search

AschPlatform / asch-js

Asch frontend library
18 stars 15 forks source link

asch.crypto update for ASCH 1.4.2 #23

Closed a1300 closed 6 years ago

a1300 commented 6 years ago

Dear @sqfasd , dear @liangpeili

this pull request updates the asch.crypto to work with ASCH 1.4.2.

In the current asch-js version (develop and master branch) are references to transaction.signSignature (deprecated, correct is secondSignature) and transaction.signature (deprecated, correct is transaction.signatures[0]).

Also the function verifySecondSignature is not up-to-date with the corresponding code in asch-core/src/base/transaction.js

Current, wrong verifySecondSignature function (asch-js): 

function verifySecondSignature(transaction, publicKey) {
    var bytes = getBytes(transaction);
    var data2 = new Buffer(bytes.length - 64);

    for (var i = 0; i < data2.length; i++) {
        data2[i] = bytes[i];
    }

    var hash = sha256Bytes(data2)

    var signSignatureBuffer = new Buffer(transaction.signSignature, "hex");
    var publicKeyBuffer = new Buffer(publicKey, "hex");
    var res = nacl.sign.detached.verify(hash, signSignatureBuffer, publicKeyBuffer);

    return res;
}

Correct verifySecondSignature function (asch-js):

function verifySecondSignature(transaction, publicKey) {
    var bytes = getBytes(transaction, true, true);
    var data2 = new Buffer(bytes.length);

    for (var i = 0; i < data2.length; i++) {
        data2[i] = bytes[i];
    }

    var hash = sha256Bytes(data2)

    var signSignatureBuffer = new Buffer(transaction.secondSignature, "hex");
    var publicKeyBuffer = new Buffer(publicKey, "hex");
    var res = nacl.sign.detached.verify(hash, signSignatureBuffer, publicKeyBuffer);

    return res;
}

Asch-core skips the signature and secondSignature by calling const bytes = self.getBytes(trs, true, true). This does asch-js not. I fixed this for asch-js.

Thank you! All the best a1300