1 files changed, 119 insertions, 0 deletions

diff --git a/packages/order-utils/src/signature_utils.ts b/packages/order-utils/src/signature_utils.ts
new file mode 100644
index 000000000..b511573a8
--- /dev/null
+++ b/packages/order-utils/src/signature_utils.ts
@@ -0,0 +1,119 @@
+import { schemas } from '@0xproject/json-schemas';
+import { ECSignature, Provider } from '@0xproject/types';
+import { Web3Wrapper } from '@0xproject/web3-wrapper';
+import * as ethUtil from 'ethereumjs-util';
+import * as _ from 'lodash';
+
+import { assert } from './assert';
+import { OrderError } from './types';
+
+/**
+ * Verifies that the elliptic curve signature `signature` was generated
+ * by signing `data` with the private key corresponding to the `signerAddress` address.
+ * @param   data          The hex encoded data signed by the supplied signature.
+ * @param   signature     An object containing the elliptic curve signature parameters.
+ * @param   signerAddress The hex encoded address that signed the data, producing the supplied signature.
+ * @return  Whether the signature is valid for the supplied signerAddress and data.
+ */
+export function isValidSignature(data: string, signature: ECSignature, signerAddress: string): boolean {
+    assert.isHexString('data', data);
+    assert.doesConformToSchema('signature', signature, schemas.ecSignatureSchema);
+    assert.isETHAddressHex('signerAddress', signerAddress);
+    const normalizedSignerAddress = signerAddress.toLowerCase();
+
+    const dataBuff = ethUtil.toBuffer(data);
+    const msgHashBuff = ethUtil.hashPersonalMessage(dataBuff);
+    try {
+        const pubKey = ethUtil.ecrecover(
+            msgHashBuff,
+            signature.v,
+            ethUtil.toBuffer(signature.r),
+            ethUtil.toBuffer(signature.s),
+        );
+        const retrievedAddress = ethUtil.bufferToHex(ethUtil.pubToAddress(pubKey));
+        return retrievedAddress === signerAddress;
+    } catch (err) {
+        return false;
+    }
+}
+/**
+ * Signs an orderHash and returns it's elliptic curve signature.
+ * This method currently supports TestRPC, Geth and Parity above and below V1.6.6
+ * @param   orderHash       Hex encoded orderHash to sign.
+ * @param   signerAddress   The hex encoded Ethereum address you wish to sign it with. This address
+ *          must be available via the Provider supplied to 0x.js.
+ * @param   shouldAddPersonalMessagePrefix  Some signers add the personal message prefix `\x19Ethereum Signed Message`
+ *          themselves (e.g Parity Signer, Ledger, TestRPC) and others expect it to already be done by the client
+ *          (e.g Metamask). Depending on which signer this request is going to, decide on whether to add the prefix
+ *          before sending the request.
+ * @return  An object containing the Elliptic curve signature parameters generated by signing the orderHash.
+ */
+export async function signOrderHashAsync(
+    provider: Provider,
+    orderHash: string,
+    signerAddress: string,
+    shouldAddPersonalMessagePrefix: boolean,
+): Promise<ECSignature> {
+    assert.isHexString('orderHash', orderHash);
+    const web3Wrapper = new Web3Wrapper(provider);
+    await assert.isSenderAddressAsync('signerAddress', signerAddress, web3Wrapper);
+    const normalizedSignerAddress = signerAddress.toLowerCase();
+
+    let msgHashHex = orderHash;
+    if (shouldAddPersonalMessagePrefix) {
+        const orderHashBuff = ethUtil.toBuffer(orderHash);
+        const msgHashBuff = ethUtil.hashPersonalMessage(orderHashBuff);
+        msgHashHex = ethUtil.bufferToHex(msgHashBuff);
+    }
+
+    const signature = await web3Wrapper.signMessageAsync(normalizedSignerAddress, msgHashHex);
+
+    // HACK: There is no consensus on whether the signatureHex string should be formatted as
+    // v + r + s OR r + s + v, and different clients (even different versions of the same client)
+    // return the signature params in different orders. In order to support all client implementations,
+    // we parse the signature in both ways, and evaluate if either one is a valid signature.
+    const validVParamValues = [27, 28];
+    const ecSignatureVRS = parseSignatureHexAsVRS(signature);
+    if (_.includes(validVParamValues, ecSignatureVRS.v)) {
+        const isValidVRSSignature = isValidSignature(orderHash, ecSignatureVRS, normalizedSignerAddress);
+        if (isValidVRSSignature) {
+            return ecSignatureVRS;
+        }
+    }
+
+    const ecSignatureRSV = parseSignatureHexAsRSV(signature);
+    if (_.includes(validVParamValues, ecSignatureRSV.v)) {
+        const isValidRSVSignature = isValidSignature(orderHash, ecSignatureRSV, normalizedSignerAddress);
+        if (isValidRSVSignature) {
+            return ecSignatureRSV;
+        }
+    }
+
+    throw new Error(OrderError.InvalidSignature);
+}
+
+function parseSignatureHexAsVRS(signatureHex: string): ECSignature {
+    const signatureBuffer = ethUtil.toBuffer(signatureHex);
+    let v = signatureBuffer[0];
+    if (v < 27) {
+        v += 27;
+    }
+    const r = signatureBuffer.slice(1, 33);
+    const s = signatureBuffer.slice(33, 65);
+    const ecSignature: ECSignature = {
+        v,
+        r: ethUtil.bufferToHex(r),
+        s: ethUtil.bufferToHex(s),
+    };
+    return ecSignature;
+}
+
+function parseSignatureHexAsRSV(signatureHex: string): ECSignature {
+    const { v, r, s } = ethUtil.fromRpcSig(signatureHex);
+    const ecSignature: ECSignature = {
+        v,
+        r: ethUtil.bufferToHex(r),
+        s: ethUtil.bufferToHex(s),
+    };
+    return ecSignature;
+}