Halaman utama Jelajahi Bantuan
Daftar Masuk
CQ_ADI
/
airopt-manager
2
0
Fork 0
Berkas Masalah 0 Permintaan Tarik 0 Wiki
Pohon: e4d3b50d88
Ranting Tag
airopt-manager
/
adi-ui
/
.pnpm-store
/
v10
/
files
/
cf
/
bd2b41230bb6c8a997e209d8a5a2267fb72f1bba84de85506c76236c7e3271e295b66ad1d4bb2eb1a7a7817ef985d9c41c2ebdd50f96b38b8c6ab726194ead

bd2b41230bb6c8a997e209d8a5a2267fb72f1bba84de85506c76236c7e3271e295b66ad1d4bb2eb1a7a7817ef985d9c41c2ebdd50f96b38b8c6ab726194ead 3.5 KB
Riwayat Mentahan

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121 
  1. 'use strict';
    2. 

  2. 

  3. var hash = require('hash.js');
    4. 

  4. var curves = require('../curves');
    5. 

  5. var utils = require('../utils');
    6. 

  6. var assert = utils.assert;
    7. 

  7. var parseBytes = utils.parseBytes;
    8. 

  8. var KeyPair = require('./key');
    9. 

  9. var Signature = require('./signature');
    10. 

  10. 

  11. function EDDSA(curve) {
    12. 

  12.   assert(curve === 'ed25519', 'only tested with ed25519 so far');
    13. 

  13. 

  14.   if (!(this instanceof EDDSA))
    15. 

  15.     return new EDDSA(curve);
    16. 

  16. 

  17.   curve = curves[curve].curve;
    18. 

  18.   this.curve = curve;
    19. 

  19.   this.g = curve.g;
    20. 

  20.   this.g.precompute(curve.n.bitLength() + 1);
    21. 

  21. 

  22.   this.pointClass = curve.point().constructor;
    23. 

  23.   this.encodingLength = Math.ceil(curve.n.bitLength() / 8);
    24. 

  24.   this.hash = hash.sha512;
    25. 

  25. }
    26. 

  26. 

  27. module.exports = EDDSA;
    28. 

  28. 

  29. /**
    30. 

  30. * @param {Array|String} message - message bytes
    31. 

  31. * @param {Array|String|KeyPair} secret - secret bytes or a keypair
    32. 

  32. * @returns {Signature} - signature
    33. 

  33. */
    34. 

  34. EDDSA.prototype.sign = function sign(message, secret) {
    35. 

  35.   message = parseBytes(message);
    36. 

  36.   var key = this.keyFromSecret(secret);
    37. 

  37.   var r = this.hashInt(key.messagePrefix(), message);
    38. 

  38.   var R = this.g.mul(r);
    39. 

  39.   var Rencoded = this.encodePoint(R);
    40. 

  40.   var s_ = this.hashInt(Rencoded, key.pubBytes(), message)
    41. 

  41.     .mul(key.priv());
    42. 

  42.   var S = r.add(s_).umod(this.curve.n);
    43. 

  43.   return this.makeSignature({ R: R, S: S, Rencoded: Rencoded });
    44. 

  44. };
    45. 

  45. 

  46. /**
    47. 

  47. * @param {Array} message - message bytes
    48. 

  48. * @param {Array|String|Signature} sig - sig bytes
    49. 

  49. * @param {Array|String|Point|KeyPair} pub - public key
    50. 

  50. * @returns {Boolean} - true if public key matches sig of message
    51. 

  51. */
    52. 

  52. EDDSA.prototype.verify = function verify(message, sig, pub) {
    53. 

  53.   message = parseBytes(message);
    54. 

  54.   sig = this.makeSignature(sig);
    55. 

  55.   if (sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()) {
    56. 

  56.     return false;
    57. 

  57.   }
    58. 

  58.   var key = this.keyFromPublic(pub);
    59. 

  59.   var h = this.hashInt(sig.Rencoded(), key.pubBytes(), message);
    60. 

  60.   var SG = this.g.mul(sig.S());
    61. 

  61.   var RplusAh = sig.R().add(key.pub().mul(h));
    62. 

  62.   return RplusAh.eq(SG);
    63. 

  63. };
    64. 

  64. 

  65. EDDSA.prototype.hashInt = function hashInt() {
    66. 

  66.   var hash = this.hash();
    67. 

  67.   for (var i = 0; i < arguments.length; i++)
    68. 

  68.     hash.update(arguments[i]);
    69. 

  69.   return utils.intFromLE(hash.digest()).umod(this.curve.n);
    70. 

  70. };
    71. 

  71. 

  72. EDDSA.prototype.keyFromPublic = function keyFromPublic(pub) {
    73. 

  73.   return KeyPair.fromPublic(this, pub);
    74. 

  74. };
    75. 

  75. 

  76. EDDSA.prototype.keyFromSecret = function keyFromSecret(secret) {
    77. 

  77.   return KeyPair.fromSecret(this, secret);
    78. 

  78. };
    79. 

  79. 

  80. EDDSA.prototype.makeSignature = function makeSignature(sig) {
    81. 

  81.   if (sig instanceof Signature)
    82. 

  82.     return sig;
    83. 

  83.   return new Signature(this, sig);
    84. 

  84. };
    85. 

  85. 

  86. /**
    87. 

  87. * * https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-03#section-5.2
    88. 

  88. *
    89. 

  89. * EDDSA defines methods for encoding and decoding points and integers. These are
    90. 

  90. * helper convenience methods, that pass along to utility functions implied
    91. 

  91. * parameters.
    92. 

  92. *
    93. 

  93. */
    94. 

  94. EDDSA.prototype.encodePoint = function encodePoint(point) {
    95. 

  95.   var enc = point.getY().toArray('le', this.encodingLength);
    96. 

  96.   enc[this.encodingLength - 1] |= point.getX().isOdd() ? 0x80 : 0;
    97. 

  97.   return enc;
    98. 

  98. };
    99. 

  99. 

  100. EDDSA.prototype.decodePoint = function decodePoint(bytes) {
    101. 

  101.   bytes = utils.parseBytes(bytes);
    102. 

  102. 

  103.   var lastIx = bytes.length - 1;
    104. 

  104.   var normed = bytes.slice(0, lastIx).concat(bytes[lastIx] & ~0x80);
    105. 

  105.   var xIsOdd = (bytes[lastIx] & 0x80) !== 0;
    106. 

  106. 

  107.   var y = utils.intFromLE(normed);
    108. 

  108.   return this.curve.pointFromY(y, xIsOdd);
    109. 

  109. };
    110. 

  110. 

  111. EDDSA.prototype.encodeInt = function encodeInt(num) {
    112. 

  112.   return num.toArray('le', this.encodingLength);
    113. 

  113. };
    114. 

  114. 

  115. EDDSA.prototype.decodeInt = function decodeInt(bytes) {
    116. 

  116.   return utils.intFromLE(bytes);
    117. 

  117. };
    118. 

  118. 

  119. EDDSA.prototype.isPoint = function isPoint(val) {
    120. 

  120.   return val instanceof this.pointClass;
    121. 

  121. };
    122.