ECSignature: fixes for canonical signatures

[dcousens]

This pull request accounts for all the edge cases allowed by the Bitcoin client, and adds the respective core tests to tests/bitcoin.core.js.

Namely adding the missing test cases for: R<0, S<0, and checking the DER padding is not extraneous.

Hash type checking has also been added, but to avoid the circular dependency the boundaries were hard coded. This is not ideal, but I'm still not sure if *ScriptSignature is relevant to ECSignature or Script. It seems odd to have Transaction as a dependency of ECSignature.
Thoughts on this?

Reference for implementation: https://github.com/bitcoin/bitcoin/blob/master/src/script.cpp#L241

[dcousens]

Is this suitable? Or should we just enforce secp256k1 as we have in other parts. If so, the signature length is at most going to be less than 73 bytes if so, as enforced by the reference implementation.

[weilu]

I support enforcing secp256k1 until we have a need for supporting other curves

[dcousens]

That won't help us if we ever use another ecdsa (with its own ECSignature) library other than the one currently included.

[weilu]

We can worry about it then?

[coveralls]

Coverage increased (+0.01%) when pulling 5359578 on dcousens:canonical into db5a6d0 on bitcoinjs:master.

[weilu]

If you don't intend to differentiate the two error cases, why not just combine them? assert(hashTypeMod > 0x00 && hashTypeMod < 0x04, 'Invalid hashType')

[coveralls]

Coverage increased (+0.01%) when pulling 63ce1fd on dcousens:canonical into db5a6d0 on bitcoinjs:master.

[weilu]

+1

[kyledrake]

+1