEven = function isEven() { - return (this.words[0] & 1) === 0; -}; +module.exports = Opcode; -BN.prototype.isOdd = function isOdd() { - return (this.words[0] & 1) === 1; -}; +}).call(this,require("buffer").Buffer) +},{"./util/buffer":68,"./util/js":69,"./util/preconditions":70,"buffer":158,"lodash":96}],49:[function(require,module,exports){ +(function (Buffer){ +'use strict'; -// And first word and num -BN.prototype.andln = function andln(num) { - return this.words[0] & num; -}; +var _ = require('lodash'); +var Address = require('./address'); +var Base58Check = require('./encoding/base58check'); +var BN = require('./crypto/bn'); +var JSUtil = require('./util/js'); +var Networks = require('./networks'); +var Point = require('./crypto/point'); +var PublicKey = require('./publickey'); +var Random = require('./crypto/random'); +var $ = require('./util/preconditions'); -// Increment at the bit position in-line -BN.prototype.bincn = function bincn(bit) { - assert(typeof bit === 'number'); - var r = bit % 26; - var s = (bit - r) / 26; - var q = 1 << r; +/** + * Instantiate a PrivateKey from a BN, Buffer and WIF. + * + * @example + * ```javascript + * // generate a new random key + * var key = PrivateKey(); + * + * // get the associated address + * var address = key.toAddress(); + * + * // encode into wallet export format + * var exported = key.toWIF(); + * + * // instantiate from the exported (and saved) private key + * var imported = PrivateKey.fromWIF(exported); + * ``` + * + * @param {string} data - The encoded data in various formats + * @param {Network|string=} network - a {@link Network} object, or a string with the network name + * @returns {PrivateKey} A new valid instance of an PrivateKey + * @constructor + */ +function PrivateKey(data, network) { + /* jshint maxstatements: 20 */ + /* jshint maxcomplexity: 8 */ - // Fast case: bit is much higher than all existing words - if (this.length <= s) { - for (var i = this.length; i < s + 1; i++) - this.words[i] = 0; - this.words[s] |= q; - this.length = s + 1; - return this; + if (!(this instanceof PrivateKey)) { + return new PrivateKey(data, network); + } + if (data instanceof PrivateKey) { + return data; } - // Add bit and propagate, if needed - var carry = q; - for (var i = s; carry !== 0 && i < this.length; i++) { - var w = this.words[i]; - w += carry; - carry = w >>> 26; - w &= 0x3ffffff; - this.words[i] = w; + var info = this._classifyArguments(data, network); + + // validation + if (!info.bn || info.bn.cmp(new BN(0)) === 0){ + throw new TypeError('Number can not be equal to zero, undefined, null or false'); } - if (carry !== 0) { - this.words[i] = carry; - this.length++; + if (!info.bn.lt(Point.getN())) { + throw new TypeError('Number must be less than N'); + } + if (typeof(info.network) === 'undefined') { + throw new TypeError('Must specify the network ("livenet" or "testnet")'); } - return this; -}; -BN.prototype.cmpn = function cmpn(num) { - var sign = num < 0; - if (sign) - num = -num; + JSUtil.defineImmutable(this, { + bn: info.bn, + compressed: info.compressed, + network: info.network + }); - if (this.sign && !sign) - return -1; - else if (!this.sign && sign) - return 1; + Object.defineProperty(this, 'publicKey', { + configurable: false, + enumerable: true, + get: this.toPublicKey.bind(this) + }); - num &= 0x3ffffff; - this.strip(); + return this; - var res; - if (this.length > 1) { - res = 1; +}; + +/** + * Internal helper to instantiate PrivateKey internal `info` object from + * different kinds of arguments passed to the constructor. + * + * @param {*} data + * @param {Network|string=} network - a {@link Network} object, or a string with the network name + * @return {Object} + */ +PrivateKey.prototype._classifyArguments = function(data, network) { + /* jshint maxcomplexity: 10 */ + var info = { + compressed: true, + network: network ? Networks.get(network) : Networks.defaultNetwork + }; + + // detect type of data + if (_.isUndefined(data) || _.isNull(data)){ + info.bn = PrivateKey._getRandomBN(); + } else if (data instanceof BN) { + info.bn = data; + } else if (data instanceof Buffer || data instanceof Uint8Array) { + info = PrivateKey._transformBuffer(data, network); + } else if (data.bn && data.network){ + info = PrivateKey._transformObject(data); + } else if (!network && Networks.get(data)) { + info.bn = PrivateKey._getRandomBN(); + info.network = Networks.get(data); + } else if (typeof(data) === 'string'){ + if (JSUtil.isHexa(data)) { + info.bn = new BN(new Buffer(data, 'hex')); + } else { + info = PrivateKey._transformWIF(data, network); + } } else { - var w = this.words[0]; - res = w === num ? 0 : w < num ? -1 : 1; + throw new TypeError('First argument is an unrecognized data type.'); } - if (this.sign) - res = -res; - return res; + return info; }; -// Compare two numbers and return: -// 1 - if `this` > `num` -// 0 - if `this` == `num` -// -1 - if `this` < `num` -BN.prototype.cmp = function cmp(num) { - if (this.sign && !num.sign) - return -1; - else if (!this.sign && num.sign) - return 1; - - var res = this.ucmp(num); - if (this.sign) - return -res; - else - return res; +/** + * Internal function to get a random Big Number (BN) + * + * @returns {BN} A new randomly generated BN + * @private + */ +PrivateKey._getRandomBN = function(){ + var condition; + var bn; + do { + var privbuf = Random.getRandomBuffer(32); + bn = BN.fromBuffer(privbuf); + condition = bn.lt(Point.getN()); + } while (!condition); + return bn; }; -// Unsigned comparison -BN.prototype.ucmp = function ucmp(num) { - // At this point both numbers have the same sign - if (this.length > num.length) - return 1; - else if (this.length < num.length) - return -1; +/** + * Internal function to transform a WIF Buffer into a private key + * + * @param {Buffer} buf - An WIF string + * @param {Network|string=} network - a {@link Network} object, or a string with the network name + * @returns {Object} An object with keys: bn, network and compressed + * @private + */ +PrivateKey._transformBuffer = function(buf, network) { - var res = 0; - for (var i = this.length - 1; i >= 0; i--) { - var a = this.words[i]; - var b = num.words[i]; + var info = {}; - if (a === b) - continue; - if (a < b) - res = -1; - else if (a > b) - res = 1; - break; + if (buf.length === 32) { + return PrivateKey._transformBNBuffer(buf, network); } - return res; -}; - -// -// A reduce context, could be using montgomery or something better, depending -// on the `m` itself. -// -BN.red = function red(num) { - return new Red(num); -}; -BN.prototype.toRed = function toRed(ctx) { - assert(!this.red, 'Already a number in reduction context'); - assert(!this.sign, 'red works only with positives'); - return ctx.convertTo(this)._forceRed(ctx); -}; + info.network = Networks.get(buf[0], 'privatekey'); -BN.prototype.fromRed = function fromRed() { - assert(this.red, 'fromRed works only with numbers in reduction context'); - return this.red.convertFrom(this); -}; + if (!info.network) { + throw new Error('Invalid network'); + } -BN.prototype._forceRed = function _forceRed(ctx) { - this.red = ctx; - return this; -}; + if (network && info.network !== Networks.get(network)) { + throw new TypeError('Private key network mismatch'); + } -BN.prototype.forceRed = function forceRed(ctx) { - assert(!this.red, 'Already a number in reduction context'); - return this._forceRed(ctx); -}; - -BN.prototype.redAdd = function redAdd(num) { - assert(this.red, 'redAdd works only with red numbers'); - return this.red.add(this, num); -}; + if (buf.length === 1 + 32 + 1 && buf[1 + 32 + 1 - 1] === 1) { + info.compressed = true; + } else if (buf.length === 1 + 32) { + info.compressed = false; + } else { + throw new Error('Length of buffer must be 33 (uncompressed) or 34 (compressed)'); + } -BN.prototype.redIAdd = function redIAdd(num) { - assert(this.red, 'redIAdd works only with red numbers'); - return this.red.iadd(this, num); -}; + info.bn = BN.fromBuffer(buf.slice(1, 32 + 1)); -BN.prototype.redSub = function redSub(num) { - assert(this.red, 'redSub works only with red numbers'); - return this.red.sub(this, num); + return info; }; -BN.prototype.redISub = function redISub(num) { - assert(this.red, 'redISub works only with red numbers'); - return this.red.isub(this, num); +/** + * Internal function to transform a BN buffer into a private key + * + * @param {Buffer} buf + * @param {Network|string=} network - a {@link Network} object, or a string with the network name + * @returns {object} an Object with keys: bn, network, and compressed + * @private + */ +PrivateKey._transformBNBuffer = function(buf, network) { + var info = {}; + info.network = Networks.get(network) || Networks.defaultNetwork; + info.bn = BN.fromBuffer(buf); + info.compressed = false; + return info; }; -BN.prototype.redShl = function redShl(num) { - assert(this.red, 'redShl works only with red numbers'); - return this.red.shl(this, num); +/** + * Internal function to transform a WIF string into a private key + * + * @param {string} buf - An WIF string + * @returns {Object} An object with keys: bn, network and compressed + * @private + */ +PrivateKey._transformWIF = function(str, network) { + return PrivateKey._transformBuffer(Base58Check.decode(str), network); }; -BN.prototype.redMul = function redMul(num) { - assert(this.red, 'redMul works only with red numbers'); - this.red._verify2(this, num); - return this.red.mul(this, num); +/** + * Instantiate a PrivateKey from a Buffer with the DER or WIF representation + * + * @param {Buffer} arg + * @param {Network} network + * @return {PrivateKey} + */ +PrivateKey.fromBuffer = function(arg, network) { + return new PrivateKey(arg, network); }; -BN.prototype.redIMul = function redIMul(num) { - assert(this.red, 'redMul works only with red numbers'); - this.red._verify2(this, num); - return this.red.imul(this, num); +/** + * Internal function to transform a JSON string on plain object into a private key + * return this. + * + * @param {string} json - A JSON string or plain object + * @returns {Object} An object with keys: bn, network and compressed + * @private + */ +PrivateKey._transformObject = function(json) { + var bn = new BN(json.bn, 'hex'); + var network = Networks.get(json.network); + return { + bn: bn, + network: network, + compressed: json.compressed + }; }; -BN.prototype.redSqr = function redSqr() { - assert(this.red, 'redSqr works only with red numbers'); - this.red._verify1(this); - return this.red.sqr(this); +/** + * Instantiate a PrivateKey from a WIF string + * + * @param {string} str - The WIF encoded private key string + * @returns {PrivateKey} A new valid instance of PrivateKey + */ +PrivateKey.fromString = PrivateKey.fromWIF = function(str) { + $.checkArgument(_.isString(str), 'First argument is expected to be a string.'); + return new PrivateKey(str); }; -BN.prototype.redISqr = function redISqr() { - assert(this.red, 'redISqr works only with red numbers'); - this.red._verify1(this); - return this.red.isqr(this); +/** + * Instantiate a PrivateKey from a plain JavaScript object + * + * @param {Object} obj - The output from privateKey.toObject() + */ +PrivateKey.fromObject = function(obj) { + $.checkArgument(_.isObject(obj), 'First argument is expected to be an object.'); + return new PrivateKey(obj); }; -// Square root over p -BN.prototype.redSqrt = function redSqrt() { - assert(this.red, 'redSqrt works only with red numbers'); - this.red._verify1(this); - return this.red.sqrt(this); +/** + * Instantiate a PrivateKey from random bytes + * + * @param {string=} network - Either "livenet" or "testnet" + * @returns {PrivateKey} A new valid instance of PrivateKey + */ +PrivateKey.fromRandom = function(network) { + var bn = PrivateKey._getRandomBN(); + return new PrivateKey(bn, network); }; -BN.prototype.redInvm = function redInvm() { - assert(this.red, 'redInvm works only with red numbers'); - this.red._verify1(this); - return this.red.invm(this); -}; +/** + * Check if there would be any errors when initializing a PrivateKey + * + * @param {string} data - The encoded data in various formats + * @param {string=} network - Either "livenet" or "testnet" + * @returns {null|Error} An error if exists + */ -// Return negative clone of `this` % `red modulo` -BN.prototype.redNeg = function redNeg() { - assert(this.red, 'redNeg works only with red numbers'); - this.red._verify1(this); - return this.red.neg(this); +PrivateKey.getValidationError = function(data, network) { + var error; + try { + /* jshint nonew: false */ + new PrivateKey(data, network); + } catch (e) { + error = e; + } + return error; }; -BN.prototype.redPow = function redPow(num) { - assert(this.red && !num.red, 'redPow(normalNum)'); - this.red._verify1(this); - return this.red.pow(this, num); +/** + * Check if the parameters are valid + * + * @param {string} data - The encoded data in various formats + * @param {string=} network - Either "livenet" or "testnet" + * @returns {Boolean} If the private key is would be valid + */ +PrivateKey.isValid = function(data, network){ + if (!data) { + return false; + } + return !PrivateKey.getValidationError(data, network); }; -// Prime numbers with efficient reduction -var primes = { - k256: null, - p224: null, - p192: null, - p25519: null +/** + * Will output the PrivateKey encoded as hex string + * + * @returns {string} + */ +PrivateKey.prototype.toString = function() { + return this.toBuffer().toString('hex'); }; -// Pseudo-Mersenne prime -function MPrime(name, p) { - // P = 2 ^ N - K - this.name = name; - this.p = new BN(p, 16); - this.n = this.p.bitLength(); - this.k = new BN(1).ishln(this.n).isub(this.p); +/** + * Will output the PrivateKey to a WIF string + * + * @returns {string} A WIP representation of the private key + */ +PrivateKey.prototype.toWIF = function() { + var network = this.network; + var compressed = this.compressed; - this.tmp = this._tmp(); -} + var buf; + if (compressed) { + buf = Buffer.concat([new Buffer([network.privatekey]), + this.bn.toBuffer({size: 32}), + new Buffer([0x01])]); + } else { + buf = Buffer.concat([new Buffer([network.privatekey]), + this.bn.toBuffer({size: 32})]); + } -MPrime.prototype._tmp = function _tmp() { - var tmp = new BN(null); - tmp.words = new Array(Math.ceil(this.n / 13)); - return tmp; + return Base58Check.encode(buf); }; -MPrime.prototype.ireduce = function ireduce(num) { - // Assumes that `num` is less than `P^2` - // num = HI * (2 ^ N - K) + HI * K + LO = HI * K + LO (mod P) - var r = num; - var rlen; +/** + * Will return the private key as a BN instance + * + * @returns {BN} A BN instance of the private key + */ +PrivateKey.prototype.toBigNumber = function(){ + return this.bn; +}; - do { - this.split(r, this.tmp); - r = this.imulK(r); - r = r.iadd(this.tmp); - rlen = r.bitLength(); - } while (rlen > this.n); +/** + * Will return the private key as a BN buffer + * + * @returns {Buffer} A buffer of the private key + */ +PrivateKey.prototype.toBuffer = function(){ + return this.bn.toBuffer(); +}; - var cmp = rlen < this.n ? -1 : r.ucmp(this.p); - if (cmp === 0) { - r.words[0] = 0; - r.length = 1; - } else if (cmp > 0) { - r.isub(this.p); - } else { - r.strip(); +/** + * Will return the corresponding public key + * + * @returns {PublicKey} A public key generated from the private key + */ +PrivateKey.prototype.toPublicKey = function(){ + if (!this._pubkey) { + this._pubkey = PublicKey.fromPrivateKey(this); } - - return r; + return this._pubkey; }; -MPrime.prototype.split = function split(input, out) { - input.ishrn(this.n, 0, out); +/** + * Will return an address for the private key + * @param {Network=} network - optional parameter specifying + * the desired network for the address + * + * @returns {Address} An address generated from the private key + */ +PrivateKey.prototype.toAddress = function(network) { + var pubkey = this.toPublicKey(); + return Address.fromPublicKey(pubkey, network || this.network); }; -MPrime.prototype.imulK = function imulK(num) { - return num.imul(this.k); +/** + * @returns {Object} A plain object representation + */ +PrivateKey.prototype.toObject = PrivateKey.prototype.toJSON = function toObject() { + return { + bn: this.bn.toString('hex'), + compressed: this.compressed, + network: this.network.toString() + }; }; -function K256() { - MPrime.call( - this, - 'k256', - 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f'); -} -inherits(K256, MPrime); +/** + * Will return a string formatted for the console + * + * @returns {string} Private key + */ +PrivateKey.prototype.inspect = function() { + var uncompressed = !this.compressed ? ', uncompressed' : ''; + return ''; +}; -K256.prototype.split = function split(input, output) { - // 256 = 9 * 26 + 22 - var mask = 0x3fffff; +module.exports = PrivateKey; - var outLen = Math.min(input.length, 9); - for (var i = 0; i < outLen; i++) - output.words[i] = input.words[i]; - output.length = outLen; +}).call(this,require("buffer").Buffer) +},{"./address":26,"./crypto/bn":31,"./crypto/point":34,"./crypto/random":35,"./encoding/base58check":38,"./networks":47,"./publickey":50,"./util/js":69,"./util/preconditions":70,"buffer":158,"lodash":96}],50:[function(require,module,exports){ +(function (Buffer){ +'use strict'; - if (input.length <= 9) { - input.words[0] = 0; - input.length = 1; - return; - } +var BN = require('./crypto/bn'); +var Point = require('./crypto/point'); +var Hash = require('./crypto/hash'); +var JSUtil = require('./util/js'); +var Network = require('./networks'); +var _ = require('lodash'); +var $ = require('./util/preconditions'); - // Shift by 9 limbs - var prev = input.words[9]; - output.words[output.length++] = prev & mask; +/** + * Instantiate a PublicKey from a {@link PrivateKey}, {@link Point}, `string`, or `Buffer`. + * + * There are two internal properties, `network` and `compressed`, that deal with importing + * a PublicKey from a PrivateKey in WIF format. More details described on {@link PrivateKey} + * + * @example + * ```javascript + * // instantiate from a private key + * var key = PublicKey(privateKey, true); + * + * // export to as a DER hex encoded string + * var exported = key.toString(); + * + * // import the public key + * var imported = PublicKey.fromString(exported); + * ``` + * + * @param {string} data - The encoded data in various formats + * @param {Object} extra - additional options + * @param {Network=} extra.network - Which network should the address for this public key be for + * @param {String=} extra.compressed - If the public key is compressed + * @returns {PublicKey} A new valid instance of an PublicKey + * @constructor + */ +function PublicKey(data, extra) { - for (var i = 10; i < input.length; i++) { - var next = input.words[i]; - input.words[i - 10] = ((next & mask) << 4) | (prev >>> 22); - prev = next; + if (!(this instanceof PublicKey)) { + return new PublicKey(data, extra); } - input.words[i - 10] = prev >>> 22; - input.length -= 9; -}; - -K256.prototype.imulK = function imulK(num) { - // K = 0x1000003d1 = [ 0x40, 0x3d1 ] - num.words[num.length] = 0; - num.words[num.length + 1] = 0; - num.length += 2; - - // bounded at: 0x40 * 0x3ffffff + 0x3d0 = 0x100000390 - var hi; - var lo = 0; - for (var i = 0; i < num.length; i++) { - var w = num.words[i]; - hi = w * 0x40; - lo += w * 0x3d1; - hi += (lo / 0x4000000) | 0; - lo &= 0x3ffffff; - num.words[i] = lo; - - lo = hi; - } + $.checkArgument(data, 'First argument is required, please include public key data.'); - // Fast length reduction - if (num.words[num.length - 1] === 0) { - num.length--; - if (num.words[num.length - 1] === 0) - num.length--; + if (data instanceof PublicKey) { + // Return copy, but as it's an immutable object, return same argument + return data; } - return num; -}; - -function P224() { - MPrime.call( - this, - 'p224', - 'ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001'); -} -inherits(P224, MPrime); + extra = extra || {}; -function P192() { - MPrime.call( - this, - 'p192', - 'ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff'); -} -inherits(P192, MPrime); + var info = this._classifyArgs(data, extra); -function P25519() { - // 2 ^ 255 - 19 - MPrime.call( - this, - '25519', - '7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed'); -} -inherits(P25519, MPrime); + // validation + info.point.validate(); -P25519.prototype.imulK = function imulK(num) { - // K = 0x13 - var carry = 0; - for (var i = 0; i < num.length; i++) { - var hi = num.words[i] * 0x13 + carry; - var lo = hi & 0x3ffffff; - hi >>>= 26; + JSUtil.defineImmutable(this, { + point: info.point, + compressed: info.compressed, + network: info.network || Network.defaultNetwork + }); - num.words[i] = lo; - carry = hi; - } - if (carry !== 0) - num.words[num.length++] = carry; - return num; + return this; }; -// Exported mostly for testing purposes, use plain name instead -BN._prime = function prime(name) { - // Cached version of prime - if (primes[name]) - return primes[name]; - - var prime; - if (name === 'k256') - prime = new K256(); - else if (name === 'p224') - prime = new P224(); - else if (name === 'p192') - prime = new P192(); - else if (name === 'p25519') - prime = new P25519(); - else - throw new Error('Unknown prime ' + name); - primes[name] = prime; - - return prime; -}; +/** + * Internal function to differentiate between arguments passed to the constructor + * @param {*} data + * @param {Object} extra + */ +PublicKey.prototype._classifyArgs = function(data, extra) { + /* jshint maxcomplexity: 10 */ + var info = { + compressed: _.isUndefined(extra.compressed) || extra.compressed + }; -// -// Base reduction engine -// -function Red(m) { - if (typeof m === 'string') { - var prime = BN._prime(m); - this.m = prime.p; - this.prime = prime; + // detect type of data + if (data instanceof Point) { + info.point = data; + } else if (data.x && data.y) { + info = PublicKey._transformObject(data); + } else if (typeof(data) === 'string') { + info = PublicKey._transformDER(new Buffer(data, 'hex')); + } else if (PublicKey._isBuffer(data)) { + info = PublicKey._transformDER(data); + } else if (PublicKey._isPrivateKey(data)) { + info = PublicKey._transformPrivateKey(data); } else { - this.m = m; - this.prime = null; + throw new TypeError('First argument is an unrecognized data format.'); } -} - -Red.prototype._verify1 = function _verify1(a) { - assert(!a.sign, 'red works only with positives'); - assert(a.red, 'red works only with red numbers'); + if (!info.network) { + info.network = _.isUndefined(extra.network) ? undefined : Network.get(extra.network); + } + return info; }; -Red.prototype._verify2 = function _verify2(a, b) { - assert(!a.sign && !b.sign, 'red works only with positives'); - assert(a.red && a.red === b.red, - 'red works only with red numbers'); +/** + * Internal function to detect if an object is a {@link PrivateKey} + * + * @param {*} param - object to test + * @returns {boolean} + * @private + */ +PublicKey._isPrivateKey = function(param) { + var PrivateKey = require('./privatekey'); + return param instanceof PrivateKey; }; -Red.prototype.imod = function imod(a) { - if (this.prime) - return this.prime.ireduce(a)._forceRed(this); - return a.mod(this.m)._forceRed(this); +/** + * Internal function to detect if an object is a Buffer + * + * @param {*} param - object to test + * @returns {boolean} + * @private + */ +PublicKey._isBuffer = function(param) { + return (param instanceof Buffer) || (param instanceof Uint8Array); }; -Red.prototype.neg = function neg(a) { - var r = a.clone(); - r.sign = !r.sign; - return r.iadd(this.m)._forceRed(this); +/** + * Internal function to transform a private key into a public key point + * + * @param {PrivateKey} privkey - An instance of PrivateKey + * @returns {Object} An object with keys: point and compressed + * @private + */ +PublicKey._transformPrivateKey = function(privkey) { + $.checkArgument(PublicKey._isPrivateKey(privkey), 'Must be an instance of PrivateKey'); + var info = {}; + info.point = Point.getG().mul(privkey.bn); + info.compressed = privkey.compressed; + info.network = privkey.network; + return info; }; -Red.prototype.add = function add(a, b) { - this._verify2(a, b); +/** + * Internal function to transform DER into a public key point + * + * @param {Buffer} buf - An hex encoded buffer + * @param {bool=} strict - if set to false, will loosen some conditions + * @returns {Object} An object with keys: point and compressed + * @private + */ +PublicKey._transformDER = function(buf, strict) { + /* jshint maxstatements: 30 */ + /* jshint maxcomplexity: 12 */ + $.checkArgument(PublicKey._isBuffer(buf), 'Must be a hex buffer of DER encoded public key'); + var info = {}; - var res = a.add(b); - if (res.cmp(this.m) >= 0) - res.isub(this.m); - return res._forceRed(this); -}; + strict = _.isUndefined(strict) ? true : strict; -Red.prototype.iadd = function iadd(a, b) { - this._verify2(a, b); + var x; + var y; + var xbuf; + var ybuf; - var res = a.iadd(b); - if (res.cmp(this.m) >= 0) - res.isub(this.m); - return res; + if (buf[0] === 0x04 || (!strict && (buf[0] === 0x06 || buf[0] === 0x07))) { + xbuf = buf.slice(1, 33); + ybuf = buf.slice(33, 65); + if (xbuf.length !== 32 || ybuf.length !== 32 || buf.length !== 65) { + throw new TypeError('Length of x and y must be 32 bytes'); + } + x = new BN(xbuf); + y = new BN(ybuf); + info.point = new Point(x, y); + info.compressed = false; + } else if (buf[0] === 0x03) { + xbuf = buf.slice(1); + x = new BN(xbuf); + info = PublicKey._transformX(true, x); + info.compressed = true; + } else if (buf[0] === 0x02) { + xbuf = buf.slice(1); + x = new BN(xbuf); + info = PublicKey._transformX(false, x); + info.compressed = true; + } else { + throw new TypeError('Invalid DER format public key'); + } + return info; }; -Red.prototype.sub = function sub(a, b) { - this._verify2(a, b); - - var res = a.sub(b); - if (res.cmpn(0) < 0) - res.iadd(this.m); - return res._forceRed(this); +/** + * Internal function to transform X into a public key point + * + * @param {Boolean} odd - If the point is above or below the x axis + * @param {Point} x - The x point + * @returns {Object} An object with keys: point and compressed + * @private + */ +PublicKey._transformX = function(odd, x) { + $.checkArgument(typeof odd === 'boolean', 'Must specify whether y is odd or not (true or false)'); + var info = {}; + info.point = Point.fromX(odd, x); + return info; }; -Red.prototype.isub = function isub(a, b) { - this._verify2(a, b); - - var res = a.isub(b); - if (res.cmpn(0) < 0) - res.iadd(this.m); - return res; +/** + * Internal function to transform a JSON into a public key point + * + * @param {String|Object} json - a JSON string or plain object + * @returns {Object} An object with keys: point and compressed + * @private + */ +PublicKey._transformObject = function(json) { + var x = new BN(json.x, 'hex'); + var y = new BN(json.y, 'hex'); + var point = new Point(x, y); + return new PublicKey(point, { + compressed: json.compressed + }); }; -Red.prototype.shl = function shl(a, num) { - this._verify1(a); - return this.imod(a.shln(num)); +/** + * Instantiate a PublicKey from a PrivateKey + * + * @param {PrivateKey} privkey - An instance of PrivateKey + * @returns {PublicKey} A new valid instance of PublicKey + */ +PublicKey.fromPrivateKey = function(privkey) { + $.checkArgument(PublicKey._isPrivateKey(privkey), 'Must be an instance of PrivateKey'); + var info = PublicKey._transformPrivateKey(privkey); + return new PublicKey(info.point, { + compressed: info.compressed, + network: info.network + }); }; -Red.prototype.imul = function imul(a, b) { - this._verify2(a, b); - return this.imod(a.imul(b)); +/** + * Instantiate a PublicKey from a Buffer + * @param {Buffer} buf - A DER hex buffer + * @param {bool=} strict - if set to false, will loosen some conditions + * @returns {PublicKey} A new valid instance of PublicKey + */ +PublicKey.fromDER = PublicKey.fromBuffer = function(buf, strict) { + $.checkArgument(PublicKey._isBuffer(buf), 'Must be a hex buffer of DER encoded public key'); + var info = PublicKey._transformDER(buf, strict); + return new PublicKey(info.point, { + compressed: info.compressed + }); }; -Red.prototype.mul = function mul(a, b) { - this._verify2(a, b); - return this.imod(a.mul(b)); +/** + * Instantiate a PublicKey from a Point + * + * @param {Point} point - A Point instance + * @param {boolean=} compressed - whether to store this public key as compressed format + * @returns {PublicKey} A new valid instance of PublicKey + */ +PublicKey.fromPoint = function(point, compressed) { + $.checkArgument(point instanceof Point, 'First argument must be an instance of Point.'); + return new PublicKey(point, { + compressed: compressed + }); }; -Red.prototype.isqr = function isqr(a) { - return this.imul(a, a); +/** + * Instantiate a PublicKey from a DER hex encoded string + * + * @param {string} str - A DER hex string + * @param {String=} encoding - The type of string encoding + * @returns {PublicKey} A new valid instance of PublicKey + */ +PublicKey.fromString = function(str, encoding) { + var buf = new Buffer(str, encoding || 'hex'); + var info = PublicKey._transformDER(buf); + return new PublicKey(info.point, { + compressed: info.compressed + }); }; -Red.prototype.sqr = function sqr(a) { - return this.mul(a, a); +/** + * Instantiate a PublicKey from an X Point + * + * @param {Boolean} odd - If the point is above or below the x axis + * @param {Point} x - The x point + * @returns {PublicKey} A new valid instance of PublicKey + */ +PublicKey.fromX = function(odd, x) { + var info = PublicKey._transformX(odd, x); + return new PublicKey(info.point, { + compressed: info.compressed + }); }; -Red.prototype.sqrt = function sqrt(a) { - if (a.cmpn(0) === 0) - return a.clone(); - - var mod3 = this.m.andln(3); - assert(mod3 % 2 === 1); - - // Fast case - if (mod3 === 3) { - var pow = this.m.add(new BN(1)).ishrn(2); - var r = this.pow(a, pow); - return r; - } - - // Tonelli-Shanks algorithm (Totally unoptimized and slow) - // - // Find Q and S, that Q * 2 ^ S = (P - 1) - var q = this.m.subn(1); - var s = 0; - while (q.cmpn(0) !== 0 && q.andln(1) === 0) { - s++; - q.ishrn(1); - } - assert(q.cmpn(0) !== 0); - - var one = new BN(1).toRed(this); - var nOne = one.redNeg(); - - // Find quadratic non-residue - // NOTE: Max is such because of generalized Riemann hypothesis. - var lpow = this.m.subn(1).ishrn(1); - var z = this.m.bitLength(); - z = new BN(2 * z * z).toRed(this); - while (this.pow(z, lpow).cmp(nOne) !== 0) - z.redIAdd(nOne); - - var c = this.pow(z, q); - var r = this.pow(a, q.addn(1).ishrn(1)); - var t = this.pow(a, q); - var m = s; - while (t.cmp(one) !== 0) { - var tmp = t; - for (var i = 0; tmp.cmp(one) !== 0; i++) - tmp = tmp.redSqr(); - assert(i < m); - var b = this.pow(c, new BN(1).ishln(m - i - 1)); - - r = r.redMul(b); - c = b.redSqr(); - t = t.redMul(c); - m = i; +/** + * Check if there would be any errors when initializing a PublicKey + * + * @param {string} data - The encoded data in various formats + * @returns {null|Error} An error if exists + */ +PublicKey.getValidationError = function(data) { + var error; + try { + /* jshint nonew: false */ + new PublicKey(data); + } catch (e) { + error = e; } - - return r; + return error; }; -Red.prototype.invm = function invm(a) { - var inv = a._invmp(this.m); - if (inv.sign) { - inv.sign = false; - return this.imod(inv).redNeg(); - } else { - return this.imod(inv); - } +/** + * Check if the parameters are valid + * + * @param {string} data - The encoded data in various formats + * @returns {Boolean} If the public key would be valid + */ +PublicKey.isValid = function(data) { + return !PublicKey.getValidationError(data); }; -Red.prototype.pow = function pow(a, num) { - var w = []; - - if (num.cmpn(0) === 0) - return new BN(1); - - var q = num.clone(); +/** + * @returns {Object} A plain object of the PublicKey + */ +PublicKey.prototype.toObject = PublicKey.prototype.toJSON = function toObject() { + return { + x: this.point.getX().toString('hex', 2), + y: this.point.getY().toString('hex', 2), + compressed: this.compressed + }; +}; - while (q.cmpn(0) !== 0) { - w.push(q.andln(1)); - q.ishrn(1); - } +/** + * Will output the PublicKey to a DER Buffer + * + * @returns {Buffer} A DER hex encoded buffer + */ +PublicKey.prototype.toBuffer = PublicKey.prototype.toDER = function() { + var x = this.point.getX(); + var y = this.point.getY(); - // Skip leading zeroes - var res = a; - for (var i = 0; i < w.length; i++, res = this.sqr(res)) - if (w[i] !== 0) - break; + var xbuf = x.toBuffer({ + size: 32 + }); + var ybuf = y.toBuffer({ + size: 32 + }); - if (++i < w.length) { - for (var q = this.sqr(res); i < w.length; i++, q = this.sqr(q)) { - if (w[i] === 0) - continue; - res = this.mul(res, q); + var prefix; + if (!this.compressed) { + prefix = new Buffer([0x04]); + return Buffer.concat([prefix, xbuf, ybuf]); + } else { + var odd = ybuf[ybuf.length - 1] % 2; + if (odd) { + prefix = new Buffer([0x03]); + } else { + prefix = new Buffer([0x02]); } + return Buffer.concat([prefix, xbuf]); } - - return res; }; -Red.prototype.convertTo = function convertTo(num) { - return num.clone(); +/** + * Will return a sha256 + ripemd160 hash of the serialized public key + * @see https://github.com/bitcoin/bitcoin/blob/master/src/pubkey.h#L141 + * @returns {Buffer} + */ +PublicKey.prototype._getID = function _getID() { + return Hash.sha256ripemd160(this.toBuffer()); }; -Red.prototype.convertFrom = function convertFrom(num) { - var res = num.clone(); - res.red = null; - return res; +/** + * Will return an address for the public key + * + * @param {String|Network=} network - Which network should the address be for + * @returns {Address} An address generated from the public key + */ +PublicKey.prototype.toAddress = function(network) { + var Address = require('./address'); + return Address.fromPublicKey(this, network || this.network); }; -// -// Montgomery method engine -// +/** + * Will output the PublicKey to a DER encoded hex string + * + * @returns {string} A DER hex encoded string + */ +PublicKey.prototype.toString = function() { + return this.toDER().toString('hex'); +}; -BN.mont = function mont(num) { - return new Mont(num); +/** + * Will return a string formatted for the console + * + * @returns {string} Public key + */ +PublicKey.prototype.inspect = function() { + return ''; }; -function Mont(m) { - Red.call(this, m); - this.shift = this.m.bitLength(); - if (this.shift % 26 !== 0) - this.shift += 26 - (this.shift % 26); - this.r = new BN(1).ishln(this.shift); - this.r2 = this.imod(this.r.sqr()); - this.rinv = this.r._invmp(this.m); +module.exports = PublicKey; - this.minv = this.rinv.mul(this.r).isubn(1).div(this.m); - this.minv.sign = true; - this.minv = this.minv.mod(this.r); -} -inherits(Mont, Red); +}).call(this,require("buffer").Buffer) +},{"./address":26,"./crypto/bn":31,"./crypto/hash":33,"./crypto/point":34,"./networks":47,"./privatekey":49,"./util/js":69,"./util/preconditions":70,"buffer":158,"lodash":96}],51:[function(require,module,exports){ +module.exports = require('./script'); -Mont.prototype.convertTo = function convertTo(num) { - return this.imod(num.shln(this.shift)); -}; +module.exports.Interpreter = require('./interpreter'); -Mont.prototype.convertFrom = function convertFrom(num) { - var r = this.imod(num.mul(this.rinv)); - r.red = null; - return r; -}; +},{"./interpreter":52,"./script":53}],52:[function(require,module,exports){ +(function (Buffer){ +'use strict'; -Mont.prototype.imul = function imul(a, b) { - if (a.cmpn(0) === 0 || b.cmpn(0) === 0) { - a.words[0] = 0; - a.length = 1; - return a; - } +var _ = require('lodash'); - var t = a.imul(b); - var c = t.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m); - var u = t.isub(c).ishrn(this.shift); - var res = u; - if (u.cmp(this.m) >= 0) - res = u.isub(this.m); - else if (u.cmpn(0) < 0) - res = u.iadd(this.m); +var Script = require('./script'); +var Opcode = require('../opcode'); +var BN = require('../crypto/bn'); +var Hash = require('../crypto/hash'); +var Signature = require('../crypto/signature'); +var PublicKey = require('../publickey'); - return res._forceRed(this); +/** + * Bitcoin transactions contain scripts. Each input has a script called the + * scriptSig, and each output has a script called the scriptPubkey. To validate + * an input, the input's script is concatenated with the referenced output script, + * and the result is executed. If at the end of execution the stack contains a + * "true" value, then the transaction is valid. + * + * The primary way to use this class is via the verify function. + * e.g., Interpreter().verify( ... ); + */ +var Interpreter = function Interpreter(obj) { + if (!(this instanceof Interpreter)) { + return new Interpreter(obj); + } + if (obj) { + this.initialize(); + this.set(obj); + } else { + this.initialize(); + } }; -Mont.prototype.mul = function mul(a, b) { - if (a.cmpn(0) === 0 || b.cmpn(0) === 0) - return new BN(0)._forceRed(this); +/** + * Verifies a Script by executing it and returns true if it is valid. + * This function needs to be provided with the scriptSig and the scriptPubkey + * separately. + * @param {Script} scriptSig - the script's first part (corresponding to the tx input) + * @param {Script} scriptPubkey - the script's last part (corresponding to the tx output) + * @param {Transaction=} tx - the Transaction containing the scriptSig in one input (used + * to check signature validity for some opcodes like OP_CHECKSIG) + * @param {number} nin - index of the transaction input containing the scriptSig verified. + * @param {number} flags - evaluation flags. See Interpreter.SCRIPT_* constants + * + * Translated from bitcoind's VerifyScript + */ +Interpreter.prototype.verify = function(scriptSig, scriptPubkey, tx, nin, flags) { + var Transaction = require('../transaction'); + if (_.isUndefined(tx)) { + tx = new Transaction(); + } + if (_.isUndefined(nin)) { + nin = 0; + } + if (_.isUndefined(flags)) { + flags = 0; + } + this.set({ + script: scriptSig, + tx: tx, + nin: nin, + flags: flags + }); + var stackCopy; - var t = a.mul(b); - var c = t.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m); - var u = t.isub(c).ishrn(this.shift); - var res = u; - if (u.cmp(this.m) >= 0) - res = u.isub(this.m); - else if (u.cmpn(0) < 0) - res = u.iadd(this.m); + if ((flags & Interpreter.SCRIPT_VERIFY_SIGPUSHONLY) !== 0 && !scriptSig.isPushOnly()) { + this.errstr = 'SCRIPT_ERR_SIG_PUSHONLY'; + return false; + } - return res._forceRed(this); -}; + // evaluate scriptSig + if (!this.evaluate()) { + return false; + } -Mont.prototype.invm = function invm(a) { - // (AR)^-1 * R^2 = (A^-1 * R^-1) * R^2 = A^-1 * R - var res = this.imod(a._invmp(this.m).mul(this.r2)); - return res._forceRed(this); -}; + if (flags & Interpreter.SCRIPT_VERIFY_P2SH) { + stackCopy = this.stack.slice(); + } -})(typeof module === 'undefined' || module, this); - -},{}],54:[function(require,module,exports){ -// Base58 encoding/decoding -// Originally written by Mike Hearn for BitcoinJ -// Copyright (c) 2011 Google Inc -// Ported to JavaScript by Stefan Thomas -// Merged Buffer refactorings from base58-native by Stephen Pair -// Copyright (c) 2013 BitPay Inc - -var ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz' -var ALPHABET_MAP = {} -for(var i = 0; i < ALPHABET.length; i++) { - ALPHABET_MAP[ALPHABET.charAt(i)] = i -} -var BASE = 58 - -function encode(buffer) { - if (buffer.length === 0) return '' + var stack = this.stack; + this.initialize(); + this.set({ + script: scriptPubkey, + stack: stack, + tx: tx, + nin: nin, + flags: flags + }); - var i, j, digits = [0] - for (i = 0; i < buffer.length; i++) { - for (j = 0; j < digits.length; j++) digits[j] <<= 8 + // evaluate scriptPubkey + if (!this.evaluate()) { + return false; + } - digits[0] += buffer[i] + if (this.stack.length === 0) { + this.errstr = 'SCRIPT_ERR_EVAL_FALSE_NO_RESULT'; + return false; + } - var carry = 0 - for (j = 0; j < digits.length; ++j) { - digits[j] += carry + var buf = this.stack[this.stack.length - 1]; + if (!Interpreter.castToBool(buf)) { + this.errstr = 'SCRIPT_ERR_EVAL_FALSE_IN_STACK'; + return false; + } - carry = (digits[j] / BASE) | 0 - digits[j] %= BASE + // Additional validation for spend-to-script-hash transactions: + if ((flags & Interpreter.SCRIPT_VERIFY_P2SH) && scriptPubkey.isScriptHashOut()) { + // scriptSig must be literals-only or validation fails + if (!scriptSig.isPushOnly()) { + this.errstr = 'SCRIPT_ERR_SIG_PUSHONLY'; + return false; } - while (carry) { - digits.push(carry % BASE) - - carry = (carry / BASE) | 0 + // stackCopy cannot be empty here, because if it was the + // P2SH HASH <> EQUAL scriptPubKey would be evaluated with + // an empty stack and the EvalScript above would return false. + if (stackCopy.length === 0) { + throw new Error('internal error - stack copy empty'); } - } - - // deal with leading zeros - for (i = 0; buffer[i] === 0 && i < buffer.length - 1; i++) digits.push(0) - - return digits.reverse().map(function(digit) { return ALPHABET[digit] }).join('') -} - -function decode(string) { - if (string.length === 0) return [] - - var i, j, bytes = [0] - for (i = 0; i < string.length; i++) { - var c = string[i] - if (!(c in ALPHABET_MAP)) throw new Error('Non-base58 character') - for (j = 0; j < bytes.length; j++) bytes[j] *= BASE - bytes[0] += ALPHABET_MAP[c] + var redeemScriptSerialized = stackCopy[stackCopy.length - 1]; + var redeemScript = Script.fromBuffer(redeemScriptSerialized); + stackCopy.pop(); - var carry = 0 - for (j = 0; j < bytes.length; ++j) { - bytes[j] += carry + this.initialize(); + this.set({ + script: redeemScript, + stack: stackCopy, + tx: tx, + nin: nin, + flags: flags + }); - carry = bytes[j] >> 8 - bytes[j] &= 0xff + // evaluate redeemScript + if (!this.evaluate()) { + return false; } - while (carry) { - bytes.push(carry & 0xff) + if (stackCopy.length === 0) { + this.errstr = 'SCRIPT_ERR_EVAL_FALSE_NO_P2SH_STACK'; + return false; + } - carry >>= 8 + if (!Interpreter.castToBool(stackCopy[stackCopy.length - 1])) { + this.errstr = 'SCRIPT_ERR_EVAL_FALSE_IN_P2SH_STACK'; + return false; + } else { + return true; } } - // deal with leading zeros - for (i = 0; string[i] === '1' && i < string.length - 1; i++) bytes.push(0) - - return bytes.reverse() -} - -module.exports = { - encode: encode, - decode: decode -} + return true; +}; -},{}],55:[function(require,module,exports){ +module.exports = Interpreter; +Interpreter.prototype.initialize = function(obj) { + this.stack = []; + this.altstack = []; + this.pc = 0; + this.pbegincodehash = 0; + this.nOpCount = 0; + this.vfExec = []; + this.errstr = ''; + this.flags = 0; +}; -module.exports = function(cmp,to){ - var c = 0; - for(var i=0;i to[i]?1:0; - if(c != 0) break; - } - if(c == 0){ - if(to.length > cmp.length) c = -1; - else if(cmp.length > to.length) c = 1; - } - return c; -} +Interpreter.prototype.set = function(obj) { + this.script = obj.script || this.script; + this.tx = obj.tx || this.tx; + this.nin = typeof obj.nin !== 'undefined' ? obj.nin : this.nin; + this.stack = obj.stack || this.stack; + this.altstack = obj.altack || this.altstack; + this.pc = typeof obj.pc !== 'undefined' ? obj.pc : this.pc; + this.pbegincodehash = typeof obj.pbegincodehash !== 'undefined' ? obj.pbegincodehash : this.pbegincodehash; + this.nOpCount = typeof obj.nOpCount !== 'undefined' ? obj.nOpCount : this.nOpCount; + this.vfExec = obj.vfExec || this.vfExec; + this.errstr = obj.errstr || this.errstr; + this.flags = typeof obj.flags !== 'undefined' ? obj.flags : this.flags; +}; +Interpreter.true = new Buffer([1]); +Interpreter.false = new Buffer([]); -},{}],56:[function(require,module,exports){ -'use strict'; +Interpreter.MAX_SCRIPT_ELEMENT_SIZE = 520; -var elliptic = exports; +Interpreter.LOCKTIME_THRESHOLD = 500000000; +Interpreter.LOCKTIME_THRESHOLD_BN = new BN(Interpreter.LOCKTIME_THRESHOLD); -elliptic.version = require('../package.json').version; -elliptic.utils = require('./elliptic/utils'); -elliptic.rand = require('brorand'); -elliptic.hmacDRBG = require('./elliptic/hmac-drbg'); -elliptic.curve = require('./elliptic/curve'); -elliptic.curves = require('./elliptic/curves'); +// flags taken from bitcoind +// bitcoind commit: b5d1b1092998bc95313856d535c632ea5a8f9104 +Interpreter.SCRIPT_VERIFY_NONE = 0; -// Protocols -elliptic.ec = require('./elliptic/ec'); +// Evaluate P2SH subscripts (softfork safe, BIP16). +Interpreter.SCRIPT_VERIFY_P2SH = (1 << 0); -},{"../package.json":76,"./elliptic/curve":59,"./elliptic/curves":62,"./elliptic/ec":63,"./elliptic/hmac-drbg":66,"./elliptic/utils":68,"brorand":69}],57:[function(require,module,exports){ -'use strict'; +// Passing a non-strict-DER signature or one with undefined hashtype to a checksig operation causes script failure. +// Passing a pubkey that is not (0x04 + 64 bytes) or (0x02 or 0x03 + 32 bytes) to checksig causes that pubkey to be +// skipped (not softfork safe: this flag can widen the validity of OP_CHECKSIG OP_NOT). +Interpreter.SCRIPT_VERIFY_STRICTENC = (1 << 1); -var bn = require('bn.js'); -var elliptic = require('../../elliptic'); +// Passing a non-strict-DER signature to a checksig operation causes script failure (softfork safe, BIP62 rule 1) +Interpreter.SCRIPT_VERIFY_DERSIG = (1 << 2); -var getNAF = elliptic.utils.getNAF; -var getJSF = elliptic.utils.getJSF; -var assert = elliptic.utils.assert; +// Passing a non-strict-DER signature or one with S > order/2 to a checksig operation causes script failure +// (softfork safe, BIP62 rule 5). +Interpreter.SCRIPT_VERIFY_LOW_S = (1 << 3); -function BaseCurve(type, conf) { - this.type = type; - this.p = new bn(conf.p, 16); +// verify dummy stack item consumed by CHECKMULTISIG is of zero-length (softfork safe, BIP62 rule 7). +Interpreter.SCRIPT_VERIFY_NULLDUMMY = (1 << 4); - // Use Montgomery, when there is no fast reduction for the prime - this.red = conf.prime ? bn.red(conf.prime) : bn.mont(this.p); +// Using a non-push operator in the scriptSig causes script failure (softfork safe, BIP62 rule 2). +Interpreter.SCRIPT_VERIFY_SIGPUSHONLY = (1 << 5); - // Useful for many curves - this.zero = new bn(0).toRed(this.red); - this.one = new bn(1).toRed(this.red); - this.two = new bn(2).toRed(this.red); +// Require minimal encodings for all push operations (OP_0... OP_16, OP_1NEGATE where possible, direct +// pushes up to 75 bytes, OP_PUSHDATA up to 255 bytes, OP_PUSHDATA2 for anything larger). Evaluating +// any other push causes the script to fail (BIP62 rule 3). +// In addition, whenever a stack element is interpreted as a number, it must be of minimal length (BIP62 rule 4). +// (softfork safe) +Interpreter.SCRIPT_VERIFY_MINIMALDATA = (1 << 6); - // Curve configuration, optional - this.n = conf.n && new bn(conf.n, 16); - this.g = conf.g && this.pointFromJSON(conf.g, conf.gRed); +// Discourage use of NOPs reserved for upgrades (NOP1-10) +// +// Provided so that nodes can avoid accepting or mining transactions +// containing executed NOP's whose meaning may change after a soft-fork, +// thus rendering the script invalid; with this flag set executing +// discouraged NOPs fails the script. This verification flag will never be +// a mandatory flag applied to scripts in a block. NOPs that are not +// executed, e.g. within an unexecuted IF ENDIF block, are *not* rejected. +Interpreter.SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_NOPS = (1 << 7); - // Temporary arrays - this._wnafT1 = new Array(4); - this._wnafT2 = new Array(4); - this._wnafT3 = new Array(4); - this._wnafT4 = new Array(4); -} -module.exports = BaseCurve; +// CLTV See BIP65 for details. +Interpreter.SCRIPT_VERIFY_CHECKLOCKTIMEVERIFY = (1 << 9); -BaseCurve.prototype.point = function point() { - throw new Error('Not implemented'); +Interpreter.castToBool = function(buf) { + for (var i = 0; i < buf.length; i++) { + if (buf[i] !== 0) { + // can be negative zero + if (i === buf.length - 1 && buf[i] === 0x80) { + return false; + } + return true; + } + } + return false; }; -BaseCurve.prototype.validate = function validate() { - throw new Error('Not implemented'); +/** + * Translated from bitcoind's CheckSignatureEncoding + */ +Interpreter.prototype.checkSignatureEncoding = function(buf) { + var sig; + if ((this.flags & (Interpreter.SCRIPT_VERIFY_DERSIG | Interpreter.SCRIPT_VERIFY_LOW_S | Interpreter.SCRIPT_VERIFY_STRICTENC)) !== 0 && !Signature.isTxDER(buf)) { + this.errstr = 'SCRIPT_ERR_SIG_DER_INVALID_FORMAT'; + return false; + } else if ((this.flags & Interpreter.SCRIPT_VERIFY_LOW_S) !== 0) { + sig = Signature.fromTxFormat(buf); + if (!sig.hasLowS()) { + this.errstr = 'SCRIPT_ERR_SIG_DER_HIGH_S'; + return false; + } + } else if ((this.flags & Interpreter.SCRIPT_VERIFY_STRICTENC) !== 0) { + sig = Signature.fromTxFormat(buf); + if (!sig.hasDefinedHashtype()) { + this.errstr = 'SCRIPT_ERR_SIG_HASHTYPE'; + return false; + } + } + return true; }; -BaseCurve.prototype._fixedNafMul = function _fixedNafMul(p, k) { - var doubles = p._getDoubles(); - - var naf = getNAF(k, 1); - var I = (1 << (doubles.step + 1)) - (doubles.step % 2 === 0 ? 2 : 1); - I /= 3; +/** + * Translated from bitcoind's CheckPubKeyEncoding + */ +Interpreter.prototype.checkPubkeyEncoding = function(buf) { + if ((this.flags & Interpreter.SCRIPT_VERIFY_STRICTENC) !== 0 && !PublicKey.isValid(buf)) { + this.errstr = 'SCRIPT_ERR_PUBKEYTYPE'; + return false; + } + return true; +}; - // Translate into more windowed form - var repr = []; - for (var j = 0; j < naf.length; j += doubles.step) { - var nafW = 0; - for (var k = j + doubles.step - 1; k >= j; k--) - nafW = (nafW << 1) + naf[k]; - repr.push(nafW); +/** + * Based on bitcoind's EvalScript function, with the inner loop moved to + * Interpreter.prototype.step() + * bitcoind commit: b5d1b1092998bc95313856d535c632ea5a8f9104 + */ +Interpreter.prototype.evaluate = function() { + if (this.script.toBuffer().length > 10000) { + this.errstr = 'SCRIPT_ERR_SCRIPT_SIZE'; + return false; } - var a = this.jpoint(null, null, null); - var b = this.jpoint(null, null, null); - for (var i = I; i > 0; i--) { - for (var j = 0; j < repr.length; j++) { - var nafW = repr[j]; - if (nafW === i) - b = b.mixedAdd(doubles.points[j]); - else if (nafW === -i) - b = b.mixedAdd(doubles.points[j].neg()); + try { + while (this.pc < this.script.chunks.length) { + var fSuccess = this.step(); + if (!fSuccess) { + return false; + } } - a = a.add(b); - } - return a.toP(); -}; -BaseCurve.prototype._wnafMul = function _wnafMul(p, k) { - var w = 4; + // Size limits + if (this.stack.length + this.altstack.length > 1000) { + this.errstr = 'SCRIPT_ERR_STACK_SIZE'; + return false; + } + } catch (e) { + this.errstr = 'SCRIPT_ERR_UNKNOWN_ERROR: ' + e; + return false; + } - // Precompute window - var nafPoints = p._getNAFPoints(w); - w = nafPoints.wnd; - var wnd = nafPoints.points; + if (this.vfExec.length > 0) { + this.errstr = 'SCRIPT_ERR_UNBALANCED_CONDITIONAL'; + return false; + } - // Get NAF form - var naf = getNAF(k, w); + return true; +}; - // Add `this`*(N+1) for every w-NAF index - var acc = this.jpoint(null, null, null); - for (var i = naf.length - 1; i >= 0; i--) { - // Count zeroes - for (var k = 0; i >= 0 && naf[i] === 0; i--) - k++; - if (i >= 0) - k++; - acc = acc.dblp(k); +/** + * Checks a locktime parameter with the transaction's locktime. + * There are two times of nLockTime: lock-by-blockheight and lock-by-blocktime, + * distinguished by whether nLockTime < LOCKTIME_THRESHOLD = 500000000 + * + * See the corresponding code on bitcoin core: + * https://github.com/bitcoin/bitcoin/blob/ffd75adce01a78b3461b3ff05bcc2b530a9ce994/src/script/interpreter.cpp#L1129 + * + * @param {BN} nLockTime the locktime read from the script + * @return {boolean} true if the transaction's locktime is less than or equal to + * the transaction's locktime + */ +Interpreter.prototype.checkLockTime = function(nLockTime) { - if (i < 0) - break; - var z = naf[i]; - assert(z !== 0); - if (p.type === 'affine') { - // J +- P - if (z > 0) - acc = acc.mixedAdd(wnd[(z - 1) >> 1]); - else - acc = acc.mixedAdd(wnd[(-z - 1) >> 1].neg()); - } else { - // J +- J - if (z > 0) - acc = acc.add(wnd[(z - 1) >> 1]); - else - acc = acc.add(wnd[(-z - 1) >> 1].neg()); - } + // We want to compare apples to apples, so fail the script + // unless the type of nLockTime being tested is the same as + // the nLockTime in the transaction. + if (!( + (this.tx.nLockTime < Interpreter.LOCKTIME_THRESHOLD && nLockTime.lt(Interpreter.LOCKTIME_THRESHOLD_BN)) || + (this.tx.nLockTime >= Interpreter.LOCKTIME_THRESHOLD && nLockTime.gte(Interpreter.LOCKTIME_THRESHOLD_BN)) + )) { + return false; } - return p.type === 'affine' ? acc.toP() : acc; -}; -BaseCurve.prototype._wnafMulAdd = function _wnafMulAdd(defW, - points, - coeffs, - len) { - var wndWidth = this._wnafT1; - var wnd = this._wnafT2; - var naf = this._wnafT3; + // Now that we know we're comparing apples-to-apples, the + // comparison is a simple numeric one. + if (nLockTime.gt(new BN(this.tx.nLockTime))) { + return false; + } - // Fill all arrays - var max = 0; - for (var i = 0; i < len; i++) { - var p = points[i]; - var nafPoints = p._getNAFPoints(defW); - wndWidth[i] = nafPoints.wnd; - wnd[i] = nafPoints.points; + // Finally the nLockTime feature can be disabled and thus + // CHECKLOCKTIMEVERIFY bypassed if every txin has been + // finalized by setting nSequence to maxint. The + // transaction would be allowed into the blockchain, making + // the opcode ineffective. + // + // Testing if this vin is not final is sufficient to + // prevent this condition. Alternatively we could test all + // inputs, but testing just this input minimizes the data + // required to prove correct CHECKLOCKTIMEVERIFY execution. + if (!this.tx.inputs[this.nin].isFinal()) { + return false; } - // Comb small window NAFs - for (var i = len - 1; i >= 1; i -= 2) { - var a = i - 1; - var b = i; - if (wndWidth[a] !== 1 || wndWidth[b] !== 1) { - naf[a] = getNAF(coeffs[a], wndWidth[a]); - naf[b] = getNAF(coeffs[b], wndWidth[b]); - max = Math.max(naf[a].length, max); - max = Math.max(naf[b].length, max); - continue; - } + return true; +} - var comb = [ - points[a], /* 1 */ - null, /* 3 */ - null, /* 5 */ - points[b] /* 7 */ - ]; +/** + * Based on the inner loop of bitcoind's EvalScript function + * bitcoind commit: b5d1b1092998bc95313856d535c632ea5a8f9104 + */ +Interpreter.prototype.step = function() { - // Try to avoid Projective points, if possible - if (points[a].y.cmp(points[b].y) === 0) { - comb[1] = points[a].add(points[b]); - comb[2] = points[a].toJ().mixedAdd(points[b].neg()); - } else if (points[a].y.cmp(points[b].y.redNeg()) === 0) { - comb[1] = points[a].toJ().mixedAdd(points[b]); - comb[2] = points[a].add(points[b].neg()); - } else { - comb[1] = points[a].toJ().mixedAdd(points[b]); - comb[2] = points[a].toJ().mixedAdd(points[b].neg()); - } + var fRequireMinimal = (this.flags & Interpreter.SCRIPT_VERIFY_MINIMALDATA) !== 0; - var index = [ - -3, /* -1 -1 */ - -1, /* -1 0 */ - -5, /* -1 1 */ - -7, /* 0 -1 */ - 0, /* 0 0 */ - 7, /* 0 1 */ - 5, /* 1 -1 */ - 1, /* 1 0 */ - 3 /* 1 1 */ - ]; + //bool fExec = !count(vfExec.begin(), vfExec.end(), false); + var fExec = (this.vfExec.indexOf(false) === -1); + var buf, buf1, buf2, spliced, n, x1, x2, bn, bn1, bn2, bufSig, bufPubkey, subscript; + var sig, pubkey; + var fValue, fSuccess; - var jsf = getJSF(coeffs[a], coeffs[b]); - max = Math.max(jsf[0].length, max); - naf[a] = new Array(max); - naf[b] = new Array(max); - for (var j = 0; j < max; j++) { - var ja = jsf[0][j] | 0; - var jb = jsf[1][j] | 0; + // Read instruction + var chunk = this.script.chunks[this.pc]; + this.pc++; + var opcodenum = chunk.opcodenum; + if (_.isUndefined(opcodenum)) { + this.errstr = 'SCRIPT_ERR_UNDEFINED_OPCODE'; + return false; + } + if (chunk.buf && chunk.buf.length > Interpreter.MAX_SCRIPT_ELEMENT_SIZE) { + this.errstr = 'SCRIPT_ERR_PUSH_SIZE'; + return false; + } - naf[a][j] = index[(ja + 1) * 3 + (jb + 1)]; - naf[b][j] = 0; - wnd[a] = comb; - } + // Note how Opcode.OP_RESERVED does not count towards the opcode limit. + if (opcodenum > Opcode.OP_16 && ++(this.nOpCount) > 201) { + this.errstr = 'SCRIPT_ERR_OP_COUNT'; + return false; } - var acc = this.jpoint(null, null, null); - var tmp = this._wnafT4; - for (var i = max; i >= 0; i--) { - var k = 0; - while (i >= 0) { - var zero = true; - for (var j = 0; j < len; j++) { - tmp[j] = naf[j][i] | 0; - if (tmp[j] !== 0) - zero = false; - } - if (!zero) - break; - k++; - i--; - } - if (i >= 0) - k++; - acc = acc.dblp(k); - if (i < 0) - break; - - for (var j = 0; j < len; j++) { - var z = tmp[j]; - var p; - if (z === 0) - continue; - else if (z > 0) - p = wnd[j][(z - 1) >> 1]; - else if (z < 0) - p = wnd[j][(-z - 1) >> 1].neg(); + if (opcodenum === Opcode.OP_CAT || + opcodenum === Opcode.OP_SUBSTR || + opcodenum === Opcode.OP_LEFT || + opcodenum === Opcode.OP_RIGHT || + opcodenum === Opcode.OP_INVERT || + opcodenum === Opcode.OP_AND || + opcodenum === Opcode.OP_OR || + opcodenum === Opcode.OP_XOR || + opcodenum === Opcode.OP_2MUL || + opcodenum === Opcode.OP_2DIV || + opcodenum === Opcode.OP_MUL || + opcodenum === Opcode.OP_DIV || + opcodenum === Opcode.OP_MOD || + opcodenum === Opcode.OP_LSHIFT || + opcodenum === Opcode.OP_RSHIFT) { + this.errstr = 'SCRIPT_ERR_DISABLED_OPCODE'; + return false; + } - if (p.type === 'affine') - acc = acc.mixedAdd(p); - else - acc = acc.add(p); + if (fExec && 0 <= opcodenum && opcodenum <= Opcode.OP_PUSHDATA4) { + if (fRequireMinimal && !this.script.checkMinimalPush(this.pc - 1)) { + this.errstr = 'SCRIPT_ERR_MINIMALDATA'; + return false; } - } - // Zeroify references - for (var i = 0; i < len; i++) - wnd[i] = null; - return acc.toP(); -}; + if (!chunk.buf) { + this.stack.push(Interpreter.false); + } else if (chunk.len !== chunk.buf.length) { + throw new Error('Length of push value not equal to length of data'); + } else { + this.stack.push(chunk.buf); + } + } else if (fExec || (Opcode.OP_IF <= opcodenum && opcodenum <= Opcode.OP_ENDIF)) { + switch (opcodenum) { + // Push value + case Opcode.OP_1NEGATE: + case Opcode.OP_1: + case Opcode.OP_2: + case Opcode.OP_3: + case Opcode.OP_4: + case Opcode.OP_5: + case Opcode.OP_6: + case Opcode.OP_7: + case Opcode.OP_8: + case Opcode.OP_9: + case Opcode.OP_10: + case Opcode.OP_11: + case Opcode.OP_12: + case Opcode.OP_13: + case Opcode.OP_14: + case Opcode.OP_15: + case Opcode.OP_16: + { + // ( -- value) + // ScriptNum bn((int)opcode - (int)(Opcode.OP_1 - 1)); + n = opcodenum - (Opcode.OP_1 - 1); + buf = new BN(n).toScriptNumBuffer(); + this.stack.push(buf); + // The result of these opcodes should always be the minimal way to push the data + // they push, so no need for a CheckMinimalPush here. + } + break; -function BasePoint(curve, type) { - this.curve = curve; - this.type = type; - this.precomputed = null; -} -BaseCurve.BasePoint = BasePoint; -BasePoint.prototype.validate = function validate() { - return this.curve.validate(this); -}; + // + // Control + // + case Opcode.OP_NOP: + break; -BasePoint.prototype.precompute = function precompute(power) { - if (this.precomputed) - return this; + case Opcode.OP_NOP2: + case Opcode.OP_CHECKLOCKTIMEVERIFY: - var precomputed = { - doubles: null, - naf: null, - beta: null - }; - precomputed.naf = this._getNAFPoints(8); - precomputed.doubles = this._getDoubles(4, power); - precomputed.beta = this._getBeta(); - this.precomputed = precomputed; + if (!(this.flags & Interpreter.SCRIPT_VERIFY_CHECKLOCKTIMEVERIFY)) { + // not enabled; treat as a NOP2 + if (this.flags & Interpreter.SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_NOPS) { + this.errstr = 'SCRIPT_ERR_DISCOURAGE_UPGRADABLE_NOPS'; + return false; + } + break; + } - return this; -}; + if (this.stack.length < 1) { + this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; + return false; + } -BasePoint.prototype._getDoubles = function _getDoubles(step, power) { - if (this.precomputed && this.precomputed.doubles) - return this.precomputed.doubles; + // Note that elsewhere numeric opcodes are limited to + // operands in the range -2**31+1 to 2**31-1, however it is + // legal for opcodes to produce results exceeding that + // range. This limitation is implemented by CScriptNum's + // default 4-byte limit. + // + // If we kept to that limit we'd have a year 2038 problem, + // even though the nLockTime field in transactions + // themselves is uint32 which only becomes meaningless + // after the year 2106. + // + // Thus as a special case we tell CScriptNum to accept up + // to 5-byte bignums, which are good until 2**39-1, well + // beyond the 2**32-1 limit of the nLockTime field itself. + var nLockTime = BN.fromScriptNumBuffer(this.stack[this.stack.length - 1], fRequireMinimal, 5); - var doubles = [ this ]; - var acc = this; - for (var i = 0; i < power; i += step) { - for (var j = 0; j < step; j++) - acc = acc.dbl(); - doubles.push(acc); - } - return { - step: step, - points: doubles - }; -}; + // In the rare event that the argument may be < 0 due to + // some arithmetic being done first, you can always use + // 0 MAX CHECKLOCKTIMEVERIFY. + if (nLockTime.lt(new BN(0))) { + this.errstr = 'SCRIPT_ERR_NEGATIVE_LOCKTIME'; + return false; + } -BasePoint.prototype._getNAFPoints = function _getNAFPoints(wnd) { - if (this.precomputed && this.precomputed.naf) - return this.precomputed.naf; + // Actually compare the specified lock time with the transaction. + if (!this.checkLockTime(nLockTime)) { + this.errstr = 'SCRIPT_ERR_UNSATISFIED_LOCKTIME'; + return false; + } + break; - var res = [ this ]; - var max = (1 << wnd) - 1; - var dbl = max === 1 ? null : this.dbl(); - for (var i = 1; i < max; i++) - res[i] = res[i - 1].add(dbl); - return { - wnd: wnd, - points: res - }; -}; + case Opcode.OP_NOP1: + case Opcode.OP_NOP3: + case Opcode.OP_NOP4: + case Opcode.OP_NOP5: + case Opcode.OP_NOP6: + case Opcode.OP_NOP7: + case Opcode.OP_NOP8: + case Opcode.OP_NOP9: + case Opcode.OP_NOP10: + { + if (this.flags & Interpreter.SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_NOPS) { + this.errstr = 'SCRIPT_ERR_DISCOURAGE_UPGRADABLE_NOPS'; + return false; + } + } + break; -BasePoint.prototype._getBeta = function _getBeta() { - return null; -}; + case Opcode.OP_IF: + case Opcode.OP_NOTIF: + { + // if [statements] [else [statements]] endif + // bool fValue = false; + fValue = false; + if (fExec) { + if (this.stack.length < 1) { + this.errstr = 'SCRIPT_ERR_UNBALANCED_CONDITIONAL'; + return false; + } + buf = this.stack.pop(); + fValue = Interpreter.castToBool(buf); + if (opcodenum === Opcode.OP_NOTIF) { + fValue = !fValue; + } + } + this.vfExec.push(fValue); + } + break; -BasePoint.prototype.dblp = function dblp(k) { - var r = this; - for (var i = 0; i < k; i++) - r = r.dbl(); - return r; -}; + case Opcode.OP_ELSE: + { + if (this.vfExec.length === 0) { + this.errstr = 'SCRIPT_ERR_UNBALANCED_CONDITIONAL'; + return false; + } + this.vfExec[this.vfExec.length - 1] = !this.vfExec[this.vfExec.length - 1]; + } + break; -},{"../../elliptic":56,"bn.js":53}],58:[function(require,module,exports){ -'use strict'; + case Opcode.OP_ENDIF: + { + if (this.vfExec.length === 0) { + this.errstr = 'SCRIPT_ERR_UNBALANCED_CONDITIONAL'; + return false; + } + this.vfExec.pop(); + } + break; -var curve = require('../curve'); -var elliptic = require('../../elliptic'); -var bn = require('bn.js'); -var inherits = require('inherits'); -var Base = curve.base; + case Opcode.OP_VERIFY: + { + // (true -- ) or + // (false -- false) and return + if (this.stack.length < 1) { + this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; + return false; + } + buf = this.stack[this.stack.length - 1]; + fValue = Interpreter.castToBool(buf); + if (fValue) { + this.stack.pop(); + } else { + this.errstr = 'SCRIPT_ERR_VERIFY'; + return false; + } + } + break; -var assert = elliptic.utils.assert; + case Opcode.OP_RETURN: + { + this.errstr = 'SCRIPT_ERR_OP_RETURN'; + return false; + } + break; -function EdwardsCurve(conf) { - // NOTE: Important as we are creating point in Base.call() - this.twisted = (conf.a | 0) !== 1; - this.mOneA = this.twisted && (conf.a | 0) === -1; - this.extended = this.mOneA; - Base.call(this, 'edwards', conf); + // + // Stack ops + // + case Opcode.OP_TOALTSTACK: + { + if (this.stack.length < 1) { + this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; + return false; + } + this.altstack.push(this.stack.pop()); + } + break; - this.a = new bn(conf.a, 16).mod(this.red.m).toRed(this.red); - this.c = new bn(conf.c, 16).toRed(this.red); - this.c2 = this.c.redSqr(); - this.d = new bn(conf.d, 16).toRed(this.red); - this.dd = this.d.redAdd(this.d); + case Opcode.OP_FROMALTSTACK: + { + if (this.altstack.length < 1) { + this.errstr = 'SCRIPT_ERR_INVALID_ALTSTACK_OPERATION'; + return false; + } + this.stack.push(this.altstack.pop()); + } + break; - assert(!this.twisted || this.c.fromRed().cmpn(1) === 0); - this.oneC = (conf.c | 0) === 1; -} -inherits(EdwardsCurve, Base); -module.exports = EdwardsCurve; + case Opcode.OP_2DROP: + { + // (x1 x2 -- ) + if (this.stack.length < 2) { + this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; + return false; + } + this.stack.pop(); + this.stack.pop(); + } + break; -EdwardsCurve.prototype._mulA = function _mulA(num) { - if (this.mOneA) - return num.redNeg(); - else - return this.a.redMul(num); -}; + case Opcode.OP_2DUP: + { + // (x1 x2 -- x1 x2 x1 x2) + if (this.stack.length < 2) { + this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; + return false; + } + buf1 = this.stack[this.stack.length - 2]; + buf2 = this.stack[this.stack.length - 1]; + this.stack.push(buf1); + this.stack.push(buf2); + } + break; -EdwardsCurve.prototype._mulC = function _mulC(num) { - if (this.oneC) - return num; - else - return this.c.redMul(num); -}; + case Opcode.OP_3DUP: + { + // (x1 x2 x3 -- x1 x2 x3 x1 x2 x3) + if (this.stack.length < 3) { + this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; + return false; + } + buf1 = this.stack[this.stack.length - 3]; + buf2 = this.stack[this.stack.length - 2]; + var buf3 = this.stack[this.stack.length - 1]; + this.stack.push(buf1); + this.stack.push(buf2); + this.stack.push(buf3); + } + break; -// Just for compatibility with Short curve -EdwardsCurve.prototype.jpoint = function jpoint(x, y, z, t) { - return this.point(x, y, z, t); -}; + case Opcode.OP_2OVER: + { + // (x1 x2 x3 x4 -- x1 x2 x3 x4 x1 x2) + if (this.stack.length < 4) { + this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; + return false; + } + buf1 = this.stack[this.stack.length - 4]; + buf2 = this.stack[this.stack.length - 3]; + this.stack.push(buf1); + this.stack.push(buf2); + } + break; -EdwardsCurve.prototype.pointFromX = function pointFromX(odd, x) { - x = new bn(x, 16); - if (!x.red) - x = x.toRed(this.red); + case Opcode.OP_2ROT: + { + // (x1 x2 x3 x4 x5 x6 -- x3 x4 x5 x6 x1 x2) + if (this.stack.length < 6) { + this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; + return false; + } + spliced = this.stack.splice(this.stack.length - 6, 2); + this.stack.push(spliced[0]); + this.stack.push(spliced[1]); + } + break; - var x2 = x.redSqr(); - var rhs = this.c2.redSub(this.a.redMul(x2)); - var lhs = this.one.redSub(this.c2.redMul(this.d).redMul(x2)); + case Opcode.OP_2SWAP: + { + // (x1 x2 x3 x4 -- x3 x4 x1 x2) + if (this.stack.length < 4) { + this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; + return false; + } + spliced = this.stack.splice(this.stack.length - 4, 2); + this.stack.push(spliced[0]); + this.stack.push(spliced[1]); + } + break; - var y = rhs.redMul(lhs.redInvm()).redSqrt(); - var isOdd = y.fromRed().isOdd(); - if (odd && !isOdd || !odd && isOdd) - y = y.redNeg(); + case Opcode.OP_IFDUP: + { + // (x - 0 | x x) + if (this.stack.length < 1) { + this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; + return false; + } + buf = this.stack[this.stack.length - 1]; + fValue = Interpreter.castToBool(buf); + if (fValue) { + this.stack.push(buf); + } + } + break; - return this.point(x, y, curve.one); -}; + case Opcode.OP_DEPTH: + { + // -- stacksize + buf = new BN(this.stack.length).toScriptNumBuffer(); + this.stack.push(buf); + } + break; -EdwardsCurve.prototype.validate = function validate(point) { - if (point.isInfinity()) - return true; + case Opcode.OP_DROP: + { + // (x -- ) + if (this.stack.length < 1) { + this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; + return false; + } + this.stack.pop(); + } + break; - // Curve: A * X^2 + Y^2 = C^2 * (1 + D * X^2 * Y^2) - point.normalize(); + case Opcode.OP_DUP: + { + // (x -- x x) + if (this.stack.length < 1) { + this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; + return false; + } + this.stack.push(this.stack[this.stack.length - 1]); + } + break; - var x2 = point.x.redSqr(); - var y2 = point.y.redSqr(); - var lhs = x2.redMul(this.a).redAdd(y2); - var rhs = this.c2.redMul(this.one.redAdd(this.d.redMul(x2).redMul(y2))); + case Opcode.OP_NIP: + { + // (x1 x2 -- x2) + if (this.stack.length < 2) { + this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; + return false; + } + this.stack.splice(this.stack.length - 2, 1); + } + break; - return lhs.cmp(rhs) === 0; -}; + case Opcode.OP_OVER: + { + // (x1 x2 -- x1 x2 x1) + if (this.stack.length < 2) { + this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; + return false; + } + this.stack.push(this.stack[this.stack.length - 2]); + } + break; -function Point(curve, x, y, z, t) { - Base.BasePoint.call(this, curve, 'projective'); - if (x === null && y === null && z === null) { - this.x = this.curve.zero; - this.y = this.curve.one; - this.z = this.curve.one; - this.t = this.curve.zero; - this.zOne = true; - } else { - this.x = new bn(x, 16); - this.y = new bn(y, 16); - this.z = z ? new bn(z, 16) : this.curve.one; - this.t = t && new bn(t, 16); - if (!this.x.red) - this.x = this.x.toRed(this.curve.red); - if (!this.y.red) - this.y = this.y.toRed(this.curve.red); - if (!this.z.red) - this.z = this.z.toRed(this.curve.red); - if (this.t && !this.t.red) - this.t = this.t.toRed(this.curve.red); - this.zOne = this.z === this.curve.one; + case Opcode.OP_PICK: + case Opcode.OP_ROLL: + { + // (xn ... x2 x1 x0 n - xn ... x2 x1 x0 xn) + // (xn ... x2 x1 x0 n - ... x2 x1 x0 xn) + if (this.stack.length < 2) { + this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; + return false; + } + buf = this.stack[this.stack.length - 1]; + bn = BN.fromScriptNumBuffer(buf, fRequireMinimal); + n = bn.toNumber(); + this.stack.pop(); + if (n < 0 || n >= this.stack.length) { + this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; + return false; + } + buf = this.stack[this.stack.length - n - 1]; + if (opcodenum === Opcode.OP_ROLL) { + this.stack.splice(this.stack.length - n - 1, 1); + } + this.stack.push(buf); + } + break; - // Use extended coordinates - if (this.curve.extended && !this.t) { - this.t = this.x.redMul(this.y); - if (!this.zOne) - this.t = this.t.redMul(this.z.redInvm()); - } - } -} -inherits(Point, Base.BasePoint); + case Opcode.OP_ROT: + { + // (x1 x2 x3 -- x2 x3 x1) + // x2 x1 x3 after first swap + // x2 x3 x1 after second swap + if (this.stack.length < 3) { + this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; + return false; + } + x1 = this.stack[this.stack.length - 3]; + x2 = this.stack[this.stack.length - 2]; + var x3 = this.stack[this.stack.length - 1]; + this.stack[this.stack.length - 3] = x2; + this.stack[this.stack.length - 2] = x3; + this.stack[this.stack.length - 1] = x1; + } + break; -EdwardsCurve.prototype.pointFromJSON = function pointFromJSON(obj) { - return Point.fromJSON(this, obj); -}; + case Opcode.OP_SWAP: + { + // (x1 x2 -- x2 x1) + if (this.stack.length < 2) { + this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; + return false; + } + x1 = this.stack[this.stack.length - 2]; + x2 = this.stack[this.stack.length - 1]; + this.stack[this.stack.length - 2] = x2; + this.stack[this.stack.length - 1] = x1; + } + break; -EdwardsCurve.prototype.point = function point(x, y, z, t) { - return new Point(this, x, y, z, t); -}; + case Opcode.OP_TUCK: + { + // (x1 x2 -- x2 x1 x2) + if (this.stack.length < 2) { + this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; + return false; + } + this.stack.splice(this.stack.length - 2, 0, this.stack[this.stack.length - 1]); + } + break; -Point.fromJSON = function fromJSON(curve, obj) { - return new Point(curve, obj[0], obj[1], obj[2]); -}; -Point.prototype.inspect = function inspect() { - if (this.isInfinity()) - return ''; - return ''; -}; + case Opcode.OP_SIZE: + { + // (in -- in size) + if (this.stack.length < 1) { + this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; + return false; + } + bn = new BN(this.stack[this.stack.length - 1].length); + this.stack.push(bn.toScriptNumBuffer()); + } + break; -Point.prototype.isInfinity = function isInfinity() { - // XXX This code assumes that zero is always zero in red - return this.x.cmpn(0) === 0 && - this.y.cmp(this.z) === 0; -}; -Point.prototype._extDbl = function _extDbl() { - // hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html - // #doubling-dbl-2008-hwcd - // 4M + 4S + // + // Bitwise logic + // + case Opcode.OP_EQUAL: + case Opcode.OP_EQUALVERIFY: + //case Opcode.OP_NOTEQUAL: // use Opcode.OP_NUMNOTEQUAL + { + // (x1 x2 - bool) + if (this.stack.length < 2) { + this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; + return false; + } + buf1 = this.stack[this.stack.length - 2]; + buf2 = this.stack[this.stack.length - 1]; + var fEqual = buf1.toString('hex') === buf2.toString('hex'); + this.stack.pop(); + this.stack.pop(); + this.stack.push(fEqual ? Interpreter.true : Interpreter.false); + if (opcodenum === Opcode.OP_EQUALVERIFY) { + if (fEqual) { + this.stack.pop(); + } else { + this.errstr = 'SCRIPT_ERR_EQUALVERIFY'; + return false; + } + } + } + break; - // A = X1^2 - var a = this.x.redSqr(); - // B = Y1^2 - var b = this.y.redSqr(); - // C = 2 * Z1^2 - var c = this.z.redSqr(); - c = c.redIAdd(c); - // D = a * A - var d = this.curve._mulA(a); - // E = (X1 + Y1)^2 - A - B - var e = this.x.redAdd(this.y).redSqr().redISub(a).redISub(b); - // G = D + B - var g = d.redAdd(b); - // F = G - C - var f = g.redSub(c); - // H = D - B - var h = d.redSub(b); - // X3 = E * F - var nx = e.redMul(f); - // Y3 = G * H - var ny = g.redMul(h); - // T3 = E * H - var nt = e.redMul(h); - // Z3 = F * G - var nz = f.redMul(g); - return this.curve.point(nx, ny, nz, nt); -}; -Point.prototype._projDbl = function _projDbl() { - // hyperelliptic.org/EFD/g1p/auto-twisted-projective.html - // #doubling-dbl-2008-bbjlp - // #doubling-dbl-2007-bl - // and others - // Generally 3M + 4S or 2M + 4S + // + // Numeric + // + case Opcode.OP_1ADD: + case Opcode.OP_1SUB: + case Opcode.OP_NEGATE: + case Opcode.OP_ABS: + case Opcode.OP_NOT: + case Opcode.OP_0NOTEQUAL: + { + // (in -- out) + if (this.stack.length < 1) { + this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; + return false; + } + buf = this.stack[this.stack.length - 1]; + bn = BN.fromScriptNumBuffer(buf, fRequireMinimal); + switch (opcodenum) { + case Opcode.OP_1ADD: + bn = bn.add(BN.One); + break; + case Opcode.OP_1SUB: + bn = bn.sub(BN.One); + break; + case Opcode.OP_NEGATE: + bn = bn.neg(); + break; + case Opcode.OP_ABS: + if (bn.cmp(BN.Zero) < 0) { + bn = bn.neg(); + } + break; + case Opcode.OP_NOT: + bn = new BN((bn.cmp(BN.Zero) === 0) + 0); + break; + case Opcode.OP_0NOTEQUAL: + bn = new BN((bn.cmp(BN.Zero) !== 0) + 0); + break; + //default: assert(!'invalid opcode'); break; // TODO: does this ever occur? + } + this.stack.pop(); + this.stack.push(bn.toScriptNumBuffer()); + } + break; - // B = (X1 + Y1)^2 - var b = this.x.redAdd(this.y).redSqr(); - // C = X1^2 - var c = this.x.redSqr(); - // D = Y1^2 - var d = this.y.redSqr(); + case Opcode.OP_ADD: + case Opcode.OP_SUB: + case Opcode.OP_BOOLAND: + case Opcode.OP_BOOLOR: + case Opcode.OP_NUMEQUAL: + case Opcode.OP_NUMEQUALVERIFY: + case Opcode.OP_NUMNOTEQUAL: + case Opcode.OP_LESSTHAN: + case Opcode.OP_GREATERTHAN: + case Opcode.OP_LESSTHANOREQUAL: + case Opcode.OP_GREATERTHANOREQUAL: + case Opcode.OP_MIN: + case Opcode.OP_MAX: + { + // (x1 x2 -- out) + if (this.stack.length < 2) { + this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; + return false; + } + bn1 = BN.fromScriptNumBuffer(this.stack[this.stack.length - 2], fRequireMinimal); + bn2 = BN.fromScriptNumBuffer(this.stack[this.stack.length - 1], fRequireMinimal); + bn = new BN(0); - var nx; - var ny; - var nz; - if (this.curve.twisted) { - // E = a * C - var e = this.curve._mulA(c); - // F = E + D - var f = e.redAdd(d); - if (this.zOne) { - // X3 = (B - C - D) * (F - 2) - nx = b.redSub(c).redSub(d).redMul(f.redSub(this.curve.two)); - // Y3 = F * (E - D) - ny = f.redMul(e.redSub(d)); - // Z3 = F^2 - 2 * F - nz = f.redSqr().redSub(f).redSub(f); - } else { - // H = Z1^2 - var h = this.z.redSqr(); - // J = F - 2 * H - var j = f.redSub(h).redISub(h); - // X3 = (B-C-D)*J - nx = b.redSub(c).redISub(d).redMul(j); - // Y3 = F * (E - D) - ny = f.redMul(e.redSub(d)); - // Z3 = F * J - nz = f.redMul(j); - } - } else { - // E = C + D - var e = c.redAdd(d); - // H = (c * Z1)^2 - var h = this.curve._mulC(this.c.redMul(this.z)).redSqr(); - // J = E - 2 * H - var j = e.redSub(h).redSub(h); - // X3 = c * (B - E) * J - nx = this.curve._mulC(b.redISub(e)).redMul(j); - // Y3 = c * E * (C - D) - ny = this.curve._mulC(e).redMul(c.redISub(d)); - // Z3 = E * J - nz = e.redMul(j); - } - return this.curve.point(nx, ny, nz); -}; + switch (opcodenum) { + case Opcode.OP_ADD: + bn = bn1.add(bn2); + break; -Point.prototype.dbl = function dbl() { - if (this.isInfinity()) - return this; + case Opcode.OP_SUB: + bn = bn1.sub(bn2); + break; - // Double in extended coordinates - if (this.curve.extended) - return this._extDbl(); - else - return this._projDbl(); -}; + // case Opcode.OP_BOOLAND: bn = (bn1 != bnZero && bn2 != bnZero); break; + case Opcode.OP_BOOLAND: + bn = new BN(((bn1.cmp(BN.Zero) !== 0) && (bn2.cmp(BN.Zero) !== 0)) + 0); + break; + // case Opcode.OP_BOOLOR: bn = (bn1 != bnZero || bn2 != bnZero); break; + case Opcode.OP_BOOLOR: + bn = new BN(((bn1.cmp(BN.Zero) !== 0) || (bn2.cmp(BN.Zero) !== 0)) + 0); + break; + // case Opcode.OP_NUMEQUAL: bn = (bn1 == bn2); break; + case Opcode.OP_NUMEQUAL: + bn = new BN((bn1.cmp(bn2) === 0) + 0); + break; + // case Opcode.OP_NUMEQUALVERIFY: bn = (bn1 == bn2); break; + case Opcode.OP_NUMEQUALVERIFY: + bn = new BN((bn1.cmp(bn2) === 0) + 0); + break; + // case Opcode.OP_NUMNOTEQUAL: bn = (bn1 != bn2); break; + case Opcode.OP_NUMNOTEQUAL: + bn = new BN((bn1.cmp(bn2) !== 0) + 0); + break; + // case Opcode.OP_LESSTHAN: bn = (bn1 < bn2); break; + case Opcode.OP_LESSTHAN: + bn = new BN((bn1.cmp(bn2) < 0) + 0); + break; + // case Opcode.OP_GREATERTHAN: bn = (bn1 > bn2); break; + case Opcode.OP_GREATERTHAN: + bn = new BN((bn1.cmp(bn2) > 0) + 0); + break; + // case Opcode.OP_LESSTHANOREQUAL: bn = (bn1 <= bn2); break; + case Opcode.OP_LESSTHANOREQUAL: + bn = new BN((bn1.cmp(bn2) <= 0) + 0); + break; + // case Opcode.OP_GREATERTHANOREQUAL: bn = (bn1 >= bn2); break; + case Opcode.OP_GREATERTHANOREQUAL: + bn = new BN((bn1.cmp(bn2) >= 0) + 0); + break; + case Opcode.OP_MIN: + bn = (bn1.cmp(bn2) < 0 ? bn1 : bn2); + break; + case Opcode.OP_MAX: + bn = (bn1.cmp(bn2) > 0 ? bn1 : bn2); + break; + // default: assert(!'invalid opcode'); break; //TODO: does this ever occur? + } + this.stack.pop(); + this.stack.pop(); + this.stack.push(bn.toScriptNumBuffer()); -Point.prototype._extAdd = function _extAdd(p) { - // hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html - // #addition-add-2008-hwcd-3 - // 8M + if (opcodenum === Opcode.OP_NUMEQUALVERIFY) { + // if (CastToBool(stacktop(-1))) + if (Interpreter.castToBool(this.stack[this.stack.length - 1])) { + this.stack.pop(); + } else { + this.errstr = 'SCRIPT_ERR_NUMEQUALVERIFY'; + return false; + } + } + } + break; - // A = (Y1 - X1) * (Y2 - X2) - var a = this.y.redSub(this.x).redMul(p.y.redSub(p.x)); - // B = (Y1 + X1) * (Y2 + X2) - var b = this.y.redAdd(this.x).redMul(p.y.redAdd(p.x)); - // C = T1 * k * T2 - var c = this.t.redMul(this.curve.dd).redMul(p.t); - // D = Z1 * 2 * Z2 - var d = this.z.redMul(p.z.redAdd(p.z)); - // E = B - A - var e = b.redSub(a); - // F = D - C - var f = d.redSub(c); - // G = D + C - var g = d.redAdd(c); - // H = B + A - var h = b.redAdd(a); - // X3 = E * F - var nx = e.redMul(f); - // Y3 = G * H - var ny = g.redMul(h); - // T3 = E * H - var nt = e.redMul(h); - // Z3 = F * G - var nz = f.redMul(g); - return this.curve.point(nx, ny, nz, nt); -}; + case Opcode.OP_WITHIN: + { + // (x min max -- out) + if (this.stack.length < 3) { + this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; + return false; + } + bn1 = BN.fromScriptNumBuffer(this.stack[this.stack.length - 3], fRequireMinimal); + bn2 = BN.fromScriptNumBuffer(this.stack[this.stack.length - 2], fRequireMinimal); + var bn3 = BN.fromScriptNumBuffer(this.stack[this.stack.length - 1], fRequireMinimal); + //bool fValue = (bn2 <= bn1 && bn1 < bn3); + fValue = (bn2.cmp(bn1) <= 0) && (bn1.cmp(bn3) < 0); + this.stack.pop(); + this.stack.pop(); + this.stack.pop(); + this.stack.push(fValue ? Interpreter.true : Interpreter.false); + } + break; -Point.prototype._projAdd = function _projAdd(p) { - // hyperelliptic.org/EFD/g1p/auto-twisted-projective.html - // #addition-add-2008-bbjlp - // #addition-add-2007-bl - // 10M + 1S - // A = Z1 * Z2 - var a = this.z.redMul(p.z); - // B = A^2 - var b = a.redSqr(); - // C = X1 * X2 - var c = this.x.redMul(p.x); - // D = Y1 * Y2 - var d = this.y.redMul(p.y); - // E = d * C * D - var e = this.curve.d.redMul(c).redMul(d); - // F = B - E - var f = b.redSub(e); - // G = B + E - var g = b.redAdd(e); - // X3 = A * F * ((X1 + Y1) * (X2 + Y2) - C - D) - var tmp = this.x.redAdd(this.y).redMul(p.x.redAdd(p.y)).redISub(c).redISub(d); - var nx = a.redMul(f).redMul(tmp); - var ny; - var nz; - if (this.curve.twisted) { - // Y3 = A * G * (D - a * C) - ny = a.redMul(g).redMul(d.redSub(this.curve._mulA(c))); - // Z3 = F * G - nz = f.redMul(g); - } else { - // Y3 = A * G * (D - C) - ny = a.redMul(g).redMul(d.redSub(c)); - // Z3 = c * F * G - nz = this.curve._mulC(f).redMul(g); - } - return this.curve.point(nx, ny, nz); -}; + // + // Crypto + // + case Opcode.OP_RIPEMD160: + case Opcode.OP_SHA1: + case Opcode.OP_SHA256: + case Opcode.OP_HASH160: + case Opcode.OP_HASH256: + { + // (in -- hash) + if (this.stack.length < 1) { + this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; + return false; + } + buf = this.stack[this.stack.length - 1]; + //valtype vchHash((opcode == Opcode.OP_RIPEMD160 || + // opcode == Opcode.OP_SHA1 || opcode == Opcode.OP_HASH160) ? 20 : 32); + var bufHash; + if (opcodenum === Opcode.OP_RIPEMD160) { + bufHash = Hash.ripemd160(buf); + } else if (opcodenum === Opcode.OP_SHA1) { + bufHash = Hash.sha1(buf); + } else if (opcodenum === Opcode.OP_SHA256) { + bufHash = Hash.sha256(buf); + } else if (opcodenum === Opcode.OP_HASH160) { + bufHash = Hash.sha256ripemd160(buf); + } else if (opcodenum === Opcode.OP_HASH256) { + bufHash = Hash.sha256sha256(buf); + } + this.stack.pop(); + this.stack.push(bufHash); + } + break; -Point.prototype.add = function add(p) { - if (this.isInfinity()) - return p; - if (p.isInfinity()) - return this; + case Opcode.OP_CODESEPARATOR: + { + // Hash starts after the code separator + this.pbegincodehash = this.pc; + } + break; - if (this.curve.extended) - return this._extAdd(p); - else - return this._projAdd(p); -}; + case Opcode.OP_CHECKSIG: + case Opcode.OP_CHECKSIGVERIFY: + { + // (sig pubkey -- bool) + if (this.stack.length < 2) { + this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; + return false; + } -Point.prototype.mul = function mul(k) { - if (this.precomputed && this.precomputed.doubles) - return this.curve._fixedNafMul(this, k); - else - return this.curve._wnafMul(this, k); -}; + bufSig = this.stack[this.stack.length - 2]; + bufPubkey = this.stack[this.stack.length - 1]; -Point.prototype.mulAdd = function mulAdd(k1, p, k2) { - return this.curve._wnafMulAdd(1, [ this, p ], [ k1, k2 ], 2); -}; + // Subset of script starting at the most recent codeseparator + // CScript scriptCode(pbegincodehash, pend); + subscript = new Script().set({ + chunks: this.script.chunks.slice(this.pbegincodehash) + }); -Point.prototype.normalize = function normalize() { - if (this.zOne) - return this; + // Drop the signature, since there's no way for a signature to sign itself + var tmpScript = new Script().add(bufSig); + subscript.findAndDelete(tmpScript); - // Normalize coordinates - var zi = this.z.redInvm(); - this.x = this.x.redMul(zi); - this.y = this.y.redMul(zi); - if (this.t) - this.t = this.t.redMul(zi); - this.z = this.curve.one; - this.zOne = true; - return this; -}; + if (!this.checkSignatureEncoding(bufSig) || !this.checkPubkeyEncoding(bufPubkey)) { + return false; + } -Point.prototype.neg = function neg() { - return this.curve.point(this.x.redNeg(), - this.y, - this.z, - this.t && this.t.redNeg()); -}; + try { + sig = Signature.fromTxFormat(bufSig); + pubkey = PublicKey.fromBuffer(bufPubkey, false); + fSuccess = this.tx.verifySignature(sig, pubkey, this.nin, subscript); + } catch (e) { + //invalid sig or pubkey + fSuccess = false; + } -Point.prototype.getX = function getX() { - this.normalize(); - return this.x.fromRed(); -}; + this.stack.pop(); + this.stack.pop(); + // stack.push_back(fSuccess ? vchTrue : vchFalse); + this.stack.push(fSuccess ? Interpreter.true : Interpreter.false); + if (opcodenum === Opcode.OP_CHECKSIGVERIFY) { + if (fSuccess) { + this.stack.pop(); + } else { + this.errstr = 'SCRIPT_ERR_CHECKSIGVERIFY'; + return false; + } + } + } + break; -Point.prototype.getY = function getY() { - this.normalize(); - return this.y.fromRed(); -}; + case Opcode.OP_CHECKMULTISIG: + case Opcode.OP_CHECKMULTISIGVERIFY: + { + // ([sig ...] num_of_signatures [pubkey ...] num_of_pubkeys -- bool) -// Compatibility with BaseCurve -Point.prototype.toP = Point.prototype.normalize; -Point.prototype.mixedAdd = Point.prototype.add; + var i = 1; + if (this.stack.length < i) { + this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; + return false; + } -},{"../../elliptic":56,"../curve":59,"bn.js":53,"inherits":77}],59:[function(require,module,exports){ -'use strict'; + var nKeysCount = BN.fromScriptNumBuffer(this.stack[this.stack.length - i], fRequireMinimal).toNumber(); + if (nKeysCount < 0 || nKeysCount > 20) { + this.errstr = 'SCRIPT_ERR_PUBKEY_COUNT'; + return false; + } + this.nOpCount += nKeysCount; + if (this.nOpCount > 201) { + this.errstr = 'SCRIPT_ERR_OP_COUNT'; + return false; + } + // int ikey = ++i; + var ikey = ++i; + i += nKeysCount; + if (this.stack.length < i) { + this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; + return false; + } -var curve = exports; + var nSigsCount = BN.fromScriptNumBuffer(this.stack[this.stack.length - i], fRequireMinimal).toNumber(); + if (nSigsCount < 0 || nSigsCount > nKeysCount) { + this.errstr = 'SCRIPT_ERR_SIG_COUNT'; + return false; + } + // int isig = ++i; + var isig = ++i; + i += nSigsCount; + if (this.stack.length < i) { + this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; + return false; + } -curve.base = require('./base'); -curve.short = require('./short'); -curve.mont = require('./mont'); -curve.edwards = require('./edwards'); + // Subset of script starting at the most recent codeseparator + subscript = new Script().set({ + chunks: this.script.chunks.slice(this.pbegincodehash) + }); -},{"./base":57,"./edwards":58,"./mont":60,"./short":61}],60:[function(require,module,exports){ -'use strict'; + // Drop the signatures, since there's no way for a signature to sign itself + for (var k = 0; k < nSigsCount; k++) { + bufSig = this.stack[this.stack.length - isig - k]; + subscript.findAndDelete(new Script().add(bufSig)); + } -var curve = require('../curve'); -var bn = require('bn.js'); -var inherits = require('inherits'); -var Base = curve.base; + fSuccess = true; + while (fSuccess && nSigsCount > 0) { + // valtype& vchSig = stacktop(-isig); + bufSig = this.stack[this.stack.length - isig]; + // valtype& vchPubKey = stacktop(-ikey); + bufPubkey = this.stack[this.stack.length - ikey]; -function MontCurve(conf) { - Base.call(this, 'mont', conf); + if (!this.checkSignatureEncoding(bufSig) || !this.checkPubkeyEncoding(bufPubkey)) { + return false; + } - this.a = new bn(conf.a, 16).toRed(this.red); - this.b = new bn(conf.b, 16).toRed(this.red); - this.i4 = new bn(4).toRed(this.red).redInvm(); - this.two = new bn(2).toRed(this.red); - this.a24 = this.i4.redMul(this.a.redAdd(this.two)); -} -inherits(MontCurve, Base); -module.exports = MontCurve; + var fOk; + try { + sig = Signature.fromTxFormat(bufSig); + pubkey = PublicKey.fromBuffer(bufPubkey, false); + fOk = this.tx.verifySignature(sig, pubkey, this.nin, subscript); + } catch (e) { + //invalid sig or pubkey + fOk = false; + } -MontCurve.prototype.validate = function validate(point) { - var x = point.normalize().x; - var x2 = x.redSqr(); - var rhs = x2.redMul(x).redAdd(x2.redMul(this.a)).redAdd(x); - var y = rhs.redSqrt(); + if (fOk) { + isig++; + nSigsCount--; + } + ikey++; + nKeysCount--; - return y.redSqr().cmp(rhs) === 0; -}; + // If there are more signatures left than keys left, + // then too many signatures have failed + if (nSigsCount > nKeysCount) { + fSuccess = false; + } + } -function Point(curve, x, z) { - Base.BasePoint.call(this, curve, 'projective'); - if (x === null && z === null) { - this.x = this.curve.one; - this.z = this.curve.zero; - } else { - this.x = new bn(x, 16); - this.z = new bn(z, 16); - if (!this.x.red) - this.x = this.x.toRed(this.curve.red); - if (!this.z.red) - this.z = this.z.toRed(this.curve.red); - } -} -inherits(Point, Base.BasePoint); + // Clean up stack of actual arguments + while (i-- > 1) { + this.stack.pop(); + } -MontCurve.prototype.point = function point(x, z) { - return new Point(this, x, z); -}; + // A bug causes CHECKMULTISIG to consume one extra argument + // whose contents were not checked in any way. + // + // Unfortunately this is a potential source of mutability, + // so optionally verify it is exactly equal to zero prior + // to removing it from the stack. + if (this.stack.length < 1) { + this.errstr = 'SCRIPT_ERR_INVALID_STACK_OPERATION'; + return false; + } + if ((this.flags & Interpreter.SCRIPT_VERIFY_NULLDUMMY) && this.stack[this.stack.length - 1].length) { + this.errstr = 'SCRIPT_ERR_SIG_NULLDUMMY'; + return false; + } + this.stack.pop(); -MontCurve.prototype.pointFromJSON = function pointFromJSON(obj) { - return Point.fromJSON(this, obj); -}; + this.stack.push(fSuccess ? Interpreter.true : Interpreter.false); -Point.prototype.precompute = function precompute() { - // No-op -}; + if (opcodenum === Opcode.OP_CHECKMULTISIGVERIFY) { + if (fSuccess) { + this.stack.pop(); + } else { + this.errstr = 'SCRIPT_ERR_CHECKMULTISIGVERIFY'; + return false; + } + } + } + break; -Point.fromJSON = function fromJSON(curve, obj) { - return new Point(curve, obj[0], obj[1] || curve.one); -}; + default: + this.errstr = 'SCRIPT_ERR_BAD_OPCODE'; + return false; + } + } -Point.prototype.inspect = function inspect() { - if (this.isInfinity()) - return ''; - return ''; + return true; }; -Point.prototype.isInfinity = function isInfinity() { - // XXX This code assumes that zero is always zero in red - return this.z.cmpn(0) === 0; -}; -Point.prototype.dbl = function dbl() { - // http://hyperelliptic.org/EFD/g1p/auto-montgom-xz.html#doubling-dbl-1987-m-3 - // 2M + 2S + 4A +}).call(this,require("buffer").Buffer) +},{"../crypto/bn":31,"../crypto/hash":33,"../crypto/signature":36,"../opcode":48,"../publickey":50,"../transaction":54,"./script":53,"buffer":158,"lodash":96}],53:[function(require,module,exports){ +(function (Buffer){ +'use strict'; - // A = X1 + Z1 - var a = this.x.redAdd(this.z); - // AA = A^2 - var aa = a.redSqr(); - // B = X1 - Z1 - var b = this.x.redSub(this.z); - // BB = B^2 - var bb = b.redSqr(); - // C = AA - BB - var c = aa.redSub(bb); - // X3 = AA * BB - var nx = aa.redMul(bb); - // Z3 = C * (BB + A24 * C) - var nz = c.redMul(bb.redAdd(this.curve.a24.redMul(c))); - return this.curve.point(nx, nz); -}; +var Address = require('../address'); +var BufferReader = require('../encoding/bufferreader'); +var BufferWriter = require('../encoding/bufferwriter'); +var Hash = require('../crypto/hash'); +var Opcode = require('../opcode'); +var PublicKey = require('../publickey'); +var Signature = require('../crypto/signature'); +var Networks = require('../networks'); +var $ = require('../util/preconditions'); +var _ = require('lodash'); +var errors = require('../errors'); +var buffer = require('buffer'); +var BufferUtil = require('../util/buffer'); +var JSUtil = require('../util/js'); -Point.prototype.add = function add() { - throw new Error('Not supported on Montgomery curve'); -}; +/** + * A bitcoin transaction script. Each transaction's inputs and outputs + * has a script that is evaluated to validate it's spending. + * + * See https://en.bitcoin.it/wiki/Script + * + * @constructor + * @param {Object|string|Buffer=} from optional data to populate script + */ +var Script = function Script(from) { + if (!(this instanceof Script)) { + return new Script(from); + } + this.chunks = []; -Point.prototype.diffAdd = function diffAdd(p, diff) { - // http://hyperelliptic.org/EFD/g1p/auto-montgom-xz.html#diffadd-dadd-1987-m-3 - // 4M + 2S + 6A + if (BufferUtil.isBuffer(from)) { + return Script.fromBuffer(from); + } else if (from instanceof Address) { + return Script.fromAddress(from); + } else if (from instanceof Script) { + return Script.fromBuffer(from.toBuffer()); + } else if (typeof from === 'string') { + return Script.fromString(from); + } else if (typeof from !== 'undefined') { + this.set(from); + } +}; - // A = X2 + Z2 - var a = this.x.redAdd(this.z); - // B = X2 - Z2 - var b = this.x.redSub(this.z); - // C = X3 + Z3 - var c = p.x.redAdd(p.z); - // D = X3 - Z3 - var d = p.x.redSub(p.z); - // DA = D * A - var da = d.redMul(a); - // CB = C * B - var cb = c.redMul(b); - // X5 = Z1 * (DA + CB)^2 - var nx = diff.z.redMul(da.redAdd(cb).redSqr()); - // Z5 = X1 * (DA - CB)^2 - var nz = diff.x.redMul(da.redISub(cb).redSqr()); - return this.curve.point(nx, nz); +Script.prototype.set = function(obj) { + this.chunks = obj.chunks || this.chunks; + return this; }; -Point.prototype.mul = function mul(k) { - var t = k.clone(); - var a = this; // (N / 2) * Q + Q - var b = this.curve.point(null, null); // (N / 2) * Q - var c = this; // Q +Script.fromBuffer = function(buffer) { + var script = new Script(); + script.chunks = []; - for (var bits = []; t.cmpn(0) !== 0; t.ishrn(1)) - bits.push(t.andln(1)); + var br = new BufferReader(buffer); + while (!br.finished()) { + try { + var opcodenum = br.readUInt8(); - for (var i = bits.length - 1; i >= 0; i--) { - if (bits[i] === 0) { - // N * Q + Q = ((N / 2) * Q + Q)) + (N / 2) * Q - a = a.diffAdd(b, c); - // N * Q = 2 * ((N / 2) * Q + Q)) - b = b.dbl(); - } else { - // N * Q = ((N / 2) * Q + Q) + ((N / 2) * Q) - b = a.diffAdd(b, c); - // N * Q + Q = 2 * ((N / 2) * Q + Q) - a = a.dbl(); + var len, buf; + if (opcodenum > 0 && opcodenum < Opcode.OP_PUSHDATA1) { + len = opcodenum; + script.chunks.push({ + buf: br.read(len), + len: len, + opcodenum: opcodenum + }); + } else if (opcodenum === Opcode.OP_PUSHDATA1) { + len = br.readUInt8(); + buf = br.read(len); + script.chunks.push({ + buf: buf, + len: len, + opcodenum: opcodenum + }); + } else if (opcodenum === Opcode.OP_PUSHDATA2) { + len = br.readUInt16LE(); + buf = br.read(len); + script.chunks.push({ + buf: buf, + len: len, + opcodenum: opcodenum + }); + } else if (opcodenum === Opcode.OP_PUSHDATA4) { + len = br.readUInt32LE(); + buf = br.read(len); + script.chunks.push({ + buf: buf, + len: len, + opcodenum: opcodenum + }); + } else { + script.chunks.push({ + opcodenum: opcodenum + }); + } + } catch (e) { + if (e instanceof RangeError) { + throw new errors.Script.InvalidBuffer(buffer.toString('hex')); + } + throw e; } } - return b; -}; -Point.prototype.mulAdd = function mulAdd() { - throw new Error('Not supported on Montgomery curve'); + return script; }; -Point.prototype.normalize = function normalize() { - this.x = this.x.redMul(this.z.redInvm()); - this.z = this.curve.one; - return this; -}; +Script.prototype.toBuffer = function() { + var bw = new BufferWriter(); -Point.prototype.getX = function getX() { - // Normalize coordinates - this.normalize(); + for (var i = 0; i < this.chunks.length; i++) { + var chunk = this.chunks[i]; + var opcodenum = chunk.opcodenum; + bw.writeUInt8(chunk.opcodenum); + if (chunk.buf) { + if (opcodenum < Opcode.OP_PUSHDATA1) { + bw.write(chunk.buf); + } else if (opcodenum === Opcode.OP_PUSHDATA1) { + bw.writeUInt8(chunk.len); + bw.write(chunk.buf); + } else if (opcodenum === Opcode.OP_PUSHDATA2) { + bw.writeUInt16LE(chunk.len); + bw.write(chunk.buf); + } else if (opcodenum === Opcode.OP_PUSHDATA4) { + bw.writeUInt32LE(chunk.len); + bw.write(chunk.buf); + } + } + } - return this.x.fromRed(); + return bw.concat(); }; -},{"../curve":59,"bn.js":53,"inherits":77}],61:[function(require,module,exports){ -'use strict'; +Script.fromASM = function(str) { + var script = new Script(); + script.chunks = []; -var curve = require('../curve'); -var elliptic = require('../../elliptic'); -var bn = require('bn.js'); -var inherits = require('inherits'); -var Base = curve.base; + var tokens = str.split(' '); + var i = 0; + while (i < tokens.length) { + var token = tokens[i]; + var opcode = Opcode(token); + var opcodenum = opcode.toNumber(); -var assert = elliptic.utils.assert; + if (_.isUndefined(opcodenum)) { + var buf = new Buffer(tokens[i], 'hex'); + script.chunks.push({ + buf: buf, + len: buf.length, + opcodenum: buf.length + }); + i = i + 1; + } else if (opcodenum === Opcode.OP_PUSHDATA1 || + opcodenum === Opcode.OP_PUSHDATA2 || + opcodenum === Opcode.OP_PUSHDATA4) { + script.chunks.push({ + buf: new Buffer(tokens[i + 2], 'hex'), + len: parseInt(tokens[i + 1]), + opcodenum: opcodenum + }); + i = i + 3; + } else { + script.chunks.push({ + opcodenum: opcodenum + }); + i = i + 1; + } + } + return script; +}; -function ShortCurve(conf) { - Base.call(this, 'short', conf); +Script.fromHex = function(str) { + return new Script(new buffer.Buffer(str, 'hex')); +}; - this.a = new bn(conf.a, 16).toRed(this.red); - this.b = new bn(conf.b, 16).toRed(this.red); - this.tinv = this.two.redInvm(); +Script.fromString = function(str) { + if (JSUtil.isHexa(str) || str.length === 0) { + return new Script(new buffer.Buffer(str, 'hex')); + } + var script = new Script(); + script.chunks = []; - this.zeroA = this.a.fromRed().cmpn(0) === 0; - this.threeA = this.a.fromRed().sub(this.p).cmpn(-3) === 0; + var tokens = str.split(' '); + var i = 0; + while (i < tokens.length) { + var token = tokens[i]; + var opcode = Opcode(token); + var opcodenum = opcode.toNumber(); - // If the curve is endomorphic, precalculate beta and lambda - this.endo = this._getEndomorphism(conf); - this._endoWnafT1 = new Array(4); - this._endoWnafT2 = new Array(4); -} -inherits(ShortCurve, Base); -module.exports = ShortCurve; - -ShortCurve.prototype._getEndomorphism = function _getEndomorphism(conf) { - // No efficient endomorphism - if (!this.zeroA || !this.g || !this.n || this.p.modn(3) !== 1) - return; - - // Compute beta and lambda, that lambda * P = (beta * Px; Py) - var beta; - var lambda; - if (conf.beta) { - beta = new bn(conf.beta, 16).toRed(this.red); - } else { - var betas = this._getEndoRoots(this.p); - // Choose the smallest beta - beta = betas[0].cmp(betas[1]) < 0 ? betas[0] : betas[1]; - beta = beta.toRed(this.red); - } - if (conf.lambda) { - lambda = new bn(conf.lambda, 16); - } else { - // Choose the lambda that is matching selected beta - var lambdas = this._getEndoRoots(this.n); - if (this.g.mul(lambdas[0]).x.cmp(this.g.x.redMul(beta)) === 0) { - lambda = lambdas[0]; + if (_.isUndefined(opcodenum)) { + opcodenum = parseInt(token); + if (opcodenum > 0 && opcodenum < Opcode.OP_PUSHDATA1) { + script.chunks.push({ + buf: new Buffer(tokens[i + 1].slice(2), 'hex'), + len: opcodenum, + opcodenum: opcodenum + }); + i = i + 2; + } else { + throw new Error('Invalid script: ' + JSON.stringify(str)); + } + } else if (opcodenum === Opcode.OP_PUSHDATA1 || + opcodenum === Opcode.OP_PUSHDATA2 || + opcodenum === Opcode.OP_PUSHDATA4) { + if (tokens[i + 2].slice(0, 2) !== '0x') { + throw new Error('Pushdata data must start with 0x'); + } + script.chunks.push({ + buf: new Buffer(tokens[i + 2].slice(2), 'hex'), + len: parseInt(tokens[i + 1]), + opcodenum: opcodenum + }); + i = i + 3; } else { - lambda = lambdas[1]; - assert(this.g.mul(lambda).x.cmp(this.g.x.redMul(beta)) === 0); + script.chunks.push({ + opcodenum: opcodenum + }); + i = i + 1; } } + return script; +}; - // Get basis vectors, used for balanced length-two representation - var basis; - if (conf.basis) { - basis = conf.basis.map(function(vec) { - return { - a: new bn(vec.a, 16), - b: new bn(vec.b, 16) - }; - }); +Script.prototype._chunkToString = function(chunk, type) { + var opcodenum = chunk.opcodenum; + var asm = (type === 'asm'); + var str = ''; + if (!chunk.buf) { + // no data chunk + if (typeof Opcode.reverseMap[opcodenum] !== 'undefined') { + str = str + ' ' + Opcode(opcodenum).toString(); + } else { + var numstr = opcodenum.toString(16); + if (numstr.length % 2 !== 0) { + numstr = '0' + numstr; + } + if (asm) { + str = str + ' ' + numstr; + } else { + str = str + ' ' + '0x' + numstr; + } + } } else { - basis = this._getEndoBasis(lambda); + // data chunk + if (opcodenum === Opcode.OP_PUSHDATA1 || + opcodenum === Opcode.OP_PUSHDATA2 || + opcodenum === Opcode.OP_PUSHDATA4) { + str = str + ' ' + Opcode(opcodenum).toString(); + } + if (chunk.len > 0) { + if (asm) { + str = str + ' ' + chunk.buf.toString('hex'); + } else { + str = str + ' ' + chunk.len + ' ' + '0x' + chunk.buf.toString('hex'); + } + } } - - return { - beta: beta, - lambda: lambda, - basis: basis - }; + return str; }; -ShortCurve.prototype._getEndoRoots = function _getEndoRoots(num) { - // Find roots of for x^2 + x + 1 in F - // Root = (-1 +- Sqrt(-3)) / 2 - // - var red = num === this.p ? this.red : bn.mont(num); - var tinv = new bn(2).toRed(red).redInvm(); - var ntinv = tinv.redNeg(); +Script.prototype.toASM = function() { + var str = ''; + for (var i = 0; i < this.chunks.length; i++) { + var chunk = this.chunks[i]; + str += this._chunkToString(chunk, 'asm'); + } - var s = new bn(3).toRed(red).redNeg().redSqrt().redMul(tinv); + return str.substr(1); +}; - var l1 = ntinv.redAdd(s).fromRed(); - var l2 = ntinv.redSub(s).fromRed(); - return [ l1, l2 ]; +Script.prototype.toString = function() { + var str = ''; + for (var i = 0; i < this.chunks.length; i++) { + var chunk = this.chunks[i]; + str += this._chunkToString(chunk); + } + + return str.substr(1); }; -ShortCurve.prototype._getEndoBasis = function _getEndoBasis(lambda) { - // aprxSqrt >= sqrt(this.n) - var aprxSqrt = this.n.shrn(Math.floor(this.n.bitLength() / 2)); +Script.prototype.toHex = function() { + return this.toBuffer().toString('hex'); +}; - // 3.74 - // Run EGCD, until r(L + 1) < aprxSqrt - var u = lambda; - var v = this.n.clone(); - var x1 = new bn(1); - var y1 = new bn(0); - var x2 = new bn(0); - var y2 = new bn(1); +Script.prototype.inspect = function() { + return ''; +}; - // NOTE: all vectors are roots of: a + b * lambda = 0 (mod n) - var a0; - var b0; - // First vector - var a1; - var b1; - // Second vector - var a2; - var b2; +// script classification methods - var prevR; - var i = 0; - var r; - var x; - while (u.cmpn(0) !== 0) { - var q = v.div(u); - r = v.sub(q.mul(u)); - x = x2.sub(q.mul(x1)); - var y = y2.sub(q.mul(y1)); +/** + * @returns {boolean} if this is a pay to pubkey hash output script + */ +Script.prototype.isPublicKeyHashOut = function() { + return !!(this.chunks.length === 5 && + this.chunks[0].opcodenum === Opcode.OP_DUP && + this.chunks[1].opcodenum === Opcode.OP_HASH160 && + this.chunks[2].buf && + this.chunks[2].buf.length === 20 && + this.chunks[3].opcodenum === Opcode.OP_EQUALVERIFY && + this.chunks[4].opcodenum === Opcode.OP_CHECKSIG); +}; - if (!a1 && r.cmp(aprxSqrt) < 0) { - a0 = prevR.neg(); - b0 = x1; - a1 = r.neg(); - b1 = x; - } else if (a1 && ++i === 2) { - break; +/** + * @returns {boolean} if this is a pay to public key hash input script + */ +Script.prototype.isPublicKeyHashIn = function() { + if (this.chunks.length === 2) { + var signatureBuf = this.chunks[0].buf; + var pubkeyBuf = this.chunks[1].buf; + if (signatureBuf && + signatureBuf.length && + signatureBuf[0] === 0x30 && + pubkeyBuf && + pubkeyBuf.length + ) { + var version = pubkeyBuf[0]; + if ((version === 0x04 || + version === 0x06 || + version === 0x07) && pubkeyBuf.length === 65) { + return true; + } else if ((version === 0x03 || version === 0x02) && pubkeyBuf.length === 33) { + return true; + } } - prevR = r; + } + return false; +}; - v = u; - u = r; - x2 = x1; - x1 = x; - y2 = y1; - y1 = y; +Script.prototype.getPublicKey = function() { + $.checkState(this.isPublicKeyOut(), 'Can\'t retreive PublicKey from a non-PK output'); + return this.chunks[0].buf; +}; + +Script.prototype.getPublicKeyHash = function() { + $.checkState(this.isPublicKeyHashOut(), 'Can\'t retrieve PublicKeyHash from a non-PKH output'); + return this.chunks[2].buf; +}; + +/** + * @returns {boolean} if this is a public key output script + */ +Script.prototype.isPublicKeyOut = function() { + if (this.chunks.length === 2 && + this.chunks[0].buf && + this.chunks[0].buf.length && + this.chunks[1].opcodenum === Opcode.OP_CHECKSIG) { + var pubkeyBuf = this.chunks[0].buf; + var version = pubkeyBuf[0]; + var isVersion = false; + if ((version === 0x04 || + version === 0x06 || + version === 0x07) && pubkeyBuf.length === 65) { + isVersion = true; + } else if ((version === 0x03 || version === 0x02) && pubkeyBuf.length === 33) { + isVersion = true; + } + if (isVersion) { + return PublicKey.isValid(pubkeyBuf); + } } - a2 = r.neg(); - b2 = x; + return false; +}; - var len1 = a1.sqr().add(b1.sqr()); - var len2 = a2.sqr().add(b2.sqr()); - if (len2.cmp(len1) >= 0) { - a2 = a0; - b2 = b0; +/** + * @returns {boolean} if this is a pay to public key input script + */ +Script.prototype.isPublicKeyIn = function() { + if (this.chunks.length === 1) { + var signatureBuf = this.chunks[0].buf; + if (signatureBuf && + signatureBuf.length && + signatureBuf[0] === 0x30) { + return true; + } } + return false; +}; - // Normalize signs - if (a1.sign) { - a1 = a1.neg(); - b1 = b1.neg(); +/** + * @returns {boolean} if this is a p2sh output script + */ +Script.prototype.isScriptHashOut = function() { + var buf = this.toBuffer(); + return (buf.length === 23 && + buf[0] === Opcode.OP_HASH160 && + buf[1] === 0x14 && + buf[buf.length - 1] === Opcode.OP_EQUAL); +}; + +/** + * @returns {boolean} if this is a p2sh input script + * Note that these are frequently indistinguishable from pubkeyhashin + */ +Script.prototype.isScriptHashIn = function() { + if (this.chunks.length <= 1) { + return false; } - if (a2.sign) { - a2 = a2.neg(); - b2 = b2.neg(); + var redeemChunk = this.chunks[this.chunks.length - 1]; + var redeemBuf = redeemChunk.buf; + if (!redeemBuf) { + return false; } - return [ - { a: a1, b: b1 }, - { a: a2, b: b2 } - ]; + var redeemScript; + try { + redeemScript = Script.fromBuffer(redeemBuf); + } catch (e) { + if (e instanceof errors.Script.InvalidBuffer) { + return false; + } + throw e; + } + var type = redeemScript.classify(); + return type !== Script.types.UNKNOWN; }; -ShortCurve.prototype._endoSplit = function _endoSplit(k) { - var basis = this.endo.basis; - var v1 = basis[0]; - var v2 = basis[1]; - - var c1 = v2.b.mul(k).divRound(this.n); - var c2 = v1.b.neg().mul(k).divRound(this.n); +/** + * @returns {boolean} if this is a mutlsig output script + */ +Script.prototype.isMultisigOut = function() { + return (this.chunks.length > 3 && + Opcode.isSmallIntOp(this.chunks[0].opcodenum) && + this.chunks.slice(1, this.chunks.length - 2).every(function(obj) { + return obj.buf && BufferUtil.isBuffer(obj.buf); + }) && + Opcode.isSmallIntOp(this.chunks[this.chunks.length - 2].opcodenum) && + this.chunks[this.chunks.length - 1].opcodenum === Opcode.OP_CHECKMULTISIG); +}; - var p1 = c1.mul(v1.a); - var p2 = c2.mul(v2.a); - var q1 = c1.mul(v1.b); - var q2 = c2.mul(v2.b); - // Calculate answer - var k1 = k.sub(p1).sub(p2); - var k2 = q1.add(q2).neg(); - return { k1: k1, k2: k2 }; +/** + * @returns {boolean} if this is a multisig input script + */ +Script.prototype.isMultisigIn = function() { + return this.chunks.length >= 2 && + this.chunks[0].opcodenum === 0 && + this.chunks.slice(1, this.chunks.length).every(function(obj) { + return obj.buf && + BufferUtil.isBuffer(obj.buf) && + Signature.isTxDER(obj.buf); + }); }; -ShortCurve.prototype.pointFromX = function pointFromX(odd, x) { - x = new bn(x, 16); - if (!x.red) - x = x.toRed(this.red); - - var y2 = x.redSqr().redMul(x).redIAdd(x.redMul(this.a)).redIAdd(this.b); - var y = y2.redSqrt(); +/** + * @returns {boolean} true if this is a valid standard OP_RETURN output + */ +Script.prototype.isDataOut = function() { + return this.chunks.length >= 1 && + this.chunks[0].opcodenum === Opcode.OP_RETURN && + (this.chunks.length === 1 || + (this.chunks.length === 2 && + this.chunks[1].buf && + this.chunks[1].buf.length <= Script.OP_RETURN_STANDARD_SIZE && + this.chunks[1].length === this.chunks.len)); +}; - // XXX Is there any way to tell if the number is odd without converting it - // to non-red form? - var isOdd = y.fromRed().isOdd(); - if (odd && !isOdd || !odd && isOdd) - y = y.redNeg(); +/** + * Retrieve the associated data for this script. + * In the case of a pay to public key hash or P2SH, return the hash. + * In the case of a standard OP_RETURN, return the data + * @returns {Buffer} + */ +Script.prototype.getData = function() { + if (this.isDataOut() || this.isScriptHashOut()) { + if (_.isUndefined(this.chunks[1])) { + return new Buffer(0); + } else { + return new Buffer(this.chunks[1].buf); + } + } + if (this.isPublicKeyHashOut()) { + return new Buffer(this.chunks[2].buf); + } + throw new Error('Unrecognized script type to get data from'); +}; - return this.point(x, y); +/** + * @returns {boolean} if the script is only composed of data pushing + * opcodes or small int opcodes (OP_0, OP_1, ..., OP_16) + */ +Script.prototype.isPushOnly = function() { + return _.every(this.chunks, function(chunk) { + return chunk.opcodenum <= Opcode.OP_16; + }); }; -ShortCurve.prototype.validate = function validate(point) { - if (point.inf) - return true; - var x = point.x; - var y = point.y; +Script.types = {}; +Script.types.UNKNOWN = 'Unknown'; +Script.types.PUBKEY_OUT = 'Pay to public key'; +Script.types.PUBKEY_IN = 'Spend from public key'; +Script.types.PUBKEYHASH_OUT = 'Pay to public key hash'; +Script.types.PUBKEYHASH_IN = 'Spend from public key hash'; +Script.types.SCRIPTHASH_OUT = 'Pay to script hash'; +Script.types.SCRIPTHASH_IN = 'Spend from script hash'; +Script.types.MULTISIG_OUT = 'Pay to multisig'; +Script.types.MULTISIG_IN = 'Spend from multisig'; +Script.types.DATA_OUT = 'Data push'; - var ax = this.a.redMul(x); - var rhs = x.redSqr().redMul(x).redIAdd(ax).redIAdd(this.b); - return y.redSqr().redISub(rhs).cmpn(0) === 0; +Script.OP_RETURN_STANDARD_SIZE = 80; + +/** + * @returns {object} The Script type if it is a known form, + * or Script.UNKNOWN if it isn't + */ +Script.prototype.classify = function() { + if (this._isInput) { + return this.classifyInput(); + } else if (this._isOutput) { + return this.classifyOutput(); + } else { + var outputType = this.classifyOutput(); + return outputType != Script.types.UNKNOWN ? outputType : this.classifyInput(); + } }; -ShortCurve.prototype._endoWnafMulAdd = - function _endoWnafMulAdd(points, coeffs) { - var npoints = this._endoWnafT1; - var ncoeffs = this._endoWnafT2; - for (var i = 0; i < points.length; i++) { - var split = this._endoSplit(coeffs[i]); - var p = points[i]; - var beta = p._getBeta(); +Script.outputIdentifiers = {}; +Script.outputIdentifiers.PUBKEY_OUT = Script.prototype.isPublicKeyOut; +Script.outputIdentifiers.PUBKEYHASH_OUT = Script.prototype.isPublicKeyHashOut; +Script.outputIdentifiers.MULTISIG_OUT = Script.prototype.isMultisigOut; +Script.outputIdentifiers.SCRIPTHASH_OUT = Script.prototype.isScriptHashOut; +Script.outputIdentifiers.DATA_OUT = Script.prototype.isDataOut; - if (split.k1.sign) { - split.k1.sign = !split.k1.sign; - p = p.neg(true); - } - if (split.k2.sign) { - split.k2.sign = !split.k2.sign; - beta = beta.neg(true); +/** + * @returns {object} The Script type if it is a known form, + * or Script.UNKNOWN if it isn't + */ +Script.prototype.classifyOutput = function() { + for (var type in Script.outputIdentifiers) { + if (Script.outputIdentifiers[type].bind(this)()) { + return Script.types[type]; } - - npoints[i * 2] = p; - npoints[i * 2 + 1] = beta; - ncoeffs[i * 2] = split.k1; - ncoeffs[i * 2 + 1] = split.k2; - } - var res = this._wnafMulAdd(1, npoints, ncoeffs, i * 2); - - // Clean-up references to points and coefficients - for (var j = 0; j < i * 2; j++) { - npoints[j] = null; - ncoeffs[j] = null; } - return res; + return Script.types.UNKNOWN; }; -function Point(curve, x, y, isRed) { - Base.BasePoint.call(this, curve, 'affine'); - if (x === null && y === null) { - this.x = null; - this.y = null; - this.inf = true; - } else { - this.x = new bn(x, 16); - this.y = new bn(y, 16); - // Force redgomery representation when loading from JSON - if (isRed) { - this.x.forceRed(this.curve.red); - this.y.forceRed(this.curve.red); +Script.inputIdentifiers = {}; +Script.inputIdentifiers.PUBKEY_IN = Script.prototype.isPublicKeyIn; +Script.inputIdentifiers.PUBKEYHASH_IN = Script.prototype.isPublicKeyHashIn; +Script.inputIdentifiers.MULTISIG_IN = Script.prototype.isMultisigIn; +Script.inputIdentifiers.SCRIPTHASH_IN = Script.prototype.isScriptHashIn; + +/** + * @returns {object} The Script type if it is a known form, + * or Script.UNKNOWN if it isn't + */ +Script.prototype.classifyInput = function() { + for (var type in Script.inputIdentifiers) { + if (Script.inputIdentifiers[type].bind(this)()) { + return Script.types[type]; } - if (!this.x.red) - this.x = this.x.toRed(this.curve.red); - if (!this.y.red) - this.y = this.y.toRed(this.curve.red); - this.inf = false; } -} -inherits(Point, Base.BasePoint); - -ShortCurve.prototype.point = function point(x, y, isRed) { - return new Point(this, x, y, isRed); + return Script.types.UNKNOWN; }; -ShortCurve.prototype.pointFromJSON = function pointFromJSON(obj, red) { - return Point.fromJSON(this, obj, red); + +/** + * @returns {boolean} if script is one of the known types + */ +Script.prototype.isStandard = function() { + // TODO: Add BIP62 compliance + return this.classify() !== Script.types.UNKNOWN; }; -Point.prototype._getBeta = function _getBeta() { - if (!this.curve.endo) - return; - var pre = this.precomputed; - if (pre && pre.beta) - return pre.beta; - - var beta = this.curve.point(this.x.redMul(this.curve.endo.beta), this.y); - if (pre) { - var curve = this.curve; - var endoMul = function(p) { - return curve.point(p.x.redMul(curve.endo.beta), p.y); - }; - pre.beta = beta; - beta.precomputed = { - beta: null, - naf: pre.naf && { - wnd: pre.naf.wnd, - points: pre.naf.points.map(endoMul) - }, - doubles: pre.doubles && { - step: pre.doubles.step, - points: pre.doubles.points.map(endoMul) - } - }; - } - return beta; -}; - -Point.prototype.toJSON = function toJSON() { - if (!this.precomputed) - return [ this.x, this.y ]; +// Script construction methods - return [ this.x, this.y, this.precomputed && { - doubles: this.precomputed.doubles && { - step: this.precomputed.doubles.step, - points: this.precomputed.doubles.points.slice(1) - }, - naf: this.precomputed.naf && { - wnd: this.precomputed.naf.wnd, - points: this.precomputed.naf.points.slice(1) - } - } ]; +/** + * Adds a script element at the start of the script. + * @param {*} obj a string, number, Opcode, Buffer, or object to add + * @returns {Script} this script instance + */ +Script.prototype.prepend = function(obj) { + this._addByType(obj, true); + return this; }; -Point.fromJSON = function fromJSON(curve, obj, red) { - if (typeof obj === 'string') - obj = JSON.parse(obj); - var res = curve.point(obj[0], obj[1], red); - if (!obj[2]) - return res; - - function obj2point(obj) { - return curve.point(obj[0], obj[1], red); +/** + * Compares a script with another script + */ +Script.prototype.equals = function(script) { + $.checkState(script instanceof Script, 'Must provide another script'); + if (this.chunks.length !== script.chunks.length) { + return false; } - - var pre = obj[2]; - res.precomputed = { - beta: null, - doubles: pre.doubles && { - step: pre.doubles.step, - points: [ res ].concat(pre.doubles.points.map(obj2point)) - }, - naf: pre.naf && { - wnd: pre.naf.wnd, - points: [ res ].concat(pre.naf.points.map(obj2point)) + var i; + for (i = 0; i < this.chunks.length; i++) { + if (BufferUtil.isBuffer(this.chunks[i].buf) && !BufferUtil.isBuffer(script.chunks[i].buf)) { + return false; } - }; - return res; + if (BufferUtil.isBuffer(this.chunks[i].buf) && !BufferUtil.equals(this.chunks[i].buf, script.chunks[i].buf)) { + return false; + } else if (this.chunks[i].opcodenum !== script.chunks[i].opcodenum) { + return false; + } + } + return true; }; -Point.prototype.inspect = function inspect() { - if (this.isInfinity()) - return ''; - return ''; +/** + * Adds a script element to the end of the script. + * + * @param {*} obj a string, number, Opcode, Buffer, or object to add + * @returns {Script} this script instance + * + */ +Script.prototype.add = function(obj) { + this._addByType(obj, false); + return this; }; -Point.prototype.isInfinity = function isInfinity() { - return this.inf; +Script.prototype._addByType = function(obj, prepend) { + if (typeof obj === 'string') { + this._addOpcode(obj, prepend); + } else if (typeof obj === 'number') { + this._addOpcode(obj, prepend); + } else if (obj instanceof Opcode) { + this._addOpcode(obj, prepend); + } else if (BufferUtil.isBuffer(obj)) { + this._addBuffer(obj, prepend); + } else if (obj instanceof Script) { + this.chunks = this.chunks.concat(obj.chunks); + } else if (typeof obj === 'object') { + this._insertAtPosition(obj, prepend); + } else { + throw new Error('Invalid script chunk'); + } }; -Point.prototype.add = function add(p) { - // O + P = P - if (this.inf) - return p; - - // P + O = P - if (p.inf) - return this; - - // P + P = 2P - if (this.eq(p)) - return this.dbl(); - - // P + (-P) = O - if (this.neg().eq(p)) - return this.curve.point(null, null); - - // P + Q = O - if (this.x.cmp(p.x) === 0) - return this.curve.point(null, null); - - var c = this.y.redSub(p.y); - if (c.cmpn(0) !== 0) - c = c.redMul(this.x.redSub(p.x).redInvm()); - var nx = c.redSqr().redISub(this.x).redISub(p.x); - var ny = c.redMul(this.x.redSub(nx)).redISub(this.y); - return this.curve.point(nx, ny); +Script.prototype._insertAtPosition = function(op, prepend) { + if (prepend) { + this.chunks.unshift(op); + } else { + this.chunks.push(op); + } }; -Point.prototype.dbl = function dbl() { - if (this.inf) - return this; - - // 2P = O - var ys1 = this.y.redAdd(this.y); - if (ys1.cmpn(0) === 0) - return this.curve.point(null, null); - - var a = this.curve.a; - - var x2 = this.x.redSqr(); - var dyinv = ys1.redInvm(); - var c = x2.redAdd(x2).redIAdd(x2).redIAdd(a).redMul(dyinv); - - var nx = c.redSqr().redISub(this.x.redAdd(this.x)); - var ny = c.redMul(this.x.redSub(nx)).redISub(this.y); - return this.curve.point(nx, ny); +Script.prototype._addOpcode = function(opcode, prepend) { + var op; + if (typeof opcode === 'number') { + op = opcode; + } else if (opcode instanceof Opcode) { + op = opcode.toNumber(); + } else { + op = Opcode(opcode).toNumber(); + } + this._insertAtPosition({ + opcodenum: op + }, prepend); + return this; }; -Point.prototype.getX = function getX() { - return this.x.fromRed(); +Script.prototype._addBuffer = function(buf, prepend) { + var opcodenum; + var len = buf.length; + if (len >= 0 && len < Opcode.OP_PUSHDATA1) { + opcodenum = len; + } else if (len < Math.pow(2, 8)) { + opcodenum = Opcode.OP_PUSHDATA1; + } else if (len < Math.pow(2, 16)) { + opcodenum = Opcode.OP_PUSHDATA2; + } else if (len < Math.pow(2, 32)) { + opcodenum = Opcode.OP_PUSHDATA4; + } else { + throw new Error('You can\'t push that much data'); + } + this._insertAtPosition({ + buf: buf, + len: len, + opcodenum: opcodenum + }, prepend); + return this; }; -Point.prototype.getY = function getY() { - return this.y.fromRed(); +Script.prototype.removeCodeseparators = function() { + var chunks = []; + for (var i = 0; i < this.chunks.length; i++) { + if (this.chunks[i].opcodenum !== Opcode.OP_CODESEPARATOR) { + chunks.push(this.chunks[i]); + } + } + this.chunks = chunks; + return this; }; -Point.prototype.mul = function mul(k) { - k = new bn(k, 16); +// high level script builder methods - if (this.precomputed && this.precomputed.doubles) - return this.curve._fixedNafMul(this, k); - else if (this.curve.endo) - return this.curve._endoWnafMulAdd([ this ], [ k ]); - else - return this.curve._wnafMul(this, k); +/** + * @returns {Script} a new Multisig output script for given public keys, + * requiring m of those public keys to spend + * @param {PublicKey[]} publicKeys - list of all public keys controlling the output + * @param {number} threshold - amount of required signatures to spend the output + * @param {Object=} opts - Several options: + * - noSorting: defaults to false, if true, don't sort the given + * public keys before creating the script + */ +Script.buildMultisigOut = function(publicKeys, threshold, opts) { + $.checkArgument(threshold <= publicKeys.length, + 'Number of required signatures must be less than or equal to the number of public keys'); + opts = opts || {}; + var script = new Script(); + script.add(Opcode.smallInt(threshold)); + publicKeys = _.map(publicKeys, PublicKey); + var sorted = publicKeys; + if (!opts.noSorting) { + sorted = _.sortBy(publicKeys, function(publicKey) { + return publicKey.toString('hex'); + }); + } + for (var i = 0; i < sorted.length; i++) { + var publicKey = sorted[i]; + script.add(publicKey.toBuffer()); + } + script.add(Opcode.smallInt(publicKeys.length)); + script.add(Opcode.OP_CHECKMULTISIG); + return script; }; -Point.prototype.mulAdd = function mulAdd(k1, p2, k2) { - var points = [ this, p2 ]; - var coeffs = [ k1, k2 ]; - if (this.curve.endo) - return this.curve._endoWnafMulAdd(points, coeffs); - else - return this.curve._wnafMulAdd(1, points, coeffs, 2); +/** + * A new Multisig input script for the given public keys, requiring m of those public keys to spend + * + * @param {PublicKey[]} pubkeys list of all public keys controlling the output + * @param {number} threshold amount of required signatures to spend the output + * @param {Array} signatures and array of signature buffers to append to the script + * @param {Object=} opts + * @param {boolean=} opts.noSorting don't sort the given public keys before creating the script (false by default) + * @param {Script=} opts.cachedMultisig don't recalculate the redeemScript + * + * @returns {Script} + */ +Script.buildMultisigIn = function(pubkeys, threshold, signatures, opts) { + $.checkArgument(_.isArray(pubkeys)); + $.checkArgument(_.isNumber(threshold)); + $.checkArgument(_.isArray(signatures)); + opts = opts || {}; + var s = new Script(); + s.add(Opcode.OP_0); + _.each(signatures, function(signature) { + $.checkArgument(BufferUtil.isBuffer(signature), 'Signatures must be an array of Buffers'); + // TODO: allow signatures to be an array of Signature objects + s.add(signature); + }); + return s; }; -Point.prototype.eq = function eq(p) { - return this === p || - this.inf === p.inf && - (this.inf || this.x.cmp(p.x) === 0 && this.y.cmp(p.y) === 0); +/** + * A new P2SH Multisig input script for the given public keys, requiring m of those public keys to spend + * + * @param {PublicKey[]} pubkeys list of all public keys controlling the output + * @param {number} threshold amount of required signatures to spend the output + * @param {Array} signatures and array of signature buffers to append to the script + * @param {Object=} opts + * @param {boolean=} opts.noSorting don't sort the given public keys before creating the script (false by default) + * @param {Script=} opts.cachedMultisig don't recalculate the redeemScript + * + * @returns {Script} + */ +Script.buildP2SHMultisigIn = function(pubkeys, threshold, signatures, opts) { + $.checkArgument(_.isArray(pubkeys)); + $.checkArgument(_.isNumber(threshold)); + $.checkArgument(_.isArray(signatures)); + opts = opts || {}; + var s = new Script(); + s.add(Opcode.OP_0); + _.each(signatures, function(signature) { + $.checkArgument(BufferUtil.isBuffer(signature), 'Signatures must be an array of Buffers'); + // TODO: allow signatures to be an array of Signature objects + s.add(signature); + }); + s.add((opts.cachedMultisig || Script.buildMultisigOut(pubkeys, threshold, opts)).toBuffer()); + return s; }; -Point.prototype.neg = function neg(_precompute) { - if (this.inf) - return this; - - var res = this.curve.point(this.x, this.y.redNeg()); - if (_precompute && this.precomputed) { - var pre = this.precomputed; - var negate = function(p) { - return p.neg(); - }; - res.precomputed = { - naf: pre.naf && { - wnd: pre.naf.wnd, - points: pre.naf.points.map(negate) - }, - doubles: pre.doubles && { - step: pre.doubles.step, - points: pre.doubles.points.map(negate) - } - }; +/** + * @returns {Script} a new pay to public key hash output for the given + * address or public key + * @param {(Address|PublicKey)} to - destination address or public key + */ +Script.buildPublicKeyHashOut = function(to) { + $.checkArgument(!_.isUndefined(to)); + $.checkArgument(to instanceof PublicKey || to instanceof Address || _.isString(to)); + if (to instanceof PublicKey) { + to = to.toAddress(); + } else if (_.isString(to)) { + to = new Address(to); } - return res; + var s = new Script(); + s.add(Opcode.OP_DUP) + .add(Opcode.OP_HASH160) + .add(to.hashBuffer) + .add(Opcode.OP_EQUALVERIFY) + .add(Opcode.OP_CHECKSIG); + s._network = to.network; + return s; }; -Point.prototype.toJ = function toJ() { - if (this.inf) - return this.curve.jpoint(null, null, null); - - var res = this.curve.jpoint(this.x, this.y, this.curve.one); - return res; +/** + * @returns {Script} a new pay to public key output for the given + * public key + */ +Script.buildPublicKeyOut = function(pubkey) { + $.checkArgument(pubkey instanceof PublicKey); + var s = new Script(); + s.add(pubkey.toBuffer()) + .add(Opcode.OP_CHECKSIG); + return s; }; -function JPoint(curve, x, y, z) { - Base.BasePoint.call(this, curve, 'jacobian'); - if (x === null && y === null && z === null) { - this.x = this.curve.one; - this.y = this.curve.one; - this.z = new bn(0); - } else { - this.x = new bn(x, 16); - this.y = new bn(y, 16); - this.z = new bn(z, 16); +/** + * @returns {Script} a new OP_RETURN script with data + * @param {(string|Buffer)} data - the data to embed in the output + * @param {(string)} encoding - the type of encoding of the string + */ +Script.buildDataOut = function(data, encoding) { + $.checkArgument(_.isUndefined(data) || _.isString(data) || BufferUtil.isBuffer(data)); + if (_.isString(data)) { + data = new Buffer(data, encoding); } - if (!this.x.red) - this.x = this.x.toRed(this.curve.red); - if (!this.y.red) - this.y = this.y.toRed(this.curve.red); - if (!this.z.red) - this.z = this.z.toRed(this.curve.red); + var s = new Script(); + s.add(Opcode.OP_RETURN); + if (!_.isUndefined(data)) { + s.add(data); + } + return s; +}; - this.zOne = this.z === this.curve.one; -} -inherits(JPoint, Base.BasePoint); +/** + * @param {Script|Address} script - the redeemScript for the new p2sh output. + * It can also be a p2sh address + * @returns {Script} new pay to script hash script for given script + */ +Script.buildScriptHashOut = function(script) { + $.checkArgument(script instanceof Script || + (script instanceof Address && script.isPayToScriptHash())); + var s = new Script(); + s.add(Opcode.OP_HASH160) + .add(script instanceof Address ? script.hashBuffer : Hash.sha256ripemd160(script.toBuffer())) + .add(Opcode.OP_EQUAL); -ShortCurve.prototype.jpoint = function jpoint(x, y, z) { - return new JPoint(this, x, y, z); + s._network = script._network || script.network; + return s; }; -JPoint.prototype.toP = function toP() { - if (this.isInfinity()) - return this.curve.point(null, null); - - var zinv = this.z.redInvm(); - var zinv2 = zinv.redSqr(); - var ax = this.x.redMul(zinv2); - var ay = this.y.redMul(zinv2).redMul(zinv); +/** + * Builds a scriptSig (a script for an input) that signs a public key output script. + * + * @param {Signature|Buffer} signature - a Signature object, or the signature in DER canonical encoding + * @param {number=} sigtype - the type of the signature (defaults to SIGHASH_ALL) + */ +Script.buildPublicKeyIn = function(signature, sigtype) { + $.checkArgument(signature instanceof Signature || BufferUtil.isBuffer(signature)); + $.checkArgument(_.isUndefined(sigtype) || _.isNumber(sigtype)); + if (signature instanceof Signature) { + signature = signature.toBuffer(); + } + var script = new Script(); + script.add(BufferUtil.concat([ + signature, + BufferUtil.integerAsSingleByteBuffer(sigtype || Signature.SIGHASH_ALL) + ])); + return script; +}; - return this.curve.point(ax, ay); +/** + * Builds a scriptSig (a script for an input) that signs a public key hash + * output script. + * + * @param {Buffer|string|PublicKey} publicKey + * @param {Signature|Buffer} signature - a Signature object, or the signature in DER canonical encoding + * @param {number=} sigtype - the type of the signature (defaults to SIGHASH_ALL) + */ +Script.buildPublicKeyHashIn = function(publicKey, signature, sigtype) { + $.checkArgument(signature instanceof Signature || BufferUtil.isBuffer(signature)); + $.checkArgument(_.isUndefined(sigtype) || _.isNumber(sigtype)); + if (signature instanceof Signature) { + signature = signature.toBuffer(); + } + var script = new Script() + .add(BufferUtil.concat([ + signature, + BufferUtil.integerAsSingleByteBuffer(sigtype || Signature.SIGHASH_ALL) + ])) + .add(new PublicKey(publicKey).toBuffer()); + return script; }; -JPoint.prototype.neg = function neg() { - return this.curve.jpoint(this.x, this.y.redNeg(), this.z); +/** + * @returns {Script} an empty script + */ +Script.empty = function() { + return new Script(); }; -JPoint.prototype.add = function add(p) { - // O + P = P - if (this.isInfinity()) - return p; +/** + * @returns {Script} a new pay to script hash script that pays to this script + */ +Script.prototype.toScriptHashOut = function() { + return Script.buildScriptHashOut(this); +}; - // P + O = P - if (p.isInfinity()) - return this; +/** + * @return {Script} an output script built from the address + */ +Script.fromAddress = function(address) { + address = Address(address); + if (address.isPayToScriptHash()) { + return Script.buildScriptHashOut(address); + } else if (address.isPayToPublicKeyHash()) { + return Script.buildPublicKeyHashOut(address); + } + throw new errors.Script.UnrecognizedAddress(address); +}; - // 12M + 4S + 7A - var pz2 = p.z.redSqr(); - var z2 = this.z.redSqr(); - var u1 = this.x.redMul(pz2); - var u2 = p.x.redMul(z2); - var s1 = this.y.redMul(pz2.redMul(p.z)); - var s2 = p.y.redMul(z2.redMul(this.z)); +/** + * Will return the associated address information object + * @return {Address|boolean} + */ +Script.prototype.getAddressInfo = function(opts) { + if (this._isInput) { + return this._getInputAddressInfo(); + } else if (this._isOutput) { + return this._getOutputAddressInfo(); + } else { + var info = this._getOutputAddressInfo(); + if (!info) { + return this._getInputAddressInfo(); + } + return info; + } +}; - var h = u1.redSub(u2); - var r = s1.redSub(s2); - if (h.cmpn(0) === 0) { - if (r.cmpn(0) !== 0) - return this.curve.jpoint(null, null, null); - else - return this.dbl(); +/** + * Will return the associated output scriptPubKey address information object + * @return {Address|boolean} + * @private + */ +Script.prototype._getOutputAddressInfo = function() { + var info = {}; + if (this.isScriptHashOut()) { + info.hashBuffer = this.getData(); + info.type = Address.PayToScriptHash; + } else if (this.isPublicKeyHashOut()) { + info.hashBuffer = this.getData(); + info.type = Address.PayToPublicKeyHash; + } else { + return false; } + return info; +}; - var h2 = h.redSqr(); - var h3 = h2.redMul(h); - var v = u1.redMul(h2); +/** + * Will return the associated input scriptSig address information object + * @return {Address|boolean} + * @private + */ +Script.prototype._getInputAddressInfo = function() { + var info = {}; + if (this.isPublicKeyHashIn()) { + // hash the publickey found in the scriptSig + info.hashBuffer = Hash.sha256ripemd160(this.chunks[1].buf); + info.type = Address.PayToPublicKeyHash; + } else if (this.isScriptHashIn()) { + // hash the redeemscript found at the end of the scriptSig + info.hashBuffer = Hash.sha256ripemd160(this.chunks[this.chunks.length - 1].buf); + info.type = Address.PayToScriptHash; + } else { + return false; + } + return info; +}; - var nx = r.redSqr().redIAdd(h3).redISub(v).redISub(v); - var ny = r.redMul(v.redISub(nx)).redISub(s1.redMul(h3)); - var nz = this.z.redMul(p.z).redMul(h); +/** + * @param {Network=} network + * @return {Address|boolean} the associated address for this script if possible, or false + */ +Script.prototype.toAddress = function(network) { + var info = this.getAddressInfo(); + if (!info) { + return false; + } + info.network = Networks.get(network) || this._network || Networks.defaultNetwork; + return new Address(info); +}; - return this.curve.jpoint(nx, ny, nz); +/** + * Analogous to bitcoind's FindAndDelete. Find and delete equivalent chunks, + * typically used with push data chunks. Note that this will find and delete + * not just the same data, but the same data with the same push data op as + * produced by default. i.e., if a pushdata in a tx does not use the minimal + * pushdata op, then when you try to remove the data it is pushing, it will not + * be removed, because they do not use the same pushdata op. + */ +Script.prototype.findAndDelete = function(script) { + var buf = script.toBuffer(); + var hex = buf.toString('hex'); + for (var i = 0; i < this.chunks.length; i++) { + var script2 = Script({ + chunks: [this.chunks[i]] + }); + var buf2 = script2.toBuffer(); + var hex2 = buf2.toString('hex'); + if (hex === hex2) { + this.chunks.splice(i, 1); + } + } + return this; }; -JPoint.prototype.mixedAdd = function mixedAdd(p) { - // O + P = P - if (this.isInfinity()) - return p.toJ(); +/** + * Comes from bitcoind's script interpreter CheckMinimalPush function + * @returns {boolean} if the chunk {i} is the smallest way to push that particular data. + */ +Script.prototype.checkMinimalPush = function(i) { + var chunk = this.chunks[i]; + var buf = chunk.buf; + var opcodenum = chunk.opcodenum; + if (!buf) { + return true; + } + if (buf.length === 0) { + // Could have used OP_0. + return opcodenum === Opcode.OP_0; + } else if (buf.length === 1 && buf[0] >= 1 && buf[0] <= 16) { + // Could have used OP_1 .. OP_16. + return opcodenum === Opcode.OP_1 + (buf[0] - 1); + } else if (buf.length === 1 && buf[0] === 0x81) { + // Could have used OP_1NEGATE + return opcodenum === Opcode.OP_1NEGATE; + } else if (buf.length <= 75) { + // Could have used a direct push (opcode indicating number of bytes pushed + those bytes). + return opcodenum === buf.length; + } else if (buf.length <= 255) { + // Could have used OP_PUSHDATA. + return opcodenum === Opcode.OP_PUSHDATA1; + } else if (buf.length <= 65535) { + // Could have used OP_PUSHDATA2. + return opcodenum === Opcode.OP_PUSHDATA2; + } + return true; +}; - // P + O = P - if (p.isInfinity()) - return this; +/** + * Comes from bitcoind's script DecodeOP_N function + * @param {number} opcode + * @returns {number} numeric value in range of 0 to 16 + */ +Script.prototype._decodeOP_N = function(opcode) { + if (opcode === Opcode.OP_0) { + return 0; + } else if (opcode >= Opcode.OP_1 && opcode <= Opcode.OP_16) { + return opcode - (Opcode.OP_1 - 1); + } else { + throw new Error('Invalid opcode: ' + JSON.stringify(opcode)); + } +}; - // 8M + 3S + 7A - var z2 = this.z.redSqr(); - var u1 = this.x; - var u2 = p.x.redMul(z2); - var s1 = this.y; - var s2 = p.y.redMul(z2).redMul(this.z); +/** + * Comes from bitcoind's script GetSigOpCount(boolean) function + * @param {boolean} use current (true) or pre-version-0.6 (false) logic + * @returns {number} number of signature operations required by this script + */ +Script.prototype.getSignatureOperationsCount = function(accurate) { + accurate = (_.isUndefined(accurate) ? true : accurate); + var self = this; + var n = 0; + var lastOpcode = Opcode.OP_INVALIDOPCODE; + _.each(self.chunks, function getChunk(chunk) { + var opcode = chunk.opcodenum; + if (opcode == Opcode.OP_CHECKSIG || opcode == Opcode.OP_CHECKSIGVERIFY) { + n++; + } else if (opcode == Opcode.OP_CHECKMULTISIG || opcode == Opcode.OP_CHECKMULTISIGVERIFY) { + if (accurate && lastOpcode >= Opcode.OP_1 && lastOpcode <= Opcode.OP_16) { + n += self._decodeOP_N(lastOpcode); + } else { + n += 20; + } + } + lastOpcode = opcode; + }); + return n; +}; - var h = u1.redSub(u2); - var r = s1.redSub(s2); - if (h.cmpn(0) === 0) { - if (r.cmpn(0) !== 0) - return this.curve.jpoint(null, null, null); - else - return this.dbl(); - } +module.exports = Script; - var h2 = h.redSqr(); - var h3 = h2.redMul(h); - var v = u1.redMul(h2); +}).call(this,require("buffer").Buffer) +},{"../address":26,"../crypto/hash":33,"../crypto/signature":36,"../encoding/bufferreader":39,"../encoding/bufferwriter":40,"../errors":42,"../networks":47,"../opcode":48,"../publickey":50,"../util/buffer":68,"../util/js":69,"../util/preconditions":70,"buffer":158,"lodash":96}],54:[function(require,module,exports){ +module.exports = require('./transaction'); - var nx = r.redSqr().redIAdd(h3).redISub(v).redISub(v); - var ny = r.redMul(v.redISub(nx)).redISub(s1.redMul(h3)); - var nz = this.z.redMul(h); +module.exports.Input = require('./input'); +module.exports.Output = require('./output'); +module.exports.UnspentOutput = require('./unspentoutput'); +module.exports.Signature = require('./signature'); +module.exports.Sighash = require('./sighash'); - return this.curve.jpoint(nx, ny, nz); -}; +},{"./input":55,"./output":61,"./sighash":62,"./signature":63,"./transaction":64,"./unspentoutput":65}],55:[function(require,module,exports){ +module.exports = require('./input'); -JPoint.prototype.dblp = function dblp(pow) { - if (pow === 0) - return this; - if (this.isInfinity()) - return this; - if (!pow) - return this.dbl(); +module.exports.PublicKey = require('./publickey'); +module.exports.PublicKeyHash = require('./publickeyhash'); +module.exports.MultiSig = require('./multisig.js'); +module.exports.MultiSigScriptHash = require('./multisigscripthash.js'); - if (this.curve.zeroA || this.curve.threeA) { - var r = this; - for (var i = 0; i < pow; i++) - r = r.dbl(); - return r; +},{"./input":56,"./multisig.js":57,"./multisigscripthash.js":58,"./publickey":59,"./publickeyhash":60}],56:[function(require,module,exports){ +'use strict'; + +var _ = require('lodash'); +var $ = require('../../util/preconditions'); +var errors = require('../../errors'); +var BufferWriter = require('../../encoding/bufferwriter'); +var buffer = require('buffer'); +var BufferUtil = require('../../util/buffer'); +var JSUtil = require('../../util/js'); +var Script = require('../../script'); +var Sighash = require('../sighash'); +var Output = require('../output'); + +var MAXINT = 0xffffffff; // Math.pow(2, 32) - 1; +var DEFAULT_RBF_SEQNUMBER = MAXINT - 2; +var DEFAULT_SEQNUMBER = MAXINT; +var DEFAULT_LOCKTIME_SEQNUMBER = MAXINT - 1; + +function Input(params) { + if (!(this instanceof Input)) { + return new Input(params); + } + if (params) { + return this._fromObject(params); } +} - // 1M + 2S + 1A + N * (4S + 5M + 8A) - // N = 1 => 6M + 6S + 9A - var a = this.curve.a; - var tinv = this.curve.tinv; +Input.MAXINT = MAXINT; +Input.DEFAULT_SEQNUMBER = DEFAULT_SEQNUMBER; +Input.DEFAULT_LOCKTIME_SEQNUMBER = DEFAULT_LOCKTIME_SEQNUMBER; +Input.DEFAULT_RBF_SEQNUMBER = DEFAULT_RBF_SEQNUMBER; - var jx = this.x; - var jy = this.y; - var jz = this.z; - var jz4 = jz.redSqr().redSqr(); +Object.defineProperty(Input.prototype, 'script', { + configurable: false, + enumerable: true, + get: function() { + if (this.isNull()) { + return null; + } + if (!this._script) { + this._script = new Script(this._scriptBuffer); + this._script._isInput = true; + } + return this._script; + } +}); - // Reuse results - var jyd = jy.redAdd(jy); - for (var i = 0; i < pow; i++) { - var jx2 = jx.redSqr(); - var jyd2 = jyd.redSqr(); - var jyd4 = jyd2.redSqr(); - var c = jx2.redAdd(jx2).redIAdd(jx2).redIAdd(a.redMul(jz4)); +Input.fromObject = function(obj) { + $.checkArgument(_.isObject(obj)); + var input = new Input(); + return input._fromObject(obj); +}; - var t1 = jx.redMul(jyd2); - var nx = c.redSqr().redISub(t1.redAdd(t1)); - var t2 = t1.redISub(nx); - var dny = c.redMul(t2); - dny = dny.redIAdd(dny).redISub(jyd4); - var nz = jyd.redMul(jz); - if (i + 1 < pow) - jz4 = jz4.redMul(jyd4); +Input.prototype._fromObject = function(params) { + var prevTxId; + if (_.isString(params.prevTxId) && JSUtil.isHexa(params.prevTxId)) { + prevTxId = new buffer.Buffer(params.prevTxId, 'hex'); + } else { + prevTxId = params.prevTxId; + } + this.output = params.output ? + (params.output instanceof Output ? params.output : new Output(params.output)) : undefined; + this.prevTxId = prevTxId || params.txidbuf; + this.outputIndex = _.isUndefined(params.outputIndex) ? params.txoutnum : params.outputIndex; + this.sequenceNumber = _.isUndefined(params.sequenceNumber) ? + (_.isUndefined(params.seqnum) ? DEFAULT_SEQNUMBER : params.seqnum) : params.sequenceNumber; + if (_.isUndefined(params.script) && _.isUndefined(params.scriptBuffer)) { + throw new errors.Transaction.Input.MissingScript(); + } + this.setScript(params.scriptBuffer || params.script); + return this; +}; - jx = nx; - jz = nz; - jyd = dny; +Input.prototype.toObject = Input.prototype.toJSON = function toObject() { + var obj = { + prevTxId: this.prevTxId.toString('hex'), + outputIndex: this.outputIndex, + sequenceNumber: this.sequenceNumber, + script: this._scriptBuffer.toString('hex'), + }; + // add human readable form if input contains valid script + if (this.script) { + obj.scriptString = this.script.toString(); + } + if (this.output) { + obj.output = this.output.toObject(); } + return obj; +}; - return this.curve.jpoint(jx, jyd.redMul(tinv), jz); +Input.fromBufferReader = function(br) { + var input = new Input(); + input.prevTxId = br.readReverse(32); + input.outputIndex = br.readUInt32LE(); + input._scriptBuffer = br.readVarLengthBuffer(); + input.sequenceNumber = br.readUInt32LE(); + // TODO: return different classes according to which input it is + // e.g: CoinbaseInput, PublicKeyHashInput, MultiSigScriptHashInput, etc. + return input; }; -JPoint.prototype.dbl = function dbl() { - if (this.isInfinity()) - return this; +Input.prototype.toBufferWriter = function(writer) { + if (!writer) { + writer = new BufferWriter(); + } + writer.writeReverse(this.prevTxId); + writer.writeUInt32LE(this.outputIndex); + var script = this._scriptBuffer; + writer.writeVarintNum(script.length); + writer.write(script); + writer.writeUInt32LE(this.sequenceNumber); + return writer; +}; - if (this.curve.zeroA) - return this._zeroDbl(); - else if (this.curve.threeA) - return this._threeDbl(); - else - return this._dbl(); +Input.prototype.setScript = function(script) { + this._script = null; + if (script instanceof Script) { + this._script = script; + this._script._isInput = true; + this._scriptBuffer = script.toBuffer(); + } else if (JSUtil.isHexa(script)) { + // hex string script + this._scriptBuffer = new buffer.Buffer(script, 'hex'); + } else if (_.isString(script)) { + // human readable string script + this._script = new Script(script); + this._script._isInput = true; + this._scriptBuffer = this._script.toBuffer(); + } else if (BufferUtil.isBuffer(script)) { + // buffer script + this._scriptBuffer = new buffer.Buffer(script); + } else { + throw new TypeError('Invalid argument type: script'); + } + return this; }; -JPoint.prototype._zeroDbl = function _zeroDbl() { - var nx; - var ny; - var nz; - // Z = 1 - if (this.zOne) { - // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html - // #doubling-mdbl-2007-bl - // 1M + 5S + 14A +/** + * Retrieve signatures for the provided PrivateKey. + * + * @param {Transaction} transaction - the transaction to be signed + * @param {PrivateKey} privateKey - the private key to use when signing + * @param {number} inputIndex - the index of this input in the provided transaction + * @param {number} sigType - defaults to Signature.SIGHASH_ALL + * @param {Buffer} addressHash - if provided, don't calculate the hash of the + * public key associated with the private key provided + * @abstract + */ +Input.prototype.getSignatures = function() { + throw new errors.AbstractMethodInvoked( + 'Trying to sign unsupported output type (only P2PKH and P2SH multisig inputs are supported)' + + ' for input: ' + JSON.stringify(this) + ); +}; - // XX = X1^2 - var xx = this.x.redSqr(); - // YY = Y1^2 - var yy = this.y.redSqr(); - // YYYY = YY^2 - var yyyy = yy.redSqr(); - // S = 2 * ((X1 + YY)^2 - XX - YYYY) - var s = this.x.redAdd(yy).redSqr().redISub(xx).redISub(yyyy); - s = s.redIAdd(s); - // M = 3 * XX + a; a = 0 - var m = xx.redAdd(xx).redIAdd(xx); - // T = M ^ 2 - 2*S - var t = m.redSqr().redISub(s).redISub(s); +Input.prototype.isFullySigned = function() { + throw new errors.AbstractMethodInvoked('Input#isFullySigned'); +}; - // 8 * YYYY - var yyyy8 = yyyy.redIAdd(yyyy); - yyyy8 = yyyy8.redIAdd(yyyy8); - yyyy8 = yyyy8.redIAdd(yyyy8); +Input.prototype.isFinal = function() { + return this.sequenceNumber !== 4294967295; +}; - // X3 = T - nx = t; - // Y3 = M * (S - T) - 8 * YYYY - ny = m.redMul(s.redISub(t)).redISub(yyyy8); - // Z3 = 2*Y1 - nz = this.y.redAdd(this.y); - } else { - // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html - // #doubling-dbl-2009-l - // 2M + 5S + 13A +Input.prototype.addSignature = function() { + throw new errors.AbstractMethodInvoked('Input#addSignature'); +}; - // A = X1^2 - var a = this.x.redSqr(); - // B = Y1^2 - var b = this.y.redSqr(); - // C = B^2 - var c = b.redSqr(); - // D = 2 * ((X1 + B)^2 - A - C) - var d = this.x.redAdd(b).redSqr().redISub(a).redISub(c); - d = d.redIAdd(d); - // E = 3 * A - var e = a.redAdd(a).redIAdd(a); - // F = E^2 - var f = e.redSqr(); +Input.prototype.clearSignatures = function() { + throw new errors.AbstractMethodInvoked('Input#clearSignatures'); +}; - // 8 * C - var c8 = c.redIAdd(c); - c8 = c8.redIAdd(c8); - c8 = c8.redIAdd(c8); +Input.prototype.isValidSignature = function(transaction, signature) { + // FIXME: Refactor signature so this is not necessary + signature.signature.nhashtype = signature.sigtype; + return Sighash.verify( + transaction, + signature.signature, + signature.publicKey, + signature.inputIndex, + this.output.script + ); +}; - // X3 = F - 2 * D - nx = f.redISub(d).redISub(d); - // Y3 = E * (D - X3) - 8 * C - ny = e.redMul(d.redISub(nx)).redISub(c8); - // Z3 = 2 * Y1 * Z1 - nz = this.y.redMul(this.z); - nz = nz.redIAdd(nz); - } +/** + * @returns true if this is a coinbase input (represents no input) + */ +Input.prototype.isNull = function() { + return this.prevTxId.toString('hex') === '0000000000000000000000000000000000000000000000000000000000000000' && + this.outputIndex === 0xffffffff; +}; - return this.curve.jpoint(nx, ny, nz); +Input.prototype._estimateSize = function() { + return this.toBufferWriter().toBuffer().length; }; -JPoint.prototype._threeDbl = function _threeDbl() { - var nx; - var ny; - var nz; - // Z = 1 - if (this.zOne) { - // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html - // #doubling-mdbl-2007-bl - // 1M + 5S + 15A +module.exports = Input; - // XX = X1^2 - var xx = this.x.redSqr(); - // YY = Y1^2 - var yy = this.y.redSqr(); - // YYYY = YY^2 - var yyyy = yy.redSqr(); - // S = 2 * ((X1 + YY)^2 - XX - YYYY) - var s = this.x.redAdd(yy).redSqr().redISub(xx).redISub(yyyy); - s = s.redIAdd(s); - // M = 3 * XX + a - var m = xx.redAdd(xx).redIAdd(xx).redIAdd(this.curve.a); - // T = M^2 - 2 * S - var t = m.redSqr().redISub(s).redISub(s); - // X3 = T - nx = t; - // Y3 = M * (S - T) - 8 * YYYY - var yyyy8 = yyyy.redIAdd(yyyy); - yyyy8 = yyyy8.redIAdd(yyyy8); - yyyy8 = yyyy8.redIAdd(yyyy8); - ny = m.redMul(s.redISub(t)).redISub(yyyy8); - // Z3 = 2 * Y1 - nz = this.y.redAdd(this.y); - } else { - // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2001-b - // 3M + 5S - - // delta = Z1^2 - var delta = this.z.redSqr(); - // gamma = Y1^2 - var gamma = this.y.redSqr(); - // beta = X1 * gamma - var beta = this.x.redMul(gamma); - // alpha = 3 * (X1 - delta) * (X1 + delta) - var alpha = this.x.redSub(delta).redMul(this.x.redAdd(delta)); - alpha = alpha.redAdd(alpha).redIAdd(alpha); - // X3 = alpha^2 - 8 * beta - var beta4 = beta.redIAdd(beta); - beta4 = beta4.redIAdd(beta4); - var beta8 = beta4.redAdd(beta4); - nx = alpha.redSqr().redISub(beta8); - // Z3 = (Y1 + Z1)^2 - gamma - delta - nz = this.y.redAdd(this.z).redSqr().redISub(gamma).redISub(delta); - // Y3 = alpha * (4 * beta - X3) - 8 * gamma^2 - var ggamma8 = gamma.redSqr(); - ggamma8 = ggamma8.redIAdd(ggamma8); - ggamma8 = ggamma8.redIAdd(ggamma8); - ggamma8 = ggamma8.redIAdd(ggamma8); - ny = alpha.redMul(beta4.redISub(nx)).redISub(ggamma8); - } - - return this.curve.jpoint(nx, ny, nz); -}; - -JPoint.prototype._dbl = function _dbl() { - var a = this.curve.a; - - // 4M + 6S + 10A - var jx = this.x; - var jy = this.y; - var jz = this.z; - var jz4 = jz.redSqr().redSqr(); +},{"../../encoding/bufferwriter":40,"../../errors":42,"../../script":51,"../../util/buffer":68,"../../util/js":69,"../../util/preconditions":70,"../output":61,"../sighash":62,"buffer":158,"lodash":96}],57:[function(require,module,exports){ +'use strict'; - var jx2 = jx.redSqr(); - var jy2 = jy.redSqr(); +var _ = require('lodash'); +var inherits = require('inherits'); +var Transaction = require('../transaction'); +var Input = require('./input'); +var Output = require('../output'); +var $ = require('../../util/preconditions'); - var c = jx2.redAdd(jx2).redIAdd(jx2).redIAdd(a.redMul(jz4)); +var Script = require('../../script'); +var Signature = require('../../crypto/signature'); +var Sighash = require('../sighash'); +var PublicKey = require('../../publickey'); +var BufferUtil = require('../../util/buffer'); +var TransactionSignature = require('../signature'); - var jxd4 = jx.redAdd(jx); - jxd4 = jxd4.redIAdd(jxd4); - var t1 = jxd4.redMul(jy2); - var nx = c.redSqr().redISub(t1.redAdd(t1)); - var t2 = t1.redISub(nx); +/** + * @constructor + */ +function MultiSigInput(input, pubkeys, threshold, signatures) { + Input.apply(this, arguments); + var self = this; + pubkeys = pubkeys || input.publicKeys; + threshold = threshold || input.threshold; + signatures = signatures || input.signatures; + this.publicKeys = _.sortBy(pubkeys, function(publicKey) { return publicKey.toString('hex'); }); + $.checkState(Script.buildMultisigOut(this.publicKeys, threshold).equals(this.output.script), + 'Provided public keys don\'t match to the provided output script'); + this.publicKeyIndex = {}; + _.each(this.publicKeys, function(publicKey, index) { + self.publicKeyIndex[publicKey.toString()] = index; + }); + this.threshold = threshold; + // Empty array of signatures + this.signatures = signatures ? this._deserializeSignatures(signatures) : new Array(this.publicKeys.length); +} +inherits(MultiSigInput, Input); - var jyd8 = jy2.redSqr(); - jyd8 = jyd8.redIAdd(jyd8); - jyd8 = jyd8.redIAdd(jyd8); - jyd8 = jyd8.redIAdd(jyd8); - var ny = c.redMul(t2).redISub(jyd8); - var nz = jy.redAdd(jy).redMul(jz); +MultiSigInput.prototype.toObject = function() { + var obj = Input.prototype.toObject.apply(this, arguments); + obj.threshold = this.threshold; + obj.publicKeys = _.map(this.publicKeys, function(publicKey) { return publicKey.toString(); }); + obj.signatures = this._serializeSignatures(); + return obj; +}; - return this.curve.jpoint(nx, ny, nz); +MultiSigInput.prototype._deserializeSignatures = function(signatures) { + return _.map(signatures, function(signature) { + if (!signature) { + return undefined; + } + return new TransactionSignature(signature); + }); }; -JPoint.prototype.trpl = function trpl() { - if (!this.curve.zeroA) - return this.dbl().add(this); +MultiSigInput.prototype._serializeSignatures = function() { + return _.map(this.signatures, function(signature) { + if (!signature) { + return undefined; + } + return signature.toObject(); + }); +}; - // hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#tripling-tpl-2007-bl - // 5M + 10S + ... +MultiSigInput.prototype.getSignatures = function(transaction, privateKey, index, sigtype) { + $.checkState(this.output instanceof Output); + sigtype = sigtype || Signature.SIGHASH_ALL; - // XX = X1^2 - var xx = this.x.redSqr(); - // YY = Y1^2 - var yy = this.y.redSqr(); - // ZZ = Z1^2 - var zz = this.z.redSqr(); - // YYYY = YY^2 - var yyyy = yy.redSqr(); - // M = 3 * XX + a * ZZ2; a = 0 - var m = xx.redAdd(xx).redIAdd(xx); - // MM = M^2 - var mm = m.redSqr(); - // E = 6 * ((X1 + YY)^2 - XX - YYYY) - MM - var e = this.x.redAdd(yy).redSqr().redISub(xx).redISub(yyyy); - e = e.redIAdd(e); - e = e.redAdd(e).redIAdd(e); - e = e.redISub(mm); - // EE = E^2 - var ee = e.redSqr(); - // T = 16*YYYY - var t = yyyy.redIAdd(yyyy); - t = t.redIAdd(t); - t = t.redIAdd(t); - t = t.redIAdd(t); - // U = (M + E)^2 - MM - EE - T - var u = m.redIAdd(e).redSqr().redISub(mm).redISub(ee).redISub(t); - // X3 = 4 * (X1 * EE - 4 * YY * U) - var yyu4 = yy.redMul(u); - yyu4 = yyu4.redIAdd(yyu4); - yyu4 = yyu4.redIAdd(yyu4); - var nx = this.x.redMul(ee).redISub(yyu4); - nx = nx.redIAdd(nx); - nx = nx.redIAdd(nx); - // Y3 = 8 * Y1 * (U * (T - U) - E * EE) - var ny = this.y.redMul(u.redMul(t.redISub(u)).redISub(e.redMul(ee))); - ny = ny.redIAdd(ny); - ny = ny.redIAdd(ny); - ny = ny.redIAdd(ny); - // Z3 = (Z1 + E)^2 - ZZ - EE - var nz = this.z.redAdd(e).redSqr().redISub(zz).redISub(ee); + var self = this; + var results = []; + _.each(this.publicKeys, function(publicKey) { + if (publicKey.toString() === privateKey.publicKey.toString()) { + results.push(new TransactionSignature({ + publicKey: privateKey.publicKey, + prevTxId: self.prevTxId, + outputIndex: self.outputIndex, + inputIndex: index, + signature: Sighash.sign(transaction, privateKey, sigtype, index, self.output.script), + sigtype: sigtype + })); + } + }); - return this.curve.jpoint(nx, ny, nz); + return results; }; -JPoint.prototype.mul = function mul(k, kbase) { - k = new bn(k, kbase); +MultiSigInput.prototype.addSignature = function(transaction, signature) { + $.checkState(!this.isFullySigned(), 'All needed signatures have already been added'); + $.checkArgument(!_.isUndefined(this.publicKeyIndex[signature.publicKey.toString()]), + 'Signature has no matching public key'); + $.checkState(this.isValidSignature(transaction, signature)); + this.signatures[this.publicKeyIndex[signature.publicKey.toString()]] = signature; + this._updateScript(); + return this; +}; - return this.curve._wnafMul(this, k); +MultiSigInput.prototype._updateScript = function() { + this.setScript(Script.buildMultisigIn( + this.publicKeys, + this.threshold, + this._createSignatures() + )); + return this; }; -JPoint.prototype.eq = function eq(p) { - if (p.type === 'affine') - return this.eq(p.toJ()); +MultiSigInput.prototype._createSignatures = function() { + return _.map( + _.filter(this.signatures, function(signature) { return !_.isUndefined(signature); }), + function(signature) { + return BufferUtil.concat([ + signature.signature.toDER(), + BufferUtil.integerAsSingleByteBuffer(signature.sigtype) + ]); + } + ); +}; - if (this === p) - return true; +MultiSigInput.prototype.clearSignatures = function() { + this.signatures = new Array(this.publicKeys.length); + this._updateScript(); +}; - // x1 * z2^2 == x2 * z1^2 - var z2 = this.z.redSqr(); - var pz2 = p.z.redSqr(); - if (this.x.redMul(pz2).redISub(p.x.redMul(z2)).cmpn(0) !== 0) - return false; +MultiSigInput.prototype.isFullySigned = function() { + return this.countSignatures() === this.threshold; +}; - // y1 * z2^3 == y2 * z1^3 - var z3 = z2.redMul(this.z); - var pz3 = pz2.redMul(p.z); - return this.y.redMul(pz3).redISub(p.y.redMul(z3)).cmpn(0) === 0; +MultiSigInput.prototype.countMissingSignatures = function() { + return this.threshold - this.countSignatures(); }; -JPoint.prototype.inspect = function inspect() { - if (this.isInfinity()) - return ''; - return ''; +MultiSigInput.prototype.countSignatures = function() { + return _.reduce(this.signatures, function(sum, signature) { + return sum + (!!signature); + }, 0); }; -JPoint.prototype.isInfinity = function isInfinity() { - // XXX This code assumes that zero is always zero in red - return this.z.cmpn(0) === 0; +MultiSigInput.prototype.publicKeysWithoutSignature = function() { + var self = this; + return _.filter(this.publicKeys, function(publicKey) { + return !(self.signatures[self.publicKeyIndex[publicKey.toString()]]); + }); }; -},{"../../elliptic":56,"../curve":59,"bn.js":53,"inherits":77}],62:[function(require,module,exports){ -'use strict'; +MultiSigInput.prototype.isValidSignature = function(transaction, signature) { + // FIXME: Refactor signature so this is not necessary + signature.signature.nhashtype = signature.sigtype; + return Sighash.verify( + transaction, + signature.signature, + signature.publicKey, + signature.inputIndex, + this.output.script + ); +}; -var curves = exports; +/** + * + * @param {Buffer[]} signatures + * @param {PublicKey[]} publicKeys + * @param {Transaction} transaction + * @param {Integer} inputIndex + * @param {Input} input + * @returns {TransactionSignature[]} + */ +MultiSigInput.normalizeSignatures = function(transaction, input, inputIndex, signatures, publicKeys) { + return publicKeys.map(function (pubKey) { + var signatureMatch = null; + signatures = signatures.filter(function (signatureBuffer) { + if (signatureMatch) { + return true; + } -var hash = require('hash.js'); -var elliptic = require('../elliptic'); + var signature = new TransactionSignature({ + signature: Signature.fromTxFormat(signatureBuffer), + publicKey: pubKey, + prevTxId: input.prevTxId, + outputIndex: input.outputIndex, + inputIndex: inputIndex, + sigtype: Signature.SIGHASH_ALL + }); -var assert = elliptic.utils.assert; + signature.signature.nhashtype = signature.sigtype; + var isMatch = Sighash.verify( + transaction, + signature.signature, + signature.publicKey, + signature.inputIndex, + input.output.script + ); -function PresetCurve(options) { - if (options.type === 'short') - this.curve = new elliptic.curve.short(options); - else if (options.type === 'edwards') - this.curve = new elliptic.curve.edwards(options); - else - this.curve = new elliptic.curve.mont(options); - this.g = this.curve.g; - this.n = this.curve.n; - this.hash = options.hash; + if (isMatch) { + signatureMatch = signature; + return false; + } - assert(this.g.validate(), 'Invalid curve'); - assert(this.g.mul(this.n).isInfinity(), 'Invalid curve, G*N != O'); -} -curves.PresetCurve = PresetCurve; + return true; + }); -function defineCurve(name, options) { - Object.defineProperty(curves, name, { - configurable: true, - enumerable: true, - get: function() { - var curve = new PresetCurve(options); - Object.defineProperty(curves, name, { - configurable: true, - enumerable: true, - value: curve - }); - return curve; - } + return signatureMatch ? signatureMatch : null; }); -} +}; -defineCurve('p192', { - type: 'short', - prime: 'p192', - p: 'ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff', - a: 'ffffffff ffffffff ffffffff fffffffe ffffffff fffffffc', - b: '64210519 e59c80e7 0fa7e9ab 72243049 feb8deec c146b9b1', - n: 'ffffffff ffffffff ffffffff 99def836 146bc9b1 b4d22831', - hash: hash.sha256, - gRed: false, - g: [ - '188da80e b03090f6 7cbf20eb 43a18800 f4ff0afd 82ff1012', - '07192b95 ffc8da78 631011ed 6b24cdd5 73f977a1 1e794811' - ] -}); +MultiSigInput.OPCODES_SIZE = 1; // 0 +MultiSigInput.SIGNATURE_SIZE = 73; // size (1) + DER (<=72) -defineCurve('p224', { - type: 'short', - prime: 'p224', - p: 'ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001', - a: 'ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff fffffffe', - b: 'b4050a85 0c04b3ab f5413256 5044b0b7 d7bfd8ba 270b3943 2355ffb4', - n: 'ffffffff ffffffff ffffffff ffff16a2 e0b8f03e 13dd2945 5c5c2a3d', - hash: hash.sha256, - gRed: false, - g: [ - 'b70e0cbd 6bb4bf7f 321390b9 4a03c1d3 56c21122 343280d6 115c1d21', - 'bd376388 b5f723fb 4c22dfe6 cd4375a0 5a074764 44d58199 85007e34' - ] -}); +MultiSigInput.prototype._estimateSize = function() { + return MultiSigInput.OPCODES_SIZE + + this.threshold * MultiSigInput.SIGNATURE_SIZE; +}; -defineCurve('p256', { - type: 'short', - prime: null, - p: 'ffffffff 00000001 00000000 00000000 00000000 ffffffff ffffffff ffffffff', - a: 'ffffffff 00000001 00000000 00000000 00000000 ffffffff ffffffff fffffffc', - b: '5ac635d8 aa3a93e7 b3ebbd55 769886bc 651d06b0 cc53b0f6 3bce3c3e 27d2604b', - n: 'ffffffff 00000000 ffffffff ffffffff bce6faad a7179e84 f3b9cac2 fc632551', - hash: hash.sha256, - gRed: false, - g: [ - '6b17d1f2 e12c4247 f8bce6e5 63a440f2 77037d81 2deb33a0 f4a13945 d898c296', - '4fe342e2 fe1a7f9b 8ee7eb4a 7c0f9e16 2bce3357 6b315ece cbb64068 37bf51f5' - ] -}); +module.exports = MultiSigInput; -defineCurve('curve25519', { - type: 'mont', - prime: 'p25519', - p: '7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed', - a: '76d06', - b: '0', - n: '1000000000000000 0000000000000000 14def9dea2f79cd6 5812631a5cf5d3ed', - hash: hash.sha256, - gRed: false, - g: [ - '9' - ] -}); +},{"../../crypto/signature":36,"../../publickey":50,"../../script":51,"../../util/buffer":68,"../../util/preconditions":70,"../output":61,"../sighash":62,"../signature":63,"../transaction":64,"./input":56,"inherits":95,"lodash":96}],58:[function(require,module,exports){ +'use strict'; -defineCurve('ed25519', { - type: 'edwards', - prime: 'p25519', - p: '7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed', - a: '-1', - c: '1', - // -121665 * (121666^(-1)) (mod P) - d: '52036cee2b6ffe73 8cc740797779e898 00700a4d4141d8ab 75eb4dca135978a3', - n: '1000000000000000 0000000000000000 14def9dea2f79cd6 5812631a5cf5d3ed', - hash: hash.sha256, - gRed: false, - g: [ - '216936d3cd6e53fec0a4e231fdd6dc5c692cc7609525a7b2c9562d608f25d51a', +var _ = require('lodash'); +var inherits = require('inherits'); +var Input = require('./input'); +var Output = require('../output'); +var $ = require('../../util/preconditions'); - // 4/5 - '6666666666666666666666666666666666666666666666666666666666666658' - ] -}); +var Script = require('../../script'); +var Signature = require('../../crypto/signature'); +var Sighash = require('../sighash'); +var PublicKey = require('../../publickey'); +var BufferUtil = require('../../util/buffer'); +var TransactionSignature = require('../signature'); -var pre; -try { - pre = require('./precomputed/secp256k1'); -} catch (e) { - pre = undefined; +/** + * @constructor + */ +function MultiSigScriptHashInput(input, pubkeys, threshold, signatures) { + Input.apply(this, arguments); + var self = this; + pubkeys = pubkeys || input.publicKeys; + threshold = threshold || input.threshold; + signatures = signatures || input.signatures; + this.publicKeys = _.sortBy(pubkeys, function(publicKey) { return publicKey.toString('hex'); }); + this.redeemScript = Script.buildMultisigOut(this.publicKeys, threshold); + $.checkState(Script.buildScriptHashOut(this.redeemScript).equals(this.output.script), + 'Provided public keys don\'t hash to the provided output'); + this.publicKeyIndex = {}; + _.each(this.publicKeys, function(publicKey, index) { + self.publicKeyIndex[publicKey.toString()] = index; + }); + this.threshold = threshold; + // Empty array of signatures + this.signatures = signatures ? this._deserializeSignatures(signatures) : new Array(this.publicKeys.length); } +inherits(MultiSigScriptHashInput, Input); -defineCurve('secp256k1', { - type: 'short', - prime: 'k256', - p: 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f', - a: '0', - b: '7', - n: 'ffffffff ffffffff ffffffff fffffffe baaedce6 af48a03b bfd25e8c d0364141', - h: '1', - hash: hash.sha256, +MultiSigScriptHashInput.prototype.toObject = function() { + var obj = Input.prototype.toObject.apply(this, arguments); + obj.threshold = this.threshold; + obj.publicKeys = _.map(this.publicKeys, function(publicKey) { return publicKey.toString(); }); + obj.signatures = this._serializeSignatures(); + return obj; +}; - // Precomputed endomorphism - beta: '7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee', - lambda: '5363ad4cc05c30e0a5261c028812645a122e22ea20816678df02967c1b23bd72', - basis: [ - { - a: '3086d221a7d46bcde86c90e49284eb15', - b: '-e4437ed6010e88286f547fa90abfe4c3' - }, - { - a: '114ca50f7a8e2f3f657c1108d9d44cfd8', - b: '3086d221a7d46bcde86c90e49284eb15' +MultiSigScriptHashInput.prototype._deserializeSignatures = function(signatures) { + return _.map(signatures, function(signature) { + if (!signature) { + return undefined; } - ], - - gRed: false, - g: [ - '79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798', - '483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8', - pre - ] -}); + return new TransactionSignature(signature); + }); +}; -},{"../elliptic":56,"./precomputed/secp256k1":67,"hash.js":70}],63:[function(require,module,exports){ -'use strict'; +MultiSigScriptHashInput.prototype._serializeSignatures = function() { + return _.map(this.signatures, function(signature) { + if (!signature) { + return undefined; + } + return signature.toObject(); + }); +}; -var bn = require('bn.js'); -var elliptic = require('../../elliptic'); -var utils = elliptic.utils; -var assert = utils.assert; - -var KeyPair = require('./key'); -var Signature = require('./signature'); - -function EC(options) { - if (!(this instanceof EC)) - return new EC(options); - - // Shortcut `elliptic.ec(curve-name)` - if (typeof options === 'string') { - assert(elliptic.curves.hasOwnProperty(options), 'Unknown curve ' + options); - - options = elliptic.curves[options]; - } +MultiSigScriptHashInput.prototype.getSignatures = function(transaction, privateKey, index, sigtype) { + $.checkState(this.output instanceof Output); + sigtype = sigtype || Signature.SIGHASH_ALL; - // Shortcut for `elliptic.ec(elliptic.curves.curveName)` - if (options instanceof elliptic.curves.PresetCurve) - options = { curve: options }; + var self = this; + var results = []; + _.each(this.publicKeys, function(publicKey) { + if (publicKey.toString() === privateKey.publicKey.toString()) { + results.push(new TransactionSignature({ + publicKey: privateKey.publicKey, + prevTxId: self.prevTxId, + outputIndex: self.outputIndex, + inputIndex: index, + signature: Sighash.sign(transaction, privateKey, sigtype, index, self.redeemScript), + sigtype: sigtype + })); + } + }); + return results; +}; - this.curve = options.curve.curve; - this.n = this.curve.n; - this.nh = this.n.shrn(1); - this.g = this.curve.g; +MultiSigScriptHashInput.prototype.addSignature = function(transaction, signature) { + $.checkState(!this.isFullySigned(), 'All needed signatures have already been added'); + $.checkArgument(!_.isUndefined(this.publicKeyIndex[signature.publicKey.toString()]), + 'Signature has no matching public key'); + $.checkState(this.isValidSignature(transaction, signature)); + this.signatures[this.publicKeyIndex[signature.publicKey.toString()]] = signature; + this._updateScript(); + return this; +}; - // Point on curve - this.g = options.curve.g; - this.g.precompute(options.curve.n.bitLength() + 1); +MultiSigScriptHashInput.prototype._updateScript = function() { + this.setScript(Script.buildP2SHMultisigIn( + this.publicKeys, + this.threshold, + this._createSignatures(), + { cachedMultisig: this.redeemScript } + )); + return this; +}; - // Hash for function for DRBG - this.hash = options.hash || options.curve.hash; -} -module.exports = EC; +MultiSigScriptHashInput.prototype._createSignatures = function() { + return _.map( + _.filter(this.signatures, function(signature) { return !_.isUndefined(signature); }), + function(signature) { + return BufferUtil.concat([ + signature.signature.toDER(), + BufferUtil.integerAsSingleByteBuffer(signature.sigtype) + ]); + } + ); +}; -EC.prototype.keyPair = function keyPair(options) { - return new KeyPair(this, options); +MultiSigScriptHashInput.prototype.clearSignatures = function() { + this.signatures = new Array(this.publicKeys.length); + this._updateScript(); }; -EC.prototype.keyFromPrivate = function keyFromPrivate(priv, enc) { - return KeyPair.fromPrivate(this, priv, enc); +MultiSigScriptHashInput.prototype.isFullySigned = function() { + return this.countSignatures() === this.threshold; }; -EC.prototype.keyFromPublic = function keyFromPublic(pub, enc) { - return KeyPair.fromPublic(this, pub, enc); +MultiSigScriptHashInput.prototype.countMissingSignatures = function() { + return this.threshold - this.countSignatures(); }; -EC.prototype.genKeyPair = function genKeyPair(options) { - if (!options) - options = {}; +MultiSigScriptHashInput.prototype.countSignatures = function() { + return _.reduce(this.signatures, function(sum, signature) { + return sum + (!!signature); + }, 0); +}; - // Instantiate Hmac_DRBG - var drbg = new elliptic.hmacDRBG({ - hash: this.hash, - pers: options.pers, - entropy: options.entropy || elliptic.rand(this.hash.hmacStrength), - nonce: this.n.toArray() +MultiSigScriptHashInput.prototype.publicKeysWithoutSignature = function() { + var self = this; + return _.filter(this.publicKeys, function(publicKey) { + return !(self.signatures[self.publicKeyIndex[publicKey.toString()]]); }); - - var bytes = this.n.byteLength(); - var ns2 = this.n.sub(new bn(2)); - do { - var priv = new bn(drbg.generate(bytes)); - if (priv.cmp(ns2) > 0) - continue; - - priv.iaddn(1); - return this.keyFromPrivate(priv); - } while (true); }; -EC.prototype._truncateToN = function truncateToN(msg, truncOnly) { - var delta = msg.byteLength() * 8 - this.n.bitLength(); - if (delta > 0) - msg = msg.shrn(delta); - if (!truncOnly && msg.cmp(this.n) >= 0) - return msg.sub(this.n); - else - return msg; +MultiSigScriptHashInput.prototype.isValidSignature = function(transaction, signature) { + // FIXME: Refactor signature so this is not necessary + signature.signature.nhashtype = signature.sigtype; + return Sighash.verify( + transaction, + signature.signature, + signature.publicKey, + signature.inputIndex, + this.redeemScript + ); }; -EC.prototype.sign = function sign(msg, key, enc, options) { - if (typeof enc === 'object') { - options = enc; - enc = null; - } - if (!options) - options = {}; - - key = this.keyFromPrivate(key, enc); - msg = this._truncateToN(new bn(msg, 16)); - - // Zero-extend key to provide enough entropy - var bytes = this.n.byteLength(); - var bkey = key.getPrivate().toArray(); - for (var i = bkey.length; i < 21; i++) - bkey.unshift(0); +MultiSigScriptHashInput.OPCODES_SIZE = 7; // serialized size (<=3) + 0 .. N .. M OP_CHECKMULTISIG +MultiSigScriptHashInput.SIGNATURE_SIZE = 74; // size (1) + DER (<=72) + sighash (1) +MultiSigScriptHashInput.PUBKEY_SIZE = 34; // size (1) + DER (<=33) - // Zero-extend nonce to have the same byte size as N - var nonce = msg.toArray(); - for (var i = nonce.length; i < bytes; i++) - nonce.unshift(0); +MultiSigScriptHashInput.prototype._estimateSize = function() { + return MultiSigScriptHashInput.OPCODES_SIZE + + this.threshold * MultiSigScriptHashInput.SIGNATURE_SIZE + + this.publicKeys.length * MultiSigScriptHashInput.PUBKEY_SIZE; +}; - // Instantiate Hmac_DRBG - var drbg = new elliptic.hmacDRBG({ - hash: this.hash, - entropy: bkey, - nonce: nonce - }); +module.exports = MultiSigScriptHashInput; - // Number of bytes to generate - var ns1 = this.n.sub(new bn(1)); - do { - var k = new bn(drbg.generate(this.n.byteLength())); - k = this._truncateToN(k, true); - if (k.cmpn(1) <= 0 || k.cmp(ns1) >= 0) - continue; +},{"../../crypto/signature":36,"../../publickey":50,"../../script":51,"../../util/buffer":68,"../../util/preconditions":70,"../output":61,"../sighash":62,"../signature":63,"./input":56,"inherits":95,"lodash":96}],59:[function(require,module,exports){ +'use strict'; - var kp = this.g.mul(k); - if (kp.isInfinity()) - continue; +var inherits = require('inherits'); - var r = kp.getX().mod(this.n); - if (r.cmpn(0) === 0) - continue; +var $ = require('../../util/preconditions'); +var BufferUtil = require('../../util/buffer'); - var s = k.invm(this.n).mul(r.mul(key.getPrivate()).iadd(msg)).mod(this.n); - if (s.cmpn(0) === 0) - continue; +var Input = require('./input'); +var Output = require('../output'); +var Sighash = require('../sighash'); +var Script = require('../../script'); +var Signature = require('../../crypto/signature'); +var TransactionSignature = require('../signature'); - // Use complement of `s`, if it is > `n / 2` - if (options.canonical && s.cmp(this.nh) > 0) - s = this.n.sub(s); +/** + * Represents a special kind of input of PayToPublicKey kind. + * @constructor + */ +function PublicKeyInput() { + Input.apply(this, arguments); +} +inherits(PublicKeyInput, Input); - return new Signature({ r: r, s: s }); - } while (true); +/** + * @param {Transaction} transaction - the transaction to be signed + * @param {PrivateKey} privateKey - the private key with which to sign the transaction + * @param {number} index - the index of the input in the transaction input vector + * @param {number=} sigtype - the type of signature, defaults to Signature.SIGHASH_ALL + * @return {Array} of objects that can be + */ +PublicKeyInput.prototype.getSignatures = function(transaction, privateKey, index, sigtype) { + $.checkState(this.output instanceof Output); + sigtype = sigtype || Signature.SIGHASH_ALL; + var publicKey = privateKey.toPublicKey(); + if (publicKey.toString() === this.output.script.getPublicKey().toString('hex')) { + return [new TransactionSignature({ + publicKey: publicKey, + prevTxId: this.prevTxId, + outputIndex: this.outputIndex, + inputIndex: index, + signature: Sighash.sign(transaction, privateKey, sigtype, index, this.output.script), + sigtype: sigtype + })]; + } + return []; }; -EC.prototype.verify = function verify(msg, signature, key, enc) { - msg = this._truncateToN(new bn(msg, 16)); - key = this.keyFromPublic(key, enc); - signature = new Signature(signature, 'hex'); +/** + * Add the provided signature + * + * @param {Object} signature + * @param {PublicKey} signature.publicKey + * @param {Signature} signature.signature + * @param {number=} signature.sigtype + * @return {PublicKeyInput} this, for chaining + */ +PublicKeyInput.prototype.addSignature = function(transaction, signature) { + $.checkState(this.isValidSignature(transaction, signature), 'Signature is invalid'); + this.setScript(Script.buildPublicKeyIn( + signature.signature.toDER(), + signature.sigtype + )); + return this; +}; - // Perform primitive values validation - var r = signature.r; - var s = signature.s; - if (r.cmpn(1) < 0 || r.cmp(this.n) >= 0) - return false; - if (s.cmpn(1) < 0 || s.cmp(this.n) >= 0) - return false; +/** + * Clear the input's signature + * @return {PublicKeyHashInput} this, for chaining + */ +PublicKeyInput.prototype.clearSignatures = function() { + this.setScript(Script.empty()); + return this; +}; - // Validate signature - var sinv = s.invm(this.n); - var u1 = sinv.mul(msg).mod(this.n); - var u2 = sinv.mul(r).mod(this.n); +/** + * Query whether the input is signed + * @return {boolean} + */ +PublicKeyInput.prototype.isFullySigned = function() { + return this.script.isPublicKeyIn(); +}; - var p = this.g.mulAdd(u1, key.getPublic(), u2); - if (p.isInfinity()) - return false; +PublicKeyInput.SCRIPT_MAX_SIZE = 73; // sigsize (1 + 72) - return p.getX().mod(this.n).cmp(r) === 0; +PublicKeyInput.prototype._estimateSize = function() { + return PublicKeyInput.SCRIPT_MAX_SIZE; }; -},{"../../elliptic":56,"./key":64,"./signature":65,"bn.js":53}],64:[function(require,module,exports){ +module.exports = PublicKeyInput; + +},{"../../crypto/signature":36,"../../script":51,"../../util/buffer":68,"../../util/preconditions":70,"../output":61,"../sighash":62,"../signature":63,"./input":56,"inherits":95}],60:[function(require,module,exports){ 'use strict'; -var bn = require('bn.js'); +var inherits = require('inherits'); -var elliptic = require('../../elliptic'); -var utils = elliptic.utils; +var $ = require('../../util/preconditions'); +var BufferUtil = require('../../util/buffer'); -function KeyPair(ec, options) { - this.ec = ec; - this.priv = null; - this.pub = null; +var Hash = require('../../crypto/hash'); +var Input = require('./input'); +var Output = require('../output'); +var Sighash = require('../sighash'); +var Script = require('../../script'); +var Signature = require('../../crypto/signature'); +var TransactionSignature = require('../signature'); - // KeyPair(ec, { priv: ..., pub: ... }) - if (options.priv) - this._importPrivate(options.priv, options.privEnc); - if (options.pub) - this._importPublic(options.pub, options.pubEnc); +/** + * Represents a special kind of input of PayToPublicKeyHash kind. + * @constructor + */ +function PublicKeyHashInput() { + Input.apply(this, arguments); } -module.exports = KeyPair; +inherits(PublicKeyHashInput, Input); -KeyPair.fromPublic = function fromPublic(ec, pub, enc) { - if (pub instanceof KeyPair) - return pub; +/* jshint maxparams: 5 */ +/** + * @param {Transaction} transaction - the transaction to be signed + * @param {PrivateKey} privateKey - the private key with which to sign the transaction + * @param {number} index - the index of the input in the transaction input vector + * @param {number=} sigtype - the type of signature, defaults to Signature.SIGHASH_ALL + * @param {Buffer=} hashData - the precalculated hash of the public key associated with the privateKey provided + * @return {Array} of objects that can be + */ +PublicKeyHashInput.prototype.getSignatures = function(transaction, privateKey, index, sigtype, hashData) { + $.checkState(this.output instanceof Output); + hashData = hashData || Hash.sha256ripemd160(privateKey.publicKey.toBuffer()); + sigtype = sigtype || Signature.SIGHASH_ALL; - return new KeyPair(ec, { - pub: pub, - pubEnc: enc - }); + if (BufferUtil.equals(hashData, this.output.script.getPublicKeyHash())) { + return [new TransactionSignature({ + publicKey: privateKey.publicKey, + prevTxId: this.prevTxId, + outputIndex: this.outputIndex, + inputIndex: index, + signature: Sighash.sign(transaction, privateKey, sigtype, index, this.output.script), + sigtype: sigtype + })]; + } + return []; }; +/* jshint maxparams: 3 */ -KeyPair.fromPrivate = function fromPrivate(ec, priv, enc) { - if (priv instanceof KeyPair) - return priv; +/** + * Add the provided signature + * + * @param {Object} signature + * @param {PublicKey} signature.publicKey + * @param {Signature} signature.signature + * @param {number=} signature.sigtype + * @return {PublicKeyHashInput} this, for chaining + */ +PublicKeyHashInput.prototype.addSignature = function(transaction, signature) { + $.checkState(this.isValidSignature(transaction, signature), 'Signature is invalid'); + this.setScript(Script.buildPublicKeyHashIn( + signature.publicKey, + signature.signature.toDER(), + signature.sigtype + )); + return this; +}; - return new KeyPair(ec, { - priv: priv, - privEnc: enc - }); +/** + * Clear the input's signature + * @return {PublicKeyHashInput} this, for chaining + */ +PublicKeyHashInput.prototype.clearSignatures = function() { + this.setScript(Script.empty()); + return this; }; -KeyPair.prototype.validate = function validate() { - var pub = this.getPublic(); +/** + * Query whether the input is signed + * @return {boolean} + */ +PublicKeyHashInput.prototype.isFullySigned = function() { + return this.script.isPublicKeyHashIn(); +}; - if (pub.isInfinity()) - return { result: false, reason: 'Invalid public key' }; - if (!pub.validate()) - return { result: false, reason: 'Public key is not a point' }; - if (!pub.mul(this.ec.curve.n).isInfinity()) - return { result: false, reason: 'Public key * N != O' }; +PublicKeyHashInput.SCRIPT_MAX_SIZE = 73 + 34; // sigsize (1 + 72) + pubkey (1 + 33) - return { result: true, reason: null }; +PublicKeyHashInput.prototype._estimateSize = function() { + return PublicKeyHashInput.SCRIPT_MAX_SIZE; }; -KeyPair.prototype.getPublic = function getPublic(compact, enc) { - if (!this.pub) - this.pub = this.ec.g.mul(this.priv); - - // compact is optional argument - if (typeof compact === 'string') { - enc = compact; - compact = null; - } +module.exports = PublicKeyHashInput; - if (!enc) - return this.pub; +},{"../../crypto/hash":33,"../../crypto/signature":36,"../../script":51,"../../util/buffer":68,"../../util/preconditions":70,"../output":61,"../sighash":62,"../signature":63,"./input":56,"inherits":95}],61:[function(require,module,exports){ +'use strict'; - var len = this.ec.curve.p.byteLength(); - var x = this.pub.getX().toArray(); +var _ = require('lodash'); +var BN = require('../crypto/bn'); +var buffer = require('buffer'); +var bufferUtil = require('../util/buffer'); +var JSUtil = require('../util/js'); +var BufferWriter = require('../encoding/bufferwriter'); +var Script = require('../script'); +var $ = require('../util/preconditions'); +var errors = require('../errors'); - for (var i = x.length; i < len; i++) - x.unshift(0); +var MAX_SAFE_INTEGER = 0x1fffffffffffff; - var res; - if (this.ec.curve.type !== 'mont') { - if (compact) { - res = [ this.pub.getY().isEven() ? 0x02 : 0x03 ].concat(x); +function Output(args) { + if (!(this instanceof Output)) { + return new Output(args); + } + if (_.isObject(args)) { + this.satoshis = args.satoshis; + if (bufferUtil.isBuffer(args.script)) { + this._scriptBuffer = args.script; } else { - var y = this.pub.getY().toArray(); - for (var i = y.length; i < len; i++) - y.unshift(0); - var res = [ 0x04 ].concat(x, y); + var script; + if (_.isString(args.script) && JSUtil.isHexa(args.script)) { + script = new buffer.Buffer(args.script, 'hex'); + } else { + script = args.script; + } + this.setScript(script); } } else { - res = x; - } - - return utils.encode(res, enc); -}; - -KeyPair.prototype.getPrivate = function getPrivate(enc) { - if (enc === 'hex') - return this.priv.toString(16, 2); - else - return this.priv; -}; - -KeyPair.prototype._importPrivate = function _importPrivate(key, enc) { - this.priv = new bn(key, enc || 16); - - // Ensure that the priv won't be bigger than n, otherwise we may fail - // in fixed multiplication method - this.priv = this.priv.mod(this.ec.curve.n); -}; - -KeyPair.prototype._importPublic = function _importPublic(key, enc) { - if (key.x || key.y) { - this.pub = this.ec.curve.point(key.x, key.y); - return; + throw new TypeError('Unrecognized argument for Output'); } +} - key = utils.toArray(key, enc); - if (this.ec.curve.type !== 'mont') - return this._importPublicShort(key); - else - return this._importPublicMont(key); -}; +Object.defineProperty(Output.prototype, 'script', { + configurable: false, + enumerable: true, + get: function() { + if (this._script) { + return this._script; + } else { + this.setScriptFromBuffer(this._scriptBuffer); + return this._script; + } -KeyPair.prototype._importPublicShort = function _importPublicShort(key) { - var len = this.ec.curve.p.byteLength(); - if (key[0] === 0x04 && key.length - 1 === 2 * len) { - this.pub = this.ec.curve.point( - key.slice(1, 1 + len), - key.slice(1 + len, 1 + 2 * len)); - } else if ((key[0] === 0x02 || key[0] === 0x03) && key.length - 1 === len) { - this.pub = this.ec.curve.pointFromX(key[0] === 0x03, key.slice(1, 1 + len)); } -}; - -KeyPair.prototype._importPublicMont = function _importPublicMont(key) { - this.pub = this.ec.curve.point(key, 1); -}; +}); -// ECDH -KeyPair.prototype.derive = function derive(pub) { - return pub.mul(this.priv).getX(); +Object.defineProperty(Output.prototype, 'satoshis', { + configurable: false, + enumerable: true, + get: function() { + return this._satoshis; + }, + set: function(num) { + if (num instanceof BN) { + this._satoshisBN = num; + this._satoshis = num.toNumber(); + } else if (_.isString(num)) { + this._satoshis = parseInt(num); + this._satoshisBN = BN.fromNumber(this._satoshis); + } else { + $.checkArgument( + JSUtil.isNaturalNumber(num), + 'Output satoshis is not a natural number' + ); + this._satoshisBN = BN.fromNumber(num); + this._satoshis = num; + } + $.checkState( + JSUtil.isNaturalNumber(this._satoshis), + 'Output satoshis is not a natural number' + ); + } +}); + +Output.prototype.invalidSatoshis = function() { + if (this._satoshis > MAX_SAFE_INTEGER) { + return 'transaction txout satoshis greater than max safe integer'; + } + if (this._satoshis !== this._satoshisBN.toNumber()) { + return 'transaction txout satoshis has corrupted value'; + } + if (this._satoshis < 0) { + return 'transaction txout negative'; + } + return false; }; -// ECDSA -KeyPair.prototype.sign = function sign(msg) { - return this.ec.sign(msg, this); +Output.prototype.toObject = Output.prototype.toJSON = function toObject() { + var obj = { + satoshis: this.satoshis + }; + obj.script = this._scriptBuffer.toString('hex'); + return obj; }; -KeyPair.prototype.verify = function verify(msg, signature) { - return this.ec.verify(msg, signature, this); +Output.fromObject = function(data) { + return new Output(data); }; -KeyPair.prototype.inspect = function inspect() { - return ''; +Output.prototype.setScriptFromBuffer = function(buffer) { + this._scriptBuffer = buffer; + try { + this._script = Script.fromBuffer(this._scriptBuffer); + this._script._isOutput = true; + } catch(e) { + if (e instanceof errors.Script.InvalidBuffer) { + this._script = null; + } else { + throw e; + } + } +}; + +Output.prototype.setScript = function(script) { + if (script instanceof Script) { + this._scriptBuffer = script.toBuffer(); + this._script = script; + this._script._isOutput = true; + } else if (_.isString(script)) { + this._script = Script.fromString(script); + this._scriptBuffer = this._script.toBuffer(); + this._script._isOutput = true; + } else if (bufferUtil.isBuffer(script)) { + this.setScriptFromBuffer(script); + } else { + throw new TypeError('Invalid argument type: script'); + } + return this; +}; + +Output.prototype.inspect = function() { + var scriptStr; + if (this.script) { + scriptStr = this.script.inspect(); + } else { + scriptStr = this._scriptBuffer.toString('hex'); + } + return ''; }; -},{"../../elliptic":56,"bn.js":53}],65:[function(require,module,exports){ +Output.fromBufferReader = function(br) { + var obj = {}; + obj.satoshis = br.readUInt64LEBN(); + var size = br.readVarintNum(); + if (size !== 0) { + obj.script = br.read(size); + } else { + obj.script = new buffer.Buffer([]); + } + return new Output(obj); +}; + +Output.prototype.toBufferWriter = function(writer) { + if (!writer) { + writer = new BufferWriter(); + } + writer.writeUInt64LEBN(this._satoshisBN); + var script = this._scriptBuffer; + writer.writeVarintNum(script.length); + writer.write(script); + return writer; +}; + +module.exports = Output; + +},{"../crypto/bn":31,"../encoding/bufferwriter":40,"../errors":42,"../script":51,"../util/buffer":68,"../util/js":69,"../util/preconditions":70,"buffer":158,"lodash":96}],62:[function(require,module,exports){ +(function (Buffer){ 'use strict'; -var bn = require('bn.js'); +var buffer = require('buffer'); -var elliptic = require('../../elliptic'); -var utils = elliptic.utils; -var assert = utils.assert; +var Signature = require('../crypto/signature'); +var Script = require('../script'); +var Output = require('./output'); +var BufferReader = require('../encoding/bufferreader'); +var BufferWriter = require('../encoding/bufferwriter'); +var BN = require('../crypto/bn'); +var Hash = require('../crypto/hash'); +var ECDSA = require('../crypto/ecdsa'); +var $ = require('../util/preconditions'); +var _ = require('lodash'); -function Signature(options, enc) { - if (options instanceof Signature) - return options; +var SIGHASH_SINGLE_BUG = '0000000000000000000000000000000000000000000000000000000000000001'; +var BITS_64_ON = 'ffffffffffffffff'; - if (this._importDER(options, enc)) - return; +/** + * Returns a buffer of length 32 bytes with the hash that needs to be signed + * for OP_CHECKSIG. + * + * @name Signing.sighash + * @param {Transaction} transaction the transaction to sign + * @param {number} sighashType the type of the hash + * @param {number} inputNumber the input index for the signature + * @param {Script} subscript the script that will be signed + */ +var sighash = function sighash(transaction, sighashType, inputNumber, subscript) { + var Transaction = require('./transaction'); + var Input = require('./input'); - assert(options.r && options.s, 'Signature without r or s'); - this.r = new bn(options.r, 16); - this.s = new bn(options.s, 16); -} -module.exports = Signature; + var i; + // Copy transaction + var txcopy = Transaction.shallowCopy(transaction); -Signature.prototype._importDER = function _importDER(data, enc) { - data = utils.toArray(data, enc); - if (data.length < 6 || data[0] !== 0x30 || data[2] !== 0x02) - return false; - var total = data[1]; - if (1 + total > data.length) - return false; - var rlen = data[3]; - // Short length notation - if (rlen >= 0x80) - return false; - if (4 + rlen + 2 >= data.length) - return false; - if (data[4 + rlen] !== 0x02) - return false; - var slen = data[5 + rlen]; - // Short length notation - if (slen >= 0x80) - return false; - if (4 + rlen + 2 + slen > data.length) - return false; + // Copy script + subscript = new Script(subscript); + subscript.removeCodeseparators(); - this.r = new bn(data.slice(4, 4 + rlen)); - this.s = new bn(data.slice(4 + rlen + 2, 4 + rlen + 2 + slen)); + for (i = 0; i < txcopy.inputs.length; i++) { + // Blank signatures for other inputs + txcopy.inputs[i] = new Input(txcopy.inputs[i]).setScript(Script.empty()); + } - return true; -}; + txcopy.inputs[inputNumber] = new Input(txcopy.inputs[inputNumber]).setScript(subscript); -Signature.prototype.toDER = function toDER(enc) { - var r = this.r.toArray(); - var s = this.s.toArray(); + if ((sighashType & 31) === Signature.SIGHASH_NONE || + (sighashType & 31) === Signature.SIGHASH_SINGLE) { - // Pad values - if (r[0] & 0x80) - r = [ 0 ].concat(r); - // Pad values - if (s[0] & 0x80) - s = [ 0 ].concat(s); + // clear all sequenceNumbers + for (i = 0; i < txcopy.inputs.length; i++) { + if (i !== inputNumber) { + txcopy.inputs[i].sequenceNumber = 0; + } + } + } - var total = r.length + s.length + 4; - var res = [ 0x30, total, 0x02, r.length ]; - res = res.concat(r, [ 0x02, s.length ], s); - return utils.encode(res, enc); -}; + if ((sighashType & 31) === Signature.SIGHASH_NONE) { + txcopy.outputs = []; -},{"../../elliptic":56,"bn.js":53}],66:[function(require,module,exports){ -'use strict'; + } else if ((sighashType & 31) === Signature.SIGHASH_SINGLE) { + // The SIGHASH_SINGLE bug. + // https://bitcointalk.org/index.php?topic=260595.0 + if (inputNumber >= txcopy.outputs.length) { + return new Buffer(SIGHASH_SINGLE_BUG, 'hex'); + } -var hash = require('hash.js'); -var elliptic = require('../elliptic'); -var utils = elliptic.utils; -var assert = utils.assert; + txcopy.outputs.length = inputNumber + 1; -function HmacDRBG(options) { - if (!(this instanceof HmacDRBG)) - return new HmacDRBG(options); - this.hash = options.hash; - this.predResist = !!options.predResist; + for (i = 0; i < inputNumber; i++) { + txcopy.outputs[i] = new Output({ + satoshis: BN.fromBuffer(new buffer.Buffer(BITS_64_ON, 'hex')), + script: Script.empty() + }); + } + } - this.outLen = this.hash.outSize; - this.minEntropy = options.minEntropy || this.hash.hmacStrength; + if (sighashType & Signature.SIGHASH_ANYONECANPAY) { + txcopy.inputs = [txcopy.inputs[inputNumber]]; + } - this.reseed = null; - this.reseedInterval = null; - this.K = null; - this.V = null; + var buf = new BufferWriter() + .write(txcopy.toBuffer()) + .writeInt32LE(sighashType) + .toBuffer(); + var ret = Hash.sha256sha256(buf); + ret = new BufferReader(ret).readReverse(); + return ret; +}; - var entropy = utils.toArray(options.entropy, options.entropyEnc); - var nonce = utils.toArray(options.nonce, options.nonceEnc); - var pers = utils.toArray(options.pers, options.persEnc); - assert(entropy.length >= (this.minEntropy / 8), - 'Not enough entropy. Minimum is: ' + this.minEntropy + ' bits'); - this._init(entropy, nonce, pers); +/** + * Create a signature + * + * @name Signing.sign + * @param {Transaction} transaction + * @param {PrivateKey} privateKey + * @param {number} sighash + * @param {number} inputIndex + * @param {Script} subscript + * @return {Signature} + */ +function sign(transaction, privateKey, sighashType, inputIndex, subscript) { + var hashbuf = sighash(transaction, sighashType, inputIndex, subscript); + var sig = ECDSA.sign(hashbuf, privateKey, 'little').set({ + nhashtype: sighashType + }); + return sig; } -module.exports = HmacDRBG; -HmacDRBG.prototype._init = function init(entropy, nonce, pers) { - var seed = entropy.concat(nonce).concat(pers); +/** + * Verify a signature + * + * @name Signing.verify + * @param {Transaction} transaction + * @param {Signature} signature + * @param {PublicKey} publicKey + * @param {number} inputIndex + * @param {Script} subscript + * @return {boolean} + */ +function verify(transaction, signature, publicKey, inputIndex, subscript) { + $.checkArgument(!_.isUndefined(transaction)); + $.checkArgument(!_.isUndefined(signature) && !_.isUndefined(signature.nhashtype)); + var hashbuf = sighash(transaction, signature.nhashtype, inputIndex, subscript); + return ECDSA.verify(hashbuf, signature, publicKey, 'little'); +} - this.K = new Array(this.outLen / 8); - this.V = new Array(this.outLen / 8); - for (var i = 0; i < this.V.length; i++) { - this.K[i] = 0x00; - this.V[i] = 0x01; +/** + * @namespace Signing + */ +module.exports = { + sighash: sighash, + sign: sign, + verify: verify +}; + +}).call(this,require("buffer").Buffer) +},{"../crypto/bn":31,"../crypto/ecdsa":32,"../crypto/hash":33,"../crypto/signature":36,"../encoding/bufferreader":39,"../encoding/bufferwriter":40,"../script":51,"../util/preconditions":70,"./input":55,"./output":61,"./transaction":64,"buffer":158,"lodash":96}],63:[function(require,module,exports){ +(function (Buffer){ +'use strict'; + +var _ = require('lodash'); +var $ = require('../util/preconditions'); +var inherits = require('inherits'); +var BufferUtil = require('../util/buffer'); +var JSUtil = require('../util/js'); + +var PublicKey = require('../publickey'); +var errors = require('../errors'); +var Signature = require('../crypto/signature'); + +/** + * @desc + * Wrapper around Signature with fields related to signing a transaction specifically + * + * @param {Object|string|TransactionSignature} arg + * @constructor + */ +function TransactionSignature(arg) { + if (!(this instanceof TransactionSignature)) { + return new TransactionSignature(arg); + } + if (arg instanceof TransactionSignature) { + return arg; } + if (_.isObject(arg)) { + return this._fromObject(arg); + } + throw new errors.InvalidArgument('TransactionSignatures must be instantiated from an object'); +} +inherits(TransactionSignature, Signature); - this._update(seed); - this.reseed = 1; - this.reseedInterval = 0x1000000000000; // 2^48 +TransactionSignature.prototype._fromObject = function(arg) { + this._checkObjectArgs(arg); + this.publicKey = new PublicKey(arg.publicKey); + this.prevTxId = BufferUtil.isBuffer(arg.prevTxId) ? arg.prevTxId : new Buffer(arg.prevTxId, 'hex'); + this.outputIndex = arg.outputIndex; + this.inputIndex = arg.inputIndex; + this.signature = (arg.signature instanceof Signature) ? arg.signature : + BufferUtil.isBuffer(arg.signature) ? Signature.fromBuffer(arg.signature) : + Signature.fromString(arg.signature); + this.sigtype = arg.sigtype; + return this; }; -HmacDRBG.prototype._hmac = function hmac() { - return new hash.hmac(this.hash, this.K); +TransactionSignature.prototype._checkObjectArgs = function(arg) { + $.checkArgument(PublicKey(arg.publicKey), 'publicKey'); + $.checkArgument(!_.isUndefined(arg.inputIndex), 'inputIndex'); + $.checkArgument(!_.isUndefined(arg.outputIndex), 'outputIndex'); + $.checkState(_.isNumber(arg.inputIndex), 'inputIndex must be a number'); + $.checkState(_.isNumber(arg.outputIndex), 'outputIndex must be a number'); + $.checkArgument(arg.signature, 'signature'); + $.checkArgument(arg.prevTxId, 'prevTxId'); + $.checkState(arg.signature instanceof Signature || + BufferUtil.isBuffer(arg.signature) || + JSUtil.isHexa(arg.signature), 'signature must be a buffer or hexa value'); + $.checkState(BufferUtil.isBuffer(arg.prevTxId) || + JSUtil.isHexa(arg.prevTxId), 'prevTxId must be a buffer or hexa value'); + $.checkArgument(arg.sigtype, 'sigtype'); + $.checkState(_.isNumber(arg.sigtype), 'sigtype must be a number'); }; -HmacDRBG.prototype._update = function update(seed) { - var kmac = this._hmac() - .update(this.V) - .update([ 0x00 ]); - if (seed) - kmac = kmac.update(seed); - this.K = kmac.digest(); - this.V = this._hmac().update(this.V).digest(); - if (!seed) - return; +/** + * Serializes a transaction to a plain JS object + * @return {Object} + */ +TransactionSignature.prototype.toObject = TransactionSignature.prototype.toJSON = function toObject() { + return { + publicKey: this.publicKey.toString(), + prevTxId: this.prevTxId.toString('hex'), + outputIndex: this.outputIndex, + inputIndex: this.inputIndex, + signature: this.signature.toString(), + sigtype: this.sigtype + }; +}; - this.K = this._hmac() - .update(this.V) - .update([ 0x01 ]) - .update(seed) - .digest(); - this.V = this._hmac().update(this.V).digest(); +/** + * Builds a TransactionSignature from an object + * @param {Object} object + * @return {TransactionSignature} + */ +TransactionSignature.fromObject = function(object) { + $.checkArgument(object); + return new TransactionSignature(object); }; -HmacDRBG.prototype.reseed = function reseed(entropy, entropyEnc, add, addEnc) { - // Optional entropy enc - if (typeof entropyEnc !== 'string') { - addEnc = add; - add = entropyEnc; - entropyEnc = null; - } +module.exports = TransactionSignature; - entropy = utils.toBuffer(entropy, entropyEnc); - add = utils.toBuffer(add, addEnc); +}).call(this,require("buffer").Buffer) +},{"../crypto/signature":36,"../errors":42,"../publickey":50,"../util/buffer":68,"../util/js":69,"../util/preconditions":70,"buffer":158,"inherits":95,"lodash":96}],64:[function(require,module,exports){ +(function (Buffer){ +'use strict'; - assert(entropy.length >= (this.minEntropy / 8), - 'Not enough entropy. Minimum is: ' + this.minEntropy + ' bits'); +var _ = require('lodash'); +var $ = require('../util/preconditions'); +var buffer = require('buffer'); +var compare = Buffer.compare || require('buffer-compare'); - this._update(entropy.concat(add || [])); - this.reseed = 1; -}; +var errors = require('../errors'); +var BufferUtil = require('../util/buffer'); +var JSUtil = require('../util/js'); +var BufferReader = require('../encoding/bufferreader'); +var BufferWriter = require('../encoding/bufferwriter'); +var Hash = require('../crypto/hash'); +var Signature = require('../crypto/signature'); +var Sighash = require('./sighash'); -HmacDRBG.prototype.generate = function generate(len, enc, add, addEnc) { - if (this.reseed > this.reseedInterval) - throw new Error('Reseed is required'); +var Address = require('../address'); +var UnspentOutput = require('./unspentoutput'); +var Input = require('./input'); +var PublicKeyHashInput = Input.PublicKeyHash; +var PublicKeyInput = Input.PublicKey; +var MultiSigScriptHashInput = Input.MultiSigScriptHash; +var MultiSigInput = Input.MultiSig; +var Output = require('./output'); +var Script = require('../script'); +var PrivateKey = require('../privatekey'); +var BN = require('../crypto/bn'); - // Optional encoding - if (typeof enc !== 'string') { - addEnc = add; - add = enc; - enc = null; +/** + * Represents a transaction, a set of inputs and outputs to change ownership of tokens + * + * @param {*} serialized + * @constructor + */ +function Transaction(serialized) { + if (!(this instanceof Transaction)) { + return new Transaction(serialized); } + this.inputs = []; + this.outputs = []; + this._inputAmount = undefined; + this._outputAmount = undefined; - // Optional additional data - if (add) { - add = utils.toArray(add, addEnc); - this._update(add); + if (serialized) { + if (serialized instanceof Transaction) { + return Transaction.shallowCopy(serialized); + } else if (JSUtil.isHexa(serialized)) { + this.fromString(serialized); + } else if (BufferUtil.isBuffer(serialized)) { + this.fromBuffer(serialized); + } else if (_.isObject(serialized)) { + this.fromObject(serialized); + } else { + throw new errors.InvalidArgument('Must provide an object or string to deserialize a transaction'); + } + } else { + this._newTransaction(); } +} - var temp = []; - while (temp.length < len) { - this.V = this._hmac().update(this.V).digest(); - temp = temp.concat(this.V); - } +var CURRENT_VERSION = 1; +var DEFAULT_NLOCKTIME = 0; +var MAX_BLOCK_SIZE = 1000000; - var res = temp.slice(0, len); - this._update(add); - this.reseed++; - return utils.encode(res, enc); +// Minimum amount for an output for it not to be considered a dust output +Transaction.DUST_AMOUNT = 546; + +// Margin of error to allow fees in the vecinity of the expected value but doesn't allow a big difference +Transaction.FEE_SECURITY_MARGIN = 15; + +// max amount of satoshis in circulation +Transaction.MAX_MONEY = 21000000 * 1e8; + +// nlocktime limit to be considered block height rather than a timestamp +Transaction.NLOCKTIME_BLOCKHEIGHT_LIMIT = 5e8; + +// Max value for an unsigned 32 bit value +Transaction.NLOCKTIME_MAX_VALUE = 4294967295; + +// Value used for fee estimation (satoshis per kilobyte) +Transaction.FEE_PER_KB = 10000; + +// Safe upper bound for change address script size in bytes +Transaction.CHANGE_OUTPUT_MAX_SIZE = 20 + 4 + 34 + 4; +Transaction.MAXIMUM_EXTRA_SIZE = 4 + 9 + 9 + 4; + +/* Constructors and Serialization */ + +/** + * Create a 'shallow' copy of the transaction, by serializing and deserializing + * it dropping any additional information that inputs and outputs may have hold + * + * @param {Transaction} transaction + * @return {Transaction} + */ +Transaction.shallowCopy = function(transaction) { + var copy = new Transaction(transaction.toBuffer()); + return copy; }; -},{"../elliptic":56,"hash.js":70}],67:[function(require,module,exports){ -module.exports = { - doubles: { - step: 4, - points: [ - [ - 'e60fce93b59e9ec53011aabc21c23e97b2a31369b87a5ae9c44ee89e2a6dec0a', - 'f7e3507399e595929db99f34f57937101296891e44d23f0be1f32cce69616821' - ], - [ - '8282263212c609d9ea2a6e3e172de238d8c39cabd5ac1ca10646e23fd5f51508', - '11f8a8098557dfe45e8256e830b60ace62d613ac2f7b17bed31b6eaff6e26caf' - ], - [ - '175e159f728b865a72f99cc6c6fc846de0b93833fd2222ed73fce5b551e5b739', - 'd3506e0d9e3c79eba4ef97a51ff71f5eacb5955add24345c6efa6ffee9fed695' - ], - [ - '363d90d447b00c9c99ceac05b6262ee053441c7e55552ffe526bad8f83ff4640', - '4e273adfc732221953b445397f3363145b9a89008199ecb62003c7f3bee9de9' - ], - [ - '8b4b5f165df3c2be8c6244b5b745638843e4a781a15bcd1b69f79a55dffdf80c', - '4aad0a6f68d308b4b3fbd7813ab0da04f9e336546162ee56b3eff0c65fd4fd36' - ], - [ - '723cbaa6e5db996d6bf771c00bd548c7b700dbffa6c0e77bcb6115925232fcda', - '96e867b5595cc498a921137488824d6e2660a0653779494801dc069d9eb39f5f' - ], - [ - 'eebfa4d493bebf98ba5feec812c2d3b50947961237a919839a533eca0e7dd7fa', - '5d9a8ca3970ef0f269ee7edaf178089d9ae4cdc3a711f712ddfd4fdae1de8999' - ], - [ - '100f44da696e71672791d0a09b7bde459f1215a29b3c03bfefd7835b39a48db0', - 'cdd9e13192a00b772ec8f3300c090666b7ff4a18ff5195ac0fbd5cd62bc65a09' - ], - [ - 'e1031be262c7ed1b1dc9227a4a04c017a77f8d4464f3b3852c8acde6e534fd2d', - '9d7061928940405e6bb6a4176597535af292dd419e1ced79a44f18f29456a00d' - ], - [ - 'feea6cae46d55b530ac2839f143bd7ec5cf8b266a41d6af52d5e688d9094696d', - 'e57c6b6c97dce1bab06e4e12bf3ecd5c981c8957cc41442d3155debf18090088' - ], - [ - 'da67a91d91049cdcb367be4be6ffca3cfeed657d808583de33fa978bc1ec6cb1', - '9bacaa35481642bc41f463f7ec9780e5dec7adc508f740a17e9ea8e27a68be1d' - ], - [ - '53904faa0b334cdda6e000935ef22151ec08d0f7bb11069f57545ccc1a37b7c0', - '5bc087d0bc80106d88c9eccac20d3c1c13999981e14434699dcb096b022771c8' - ], - [ - '8e7bcd0bd35983a7719cca7764ca906779b53a043a9b8bcaeff959f43ad86047', - '10b7770b2a3da4b3940310420ca9514579e88e2e47fd68b3ea10047e8460372a' - ], - [ - '385eed34c1cdff21e6d0818689b81bde71a7f4f18397e6690a841e1599c43862', - '283bebc3e8ea23f56701de19e9ebf4576b304eec2086dc8cc0458fe5542e5453' - ], - [ - '6f9d9b803ecf191637c73a4413dfa180fddf84a5947fbc9c606ed86c3fac3a7', - '7c80c68e603059ba69b8e2a30e45c4d47ea4dd2f5c281002d86890603a842160' - ], - [ - '3322d401243c4e2582a2147c104d6ecbf774d163db0f5e5313b7e0e742d0e6bd', - '56e70797e9664ef5bfb019bc4ddaf9b72805f63ea2873af624f3a2e96c28b2a0' - ], - [ - '85672c7d2de0b7da2bd1770d89665868741b3f9af7643397721d74d28134ab83', - '7c481b9b5b43b2eb6374049bfa62c2e5e77f17fcc5298f44c8e3094f790313a6' - ], - [ - '948bf809b1988a46b06c9f1919413b10f9226c60f668832ffd959af60c82a0a', - '53a562856dcb6646dc6b74c5d1c3418c6d4dff08c97cd2bed4cb7f88d8c8e589' - ], - [ - '6260ce7f461801c34f067ce0f02873a8f1b0e44dfc69752accecd819f38fd8e8', - 'bc2da82b6fa5b571a7f09049776a1ef7ecd292238051c198c1a84e95b2b4ae17' - ], - [ - 'e5037de0afc1d8d43d8348414bbf4103043ec8f575bfdc432953cc8d2037fa2d', - '4571534baa94d3b5f9f98d09fb990bddbd5f5b03ec481f10e0e5dc841d755bda' - ], - [ - 'e06372b0f4a207adf5ea905e8f1771b4e7e8dbd1c6a6c5b725866a0ae4fce725', - '7a908974bce18cfe12a27bb2ad5a488cd7484a7787104870b27034f94eee31dd' - ], - [ - '213c7a715cd5d45358d0bbf9dc0ce02204b10bdde2a3f58540ad6908d0559754', - '4b6dad0b5ae462507013ad06245ba190bb4850f5f36a7eeddff2c27534b458f2' - ], - [ - '4e7c272a7af4b34e8dbb9352a5419a87e2838c70adc62cddf0cc3a3b08fbd53c', - '17749c766c9d0b18e16fd09f6def681b530b9614bff7dd33e0b3941817dcaae6' - ], - [ - 'fea74e3dbe778b1b10f238ad61686aa5c76e3db2be43057632427e2840fb27b6', - '6e0568db9b0b13297cf674deccb6af93126b596b973f7b77701d3db7f23cb96f' - ], - [ - '76e64113f677cf0e10a2570d599968d31544e179b760432952c02a4417bdde39', - 'c90ddf8dee4e95cf577066d70681f0d35e2a33d2b56d2032b4b1752d1901ac01' - ], - [ - 'c738c56b03b2abe1e8281baa743f8f9a8f7cc643df26cbee3ab150242bcbb891', - '893fb578951ad2537f718f2eacbfbbbb82314eef7880cfe917e735d9699a84c3' - ], - [ - 'd895626548b65b81e264c7637c972877d1d72e5f3a925014372e9f6588f6c14b', - 'febfaa38f2bc7eae728ec60818c340eb03428d632bb067e179363ed75d7d991f' - ], - [ - 'b8da94032a957518eb0f6433571e8761ceffc73693e84edd49150a564f676e03', - '2804dfa44805a1e4d7c99cc9762808b092cc584d95ff3b511488e4e74efdf6e7' - ], - [ - 'e80fea14441fb33a7d8adab9475d7fab2019effb5156a792f1a11778e3c0df5d', - 'eed1de7f638e00771e89768ca3ca94472d155e80af322ea9fcb4291b6ac9ec78' - ], - [ - 'a301697bdfcd704313ba48e51d567543f2a182031efd6915ddc07bbcc4e16070', - '7370f91cfb67e4f5081809fa25d40f9b1735dbf7c0a11a130c0d1a041e177ea1' - ], - [ - '90ad85b389d6b936463f9d0512678de208cc330b11307fffab7ac63e3fb04ed4', - 'e507a3620a38261affdcbd9427222b839aefabe1582894d991d4d48cb6ef150' - ], - [ - '8f68b9d2f63b5f339239c1ad981f162ee88c5678723ea3351b7b444c9ec4c0da', - '662a9f2dba063986de1d90c2b6be215dbbea2cfe95510bfdf23cbf79501fff82' - ], - [ - 'e4f3fb0176af85d65ff99ff9198c36091f48e86503681e3e6686fd5053231e11', - '1e63633ad0ef4f1c1661a6d0ea02b7286cc7e74ec951d1c9822c38576feb73bc' - ], - [ - '8c00fa9b18ebf331eb961537a45a4266c7034f2f0d4e1d0716fb6eae20eae29e', - 'efa47267fea521a1a9dc343a3736c974c2fadafa81e36c54e7d2a4c66702414b' - ], - [ - 'e7a26ce69dd4829f3e10cec0a9e98ed3143d084f308b92c0997fddfc60cb3e41', - '2a758e300fa7984b471b006a1aafbb18d0a6b2c0420e83e20e8a9421cf2cfd51' - ], - [ - 'b6459e0ee3662ec8d23540c223bcbdc571cbcb967d79424f3cf29eb3de6b80ef', - '67c876d06f3e06de1dadf16e5661db3c4b3ae6d48e35b2ff30bf0b61a71ba45' - ], - [ - 'd68a80c8280bb840793234aa118f06231d6f1fc67e73c5a5deda0f5b496943e8', - 'db8ba9fff4b586d00c4b1f9177b0e28b5b0e7b8f7845295a294c84266b133120' - ], - [ - '324aed7df65c804252dc0270907a30b09612aeb973449cea4095980fc28d3d5d', - '648a365774b61f2ff130c0c35aec1f4f19213b0c7e332843967224af96ab7c84' - ], - [ - '4df9c14919cde61f6d51dfdbe5fee5dceec4143ba8d1ca888e8bd373fd054c96', - '35ec51092d8728050974c23a1d85d4b5d506cdc288490192ebac06cad10d5d' - ], - [ - '9c3919a84a474870faed8a9c1cc66021523489054d7f0308cbfc99c8ac1f98cd', - 'ddb84f0f4a4ddd57584f044bf260e641905326f76c64c8e6be7e5e03d4fc599d' - ], - [ - '6057170b1dd12fdf8de05f281d8e06bb91e1493a8b91d4cc5a21382120a959e5', - '9a1af0b26a6a4807add9a2daf71df262465152bc3ee24c65e899be932385a2a8' - ], - [ - 'a576df8e23a08411421439a4518da31880cef0fba7d4df12b1a6973eecb94266', - '40a6bf20e76640b2c92b97afe58cd82c432e10a7f514d9f3ee8be11ae1b28ec8' - ], - [ - '7778a78c28dec3e30a05fe9629de8c38bb30d1f5cf9a3a208f763889be58ad71', - '34626d9ab5a5b22ff7098e12f2ff580087b38411ff24ac563b513fc1fd9f43ac' - ], - [ - '928955ee637a84463729fd30e7afd2ed5f96274e5ad7e5cb09eda9c06d903ac', - 'c25621003d3f42a827b78a13093a95eeac3d26efa8a8d83fc5180e935bcd091f' - ], - [ - '85d0fef3ec6db109399064f3a0e3b2855645b4a907ad354527aae75163d82751', - '1f03648413a38c0be29d496e582cf5663e8751e96877331582c237a24eb1f962' - ], - [ - 'ff2b0dce97eece97c1c9b6041798b85dfdfb6d8882da20308f5404824526087e', - '493d13fef524ba188af4c4dc54d07936c7b7ed6fb90e2ceb2c951e01f0c29907' - ], - [ - '827fbbe4b1e880ea9ed2b2e6301b212b57f1ee148cd6dd28780e5e2cf856e241', - 'c60f9c923c727b0b71bef2c67d1d12687ff7a63186903166d605b68baec293ec' - ], - [ - 'eaa649f21f51bdbae7be4ae34ce6e5217a58fdce7f47f9aa7f3b58fa2120e2b3', - 'be3279ed5bbbb03ac69a80f89879aa5a01a6b965f13f7e59d47a5305ba5ad93d' - ], - [ - 'e4a42d43c5cf169d9391df6decf42ee541b6d8f0c9a137401e23632dda34d24f', - '4d9f92e716d1c73526fc99ccfb8ad34ce886eedfa8d8e4f13a7f7131deba9414' - ], - [ - '1ec80fef360cbdd954160fadab352b6b92b53576a88fea4947173b9d4300bf19', - 'aeefe93756b5340d2f3a4958a7abbf5e0146e77f6295a07b671cdc1cc107cefd' - ], - [ - '146a778c04670c2f91b00af4680dfa8bce3490717d58ba889ddb5928366642be', - 'b318e0ec3354028add669827f9d4b2870aaa971d2f7e5ed1d0b297483d83efd0' - ], - [ - 'fa50c0f61d22e5f07e3acebb1aa07b128d0012209a28b9776d76a8793180eef9', - '6b84c6922397eba9b72cd2872281a68a5e683293a57a213b38cd8d7d3f4f2811' - ], - [ - 'da1d61d0ca721a11b1a5bf6b7d88e8421a288ab5d5bba5220e53d32b5f067ec2', - '8157f55a7c99306c79c0766161c91e2966a73899d279b48a655fba0f1ad836f1' - ], - [ - 'a8e282ff0c9706907215ff98e8fd416615311de0446f1e062a73b0610d064e13', - '7f97355b8db81c09abfb7f3c5b2515888b679a3e50dd6bd6cef7c73111f4cc0c' - ], - [ - '174a53b9c9a285872d39e56e6913cab15d59b1fa512508c022f382de8319497c', - 'ccc9dc37abfc9c1657b4155f2c47f9e6646b3a1d8cb9854383da13ac079afa73' - ], - [ - '959396981943785c3d3e57edf5018cdbe039e730e4918b3d884fdff09475b7ba', - '2e7e552888c331dd8ba0386a4b9cd6849c653f64c8709385e9b8abf87524f2fd' - ], - [ - 'd2a63a50ae401e56d645a1153b109a8fcca0a43d561fba2dbb51340c9d82b151', - 'e82d86fb6443fcb7565aee58b2948220a70f750af484ca52d4142174dcf89405' - ], - [ - '64587e2335471eb890ee7896d7cfdc866bacbdbd3839317b3436f9b45617e073', - 'd99fcdd5bf6902e2ae96dd6447c299a185b90a39133aeab358299e5e9faf6589' - ], - [ - '8481bde0e4e4d885b3a546d3e549de042f0aa6cea250e7fd358d6c86dd45e458', - '38ee7b8cba5404dd84a25bf39cecb2ca900a79c42b262e556d64b1b59779057e' - ], - [ - '13464a57a78102aa62b6979ae817f4637ffcfed3c4b1ce30bcd6303f6caf666b', - '69be159004614580ef7e433453ccb0ca48f300a81d0942e13f495a907f6ecc27' - ], - [ - 'bc4a9df5b713fe2e9aef430bcc1dc97a0cd9ccede2f28588cada3a0d2d83f366', - 'd3a81ca6e785c06383937adf4b798caa6e8a9fbfa547b16d758d666581f33c1' - ], - [ - '8c28a97bf8298bc0d23d8c749452a32e694b65e30a9472a3954ab30fe5324caa', - '40a30463a3305193378fedf31f7cc0eb7ae784f0451cb9459e71dc73cbef9482' - ], - [ - '8ea9666139527a8c1dd94ce4f071fd23c8b350c5a4bb33748c4ba111faccae0', - '620efabbc8ee2782e24e7c0cfb95c5d735b783be9cf0f8e955af34a30e62b945' - ], - [ - 'dd3625faef5ba06074669716bbd3788d89bdde815959968092f76cc4eb9a9787', - '7a188fa3520e30d461da2501045731ca941461982883395937f68d00c644a573' - ], - [ - 'f710d79d9eb962297e4f6232b40e8f7feb2bc63814614d692c12de752408221e', - 'ea98e67232d3b3295d3b535532115ccac8612c721851617526ae47a9c77bfc82' - ] - ] - }, - naf: { - wnd: 7, - points: [ - [ - 'f9308a019258c31049344f85f89d5229b531c845836f99b08601f113bce036f9', - '388f7b0f632de8140fe337e62a37f3566500a99934c2231b6cb9fd7584b8e672' - ], - [ - '2f8bde4d1a07209355b4a7250a5c5128e88b84bddc619ab7cba8d569b240efe4', - 'd8ac222636e5e3d6d4dba9dda6c9c426f788271bab0d6840dca87d3aa6ac62d6' - ], - [ - '5cbdf0646e5db4eaa398f365f2ea7a0e3d419b7e0330e39ce92bddedcac4f9bc', - '6aebca40ba255960a3178d6d861a54dba813d0b813fde7b5a5082628087264da' - ], - [ - 'acd484e2f0c7f65309ad178a9f559abde09796974c57e714c35f110dfc27ccbe', - 'cc338921b0a7d9fd64380971763b61e9add888a4375f8e0f05cc262ac64f9c37' - ], - [ - '774ae7f858a9411e5ef4246b70c65aac5649980be5c17891bbec17895da008cb', - 'd984a032eb6b5e190243dd56d7b7b365372db1e2dff9d6a8301d74c9c953c61b' - ], - [ - 'f28773c2d975288bc7d1d205c3748651b075fbc6610e58cddeeddf8f19405aa8', - 'ab0902e8d880a89758212eb65cdaf473a1a06da521fa91f29b5cb52db03ed81' - ], - [ - 'd7924d4f7d43ea965a465ae3095ff41131e5946f3c85f79e44adbcf8e27e080e', - '581e2872a86c72a683842ec228cc6defea40af2bd896d3a5c504dc9ff6a26b58' - ], - [ - 'defdea4cdb677750a420fee807eacf21eb9898ae79b9768766e4faa04a2d4a34', - '4211ab0694635168e997b0ead2a93daeced1f4a04a95c0f6cfb199f69e56eb77' - ], - [ - '2b4ea0a797a443d293ef5cff444f4979f06acfebd7e86d277475656138385b6c', - '85e89bc037945d93b343083b5a1c86131a01f60c50269763b570c854e5c09b7a' - ], - [ - '352bbf4a4cdd12564f93fa332ce333301d9ad40271f8107181340aef25be59d5', - '321eb4075348f534d59c18259dda3e1f4a1b3b2e71b1039c67bd3d8bcf81998c' - ], - [ - '2fa2104d6b38d11b0230010559879124e42ab8dfeff5ff29dc9cdadd4ecacc3f', - '2de1068295dd865b64569335bd5dd80181d70ecfc882648423ba76b532b7d67' - ], - [ - '9248279b09b4d68dab21a9b066edda83263c3d84e09572e269ca0cd7f5453714', - '73016f7bf234aade5d1aa71bdea2b1ff3fc0de2a887912ffe54a32ce97cb3402' - ], - [ - 'daed4f2be3a8bf278e70132fb0beb7522f570e144bf615c07e996d443dee8729', - 'a69dce4a7d6c98e8d4a1aca87ef8d7003f83c230f3afa726ab40e52290be1c55' - ], - [ - 'c44d12c7065d812e8acf28d7cbb19f9011ecd9e9fdf281b0e6a3b5e87d22e7db', - '2119a460ce326cdc76c45926c982fdac0e106e861edf61c5a039063f0e0e6482' - ], - [ - '6a245bf6dc698504c89a20cfded60853152b695336c28063b61c65cbd269e6b4', - 'e022cf42c2bd4a708b3f5126f16a24ad8b33ba48d0423b6efd5e6348100d8a82' - ], - [ - '1697ffa6fd9de627c077e3d2fe541084ce13300b0bec1146f95ae57f0d0bd6a5', - 'b9c398f186806f5d27561506e4557433a2cf15009e498ae7adee9d63d01b2396' - ], - [ - '605bdb019981718b986d0f07e834cb0d9deb8360ffb7f61df982345ef27a7479', - '2972d2de4f8d20681a78d93ec96fe23c26bfae84fb14db43b01e1e9056b8c49' - ], - [ - '62d14dab4150bf497402fdc45a215e10dcb01c354959b10cfe31c7e9d87ff33d', - '80fc06bd8cc5b01098088a1950eed0db01aa132967ab472235f5642483b25eaf' - ], - [ - '80c60ad0040f27dade5b4b06c408e56b2c50e9f56b9b8b425e555c2f86308b6f', - '1c38303f1cc5c30f26e66bad7fe72f70a65eed4cbe7024eb1aa01f56430bd57a' - ], - [ - '7a9375ad6167ad54aa74c6348cc54d344cc5dc9487d847049d5eabb0fa03c8fb', - 'd0e3fa9eca8726909559e0d79269046bdc59ea10c70ce2b02d499ec224dc7f7' - ], - [ - 'd528ecd9b696b54c907a9ed045447a79bb408ec39b68df504bb51f459bc3ffc9', - 'eecf41253136e5f99966f21881fd656ebc4345405c520dbc063465b521409933' - ], - [ - '49370a4b5f43412ea25f514e8ecdad05266115e4a7ecb1387231808f8b45963', - '758f3f41afd6ed428b3081b0512fd62a54c3f3afbb5b6764b653052a12949c9a' - ], - [ - '77f230936ee88cbbd73df930d64702ef881d811e0e1498e2f1c13eb1fc345d74', - '958ef42a7886b6400a08266e9ba1b37896c95330d97077cbbe8eb3c7671c60d6' - ], - [ - 'f2dac991cc4ce4b9ea44887e5c7c0bce58c80074ab9d4dbaeb28531b7739f530', - 'e0dedc9b3b2f8dad4da1f32dec2531df9eb5fbeb0598e4fd1a117dba703a3c37' - ], - [ - '463b3d9f662621fb1b4be8fbbe2520125a216cdfc9dae3debcba4850c690d45b', - '5ed430d78c296c3543114306dd8622d7c622e27c970a1de31cb377b01af7307e' - ], - [ - 'f16f804244e46e2a09232d4aff3b59976b98fac14328a2d1a32496b49998f247', - 'cedabd9b82203f7e13d206fcdf4e33d92a6c53c26e5cce26d6579962c4e31df6' - ], - [ - 'caf754272dc84563b0352b7a14311af55d245315ace27c65369e15f7151d41d1', - 'cb474660ef35f5f2a41b643fa5e460575f4fa9b7962232a5c32f908318a04476' - ], - [ - '2600ca4b282cb986f85d0f1709979d8b44a09c07cb86d7c124497bc86f082120', - '4119b88753c15bd6a693b03fcddbb45d5ac6be74ab5f0ef44b0be9475a7e4b40' - ], - [ - '7635ca72d7e8432c338ec53cd12220bc01c48685e24f7dc8c602a7746998e435', - '91b649609489d613d1d5e590f78e6d74ecfc061d57048bad9e76f302c5b9c61' - ], - [ - '754e3239f325570cdbbf4a87deee8a66b7f2b33479d468fbc1a50743bf56cc18', - '673fb86e5bda30fb3cd0ed304ea49a023ee33d0197a695d0c5d98093c536683' - ], - [ - 'e3e6bd1071a1e96aff57859c82d570f0330800661d1c952f9fe2694691d9b9e8', - '59c9e0bba394e76f40c0aa58379a3cb6a5a2283993e90c4167002af4920e37f5' - ], - [ - '186b483d056a033826ae73d88f732985c4ccb1f32ba35f4b4cc47fdcf04aa6eb', - '3b952d32c67cf77e2e17446e204180ab21fb8090895138b4a4a797f86e80888b' - ], - [ - 'df9d70a6b9876ce544c98561f4be4f725442e6d2b737d9c91a8321724ce0963f', - '55eb2dafd84d6ccd5f862b785dc39d4ab157222720ef9da217b8c45cf2ba2417' - ], - [ - '5edd5cc23c51e87a497ca815d5dce0f8ab52554f849ed8995de64c5f34ce7143', - 'efae9c8dbc14130661e8cec030c89ad0c13c66c0d17a2905cdc706ab7399a868' - ], - [ - '290798c2b6476830da12fe02287e9e777aa3fba1c355b17a722d362f84614fba', - 'e38da76dcd440621988d00bcf79af25d5b29c094db2a23146d003afd41943e7a' - ], - [ - 'af3c423a95d9f5b3054754efa150ac39cd29552fe360257362dfdecef4053b45', - 'f98a3fd831eb2b749a93b0e6f35cfb40c8cd5aa667a15581bc2feded498fd9c6' - ], - [ - '766dbb24d134e745cccaa28c99bf274906bb66b26dcf98df8d2fed50d884249a', - '744b1152eacbe5e38dcc887980da38b897584a65fa06cedd2c924f97cbac5996' - ], - [ - '59dbf46f8c94759ba21277c33784f41645f7b44f6c596a58ce92e666191abe3e', - 'c534ad44175fbc300f4ea6ce648309a042ce739a7919798cd85e216c4a307f6e' - ], - [ - 'f13ada95103c4537305e691e74e9a4a8dd647e711a95e73cb62dc6018cfd87b8', - 'e13817b44ee14de663bf4bc808341f326949e21a6a75c2570778419bdaf5733d' - ], - [ - '7754b4fa0e8aced06d4167a2c59cca4cda1869c06ebadfb6488550015a88522c', - '30e93e864e669d82224b967c3020b8fa8d1e4e350b6cbcc537a48b57841163a2' - ], - [ - '948dcadf5990e048aa3874d46abef9d701858f95de8041d2a6828c99e2262519', - 'e491a42537f6e597d5d28a3224b1bc25df9154efbd2ef1d2cbba2cae5347d57e' - ], - [ - '7962414450c76c1689c7b48f8202ec37fb224cf5ac0bfa1570328a8a3d7c77ab', - '100b610ec4ffb4760d5c1fc133ef6f6b12507a051f04ac5760afa5b29db83437' - ], - [ - '3514087834964b54b15b160644d915485a16977225b8847bb0dd085137ec47ca', - 'ef0afbb2056205448e1652c48e8127fc6039e77c15c2378b7e7d15a0de293311' - ], - [ - 'd3cc30ad6b483e4bc79ce2c9dd8bc54993e947eb8df787b442943d3f7b527eaf', - '8b378a22d827278d89c5e9be8f9508ae3c2ad46290358630afb34db04eede0a4' - ], - [ - '1624d84780732860ce1c78fcbfefe08b2b29823db913f6493975ba0ff4847610', - '68651cf9b6da903e0914448c6cd9d4ca896878f5282be4c8cc06e2a404078575' - ], - [ - '733ce80da955a8a26902c95633e62a985192474b5af207da6df7b4fd5fc61cd4', - 'f5435a2bd2badf7d485a4d8b8db9fcce3e1ef8e0201e4578c54673bc1dc5ea1d' - ], - [ - '15d9441254945064cf1a1c33bbd3b49f8966c5092171e699ef258dfab81c045c', - 'd56eb30b69463e7234f5137b73b84177434800bacebfc685fc37bbe9efe4070d' - ], - [ - 'a1d0fcf2ec9de675b612136e5ce70d271c21417c9d2b8aaaac138599d0717940', - 'edd77f50bcb5a3cab2e90737309667f2641462a54070f3d519212d39c197a629' - ], - [ - 'e22fbe15c0af8ccc5780c0735f84dbe9a790badee8245c06c7ca37331cb36980', - 'a855babad5cd60c88b430a69f53a1a7a38289154964799be43d06d77d31da06' - ], - [ - '311091dd9860e8e20ee13473c1155f5f69635e394704eaa74009452246cfa9b3', - '66db656f87d1f04fffd1f04788c06830871ec5a64feee685bd80f0b1286d8374' - ], - [ - '34c1fd04d301be89b31c0442d3e6ac24883928b45a9340781867d4232ec2dbdf', - '9414685e97b1b5954bd46f730174136d57f1ceeb487443dc5321857ba73abee' - ], - [ - 'f219ea5d6b54701c1c14de5b557eb42a8d13f3abbcd08affcc2a5e6b049b8d63', - '4cb95957e83d40b0f73af4544cccf6b1f4b08d3c07b27fb8d8c2962a400766d1' - ], - [ - 'd7b8740f74a8fbaab1f683db8f45de26543a5490bca627087236912469a0b448', - 'fa77968128d9c92ee1010f337ad4717eff15db5ed3c049b3411e0315eaa4593b' - ], - [ - '32d31c222f8f6f0ef86f7c98d3a3335ead5bcd32abdd94289fe4d3091aa824bf', - '5f3032f5892156e39ccd3d7915b9e1da2e6dac9e6f26e961118d14b8462e1661' - ], - [ - '7461f371914ab32671045a155d9831ea8793d77cd59592c4340f86cbc18347b5', - '8ec0ba238b96bec0cbdddcae0aa442542eee1ff50c986ea6b39847b3cc092ff6' - ], - [ - 'ee079adb1df1860074356a25aa38206a6d716b2c3e67453d287698bad7b2b2d6', - '8dc2412aafe3be5c4c5f37e0ecc5f9f6a446989af04c4e25ebaac479ec1c8c1e' - ], - [ - '16ec93e447ec83f0467b18302ee620f7e65de331874c9dc72bfd8616ba9da6b5', - '5e4631150e62fb40d0e8c2a7ca5804a39d58186a50e497139626778e25b0674d' - ], - [ - 'eaa5f980c245f6f038978290afa70b6bd8855897f98b6aa485b96065d537bd99', - 'f65f5d3e292c2e0819a528391c994624d784869d7e6ea67fb18041024edc07dc' - ], - [ - '78c9407544ac132692ee1910a02439958ae04877151342ea96c4b6b35a49f51', - 'f3e0319169eb9b85d5404795539a5e68fa1fbd583c064d2462b675f194a3ddb4' - ], - [ - '494f4be219a1a77016dcd838431aea0001cdc8ae7a6fc688726578d9702857a5', - '42242a969283a5f339ba7f075e36ba2af925ce30d767ed6e55f4b031880d562c' - ], - [ - 'a598a8030da6d86c6bc7f2f5144ea549d28211ea58faa70ebf4c1e665c1fe9b5', - '204b5d6f84822c307e4b4a7140737aec23fc63b65b35f86a10026dbd2d864e6b' - ], - [ - 'c41916365abb2b5d09192f5f2dbeafec208f020f12570a184dbadc3e58595997', - '4f14351d0087efa49d245b328984989d5caf9450f34bfc0ed16e96b58fa9913' - ], - [ - '841d6063a586fa475a724604da03bc5b92a2e0d2e0a36acfe4c73a5514742881', - '73867f59c0659e81904f9a1c7543698e62562d6744c169ce7a36de01a8d6154' - ], - [ - '5e95bb399a6971d376026947f89bde2f282b33810928be4ded112ac4d70e20d5', - '39f23f366809085beebfc71181313775a99c9aed7d8ba38b161384c746012865' - ], - [ - '36e4641a53948fd476c39f8a99fd974e5ec07564b5315d8bf99471bca0ef2f66', - 'd2424b1b1abe4eb8164227b085c9aa9456ea13493fd563e06fd51cf5694c78fc' - ], - [ - '336581ea7bfbbb290c191a2f507a41cf5643842170e914faeab27c2c579f726', - 'ead12168595fe1be99252129b6e56b3391f7ab1410cd1e0ef3dcdcabd2fda224' - ], - [ - '8ab89816dadfd6b6a1f2634fcf00ec8403781025ed6890c4849742706bd43ede', - '6fdcef09f2f6d0a044e654aef624136f503d459c3e89845858a47a9129cdd24e' - ], - [ - '1e33f1a746c9c5778133344d9299fcaa20b0938e8acff2544bb40284b8c5fb94', - '60660257dd11b3aa9c8ed618d24edff2306d320f1d03010e33a7d2057f3b3b6' - ], - [ - '85b7c1dcb3cec1b7ee7f30ded79dd20a0ed1f4cc18cbcfcfa410361fd8f08f31', - '3d98a9cdd026dd43f39048f25a8847f4fcafad1895d7a633c6fed3c35e999511' - ], - [ - '29df9fbd8d9e46509275f4b125d6d45d7fbe9a3b878a7af872a2800661ac5f51', - 'b4c4fe99c775a606e2d8862179139ffda61dc861c019e55cd2876eb2a27d84b' - ], - [ - 'a0b1cae06b0a847a3fea6e671aaf8adfdfe58ca2f768105c8082b2e449fce252', - 'ae434102edde0958ec4b19d917a6a28e6b72da1834aff0e650f049503a296cf2' - ], - [ - '4e8ceafb9b3e9a136dc7ff67e840295b499dfb3b2133e4ba113f2e4c0e121e5', - 'cf2174118c8b6d7a4b48f6d534ce5c79422c086a63460502b827ce62a326683c' - ], - [ - 'd24a44e047e19b6f5afb81c7ca2f69080a5076689a010919f42725c2b789a33b', - '6fb8d5591b466f8fc63db50f1c0f1c69013f996887b8244d2cdec417afea8fa3' - ], - [ - 'ea01606a7a6c9cdd249fdfcfacb99584001edd28abbab77b5104e98e8e3b35d4', - '322af4908c7312b0cfbfe369f7a7b3cdb7d4494bc2823700cfd652188a3ea98d' - ], - [ - 'af8addbf2b661c8a6c6328655eb96651252007d8c5ea31be4ad196de8ce2131f', - '6749e67c029b85f52a034eafd096836b2520818680e26ac8f3dfbcdb71749700' - ], - [ - 'e3ae1974566ca06cc516d47e0fb165a674a3dabcfca15e722f0e3450f45889', - '2aeabe7e4531510116217f07bf4d07300de97e4874f81f533420a72eeb0bd6a4' - ], - [ - '591ee355313d99721cf6993ffed1e3e301993ff3ed258802075ea8ced397e246', - 'b0ea558a113c30bea60fc4775460c7901ff0b053d25ca2bdeee98f1a4be5d196' - ], - [ - '11396d55fda54c49f19aa97318d8da61fa8584e47b084945077cf03255b52984', - '998c74a8cd45ac01289d5833a7beb4744ff536b01b257be4c5767bea93ea57a4' - ], - [ - '3c5d2a1ba39c5a1790000738c9e0c40b8dcdfd5468754b6405540157e017aa7a', - 'b2284279995a34e2f9d4de7396fc18b80f9b8b9fdd270f6661f79ca4c81bd257' - ], - [ - 'cc8704b8a60a0defa3a99a7299f2e9c3fbc395afb04ac078425ef8a1793cc030', - 'bdd46039feed17881d1e0862db347f8cf395b74fc4bcdc4e940b74e3ac1f1b13' - ], - [ - 'c533e4f7ea8555aacd9777ac5cad29b97dd4defccc53ee7ea204119b2889b197', - '6f0a256bc5efdf429a2fb6242f1a43a2d9b925bb4a4b3a26bb8e0f45eb596096' - ], - [ - 'c14f8f2ccb27d6f109f6d08d03cc96a69ba8c34eec07bbcf566d48e33da6593', - 'c359d6923bb398f7fd4473e16fe1c28475b740dd098075e6c0e8649113dc3a38' - ], - [ - 'a6cbc3046bc6a450bac24789fa17115a4c9739ed75f8f21ce441f72e0b90e6ef', - '21ae7f4680e889bb130619e2c0f95a360ceb573c70603139862afd617fa9b9f' - ], - [ - '347d6d9a02c48927ebfb86c1359b1caf130a3c0267d11ce6344b39f99d43cc38', - '60ea7f61a353524d1c987f6ecec92f086d565ab687870cb12689ff1e31c74448' - ], - [ - 'da6545d2181db8d983f7dcb375ef5866d47c67b1bf31c8cf855ef7437b72656a', - '49b96715ab6878a79e78f07ce5680c5d6673051b4935bd897fea824b77dc208a' - ], - [ - 'c40747cc9d012cb1a13b8148309c6de7ec25d6945d657146b9d5994b8feb1111', - '5ca560753be2a12fc6de6caf2cb489565db936156b9514e1bb5e83037e0fa2d4' - ], - [ - '4e42c8ec82c99798ccf3a610be870e78338c7f713348bd34c8203ef4037f3502', - '7571d74ee5e0fb92a7a8b33a07783341a5492144cc54bcc40a94473693606437' - ], - [ - '3775ab7089bc6af823aba2e1af70b236d251cadb0c86743287522a1b3b0dedea', - 'be52d107bcfa09d8bcb9736a828cfa7fac8db17bf7a76a2c42ad961409018cf7' - ], - [ - 'cee31cbf7e34ec379d94fb814d3d775ad954595d1314ba8846959e3e82f74e26', - '8fd64a14c06b589c26b947ae2bcf6bfa0149ef0be14ed4d80f448a01c43b1c6d' - ], - [ - 'b4f9eaea09b6917619f6ea6a4eb5464efddb58fd45b1ebefcdc1a01d08b47986', - '39e5c9925b5a54b07433a4f18c61726f8bb131c012ca542eb24a8ac07200682a' - ], - [ - 'd4263dfc3d2df923a0179a48966d30ce84e2515afc3dccc1b77907792ebcc60e', - '62dfaf07a0f78feb30e30d6295853ce189e127760ad6cf7fae164e122a208d54' - ], - [ - '48457524820fa65a4f8d35eb6930857c0032acc0a4a2de422233eeda897612c4', - '25a748ab367979d98733c38a1fa1c2e7dc6cc07db2d60a9ae7a76aaa49bd0f77' - ], - [ - 'dfeeef1881101f2cb11644f3a2afdfc2045e19919152923f367a1767c11cceda', - 'ecfb7056cf1de042f9420bab396793c0c390bde74b4bbdff16a83ae09a9a7517' - ], - [ - '6d7ef6b17543f8373c573f44e1f389835d89bcbc6062ced36c82df83b8fae859', - 'cd450ec335438986dfefa10c57fea9bcc521a0959b2d80bbf74b190dca712d10' - ], - [ - 'e75605d59102a5a2684500d3b991f2e3f3c88b93225547035af25af66e04541f', - 'f5c54754a8f71ee540b9b48728473e314f729ac5308b06938360990e2bfad125' - ], - [ - 'eb98660f4c4dfaa06a2be453d5020bc99a0c2e60abe388457dd43fefb1ed620c', - '6cb9a8876d9cb8520609af3add26cd20a0a7cd8a9411131ce85f44100099223e' - ], - [ - '13e87b027d8514d35939f2e6892b19922154596941888336dc3563e3b8dba942', - 'fef5a3c68059a6dec5d624114bf1e91aac2b9da568d6abeb2570d55646b8adf1' - ], - [ - 'ee163026e9fd6fe017c38f06a5be6fc125424b371ce2708e7bf4491691e5764a', - '1acb250f255dd61c43d94ccc670d0f58f49ae3fa15b96623e5430da0ad6c62b2' - ], - [ - 'b268f5ef9ad51e4d78de3a750c2dc89b1e626d43505867999932e5db33af3d80', - '5f310d4b3c99b9ebb19f77d41c1dee018cf0d34fd4191614003e945a1216e423' - ], - [ - 'ff07f3118a9df035e9fad85eb6c7bfe42b02f01ca99ceea3bf7ffdba93c4750d', - '438136d603e858a3a5c440c38eccbaddc1d2942114e2eddd4740d098ced1f0d8' - ], - [ - '8d8b9855c7c052a34146fd20ffb658bea4b9f69e0d825ebec16e8c3ce2b526a1', - 'cdb559eedc2d79f926baf44fb84ea4d44bcf50fee51d7ceb30e2e7f463036758' - ], - [ - '52db0b5384dfbf05bfa9d472d7ae26dfe4b851ceca91b1eba54263180da32b63', - 'c3b997d050ee5d423ebaf66a6db9f57b3180c902875679de924b69d84a7b375' - ], - [ - 'e62f9490d3d51da6395efd24e80919cc7d0f29c3f3fa48c6fff543becbd43352', - '6d89ad7ba4876b0b22c2ca280c682862f342c8591f1daf5170e07bfd9ccafa7d' - ], - [ - '7f30ea2476b399b4957509c88f77d0191afa2ff5cb7b14fd6d8e7d65aaab1193', - 'ca5ef7d4b231c94c3b15389a5f6311e9daff7bb67b103e9880ef4bff637acaec' - ], - [ - '5098ff1e1d9f14fb46a210fada6c903fef0fb7b4a1dd1d9ac60a0361800b7a00', - '9731141d81fc8f8084d37c6e7542006b3ee1b40d60dfe5362a5b132fd17ddc0' - ], - [ - '32b78c7de9ee512a72895be6b9cbefa6e2f3c4ccce445c96b9f2c81e2778ad58', - 'ee1849f513df71e32efc3896ee28260c73bb80547ae2275ba497237794c8753c' - ], - [ - 'e2cb74fddc8e9fbcd076eef2a7c72b0ce37d50f08269dfc074b581550547a4f7', - 'd3aa2ed71c9dd2247a62df062736eb0baddea9e36122d2be8641abcb005cc4a4' - ], - [ - '8438447566d4d7bedadc299496ab357426009a35f235cb141be0d99cd10ae3a8', - 'c4e1020916980a4da5d01ac5e6ad330734ef0d7906631c4f2390426b2edd791f' - ], - [ - '4162d488b89402039b584c6fc6c308870587d9c46f660b878ab65c82c711d67e', - '67163e903236289f776f22c25fb8a3afc1732f2b84b4e95dbda47ae5a0852649' - ], - [ - '3fad3fa84caf0f34f0f89bfd2dcf54fc175d767aec3e50684f3ba4a4bf5f683d', - 'cd1bc7cb6cc407bb2f0ca647c718a730cf71872e7d0d2a53fa20efcdfe61826' - ], - [ - '674f2600a3007a00568c1a7ce05d0816c1fb84bf1370798f1c69532faeb1a86b', - '299d21f9413f33b3edf43b257004580b70db57da0b182259e09eecc69e0d38a5' - ], - [ - 'd32f4da54ade74abb81b815ad1fb3b263d82d6c692714bcff87d29bd5ee9f08f', - 'f9429e738b8e53b968e99016c059707782e14f4535359d582fc416910b3eea87' - ], - [ - '30e4e670435385556e593657135845d36fbb6931f72b08cb1ed954f1e3ce3ff6', - '462f9bce619898638499350113bbc9b10a878d35da70740dc695a559eb88db7b' - ], - [ - 'be2062003c51cc3004682904330e4dee7f3dcd10b01e580bf1971b04d4cad297', - '62188bc49d61e5428573d48a74e1c655b1c61090905682a0d5558ed72dccb9bc' - ], - [ - '93144423ace3451ed29e0fb9ac2af211cb6e84a601df5993c419859fff5df04a', - '7c10dfb164c3425f5c71a3f9d7992038f1065224f72bb9d1d902a6d13037b47c' - ], - [ - 'b015f8044f5fcbdcf21ca26d6c34fb8197829205c7b7d2a7cb66418c157b112c', - 'ab8c1e086d04e813744a655b2df8d5f83b3cdc6faa3088c1d3aea1454e3a1d5f' - ], - [ - 'd5e9e1da649d97d89e4868117a465a3a4f8a18de57a140d36b3f2af341a21b52', - '4cb04437f391ed73111a13cc1d4dd0db1693465c2240480d8955e8592f27447a' - ], - [ - 'd3ae41047dd7ca065dbf8ed77b992439983005cd72e16d6f996a5316d36966bb', - 'bd1aeb21ad22ebb22a10f0303417c6d964f8cdd7df0aca614b10dc14d125ac46' - ], - [ - '463e2763d885f958fc66cdd22800f0a487197d0a82e377b49f80af87c897b065', - 'bfefacdb0e5d0fd7df3a311a94de062b26b80c61fbc97508b79992671ef7ca7f' - ], - [ - '7985fdfd127c0567c6f53ec1bb63ec3158e597c40bfe747c83cddfc910641917', - '603c12daf3d9862ef2b25fe1de289aed24ed291e0ec6708703a5bd567f32ed03' - ], - [ - '74a1ad6b5f76e39db2dd249410eac7f99e74c59cb83d2d0ed5ff1543da7703e9', - 'cc6157ef18c9c63cd6193d83631bbea0093e0968942e8c33d5737fd790e0db08' - ], - [ - '30682a50703375f602d416664ba19b7fc9bab42c72747463a71d0896b22f6da3', - '553e04f6b018b4fa6c8f39e7f311d3176290d0e0f19ca73f17714d9977a22ff8' - ], - [ - '9e2158f0d7c0d5f26c3791efefa79597654e7a2b2464f52b1ee6c1347769ef57', - '712fcdd1b9053f09003a3481fa7762e9ffd7c8ef35a38509e2fbf2629008373' - ], - [ - '176e26989a43c9cfeba4029c202538c28172e566e3c4fce7322857f3be327d66', - 'ed8cc9d04b29eb877d270b4878dc43c19aefd31f4eee09ee7b47834c1fa4b1c3' - ], - [ - '75d46efea3771e6e68abb89a13ad747ecf1892393dfc4f1b7004788c50374da8', - '9852390a99507679fd0b86fd2b39a868d7efc22151346e1a3ca4726586a6bed8' - ], - [ - '809a20c67d64900ffb698c4c825f6d5f2310fb0451c869345b7319f645605721', - '9e994980d9917e22b76b061927fa04143d096ccc54963e6a5ebfa5f3f8e286c1' - ], - [ - '1b38903a43f7f114ed4500b4eac7083fdefece1cf29c63528d563446f972c180', - '4036edc931a60ae889353f77fd53de4a2708b26b6f5da72ad3394119daf408f9' - ] - ] +var hashProperty = { + configurable: false, + enumerable: true, + get: function() { + return new BufferReader(this._getHash()).readReverse().toString('hex'); } }; +Object.defineProperty(Transaction.prototype, 'hash', hashProperty); +Object.defineProperty(Transaction.prototype, 'id', hashProperty); -},{}],68:[function(require,module,exports){ -'use strict'; +var ioProperty = { + configurable: false, + enumerable: true, + get: function() { + return this._getInputAmount(); + } +}; +Object.defineProperty(Transaction.prototype, 'inputAmount', ioProperty); +ioProperty.get = function() { + return this._getOutputAmount(); +}; +Object.defineProperty(Transaction.prototype, 'outputAmount', ioProperty); -var utils = exports; +/** + * Retrieve the little endian hash of the transaction (used for serialization) + * @return {Buffer} + */ +Transaction.prototype._getHash = function() { + return Hash.sha256sha256(this.toBuffer()); +}; -utils.assert = function assert(val, msg) { - if (!val) - throw new Error(msg || 'Assertion failed'); +/** + * Retrieve a hexa string that can be used with bitcoind's CLI interface + * (decoderawtransaction, sendrawtransaction) + * + * @param {Object|boolean=} unsafe if true, skip all tests. if it's an object, + * it's expected to contain a set of flags to skip certain tests: + * * `disableAll`: disable all checks + * * `disableSmallFees`: disable checking for fees that are too small + * * `disableLargeFees`: disable checking for fees that are too large + * * `disableIsFullySigned`: disable checking if all inputs are fully signed + * * `disableDustOutputs`: disable checking if there are no outputs that are dust amounts + * * `disableMoreOutputThanInput`: disable checking if the transaction spends more bitcoins than the sum of the input amounts + * @return {string} + */ +Transaction.prototype.serialize = function(unsafe) { + if (true === unsafe || unsafe && unsafe.disableAll) { + return this.uncheckedSerialize(); + } else { + return this.checkedSerialize(unsafe); + } }; -function toArray(msg, enc) { - if (Array.isArray(msg)) - return msg.slice(); - if (!msg) - return []; - var res = []; - if (typeof msg !== 'string') { - for (var i = 0; i < msg.length; i++) - res[i] = msg[i] | 0; - return res; +Transaction.prototype.uncheckedSerialize = Transaction.prototype.toString = function() { + return this.toBuffer().toString('hex'); +}; + +/** + * Retrieve a hexa string that can be used with bitcoind's CLI interface + * (decoderawtransaction, sendrawtransaction) + * + * @param {Object} opts allows to skip certain tests. {@see Transaction#serialize} + * @return {string} + */ +Transaction.prototype.checkedSerialize = function(opts) { + var serializationError = this.getSerializationError(opts); + if (serializationError) { + serializationError.message += ' Use Transaction#uncheckedSerialize if you want to skip security checks. ' + + 'See http://bitcore.io/guide/transaction.html#Serialization for more info.'; + throw serializationError; } - if (!enc) { - for (var i = 0; i < msg.length; i++) { - var c = msg.charCodeAt(i); - var hi = c >> 8; - var lo = c & 0xff; - if (hi) - res.push(hi, lo); - else - res.push(lo); + return this.uncheckedSerialize(); +}; + +Transaction.prototype.invalidSatoshis = function() { + var invalid = false; + for (var i = 0; i < this.outputs.length; i++) { + if (this.outputs[i].invalidSatoshis()) { + invalid = true; } - } else if (enc === 'hex') { - msg = msg.replace(/[^a-z0-9]+/ig, ''); - if (msg.length % 2 !== 0) - msg = '0' + msg; - for (var i = 0; i < msg.length; i += 2) - res.push(parseInt(msg[i] + msg[i + 1], 16)); } - return res; -} -utils.toArray = toArray; + return invalid; +}; -function zero2(word) { - if (word.length === 1) - return '0' + word; - else - return word; -} -utils.zero2 = zero2; +/** + * Retrieve a possible error that could appear when trying to serialize and + * broadcast this transaction. + * + * @param {Object} opts allows to skip certain tests. {@see Transaction#serialize} + * @return {bitcore.Error} + */ +Transaction.prototype.getSerializationError = function(opts) { + opts = opts || {}; -function toHex(msg) { - var res = ''; - for (var i = 0; i < msg.length; i++) - res += zero2(msg[i].toString(16)); - return res; -} -utils.toHex = toHex; + if (this.invalidSatoshis()) { + return new errors.Transaction.InvalidSatoshis(); + } -utils.encode = function encode(arr, enc) { - if (enc === 'hex') - return toHex(arr); - else - return arr; + var unspent = this._getUnspentValue(); + var unspentError; + if (unspent < 0) { + if (!opts.disableMoreOutputThanInput) { + unspentError = new errors.Transaction.InvalidOutputAmountSum(); + } + } else { + unspentError = this._hasFeeError(opts, unspent); + } + + return unspentError || + this._hasDustOutputs(opts) || + this._isMissingSignatures(opts); }; -// Represent num in a w-NAF form -function getNAF(num, w) { - var naf = []; - var ws = 1 << (w + 1); - var k = num.clone(); - while (k.cmpn(1) >= 0) { - var z; - if (k.isOdd()) { - var mod = k.andln(ws - 1); - if (mod > (ws >> 1) - 1) - z = (ws >> 1) - mod; - else - z = mod; - k.isubn(z); - } else { - z = 0; +Transaction.prototype._hasFeeError = function(opts, unspent) { + + if (!_.isUndefined(this._fee) && this._fee !== unspent) { + return new errors.Transaction.FeeError.Different( + 'Unspent value is ' + unspent + ' but specified fee is ' + this._fee + ); + } + + if (!opts.disableLargeFees) { + var maximumFee = Math.floor(Transaction.FEE_SECURITY_MARGIN * this._estimateFee()); + if (unspent > maximumFee) { + if (this._missingChange()) { + return new errors.Transaction.ChangeAddressMissing( + 'Fee is too large and no change address was provided' + ); + } + return new errors.Transaction.FeeError.TooLarge( + 'expected less than ' + maximumFee + ' but got ' + unspent + ); } - naf.push(z); + } - // Optimization, shift by word if possible - var shift = (k.cmpn(0) !== 0 && k.andln(ws - 1) === 0) ? (w + 1) : 1; - for (var i = 1; i < shift; i++) - naf.push(0); - k.ishrn(shift); + if (!opts.disableSmallFees) { + var minimumFee = Math.ceil(this._estimateFee() / Transaction.FEE_SECURITY_MARGIN); + if (unspent < minimumFee) { + return new errors.Transaction.FeeError.TooSmall( + 'expected more than ' + minimumFee + ' but got ' + unspent + ); + } } +}; - return naf; -} -utils.getNAF = getNAF; +Transaction.prototype._missingChange = function() { + return !this._changeScript; +}; -// Represent k1, k2 in a Joint Sparse Form -function getJSF(k1, k2) { - var jsf = [ - [], - [] - ]; - - k1 = k1.clone(); - k2 = k2.clone(); - var d1 = 0; - var d2 = 0; - while (k1.cmpn(-d1) > 0 || k2.cmpn(-d2) > 0) { - - // First phase - var m14 = (k1.andln(3) + d1) & 3; - var m24 = (k2.andln(3) + d2) & 3; - if (m14 === 3) - m14 = -1; - if (m24 === 3) - m24 = -1; - var u1; - if ((m14 & 1) === 0) { - u1 = 0; - } else { - var m8 = (k1.andln(7) + d1) & 7; - if ((m8 === 3 || m8 === 5) && m24 === 2) - u1 = -m14; - else - u1 = m14; - } - jsf[0].push(u1); - - var u2; - if ((m24 & 1) === 0) { - u2 = 0; - } else { - var m8 = (k2.andln(7) + d2) & 7; - if ((m8 === 3 || m8 === 5) && m14 === 2) - u2 = -m24; - else - u2 = m24; +Transaction.prototype._hasDustOutputs = function(opts) { + if (opts.disableDustOutputs) { + return; + } + var index, output; + for (index in this.outputs) { + output = this.outputs[index]; + if (output.satoshis < Transaction.DUST_AMOUNT && !output.script.isDataOut()) { + return new errors.Transaction.DustOutputs(); } - jsf[1].push(u2); - - // Second phase - if (2 * d1 === u1 + 1) - d1 = 1 - d1; - if (2 * d2 === u2 + 1) - d2 = 1 - d2; - k1.ishrn(1); - k2.ishrn(1); } - - return jsf; -} -utils.getJSF = getJSF; - -},{}],69:[function(require,module,exports){ -var r; - -module.exports = function rand(len) { - if (!r) - r = new Rand(null); - - return r.generate(len); -}; - -function Rand(rand) { - this.rand = rand; -} -module.exports.Rand = Rand; - -Rand.prototype.generate = function generate(len) { - return this._rand(len); }; -if (typeof window === 'object') { - if (window.crypto && window.crypto.getRandomValues) { - // Modern browsers - Rand.prototype._rand = function _rand(n) { - var arr = new Uint8Array(n); - window.crypto.getRandomValues(arr); - return arr; - }; - } else if (window.msCrypto && window.msCrypto.getRandomValues) { - // IE - Rand.prototype._rand = function _rand(n) { - var arr = new Uint8Array(n); - window.msCrypto.getRandomValues(arr); - return arr; - }; - } else { - // Old junk - Rand.prototype._rand = function() { - throw new Error('Not implemented yet'); - }; +Transaction.prototype._isMissingSignatures = function(opts) { + if (opts.disableIsFullySigned) { + return; } -} else { - // Node.js or Web worker - try { - var crypto = require('cry' + 'pto'); - - Rand.prototype._rand = function _rand(n) { - return crypto.randomBytes(n); - }; - } catch (e) { - // Emulate crypto API using randy - Rand.prototype._rand = function _rand(n) { - var res = new Uint8Array(n); - for (var i = 0; i < res.length; i++) - res[i] = this.rand.getByte(); - return res; - }; + if (!this.isFullySigned()) { + return new errors.Transaction.MissingSignatures(); } -} - -},{}],70:[function(require,module,exports){ -var hash = exports; - -hash.utils = require('./hash/utils'); -hash.common = require('./hash/common'); -hash.sha = require('./hash/sha'); -hash.ripemd = require('./hash/ripemd'); -hash.hmac = require('./hash/hmac'); - -// Proxy hash functions to the main object -hash.sha1 = hash.sha.sha1; -hash.sha256 = hash.sha.sha256; -hash.sha224 = hash.sha.sha224; -hash.sha384 = hash.sha.sha384; -hash.sha512 = hash.sha.sha512; -hash.ripemd160 = hash.ripemd.ripemd160; - -},{"./hash/common":71,"./hash/hmac":72,"./hash/ripemd":73,"./hash/sha":74,"./hash/utils":75}],71:[function(require,module,exports){ -var hash = require('../hash'); -var utils = hash.utils; -var assert = utils.assert; +}; -function BlockHash() { - this.pending = null; - this.pendingTotal = 0; - this.blockSize = this.constructor.blockSize; - this.outSize = this.constructor.outSize; - this.hmacStrength = this.constructor.hmacStrength; - this.padLength = this.constructor.padLength / 8; - this.endian = 'big'; +Transaction.prototype.inspect = function() { + return ''; +}; - this._delta8 = this.blockSize / 8; - this._delta32 = this.blockSize / 32; -} -exports.BlockHash = BlockHash; +Transaction.prototype.toBuffer = function() { + var writer = new BufferWriter(); + return this.toBufferWriter(writer).toBuffer(); +}; -BlockHash.prototype.update = function update(msg, enc) { - // Convert message to array, pad it, and join into 32bit blocks - msg = utils.toArray(msg, enc); - if (!this.pending) - this.pending = msg; - else - this.pending = this.pending.concat(msg); - this.pendingTotal += msg.length; +Transaction.prototype.toBufferWriter = function(writer) { + writer.writeUInt32LE(this.version); + writer.writeVarintNum(this.inputs.length); + _.each(this.inputs, function(input) { + input.toBufferWriter(writer); + }); + writer.writeVarintNum(this.outputs.length); + _.each(this.outputs, function(output) { + output.toBufferWriter(writer); + }); + writer.writeUInt32LE(this.nLockTime); + return writer; +}; - // Enough data, try updating - if (this.pending.length >= this._delta8) { - msg = this.pending; +Transaction.prototype.fromBuffer = function(buffer) { + var reader = new BufferReader(buffer); + return this.fromBufferReader(reader); +}; - // Process pending data in blocks - var r = msg.length % this._delta8; - this.pending = msg.slice(msg.length - r, msg.length); - if (this.pending.length === 0) - this.pending = null; +Transaction.prototype.fromBufferReader = function(reader) { + $.checkArgument(!reader.finished(), 'No transaction data received'); + var i, sizeTxIns, sizeTxOuts; - msg = utils.join32(msg, 0, msg.length - r, this.endian); - for (var i = 0; i < msg.length; i += this._delta32) - this._update(msg, i, i + this._delta32); + this.version = reader.readUInt32LE(); + sizeTxIns = reader.readVarintNum(); + for (i = 0; i < sizeTxIns; i++) { + var input = Input.fromBufferReader(reader); + this.inputs.push(input); } - + sizeTxOuts = reader.readVarintNum(); + for (i = 0; i < sizeTxOuts; i++) { + this.outputs.push(Output.fromBufferReader(reader)); + } + this.nLockTime = reader.readUInt32LE(); return this; }; -BlockHash.prototype.digest = function digest(enc) { - this.update(this._pad()); - assert(this.pending === null); - - return this._digest(enc); +Transaction.prototype.toObject = Transaction.prototype.toJSON = function toObject() { + var inputs = []; + this.inputs.forEach(function(input) { + inputs.push(input.toObject()); + }); + var outputs = []; + this.outputs.forEach(function(output) { + outputs.push(output.toObject()); + }); + var obj = { + hash: this.hash, + version: this.version, + inputs: inputs, + outputs: outputs, + nLockTime: this.nLockTime + }; + if (this._changeScript) { + obj.changeScript = this._changeScript.toString(); + } + if (!_.isUndefined(this._changeIndex)) { + obj.changeIndex = this._changeIndex; + } + if (!_.isUndefined(this._fee)) { + obj.fee = this._fee; + } + return obj; }; -BlockHash.prototype._pad = function pad() { - var len = this.pendingTotal; - var bytes = this._delta8; - var k = bytes - ((len + this.padLength) % bytes); - var res = new Array(k + this.padLength); - res[0] = 0x80; - for (var i = 1; i < k; i++) - res[i] = 0; - - // Append length - len <<= 3; - if (this.endian === 'big') { - for (var t = 8; t < this.padLength; t++) - res[i++] = 0; - - res[i++] = 0; - res[i++] = 0; - res[i++] = 0; - res[i++] = 0; - res[i++] = (len >>> 24) & 0xff; - res[i++] = (len >>> 16) & 0xff; - res[i++] = (len >>> 8) & 0xff; - res[i++] = len & 0xff; +Transaction.prototype.fromObject = function fromObject(arg) { + /* jshint maxstatements: 20 */ + $.checkArgument(_.isObject(arg) || arg instanceof Transaction); + var self = this; + var transaction; + if (arg instanceof Transaction) { + transaction = transaction.toObject(); } else { - res[i++] = len & 0xff; - res[i++] = (len >>> 8) & 0xff; - res[i++] = (len >>> 16) & 0xff; - res[i++] = (len >>> 24) & 0xff; - res[i++] = 0; - res[i++] = 0; - res[i++] = 0; - res[i++] = 0; - - for (var t = 8; t < this.padLength; t++) - res[i++] = 0; + transaction = arg; } - - return res; + _.each(transaction.inputs, function(input) { + if (!input.output || !input.output.script) { + self.uncheckedAddInput(new Input(input)); + return; + } + var script = new Script(input.output.script); + var txin; + if (script.isPublicKeyHashOut()) { + txin = new Input.PublicKeyHash(input); + } else if (script.isScriptHashOut() && input.publicKeys && input.threshold) { + txin = new Input.MultiSigScriptHash( + input, input.publicKeys, input.threshold, input.signatures + ); + } else if (script.isPublicKeyOut()) { + txin = new Input.PublicKey(input); + } else { + throw new errors.Transaction.Input.UnsupportedScript(input.output.script); + } + self.addInput(txin); + }); + _.each(transaction.outputs, function(output) { + self.addOutput(new Output(output)); + }); + if (transaction.changeIndex) { + this._changeIndex = transaction.changeIndex; + } + if (transaction.changeScript) { + this._changeScript = new Script(transaction.changeScript); + } + if (transaction.fee) { + this._fee = transaction.fee; + } + this.nLockTime = transaction.nLockTime; + this.version = transaction.version; + this._checkConsistency(arg); + return this; }; -},{"../hash":70}],72:[function(require,module,exports){ -var hmac = exports; - -var hash = require('../hash'); -var utils = hash.utils; -var assert = utils.assert; +Transaction.prototype._checkConsistency = function(arg) { + if (!_.isUndefined(this._changeIndex)) { + $.checkState(this._changeScript); + $.checkState(this.outputs[this._changeIndex]); + $.checkState(this.outputs[this._changeIndex].script.toString() === + this._changeScript.toString()); + } + if (arg && arg.hash) { + $.checkState(arg.hash === this.hash, 'Hash in object does not match transaction hash'); + } +}; -function Hmac(hash, key, enc) { - if (!(this instanceof Hmac)) - return new Hmac(hash, key, enc); - this.Hash = hash; - this.blockSize = hash.blockSize / 8; - this.outSize = hash.outSize / 8; - this.inner = null; - this.outer = null; +/** + * Sets nLockTime so that transaction is not valid until the desired date(a + * timestamp in seconds since UNIX epoch is also accepted) + * + * @param {Date | Number} time + * @return {Transaction} this + */ +Transaction.prototype.lockUntilDate = function(time) { + $.checkArgument(time); + if (_.isNumber(time) && time < Transaction.NLOCKTIME_BLOCKHEIGHT_LIMIT) { + throw new errors.Transaction.LockTimeTooEarly(); + } + if (_.isDate(time)) { + time = time.getTime() / 1000; + } - this._init(utils.toArray(key, enc)); -} -module.exports = Hmac; + for (var i = 0; i < this.inputs.length; i++) { + if (this.inputs[i].sequenceNumber === Input.DEFAULT_SEQNUMBER){ + this.inputs[i].sequenceNumber = Input.DEFAULT_LOCKTIME_SEQNUMBER; + } + } -Hmac.prototype._init = function init(key) { - // Shorten key, if needed - if (key.length > this.blockSize) - key = new this.Hash().update(key).digest(); - assert(key.length <= this.blockSize); + this.nLockTime = time; + return this; +}; - // Add padding to key - for (var i = key.length; i < this.blockSize; i++) - key.push(0); +/** + * Sets nLockTime so that transaction is not valid until the desired block + * height. + * + * @param {Number} height + * @return {Transaction} this + */ +Transaction.prototype.lockUntilBlockHeight = function(height) { + $.checkArgument(_.isNumber(height)); + if (height >= Transaction.NLOCKTIME_BLOCKHEIGHT_LIMIT) { + throw new errors.Transaction.BlockHeightTooHigh(); + } + if (height < 0) { + throw new errors.Transaction.NLockTimeOutOfRange(); + } - for (var i = 0; i < key.length; i++) - key[i] ^= 0x36; - this.inner = new this.Hash().update(key); + for (var i = 0; i < this.inputs.length; i++) { + if (this.inputs[i].sequenceNumber === Input.DEFAULT_SEQNUMBER){ + this.inputs[i].sequenceNumber = Input.DEFAULT_LOCKTIME_SEQNUMBER; + } + } - // 0x36 ^ 0x5c = 0x6a - for (var i = 0; i < key.length; i++) - key[i] ^= 0x6a; - this.outer = new this.Hash().update(key); -}; -Hmac.prototype.update = function update(msg, enc) { - this.inner.update(msg, enc); + this.nLockTime = height; return this; }; -Hmac.prototype.digest = function digest(enc) { - this.outer.update(this.inner.digest()); - return this.outer.digest(enc); +/** + * Returns a semantic version of the transaction's nLockTime. + * @return {Number|Date} + * If nLockTime is 0, it returns null, + * if it is < 500000000, it returns a block height (number) + * else it returns a Date object. + */ +Transaction.prototype.getLockTime = function() { + if (!this.nLockTime) { + return null; + } + if (this.nLockTime < Transaction.NLOCKTIME_BLOCKHEIGHT_LIMIT) { + return this.nLockTime; + } + return new Date(1000 * this.nLockTime); }; -},{"../hash":70}],73:[function(require,module,exports){ -var hash = require('../hash'); -var utils = hash.utils; - -var rotl32 = utils.rotl32; -var sum32 = utils.sum32; -var sum32_3 = utils.sum32_3; -var sum32_4 = utils.sum32_4; -var BlockHash = hash.common.BlockHash; - -function RIPEMD160() { - if (!(this instanceof RIPEMD160)) - return new RIPEMD160(); - - BlockHash.call(this); - - this.h = [ 0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476, 0xc3d2e1f0 ]; - this.endian = 'little'; -} -utils.inherits(RIPEMD160, BlockHash); -exports.ripemd160 = RIPEMD160; - -RIPEMD160.blockSize = 512; -RIPEMD160.outSize = 160; -RIPEMD160.hmacStrength = 192; -RIPEMD160.padLength = 64; - -RIPEMD160.prototype._update = function update(msg, start) { - var A = this.h[0]; - var B = this.h[1]; - var C = this.h[2]; - var D = this.h[3]; - var E = this.h[4]; - var Ah = A; - var Bh = B; - var Ch = C; - var Dh = D; - var Eh = E; - for (var j = 0; j < 80; j++) { - var T = sum32( - rotl32( - sum32_4(A, f(j, B, C, D), msg[r[j] + start], K(j)), - s[j]), - E); - A = E; - E = D; - D = rotl32(C, 10); - C = B; - B = T; - T = sum32( - rotl32( - sum32_4(Ah, f(79 - j, Bh, Ch, Dh), msg[rh[j] + start], Kh(j)), - sh[j]), - Eh); - Ah = Eh; - Eh = Dh; - Dh = rotl32(Ch, 10); - Ch = Bh; - Bh = T; - } - T = sum32_3(this.h[1], C, Dh); - this.h[1] = sum32_3(this.h[2], D, Eh); - this.h[2] = sum32_3(this.h[3], E, Ah); - this.h[3] = sum32_3(this.h[4], A, Bh); - this.h[4] = sum32_3(this.h[0], B, Ch); - this.h[0] = T; +Transaction.prototype.fromString = function(string) { + this.fromBuffer(new buffer.Buffer(string, 'hex')); }; -RIPEMD160.prototype._digest = function digest(enc) { - if (enc === 'hex') - return utils.toHex32(this.h, 'little'); - else - return utils.split32(this.h, 'little'); +Transaction.prototype._newTransaction = function() { + this.version = CURRENT_VERSION; + this.nLockTime = DEFAULT_NLOCKTIME; }; -function f(j, x, y, z) { - if (j <= 15) - return x ^ y ^ z; - else if (j <= 31) - return (x & y) | ((~x) & z); - else if (j <= 47) - return (x | (~y)) ^ z; - else if (j <= 63) - return (x & z) | (y & (~z)); - else - return x ^ (y | (~z)); -} - -function K(j) { - if (j <= 15) - return 0x00000000; - else if (j <= 31) - return 0x5a827999; - else if (j <= 47) - return 0x6ed9eba1; - else if (j <= 63) - return 0x8f1bbcdc; - else - return 0xa953fd4e; -} - -function Kh(j) { - if (j <= 15) - return 0x50a28be6; - else if (j <= 31) - return 0x5c4dd124; - else if (j <= 47) - return 0x6d703ef3; - else if (j <= 63) - return 0x7a6d76e9; - else - return 0x00000000; -} - -var r = [ - 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, - 7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8, - 3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12, - 1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2, - 4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13 -]; +/* Transaction creation interface */ -var rh = [ - 5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12, - 6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2, - 15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13, - 8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14, - 12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11 -]; +/** + * @typedef {Object} Transaction~fromObject + * @property {string} prevTxId + * @property {number} outputIndex + * @property {(Buffer|string|Script)} script + * @property {number} satoshis + */ -var s = [ - 11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8, - 7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12, - 11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5, - 11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12, - 9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6 -]; +/** + * Add an input to this transaction. This is a high level interface + * to add an input, for more control, use @{link Transaction#addInput}. + * + * Can receive, as output information, the output of bitcoind's `listunspent` command, + * and a slightly fancier format recognized by bitcore: + * + * ``` + * { + * address: 'mszYqVnqKoQx4jcTdJXxwKAissE3Jbrrc1', + * txId: 'a477af6b2667c29670467e4e0728b685ee07b240235771862318e29ddbe58458', + * outputIndex: 0, + * script: Script.empty(), + * satoshis: 1020000 + * } + * ``` + * Where `address` can be either a string or a bitcore Address object. The + * same is true for `script`, which can be a string or a bitcore Script. + * + * Beware that this resets all the signatures for inputs (in further versions, + * SIGHASH_SINGLE or SIGHASH_NONE signatures will not be reset). + * + * @example + * ```javascript + * var transaction = new Transaction(); + * + * // From a pay to public key hash output from bitcoind's listunspent + * transaction.from({'txid': '0000...', vout: 0, amount: 0.1, scriptPubKey: 'OP_DUP ...'}); + * + * // From a pay to public key hash output + * transaction.from({'txId': '0000...', outputIndex: 0, satoshis: 1000, script: 'OP_DUP ...'}); + * + * // From a multisig P2SH output + * transaction.from({'txId': '0000...', inputIndex: 0, satoshis: 1000, script: '... OP_HASH'}, + * ['03000...', '02000...'], 2); + * ``` + * + * @param {(Array.|Transaction~fromObject)} utxo + * @param {Array=} pubkeys + * @param {number=} threshold + */ +Transaction.prototype.from = function(utxo, pubkeys, threshold) { + if (_.isArray(utxo)) { + var self = this; + _.each(utxo, function(utxo) { + self.from(utxo, pubkeys, threshold); + }); + return this; + } + var exists = _.any(this.inputs, function(input) { + // TODO: Maybe prevTxId should be a string? Or defined as read only property? + return input.prevTxId.toString('hex') === utxo.txId && input.outputIndex === utxo.outputIndex; + }); + if (exists) { + return this; + } + if (pubkeys && threshold) { + this._fromMultisigUtxo(utxo, pubkeys, threshold); + } else { + this._fromNonP2SH(utxo); + } + return this; +}; -var sh = [ - 8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6, - 9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11, - 9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5, - 15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8, - 8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11 -]; +Transaction.prototype._fromNonP2SH = function(utxo) { + var clazz; + utxo = new UnspentOutput(utxo); + if (utxo.script.isPublicKeyHashOut()) { + clazz = PublicKeyHashInput; + } else if (utxo.script.isPublicKeyOut()) { + clazz = PublicKeyInput; + } else { + clazz = Input; + } + this.addInput(new clazz({ + output: new Output({ + script: utxo.script, + satoshis: utxo.satoshis + }), + prevTxId: utxo.txId, + outputIndex: utxo.outputIndex, + script: Script.empty() + })); +}; -},{"../hash":70}],74:[function(require,module,exports){ -var hash = require('../hash'); -var utils = hash.utils; -var assert = utils.assert; +Transaction.prototype._fromMultisigUtxo = function(utxo, pubkeys, threshold) { + $.checkArgument(threshold <= pubkeys.length, + 'Number of required signatures must be greater than the number of public keys'); + var clazz; + utxo = new UnspentOutput(utxo); + if (utxo.script.isMultisigOut()) { + clazz = MultiSigInput; + } else if (utxo.script.isScriptHashOut()) { + clazz = MultiSigScriptHashInput; + } else { + throw new Error("@TODO"); + } + this.addInput(new clazz({ + output: new Output({ + script: utxo.script, + satoshis: utxo.satoshis + }), + prevTxId: utxo.txId, + outputIndex: utxo.outputIndex, + script: Script.empty() + }, pubkeys, threshold)); +}; -var rotr32 = utils.rotr32; -var rotl32 = utils.rotl32; -var sum32 = utils.sum32; -var sum32_4 = utils.sum32_4; -var sum32_5 = utils.sum32_5; -var rotr64_hi = utils.rotr64_hi; -var rotr64_lo = utils.rotr64_lo; -var shr64_hi = utils.shr64_hi; -var shr64_lo = utils.shr64_lo; -var sum64 = utils.sum64; -var sum64_hi = utils.sum64_hi; -var sum64_lo = utils.sum64_lo; -var sum64_4_hi = utils.sum64_4_hi; -var sum64_4_lo = utils.sum64_4_lo; -var sum64_5_hi = utils.sum64_5_hi; -var sum64_5_lo = utils.sum64_5_lo; -var BlockHash = hash.common.BlockHash; +/** + * Add an input to this transaction. The input must be an instance of the `Input` class. + * It should have information about the Output that it's spending, but if it's not already + * set, two additional parameters, `outputScript` and `satoshis` can be provided. + * + * @param {Input} input + * @param {String|Script} outputScript + * @param {number} satoshis + * @return Transaction this, for chaining + */ +Transaction.prototype.addInput = function(input, outputScript, satoshis) { + $.checkArgumentType(input, Input, 'input'); + if (!input.output && (_.isUndefined(outputScript) || _.isUndefined(satoshis))) { + throw new errors.Transaction.NeedMoreInfo('Need information about the UTXO script and satoshis'); + } + if (!input.output && outputScript && !_.isUndefined(satoshis)) { + outputScript = outputScript instanceof Script ? outputScript : new Script(outputScript); + $.checkArgumentType(satoshis, 'number', 'satoshis'); + input.output = new Output({ + script: outputScript, + satoshis: satoshis + }); + } + return this.uncheckedAddInput(input); +}; -var sha256_K = [ - 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, - 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, - 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, - 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, - 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, - 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, - 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, - 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, - 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, - 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, - 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, - 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, - 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, - 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, - 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, - 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 -]; +/** + * Add an input to this transaction, without checking that the input has information about + * the output that it's spending. + * + * @param {Input} input + * @return Transaction this, for chaining + */ +Transaction.prototype.uncheckedAddInput = function(input) { + $.checkArgumentType(input, Input, 'input'); + this.inputs.push(input); + this._inputAmount = undefined; + this._updateChangeOutput(); + return this; +}; -var sha512_K = [ - 0x428a2f98, 0xd728ae22, 0x71374491, 0x23ef65cd, - 0xb5c0fbcf, 0xec4d3b2f, 0xe9b5dba5, 0x8189dbbc, - 0x3956c25b, 0xf348b538, 0x59f111f1, 0xb605d019, - 0x923f82a4, 0xaf194f9b, 0xab1c5ed5, 0xda6d8118, - 0xd807aa98, 0xa3030242, 0x12835b01, 0x45706fbe, - 0x243185be, 0x4ee4b28c, 0x550c7dc3, 0xd5ffb4e2, - 0x72be5d74, 0xf27b896f, 0x80deb1fe, 0x3b1696b1, - 0x9bdc06a7, 0x25c71235, 0xc19bf174, 0xcf692694, - 0xe49b69c1, 0x9ef14ad2, 0xefbe4786, 0x384f25e3, - 0x0fc19dc6, 0x8b8cd5b5, 0x240ca1cc, 0x77ac9c65, - 0x2de92c6f, 0x592b0275, 0x4a7484aa, 0x6ea6e483, - 0x5cb0a9dc, 0xbd41fbd4, 0x76f988da, 0x831153b5, - 0x983e5152, 0xee66dfab, 0xa831c66d, 0x2db43210, - 0xb00327c8, 0x98fb213f, 0xbf597fc7, 0xbeef0ee4, - 0xc6e00bf3, 0x3da88fc2, 0xd5a79147, 0x930aa725, - 0x06ca6351, 0xe003826f, 0x14292967, 0x0a0e6e70, - 0x27b70a85, 0x46d22ffc, 0x2e1b2138, 0x5c26c926, - 0x4d2c6dfc, 0x5ac42aed, 0x53380d13, 0x9d95b3df, - 0x650a7354, 0x8baf63de, 0x766a0abb, 0x3c77b2a8, - 0x81c2c92e, 0x47edaee6, 0x92722c85, 0x1482353b, - 0xa2bfe8a1, 0x4cf10364, 0xa81a664b, 0xbc423001, - 0xc24b8b70, 0xd0f89791, 0xc76c51a3, 0x0654be30, - 0xd192e819, 0xd6ef5218, 0xd6990624, 0x5565a910, - 0xf40e3585, 0x5771202a, 0x106aa070, 0x32bbd1b8, - 0x19a4c116, 0xb8d2d0c8, 0x1e376c08, 0x5141ab53, - 0x2748774c, 0xdf8eeb99, 0x34b0bcb5, 0xe19b48a8, - 0x391c0cb3, 0xc5c95a63, 0x4ed8aa4a, 0xe3418acb, - 0x5b9cca4f, 0x7763e373, 0x682e6ff3, 0xd6b2b8a3, - 0x748f82ee, 0x5defb2fc, 0x78a5636f, 0x43172f60, - 0x84c87814, 0xa1f0ab72, 0x8cc70208, 0x1a6439ec, - 0x90befffa, 0x23631e28, 0xa4506ceb, 0xde82bde9, - 0xbef9a3f7, 0xb2c67915, 0xc67178f2, 0xe372532b, - 0xca273ece, 0xea26619c, 0xd186b8c7, 0x21c0c207, - 0xeada7dd6, 0xcde0eb1e, 0xf57d4f7f, 0xee6ed178, - 0x06f067aa, 0x72176fba, 0x0a637dc5, 0xa2c898a6, - 0x113f9804, 0xbef90dae, 0x1b710b35, 0x131c471b, - 0x28db77f5, 0x23047d84, 0x32caab7b, 0x40c72493, - 0x3c9ebe0a, 0x15c9bebc, 0x431d67c4, 0x9c100d4c, - 0x4cc5d4be, 0xcb3e42b6, 0x597f299c, 0xfc657e2a, - 0x5fcb6fab, 0x3ad6faec, 0x6c44198c, 0x4a475817 -]; +/** + * Returns true if the transaction has enough info on all inputs to be correctly validated + * + * @return {boolean} + */ +Transaction.prototype.hasAllUtxoInfo = function() { + return _.all(this.inputs.map(function(input) { + return !!input.output; + })); +}; -var sha1_K = [ - 0x5A827999, 0x6ED9EBA1, - 0x8F1BBCDC, 0xCA62C1D6 -]; +/** + * Manually set the fee for this transaction. Beware that this resets all the signatures + * for inputs (in further versions, SIGHASH_SINGLE or SIGHASH_NONE signatures will not + * be reset). + * + * @param {number} amount satoshis to be sent + * @return {Transaction} this, for chaining + */ +Transaction.prototype.fee = function(amount) { + $.checkArgument(_.isNumber(amount), 'amount must be a number'); + this._fee = amount; + this._updateChangeOutput(); + return this; +}; -function SHA256() { - if (!(this instanceof SHA256)) - return new SHA256(); +/** + * Manually set the fee per KB for this transaction. Beware that this resets all the signatures + * for inputs (in further versions, SIGHASH_SINGLE or SIGHASH_NONE signatures will not + * be reset). + * + * @param {number} amount satoshis per KB to be sent + * @return {Transaction} this, for chaining + */ +Transaction.prototype.feePerKb = function(amount) { + $.checkArgument(_.isNumber(amount), 'amount must be a number'); + this._feePerKb = amount; + this._updateChangeOutput(); + return this; +}; - BlockHash.call(this); - this.h = [ 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, - 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19 ]; - this.k = sha256_K; - this.W = new Array(64); -} -utils.inherits(SHA256, BlockHash); -exports.sha256 = SHA256; +/* Output management */ -SHA256.blockSize = 512; -SHA256.outSize = 256; -SHA256.hmacStrength = 192; -SHA256.padLength = 64; +/** + * Set the change address for this transaction + * + * Beware that this resets all the signatures for inputs (in further versions, + * SIGHASH_SINGLE or SIGHASH_NONE signatures will not be reset). + * + * @param {Address} address An address for change to be sent to. + * @return {Transaction} this, for chaining + */ +Transaction.prototype.change = function(address) { + $.checkArgument(address, 'address is required'); + this._changeScript = Script.fromAddress(address); + this._updateChangeOutput(); + return this; +}; -SHA256.prototype._update = function _update(msg, start) { - var W = this.W; - for (var i = 0; i < 16; i++) - W[i] = msg[start + i]; - for (; i < W.length; i++) - W[i] = sum32_4(g1_256(W[i - 2]), W[i - 7], g0_256(W[i - 15]), W[i - 16]); +/** + * @return {Output} change output, if it exists + */ +Transaction.prototype.getChangeOutput = function() { + if (!_.isUndefined(this._changeIndex)) { + return this.outputs[this._changeIndex]; + } + return null; +}; - var a = this.h[0]; - var b = this.h[1]; - var c = this.h[2]; - var d = this.h[3]; - var e = this.h[4]; - var f = this.h[5]; - var g = this.h[6]; - var h = this.h[7]; +/** + * @typedef {Object} Transaction~toObject + * @property {(string|Address)} address + * @property {number} satoshis + */ - assert(this.k.length === W.length); - for (var i = 0; i < W.length; i++) { - var T1 = sum32_5(h, s1_256(e), ch32(e, f, g), this.k[i], W[i]); - var T2 = sum32(s0_256(a), maj32(a, b, c)); - h = g; - g = f; - f = e; - e = sum32(d, T1); - d = c; - c = b; - b = a; - a = sum32(T1, T2); +/** + * Add an output to the transaction. + * + * Beware that this resets all the signatures for inputs (in further versions, + * SIGHASH_SINGLE or SIGHASH_NONE signatures will not be reset). + * + * @param {(string|Address|Array.)} address + * @param {number} amount in satoshis + * @return {Transaction} this, for chaining + */ +Transaction.prototype.to = function(address, amount) { + if (_.isArray(address)) { + var self = this; + _.each(address, function(to) { + self.to(to.address, to.satoshis); + }); + return this; } - this.h[0] = sum32(this.h[0], a); - this.h[1] = sum32(this.h[1], b); - this.h[2] = sum32(this.h[2], c); - this.h[3] = sum32(this.h[3], d); - this.h[4] = sum32(this.h[4], e); - this.h[5] = sum32(this.h[5], f); - this.h[6] = sum32(this.h[6], g); - this.h[7] = sum32(this.h[7], h); + $.checkArgument( + JSUtil.isNaturalNumber(amount), + 'Amount is expected to be a positive integer' + ); + this.addOutput(new Output({ + script: Script(new Address(address)), + satoshis: amount + })); + return this; }; -SHA256.prototype._digest = function digest(enc) { - if (enc === 'hex') - return utils.toHex32(this.h, 'big'); - else - return utils.split32(this.h, 'big'); +/** + * Add an OP_RETURN output to the transaction. + * + * Beware that this resets all the signatures for inputs (in further versions, + * SIGHASH_SINGLE or SIGHASH_NONE signatures will not be reset). + * + * @param {Buffer|string} value the data to be stored in the OP_RETURN output. + * In case of a string, the UTF-8 representation will be stored + * @return {Transaction} this, for chaining + */ +Transaction.prototype.addData = function(value) { + this.addOutput(new Output({ + script: Script.buildDataOut(value), + satoshis: 0 + })); + return this; }; -function SHA224() { - if (!(this instanceof SHA224)) - return new SHA224(); - SHA256.call(this); - this.h = [ 0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939, - 0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4 ]; -} -utils.inherits(SHA224, SHA256); -exports.sha224 = SHA224; +/** + * Add an output to the transaction. + * + * @param {Output} output the output to add. + * @return {Transaction} this, for chaining + */ +Transaction.prototype.addOutput = function(output) { + $.checkArgumentType(output, Output, 'output'); + this._addOutput(output); + this._updateChangeOutput(); + return this; +}; -SHA224.blockSize = 512; -SHA224.outSize = 224; -SHA224.hmacStrength = 192; -SHA224.padLength = 64; -SHA224.prototype._digest = function digest(enc) { - // Just truncate output - if (enc === 'hex') - return utils.toHex32(this.h.slice(0, 7), 'big'); - else - return utils.split32(this.h.slice(0, 7), 'big'); +/** + * Remove all outputs from the transaction. + * + * @return {Transaction} this, for chaining + */ +Transaction.prototype.clearOutputs = function() { + this.outputs = []; + this._clearSignatures(); + this._outputAmount = undefined; + this._changeIndex = undefined; + this._updateChangeOutput(); + return this; }; -function SHA512() { - if (!(this instanceof SHA512)) - return new SHA512(); - BlockHash.call(this); - this.h = [ 0x6a09e667, 0xf3bcc908, - 0xbb67ae85, 0x84caa73b, - 0x3c6ef372, 0xfe94f82b, - 0xa54ff53a, 0x5f1d36f1, - 0x510e527f, 0xade682d1, - 0x9b05688c, 0x2b3e6c1f, - 0x1f83d9ab, 0xfb41bd6b, - 0x5be0cd19, 0x137e2179 ]; - this.k = sha512_K; - this.W = new Array(160); -} -utils.inherits(SHA512, BlockHash); -exports.sha512 = SHA512; +Transaction.prototype._addOutput = function(output) { + this.outputs.push(output); + this._outputAmount = undefined; +}; -SHA512.blockSize = 1024; -SHA512.outSize = 512; -SHA512.hmacStrength = 192; -SHA512.padLength = 128; -SHA512.prototype._prepareBlock = function _prepareBlock(msg, start) { - var W = this.W; +/** + * Calculates or gets the total output amount in satoshis + * + * @return {Number} the transaction total output amount + */ +Transaction.prototype._getOutputAmount = function() { + if (_.isUndefined(this._outputAmount)) { + var self = this; + this._outputAmount = 0; + _.each(this.outputs, function(output) { + self._outputAmount += output.satoshis; + }); + } + return this._outputAmount; +}; - // 32 x 32bit words - for (var i = 0; i < 32; i++) - W[i] = msg[start + i]; - for (; i < W.length; i += 2) { - var c0_hi = g1_512_hi(W[i - 4], W[i - 3]); // i - 2 - var c0_lo = g1_512_lo(W[i - 4], W[i - 3]); - var c1_hi = W[i - 14]; // i - 7 - var c1_lo = W[i - 13]; - var c2_hi = g0_512_hi(W[i - 30], W[i - 29]); // i - 15 - var c2_lo = g0_512_lo(W[i - 30], W[i - 29]); - var c3_hi = W[i - 32]; // i - 16 - var c3_lo = W[i - 31]; - W[i] = sum64_4_hi(c0_hi, c0_lo, - c1_hi, c1_lo, - c2_hi, c2_lo, - c3_hi, c3_lo); - W[i + 1] = sum64_4_lo(c0_hi, c0_lo, - c1_hi, c1_lo, - c2_hi, c2_lo, - c3_hi, c3_lo); +/** + * Calculates or gets the total input amount in satoshis + * + * @return {Number} the transaction total input amount + */ +Transaction.prototype._getInputAmount = function() { + if (_.isUndefined(this._inputAmount)) { + var self = this; + this._inputAmount = 0; + _.each(this.inputs, function(input) { + if (_.isUndefined(input.output)) { + throw new errors.Transaction.Input.MissingPreviousOutput(); + } + self._inputAmount += input.output.satoshis; + }); } + return this._inputAmount; }; -SHA512.prototype._update = function _update(msg, start) { - this._prepareBlock(msg, start); - - var W = this.W; +Transaction.prototype._updateChangeOutput = function() { + if (!this._changeScript) { + return; + } + this._clearSignatures(); + if (!_.isUndefined(this._changeIndex)) { + this._removeOutput(this._changeIndex); + } + var available = this._getUnspentValue(); + var fee = this.getFee(); + var changeAmount = available - fee; + if (changeAmount > 0) { + this._changeIndex = this.outputs.length; + this._addOutput(new Output({ + script: this._changeScript, + satoshis: changeAmount + })); + } else { + this._changeIndex = undefined; + } +}; +/** + * Calculates the fee of the transaction. + * + * If there's a fixed fee set, return that. + * + * If there is no change output set, the fee is the + * total value of the outputs minus inputs. Note that + * a serialized transaction only specifies the value + * of its outputs. (The value of inputs are recorded + * in the previous transaction outputs being spent.) + * This method therefore raises a "MissingPreviousOutput" + * error when called on a serialized transaction. + * + * If there's no fee set and no change address, + * estimate the fee based on size. + * + * @return {Number} fee of this transaction in satoshis + */ +Transaction.prototype.getFee = function() { + if (this.isCoinbase()) { + return 0; + } + if (!_.isUndefined(this._fee)) { + return this._fee; + } + // if no change output is set, fees should equal all the unspent amount + if (!this._changeScript) { + return this._getUnspentValue(); + } + return this._estimateFee(); +}; - var ah = this.h[0]; - var al = this.h[1]; - var bh = this.h[2]; - var bl = this.h[3]; - var ch = this.h[4]; - var cl = this.h[5]; - var dh = this.h[6]; - var dl = this.h[7]; - var eh = this.h[8]; - var el = this.h[9]; - var fh = this.h[10]; - var fl = this.h[11]; - var gh = this.h[12]; - var gl = this.h[13]; - var hh = this.h[14]; - var hl = this.h[15]; +/** + * Estimates fee from serialized transaction size in bytes. + */ +Transaction.prototype._estimateFee = function() { + var estimatedSize = this._estimateSize(); + var available = this._getUnspentValue(); + return Transaction._estimateFee(estimatedSize, available, this._feePerKb); +}; - assert(this.k.length === W.length); - for (var i = 0; i < W.length; i += 2) { - var c0_hi = hh; - var c0_lo = hl; - var c1_hi = s1_512_hi(eh, el); - var c1_lo = s1_512_lo(eh, el); - var c2_hi = ch64_hi(eh, el, fh, fl, gh, gl); - var c2_lo = ch64_lo(eh, el, fh, fl, gh, gl); - var c3_hi = this.k[i]; - var c3_lo = this.k[i + 1]; - var c4_hi = W[i]; - var c4_lo = W[i + 1]; +Transaction.prototype._getUnspentValue = function() { + return this._getInputAmount() - this._getOutputAmount(); +}; - var T1_hi = sum64_5_hi(c0_hi, c0_lo, - c1_hi, c1_lo, - c2_hi, c2_lo, - c3_hi, c3_lo, - c4_hi, c4_lo); - var T1_lo = sum64_5_lo(c0_hi, c0_lo, - c1_hi, c1_lo, - c2_hi, c2_lo, - c3_hi, c3_lo, - c4_hi, c4_lo); +Transaction.prototype._clearSignatures = function() { + _.each(this.inputs, function(input) { + input.clearSignatures(); + }); +}; - var c0_hi = s0_512_hi(ah, al); - var c0_lo = s0_512_lo(ah, al); - var c1_hi = maj64_hi(ah, al, bh, bl, ch, cl); - var c1_lo = maj64_lo(ah, al, bh, bl, ch, cl); +Transaction._estimateFee = function(size, amountAvailable, feePerKb) { + var fee = Math.ceil(size / 1000) * (feePerKb || Transaction.FEE_PER_KB); + if (amountAvailable > fee) { + size += Transaction.CHANGE_OUTPUT_MAX_SIZE; + } + return Math.ceil(size / 1000) * (feePerKb || Transaction.FEE_PER_KB); +}; - var T2_hi = sum64_hi(c0_hi, c0_lo, c1_hi, c1_lo); - var T2_lo = sum64_lo(c0_hi, c0_lo, c1_hi, c1_lo); +Transaction.prototype._estimateSize = function() { + var result = Transaction.MAXIMUM_EXTRA_SIZE; + _.each(this.inputs, function(input) { + result += input._estimateSize(); + }); + _.each(this.outputs, function(output) { + result += output.script.toBuffer().length + 9; + }); + return result; +}; - hh = gh; - hl = gl; +Transaction.prototype._removeOutput = function(index) { + var output = this.outputs[index]; + this.outputs = _.without(this.outputs, output); + this._outputAmount = undefined; +}; - gh = fh; - gl = fl; +Transaction.prototype.removeOutput = function(index) { + this._removeOutput(index); + this._updateChangeOutput(); +}; - fh = eh; - fl = el; +/** + * Sort a transaction's inputs and outputs according to BIP69 + * + * @see {https://github.com/bitcoin/bips/blob/master/bip-0069.mediawiki} + * @return {Transaction} this + */ +Transaction.prototype.sort = function() { + this.sortInputs(function(inputs) { + var copy = Array.prototype.concat.apply([], inputs); + copy.sort(function(first, second) { + return compare(first.prevTxId, second.prevTxId) + || first.outputIndex - second.outputIndex; + }); + return copy; + }); + this.sortOutputs(function(outputs) { + var copy = Array.prototype.concat.apply([], outputs); + copy.sort(function(first, second) { + return first.satoshis - second.satoshis + || compare(first.script.toBuffer(), second.script.toBuffer()); + }); + return copy; + }); + return this; +}; - eh = sum64_hi(dh, dl, T1_hi, T1_lo); - el = sum64_lo(dl, dl, T1_hi, T1_lo); +/** + * Randomize this transaction's outputs ordering. The shuffling algorithm is a + * version of the Fisher-Yates shuffle, provided by lodash's _.shuffle(). + * + * @return {Transaction} this + */ +Transaction.prototype.shuffleOutputs = function() { + return this.sortOutputs(_.shuffle); +}; - dh = ch; - dl = cl; +/** + * Sort this transaction's outputs, according to a given sorting function that + * takes an array as argument and returns a new array, with the same elements + * but with a different order. The argument function MUST NOT modify the order + * of the original array + * + * @param {Function} sortingFunction + * @return {Transaction} this + */ +Transaction.prototype.sortOutputs = function(sortingFunction) { + var outs = sortingFunction(this.outputs); + return this._newOutputOrder(outs); +}; - ch = bh; - cl = bl; +/** + * Sort this transaction's inputs, according to a given sorting function that + * takes an array as argument and returns a new array, with the same elements + * but with a different order. + * + * @param {Function} sortingFunction + * @return {Transaction} this + */ +Transaction.prototype.sortInputs = function(sortingFunction) { + this.inputs = sortingFunction(this.inputs); + this._clearSignatures(); + return this; +}; - bh = ah; - bl = al; +Transaction.prototype._newOutputOrder = function(newOutputs) { + var isInvalidSorting = (this.outputs.length !== newOutputs.length || + _.difference(this.outputs, newOutputs).length !== 0); + if (isInvalidSorting) { + throw new errors.Transaction.InvalidSorting(); + } - ah = sum64_hi(T1_hi, T1_lo, T2_hi, T2_lo); - al = sum64_lo(T1_hi, T1_lo, T2_hi, T2_lo); + if (!_.isUndefined(this._changeIndex)) { + var changeOutput = this.outputs[this._changeIndex]; + this._changeIndex = _.findIndex(newOutputs, changeOutput); } - sum64(this.h, 0, ah, al); - sum64(this.h, 2, bh, bl); - sum64(this.h, 4, ch, cl); - sum64(this.h, 6, dh, dl); - sum64(this.h, 8, eh, el); - sum64(this.h, 10, fh, fl); - sum64(this.h, 12, gh, gl); - sum64(this.h, 14, hh, hl); + this.outputs = newOutputs; + return this; }; -SHA512.prototype._digest = function digest(enc) { - if (enc === 'hex') - return utils.toHex32(this.h, 'big'); - else - return utils.split32(this.h, 'big'); +Transaction.prototype.removeInput = function(txId, outputIndex) { + var index; + if (!outputIndex && _.isNumber(txId)) { + index = txId; + } else { + index = _.findIndex(this.inputs, function(input) { + return input.prevTxId.toString('hex') === txId && input.outputIndex === outputIndex; + }); + } + if (index < 0 || index >= this.inputs.length) { + throw new errors.Transaction.InvalidIndex(index, this.inputs.length); + } + var input = this.inputs[index]; + this.inputs = _.without(this.inputs, input); + this._inputAmount = undefined; + this._updateChangeOutput(); }; -function SHA384() { - if (!(this instanceof SHA384)) - return new SHA384(); - - SHA512.call(this); - this.h = [ 0xcbbb9d5d, 0xc1059ed8, - 0x629a292a, 0x367cd507, - 0x9159015a, 0x3070dd17, - 0x152fecd8, 0xf70e5939, - 0x67332667, 0xffc00b31, - 0x8eb44a87, 0x68581511, - 0xdb0c2e0d, 0x64f98fa7, - 0x47b5481d, 0xbefa4fa4 ]; -} -utils.inherits(SHA384, SHA512); -exports.sha384 = SHA384; - -SHA384.blockSize = 1024; -SHA384.outSize = 384; -SHA384.hmacStrength = 192; -SHA384.padLength = 128; +/* Signature handling */ -SHA384.prototype._digest = function digest(enc) { - if (enc === 'hex') - return utils.toHex32(this.h.slice(0, 12), 'big'); - else - return utils.split32(this.h.slice(0, 12), 'big'); +/** + * Sign the transaction using one or more private keys. + * + * It tries to sign each input, verifying that the signature will be valid + * (matches a public key). + * + * @param {Array|String|PrivateKey} privateKey + * @param {number} sigtype + * @return {Transaction} this, for chaining + */ +Transaction.prototype.sign = function(privateKey, sigtype) { + $.checkState(this.hasAllUtxoInfo()); + var self = this; + if (_.isArray(privateKey)) { + _.each(privateKey, function(privateKey) { + self.sign(privateKey, sigtype); + }); + return this; + } + _.each(this.getSignatures(privateKey, sigtype), function(signature) { + self.applySignature(signature); + }); + return this; }; -function SHA1() { - if (!(this instanceof SHA1)) - return new SHA1(); +Transaction.prototype.getSignatures = function(privKey, sigtype) { + privKey = new PrivateKey(privKey); + sigtype = sigtype || Signature.SIGHASH_ALL; + var transaction = this; + var results = []; + var hashData = Hash.sha256ripemd160(privKey.publicKey.toBuffer()); + _.each(this.inputs, function forEachInput(input, index) { + _.each(input.getSignatures(transaction, privKey, index, sigtype, hashData), function(signature) { + results.push(signature); + }); + }); + return results; +}; - BlockHash.call(this); - this.h = [ 0x67452301, 0xefcdab89, 0x98badcfe, - 0x10325476, 0xc3d2e1f0 ]; - this.W = new Array(80); -} +/** + * Add a signature to the transaction + * + * @param {Object} signature + * @param {number} signature.inputIndex + * @param {number} signature.sigtype + * @param {PublicKey} signature.publicKey + * @param {Signature} signature.signature + * @return {Transaction} this, for chaining + */ +Transaction.prototype.applySignature = function(signature) { + this.inputs[signature.inputIndex].addSignature(this, signature); + return this; +}; -utils.inherits(SHA1, BlockHash); -exports.sha1 = SHA1; +Transaction.prototype.isFullySigned = function() { + _.each(this.inputs, function(input) { + if (input.isFullySigned === Input.prototype.isFullySigned) { + throw new errors.Transaction.UnableToVerifySignature( + 'Unrecognized script kind, or not enough information to execute script.' + + 'This usually happens when creating a transaction from a serialized transaction' + ); + } + }); + return _.all(_.map(this.inputs, function(input) { + return input.isFullySigned(); + })); +}; -SHA1.blockSize = 512; -SHA1.outSize = 160; -SHA1.hmacStrength = 80; -SHA1.padLength = 64; +Transaction.prototype.isValidSignature = function(signature) { + var self = this; + if (this.inputs[signature.inputIndex].isValidSignature === Input.prototype.isValidSignature) { + throw new errors.Transaction.UnableToVerifySignature( + 'Unrecognized script kind, or not enough information to execute script.' + + 'This usually happens when creating a transaction from a serialized transaction' + ); + } + return this.inputs[signature.inputIndex].isValidSignature(self, signature); +}; -SHA1.prototype._update = function _update(msg, start) { - var W = this.W; +/** + * @returns {bool} whether the signature is valid for this transaction input + */ +Transaction.prototype.verifySignature = function(sig, pubkey, nin, subscript) { + return Sighash.verify(this, sig, pubkey, nin, subscript); +}; - for (var i = 0; i < 16; i++) - W[i] = msg[start + i]; +/** + * Check that a transaction passes basic sanity tests. If not, return a string + * describing the error. This function contains the same logic as + * CheckTransaction in bitcoin core. + */ +Transaction.prototype.verify = function() { + // Basic checks that don't depend on any context + if (this.inputs.length === 0) { + return 'transaction txins empty'; + } - for(; i < W.length; i++) - W[i] = rotl32(W[i - 3] ^ W[i - 8] ^ W[i - 14] ^ W[i - 16], 1); + if (this.outputs.length === 0) { + return 'transaction txouts empty'; + } - var a = this.h[0]; - var b = this.h[1]; - var c = this.h[2]; - var d = this.h[3]; - var e = this.h[4]; + // Check for negative or overflow output values + var valueoutbn = new BN(0); + for (var i = 0; i < this.outputs.length; i++) { + var txout = this.outputs[i]; - for (var i = 0; i < W.length; i++) { - var s = ~~(i / 20); - var t = sum32_5(rotl32(a, 5), ft_1(s, b, c, d), e, W[i], sha1_K[s]); - e = d; - d = c; - c = rotl32(b, 30); - b = a; - a = t; + if (txout.invalidSatoshis()) { + return 'transaction txout ' + i + ' satoshis is invalid'; + } + if (txout._satoshisBN.gt(new BN(Transaction.MAX_MONEY, 10))) { + return 'transaction txout ' + i + ' greater than MAX_MONEY'; + } + valueoutbn = valueoutbn.add(txout._satoshisBN); + if (valueoutbn.gt(new BN(Transaction.MAX_MONEY))) { + return 'transaction txout ' + i + ' total output greater than MAX_MONEY'; + } } - this.h[0] = sum32(this.h[0], a); - this.h[1] = sum32(this.h[1], b); - this.h[2] = sum32(this.h[2], c); - this.h[3] = sum32(this.h[3], d); - this.h[4] = sum32(this.h[4], e); -}; + // Size limits + if (this.toBuffer().length > MAX_BLOCK_SIZE) { + return 'transaction over the maximum block size'; + } -SHA1.prototype._digest = function digest(enc) { - if (enc === 'hex') - return utils.toHex32(this.h, 'big'); - else - return utils.split32(this.h, 'big'); -}; + // Check for duplicate inputs + var txinmap = {}; + for (i = 0; i < this.inputs.length; i++) { + var txin = this.inputs[i]; -function ch32(x, y, z) { - return (x & y) ^ ((~x) & z); -} + var inputid = txin.prevTxId + ':' + txin.outputIndex; + if (!_.isUndefined(txinmap[inputid])) { + return 'transaction input ' + i + ' duplicate input'; + } + txinmap[inputid] = true; + } -function maj32(x, y, z) { - return (x & y) ^ (x & z) ^ (y & z); -} + var isCoinbase = this.isCoinbase(); + if (isCoinbase) { + var buf = this.inputs[0]._scriptBuffer; + if (buf.length < 2 || buf.length > 100) { + return 'coinbase transaction script size invalid'; + } + } else { + for (i = 0; i < this.inputs.length; i++) { + if (this.inputs[i].isNull()) { + return 'transaction input ' + i + ' has null input'; + } + } + } + return true; +}; -function p32(x, y, z) { - return x ^ y ^ z; -} +/** + * Analogous to bitcoind's IsCoinBase function in transaction.h + */ +Transaction.prototype.isCoinbase = function() { + return (this.inputs.length === 1 && this.inputs[0].isNull()); +}; -function s0_256(x) { - return rotr32(x, 2) ^ rotr32(x, 13) ^ rotr32(x, 22); -} +/** + * Determines if this transaction can be replaced in the mempool with another + * transaction that provides a sufficiently higher fee (RBF). + */ +Transaction.prototype.isRBF = function() { + for (var i = 0; i < this.inputs.length; i++) { + var input = this.inputs[i]; + if (input.sequenceNumber < Input.MAXINT - 1) { + return true; + } + } + return false; +}; -function s1_256(x) { - return rotr32(x, 6) ^ rotr32(x, 11) ^ rotr32(x, 25); -} +/** + * Enable this transaction to be replaced in the mempool (RBF) if a transaction + * includes a sufficiently higher fee. It will set the sequenceNumber to + * DEFAULT_RBF_SEQNUMBER for all inputs if the sequence number does not + * already enable RBF. + */ +Transaction.prototype.enableRBF = function() { + for (var i = 0; i < this.inputs.length; i++) { + var input = this.inputs[i]; + if (input.sequenceNumber >= Input.MAXINT - 1) { + input.sequenceNumber = Input.DEFAULT_RBF_SEQNUMBER; + } + } + return this; +}; -function g0_256(x) { - return rotr32(x, 7) ^ rotr32(x, 18) ^ (x >>> 3); -} +module.exports = Transaction; -function g1_256(x) { - return rotr32(x, 17) ^ rotr32(x, 19) ^ (x >>> 10); -} +}).call(this,require("buffer").Buffer) +},{"../address":26,"../crypto/bn":31,"../crypto/hash":33,"../crypto/signature":36,"../encoding/bufferreader":39,"../encoding/bufferwriter":40,"../errors":42,"../privatekey":49,"../script":51,"../util/buffer":68,"../util/js":69,"../util/preconditions":70,"./input":55,"./output":61,"./sighash":62,"./unspentoutput":65,"buffer":158,"buffer-compare":73,"lodash":96}],65:[function(require,module,exports){ +'use strict'; -function ft_1(s, x, y, z) { - if (s === 0) - return ch32(x, y, z); - if (s === 1 || s === 3) - return p32(x, y, z); - if (s === 2) - return maj32(x, y, z); -} +var _ = require('lodash'); +var $ = require('../util/preconditions'); +var JSUtil = require('../util/js'); -function ch64_hi(xh, xl, yh, yl, zh, zl) { - var r = (xh & yh) ^ ((~xh) & zh); - if (r < 0) - r += 0x100000000; - return r; -} +var Script = require('../script'); +var Address = require('../address'); +var Unit = require('../unit'); -function ch64_lo(xh, xl, yh, yl, zh, zl) { - var r = (xl & yl) ^ ((~xl) & zl); - if (r < 0) - r += 0x100000000; - return r; +/** + * Represents an unspent output information: its script, associated amount and address, + * transaction id and output index. + * + * @constructor + * @param {object} data + * @param {string} data.txid the previous transaction id + * @param {string=} data.txId alias for `txid` + * @param {number} data.vout the index in the transaction + * @param {number=} data.outputIndex alias for `vout` + * @param {string|Script} data.scriptPubKey the script that must be resolved to release the funds + * @param {string|Script=} data.script alias for `scriptPubKey` + * @param {number} data.amount amount of bitcoins associated + * @param {number=} data.satoshis alias for `amount`, but expressed in satoshis (1 BTC = 1e8 satoshis) + * @param {string|Address=} data.address the associated address to the script, if provided + */ +function UnspentOutput(data) { + /* jshint maxcomplexity: 20 */ + /* jshint maxstatements: 20 */ + if (!(this instanceof UnspentOutput)) { + return new UnspentOutput(data); + } + $.checkArgument(_.isObject(data), 'Must provide an object from where to extract data'); + var address = data.address ? new Address(data.address) : undefined; + var txId = data.txid ? data.txid : data.txId; + if (!txId || !JSUtil.isHexaString(txId) || txId.length > 64) { + // TODO: Use the errors library + throw new Error('Invalid TXID in object', data); + } + var outputIndex = _.isUndefined(data.vout) ? data.outputIndex : data.vout; + if (!_.isNumber(outputIndex)) { + throw new Error('Invalid outputIndex, received ' + outputIndex); + } + $.checkArgument(!_.isUndefined(data.scriptPubKey) || !_.isUndefined(data.script), + 'Must provide the scriptPubKey for that output!'); + var script = new Script(data.scriptPubKey || data.script); + $.checkArgument(!_.isUndefined(data.amount) || !_.isUndefined(data.satoshis), + 'Must provide an amount for the output'); + var amount = !_.isUndefined(data.amount) ? new Unit.fromBTC(data.amount).toSatoshis() : data.satoshis; + $.checkArgument(_.isNumber(amount), 'Amount must be a number'); + JSUtil.defineImmutable(this, { + address: address, + txId: txId, + outputIndex: outputIndex, + script: script, + satoshis: amount + }); } -function maj64_hi(xh, xl, yh, yl, zh, zl) { - var r = (xh & yh) ^ (xh & zh) ^ (yh & zh); - if (r < 0) - r += 0x100000000; - return r; -} +/** + * Provide an informative output when displaying this object in the console + * @returns string + */ +UnspentOutput.prototype.inspect = function() { + return ''; +}; -function maj64_lo(xh, xl, yh, yl, zh, zl) { - var r = (xl & yl) ^ (xl & zl) ^ (yl & zl); - if (r < 0) - r += 0x100000000; - return r; -} +/** + * String representation: just "txid:index" + * @returns string + */ +UnspentOutput.prototype.toString = function() { + return this.txId + ':' + this.outputIndex; +}; -function s0_512_hi(xh, xl) { - var c0_hi = rotr64_hi(xh, xl, 28); - var c1_hi = rotr64_hi(xl, xh, 2); // 34 - var c2_hi = rotr64_hi(xl, xh, 7); // 39 +/** + * Deserialize an UnspentOutput from an object + * @param {object|string} data + * @return UnspentOutput + */ +UnspentOutput.fromObject = function(data) { + return new UnspentOutput(data); +}; - var r = c0_hi ^ c1_hi ^ c2_hi; - if (r < 0) - r += 0x100000000; - return r; -} +/** + * Returns a plain object (no prototype or methods) with the associated info for this output + * @return {object} + */ +UnspentOutput.prototype.toObject = UnspentOutput.prototype.toJSON = function toObject() { + return { + address: this.address ? this.address.toString() : undefined, + txid: this.txId, + vout: this.outputIndex, + scriptPubKey: this.script.toBuffer().toString('hex'), + amount: Unit.fromSatoshis(this.satoshis).toBTC() + }; +}; -function s0_512_lo(xh, xl) { - var c0_lo = rotr64_lo(xh, xl, 28); - var c1_lo = rotr64_lo(xl, xh, 2); // 34 - var c2_lo = rotr64_lo(xl, xh, 7); // 39 +module.exports = UnspentOutput; - var r = c0_lo ^ c1_lo ^ c2_lo; - if (r < 0) - r += 0x100000000; - return r; -} +},{"../address":26,"../script":51,"../unit":66,"../util/js":69,"../util/preconditions":70,"lodash":96}],66:[function(require,module,exports){ +'use strict'; -function s1_512_hi(xh, xl) { - var c0_hi = rotr64_hi(xh, xl, 14); - var c1_hi = rotr64_hi(xh, xl, 18); - var c2_hi = rotr64_hi(xl, xh, 9); // 41 +var _ = require('lodash'); - var r = c0_hi ^ c1_hi ^ c2_hi; - if (r < 0) - r += 0x100000000; - return r; -} +var errors = require('./errors'); +var $ = require('./util/preconditions'); -function s1_512_lo(xh, xl) { - var c0_lo = rotr64_lo(xh, xl, 14); - var c1_lo = rotr64_lo(xh, xl, 18); - var c2_lo = rotr64_lo(xl, xh, 9); // 41 +var UNITS = { + 'BTC' : [1e8, 8], + 'mBTC' : [1e5, 5], + 'uBTC' : [1e2, 2], + 'bits' : [1e2, 2], + 'satoshis' : [1, 0] +}; - var r = c0_lo ^ c1_lo ^ c2_lo; - if (r < 0) - r += 0x100000000; - return r; -} +/** + * Utility for handling and converting bitcoins units. The supported units are + * BTC, mBTC, bits (also named uBTC) and satoshis. A unit instance can be created with an + * amount and a unit code, or alternatively using static methods like {fromBTC}. + * It also allows to be created from a fiat amount and the exchange rate, or + * alternatively using the {fromFiat} static method. + * You can consult for different representation of a unit instance using it's + * {to} method, the fixed unit methods like {toSatoshis} or alternatively using + * the unit accessors. It also can be converted to a fiat amount by providing the + * corresponding BTC/fiat exchange rate. + * + * @example + * ```javascript + * var sats = Unit.fromBTC(1.3).toSatoshis(); + * var mili = Unit.fromBits(1.3).to(Unit.mBTC); + * var bits = Unit.fromFiat(1.3, 350).bits; + * var btc = new Unit(1.3, Unit.bits).BTC; + * ``` + * + * @param {Number} amount - The amount to be represented + * @param {String|Number} code - The unit of the amount or the exchange rate + * @returns {Unit} A new instance of an Unit + * @constructor + */ +function Unit(amount, code) { + if (!(this instanceof Unit)) { + return new Unit(amount, code); + } -function g0_512_hi(xh, xl) { - var c0_hi = rotr64_hi(xh, xl, 1); - var c1_hi = rotr64_hi(xh, xl, 8); - var c2_hi = shr64_hi(xh, xl, 7); + // convert fiat to BTC + if (_.isNumber(code)) { + if (code <= 0) { + throw new errors.Unit.InvalidRate(code); + } + amount = amount / code; + code = Unit.BTC; + } - var r = c0_hi ^ c1_hi ^ c2_hi; - if (r < 0) - r += 0x100000000; - return r; -} + this._value = this._from(amount, code); -function g0_512_lo(xh, xl) { - var c0_lo = rotr64_lo(xh, xl, 1); - var c1_lo = rotr64_lo(xh, xl, 8); - var c2_lo = shr64_lo(xh, xl, 7); + var self = this; + var defineAccesor = function(key) { + Object.defineProperty(self, key, { + get: function() { return self.to(key); }, + enumerable: true, + }); + }; - var r = c0_lo ^ c1_lo ^ c2_lo; - if (r < 0) - r += 0x100000000; - return r; + Object.keys(UNITS).forEach(defineAccesor); } -function g1_512_hi(xh, xl) { - var c0_hi = rotr64_hi(xh, xl, 19); - var c1_hi = rotr64_hi(xl, xh, 29); // 61 - var c2_hi = shr64_hi(xh, xl, 6); - - var r = c0_hi ^ c1_hi ^ c2_hi; - if (r < 0) - r += 0x100000000; - return r; -} +Object.keys(UNITS).forEach(function(key) { + Unit[key] = key; +}); -function g1_512_lo(xh, xl) { - var c0_lo = rotr64_lo(xh, xl, 19); - var c1_lo = rotr64_lo(xl, xh, 29); // 61 - var c2_lo = shr64_lo(xh, xl, 6); +/** + * Returns a Unit instance created from JSON string or object + * + * @param {String|Object} json - JSON with keys: amount and code + * @returns {Unit} A Unit instance + */ +Unit.fromObject = function fromObject(data){ + $.checkArgument(_.isObject(data), 'Argument is expected to be an object'); + return new Unit(data.amount, data.code); +}; - var r = c0_lo ^ c1_lo ^ c2_lo; - if (r < 0) - r += 0x100000000; - return r; -} +/** + * Returns a Unit instance created from an amount in BTC + * + * @param {Number} amount - The amount in BTC + * @returns {Unit} A Unit instance + */ +Unit.fromBTC = function(amount) { + return new Unit(amount, Unit.BTC); +}; -},{"../hash":70}],75:[function(require,module,exports){ -var utils = exports; -var inherits = require('inherits'); +/** + * Returns a Unit instance created from an amount in mBTC + * + * @param {Number} amount - The amount in mBTC + * @returns {Unit} A Unit instance + */ +Unit.fromMillis = Unit.fromMilis = function(amount) { + return new Unit(amount, Unit.mBTC); +}; -function toArray(msg, enc) { - if (Array.isArray(msg)) - return msg.slice(); - if (!msg) - return []; - var res = []; - if (typeof msg === 'string') { - if (!enc) { - for (var i = 0; i < msg.length; i++) { - var c = msg.charCodeAt(i); - var hi = c >> 8; - var lo = c & 0xff; - if (hi) - res.push(hi, lo); - else - res.push(lo); - } - } else if (enc === 'hex') { - msg = msg.replace(/[^a-z0-9]+/ig, ''); - if (msg.length % 2 !== 0) - msg = '0' + msg; - for (var i = 0; i < msg.length; i += 2) - res.push(parseInt(msg[i] + msg[i + 1], 16)); - } - } else { - for (var i = 0; i < msg.length; i++) - res[i] = msg[i] | 0; - } - return res; -} -utils.toArray = toArray; +/** + * Returns a Unit instance created from an amount in bits + * + * @param {Number} amount - The amount in bits + * @returns {Unit} A Unit instance + */ +Unit.fromMicros = Unit.fromBits = function(amount) { + return new Unit(amount, Unit.bits); +}; -function toHex(msg) { - var res = ''; - for (var i = 0; i < msg.length; i++) - res += zero2(msg[i].toString(16)); - return res; -} -utils.toHex = toHex; +/** + * Returns a Unit instance created from an amount in satoshis + * + * @param {Number} amount - The amount in satoshis + * @returns {Unit} A Unit instance + */ +Unit.fromSatoshis = function(amount) { + return new Unit(amount, Unit.satoshis); +}; -function htonl(w) { - var res = (w >>> 24) | - ((w >>> 8) & 0xff00) | - ((w << 8) & 0xff0000) | - ((w & 0xff) << 24); - return res >>> 0; -} -utils.htonl = htonl; +/** + * Returns a Unit instance created from a fiat amount and exchange rate. + * + * @param {Number} amount - The amount in fiat + * @param {Number} rate - The exchange rate BTC/fiat + * @returns {Unit} A Unit instance + */ +Unit.fromFiat = function(amount, rate) { + return new Unit(amount, rate); +}; -function toHex32(msg, endian) { - var res = ''; - for (var i = 0; i < msg.length; i++) { - var w = msg[i]; - if (endian === 'little') - w = htonl(w); - res += zero8(w.toString(16)); +Unit.prototype._from = function(amount, code) { + if (!UNITS[code]) { + throw new errors.Unit.UnknownCode(code); } - return res; -} -utils.toHex32 = toHex32; - -function zero2(word) { - if (word.length === 1) - return '0' + word; - else - return word; -} -utils.zero2 = zero2; - -function zero8(word) { - if (word.length === 7) - return '0' + word; - else if (word.length === 6) - return '00' + word; - else if (word.length === 5) - return '000' + word; - else if (word.length === 4) - return '0000' + word; - else if (word.length === 3) - return '00000' + word; - else if (word.length === 2) - return '000000' + word; - else if (word.length === 1) - return '0000000' + word; - else - return word; -} -utils.zero8 = zero8; + return parseInt((amount * UNITS[code][0]).toFixed()); +}; -function join32(msg, start, end, endian) { - var len = end - start; - assert(len % 4 === 0); - var res = new Array(len / 4); - for (var i = 0, k = start; i < res.length; i++, k += 4) { - var w; - if (endian === 'big') - w = (msg[k] << 24) | (msg[k + 1] << 16) | (msg[k + 2] << 8) | msg[k + 3]; - else - w = (msg[k + 3] << 24) | (msg[k + 2] << 16) | (msg[k + 1] << 8) | msg[k]; - res[i] = w >>> 0; +/** + * Returns the value represented in the specified unit + * + * @param {String|Number} code - The unit code or exchange rate + * @returns {Number} The converted value + */ +Unit.prototype.to = function(code) { + if (_.isNumber(code)) { + if (code <= 0) { + throw new errors.Unit.InvalidRate(code); + } + return parseFloat((this.BTC * code).toFixed(2)); } - return res; -} -utils.join32 = join32; -function split32(msg, endian) { - var res = new Array(msg.length * 4); - for (var i = 0, k = 0; i < msg.length; i++, k += 4) { - var m = msg[i]; - if (endian === 'big') { - res[k] = m >>> 24; - res[k + 1] = (m >>> 16) & 0xff; - res[k + 2] = (m >>> 8) & 0xff; - res[k + 3] = m & 0xff; - } else { - res[k + 3] = m >>> 24; - res[k + 2] = (m >>> 16) & 0xff; - res[k + 1] = (m >>> 8) & 0xff; - res[k] = m & 0xff; - } + if (!UNITS[code]) { + throw new errors.Unit.UnknownCode(code); } - return res; -} -utils.split32 = split32; -function rotr32(w, b) { - return (w >>> b) | (w << (32 - b)); -} -utils.rotr32 = rotr32; - -function rotl32(w, b) { - return (w << b) | (w >>> (32 - b)); -} -utils.rotl32 = rotl32; - -function sum32(a, b) { - return (a + b) >>> 0; -} -utils.sum32 = sum32; - -function sum32_3(a, b, c) { - return (a + b + c) >>> 0; -} -utils.sum32_3 = sum32_3; - -function sum32_4(a, b, c, d) { - return (a + b + c + d) >>> 0; -} -utils.sum32_4 = sum32_4; - -function sum32_5(a, b, c, d, e) { - return (a + b + c + d + e) >>> 0; -} -utils.sum32_5 = sum32_5; - -function assert(cond, msg) { - if (!cond) - throw new Error(msg || 'Assertion failed'); -} -utils.assert = assert; + var value = this._value / UNITS[code][0]; + return parseFloat(value.toFixed(UNITS[code][1])); +}; -utils.inherits = inherits; +/** + * Returns the value represented in BTC + * + * @returns {Number} The value converted to BTC + */ +Unit.prototype.toBTC = function() { + return this.to(Unit.BTC); +}; -function sum64(buf, pos, ah, al) { - var bh = buf[pos]; - var bl = buf[pos + 1]; +/** + * Returns the value represented in mBTC + * + * @returns {Number} The value converted to mBTC + */ +Unit.prototype.toMillis = Unit.prototype.toMilis = function() { + return this.to(Unit.mBTC); +}; - var lo = (al + bl) >>> 0; - var hi = (lo < al ? 1 : 0) + ah + bh; - buf[pos] = hi >>> 0; - buf[pos + 1] = lo; -} -exports.sum64 = sum64; +/** + * Returns the value represented in bits + * + * @returns {Number} The value converted to bits + */ +Unit.prototype.toMicros = Unit.prototype.toBits = function() { + return this.to(Unit.bits); +}; -function sum64_hi(ah, al, bh, bl) { - var lo = (al + bl) >>> 0; - var hi = (lo < al ? 1 : 0) + ah + bh; - return hi >>> 0; +/** + * Returns the value represented in satoshis + * + * @returns {Number} The value converted to satoshis + */ +Unit.prototype.toSatoshis = function() { + return this.to(Unit.satoshis); }; -exports.sum64_hi = sum64_hi; -function sum64_lo(ah, al, bh, bl) { - var lo = al + bl; - return lo >>> 0; +/** + * Returns the value represented in fiat + * + * @param {string} rate - The exchange rate between BTC/currency + * @returns {Number} The value converted to satoshis + */ +Unit.prototype.atRate = function(rate) { + return this.to(rate); }; -exports.sum64_lo = sum64_lo; -function sum64_4_hi(ah, al, bh, bl, ch, cl, dh, dl) { - var carry = 0; - var lo = al; - lo = (lo + bl) >>> 0; - carry += lo < al ? 1 : 0; - lo = (lo + cl) >>> 0; - carry += lo < cl ? 1 : 0; - lo = (lo + dl) >>> 0; - carry += lo < dl ? 1 : 0; +/** + * Returns a the string representation of the value in satoshis + * + * @returns {string} the value in satoshis + */ +Unit.prototype.toString = function() { + return this.satoshis + ' satoshis'; +}; - var hi = ah + bh + ch + dh + carry; - return hi >>> 0; +/** + * Returns a plain object representation of the Unit + * + * @returns {Object} An object with the keys: amount and code + */ +Unit.prototype.toObject = Unit.prototype.toJSON = function toObject() { + return { + amount: this.BTC, + code: Unit.BTC + }; }; -exports.sum64_4_hi = sum64_4_hi; -function sum64_4_lo(ah, al, bh, bl, ch, cl, dh, dl) { - var lo = al + bl + cl + dl; - return lo >>> 0; +/** + * Returns a string formatted for the console + * + * @returns {string} the value in satoshis + */ +Unit.prototype.inspect = function() { + return ''; }; -exports.sum64_4_lo = sum64_4_lo; -function sum64_5_hi(ah, al, bh, bl, ch, cl, dh, dl, eh, el) { - var carry = 0; - var lo = al; - lo = (lo + bl) >>> 0; - carry += lo < al ? 1 : 0; - lo = (lo + cl) >>> 0; - carry += lo < cl ? 1 : 0; - lo = (lo + dl) >>> 0; - carry += lo < dl ? 1 : 0; - lo = (lo + el) >>> 0; - carry += lo < el ? 1 : 0; +module.exports = Unit; - var hi = ah + bh + ch + dh + eh + carry; - return hi >>> 0; -}; -exports.sum64_5_hi = sum64_5_hi; +},{"./errors":42,"./util/preconditions":70,"lodash":96}],67:[function(require,module,exports){ +'use strict'; -function sum64_5_lo(ah, al, bh, bl, ch, cl, dh, dl, eh, el) { - var lo = al + bl + cl + dl + el; +var _ = require('lodash'); +var URL = require('url'); - return lo >>> 0; -}; -exports.sum64_5_lo = sum64_5_lo; +var Address = require('./address'); +var Unit = require('./unit'); -function rotr64_hi(ah, al, num) { - var r = (al << (32 - num)) | (ah >>> num); - return r >>> 0; -}; -exports.rotr64_hi = rotr64_hi; +/** + * Bitcore URI + * + * Instantiate an URI from a bitcoin URI String or an Object. An URI instance + * can be created with a bitcoin uri string or an object. All instances of + * URI are valid, the static method isValid allows checking before instantiation. + * + * All standard parameters can be found as members of the class, the address + * is represented using an {Address} instance and the amount is represented in + * satoshis. Any other non-standard parameters can be found under the extra member. + * + * @example + * ```javascript + * + * var uri = new URI('bitcoin:12A1MyfXbW6RhdRAZEqofac5jCQQjwEPBu?amount=1.2'); + * console.log(uri.address, uri.amount); + * ``` + * + * @param {string|Object} data - A bitcoin URI string or an Object + * @param {Array.=} knownParams - Required non-standard params + * @throws {TypeError} Invalid bitcoin address + * @throws {TypeError} Invalid amount + * @throws {Error} Unknown required argument + * @returns {URI} A new valid and frozen instance of URI + * @constructor + */ +var URI = function(data, knownParams) { + if (!(this instanceof URI)) { + return new URI(data, knownParams); + } -function rotr64_lo(ah, al, num) { - var r = (ah << (32 - num)) | (al >>> num); - return r >>> 0; -}; -exports.rotr64_lo = rotr64_lo; + this.extras = {}; + this.knownParams = knownParams || []; + this.address = this.network = this.amount = this.message = null; -function shr64_hi(ah, al, num) { - return ah >>> num; + if (typeof(data) === 'string') { + var params = URI.parse(data); + if (params.amount) { + params.amount = this._parseAmount(params.amount); + } + this._fromObject(params); + } else if (typeof(data) === 'object') { + this._fromObject(data); + } else { + throw new TypeError('Unrecognized data format.'); + } }; -exports.shr64_hi = shr64_hi; -function shr64_lo(ah, al, num) { - var r = (ah << (32 - num)) | (al >>> num); - return r >>> 0; +/** + * Instantiate a URI from a String + * + * @param {string} str - JSON string or object of the URI + * @returns {URI} A new instance of a URI + */ +URI.fromString = function fromString(str) { + if (typeof(str) !== 'string') { + throw new TypeError('Expected a string'); + } + return new URI(str); }; -exports.shr64_lo = shr64_lo; -},{"inherits":77}],76:[function(require,module,exports){ -module.exports={ - "name": "elliptic", - "version": "3.0.3", - "description": "EC cryptography", - "main": "lib/elliptic.js", - "scripts": { - "test": "make lint && mocha --reporter=spec test/*-test.js" - }, - "repository": { - "type": "git", - "url": "git+ssh://git@github.com/indutny/elliptic.git" - }, - "keywords": [ - "EC", - "Elliptic", - "curve", - "Cryptography" - ], - "author": { - "name": "Fedor Indutny", - "email": "fedor@indutny.com" - }, - "license": "MIT", - "bugs": { - "url": "https://github.com/indutny/elliptic/issues" - }, - "homepage": "https://github.com/indutny/elliptic", - "devDependencies": { - "browserify": "^3.44.2", - "jscs": "^1.11.3", - "jshint": "^2.6.0", - "mocha": "^2.1.0", - "uglify-js": "^2.4.13" - }, - "dependencies": { - "bn.js": "^2.0.0", - "brorand": "^1.0.1", - "hash.js": "^1.0.0", - "inherits": "^2.0.1" - }, - "readme": "# Elliptic [![Build Status](https://secure.travis-ci.org/indutny/elliptic.png)](http://travis-ci.org/indutny/elliptic)\n\nFast elliptic-curve cryptography in a plain javascript implementation.\n\nNOTE: Please take a look at http://safecurves.cr.yp.to/ before choosing a curve\nfor your cryptography operations.\n\n## Incentive\n\nECC is much slower than regular RSA cryptography, the JS implementations are\neven more slower.\n\n## Benchmarks\n\n```bash\n$ node benchmarks/index.js\nBenchmarking: sign\nelliptic#sign x 262 ops/sec ±0.51% (177 runs sampled)\neccjs#sign x 55.91 ops/sec ±0.90% (144 runs sampled)\n------------------------\nFastest is elliptic#sign\n========================\nBenchmarking: verify\nelliptic#verify x 113 ops/sec ±0.50% (166 runs sampled)\neccjs#verify x 48.56 ops/sec ±0.36% (125 runs sampled)\n------------------------\nFastest is elliptic#verify\n========================\nBenchmarking: gen\nelliptic#gen x 294 ops/sec ±0.43% (176 runs sampled)\neccjs#gen x 62.25 ops/sec ±0.63% (129 runs sampled)\n------------------------\nFastest is elliptic#gen\n========================\nBenchmarking: ecdh\nelliptic#ecdh x 136 ops/sec ±0.85% (156 runs sampled)\n------------------------\nFastest is elliptic#ecdh\n========================\n```\n\n## API\n\n### ECDSA\n\n```javascript\nvar EC = require('elliptic').ec;\n\n// Create and initialize EC context\n// (better do it once and reuse it)\nvar ec = new EC('secp256k1');\n\n// Generate keys\nvar key = ec.genKeyPair();\n\n// Sign message (must be an array, or it'll be treated as a hex sequence)\nvar msg = [ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 ];\nvar signature = key.sign(msg);\n\n// Export DER encoded signature in Array\nvar derSign = signature.toDER();\n\n// Verify signature\nconsole.log(key.verify(msg, derSign));\n```\n\n### ECDH\n\n```javascript\n// Generate keys\nvar key1 = ec.genKeyPair();\nvar key2 = ec.genKeyPair();\n\nvar shared1 = key1.derive(key2.getPublic());\nvar shared2 = key2.derive(key1.getPublic());\n\nconsole.log('Both shared secrets are BN instances');\nconsole.log(shared1.toString(16));\nconsole.log(shared2.toString(16));\n```\n\nNOTE: `.derive()` returns a [BN][1] instance.\n\n## Supported curves\n\nElliptic.js support following curve types:\n\n* Short Weierstrass\n* Montgomery\n* Edwards\n* Twisted Edwards\n\nFollowing curve 'presets' are embedded into the library:\n\n* `secp256k1`\n* `p192`\n* `p224`\n* `p256`\n* `curve25519`\n* `ed25519`\n\nNOTE: That `curve25519` could not be used for ECDSA, use `ed25519` instead.\n\n### Implementation details\n\nECDSA is using deterministic `k` value generation as per [RFC6979][0]. Most of\nthe curve operations are performed on non-affine coordinates (either projective\nor extended), various windowing techniques are used for different cases.\n\nAll operations are performed in reduction context using [bn.js][1], hashing is\nprovided by [hash.js][2]\n\n### Related projects\n\n* [eccrypto][3]: isomorphic implementation of ECDSA, ECDH and ECIES for both\n browserify and node (uses `elliptic` for browser and [secp256k1-node][4] for\n node)\n\n#### LICENSE\n\nThis software is licensed under the MIT License.\n\nCopyright Fedor Indutny, 2014.\n\nPermission is hereby granted, free of charge, to any person obtaining a\ncopy of this software and associated documentation files (the\n\"Software\"), to deal in the Software without restriction, including\nwithout limitation the rights to use, copy, modify, merge, publish,\ndistribute, sublicense, and/or sell copies of the Software, and to permit\npersons to whom the Software is furnished to do so, subject to the\nfollowing conditions:\n\nThe above copyright notice and this permission notice shall be included\nin all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS\nOR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\nMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN\nNO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,\nDAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR\nOTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE\nUSE OR OTHER DEALINGS IN THE SOFTWARE.\n\n[0]: http://tools.ietf.org/html/rfc6979\n[1]: https://github.com/indutny/bn.js\n[2]: https://github.com/indutny/hash.js\n[3]: https://github.com/bitchan/eccrypto\n[4]: https://github.com/wanderer/secp256k1-node\n", - "readmeFilename": "README.md", - "_id": "elliptic@3.0.3", - "_shasum": "865c9b420bfbe55006b9f969f97a0d2c44966595", - "_resolved": "https://registry.npmjs.org/elliptic/-/elliptic-3.0.3.tgz", - "_from": "https://registry.npmjs.org/elliptic/-/elliptic-3.0.3.tgz" -} +/** + * Instantiate a URI from an Object + * + * @param {Object} data - object of the URI + * @returns {URI} A new instance of a URI + */ +URI.fromObject = function fromObject(json) { + return new URI(json); +}; -},{}],77:[function(require,module,exports){ -if (typeof Object.create === 'function') { - // implementation from standard node.js 'util' module - module.exports = function inherits(ctor, superCtor) { - ctor.super_ = superCtor - ctor.prototype = Object.create(superCtor.prototype, { - constructor: { - value: ctor, - enumerable: false, - writable: true, - configurable: true - } - }); - }; -} else { - // old school shim for old browsers - module.exports = function inherits(ctor, superCtor) { - ctor.super_ = superCtor - var TempCtor = function () {} - TempCtor.prototype = superCtor.prototype - ctor.prototype = new TempCtor() - ctor.prototype.constructor = ctor +/** + * Check if an bitcoin URI string is valid + * + * @example + * ```javascript + * + * var valid = URI.isValid('bitcoin:12A1MyfXbW6RhdRAZEqofac5jCQQjwEPBu'); + * // true + * ``` + * + * @param {string|Object} data - A bitcoin URI string or an Object + * @param {Array.=} knownParams - Required non-standard params + * @returns {boolean} Result of uri validation + */ +URI.isValid = function(arg, knownParams) { + try { + new URI(arg, knownParams); + } catch (err) { + return false; } -} + return true; +}; -},{}],78:[function(require,module,exports){ -(function (global){ /** - * @license - * lodash 3.10.1 (Custom Build) - * Build: `lodash modern -d -o ./index.js` - * Copyright 2012-2015 The Dojo Foundation - * Based on Underscore.js 1.8.3 - * Copyright 2009-2015 Jeremy Ashkenas, DocumentCloud and Investigative Reporters & Editors - * Available under MIT license + * Convert a bitcoin URI string into a simple object. + * + * @param {string} uri - A bitcoin URI string + * @throws {TypeError} Invalid bitcoin URI + * @returns {Object} An object with the parsed params */ -;(function() { +URI.parse = function(uri) { + var info = URL.parse(uri, true); - /** Used as a safe reference for `undefined` in pre-ES5 environments. */ - var undefined; + if (info.protocol !== 'bitcoin:') { + throw new TypeError('Invalid bitcoin URI'); + } - /** Used as the semantic version number. */ - var VERSION = '3.10.1'; + // workaround to host insensitiveness + var group = /[^:]*:\/?\/?([^?]*)/.exec(uri); + info.query.address = group && group[1] || undefined; - /** Used to compose bitmasks for wrapper metadata. */ - var BIND_FLAG = 1, - BIND_KEY_FLAG = 2, - CURRY_BOUND_FLAG = 4, - CURRY_FLAG = 8, - CURRY_RIGHT_FLAG = 16, - PARTIAL_FLAG = 32, - PARTIAL_RIGHT_FLAG = 64, - ARY_FLAG = 128, - REARG_FLAG = 256; + return info.query; +}; - /** Used as default options for `_.trunc`. */ - var DEFAULT_TRUNC_LENGTH = 30, - DEFAULT_TRUNC_OMISSION = '...'; +URI.Members = ['address', 'amount', 'message', 'label', 'r']; - /** Used to detect when a function becomes hot. */ - var HOT_COUNT = 150, - HOT_SPAN = 16; +/** + * Internal function to load the URI instance with an object. + * + * @param {Object} obj - Object with the information + * @throws {TypeError} Invalid bitcoin address + * @throws {TypeError} Invalid amount + * @throws {Error} Unknown required argument + */ +URI.prototype._fromObject = function(obj) { + /* jshint maxcomplexity: 10 */ - /** Used as the size to enable large array optimizations. */ - var LARGE_ARRAY_SIZE = 200; + if (!Address.isValid(obj.address)) { + throw new TypeError('Invalid bitcoin address'); + } - /** Used to indicate the type of lazy iteratees. */ - var LAZY_FILTER_FLAG = 1, - LAZY_MAP_FLAG = 2; + this.address = new Address(obj.address); + this.network = this.address.network; + this.amount = obj.amount; - /** Used as the `TypeError` message for "Functions" methods. */ - var FUNC_ERROR_TEXT = 'Expected a function'; + for (var key in obj) { + if (key === 'address' || key === 'amount') { + continue; + } - /** Used as the internal argument placeholder. */ - var PLACEHOLDER = '__lodash_placeholder__'; + if (/^req-/.exec(key) && this.knownParams.indexOf(key) === -1) { + throw Error('Unknown required argument ' + key); + } - /** `Object#toString` result references. */ - var argsTag = '[object Arguments]', - arrayTag = '[object Array]', - boolTag = '[object Boolean]', - dateTag = '[object Date]', - errorTag = '[object Error]', - funcTag = '[object Function]', - mapTag = '[object Map]', - numberTag = '[object Number]', - objectTag = '[object Object]', - regexpTag = '[object RegExp]', - setTag = '[object Set]', - stringTag = '[object String]', - weakMapTag = '[object WeakMap]'; + var destination = URI.Members.indexOf(key) > -1 ? this : this.extras; + destination[key] = obj[key]; + } +}; - var arrayBufferTag = '[object ArrayBuffer]', - float32Tag = '[object Float32Array]', - float64Tag = '[object Float64Array]', - int8Tag = '[object Int8Array]', - int16Tag = '[object Int16Array]', - int32Tag = '[object Int32Array]', - uint8Tag = '[object Uint8Array]', - uint8ClampedTag = '[object Uint8ClampedArray]', - uint16Tag = '[object Uint16Array]', - uint32Tag = '[object Uint32Array]'; +/** + * Internal function to transform a BTC string amount into satoshis + * + * @param {string} amount - Amount BTC string + * @throws {TypeError} Invalid amount + * @returns {Object} Amount represented in satoshis + */ +URI.prototype._parseAmount = function(amount) { + amount = Number(amount); + if (isNaN(amount)) { + throw new TypeError('Invalid amount'); + } + return Unit.fromBTC(amount).toSatoshis(); +}; - /** Used to match empty string literals in compiled template source. */ - var reEmptyStringLeading = /\b__p \+= '';/g, - reEmptyStringMiddle = /\b(__p \+=) '' \+/g, - reEmptyStringTrailing = /(__e\(.*?\)|\b__t\)) \+\n'';/g; +URI.prototype.toObject = URI.prototype.toJSON = function toObject() { + var json = {}; + for (var i = 0; i < URI.Members.length; i++) { + var m = URI.Members[i]; + if (this.hasOwnProperty(m) && typeof(this[m]) !== 'undefined') { + json[m] = this[m].toString(); + } + } + _.extend(json, this.extras); + return json; +}; - /** Used to match HTML entities and HTML characters. */ - var reEscapedHtml = /&(?:amp|lt|gt|quot|#39|#96);/g, - reUnescapedHtml = /[&<>"'`]/g, - reHasEscapedHtml = RegExp(reEscapedHtml.source), - reHasUnescapedHtml = RegExp(reUnescapedHtml.source); +/** + * Will return a the string representation of the URI + * + * @returns {string} Bitcoin URI string + */ +URI.prototype.toString = function() { + var query = {}; + if (this.amount) { + query.amount = Unit.fromSatoshis(this.amount).toBTC(); + } + if (this.message) { + query.message = this.message; + } + if (this.label) { + query.label = this.label; + } + if (this.r) { + query.r = this.r; + } + _.extend(query, this.extras); - /** Used to match template delimiters. */ - var reEscape = /<%-([\s\S]+?)%>/g, - reEvaluate = /<%([\s\S]+?)%>/g, - reInterpolate = /<%=([\s\S]+?)%>/g; + return URL.format({ + protocol: 'bitcoin:', + host: this.address, + query: query + }); +}; - /** Used to match property names within property paths. */ - var reIsDeepProp = /\.|\[(?:[^[\]]*|(["'])(?:(?!\1)[^\n\\]|\\.)*?\1)\]/, - reIsPlainProp = /^\w*$/, - rePropName = /[^.[\]]+|\[(?:(-?\d+(?:\.\d+)?)|(["'])((?:(?!\2)[^\n\\]|\\.)*?)\2)\]/g; +/** + * Will return a string formatted for the console + * + * @returns {string} Bitcoin URI + */ +URI.prototype.inspect = function() { + return ''; +}; - /** - * Used to match `RegExp` [syntax characters](http://ecma-international.org/ecma-262/6.0/#sec-patterns) - * and those outlined by [`EscapeRegExpPattern`](http://ecma-international.org/ecma-262/6.0/#sec-escaperegexppattern). - */ - var reRegExpChars = /^[:!,]|[\\^$.*+?()[\]{}|\/]|(^[0-9a-fA-Fnrtuvx])|([\n\r\u2028\u2029])/g, - reHasRegExpChars = RegExp(reRegExpChars.source); - - /** Used to match [combining diacritical marks](https://en.wikipedia.org/wiki/Combining_Diacritical_Marks). */ - var reComboMark = /[\u0300-\u036f\ufe20-\ufe23]/g; - - /** Used to match backslashes in property paths. */ - var reEscapeChar = /\\(\\)?/g; - - /** Used to match [ES template delimiters](http://ecma-international.org/ecma-262/6.0/#sec-template-literal-lexical-components). */ - var reEsTemplate = /\$\{([^\\}]*(?:\\.[^\\}]*)*)\}/g; - - /** Used to match `RegExp` flags from their coerced string values. */ - var reFlags = /\w*$/; - - /** Used to detect hexadecimal string values. */ - var reHasHexPrefix = /^0[xX]/; - - /** Used to detect host constructors (Safari > 5). */ - var reIsHostCtor = /^\[object .+?Constructor\]$/; - - /** Used to detect unsigned integer values. */ - var reIsUint = /^\d+$/; - - /** Used to match latin-1 supplementary letters (excluding mathematical operators). */ - var reLatin1 = /[\xc0-\xd6\xd8-\xde\xdf-\xf6\xf8-\xff]/g; - - /** Used to ensure capturing order of template delimiters. */ - var reNoMatch = /($^)/; - - /** Used to match unescaped characters in compiled string literals. */ - var reUnescapedString = /['\n\r\u2028\u2029\\]/g; - - /** Used to match words to create compound words. */ - var reWords = (function() { - var upper = '[A-Z\\xc0-\\xd6\\xd8-\\xde]', - lower = '[a-z\\xdf-\\xf6\\xf8-\\xff]+'; - - return RegExp(upper + '+(?=' + upper + lower + ')|' + upper + '?' + lower + '|' + upper + '+|[0-9]+', 'g'); - }()); - - /** Used to assign default `context` object properties. */ - var contextProps = [ - 'Array', 'ArrayBuffer', 'Date', 'Error', 'Float32Array', 'Float64Array', - 'Function', 'Int8Array', 'Int16Array', 'Int32Array', 'Math', 'Number', - 'Object', 'RegExp', 'Set', 'String', '_', 'clearTimeout', 'isFinite', - 'parseFloat', 'parseInt', 'setTimeout', 'TypeError', 'Uint8Array', - 'Uint8ClampedArray', 'Uint16Array', 'Uint32Array', 'WeakMap' - ]; - - /** Used to make template sourceURLs easier to identify. */ - var templateCounter = -1; - - /** Used to identify `toStringTag` values of typed arrays. */ - var typedArrayTags = {}; - typedArrayTags[float32Tag] = typedArrayTags[float64Tag] = - typedArrayTags[int8Tag] = typedArrayTags[int16Tag] = - typedArrayTags[int32Tag] = typedArrayTags[uint8Tag] = - typedArrayTags[uint8ClampedTag] = typedArrayTags[uint16Tag] = - typedArrayTags[uint32Tag] = true; - typedArrayTags[argsTag] = typedArrayTags[arrayTag] = - typedArrayTags[arrayBufferTag] = typedArrayTags[boolTag] = - typedArrayTags[dateTag] = typedArrayTags[errorTag] = - typedArrayTags[funcTag] = typedArrayTags[mapTag] = - typedArrayTags[numberTag] = typedArrayTags[objectTag] = - typedArrayTags[regexpTag] = typedArrayTags[setTag] = - typedArrayTags[stringTag] = typedArrayTags[weakMapTag] = false; - - /** Used to identify `toStringTag` values supported by `_.clone`. */ - var cloneableTags = {}; - cloneableTags[argsTag] = cloneableTags[arrayTag] = - cloneableTags[arrayBufferTag] = cloneableTags[boolTag] = - cloneableTags[dateTag] = cloneableTags[float32Tag] = - cloneableTags[float64Tag] = cloneableTags[int8Tag] = - cloneableTags[int16Tag] = cloneableTags[int32Tag] = - cloneableTags[numberTag] = cloneableTags[objectTag] = - cloneableTags[regexpTag] = cloneableTags[stringTag] = - cloneableTags[uint8Tag] = cloneableTags[uint8ClampedTag] = - cloneableTags[uint16Tag] = cloneableTags[uint32Tag] = true; - cloneableTags[errorTag] = cloneableTags[funcTag] = - cloneableTags[mapTag] = cloneableTags[setTag] = - cloneableTags[weakMapTag] = false; - - /** Used to map latin-1 supplementary letters to basic latin letters. */ - var deburredLetters = { - '\xc0': 'A', '\xc1': 'A', '\xc2': 'A', '\xc3': 'A', '\xc4': 'A', '\xc5': 'A', - '\xe0': 'a', '\xe1': 'a', '\xe2': 'a', '\xe3': 'a', '\xe4': 'a', '\xe5': 'a', - '\xc7': 'C', '\xe7': 'c', - '\xd0': 'D', '\xf0': 'd', - '\xc8': 'E', '\xc9': 'E', '\xca': 'E', '\xcb': 'E', - '\xe8': 'e', '\xe9': 'e', '\xea': 'e', '\xeb': 'e', - '\xcC': 'I', '\xcd': 'I', '\xce': 'I', '\xcf': 'I', - '\xeC': 'i', '\xed': 'i', '\xee': 'i', '\xef': 'i', - '\xd1': 'N', '\xf1': 'n', - '\xd2': 'O', '\xd3': 'O', '\xd4': 'O', '\xd5': 'O', '\xd6': 'O', '\xd8': 'O', - '\xf2': 'o', '\xf3': 'o', '\xf4': 'o', '\xf5': 'o', '\xf6': 'o', '\xf8': 'o', - '\xd9': 'U', '\xda': 'U', '\xdb': 'U', '\xdc': 'U', - '\xf9': 'u', '\xfa': 'u', '\xfb': 'u', '\xfc': 'u', - '\xdd': 'Y', '\xfd': 'y', '\xff': 'y', - '\xc6': 'Ae', '\xe6': 'ae', - '\xde': 'Th', '\xfe': 'th', - '\xdf': 'ss' - }; - - /** Used to map characters to HTML entities. */ - var htmlEscapes = { - '&': '&', - '<': '<', - '>': '>', - '"': '"', - "'": ''', - '`': '`' - }; - - /** Used to map HTML entities to characters. */ - var htmlUnescapes = { - '&': '&', - '<': '<', - '>': '>', - '"': '"', - ''': "'", - '`': '`' - }; - - /** Used to determine if values are of the language type `Object`. */ - var objectTypes = { - 'function': true, - 'object': true - }; - - /** Used to escape characters for inclusion in compiled regexes. */ - var regexpEscapes = { - '0': 'x30', '1': 'x31', '2': 'x32', '3': 'x33', '4': 'x34', - '5': 'x35', '6': 'x36', '7': 'x37', '8': 'x38', '9': 'x39', - 'A': 'x41', 'B': 'x42', 'C': 'x43', 'D': 'x44', 'E': 'x45', 'F': 'x46', - 'a': 'x61', 'b': 'x62', 'c': 'x63', 'd': 'x64', 'e': 'x65', 'f': 'x66', - 'n': 'x6e', 'r': 'x72', 't': 'x74', 'u': 'x75', 'v': 'x76', 'x': 'x78' - }; - - /** Used to escape characters for inclusion in compiled string literals. */ - var stringEscapes = { - '\\': '\\', - "'": "'", - '\n': 'n', - '\r': 'r', - '\u2028': 'u2028', - '\u2029': 'u2029' - }; - - /** Detect free variable `exports`. */ - var freeExports = objectTypes[typeof exports] && exports && !exports.nodeType && exports; - - /** Detect free variable `module`. */ - var freeModule = objectTypes[typeof module] && module && !module.nodeType && module; - - /** Detect free variable `global` from Node.js. */ - var freeGlobal = freeExports && freeModule && typeof global == 'object' && global && global.Object && global; - - /** Detect free variable `self`. */ - var freeSelf = objectTypes[typeof self] && self && self.Object && self; - - /** Detect free variable `window`. */ - var freeWindow = objectTypes[typeof window] && window && window.Object && window; - - /** Detect the popular CommonJS extension `module.exports`. */ - var moduleExports = freeModule && freeModule.exports === freeExports && freeExports; - - /** - * Used as a reference to the global object. - * - * The `this` value is used if it's the global object to avoid Greasemonkey's - * restricted `window` object, otherwise the `window` object is used. - */ - var root = freeGlobal || ((freeWindow !== (this && this.window)) && freeWindow) || freeSelf || this; +module.exports = URI; - /*--------------------------------------------------------------------------*/ +},{"./address":26,"./unit":66,"lodash":96,"url":334}],68:[function(require,module,exports){ +(function (Buffer){ +'use strict'; - /** - * The base implementation of `compareAscending` which compares values and - * sorts them in ascending order without guaranteeing a stable sort. - * - * @private - * @param {*} value The value to compare. - * @param {*} other The other value to compare. - * @returns {number} Returns the sort order indicator for `value`. - */ - function baseCompareAscending(value, other) { - if (value !== other) { - var valIsNull = value === null, - valIsUndef = value === undefined, - valIsReflexive = value === value; +var buffer = require('buffer'); +var assert = require('assert'); - var othIsNull = other === null, - othIsUndef = other === undefined, - othIsReflexive = other === other; +var js = require('./js'); +var $ = require('./preconditions'); - if ((value > other && !othIsNull) || !valIsReflexive || - (valIsNull && !othIsUndef && othIsReflexive) || - (valIsUndef && othIsReflexive)) { - return 1; - } - if ((value < other && !valIsNull) || !othIsReflexive || - (othIsNull && !valIsUndef && valIsReflexive) || - (othIsUndef && valIsReflexive)) { - return -1; - } +function equals(a, b) { + if (a.length !== b.length) { + return false; + } + var length = a.length; + for (var i = 0; i < length; i++) { + if (a[i] !== b[i]) { + return false; } - return 0; } + return true; +} +module.exports = { /** - * The base implementation of `_.findIndex` and `_.findLastIndex` without - * support for callback shorthands and `this` binding. + * Fill a buffer with a value. * - * @private - * @param {Array} array The array to search. - * @param {Function} predicate The function invoked per iteration. - * @param {boolean} [fromRight] Specify iterating from right to left. - * @returns {number} Returns the index of the matched value, else `-1`. + * @param {Buffer} buffer + * @param {number} value + * @return {Buffer} */ - function baseFindIndex(array, predicate, fromRight) { - var length = array.length, - index = fromRight ? length : -1; - - while ((fromRight ? index-- : ++index < length)) { - if (predicate(array[index], index, array)) { - return index; - } + fill: function fill(buffer, value) { + $.checkArgumentType(buffer, 'Buffer', 'buffer'); + $.checkArgumentType(value, 'number', 'value'); + var length = buffer.length; + for (var i = 0; i < length; i++) { + buffer[i] = value; } - return -1; - } + return buffer; + }, /** - * The base implementation of `_.indexOf` without support for binary searches. + * Return a copy of a buffer * - * @private - * @param {Array} array The array to search. - * @param {*} value The value to search for. - * @param {number} fromIndex The index to search from. - * @returns {number} Returns the index of the matched value, else `-1`. + * @param {Buffer} original + * @return {Buffer} */ - function baseIndexOf(array, value, fromIndex) { - if (value !== value) { - return indexOfNaN(array, fromIndex); - } - var index = fromIndex - 1, - length = array.length; - - while (++index < length) { - if (array[index] === value) { - return index; - } - } - return -1; - } + copy: function(original) { + var buffer = new Buffer(original.length); + original.copy(buffer); + return buffer; + }, /** - * The base implementation of `_.isFunction` without support for environments - * with incorrect `typeof` results. + * Returns true if the given argument is an instance of a buffer. Tests for + * both node's Buffer and Uint8Array * - * @private - * @param {*} value The value to check. - * @returns {boolean} Returns `true` if `value` is correctly classified, else `false`. + * @param {*} arg + * @return {boolean} */ - function baseIsFunction(value) { - // Avoid a Chakra JIT bug in compatibility modes of IE 11. - // See https://github.com/jashkenas/underscore/issues/1621 for more details. - return typeof value == 'function' || false; - } + isBuffer: function isBuffer(arg) { + return buffer.Buffer.isBuffer(arg) || arg instanceof Uint8Array; + }, /** - * Converts `value` to a string if it's not one. An empty string is returned - * for `null` or `undefined` values. + * Returns a zero-filled byte array * - * @private - * @param {*} value The value to process. - * @returns {string} Returns the string. + * @param {number} bytes + * @return {Buffer} */ - function baseToString(value) { - return value == null ? '' : (value + ''); - } + emptyBuffer: function emptyBuffer(bytes) { + $.checkArgumentType(bytes, 'number', 'bytes'); + var result = new buffer.Buffer(bytes); + for (var i = 0; i < bytes; i++) { + result.write('\0', i); + } + return result; + }, /** - * Used by `_.trim` and `_.trimLeft` to get the index of the first character - * of `string` that is not found in `chars`. + * Concatenates a buffer * - * @private - * @param {string} string The string to inspect. - * @param {string} chars The characters to find. - * @returns {number} Returns the index of the first character not found in `chars`. + * Shortcut for buffer.Buffer.concat */ - function charsLeftIndex(string, chars) { - var index = -1, - length = string.length; + concat: buffer.Buffer.concat, - while (++index < length && chars.indexOf(string.charAt(index)) > -1) {} - return index; - } + equals: equals, + equal: equals, /** - * Used by `_.trim` and `_.trimRight` to get the index of the last character - * of `string` that is not found in `chars`. + * Transforms a number from 0 to 255 into a Buffer of size 1 with that value * - * @private - * @param {string} string The string to inspect. - * @param {string} chars The characters to find. - * @returns {number} Returns the index of the last character not found in `chars`. + * @param {number} integer + * @return {Buffer} */ - function charsRightIndex(string, chars) { - var index = string.length; - - while (index-- && chars.indexOf(string.charAt(index)) > -1) {} - return index; - } + integerAsSingleByteBuffer: function integerAsSingleByteBuffer(integer) { + $.checkArgumentType(integer, 'number', 'integer'); + return new buffer.Buffer([integer & 0xff]); + }, /** - * Used by `_.sortBy` to compare transformed elements of a collection and stable - * sort them in ascending order. + * Transform a 4-byte integer into a Buffer of length 4. * - * @private - * @param {Object} object The object to compare. - * @param {Object} other The other object to compare. - * @returns {number} Returns the sort order indicator for `object`. + * @param {number} integer + * @return {Buffer} */ - function compareAscending(object, other) { - return baseCompareAscending(object.criteria, other.criteria) || (object.index - other.index); - } + integerAsBuffer: function integerAsBuffer(integer) { + $.checkArgumentType(integer, 'number', 'integer'); + var bytes = []; + bytes.push((integer >> 24) & 0xff); + bytes.push((integer >> 16) & 0xff); + bytes.push((integer >> 8) & 0xff); + bytes.push(integer & 0xff); + return new Buffer(bytes); + }, /** - * Used by `_.sortByOrder` to compare multiple properties of a value to another - * and stable sort them. - * - * If `orders` is unspecified, all valuess are sorted in ascending order. Otherwise, - * a value is sorted in ascending order if its corresponding order is "asc", and - * descending if "desc". + * Transform the first 4 values of a Buffer into a number, in little endian encoding * - * @private - * @param {Object} object The object to compare. - * @param {Object} other The other object to compare. - * @param {boolean[]} orders The order to sort by for each property. - * @returns {number} Returns the sort order indicator for `object`. + * @param {Buffer} buffer + * @return {number} */ - function compareMultiple(object, other, orders) { - var index = -1, - objCriteria = object.criteria, - othCriteria = other.criteria, - length = objCriteria.length, - ordersLength = orders.length; - - while (++index < length) { - var result = baseCompareAscending(objCriteria[index], othCriteria[index]); - if (result) { - if (index >= ordersLength) { - return result; - } - var order = orders[index]; - return result * ((order === 'asc' || order === true) ? 1 : -1); - } - } - // Fixes an `Array#sort` bug in the JS engine embedded in Adobe applications - // that causes it, under certain circumstances, to provide the same value for - // `object` and `other`. See https://github.com/jashkenas/underscore/pull/1247 - // for more details. - // - // This also ensures a stable sort in V8 and other engines. - // See https://code.google.com/p/v8/issues/detail?id=90 for more details. - return object.index - other.index; - } + integerFromBuffer: function integerFromBuffer(buffer) { + $.checkArgumentType(buffer, 'Buffer', 'buffer'); + return buffer[0] << 24 | buffer[1] << 16 | buffer[2] << 8 | buffer[3]; + }, /** - * Used by `_.deburr` to convert latin-1 supplementary letters to basic latin letters. - * - * @private - * @param {string} letter The matched letter to deburr. - * @returns {string} Returns the deburred letter. + * Transforms the first byte of an array into a number ranging from -128 to 127 + * @param {Buffer} buffer + * @return {number} */ - function deburrLetter(letter) { - return deburredLetters[letter]; - } + integerFromSingleByteBuffer: function integerFromBuffer(buffer) { + $.checkArgumentType(buffer, 'Buffer', 'buffer'); + return buffer[0]; + }, /** - * Used by `_.escape` to convert characters to HTML entities. + * Transforms a buffer into a string with a number in hexa representation * - * @private - * @param {string} chr The matched character to escape. - * @returns {string} Returns the escaped character. + * Shorthand for buffer.toString('hex') + * + * @param {Buffer} buffer + * @return {string} */ - function escapeHtmlChar(chr) { - return htmlEscapes[chr]; - } + bufferToHex: function bufferToHex(buffer) { + $.checkArgumentType(buffer, 'Buffer', 'buffer'); + return buffer.toString('hex'); + }, /** - * Used by `_.escapeRegExp` to escape characters for inclusion in compiled regexes. - * - * @private - * @param {string} chr The matched character to escape. - * @param {string} leadingChar The capture group for a leading character. - * @param {string} whitespaceChar The capture group for a whitespace character. - * @returns {string} Returns the escaped character. + * Reverse a buffer + * @param {Buffer} param + * @return {Buffer} */ - function escapeRegExpChar(chr, leadingChar, whitespaceChar) { - if (leadingChar) { - chr = regexpEscapes[chr]; - } else if (whitespaceChar) { - chr = stringEscapes[chr]; + reverse: function reverse(param) { + var ret = new buffer.Buffer(param.length); + for (var i = 0; i < param.length; i++) { + ret[i] = param[param.length - i - 1]; } - return '\\' + chr; - } + return ret; + }, /** - * Used by `_.template` to escape characters for inclusion in compiled string literals. + * Transforms an hexa encoded string into a Buffer with binary values * - * @private - * @param {string} chr The matched character to escape. - * @returns {string} Returns the escaped character. + * Shorthand for Buffer(string, 'hex') + * + * @param {string} string + * @return {Buffer} */ - function escapeStringChar(chr) { - return '\\' + stringEscapes[chr]; + hexToBuffer: function hexToBuffer(string) { + assert(js.isHexa(string)); + return new buffer.Buffer(string, 'hex'); } +}; - /** - * Gets the index at which the first occurrence of `NaN` is found in `array`. - * - * @private - * @param {Array} array The array to search. - * @param {number} fromIndex The index to search from. - * @param {boolean} [fromRight] Specify iterating from right to left. - * @returns {number} Returns the index of the matched `NaN`, else `-1`. - */ - function indexOfNaN(array, fromIndex, fromRight) { - var length = array.length, - index = fromIndex + (fromRight ? 0 : -1); +module.exports.NULL_HASH = module.exports.fill(new Buffer(32), 0); +module.exports.EMPTY_BUFFER = new Buffer(0); - while ((fromRight ? index-- : ++index < length)) { - var other = array[index]; - if (other !== other) { - return index; - } - } - return -1; - } +}).call(this,require("buffer").Buffer) +},{"./js":69,"./preconditions":70,"assert":22,"buffer":158}],69:[function(require,module,exports){ +'use strict'; - /** - * Checks if `value` is object-like. - * - * @private - * @param {*} value The value to check. - * @returns {boolean} Returns `true` if `value` is object-like, else `false`. - */ - function isObjectLike(value) { - return !!value && typeof value == 'object'; +var _ = require('lodash'); + +/** + * Determines whether a string contains only hexadecimal values + * + * @name JSUtil.isHexa + * @param {string} value + * @return {boolean} true if the string is the hexa representation of a number + */ +var isHexa = function isHexa(value) { + if (!_.isString(value)) { + return false; } + return /^[0-9a-fA-F]+$/.test(value); +}; +/** + * @namespace JSUtil + */ +module.exports = { /** - * Used by `trimmedLeftIndex` and `trimmedRightIndex` to determine if a - * character code is whitespace. + * Test if an argument is a valid JSON object. If it is, returns a truthy + * value (the json object decoded), so no double JSON.parse call is necessary * - * @private - * @param {number} charCode The character code to inspect. - * @returns {boolean} Returns `true` if `charCode` is whitespace, else `false`. + * @param {string} arg + * @return {Object|boolean} false if the argument is not a JSON string. */ - function isSpace(charCode) { - return ((charCode <= 160 && (charCode >= 9 && charCode <= 13) || charCode == 32 || charCode == 160) || charCode == 5760 || charCode == 6158 || - (charCode >= 8192 && (charCode <= 8202 || charCode == 8232 || charCode == 8233 || charCode == 8239 || charCode == 8287 || charCode == 12288 || charCode == 65279))); - } + isValidJSON: function isValidJSON(arg) { + var parsed; + if (!_.isString(arg)) { + return false; + } + try { + parsed = JSON.parse(arg); + } catch (e) { + return false; + } + if (typeof(parsed) === 'object') { + return true; + } + return false; + }, + isHexa: isHexa, + isHexaString: isHexa, /** - * Replaces all `placeholder` elements in `array` with an internal placeholder - * and returns an array of their indexes. - * - * @private - * @param {Array} array The array to modify. - * @param {*} placeholder The placeholder to replace. - * @returns {Array} Returns the new array of placeholder indexes. + * Clone an array */ - function replaceHolders(array, placeholder) { - var index = -1, - length = array.length, - resIndex = -1, - result = []; - - while (++index < length) { - if (array[index] === placeholder) { - array[index] = PLACEHOLDER; - result[++resIndex] = index; - } - } - return result; - } + cloneArray: function(array) { + return [].concat(array); + }, /** - * An implementation of `_.uniq` optimized for sorted arrays without support - * for callback shorthands and `this` binding. + * Define immutable properties on a target object * - * @private - * @param {Array} array The array to inspect. - * @param {Function} [iteratee] The function invoked per iteration. - * @returns {Array} Returns the new duplicate-value-free array. + * @param {Object} target - An object to be extended + * @param {Object} values - An object of properties + * @return {Object} The target object */ - function sortedUniq(array, iteratee) { - var seen, - index = -1, - length = array.length, - resIndex = -1, - result = []; + defineImmutable: function defineImmutable(target, values) { + Object.keys(values).forEach(function(key){ + Object.defineProperty(target, key, { + configurable: false, + enumerable: true, + value: values[key] + }); + }); + return target; + }, + /** + * Checks that a value is a natural number, a positive integer or zero. + * + * @param {*} value + * @return {Boolean} + */ + isNaturalNumber: function isNaturalNumber(value) { + return typeof value === 'number' && + isFinite(value) && + Math.floor(value) === value && + value >= 0; + } +}; - while (++index < length) { - var value = array[index], - computed = iteratee ? iteratee(value, index, array) : value; +},{"lodash":96}],70:[function(require,module,exports){ +'use strict'; - if (!index || seen !== computed) { - seen = computed; - result[++resIndex] = value; +var errors = require('../errors'); +var _ = require('lodash'); + +module.exports = { + checkState: function(condition, message) { + if (!condition) { + throw new errors.InvalidState(message); + } + }, + checkArgument: function(condition, argumentName, message, docsPath) { + if (!condition) { + throw new errors.InvalidArgument(argumentName, message, docsPath); + } + }, + checkArgumentType: function(argument, type, argumentName) { + argumentName = argumentName || '(unknown name)'; + if (_.isString(type)) { + if (type === 'Buffer') { + var BufferUtil = require('./buffer'); + if (!BufferUtil.isBuffer(argument)) { + throw new errors.InvalidArgumentType(argument, type, argumentName); + } + } else if (typeof argument !== type) { + throw new errors.InvalidArgumentType(argument, type, argumentName); + } + } else { + if (!(argument instanceof type)) { + throw new errors.InvalidArgumentType(argument, type.name, argumentName); } } - return result; } +}; - /** - * Used by `_.trim` and `_.trimLeft` to get the index of the first non-whitespace - * character of `string`. - * - * @private - * @param {string} string The string to inspect. - * @returns {number} Returns the index of the first non-whitespace character. - */ - function trimmedLeftIndex(string) { - var index = -1, - length = string.length; +},{"../errors":42,"./buffer":68,"lodash":96}],71:[function(require,module,exports){ +(function (module, exports) { - while (++index < length && isSpace(string.charCodeAt(index))) {} - return index; +'use strict'; + +// Utils + +function assert(val, msg) { + if (!val) + throw new Error(msg || 'Assertion failed'); +} + +// Could use `inherits` module, but don't want to move from single file +// architecture yet. +function inherits(ctor, superCtor) { + ctor.super_ = superCtor; + var TempCtor = function () {}; + TempCtor.prototype = superCtor.prototype; + ctor.prototype = new TempCtor(); + ctor.prototype.constructor = ctor; +} + +// BN + +function BN(number, base, endian) { + // May be `new BN(bn)` ? + if (number !== null && + typeof number === 'object' && + Array.isArray(number.words)) { + return number; } - /** - * Used by `_.trim` and `_.trimRight` to get the index of the last non-whitespace - * character of `string`. - * - * @private - * @param {string} string The string to inspect. - * @returns {number} Returns the index of the last non-whitespace character. - */ - function trimmedRightIndex(string) { - var index = string.length; + this.sign = false; + this.words = null; + this.length = 0; - while (index-- && isSpace(string.charCodeAt(index))) {} - return index; + // Reduction context + this.red = null; + + if (base === 'le' || base === 'be') { + endian = base; + base = 10; } - /** - * Used by `_.unescape` to convert HTML entities to characters. - * - * @private - * @param {string} chr The matched character to unescape. - * @returns {string} Returns the unescaped character. - */ - function unescapeHtmlChar(chr) { - return htmlUnescapes[chr]; + if (number !== null) + this._init(number || 0, base || 10, endian || 'be'); +} +if (typeof module === 'object') + module.exports = BN; +else + exports.BN = BN; + +BN.BN = BN; +BN.wordSize = 26; + +BN.prototype._init = function init(number, base, endian) { + if (typeof number === 'number') { + if (number < 0) { + this.sign = true; + number = -number; + } + if (number < 0x4000000) { + this.words = [ number & 0x3ffffff ]; + this.length = 1; + } else if (number < 0x10000000000000) { + this.words = [ + number & 0x3ffffff, + (number / 0x4000000) & 0x3ffffff + ]; + this.length = 2; + } else { + assert(number < 0x20000000000000); // 2 ^ 53 (unsafe) + this.words = [ + number & 0x3ffffff, + (number / 0x4000000) & 0x3ffffff, + 1 + ]; + this.length = 3; + } + return; + } else if (typeof number === 'object') { + return this._initArray(number, base, endian); } + if (base === 'hex') + base = 16; + assert(base === (base | 0) && base >= 2 && base <= 36); - /*--------------------------------------------------------------------------*/ + number = number.toString().replace(/\s+/g, ''); + var start = 0; + if (number[0] === '-') + start++; - /** - * Create a new pristine `lodash` function using the given `context` object. - * - * @static - * @memberOf _ - * @category Utility - * @param {Object} [context=root] The context object. - * @returns {Function} Returns a new `lodash` function. - * @example - * - * _.mixin({ 'foo': _.constant('foo') }); - * - * var lodash = _.runInContext(); - * lodash.mixin({ 'bar': lodash.constant('bar') }); - * - * _.isFunction(_.foo); - * // => true - * _.isFunction(_.bar); - * // => false - * - * lodash.isFunction(lodash.foo); - * // => false - * lodash.isFunction(lodash.bar); - * // => true - * - * // using `context` to mock `Date#getTime` use in `_.now` - * var mock = _.runInContext({ - * 'Date': function() { - * return { 'getTime': getTimeMock }; - * } - * }); - * - * // or creating a suped-up `defer` in Node.js - * var defer = _.runInContext({ 'setTimeout': setImmediate }).defer; - */ - function runInContext(context) { - // Avoid issues with some ES3 environments that attempt to use values, named - // after built-in constructors like `Object`, for the creation of literals. - // ES5 clears this up by stating that literals must use built-in constructors. - // See https://es5.github.io/#x11.1.5 for more details. - context = context ? _.defaults(root.Object(), context, _.pick(root, contextProps)) : root; + if (base === 16) + this._parseHex(number, start); + else + this._parseBase(number, base, start); - /** Native constructor references. */ - var Array = context.Array, - Date = context.Date, - Error = context.Error, - Function = context.Function, - Math = context.Math, - Number = context.Number, - Object = context.Object, - RegExp = context.RegExp, - String = context.String, - TypeError = context.TypeError; + if (number[0] === '-') + this.sign = true; - /** Used for native method references. */ - var arrayProto = Array.prototype, - objectProto = Object.prototype, - stringProto = String.prototype; + this.strip(); +}; - /** Used to resolve the decompiled source of functions. */ - var fnToString = Function.prototype.toString; +BN.prototype._initArray = function _initArray(number, base, endian) { + // Perhaps a Uint8Array + assert(typeof number.length === 'number'); + if (number.length <= 0) { + this.words = [ 0 ]; + this.length = 1; + return this; + } - /** Used to check objects for own properties. */ - var hasOwnProperty = objectProto.hasOwnProperty; + this.length = Math.ceil(number.length / 3); + this.words = new Array(this.length); + for (var i = 0; i < this.length; i++) + this.words[i] = 0; - /** Used to generate unique IDs. */ - var idCounter = 0; + var off = 0; + if (endian === 'be') { + for (var i = number.length - 1, j = 0; i >= 0; i -= 3) { + var w = number[i] | (number[i - 1] << 8) | (number[i - 2] << 16); + this.words[j] |= (w << off) & 0x3ffffff; + this.words[j + 1] = (w >>> (26 - off)) & 0x3ffffff; + off += 24; + if (off >= 26) { + off -= 26; + j++; + } + } + } else if (endian === 'le') { + for (var i = 0, j = 0; i < number.length; i += 3) { + var w = number[i] | (number[i + 1] << 8) | (number[i + 2] << 16); + this.words[j] |= (w << off) & 0x3ffffff; + this.words[j + 1] = (w >>> (26 - off)) & 0x3ffffff; + off += 24; + if (off >= 26) { + off -= 26; + j++; + } + } + } + return this.strip(); +}; - /** - * Used to resolve the [`toStringTag`](http://ecma-international.org/ecma-262/6.0/#sec-object.prototype.tostring) - * of values. - */ - var objToString = objectProto.toString; +function parseHex(str, start, end) { + var r = 0; + var len = Math.min(str.length, end); + for (var i = start; i < len; i++) { + var c = str.charCodeAt(i) - 48; - /** Used to restore the original `_` reference in `_.noConflict`. */ - var oldDash = root._; + r <<= 4; - /** Used to detect if a method is native. */ - var reIsNative = RegExp('^' + - fnToString.call(hasOwnProperty).replace(/[\\^$.*+?()[\]{}|]/g, '\\$&') - .replace(/hasOwnProperty|(function).*?(?=\\\()| for .+?(?=\\\])/g, '$1.*?') + '$' - ); + // 'a' - 'f' + if (c >= 49 && c <= 54) + r |= c - 49 + 0xa; - /** Native method references. */ - var ArrayBuffer = context.ArrayBuffer, - clearTimeout = context.clearTimeout, - parseFloat = context.parseFloat, - pow = Math.pow, - propertyIsEnumerable = objectProto.propertyIsEnumerable, - Set = getNative(context, 'Set'), - setTimeout = context.setTimeout, - splice = arrayProto.splice, - Uint8Array = context.Uint8Array, - WeakMap = getNative(context, 'WeakMap'); + // 'A' - 'F' + else if (c >= 17 && c <= 22) + r |= c - 17 + 0xa; - /* Native method references for those with the same name as other `lodash` methods. */ - var nativeCeil = Math.ceil, - nativeCreate = getNative(Object, 'create'), - nativeFloor = Math.floor, - nativeIsArray = getNative(Array, 'isArray'), - nativeIsFinite = context.isFinite, - nativeKeys = getNative(Object, 'keys'), - nativeMax = Math.max, - nativeMin = Math.min, - nativeNow = getNative(Date, 'now'), - nativeParseInt = context.parseInt, - nativeRandom = Math.random; + // '0' - '9' + else + r |= c & 0xf; + } + return r; +} - /** Used as references for `-Infinity` and `Infinity`. */ - var NEGATIVE_INFINITY = Number.NEGATIVE_INFINITY, - POSITIVE_INFINITY = Number.POSITIVE_INFINITY; +BN.prototype._parseHex = function _parseHex(number, start) { + // Create possibly bigger array to ensure that it fits the number + this.length = Math.ceil((number.length - start) / 6); + this.words = new Array(this.length); + for (var i = 0; i < this.length; i++) + this.words[i] = 0; - /** Used as references for the maximum length and index of an array. */ - var MAX_ARRAY_LENGTH = 4294967295, - MAX_ARRAY_INDEX = MAX_ARRAY_LENGTH - 1, - HALF_MAX_ARRAY_LENGTH = MAX_ARRAY_LENGTH >>> 1; + // Scan 24-bit chunks and add them to the number + var off = 0; + for (var i = number.length - 6, j = 0; i >= start; i -= 6) { + var w = parseHex(number, i, i + 6); + this.words[j] |= (w << off) & 0x3ffffff; + this.words[j + 1] |= w >>> (26 - off) & 0x3fffff; + off += 24; + if (off >= 26) { + off -= 26; + j++; + } + } + if (i + 6 !== start) { + var w = parseHex(number, start, i + 6); + this.words[j] |= (w << off) & 0x3ffffff; + this.words[j + 1] |= w >>> (26 - off) & 0x3fffff; + } + this.strip(); +}; - /** - * Used as the [maximum length](http://ecma-international.org/ecma-262/6.0/#sec-number.max_safe_integer) - * of an array-like value. - */ - var MAX_SAFE_INTEGER = 9007199254740991; +function parseBase(str, start, end, mul) { + var r = 0; + var len = Math.min(str.length, end); + for (var i = start; i < len; i++) { + var c = str.charCodeAt(i) - 48; - /** Used to store function metadata. */ - var metaMap = WeakMap && new WeakMap; + r *= mul; - /** Used to lookup unminified function names. */ - var realNames = {}; + // 'a' + if (c >= 49) + r += c - 49 + 0xa; - /*------------------------------------------------------------------------*/ + // 'A' + else if (c >= 17) + r += c - 17 + 0xa; - /** - * Creates a `lodash` object which wraps `value` to enable implicit chaining. - * Methods that operate on and return arrays, collections, and functions can - * be chained together. Methods that retrieve a single value or may return a - * primitive value will automatically end the chain returning the unwrapped - * value. Explicit chaining may be enabled using `_.chain`. The execution of - * chained methods is lazy, that is, execution is deferred until `_#value` - * is implicitly or explicitly called. - * - * Lazy evaluation allows several methods to support shortcut fusion. Shortcut - * fusion is an optimization strategy which merge iteratee calls; this can help - * to avoid the creation of intermediate data structures and greatly reduce the - * number of iteratee executions. - * - * Chaining is supported in custom builds as long as the `_#value` method is - * directly or indirectly included in the build. - * - * In addition to lodash methods, wrappers have `Array` and `String` methods. - * - * The wrapper `Array` methods are: - * `concat`, `join`, `pop`, `push`, `reverse`, `shift`, `slice`, `sort`, - * `splice`, and `unshift` - * - * The wrapper `String` methods are: - * `replace` and `split` - * - * The wrapper methods that support shortcut fusion are: - * `compact`, `drop`, `dropRight`, `dropRightWhile`, `dropWhile`, `filter`, - * `first`, `initial`, `last`, `map`, `pluck`, `reject`, `rest`, `reverse`, - * `slice`, `take`, `takeRight`, `takeRightWhile`, `takeWhile`, `toArray`, - * and `where` - * - * The chainable wrapper methods are: - * `after`, `ary`, `assign`, `at`, `before`, `bind`, `bindAll`, `bindKey`, - * `callback`, `chain`, `chunk`, `commit`, `compact`, `concat`, `constant`, - * `countBy`, `create`, `curry`, `debounce`, `defaults`, `defaultsDeep`, - * `defer`, `delay`, `difference`, `drop`, `dropRight`, `dropRightWhile`, - * `dropWhile`, `fill`, `filter`, `flatten`, `flattenDeep`, `flow`, `flowRight`, - * `forEach`, `forEachRight`, `forIn`, `forInRight`, `forOwn`, `forOwnRight`, - * `functions`, `groupBy`, `indexBy`, `initial`, `intersection`, `invert`, - * `invoke`, `keys`, `keysIn`, `map`, `mapKeys`, `mapValues`, `matches`, - * `matchesProperty`, `memoize`, `merge`, `method`, `methodOf`, `mixin`, - * `modArgs`, `negate`, `omit`, `once`, `pairs`, `partial`, `partialRight`, - * `partition`, `pick`, `plant`, `pluck`, `property`, `propertyOf`, `pull`, - * `pullAt`, `push`, `range`, `rearg`, `reject`, `remove`, `rest`, `restParam`, - * `reverse`, `set`, `shuffle`, `slice`, `sort`, `sortBy`, `sortByAll`, - * `sortByOrder`, `splice`, `spread`, `take`, `takeRight`, `takeRightWhile`, - * `takeWhile`, `tap`, `throttle`, `thru`, `times`, `toArray`, `toPlainObject`, - * `transform`, `union`, `uniq`, `unshift`, `unzip`, `unzipWith`, `values`, - * `valuesIn`, `where`, `without`, `wrap`, `xor`, `zip`, `zipObject`, `zipWith` - * - * The wrapper methods that are **not** chainable by default are: - * `add`, `attempt`, `camelCase`, `capitalize`, `ceil`, `clone`, `cloneDeep`, - * `deburr`, `endsWith`, `escape`, `escapeRegExp`, `every`, `find`, `findIndex`, - * `findKey`, `findLast`, `findLastIndex`, `findLastKey`, `findWhere`, `first`, - * `floor`, `get`, `gt`, `gte`, `has`, `identity`, `includes`, `indexOf`, - * `inRange`, `isArguments`, `isArray`, `isBoolean`, `isDate`, `isElement`, - * `isEmpty`, `isEqual`, `isError`, `isFinite` `isFunction`, `isMatch`, - * `isNative`, `isNaN`, `isNull`, `isNumber`, `isObject`, `isPlainObject`, - * `isRegExp`, `isString`, `isUndefined`, `isTypedArray`, `join`, `kebabCase`, - * `last`, `lastIndexOf`, `lt`, `lte`, `max`, `min`, `noConflict`, `noop`, - * `now`, `pad`, `padLeft`, `padRight`, `parseInt`, `pop`, `random`, `reduce`, - * `reduceRight`, `repeat`, `result`, `round`, `runInContext`, `shift`, `size`, - * `snakeCase`, `some`, `sortedIndex`, `sortedLastIndex`, `startCase`, - * `startsWith`, `sum`, `template`, `trim`, `trimLeft`, `trimRight`, `trunc`, - * `unescape`, `uniqueId`, `value`, and `words` - * - * The wrapper method `sample` will return a wrapped value when `n` is provided, - * otherwise an unwrapped value is returned. - * - * @name _ - * @constructor - * @category Chain - * @param {*} value The value to wrap in a `lodash` instance. - * @returns {Object} Returns the new `lodash` wrapper instance. - * @example - * - * var wrapped = _([1, 2, 3]); - * - * // returns an unwrapped value - * wrapped.reduce(function(total, n) { - * return total + n; - * }); - * // => 6 - * - * // returns a wrapped value - * var squares = wrapped.map(function(n) { - * return n * n; - * }); - * - * _.isArray(squares); - * // => false - * - * _.isArray(squares.value()); - * // => true - */ - function lodash(value) { - if (isObjectLike(value) && !isArray(value) && !(value instanceof LazyWrapper)) { - if (value instanceof LodashWrapper) { - return value; - } - if (hasOwnProperty.call(value, '__chain__') && hasOwnProperty.call(value, '__wrapped__')) { - return wrapperClone(value); - } - } - return new LodashWrapper(value); - } + // '0' - '9' + else + r += c; + } + return r; +} - /** - * The function whose prototype all chaining wrappers inherit from. - * - * @private - */ - function baseLodash() { - // No operation performed. - } +BN.prototype._parseBase = function _parseBase(number, base, start) { + // Initialize as zero + this.words = [ 0 ]; + this.length = 1; - /** - * The base constructor for creating `lodash` wrapper objects. - * - * @private - * @param {*} value The value to wrap. - * @param {boolean} [chainAll] Enable chaining for all wrapper methods. - * @param {Array} [actions=[]] Actions to peform to resolve the unwrapped value. - */ - function LodashWrapper(value, chainAll, actions) { - this.__wrapped__ = value; - this.__actions__ = actions || []; - this.__chain__ = !!chainAll; - } + // Find length of limb in base + for (var limbLen = 0, limbPow = 1; limbPow <= 0x3ffffff; limbPow *= base) + limbLen++; + limbLen--; + limbPow = (limbPow / base) | 0; - /** - * An object environment feature flags. - * - * @static - * @memberOf _ - * @type Object - */ - var support = lodash.support = {}; + var total = number.length - start; + var mod = total % limbLen; + var end = Math.min(total, total - mod) + start; - /** - * By default, the template delimiters used by lodash are like those in - * embedded Ruby (ERB). Change the following template settings to use - * alternative delimiters. - * - * @static - * @memberOf _ - * @type Object - */ - lodash.templateSettings = { + var word = 0; + for (var i = start; i < end; i += limbLen) { + word = parseBase(number, i, i + limbLen, base); - /** - * Used to detect `data` property values to be HTML-escaped. - * - * @memberOf _.templateSettings - * @type RegExp - */ - 'escape': reEscape, + this.imuln(limbPow); + if (this.words[0] + word < 0x4000000) + this.words[0] += word; + else + this._iaddn(word); + } - /** - * Used to detect code to be evaluated. - * - * @memberOf _.templateSettings - * @type RegExp - */ - 'evaluate': reEvaluate, + if (mod !== 0) { + var pow = 1; + var word = parseBase(number, i, number.length, base); - /** - * Used to detect `data` property values to inject. - * - * @memberOf _.templateSettings - * @type RegExp - */ - 'interpolate': reInterpolate, + for (var i = 0; i < mod; i++) + pow *= base; + this.imuln(pow); + if (this.words[0] + word < 0x4000000) + this.words[0] += word; + else + this._iaddn(word); + } +}; - /** - * Used to reference the data object in the template text. - * - * @memberOf _.templateSettings - * @type string - */ - 'variable': '', +BN.prototype.copy = function copy(dest) { + dest.words = new Array(this.length); + for (var i = 0; i < this.length; i++) + dest.words[i] = this.words[i]; + dest.length = this.length; + dest.sign = this.sign; + dest.red = this.red; +}; - /** - * Used to import variables into the compiled template. - * - * @memberOf _.templateSettings - * @type Object - */ - 'imports': { +BN.prototype.clone = function clone() { + var r = new BN(null); + this.copy(r); + return r; +}; - /** - * A reference to the `lodash` function. - * - * @memberOf _.templateSettings.imports - * @type Function - */ - '_': lodash - } - }; +// Remove leading `0` from `this` +BN.prototype.strip = function strip() { + while (this.length > 1 && this.words[this.length - 1] === 0) + this.length--; + return this._normSign(); +}; - /*------------------------------------------------------------------------*/ +BN.prototype._normSign = function _normSign() { + // -0 = 0 + if (this.length === 1 && this.words[0] === 0) + this.sign = false; + return this; +}; - /** - * Creates a lazy wrapper object which wraps `value` to enable lazy evaluation. - * - * @private - * @param {*} value The value to wrap. - */ - function LazyWrapper(value) { - this.__wrapped__ = value; - this.__actions__ = []; - this.__dir__ = 1; - this.__filtered__ = false; - this.__iteratees__ = []; - this.__takeCount__ = POSITIVE_INFINITY; - this.__views__ = []; - } +BN.prototype.inspect = function inspect() { + return (this.red ? ''; +}; - /** - * Creates a clone of the lazy wrapper object. - * - * @private - * @name clone - * @memberOf LazyWrapper - * @returns {Object} Returns the cloned `LazyWrapper` object. - */ - function lazyClone() { - var result = new LazyWrapper(this.__wrapped__); - result.__actions__ = arrayCopy(this.__actions__); - result.__dir__ = this.__dir__; - result.__filtered__ = this.__filtered__; - result.__iteratees__ = arrayCopy(this.__iteratees__); - result.__takeCount__ = this.__takeCount__; - result.__views__ = arrayCopy(this.__views__); - return result; - } +/* - /** - * Reverses the direction of lazy iteration. - * - * @private - * @name reverse - * @memberOf LazyWrapper - * @returns {Object} Returns the new reversed `LazyWrapper` object. - */ - function lazyReverse() { - if (this.__filtered__) { - var result = new LazyWrapper(this); - result.__dir__ = -1; - result.__filtered__ = true; - } else { - result = this.clone(); - result.__dir__ *= -1; - } - return result; - } +var zeros = []; +var groupSizes = []; +var groupBases = []; - /** - * Extracts the unwrapped value from its lazy wrapper. - * - * @private - * @name value - * @memberOf LazyWrapper - * @returns {*} Returns the unwrapped value. - */ - function lazyValue() { - var array = this.__wrapped__.value(), - dir = this.__dir__, - isArr = isArray(array), - isRight = dir < 0, - arrLength = isArr ? array.length : 0, - view = getView(0, arrLength, this.__views__), - start = view.start, - end = view.end, - length = end - start, - index = isRight ? end : (start - 1), - iteratees = this.__iteratees__, - iterLength = iteratees.length, - resIndex = 0, - takeCount = nativeMin(length, this.__takeCount__); +var s = ''; +var i = -1; +while (++i < BN.wordSize) { + zeros[i] = s; + s += '0'; +} +groupSizes[0] = 0; +groupSizes[1] = 0; +groupBases[0] = 0; +groupBases[1] = 0; +var base = 2 - 1; +while (++base < 36 + 1) { + var groupSize = 0; + var groupBase = 1; + while (groupBase < (1 << BN.wordSize) / base) { + groupBase *= base; + groupSize += 1; + } + groupSizes[base] = groupSize; + groupBases[base] = groupBase; +} - if (!isArr || arrLength < LARGE_ARRAY_SIZE || (arrLength == length && takeCount == length)) { - return baseWrapperValue((isRight && isArr) ? array.reverse() : array, this.__actions__); - } - var result = []; +*/ - outer: - while (length-- && resIndex < takeCount) { - index += dir; +var zeros = [ + '', + '0', + '00', + '000', + '0000', + '00000', + '000000', + '0000000', + '00000000', + '000000000', + '0000000000', + '00000000000', + '000000000000', + '0000000000000', + '00000000000000', + '000000000000000', + '0000000000000000', + '00000000000000000', + '000000000000000000', + '0000000000000000000', + '00000000000000000000', + '000000000000000000000', + '0000000000000000000000', + '00000000000000000000000', + '000000000000000000000000', + '0000000000000000000000000' +]; - var iterIndex = -1, - value = array[index]; +var groupSizes = [ + 0, 0, + 25, 16, 12, 11, 10, 9, 8, + 8, 7, 7, 7, 7, 6, 6, + 6, 6, 6, 6, 6, 5, 5, + 5, 5, 5, 5, 5, 5, 5, + 5, 5, 5, 5, 5, 5, 5 +]; - while (++iterIndex < iterLength) { - var data = iteratees[iterIndex], - iteratee = data.iteratee, - type = data.type, - computed = iteratee(value); +var groupBases = [ + 0, 0, + 33554432, 43046721, 16777216, 48828125, 60466176, 40353607, 16777216, + 43046721, 10000000, 19487171, 35831808, 62748517, 7529536, 11390625, + 16777216, 24137569, 34012224, 47045881, 64000000, 4084101, 5153632, + 6436343, 7962624, 9765625, 11881376, 14348907, 17210368, 20511149, + 24300000, 28629151, 33554432, 39135393, 45435424, 52521875, 60466176 +]; - if (type == LAZY_MAP_FLAG) { - value = computed; - } else if (!computed) { - if (type == LAZY_FILTER_FLAG) { - continue outer; - } else { - break outer; - } - } - } - result[resIndex++] = value; +BN.prototype.toString = function toString(base, padding) { + base = base || 10; + if (base === 16 || base === 'hex') { + var out = ''; + var off = 0; + var padding = padding | 0 || 1; + var carry = 0; + for (var i = 0; i < this.length; i++) { + var w = this.words[i]; + var word = (((w << off) | carry) & 0xffffff).toString(16); + carry = (w >>> (24 - off)) & 0xffffff; + if (carry !== 0 || i !== this.length - 1) + out = zeros[6 - word.length] + word + out; + else + out = word + out; + off += 2; + if (off >= 26) { + off -= 26; + i--; } - return result; - } - - /*------------------------------------------------------------------------*/ - - /** - * Creates a cache object to store key/value pairs. - * - * @private - * @static - * @name Cache - * @memberOf _.memoize - */ - function MapCache() { - this.__data__ = {}; } + if (carry !== 0) + out = carry.toString(16) + out; + while (out.length % padding !== 0) + out = '0' + out; + if (this.sign) + out = '-' + out; + return out; + } else if (base === (base | 0) && base >= 2 && base <= 36) { + // var groupSize = Math.floor(BN.wordSize * Math.LN2 / Math.log(base)); + var groupSize = groupSizes[base]; + // var groupBase = Math.pow(base, groupSize); + var groupBase = groupBases[base]; + var out = ''; + var c = this.clone(); + c.sign = false; + while (c.cmpn(0) !== 0) { + var r = c.modn(groupBase).toString(base); + c = c.idivn(groupBase); - /** - * Removes `key` and its value from the cache. - * - * @private - * @name delete - * @memberOf _.memoize.Cache - * @param {string} key The key of the value to remove. - * @returns {boolean} Returns `true` if the entry was removed successfully, else `false`. - */ - function mapDelete(key) { - return this.has(key) && delete this.__data__[key]; + if (c.cmpn(0) !== 0) + out = zeros[groupSize - r.length] + r + out; + else + out = r + out; } + if (this.cmpn(0) === 0) + out = '0' + out; + if (this.sign) + out = '-' + out; + return out; + } else { + assert(false, 'Base should be between 2 and 36'); + } +}; - /** - * Gets the cached value for `key`. - * - * @private - * @name get - * @memberOf _.memoize.Cache - * @param {string} key The key of the value to get. - * @returns {*} Returns the cached value. - */ - function mapGet(key) { - return key == '__proto__' ? undefined : this.__data__[key]; - } +BN.prototype.toJSON = function toJSON() { + return this.toString(16); +}; - /** - * Checks if a cached value for `key` exists. - * - * @private - * @name has - * @memberOf _.memoize.Cache - * @param {string} key The key of the entry to check. - * @returns {boolean} Returns `true` if an entry for `key` exists, else `false`. - */ - function mapHas(key) { - return key != '__proto__' && hasOwnProperty.call(this.__data__, key); - } +BN.prototype.toArray = function toArray() { + this.strip(); + var res = new Array(this.byteLength()); + res[0] = 0; - /** - * Sets `value` to `key` of the cache. - * - * @private - * @name set - * @memberOf _.memoize.Cache - * @param {string} key The key of the value to cache. - * @param {*} value The value to cache. - * @returns {Object} Returns the cache object. - */ - function mapSet(key, value) { - if (key != '__proto__') { - this.__data__[key] = value; - } - return this; - } + var q = this.clone(); + for (var i = 0; q.cmpn(0) !== 0; i++) { + var b = q.andln(0xff); + q.ishrn(8); - /*------------------------------------------------------------------------*/ + // Assume big-endian + res[res.length - i - 1] = b; + } - /** - * - * Creates a cache object to store unique values. - * - * @private - * @param {Array} [values] The values to cache. - */ - function SetCache(values) { - var length = values ? values.length : 0; + return res; +}; - this.data = { 'hash': nativeCreate(null), 'set': new Set }; - while (length--) { - this.push(values[length]); - } +if (Math.clz32) { + BN.prototype._countBits = function _countBits(w) { + return 32 - Math.clz32(w); + }; +} else { + BN.prototype._countBits = function _countBits(w) { + var t = w; + var r = 0; + if (t >= 0x1000) { + r += 13; + t >>>= 13; + } + if (t >= 0x40) { + r += 7; + t >>>= 7; + } + if (t >= 0x8) { + r += 4; + t >>>= 4; + } + if (t >= 0x02) { + r += 2; + t >>>= 2; } + return r + t; + }; +} - /** - * Checks if `value` is in `cache` mimicking the return signature of - * `_.indexOf` by returning `0` if the value is found, else `-1`. - * - * @private - * @param {Object} cache The cache to search. - * @param {*} value The value to search for. - * @returns {number} Returns `0` if `value` is found, else `-1`. - */ - function cacheIndexOf(cache, value) { - var data = cache.data, - result = (typeof value == 'string' || isObject(value)) ? data.set.has(value) : data.hash[value]; +BN.prototype._zeroBits = function _zeroBits(w) { + // Short-cut + if (w === 0) + return 26; - return result ? 0 : -1; - } + var t = w; + var r = 0; + if ((t & 0x1fff) === 0) { + r += 13; + t >>>= 13; + } + if ((t & 0x7f) === 0) { + r += 7; + t >>>= 7; + } + if ((t & 0xf) === 0) { + r += 4; + t >>>= 4; + } + if ((t & 0x3) === 0) { + r += 2; + t >>>= 2; + } + if ((t & 0x1) === 0) + r++; + return r; +}; - /** - * Adds `value` to the cache. - * - * @private - * @name push - * @memberOf SetCache - * @param {*} value The value to cache. - */ - function cachePush(value) { - var data = this.data; - if (typeof value == 'string' || isObject(value)) { - data.set.add(value); - } else { - data.hash[value] = true; - } - } +// Return number of used bits in a BN +BN.prototype.bitLength = function bitLength() { + var hi = 0; + var w = this.words[this.length - 1]; + var hi = this._countBits(w); + return (this.length - 1) * 26 + hi; +}; - /*------------------------------------------------------------------------*/ +// Number of trailing zero bits +BN.prototype.zeroBits = function zeroBits() { + if (this.cmpn(0) === 0) + return 0; - /** - * Creates a new array joining `array` with `other`. - * - * @private - * @param {Array} array The array to join. - * @param {Array} other The other array to join. - * @returns {Array} Returns the new concatenated array. - */ - function arrayConcat(array, other) { - var index = -1, - length = array.length, - othIndex = -1, - othLength = other.length, - result = Array(length + othLength); + var r = 0; + for (var i = 0; i < this.length; i++) { + var b = this._zeroBits(this.words[i]); + r += b; + if (b !== 26) + break; + } + return r; +}; - while (++index < length) { - result[index] = array[index]; - } - while (++othIndex < othLength) { - result[index++] = other[othIndex]; - } - return result; - } +BN.prototype.byteLength = function byteLength() { + return Math.ceil(this.bitLength() / 8); +}; - /** - * Copies the values of `source` to `array`. - * - * @private - * @param {Array} source The array to copy values from. - * @param {Array} [array=[]] The array to copy values to. - * @returns {Array} Returns `array`. - */ - function arrayCopy(source, array) { - var index = -1, - length = source.length; +// Return negative clone of `this` +BN.prototype.neg = function neg() { + if (this.cmpn(0) === 0) + return this.clone(); - array || (array = Array(length)); - while (++index < length) { - array[index] = source[index]; - } - return array; - } + var r = this.clone(); + r.sign = !this.sign; + return r; +}; - /** - * A specialized version of `_.forEach` for arrays without support for callback - * shorthands and `this` binding. - * - * @private - * @param {Array} array The array to iterate over. - * @param {Function} iteratee The function invoked per iteration. - * @returns {Array} Returns `array`. - */ - function arrayEach(array, iteratee) { - var index = -1, - length = array.length; - while (++index < length) { - if (iteratee(array[index], index, array) === false) { - break; - } - } - return array; - } +// Or `num` with `this` in-place +BN.prototype.ior = function ior(num) { + this.sign = this.sign || num.sign; - /** - * A specialized version of `_.forEachRight` for arrays without support for - * callback shorthands and `this` binding. - * - * @private - * @param {Array} array The array to iterate over. - * @param {Function} iteratee The function invoked per iteration. - * @returns {Array} Returns `array`. - */ - function arrayEachRight(array, iteratee) { - var length = array.length; + while (this.length < num.length) + this.words[this.length++] = 0; - while (length--) { - if (iteratee(array[length], length, array) === false) { - break; - } - } - return array; - } + for (var i = 0; i < num.length; i++) + this.words[i] = this.words[i] | num.words[i]; - /** - * A specialized version of `_.every` for arrays without support for callback - * shorthands and `this` binding. - * - * @private - * @param {Array} array The array to iterate over. - * @param {Function} predicate The function invoked per iteration. - * @returns {boolean} Returns `true` if all elements pass the predicate check, - * else `false`. - */ - function arrayEvery(array, predicate) { - var index = -1, - length = array.length; + return this.strip(); +}; - while (++index < length) { - if (!predicate(array[index], index, array)) { - return false; - } - } - return true; - } - /** - * A specialized version of `baseExtremum` for arrays which invokes `iteratee` - * with one argument: (value). - * - * @private - * @param {Array} array The array to iterate over. - * @param {Function} iteratee The function invoked per iteration. - * @param {Function} comparator The function used to compare values. - * @param {*} exValue The initial extremum value. - * @returns {*} Returns the extremum value. - */ - function arrayExtremum(array, iteratee, comparator, exValue) { - var index = -1, - length = array.length, - computed = exValue, - result = computed; +// Or `num` with `this` +BN.prototype.or = function or(num) { + if (this.length > num.length) + return this.clone().ior(num); + else + return num.clone().ior(this); +}; - while (++index < length) { - var value = array[index], - current = +iteratee(value); - if (comparator(current, computed)) { - computed = current; - result = value; - } - } - return result; - } +// And `num` with `this` in-place +BN.prototype.iand = function iand(num) { + this.sign = this.sign && num.sign; - /** - * A specialized version of `_.filter` for arrays without support for callback - * shorthands and `this` binding. - * - * @private - * @param {Array} array The array to iterate over. - * @param {Function} predicate The function invoked per iteration. - * @returns {Array} Returns the new filtered array. - */ - function arrayFilter(array, predicate) { - var index = -1, - length = array.length, - resIndex = -1, - result = []; + // b = min-length(num, this) + var b; + if (this.length > num.length) + b = num; + else + b = this; - while (++index < length) { - var value = array[index]; - if (predicate(value, index, array)) { - result[++resIndex] = value; - } - } - return result; - } + for (var i = 0; i < b.length; i++) + this.words[i] = this.words[i] & num.words[i]; - /** - * A specialized version of `_.map` for arrays without support for callback - * shorthands and `this` binding. - * - * @private - * @param {Array} array The array to iterate over. - * @param {Function} iteratee The function invoked per iteration. - * @returns {Array} Returns the new mapped array. - */ - function arrayMap(array, iteratee) { - var index = -1, - length = array.length, - result = Array(length); + this.length = b.length; - while (++index < length) { - result[index] = iteratee(array[index], index, array); - } - return result; - } + return this.strip(); +}; - /** - * Appends the elements of `values` to `array`. - * - * @private - * @param {Array} array The array to modify. - * @param {Array} values The values to append. - * @returns {Array} Returns `array`. - */ - function arrayPush(array, values) { - var index = -1, - length = values.length, - offset = array.length; - while (++index < length) { - array[offset + index] = values[index]; - } - return array; - } +// And `num` with `this` +BN.prototype.and = function and(num) { + if (this.length > num.length) + return this.clone().iand(num); + else + return num.clone().iand(this); +}; - /** - * A specialized version of `_.reduce` for arrays without support for callback - * shorthands and `this` binding. - * - * @private - * @param {Array} array The array to iterate over. - * @param {Function} iteratee The function invoked per iteration. - * @param {*} [accumulator] The initial value. - * @param {boolean} [initFromArray] Specify using the first element of `array` - * as the initial value. - * @returns {*} Returns the accumulated value. - */ - function arrayReduce(array, iteratee, accumulator, initFromArray) { - var index = -1, - length = array.length; - if (initFromArray && length) { - accumulator = array[++index]; - } - while (++index < length) { - accumulator = iteratee(accumulator, array[index], index, array); - } - return accumulator; - } +// Xor `num` with `this` in-place +BN.prototype.ixor = function ixor(num) { + this.sign = this.sign || num.sign; - /** - * A specialized version of `_.reduceRight` for arrays without support for - * callback shorthands and `this` binding. - * - * @private - * @param {Array} array The array to iterate over. - * @param {Function} iteratee The function invoked per iteration. - * @param {*} [accumulator] The initial value. - * @param {boolean} [initFromArray] Specify using the last element of `array` - * as the initial value. - * @returns {*} Returns the accumulated value. - */ - function arrayReduceRight(array, iteratee, accumulator, initFromArray) { - var length = array.length; - if (initFromArray && length) { - accumulator = array[--length]; - } - while (length--) { - accumulator = iteratee(accumulator, array[length], length, array); - } - return accumulator; - } + // a.length > b.length + var a; + var b; + if (this.length > num.length) { + a = this; + b = num; + } else { + a = num; + b = this; + } - /** - * A specialized version of `_.some` for arrays without support for callback - * shorthands and `this` binding. - * - * @private - * @param {Array} array The array to iterate over. - * @param {Function} predicate The function invoked per iteration. - * @returns {boolean} Returns `true` if any element passes the predicate check, - * else `false`. - */ - function arraySome(array, predicate) { - var index = -1, - length = array.length; + for (var i = 0; i < b.length; i++) + this.words[i] = a.words[i] ^ b.words[i]; - while (++index < length) { - if (predicate(array[index], index, array)) { - return true; - } - } - return false; - } + if (this !== a) + for (; i < a.length; i++) + this.words[i] = a.words[i]; - /** - * A specialized version of `_.sum` for arrays without support for callback - * shorthands and `this` binding.. - * - * @private - * @param {Array} array The array to iterate over. - * @param {Function} iteratee The function invoked per iteration. - * @returns {number} Returns the sum. - */ - function arraySum(array, iteratee) { - var length = array.length, - result = 0; + this.length = a.length; - while (length--) { - result += +iteratee(array[length]) || 0; - } - return result; - } + return this.strip(); +}; - /** - * Used by `_.defaults` to customize its `_.assign` use. - * - * @private - * @param {*} objectValue The destination object property value. - * @param {*} sourceValue The source object property value. - * @returns {*} Returns the value to assign to the destination object. - */ - function assignDefaults(objectValue, sourceValue) { - return objectValue === undefined ? sourceValue : objectValue; - } - /** - * Used by `_.template` to customize its `_.assign` use. - * - * **Note:** This function is like `assignDefaults` except that it ignores - * inherited property values when checking if a property is `undefined`. - * - * @private - * @param {*} objectValue The destination object property value. - * @param {*} sourceValue The source object property value. - * @param {string} key The key associated with the object and source values. - * @param {Object} object The destination object. - * @returns {*} Returns the value to assign to the destination object. - */ - function assignOwnDefaults(objectValue, sourceValue, key, object) { - return (objectValue === undefined || !hasOwnProperty.call(object, key)) - ? sourceValue - : objectValue; - } +// Xor `num` with `this` +BN.prototype.xor = function xor(num) { + if (this.length > num.length) + return this.clone().ixor(num); + else + return num.clone().ixor(this); +}; - /** - * A specialized version of `_.assign` for customizing assigned values without - * support for argument juggling, multiple sources, and `this` binding `customizer` - * functions. - * - * @private - * @param {Object} object The destination object. - * @param {Object} source The source object. - * @param {Function} customizer The function to customize assigned values. - * @returns {Object} Returns `object`. - */ - function assignWith(object, source, customizer) { - var index = -1, - props = keys(source), - length = props.length; - while (++index < length) { - var key = props[index], - value = object[key], - result = customizer(value, source[key], key, object, source); +// Set `bit` of `this` +BN.prototype.setn = function setn(bit, val) { + assert(typeof bit === 'number' && bit >= 0); - if ((result === result ? (result !== value) : (value === value)) || - (value === undefined && !(key in object))) { - object[key] = result; - } - } - return object; - } + var off = (bit / 26) | 0; + var wbit = bit % 26; - /** - * The base implementation of `_.assign` without support for argument juggling, - * multiple sources, and `customizer` functions. - * - * @private - * @param {Object} object The destination object. - * @param {Object} source The source object. - * @returns {Object} Returns `object`. - */ - function baseAssign(object, source) { - return source == null - ? object - : baseCopy(source, keys(source), object); - } + while (this.length <= off) + this.words[this.length++] = 0; - /** - * The base implementation of `_.at` without support for string collections - * and individual key arguments. - * - * @private - * @param {Array|Object} collection The collection to iterate over. - * @param {number[]|string[]} props The property names or indexes of elements to pick. - * @returns {Array} Returns the new array of picked elements. - */ - function baseAt(collection, props) { - var index = -1, - isNil = collection == null, - isArr = !isNil && isArrayLike(collection), - length = isArr ? collection.length : 0, - propsLength = props.length, - result = Array(propsLength); + if (val) + this.words[off] = this.words[off] | (1 << wbit); + else + this.words[off] = this.words[off] & ~(1 << wbit); - while(++index < propsLength) { - var key = props[index]; - if (isArr) { - result[index] = isIndex(key, length) ? collection[key] : undefined; - } else { - result[index] = isNil ? undefined : collection[key]; - } - } - return result; - } + return this.strip(); +}; - /** - * Copies properties of `source` to `object`. - * - * @private - * @param {Object} source The object to copy properties from. - * @param {Array} props The property names to copy. - * @param {Object} [object={}] The object to copy properties to. - * @returns {Object} Returns `object`. - */ - function baseCopy(source, props, object) { - object || (object = {}); - var index = -1, - length = props.length; +// Add `num` to `this` in-place +BN.prototype.iadd = function iadd(num) { + // negative + positive + if (this.sign && !num.sign) { + this.sign = false; + var r = this.isub(num); + this.sign = !this.sign; + return this._normSign(); - while (++index < length) { - var key = props[index]; - object[key] = source[key]; - } - return object; - } + // positive + negative + } else if (!this.sign && num.sign) { + num.sign = false; + var r = this.isub(num); + num.sign = true; + return r._normSign(); + } - /** - * The base implementation of `_.callback` which supports specifying the - * number of arguments to provide to `func`. - * - * @private - * @param {*} [func=_.identity] The value to convert to a callback. - * @param {*} [thisArg] The `this` binding of `func`. - * @param {number} [argCount] The number of arguments to provide to `func`. - * @returns {Function} Returns the callback. - */ - function baseCallback(func, thisArg, argCount) { - var type = typeof func; - if (type == 'function') { - return thisArg === undefined - ? func - : bindCallback(func, thisArg, argCount); - } - if (func == null) { - return identity; - } - if (type == 'object') { - return baseMatches(func); - } - return thisArg === undefined - ? property(func) - : baseMatchesProperty(func, thisArg); - } + // a.length > b.length + var a; + var b; + if (this.length > num.length) { + a = this; + b = num; + } else { + a = num; + b = this; + } - /** - * The base implementation of `_.clone` without support for argument juggling - * and `this` binding `customizer` functions. - * - * @private - * @param {*} value The value to clone. - * @param {boolean} [isDeep] Specify a deep clone. - * @param {Function} [customizer] The function to customize cloning values. - * @param {string} [key] The key of `value`. - * @param {Object} [object] The object `value` belongs to. - * @param {Array} [stackA=[]] Tracks traversed source objects. - * @param {Array} [stackB=[]] Associates clones with source counterparts. - * @returns {*} Returns the cloned value. - */ - function baseClone(value, isDeep, customizer, key, object, stackA, stackB) { - var result; - if (customizer) { - result = object ? customizer(value, key, object) : customizer(value); - } - if (result !== undefined) { - return result; - } - if (!isObject(value)) { - return value; - } - var isArr = isArray(value); - if (isArr) { - result = initCloneArray(value); - if (!isDeep) { - return arrayCopy(value, result); - } - } else { - var tag = objToString.call(value), - isFunc = tag == funcTag; + var carry = 0; + for (var i = 0; i < b.length; i++) { + var r = a.words[i] + b.words[i] + carry; + this.words[i] = r & 0x3ffffff; + carry = r >>> 26; + } + for (; carry !== 0 && i < a.length; i++) { + var r = a.words[i] + carry; + this.words[i] = r & 0x3ffffff; + carry = r >>> 26; + } - if (tag == objectTag || tag == argsTag || (isFunc && !object)) { - result = initCloneObject(isFunc ? {} : value); - if (!isDeep) { - return baseAssign(result, value); - } - } else { - return cloneableTags[tag] - ? initCloneByTag(value, tag, isDeep) - : (object ? value : {}); - } - } - // Check for circular references and return its corresponding clone. - stackA || (stackA = []); - stackB || (stackB = []); + this.length = a.length; + if (carry !== 0) { + this.words[this.length] = carry; + this.length++; + // Copy the rest of the words + } else if (a !== this) { + for (; i < a.length; i++) + this.words[i] = a.words[i]; + } - var length = stackA.length; - while (length--) { - if (stackA[length] == value) { - return stackB[length]; - } - } - // Add the source value to the stack of traversed objects and associate it with its clone. - stackA.push(value); - stackB.push(result); + return this; +}; - // Recursively populate clone (susceptible to call stack limits). - (isArr ? arrayEach : baseForOwn)(value, function(subValue, key) { - result[key] = baseClone(subValue, isDeep, customizer, key, value, stackA, stackB); - }); - return result; - } +// Add `num` to `this` +BN.prototype.add = function add(num) { + if (num.sign && !this.sign) { + num.sign = false; + var res = this.sub(num); + num.sign = true; + return res; + } else if (!num.sign && this.sign) { + this.sign = false; + var res = num.sub(this); + this.sign = true; + return res; + } - /** - * The base implementation of `_.create` without support for assigning - * properties to the created object. - * - * @private - * @param {Object} prototype The object to inherit from. - * @returns {Object} Returns the new object. - */ - var baseCreate = (function() { - function object() {} - return function(prototype) { - if (isObject(prototype)) { - object.prototype = prototype; - var result = new object; - object.prototype = undefined; - } - return result || {}; - }; - }()); + if (this.length > num.length) + return this.clone().iadd(num); + else + return num.clone().iadd(this); +}; - /** - * The base implementation of `_.delay` and `_.defer` which accepts an index - * of where to slice the arguments to provide to `func`. - * - * @private - * @param {Function} func The function to delay. - * @param {number} wait The number of milliseconds to delay invocation. - * @param {Object} args The arguments provide to `func`. - * @returns {number} Returns the timer id. - */ - function baseDelay(func, wait, args) { - if (typeof func != 'function') { - throw new TypeError(FUNC_ERROR_TEXT); - } - return setTimeout(function() { func.apply(undefined, args); }, wait); - } +// Subtract `num` from `this` in-place +BN.prototype.isub = function isub(num) { + // this - (-num) = this + num + if (num.sign) { + num.sign = false; + var r = this.iadd(num); + num.sign = true; + return r._normSign(); - /** - * The base implementation of `_.difference` which accepts a single array - * of values to exclude. - * - * @private - * @param {Array} array The array to inspect. - * @param {Array} values The values to exclude. - * @returns {Array} Returns the new array of filtered values. - */ - function baseDifference(array, values) { - var length = array ? array.length : 0, - result = []; + // -this - num = -(this + num) + } else if (this.sign) { + this.sign = false; + this.iadd(num); + this.sign = true; + return this._normSign(); + } - if (!length) { - return result; - } - var index = -1, - indexOf = getIndexOf(), - isCommon = indexOf == baseIndexOf, - cache = (isCommon && values.length >= LARGE_ARRAY_SIZE) ? createCache(values) : null, - valuesLength = values.length; + // At this point both numbers are positive + var cmp = this.cmp(num); - if (cache) { - indexOf = cacheIndexOf; - isCommon = false; - values = cache; - } - outer: - while (++index < length) { - var value = array[index]; + // Optimization - zeroify + if (cmp === 0) { + this.sign = false; + this.length = 1; + this.words[0] = 0; + return this; + } - if (isCommon && value === value) { - var valuesIndex = valuesLength; - while (valuesIndex--) { - if (values[valuesIndex] === value) { - continue outer; - } - } - result.push(value); - } - else if (indexOf(values, value, 0) < 0) { - result.push(value); - } - } - return result; - } + // a > b + var a; + var b; + if (cmp > 0) { + a = this; + b = num; + } else { + a = num; + b = this; + } - /** - * The base implementation of `_.forEach` without support for callback - * shorthands and `this` binding. - * - * @private - * @param {Array|Object|string} collection The collection to iterate over. - * @param {Function} iteratee The function invoked per iteration. - * @returns {Array|Object|string} Returns `collection`. - */ - var baseEach = createBaseEach(baseForOwn); + var carry = 0; + for (var i = 0; i < b.length; i++) { + var r = a.words[i] - b.words[i] + carry; + carry = r >> 26; + this.words[i] = r & 0x3ffffff; + } + for (; carry !== 0 && i < a.length; i++) { + var r = a.words[i] + carry; + carry = r >> 26; + this.words[i] = r & 0x3ffffff; + } - /** - * The base implementation of `_.forEachRight` without support for callback - * shorthands and `this` binding. - * - * @private - * @param {Array|Object|string} collection The collection to iterate over. - * @param {Function} iteratee The function invoked per iteration. - * @returns {Array|Object|string} Returns `collection`. - */ - var baseEachRight = createBaseEach(baseForOwnRight, true); + // Copy rest of the words + if (carry === 0 && i < a.length && a !== this) + for (; i < a.length; i++) + this.words[i] = a.words[i]; + this.length = Math.max(this.length, i); - /** - * The base implementation of `_.every` without support for callback - * shorthands and `this` binding. - * - * @private - * @param {Array|Object|string} collection The collection to iterate over. - * @param {Function} predicate The function invoked per iteration. - * @returns {boolean} Returns `true` if all elements pass the predicate check, - * else `false` - */ - function baseEvery(collection, predicate) { - var result = true; - baseEach(collection, function(value, index, collection) { - result = !!predicate(value, index, collection); - return result; - }); - return result; - } + if (a !== this) + this.sign = true; - /** - * Gets the extremum value of `collection` invoking `iteratee` for each value - * in `collection` to generate the criterion by which the value is ranked. - * The `iteratee` is invoked with three arguments: (value, index|key, collection). - * - * @private - * @param {Array|Object|string} collection The collection to iterate over. - * @param {Function} iteratee The function invoked per iteration. - * @param {Function} comparator The function used to compare values. - * @param {*} exValue The initial extremum value. - * @returns {*} Returns the extremum value. - */ - function baseExtremum(collection, iteratee, comparator, exValue) { - var computed = exValue, - result = computed; + return this.strip(); +}; - baseEach(collection, function(value, index, collection) { - var current = +iteratee(value, index, collection); - if (comparator(current, computed) || (current === exValue && current === result)) { - computed = current; - result = value; - } - }); - return result; - } +// Subtract `num` from `this` +BN.prototype.sub = function sub(num) { + return this.clone().isub(num); +}; - /** - * The base implementation of `_.fill` without an iteratee call guard. - * - * @private - * @param {Array} array The array to fill. - * @param {*} value The value to fill `array` with. - * @param {number} [start=0] The start position. - * @param {number} [end=array.length] The end position. - * @returns {Array} Returns `array`. - */ - function baseFill(array, value, start, end) { - var length = array.length; +/* +// NOTE: This could be potentionally used to generate loop-less multiplications +function _genCombMulTo(alen, blen) { + var len = alen + blen - 1; + var src = [ + 'var a = this.words, b = num.words, o = out.words, c = 0, w, ' + + 'mask = 0x3ffffff, shift = 0x4000000;', + 'out.length = ' + len + ';' + ]; + for (var k = 0; k < len; k++) { + var minJ = Math.max(0, k - alen + 1); + var maxJ = Math.min(k, blen - 1); - start = start == null ? 0 : (+start || 0); - if (start < 0) { - start = -start > length ? 0 : (length + start); - } - end = (end === undefined || end > length) ? length : (+end || 0); - if (end < 0) { - end += length; - } - length = start > end ? 0 : (end >>> 0); - start >>>= 0; + for (var j = minJ; j <= maxJ; j++) { + var i = k - j; + var mul = 'a[' + i + '] * b[' + j + ']'; - while (start < length) { - array[start++] = value; + if (j === minJ) { + src.push('w = ' + mul + ' + c;'); + src.push('c = (w / shift) | 0;'); + } else { + src.push('w += ' + mul + ';'); + src.push('c += (w / shift) | 0;'); } - return array; + src.push('w &= mask;'); } + src.push('o[' + k + '] = w;'); + } + src.push('if (c !== 0) {', + ' o[' + k + '] = c;', + ' out.length++;', + '}', + 'return out;'); - /** - * The base implementation of `_.filter` without support for callback - * shorthands and `this` binding. - * - * @private - * @param {Array|Object|string} collection The collection to iterate over. - * @param {Function} predicate The function invoked per iteration. - * @returns {Array} Returns the new filtered array. - */ - function baseFilter(collection, predicate) { - var result = []; - baseEach(collection, function(value, index, collection) { - if (predicate(value, index, collection)) { - result.push(value); - } - }); - return result; - } - - /** - * The base implementation of `_.find`, `_.findLast`, `_.findKey`, and `_.findLastKey`, - * without support for callback shorthands and `this` binding, which iterates - * over `collection` using the provided `eachFunc`. - * - * @private - * @param {Array|Object|string} collection The collection to search. - * @param {Function} predicate The function invoked per iteration. - * @param {Function} eachFunc The function to iterate over `collection`. - * @param {boolean} [retKey] Specify returning the key of the found element - * instead of the element itself. - * @returns {*} Returns the found element or its key, else `undefined`. - */ - function baseFind(collection, predicate, eachFunc, retKey) { - var result; - eachFunc(collection, function(value, key, collection) { - if (predicate(value, key, collection)) { - result = retKey ? key : value; - return false; - } - }); - return result; - } + return src.join('\n'); +} +*/ - /** - * The base implementation of `_.flatten` with added support for restricting - * flattening and specifying the start index. - * - * @private - * @param {Array} array The array to flatten. - * @param {boolean} [isDeep] Specify a deep flatten. - * @param {boolean} [isStrict] Restrict flattening to arrays-like objects. - * @param {Array} [result=[]] The initial result value. - * @returns {Array} Returns the new flattened array. - */ - function baseFlatten(array, isDeep, isStrict, result) { - result || (result = []); +BN.prototype._smallMulTo = function _smallMulTo(num, out) { + out.sign = num.sign !== this.sign; + out.length = this.length + num.length; - var index = -1, - length = array.length; + var carry = 0; + for (var k = 0; k < out.length - 1; k++) { + // Sum all words with the same `i + j = k` and accumulate `ncarry`, + // note that ncarry could be >= 0x3ffffff + var ncarry = carry >>> 26; + var rword = carry & 0x3ffffff; + var maxJ = Math.min(k, num.length - 1); + for (var j = Math.max(0, k - this.length + 1); j <= maxJ; j++) { + var i = k - j; + var a = this.words[i] | 0; + var b = num.words[j] | 0; + var r = a * b; - while (++index < length) { - var value = array[index]; - if (isObjectLike(value) && isArrayLike(value) && - (isStrict || isArray(value) || isArguments(value))) { - if (isDeep) { - // Recursively flatten arrays (susceptible to call stack limits). - baseFlatten(value, isDeep, isStrict, result); - } else { - arrayPush(result, value); - } - } else if (!isStrict) { - result[result.length] = value; - } - } - return result; + var lo = r & 0x3ffffff; + ncarry = (ncarry + ((r / 0x4000000) | 0)) | 0; + lo = (lo + rword) | 0; + rword = lo & 0x3ffffff; + ncarry = (ncarry + (lo >>> 26)) | 0; } + out.words[k] = rword; + carry = ncarry; + } + if (carry !== 0) { + out.words[k] = carry; + } else { + out.length--; + } - /** - * The base implementation of `baseForIn` and `baseForOwn` which iterates - * over `object` properties returned by `keysFunc` invoking `iteratee` for - * each property. Iteratee functions may exit iteration early by explicitly - * returning `false`. - * - * @private - * @param {Object} object The object to iterate over. - * @param {Function} iteratee The function invoked per iteration. - * @param {Function} keysFunc The function to get the keys of `object`. - * @returns {Object} Returns `object`. - */ - var baseFor = createBaseFor(); + return out.strip(); +}; - /** - * This function is like `baseFor` except that it iterates over properties - * in the opposite order. - * - * @private - * @param {Object} object The object to iterate over. - * @param {Function} iteratee The function invoked per iteration. - * @param {Function} keysFunc The function to get the keys of `object`. - * @returns {Object} Returns `object`. - */ - var baseForRight = createBaseFor(true); +BN.prototype._bigMulTo = function _bigMulTo(num, out) { + out.sign = num.sign !== this.sign; + out.length = this.length + num.length; - /** - * The base implementation of `_.forIn` without support for callback - * shorthands and `this` binding. - * - * @private - * @param {Object} object The object to iterate over. - * @param {Function} iteratee The function invoked per iteration. - * @returns {Object} Returns `object`. - */ - function baseForIn(object, iteratee) { - return baseFor(object, iteratee, keysIn); - } + var carry = 0; + var hncarry = 0; + for (var k = 0; k < out.length - 1; k++) { + // Sum all words with the same `i + j = k` and accumulate `ncarry`, + // note that ncarry could be >= 0x3ffffff + var ncarry = hncarry; + hncarry = 0; + var rword = carry & 0x3ffffff; + var maxJ = Math.min(k, num.length - 1); + for (var j = Math.max(0, k - this.length + 1); j <= maxJ; j++) { + var i = k - j; + var a = this.words[i] | 0; + var b = num.words[j] | 0; + var r = a * b; - /** - * The base implementation of `_.forOwn` without support for callback - * shorthands and `this` binding. - * - * @private - * @param {Object} object The object to iterate over. - * @param {Function} iteratee The function invoked per iteration. - * @returns {Object} Returns `object`. - */ - function baseForOwn(object, iteratee) { - return baseFor(object, iteratee, keys); - } + var lo = r & 0x3ffffff; + ncarry = (ncarry + ((r / 0x4000000) | 0)) | 0; + lo = (lo + rword) | 0; + rword = lo & 0x3ffffff; + ncarry = (ncarry + (lo >>> 26)) | 0; - /** - * The base implementation of `_.forOwnRight` without support for callback - * shorthands and `this` binding. - * - * @private - * @param {Object} object The object to iterate over. - * @param {Function} iteratee The function invoked per iteration. - * @returns {Object} Returns `object`. - */ - function baseForOwnRight(object, iteratee) { - return baseForRight(object, iteratee, keys); + hncarry += ncarry >>> 26; + ncarry &= 0x3ffffff; } + out.words[k] = rword; + carry = ncarry; + ncarry = hncarry; + } + if (carry !== 0) { + out.words[k] = carry; + } else { + out.length--; + } - /** - * The base implementation of `_.functions` which creates an array of - * `object` function property names filtered from those provided. - * - * @private - * @param {Object} object The object to inspect. - * @param {Array} props The property names to filter. - * @returns {Array} Returns the new array of filtered property names. - */ - function baseFunctions(object, props) { - var index = -1, - length = props.length, - resIndex = -1, - result = []; + return out.strip(); +}; - while (++index < length) { - var key = props[index]; - if (isFunction(object[key])) { - result[++resIndex] = key; - } - } - return result; - } +BN.prototype.mulTo = function mulTo(num, out) { + var res; + if (this.length + num.length < 63) + res = this._smallMulTo(num, out); + else + res = this._bigMulTo(num, out); + return res; +}; - /** - * The base implementation of `get` without support for string paths - * and default values. - * - * @private - * @param {Object} object The object to query. - * @param {Array} path The path of the property to get. - * @param {string} [pathKey] The key representation of path. - * @returns {*} Returns the resolved value. - */ - function baseGet(object, path, pathKey) { - if (object == null) { - return; - } - if (pathKey !== undefined && pathKey in toObject(object)) { - path = [pathKey]; - } - var index = 0, - length = path.length; +// Multiply `this` by `num` +BN.prototype.mul = function mul(num) { + var out = new BN(null); + out.words = new Array(this.length + num.length); + return this.mulTo(num, out); +}; - while (object != null && index < length) { - object = object[path[index++]]; - } - return (index && index == length) ? object : undefined; - } +// In-place Multiplication +BN.prototype.imul = function imul(num) { + if (this.cmpn(0) === 0 || num.cmpn(0) === 0) { + this.words[0] = 0; + this.length = 1; + return this; + } - /** - * The base implementation of `_.isEqual` without support for `this` binding - * `customizer` functions. - * - * @private - * @param {*} value The value to compare. - * @param {*} other The other value to compare. - * @param {Function} [customizer] The function to customize comparing values. - * @param {boolean} [isLoose] Specify performing partial comparisons. - * @param {Array} [stackA] Tracks traversed `value` objects. - * @param {Array} [stackB] Tracks traversed `other` objects. - * @returns {boolean} Returns `true` if the values are equivalent, else `false`. - */ - function baseIsEqual(value, other, customizer, isLoose, stackA, stackB) { - if (value === other) { - return true; - } - if (value == null || other == null || (!isObject(value) && !isObjectLike(other))) { - return value !== value && other !== other; - } - return baseIsEqualDeep(value, other, baseIsEqual, customizer, isLoose, stackA, stackB); - } + var tlen = this.length; + var nlen = num.length; - /** - * A specialized version of `baseIsEqual` for arrays and objects which performs - * deep comparisons and tracks traversed objects enabling objects with circular - * references to be compared. - * - * @private - * @param {Object} object The object to compare. - * @param {Object} other The other object to compare. - * @param {Function} equalFunc The function to determine equivalents of values. - * @param {Function} [customizer] The function to customize comparing objects. - * @param {boolean} [isLoose] Specify performing partial comparisons. - * @param {Array} [stackA=[]] Tracks traversed `value` objects. - * @param {Array} [stackB=[]] Tracks traversed `other` objects. - * @returns {boolean} Returns `true` if the objects are equivalent, else `false`. - */ - function baseIsEqualDeep(object, other, equalFunc, customizer, isLoose, stackA, stackB) { - var objIsArr = isArray(object), - othIsArr = isArray(other), - objTag = arrayTag, - othTag = arrayTag; + this.sign = num.sign !== this.sign; + this.length = this.length + num.length; + this.words[this.length - 1] = 0; - if (!objIsArr) { - objTag = objToString.call(object); - if (objTag == argsTag) { - objTag = objectTag; - } else if (objTag != objectTag) { - objIsArr = isTypedArray(object); - } - } - if (!othIsArr) { - othTag = objToString.call(other); - if (othTag == argsTag) { - othTag = objectTag; - } else if (othTag != objectTag) { - othIsArr = isTypedArray(other); - } - } - var objIsObj = objTag == objectTag, - othIsObj = othTag == objectTag, - isSameTag = objTag == othTag; + for (var k = this.length - 2; k >= 0; k--) { + // Sum all words with the same `i + j = k` and accumulate `carry`, + // note that carry could be >= 0x3ffffff + var carry = 0; + var rword = 0; + var maxJ = Math.min(k, nlen - 1); + for (var j = Math.max(0, k - tlen + 1); j <= maxJ; j++) { + var i = k - j; + var a = this.words[i]; + var b = num.words[j]; + var r = a * b; - if (isSameTag && !(objIsArr || objIsObj)) { - return equalByTag(object, other, objTag); - } - if (!isLoose) { - var objIsWrapped = objIsObj && hasOwnProperty.call(object, '__wrapped__'), - othIsWrapped = othIsObj && hasOwnProperty.call(other, '__wrapped__'); + var lo = r & 0x3ffffff; + carry += (r / 0x4000000) | 0; + lo += rword; + rword = lo & 0x3ffffff; + carry += lo >>> 26; + } + this.words[k] = rword; + this.words[k + 1] += carry; + carry = 0; + } - if (objIsWrapped || othIsWrapped) { - return equalFunc(objIsWrapped ? object.value() : object, othIsWrapped ? other.value() : other, customizer, isLoose, stackA, stackB); - } - } - if (!isSameTag) { - return false; - } - // Assume cyclic values are equal. - // For more information on detecting circular references see https://es5.github.io/#JO. - stackA || (stackA = []); - stackB || (stackB = []); + // Propagate overflows + var carry = 0; + for (var i = 1; i < this.length; i++) { + var w = this.words[i] + carry; + this.words[i] = w & 0x3ffffff; + carry = w >>> 26; + } - var length = stackA.length; - while (length--) { - if (stackA[length] == object) { - return stackB[length] == other; - } - } - // Add `object` and `other` to the stack of traversed objects. - stackA.push(object); - stackB.push(other); + return this.strip(); +}; - var result = (objIsArr ? equalArrays : equalObjects)(object, other, equalFunc, customizer, isLoose, stackA, stackB); +BN.prototype.imuln = function imuln(num) { + assert(typeof num === 'number'); - stackA.pop(); - stackB.pop(); + // Carry + var carry = 0; + for (var i = 0; i < this.length; i++) { + var w = this.words[i] * num; + var lo = (w & 0x3ffffff) + (carry & 0x3ffffff); + carry >>= 26; + carry += (w / 0x4000000) | 0; + // NOTE: lo is 27bit maximum + carry += lo >>> 26; + this.words[i] = lo & 0x3ffffff; + } - return result; - } + if (carry !== 0) { + this.words[i] = carry; + this.length++; + } - /** - * The base implementation of `_.isMatch` without support for callback - * shorthands and `this` binding. - * - * @private - * @param {Object} object The object to inspect. - * @param {Array} matchData The propery names, values, and compare flags to match. - * @param {Function} [customizer] The function to customize comparing objects. - * @returns {boolean} Returns `true` if `object` is a match, else `false`. - */ - function baseIsMatch(object, matchData, customizer) { - var index = matchData.length, - length = index, - noCustomizer = !customizer; + return this; +}; - if (object == null) { - return !length; - } - object = toObject(object); - while (index--) { - var data = matchData[index]; - if ((noCustomizer && data[2]) - ? data[1] !== object[data[0]] - : !(data[0] in object) - ) { - return false; - } - } - while (++index < length) { - data = matchData[index]; - var key = data[0], - objValue = object[key], - srcValue = data[1]; +// `this` * `this` +BN.prototype.sqr = function sqr() { + return this.mul(this); +}; - if (noCustomizer && data[2]) { - if (objValue === undefined && !(key in object)) { - return false; - } - } else { - var result = customizer ? customizer(objValue, srcValue, key) : undefined; - if (!(result === undefined ? baseIsEqual(srcValue, objValue, customizer, true) : result)) { - return false; - } - } - } - return true; - } +// `this` * `this` in-place +BN.prototype.isqr = function isqr() { + return this.mul(this); +}; - /** - * The base implementation of `_.map` without support for callback shorthands - * and `this` binding. - * - * @private - * @param {Array|Object|string} collection The collection to iterate over. - * @param {Function} iteratee The function invoked per iteration. - * @returns {Array} Returns the new mapped array. - */ - function baseMap(collection, iteratee) { - var index = -1, - result = isArrayLike(collection) ? Array(collection.length) : []; +// Shift-left in-place +BN.prototype.ishln = function ishln(bits) { + assert(typeof bits === 'number' && bits >= 0); + var r = bits % 26; + var s = (bits - r) / 26; + var carryMask = (0x3ffffff >>> (26 - r)) << (26 - r); - baseEach(collection, function(value, key, collection) { - result[++index] = iteratee(value, key, collection); - }); - return result; + if (r !== 0) { + var carry = 0; + for (var i = 0; i < this.length; i++) { + var newCarry = this.words[i] & carryMask; + var c = (this.words[i] - newCarry) << r; + this.words[i] = c | carry; + carry = newCarry >>> (26 - r); } - - /** - * The base implementation of `_.matches` which does not clone `source`. - * - * @private - * @param {Object} source The object of property values to match. - * @returns {Function} Returns the new function. - */ - function baseMatches(source) { - var matchData = getMatchData(source); - if (matchData.length == 1 && matchData[0][2]) { - var key = matchData[0][0], - value = matchData[0][1]; - - return function(object) { - if (object == null) { - return false; - } - return object[key] === value && (value !== undefined || (key in toObject(object))); - }; - } - return function(object) { - return baseIsMatch(object, matchData); - }; + if (carry) { + this.words[i] = carry; + this.length++; } + } - /** - * The base implementation of `_.matchesProperty` which does not clone `srcValue`. - * - * @private - * @param {string} path The path of the property to get. - * @param {*} srcValue The value to compare. - * @returns {Function} Returns the new function. - */ - function baseMatchesProperty(path, srcValue) { - var isArr = isArray(path), - isCommon = isKey(path) && isStrictComparable(srcValue), - pathKey = (path + ''); - - path = toPath(path); - return function(object) { - if (object == null) { - return false; - } - var key = pathKey; - object = toObject(object); - if ((isArr || !isCommon) && !(key in object)) { - object = path.length == 1 ? object : baseGet(object, baseSlice(path, 0, -1)); - if (object == null) { - return false; - } - key = last(path); - object = toObject(object); - } - return object[key] === srcValue - ? (srcValue !== undefined || (key in object)) - : baseIsEqual(srcValue, object[key], undefined, true); - }; - } + if (s !== 0) { + for (var i = this.length - 1; i >= 0; i--) + this.words[i + s] = this.words[i]; + for (var i = 0; i < s; i++) + this.words[i] = 0; + this.length += s; + } - /** - * The base implementation of `_.merge` without support for argument juggling, - * multiple sources, and `this` binding `customizer` functions. - * - * @private - * @param {Object} object The destination object. - * @param {Object} source The source object. - * @param {Function} [customizer] The function to customize merged values. - * @param {Array} [stackA=[]] Tracks traversed source objects. - * @param {Array} [stackB=[]] Associates values with source counterparts. - * @returns {Object} Returns `object`. - */ - function baseMerge(object, source, customizer, stackA, stackB) { - if (!isObject(object)) { - return object; - } - var isSrcArr = isArrayLike(source) && (isArray(source) || isTypedArray(source)), - props = isSrcArr ? undefined : keys(source); + return this.strip(); +}; - arrayEach(props || source, function(srcValue, key) { - if (props) { - key = srcValue; - srcValue = source[key]; - } - if (isObjectLike(srcValue)) { - stackA || (stackA = []); - stackB || (stackB = []); - baseMergeDeep(object, source, key, baseMerge, customizer, stackA, stackB); - } - else { - var value = object[key], - result = customizer ? customizer(value, srcValue, key, object, source) : undefined, - isCommon = result === undefined; +// Shift-right in-place +// NOTE: `hint` is a lowest bit before trailing zeroes +// NOTE: if `extended` is present - it will be filled with destroyed bits +BN.prototype.ishrn = function ishrn(bits, hint, extended) { + assert(typeof bits === 'number' && bits >= 0); + var h; + if (hint) + h = (hint - (hint % 26)) / 26; + else + h = 0; - if (isCommon) { - result = srcValue; - } - if ((result !== undefined || (isSrcArr && !(key in object))) && - (isCommon || (result === result ? (result !== value) : (value === value)))) { - object[key] = result; - } - } - }); - return object; - } + var r = bits % 26; + var s = Math.min((bits - r) / 26, this.length); + var mask = 0x3ffffff ^ ((0x3ffffff >>> r) << r); + var maskedWords = extended; - /** - * A specialized version of `baseMerge` for arrays and objects which performs - * deep merges and tracks traversed objects enabling objects with circular - * references to be merged. - * - * @private - * @param {Object} object The destination object. - * @param {Object} source The source object. - * @param {string} key The key of the value to merge. - * @param {Function} mergeFunc The function to merge values. - * @param {Function} [customizer] The function to customize merged values. - * @param {Array} [stackA=[]] Tracks traversed source objects. - * @param {Array} [stackB=[]] Associates values with source counterparts. - * @returns {boolean} Returns `true` if the objects are equivalent, else `false`. - */ - function baseMergeDeep(object, source, key, mergeFunc, customizer, stackA, stackB) { - var length = stackA.length, - srcValue = source[key]; + h -= s; + h = Math.max(0, h); - while (length--) { - if (stackA[length] == srcValue) { - object[key] = stackB[length]; - return; - } - } - var value = object[key], - result = customizer ? customizer(value, srcValue, key, object, source) : undefined, - isCommon = result === undefined; + // Extended mode, copy masked part + if (maskedWords) { + for (var i = 0; i < s; i++) + maskedWords.words[i] = this.words[i]; + maskedWords.length = s; + } - if (isCommon) { - result = srcValue; - if (isArrayLike(srcValue) && (isArray(srcValue) || isTypedArray(srcValue))) { - result = isArray(value) - ? value - : (isArrayLike(value) ? arrayCopy(value) : []); - } - else if (isPlainObject(srcValue) || isArguments(srcValue)) { - result = isArguments(value) - ? toPlainObject(value) - : (isPlainObject(value) ? value : {}); - } - else { - isCommon = false; - } - } - // Add the source value to the stack of traversed objects and associate - // it with its merged value. - stackA.push(srcValue); - stackB.push(result); + if (s === 0) { + // No-op, we should not move anything at all + } else if (this.length > s) { + this.length -= s; + for (var i = 0; i < this.length; i++) + this.words[i] = this.words[i + s]; + } else { + this.words[0] = 0; + this.length = 1; + } - if (isCommon) { - // Recursively merge objects and arrays (susceptible to call stack limits). - object[key] = mergeFunc(result, srcValue, customizer, stackA, stackB); - } else if (result === result ? (result !== value) : (value === value)) { - object[key] = result; - } - } + var carry = 0; + for (var i = this.length - 1; i >= 0 && (carry !== 0 || i >= h); i--) { + var word = this.words[i]; + this.words[i] = (carry << (26 - r)) | (word >>> r); + carry = word & mask; + } - /** - * The base implementation of `_.property` without support for deep paths. - * - * @private - * @param {string} key The key of the property to get. - * @returns {Function} Returns the new function. - */ - function baseProperty(key) { - return function(object) { - return object == null ? undefined : object[key]; - }; - } + // Push carried bits as a mask + if (maskedWords && carry !== 0) + maskedWords.words[maskedWords.length++] = carry; - /** - * A specialized version of `baseProperty` which supports deep paths. - * - * @private - * @param {Array|string} path The path of the property to get. - * @returns {Function} Returns the new function. - */ - function basePropertyDeep(path) { - var pathKey = (path + ''); - path = toPath(path); - return function(object) { - return baseGet(object, path, pathKey); - }; - } + if (this.length === 0) { + this.words[0] = 0; + this.length = 1; + } - /** - * The base implementation of `_.pullAt` without support for individual - * index arguments and capturing the removed elements. - * - * @private - * @param {Array} array The array to modify. - * @param {number[]} indexes The indexes of elements to remove. - * @returns {Array} Returns `array`. - */ - function basePullAt(array, indexes) { - var length = array ? indexes.length : 0; - while (length--) { - var index = indexes[length]; - if (index != previous && isIndex(index)) { - var previous = index; - splice.call(array, index, 1); - } - } - return array; - } + this.strip(); - /** - * The base implementation of `_.random` without support for argument juggling - * and returning floating-point numbers. - * - * @private - * @param {number} min The minimum possible value. - * @param {number} max The maximum possible value. - * @returns {number} Returns the random number. - */ - function baseRandom(min, max) { - return min + nativeFloor(nativeRandom() * (max - min + 1)); - } + return this; +}; - /** - * The base implementation of `_.reduce` and `_.reduceRight` without support - * for callback shorthands and `this` binding, which iterates over `collection` - * using the provided `eachFunc`. - * - * @private - * @param {Array|Object|string} collection The collection to iterate over. - * @param {Function} iteratee The function invoked per iteration. - * @param {*} accumulator The initial value. - * @param {boolean} initFromCollection Specify using the first or last element - * of `collection` as the initial value. - * @param {Function} eachFunc The function to iterate over `collection`. - * @returns {*} Returns the accumulated value. - */ - function baseReduce(collection, iteratee, accumulator, initFromCollection, eachFunc) { - eachFunc(collection, function(value, index, collection) { - accumulator = initFromCollection - ? (initFromCollection = false, value) - : iteratee(accumulator, value, index, collection); - }); - return accumulator; - } +// Shift-left +BN.prototype.shln = function shln(bits) { + return this.clone().ishln(bits); +}; - /** - * The base implementation of `setData` without support for hot loop detection. - * - * @private - * @param {Function} func The function to associate metadata with. - * @param {*} data The metadata. - * @returns {Function} Returns `func`. - */ - var baseSetData = !metaMap ? identity : function(func, data) { - metaMap.set(func, data); - return func; - }; +// Shift-right +BN.prototype.shrn = function shrn(bits) { + return this.clone().ishrn(bits); +}; - /** - * The base implementation of `_.slice` without an iteratee call guard. - * - * @private - * @param {Array} array The array to slice. - * @param {number} [start=0] The start position. - * @param {number} [end=array.length] The end position. - * @returns {Array} Returns the slice of `array`. - */ - function baseSlice(array, start, end) { - var index = -1, - length = array.length; +// Test if n bit is set +BN.prototype.testn = function testn(bit) { + assert(typeof bit === 'number' && bit >= 0); + var r = bit % 26; + var s = (bit - r) / 26; + var q = 1 << r; - start = start == null ? 0 : (+start || 0); - if (start < 0) { - start = -start > length ? 0 : (length + start); - } - end = (end === undefined || end > length) ? length : (+end || 0); - if (end < 0) { - end += length; - } - length = start > end ? 0 : ((end - start) >>> 0); - start >>>= 0; + // Fast case: bit is much higher than all existing words + if (this.length <= s) { + return false; + } - var result = Array(length); - while (++index < length) { - result[index] = array[index + start]; - } - return result; - } + // Check bit and return + var w = this.words[s]; - /** - * The base implementation of `_.some` without support for callback shorthands - * and `this` binding. - * - * @private - * @param {Array|Object|string} collection The collection to iterate over. - * @param {Function} predicate The function invoked per iteration. - * @returns {boolean} Returns `true` if any element passes the predicate check, - * else `false`. - */ - function baseSome(collection, predicate) { - var result; + return !!(w & q); +}; - baseEach(collection, function(value, index, collection) { - result = predicate(value, index, collection); - return !result; - }); - return !!result; - } +// Return only lowers bits of number (in-place) +BN.prototype.imaskn = function imaskn(bits) { + assert(typeof bits === 'number' && bits >= 0); + var r = bits % 26; + var s = (bits - r) / 26; - /** - * The base implementation of `_.sortBy` which uses `comparer` to define - * the sort order of `array` and replaces criteria objects with their - * corresponding values. - * - * @private - * @param {Array} array The array to sort. - * @param {Function} comparer The function to define sort order. - * @returns {Array} Returns `array`. - */ - function baseSortBy(array, comparer) { - var length = array.length; + assert(!this.sign, 'imaskn works only with positive numbers'); - array.sort(comparer); - while (length--) { - array[length] = array[length].value; - } - return array; - } + if (r !== 0) + s++; + this.length = Math.min(s, this.length); - /** - * The base implementation of `_.sortByOrder` without param guards. - * - * @private - * @param {Array|Object|string} collection The collection to iterate over. - * @param {Function[]|Object[]|string[]} iteratees The iteratees to sort by. - * @param {boolean[]} orders The sort orders of `iteratees`. - * @returns {Array} Returns the new sorted array. - */ - function baseSortByOrder(collection, iteratees, orders) { - var callback = getCallback(), - index = -1; + if (r !== 0) { + var mask = 0x3ffffff ^ ((0x3ffffff >>> r) << r); + this.words[this.length - 1] &= mask; + } - iteratees = arrayMap(iteratees, function(iteratee) { return callback(iteratee); }); + return this.strip(); +}; - var result = baseMap(collection, function(value) { - var criteria = arrayMap(iteratees, function(iteratee) { return iteratee(value); }); - return { 'criteria': criteria, 'index': ++index, 'value': value }; - }); +// Return only lowers bits of number +BN.prototype.maskn = function maskn(bits) { + return this.clone().imaskn(bits); +}; - return baseSortBy(result, function(object, other) { - return compareMultiple(object, other, orders); - }); - } +// Add plain number `num` to `this` +BN.prototype.iaddn = function iaddn(num) { + assert(typeof num === 'number'); + if (num < 0) + return this.isubn(-num); - /** - * The base implementation of `_.sum` without support for callback shorthands - * and `this` binding. - * - * @private - * @param {Array|Object|string} collection The collection to iterate over. - * @param {Function} iteratee The function invoked per iteration. - * @returns {number} Returns the sum. - */ - function baseSum(collection, iteratee) { - var result = 0; - baseEach(collection, function(value, index, collection) { - result += +iteratee(value, index, collection) || 0; - }); - return result; + // Possible sign change + if (this.sign) { + if (this.length === 1 && this.words[0] < num) { + this.words[0] = num - this.words[0]; + this.sign = false; + return this; } - /** - * The base implementation of `_.uniq` without support for callback shorthands - * and `this` binding. - * - * @private - * @param {Array} array The array to inspect. - * @param {Function} [iteratee] The function invoked per iteration. - * @returns {Array} Returns the new duplicate-value-free array. - */ - function baseUniq(array, iteratee) { - var index = -1, - indexOf = getIndexOf(), - length = array.length, - isCommon = indexOf == baseIndexOf, - isLarge = isCommon && length >= LARGE_ARRAY_SIZE, - seen = isLarge ? createCache() : null, - result = []; + this.sign = false; + this.isubn(num); + this.sign = true; + return this; + } - if (seen) { - indexOf = cacheIndexOf; - isCommon = false; - } else { - isLarge = false; - seen = iteratee ? [] : result; - } - outer: - while (++index < length) { - var value = array[index], - computed = iteratee ? iteratee(value, index, array) : value; + // Add without checks + return this._iaddn(num); +}; - if (isCommon && value === value) { - var seenIndex = seen.length; - while (seenIndex--) { - if (seen[seenIndex] === computed) { - continue outer; - } - } - if (iteratee) { - seen.push(computed); - } - result.push(value); - } - else if (indexOf(seen, computed, 0) < 0) { - if (iteratee || isLarge) { - seen.push(computed); - } - result.push(value); - } - } - return result; - } +BN.prototype._iaddn = function _iaddn(num) { + this.words[0] += num; - /** - * The base implementation of `_.values` and `_.valuesIn` which creates an - * array of `object` property values corresponding to the property names - * of `props`. - * - * @private - * @param {Object} object The object to query. - * @param {Array} props The property names to get values for. - * @returns {Object} Returns the array of property values. - */ - function baseValues(object, props) { - var index = -1, - length = props.length, - result = Array(length); + // Carry + for (var i = 0; i < this.length && this.words[i] >= 0x4000000; i++) { + this.words[i] -= 0x4000000; + if (i === this.length - 1) + this.words[i + 1] = 1; + else + this.words[i + 1]++; + } + this.length = Math.max(this.length, i + 1); - while (++index < length) { - result[index] = object[props[index]]; - } - return result; - } + return this; +}; - /** - * The base implementation of `_.dropRightWhile`, `_.dropWhile`, `_.takeRightWhile`, - * and `_.takeWhile` without support for callback shorthands and `this` binding. - * - * @private - * @param {Array} array The array to query. - * @param {Function} predicate The function invoked per iteration. - * @param {boolean} [isDrop] Specify dropping elements instead of taking them. - * @param {boolean} [fromRight] Specify iterating from right to left. - * @returns {Array} Returns the slice of `array`. - */ - function baseWhile(array, predicate, isDrop, fromRight) { - var length = array.length, - index = fromRight ? length : -1; +// Subtract plain number `num` from `this` +BN.prototype.isubn = function isubn(num) { + assert(typeof num === 'number'); + if (num < 0) + return this.iaddn(-num); - while ((fromRight ? index-- : ++index < length) && predicate(array[index], index, array)) {} - return isDrop - ? baseSlice(array, (fromRight ? 0 : index), (fromRight ? index + 1 : length)) - : baseSlice(array, (fromRight ? index + 1 : 0), (fromRight ? length : index)); - } + if (this.sign) { + this.sign = false; + this.iaddn(num); + this.sign = true; + return this; + } - /** - * The base implementation of `wrapperValue` which returns the result of - * performing a sequence of actions on the unwrapped `value`, where each - * successive action is supplied the return value of the previous. - * - * @private - * @param {*} value The unwrapped value. - * @param {Array} actions Actions to peform to resolve the unwrapped value. - * @returns {*} Returns the resolved value. - */ - function baseWrapperValue(value, actions) { - var result = value; - if (result instanceof LazyWrapper) { - result = result.value(); - } - var index = -1, - length = actions.length; + this.words[0] -= num; - while (++index < length) { - var action = actions[index]; - result = action.func.apply(action.thisArg, arrayPush([result], action.args)); - } - return result; - } + // Carry + for (var i = 0; i < this.length && this.words[i] < 0; i++) { + this.words[i] += 0x4000000; + this.words[i + 1] -= 1; + } - /** - * Performs a binary search of `array` to determine the index at which `value` - * should be inserted into `array` in order to maintain its sort order. - * - * @private - * @param {Array} array The sorted array to inspect. - * @param {*} value The value to evaluate. - * @param {boolean} [retHighest] Specify returning the highest qualified index. - * @returns {number} Returns the index at which `value` should be inserted - * into `array`. - */ - function binaryIndex(array, value, retHighest) { - var low = 0, - high = array ? array.length : low; + return this.strip(); +}; - if (typeof value == 'number' && value === value && high <= HALF_MAX_ARRAY_LENGTH) { - while (low < high) { - var mid = (low + high) >>> 1, - computed = array[mid]; +BN.prototype.addn = function addn(num) { + return this.clone().iaddn(num); +}; - if ((retHighest ? (computed <= value) : (computed < value)) && computed !== null) { - low = mid + 1; - } else { - high = mid; - } - } - return high; - } - return binaryIndexBy(array, value, identity, retHighest); - } +BN.prototype.subn = function subn(num) { + return this.clone().isubn(num); +}; - /** - * This function is like `binaryIndex` except that it invokes `iteratee` for - * `value` and each element of `array` to compute their sort ranking. The - * iteratee is invoked with one argument; (value). - * - * @private - * @param {Array} array The sorted array to inspect. - * @param {*} value The value to evaluate. - * @param {Function} iteratee The function invoked per iteration. - * @param {boolean} [retHighest] Specify returning the highest qualified index. - * @returns {number} Returns the index at which `value` should be inserted - * into `array`. - */ - function binaryIndexBy(array, value, iteratee, retHighest) { - value = iteratee(value); +BN.prototype.iabs = function iabs() { + this.sign = false; - var low = 0, - high = array ? array.length : 0, - valIsNaN = value !== value, - valIsNull = value === null, - valIsUndef = value === undefined; + return this; +}; - while (low < high) { - var mid = nativeFloor((low + high) / 2), - computed = iteratee(array[mid]), - isDef = computed !== undefined, - isReflexive = computed === computed; +BN.prototype.abs = function abs() { + return this.clone().iabs(); +}; - if (valIsNaN) { - var setLow = isReflexive || retHighest; - } else if (valIsNull) { - setLow = isReflexive && isDef && (retHighest || computed != null); - } else if (valIsUndef) { - setLow = isReflexive && (retHighest || isDef); - } else if (computed == null) { - setLow = false; - } else { - setLow = retHighest ? (computed <= value) : (computed < value); - } - if (setLow) { - low = mid + 1; - } else { - high = mid; - } - } - return nativeMin(high, MAX_ARRAY_INDEX); - } +BN.prototype._ishlnsubmul = function _ishlnsubmul(num, mul, shift) { + // Bigger storage is needed + var len = num.length + shift; + var i; + if (this.words.length < len) { + var t = new Array(len); + for (var i = 0; i < this.length; i++) + t[i] = this.words[i]; + this.words = t; + } else { + i = this.length; + } - /** - * A specialized version of `baseCallback` which only supports `this` binding - * and specifying the number of arguments to provide to `func`. - * - * @private - * @param {Function} func The function to bind. - * @param {*} thisArg The `this` binding of `func`. - * @param {number} [argCount] The number of arguments to provide to `func`. - * @returns {Function} Returns the callback. - */ - function bindCallback(func, thisArg, argCount) { - if (typeof func != 'function') { - return identity; - } - if (thisArg === undefined) { - return func; - } - switch (argCount) { - case 1: return function(value) { - return func.call(thisArg, value); - }; - case 3: return function(value, index, collection) { - return func.call(thisArg, value, index, collection); - }; - case 4: return function(accumulator, value, index, collection) { - return func.call(thisArg, accumulator, value, index, collection); - }; - case 5: return function(value, other, key, object, source) { - return func.call(thisArg, value, other, key, object, source); - }; - } - return function() { - return func.apply(thisArg, arguments); - }; - } + // Zeroify rest + this.length = Math.max(this.length, len); + for (; i < this.length; i++) + this.words[i] = 0; - /** - * Creates a clone of the given array buffer. - * - * @private - * @param {ArrayBuffer} buffer The array buffer to clone. - * @returns {ArrayBuffer} Returns the cloned array buffer. - */ - function bufferClone(buffer) { - var result = new ArrayBuffer(buffer.byteLength), - view = new Uint8Array(result); + var carry = 0; + for (var i = 0; i < num.length; i++) { + var w = this.words[i + shift] + carry; + var right = num.words[i] * mul; + w -= right & 0x3ffffff; + carry = (w >> 26) - ((right / 0x4000000) | 0); + this.words[i + shift] = w & 0x3ffffff; + } + for (; i < this.length - shift; i++) { + var w = this.words[i + shift] + carry; + carry = w >> 26; + this.words[i + shift] = w & 0x3ffffff; + } - view.set(new Uint8Array(buffer)); - return result; - } + if (carry === 0) + return this.strip(); - /** - * Creates an array that is the composition of partially applied arguments, - * placeholders, and provided arguments into a single array of arguments. - * - * @private - * @param {Array|Object} args The provided arguments. - * @param {Array} partials The arguments to prepend to those provided. - * @param {Array} holders The `partials` placeholder indexes. - * @returns {Array} Returns the new array of composed arguments. - */ - function composeArgs(args, partials, holders) { - var holdersLength = holders.length, - argsIndex = -1, - argsLength = nativeMax(args.length - holdersLength, 0), - leftIndex = -1, - leftLength = partials.length, - result = Array(leftLength + argsLength); + // Subtraction overflow + assert(carry === -1); + carry = 0; + for (var i = 0; i < this.length; i++) { + var w = -this.words[i] + carry; + carry = w >> 26; + this.words[i] = w & 0x3ffffff; + } + this.sign = true; - while (++leftIndex < leftLength) { - result[leftIndex] = partials[leftIndex]; - } - while (++argsIndex < holdersLength) { - result[holders[argsIndex]] = args[argsIndex]; - } - while (argsLength--) { - result[leftIndex++] = args[argsIndex++]; - } - return result; - } + return this.strip(); +}; - /** - * This function is like `composeArgs` except that the arguments composition - * is tailored for `_.partialRight`. - * - * @private - * @param {Array|Object} args The provided arguments. - * @param {Array} partials The arguments to append to those provided. - * @param {Array} holders The `partials` placeholder indexes. - * @returns {Array} Returns the new array of composed arguments. - */ - function composeArgsRight(args, partials, holders) { - var holdersIndex = -1, - holdersLength = holders.length, - argsIndex = -1, - argsLength = nativeMax(args.length - holdersLength, 0), - rightIndex = -1, - rightLength = partials.length, - result = Array(argsLength + rightLength); +BN.prototype._wordDiv = function _wordDiv(num, mode) { + var shift = this.length - num.length; - while (++argsIndex < argsLength) { - result[argsIndex] = args[argsIndex]; - } - var offset = argsIndex; - while (++rightIndex < rightLength) { - result[offset + rightIndex] = partials[rightIndex]; - } - while (++holdersIndex < holdersLength) { - result[offset + holders[holdersIndex]] = args[argsIndex++]; - } - return result; - } + var a = this.clone(); + var b = num; - /** - * Creates a `_.countBy`, `_.groupBy`, `_.indexBy`, or `_.partition` function. - * - * @private - * @param {Function} setter The function to set keys and values of the accumulator object. - * @param {Function} [initializer] The function to initialize the accumulator object. - * @returns {Function} Returns the new aggregator function. - */ - function createAggregator(setter, initializer) { - return function(collection, iteratee, thisArg) { - var result = initializer ? initializer() : {}; - iteratee = getCallback(iteratee, thisArg, 3); + // Normalize + var bhi = b.words[b.length - 1]; + var bhiBits = this._countBits(bhi); + shift = 26 - bhiBits; + if (shift !== 0) { + b = b.shln(shift); + a.ishln(shift); + bhi = b.words[b.length - 1]; + } - if (isArray(collection)) { - var index = -1, - length = collection.length; + // Initialize quotient + var m = a.length - b.length; + var q; - while (++index < length) { - var value = collection[index]; - setter(result, value, iteratee(value, index, collection), collection); - } - } else { - baseEach(collection, function(value, key, collection) { - setter(result, value, iteratee(value, key, collection), collection); - }); - } - return result; - }; - } + if (mode !== 'mod') { + q = new BN(null); + q.length = m + 1; + q.words = new Array(q.length); + for (var i = 0; i < q.length; i++) + q.words[i] = 0; + } - /** - * Creates a `_.assign`, `_.defaults`, or `_.merge` function. - * - * @private - * @param {Function} assigner The function to assign values. - * @returns {Function} Returns the new assigner function. - */ - function createAssigner(assigner) { - return restParam(function(object, sources) { - var index = -1, - length = object == null ? 0 : sources.length, - customizer = length > 2 ? sources[length - 2] : undefined, - guard = length > 2 ? sources[2] : undefined, - thisArg = length > 1 ? sources[length - 1] : undefined; + var diff = a.clone()._ishlnsubmul(b, 1, m); + if (!diff.sign) { + a = diff; + if (q) + q.words[m] = 1; + } - if (typeof customizer == 'function') { - customizer = bindCallback(customizer, thisArg, 5); - length -= 2; - } else { - customizer = typeof thisArg == 'function' ? thisArg : undefined; - length -= (customizer ? 1 : 0); - } - if (guard && isIterateeCall(sources[0], sources[1], guard)) { - customizer = length < 3 ? undefined : customizer; - length = 1; - } - while (++index < length) { - var source = sources[index]; - if (source) { - assigner(object, source, customizer); - } - } - return object; - }); - } + for (var j = m - 1; j >= 0; j--) { + var qj = a.words[b.length + j] * 0x4000000 + a.words[b.length + j - 1]; - /** - * Creates a `baseEach` or `baseEachRight` function. - * - * @private - * @param {Function} eachFunc The function to iterate over a collection. - * @param {boolean} [fromRight] Specify iterating from right to left. - * @returns {Function} Returns the new base function. - */ - function createBaseEach(eachFunc, fromRight) { - return function(collection, iteratee) { - var length = collection ? getLength(collection) : 0; - if (!isLength(length)) { - return eachFunc(collection, iteratee); - } - var index = fromRight ? length : -1, - iterable = toObject(collection); + // NOTE: (qj / bhi) is (0x3ffffff * 0x4000000 + 0x3ffffff) / 0x2000000 max + // (0x7ffffff) + qj = Math.min((qj / bhi) | 0, 0x3ffffff); - while ((fromRight ? index-- : ++index < length)) { - if (iteratee(iterable[index], index, iterable) === false) { - break; - } - } - return collection; - }; + a._ishlnsubmul(b, qj, j); + while (a.sign) { + qj--; + a.sign = false; + a._ishlnsubmul(b, 1, j); + if (a.cmpn(0) !== 0) + a.sign = !a.sign; } + if (q) + q.words[j] = qj; + } + if (q) + q.strip(); + a.strip(); - /** - * Creates a base function for `_.forIn` or `_.forInRight`. - * - * @private - * @param {boolean} [fromRight] Specify iterating from right to left. - * @returns {Function} Returns the new base function. - */ - function createBaseFor(fromRight) { - return function(object, iteratee, keysFunc) { - var iterable = toObject(object), - props = keysFunc(object), - length = props.length, - index = fromRight ? length : -1; - - while ((fromRight ? index-- : ++index < length)) { - var key = props[index]; - if (iteratee(iterable[key], key, iterable) === false) { - break; - } - } - return object; - }; - } + // Denormalize + if (mode !== 'div' && shift !== 0) + a.ishrn(shift); + return { div: q ? q : null, mod: a }; +}; - /** - * Creates a function that wraps `func` and invokes it with the `this` - * binding of `thisArg`. - * - * @private - * @param {Function} func The function to bind. - * @param {*} [thisArg] The `this` binding of `func`. - * @returns {Function} Returns the new bound function. - */ - function createBindWrapper(func, thisArg) { - var Ctor = createCtorWrapper(func); +BN.prototype.divmod = function divmod(num, mode) { + assert(num.cmpn(0) !== 0); - function wrapper() { - var fn = (this && this !== root && this instanceof wrapper) ? Ctor : func; - return fn.apply(thisArg, arguments); - } - return wrapper; - } + if (this.sign && !num.sign) { + var res = this.neg().divmod(num, mode); + var div; + var mod; + if (mode !== 'mod') + div = res.div.neg(); + if (mode !== 'div') + mod = res.mod.cmpn(0) === 0 ? res.mod : num.sub(res.mod); + return { + div: div, + mod: mod + }; + } else if (!this.sign && num.sign) { + var res = this.divmod(num.neg(), mode); + var div; + if (mode !== 'mod') + div = res.div.neg(); + return { div: div, mod: res.mod }; + } else if (this.sign && num.sign) { + return this.neg().divmod(num.neg(), mode); + } - /** - * Creates a `Set` cache object to optimize linear searches of large arrays. - * - * @private - * @param {Array} [values] The values to cache. - * @returns {null|Object} Returns the new cache object if `Set` is supported, else `null`. - */ - function createCache(values) { - return (nativeCreate && Set) ? new SetCache(values) : null; - } + // Both numbers are positive at this point - /** - * Creates a function that produces compound words out of the words in a - * given string. - * - * @private - * @param {Function} callback The function to combine each word. - * @returns {Function} Returns the new compounder function. - */ - function createCompounder(callback) { - return function(string) { - var index = -1, - array = words(deburr(string)), - length = array.length, - result = ''; + // Strip both numbers to approximate shift value + if (num.length > this.length || this.cmp(num) < 0) + return { div: new BN(0), mod: this }; - while (++index < length) { - result = callback(result, array[index], index); - } - return result; - }; - } + // Very short reduction + if (num.length === 1) { + if (mode === 'div') + return { div: this.divn(num.words[0]), mod: null }; + else if (mode === 'mod') + return { div: null, mod: new BN(this.modn(num.words[0])) }; + return { + div: this.divn(num.words[0]), + mod: new BN(this.modn(num.words[0])) + }; + } - /** - * Creates a function that produces an instance of `Ctor` regardless of - * whether it was invoked as part of a `new` expression or by `call` or `apply`. - * - * @private - * @param {Function} Ctor The constructor to wrap. - * @returns {Function} Returns the new wrapped function. - */ - function createCtorWrapper(Ctor) { - return function() { - // Use a `switch` statement to work with class constructors. - // See http://ecma-international.org/ecma-262/6.0/#sec-ecmascript-function-objects-call-thisargument-argumentslist - // for more details. - var args = arguments; - switch (args.length) { - case 0: return new Ctor; - case 1: return new Ctor(args[0]); - case 2: return new Ctor(args[0], args[1]); - case 3: return new Ctor(args[0], args[1], args[2]); - case 4: return new Ctor(args[0], args[1], args[2], args[3]); - case 5: return new Ctor(args[0], args[1], args[2], args[3], args[4]); - case 6: return new Ctor(args[0], args[1], args[2], args[3], args[4], args[5]); - case 7: return new Ctor(args[0], args[1], args[2], args[3], args[4], args[5], args[6]); - } - var thisBinding = baseCreate(Ctor.prototype), - result = Ctor.apply(thisBinding, args); + return this._wordDiv(num, mode); +}; - // Mimic the constructor's `return` behavior. - // See https://es5.github.io/#x13.2.2 for more details. - return isObject(result) ? result : thisBinding; - }; - } +// Find `this` / `num` +BN.prototype.div = function div(num) { + return this.divmod(num, 'div').div; +}; - /** - * Creates a `_.curry` or `_.curryRight` function. - * - * @private - * @param {boolean} flag The curry bit flag. - * @returns {Function} Returns the new curry function. - */ - function createCurry(flag) { - function curryFunc(func, arity, guard) { - if (guard && isIterateeCall(func, arity, guard)) { - arity = undefined; - } - var result = createWrapper(func, flag, undefined, undefined, undefined, undefined, undefined, arity); - result.placeholder = curryFunc.placeholder; - return result; - } - return curryFunc; - } +// Find `this` % `num` +BN.prototype.mod = function mod(num) { + return this.divmod(num, 'mod').mod; +}; - /** - * Creates a `_.defaults` or `_.defaultsDeep` function. - * - * @private - * @param {Function} assigner The function to assign values. - * @param {Function} customizer The function to customize assigned values. - * @returns {Function} Returns the new defaults function. - */ - function createDefaults(assigner, customizer) { - return restParam(function(args) { - var object = args[0]; - if (object == null) { - return object; - } - args.push(customizer); - return assigner.apply(undefined, args); - }); - } +// Find Round(`this` / `num`) +BN.prototype.divRound = function divRound(num) { + var dm = this.divmod(num); - /** - * Creates a `_.max` or `_.min` function. - * - * @private - * @param {Function} comparator The function used to compare values. - * @param {*} exValue The initial extremum value. - * @returns {Function} Returns the new extremum function. - */ - function createExtremum(comparator, exValue) { - return function(collection, iteratee, thisArg) { - if (thisArg && isIterateeCall(collection, iteratee, thisArg)) { - iteratee = undefined; - } - iteratee = getCallback(iteratee, thisArg, 3); - if (iteratee.length == 1) { - collection = isArray(collection) ? collection : toIterable(collection); - var result = arrayExtremum(collection, iteratee, comparator, exValue); - if (!(collection.length && result === exValue)) { - return result; - } - } - return baseExtremum(collection, iteratee, comparator, exValue); - }; - } + // Fast case - exact division + if (dm.mod.cmpn(0) === 0) + return dm.div; - /** - * Creates a `_.find` or `_.findLast` function. - * - * @private - * @param {Function} eachFunc The function to iterate over a collection. - * @param {boolean} [fromRight] Specify iterating from right to left. - * @returns {Function} Returns the new find function. - */ - function createFind(eachFunc, fromRight) { - return function(collection, predicate, thisArg) { - predicate = getCallback(predicate, thisArg, 3); - if (isArray(collection)) { - var index = baseFindIndex(collection, predicate, fromRight); - return index > -1 ? collection[index] : undefined; - } - return baseFind(collection, predicate, eachFunc); - }; - } + var mod = dm.div.sign ? dm.mod.isub(num) : dm.mod; - /** - * Creates a `_.findIndex` or `_.findLastIndex` function. - * - * @private - * @param {boolean} [fromRight] Specify iterating from right to left. - * @returns {Function} Returns the new find function. - */ - function createFindIndex(fromRight) { - return function(array, predicate, thisArg) { - if (!(array && array.length)) { - return -1; - } - predicate = getCallback(predicate, thisArg, 3); - return baseFindIndex(array, predicate, fromRight); - }; - } + var half = num.shrn(1); + var r2 = num.andln(1); + var cmp = mod.cmp(half); - /** - * Creates a `_.findKey` or `_.findLastKey` function. - * - * @private - * @param {Function} objectFunc The function to iterate over an object. - * @returns {Function} Returns the new find function. - */ - function createFindKey(objectFunc) { - return function(object, predicate, thisArg) { - predicate = getCallback(predicate, thisArg, 3); - return baseFind(object, predicate, objectFunc, true); - }; - } + // Round down + if (cmp < 0 || r2 === 1 && cmp === 0) + return dm.div; - /** - * Creates a `_.flow` or `_.flowRight` function. - * - * @private - * @param {boolean} [fromRight] Specify iterating from right to left. - * @returns {Function} Returns the new flow function. - */ - function createFlow(fromRight) { - return function() { - var wrapper, - length = arguments.length, - index = fromRight ? length : -1, - leftIndex = 0, - funcs = Array(length); + // Round up + return dm.div.sign ? dm.div.isubn(1) : dm.div.iaddn(1); +}; - while ((fromRight ? index-- : ++index < length)) { - var func = funcs[leftIndex++] = arguments[index]; - if (typeof func != 'function') { - throw new TypeError(FUNC_ERROR_TEXT); - } - if (!wrapper && LodashWrapper.prototype.thru && getFuncName(func) == 'wrapper') { - wrapper = new LodashWrapper([], true); - } - } - index = wrapper ? -1 : length; - while (++index < length) { - func = funcs[index]; +BN.prototype.modn = function modn(num) { + assert(num <= 0x3ffffff); + var p = (1 << 26) % num; - var funcName = getFuncName(func), - data = funcName == 'wrapper' ? getData(func) : undefined; + var acc = 0; + for (var i = this.length - 1; i >= 0; i--) + acc = (p * acc + this.words[i]) % num; - if (data && isLaziable(data[0]) && data[1] == (ARY_FLAG | CURRY_FLAG | PARTIAL_FLAG | REARG_FLAG) && !data[4].length && data[9] == 1) { - wrapper = wrapper[getFuncName(data[0])].apply(wrapper, data[3]); - } else { - wrapper = (func.length == 1 && isLaziable(func)) ? wrapper[funcName]() : wrapper.thru(func); - } - } - return function() { - var args = arguments, - value = args[0]; + return acc; +}; - if (wrapper && args.length == 1 && isArray(value) && value.length >= LARGE_ARRAY_SIZE) { - return wrapper.plant(value).value(); - } - var index = 0, - result = length ? funcs[index].apply(this, args) : value; +// In-place division by number +BN.prototype.idivn = function idivn(num) { + assert(num <= 0x3ffffff); - while (++index < length) { - result = funcs[index].call(this, result); - } - return result; - }; - }; - } + var carry = 0; + for (var i = this.length - 1; i >= 0; i--) { + var w = this.words[i] + carry * 0x4000000; + this.words[i] = (w / num) | 0; + carry = w % num; + } - /** - * Creates a function for `_.forEach` or `_.forEachRight`. - * - * @private - * @param {Function} arrayFunc The function to iterate over an array. - * @param {Function} eachFunc The function to iterate over a collection. - * @returns {Function} Returns the new each function. - */ - function createForEach(arrayFunc, eachFunc) { - return function(collection, iteratee, thisArg) { - return (typeof iteratee == 'function' && thisArg === undefined && isArray(collection)) - ? arrayFunc(collection, iteratee) - : eachFunc(collection, bindCallback(iteratee, thisArg, 3)); - }; - } + return this.strip(); +}; - /** - * Creates a function for `_.forIn` or `_.forInRight`. - * - * @private - * @param {Function} objectFunc The function to iterate over an object. - * @returns {Function} Returns the new each function. - */ - function createForIn(objectFunc) { - return function(object, iteratee, thisArg) { - if (typeof iteratee != 'function' || thisArg !== undefined) { - iteratee = bindCallback(iteratee, thisArg, 3); - } - return objectFunc(object, iteratee, keysIn); - }; - } +BN.prototype.divn = function divn(num) { + return this.clone().idivn(num); +}; - /** - * Creates a function for `_.forOwn` or `_.forOwnRight`. - * - * @private - * @param {Function} objectFunc The function to iterate over an object. - * @returns {Function} Returns the new each function. - */ - function createForOwn(objectFunc) { - return function(object, iteratee, thisArg) { - if (typeof iteratee != 'function' || thisArg !== undefined) { - iteratee = bindCallback(iteratee, thisArg, 3); - } - return objectFunc(object, iteratee); - }; - } +BN.prototype.egcd = function egcd(p) { + assert(!p.sign); + assert(p.cmpn(0) !== 0); - /** - * Creates a function for `_.mapKeys` or `_.mapValues`. - * - * @private - * @param {boolean} [isMapKeys] Specify mapping keys instead of values. - * @returns {Function} Returns the new map function. - */ - function createObjectMapper(isMapKeys) { - return function(object, iteratee, thisArg) { - var result = {}; - iteratee = getCallback(iteratee, thisArg, 3); + var x = this; + var y = p.clone(); - baseForOwn(object, function(value, key, object) { - var mapped = iteratee(value, key, object); - key = isMapKeys ? mapped : key; - value = isMapKeys ? value : mapped; - result[key] = value; - }); - return result; - }; - } + if (x.sign) + x = x.mod(p); + else + x = x.clone(); - /** - * Creates a function for `_.padLeft` or `_.padRight`. - * - * @private - * @param {boolean} [fromRight] Specify padding from the right. - * @returns {Function} Returns the new pad function. - */ - function createPadDir(fromRight) { - return function(string, length, chars) { - string = baseToString(string); - return (fromRight ? string : '') + createPadding(string, length, chars) + (fromRight ? '' : string); - }; + // A * x + B * y = x + var A = new BN(1); + var B = new BN(0); + + // C * x + D * y = y + var C = new BN(0); + var D = new BN(1); + + var g = 0; + + while (x.isEven() && y.isEven()) { + x.ishrn(1); + y.ishrn(1); + ++g; + } + + var yp = y.clone(); + var xp = x.clone(); + + while (x.cmpn(0) !== 0) { + while (x.isEven()) { + x.ishrn(1); + if (A.isEven() && B.isEven()) { + A.ishrn(1); + B.ishrn(1); + } else { + A.iadd(yp).ishrn(1); + B.isub(xp).ishrn(1); + } } - /** - * Creates a `_.partial` or `_.partialRight` function. - * - * @private - * @param {boolean} flag The partial bit flag. - * @returns {Function} Returns the new partial function. - */ - function createPartial(flag) { - var partialFunc = restParam(function(func, partials) { - var holders = replaceHolders(partials, partialFunc.placeholder); - return createWrapper(func, flag, undefined, partials, holders); - }); - return partialFunc; + while (y.isEven()) { + y.ishrn(1); + if (C.isEven() && D.isEven()) { + C.ishrn(1); + D.ishrn(1); + } else { + C.iadd(yp).ishrn(1); + D.isub(xp).ishrn(1); + } } - /** - * Creates a function for `_.reduce` or `_.reduceRight`. - * - * @private - * @param {Function} arrayFunc The function to iterate over an array. - * @param {Function} eachFunc The function to iterate over a collection. - * @returns {Function} Returns the new each function. - */ - function createReduce(arrayFunc, eachFunc) { - return function(collection, iteratee, accumulator, thisArg) { - var initFromArray = arguments.length < 3; - return (typeof iteratee == 'function' && thisArg === undefined && isArray(collection)) - ? arrayFunc(collection, iteratee, accumulator, initFromArray) - : baseReduce(collection, getCallback(iteratee, thisArg, 4), accumulator, initFromArray, eachFunc); - }; + if (x.cmp(y) >= 0) { + x.isub(y); + A.isub(C); + B.isub(D); + } else { + y.isub(x); + C.isub(A); + D.isub(B); } + } - /** - * Creates a function that wraps `func` and invokes it with optional `this` - * binding of, partial application, and currying. - * - * @private - * @param {Function|string} func The function or method name to reference. - * @param {number} bitmask The bitmask of flags. See `createWrapper` for more details. - * @param {*} [thisArg] The `this` binding of `func`. - * @param {Array} [partials] The arguments to prepend to those provided to the new function. - * @param {Array} [holders] The `partials` placeholder indexes. - * @param {Array} [partialsRight] The arguments to append to those provided to the new function. - * @param {Array} [holdersRight] The `partialsRight` placeholder indexes. - * @param {Array} [argPos] The argument positions of the new function. - * @param {number} [ary] The arity cap of `func`. - * @param {number} [arity] The arity of `func`. - * @returns {Function} Returns the new wrapped function. - */ - function createHybridWrapper(func, bitmask, thisArg, partials, holders, partialsRight, holdersRight, argPos, ary, arity) { - var isAry = bitmask & ARY_FLAG, - isBind = bitmask & BIND_FLAG, - isBindKey = bitmask & BIND_KEY_FLAG, - isCurry = bitmask & CURRY_FLAG, - isCurryBound = bitmask & CURRY_BOUND_FLAG, - isCurryRight = bitmask & CURRY_RIGHT_FLAG, - Ctor = isBindKey ? undefined : createCtorWrapper(func); + return { + a: C, + b: D, + gcd: y.ishln(g) + }; +}; - function wrapper() { - // Avoid `arguments` object use disqualifying optimizations by - // converting it to an array before providing it to other functions. - var length = arguments.length, - index = length, - args = Array(length); +// This is reduced incarnation of the binary EEA +// above, designated to invert members of the +// _prime_ fields F(p) at a maximal speed +BN.prototype._invmp = function _invmp(p) { + assert(!p.sign); + assert(p.cmpn(0) !== 0); - while (index--) { - args[index] = arguments[index]; - } - if (partials) { - args = composeArgs(args, partials, holders); - } - if (partialsRight) { - args = composeArgsRight(args, partialsRight, holdersRight); - } - if (isCurry || isCurryRight) { - var placeholder = wrapper.placeholder, - argsHolders = replaceHolders(args, placeholder); + var a = this; + var b = p.clone(); - length -= argsHolders.length; - if (length < arity) { - var newArgPos = argPos ? arrayCopy(argPos) : undefined, - newArity = nativeMax(arity - length, 0), - newsHolders = isCurry ? argsHolders : undefined, - newHoldersRight = isCurry ? undefined : argsHolders, - newPartials = isCurry ? args : undefined, - newPartialsRight = isCurry ? undefined : args; + if (a.sign) + a = a.mod(p); + else + a = a.clone(); - bitmask |= (isCurry ? PARTIAL_FLAG : PARTIAL_RIGHT_FLAG); - bitmask &= ~(isCurry ? PARTIAL_RIGHT_FLAG : PARTIAL_FLAG); + var x1 = new BN(1); + var x2 = new BN(0); - if (!isCurryBound) { - bitmask &= ~(BIND_FLAG | BIND_KEY_FLAG); - } - var newData = [func, bitmask, thisArg, newPartials, newsHolders, newPartialsRight, newHoldersRight, newArgPos, ary, newArity], - result = createHybridWrapper.apply(undefined, newData); + var delta = b.clone(); - if (isLaziable(func)) { - setData(result, newData); - } - result.placeholder = placeholder; - return result; - } - } - var thisBinding = isBind ? thisArg : this, - fn = isBindKey ? thisBinding[func] : func; - - if (argPos) { - args = reorder(args, argPos); - } - if (isAry && ary < args.length) { - args.length = ary; - } - if (this && this !== root && this instanceof wrapper) { - fn = Ctor || createCtorWrapper(func); - } - return fn.apply(thisBinding, args); - } - return wrapper; + while (a.cmpn(1) > 0 && b.cmpn(1) > 0) { + while (a.isEven()) { + a.ishrn(1); + if (x1.isEven()) + x1.ishrn(1); + else + x1.iadd(delta).ishrn(1); } - - /** - * Creates the padding required for `string` based on the given `length`. - * The `chars` string is truncated if the number of characters exceeds `length`. - * - * @private - * @param {string} string The string to create padding for. - * @param {number} [length=0] The padding length. - * @param {string} [chars=' '] The string used as padding. - * @returns {string} Returns the pad for `string`. - */ - function createPadding(string, length, chars) { - var strLength = string.length; - length = +length; - - if (strLength >= length || !nativeIsFinite(length)) { - return ''; - } - var padLength = length - strLength; - chars = chars == null ? ' ' : (chars + ''); - return repeat(chars, nativeCeil(padLength / chars.length)).slice(0, padLength); + while (b.isEven()) { + b.ishrn(1); + if (x2.isEven()) + x2.ishrn(1); + else + x2.iadd(delta).ishrn(1); + } + if (a.cmp(b) >= 0) { + a.isub(b); + x1.isub(x2); + } else { + b.isub(a); + x2.isub(x1); } + } + if (a.cmpn(1) === 0) + return x1; + else + return x2; +}; - /** - * Creates a function that wraps `func` and invokes it with the optional `this` - * binding of `thisArg` and the `partials` prepended to those provided to - * the wrapper. - * - * @private - * @param {Function} func The function to partially apply arguments to. - * @param {number} bitmask The bitmask of flags. See `createWrapper` for more details. - * @param {*} thisArg The `this` binding of `func`. - * @param {Array} partials The arguments to prepend to those provided to the new function. - * @returns {Function} Returns the new bound function. - */ - function createPartialWrapper(func, bitmask, thisArg, partials) { - var isBind = bitmask & BIND_FLAG, - Ctor = createCtorWrapper(func); +BN.prototype.gcd = function gcd(num) { + if (this.cmpn(0) === 0) + return num.clone(); + if (num.cmpn(0) === 0) + return this.clone(); - function wrapper() { - // Avoid `arguments` object use disqualifying optimizations by - // converting it to an array before providing it `func`. - var argsIndex = -1, - argsLength = arguments.length, - leftIndex = -1, - leftLength = partials.length, - args = Array(leftLength + argsLength); + var a = this.clone(); + var b = num.clone(); + a.sign = false; + b.sign = false; - while (++leftIndex < leftLength) { - args[leftIndex] = partials[leftIndex]; - } - while (argsLength--) { - args[leftIndex++] = arguments[++argsIndex]; - } - var fn = (this && this !== root && this instanceof wrapper) ? Ctor : func; - return fn.apply(isBind ? thisArg : this, args); - } - return wrapper; - } + // Remove common factor of two + for (var shift = 0; a.isEven() && b.isEven(); shift++) { + a.ishrn(1); + b.ishrn(1); + } - /** - * Creates a `_.ceil`, `_.floor`, or `_.round` function. - * - * @private - * @param {string} methodName The name of the `Math` method to use when rounding. - * @returns {Function} Returns the new round function. - */ - function createRound(methodName) { - var func = Math[methodName]; - return function(number, precision) { - precision = precision === undefined ? 0 : (+precision || 0); - if (precision) { - precision = pow(10, precision); - return func(number * precision) / precision; - } - return func(number); - }; - } + do { + while (a.isEven()) + a.ishrn(1); + while (b.isEven()) + b.ishrn(1); - /** - * Creates a `_.sortedIndex` or `_.sortedLastIndex` function. - * - * @private - * @param {boolean} [retHighest] Specify returning the highest qualified index. - * @returns {Function} Returns the new index function. - */ - function createSortedIndex(retHighest) { - return function(array, value, iteratee, thisArg) { - var callback = getCallback(iteratee); - return (iteratee == null && callback === baseCallback) - ? binaryIndex(array, value, retHighest) - : binaryIndexBy(array, value, callback(iteratee, thisArg, 1), retHighest); - }; + var r = a.cmp(b); + if (r < 0) { + // Swap `a` and `b` to make `a` always bigger than `b` + var t = a; + a = b; + b = t; + } else if (r === 0 || b.cmpn(1) === 0) { + break; } - /** - * Creates a function that either curries or invokes `func` with optional - * `this` binding and partially applied arguments. - * - * @private - * @param {Function|string} func The function or method name to reference. - * @param {number} bitmask The bitmask of flags. - * The bitmask may be composed of the following flags: - * 1 - `_.bind` - * 2 - `_.bindKey` - * 4 - `_.curry` or `_.curryRight` of a bound function - * 8 - `_.curry` - * 16 - `_.curryRight` - * 32 - `_.partial` - * 64 - `_.partialRight` - * 128 - `_.rearg` - * 256 - `_.ary` - * @param {*} [thisArg] The `this` binding of `func`. - * @param {Array} [partials] The arguments to be partially applied. - * @param {Array} [holders] The `partials` placeholder indexes. - * @param {Array} [argPos] The argument positions of the new function. - * @param {number} [ary] The arity cap of `func`. - * @param {number} [arity] The arity of `func`. - * @returns {Function} Returns the new wrapped function. - */ - function createWrapper(func, bitmask, thisArg, partials, holders, argPos, ary, arity) { - var isBindKey = bitmask & BIND_KEY_FLAG; - if (!isBindKey && typeof func != 'function') { - throw new TypeError(FUNC_ERROR_TEXT); - } - var length = partials ? partials.length : 0; - if (!length) { - bitmask &= ~(PARTIAL_FLAG | PARTIAL_RIGHT_FLAG); - partials = holders = undefined; - } - length -= (holders ? holders.length : 0); - if (bitmask & PARTIAL_RIGHT_FLAG) { - var partialsRight = partials, - holdersRight = holders; + a.isub(b); + } while (true); - partials = holders = undefined; - } - var data = isBindKey ? undefined : getData(func), - newData = [func, bitmask, thisArg, partials, holders, partialsRight, holdersRight, argPos, ary, arity]; + return b.ishln(shift); +}; - if (data) { - mergeData(newData, data); - bitmask = newData[1]; - arity = newData[9]; - } - newData[9] = arity == null - ? (isBindKey ? 0 : func.length) - : (nativeMax(arity - length, 0) || 0); +// Invert number in the field F(num) +BN.prototype.invm = function invm(num) { + return this.egcd(num).a.mod(num); +}; - if (bitmask == BIND_FLAG) { - var result = createBindWrapper(newData[0], newData[2]); - } else if ((bitmask == PARTIAL_FLAG || bitmask == (BIND_FLAG | PARTIAL_FLAG)) && !newData[4].length) { - result = createPartialWrapper.apply(undefined, newData); - } else { - result = createHybridWrapper.apply(undefined, newData); - } - var setter = data ? baseSetData : setData; - return setter(result, newData); - } +BN.prototype.isEven = function isEven() { + return (this.words[0] & 1) === 0; +}; - /** - * A specialized version of `baseIsEqualDeep` for arrays with support for - * partial deep comparisons. - * - * @private - * @param {Array} array The array to compare. - * @param {Array} other The other array to compare. - * @param {Function} equalFunc The function to determine equivalents of values. - * @param {Function} [customizer] The function to customize comparing arrays. - * @param {boolean} [isLoose] Specify performing partial comparisons. - * @param {Array} [stackA] Tracks traversed `value` objects. - * @param {Array} [stackB] Tracks traversed `other` objects. - * @returns {boolean} Returns `true` if the arrays are equivalent, else `false`. - */ - function equalArrays(array, other, equalFunc, customizer, isLoose, stackA, stackB) { - var index = -1, - arrLength = array.length, - othLength = other.length; +BN.prototype.isOdd = function isOdd() { + return (this.words[0] & 1) === 1; +}; - if (arrLength != othLength && !(isLoose && othLength > arrLength)) { - return false; - } - // Ignore non-index properties. - while (++index < arrLength) { - var arrValue = array[index], - othValue = other[index], - result = customizer ? customizer(isLoose ? othValue : arrValue, isLoose ? arrValue : othValue, index) : undefined; +// And first word and num +BN.prototype.andln = function andln(num) { + return this.words[0] & num; +}; - if (result !== undefined) { - if (result) { - continue; - } - return false; - } - // Recursively compare arrays (susceptible to call stack limits). - if (isLoose) { - if (!arraySome(other, function(othValue) { - return arrValue === othValue || equalFunc(arrValue, othValue, customizer, isLoose, stackA, stackB); - })) { - return false; - } - } else if (!(arrValue === othValue || equalFunc(arrValue, othValue, customizer, isLoose, stackA, stackB))) { - return false; - } - } - return true; - } +// Increment at the bit position in-line +BN.prototype.bincn = function bincn(bit) { + assert(typeof bit === 'number'); + var r = bit % 26; + var s = (bit - r) / 26; + var q = 1 << r; - /** - * A specialized version of `baseIsEqualDeep` for comparing objects of - * the same `toStringTag`. - * - * **Note:** This function only supports comparing values with tags of - * `Boolean`, `Date`, `Error`, `Number`, `RegExp`, or `String`. - * - * @private - * @param {Object} object The object to compare. - * @param {Object} other The other object to compare. - * @param {string} tag The `toStringTag` of the objects to compare. - * @returns {boolean} Returns `true` if the objects are equivalent, else `false`. - */ - function equalByTag(object, other, tag) { - switch (tag) { - case boolTag: - case dateTag: - // Coerce dates and booleans to numbers, dates to milliseconds and booleans - // to `1` or `0` treating invalid dates coerced to `NaN` as not equal. - return +object == +other; + // Fast case: bit is much higher than all existing words + if (this.length <= s) { + for (var i = this.length; i < s + 1; i++) + this.words[i] = 0; + this.words[s] |= q; + this.length = s + 1; + return this; + } - case errorTag: - return object.name == other.name && object.message == other.message; + // Add bit and propagate, if needed + var carry = q; + for (var i = s; carry !== 0 && i < this.length; i++) { + var w = this.words[i]; + w += carry; + carry = w >>> 26; + w &= 0x3ffffff; + this.words[i] = w; + } + if (carry !== 0) { + this.words[i] = carry; + this.length++; + } + return this; +}; - case numberTag: - // Treat `NaN` vs. `NaN` as equal. - return (object != +object) - ? other != +other - : object == +other; +BN.prototype.cmpn = function cmpn(num) { + var sign = num < 0; + if (sign) + num = -num; - case regexpTag: - case stringTag: - // Coerce regexes to strings and treat strings primitives and string - // objects as equal. See https://es5.github.io/#x15.10.6.4 for more details. - return object == (other + ''); - } - return false; - } + if (this.sign && !sign) + return -1; + else if (!this.sign && sign) + return 1; - /** - * A specialized version of `baseIsEqualDeep` for objects with support for - * partial deep comparisons. - * - * @private - * @param {Object} object The object to compare. - * @param {Object} other The other object to compare. - * @param {Function} equalFunc The function to determine equivalents of values. - * @param {Function} [customizer] The function to customize comparing values. - * @param {boolean} [isLoose] Specify performing partial comparisons. - * @param {Array} [stackA] Tracks traversed `value` objects. - * @param {Array} [stackB] Tracks traversed `other` objects. - * @returns {boolean} Returns `true` if the objects are equivalent, else `false`. - */ - function equalObjects(object, other, equalFunc, customizer, isLoose, stackA, stackB) { - var objProps = keys(object), - objLength = objProps.length, - othProps = keys(other), - othLength = othProps.length; + num &= 0x3ffffff; + this.strip(); - if (objLength != othLength && !isLoose) { - return false; - } - var index = objLength; - while (index--) { - var key = objProps[index]; - if (!(isLoose ? key in other : hasOwnProperty.call(other, key))) { - return false; - } - } - var skipCtor = isLoose; - while (++index < objLength) { - key = objProps[index]; - var objValue = object[key], - othValue = other[key], - result = customizer ? customizer(isLoose ? othValue : objValue, isLoose? objValue : othValue, key) : undefined; + var res; + if (this.length > 1) { + res = 1; + } else { + var w = this.words[0]; + res = w === num ? 0 : w < num ? -1 : 1; + } + if (this.sign) + res = -res; + return res; +}; - // Recursively compare objects (susceptible to call stack limits). - if (!(result === undefined ? equalFunc(objValue, othValue, customizer, isLoose, stackA, stackB) : result)) { - return false; - } - skipCtor || (skipCtor = key == 'constructor'); - } - if (!skipCtor) { - var objCtor = object.constructor, - othCtor = other.constructor; +// Compare two numbers and return: +// 1 - if `this` > `num` +// 0 - if `this` == `num` +// -1 - if `this` < `num` +BN.prototype.cmp = function cmp(num) { + if (this.sign && !num.sign) + return -1; + else if (!this.sign && num.sign) + return 1; - // Non `Object` object instances with different constructors are not equal. - if (objCtor != othCtor && - ('constructor' in object && 'constructor' in other) && - !(typeof objCtor == 'function' && objCtor instanceof objCtor && - typeof othCtor == 'function' && othCtor instanceof othCtor)) { - return false; - } - } - return true; - } + var res = this.ucmp(num); + if (this.sign) + return -res; + else + return res; +}; - /** - * Gets the appropriate "callback" function. If the `_.callback` method is - * customized this function returns the custom method, otherwise it returns - * the `baseCallback` function. If arguments are provided the chosen function - * is invoked with them and its result is returned. - * - * @private - * @returns {Function} Returns the chosen function or its result. - */ - function getCallback(func, thisArg, argCount) { - var result = lodash.callback || callback; - result = result === callback ? baseCallback : result; - return argCount ? result(func, thisArg, argCount) : result; - } +// Unsigned comparison +BN.prototype.ucmp = function ucmp(num) { + // At this point both numbers have the same sign + if (this.length > num.length) + return 1; + else if (this.length < num.length) + return -1; - /** - * Gets metadata for `func`. - * - * @private - * @param {Function} func The function to query. - * @returns {*} Returns the metadata for `func`. - */ - var getData = !metaMap ? noop : function(func) { - return metaMap.get(func); - }; + var res = 0; + for (var i = this.length - 1; i >= 0; i--) { + var a = this.words[i]; + var b = num.words[i]; - /** - * Gets the name of `func`. - * - * @private - * @param {Function} func The function to query. - * @returns {string} Returns the function name. - */ - function getFuncName(func) { - var result = func.name, - array = realNames[result], - length = array ? array.length : 0; + if (a === b) + continue; + if (a < b) + res = -1; + else if (a > b) + res = 1; + break; + } + return res; +}; - while (length--) { - var data = array[length], - otherFunc = data.func; - if (otherFunc == null || otherFunc == func) { - return data.name; - } - } - return result; - } +// +// A reduce context, could be using montgomery or something better, depending +// on the `m` itself. +// +BN.red = function red(num) { + return new Red(num); +}; - /** - * Gets the appropriate "indexOf" function. If the `_.indexOf` method is - * customized this function returns the custom method, otherwise it returns - * the `baseIndexOf` function. If arguments are provided the chosen function - * is invoked with them and its result is returned. - * - * @private - * @returns {Function|number} Returns the chosen function or its result. - */ - function getIndexOf(collection, target, fromIndex) { - var result = lodash.indexOf || indexOf; - result = result === indexOf ? baseIndexOf : result; - return collection ? result(collection, target, fromIndex) : result; - } +BN.prototype.toRed = function toRed(ctx) { + assert(!this.red, 'Already a number in reduction context'); + assert(!this.sign, 'red works only with positives'); + return ctx.convertTo(this)._forceRed(ctx); +}; - /** - * Gets the "length" property value of `object`. - * - * **Note:** This function is used to avoid a [JIT bug](https://bugs.webkit.org/show_bug.cgi?id=142792) - * that affects Safari on at least iOS 8.1-8.3 ARM64. - * - * @private - * @param {Object} object The object to query. - * @returns {*} Returns the "length" value. - */ - var getLength = baseProperty('length'); +BN.prototype.fromRed = function fromRed() { + assert(this.red, 'fromRed works only with numbers in reduction context'); + return this.red.convertFrom(this); +}; - /** - * Gets the propery names, values, and compare flags of `object`. - * - * @private - * @param {Object} object The object to query. - * @returns {Array} Returns the match data of `object`. - */ - function getMatchData(object) { - var result = pairs(object), - length = result.length; +BN.prototype._forceRed = function _forceRed(ctx) { + this.red = ctx; + return this; +}; - while (length--) { - result[length][2] = isStrictComparable(result[length][1]); - } - return result; - } +BN.prototype.forceRed = function forceRed(ctx) { + assert(!this.red, 'Already a number in reduction context'); + return this._forceRed(ctx); +}; - /** - * Gets the native function at `key` of `object`. - * - * @private - * @param {Object} object The object to query. - * @param {string} key The key of the method to get. - * @returns {*} Returns the function if it's native, else `undefined`. - */ - function getNative(object, key) { - var value = object == null ? undefined : object[key]; - return isNative(value) ? value : undefined; - } +BN.prototype.redAdd = function redAdd(num) { + assert(this.red, 'redAdd works only with red numbers'); + return this.red.add(this, num); +}; - /** - * Gets the view, applying any `transforms` to the `start` and `end` positions. - * - * @private - * @param {number} start The start of the view. - * @param {number} end The end of the view. - * @param {Array} transforms The transformations to apply to the view. - * @returns {Object} Returns an object containing the `start` and `end` - * positions of the view. - */ - function getView(start, end, transforms) { - var index = -1, - length = transforms.length; +BN.prototype.redIAdd = function redIAdd(num) { + assert(this.red, 'redIAdd works only with red numbers'); + return this.red.iadd(this, num); +}; - while (++index < length) { - var data = transforms[index], - size = data.size; +BN.prototype.redSub = function redSub(num) { + assert(this.red, 'redSub works only with red numbers'); + return this.red.sub(this, num); +}; - switch (data.type) { - case 'drop': start += size; break; - case 'dropRight': end -= size; break; - case 'take': end = nativeMin(end, start + size); break; - case 'takeRight': start = nativeMax(start, end - size); break; - } - } - return { 'start': start, 'end': end }; - } +BN.prototype.redISub = function redISub(num) { + assert(this.red, 'redISub works only with red numbers'); + return this.red.isub(this, num); +}; - /** - * Initializes an array clone. - * - * @private - * @param {Array} array The array to clone. - * @returns {Array} Returns the initialized clone. - */ - function initCloneArray(array) { - var length = array.length, - result = new array.constructor(length); +BN.prototype.redShl = function redShl(num) { + assert(this.red, 'redShl works only with red numbers'); + return this.red.shl(this, num); +}; - // Add array properties assigned by `RegExp#exec`. - if (length && typeof array[0] == 'string' && hasOwnProperty.call(array, 'index')) { - result.index = array.index; - result.input = array.input; - } - return result; - } +BN.prototype.redMul = function redMul(num) { + assert(this.red, 'redMul works only with red numbers'); + this.red._verify2(this, num); + return this.red.mul(this, num); +}; - /** - * Initializes an object clone. - * - * @private - * @param {Object} object The object to clone. - * @returns {Object} Returns the initialized clone. - */ - function initCloneObject(object) { - var Ctor = object.constructor; - if (!(typeof Ctor == 'function' && Ctor instanceof Ctor)) { - Ctor = Object; - } - return new Ctor; - } +BN.prototype.redIMul = function redIMul(num) { + assert(this.red, 'redMul works only with red numbers'); + this.red._verify2(this, num); + return this.red.imul(this, num); +}; - /** - * Initializes an object clone based on its `toStringTag`. - * - * **Note:** This function only supports cloning values with tags of - * `Boolean`, `Date`, `Error`, `Number`, `RegExp`, or `String`. - * - * @private - * @param {Object} object The object to clone. - * @param {string} tag The `toStringTag` of the object to clone. - * @param {boolean} [isDeep] Specify a deep clone. - * @returns {Object} Returns the initialized clone. - */ - function initCloneByTag(object, tag, isDeep) { - var Ctor = object.constructor; - switch (tag) { - case arrayBufferTag: - return bufferClone(object); +BN.prototype.redSqr = function redSqr() { + assert(this.red, 'redSqr works only with red numbers'); + this.red._verify1(this); + return this.red.sqr(this); +}; - case boolTag: - case dateTag: - return new Ctor(+object); +BN.prototype.redISqr = function redISqr() { + assert(this.red, 'redISqr works only with red numbers'); + this.red._verify1(this); + return this.red.isqr(this); +}; - case float32Tag: case float64Tag: - case int8Tag: case int16Tag: case int32Tag: - case uint8Tag: case uint8ClampedTag: case uint16Tag: case uint32Tag: - var buffer = object.buffer; - return new Ctor(isDeep ? bufferClone(buffer) : buffer, object.byteOffset, object.length); +// Square root over p +BN.prototype.redSqrt = function redSqrt() { + assert(this.red, 'redSqrt works only with red numbers'); + this.red._verify1(this); + return this.red.sqrt(this); +}; - case numberTag: - case stringTag: - return new Ctor(object); +BN.prototype.redInvm = function redInvm() { + assert(this.red, 'redInvm works only with red numbers'); + this.red._verify1(this); + return this.red.invm(this); +}; - case regexpTag: - var result = new Ctor(object.source, reFlags.exec(object)); - result.lastIndex = object.lastIndex; - } - return result; - } +// Return negative clone of `this` % `red modulo` +BN.prototype.redNeg = function redNeg() { + assert(this.red, 'redNeg works only with red numbers'); + this.red._verify1(this); + return this.red.neg(this); +}; - /** - * Invokes the method at `path` on `object`. - * - * @private - * @param {Object} object The object to query. - * @param {Array|string} path The path of the method to invoke. - * @param {Array} args The arguments to invoke the method with. - * @returns {*} Returns the result of the invoked method. - */ - function invokePath(object, path, args) { - if (object != null && !isKey(path, object)) { - path = toPath(path); - object = path.length == 1 ? object : baseGet(object, baseSlice(path, 0, -1)); - path = last(path); - } - var func = object == null ? object : object[path]; - return func == null ? undefined : func.apply(object, args); - } +BN.prototype.redPow = function redPow(num) { + assert(this.red && !num.red, 'redPow(normalNum)'); + this.red._verify1(this); + return this.red.pow(this, num); +}; - /** - * Checks if `value` is array-like. - * - * @private - * @param {*} value The value to check. - * @returns {boolean} Returns `true` if `value` is array-like, else `false`. - */ - function isArrayLike(value) { - return value != null && isLength(getLength(value)); - } +// Prime numbers with efficient reduction +var primes = { + k256: null, + p224: null, + p192: null, + p25519: null +}; - /** - * Checks if `value` is a valid array-like index. - * - * @private - * @param {*} value The value to check. - * @param {number} [length=MAX_SAFE_INTEGER] The upper bounds of a valid index. - * @returns {boolean} Returns `true` if `value` is a valid index, else `false`. - */ - function isIndex(value, length) { - value = (typeof value == 'number' || reIsUint.test(value)) ? +value : -1; - length = length == null ? MAX_SAFE_INTEGER : length; - return value > -1 && value % 1 == 0 && value < length; - } +// Pseudo-Mersenne prime +function MPrime(name, p) { + // P = 2 ^ N - K + this.name = name; + this.p = new BN(p, 16); + this.n = this.p.bitLength(); + this.k = new BN(1).ishln(this.n).isub(this.p); - /** - * Checks if the provided arguments are from an iteratee call. - * - * @private - * @param {*} value The potential iteratee value argument. - * @param {*} index The potential iteratee index or key argument. - * @param {*} object The potential iteratee object argument. - * @returns {boolean} Returns `true` if the arguments are from an iteratee call, else `false`. - */ - function isIterateeCall(value, index, object) { - if (!isObject(object)) { - return false; - } - var type = typeof index; - if (type == 'number' - ? (isArrayLike(object) && isIndex(index, object.length)) - : (type == 'string' && index in object)) { - var other = object[index]; - return value === value ? (value === other) : (other !== other); - } - return false; - } + this.tmp = this._tmp(); +} - /** - * Checks if `value` is a property name and not a property path. - * - * @private - * @param {*} value The value to check. - * @param {Object} [object] The object to query keys on. - * @returns {boolean} Returns `true` if `value` is a property name, else `false`. - */ - function isKey(value, object) { - var type = typeof value; - if ((type == 'string' && reIsPlainProp.test(value)) || type == 'number') { - return true; - } - if (isArray(value)) { - return false; - } - var result = !reIsDeepProp.test(value); - return result || (object != null && value in toObject(object)); - } +MPrime.prototype._tmp = function _tmp() { + var tmp = new BN(null); + tmp.words = new Array(Math.ceil(this.n / 13)); + return tmp; +}; - /** - * Checks if `func` has a lazy counterpart. - * - * @private - * @param {Function} func The function to check. - * @returns {boolean} Returns `true` if `func` has a lazy counterpart, else `false`. - */ - function isLaziable(func) { - var funcName = getFuncName(func); - if (!(funcName in LazyWrapper.prototype)) { - return false; - } - var other = lodash[funcName]; - if (func === other) { - return true; - } - var data = getData(other); - return !!data && func === data[0]; - } +MPrime.prototype.ireduce = function ireduce(num) { + // Assumes that `num` is less than `P^2` + // num = HI * (2 ^ N - K) + HI * K + LO = HI * K + LO (mod P) + var r = num; + var rlen; - /** - * Checks if `value` is a valid array-like length. - * - * **Note:** This function is based on [`ToLength`](http://ecma-international.org/ecma-262/6.0/#sec-tolength). - * - * @private - * @param {*} value The value to check. - * @returns {boolean} Returns `true` if `value` is a valid length, else `false`. - */ - function isLength(value) { - return typeof value == 'number' && value > -1 && value % 1 == 0 && value <= MAX_SAFE_INTEGER; - } + do { + this.split(r, this.tmp); + r = this.imulK(r); + r = r.iadd(this.tmp); + rlen = r.bitLength(); + } while (rlen > this.n); - /** - * Checks if `value` is suitable for strict equality comparisons, i.e. `===`. - * - * @private - * @param {*} value The value to check. - * @returns {boolean} Returns `true` if `value` if suitable for strict - * equality comparisons, else `false`. - */ - function isStrictComparable(value) { - return value === value && !isObject(value); - } + var cmp = rlen < this.n ? -1 : r.ucmp(this.p); + if (cmp === 0) { + r.words[0] = 0; + r.length = 1; + } else if (cmp > 0) { + r.isub(this.p); + } else { + r.strip(); + } - /** - * Merges the function metadata of `source` into `data`. - * - * Merging metadata reduces the number of wrappers required to invoke a function. - * This is possible because methods like `_.bind`, `_.curry`, and `_.partial` - * may be applied regardless of execution order. Methods like `_.ary` and `_.rearg` - * augment function arguments, making the order in which they are executed important, - * preventing the merging of metadata. However, we make an exception for a safe - * common case where curried functions have `_.ary` and or `_.rearg` applied. - * - * @private - * @param {Array} data The destination metadata. - * @param {Array} source The source metadata. - * @returns {Array} Returns `data`. - */ - function mergeData(data, source) { - var bitmask = data[1], - srcBitmask = source[1], - newBitmask = bitmask | srcBitmask, - isCommon = newBitmask < ARY_FLAG; + return r; +}; - var isCombo = - (srcBitmask == ARY_FLAG && bitmask == CURRY_FLAG) || - (srcBitmask == ARY_FLAG && bitmask == REARG_FLAG && data[7].length <= source[8]) || - (srcBitmask == (ARY_FLAG | REARG_FLAG) && bitmask == CURRY_FLAG); +MPrime.prototype.split = function split(input, out) { + input.ishrn(this.n, 0, out); +}; - // Exit early if metadata can't be merged. - if (!(isCommon || isCombo)) { - return data; - } - // Use source `thisArg` if available. - if (srcBitmask & BIND_FLAG) { - data[2] = source[2]; - // Set when currying a bound function. - newBitmask |= (bitmask & BIND_FLAG) ? 0 : CURRY_BOUND_FLAG; - } - // Compose partial arguments. - var value = source[3]; - if (value) { - var partials = data[3]; - data[3] = partials ? composeArgs(partials, value, source[4]) : arrayCopy(value); - data[4] = partials ? replaceHolders(data[3], PLACEHOLDER) : arrayCopy(source[4]); - } - // Compose partial right arguments. - value = source[5]; - if (value) { - partials = data[5]; - data[5] = partials ? composeArgsRight(partials, value, source[6]) : arrayCopy(value); - data[6] = partials ? replaceHolders(data[5], PLACEHOLDER) : arrayCopy(source[6]); - } - // Use source `argPos` if available. - value = source[7]; - if (value) { - data[7] = arrayCopy(value); - } - // Use source `ary` if it's smaller. - if (srcBitmask & ARY_FLAG) { - data[8] = data[8] == null ? source[8] : nativeMin(data[8], source[8]); - } - // Use source `arity` if one is not provided. - if (data[9] == null) { - data[9] = source[9]; - } - // Use source `func` and merge bitmasks. - data[0] = source[0]; - data[1] = newBitmask; +MPrime.prototype.imulK = function imulK(num) { + return num.imul(this.k); +}; - return data; - } +function K256() { + MPrime.call( + this, + 'k256', + 'ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f'); +} +inherits(K256, MPrime); - /** - * Used by `_.defaultsDeep` to customize its `_.merge` use. - * - * @private - * @param {*} objectValue The destination object property value. - * @param {*} sourceValue The source object property value. - * @returns {*} Returns the value to assign to the destination object. - */ - function mergeDefaults(objectValue, sourceValue) { - return objectValue === undefined ? sourceValue : merge(objectValue, sourceValue, mergeDefaults); - } +K256.prototype.split = function split(input, output) { + // 256 = 9 * 26 + 22 + var mask = 0x3fffff; - /** - * A specialized version of `_.pick` which picks `object` properties specified - * by `props`. - * - * @private - * @param {Object} object The source object. - * @param {string[]} props The property names to pick. - * @returns {Object} Returns the new object. - */ - function pickByArray(object, props) { - object = toObject(object); + var outLen = Math.min(input.length, 9); + for (var i = 0; i < outLen; i++) + output.words[i] = input.words[i]; + output.length = outLen; - var index = -1, - length = props.length, - result = {}; + if (input.length <= 9) { + input.words[0] = 0; + input.length = 1; + return; + } - while (++index < length) { - var key = props[index]; - if (key in object) { - result[key] = object[key]; - } - } - return result; - } + // Shift by 9 limbs + var prev = input.words[9]; + output.words[output.length++] = prev & mask; - /** - * A specialized version of `_.pick` which picks `object` properties `predicate` - * returns truthy for. - * - * @private - * @param {Object} object The source object. - * @param {Function} predicate The function invoked per iteration. - * @returns {Object} Returns the new object. - */ - function pickByCallback(object, predicate) { - var result = {}; - baseForIn(object, function(value, key, object) { - if (predicate(value, key, object)) { - result[key] = value; - } - }); - return result; - } + for (var i = 10; i < input.length; i++) { + var next = input.words[i]; + input.words[i - 10] = ((next & mask) << 4) | (prev >>> 22); + prev = next; + } + input.words[i - 10] = prev >>> 22; + input.length -= 9; +}; - /** - * Reorder `array` according to the specified indexes where the element at - * the first index is assigned as the first element, the element at - * the second index is assigned as the second element, and so on. - * - * @private - * @param {Array} array The array to reorder. - * @param {Array} indexes The arranged array indexes. - * @returns {Array} Returns `array`. - */ - function reorder(array, indexes) { - var arrLength = array.length, - length = nativeMin(indexes.length, arrLength), - oldArray = arrayCopy(array); +K256.prototype.imulK = function imulK(num) { + // K = 0x1000003d1 = [ 0x40, 0x3d1 ] + num.words[num.length] = 0; + num.words[num.length + 1] = 0; + num.length += 2; - while (length--) { - var index = indexes[length]; - array[length] = isIndex(index, arrLength) ? oldArray[index] : undefined; - } - return array; - } + // bounded at: 0x40 * 0x3ffffff + 0x3d0 = 0x100000390 + var hi; + var lo = 0; + for (var i = 0; i < num.length; i++) { + var w = num.words[i]; + hi = w * 0x40; + lo += w * 0x3d1; + hi += (lo / 0x4000000) | 0; + lo &= 0x3ffffff; - /** - * Sets metadata for `func`. - * - * **Note:** If this function becomes hot, i.e. is invoked a lot in a short - * period of time, it will trip its breaker and transition to an identity function - * to avoid garbage collection pauses in V8. See [V8 issue 2070](https://code.google.com/p/v8/issues/detail?id=2070) - * for more details. - * - * @private - * @param {Function} func The function to associate metadata with. - * @param {*} data The metadata. - * @returns {Function} Returns `func`. - */ - var setData = (function() { - var count = 0, - lastCalled = 0; + num.words[i] = lo; - return function(key, value) { - var stamp = now(), - remaining = HOT_SPAN - (stamp - lastCalled); + lo = hi; + } - lastCalled = stamp; - if (remaining > 0) { - if (++count >= HOT_COUNT) { - return key; - } - } else { - count = 0; - } - return baseSetData(key, value); - }; - }()); + // Fast length reduction + if (num.words[num.length - 1] === 0) { + num.length--; + if (num.words[num.length - 1] === 0) + num.length--; + } + return num; +}; - /** - * A fallback implementation of `Object.keys` which creates an array of the - * own enumerable property names of `object`. - * - * @private - * @param {Object} object The object to query. - * @returns {Array} Returns the array of property names. - */ - function shimKeys(object) { - var props = keysIn(object), - propsLength = props.length, - length = propsLength && object.length; +function P224() { + MPrime.call( + this, + 'p224', + 'ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001'); +} +inherits(P224, MPrime); - var allowIndexes = !!length && isLength(length) && - (isArray(object) || isArguments(object)); +function P192() { + MPrime.call( + this, + 'p192', + 'ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff'); +} +inherits(P192, MPrime); - var index = -1, - result = []; +function P25519() { + // 2 ^ 255 - 19 + MPrime.call( + this, + '25519', + '7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed'); +} +inherits(P25519, MPrime); - while (++index < propsLength) { - var key = props[index]; - if ((allowIndexes && isIndex(key, length)) || hasOwnProperty.call(object, key)) { - result.push(key); - } - } - return result; - } +P25519.prototype.imulK = function imulK(num) { + // K = 0x13 + var carry = 0; + for (var i = 0; i < num.length; i++) { + var hi = num.words[i] * 0x13 + carry; + var lo = hi & 0x3ffffff; + hi >>>= 26; - /** - * Converts `value` to an array-like object if it's not one. - * - * @private - * @param {*} value The value to process. - * @returns {Array|Object} Returns the array-like object. - */ - function toIterable(value) { - if (value == null) { - return []; - } - if (!isArrayLike(value)) { - return values(value); - } - return isObject(value) ? value : Object(value); - } + num.words[i] = lo; + carry = hi; + } + if (carry !== 0) + num.words[num.length++] = carry; + return num; +}; - /** - * Converts `value` to an object if it's not one. - * - * @private - * @param {*} value The value to process. - * @returns {Object} Returns the object. - */ - function toObject(value) { - return isObject(value) ? value : Object(value); - } +// Exported mostly for testing purposes, use plain name instead +BN._prime = function prime(name) { + // Cached version of prime + if (primes[name]) + return primes[name]; - /** - * Converts `value` to property path array if it's not one. - * - * @private - * @param {*} value The value to process. - * @returns {Array} Returns the property path array. - */ - function toPath(value) { - if (isArray(value)) { - return value; - } - var result = []; - baseToString(value).replace(rePropName, function(match, number, quote, string) { - result.push(quote ? string.replace(reEscapeChar, '$1') : (number || match)); - }); - return result; - } + var prime; + if (name === 'k256') + prime = new K256(); + else if (name === 'p224') + prime = new P224(); + else if (name === 'p192') + prime = new P192(); + else if (name === 'p25519') + prime = new P25519(); + else + throw new Error('Unknown prime ' + name); + primes[name] = prime; - /** - * Creates a clone of `wrapper`. - * - * @private - * @param {Object} wrapper The wrapper to clone. - * @returns {Object} Returns the cloned wrapper. - */ - function wrapperClone(wrapper) { - return wrapper instanceof LazyWrapper - ? wrapper.clone() - : new LodashWrapper(wrapper.__wrapped__, wrapper.__chain__, arrayCopy(wrapper.__actions__)); - } + return prime; +}; - /*------------------------------------------------------------------------*/ +// +// Base reduction engine +// +function Red(m) { + if (typeof m === 'string') { + var prime = BN._prime(m); + this.m = prime.p; + this.prime = prime; + } else { + this.m = m; + this.prime = null; + } +} - /** - * Creates an array of elements split into groups the length of `size`. - * If `collection` can't be split evenly, the final chunk will be the remaining - * elements. - * - * @static - * @memberOf _ - * @category Array - * @param {Array} array The array to process. - * @param {number} [size=1] The length of each chunk. - * @param- {Object} [guard] Enables use as a callback for functions like `_.map`. - * @returns {Array} Returns the new array containing chunks. - * @example - * - * _.chunk(['a', 'b', 'c', 'd'], 2); - * // => [['a', 'b'], ['c', 'd']] - * - * _.chunk(['a', 'b', 'c', 'd'], 3); - * // => [['a', 'b', 'c'], ['d']] - */ - function chunk(array, size, guard) { - if (guard ? isIterateeCall(array, size, guard) : size == null) { - size = 1; - } else { - size = nativeMax(nativeFloor(size) || 1, 1); - } - var index = 0, - length = array ? array.length : 0, - resIndex = -1, - result = Array(nativeCeil(length / size)); +Red.prototype._verify1 = function _verify1(a) { + assert(!a.sign, 'red works only with positives'); + assert(a.red, 'red works only with red numbers'); +}; - while (index < length) { - result[++resIndex] = baseSlice(array, index, (index += size)); - } - return result; - } +Red.prototype._verify2 = function _verify2(a, b) { + assert(!a.sign && !b.sign, 'red works only with positives'); + assert(a.red && a.red === b.red, + 'red works only with red numbers'); +}; - /** - * Creates an array with all falsey values removed. The values `false`, `null`, - * `0`, `""`, `undefined`, and `NaN` are falsey. - * - * @static - * @memberOf _ - * @category Array - * @param {Array} array The array to compact. - * @returns {Array} Returns the new array of filtered values. - * @example - * - * _.compact([0, 1, false, 2, '', 3]); - * // => [1, 2, 3] - */ - function compact(array) { - var index = -1, - length = array ? array.length : 0, - resIndex = -1, - result = []; +Red.prototype.imod = function imod(a) { + if (this.prime) + return this.prime.ireduce(a)._forceRed(this); + return a.mod(this.m)._forceRed(this); +}; - while (++index < length) { - var value = array[index]; - if (value) { - result[++resIndex] = value; - } - } - return result; - } +Red.prototype.neg = function neg(a) { + var r = a.clone(); + r.sign = !r.sign; + return r.iadd(this.m)._forceRed(this); +}; - /** - * Creates an array of unique `array` values not included in the other - * provided arrays using [`SameValueZero`](http://ecma-international.org/ecma-262/6.0/#sec-samevaluezero) - * for equality comparisons. - * - * @static - * @memberOf _ - * @category Array - * @param {Array} array The array to inspect. - * @param {...Array} [values] The arrays of values to exclude. - * @returns {Array} Returns the new array of filtered values. - * @example - * - * _.difference([1, 2, 3], [4, 2]); - * // => [1, 3] - */ - var difference = restParam(function(array, values) { - return (isObjectLike(array) && isArrayLike(array)) - ? baseDifference(array, baseFlatten(values, false, true)) - : []; - }); +Red.prototype.add = function add(a, b) { + this._verify2(a, b); - /** - * Creates a slice of `array` with `n` elements dropped from the beginning. - * - * @static - * @memberOf _ - * @category Array - * @param {Array} array The array to query. - * @param {number} [n=1] The number of elements to drop. - * @param- {Object} [guard] Enables use as a callback for functions like `_.map`. - * @returns {Array} Returns the slice of `array`. - * @example - * - * _.drop([1, 2, 3]); - * // => [2, 3] - * - * _.drop([1, 2, 3], 2); - * // => [3] - * - * _.drop([1, 2, 3], 5); - * // => [] - * - * _.drop([1, 2, 3], 0); - * // => [1, 2, 3] - */ - function drop(array, n, guard) { - var length = array ? array.length : 0; - if (!length) { - return []; - } - if (guard ? isIterateeCall(array, n, guard) : n == null) { - n = 1; - } - return baseSlice(array, n < 0 ? 0 : n); - } + var res = a.add(b); + if (res.cmp(this.m) >= 0) + res.isub(this.m); + return res._forceRed(this); +}; - /** - * Creates a slice of `array` with `n` elements dropped from the end. - * - * @static - * @memberOf _ - * @category Array - * @param {Array} array The array to query. - * @param {number} [n=1] The number of elements to drop. - * @param- {Object} [guard] Enables use as a callback for functions like `_.map`. - * @returns {Array} Returns the slice of `array`. - * @example - * - * _.dropRight([1, 2, 3]); - * // => [1, 2] - * - * _.dropRight([1, 2, 3], 2); - * // => [1] - * - * _.dropRight([1, 2, 3], 5); - * // => [] - * - * _.dropRight([1, 2, 3], 0); - * // => [1, 2, 3] - */ - function dropRight(array, n, guard) { - var length = array ? array.length : 0; - if (!length) { - return []; - } - if (guard ? isIterateeCall(array, n, guard) : n == null) { - n = 1; - } - n = length - (+n || 0); - return baseSlice(array, 0, n < 0 ? 0 : n); - } +Red.prototype.iadd = function iadd(a, b) { + this._verify2(a, b); - /** - * Creates a slice of `array` excluding elements dropped from the end. - * Elements are dropped until `predicate` returns falsey. The predicate is - * bound to `thisArg` and invoked with three arguments: (value, index, array). - * - * If a property name is provided for `predicate` the created `_.property` - * style callback returns the property value of the given element. - * - * If a value is also provided for `thisArg` the created `_.matchesProperty` - * style callback returns `true` for elements that have a matching property - * value, else `false`. - * - * If an object is provided for `predicate` the created `_.matches` style - * callback returns `true` for elements that match the properties of the given - * object, else `false`. - * - * @static - * @memberOf _ - * @category Array - * @param {Array} array The array to query. - * @param {Function|Object|string} [predicate=_.identity] The function invoked - * per iteration. - * @param {*} [thisArg] The `this` binding of `predicate`. - * @returns {Array} Returns the slice of `array`. - * @example - * - * _.dropRightWhile([1, 2, 3], function(n) { - * return n > 1; - * }); - * // => [1] - * - * var users = [ - * { 'user': 'barney', 'active': true }, - * { 'user': 'fred', 'active': false }, - * { 'user': 'pebbles', 'active': false } - * ]; - * - * // using the `_.matches` callback shorthand - * _.pluck(_.dropRightWhile(users, { 'user': 'pebbles', 'active': false }), 'user'); - * // => ['barney', 'fred'] - * - * // using the `_.matchesProperty` callback shorthand - * _.pluck(_.dropRightWhile(users, 'active', false), 'user'); - * // => ['barney'] - * - * // using the `_.property` callback shorthand - * _.pluck(_.dropRightWhile(users, 'active'), 'user'); - * // => ['barney', 'fred', 'pebbles'] - */ - function dropRightWhile(array, predicate, thisArg) { - return (array && array.length) - ? baseWhile(array, getCallback(predicate, thisArg, 3), true, true) - : []; - } + var res = a.iadd(b); + if (res.cmp(this.m) >= 0) + res.isub(this.m); + return res; +}; - /** - * Creates a slice of `array` excluding elements dropped from the beginning. - * Elements are dropped until `predicate` returns falsey. The predicate is - * bound to `thisArg` and invoked with three arguments: (value, index, array). - * - * If a property name is provided for `predicate` the created `_.property` - * style callback returns the property value of the given element. - * - * If a value is also provided for `thisArg` the created `_.matchesProperty` - * style callback returns `true` for elements that have a matching property - * value, else `false`. - * - * If an object is provided for `predicate` the created `_.matches` style - * callback returns `true` for elements that have the properties of the given - * object, else `false`. - * - * @static - * @memberOf _ - * @category Array - * @param {Array} array The array to query. - * @param {Function|Object|string} [predicate=_.identity] The function invoked - * per iteration. - * @param {*} [thisArg] The `this` binding of `predicate`. - * @returns {Array} Returns the slice of `array`. - * @example - * - * _.dropWhile([1, 2, 3], function(n) { - * return n < 3; - * }); - * // => [3] - * - * var users = [ - * { 'user': 'barney', 'active': false }, - * { 'user': 'fred', 'active': false }, - * { 'user': 'pebbles', 'active': true } - * ]; - * - * // using the `_.matches` callback shorthand - * _.pluck(_.dropWhile(users, { 'user': 'barney', 'active': false }), 'user'); - * // => ['fred', 'pebbles'] - * - * // using the `_.matchesProperty` callback shorthand - * _.pluck(_.dropWhile(users, 'active', false), 'user'); - * // => ['pebbles'] - * - * // using the `_.property` callback shorthand - * _.pluck(_.dropWhile(users, 'active'), 'user'); - * // => ['barney', 'fred', 'pebbles'] - */ - function dropWhile(array, predicate, thisArg) { - return (array && array.length) - ? baseWhile(array, getCallback(predicate, thisArg, 3), true) - : []; - } +Red.prototype.sub = function sub(a, b) { + this._verify2(a, b); - /** - * Fills elements of `array` with `value` from `start` up to, but not - * including, `end`. - * - * **Note:** This method mutates `array`. - * - * @static - * @memberOf _ - * @category Array - * @param {Array} array The array to fill. - * @param {*} value The value to fill `array` with. - * @param {number} [start=0] The start position. - * @param {number} [end=array.length] The end position. - * @returns {Array} Returns `array`. - * @example - * - * var array = [1, 2, 3]; - * - * _.fill(array, 'a'); - * console.log(array); - * // => ['a', 'a', 'a'] - * - * _.fill(Array(3), 2); - * // => [2, 2, 2] - * - * _.fill([4, 6, 8], '*', 1, 2); - * // => [4, '*', 8] - */ - function fill(array, value, start, end) { - var length = array ? array.length : 0; - if (!length) { - return []; - } - if (start && typeof start != 'number' && isIterateeCall(array, value, start)) { - start = 0; - end = length; - } - return baseFill(array, value, start, end); - } + var res = a.sub(b); + if (res.cmpn(0) < 0) + res.iadd(this.m); + return res._forceRed(this); +}; - /** - * This method is like `_.find` except that it returns the index of the first - * element `predicate` returns truthy for instead of the element itself. - * - * If a property name is provided for `predicate` the created `_.property` - * style callback returns the property value of the given element. - * - * If a value is also provided for `thisArg` the created `_.matchesProperty` - * style callback returns `true` for elements that have a matching property - * value, else `false`. - * - * If an object is provided for `predicate` the created `_.matches` style - * callback returns `true` for elements that have the properties of the given - * object, else `false`. - * - * @static - * @memberOf _ - * @category Array - * @param {Array} array The array to search. - * @param {Function|Object|string} [predicate=_.identity] The function invoked - * per iteration. - * @param {*} [thisArg] The `this` binding of `predicate`. - * @returns {number} Returns the index of the found element, else `-1`. - * @example - * - * var users = [ - * { 'user': 'barney', 'active': false }, - * { 'user': 'fred', 'active': false }, - * { 'user': 'pebbles', 'active': true } - * ]; - * - * _.findIndex(users, function(chr) { - * return chr.user == 'barney'; - * }); - * // => 0 - * - * // using the `_.matches` callback shorthand - * _.findIndex(users, { 'user': 'fred', 'active': false }); - * // => 1 - * - * // using the `_.matchesProperty` callback shorthand - * _.findIndex(users, 'active', false); - * // => 0 - * - * // using the `_.property` callback shorthand - * _.findIndex(users, 'active'); - * // => 2 - */ - var findIndex = createFindIndex(); +Red.prototype.isub = function isub(a, b) { + this._verify2(a, b); - /** - * This method is like `_.findIndex` except that it iterates over elements - * of `collection` from right to left. - * - * If a property name is provided for `predicate` the created `_.property` - * style callback returns the property value of the given element. - * - * If a value is also provided for `thisArg` the created `_.matchesProperty` - * style callback returns `true` for elements that have a matching property - * value, else `false`. - * - * If an object is provided for `predicate` the created `_.matches` style - * callback returns `true` for elements that have the properties of the given - * object, else `false`. - * - * @static - * @memberOf _ - * @category Array - * @param {Array} array The array to search. - * @param {Function|Object|string} [predicate=_.identity] The function invoked - * per iteration. - * @param {*} [thisArg] The `this` binding of `predicate`. - * @returns {number} Returns the index of the found element, else `-1`. - * @example - * - * var users = [ - * { 'user': 'barney', 'active': true }, - * { 'user': 'fred', 'active': false }, - * { 'user': 'pebbles', 'active': false } - * ]; - * - * _.findLastIndex(users, function(chr) { - * return chr.user == 'pebbles'; - * }); - * // => 2 - * - * // using the `_.matches` callback shorthand - * _.findLastIndex(users, { 'user': 'barney', 'active': true }); - * // => 0 - * - * // using the `_.matchesProperty` callback shorthand - * _.findLastIndex(users, 'active', false); - * // => 2 - * - * // using the `_.property` callback shorthand - * _.findLastIndex(users, 'active'); - * // => 0 - */ - var findLastIndex = createFindIndex(true); + var res = a.isub(b); + if (res.cmpn(0) < 0) + res.iadd(this.m); + return res; +}; - /** - * Gets the first element of `array`. - * - * @static - * @memberOf _ - * @alias head - * @category Array - * @param {Array} array The array to query. - * @returns {*} Returns the first element of `array`. - * @example - * - * _.first([1, 2, 3]); - * // => 1 - * - * _.first([]); - * // => undefined - */ - function first(array) { - return array ? array[0] : undefined; - } +Red.prototype.shl = function shl(a, num) { + this._verify1(a); + return this.imod(a.shln(num)); +}; - /** - * Flattens a nested array. If `isDeep` is `true` the array is recursively - * flattened, otherwise it is only flattened a single level. - * - * @static - * @memberOf _ - * @category Array - * @param {Array} array The array to flatten. - * @param {boolean} [isDeep] Specify a deep flatten. - * @param- {Object} [guard] Enables use as a callback for functions like `_.map`. - * @returns {Array} Returns the new flattened array. - * @example - * - * _.flatten([1, [2, 3, [4]]]); - * // => [1, 2, 3, [4]] - * - * // using `isDeep` - * _.flatten([1, [2, 3, [4]]], true); - * // => [1, 2, 3, 4] - */ - function flatten(array, isDeep, guard) { - var length = array ? array.length : 0; - if (guard && isIterateeCall(array, isDeep, guard)) { - isDeep = false; - } - return length ? baseFlatten(array, isDeep) : []; - } +Red.prototype.imul = function imul(a, b) { + this._verify2(a, b); + return this.imod(a.imul(b)); +}; - /** - * Recursively flattens a nested array. - * - * @static - * @memberOf _ - * @category Array - * @param {Array} array The array to recursively flatten. - * @returns {Array} Returns the new flattened array. - * @example - * - * _.flattenDeep([1, [2, 3, [4]]]); - * // => [1, 2, 3, 4] - */ - function flattenDeep(array) { - var length = array ? array.length : 0; - return length ? baseFlatten(array, true) : []; - } +Red.prototype.mul = function mul(a, b) { + this._verify2(a, b); + return this.imod(a.mul(b)); +}; - /** - * Gets the index at which the first occurrence of `value` is found in `array` - * using [`SameValueZero`](http://ecma-international.org/ecma-262/6.0/#sec-samevaluezero) - * for equality comparisons. If `fromIndex` is negative, it is used as the offset - * from the end of `array`. If `array` is sorted providing `true` for `fromIndex` - * performs a faster binary search. - * - * @static - * @memberOf _ - * @category Array - * @param {Array} array The array to search. - * @param {*} value The value to search for. - * @param {boolean|number} [fromIndex=0] The index to search from or `true` - * to perform a binary search on a sorted array. - * @returns {number} Returns the index of the matched value, else `-1`. - * @example - * - * _.indexOf([1, 2, 1, 2], 2); - * // => 1 - * - * // using `fromIndex` - * _.indexOf([1, 2, 1, 2], 2, 2); - * // => 3 - * - * // performing a binary search - * _.indexOf([1, 1, 2, 2], 2, true); - * // => 2 - */ - function indexOf(array, value, fromIndex) { - var length = array ? array.length : 0; - if (!length) { - return -1; - } - if (typeof fromIndex == 'number') { - fromIndex = fromIndex < 0 ? nativeMax(length + fromIndex, 0) : fromIndex; - } else if (fromIndex) { - var index = binaryIndex(array, value); - if (index < length && - (value === value ? (value === array[index]) : (array[index] !== array[index]))) { - return index; - } - return -1; - } - return baseIndexOf(array, value, fromIndex || 0); - } +Red.prototype.isqr = function isqr(a) { + return this.imul(a, a); +}; - /** - * Gets all but the last element of `array`. - * - * @static - * @memberOf _ - * @category Array - * @param {Array} array The array to query. - * @returns {Array} Returns the slice of `array`. - * @example - * - * _.initial([1, 2, 3]); - * // => [1, 2] - */ - function initial(array) { - return dropRight(array, 1); - } +Red.prototype.sqr = function sqr(a) { + return this.mul(a, a); +}; - /** - * Creates an array of unique values that are included in all of the provided - * arrays using [`SameValueZero`](http://ecma-international.org/ecma-262/6.0/#sec-samevaluezero) - * for equality comparisons. - * - * @static - * @memberOf _ - * @category Array - * @param {...Array} [arrays] The arrays to inspect. - * @returns {Array} Returns the new array of shared values. - * @example - * _.intersection([1, 2], [4, 2], [2, 1]); - * // => [2] - */ - var intersection = restParam(function(arrays) { - var othLength = arrays.length, - othIndex = othLength, - caches = Array(length), - indexOf = getIndexOf(), - isCommon = indexOf == baseIndexOf, - result = []; +Red.prototype.sqrt = function sqrt(a) { + if (a.cmpn(0) === 0) + return a.clone(); - while (othIndex--) { - var value = arrays[othIndex] = isArrayLike(value = arrays[othIndex]) ? value : []; - caches[othIndex] = (isCommon && value.length >= 120) ? createCache(othIndex && value) : null; - } - var array = arrays[0], - index = -1, - length = array ? array.length : 0, - seen = caches[0]; + var mod3 = this.m.andln(3); + assert(mod3 % 2 === 1); - outer: - while (++index < length) { - value = array[index]; - if ((seen ? cacheIndexOf(seen, value) : indexOf(result, value, 0)) < 0) { - var othIndex = othLength; - while (--othIndex) { - var cache = caches[othIndex]; - if ((cache ? cacheIndexOf(cache, value) : indexOf(arrays[othIndex], value, 0)) < 0) { - continue outer; - } - } - if (seen) { - seen.push(value); - } - result.push(value); - } - } - return result; - }); + // Fast case + if (mod3 === 3) { + var pow = this.m.add(new BN(1)).ishrn(2); + var r = this.pow(a, pow); + return r; + } - /** - * Gets the last element of `array`. - * - * @static - * @memberOf _ - * @category Array - * @param {Array} array The array to query. - * @returns {*} Returns the last element of `array`. - * @example - * - * _.last([1, 2, 3]); - * // => 3 - */ - function last(array) { - var length = array ? array.length : 0; - return length ? array[length - 1] : undefined; - } + // Tonelli-Shanks algorithm (Totally unoptimized and slow) + // + // Find Q and S, that Q * 2 ^ S = (P - 1) + var q = this.m.subn(1); + var s = 0; + while (q.cmpn(0) !== 0 && q.andln(1) === 0) { + s++; + q.ishrn(1); + } + assert(q.cmpn(0) !== 0); - /** - * This method is like `_.indexOf` except that it iterates over elements of - * `array` from right to left. - * - * @static - * @memberOf _ - * @category Array - * @param {Array} array The array to search. - * @param {*} value The value to search for. - * @param {boolean|number} [fromIndex=array.length-1] The index to search from - * or `true` to perform a binary search on a sorted array. - * @returns {number} Returns the index of the matched value, else `-1`. - * @example - * - * _.lastIndexOf([1, 2, 1, 2], 2); - * // => 3 - * - * // using `fromIndex` - * _.lastIndexOf([1, 2, 1, 2], 2, 2); - * // => 1 - * - * // performing a binary search - * _.lastIndexOf([1, 1, 2, 2], 2, true); - * // => 3 - */ - function lastIndexOf(array, value, fromIndex) { - var length = array ? array.length : 0; - if (!length) { - return -1; - } - var index = length; - if (typeof fromIndex == 'number') { - index = (fromIndex < 0 ? nativeMax(length + fromIndex, 0) : nativeMin(fromIndex || 0, length - 1)) + 1; - } else if (fromIndex) { - index = binaryIndex(array, value, true) - 1; - var other = array[index]; - if (value === value ? (value === other) : (other !== other)) { - return index; - } - return -1; - } - if (value !== value) { - return indexOfNaN(array, index, true); - } - while (index--) { - if (array[index] === value) { - return index; - } - } - return -1; - } + var one = new BN(1).toRed(this); + var nOne = one.redNeg(); - /** - * Removes all provided values from `array` using - * [`SameValueZero`](http://ecma-international.org/ecma-262/6.0/#sec-samevaluezero) - * for equality comparisons. - * - * **Note:** Unlike `_.without`, this method mutates `array`. - * - * @static - * @memberOf _ - * @category Array - * @param {Array} array The array to modify. - * @param {...*} [values] The values to remove. - * @returns {Array} Returns `array`. - * @example - * - * var array = [1, 2, 3, 1, 2, 3]; - * - * _.pull(array, 2, 3); - * console.log(array); - * // => [1, 1] - */ - function pull() { - var args = arguments, - array = args[0]; + // Find quadratic non-residue + // NOTE: Max is such because of generalized Riemann hypothesis. + var lpow = this.m.subn(1).ishrn(1); + var z = this.m.bitLength(); + z = new BN(2 * z * z).toRed(this); + while (this.pow(z, lpow).cmp(nOne) !== 0) + z.redIAdd(nOne); - if (!(array && array.length)) { - return array; - } - var index = 0, - indexOf = getIndexOf(), - length = args.length; + var c = this.pow(z, q); + var r = this.pow(a, q.addn(1).ishrn(1)); + var t = this.pow(a, q); + var m = s; + while (t.cmp(one) !== 0) { + var tmp = t; + for (var i = 0; tmp.cmp(one) !== 0; i++) + tmp = tmp.redSqr(); + assert(i < m); + var b = this.pow(c, new BN(1).ishln(m - i - 1)); - while (++index < length) { - var fromIndex = 0, - value = args[index]; + r = r.redMul(b); + c = b.redSqr(); + t = t.redMul(c); + m = i; + } - while ((fromIndex = indexOf(array, value, fromIndex)) > -1) { - splice.call(array, fromIndex, 1); - } - } - return array; - } + return r; +}; - /** - * Removes elements from `array` corresponding to the given indexes and returns - * an array of the removed elements. Indexes may be specified as an array of - * indexes or as individual arguments. - * - * **Note:** Unlike `_.at`, this method mutates `array`. - * - * @static - * @memberOf _ - * @category Array - * @param {Array} array The array to modify. - * @param {...(number|number[])} [indexes] The indexes of elements to remove, - * specified as individual indexes or arrays of indexes. - * @returns {Array} Returns the new array of removed elements. - * @example - * - * var array = [5, 10, 15, 20]; - * var evens = _.pullAt(array, 1, 3); - * - * console.log(array); - * // => [5, 15] - * - * console.log(evens); - * // => [10, 20] - */ - var pullAt = restParam(function(array, indexes) { - indexes = baseFlatten(indexes); +Red.prototype.invm = function invm(a) { + var inv = a._invmp(this.m); + if (inv.sign) { + inv.sign = false; + return this.imod(inv).redNeg(); + } else { + return this.imod(inv); + } +}; - var result = baseAt(array, indexes); - basePullAt(array, indexes.sort(baseCompareAscending)); - return result; - }); +Red.prototype.pow = function pow(a, num) { + var w = []; - /** - * Removes all elements from `array` that `predicate` returns truthy for - * and returns an array of the removed elements. The predicate is bound to - * `thisArg` and invoked with three arguments: (value, index, array). - * - * If a property name is provided for `predicate` the created `_.property` - * style callback returns the property value of the given element. - * - * If a value is also provided for `thisArg` the created `_.matchesProperty` - * style callback returns `true` for elements that have a matching property - * value, else `false`. - * - * If an object is provided for `predicate` the created `_.matches` style - * callback returns `true` for elements that have the properties of the given - * object, else `false`. - * - * **Note:** Unlike `_.filter`, this method mutates `array`. - * - * @static - * @memberOf _ - * @category Array - * @param {Array} array The array to modify. - * @param {Function|Object|string} [predicate=_.identity] The function invoked - * per iteration. - * @param {*} [thisArg] The `this` binding of `predicate`. - * @returns {Array} Returns the new array of removed elements. - * @example - * - * var array = [1, 2, 3, 4]; - * var evens = _.remove(array, function(n) { - * return n % 2 == 0; - * }); - * - * console.log(array); - * // => [1, 3] - * - * console.log(evens); - * // => [2, 4] - */ - function remove(array, predicate, thisArg) { - var result = []; - if (!(array && array.length)) { - return result; - } - var index = -1, - indexes = [], - length = array.length; + if (num.cmpn(0) === 0) + return new BN(1); - predicate = getCallback(predicate, thisArg, 3); - while (++index < length) { - var value = array[index]; - if (predicate(value, index, array)) { - result.push(value); - indexes.push(index); - } - } - basePullAt(array, indexes); - return result; - } + var q = num.clone(); - /** - * Gets all but the first element of `array`. - * - * @static - * @memberOf _ - * @alias tail - * @category Array - * @param {Array} array The array to query. - * @returns {Array} Returns the slice of `array`. - * @example - * - * _.rest([1, 2, 3]); - * // => [2, 3] - */ - function rest(array) { - return drop(array, 1); - } + while (q.cmpn(0) !== 0) { + w.push(q.andln(1)); + q.ishrn(1); + } - /** - * Creates a slice of `array` from `start` up to, but not including, `end`. - * - * **Note:** This method is used instead of `Array#slice` to support node - * lists in IE < 9 and to ensure dense arrays are returned. - * - * @static - * @memberOf _ - * @category Array - * @param {Array} array The array to slice. - * @param {number} [start=0] The start position. - * @param {number} [end=array.length] The end position. - * @returns {Array} Returns the slice of `array`. - */ - function slice(array, start, end) { - var length = array ? array.length : 0; - if (!length) { - return []; - } - if (end && typeof end != 'number' && isIterateeCall(array, start, end)) { - start = 0; - end = length; - } - return baseSlice(array, start, end); + // Skip leading zeroes + var res = a; + for (var i = 0; i < w.length; i++, res = this.sqr(res)) + if (w[i] !== 0) + break; + + if (++i < w.length) { + for (var q = this.sqr(res); i < w.length; i++, q = this.sqr(q)) { + if (w[i] === 0) + continue; + res = this.mul(res, q); } + } - /** - * Uses a binary search to determine the lowest index at which `value` should - * be inserted into `array` in order to maintain its sort order. If an iteratee - * function is provided it is invoked for `value` and each element of `array` - * to compute their sort ranking. The iteratee is bound to `thisArg` and - * invoked with one argument; (value). - * - * If a property name is provided for `iteratee` the created `_.property` - * style callback returns the property value of the given element. - * - * If a value is also provided for `thisArg` the created `_.matchesProperty` - * style callback returns `true` for elements that have a matching property - * value, else `false`. - * - * If an object is provided for `iteratee` the created `_.matches` style - * callback returns `true` for elements that have the properties of the given - * object, else `false`. - * - * @static - * @memberOf _ - * @category Array - * @param {Array} array The sorted array to inspect. - * @param {*} value The value to evaluate. - * @param {Function|Object|string} [iteratee=_.identity] The function invoked - * per iteration. - * @param {*} [thisArg] The `this` binding of `iteratee`. - * @returns {number} Returns the index at which `value` should be inserted - * into `array`. - * @example - * - * _.sortedIndex([30, 50], 40); - * // => 1 - * - * _.sortedIndex([4, 4, 5, 5], 5); - * // => 2 - * - * var dict = { 'data': { 'thirty': 30, 'forty': 40, 'fifty': 50 } }; - * - * // using an iteratee function - * _.sortedIndex(['thirty', 'fifty'], 'forty', function(word) { - * return this.data[word]; - * }, dict); - * // => 1 - * - * // using the `_.property` callback shorthand - * _.sortedIndex([{ 'x': 30 }, { 'x': 50 }], { 'x': 40 }, 'x'); - * // => 1 - */ - var sortedIndex = createSortedIndex(); + return res; +}; - /** - * This method is like `_.sortedIndex` except that it returns the highest - * index at which `value` should be inserted into `array` in order to - * maintain its sort order. - * - * @static - * @memberOf _ - * @category Array - * @param {Array} array The sorted array to inspect. - * @param {*} value The value to evaluate. - * @param {Function|Object|string} [iteratee=_.identity] The function invoked - * per iteration. - * @param {*} [thisArg] The `this` binding of `iteratee`. - * @returns {number} Returns the index at which `value` should be inserted - * into `array`. - * @example - * - * _.sortedLastIndex([4, 4, 5, 5], 5); - * // => 4 - */ - var sortedLastIndex = createSortedIndex(true); +Red.prototype.convertTo = function convertTo(num) { + return num.clone(); +}; - /** - * Creates a slice of `array` with `n` elements taken from the beginning. - * - * @static - * @memberOf _ - * @category Array - * @param {Array} array The array to query. - * @param {number} [n=1] The number of elements to take. - * @param- {Object} [guard] Enables use as a callback for functions like `_.map`. - * @returns {Array} Returns the slice of `array`. - * @example - * - * _.take([1, 2, 3]); - * // => [1] - * - * _.take([1, 2, 3], 2); - * // => [1, 2] - * - * _.take([1, 2, 3], 5); - * // => [1, 2, 3] - * - * _.take([1, 2, 3], 0); - * // => [] - */ - function take(array, n, guard) { - var length = array ? array.length : 0; - if (!length) { - return []; - } - if (guard ? isIterateeCall(array, n, guard) : n == null) { - n = 1; - } - return baseSlice(array, 0, n < 0 ? 0 : n); +Red.prototype.convertFrom = function convertFrom(num) { + var res = num.clone(); + res.red = null; + return res; +}; + +// +// Montgomery method engine +// + +BN.mont = function mont(num) { + return new Mont(num); +}; + +function Mont(m) { + Red.call(this, m); + + this.shift = this.m.bitLength(); + if (this.shift % 26 !== 0) + this.shift += 26 - (this.shift % 26); + this.r = new BN(1).ishln(this.shift); + this.r2 = this.imod(this.r.sqr()); + this.rinv = this.r._invmp(this.m); + + this.minv = this.rinv.mul(this.r).isubn(1).div(this.m); + this.minv.sign = true; + this.minv = this.minv.mod(this.r); +} +inherits(Mont, Red); + +Mont.prototype.convertTo = function convertTo(num) { + return this.imod(num.shln(this.shift)); +}; + +Mont.prototype.convertFrom = function convertFrom(num) { + var r = this.imod(num.mul(this.rinv)); + r.red = null; + return r; +}; + +Mont.prototype.imul = function imul(a, b) { + if (a.cmpn(0) === 0 || b.cmpn(0) === 0) { + a.words[0] = 0; + a.length = 1; + return a; + } + + var t = a.imul(b); + var c = t.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m); + var u = t.isub(c).ishrn(this.shift); + var res = u; + if (u.cmp(this.m) >= 0) + res = u.isub(this.m); + else if (u.cmpn(0) < 0) + res = u.iadd(this.m); + + return res._forceRed(this); +}; + +Mont.prototype.mul = function mul(a, b) { + if (a.cmpn(0) === 0 || b.cmpn(0) === 0) + return new BN(0)._forceRed(this); + + var t = a.mul(b); + var c = t.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m); + var u = t.isub(c).ishrn(this.shift); + var res = u; + if (u.cmp(this.m) >= 0) + res = u.isub(this.m); + else if (u.cmpn(0) < 0) + res = u.iadd(this.m); + + return res._forceRed(this); +}; + +Mont.prototype.invm = function invm(a) { + // (AR)^-1 * R^2 = (A^-1 * R^-1) * R^2 = A^-1 * R + var res = this.imod(a._invmp(this.m).mul(this.r2)); + return res._forceRed(this); +}; + +})(typeof module === 'undefined' || module, this); + +},{}],72:[function(require,module,exports){ +// Base58 encoding/decoding +// Originally written by Mike Hearn for BitcoinJ +// Copyright (c) 2011 Google Inc +// Ported to JavaScript by Stefan Thomas +// Merged Buffer refactorings from base58-native by Stephen Pair +// Copyright (c) 2013 BitPay Inc + +var ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz' +var ALPHABET_MAP = {} +for(var i = 0; i < ALPHABET.length; i++) { + ALPHABET_MAP[ALPHABET.charAt(i)] = i +} +var BASE = 58 + +function encode(buffer) { + if (buffer.length === 0) return '' + + var i, j, digits = [0] + for (i = 0; i < buffer.length; i++) { + for (j = 0; j < digits.length; j++) digits[j] <<= 8 + + digits[0] += buffer[i] + + var carry = 0 + for (j = 0; j < digits.length; ++j) { + digits[j] += carry + + carry = (digits[j] / BASE) | 0 + digits[j] %= BASE } - /** - * Creates a slice of `array` with `n` elements taken from the end. - * - * @static - * @memberOf _ - * @category Array - * @param {Array} array The array to query. - * @param {number} [n=1] The number of elements to take. - * @param- {Object} [guard] Enables use as a callback for functions like `_.map`. - * @returns {Array} Returns the slice of `array`. - * @example - * - * _.takeRight([1, 2, 3]); - * // => [3] - * - * _.takeRight([1, 2, 3], 2); - * // => [2, 3] - * - * _.takeRight([1, 2, 3], 5); - * // => [1, 2, 3] - * - * _.takeRight([1, 2, 3], 0); - * // => [] - */ - function takeRight(array, n, guard) { - var length = array ? array.length : 0; - if (!length) { - return []; - } - if (guard ? isIterateeCall(array, n, guard) : n == null) { - n = 1; - } - n = length - (+n || 0); - return baseSlice(array, n < 0 ? 0 : n); + while (carry) { + digits.push(carry % BASE) + + carry = (carry / BASE) | 0 } + } - /** - * Creates a slice of `array` with elements taken from the end. Elements are - * taken until `predicate` returns falsey. The predicate is bound to `thisArg` - * and invoked with three arguments: (value, index, array). - * - * If a property name is provided for `predicate` the created `_.property` - * style callback returns the property value of the given element. - * - * If a value is also provided for `thisArg` the created `_.matchesProperty` - * style callback returns `true` for elements that have a matching property - * value, else `false`. - * - * If an object is provided for `predicate` the created `_.matches` style - * callback returns `true` for elements that have the properties of the given - * object, else `false`. - * - * @static - * @memberOf _ - * @category Array - * @param {Array} array The array to query. - * @param {Function|Object|string} [predicate=_.identity] The function invoked - * per iteration. - * @param {*} [thisArg] The `this` binding of `predicate`. - * @returns {Array} Returns the slice of `array`. - * @example - * - * _.takeRightWhile([1, 2, 3], function(n) { - * return n > 1; - * }); - * // => [2, 3] - * - * var users = [ - * { 'user': 'barney', 'active': true }, - * { 'user': 'fred', 'active': false }, - * { 'user': 'pebbles', 'active': false } - * ]; - * - * // using the `_.matches` callback shorthand - * _.pluck(_.takeRightWhile(users, { 'user': 'pebbles', 'active': false }), 'user'); - * // => ['pebbles'] - * - * // using the `_.matchesProperty` callback shorthand - * _.pluck(_.takeRightWhile(users, 'active', false), 'user'); - * // => ['fred', 'pebbles'] - * - * // using the `_.property` callback shorthand - * _.pluck(_.takeRightWhile(users, 'active'), 'user'); - * // => [] - */ - function takeRightWhile(array, predicate, thisArg) { - return (array && array.length) - ? baseWhile(array, getCallback(predicate, thisArg, 3), false, true) - : []; + // deal with leading zeros + for (i = 0; buffer[i] === 0 && i < buffer.length - 1; i++) digits.push(0) + + return digits.reverse().map(function(digit) { return ALPHABET[digit] }).join('') +} + +function decode(string) { + if (string.length === 0) return [] + + var i, j, bytes = [0] + for (i = 0; i < string.length; i++) { + var c = string[i] + if (!(c in ALPHABET_MAP)) throw new Error('Non-base58 character') + + for (j = 0; j < bytes.length; j++) bytes[j] *= BASE + bytes[0] += ALPHABET_MAP[c] + + var carry = 0 + for (j = 0; j < bytes.length; ++j) { + bytes[j] += carry + + carry = bytes[j] >> 8 + bytes[j] &= 0xff } - /** - * Creates a slice of `array` with elements taken from the beginning. Elements - * are taken until `predicate` returns falsey. The predicate is bound to - * `thisArg` and invoked with three arguments: (value, index, array). - * - * If a property name is provided for `predicate` the created `_.property` - * style callback returns the property value of the given element. - * - * If a value is also provided for `thisArg` the created `_.matchesProperty` - * style callback returns `true` for elements that have a matching property - * value, else `false`. - * - * If an object is provided for `predicate` the created `_.matches` style - * callback returns `true` for elements that have the properties of the given - * object, else `false`. - * - * @static - * @memberOf _ - * @category Array - * @param {Array} array The array to query. - * @param {Function|Object|string} [predicate=_.identity] The function invoked - * per iteration. - * @param {*} [thisArg] The `this` binding of `predicate`. - * @returns {Array} Returns the slice of `array`. - * @example - * - * _.takeWhile([1, 2, 3], function(n) { - * return n < 3; - * }); - * // => [1, 2] - * - * var users = [ - * { 'user': 'barney', 'active': false }, - * { 'user': 'fred', 'active': false}, - * { 'user': 'pebbles', 'active': true } - * ]; - * - * // using the `_.matches` callback shorthand - * _.pluck(_.takeWhile(users, { 'user': 'barney', 'active': false }), 'user'); - * // => ['barney'] - * - * // using the `_.matchesProperty` callback shorthand - * _.pluck(_.takeWhile(users, 'active', false), 'user'); - * // => ['barney', 'fred'] - * - * // using the `_.property` callback shorthand - * _.pluck(_.takeWhile(users, 'active'), 'user'); - * // => [] - */ - function takeWhile(array, predicate, thisArg) { - return (array && array.length) - ? baseWhile(array, getCallback(predicate, thisArg, 3)) - : []; + while (carry) { + bytes.push(carry & 0xff) + + carry >>= 8 } + } - /** - * Creates an array of unique values, in order, from all of the provided arrays - * using [`SameValueZero`](http://ecma-international.org/ecma-262/6.0/#sec-samevaluezero) - * for equality comparisons. - * - * @static - * @memberOf _ - * @category Array - * @param {...Array} [arrays] The arrays to inspect. - * @returns {Array} Returns the new array of combined values. - * @example - * - * _.union([1, 2], [4, 2], [2, 1]); - * // => [1, 2, 4] - */ - var union = restParam(function(arrays) { - return baseUniq(baseFlatten(arrays, false, true)); - }); + // deal with leading zeros + for (i = 0; string[i] === '1' && i < string.length - 1; i++) bytes.push(0) - /** - * Creates a duplicate-free version of an array, using - * [`SameValueZero`](http://ecma-international.org/ecma-262/6.0/#sec-samevaluezero) - * for equality comparisons, in which only the first occurence of each element - * is kept. Providing `true` for `isSorted` performs a faster search algorithm - * for sorted arrays. If an iteratee function is provided it is invoked for - * each element in the array to generate the criterion by which uniqueness - * is computed. The `iteratee` is bound to `thisArg` and invoked with three - * arguments: (value, index, array). - * - * If a property name is provided for `iteratee` the created `_.property` - * style callback returns the property value of the given element. - * - * If a value is also provided for `thisArg` the created `_.matchesProperty` - * style callback returns `true` for elements that have a matching property - * value, else `false`. - * - * If an object is provided for `iteratee` the created `_.matches` style - * callback returns `true` for elements that have the properties of the given - * object, else `false`. - * - * @static - * @memberOf _ - * @alias unique - * @category Array - * @param {Array} array The array to inspect. - * @param {boolean} [isSorted] Specify the array is sorted. - * @param {Function|Object|string} [iteratee] The function invoked per iteration. - * @param {*} [thisArg] The `this` binding of `iteratee`. - * @returns {Array} Returns the new duplicate-value-free array. - * @example - * - * _.uniq([2, 1, 2]); - * // => [2, 1] - * - * // using `isSorted` - * _.uniq([1, 1, 2], true); - * // => [1, 2] - * - * // using an iteratee function - * _.uniq([1, 2.5, 1.5, 2], function(n) { - * return this.floor(n); - * }, Math); - * // => [1, 2.5] - * - * // using the `_.property` callback shorthand - * _.uniq([{ 'x': 1 }, { 'x': 2 }, { 'x': 1 }], 'x'); - * // => [{ 'x': 1 }, { 'x': 2 }] - */ - function uniq(array, isSorted, iteratee, thisArg) { - var length = array ? array.length : 0; - if (!length) { - return []; - } - if (isSorted != null && typeof isSorted != 'boolean') { - thisArg = iteratee; - iteratee = isIterateeCall(array, isSorted, thisArg) ? undefined : isSorted; - isSorted = false; - } - var callback = getCallback(); - if (!(iteratee == null && callback === baseCallback)) { - iteratee = callback(iteratee, thisArg, 3); - } - return (isSorted && getIndexOf() == baseIndexOf) - ? sortedUniq(array, iteratee) - : baseUniq(array, iteratee); - } + return bytes.reverse() +} - /** - * This method is like `_.zip` except that it accepts an array of grouped - * elements and creates an array regrouping the elements to their pre-zip - * configuration. - * - * @static - * @memberOf _ - * @category Array - * @param {Array} array The array of grouped elements to process. - * @returns {Array} Returns the new array of regrouped elements. - * @example - * - * var zipped = _.zip(['fred', 'barney'], [30, 40], [true, false]); - * // => [['fred', 30, true], ['barney', 40, false]] - * - * _.unzip(zipped); - * // => [['fred', 'barney'], [30, 40], [true, false]] - */ - function unzip(array) { - if (!(array && array.length)) { - return []; - } - var index = -1, - length = 0; +module.exports = { + encode: encode, + decode: decode +} - array = arrayFilter(array, function(group) { - if (isArrayLike(group)) { - length = nativeMax(group.length, length); - return true; - } - }); - var result = Array(length); - while (++index < length) { - result[index] = arrayMap(array, baseProperty(index)); - } - return result; - } +},{}],73:[function(require,module,exports){ - /** - * This method is like `_.unzip` except that it accepts an iteratee to specify - * how regrouped values should be combined. The `iteratee` is bound to `thisArg` - * and invoked with four arguments: (accumulator, value, index, group). - * - * @static - * @memberOf _ - * @category Array - * @param {Array} array The array of grouped elements to process. - * @param {Function} [iteratee] The function to combine regrouped values. - * @param {*} [thisArg] The `this` binding of `iteratee`. - * @returns {Array} Returns the new array of regrouped elements. - * @example - * - * var zipped = _.zip([1, 2], [10, 20], [100, 200]); - * // => [[1, 10, 100], [2, 20, 200]] - * - * _.unzipWith(zipped, _.add); - * // => [3, 30, 300] - */ - function unzipWith(array, iteratee, thisArg) { - var length = array ? array.length : 0; - if (!length) { - return []; - } - var result = unzip(array); - if (iteratee == null) { - return result; - } - iteratee = bindCallback(iteratee, thisArg, 4); - return arrayMap(result, function(group) { - return arrayReduce(group, iteratee, undefined, true); - }); - } - /** - * Creates an array excluding all provided values using - * [`SameValueZero`](http://ecma-international.org/ecma-262/6.0/#sec-samevaluezero) - * for equality comparisons. - * - * @static - * @memberOf _ - * @category Array - * @param {Array} array The array to filter. - * @param {...*} [values] The values to exclude. - * @returns {Array} Returns the new array of filtered values. - * @example - * - * _.without([1, 2, 1, 3], 1, 2); - * // => [3] - */ - var without = restParam(function(array, values) { - return isArrayLike(array) - ? baseDifference(array, values) - : []; - }); +module.exports = function(cmp,to){ + var c = 0; + for(var i=0;i to[i]?1:0; + if(c != 0) break; + } + if(c == 0){ + if(to.length > cmp.length) c = -1; + else if(cmp.length > to.length) c = 1; + } + return c; +} - /** - * Creates an array of unique values that is the [symmetric difference](https://en.wikipedia.org/wiki/Symmetric_difference) - * of the provided arrays. - * - * @static - * @memberOf _ - * @category Array - * @param {...Array} [arrays] The arrays to inspect. - * @returns {Array} Returns the new array of values. - * @example - * - * _.xor([1, 2], [4, 2]); - * // => [1, 4] - */ - function xor() { - var index = -1, - length = arguments.length; - while (++index < length) { - var array = arguments[index]; - if (isArrayLike(array)) { - var result = result - ? arrayPush(baseDifference(result, array), baseDifference(array, result)) - : array; - } - } - return result ? baseUniq(result) : []; - } +},{}],74:[function(require,module,exports){ +'use strict'; - /** - * Creates an array of grouped elements, the first of which contains the first - * elements of the given arrays, the second of which contains the second elements - * of the given arrays, and so on. - * - * @static - * @memberOf _ - * @category Array - * @param {...Array} [arrays] The arrays to process. - * @returns {Array} Returns the new array of grouped elements. - * @example - * - * _.zip(['fred', 'barney'], [30, 40], [true, false]); - * // => [['fred', 30, true], ['barney', 40, false]] - */ - var zip = restParam(unzip); +var elliptic = exports; - /** - * The inverse of `_.pairs`; this method returns an object composed from arrays - * of property names and values. Provide either a single two dimensional array, - * e.g. `[[key1, value1], [key2, value2]]` or two arrays, one of property names - * and one of corresponding values. - * - * @static - * @memberOf _ - * @alias object - * @category Array - * @param {Array} props The property names. - * @param {Array} [values=[]] The property values. - * @returns {Object} Returns the new object. - * @example - * - * _.zipObject([['fred', 30], ['barney', 40]]); - * // => { 'fred': 30, 'barney': 40 } - * - * _.zipObject(['fred', 'barney'], [30, 40]); - * // => { 'fred': 30, 'barney': 40 } - */ - function zipObject(props, values) { - var index = -1, - length = props ? props.length : 0, - result = {}; +elliptic.version = require('../package.json').version; +elliptic.utils = require('./elliptic/utils'); +elliptic.rand = require('brorand'); +elliptic.hmacDRBG = require('./elliptic/hmac-drbg'); +elliptic.curve = require('./elliptic/curve'); +elliptic.curves = require('./elliptic/curves'); - if (length && !values && !isArray(props[0])) { - values = []; - } - while (++index < length) { - var key = props[index]; - if (values) { - result[key] = values[index]; - } else if (key) { - result[key[0]] = key[1]; - } - } - return result; - } +// Protocols +elliptic.ec = require('./elliptic/ec'); - /** - * This method is like `_.zip` except that it accepts an iteratee to specify - * how grouped values should be combined. The `iteratee` is bound to `thisArg` - * and invoked with four arguments: (accumulator, value, index, group). - * - * @static - * @memberOf _ - * @category Array - * @param {...Array} [arrays] The arrays to process. - * @param {Function} [iteratee] The function to combine grouped values. - * @param {*} [thisArg] The `this` binding of `iteratee`. - * @returns {Array} Returns the new array of grouped elements. - * @example - * - * _.zipWith([1, 2], [10, 20], [100, 200], _.add); - * // => [111, 222] - */ - var zipWith = restParam(function(arrays) { - var length = arrays.length, - iteratee = length > 2 ? arrays[length - 2] : undefined, - thisArg = length > 1 ? arrays[length - 1] : undefined; +},{"../package.json":94,"./elliptic/curve":77,"./elliptic/curves":80,"./elliptic/ec":81,"./elliptic/hmac-drbg":84,"./elliptic/utils":86,"brorand":87}],75:[function(require,module,exports){ +'use strict'; - if (length > 2 && typeof iteratee == 'function') { - length -= 2; - } else { - iteratee = (length > 1 && typeof thisArg == 'function') ? (--length, thisArg) : undefined; - thisArg = undefined; - } - arrays.length = length; - return unzipWith(arrays, iteratee, thisArg); - }); +var bn = require('bn.js'); +var elliptic = require('../../elliptic'); - /*------------------------------------------------------------------------*/ +var getNAF = elliptic.utils.getNAF; +var getJSF = elliptic.utils.getJSF; +var assert = elliptic.utils.assert; - /** - * Creates a `lodash` object that wraps `value` with explicit method - * chaining enabled. - * - * @static - * @memberOf _ - * @category Chain - * @param {*} value The value to wrap. - * @returns {Object} Returns the new `lodash` wrapper instance. - * @example - * - * var users = [ - * { 'user': 'barney', 'age': 36 }, - * { 'user': 'fred', 'age': 40 }, - * { 'user': 'pebbles', 'age': 1 } - * ]; - * - * var youngest = _.chain(users) - * .sortBy('age') - * .map(function(chr) { - * return chr.user + ' is ' + chr.age; - * }) - * .first() - * .value(); - * // => 'pebbles is 1' - */ - function chain(value) { - var result = lodash(value); - result.__chain__ = true; - return result; - } +function BaseCurve(type, conf) { + this.type = type; + this.p = new bn(conf.p, 16); - /** - * This method invokes `interceptor` and returns `value`. The interceptor is - * bound to `thisArg` and invoked with one argument; (value). The purpose of - * this method is to "tap into" a method chain in order to perform operations - * on intermediate results within the chain. - * - * @static - * @memberOf _ - * @category Chain - * @param {*} value The value to provide to `interceptor`. - * @param {Function} interceptor The function to invoke. - * @param {*} [thisArg] The `this` binding of `interceptor`. - * @returns {*} Returns `value`. - * @example - * - * _([1, 2, 3]) - * .tap(function(array) { - * array.pop(); - * }) - * .reverse() - * .value(); - * // => [2, 1] - */ - function tap(value, interceptor, thisArg) { - interceptor.call(thisArg, value); - return value; - } + // Use Montgomery, when there is no fast reduction for the prime + this.red = conf.prime ? bn.red(conf.prime) : bn.mont(this.p); - /** - * This method is like `_.tap` except that it returns the result of `interceptor`. - * - * @static - * @memberOf _ - * @category Chain - * @param {*} value The value to provide to `interceptor`. - * @param {Function} interceptor The function to invoke. - * @param {*} [thisArg] The `this` binding of `interceptor`. - * @returns {*} Returns the result of `interceptor`. - * @example - * - * _(' abc ') - * .chain() - * .trim() - * .thru(function(value) { - * return [value]; - * }) - * .value(); - * // => ['abc'] - */ - function thru(value, interceptor, thisArg) { - return interceptor.call(thisArg, value); - } + // Useful for many curves + this.zero = new bn(0).toRed(this.red); + this.one = new bn(1).toRed(this.red); + this.two = new bn(2).toRed(this.red); - /** - * Enables explicit method chaining on the wrapper object. - * - * @name chain - * @memberOf _ - * @category Chain - * @returns {Object} Returns the new `lodash` wrapper instance. - * @example - * - * var users = [ - * { 'user': 'barney', 'age': 36 }, - * { 'user': 'fred', 'age': 40 } - * ]; - * - * // without explicit chaining - * _(users).first(); - * // => { 'user': 'barney', 'age': 36 } - * - * // with explicit chaining - * _(users).chain() - * .first() - * .pick('user') - * .value(); - * // => { 'user': 'barney' } - */ - function wrapperChain() { - return chain(this); - } + // Curve configuration, optional + this.n = conf.n && new bn(conf.n, 16); + this.g = conf.g && this.pointFromJSON(conf.g, conf.gRed); - /** - * Executes the chained sequence and returns the wrapped result. - * - * @name commit - * @memberOf _ - * @category Chain - * @returns {Object} Returns the new `lodash` wrapper instance. - * @example - * - * var array = [1, 2]; - * var wrapped = _(array).push(3); - * - * console.log(array); - * // => [1, 2] - * - * wrapped = wrapped.commit(); - * console.log(array); - * // => [1, 2, 3] - * - * wrapped.last(); - * // => 3 - * - * console.log(array); - * // => [1, 2, 3] - */ - function wrapperCommit() { - return new LodashWrapper(this.value(), this.__chain__); - } + // Temporary arrays + this._wnafT1 = new Array(4); + this._wnafT2 = new Array(4); + this._wnafT3 = new Array(4); + this._wnafT4 = new Array(4); +} +module.exports = BaseCurve; - /** - * Creates a new array joining a wrapped array with any additional arrays - * and/or values. - * - * @name concat - * @memberOf _ - * @category Chain - * @param {...*} [values] The values to concatenate. - * @returns {Array} Returns the new concatenated array. - * @example - * - * var array = [1]; - * var wrapped = _(array).concat(2, [3], [[4]]); - * - * console.log(wrapped.value()); - * // => [1, 2, 3, [4]] - * - * console.log(array); - * // => [1] - */ - var wrapperConcat = restParam(function(values) { - values = baseFlatten(values); - return this.thru(function(array) { - return arrayConcat(isArray(array) ? array : [toObject(array)], values); - }); - }); +BaseCurve.prototype.point = function point() { + throw new Error('Not implemented'); +}; - /** - * Creates a clone of the chained sequence planting `value` as the wrapped value. - * - * @name plant - * @memberOf _ - * @category Chain - * @returns {Object} Returns the new `lodash` wrapper instance. - * @example - * - * var array = [1, 2]; - * var wrapped = _(array).map(function(value) { - * return Math.pow(value, 2); - * }); - * - * var other = [3, 4]; - * var otherWrapped = wrapped.plant(other); - * - * otherWrapped.value(); - * // => [9, 16] - * - * wrapped.value(); - * // => [1, 4] - */ - function wrapperPlant(value) { - var result, - parent = this; +BaseCurve.prototype.validate = function validate() { + throw new Error('Not implemented'); +}; - while (parent instanceof baseLodash) { - var clone = wrapperClone(parent); - if (result) { - previous.__wrapped__ = clone; - } else { - result = clone; - } - var previous = clone; - parent = parent.__wrapped__; - } - previous.__wrapped__ = value; - return result; +BaseCurve.prototype._fixedNafMul = function _fixedNafMul(p, k) { + var doubles = p._getDoubles(); + + var naf = getNAF(k, 1); + var I = (1 << (doubles.step + 1)) - (doubles.step % 2 === 0 ? 2 : 1); + I /= 3; + + // Translate into more windowed form + var repr = []; + for (var j = 0; j < naf.length; j += doubles.step) { + var nafW = 0; + for (var k = j + doubles.step - 1; k >= j; k--) + nafW = (nafW << 1) + naf[k]; + repr.push(nafW); + } + + var a = this.jpoint(null, null, null); + var b = this.jpoint(null, null, null); + for (var i = I; i > 0; i--) { + for (var j = 0; j < repr.length; j++) { + var nafW = repr[j]; + if (nafW === i) + b = b.mixedAdd(doubles.points[j]); + else if (nafW === -i) + b = b.mixedAdd(doubles.points[j].neg()); } + a = a.add(b); + } + return a.toP(); +}; - /** - * Reverses the wrapped array so the first element becomes the last, the - * second element becomes the second to last, and so on. - * - * **Note:** This method mutates the wrapped array. - * - * @name reverse - * @memberOf _ - * @category Chain - * @returns {Object} Returns the new reversed `lodash` wrapper instance. - * @example - * - * var array = [1, 2, 3]; - * - * _(array).reverse().value() - * // => [3, 2, 1] - * - * console.log(array); - * // => [3, 2, 1] - */ - function wrapperReverse() { - var value = this.__wrapped__; +BaseCurve.prototype._wnafMul = function _wnafMul(p, k) { + var w = 4; - var interceptor = function(value) { - return (wrapped && wrapped.__dir__ < 0) ? value : value.reverse(); - }; - if (value instanceof LazyWrapper) { - var wrapped = value; - if (this.__actions__.length) { - wrapped = new LazyWrapper(this); - } - wrapped = wrapped.reverse(); - wrapped.__actions__.push({ 'func': thru, 'args': [interceptor], 'thisArg': undefined }); - return new LodashWrapper(wrapped, this.__chain__); - } - return this.thru(interceptor); + // Precompute window + var nafPoints = p._getNAFPoints(w); + w = nafPoints.wnd; + var wnd = nafPoints.points; + + // Get NAF form + var naf = getNAF(k, w); + + // Add `this`*(N+1) for every w-NAF index + var acc = this.jpoint(null, null, null); + for (var i = naf.length - 1; i >= 0; i--) { + // Count zeroes + for (var k = 0; i >= 0 && naf[i] === 0; i--) + k++; + if (i >= 0) + k++; + acc = acc.dblp(k); + + if (i < 0) + break; + var z = naf[i]; + assert(z !== 0); + if (p.type === 'affine') { + // J +- P + if (z > 0) + acc = acc.mixedAdd(wnd[(z - 1) >> 1]); + else + acc = acc.mixedAdd(wnd[(-z - 1) >> 1].neg()); + } else { + // J +- J + if (z > 0) + acc = acc.add(wnd[(z - 1) >> 1]); + else + acc = acc.add(wnd[(-z - 1) >> 1].neg()); } + } + return p.type === 'affine' ? acc.toP() : acc; +}; - /** - * Produces the result of coercing the unwrapped value to a string. - * - * @name toString - * @memberOf _ - * @category Chain - * @returns {string} Returns the coerced string value. - * @example - * - * _([1, 2, 3]).toString(); - * // => '1,2,3' - */ - function wrapperToString() { - return (this.value() + ''); +BaseCurve.prototype._wnafMulAdd = function _wnafMulAdd(defW, + points, + coeffs, + len) { + var wndWidth = this._wnafT1; + var wnd = this._wnafT2; + var naf = this._wnafT3; + + // Fill all arrays + var max = 0; + for (var i = 0; i < len; i++) { + var p = points[i]; + var nafPoints = p._getNAFPoints(defW); + wndWidth[i] = nafPoints.wnd; + wnd[i] = nafPoints.points; + } + + // Comb small window NAFs + for (var i = len - 1; i >= 1; i -= 2) { + var a = i - 1; + var b = i; + if (wndWidth[a] !== 1 || wndWidth[b] !== 1) { + naf[a] = getNAF(coeffs[a], wndWidth[a]); + naf[b] = getNAF(coeffs[b], wndWidth[b]); + max = Math.max(naf[a].length, max); + max = Math.max(naf[b].length, max); + continue; } - /** - * Executes the chained sequence to extract the unwrapped value. - * - * @name value - * @memberOf _ - * @alias run, toJSON, valueOf - * @category Chain - * @returns {*} Returns the resolved unwrapped value. - * @example - * - * _([1, 2, 3]).value(); - * // => [1, 2, 3] - */ - function wrapperValue() { - return baseWrapperValue(this.__wrapped__, this.__actions__); + var comb = [ + points[a], /* 1 */ + null, /* 3 */ + null, /* 5 */ + points[b] /* 7 */ + ]; + + // Try to avoid Projective points, if possible + if (points[a].y.cmp(points[b].y) === 0) { + comb[1] = points[a].add(points[b]); + comb[2] = points[a].toJ().mixedAdd(points[b].neg()); + } else if (points[a].y.cmp(points[b].y.redNeg()) === 0) { + comb[1] = points[a].toJ().mixedAdd(points[b]); + comb[2] = points[a].add(points[b].neg()); + } else { + comb[1] = points[a].toJ().mixedAdd(points[b]); + comb[2] = points[a].toJ().mixedAdd(points[b].neg()); } - /*------------------------------------------------------------------------*/ + var index = [ + -3, /* -1 -1 */ + -1, /* -1 0 */ + -5, /* -1 1 */ + -7, /* 0 -1 */ + 0, /* 0 0 */ + 7, /* 0 1 */ + 5, /* 1 -1 */ + 1, /* 1 0 */ + 3 /* 1 1 */ + ]; - /** - * Creates an array of elements corresponding to the given keys, or indexes, - * of `collection`. Keys may be specified as individual arguments or as arrays - * of keys. - * - * @static - * @memberOf _ - * @category Collection - * @param {Array|Object|string} collection The collection to iterate over. - * @param {...(number|number[]|string|string[])} [props] The property names - * or indexes of elements to pick, specified individually or in arrays. - * @returns {Array} Returns the new array of picked elements. - * @example - * - * _.at(['a', 'b', 'c'], [0, 2]); - * // => ['a', 'c'] - * - * _.at(['barney', 'fred', 'pebbles'], 0, 2); - * // => ['barney', 'pebbles'] - */ - var at = restParam(function(collection, props) { - return baseAt(collection, baseFlatten(props)); - }); + var jsf = getJSF(coeffs[a], coeffs[b]); + max = Math.max(jsf[0].length, max); + naf[a] = new Array(max); + naf[b] = new Array(max); + for (var j = 0; j < max; j++) { + var ja = jsf[0][j] | 0; + var jb = jsf[1][j] | 0; - /** - * Creates an object composed of keys generated from the results of running - * each element of `collection` through `iteratee`. The corresponding value - * of each key is the number of times the key was returned by `iteratee`. - * The `iteratee` is bound to `thisArg` and invoked with three arguments: - * (value, index|key, collection). - * - * If a property name is provided for `iteratee` the created `_.property` - * style callback returns the property value of the given element. - * - * If a value is also provided for `thisArg` the created `_.matchesProperty` - * style callback returns `true` for elements that have a matching property - * value, else `false`. - * - * If an object is provided for `iteratee` the created `_.matches` style - * callback returns `true` for elements that have the properties of the given - * object, else `false`. - * - * @static - * @memberOf _ - * @category Collection - * @param {Array|Object|string} collection The collection to iterate over. - * @param {Function|Object|string} [iteratee=_.identity] The function invoked - * per iteration. - * @param {*} [thisArg] The `this` binding of `iteratee`. - * @returns {Object} Returns the composed aggregate object. - * @example - * - * _.countBy([4.3, 6.1, 6.4], function(n) { - * return Math.floor(n); - * }); - * // => { '4': 1, '6': 2 } - * - * _.countBy([4.3, 6.1, 6.4], function(n) { - * return this.floor(n); - * }, Math); - * // => { '4': 1, '6': 2 } - * - * _.countBy(['one', 'two', 'three'], 'length'); - * // => { '3': 2, '5': 1 } - */ - var countBy = createAggregator(function(result, value, key) { - hasOwnProperty.call(result, key) ? ++result[key] : (result[key] = 1); - }); + naf[a][j] = index[(ja + 1) * 3 + (jb + 1)]; + naf[b][j] = 0; + wnd[a] = comb; + } + } - /** - * Checks if `predicate` returns truthy for **all** elements of `collection`. - * The predicate is bound to `thisArg` and invoked with three arguments: - * (value, index|key, collection). - * - * If a property name is provided for `predicate` the created `_.property` - * style callback returns the property value of the given element. - * - * If a value is also provided for `thisArg` the created `_.matchesProperty` - * style callback returns `true` for elements that have a matching property - * value, else `false`. - * - * If an object is provided for `predicate` the created `_.matches` style - * callback returns `true` for elements that have the properties of the given - * object, else `false`. - * - * @static - * @memberOf _ - * @alias all - * @category Collection - * @param {Array|Object|string} collection The collection to iterate over. - * @param {Function|Object|string} [predicate=_.identity] The function invoked - * per iteration. - * @param {*} [thisArg] The `this` binding of `predicate`. - * @returns {boolean} Returns `true` if all elements pass the predicate check, - * else `false`. - * @example - * - * _.every([true, 1, null, 'yes'], Boolean); - * // => false - * - * var users = [ - * { 'user': 'barney', 'active': false }, - * { 'user': 'fred', 'active': false } - * ]; - * - * // using the `_.matches` callback shorthand - * _.every(users, { 'user': 'barney', 'active': false }); - * // => false - * - * // using the `_.matchesProperty` callback shorthand - * _.every(users, 'active', false); - * // => true - * - * // using the `_.property` callback shorthand - * _.every(users, 'active'); - * // => false - */ - function every(collection, predicate, thisArg) { - var func = isArray(collection) ? arrayEvery : baseEvery; - if (thisArg && isIterateeCall(collection, predicate, thisArg)) { - predicate = undefined; - } - if (typeof predicate != 'function' || thisArg !== undefined) { - predicate = getCallback(predicate, thisArg, 3); + var acc = this.jpoint(null, null, null); + var tmp = this._wnafT4; + for (var i = max; i >= 0; i--) { + var k = 0; + + while (i >= 0) { + var zero = true; + for (var j = 0; j < len; j++) { + tmp[j] = naf[j][i] | 0; + if (tmp[j] !== 0) + zero = false; } - return func(collection, predicate); + if (!zero) + break; + k++; + i--; } + if (i >= 0) + k++; + acc = acc.dblp(k); + if (i < 0) + break; - /** - * Iterates over elements of `collection`, returning an array of all elements - * `predicate` returns truthy for. The predicate is bound to `thisArg` and - * invoked with three arguments: (value, index|key, collection). - * - * If a property name is provided for `predicate` the created `_.property` - * style callback returns the property value of the given element. - * - * If a value is also provided for `thisArg` the created `_.matchesProperty` - * style callback returns `true` for elements that have a matching property - * value, else `false`. - * - * If an object is provided for `predicate` the created `_.matches` style - * callback returns `true` for elements that have the properties of the given - * object, else `false`. - * - * @static - * @memberOf _ - * @alias select - * @category Collection - * @param {Array|Object|string} collection The collection to iterate over. - * @param {Function|Object|string} [predicate=_.identity] The function invoked - * per iteration. - * @param {*} [thisArg] The `this` binding of `predicate`. - * @returns {Array} Returns the new filtered array. - * @example - * - * _.filter([4, 5, 6], function(n) { - * return n % 2 == 0; - * }); - * // => [4, 6] - * - * var users = [ - * { 'user': 'barney', 'age': 36, 'active': true }, - * { 'user': 'fred', 'age': 40, 'active': false } - * ]; - * - * // using the `_.matches` callback shorthand - * _.pluck(_.filter(users, { 'age': 36, 'active': true }), 'user'); - * // => ['barney'] - * - * // using the `_.matchesProperty` callback shorthand - * _.pluck(_.filter(users, 'active', false), 'user'); - * // => ['fred'] - * - * // using the `_.property` callback shorthand - * _.pluck(_.filter(users, 'active'), 'user'); - * // => ['barney'] - */ - function filter(collection, predicate, thisArg) { - var func = isArray(collection) ? arrayFilter : baseFilter; - predicate = getCallback(predicate, thisArg, 3); - return func(collection, predicate); + for (var j = 0; j < len; j++) { + var z = tmp[j]; + var p; + if (z === 0) + continue; + else if (z > 0) + p = wnd[j][(z - 1) >> 1]; + else if (z < 0) + p = wnd[j][(-z - 1) >> 1].neg(); + + if (p.type === 'affine') + acc = acc.mixedAdd(p); + else + acc = acc.add(p); } + } + // Zeroify references + for (var i = 0; i < len; i++) + wnd[i] = null; + return acc.toP(); +}; - /** - * Iterates over elements of `collection`, returning the first element - * `predicate` returns truthy for. The predicate is bound to `thisArg` and - * invoked with three arguments: (value, index|key, collection). - * - * If a property name is provided for `predicate` the created `_.property` - * style callback returns the property value of the given element. - * - * If a value is also provided for `thisArg` the created `_.matchesProperty` - * style callback returns `true` for elements that have a matching property - * value, else `false`. - * - * If an object is provided for `predicate` the created `_.matches` style - * callback returns `true` for elements that have the properties of the given - * object, else `false`. - * - * @static - * @memberOf _ - * @alias detect - * @category Collection - * @param {Array|Object|string} collection The collection to search. - * @param {Function|Object|string} [predicate=_.identity] The function invoked - * per iteration. - * @param {*} [thisArg] The `this` binding of `predicate`. - * @returns {*} Returns the matched element, else `undefined`. - * @example - * - * var users = [ - * { 'user': 'barney', 'age': 36, 'active': true }, - * { 'user': 'fred', 'age': 40, 'active': false }, - * { 'user': 'pebbles', 'age': 1, 'active': true } - * ]; - * - * _.result(_.find(users, function(chr) { - * return chr.age < 40; - * }), 'user'); - * // => 'barney' - * - * // using the `_.matches` callback shorthand - * _.result(_.find(users, { 'age': 1, 'active': true }), 'user'); - * // => 'pebbles' - * - * // using the `_.matchesProperty` callback shorthand - * _.result(_.find(users, 'active', false), 'user'); - * // => 'fred' - * - * // using the `_.property` callback shorthand - * _.result(_.find(users, 'active'), 'user'); - * // => 'barney' - */ - var find = createFind(baseEach); +function BasePoint(curve, type) { + this.curve = curve; + this.type = type; + this.precomputed = null; +} +BaseCurve.BasePoint = BasePoint; - /** - * This method is like `_.find` except that it iterates over elements of - * `collection` from right to left. - * - * @static - * @memberOf _ - * @category Collection - * @param {Array|Object|string} collection The collection to search. - * @param {Function|Object|string} [predicate=_.identity] The function invoked - * per iteration. - * @param {*} [thisArg] The `this` binding of `predicate`. - * @returns {*} Returns the matched element, else `undefined`. - * @example - * - * _.findLast([1, 2, 3, 4], function(n) { - * return n % 2 == 1; - * }); - * // => 3 - */ - var findLast = createFind(baseEachRight, true); +BasePoint.prototype.validate = function validate() { + return this.curve.validate(this); +}; - /** - * Performs a deep comparison between each element in `collection` and the - * source object, returning the first element that has equivalent property - * values. - * - * **Note:** This method supports comparing arrays, booleans, `Date` objects, - * numbers, `Object` objects, regexes, and strings. Objects are compared by - * their own, not inherited, enumerable properties. For comparing a single - * own or inherited property value see `_.matchesProperty`. - * - * @static - * @memberOf _ - * @category Collection - * @param {Array|Object|string} collection The collection to search. - * @param {Object} source The object of property values to match. - * @returns {*} Returns the matched element, else `undefined`. - * @example - * - * var users = [ - * { 'user': 'barney', 'age': 36, 'active': true }, - * { 'user': 'fred', 'age': 40, 'active': false } - * ]; - * - * _.result(_.findWhere(users, { 'age': 36, 'active': true }), 'user'); - * // => 'barney' - * - * _.result(_.findWhere(users, { 'age': 40, 'active': false }), 'user'); - * // => 'fred' - */ - function findWhere(collection, source) { - return find(collection, baseMatches(source)); - } +BasePoint.prototype.precompute = function precompute(power) { + if (this.precomputed) + return this; - /** - * Iterates over elements of `collection` invoking `iteratee` for each element. - * The `iteratee` is bound to `thisArg` and invoked with three arguments: - * (value, index|key, collection). Iteratee functions may exit iteration early - * by explicitly returning `false`. - * - * **Note:** As with other "Collections" methods, objects with a "length" property - * are iterated like arrays. To avoid this behavior `_.forIn` or `_.forOwn` - * may be used for object iteration. - * - * @static - * @memberOf _ - * @alias each - * @category Collection - * @param {Array|Object|string} collection The collection to iterate over. - * @param {Function} [iteratee=_.identity] The function invoked per iteration. - * @param {*} [thisArg] The `this` binding of `iteratee`. - * @returns {Array|Object|string} Returns `collection`. - * @example - * - * _([1, 2]).forEach(function(n) { - * console.log(n); - * }).value(); - * // => logs each value from left to right and returns the array - * - * _.forEach({ 'a': 1, 'b': 2 }, function(n, key) { - * console.log(n, key); - * }); - * // => logs each value-key pair and returns the object (iteration order is not guaranteed) - */ - var forEach = createForEach(arrayEach, baseEach); + var precomputed = { + doubles: null, + naf: null, + beta: null + }; + precomputed.naf = this._getNAFPoints(8); + precomputed.doubles = this._getDoubles(4, power); + precomputed.beta = this._getBeta(); + this.precomputed = precomputed; - /** - * This method is like `_.forEach` except that it iterates over elements of - * `collection` from right to left. - * - * @static - * @memberOf _ - * @alias eachRight - * @category Collection - * @param {Array|Object|string} collection The collection to iterate over. - * @param {Function} [iteratee=_.identity] The function invoked per iteration. - * @param {*} [thisArg] The `this` binding of `iteratee`. - * @returns {Array|Object|string} Returns `collection`. - * @example - * - * _([1, 2]).forEachRight(function(n) { - * console.log(n); - * }).value(); - * // => logs each value from right to left and returns the array - */ - var forEachRight = createForEach(arrayEachRight, baseEachRight); + return this; +}; - /** - * Creates an object composed of keys generated from the results of running - * each element of `collection` through `iteratee`. The corresponding value - * of each key is an array of the elements responsible for generating the key. - * The `iteratee` is bound to `thisArg` and invoked with three arguments: - * (value, index|key, collection). - * - * If a property name is provided for `iteratee` the created `_.property` - * style callback returns the property value of the given element. - * - * If a value is also provided for `thisArg` the created `_.matchesProperty` - * style callback returns `true` for elements that have a matching property - * value, else `false`. - * - * If an object is provided for `iteratee` the created `_.matches` style - * callback returns `true` for elements that have the properties of the given - * object, else `false`. - * - * @static - * @memberOf _ - * @category Collection - * @param {Array|Object|string} collection The collection to iterate over. - * @param {Function|Object|string} [iteratee=_.identity] The function invoked - * per iteration. - * @param {*} [thisArg] The `this` binding of `iteratee`. - * @returns {Object} Returns the composed aggregate object. - * @example - * - * _.groupBy([4.2, 6.1, 6.4], function(n) { - * return Math.floor(n); - * }); - * // => { '4': [4.2], '6': [6.1, 6.4] } - * - * _.groupBy([4.2, 6.1, 6.4], function(n) { - * return this.floor(n); - * }, Math); - * // => { '4': [4.2], '6': [6.1, 6.4] } - * - * // using the `_.property` callback shorthand - * _.groupBy(['one', 'two', 'three'], 'length'); - * // => { '3': ['one', 'two'], '5': ['three'] } - */ - var groupBy = createAggregator(function(result, value, key) { - if (hasOwnProperty.call(result, key)) { - result[key].push(value); - } else { - result[key] = [value]; - } - }); +BasePoint.prototype._getDoubles = function _getDoubles(step, power) { + if (this.precomputed && this.precomputed.doubles) + return this.precomputed.doubles; - /** - * Checks if `value` is in `collection` using - * [`SameValueZero`](http://ecma-international.org/ecma-262/6.0/#sec-samevaluezero) - * for equality comparisons. If `fromIndex` is negative, it is used as the offset - * from the end of `collection`. - * - * @static - * @memberOf _ - * @alias contains, include - * @category Collection - * @param {Array|Object|string} collection The collection to search. - * @param {*} target The value to search for. - * @param {number} [fromIndex=0] The index to search from. - * @param- {Object} [guard] Enables use as a callback for functions like `_.reduce`. - * @returns {boolean} Returns `true` if a matching element is found, else `false`. - * @example - * - * _.includes([1, 2, 3], 1); - * // => true - * - * _.includes([1, 2, 3], 1, 2); - * // => false - * - * _.includes({ 'user': 'fred', 'age': 40 }, 'fred'); - * // => true - * - * _.includes('pebbles', 'eb'); - * // => true - */ - function includes(collection, target, fromIndex, guard) { - var length = collection ? getLength(collection) : 0; - if (!isLength(length)) { - collection = values(collection); - length = collection.length; - } - if (typeof fromIndex != 'number' || (guard && isIterateeCall(target, fromIndex, guard))) { - fromIndex = 0; - } else { - fromIndex = fromIndex < 0 ? nativeMax(length + fromIndex, 0) : (fromIndex || 0); - } - return (typeof collection == 'string' || !isArray(collection) && isString(collection)) - ? (fromIndex <= length && collection.indexOf(target, fromIndex) > -1) - : (!!length && getIndexOf(collection, target, fromIndex) > -1); - } + var doubles = [ this ]; + var acc = this; + for (var i = 0; i < power; i += step) { + for (var j = 0; j < step; j++) + acc = acc.dbl(); + doubles.push(acc); + } + return { + step: step, + points: doubles + }; +}; - /** - * Creates an object composed of keys generated from the results of running - * each element of `collection` through `iteratee`. The corresponding value - * of each key is the last element responsible for generating the key. The - * iteratee function is bound to `thisArg` and invoked with three arguments: - * (value, index|key, collection). - * - * If a property name is provided for `iteratee` the created `_.property` - * style callback returns the property value of the given element. - * - * If a value is also provided for `thisArg` the created `_.matchesProperty` - * style callback returns `true` for elements that have a matching property - * value, else `false`. - * - * If an object is provided for `iteratee` the created `_.matches` style - * callback returns `true` for elements that have the properties of the given - * object, else `false`. - * - * @static - * @memberOf _ - * @category Collection - * @param {Array|Object|string} collection The collection to iterate over. - * @param {Function|Object|string} [iteratee=_.identity] The function invoked - * per iteration. - * @param {*} [thisArg] The `this` binding of `iteratee`. - * @returns {Object} Returns the composed aggregate object. - * @example - * - * var keyData = [ - * { 'dir': 'left', 'code': 97 }, - * { 'dir': 'right', 'code': 100 } - * ]; - * - * _.indexBy(keyData, 'dir'); - * // => { 'left': { 'dir': 'left', 'code': 97 }, 'right': { 'dir': 'right', 'code': 100 } } - * - * _.indexBy(keyData, function(object) { - * return String.fromCharCode(object.code); - * }); - * // => { 'a': { 'dir': 'left', 'code': 97 }, 'd': { 'dir': 'right', 'code': 100 } } - * - * _.indexBy(keyData, function(object) { - * return this.fromCharCode(object.code); - * }, String); - * // => { 'a': { 'dir': 'left', 'code': 97 }, 'd': { 'dir': 'right', 'code': 100 } } - */ - var indexBy = createAggregator(function(result, value, key) { - result[key] = value; - }); +BasePoint.prototype._getNAFPoints = function _getNAFPoints(wnd) { + if (this.precomputed && this.precomputed.naf) + return this.precomputed.naf; - /** - * Invokes the method at `path` of each element in `collection`, returning - * an array of the results of each invoked method. Any additional arguments - * are provided to each invoked method. If `methodName` is a function it is - * invoked for, and `this` bound to, each element in `collection`. - * - * @static - * @memberOf _ - * @category Collection - * @param {Array|Object|string} collection The collection to iterate over. - * @param {Array|Function|string} path The path of the method to invoke or - * the function invoked per iteration. - * @param {...*} [args] The arguments to invoke the method with. - * @returns {Array} Returns the array of results. - * @example - * - * _.invoke([[5, 1, 7], [3, 2, 1]], 'sort'); - * // => [[1, 5, 7], [1, 2, 3]] - * - * _.invoke([123, 456], String.prototype.split, ''); - * // => [['1', '2', '3'], ['4', '5', '6']] - */ - var invoke = restParam(function(collection, path, args) { - var index = -1, - isFunc = typeof path == 'function', - isProp = isKey(path), - result = isArrayLike(collection) ? Array(collection.length) : []; + var res = [ this ]; + var max = (1 << wnd) - 1; + var dbl = max === 1 ? null : this.dbl(); + for (var i = 1; i < max; i++) + res[i] = res[i - 1].add(dbl); + return { + wnd: wnd, + points: res + }; +}; - baseEach(collection, function(value) { - var func = isFunc ? path : ((isProp && value != null) ? value[path] : undefined); - result[++index] = func ? func.apply(value, args) : invokePath(value, path, args); - }); - return result; - }); +BasePoint.prototype._getBeta = function _getBeta() { + return null; +}; - /** - * Creates an array of values by running each element in `collection` through - * `iteratee`. The `iteratee` is bound to `thisArg` and invoked with three - * arguments: (value, index|key, collection). - * - * If a property name is provided for `iteratee` the created `_.property` - * style callback returns the property value of the given element. - * - * If a value is also provided for `thisArg` the created `_.matchesProperty` - * style callback returns `true` for elements that have a matching property - * value, else `false`. - * - * If an object is provided for `iteratee` the created `_.matches` style - * callback returns `true` for elements that have the properties of the given - * object, else `false`. - * - * Many lodash methods are guarded to work as iteratees for methods like - * `_.every`, `_.filter`, `_.map`, `_.mapValues`, `_.reject`, and `_.some`. - * - * The guarded methods are: - * `ary`, `callback`, `chunk`, `clone`, `create`, `curry`, `curryRight`, - * `drop`, `dropRight`, `every`, `fill`, `flatten`, `invert`, `max`, `min`, - * `parseInt`, `slice`, `sortBy`, `take`, `takeRight`, `template`, `trim`, - * `trimLeft`, `trimRight`, `trunc`, `random`, `range`, `sample`, `some`, - * `sum`, `uniq`, and `words` - * - * @static - * @memberOf _ - * @alias collect - * @category Collection - * @param {Array|Object|string} collection The collection to iterate over. - * @param {Function|Object|string} [iteratee=_.identity] The function invoked - * per iteration. - * @param {*} [thisArg] The `this` binding of `iteratee`. - * @returns {Array} Returns the new mapped array. - * @example - * - * function timesThree(n) { - * return n * 3; - * } - * - * _.map([1, 2], timesThree); - * // => [3, 6] - * - * _.map({ 'a': 1, 'b': 2 }, timesThree); - * // => [3, 6] (iteration order is not guaranteed) - * - * var users = [ - * { 'user': 'barney' }, - * { 'user': 'fred' } - * ]; - * - * // using the `_.property` callback shorthand - * _.map(users, 'user'); - * // => ['barney', 'fred'] - */ - function map(collection, iteratee, thisArg) { - var func = isArray(collection) ? arrayMap : baseMap; - iteratee = getCallback(iteratee, thisArg, 3); - return func(collection, iteratee); - } +BasePoint.prototype.dblp = function dblp(k) { + var r = this; + for (var i = 0; i < k; i++) + r = r.dbl(); + return r; +}; - /** - * Creates an array of elements split into two groups, the first of which - * contains elements `predicate` returns truthy for, while the second of which - * contains elements `predicate` returns falsey for. The predicate is bound - * to `thisArg` and invoked with three arguments: (value, index|key, collection). - * - * If a property name is provided for `predicate` the created `_.property` - * style callback returns the property value of the given element. - * - * If a value is also provided for `thisArg` the created `_.matchesProperty` - * style callback returns `true` for elements that have a matching property - * value, else `false`. - * - * If an object is provided for `predicate` the created `_.matches` style - * callback returns `true` for elements that have the properties of the given - * object, else `false`. - * - * @static - * @memberOf _ - * @category Collection - * @param {Array|Object|string} collection The collection to iterate over. - * @param {Function|Object|string} [predicate=_.identity] The function invoked - * per iteration. - * @param {*} [thisArg] The `this` binding of `predicate`. - * @returns {Array} Returns the array of grouped elements. - * @example - * - * _.partition([1, 2, 3], function(n) { - * return n % 2; - * }); - * // => [[1, 3], [2]] - * - * _.partition([1.2, 2.3, 3.4], function(n) { - * return this.floor(n) % 2; - * }, Math); - * // => [[1.2, 3.4], [2.3]] - * - * var users = [ - * { 'user': 'barney', 'age': 36, 'active': false }, - * { 'user': 'fred', 'age': 40, 'active': true }, - * { 'user': 'pebbles', 'age': 1, 'active': false } - * ]; - * - * var mapper = function(array) { - * return _.pluck(array, 'user'); - * }; - * - * // using the `_.matches` callback shorthand - * _.map(_.partition(users, { 'age': 1, 'active': false }), mapper); - * // => [['pebbles'], ['barney', 'fred']] - * - * // using the `_.matchesProperty` callback shorthand - * _.map(_.partition(users, 'active', false), mapper); - * // => [['barney', 'pebbles'], ['fred']] - * - * // using the `_.property` callback shorthand - * _.map(_.partition(users, 'active'), mapper); - * // => [['fred'], ['barney', 'pebbles']] - */ - var partition = createAggregator(function(result, value, key) { - result[key ? 0 : 1].push(value); - }, function() { return [[], []]; }); +},{"../../elliptic":74,"bn.js":71}],76:[function(require,module,exports){ +'use strict'; - /** - * Gets the property value of `path` from all elements in `collection`. - * - * @static - * @memberOf _ - * @category Collection - * @param {Array|Object|string} collection The collection to iterate over. - * @param {Array|string} path The path of the property to pluck. - * @returns {Array} Returns the property values. - * @example - * - * var users = [ - * { 'user': 'barney', 'age': 36 }, - * { 'user': 'fred', 'age': 40 } - * ]; - * - * _.pluck(users, 'user'); - * // => ['barney', 'fred'] - * - * var userIndex = _.indexBy(users, 'user'); - * _.pluck(userIndex, 'age'); - * // => [36, 40] (iteration order is not guaranteed) - */ - function pluck(collection, path) { - return map(collection, property(path)); - } +var curve = require('../curve'); +var elliptic = require('../../elliptic'); +var bn = require('bn.js'); +var inherits = require('inherits'); +var Base = curve.base; - /** - * Reduces `collection` to a value which is the accumulated result of running - * each element in `collection` through `iteratee`, where each successive - * invocation is supplied the return value of the previous. If `accumulator` - * is not provided the first element of `collection` is used as the initial - * value. The `iteratee` is bound to `thisArg` and invoked with four arguments: - * (accumulator, value, index|key, collection). - * - * Many lodash methods are guarded to work as iteratees for methods like - * `_.reduce`, `_.reduceRight`, and `_.transform`. - * - * The guarded methods are: - * `assign`, `defaults`, `defaultsDeep`, `includes`, `merge`, `sortByAll`, - * and `sortByOrder` - * - * @static - * @memberOf _ - * @alias foldl, inject - * @category Collection - * @param {Array|Object|string} collection The collection to iterate over. - * @param {Function} [iteratee=_.identity] The function invoked per iteration. - * @param {*} [accumulator] The initial value. - * @param {*} [thisArg] The `this` binding of `iteratee`. - * @returns {*} Returns the accumulated value. - * @example - * - * _.reduce([1, 2], function(total, n) { - * return total + n; - * }); - * // => 3 - * - * _.reduce({ 'a': 1, 'b': 2 }, function(result, n, key) { - * result[key] = n * 3; - * return result; - * }, {}); - * // => { 'a': 3, 'b': 6 } (iteration order is not guaranteed) - */ - var reduce = createReduce(arrayReduce, baseEach); +var assert = elliptic.utils.assert; - /** - * This method is like `_.reduce` except that it iterates over elements of - * `collection` from right to left. - * - * @static - * @memberOf _ - * @alias foldr - * @category Collection - * @param {Array|Object|string} collection The collection to iterate over. - * @param {Function} [iteratee=_.identity] The function invoked per iteration. - * @param {*} [accumulator] The initial value. - * @param {*} [thisArg] The `this` binding of `iteratee`. - * @returns {*} Returns the accumulated value. - * @example - * - * var array = [[0, 1], [2, 3], [4, 5]]; - * - * _.reduceRight(array, function(flattened, other) { - * return flattened.concat(other); - * }, []); - * // => [4, 5, 2, 3, 0, 1] - */ - var reduceRight = createReduce(arrayReduceRight, baseEachRight); +function EdwardsCurve(conf) { + // NOTE: Important as we are creating point in Base.call() + this.twisted = (conf.a | 0) !== 1; + this.mOneA = this.twisted && (conf.a | 0) === -1; + this.extended = this.mOneA; - /** - * The opposite of `_.filter`; this method returns the elements of `collection` - * that `predicate` does **not** return truthy for. - * - * @static - * @memberOf _ - * @category Collection - * @param {Array|Object|string} collection The collection to iterate over. - * @param {Function|Object|string} [predicate=_.identity] The function invoked - * per iteration. - * @param {*} [thisArg] The `this` binding of `predicate`. - * @returns {Array} Returns the new filtered array. - * @example - * - * _.reject([1, 2, 3, 4], function(n) { - * return n % 2 == 0; - * }); - * // => [1, 3] - * - * var users = [ - * { 'user': 'barney', 'age': 36, 'active': false }, - * { 'user': 'fred', 'age': 40, 'active': true } - * ]; - * - * // using the `_.matches` callback shorthand - * _.pluck(_.reject(users, { 'age': 40, 'active': true }), 'user'); - * // => ['barney'] - * - * // using the `_.matchesProperty` callback shorthand - * _.pluck(_.reject(users, 'active', false), 'user'); - * // => ['fred'] - * - * // using the `_.property` callback shorthand - * _.pluck(_.reject(users, 'active'), 'user'); - * // => ['barney'] - */ - function reject(collection, predicate, thisArg) { - var func = isArray(collection) ? arrayFilter : baseFilter; - predicate = getCallback(predicate, thisArg, 3); - return func(collection, function(value, index, collection) { - return !predicate(value, index, collection); - }); - } + Base.call(this, 'edwards', conf); - /** - * Gets a random element or `n` random elements from a collection. - * - * @static - * @memberOf _ - * @category Collection - * @param {Array|Object|string} collection The collection to sample. - * @param {number} [n] The number of elements to sample. - * @param- {Object} [guard] Enables use as a callback for functions like `_.map`. - * @returns {*} Returns the random sample(s). - * @example - * - * _.sample([1, 2, 3, 4]); - * // => 2 - * - * _.sample([1, 2, 3, 4], 2); - * // => [3, 1] - */ - function sample(collection, n, guard) { - if (guard ? isIterateeCall(collection, n, guard) : n == null) { - collection = toIterable(collection); - var length = collection.length; - return length > 0 ? collection[baseRandom(0, length - 1)] : undefined; - } - var index = -1, - result = toArray(collection), - length = result.length, - lastIndex = length - 1; + this.a = new bn(conf.a, 16).mod(this.red.m).toRed(this.red); + this.c = new bn(conf.c, 16).toRed(this.red); + this.c2 = this.c.redSqr(); + this.d = new bn(conf.d, 16).toRed(this.red); + this.dd = this.d.redAdd(this.d); - n = nativeMin(n < 0 ? 0 : (+n || 0), length); - while (++index < n) { - var rand = baseRandom(index, lastIndex), - value = result[rand]; + assert(!this.twisted || this.c.fromRed().cmpn(1) === 0); + this.oneC = (conf.c | 0) === 1; +} +inherits(EdwardsCurve, Base); +module.exports = EdwardsCurve; - result[rand] = result[index]; - result[index] = value; - } - result.length = n; - return result; - } +EdwardsCurve.prototype._mulA = function _mulA(num) { + if (this.mOneA) + return num.redNeg(); + else + return this.a.redMul(num); +}; - /** - * Creates an array of shuffled values, using a version of the - * [Fisher-Yates shuffle](https://en.wikipedia.org/wiki/Fisher-Yates_shuffle). - * - * @static - * @memberOf _ - * @category Collection - * @param {Array|Object|string} collection The collection to shuffle. - * @returns {Array} Returns the new shuffled array. - * @example - * - * _.shuffle([1, 2, 3, 4]); - * // => [4, 1, 3, 2] - */ - function shuffle(collection) { - return sample(collection, POSITIVE_INFINITY); - } +EdwardsCurve.prototype._mulC = function _mulC(num) { + if (this.oneC) + return num; + else + return this.c.redMul(num); +}; - /** - * Gets the size of `collection` by returning its length for array-like - * values or the number of own enumerable properties for objects. - * - * @static - * @memberOf _ - * @category Collection - * @param {Array|Object|string} collection The collection to inspect. - * @returns {number} Returns the size of `collection`. - * @example - * - * _.size([1, 2, 3]); - * // => 3 - * - * _.size({ 'a': 1, 'b': 2 }); - * // => 2 - * - * _.size('pebbles'); - * // => 7 - */ - function size(collection) { - var length = collection ? getLength(collection) : 0; - return isLength(length) ? length : keys(collection).length; - } +// Just for compatibility with Short curve +EdwardsCurve.prototype.jpoint = function jpoint(x, y, z, t) { + return this.point(x, y, z, t); +}; - /** - * Checks if `predicate` returns truthy for **any** element of `collection`. - * The function returns as soon as it finds a passing value and does not iterate - * over the entire collection. The predicate is bound to `thisArg` and invoked - * with three arguments: (value, index|key, collection). - * - * If a property name is provided for `predicate` the created `_.property` - * style callback returns the property value of the given element. - * - * If a value is also provided for `thisArg` the created `_.matchesProperty` - * style callback returns `true` for elements that have a matching property - * value, else `false`. - * - * If an object is provided for `predicate` the created `_.matches` style - * callback returns `true` for elements that have the properties of the given - * object, else `false`. - * - * @static - * @memberOf _ - * @alias any - * @category Collection - * @param {Array|Object|string} collection The collection to iterate over. - * @param {Function|Object|string} [predicate=_.identity] The function invoked - * per iteration. - * @param {*} [thisArg] The `this` binding of `predicate`. - * @returns {boolean} Returns `true` if any element passes the predicate check, - * else `false`. - * @example - * - * _.some([null, 0, 'yes', false], Boolean); - * // => true - * - * var users = [ - * { 'user': 'barney', 'active': true }, - * { 'user': 'fred', 'active': false } - * ]; - * - * // using the `_.matches` callback shorthand - * _.some(users, { 'user': 'barney', 'active': false }); - * // => false - * - * // using the `_.matchesProperty` callback shorthand - * _.some(users, 'active', false); - * // => true - * - * // using the `_.property` callback shorthand - * _.some(users, 'active'); - * // => true - */ - function some(collection, predicate, thisArg) { - var func = isArray(collection) ? arraySome : baseSome; - if (thisArg && isIterateeCall(collection, predicate, thisArg)) { - predicate = undefined; - } - if (typeof predicate != 'function' || thisArg !== undefined) { - predicate = getCallback(predicate, thisArg, 3); - } - return func(collection, predicate); - } +EdwardsCurve.prototype.pointFromX = function pointFromX(odd, x) { + x = new bn(x, 16); + if (!x.red) + x = x.toRed(this.red); - /** - * Creates an array of elements, sorted in ascending order by the results of - * running each element in a collection through `iteratee`. This method performs - * a stable sort, that is, it preserves the original sort order of equal elements. - * The `iteratee` is bound to `thisArg` and invoked with three arguments: - * (value, index|key, collection). - * - * If a property name is provided for `iteratee` the created `_.property` - * style callback returns the property value of the given element. - * - * If a value is also provided for `thisArg` the created `_.matchesProperty` - * style callback returns `true` for elements that have a matching property - * value, else `false`. - * - * If an object is provided for `iteratee` the created `_.matches` style - * callback returns `true` for elements that have the properties of the given - * object, else `false`. - * - * @static - * @memberOf _ - * @category Collection - * @param {Array|Object|string} collection The collection to iterate over. - * @param {Function|Object|string} [iteratee=_.identity] The function invoked - * per iteration. - * @param {*} [thisArg] The `this` binding of `iteratee`. - * @returns {Array} Returns the new sorted array. - * @example - * - * _.sortBy([1, 2, 3], function(n) { - * return Math.sin(n); - * }); - * // => [3, 1, 2] - * - * _.sortBy([1, 2, 3], function(n) { - * return this.sin(n); - * }, Math); - * // => [3, 1, 2] - * - * var users = [ - * { 'user': 'fred' }, - * { 'user': 'pebbles' }, - * { 'user': 'barney' } - * ]; - * - * // using the `_.property` callback shorthand - * _.pluck(_.sortBy(users, 'user'), 'user'); - * // => ['barney', 'fred', 'pebbles'] - */ - function sortBy(collection, iteratee, thisArg) { - if (collection == null) { - return []; - } - if (thisArg && isIterateeCall(collection, iteratee, thisArg)) { - iteratee = undefined; - } - var index = -1; - iteratee = getCallback(iteratee, thisArg, 3); + var x2 = x.redSqr(); + var rhs = this.c2.redSub(this.a.redMul(x2)); + var lhs = this.one.redSub(this.c2.redMul(this.d).redMul(x2)); - var result = baseMap(collection, function(value, key, collection) { - return { 'criteria': iteratee(value, key, collection), 'index': ++index, 'value': value }; - }); - return baseSortBy(result, compareAscending); - } + var y = rhs.redMul(lhs.redInvm()).redSqrt(); + var isOdd = y.fromRed().isOdd(); + if (odd && !isOdd || !odd && isOdd) + y = y.redNeg(); - /** - * This method is like `_.sortBy` except that it can sort by multiple iteratees - * or property names. - * - * If a property name is provided for an iteratee the created `_.property` - * style callback returns the property value of the given element. - * - * If an object is provided for an iteratee the created `_.matches` style - * callback returns `true` for elements that have the properties of the given - * object, else `false`. - * - * @static - * @memberOf _ - * @category Collection - * @param {Array|Object|string} collection The collection to iterate over. - * @param {...(Function|Function[]|Object|Object[]|string|string[])} iteratees - * The iteratees to sort by, specified as individual values or arrays of values. - * @returns {Array} Returns the new sorted array. - * @example - * - * var users = [ - * { 'user': 'fred', 'age': 48 }, - * { 'user': 'barney', 'age': 36 }, - * { 'user': 'fred', 'age': 42 }, - * { 'user': 'barney', 'age': 34 } - * ]; - * - * _.map(_.sortByAll(users, ['user', 'age']), _.values); - * // => [['barney', 34], ['barney', 36], ['fred', 42], ['fred', 48]] - * - * _.map(_.sortByAll(users, 'user', function(chr) { - * return Math.floor(chr.age / 10); - * }), _.values); - * // => [['barney', 36], ['barney', 34], ['fred', 48], ['fred', 42]] - */ - var sortByAll = restParam(function(collection, iteratees) { - if (collection == null) { - return []; - } - var guard = iteratees[2]; - if (guard && isIterateeCall(iteratees[0], iteratees[1], guard)) { - iteratees.length = 1; - } - return baseSortByOrder(collection, baseFlatten(iteratees), []); - }); + return this.point(x, y, curve.one); +}; - /** - * This method is like `_.sortByAll` except that it allows specifying the - * sort orders of the iteratees to sort by. If `orders` is unspecified, all - * values are sorted in ascending order. Otherwise, a value is sorted in - * ascending order if its corresponding order is "asc", and descending if "desc". - * - * If a property name is provided for an iteratee the created `_.property` - * style callback returns the property value of the given element. - * - * If an object is provided for an iteratee the created `_.matches` style - * callback returns `true` for elements that have the properties of the given - * object, else `false`. - * - * @static - * @memberOf _ - * @category Collection - * @param {Array|Object|string} collection The collection to iterate over. - * @param {Function[]|Object[]|string[]} iteratees The iteratees to sort by. - * @param {boolean[]} [orders] The sort orders of `iteratees`. - * @param- {Object} [guard] Enables use as a callback for functions like `_.reduce`. - * @returns {Array} Returns the new sorted array. - * @example - * - * var users = [ - * { 'user': 'fred', 'age': 48 }, - * { 'user': 'barney', 'age': 34 }, - * { 'user': 'fred', 'age': 42 }, - * { 'user': 'barney', 'age': 36 } - * ]; - * - * // sort by `user` in ascending order and by `age` in descending order - * _.map(_.sortByOrder(users, ['user', 'age'], ['asc', 'desc']), _.values); - * // => [['barney', 36], ['barney', 34], ['fred', 48], ['fred', 42]] - */ - function sortByOrder(collection, iteratees, orders, guard) { - if (collection == null) { - return []; - } - if (guard && isIterateeCall(iteratees, orders, guard)) { - orders = undefined; - } - if (!isArray(iteratees)) { - iteratees = iteratees == null ? [] : [iteratees]; - } - if (!isArray(orders)) { - orders = orders == null ? [] : [orders]; - } - return baseSortByOrder(collection, iteratees, orders); - } +EdwardsCurve.prototype.validate = function validate(point) { + if (point.isInfinity()) + return true; - /** - * Performs a deep comparison between each element in `collection` and the - * source object, returning an array of all elements that have equivalent - * property values. - * - * **Note:** This method supports comparing arrays, booleans, `Date` objects, - * numbers, `Object` objects, regexes, and strings. Objects are compared by - * their own, not inherited, enumerable properties. For comparing a single - * own or inherited property value see `_.matchesProperty`. - * - * @static - * @memberOf _ - * @category Collection - * @param {Array|Object|string} collection The collection to search. - * @param {Object} source The object of property values to match. - * @returns {Array} Returns the new filtered array. - * @example - * - * var users = [ - * { 'user': 'barney', 'age': 36, 'active': false, 'pets': ['hoppy'] }, - * { 'user': 'fred', 'age': 40, 'active': true, 'pets': ['baby puss', 'dino'] } - * ]; - * - * _.pluck(_.where(users, { 'age': 36, 'active': false }), 'user'); - * // => ['barney'] - * - * _.pluck(_.where(users, { 'pets': ['dino'] }), 'user'); - * // => ['fred'] - */ - function where(collection, source) { - return filter(collection, baseMatches(source)); - } + // Curve: A * X^2 + Y^2 = C^2 * (1 + D * X^2 * Y^2) + point.normalize(); - /*------------------------------------------------------------------------*/ - - /** - * Gets the number of milliseconds that have elapsed since the Unix epoch - * (1 January 1970 00:00:00 UTC). - * - * @static - * @memberOf _ - * @category Date - * @example - * - * _.defer(function(stamp) { - * console.log(_.now() - stamp); - * }, _.now()); - * // => logs the number of milliseconds it took for the deferred function to be invoked - */ - var now = nativeNow || function() { - return new Date().getTime(); - }; + var x2 = point.x.redSqr(); + var y2 = point.y.redSqr(); + var lhs = x2.redMul(this.a).redAdd(y2); + var rhs = this.c2.redMul(this.one.redAdd(this.d.redMul(x2).redMul(y2))); - /*------------------------------------------------------------------------*/ + return lhs.cmp(rhs) === 0; +}; - /** - * The opposite of `_.before`; this method creates a function that invokes - * `func` once it is called `n` or more times. - * - * @static - * @memberOf _ - * @category Function - * @param {number} n The number of calls before `func` is invoked. - * @param {Function} func The function to restrict. - * @returns {Function} Returns the new restricted function. - * @example - * - * var saves = ['profile', 'settings']; - * - * var done = _.after(saves.length, function() { - * console.log('done saving!'); - * }); - * - * _.forEach(saves, function(type) { - * asyncSave({ 'type': type, 'complete': done }); - * }); - * // => logs 'done saving!' after the two async saves have completed - */ - function after(n, func) { - if (typeof func != 'function') { - if (typeof n == 'function') { - var temp = n; - n = func; - func = temp; - } else { - throw new TypeError(FUNC_ERROR_TEXT); - } - } - n = nativeIsFinite(n = +n) ? n : 0; - return function() { - if (--n < 1) { - return func.apply(this, arguments); - } - }; - } +function Point(curve, x, y, z, t) { + Base.BasePoint.call(this, curve, 'projective'); + if (x === null && y === null && z === null) { + this.x = this.curve.zero; + this.y = this.curve.one; + this.z = this.curve.one; + this.t = this.curve.zero; + this.zOne = true; + } else { + this.x = new bn(x, 16); + this.y = new bn(y, 16); + this.z = z ? new bn(z, 16) : this.curve.one; + this.t = t && new bn(t, 16); + if (!this.x.red) + this.x = this.x.toRed(this.curve.red); + if (!this.y.red) + this.y = this.y.toRed(this.curve.red); + if (!this.z.red) + this.z = this.z.toRed(this.curve.red); + if (this.t && !this.t.red) + this.t = this.t.toRed(this.curve.red); + this.zOne = this.z === this.curve.one; - /** - * Creates a function that accepts up to `n` arguments ignoring any - * additional arguments. - * - * @static - * @memberOf _ - * @category Function - * @param {Function} func The function to cap arguments for. - * @param {number} [n=func.length] The arity cap. - * @param- {Object} [guard] Enables use as a callback for functions like `_.map`. - * @returns {Function} Returns the new function. - * @example - * - * _.map(['6', '8', '10'], _.ary(parseInt, 1)); - * // => [6, 8, 10] - */ - function ary(func, n, guard) { - if (guard && isIterateeCall(func, n, guard)) { - n = undefined; - } - n = (func && n == null) ? func.length : nativeMax(+n || 0, 0); - return createWrapper(func, ARY_FLAG, undefined, undefined, undefined, undefined, n); + // Use extended coordinates + if (this.curve.extended && !this.t) { + this.t = this.x.redMul(this.y); + if (!this.zOne) + this.t = this.t.redMul(this.z.redInvm()); } + } +} +inherits(Point, Base.BasePoint); - /** - * Creates a function that invokes `func`, with the `this` binding and arguments - * of the created function, while it is called less than `n` times. Subsequent - * calls to the created function return the result of the last `func` invocation. - * - * @static - * @memberOf _ - * @category Function - * @param {number} n The number of calls at which `func` is no longer invoked. - * @param {Function} func The function to restrict. - * @returns {Function} Returns the new restricted function. - * @example - * - * jQuery('#add').on('click', _.before(5, addContactToList)); - * // => allows adding up to 4 contacts to the list - */ - function before(n, func) { - var result; - if (typeof func != 'function') { - if (typeof n == 'function') { - var temp = n; - n = func; - func = temp; - } else { - throw new TypeError(FUNC_ERROR_TEXT); - } - } - return function() { - if (--n > 0) { - result = func.apply(this, arguments); - } - if (n <= 1) { - func = undefined; - } - return result; - }; - } +EdwardsCurve.prototype.pointFromJSON = function pointFromJSON(obj) { + return Point.fromJSON(this, obj); +}; - /** - * Creates a function that invokes `func` with the `this` binding of `thisArg` - * and prepends any additional `_.bind` arguments to those provided to the - * bound function. - * - * The `_.bind.placeholder` value, which defaults to `_` in monolithic builds, - * may be used as a placeholder for partially applied arguments. - * - * **Note:** Unlike native `Function#bind` this method does not set the "length" - * property of bound functions. - * - * @static - * @memberOf _ - * @category Function - * @param {Function} func The function to bind. - * @param {*} thisArg The `this` binding of `func`. - * @param {...*} [partials] The arguments to be partially applied. - * @returns {Function} Returns the new bound function. - * @example - * - * var greet = function(greeting, punctuation) { - * return greeting + ' ' + this.user + punctuation; - * }; - * - * var object = { 'user': 'fred' }; - * - * var bound = _.bind(greet, object, 'hi'); - * bound('!'); - * // => 'hi fred!' - * - * // using placeholders - * var bound = _.bind(greet, object, _, '!'); - * bound('hi'); - * // => 'hi fred!' - */ - var bind = restParam(function(func, thisArg, partials) { - var bitmask = BIND_FLAG; - if (partials.length) { - var holders = replaceHolders(partials, bind.placeholder); - bitmask |= PARTIAL_FLAG; - } - return createWrapper(func, bitmask, thisArg, partials, holders); - }); +EdwardsCurve.prototype.point = function point(x, y, z, t) { + return new Point(this, x, y, z, t); +}; - /** - * Binds methods of an object to the object itself, overwriting the existing - * method. Method names may be specified as individual arguments or as arrays - * of method names. If no method names are provided all enumerable function - * properties, own and inherited, of `object` are bound. - * - * **Note:** This method does not set the "length" property of bound functions. - * - * @static - * @memberOf _ - * @category Function - * @param {Object} object The object to bind and assign the bound methods to. - * @param {...(string|string[])} [methodNames] The object method names to bind, - * specified as individual method names or arrays of method names. - * @returns {Object} Returns `object`. - * @example - * - * var view = { - * 'label': 'docs', - * 'onClick': function() { - * console.log('clicked ' + this.label); - * } - * }; - * - * _.bindAll(view); - * jQuery('#docs').on('click', view.onClick); - * // => logs 'clicked docs' when the element is clicked - */ - var bindAll = restParam(function(object, methodNames) { - methodNames = methodNames.length ? baseFlatten(methodNames) : functions(object); +Point.fromJSON = function fromJSON(curve, obj) { + return new Point(curve, obj[0], obj[1], obj[2]); +}; - var index = -1, - length = methodNames.length; +Point.prototype.inspect = function inspect() { + if (this.isInfinity()) + return ''; + return ''; +}; - while (++index < length) { - var key = methodNames[index]; - object[key] = createWrapper(object[key], BIND_FLAG, object); - } - return object; - }); +Point.prototype.isInfinity = function isInfinity() { + // XXX This code assumes that zero is always zero in red + return this.x.cmpn(0) === 0 && + this.y.cmp(this.z) === 0; +}; - /** - * Creates a function that invokes the method at `object[key]` and prepends - * any additional `_.bindKey` arguments to those provided to the bound function. - * - * This method differs from `_.bind` by allowing bound functions to reference - * methods that may be redefined or don't yet exist. - * See [Peter Michaux's article](http://peter.michaux.ca/articles/lazy-function-definition-pattern) - * for more details. - * - * The `_.bindKey.placeholder` value, which defaults to `_` in monolithic - * builds, may be used as a placeholder for partially applied arguments. - * - * @static - * @memberOf _ - * @category Function - * @param {Object} object The object the method belongs to. - * @param {string} key The key of the method. - * @param {...*} [partials] The arguments to be partially applied. - * @returns {Function} Returns the new bound function. - * @example - * - * var object = { - * 'user': 'fred', - * 'greet': function(greeting, punctuation) { - * return greeting + ' ' + this.user + punctuation; - * } - * }; - * - * var bound = _.bindKey(object, 'greet', 'hi'); - * bound('!'); - * // => 'hi fred!' - * - * object.greet = function(greeting, punctuation) { - * return greeting + 'ya ' + this.user + punctuation; - * }; - * - * bound('!'); - * // => 'hiya fred!' - * - * // using placeholders - * var bound = _.bindKey(object, 'greet', _, '!'); - * bound('hi'); - * // => 'hiya fred!' - */ - var bindKey = restParam(function(object, key, partials) { - var bitmask = BIND_FLAG | BIND_KEY_FLAG; - if (partials.length) { - var holders = replaceHolders(partials, bindKey.placeholder); - bitmask |= PARTIAL_FLAG; - } - return createWrapper(key, bitmask, object, partials, holders); - }); +Point.prototype._extDbl = function _extDbl() { + // hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html + // #doubling-dbl-2008-hwcd + // 4M + 4S - /** - * Creates a function that accepts one or more arguments of `func` that when - * called either invokes `func` returning its result, if all `func` arguments - * have been provided, or returns a function that accepts one or more of the - * remaining `func` arguments, and so on. The arity of `func` may be specified - * if `func.length` is not sufficient. - * - * The `_.curry.placeholder` value, which defaults to `_` in monolithic builds, - * may be used as a placeholder for provided arguments. - * - * **Note:** This method does not set the "length" property of curried functions. - * - * @static - * @memberOf _ - * @category Function - * @param {Function} func The function to curry. - * @param {number} [arity=func.length] The arity of `func`. - * @param- {Object} [guard] Enables use as a callback for functions like `_.map`. - * @returns {Function} Returns the new curried function. - * @example - * - * var abc = function(a, b, c) { - * return [a, b, c]; - * }; - * - * var curried = _.curry(abc); - * - * curried(1)(2)(3); - * // => [1, 2, 3] - * - * curried(1, 2)(3); - * // => [1, 2, 3] - * - * curried(1, 2, 3); - * // => [1, 2, 3] - * - * // using placeholders - * curried(1)(_, 3)(2); - * // => [1, 2, 3] - */ - var curry = createCurry(CURRY_FLAG); + // A = X1^2 + var a = this.x.redSqr(); + // B = Y1^2 + var b = this.y.redSqr(); + // C = 2 * Z1^2 + var c = this.z.redSqr(); + c = c.redIAdd(c); + // D = a * A + var d = this.curve._mulA(a); + // E = (X1 + Y1)^2 - A - B + var e = this.x.redAdd(this.y).redSqr().redISub(a).redISub(b); + // G = D + B + var g = d.redAdd(b); + // F = G - C + var f = g.redSub(c); + // H = D - B + var h = d.redSub(b); + // X3 = E * F + var nx = e.redMul(f); + // Y3 = G * H + var ny = g.redMul(h); + // T3 = E * H + var nt = e.redMul(h); + // Z3 = F * G + var nz = f.redMul(g); + return this.curve.point(nx, ny, nz, nt); +}; - /** - * This method is like `_.curry` except that arguments are applied to `func` - * in the manner of `_.partialRight` instead of `_.partial`. - * - * The `_.curryRight.placeholder` value, which defaults to `_` in monolithic - * builds, may be used as a placeholder for provided arguments. - * - * **Note:** This method does not set the "length" property of curried functions. - * - * @static - * @memberOf _ - * @category Function - * @param {Function} func The function to curry. - * @param {number} [arity=func.length] The arity of `func`. - * @param- {Object} [guard] Enables use as a callback for functions like `_.map`. - * @returns {Function} Returns the new curried function. - * @example - * - * var abc = function(a, b, c) { - * return [a, b, c]; - * }; - * - * var curried = _.curryRight(abc); - * - * curried(3)(2)(1); - * // => [1, 2, 3] - * - * curried(2, 3)(1); - * // => [1, 2, 3] - * - * curried(1, 2, 3); - * // => [1, 2, 3] - * - * // using placeholders - * curried(3)(1, _)(2); - * // => [1, 2, 3] - */ - var curryRight = createCurry(CURRY_RIGHT_FLAG); +Point.prototype._projDbl = function _projDbl() { + // hyperelliptic.org/EFD/g1p/auto-twisted-projective.html + // #doubling-dbl-2008-bbjlp + // #doubling-dbl-2007-bl + // and others + // Generally 3M + 4S or 2M + 4S - /** - * Creates a debounced function that delays invoking `func` until after `wait` - * milliseconds have elapsed since the last time the debounced function was - * invoked. The debounced function comes with a `cancel` method to cancel - * delayed invocations. Provide an options object to indicate that `func` - * should be invoked on the leading and/or trailing edge of the `wait` timeout. - * Subsequent calls to the debounced function return the result of the last - * `func` invocation. - * - * **Note:** If `leading` and `trailing` options are `true`, `func` is invoked - * on the trailing edge of the timeout only if the the debounced function is - * invoked more than once during the `wait` timeout. - * - * See [David Corbacho's article](http://drupalmotion.com/article/debounce-and-throttle-visual-explanation) - * for details over the differences between `_.debounce` and `_.throttle`. - * - * @static - * @memberOf _ - * @category Function - * @param {Function} func The function to debounce. - * @param {number} [wait=0] The number of milliseconds to delay. - * @param {Object} [options] The options object. - * @param {boolean} [options.leading=false] Specify invoking on the leading - * edge of the timeout. - * @param {number} [options.maxWait] The maximum time `func` is allowed to be - * delayed before it is invoked. - * @param {boolean} [options.trailing=true] Specify invoking on the trailing - * edge of the timeout. - * @returns {Function} Returns the new debounced function. - * @example - * - * // avoid costly calculations while the window size is in flux - * jQuery(window).on('resize', _.debounce(calculateLayout, 150)); - * - * // invoke `sendMail` when the click event is fired, debouncing subsequent calls - * jQuery('#postbox').on('click', _.debounce(sendMail, 300, { - * 'leading': true, - * 'trailing': false - * })); - * - * // ensure `batchLog` is invoked once after 1 second of debounced calls - * var source = new EventSource('/stream'); - * jQuery(source).on('message', _.debounce(batchLog, 250, { - * 'maxWait': 1000 - * })); - * - * // cancel a debounced call - * var todoChanges = _.debounce(batchLog, 1000); - * Object.observe(models.todo, todoChanges); - * - * Object.observe(models, function(changes) { - * if (_.find(changes, { 'user': 'todo', 'type': 'delete'})) { - * todoChanges.cancel(); - * } - * }, ['delete']); - * - * // ...at some point `models.todo` is changed - * models.todo.completed = true; - * - * // ...before 1 second has passed `models.todo` is deleted - * // which cancels the debounced `todoChanges` call - * delete models.todo; - */ - function debounce(func, wait, options) { - var args, - maxTimeoutId, - result, - stamp, - thisArg, - timeoutId, - trailingCall, - lastCalled = 0, - maxWait = false, - trailing = true; + // B = (X1 + Y1)^2 + var b = this.x.redAdd(this.y).redSqr(); + // C = X1^2 + var c = this.x.redSqr(); + // D = Y1^2 + var d = this.y.redSqr(); - if (typeof func != 'function') { - throw new TypeError(FUNC_ERROR_TEXT); - } - wait = wait < 0 ? 0 : (+wait || 0); - if (options === true) { - var leading = true; - trailing = false; - } else if (isObject(options)) { - leading = !!options.leading; - maxWait = 'maxWait' in options && nativeMax(+options.maxWait || 0, wait); - trailing = 'trailing' in options ? !!options.trailing : trailing; - } + var nx; + var ny; + var nz; + if (this.curve.twisted) { + // E = a * C + var e = this.curve._mulA(c); + // F = E + D + var f = e.redAdd(d); + if (this.zOne) { + // X3 = (B - C - D) * (F - 2) + nx = b.redSub(c).redSub(d).redMul(f.redSub(this.curve.two)); + // Y3 = F * (E - D) + ny = f.redMul(e.redSub(d)); + // Z3 = F^2 - 2 * F + nz = f.redSqr().redSub(f).redSub(f); + } else { + // H = Z1^2 + var h = this.z.redSqr(); + // J = F - 2 * H + var j = f.redSub(h).redISub(h); + // X3 = (B-C-D)*J + nx = b.redSub(c).redISub(d).redMul(j); + // Y3 = F * (E - D) + ny = f.redMul(e.redSub(d)); + // Z3 = F * J + nz = f.redMul(j); + } + } else { + // E = C + D + var e = c.redAdd(d); + // H = (c * Z1)^2 + var h = this.curve._mulC(this.c.redMul(this.z)).redSqr(); + // J = E - 2 * H + var j = e.redSub(h).redSub(h); + // X3 = c * (B - E) * J + nx = this.curve._mulC(b.redISub(e)).redMul(j); + // Y3 = c * E * (C - D) + ny = this.curve._mulC(e).redMul(c.redISub(d)); + // Z3 = E * J + nz = e.redMul(j); + } + return this.curve.point(nx, ny, nz); +}; - function cancel() { - if (timeoutId) { - clearTimeout(timeoutId); - } - if (maxTimeoutId) { - clearTimeout(maxTimeoutId); - } - lastCalled = 0; - maxTimeoutId = timeoutId = trailingCall = undefined; - } +Point.prototype.dbl = function dbl() { + if (this.isInfinity()) + return this; - function complete(isCalled, id) { - if (id) { - clearTimeout(id); - } - maxTimeoutId = timeoutId = trailingCall = undefined; - if (isCalled) { - lastCalled = now(); - result = func.apply(thisArg, args); - if (!timeoutId && !maxTimeoutId) { - args = thisArg = undefined; - } - } - } + // Double in extended coordinates + if (this.curve.extended) + return this._extDbl(); + else + return this._projDbl(); +}; - function delayed() { - var remaining = wait - (now() - stamp); - if (remaining <= 0 || remaining > wait) { - complete(trailingCall, maxTimeoutId); - } else { - timeoutId = setTimeout(delayed, remaining); - } - } +Point.prototype._extAdd = function _extAdd(p) { + // hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html + // #addition-add-2008-hwcd-3 + // 8M - function maxDelayed() { - complete(trailing, timeoutId); - } + // A = (Y1 - X1) * (Y2 - X2) + var a = this.y.redSub(this.x).redMul(p.y.redSub(p.x)); + // B = (Y1 + X1) * (Y2 + X2) + var b = this.y.redAdd(this.x).redMul(p.y.redAdd(p.x)); + // C = T1 * k * T2 + var c = this.t.redMul(this.curve.dd).redMul(p.t); + // D = Z1 * 2 * Z2 + var d = this.z.redMul(p.z.redAdd(p.z)); + // E = B - A + var e = b.redSub(a); + // F = D - C + var f = d.redSub(c); + // G = D + C + var g = d.redAdd(c); + // H = B + A + var h = b.redAdd(a); + // X3 = E * F + var nx = e.redMul(f); + // Y3 = G * H + var ny = g.redMul(h); + // T3 = E * H + var nt = e.redMul(h); + // Z3 = F * G + var nz = f.redMul(g); + return this.curve.point(nx, ny, nz, nt); +}; - function debounced() { - args = arguments; - stamp = now(); - thisArg = this; - trailingCall = trailing && (timeoutId || !leading); +Point.prototype._projAdd = function _projAdd(p) { + // hyperelliptic.org/EFD/g1p/auto-twisted-projective.html + // #addition-add-2008-bbjlp + // #addition-add-2007-bl + // 10M + 1S - if (maxWait === false) { - var leadingCall = leading && !timeoutId; - } else { - if (!maxTimeoutId && !leading) { - lastCalled = stamp; - } - var remaining = maxWait - (stamp - lastCalled), - isCalled = remaining <= 0 || remaining > maxWait; + // A = Z1 * Z2 + var a = this.z.redMul(p.z); + // B = A^2 + var b = a.redSqr(); + // C = X1 * X2 + var c = this.x.redMul(p.x); + // D = Y1 * Y2 + var d = this.y.redMul(p.y); + // E = d * C * D + var e = this.curve.d.redMul(c).redMul(d); + // F = B - E + var f = b.redSub(e); + // G = B + E + var g = b.redAdd(e); + // X3 = A * F * ((X1 + Y1) * (X2 + Y2) - C - D) + var tmp = this.x.redAdd(this.y).redMul(p.x.redAdd(p.y)).redISub(c).redISub(d); + var nx = a.redMul(f).redMul(tmp); + var ny; + var nz; + if (this.curve.twisted) { + // Y3 = A * G * (D - a * C) + ny = a.redMul(g).redMul(d.redSub(this.curve._mulA(c))); + // Z3 = F * G + nz = f.redMul(g); + } else { + // Y3 = A * G * (D - C) + ny = a.redMul(g).redMul(d.redSub(c)); + // Z3 = c * F * G + nz = this.curve._mulC(f).redMul(g); + } + return this.curve.point(nx, ny, nz); +}; - if (isCalled) { - if (maxTimeoutId) { - maxTimeoutId = clearTimeout(maxTimeoutId); - } - lastCalled = stamp; - result = func.apply(thisArg, args); - } - else if (!maxTimeoutId) { - maxTimeoutId = setTimeout(maxDelayed, remaining); - } - } - if (isCalled && timeoutId) { - timeoutId = clearTimeout(timeoutId); - } - else if (!timeoutId && wait !== maxWait) { - timeoutId = setTimeout(delayed, wait); - } - if (leadingCall) { - isCalled = true; - result = func.apply(thisArg, args); - } - if (isCalled && !timeoutId && !maxTimeoutId) { - args = thisArg = undefined; - } - return result; - } - debounced.cancel = cancel; - return debounced; - } +Point.prototype.add = function add(p) { + if (this.isInfinity()) + return p; + if (p.isInfinity()) + return this; - /** - * Defers invoking the `func` until the current call stack has cleared. Any - * additional arguments are provided to `func` when it is invoked. - * - * @static - * @memberOf _ - * @category Function - * @param {Function} func The function to defer. - * @param {...*} [args] The arguments to invoke the function with. - * @returns {number} Returns the timer id. - * @example - * - * _.defer(function(text) { - * console.log(text); - * }, 'deferred'); - * // logs 'deferred' after one or more milliseconds - */ - var defer = restParam(function(func, args) { - return baseDelay(func, 1, args); - }); + if (this.curve.extended) + return this._extAdd(p); + else + return this._projAdd(p); +}; - /** - * Invokes `func` after `wait` milliseconds. Any additional arguments are - * provided to `func` when it is invoked. - * - * @static - * @memberOf _ - * @category Function - * @param {Function} func The function to delay. - * @param {number} wait The number of milliseconds to delay invocation. - * @param {...*} [args] The arguments to invoke the function with. - * @returns {number} Returns the timer id. - * @example - * - * _.delay(function(text) { - * console.log(text); - * }, 1000, 'later'); - * // => logs 'later' after one second - */ - var delay = restParam(function(func, wait, args) { - return baseDelay(func, wait, args); - }); +Point.prototype.mul = function mul(k) { + if (this.precomputed && this.precomputed.doubles) + return this.curve._fixedNafMul(this, k); + else + return this.curve._wnafMul(this, k); +}; - /** - * Creates a function that returns the result of invoking the provided - * functions with the `this` binding of the created function, where each - * successive invocation is supplied the return value of the previous. - * - * @static - * @memberOf _ - * @category Function - * @param {...Function} [funcs] Functions to invoke. - * @returns {Function} Returns the new function. - * @example - * - * function square(n) { - * return n * n; - * } - * - * var addSquare = _.flow(_.add, square); - * addSquare(1, 2); - * // => 9 - */ - var flow = createFlow(); +Point.prototype.mulAdd = function mulAdd(k1, p, k2) { + return this.curve._wnafMulAdd(1, [ this, p ], [ k1, k2 ], 2); +}; - /** - * This method is like `_.flow` except that it creates a function that - * invokes the provided functions from right to left. - * - * @static - * @memberOf _ - * @alias backflow, compose - * @category Function - * @param {...Function} [funcs] Functions to invoke. - * @returns {Function} Returns the new function. - * @example - * - * function square(n) { - * return n * n; - * } - * - * var addSquare = _.flowRight(square, _.add); - * addSquare(1, 2); - * // => 9 - */ - var flowRight = createFlow(true); +Point.prototype.normalize = function normalize() { + if (this.zOne) + return this; - /** - * Creates a function that memoizes the result of `func`. If `resolver` is - * provided it determines the cache key for storing the result based on the - * arguments provided to the memoized function. By default, the first argument - * provided to the memoized function is coerced to a string and used as the - * cache key. The `func` is invoked with the `this` binding of the memoized - * function. - * - * **Note:** The cache is exposed as the `cache` property on the memoized - * function. Its creation may be customized by replacing the `_.memoize.Cache` - * constructor with one whose instances implement the [`Map`](http://ecma-international.org/ecma-262/6.0/#sec-properties-of-the-map-prototype-object) - * method interface of `get`, `has`, and `set`. - * - * @static - * @memberOf _ - * @category Function - * @param {Function} func The function to have its output memoized. - * @param {Function} [resolver] The function to resolve the cache key. - * @returns {Function} Returns the new memoizing function. - * @example - * - * var upperCase = _.memoize(function(string) { - * return string.toUpperCase(); - * }); - * - * upperCase('fred'); - * // => 'FRED' - * - * // modifying the result cache - * upperCase.cache.set('fred', 'BARNEY'); - * upperCase('fred'); - * // => 'BARNEY' - * - * // replacing `_.memoize.Cache` - * var object = { 'user': 'fred' }; - * var other = { 'user': 'barney' }; - * var identity = _.memoize(_.identity); - * - * identity(object); - * // => { 'user': 'fred' } - * identity(other); - * // => { 'user': 'fred' } - * - * _.memoize.Cache = WeakMap; - * var identity = _.memoize(_.identity); - * - * identity(object); - * // => { 'user': 'fred' } - * identity(other); - * // => { 'user': 'barney' } - */ - function memoize(func, resolver) { - if (typeof func != 'function' || (resolver && typeof resolver != 'function')) { - throw new TypeError(FUNC_ERROR_TEXT); - } - var memoized = function() { - var args = arguments, - key = resolver ? resolver.apply(this, args) : args[0], - cache = memoized.cache; + // Normalize coordinates + var zi = this.z.redInvm(); + this.x = this.x.redMul(zi); + this.y = this.y.redMul(zi); + if (this.t) + this.t = this.t.redMul(zi); + this.z = this.curve.one; + this.zOne = true; + return this; +}; - if (cache.has(key)) { - return cache.get(key); - } - var result = func.apply(this, args); - memoized.cache = cache.set(key, result); - return result; - }; - memoized.cache = new memoize.Cache; - return memoized; - } +Point.prototype.neg = function neg() { + return this.curve.point(this.x.redNeg(), + this.y, + this.z, + this.t && this.t.redNeg()); +}; - /** - * Creates a function that runs each argument through a corresponding - * transform function. - * - * @static - * @memberOf _ - * @category Function - * @param {Function} func The function to wrap. - * @param {...(Function|Function[])} [transforms] The functions to transform - * arguments, specified as individual functions or arrays of functions. - * @returns {Function} Returns the new function. - * @example - * - * function doubled(n) { - * return n * 2; - * } - * - * function square(n) { - * return n * n; - * } - * - * var modded = _.modArgs(function(x, y) { - * return [x, y]; - * }, square, doubled); - * - * modded(1, 2); - * // => [1, 4] - * - * modded(5, 10); - * // => [25, 20] - */ - var modArgs = restParam(function(func, transforms) { - transforms = baseFlatten(transforms); - if (typeof func != 'function' || !arrayEvery(transforms, baseIsFunction)) { - throw new TypeError(FUNC_ERROR_TEXT); - } - var length = transforms.length; - return restParam(function(args) { - var index = nativeMin(args.length, length); - while (index--) { - args[index] = transforms[index](args[index]); - } - return func.apply(this, args); - }); - }); +Point.prototype.getX = function getX() { + this.normalize(); + return this.x.fromRed(); +}; - /** - * Creates a function that negates the result of the predicate `func`. The - * `func` predicate is invoked with the `this` binding and arguments of the - * created function. - * - * @static - * @memberOf _ - * @category Function - * @param {Function} predicate The predicate to negate. - * @returns {Function} Returns the new function. - * @example - * - * function isEven(n) { - * return n % 2 == 0; - * } - * - * _.filter([1, 2, 3, 4, 5, 6], _.negate(isEven)); - * // => [1, 3, 5] - */ - function negate(predicate) { - if (typeof predicate != 'function') { - throw new TypeError(FUNC_ERROR_TEXT); - } - return function() { - return !predicate.apply(this, arguments); - }; - } +Point.prototype.getY = function getY() { + this.normalize(); + return this.y.fromRed(); +}; - /** - * Creates a function that is restricted to invoking `func` once. Repeat calls - * to the function return the value of the first call. The `func` is invoked - * with the `this` binding and arguments of the created function. - * - * @static - * @memberOf _ - * @category Function - * @param {Function} func The function to restrict. - * @returns {Function} Returns the new restricted function. - * @example - * - * var initialize = _.once(createApplication); - * initialize(); - * initialize(); - * // `initialize` invokes `createApplication` once - */ - function once(func) { - return before(2, func); - } +// Compatibility with BaseCurve +Point.prototype.toP = Point.prototype.normalize; +Point.prototype.mixedAdd = Point.prototype.add; - /** - * Creates a function that invokes `func` with `partial` arguments prepended - * to those provided to the new function. This method is like `_.bind` except - * it does **not** alter the `this` binding. - * - * The `_.partial.placeholder` value, which defaults to `_` in monolithic - * builds, may be used as a placeholder for partially applied arguments. - * - * **Note:** This method does not set the "length" property of partially - * applied functions. - * - * @static - * @memberOf _ - * @category Function - * @param {Function} func The function to partially apply arguments to. - * @param {...*} [partials] The arguments to be partially applied. - * @returns {Function} Returns the new partially applied function. - * @example - * - * var greet = function(greeting, name) { - * return greeting + ' ' + name; - * }; - * - * var sayHelloTo = _.partial(greet, 'hello'); - * sayHelloTo('fred'); - * // => 'hello fred' - * - * // using placeholders - * var greetFred = _.partial(greet, _, 'fred'); - * greetFred('hi'); - * // => 'hi fred' - */ - var partial = createPartial(PARTIAL_FLAG); +},{"../../elliptic":74,"../curve":77,"bn.js":71,"inherits":95}],77:[function(require,module,exports){ +'use strict'; - /** - * This method is like `_.partial` except that partially applied arguments - * are appended to those provided to the new function. - * - * The `_.partialRight.placeholder` value, which defaults to `_` in monolithic - * builds, may be used as a placeholder for partially applied arguments. - * - * **Note:** This method does not set the "length" property of partially - * applied functions. - * - * @static - * @memberOf _ - * @category Function - * @param {Function} func The function to partially apply arguments to. - * @param {...*} [partials] The arguments to be partially applied. - * @returns {Function} Returns the new partially applied function. - * @example - * - * var greet = function(greeting, name) { - * return greeting + ' ' + name; - * }; - * - * var greetFred = _.partialRight(greet, 'fred'); - * greetFred('hi'); - * // => 'hi fred' - * - * // using placeholders - * var sayHelloTo = _.partialRight(greet, 'hello', _); - * sayHelloTo('fred'); - * // => 'hello fred' - */ - var partialRight = createPartial(PARTIAL_RIGHT_FLAG); +var curve = exports; - /** - * Creates a function that invokes `func` with arguments arranged according - * to the specified indexes where the argument value at the first index is - * provided as the first argument, the argument value at the second index is - * provided as the second argument, and so on. - * - * @static - * @memberOf _ - * @category Function - * @param {Function} func The function to rearrange arguments for. - * @param {...(number|number[])} indexes The arranged argument indexes, - * specified as individual indexes or arrays of indexes. - * @returns {Function} Returns the new function. - * @example - * - * var rearged = _.rearg(function(a, b, c) { - * return [a, b, c]; - * }, 2, 0, 1); - * - * rearged('b', 'c', 'a') - * // => ['a', 'b', 'c'] - * - * var map = _.rearg(_.map, [1, 0]); - * map(function(n) { - * return n * 3; - * }, [1, 2, 3]); - * // => [3, 6, 9] - */ - var rearg = restParam(function(func, indexes) { - return createWrapper(func, REARG_FLAG, undefined, undefined, undefined, baseFlatten(indexes)); - }); +curve.base = require('./base'); +curve.short = require('./short'); +curve.mont = require('./mont'); +curve.edwards = require('./edwards'); - /** - * Creates a function that invokes `func` with the `this` binding of the - * created function and arguments from `start` and beyond provided as an array. - * - * **Note:** This method is based on the [rest parameter](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Functions/rest_parameters). - * - * @static - * @memberOf _ - * @category Function - * @param {Function} func The function to apply a rest parameter to. - * @param {number} [start=func.length-1] The start position of the rest parameter. - * @returns {Function} Returns the new function. - * @example - * - * var say = _.restParam(function(what, names) { - * return what + ' ' + _.initial(names).join(', ') + - * (_.size(names) > 1 ? ', & ' : '') + _.last(names); - * }); - * - * say('hello', 'fred', 'barney', 'pebbles'); - * // => 'hello fred, barney, & pebbles' - */ - function restParam(func, start) { - if (typeof func != 'function') { - throw new TypeError(FUNC_ERROR_TEXT); - } - start = nativeMax(start === undefined ? (func.length - 1) : (+start || 0), 0); - return function() { - var args = arguments, - index = -1, - length = nativeMax(args.length - start, 0), - rest = Array(length); +},{"./base":75,"./edwards":76,"./mont":78,"./short":79}],78:[function(require,module,exports){ +'use strict'; - while (++index < length) { - rest[index] = args[start + index]; - } - switch (start) { - case 0: return func.call(this, rest); - case 1: return func.call(this, args[0], rest); - case 2: return func.call(this, args[0], args[1], rest); - } - var otherArgs = Array(start + 1); - index = -1; - while (++index < start) { - otherArgs[index] = args[index]; - } - otherArgs[start] = rest; - return func.apply(this, otherArgs); - }; - } +var curve = require('../curve'); +var bn = require('bn.js'); +var inherits = require('inherits'); +var Base = curve.base; - /** - * Creates a function that invokes `func` with the `this` binding of the created - * function and an array of arguments much like [`Function#apply`](https://es5.github.io/#x15.3.4.3). - * - * **Note:** This method is based on the [spread operator](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Spread_operator). - * - * @static - * @memberOf _ - * @category Function - * @param {Function} func The function to spread arguments over. - * @returns {Function} Returns the new function. - * @example - * - * var say = _.spread(function(who, what) { - * return who + ' says ' + what; - * }); - * - * say(['fred', 'hello']); - * // => 'fred says hello' - * - * // with a Promise - * var numbers = Promise.all([ - * Promise.resolve(40), - * Promise.resolve(36) - * ]); - * - * numbers.then(_.spread(function(x, y) { - * return x + y; - * })); - * // => a Promise of 76 - */ - function spread(func) { - if (typeof func != 'function') { - throw new TypeError(FUNC_ERROR_TEXT); - } - return function(array) { - return func.apply(this, array); - }; - } +function MontCurve(conf) { + Base.call(this, 'mont', conf); - /** - * Creates a throttled function that only invokes `func` at most once per - * every `wait` milliseconds. The throttled function comes with a `cancel` - * method to cancel delayed invocations. Provide an options object to indicate - * that `func` should be invoked on the leading and/or trailing edge of the - * `wait` timeout. Subsequent calls to the throttled function return the - * result of the last `func` call. - * - * **Note:** If `leading` and `trailing` options are `true`, `func` is invoked - * on the trailing edge of the timeout only if the the throttled function is - * invoked more than once during the `wait` timeout. - * - * See [David Corbacho's article](http://drupalmotion.com/article/debounce-and-throttle-visual-explanation) - * for details over the differences between `_.throttle` and `_.debounce`. - * - * @static - * @memberOf _ - * @category Function - * @param {Function} func The function to throttle. - * @param {number} [wait=0] The number of milliseconds to throttle invocations to. - * @param {Object} [options] The options object. - * @param {boolean} [options.leading=true] Specify invoking on the leading - * edge of the timeout. - * @param {boolean} [options.trailing=true] Specify invoking on the trailing - * edge of the timeout. - * @returns {Function} Returns the new throttled function. - * @example - * - * // avoid excessively updating the position while scrolling - * jQuery(window).on('scroll', _.throttle(updatePosition, 100)); - * - * // invoke `renewToken` when the click event is fired, but not more than once every 5 minutes - * jQuery('.interactive').on('click', _.throttle(renewToken, 300000, { - * 'trailing': false - * })); - * - * // cancel a trailing throttled call - * jQuery(window).on('popstate', throttled.cancel); - */ - function throttle(func, wait, options) { - var leading = true, - trailing = true; + this.a = new bn(conf.a, 16).toRed(this.red); + this.b = new bn(conf.b, 16).toRed(this.red); + this.i4 = new bn(4).toRed(this.red).redInvm(); + this.two = new bn(2).toRed(this.red); + this.a24 = this.i4.redMul(this.a.redAdd(this.two)); +} +inherits(MontCurve, Base); +module.exports = MontCurve; - if (typeof func != 'function') { - throw new TypeError(FUNC_ERROR_TEXT); - } - if (options === false) { - leading = false; - } else if (isObject(options)) { - leading = 'leading' in options ? !!options.leading : leading; - trailing = 'trailing' in options ? !!options.trailing : trailing; - } - return debounce(func, wait, { 'leading': leading, 'maxWait': +wait, 'trailing': trailing }); - } +MontCurve.prototype.validate = function validate(point) { + var x = point.normalize().x; + var x2 = x.redSqr(); + var rhs = x2.redMul(x).redAdd(x2.redMul(this.a)).redAdd(x); + var y = rhs.redSqrt(); - /** - * Creates a function that provides `value` to the wrapper function as its - * first argument. Any additional arguments provided to the function are - * appended to those provided to the wrapper function. The wrapper is invoked - * with the `this` binding of the created function. - * - * @static - * @memberOf _ - * @category Function - * @param {*} value The value to wrap. - * @param {Function} wrapper The wrapper function. - * @returns {Function} Returns the new function. - * @example - * - * var p = _.wrap(_.escape, function(func, text) { - * return '

' + func(text) + '

'; - * }); - * - * p('fred, barney, & pebbles'); - * // => '

fred, barney, & pebbles

' - */ - function wrap(value, wrapper) { - wrapper = wrapper == null ? identity : wrapper; - return createWrapper(wrapper, PARTIAL_FLAG, undefined, [value], []); - } + return y.redSqr().cmp(rhs) === 0; +}; - /*------------------------------------------------------------------------*/ +function Point(curve, x, z) { + Base.BasePoint.call(this, curve, 'projective'); + if (x === null && z === null) { + this.x = this.curve.one; + this.z = this.curve.zero; + } else { + this.x = new bn(x, 16); + this.z = new bn(z, 16); + if (!this.x.red) + this.x = this.x.toRed(this.curve.red); + if (!this.z.red) + this.z = this.z.toRed(this.curve.red); + } +} +inherits(Point, Base.BasePoint); - /** - * Creates a clone of `value`. If `isDeep` is `true` nested objects are cloned, - * otherwise they are assigned by reference. If `customizer` is provided it is - * invoked to produce the cloned values. If `customizer` returns `undefined` - * cloning is handled by the method instead. The `customizer` is bound to - * `thisArg` and invoked with two argument; (value [, index|key, object]). - * - * **Note:** This method is loosely based on the - * [structured clone algorithm](http://www.w3.org/TR/html5/infrastructure.html#internal-structured-cloning-algorithm). - * The enumerable properties of `arguments` objects and objects created by - * constructors other than `Object` are cloned to plain `Object` objects. An - * empty object is returned for uncloneable values such as functions, DOM nodes, - * Maps, Sets, and WeakMaps. - * - * @static - * @memberOf _ - * @category Lang - * @param {*} value The value to clone. - * @param {boolean} [isDeep] Specify a deep clone. - * @param {Function} [customizer] The function to customize cloning values. - * @param {*} [thisArg] The `this` binding of `customizer`. - * @returns {*} Returns the cloned value. - * @example - * - * var users = [ - * { 'user': 'barney' }, - * { 'user': 'fred' } - * ]; - * - * var shallow = _.clone(users); - * shallow[0] === users[0]; - * // => true - * - * var deep = _.clone(users, true); - * deep[0] === users[0]; - * // => false - * - * // using a customizer callback - * var el = _.clone(document.body, function(value) { - * if (_.isElement(value)) { - * return value.cloneNode(false); - * } - * }); - * - * el === document.body - * // => false - * el.nodeName - * // => BODY - * el.childNodes.length; - * // => 0 - */ - function clone(value, isDeep, customizer, thisArg) { - if (isDeep && typeof isDeep != 'boolean' && isIterateeCall(value, isDeep, customizer)) { - isDeep = false; - } - else if (typeof isDeep == 'function') { - thisArg = customizer; - customizer = isDeep; - isDeep = false; - } - return typeof customizer == 'function' - ? baseClone(value, isDeep, bindCallback(customizer, thisArg, 1)) - : baseClone(value, isDeep); - } +MontCurve.prototype.point = function point(x, z) { + return new Point(this, x, z); +}; - /** - * Creates a deep clone of `value`. If `customizer` is provided it is invoked - * to produce the cloned values. If `customizer` returns `undefined` cloning - * is handled by the method instead. The `customizer` is bound to `thisArg` - * and invoked with two argument; (value [, index|key, object]). - * - * **Note:** This method is loosely based on the - * [structured clone algorithm](http://www.w3.org/TR/html5/infrastructure.html#internal-structured-cloning-algorithm). - * The enumerable properties of `arguments` objects and objects created by - * constructors other than `Object` are cloned to plain `Object` objects. An - * empty object is returned for uncloneable values such as functions, DOM nodes, - * Maps, Sets, and WeakMaps. - * - * @static - * @memberOf _ - * @category Lang - * @param {*} value The value to deep clone. - * @param {Function} [customizer] The function to customize cloning values. - * @param {*} [thisArg] The `this` binding of `customizer`. - * @returns {*} Returns the deep cloned value. - * @example - * - * var users = [ - * { 'user': 'barney' }, - * { 'user': 'fred' } - * ]; - * - * var deep = _.cloneDeep(users); - * deep[0] === users[0]; - * // => false - * - * // using a customizer callback - * var el = _.cloneDeep(document.body, function(value) { - * if (_.isElement(value)) { - * return value.cloneNode(true); - * } - * }); - * - * el === document.body - * // => false - * el.nodeName - * // => BODY - * el.childNodes.length; - * // => 20 - */ - function cloneDeep(value, customizer, thisArg) { - return typeof customizer == 'function' - ? baseClone(value, true, bindCallback(customizer, thisArg, 1)) - : baseClone(value, true); - } +MontCurve.prototype.pointFromJSON = function pointFromJSON(obj) { + return Point.fromJSON(this, obj); +}; - /** - * Checks if `value` is greater than `other`. - * - * @static - * @memberOf _ - * @category Lang - * @param {*} value The value to compare. - * @param {*} other The other value to compare. - * @returns {boolean} Returns `true` if `value` is greater than `other`, else `false`. - * @example - * - * _.gt(3, 1); - * // => true - * - * _.gt(3, 3); - * // => false - * - * _.gt(1, 3); - * // => false - */ - function gt(value, other) { - return value > other; - } +Point.prototype.precompute = function precompute() { + // No-op +}; - /** - * Checks if `value` is greater than or equal to `other`. - * - * @static - * @memberOf _ - * @category Lang - * @param {*} value The value to compare. - * @param {*} other The other value to compare. - * @returns {boolean} Returns `true` if `value` is greater than or equal to `other`, else `false`. - * @example - * - * _.gte(3, 1); - * // => true - * - * _.gte(3, 3); - * // => true - * - * _.gte(1, 3); - * // => false - */ - function gte(value, other) { - return value >= other; - } +Point.fromJSON = function fromJSON(curve, obj) { + return new Point(curve, obj[0], obj[1] || curve.one); +}; - /** - * Checks if `value` is classified as an `arguments` object. - * - * @static - * @memberOf _ - * @category Lang - * @param {*} value The value to check. - * @returns {boolean} Returns `true` if `value` is correctly classified, else `false`. - * @example - * - * _.isArguments(function() { return arguments; }()); - * // => true - * - * _.isArguments([1, 2, 3]); - * // => false - */ - function isArguments(value) { - return isObjectLike(value) && isArrayLike(value) && - hasOwnProperty.call(value, 'callee') && !propertyIsEnumerable.call(value, 'callee'); - } +Point.prototype.inspect = function inspect() { + if (this.isInfinity()) + return ''; + return ''; +}; - /** - * Checks if `value` is classified as an `Array` object. - * - * @static - * @memberOf _ - * @category Lang - * @param {*} value The value to check. - * @returns {boolean} Returns `true` if `value` is correctly classified, else `false`. - * @example - * - * _.isArray([1, 2, 3]); - * // => true - * - * _.isArray(function() { return arguments; }()); - * // => false - */ - var isArray = nativeIsArray || function(value) { - return isObjectLike(value) && isLength(value.length) && objToString.call(value) == arrayTag; - }; +Point.prototype.isInfinity = function isInfinity() { + // XXX This code assumes that zero is always zero in red + return this.z.cmpn(0) === 0; +}; - /** - * Checks if `value` is classified as a boolean primitive or object. - * - * @static - * @memberOf _ - * @category Lang - * @param {*} value The value to check. - * @returns {boolean} Returns `true` if `value` is correctly classified, else `false`. - * @example - * - * _.isBoolean(false); - * // => true - * - * _.isBoolean(null); - * // => false - */ - function isBoolean(value) { - return value === true || value === false || (isObjectLike(value) && objToString.call(value) == boolTag); - } +Point.prototype.dbl = function dbl() { + // http://hyperelliptic.org/EFD/g1p/auto-montgom-xz.html#doubling-dbl-1987-m-3 + // 2M + 2S + 4A - /** - * Checks if `value` is classified as a `Date` object. - * - * @static - * @memberOf _ - * @category Lang - * @param {*} value The value to check. - * @returns {boolean} Returns `true` if `value` is correctly classified, else `false`. - * @example - * - * _.isDate(new Date); - * // => true - * - * _.isDate('Mon April 23 2012'); - * // => false - */ - function isDate(value) { - return isObjectLike(value) && objToString.call(value) == dateTag; - } + // A = X1 + Z1 + var a = this.x.redAdd(this.z); + // AA = A^2 + var aa = a.redSqr(); + // B = X1 - Z1 + var b = this.x.redSub(this.z); + // BB = B^2 + var bb = b.redSqr(); + // C = AA - BB + var c = aa.redSub(bb); + // X3 = AA * BB + var nx = aa.redMul(bb); + // Z3 = C * (BB + A24 * C) + var nz = c.redMul(bb.redAdd(this.curve.a24.redMul(c))); + return this.curve.point(nx, nz); +}; - /** - * Checks if `value` is a DOM element. - * - * @static - * @memberOf _ - * @category Lang - * @param {*} value The value to check. - * @returns {boolean} Returns `true` if `value` is a DOM element, else `false`. - * @example - * - * _.isElement(document.body); - * // => true - * - * _.isElement(''); - * // => false - */ - function isElement(value) { - return !!value && value.nodeType === 1 && isObjectLike(value) && !isPlainObject(value); - } +Point.prototype.add = function add() { + throw new Error('Not supported on Montgomery curve'); +}; - /** - * Checks if `value` is empty. A value is considered empty unless it is an - * `arguments` object, array, string, or jQuery-like collection with a length - * greater than `0` or an object with own enumerable properties. - * - * @static - * @memberOf _ - * @category Lang - * @param {Array|Object|string} value The value to inspect. - * @returns {boolean} Returns `true` if `value` is empty, else `false`. - * @example - * - * _.isEmpty(null); - * // => true - * - * _.isEmpty(true); - * // => true - * - * _.isEmpty(1); - * // => true - * - * _.isEmpty([1, 2, 3]); - * // => false - * - * _.isEmpty({ 'a': 1 }); - * // => false - */ - function isEmpty(value) { - if (value == null) { - return true; - } - if (isArrayLike(value) && (isArray(value) || isString(value) || isArguments(value) || - (isObjectLike(value) && isFunction(value.splice)))) { - return !value.length; - } - return !keys(value).length; - } +Point.prototype.diffAdd = function diffAdd(p, diff) { + // http://hyperelliptic.org/EFD/g1p/auto-montgom-xz.html#diffadd-dadd-1987-m-3 + // 4M + 2S + 6A - /** - * Performs a deep comparison between two values to determine if they are - * equivalent. If `customizer` is provided it is invoked to compare values. - * If `customizer` returns `undefined` comparisons are handled by the method - * instead. The `customizer` is bound to `thisArg` and invoked with three - * arguments: (value, other [, index|key]). - * - * **Note:** This method supports comparing arrays, booleans, `Date` objects, - * numbers, `Object` objects, regexes, and strings. Objects are compared by - * their own, not inherited, enumerable properties. Functions and DOM nodes - * are **not** supported. Provide a customizer function to extend support - * for comparing other values. - * - * @static - * @memberOf _ - * @alias eq - * @category Lang - * @param {*} value The value to compare. - * @param {*} other The other value to compare. - * @param {Function} [customizer] The function to customize value comparisons. - * @param {*} [thisArg] The `this` binding of `customizer`. - * @returns {boolean} Returns `true` if the values are equivalent, else `false`. - * @example - * - * var object = { 'user': 'fred' }; - * var other = { 'user': 'fred' }; - * - * object == other; - * // => false - * - * _.isEqual(object, other); - * // => true - * - * // using a customizer callback - * var array = ['hello', 'goodbye']; - * var other = ['hi', 'goodbye']; - * - * _.isEqual(array, other, function(value, other) { - * if (_.every([value, other], RegExp.prototype.test, /^h(?:i|ello)$/)) { - * return true; - * } - * }); - * // => true - */ - function isEqual(value, other, customizer, thisArg) { - customizer = typeof customizer == 'function' ? bindCallback(customizer, thisArg, 3) : undefined; - var result = customizer ? customizer(value, other) : undefined; - return result === undefined ? baseIsEqual(value, other, customizer) : !!result; - } + // A = X2 + Z2 + var a = this.x.redAdd(this.z); + // B = X2 - Z2 + var b = this.x.redSub(this.z); + // C = X3 + Z3 + var c = p.x.redAdd(p.z); + // D = X3 - Z3 + var d = p.x.redSub(p.z); + // DA = D * A + var da = d.redMul(a); + // CB = C * B + var cb = c.redMul(b); + // X5 = Z1 * (DA + CB)^2 + var nx = diff.z.redMul(da.redAdd(cb).redSqr()); + // Z5 = X1 * (DA - CB)^2 + var nz = diff.x.redMul(da.redISub(cb).redSqr()); + return this.curve.point(nx, nz); +}; - /** - * Checks if `value` is an `Error`, `EvalError`, `RangeError`, `ReferenceError`, - * `SyntaxError`, `TypeError`, or `URIError` object. - * - * @static - * @memberOf _ - * @category Lang - * @param {*} value The value to check. - * @returns {boolean} Returns `true` if `value` is an error object, else `false`. - * @example - * - * _.isError(new Error); - * // => true - * - * _.isError(Error); - * // => false - */ - function isError(value) { - return isObjectLike(value) && typeof value.message == 'string' && objToString.call(value) == errorTag; - } +Point.prototype.mul = function mul(k) { + var t = k.clone(); + var a = this; // (N / 2) * Q + Q + var b = this.curve.point(null, null); // (N / 2) * Q + var c = this; // Q - /** - * Checks if `value` is a finite primitive number. - * - * **Note:** This method is based on [`Number.isFinite`](http://ecma-international.org/ecma-262/6.0/#sec-number.isfinite). - * - * @static - * @memberOf _ - * @category Lang - * @param {*} value The value to check. - * @returns {boolean} Returns `true` if `value` is a finite number, else `false`. - * @example - * - * _.isFinite(10); - * // => true - * - * _.isFinite('10'); - * // => false - * - * _.isFinite(true); - * // => false - * - * _.isFinite(Object(10)); - * // => false - * - * _.isFinite(Infinity); - * // => false - */ - function isFinite(value) { - return typeof value == 'number' && nativeIsFinite(value); - } + for (var bits = []; t.cmpn(0) !== 0; t.ishrn(1)) + bits.push(t.andln(1)); - /** - * Checks if `value` is classified as a `Function` object. - * - * @static - * @memberOf _ - * @category Lang - * @param {*} value The value to check. - * @returns {boolean} Returns `true` if `value` is correctly classified, else `false`. - * @example - * - * _.isFunction(_); - * // => true - * - * _.isFunction(/abc/); - * // => false - */ - function isFunction(value) { - // The use of `Object#toString` avoids issues with the `typeof` operator - // in older versions of Chrome and Safari which return 'function' for regexes - // and Safari 8 equivalents which return 'object' for typed array constructors. - return isObject(value) && objToString.call(value) == funcTag; + for (var i = bits.length - 1; i >= 0; i--) { + if (bits[i] === 0) { + // N * Q + Q = ((N / 2) * Q + Q)) + (N / 2) * Q + a = a.diffAdd(b, c); + // N * Q = 2 * ((N / 2) * Q + Q)) + b = b.dbl(); + } else { + // N * Q = ((N / 2) * Q + Q) + ((N / 2) * Q) + b = a.diffAdd(b, c); + // N * Q + Q = 2 * ((N / 2) * Q + Q) + a = a.dbl(); } + } + return b; +}; - /** - * Checks if `value` is the [language type](https://es5.github.io/#x8) of `Object`. - * (e.g. arrays, functions, objects, regexes, `new Number(0)`, and `new String('')`) - * - * @static - * @memberOf _ - * @category Lang - * @param {*} value The value to check. - * @returns {boolean} Returns `true` if `value` is an object, else `false`. - * @example - * - * _.isObject({}); - * // => true - * - * _.isObject([1, 2, 3]); - * // => true - * - * _.isObject(1); - * // => false - */ - function isObject(value) { - // Avoid a V8 JIT bug in Chrome 19-20. - // See https://code.google.com/p/v8/issues/detail?id=2291 for more details. - var type = typeof value; - return !!value && (type == 'object' || type == 'function'); - } +Point.prototype.mulAdd = function mulAdd() { + throw new Error('Not supported on Montgomery curve'); +}; - /** - * Performs a deep comparison between `object` and `source` to determine if - * `object` contains equivalent property values. If `customizer` is provided - * it is invoked to compare values. If `customizer` returns `undefined` - * comparisons are handled by the method instead. The `customizer` is bound - * to `thisArg` and invoked with three arguments: (value, other, index|key). - * - * **Note:** This method supports comparing properties of arrays, booleans, - * `Date` objects, numbers, `Object` objects, regexes, and strings. Functions - * and DOM nodes are **not** supported. Provide a customizer function to extend - * support for comparing other values. - * - * @static - * @memberOf _ - * @category Lang - * @param {Object} object The object to inspect. - * @param {Object} source The object of property values to match. - * @param {Function} [customizer] The function to customize value comparisons. - * @param {*} [thisArg] The `this` binding of `customizer`. - * @returns {boolean} Returns `true` if `object` is a match, else `false`. - * @example - * - * var object = { 'user': 'fred', 'age': 40 }; - * - * _.isMatch(object, { 'age': 40 }); - * // => true - * - * _.isMatch(object, { 'age': 36 }); - * // => false - * - * // using a customizer callback - * var object = { 'greeting': 'hello' }; - * var source = { 'greeting': 'hi' }; - * - * _.isMatch(object, source, function(value, other) { - * return _.every([value, other], RegExp.prototype.test, /^h(?:i|ello)$/) || undefined; - * }); - * // => true - */ - function isMatch(object, source, customizer, thisArg) { - customizer = typeof customizer == 'function' ? bindCallback(customizer, thisArg, 3) : undefined; - return baseIsMatch(object, getMatchData(source), customizer); - } +Point.prototype.normalize = function normalize() { + this.x = this.x.redMul(this.z.redInvm()); + this.z = this.curve.one; + return this; +}; - /** - * Checks if `value` is `NaN`. - * - * **Note:** This method is not the same as [`isNaN`](https://es5.github.io/#x15.1.2.4) - * which returns `true` for `undefined` and other non-numeric values. - * - * @static - * @memberOf _ - * @category Lang - * @param {*} value The value to check. - * @returns {boolean} Returns `true` if `value` is `NaN`, else `false`. - * @example - * - * _.isNaN(NaN); - * // => true - * - * _.isNaN(new Number(NaN)); - * // => true - * - * isNaN(undefined); - * // => true - * - * _.isNaN(undefined); - * // => false - */ - function isNaN(value) { - // An `NaN` primitive is the only value that is not equal to itself. - // Perform the `toStringTag` check first to avoid errors with some host objects in IE. - return isNumber(value) && value != +value; - } +Point.prototype.getX = function getX() { + // Normalize coordinates + this.normalize(); - /** - * Checks if `value` is a native function. - * - * @static - * @memberOf _ - * @category Lang - * @param {*} value The value to check. - * @returns {boolean} Returns `true` if `value` is a native function, else `false`. - * @example - * - * _.isNative(Array.prototype.push); - * // => true - * - * _.isNative(_); - * // => false - */ - function isNative(value) { - if (value == null) { - return false; - } - if (isFunction(value)) { - return reIsNative.test(fnToString.call(value)); - } - return isObjectLike(value) && reIsHostCtor.test(value); - } + return this.x.fromRed(); +}; - /** - * Checks if `value` is `null`. - * - * @static - * @memberOf _ - * @category Lang - * @param {*} value The value to check. - * @returns {boolean} Returns `true` if `value` is `null`, else `false`. - * @example - * - * _.isNull(null); - * // => true - * - * _.isNull(void 0); - * // => false - */ - function isNull(value) { - return value === null; - } +},{"../curve":77,"bn.js":71,"inherits":95}],79:[function(require,module,exports){ +'use strict'; - /** - * Checks if `value` is classified as a `Number` primitive or object. - * - * **Note:** To exclude `Infinity`, `-Infinity`, and `NaN`, which are classified - * as numbers, use the `_.isFinite` method. - * - * @static - * @memberOf _ - * @category Lang - * @param {*} value The value to check. - * @returns {boolean} Returns `true` if `value` is correctly classified, else `false`. - * @example - * - * _.isNumber(8.4); - * // => true - * - * _.isNumber(NaN); - * // => true - * - * _.isNumber('8.4'); - * // => false - */ - function isNumber(value) { - return typeof value == 'number' || (isObjectLike(value) && objToString.call(value) == numberTag); - } +var curve = require('../curve'); +var elliptic = require('../../elliptic'); +var bn = require('bn.js'); +var inherits = require('inherits'); +var Base = curve.base; - /** - * Checks if `value` is a plain object, that is, an object created by the - * `Object` constructor or one with a `[[Prototype]]` of `null`. - * - * **Note:** This method assumes objects created by the `Object` constructor - * have no inherited enumerable properties. - * - * @static - * @memberOf _ - * @category Lang - * @param {*} value The value to check. - * @returns {boolean} Returns `true` if `value` is a plain object, else `false`. - * @example - * - * function Foo() { - * this.a = 1; - * } - * - * _.isPlainObject(new Foo); - * // => false - * - * _.isPlainObject([1, 2, 3]); - * // => false - * - * _.isPlainObject({ 'x': 0, 'y': 0 }); - * // => true - * - * _.isPlainObject(Object.create(null)); - * // => true - */ - function isPlainObject(value) { - var Ctor; +var assert = elliptic.utils.assert; - // Exit early for non `Object` objects. - if (!(isObjectLike(value) && objToString.call(value) == objectTag && !isArguments(value)) || - (!hasOwnProperty.call(value, 'constructor') && (Ctor = value.constructor, typeof Ctor == 'function' && !(Ctor instanceof Ctor)))) { - return false; - } - // IE < 9 iterates inherited properties before own properties. If the first - // iterated property is an object's own property then there are no inherited - // enumerable properties. - var result; - // In most environments an object's own properties are iterated before - // its inherited properties. If the last iterated property is an object's - // own property then there are no inherited enumerable properties. - baseForIn(value, function(subValue, key) { - result = key; - }); - return result === undefined || hasOwnProperty.call(value, result); - } +function ShortCurve(conf) { + Base.call(this, 'short', conf); - /** - * Checks if `value` is classified as a `RegExp` object. - * - * @static - * @memberOf _ - * @category Lang - * @param {*} value The value to check. - * @returns {boolean} Returns `true` if `value` is correctly classified, else `false`. - * @example - * - * _.isRegExp(/abc/); - * // => true - * - * _.isRegExp('/abc/'); - * // => false - */ - function isRegExp(value) { - return isObject(value) && objToString.call(value) == regexpTag; - } + this.a = new bn(conf.a, 16).toRed(this.red); + this.b = new bn(conf.b, 16).toRed(this.red); + this.tinv = this.two.redInvm(); - /** - * Checks if `value` is classified as a `String` primitive or object. - * - * @static - * @memberOf _ - * @category Lang - * @param {*} value The value to check. - * @returns {boolean} Returns `true` if `value` is correctly classified, else `false`. - * @example - * - * _.isString('abc'); - * // => true - * - * _.isString(1); - * // => false - */ - function isString(value) { - return typeof value == 'string' || (isObjectLike(value) && objToString.call(value) == stringTag); - } + this.zeroA = this.a.fromRed().cmpn(0) === 0; + this.threeA = this.a.fromRed().sub(this.p).cmpn(-3) === 0; - /** - * Checks if `value` is classified as a typed array. - * - * @static - * @memberOf _ - * @category Lang - * @param {*} value The value to check. - * @returns {boolean} Returns `true` if `value` is correctly classified, else `false`. - * @example - * - * _.isTypedArray(new Uint8Array); - * // => true - * - * _.isTypedArray([]); - * // => false - */ - function isTypedArray(value) { - return isObjectLike(value) && isLength(value.length) && !!typedArrayTags[objToString.call(value)]; - } + // If the curve is endomorphic, precalculate beta and lambda + this.endo = this._getEndomorphism(conf); + this._endoWnafT1 = new Array(4); + this._endoWnafT2 = new Array(4); +} +inherits(ShortCurve, Base); +module.exports = ShortCurve; - /** - * Checks if `value` is `undefined`. - * - * @static - * @memberOf _ - * @category Lang - * @param {*} value The value to check. - * @returns {boolean} Returns `true` if `value` is `undefined`, else `false`. - * @example - * - * _.isUndefined(void 0); - * // => true - * - * _.isUndefined(null); - * // => false - */ - function isUndefined(value) { - return value === undefined; - } +ShortCurve.prototype._getEndomorphism = function _getEndomorphism(conf) { + // No efficient endomorphism + if (!this.zeroA || !this.g || !this.n || this.p.modn(3) !== 1) + return; - /** - * Checks if `value` is less than `other`. - * - * @static - * @memberOf _ - * @category Lang - * @param {*} value The value to compare. - * @param {*} other The other value to compare. - * @returns {boolean} Returns `true` if `value` is less than `other`, else `false`. - * @example - * - * _.lt(1, 3); - * // => true - * - * _.lt(3, 3); - * // => false - * - * _.lt(3, 1); - * // => false - */ - function lt(value, other) { - return value < other; + // Compute beta and lambda, that lambda * P = (beta * Px; Py) + var beta; + var lambda; + if (conf.beta) { + beta = new bn(conf.beta, 16).toRed(this.red); + } else { + var betas = this._getEndoRoots(this.p); + // Choose the smallest beta + beta = betas[0].cmp(betas[1]) < 0 ? betas[0] : betas[1]; + beta = beta.toRed(this.red); + } + if (conf.lambda) { + lambda = new bn(conf.lambda, 16); + } else { + // Choose the lambda that is matching selected beta + var lambdas = this._getEndoRoots(this.n); + if (this.g.mul(lambdas[0]).x.cmp(this.g.x.redMul(beta)) === 0) { + lambda = lambdas[0]; + } else { + lambda = lambdas[1]; + assert(this.g.mul(lambda).x.cmp(this.g.x.redMul(beta)) === 0); } + } - /** - * Checks if `value` is less than or equal to `other`. - * - * @static - * @memberOf _ - * @category Lang - * @param {*} value The value to compare. - * @param {*} other The other value to compare. - * @returns {boolean} Returns `true` if `value` is less than or equal to `other`, else `false`. - * @example - * - * _.lte(1, 3); - * // => true - * - * _.lte(3, 3); - * // => true - * - * _.lte(3, 1); - * // => false - */ - function lte(value, other) { - return value <= other; - } + // Get basis vectors, used for balanced length-two representation + var basis; + if (conf.basis) { + basis = conf.basis.map(function(vec) { + return { + a: new bn(vec.a, 16), + b: new bn(vec.b, 16) + }; + }); + } else { + basis = this._getEndoBasis(lambda); + } - /** - * Converts `value` to an array. - * - * @static - * @memberOf _ - * @category Lang - * @param {*} value The value to convert. - * @returns {Array} Returns the converted array. - * @example - * - * (function() { - * return _.toArray(arguments).slice(1); - * }(1, 2, 3)); - * // => [2, 3] - */ - function toArray(value) { - var length = value ? getLength(value) : 0; - if (!isLength(length)) { - return values(value); - } - if (!length) { - return []; - } - return arrayCopy(value); - } + return { + beta: beta, + lambda: lambda, + basis: basis + }; +}; - /** - * Converts `value` to a plain object flattening inherited enumerable - * properties of `value` to own properties of the plain object. - * - * @static - * @memberOf _ - * @category Lang - * @param {*} value The value to convert. - * @returns {Object} Returns the converted plain object. - * @example - * - * function Foo() { - * this.b = 2; - * } - * - * Foo.prototype.c = 3; - * - * _.assign({ 'a': 1 }, new Foo); - * // => { 'a': 1, 'b': 2 } - * - * _.assign({ 'a': 1 }, _.toPlainObject(new Foo)); - * // => { 'a': 1, 'b': 2, 'c': 3 } - */ - function toPlainObject(value) { - return baseCopy(value, keysIn(value)); - } +ShortCurve.prototype._getEndoRoots = function _getEndoRoots(num) { + // Find roots of for x^2 + x + 1 in F + // Root = (-1 +- Sqrt(-3)) / 2 + // + var red = num === this.p ? this.red : bn.mont(num); + var tinv = new bn(2).toRed(red).redInvm(); + var ntinv = tinv.redNeg(); - /*------------------------------------------------------------------------*/ + var s = new bn(3).toRed(red).redNeg().redSqrt().redMul(tinv); - /** - * Recursively merges own enumerable properties of the source object(s), that - * don't resolve to `undefined` into the destination object. Subsequent sources - * overwrite property assignments of previous sources. If `customizer` is - * provided it is invoked to produce the merged values of the destination and - * source properties. If `customizer` returns `undefined` merging is handled - * by the method instead. The `customizer` is bound to `thisArg` and invoked - * with five arguments: (objectValue, sourceValue, key, object, source). - * - * @static - * @memberOf _ - * @category Object - * @param {Object} object The destination object. - * @param {...Object} [sources] The source objects. - * @param {Function} [customizer] The function to customize assigned values. - * @param {*} [thisArg] The `this` binding of `customizer`. - * @returns {Object} Returns `object`. - * @example - * - * var users = { - * 'data': [{ 'user': 'barney' }, { 'user': 'fred' }] - * }; - * - * var ages = { - * 'data': [{ 'age': 36 }, { 'age': 40 }] - * }; - * - * _.merge(users, ages); - * // => { 'data': [{ 'user': 'barney', 'age': 36 }, { 'user': 'fred', 'age': 40 }] } - * - * // using a customizer callback - * var object = { - * 'fruits': ['apple'], - * 'vegetables': ['beet'] - * }; - * - * var other = { - * 'fruits': ['banana'], - * 'vegetables': ['carrot'] - * }; - * - * _.merge(object, other, function(a, b) { - * if (_.isArray(a)) { - * return a.concat(b); - * } - * }); - * // => { 'fruits': ['apple', 'banana'], 'vegetables': ['beet', 'carrot'] } - */ - var merge = createAssigner(baseMerge); + var l1 = ntinv.redAdd(s).fromRed(); + var l2 = ntinv.redSub(s).fromRed(); + return [ l1, l2 ]; +}; - /** - * Assigns own enumerable properties of source object(s) to the destination - * object. Subsequent sources overwrite property assignments of previous sources. - * If `customizer` is provided it is invoked to produce the assigned values. - * The `customizer` is bound to `thisArg` and invoked with five arguments: - * (objectValue, sourceValue, key, object, source). - * - * **Note:** This method mutates `object` and is based on - * [`Object.assign`](http://ecma-international.org/ecma-262/6.0/#sec-object.assign). - * - * @static - * @memberOf _ - * @alias extend - * @category Object - * @param {Object} object The destination object. - * @param {...Object} [sources] The source objects. - * @param {Function} [customizer] The function to customize assigned values. - * @param {*} [thisArg] The `this` binding of `customizer`. - * @returns {Object} Returns `object`. - * @example - * - * _.assign({ 'user': 'barney' }, { 'age': 40 }, { 'user': 'fred' }); - * // => { 'user': 'fred', 'age': 40 } - * - * // using a customizer callback - * var defaults = _.partialRight(_.assign, function(value, other) { - * return _.isUndefined(value) ? other : value; - * }); - * - * defaults({ 'user': 'barney' }, { 'age': 36 }, { 'user': 'fred' }); - * // => { 'user': 'barney', 'age': 36 } - */ - var assign = createAssigner(function(object, source, customizer) { - return customizer - ? assignWith(object, source, customizer) - : baseAssign(object, source); - }); +ShortCurve.prototype._getEndoBasis = function _getEndoBasis(lambda) { + // aprxSqrt >= sqrt(this.n) + var aprxSqrt = this.n.shrn(Math.floor(this.n.bitLength() / 2)); - /** - * Creates an object that inherits from the given `prototype` object. If a - * `properties` object is provided its own enumerable properties are assigned - * to the created object. - * - * @static - * @memberOf _ - * @category Object - * @param {Object} prototype The object to inherit from. - * @param {Object} [properties] The properties to assign to the object. - * @param- {Object} [guard] Enables use as a callback for functions like `_.map`. - * @returns {Object} Returns the new object. - * @example - * - * function Shape() { - * this.x = 0; - * this.y = 0; - * } - * - * function Circle() { - * Shape.call(this); - * } - * - * Circle.prototype = _.create(Shape.prototype, { - * 'constructor': Circle - * }); - * - * var circle = new Circle; - * circle instanceof Circle; - * // => true - * - * circle instanceof Shape; - * // => true - */ - function create(prototype, properties, guard) { - var result = baseCreate(prototype); - if (guard && isIterateeCall(prototype, properties, guard)) { - properties = undefined; - } - return properties ? baseAssign(result, properties) : result; - } + // 3.74 + // Run EGCD, until r(L + 1) < aprxSqrt + var u = lambda; + var v = this.n.clone(); + var x1 = new bn(1); + var y1 = new bn(0); + var x2 = new bn(0); + var y2 = new bn(1); - /** - * Assigns own enumerable properties of source object(s) to the destination - * object for all destination properties that resolve to `undefined`. Once a - * property is set, additional values of the same property are ignored. - * - * **Note:** This method mutates `object`. - * - * @static - * @memberOf _ - * @category Object - * @param {Object} object The destination object. - * @param {...Object} [sources] The source objects. - * @returns {Object} Returns `object`. - * @example - * - * _.defaults({ 'user': 'barney' }, { 'age': 36 }, { 'user': 'fred' }); - * // => { 'user': 'barney', 'age': 36 } - */ - var defaults = createDefaults(assign, assignDefaults); + // NOTE: all vectors are roots of: a + b * lambda = 0 (mod n) + var a0; + var b0; + // First vector + var a1; + var b1; + // Second vector + var a2; + var b2; - /** - * This method is like `_.defaults` except that it recursively assigns - * default properties. - * - * **Note:** This method mutates `object`. - * - * @static - * @memberOf _ - * @category Object - * @param {Object} object The destination object. - * @param {...Object} [sources] The source objects. - * @returns {Object} Returns `object`. - * @example - * - * _.defaultsDeep({ 'user': { 'name': 'barney' } }, { 'user': { 'name': 'fred', 'age': 36 } }); - * // => { 'user': { 'name': 'barney', 'age': 36 } } - * - */ - var defaultsDeep = createDefaults(merge, mergeDefaults); + var prevR; + var i = 0; + var r; + var x; + while (u.cmpn(0) !== 0) { + var q = v.div(u); + r = v.sub(q.mul(u)); + x = x2.sub(q.mul(x1)); + var y = y2.sub(q.mul(y1)); - /** - * This method is like `_.find` except that it returns the key of the first - * element `predicate` returns truthy for instead of the element itself. - * - * If a property name is provided for `predicate` the created `_.property` - * style callback returns the property value of the given element. - * - * If a value is also provided for `thisArg` the created `_.matchesProperty` - * style callback returns `true` for elements that have a matching property - * value, else `false`. - * - * If an object is provided for `predicate` the created `_.matches` style - * callback returns `true` for elements that have the properties of the given - * object, else `false`. - * - * @static - * @memberOf _ - * @category Object - * @param {Object} object The object to search. - * @param {Function|Object|string} [predicate=_.identity] The function invoked - * per iteration. - * @param {*} [thisArg] The `this` binding of `predicate`. - * @returns {string|undefined} Returns the key of the matched element, else `undefined`. - * @example - * - * var users = { - * 'barney': { 'age': 36, 'active': true }, - * 'fred': { 'age': 40, 'active': false }, - * 'pebbles': { 'age': 1, 'active': true } - * }; - * - * _.findKey(users, function(chr) { - * return chr.age < 40; - * }); - * // => 'barney' (iteration order is not guaranteed) - * - * // using the `_.matches` callback shorthand - * _.findKey(users, { 'age': 1, 'active': true }); - * // => 'pebbles' - * - * // using the `_.matchesProperty` callback shorthand - * _.findKey(users, 'active', false); - * // => 'fred' - * - * // using the `_.property` callback shorthand - * _.findKey(users, 'active'); - * // => 'barney' - */ - var findKey = createFindKey(baseForOwn); + if (!a1 && r.cmp(aprxSqrt) < 0) { + a0 = prevR.neg(); + b0 = x1; + a1 = r.neg(); + b1 = x; + } else if (a1 && ++i === 2) { + break; + } + prevR = r; - /** - * This method is like `_.findKey` except that it iterates over elements of - * a collection in the opposite order. - * - * If a property name is provided for `predicate` the created `_.property` - * style callback returns the property value of the given element. - * - * If a value is also provided for `thisArg` the created `_.matchesProperty` - * style callback returns `true` for elements that have a matching property - * value, else `false`. - * - * If an object is provided for `predicate` the created `_.matches` style - * callback returns `true` for elements that have the properties of the given - * object, else `false`. - * - * @static - * @memberOf _ - * @category Object - * @param {Object} object The object to search. - * @param {Function|Object|string} [predicate=_.identity] The function invoked - * per iteration. - * @param {*} [thisArg] The `this` binding of `predicate`. - * @returns {string|undefined} Returns the key of the matched element, else `undefined`. - * @example - * - * var users = { - * 'barney': { 'age': 36, 'active': true }, - * 'fred': { 'age': 40, 'active': false }, - * 'pebbles': { 'age': 1, 'active': true } - * }; - * - * _.findLastKey(users, function(chr) { - * return chr.age < 40; - * }); - * // => returns `pebbles` assuming `_.findKey` returns `barney` - * - * // using the `_.matches` callback shorthand - * _.findLastKey(users, { 'age': 36, 'active': true }); - * // => 'barney' - * - * // using the `_.matchesProperty` callback shorthand - * _.findLastKey(users, 'active', false); - * // => 'fred' - * - * // using the `_.property` callback shorthand - * _.findLastKey(users, 'active'); - * // => 'pebbles' - */ - var findLastKey = createFindKey(baseForOwnRight); + v = u; + u = r; + x2 = x1; + x1 = x; + y2 = y1; + y1 = y; + } + a2 = r.neg(); + b2 = x; - /** - * Iterates over own and inherited enumerable properties of an object invoking - * `iteratee` for each property. The `iteratee` is bound to `thisArg` and invoked - * with three arguments: (value, key, object). Iteratee functions may exit - * iteration early by explicitly returning `false`. - * - * @static - * @memberOf _ - * @category Object - * @param {Object} object The object to iterate over. - * @param {Function} [iteratee=_.identity] The function invoked per iteration. - * @param {*} [thisArg] The `this` binding of `iteratee`. - * @returns {Object} Returns `object`. - * @example - * - * function Foo() { - * this.a = 1; - * this.b = 2; - * } - * - * Foo.prototype.c = 3; - * - * _.forIn(new Foo, function(value, key) { - * console.log(key); - * }); - * // => logs 'a', 'b', and 'c' (iteration order is not guaranteed) - */ - var forIn = createForIn(baseFor); + var len1 = a1.sqr().add(b1.sqr()); + var len2 = a2.sqr().add(b2.sqr()); + if (len2.cmp(len1) >= 0) { + a2 = a0; + b2 = b0; + } - /** - * This method is like `_.forIn` except that it iterates over properties of - * `object` in the opposite order. - * - * @static - * @memberOf _ - * @category Object - * @param {Object} object The object to iterate over. - * @param {Function} [iteratee=_.identity] The function invoked per iteration. - * @param {*} [thisArg] The `this` binding of `iteratee`. - * @returns {Object} Returns `object`. - * @example - * - * function Foo() { - * this.a = 1; - * this.b = 2; - * } - * - * Foo.prototype.c = 3; - * - * _.forInRight(new Foo, function(value, key) { - * console.log(key); - * }); - * // => logs 'c', 'b', and 'a' assuming `_.forIn ` logs 'a', 'b', and 'c' - */ - var forInRight = createForIn(baseForRight); + // Normalize signs + if (a1.sign) { + a1 = a1.neg(); + b1 = b1.neg(); + } + if (a2.sign) { + a2 = a2.neg(); + b2 = b2.neg(); + } - /** - * Iterates over own enumerable properties of an object invoking `iteratee` - * for each property. The `iteratee` is bound to `thisArg` and invoked with - * three arguments: (value, key, object). Iteratee functions may exit iteration - * early by explicitly returning `false`. - * - * @static - * @memberOf _ - * @category Object - * @param {Object} object The object to iterate over. - * @param {Function} [iteratee=_.identity] The function invoked per iteration. - * @param {*} [thisArg] The `this` binding of `iteratee`. - * @returns {Object} Returns `object`. - * @example - * - * function Foo() { - * this.a = 1; - * this.b = 2; - * } - * - * Foo.prototype.c = 3; - * - * _.forOwn(new Foo, function(value, key) { - * console.log(key); - * }); - * // => logs 'a' and 'b' (iteration order is not guaranteed) - */ - var forOwn = createForOwn(baseForOwn); + return [ + { a: a1, b: b1 }, + { a: a2, b: b2 } + ]; +}; - /** - * This method is like `_.forOwn` except that it iterates over properties of - * `object` in the opposite order. - * - * @static - * @memberOf _ - * @category Object - * @param {Object} object The object to iterate over. - * @param {Function} [iteratee=_.identity] The function invoked per iteration. - * @param {*} [thisArg] The `this` binding of `iteratee`. - * @returns {Object} Returns `object`. - * @example - * - * function Foo() { - * this.a = 1; - * this.b = 2; - * } - * - * Foo.prototype.c = 3; - * - * _.forOwnRight(new Foo, function(value, key) { - * console.log(key); - * }); - * // => logs 'b' and 'a' assuming `_.forOwn` logs 'a' and 'b' - */ - var forOwnRight = createForOwn(baseForOwnRight); +ShortCurve.prototype._endoSplit = function _endoSplit(k) { + var basis = this.endo.basis; + var v1 = basis[0]; + var v2 = basis[1]; - /** - * Creates an array of function property names from all enumerable properties, - * own and inherited, of `object`. - * - * @static - * @memberOf _ - * @alias methods - * @category Object - * @param {Object} object The object to inspect. - * @returns {Array} Returns the new array of property names. - * @example - * - * _.functions(_); - * // => ['after', 'ary', 'assign', ...] - */ - function functions(object) { - return baseFunctions(object, keysIn(object)); - } + var c1 = v2.b.mul(k).divRound(this.n); + var c2 = v1.b.neg().mul(k).divRound(this.n); - /** - * Gets the property value at `path` of `object`. If the resolved value is - * `undefined` the `defaultValue` is used in its place. - * - * @static - * @memberOf _ - * @category Object - * @param {Object} object The object to query. - * @param {Array|string} path The path of the property to get. - * @param {*} [defaultValue] The value returned if the resolved value is `undefined`. - * @returns {*} Returns the resolved value. - * @example - * - * var object = { 'a': [{ 'b': { 'c': 3 } }] }; - * - * _.get(object, 'a[0].b.c'); - * // => 3 - * - * _.get(object, ['a', '0', 'b', 'c']); - * // => 3 - * - * _.get(object, 'a.b.c', 'default'); - * // => 'default' - */ - function get(object, path, defaultValue) { - var result = object == null ? undefined : baseGet(object, toPath(path), path + ''); - return result === undefined ? defaultValue : result; - } + var p1 = c1.mul(v1.a); + var p2 = c2.mul(v2.a); + var q1 = c1.mul(v1.b); + var q2 = c2.mul(v2.b); - /** - * Checks if `path` is a direct property. - * - * @static - * @memberOf _ - * @category Object - * @param {Object} object The object to query. - * @param {Array|string} path The path to check. - * @returns {boolean} Returns `true` if `path` is a direct property, else `false`. - * @example - * - * var object = { 'a': { 'b': { 'c': 3 } } }; - * - * _.has(object, 'a'); - * // => true - * - * _.has(object, 'a.b.c'); - * // => true - * - * _.has(object, ['a', 'b', 'c']); - * // => true - */ - function has(object, path) { - if (object == null) { - return false; - } - var result = hasOwnProperty.call(object, path); - if (!result && !isKey(path)) { - path = toPath(path); - object = path.length == 1 ? object : baseGet(object, baseSlice(path, 0, -1)); - if (object == null) { - return false; - } - path = last(path); - result = hasOwnProperty.call(object, path); - } - return result || (isLength(object.length) && isIndex(path, object.length) && - (isArray(object) || isArguments(object))); - } + // Calculate answer + var k1 = k.sub(p1).sub(p2); + var k2 = q1.add(q2).neg(); + return { k1: k1, k2: k2 }; +}; - /** - * Creates an object composed of the inverted keys and values of `object`. - * If `object` contains duplicate values, subsequent values overwrite property - * assignments of previous values unless `multiValue` is `true`. - * - * @static - * @memberOf _ - * @category Object - * @param {Object} object The object to invert. - * @param {boolean} [multiValue] Allow multiple values per key. - * @param- {Object} [guard] Enables use as a callback for functions like `_.map`. - * @returns {Object} Returns the new inverted object. - * @example - * - * var object = { 'a': 1, 'b': 2, 'c': 1 }; - * - * _.invert(object); - * // => { '1': 'c', '2': 'b' } - * - * // with `multiValue` - * _.invert(object, true); - * // => { '1': ['a', 'c'], '2': ['b'] } - */ - function invert(object, multiValue, guard) { - if (guard && isIterateeCall(object, multiValue, guard)) { - multiValue = undefined; - } - var index = -1, - props = keys(object), - length = props.length, - result = {}; +ShortCurve.prototype.pointFromX = function pointFromX(odd, x) { + x = new bn(x, 16); + if (!x.red) + x = x.toRed(this.red); - while (++index < length) { - var key = props[index], - value = object[key]; + var y2 = x.redSqr().redMul(x).redIAdd(x.redMul(this.a)).redIAdd(this.b); + var y = y2.redSqrt(); - if (multiValue) { - if (hasOwnProperty.call(result, value)) { - result[value].push(key); - } else { - result[value] = [key]; - } - } - else { - result[value] = key; - } - } - return result; - } + // XXX Is there any way to tell if the number is odd without converting it + // to non-red form? + var isOdd = y.fromRed().isOdd(); + if (odd && !isOdd || !odd && isOdd) + y = y.redNeg(); - /** - * Creates an array of the own enumerable property names of `object`. - * - * **Note:** Non-object values are coerced to objects. See the - * [ES spec](http://ecma-international.org/ecma-262/6.0/#sec-object.keys) - * for more details. - * - * @static - * @memberOf _ - * @category Object - * @param {Object} object The object to query. - * @returns {Array} Returns the array of property names. - * @example - * - * function Foo() { - * this.a = 1; - * this.b = 2; - * } - * - * Foo.prototype.c = 3; - * - * _.keys(new Foo); - * // => ['a', 'b'] (iteration order is not guaranteed) - * - * _.keys('hi'); - * // => ['0', '1'] - */ - var keys = !nativeKeys ? shimKeys : function(object) { - var Ctor = object == null ? undefined : object.constructor; - if ((typeof Ctor == 'function' && Ctor.prototype === object) || - (typeof object != 'function' && isArrayLike(object))) { - return shimKeys(object); - } - return isObject(object) ? nativeKeys(object) : []; - }; + return this.point(x, y); +}; - /** - * Creates an array of the own and inherited enumerable property names of `object`. - * - * **Note:** Non-object values are coerced to objects. - * - * @static - * @memberOf _ - * @category Object - * @param {Object} object The object to query. - * @returns {Array} Returns the array of property names. - * @example - * - * function Foo() { - * this.a = 1; - * this.b = 2; - * } - * - * Foo.prototype.c = 3; - * - * _.keysIn(new Foo); - * // => ['a', 'b', 'c'] (iteration order is not guaranteed) - */ - function keysIn(object) { - if (object == null) { - return []; - } - if (!isObject(object)) { - object = Object(object); - } - var length = object.length; - length = (length && isLength(length) && - (isArray(object) || isArguments(object)) && length) || 0; +ShortCurve.prototype.validate = function validate(point) { + if (point.inf) + return true; - var Ctor = object.constructor, - index = -1, - isProto = typeof Ctor == 'function' && Ctor.prototype === object, - result = Array(length), - skipIndexes = length > 0; + var x = point.x; + var y = point.y; - while (++index < length) { - result[index] = (index + ''); - } - for (var key in object) { - if (!(skipIndexes && isIndex(key, length)) && - !(key == 'constructor' && (isProto || !hasOwnProperty.call(object, key)))) { - result.push(key); - } - } - return result; + var ax = this.a.redMul(x); + var rhs = x.redSqr().redMul(x).redIAdd(ax).redIAdd(this.b); + return y.redSqr().redISub(rhs).cmpn(0) === 0; +}; + +ShortCurve.prototype._endoWnafMulAdd = + function _endoWnafMulAdd(points, coeffs) { + var npoints = this._endoWnafT1; + var ncoeffs = this._endoWnafT2; + for (var i = 0; i < points.length; i++) { + var split = this._endoSplit(coeffs[i]); + var p = points[i]; + var beta = p._getBeta(); + + if (split.k1.sign) { + split.k1.sign = !split.k1.sign; + p = p.neg(true); + } + if (split.k2.sign) { + split.k2.sign = !split.k2.sign; + beta = beta.neg(true); } - /** - * The opposite of `_.mapValues`; this method creates an object with the - * same values as `object` and keys generated by running each own enumerable - * property of `object` through `iteratee`. - * - * @static - * @memberOf _ - * @category Object - * @param {Object} object The object to iterate over. - * @param {Function|Object|string} [iteratee=_.identity] The function invoked - * per iteration. - * @param {*} [thisArg] The `this` binding of `iteratee`. - * @returns {Object} Returns the new mapped object. - * @example - * - * _.mapKeys({ 'a': 1, 'b': 2 }, function(value, key) { - * return key + value; - * }); - * // => { 'a1': 1, 'b2': 2 } - */ - var mapKeys = createObjectMapper(true); + npoints[i * 2] = p; + npoints[i * 2 + 1] = beta; + ncoeffs[i * 2] = split.k1; + ncoeffs[i * 2 + 1] = split.k2; + } + var res = this._wnafMulAdd(1, npoints, ncoeffs, i * 2); - /** - * Creates an object with the same keys as `object` and values generated by - * running each own enumerable property of `object` through `iteratee`. The - * iteratee function is bound to `thisArg` and invoked with three arguments: - * (value, key, object). - * - * If a property name is provided for `iteratee` the created `_.property` - * style callback returns the property value of the given element. - * - * If a value is also provided for `thisArg` the created `_.matchesProperty` - * style callback returns `true` for elements that have a matching property - * value, else `false`. - * - * If an object is provided for `iteratee` the created `_.matches` style - * callback returns `true` for elements that have the properties of the given - * object, else `false`. - * - * @static - * @memberOf _ - * @category Object - * @param {Object} object The object to iterate over. - * @param {Function|Object|string} [iteratee=_.identity] The function invoked - * per iteration. - * @param {*} [thisArg] The `this` binding of `iteratee`. - * @returns {Object} Returns the new mapped object. - * @example - * - * _.mapValues({ 'a': 1, 'b': 2 }, function(n) { - * return n * 3; - * }); - * // => { 'a': 3, 'b': 6 } - * - * var users = { - * 'fred': { 'user': 'fred', 'age': 40 }, - * 'pebbles': { 'user': 'pebbles', 'age': 1 } - * }; - * - * // using the `_.property` callback shorthand - * _.mapValues(users, 'age'); - * // => { 'fred': 40, 'pebbles': 1 } (iteration order is not guaranteed) - */ - var mapValues = createObjectMapper(); + // Clean-up references to points and coefficients + for (var j = 0; j < i * 2; j++) { + npoints[j] = null; + ncoeffs[j] = null; + } + return res; +}; - /** - * The opposite of `_.pick`; this method creates an object composed of the - * own and inherited enumerable properties of `object` that are not omitted. - * - * @static - * @memberOf _ - * @category Object - * @param {Object} object The source object. - * @param {Function|...(string|string[])} [predicate] The function invoked per - * iteration or property names to omit, specified as individual property - * names or arrays of property names. - * @param {*} [thisArg] The `this` binding of `predicate`. - * @returns {Object} Returns the new object. - * @example - * - * var object = { 'user': 'fred', 'age': 40 }; - * - * _.omit(object, 'age'); - * // => { 'user': 'fred' } - * - * _.omit(object, _.isNumber); - * // => { 'user': 'fred' } - */ - var omit = restParam(function(object, props) { - if (object == null) { - return {}; - } - if (typeof props[0] != 'function') { - var props = arrayMap(baseFlatten(props), String); - return pickByArray(object, baseDifference(keysIn(object), props)); - } - var predicate = bindCallback(props[0], props[1], 3); - return pickByCallback(object, function(value, key, object) { - return !predicate(value, key, object); - }); - }); +function Point(curve, x, y, isRed) { + Base.BasePoint.call(this, curve, 'affine'); + if (x === null && y === null) { + this.x = null; + this.y = null; + this.inf = true; + } else { + this.x = new bn(x, 16); + this.y = new bn(y, 16); + // Force redgomery representation when loading from JSON + if (isRed) { + this.x.forceRed(this.curve.red); + this.y.forceRed(this.curve.red); + } + if (!this.x.red) + this.x = this.x.toRed(this.curve.red); + if (!this.y.red) + this.y = this.y.toRed(this.curve.red); + this.inf = false; + } +} +inherits(Point, Base.BasePoint); - /** - * Creates a two dimensional array of the key-value pairs for `object`, - * e.g. `[[key1, value1], [key2, value2]]`. - * - * @static - * @memberOf _ - * @category Object - * @param {Object} object The object to query. - * @returns {Array} Returns the new array of key-value pairs. - * @example - * - * _.pairs({ 'barney': 36, 'fred': 40 }); - * // => [['barney', 36], ['fred', 40]] (iteration order is not guaranteed) - */ - function pairs(object) { - object = toObject(object); +ShortCurve.prototype.point = function point(x, y, isRed) { + return new Point(this, x, y, isRed); +}; - var index = -1, - props = keys(object), - length = props.length, - result = Array(length); +ShortCurve.prototype.pointFromJSON = function pointFromJSON(obj, red) { + return Point.fromJSON(this, obj, red); +}; - while (++index < length) { - var key = props[index]; - result[index] = [key, object[key]]; - } - return result; - } +Point.prototype._getBeta = function _getBeta() { + if (!this.curve.endo) + return; - /** - * Creates an object composed of the picked `object` properties. Property - * names may be specified as individual arguments or as arrays of property - * names. If `predicate` is provided it is invoked for each property of `object` - * picking the properties `predicate` returns truthy for. The predicate is - * bound to `thisArg` and invoked with three arguments: (value, key, object). - * - * @static - * @memberOf _ - * @category Object - * @param {Object} object The source object. - * @param {Function|...(string|string[])} [predicate] The function invoked per - * iteration or property names to pick, specified as individual property - * names or arrays of property names. - * @param {*} [thisArg] The `this` binding of `predicate`. - * @returns {Object} Returns the new object. - * @example - * - * var object = { 'user': 'fred', 'age': 40 }; - * - * _.pick(object, 'user'); - * // => { 'user': 'fred' } - * - * _.pick(object, _.isString); - * // => { 'user': 'fred' } - */ - var pick = restParam(function(object, props) { - if (object == null) { - return {}; - } - return typeof props[0] == 'function' - ? pickByCallback(object, bindCallback(props[0], props[1], 3)) - : pickByArray(object, baseFlatten(props)); - }); + var pre = this.precomputed; + if (pre && pre.beta) + return pre.beta; - /** - * This method is like `_.get` except that if the resolved value is a function - * it is invoked with the `this` binding of its parent object and its result - * is returned. - * - * @static - * @memberOf _ - * @category Object - * @param {Object} object The object to query. - * @param {Array|string} path The path of the property to resolve. - * @param {*} [defaultValue] The value returned if the resolved value is `undefined`. - * @returns {*} Returns the resolved value. - * @example - * - * var object = { 'a': [{ 'b': { 'c1': 3, 'c2': _.constant(4) } }] }; - * - * _.result(object, 'a[0].b.c1'); - * // => 3 - * - * _.result(object, 'a[0].b.c2'); - * // => 4 - * - * _.result(object, 'a.b.c', 'default'); - * // => 'default' - * - * _.result(object, 'a.b.c', _.constant('default')); - * // => 'default' - */ - function result(object, path, defaultValue) { - var result = object == null ? undefined : object[path]; - if (result === undefined) { - if (object != null && !isKey(path, object)) { - path = toPath(path); - object = path.length == 1 ? object : baseGet(object, baseSlice(path, 0, -1)); - result = object == null ? undefined : object[last(path)]; - } - result = result === undefined ? defaultValue : result; + var beta = this.curve.point(this.x.redMul(this.curve.endo.beta), this.y); + if (pre) { + var curve = this.curve; + var endoMul = function(p) { + return curve.point(p.x.redMul(curve.endo.beta), p.y); + }; + pre.beta = beta; + beta.precomputed = { + beta: null, + naf: pre.naf && { + wnd: pre.naf.wnd, + points: pre.naf.points.map(endoMul) + }, + doubles: pre.doubles && { + step: pre.doubles.step, + points: pre.doubles.points.map(endoMul) } - return isFunction(result) ? result.call(object) : result; + }; + } + return beta; +}; + +Point.prototype.toJSON = function toJSON() { + if (!this.precomputed) + return [ this.x, this.y ]; + + return [ this.x, this.y, this.precomputed && { + doubles: this.precomputed.doubles && { + step: this.precomputed.doubles.step, + points: this.precomputed.doubles.points.slice(1) + }, + naf: this.precomputed.naf && { + wnd: this.precomputed.naf.wnd, + points: this.precomputed.naf.points.slice(1) } + } ]; +}; - /** - * Sets the property value of `path` on `object`. If a portion of `path` - * does not exist it is created. - * - * @static - * @memberOf _ - * @category Object - * @param {Object} object The object to augment. - * @param {Array|string} path The path of the property to set. - * @param {*} value The value to set. - * @returns {Object} Returns `object`. - * @example - * - * var object = { 'a': [{ 'b': { 'c': 3 } }] }; - * - * _.set(object, 'a[0].b.c', 4); - * console.log(object.a[0].b.c); - * // => 4 - * - * _.set(object, 'x[0].y.z', 5); - * console.log(object.x[0].y.z); - * // => 5 - */ - function set(object, path, value) { - if (object == null) { - return object; - } - var pathKey = (path + ''); - path = (object[pathKey] != null || isKey(path, object)) ? [pathKey] : toPath(path); +Point.fromJSON = function fromJSON(curve, obj, red) { + if (typeof obj === 'string') + obj = JSON.parse(obj); + var res = curve.point(obj[0], obj[1], red); + if (!obj[2]) + return res; - var index = -1, - length = path.length, - lastIndex = length - 1, - nested = object; + function obj2point(obj) { + return curve.point(obj[0], obj[1], red); + } - while (nested != null && ++index < length) { - var key = path[index]; - if (isObject(nested)) { - if (index == lastIndex) { - nested[key] = value; - } else if (nested[key] == null) { - nested[key] = isIndex(path[index + 1]) ? [] : {}; - } - } - nested = nested[key]; - } - return object; + var pre = obj[2]; + res.precomputed = { + beta: null, + doubles: pre.doubles && { + step: pre.doubles.step, + points: [ res ].concat(pre.doubles.points.map(obj2point)) + }, + naf: pre.naf && { + wnd: pre.naf.wnd, + points: [ res ].concat(pre.naf.points.map(obj2point)) } + }; + return res; +}; - /** - * An alternative to `_.reduce`; this method transforms `object` to a new - * `accumulator` object which is the result of running each of its own enumerable - * properties through `iteratee`, with each invocation potentially mutating - * the `accumulator` object. The `iteratee` is bound to `thisArg` and invoked - * with four arguments: (accumulator, value, key, object). Iteratee functions - * may exit iteration early by explicitly returning `false`. - * - * @static - * @memberOf _ - * @category Object - * @param {Array|Object} object The object to iterate over. - * @param {Function} [iteratee=_.identity] The function invoked per iteration. - * @param {*} [accumulator] The custom accumulator value. - * @param {*} [thisArg] The `this` binding of `iteratee`. - * @returns {*} Returns the accumulated value. - * @example - * - * _.transform([2, 3, 4], function(result, n) { - * result.push(n *= n); - * return n % 2 == 0; - * }); - * // => [4, 9] - * - * _.transform({ 'a': 1, 'b': 2 }, function(result, n, key) { - * result[key] = n * 3; - * }); - * // => { 'a': 3, 'b': 6 } - */ - function transform(object, iteratee, accumulator, thisArg) { - var isArr = isArray(object) || isTypedArray(object); - iteratee = getCallback(iteratee, thisArg, 4); +Point.prototype.inspect = function inspect() { + if (this.isInfinity()) + return ''; + return ''; +}; - if (accumulator == null) { - if (isArr || isObject(object)) { - var Ctor = object.constructor; - if (isArr) { - accumulator = isArray(object) ? new Ctor : []; - } else { - accumulator = baseCreate(isFunction(Ctor) ? Ctor.prototype : undefined); - } - } else { - accumulator = {}; - } - } - (isArr ? arrayEach : baseForOwn)(object, function(value, index, object) { - return iteratee(accumulator, value, index, object); - }); - return accumulator; - } +Point.prototype.isInfinity = function isInfinity() { + return this.inf; +}; - /** - * Creates an array of the own enumerable property values of `object`. - * - * **Note:** Non-object values are coerced to objects. - * - * @static - * @memberOf _ - * @category Object - * @param {Object} object The object to query. - * @returns {Array} Returns the array of property values. - * @example - * - * function Foo() { - * this.a = 1; - * this.b = 2; - * } - * - * Foo.prototype.c = 3; - * - * _.values(new Foo); - * // => [1, 2] (iteration order is not guaranteed) - * - * _.values('hi'); - * // => ['h', 'i'] - */ - function values(object) { - return baseValues(object, keys(object)); - } +Point.prototype.add = function add(p) { + // O + P = P + if (this.inf) + return p; - /** - * Creates an array of the own and inherited enumerable property values - * of `object`. - * - * **Note:** Non-object values are coerced to objects. - * - * @static - * @memberOf _ - * @category Object - * @param {Object} object The object to query. - * @returns {Array} Returns the array of property values. - * @example - * - * function Foo() { - * this.a = 1; - * this.b = 2; - * } - * - * Foo.prototype.c = 3; - * - * _.valuesIn(new Foo); - * // => [1, 2, 3] (iteration order is not guaranteed) - */ - function valuesIn(object) { - return baseValues(object, keysIn(object)); - } + // P + O = P + if (p.inf) + return this; - /*------------------------------------------------------------------------*/ + // P + P = 2P + if (this.eq(p)) + return this.dbl(); - /** - * Checks if `n` is between `start` and up to but not including, `end`. If - * `end` is not specified it is set to `start` with `start` then set to `0`. - * - * @static - * @memberOf _ - * @category Number - * @param {number} n The number to check. - * @param {number} [start=0] The start of the range. - * @param {number} end The end of the range. - * @returns {boolean} Returns `true` if `n` is in the range, else `false`. - * @example - * - * _.inRange(3, 2, 4); - * // => true - * - * _.inRange(4, 8); - * // => true - * - * _.inRange(4, 2); - * // => false - * - * _.inRange(2, 2); - * // => false - * - * _.inRange(1.2, 2); - * // => true - * - * _.inRange(5.2, 4); - * // => false - */ - function inRange(value, start, end) { - start = +start || 0; - if (end === undefined) { - end = start; - start = 0; - } else { - end = +end || 0; - } - return value >= nativeMin(start, end) && value < nativeMax(start, end); - } + // P + (-P) = O + if (this.neg().eq(p)) + return this.curve.point(null, null); - /** - * Produces a random number between `min` and `max` (inclusive). If only one - * argument is provided a number between `0` and the given number is returned. - * If `floating` is `true`, or either `min` or `max` are floats, a floating-point - * number is returned instead of an integer. - * - * @static - * @memberOf _ - * @category Number - * @param {number} [min=0] The minimum possible value. - * @param {number} [max=1] The maximum possible value. - * @param {boolean} [floating] Specify returning a floating-point number. - * @returns {number} Returns the random number. - * @example - * - * _.random(0, 5); - * // => an integer between 0 and 5 - * - * _.random(5); - * // => also an integer between 0 and 5 - * - * _.random(5, true); - * // => a floating-point number between 0 and 5 - * - * _.random(1.2, 5.2); - * // => a floating-point number between 1.2 and 5.2 - */ - function random(min, max, floating) { - if (floating && isIterateeCall(min, max, floating)) { - max = floating = undefined; - } - var noMin = min == null, - noMax = max == null; + // P + Q = O + if (this.x.cmp(p.x) === 0) + return this.curve.point(null, null); - if (floating == null) { - if (noMax && typeof min == 'boolean') { - floating = min; - min = 1; - } - else if (typeof max == 'boolean') { - floating = max; - noMax = true; - } - } - if (noMin && noMax) { - max = 1; - noMax = false; - } - min = +min || 0; - if (noMax) { - max = min; - min = 0; - } else { - max = +max || 0; - } - if (floating || min % 1 || max % 1) { - var rand = nativeRandom(); - return nativeMin(min + (rand * (max - min + parseFloat('1e-' + ((rand + '').length - 1)))), max); - } - return baseRandom(min, max); - } + var c = this.y.redSub(p.y); + if (c.cmpn(0) !== 0) + c = c.redMul(this.x.redSub(p.x).redInvm()); + var nx = c.redSqr().redISub(this.x).redISub(p.x); + var ny = c.redMul(this.x.redSub(nx)).redISub(this.y); + return this.curve.point(nx, ny); +}; - /*------------------------------------------------------------------------*/ +Point.prototype.dbl = function dbl() { + if (this.inf) + return this; - /** - * Converts `string` to [camel case](https://en.wikipedia.org/wiki/CamelCase). - * - * @static - * @memberOf _ - * @category String - * @param {string} [string=''] The string to convert. - * @returns {string} Returns the camel cased string. - * @example - * - * _.camelCase('Foo Bar'); - * // => 'fooBar' - * - * _.camelCase('--foo-bar'); - * // => 'fooBar' - * - * _.camelCase('__foo_bar__'); - * // => 'fooBar' - */ - var camelCase = createCompounder(function(result, word, index) { - word = word.toLowerCase(); - return result + (index ? (word.charAt(0).toUpperCase() + word.slice(1)) : word); - }); + // 2P = O + var ys1 = this.y.redAdd(this.y); + if (ys1.cmpn(0) === 0) + return this.curve.point(null, null); - /** - * Capitalizes the first character of `string`. - * - * @static - * @memberOf _ - * @category String - * @param {string} [string=''] The string to capitalize. - * @returns {string} Returns the capitalized string. - * @example - * - * _.capitalize('fred'); - * // => 'Fred' - */ - function capitalize(string) { - string = baseToString(string); - return string && (string.charAt(0).toUpperCase() + string.slice(1)); - } + var a = this.curve.a; - /** - * Deburrs `string` by converting [latin-1 supplementary letters](https://en.wikipedia.org/wiki/Latin-1_Supplement_(Unicode_block)#Character_table) - * to basic latin letters and removing [combining diacritical marks](https://en.wikipedia.org/wiki/Combining_Diacritical_Marks). - * - * @static - * @memberOf _ - * @category String - * @param {string} [string=''] The string to deburr. - * @returns {string} Returns the deburred string. - * @example - * - * _.deburr('déjà vu'); - * // => 'deja vu' - */ - function deburr(string) { - string = baseToString(string); - return string && string.replace(reLatin1, deburrLetter).replace(reComboMark, ''); - } + var x2 = this.x.redSqr(); + var dyinv = ys1.redInvm(); + var c = x2.redAdd(x2).redIAdd(x2).redIAdd(a).redMul(dyinv); - /** - * Checks if `string` ends with the given target string. - * - * @static - * @memberOf _ - * @category String - * @param {string} [string=''] The string to search. - * @param {string} [target] The string to search for. - * @param {number} [position=string.length] The position to search from. - * @returns {boolean} Returns `true` if `string` ends with `target`, else `false`. - * @example - * - * _.endsWith('abc', 'c'); - * // => true - * - * _.endsWith('abc', 'b'); - * // => false - * - * _.endsWith('abc', 'b', 2); - * // => true - */ - function endsWith(string, target, position) { - string = baseToString(string); - target = (target + ''); + var nx = c.redSqr().redISub(this.x.redAdd(this.x)); + var ny = c.redMul(this.x.redSub(nx)).redISub(this.y); + return this.curve.point(nx, ny); +}; - var length = string.length; - position = position === undefined - ? length - : nativeMin(position < 0 ? 0 : (+position || 0), length); +Point.prototype.getX = function getX() { + return this.x.fromRed(); +}; - position -= target.length; - return position >= 0 && string.indexOf(target, position) == position; - } +Point.prototype.getY = function getY() { + return this.y.fromRed(); +}; - /** - * Converts the characters "&", "<", ">", '"', "'", and "\`", in `string` to - * their corresponding HTML entities. - * - * **Note:** No other characters are escaped. To escape additional characters - * use a third-party library like [_he_](https://mths.be/he). - * - * Though the ">" character is escaped for symmetry, characters like - * ">" and "/" don't need escaping in HTML and have no special meaning - * unless they're part of a tag or unquoted attribute value. - * See [Mathias Bynens's article](https://mathiasbynens.be/notes/ambiguous-ampersands) - * (under "semi-related fun fact") for more details. - * - * Backticks are escaped because in Internet Explorer < 9, they can break out - * of attribute values or HTML comments. See [#59](https://html5sec.org/#59), - * [#102](https://html5sec.org/#102), [#108](https://html5sec.org/#108), and - * [#133](https://html5sec.org/#133) of the [HTML5 Security Cheatsheet](https://html5sec.org/) - * for more details. - * - * When working with HTML you should always [quote attribute values](http://wonko.com/post/html-escaping) - * to reduce XSS vectors. - * - * @static - * @memberOf _ - * @category String - * @param {string} [string=''] The string to escape. - * @returns {string} Returns the escaped string. - * @example - * - * _.escape('fred, barney, & pebbles'); - * // => 'fred, barney, & pebbles' - */ - function escape(string) { - // Reset `lastIndex` because in IE < 9 `String#replace` does not. - string = baseToString(string); - return (string && reHasUnescapedHtml.test(string)) - ? string.replace(reUnescapedHtml, escapeHtmlChar) - : string; - } +Point.prototype.mul = function mul(k) { + k = new bn(k, 16); - /** - * Escapes the `RegExp` special characters "\", "/", "^", "$", ".", "|", "?", - * "*", "+", "(", ")", "[", "]", "{" and "}" in `string`. - * - * @static - * @memberOf _ - * @category String - * @param {string} [string=''] The string to escape. - * @returns {string} Returns the escaped string. - * @example - * - * _.escapeRegExp('[lodash](https://lodash.com/)'); - * // => '\[lodash\]\(https:\/\/lodash\.com\/\)' - */ - function escapeRegExp(string) { - string = baseToString(string); - return (string && reHasRegExpChars.test(string)) - ? string.replace(reRegExpChars, escapeRegExpChar) - : (string || '(?:)'); - } + if (this.precomputed && this.precomputed.doubles) + return this.curve._fixedNafMul(this, k); + else if (this.curve.endo) + return this.curve._endoWnafMulAdd([ this ], [ k ]); + else + return this.curve._wnafMul(this, k); +}; - /** - * Converts `string` to [kebab case](https://en.wikipedia.org/wiki/Letter_case#Special_case_styles). - * - * @static - * @memberOf _ - * @category String - * @param {string} [string=''] The string to convert. - * @returns {string} Returns the kebab cased string. - * @example - * - * _.kebabCase('Foo Bar'); - * // => 'foo-bar' - * - * _.kebabCase('fooBar'); - * // => 'foo-bar' - * - * _.kebabCase('__foo_bar__'); - * // => 'foo-bar' - */ - var kebabCase = createCompounder(function(result, word, index) { - return result + (index ? '-' : '') + word.toLowerCase(); - }); +Point.prototype.mulAdd = function mulAdd(k1, p2, k2) { + var points = [ this, p2 ]; + var coeffs = [ k1, k2 ]; + if (this.curve.endo) + return this.curve._endoWnafMulAdd(points, coeffs); + else + return this.curve._wnafMulAdd(1, points, coeffs, 2); +}; - /** - * Pads `string` on the left and right sides if it's shorter than `length`. - * Padding characters are truncated if they can't be evenly divided by `length`. - * - * @static - * @memberOf _ - * @category String - * @param {string} [string=''] The string to pad. - * @param {number} [length=0] The padding length. - * @param {string} [chars=' '] The string used as padding. - * @returns {string} Returns the padded string. - * @example - * - * _.pad('abc', 8); - * // => ' abc ' - * - * _.pad('abc', 8, '_-'); - * // => '_-abc_-_' - * - * _.pad('abc', 3); - * // => 'abc' - */ - function pad(string, length, chars) { - string = baseToString(string); - length = +length; +Point.prototype.eq = function eq(p) { + return this === p || + this.inf === p.inf && + (this.inf || this.x.cmp(p.x) === 0 && this.y.cmp(p.y) === 0); +}; - var strLength = string.length; - if (strLength >= length || !nativeIsFinite(length)) { - return string; +Point.prototype.neg = function neg(_precompute) { + if (this.inf) + return this; + + var res = this.curve.point(this.x, this.y.redNeg()); + if (_precompute && this.precomputed) { + var pre = this.precomputed; + var negate = function(p) { + return p.neg(); + }; + res.precomputed = { + naf: pre.naf && { + wnd: pre.naf.wnd, + points: pre.naf.points.map(negate) + }, + doubles: pre.doubles && { + step: pre.doubles.step, + points: pre.doubles.points.map(negate) } - var mid = (length - strLength) / 2, - leftLength = nativeFloor(mid), - rightLength = nativeCeil(mid); + }; + } + return res; +}; - chars = createPadding('', rightLength, chars); - return chars.slice(0, leftLength) + string + chars; - } +Point.prototype.toJ = function toJ() { + if (this.inf) + return this.curve.jpoint(null, null, null); - /** - * Pads `string` on the left side if it's shorter than `length`. Padding - * characters are truncated if they exceed `length`. - * - * @static - * @memberOf _ - * @category String - * @param {string} [string=''] The string to pad. - * @param {number} [length=0] The padding length. - * @param {string} [chars=' '] The string used as padding. - * @returns {string} Returns the padded string. - * @example - * - * _.padLeft('abc', 6); - * // => ' abc' - * - * _.padLeft('abc', 6, '_-'); - * // => '_-_abc' - * - * _.padLeft('abc', 3); - * // => 'abc' - */ - var padLeft = createPadDir(); + var res = this.curve.jpoint(this.x, this.y, this.curve.one); + return res; +}; - /** - * Pads `string` on the right side if it's shorter than `length`. Padding - * characters are truncated if they exceed `length`. - * - * @static - * @memberOf _ - * @category String - * @param {string} [string=''] The string to pad. - * @param {number} [length=0] The padding length. - * @param {string} [chars=' '] The string used as padding. - * @returns {string} Returns the padded string. - * @example - * - * _.padRight('abc', 6); - * // => 'abc ' - * - * _.padRight('abc', 6, '_-'); - * // => 'abc_-_' - * - * _.padRight('abc', 3); - * // => 'abc' - */ - var padRight = createPadDir(true); +function JPoint(curve, x, y, z) { + Base.BasePoint.call(this, curve, 'jacobian'); + if (x === null && y === null && z === null) { + this.x = this.curve.one; + this.y = this.curve.one; + this.z = new bn(0); + } else { + this.x = new bn(x, 16); + this.y = new bn(y, 16); + this.z = new bn(z, 16); + } + if (!this.x.red) + this.x = this.x.toRed(this.curve.red); + if (!this.y.red) + this.y = this.y.toRed(this.curve.red); + if (!this.z.red) + this.z = this.z.toRed(this.curve.red); - /** - * Converts `string` to an integer of the specified radix. If `radix` is - * `undefined` or `0`, a `radix` of `10` is used unless `value` is a hexadecimal, - * in which case a `radix` of `16` is used. - * - * **Note:** This method aligns with the [ES5 implementation](https://es5.github.io/#E) - * of `parseInt`. - * - * @static - * @memberOf _ - * @category String - * @param {string} string The string to convert. - * @param {number} [radix] The radix to interpret `value` by. - * @param- {Object} [guard] Enables use as a callback for functions like `_.map`. - * @returns {number} Returns the converted integer. - * @example - * - * _.parseInt('08'); - * // => 8 - * - * _.map(['6', '08', '10'], _.parseInt); - * // => [6, 8, 10] - */ - function parseInt(string, radix, guard) { - // Firefox < 21 and Opera < 15 follow ES3 for `parseInt`. - // Chrome fails to trim leading whitespace characters. - // See https://code.google.com/p/v8/issues/detail?id=3109 for more details. - if (guard ? isIterateeCall(string, radix, guard) : radix == null) { - radix = 0; - } else if (radix) { - radix = +radix; - } - string = trim(string); - return nativeParseInt(string, radix || (reHasHexPrefix.test(string) ? 16 : 10)); - } + this.zOne = this.z === this.curve.one; +} +inherits(JPoint, Base.BasePoint); - /** - * Repeats the given string `n` times. - * - * @static - * @memberOf _ - * @category String - * @param {string} [string=''] The string to repeat. - * @param {number} [n=0] The number of times to repeat the string. - * @returns {string} Returns the repeated string. - * @example - * - * _.repeat('*', 3); - * // => '***' - * - * _.repeat('abc', 2); - * // => 'abcabc' - * - * _.repeat('abc', 0); - * // => '' - */ - function repeat(string, n) { - var result = ''; - string = baseToString(string); - n = +n; - if (n < 1 || !string || !nativeIsFinite(n)) { - return result; - } - // Leverage the exponentiation by squaring algorithm for a faster repeat. - // See https://en.wikipedia.org/wiki/Exponentiation_by_squaring for more details. - do { - if (n % 2) { - result += string; - } - n = nativeFloor(n / 2); - string += string; - } while (n); +ShortCurve.prototype.jpoint = function jpoint(x, y, z) { + return new JPoint(this, x, y, z); +}; - return result; - } +JPoint.prototype.toP = function toP() { + if (this.isInfinity()) + return this.curve.point(null, null); - /** - * Converts `string` to [snake case](https://en.wikipedia.org/wiki/Snake_case). - * - * @static - * @memberOf _ - * @category String - * @param {string} [string=''] The string to convert. - * @returns {string} Returns the snake cased string. - * @example - * - * _.snakeCase('Foo Bar'); - * // => 'foo_bar' - * - * _.snakeCase('fooBar'); - * // => 'foo_bar' - * - * _.snakeCase('--foo-bar'); - * // => 'foo_bar' - */ - var snakeCase = createCompounder(function(result, word, index) { - return result + (index ? '_' : '') + word.toLowerCase(); - }); + var zinv = this.z.redInvm(); + var zinv2 = zinv.redSqr(); + var ax = this.x.redMul(zinv2); + var ay = this.y.redMul(zinv2).redMul(zinv); - /** - * Converts `string` to [start case](https://en.wikipedia.org/wiki/Letter_case#Stylistic_or_specialised_usage). - * - * @static - * @memberOf _ - * @category String - * @param {string} [string=''] The string to convert. - * @returns {string} Returns the start cased string. - * @example - * - * _.startCase('--foo-bar'); - * // => 'Foo Bar' - * - * _.startCase('fooBar'); - * // => 'Foo Bar' - * - * _.startCase('__foo_bar__'); - * // => 'Foo Bar' - */ - var startCase = createCompounder(function(result, word, index) { - return result + (index ? ' ' : '') + (word.charAt(0).toUpperCase() + word.slice(1)); - }); + return this.curve.point(ax, ay); +}; - /** - * Checks if `string` starts with the given target string. - * - * @static - * @memberOf _ - * @category String - * @param {string} [string=''] The string to search. - * @param {string} [target] The string to search for. - * @param {number} [position=0] The position to search from. - * @returns {boolean} Returns `true` if `string` starts with `target`, else `false`. - * @example - * - * _.startsWith('abc', 'a'); - * // => true - * - * _.startsWith('abc', 'b'); - * // => false - * - * _.startsWith('abc', 'b', 1); - * // => true - */ - function startsWith(string, target, position) { - string = baseToString(string); - position = position == null - ? 0 - : nativeMin(position < 0 ? 0 : (+position || 0), string.length); +JPoint.prototype.neg = function neg() { + return this.curve.jpoint(this.x, this.y.redNeg(), this.z); +}; - return string.lastIndexOf(target, position) == position; - } +JPoint.prototype.add = function add(p) { + // O + P = P + if (this.isInfinity()) + return p; - /** - * Creates a compiled template function that can interpolate data properties - * in "interpolate" delimiters, HTML-escape interpolated data properties in - * "escape" delimiters, and execute JavaScript in "evaluate" delimiters. Data - * properties may be accessed as free variables in the template. If a setting - * object is provided it takes precedence over `_.templateSettings` values. - * - * **Note:** In the development build `_.template` utilizes - * [sourceURLs](http://www.html5rocks.com/en/tutorials/developertools/sourcemaps/#toc-sourceurl) - * for easier debugging. - * - * For more information on precompiling templates see - * [lodash's custom builds documentation](https://lodash.com/custom-builds). - * - * For more information on Chrome extension sandboxes see - * [Chrome's extensions documentation](https://developer.chrome.com/extensions/sandboxingEval). - * - * @static - * @memberOf _ - * @category String - * @param {string} [string=''] The template string. - * @param {Object} [options] The options object. - * @param {RegExp} [options.escape] The HTML "escape" delimiter. - * @param {RegExp} [options.evaluate] The "evaluate" delimiter. - * @param {Object} [options.imports] An object to import into the template as free variables. - * @param {RegExp} [options.interpolate] The "interpolate" delimiter. - * @param {string} [options.sourceURL] The sourceURL of the template's compiled source. - * @param {string} [options.variable] The data object variable name. - * @param- {Object} [otherOptions] Enables the legacy `options` param signature. - * @returns {Function} Returns the compiled template function. - * @example - * - * // using the "interpolate" delimiter to create a compiled template - * var compiled = _.template('hello <%= user %>!'); - * compiled({ 'user': 'fred' }); - * // => 'hello fred!' - * - * // using the HTML "escape" delimiter to escape data property values - * var compiled = _.template('<%- value %>'); - * compiled({ 'value': '