Merge pull request #8 from 0xProject/isSignatureValid

Add isSignatureValid method and tests for it

5 files changed, 114 insertions, 7 deletions

diff --git a/circle.yml b/circle.yml
index 7a97d756c..65db7c29a 100644
--- a/circle.yml
+++ b/circle.yml
@@ -1,3 +1,7 @@
+machine:
+  node:
+    version: 6.1.0
+
 test:
   override:
     - npm run test:coverage
diff --git a/package.json b/package.json
index 340e042ce..2f345a3f1 100644
--- a/package.json
+++ b/package.json
@@ -33,6 +33,7 @@
   "devDependencies": {
     "@types/chai": "^3.5.2",
     "@types/mocha": "^2.2.41",
+    "@types/node": "^7.0.22",
     "awesome-typescript-loader": "^3.1.3",
     "chai": "^3.5.0",
     "mocha": "^3.4.1",
@@ -46,5 +47,8 @@
     "typedoc": "^0.7.1",
     "typescript": "^2.3.3",
     "webpack": "^2.6.0"
+  },
+  "dependencies": {
+    "ethereumjs-util": "^5.1.1"
   }
 }
diff --git a/src/ts/0x.js.ts b/src/ts/0x.js.ts
index 95446ad74..dd67c49a0 100644
--- a/src/ts/0x.js.ts
+++ b/src/ts/0x.js.ts
@@ -1,6 +1,31 @@
+import * as ethUtil from 'ethereumjs-util';
+
+/**
+ * Elliptic Curve signature
+ */
+export interface ECSignature {
+    v: number;
+    r: string;
+    s: string;
+}
+
 export class ZeroEx {
-    /** Verifies the signature */
-    public verifySignature() {
-        // TODO
+    /**
+     * Verifies that the elliptic curve signature `signature` was generated
+     * by signing `data` with the private key corresponding to the `signer` address.
+     */
+    public static isValidSignature(data: string, signature: ECSignature, signer: ETHAddressHex): boolean {
+        const dataBuff = ethUtil.toBuffer(data);
+        const msgHashBuff = ethUtil.hashPersonalMessage(dataBuff);
+        try {
+            const pubKey = ethUtil.ecrecover(msgHashBuff,
+                signature.v,
+                ethUtil.toBuffer(signature.r),
+                ethUtil.toBuffer(signature.s));
+            const retrievedAddress = ethUtil.bufferToHex(ethUtil.pubToAddress(pubKey));
+            return retrievedAddress === signer;
+        } catch (err) {
+            return false;
+        }
     }
 }
diff --git a/src/ts/globals.d.ts b/src/ts/globals.d.ts
new file mode 100644
index 000000000..0f7391b39
--- /dev/null
+++ b/src/ts/globals.d.ts
@@ -0,0 +1,11 @@
+declare type ETHPublicKey = string;
+declare type ETHAddressHex = string;
+declare type ETHAddressBuff = Buffer;
+
+declare module 'ethereumjs-util' {
+    const toBuffer: (data: string) => Buffer;
+    const hashPersonalMessage: (msg: Buffer) => Buffer;
+    const bufferToHex: (buff: Buffer) => string;
+    const ecrecover: (msgHashBuff: Buffer, v: number, r: Buffer, s: Buffer) => ETHPublicKey;
+    const pubToAddress: (pubKey: ETHPublicKey) => ETHAddressBuff;
+}
diff --git a/test/0x.js.ts b/test/0x.js.ts
index 65475bf32..d59df8894 100644
--- a/test/0x.js.ts
+++ b/test/0x.js.ts
@@ -3,10 +3,73 @@ import {expect} from 'chai';
 import 'mocha';
 
 describe('ZeroEx library', () => {
-    describe('#verifySignature', () => {
-        it('should return undefined', () => {
-            const zeroEx = new ZeroEx();
-            expect(zeroEx.verifySignature()).to.be.undefined;
+    describe('#isValidSignature', () => {
+        // This test data was borrowed from the JSON RPC documentation
+        // Source: https://github.com/ethereum/wiki/wiki/JSON-RPC#eth_sign
+        const data = '0xdeadbeaf';
+        const signature = {
+            v: 27,
+            r: '0xa3f20717a250c2b0b729b7e5becbff67fdaef7e0699da4de7ca5895b02a170a1',
+            s: '0x2d887fd3b17bfdce3481f10bea41f45ba9f709d39ce8325427b57afcfc994cee',
+        };
+        const address = '0x9b2055d370f73ec7d8a03e965129118dc8f5bf83';
+        describe('should return false for malformed signature', () => {
+            it('malformed v', () => {
+                const malformedSignature = {
+                    v: 34,
+                    r: signature.r,
+                    s: signature.s,
+                };
+                const isValid = ZeroEx.isValidSignature(data, malformedSignature, address);
+                expect(isValid).to.be.false;
+            });
+            it('r lacks 0x prefix', () => {
+                const malformedR = signature.r.replace('0x', '');
+                const malformedSignature = {
+                    v: signature.v,
+                    r: malformedR,
+                    s: signature.s,
+                };
+                const isValid = ZeroEx.isValidSignature(data, malformedSignature, address);
+                expect(isValid).to.be.false;
+            });
+            it('r is too short', () => {
+                const malformedR = signature.r.substr(10);
+                const malformedSignature = {
+                    v: signature.v,
+                    r: malformedR,
+                    s: signature.s,
+                };
+                const isValid = ZeroEx.isValidSignature(data, malformedSignature, address);
+                expect(isValid).to.be.false;
+            });
+            it('s is not hex', () => {
+                const malformedS = signature.s.replace('0', 'z');
+                const malformedSignature = {
+                    v: signature.v,
+                    r: signature.r,
+                    s: malformedS,
+                };
+                const isValid = ZeroEx.isValidSignature(data, malformedSignature, address);
+                expect(isValid).to.be.false;
+            });
+        });
+        it('should return false if the data doesn\'t pertain to the signature & address', () => {
+            const isValid = ZeroEx.isValidSignature('wrong data', signature, address);
+            expect(isValid).to.be.false;
+        });
+        it('should return false if the address doesn\'t pertain to the signature & data', () => {
+            const isValid = ZeroEx.isValidSignature(data, signature, '0xIamWrong');
+            expect(isValid).to.be.false;
+        });
+        it('should return false if the signature doesn\'t pertain to the data & address', () => {
+            const wrongSignature = Object.assign({}, signature, {v: 28});
+            const isValid = ZeroEx.isValidSignature(data, wrongSignature, address);
+            expect(isValid).to.be.false;
+        });
+        it('should return true if the signature does pertain to the data & address', () => {
+            const isValid = ZeroEx.isValidSignature(data, signature, address);
+            expect(isValid).to.be.true;
         });
     });
 });