Merge forks331 into master (#2)

* add testnet bip49 example

* Should be able to deal with incomplete P2SH/P2WSH inputs when allowIncomplete is set

* remove redundant baddress.toOutputScript call from tests

* set p2sh=true only if redeemScriptType is set

* testing/integration/examples: isolate to addresses/transactions
examples, use public broadcast endpoints

* tests/integration: add BIP32 serialization and multi-child examples

* README: re-generate examples list

* README: drop Contributors

* README: add bech32

* README: move BCoin to Alternative

* README: drop insight

* README: add helperbit

* LICENSE: 2017 too

* add from/toBech32

* add Bech32 support to toOutputScript/fromOutputScript

* README/tests: add BIP173/BIP16 SegWit address examples

* tests: add P2WPK, P2WSH spend example

* tests: resist txn-mempool-conflicts

* tests/txb: add P2WSH(multisig), incomplete fixture

* txbuilder: refactor branches for readability

* add witnessPubKeyHash compressed policy

* templates/pubkey: only canonical pubkeys to encode

* TxBuilder: restrict uncompressed keyPairs for P2WPK and P2WSH

* script: use asMinimalOP for ASM/decompile

* Fix the integration url's to latest version

also some of the urls were broken

* add bech32 fixture

* Fixed Segwit links

The links were redirecting to 404 - I've modified them so they adhere to the beginning of the respective Segwit unit tests.

* Fixed some README links

Found some more links that were displaced by the Segwit unit tests and fixed them

* typescript instructions on README

closes:
bitcoinjs#815

* README: cleanup typescript help

* Add witness is true to signing

* Add test for witness = true edge case during multisigning

* TransactionBuilder: collect witnessValue as input.value, and match it

* Fix txb.__overMaximumFees for segwit

* Add test case

* Fix absurd fee in fixture

* buildstack - don't return op_0

* multisig.input.encodestack - replace OP_0 (permitted by partialSignature) with EMPTY_BUFFER

* update CHANGELOG

* 3.2.0

* tests: script tests can validate template fixtures too

* match scriptHash types 1 for 1, ignore classify order

* add fixture to verify input type classification

(cherry picked from commit 8f9d8b7)

* respond to Jonathan Underwood's comments

(cherry picked from commit 8126ca2)

* tests/fixtures: amend truncated outputHex

* README: add notes about ES5, Node LTS feature tracking

* package: rm contributors field, outdated, update wallet estimate

* rm bscript circular dependencies

* txbuilder: fix canSign returning true for missing witness value

* address/txbuilder: require templates to prevent undefined exports

* tests: add passing and failing tests for witness*.input.encode/decode

* witnessScriptHash: fixed implementation

* tests: add failing staged transaction building example bitcoinjs#901

* txbuilder: apply input.value before prepareInput

* s/checkP2shInput/checkP2SHInput

* 3.2.1

* ECSignature: add toRSBuffer/fromRSBuffer

* TxBuilder: add support for RSBuffer type keyPairs and .publicKey

* 3.3.0

* tests: txb for TxBuilder, Tx for Transaction

* increase max feerate sanity check from 1000 to 2500

* 3.3.1

* opt-in bitcoin-cash support in transaction_builder

* TransactionBuilder.fromTransaction & Bitcoin Cash

Adds an extra parameter to fromTransaction, which tells the
library to expect a value property to be added on each txin
which uses bitcoin cash's sighashtype

* bitcoin gold support

* package: rename to bitcoinforksjs-lib

Author: Melvillian

package.json

@@ -1,6 +1,6 @@
 {
   "name": "bitcoinjs-lib",
-  "version": "3.3.0",
+  "version": "3.1.1",
   "description": "Client-side Bitcoin JavaScript library",
   "main": "./src/index.js",
   "engines": {

src/ecsignature.js

@@ -47,7 +47,7 @@ ECSignature.fromDER = function (buffer) {
 // BIP62: 1 byte hashType flag (only 0x01, 0x02, 0x03, 0x81, 0x82 and 0x83 are allowed)
 ECSignature.parseScriptSignature = function (buffer) {
   var hashType = buffer.readUInt8(buffer.length - 1)
-  var hashTypeMod = hashType & ~0x80
+  var hashTypeMod = hashType & ~0xc0
 
   if (hashTypeMod <= 0x00 || hashTypeMod >= 0x04) throw new Error('Invalid hashType ' + hashType)
 
@@ -85,7 +85,7 @@ ECSignature.prototype.toRSBuffer = function (buffer, offset) {
 }
 
 ECSignature.prototype.toScriptSignature = function (hashType) {
-  var hashTypeMod = hashType & ~0x80
+  var hashTypeMod = hashType & ~0xc0
   if (hashTypeMod <= 0 || hashTypeMod >= 4) throw new Error('Invalid hashType ' + hashType)
 
   var hashTypeBuffer = Buffer.alloc(1)

src/networks.js

@@ -2,6 +2,16 @@
 // Dogecoin BIP32 is a proposed standard: https://bitcointalk.org/index.php?topic=409731
 
 module.exports = {
+  bitcoingold: {
+    messagePrefix: '\x18Bitcoin Gold Signed Message:\n',
+    bip32: {
+      public: 0x0488b21e,
+      private: 0x0488ade4
+    },
+    pubKeyHash: 0x26,
+    scriptHash: 0x17,
+    wif: 0x80
+  },
   bitcoin: {
     messagePrefix: '\x18Bitcoin Signed Message:\n',
     bech32: 'bc',

src/script.js

@@ -185,7 +185,7 @@ function isCanonicalPubKey (buffer) {
 }
 
 function isDefinedHashType (hashType) {
-  var hashTypeMod = hashType & ~0x80
+  var hashTypeMod = hashType & ~0xc0
 
 // return hashTypeMod > SIGHASH_ALL && hashTypeMod < SIGHASH_SINGLE
   return hashTypeMod > 0x00 && hashTypeMod < 0x04

src/transaction.js

@@ -33,8 +33,11 @@ Transaction.SIGHASH_ALL = 0x01
 Transaction.SIGHASH_NONE = 0x02
 Transaction.SIGHASH_SINGLE = 0x03
 Transaction.SIGHASH_ANYONECANPAY = 0x80
+Transaction.SIGHASH_BITCOINCASHBIP143 = 0x40
 Transaction.ADVANCED_TRANSACTION_MARKER = 0x00
 Transaction.ADVANCED_TRANSACTION_FLAG = 0x01
+Transaction.FORKID_BTG = 0x4F // 79
+Transaction.FORKID_BCH = 0x00
 
 var EMPTY_SCRIPT = Buffer.allocUnsafe(0)
 var EMPTY_WITNESS = []
@@ -402,6 +405,58 @@ Transaction.prototype.hashForWitnessV0 = function (inIndex, prevOutScript, value
   return bcrypto.hash256(tbuffer)
 }
 
+/**
+ * Hash transaction for signing a specific input for Bitcoin Cash.
+ */
+Transaction.prototype.hashForCashSignature = function (inIndex, prevOutScript, inAmount, hashType) {
+  typeforce(types.tuple(types.UInt32, types.Buffer, /* types.UInt8 */ types.Number, types.maybe(types.UInt53)), arguments)
+
+  // This function works the way it does because Bitcoin Cash
+  // uses BIP143 as their replay protection, AND their algo
+  // includes `forkId | hashType`, AND since their forkId=0,
+  // this is a NOP, and has no difference to segwit. To support
+  // other forks, another parameter is required, and a new parameter
+  // would be required in the hashForWitnessV0 function, or
+  // it could be broken into two..
+
+  // BIP143 sighash activated in BitcoinCash via 0x40 bit
+  if (hashType & Transaction.SIGHASH_BITCOINCASHBIP143) {
+    if (types.Null(inAmount)) {
+      throw new Error('Bitcoin Cash sighash requires value of input to be signed.')
+    }
+    return this.hashForWitnessV0(inIndex, prevOutScript, inAmount, hashType)
+  } else {
+    return this.hashForSignature(inIndex, prevOutScript, hashType)
+  }
+}
+
+/**
+ * Hash transaction for signing a specific input for Bitcoin Gold.
+ */
+Transaction.prototype.hashForGoldSignature = function (inIndex, prevOutScript, inAmount, hashType, sigVersion) {
+  typeforce(types.tuple(types.UInt32, types.Buffer, /* types.UInt8 */ types.Number, types.maybe(types.UInt53)), arguments)
+
+  // Bitcoin Gold also implements segregated witness
+  // therefore we can pull out the setting of nForkHashType
+  // and pass it into the functions.
+
+  var nForkHashType = hashType
+  var fUseForkId = (hashType & Transaction.SIGHASH_BITCOINCASHBIP143) > 0
+  if (fUseForkId) {
+    nForkHashType |= Transaction.FORKID_BTG << 8
+  }
+
+  // BIP143 sighash activated in BitcoinCash via 0x40 bit
+  if (sigVersion || fUseForkId) {
+    if (types.Null(inAmount)) {
+      throw new Error('Bitcoin Cash sighash requires value of input to be signed.')
+    }
+    return this.hashForWitnessV0(inIndex, prevOutScript, inAmount, nForkHashType)
+  } else {
+    return this.hashForSignature(inIndex, prevOutScript, nForkHashType)
+  }
+}
+
 Transaction.prototype.getHash = function () {
   return bcrypto.hash256(this.__toBuffer(undefined, undefined, false))
 }

src/transaction_builder.js

@@ -174,7 +174,7 @@ function expandInput (scriptSig, witnessStack) {
 }
 
 // could be done in expandInput, but requires the original Transaction for hashForSignature
-function fixMultisigOrder (input, transaction, vin) {
+function fixMultisigOrder (input, transaction, vin, value, forkId) {
   if (input.redeemScriptType !== scriptTypes.MULTISIG || !input.redeemScript) return
   if (input.pubKeys.length === input.signatures.length) return
 
@@ -191,7 +191,22 @@ function fixMultisigOrder (input, transaction, vin) {
 
       // TODO: avoid O(n) hashForSignature
       var parsed = ECSignature.parseScriptSignature(signature)
-      var hash = transaction.hashForSignature(vin, input.redeemScript, parsed.hashType)
+      var hash
+      switch (forkId) {
+        case Transaction.FORKID_BCH:
+          hash = transaction.hashForCashSignature(vin, input.signScript, value, parsed.hashType)
+          break
+        case Transaction.FORKID_BTG:
+          hash = transaction.hashForGoldSignature(vin, input.signScript, value, parsed.hashType)
+          break
+        default:
+          if (input.witness) {
+            hash = transaction.hashForWitnessV0(vin, input.signScript, value, parsed.hashType)
+          } else {
+            hash = transaction.hashForSignature(vin, input.signScript, parsed.hashType)
+          }
+          break
+      }
 
       // skip if signature does not match pubKey
       if (!keyPair.verify(hash, parsed.signature)) return false
@@ -448,7 +463,6 @@ function buildInput (input, allowIncomplete) {
         witness.push(input.witnessScript)
         scriptType = input.witnessScriptType
       }
-
       break
   }
 
@@ -469,12 +483,30 @@ function TransactionBuilder (network, maximumFeeRate) {
   this.network = network || networks.bitcoin
 
   // WARNING: This is __NOT__ to be relied on, its just another potential safety mechanism (safety in-depth)
-  this.maximumFeeRate = maximumFeeRate || 1000
+  this.maximumFeeRate = maximumFeeRate || 2500
 
   this.inputs = []
+  this.bitcoinCash = false
+  this.bitcoinGold = false
   this.tx = new Transaction()
 }
 
+TransactionBuilder.prototype.enableBitcoinCash = function (enable) {
+  if (typeof enable === 'undefined') {
+    enable = true
+  }
+
+  this.bitcoinCash = enable
+}
+
+TransactionBuilder.prototype.enableBitcoinGold = function (enable) {
+  if (typeof enable === 'undefined') {
+    enable = true
+  }
+
+  this.bitcoinGold = enable
+}
+
 TransactionBuilder.prototype.setLockTime = function (locktime) {
   typeforce(types.UInt32, locktime)
 
@@ -497,9 +529,17 @@ TransactionBuilder.prototype.setVersion = function (version) {
   this.tx.version = version
 }
 
-TransactionBuilder.fromTransaction = function (transaction, network) {
+TransactionBuilder.fromTransaction = function (transaction, network, forkId) {
   var txb = new TransactionBuilder(network)
 
+  if (typeof forkId === 'number') {
+    if (forkId === Transaction.FORKID_BTG) {
+      txb.enableBitcoinGold(true)
+    } else if (forkId === Transaction.FORKID_BCH) {
+      txb.enableBitcoinCash(true)
+    }
+  }
+
   // Copy transaction fields
   txb.setVersion(transaction.version)
   txb.setLockTime(transaction.locktime)
@@ -514,13 +554,14 @@ TransactionBuilder.fromTransaction = function (transaction, network) {
     txb.__addInputUnsafe(txIn.hash, txIn.index, {
       sequence: txIn.sequence,
       script: txIn.script,
-      witness: txIn.witness
+      witness: txIn.witness,
+      value: txIn.value
     })
   })
 
   // fix some things not possible through the public API
   txb.inputs.forEach(function (input, i) {
-    fixMultisigOrder(input, transaction, i)
+    fixMultisigOrder(input, transaction, i, input.value, forkId)
   })
 
   return txb
@@ -695,10 +736,16 @@ TransactionBuilder.prototype.sign = function (vin, keyPair, redeemScript, hashTy
 
   // ready to sign
   var signatureHash
-  if (input.witness) {
-    signatureHash = this.tx.hashForWitnessV0(vin, input.signScript, input.value, hashType)
+  if (this.bitcoinGold) {
+    signatureHash = this.tx.hashForGoldSignature(vin, input.signScript, witnessValue, hashType, input.witness)
+  } else if (this.bitcoinCash) {
+    signatureHash = this.tx.hashForCashSignature(vin, input.signScript, witnessValue, hashType)
   } else {
-    signatureHash = this.tx.hashForSignature(vin, input.signScript, hashType)
+    if (input.witness) {
+      signatureHash = this.tx.hashForWitnessV0(vin, input.signScript, witnessValue, hashType)
+    } else {
+      signatureHash = this.tx.hashForSignature(vin, input.signScript, hashType)
+    }
   }
 
   // enforce in order signing of public keys

test/bitcoincash.test.js

@@ -0,0 +1,37 @@
+/* global describe, it */
+
+var assert = require('assert')
+var bscript = require('../src/script')
+var ECPair = require('../src/ecpair')
+var NETWORKS = require('../src/networks')
+var TransactionBuilder = require('../src/transaction_builder')
+var Transaction = require('../src/transaction')
+
+describe('TransactionBuilder', function () {
+  var network = NETWORKS['testnet']
+  it('cashtestcase3', function () {
+    var value = 50 * 1e8
+    var txid = '40c8a218923f23df3692530fa8e475251c50c7d630dccbdfbd92ba8092f4aa13'
+    var vout = 0
+
+    var wif = 'cTNwkxh7nVByhc3i7BH6eaBFQ4yVs6WvXBGBoA9xdKiorwcYVACc'
+    var keyPair = ECPair.fromWIF(wif, network)
+
+    var pk = keyPair.getPublicKeyBuffer()
+    var spk = bscript.pubKey.output.encode(pk)
+
+    var txb = new TransactionBuilder(network)
+    txb.addInput(txid, vout, Transaction.DEFAULT_SEQUENCE, spk)
+    txb.addOutput('mzDktdwPcWwqg8aZkPotx6aYi4mKvDD7ay', value)
+    txb.enableBitcoinCash(true)
+    txb.setVersion(2)
+
+    var hashType = Transaction.SIGHASH_ALL | Transaction.SIGHASH_BITCOINCASHBIP143
+
+    txb.sign(0, keyPair, null, hashType, value)
+
+    var tx = txb.build()
+    var hex = tx.toHex()
+    assert.equal('020000000113aaf49280ba92bddfcbdc30d6c7501c2575e4a80f539236df233f9218a2c8400000000049483045022100c5874e39da4dd427d35e24792bf31dcd63c25684deec66b426271b4043e21c3002201bfdc0621ad4237e8db05aa6cad69f3d5ab4ae32ebb2048f65b12165da6cc69341ffffffff0100f2052a010000001976a914cd29cc97826c37281ac61301e4d5ed374770585688ac00000000', hex)
+  })
+})

test/bitcoingold.test.js

@@ -0,0 +1,76 @@
+/* global describe, it */
+
+var assert = require('assert')
+var bscript = require('../src/script')
+var bcrypto = require('../src/crypto')
+var ECPair = require('../src/ecpair')
+var NETWORKS = require('../src/networks')
+var TransactionBuilder = require('../src/transaction_builder')
+var Transaction = require('../src/transaction')
+
+describe('TransactionBuilder', function () {
+  var network = NETWORKS['bitcoingold']
+  it('goldtestcase', function () {
+    var value = 50 * 1e8
+    var txid = '40c8a218923f23df3692530fa8e475251c50c7d630dccbdfbd92ba8092f4aa13'
+    var vout = 0
+
+    var wif = 'L54PmHcjKXi8H6v9cLAJ7DgGJFDpaFpR2YsV2WARieb82dz3QAfr'
+    var keyPair = ECPair.fromWIF(wif, network)
+
+    var pk = bcrypto.hash160(keyPair.getPublicKeyBuffer())
+    var spk = bscript.pubKeyHash.output.encode(pk)
+
+    var txb = new TransactionBuilder(network)
+    txb.addInput(txid, vout, Transaction.DEFAULT_SEQUENCE, spk)
+    txb.addOutput('GfEHv6hKvAX8HYfFzabMY2eiYDtC9eViqe', value)
+    txb.enableBitcoinGold(true)
+    txb.setVersion(2)
+
+    var hashType = Transaction.SIGHASH_ALL | Transaction.SIGHASH_BITCOINCASHBIP143
+
+    txb.sign(0, keyPair, null, hashType, value)
+
+    var tx = txb.build()
+    var hex = tx.toHex()
+    assert.equal('020000000113aaf49280ba92bddfcbdc30d6c7501c2575e4a80f539236df233f9218a2c840000000006b483045022100c594c8e0750b1b6ec4e267b6d6c7098840f86fa9467f8aa452f439c3a72e0cd9022019759d800fffd7fcb78d16468f5693ea07a13da33607e0e8fbb4cdb5967075b441210201ad6a9a15457b162a71f1d5db8fe27ff001abc4ae3a888214f9407cb0da863cffffffff0100f2052a010000001976a914ea95bd5087d3b5f2df279304a46ad827225c4e8688ac00000000', hex)
+  })
+
+  it('goldtestcase_multisig_1', function () {
+    var value = 50 * 1e8
+
+    var txHex = '020000000113aaf49280ba92bddfcbdc30d6c7501c2575e4a80f539236df233f9218a2c840000000009200483045022100b3b4211b8e8babc667dcca0b6f1c1284f191170a38a59bc3b9d7541d68c3c7a002200196267b87a7b80f3f556b3372e5ee6ed19b4b9e802c34916f45bc2b11d2de1a414752210201ad6a9a15457b162a71f1d5db8fe27ff001abc4ae3a888214f9407cb0da863c2103e6533849994cf76a9009447f2ad6dbf84c78e6f5f48fe77cf83cd9a3fe2e30ec52aeffffffff0100f2052a010000001976a914ea95bd5087d3b5f2df279304a46ad827225c4e8688ac00000000'
+    var tx = Transaction.fromHex(txHex)
+    tx.ins[0].value = value
+
+    var txb = TransactionBuilder.fromTransaction(tx, network, Transaction.FORKID_BTG)
+
+    assert.equal(undefined, txb.inputs[0].signatures[0])
+    assert.equal(
+      '3045022100b3b4211b8e8babc667dcca0b6f1c1284f191170a38a59bc3b9d7541d68c3c7a002200196267b87a7b80f3f556b3372e5ee6ed19b4b9e802c34916f45bc2b11d2de1a41',
+      txb.inputs[0].signatures[1].toString('hex')
+    )
+
+    var hex = txb.build().toHex()
+    assert.equal(txHex, hex)
+  })
+
+  it('goldtestcase_multisig_0', function () {
+    var value = 50 * 1e8
+
+    var txHex = '020000000113aaf49280ba92bddfcbdc30d6c7501c2575e4a80f539236df233f9218a2c840000000009100473044022025cb6ee7a63c7403645be2ed4ffcf9cd41d773ee3ba57a05dc335c4427f647660220323a038daac698efdc700ffa8d90e6641ed9eb4ab82808df0506a9da08863d29414752210201ad6a9a15457b162a71f1d5db8fe27ff001abc4ae3a888214f9407cb0da863c2103e6533849994cf76a9009447f2ad6dbf84c78e6f5f48fe77cf83cd9a3fe2e30ec52aeffffffff0100f2052a010000001976a914ea95bd5087d3b5f2df279304a46ad827225c4e8688ac00000000'
+    var tx = Transaction.fromHex(txHex)
+    tx.ins[0].value = value
+
+    var txb = TransactionBuilder.fromTransaction(tx, network, Transaction.FORKID_BTG)
+
+    assert.equal(
+      '3044022025cb6ee7a63c7403645be2ed4ffcf9cd41d773ee3ba57a05dc335c4427f647660220323a038daac698efdc700ffa8d90e6641ed9eb4ab82808df0506a9da08863d2941',
+      txb.inputs[0].signatures[0].toString('hex')
+    )
+    assert.equal(undefined, txb.inputs[0].signatures[1])
+
+    var hex = txb.build().toHex()
+    assert.equal(txHex, hex)
+  })
+})

test/integration/_mainnet.js

@@ -0,0 +1,3 @@
+var Blockchain = require('cb-http-client')
+var BLOCKTRAIL_API_KEY = process.env.BLOCKTRAIL_API_KEY || 'c0bd8155c66e3fb148bb1664adc1e4dacd872548'
+module.exports = new Blockchain('https://api.blocktrail.com/cb/v0.2.1/BTC', { api_key: BLOCKTRAIL_API_KEY })