bitpay
diff --git a/‎packages/bitcore-lib-cash/lib/crypto/schnorr.js‎
Lines changed: 12 additions & 12 deletions b/‎packages/bitcore-lib-cash/lib/crypto/schnorr.js‎
Lines changed: 12 additions & 12 deletions
diff --git a/‎packages/bitcore-lib-cash/lib/crypto/signature.js‎
Lines changed: 20 additions & 10 deletions b/‎packages/bitcore-lib-cash/lib/crypto/signature.js‎
Lines changed: 20 additions & 10 deletions
@@ -72,7 +72,7 @@ Schnorr.prototype._findSignature = function(d, e) {
     $.checkState(!d.gte(n), new Error('privkey out of field of curve'));
 
 
-    let k = nonceFunctionRFC6979(d.toBuffer(), e.toBuffer({ size: 32 }));
+    let k = nonceFunctionRFC6979(d.toBuffer({ size: 32 }), e.toBuffer({ size: 32 }));
 
     let P = G.mul(d);
     let R = G.mul(k);
@@ -106,9 +106,8 @@ Schnorr.prototype._findSignature = function(d, e) {
       return 'signature must be a 64 byte or 65 byte array';
     } 
 
-    if(!(this.pubkey.toBuffer().length === 32 || this.pubkey.toBuffer().length === 33)) {
-      return 'pubkey must be 32 byte buffer';
-    }
+
+    let hashbuf = this.endian === 'little' ? BufferUtil.reverse(this.hashbuf) : this.hashbuf
 
     let P = this.pubkey.point;
     let G = Point.getG();
@@ -129,7 +128,7 @@ Schnorr.prototype._findSignature = function(d, e) {
     let Br = r.toBuffer();
     let Bp = Point.pointToCompressed(P);
 
-    let hash = Hash.sha256(Buffer.concat([Br, Bp, this.hashbuf]));
+    let hash = Hash.sha256(Buffer.concat([Br, Bp, hashbuf]));
     let e = BN.fromBuffer(hash, 'big').umod(n);
 
     let sG = G.mul(s);
@@ -143,6 +142,7 @@ Schnorr.prototype._findSignature = function(d, e) {
   };
 
   Schnorr.prototype.verify = function() {
+
     if (!this.sigError()) {
       this.verified = true;
     } else {
@@ -161,10 +161,11 @@ Schnorr.prototype._findSignature = function(d, e) {
     let V = Buffer.from("0101010101010101010101010101010101010101010101010101010101010101","hex");
     let K = Buffer.from("0000000000000000000000000000000000000000000000000000000000000000","hex");
 
-    let blob = Buffer.concat([privkey, msgbuf, Buffer.from("Schnorr+SHA256  ", "utf-8")]);
+    let blob = Buffer.concat([privkey, msgbuf, Buffer.from("", "ascii"), Buffer.from("Schnorr+SHA256  ", "ascii")]);
 
     K = Hash.sha256hmac(Buffer.concat([V, Buffer.from('00', 'hex'), blob]), K);
     V = Hash.sha256hmac(V,K); 
+
     K = Hash.sha256hmac(Buffer.concat([V,Buffer.from('01','hex'), blob]), K);
     V = Hash.sha256hmac(V,K);
 
@@ -173,13 +174,14 @@ Schnorr.prototype._findSignature = function(d, e) {
     while (true) {
       V = Hash.sha256hmac(V,K);
       T = BN.fromBuffer(V);
-
+      $.checkState(T.toBuffer().length >= 32, "T failed test");
       k = T;
+      
       if (k.gt(new BN(0) && k.lt(Point.getN()))) {
         break;
       }
       K = Hash.sha256hmac(Buffer.concat([V, Buffer.from("00", 'hex')]), K);
-      V = Hash.hmac(Hash.sha256sha256, V, K);
+      V = Hash.hmac(Hash.sha256, V, K);
     }
     return k;
   }
@@ -196,11 +198,9 @@ Schnorr.prototype._findSignature = function(d, e) {
     return Schnorr().set({
       hashbuf: hashbuf,
       endian: endian,
-      sig: sig,
+      sig: {...sig, isSchnorr: true },
       pubkey: pubkey
     }).verify().verified;
   };
 
-  module.exports = Schnorr;
-
-
+  module.exports = Schnorr;
@@ -63,16 +63,18 @@ Signature.fromCompact = function(buf) {
 };
 
 Signature.fromDER = Signature.fromBuffer = function(buf, strict) {
-  // Schnorr Signatures use 64/65 byte for in tx r [len] 32 , s [len] 32, nhashtype 
-  if((buf.length === 64 || buf.length === 65)) {
+  // Schnorr Signatures use 65 byte for in tx r [len] 32 , s [len] 32, nhashtype 
+  if((buf.length === 64) && buf[0] != 0x30) {
     let obj = Signature.parseSchnorrEncodedSig(buf);
     let sig = new Signature();
     sig.r = obj.r;
     sig.s = obj.s;
     sig.isSchnorr = true;
     return sig;
+  } if (buf.length === 64 && buf[0] === 0x30) {
+    return "64 DER (ecdsa) signautres not allowed";
   }
-
+  
   var obj = Signature.parseDER(buf, strict);
   var sig = new Signature();
 
@@ -112,13 +114,14 @@ Signature.parseSchnorrEncodedSig = function(buf) {
   let s = buf.slice(32, 64);
   let hashtype;
   if (buf.length === 65) {
-    hashtype = buf.slice(64,66);
-    this.hashtype = hashtype;
+    hashtype = buf.slice(64,65);
+    this.nhashtype = hashtype;
   }
 
   var obj = {
     r: BN.fromBuffer(r),
-    s: BN.fromBuffer(s)
+    s: BN.fromBuffer(s),
+    nhashtype: hashtype
   };
 
   return obj;
@@ -204,11 +207,18 @@ Signature.prototype.toCompact = function(i, compressed) {
   return Buffer.concat([b1, b2, b3]);
 };
 
-Signature.prototype.toBuffer = Signature.prototype.toDER = function() {
+Signature.prototype.toBuffer = Signature.prototype.toDER = function(signingMethod) {
+
+  // Schnorr signatures use a 64 byte r,s format, where as ECDSA takes the form decribed
+  // below, above the isDER function signature.
+
+  signingMethod = signingMethod || "ecdsa";
+
+
   var rnbuf = this.r.toBuffer();
   var snbuf = this.s.toBuffer();
 
-  if(this.isSchnorr) {
+  if(signingMethod === "schnorr") {
     return Buffer.concat([rnbuf, snbuf]);
   }
 
@@ -411,8 +421,8 @@ Signature.prototype.hasDefinedHashtype = function() {
   return true;
 };
 
-Signature.prototype.toTxFormat = function() {
-  var derbuf = this.toDER();
+Signature.prototype.toTxFormat = function(signingMethod) {
+  var derbuf = this.toDER(signingMethod);
   var buf = Buffer.alloc(1);
   buf.writeUInt8(this.nhashtype, 0);
   return Buffer.concat([derbuf, buf]);