@waku/core 0.0.1 → 0.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +9 -0
- package/bundle/{index-691c0be6.js → index-a67d7136.js} +1 -1
- package/bundle/{index-0a4bdddc.js → index-f7e049ad.js} +1 -1
- package/bundle/index.js +24853 -3555
- package/bundle/lib/peer_discovery_static_list.js +18 -4
- package/bundle/lib/predefined_bootstrap_nodes.js +1 -1
- package/bundle/lib/wait_for_remote_peer.js +2 -3
- package/bundle/lib/waku_message/topic_only_message.js +2 -3
- package/bundle/lib/waku_message/version_0.js +317 -4
- package/bundle/{message-e2db79d7.js → message-049c8b67.js} +861 -2
- package/bundle/{topic_only_message-34f36fa6.js → topic_only_message-5ad3a869.js} +1 -1
- package/dist/index.d.ts +0 -3
- package/dist/index.js +0 -3
- package/dist/index.js.map +1 -1
- package/dist/lib/waku_filter/index.d.ts +2 -2
- package/dist/lib/waku_filter/index.js.map +1 -1
- package/dist/lib/waku_message/version_0.d.ts +3 -2
- package/dist/lib/waku_message/version_0.js +2 -1
- package/dist/lib/waku_message/version_0.js.map +1 -1
- package/dist/lib/waku_relay/index.d.ts +4 -3
- package/dist/lib/waku_relay/index.js.map +1 -1
- package/dist/lib/waku_store/index.d.ts +4 -4
- package/package.json +3 -118
- package/src/index.ts +0 -10
- package/src/lib/waku_filter/index.ts +4 -3
- package/src/lib/waku_message/version_0.ts +5 -3
- package/src/lib/waku_relay/index.ts +4 -3
- package/src/lib/waku_store/index.ts +5 -5
- package/bundle/crypto-8551d579.js +0 -2585
- package/bundle/crypto-b00764b7.js +0 -1772
- package/bundle/enr-564d4a51.js +0 -20785
- package/bundle/enr-9fc5eed8.js +0 -20786
- package/bundle/enr-f6e82a53.js +0 -20785
- package/bundle/events-fcbda4dc.js +0 -76
- package/bundle/index-02d21809.js +0 -20
- package/bundle/index-2ae915be.js +0 -1854
- package/bundle/index-a013a259.js +0 -20
- package/bundle/index-ba42b4fc.js +0 -862
- package/bundle/lib/enr.js +0 -8
- package/bundle/lib/peer_discovery_dns.js +0 -5018
- package/bundle/lib/utils.js +0 -1
- package/bundle/lib/waku_message/version_1.js +0 -463
- package/bundle/multiaddr_to_peer_info-c406b1e1.js +0 -19
- package/bundle/multiaddr_to_peer_info-fd1de516.js +0 -19
- package/bundle/utils-9a3221f2.js +0 -815
- package/bundle/version_0-e6fe440c.js +0 -317
- package/dist/lib/crypto.d.ts +0 -34
- package/dist/lib/crypto.js +0 -79
- package/dist/lib/crypto.js.map +0 -1
- package/dist/lib/enr/constants.d.ts +0 -4
- package/dist/lib/enr/constants.js +0 -8
- package/dist/lib/enr/constants.js.map +0 -1
- package/dist/lib/enr/enr.d.ts +0 -90
- package/dist/lib/enr/enr.js +0 -432
- package/dist/lib/enr/enr.js.map +0 -1
- package/dist/lib/enr/index.d.ts +0 -5
- package/dist/lib/enr/index.js +0 -6
- package/dist/lib/enr/index.js.map +0 -1
- package/dist/lib/enr/keypair/index.d.ts +0 -8
- package/dist/lib/enr/keypair/index.js +0 -53
- package/dist/lib/enr/keypair/index.js.map +0 -1
- package/dist/lib/enr/keypair/secp256k1.d.ts +0 -13
- package/dist/lib/enr/keypair/secp256k1.js +0 -57
- package/dist/lib/enr/keypair/secp256k1.js.map +0 -1
- package/dist/lib/enr/keypair/types.d.ts +0 -13
- package/dist/lib/enr/keypair/types.js +0 -7
- package/dist/lib/enr/keypair/types.js.map +0 -1
- package/dist/lib/enr/multiaddr_from_fields.d.ts +0 -2
- package/dist/lib/enr/multiaddr_from_fields.js +0 -8
- package/dist/lib/enr/multiaddr_from_fields.js.map +0 -1
- package/dist/lib/enr/multiaddrs_codec.d.ts +0 -3
- package/dist/lib/enr/multiaddrs_codec.js +0 -32
- package/dist/lib/enr/multiaddrs_codec.js.map +0 -1
- package/dist/lib/enr/types.d.ts +0 -8
- package/dist/lib/enr/types.js +0 -3
- package/dist/lib/enr/types.js.map +0 -1
- package/dist/lib/enr/v4.d.ts +0 -3
- package/dist/lib/enr/v4.js +0 -14
- package/dist/lib/enr/v4.js.map +0 -1
- package/dist/lib/enr/waku2_codec.d.ts +0 -8
- package/dist/lib/enr/waku2_codec.js +0 -36
- package/dist/lib/enr/waku2_codec.js.map +0 -1
- package/dist/lib/peer_discovery_dns/dns.d.ts +0 -48
- package/dist/lib/peer_discovery_dns/dns.js +0 -158
- package/dist/lib/peer_discovery_dns/dns.js.map +0 -1
- package/dist/lib/peer_discovery_dns/dns_over_https.d.ts +0 -32
- package/dist/lib/peer_discovery_dns/dns_over_https.js +0 -87
- package/dist/lib/peer_discovery_dns/dns_over_https.js.map +0 -1
- package/dist/lib/peer_discovery_dns/enrtree.d.ts +0 -33
- package/dist/lib/peer_discovery_dns/enrtree.js +0 -76
- package/dist/lib/peer_discovery_dns/enrtree.js.map +0 -1
- package/dist/lib/peer_discovery_dns/fetch_nodes.d.ts +0 -14
- package/dist/lib/peer_discovery_dns/fetch_nodes.js +0 -133
- package/dist/lib/peer_discovery_dns/fetch_nodes.js.map +0 -1
- package/dist/lib/peer_discovery_dns/index.d.ts +0 -30
- package/dist/lib/peer_discovery_dns/index.js +0 -54
- package/dist/lib/peer_discovery_dns/index.js.map +0 -1
- package/dist/lib/utils.d.ts +0 -22
- package/dist/lib/utils.js +0 -40
- package/dist/lib/utils.js.map +0 -1
- package/dist/lib/waku_message/constants.d.ts +0 -12
- package/dist/lib/waku_message/constants.js +0 -10
- package/dist/lib/waku_message/constants.js.map +0 -1
- package/dist/lib/waku_message/ecies.d.ts +0 -17
- package/dist/lib/waku_message/ecies.js +0 -126
- package/dist/lib/waku_message/ecies.js.map +0 -1
- package/dist/lib/waku_message/symmetric.d.ts +0 -3
- package/dist/lib/waku_message/symmetric.js +0 -18
- package/dist/lib/waku_message/symmetric.js.map +0 -1
- package/dist/lib/waku_message/version_1.d.ts +0 -93
- package/dist/lib/waku_message/version_1.js +0 -325
- package/dist/lib/waku_message/version_1.js.map +0 -1
- package/src/lib/crypto.ts +0 -100
- package/src/lib/enr/constants.ts +0 -10
- package/src/lib/enr/enr.ts +0 -516
- package/src/lib/enr/index.ts +0 -5
- package/src/lib/enr/keypair/index.ts +0 -76
- package/src/lib/enr/keypair/secp256k1.ts +0 -69
- package/src/lib/enr/keypair/types.ts +0 -14
- package/src/lib/enr/multiaddr_from_fields.ts +0 -18
- package/src/lib/enr/multiaddrs_codec.ts +0 -50
- package/src/lib/enr/types.ts +0 -11
- package/src/lib/enr/v4.ts +0 -22
- package/src/lib/enr/waku2_codec.ts +0 -39
- package/src/lib/peer_discovery_dns/dns.ts +0 -223
- package/src/lib/peer_discovery_dns/dns_over_https.ts +0 -98
- package/src/lib/peer_discovery_dns/enrtree.ts +0 -123
- package/src/lib/peer_discovery_dns/fetch_nodes.ts +0 -180
- package/src/lib/peer_discovery_dns/index.ts +0 -84
- package/src/lib/utils.ts +0 -50
- package/src/lib/waku_message/constants.ts +0 -10
- package/src/lib/waku_message/ecies.ts +0 -194
- package/src/lib/waku_message/symmetric.ts +0 -33
- package/src/lib/waku_message/version_1.ts +0 -457
|
@@ -1,1772 +0,0 @@
|
|
|
1
|
-
import { g as commonjsGlobal } from './index-ba42b4fc.js';
|
|
2
|
-
import { c as concat } from './utils-9a3221f2.js';
|
|
3
|
-
|
|
4
|
-
var nodeCrypto = {};
|
|
5
|
-
|
|
6
|
-
var nodeCrypto$1 = /*#__PURE__*/Object.freeze({
|
|
7
|
-
__proto__: null,
|
|
8
|
-
'default': nodeCrypto
|
|
9
|
-
});
|
|
10
|
-
|
|
11
|
-
/*! noble-secp256k1 - MIT License (c) 2019 Paul Miller (paulmillr.com) */
|
|
12
|
-
const _0n = BigInt(0);
|
|
13
|
-
const _1n = BigInt(1);
|
|
14
|
-
const _2n = BigInt(2);
|
|
15
|
-
const _3n = BigInt(3);
|
|
16
|
-
const _8n = BigInt(8);
|
|
17
|
-
const CURVE = Object.freeze({
|
|
18
|
-
a: _0n,
|
|
19
|
-
b: BigInt(7),
|
|
20
|
-
P: BigInt('0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f'),
|
|
21
|
-
n: BigInt('0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141'),
|
|
22
|
-
h: _1n,
|
|
23
|
-
Gx: BigInt('55066263022277343669578718895168534326250603453777594175500187360389116729240'),
|
|
24
|
-
Gy: BigInt('32670510020758816978083085130507043184471273380659243275938904335757337482424'),
|
|
25
|
-
beta: BigInt('0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee'),
|
|
26
|
-
});
|
|
27
|
-
function weistrass(x) {
|
|
28
|
-
const { a, b } = CURVE;
|
|
29
|
-
const x2 = mod(x * x);
|
|
30
|
-
const x3 = mod(x2 * x);
|
|
31
|
-
return mod(x3 + a * x + b);
|
|
32
|
-
}
|
|
33
|
-
const USE_ENDOMORPHISM = CURVE.a === _0n;
|
|
34
|
-
class ShaError extends Error {
|
|
35
|
-
constructor(message) {
|
|
36
|
-
super(message);
|
|
37
|
-
}
|
|
38
|
-
}
|
|
39
|
-
class JacobianPoint {
|
|
40
|
-
constructor(x, y, z) {
|
|
41
|
-
this.x = x;
|
|
42
|
-
this.y = y;
|
|
43
|
-
this.z = z;
|
|
44
|
-
}
|
|
45
|
-
static fromAffine(p) {
|
|
46
|
-
if (!(p instanceof Point)) {
|
|
47
|
-
throw new TypeError('JacobianPoint#fromAffine: expected Point');
|
|
48
|
-
}
|
|
49
|
-
return new JacobianPoint(p.x, p.y, _1n);
|
|
50
|
-
}
|
|
51
|
-
static toAffineBatch(points) {
|
|
52
|
-
const toInv = invertBatch(points.map((p) => p.z));
|
|
53
|
-
return points.map((p, i) => p.toAffine(toInv[i]));
|
|
54
|
-
}
|
|
55
|
-
static normalizeZ(points) {
|
|
56
|
-
return JacobianPoint.toAffineBatch(points).map(JacobianPoint.fromAffine);
|
|
57
|
-
}
|
|
58
|
-
equals(other) {
|
|
59
|
-
if (!(other instanceof JacobianPoint))
|
|
60
|
-
throw new TypeError('JacobianPoint expected');
|
|
61
|
-
const { x: X1, y: Y1, z: Z1 } = this;
|
|
62
|
-
const { x: X2, y: Y2, z: Z2 } = other;
|
|
63
|
-
const Z1Z1 = mod(Z1 * Z1);
|
|
64
|
-
const Z2Z2 = mod(Z2 * Z2);
|
|
65
|
-
const U1 = mod(X1 * Z2Z2);
|
|
66
|
-
const U2 = mod(X2 * Z1Z1);
|
|
67
|
-
const S1 = mod(mod(Y1 * Z2) * Z2Z2);
|
|
68
|
-
const S2 = mod(mod(Y2 * Z1) * Z1Z1);
|
|
69
|
-
return U1 === U2 && S1 === S2;
|
|
70
|
-
}
|
|
71
|
-
negate() {
|
|
72
|
-
return new JacobianPoint(this.x, mod(-this.y), this.z);
|
|
73
|
-
}
|
|
74
|
-
double() {
|
|
75
|
-
const { x: X1, y: Y1, z: Z1 } = this;
|
|
76
|
-
const A = mod(X1 * X1);
|
|
77
|
-
const B = mod(Y1 * Y1);
|
|
78
|
-
const C = mod(B * B);
|
|
79
|
-
const x1b = X1 + B;
|
|
80
|
-
const D = mod(_2n * (mod(x1b * x1b) - A - C));
|
|
81
|
-
const E = mod(_3n * A);
|
|
82
|
-
const F = mod(E * E);
|
|
83
|
-
const X3 = mod(F - _2n * D);
|
|
84
|
-
const Y3 = mod(E * (D - X3) - _8n * C);
|
|
85
|
-
const Z3 = mod(_2n * Y1 * Z1);
|
|
86
|
-
return new JacobianPoint(X3, Y3, Z3);
|
|
87
|
-
}
|
|
88
|
-
add(other) {
|
|
89
|
-
if (!(other instanceof JacobianPoint))
|
|
90
|
-
throw new TypeError('JacobianPoint expected');
|
|
91
|
-
const { x: X1, y: Y1, z: Z1 } = this;
|
|
92
|
-
const { x: X2, y: Y2, z: Z2 } = other;
|
|
93
|
-
if (X2 === _0n || Y2 === _0n)
|
|
94
|
-
return this;
|
|
95
|
-
if (X1 === _0n || Y1 === _0n)
|
|
96
|
-
return other;
|
|
97
|
-
const Z1Z1 = mod(Z1 * Z1);
|
|
98
|
-
const Z2Z2 = mod(Z2 * Z2);
|
|
99
|
-
const U1 = mod(X1 * Z2Z2);
|
|
100
|
-
const U2 = mod(X2 * Z1Z1);
|
|
101
|
-
const S1 = mod(mod(Y1 * Z2) * Z2Z2);
|
|
102
|
-
const S2 = mod(mod(Y2 * Z1) * Z1Z1);
|
|
103
|
-
const H = mod(U2 - U1);
|
|
104
|
-
const r = mod(S2 - S1);
|
|
105
|
-
if (H === _0n) {
|
|
106
|
-
if (r === _0n) {
|
|
107
|
-
return this.double();
|
|
108
|
-
}
|
|
109
|
-
else {
|
|
110
|
-
return JacobianPoint.ZERO;
|
|
111
|
-
}
|
|
112
|
-
}
|
|
113
|
-
const HH = mod(H * H);
|
|
114
|
-
const HHH = mod(H * HH);
|
|
115
|
-
const V = mod(U1 * HH);
|
|
116
|
-
const X3 = mod(r * r - HHH - _2n * V);
|
|
117
|
-
const Y3 = mod(r * (V - X3) - S1 * HHH);
|
|
118
|
-
const Z3 = mod(Z1 * Z2 * H);
|
|
119
|
-
return new JacobianPoint(X3, Y3, Z3);
|
|
120
|
-
}
|
|
121
|
-
subtract(other) {
|
|
122
|
-
return this.add(other.negate());
|
|
123
|
-
}
|
|
124
|
-
multiplyUnsafe(scalar) {
|
|
125
|
-
const P0 = JacobianPoint.ZERO;
|
|
126
|
-
if (typeof scalar === 'bigint' && scalar === _0n)
|
|
127
|
-
return P0;
|
|
128
|
-
let n = normalizeScalar(scalar);
|
|
129
|
-
if (n === _1n)
|
|
130
|
-
return this;
|
|
131
|
-
if (!USE_ENDOMORPHISM) {
|
|
132
|
-
let p = P0;
|
|
133
|
-
let d = this;
|
|
134
|
-
while (n > _0n) {
|
|
135
|
-
if (n & _1n)
|
|
136
|
-
p = p.add(d);
|
|
137
|
-
d = d.double();
|
|
138
|
-
n >>= _1n;
|
|
139
|
-
}
|
|
140
|
-
return p;
|
|
141
|
-
}
|
|
142
|
-
let { k1neg, k1, k2neg, k2 } = splitScalarEndo(n);
|
|
143
|
-
let k1p = P0;
|
|
144
|
-
let k2p = P0;
|
|
145
|
-
let d = this;
|
|
146
|
-
while (k1 > _0n || k2 > _0n) {
|
|
147
|
-
if (k1 & _1n)
|
|
148
|
-
k1p = k1p.add(d);
|
|
149
|
-
if (k2 & _1n)
|
|
150
|
-
k2p = k2p.add(d);
|
|
151
|
-
d = d.double();
|
|
152
|
-
k1 >>= _1n;
|
|
153
|
-
k2 >>= _1n;
|
|
154
|
-
}
|
|
155
|
-
if (k1neg)
|
|
156
|
-
k1p = k1p.negate();
|
|
157
|
-
if (k2neg)
|
|
158
|
-
k2p = k2p.negate();
|
|
159
|
-
k2p = new JacobianPoint(mod(k2p.x * CURVE.beta), k2p.y, k2p.z);
|
|
160
|
-
return k1p.add(k2p);
|
|
161
|
-
}
|
|
162
|
-
precomputeWindow(W) {
|
|
163
|
-
const windows = USE_ENDOMORPHISM ? 128 / W + 1 : 256 / W + 1;
|
|
164
|
-
const points = [];
|
|
165
|
-
let p = this;
|
|
166
|
-
let base = p;
|
|
167
|
-
for (let window = 0; window < windows; window++) {
|
|
168
|
-
base = p;
|
|
169
|
-
points.push(base);
|
|
170
|
-
for (let i = 1; i < 2 ** (W - 1); i++) {
|
|
171
|
-
base = base.add(p);
|
|
172
|
-
points.push(base);
|
|
173
|
-
}
|
|
174
|
-
p = base.double();
|
|
175
|
-
}
|
|
176
|
-
return points;
|
|
177
|
-
}
|
|
178
|
-
wNAF(n, affinePoint) {
|
|
179
|
-
if (!affinePoint && this.equals(JacobianPoint.BASE))
|
|
180
|
-
affinePoint = Point.BASE;
|
|
181
|
-
const W = (affinePoint && affinePoint._WINDOW_SIZE) || 1;
|
|
182
|
-
if (256 % W) {
|
|
183
|
-
throw new Error('Point#wNAF: Invalid precomputation window, must be power of 2');
|
|
184
|
-
}
|
|
185
|
-
let precomputes = affinePoint && pointPrecomputes.get(affinePoint);
|
|
186
|
-
if (!precomputes) {
|
|
187
|
-
precomputes = this.precomputeWindow(W);
|
|
188
|
-
if (affinePoint && W !== 1) {
|
|
189
|
-
precomputes = JacobianPoint.normalizeZ(precomputes);
|
|
190
|
-
pointPrecomputes.set(affinePoint, precomputes);
|
|
191
|
-
}
|
|
192
|
-
}
|
|
193
|
-
let p = JacobianPoint.ZERO;
|
|
194
|
-
let f = JacobianPoint.ZERO;
|
|
195
|
-
const windows = 1 + (USE_ENDOMORPHISM ? 128 / W : 256 / W);
|
|
196
|
-
const windowSize = 2 ** (W - 1);
|
|
197
|
-
const mask = BigInt(2 ** W - 1);
|
|
198
|
-
const maxNumber = 2 ** W;
|
|
199
|
-
const shiftBy = BigInt(W);
|
|
200
|
-
for (let window = 0; window < windows; window++) {
|
|
201
|
-
const offset = window * windowSize;
|
|
202
|
-
let wbits = Number(n & mask);
|
|
203
|
-
n >>= shiftBy;
|
|
204
|
-
if (wbits > windowSize) {
|
|
205
|
-
wbits -= maxNumber;
|
|
206
|
-
n += _1n;
|
|
207
|
-
}
|
|
208
|
-
if (wbits === 0) {
|
|
209
|
-
let pr = precomputes[offset];
|
|
210
|
-
if (window % 2)
|
|
211
|
-
pr = pr.negate();
|
|
212
|
-
f = f.add(pr);
|
|
213
|
-
}
|
|
214
|
-
else {
|
|
215
|
-
let cached = precomputes[offset + Math.abs(wbits) - 1];
|
|
216
|
-
if (wbits < 0)
|
|
217
|
-
cached = cached.negate();
|
|
218
|
-
p = p.add(cached);
|
|
219
|
-
}
|
|
220
|
-
}
|
|
221
|
-
return { p, f };
|
|
222
|
-
}
|
|
223
|
-
multiply(scalar, affinePoint) {
|
|
224
|
-
let n = normalizeScalar(scalar);
|
|
225
|
-
let point;
|
|
226
|
-
let fake;
|
|
227
|
-
if (USE_ENDOMORPHISM) {
|
|
228
|
-
const { k1neg, k1, k2neg, k2 } = splitScalarEndo(n);
|
|
229
|
-
let { p: k1p, f: f1p } = this.wNAF(k1, affinePoint);
|
|
230
|
-
let { p: k2p, f: f2p } = this.wNAF(k2, affinePoint);
|
|
231
|
-
if (k1neg)
|
|
232
|
-
k1p = k1p.negate();
|
|
233
|
-
if (k2neg)
|
|
234
|
-
k2p = k2p.negate();
|
|
235
|
-
k2p = new JacobianPoint(mod(k2p.x * CURVE.beta), k2p.y, k2p.z);
|
|
236
|
-
point = k1p.add(k2p);
|
|
237
|
-
fake = f1p.add(f2p);
|
|
238
|
-
}
|
|
239
|
-
else {
|
|
240
|
-
const { p, f } = this.wNAF(n, affinePoint);
|
|
241
|
-
point = p;
|
|
242
|
-
fake = f;
|
|
243
|
-
}
|
|
244
|
-
return JacobianPoint.normalizeZ([point, fake])[0];
|
|
245
|
-
}
|
|
246
|
-
toAffine(invZ = invert(this.z)) {
|
|
247
|
-
const { x, y, z } = this;
|
|
248
|
-
const iz1 = invZ;
|
|
249
|
-
const iz2 = mod(iz1 * iz1);
|
|
250
|
-
const iz3 = mod(iz2 * iz1);
|
|
251
|
-
const ax = mod(x * iz2);
|
|
252
|
-
const ay = mod(y * iz3);
|
|
253
|
-
const zz = mod(z * iz1);
|
|
254
|
-
if (zz !== _1n)
|
|
255
|
-
throw new Error('invZ was invalid');
|
|
256
|
-
return new Point(ax, ay);
|
|
257
|
-
}
|
|
258
|
-
}
|
|
259
|
-
JacobianPoint.BASE = new JacobianPoint(CURVE.Gx, CURVE.Gy, _1n);
|
|
260
|
-
JacobianPoint.ZERO = new JacobianPoint(_0n, _1n, _0n);
|
|
261
|
-
const pointPrecomputes = new WeakMap();
|
|
262
|
-
class Point {
|
|
263
|
-
constructor(x, y) {
|
|
264
|
-
this.x = x;
|
|
265
|
-
this.y = y;
|
|
266
|
-
}
|
|
267
|
-
_setWindowSize(windowSize) {
|
|
268
|
-
this._WINDOW_SIZE = windowSize;
|
|
269
|
-
pointPrecomputes.delete(this);
|
|
270
|
-
}
|
|
271
|
-
hasEvenY() {
|
|
272
|
-
return this.y % _2n === _0n;
|
|
273
|
-
}
|
|
274
|
-
static fromCompressedHex(bytes) {
|
|
275
|
-
const isShort = bytes.length === 32;
|
|
276
|
-
const x = bytesToNumber(isShort ? bytes : bytes.subarray(1));
|
|
277
|
-
if (!isValidFieldElement(x))
|
|
278
|
-
throw new Error('Point is not on curve');
|
|
279
|
-
const y2 = weistrass(x);
|
|
280
|
-
let y = sqrtMod(y2);
|
|
281
|
-
const isYOdd = (y & _1n) === _1n;
|
|
282
|
-
if (isShort) {
|
|
283
|
-
if (isYOdd)
|
|
284
|
-
y = mod(-y);
|
|
285
|
-
}
|
|
286
|
-
else {
|
|
287
|
-
const isFirstByteOdd = (bytes[0] & 1) === 1;
|
|
288
|
-
if (isFirstByteOdd !== isYOdd)
|
|
289
|
-
y = mod(-y);
|
|
290
|
-
}
|
|
291
|
-
const point = new Point(x, y);
|
|
292
|
-
point.assertValidity();
|
|
293
|
-
return point;
|
|
294
|
-
}
|
|
295
|
-
static fromUncompressedHex(bytes) {
|
|
296
|
-
const x = bytesToNumber(bytes.subarray(1, 33));
|
|
297
|
-
const y = bytesToNumber(bytes.subarray(33, 65));
|
|
298
|
-
const point = new Point(x, y);
|
|
299
|
-
point.assertValidity();
|
|
300
|
-
return point;
|
|
301
|
-
}
|
|
302
|
-
static fromHex(hex) {
|
|
303
|
-
const bytes = ensureBytes(hex);
|
|
304
|
-
const len = bytes.length;
|
|
305
|
-
const header = bytes[0];
|
|
306
|
-
if (len === 32 || (len === 33 && (header === 0x02 || header === 0x03))) {
|
|
307
|
-
return this.fromCompressedHex(bytes);
|
|
308
|
-
}
|
|
309
|
-
if (len === 65 && header === 0x04)
|
|
310
|
-
return this.fromUncompressedHex(bytes);
|
|
311
|
-
throw new Error(`Point.fromHex: received invalid point. Expected 32-33 compressed bytes or 65 uncompressed bytes, not ${len}`);
|
|
312
|
-
}
|
|
313
|
-
static fromPrivateKey(privateKey) {
|
|
314
|
-
return Point.BASE.multiply(normalizePrivateKey(privateKey));
|
|
315
|
-
}
|
|
316
|
-
static fromSignature(msgHash, signature, recovery) {
|
|
317
|
-
msgHash = ensureBytes(msgHash);
|
|
318
|
-
const h = truncateHash(msgHash);
|
|
319
|
-
const { r, s } = normalizeSignature(signature);
|
|
320
|
-
if (recovery !== 0 && recovery !== 1) {
|
|
321
|
-
throw new Error('Cannot recover signature: invalid recovery bit');
|
|
322
|
-
}
|
|
323
|
-
const prefix = recovery & 1 ? '03' : '02';
|
|
324
|
-
const R = Point.fromHex(prefix + numTo32bStr(r));
|
|
325
|
-
const { n } = CURVE;
|
|
326
|
-
const rinv = invert(r, n);
|
|
327
|
-
const u1 = mod(-h * rinv, n);
|
|
328
|
-
const u2 = mod(s * rinv, n);
|
|
329
|
-
const Q = Point.BASE.multiplyAndAddUnsafe(R, u1, u2);
|
|
330
|
-
if (!Q)
|
|
331
|
-
throw new Error('Cannot recover signature: point at infinify');
|
|
332
|
-
Q.assertValidity();
|
|
333
|
-
return Q;
|
|
334
|
-
}
|
|
335
|
-
toRawBytes(isCompressed = false) {
|
|
336
|
-
return hexToBytes(this.toHex(isCompressed));
|
|
337
|
-
}
|
|
338
|
-
toHex(isCompressed = false) {
|
|
339
|
-
const x = numTo32bStr(this.x);
|
|
340
|
-
if (isCompressed) {
|
|
341
|
-
const prefix = this.hasEvenY() ? '02' : '03';
|
|
342
|
-
return `${prefix}${x}`;
|
|
343
|
-
}
|
|
344
|
-
else {
|
|
345
|
-
return `04${x}${numTo32bStr(this.y)}`;
|
|
346
|
-
}
|
|
347
|
-
}
|
|
348
|
-
toHexX() {
|
|
349
|
-
return this.toHex(true).slice(2);
|
|
350
|
-
}
|
|
351
|
-
toRawX() {
|
|
352
|
-
return this.toRawBytes(true).slice(1);
|
|
353
|
-
}
|
|
354
|
-
assertValidity() {
|
|
355
|
-
const msg = 'Point is not on elliptic curve';
|
|
356
|
-
const { x, y } = this;
|
|
357
|
-
if (!isValidFieldElement(x) || !isValidFieldElement(y))
|
|
358
|
-
throw new Error(msg);
|
|
359
|
-
const left = mod(y * y);
|
|
360
|
-
const right = weistrass(x);
|
|
361
|
-
if (mod(left - right) !== _0n)
|
|
362
|
-
throw new Error(msg);
|
|
363
|
-
}
|
|
364
|
-
equals(other) {
|
|
365
|
-
return this.x === other.x && this.y === other.y;
|
|
366
|
-
}
|
|
367
|
-
negate() {
|
|
368
|
-
return new Point(this.x, mod(-this.y));
|
|
369
|
-
}
|
|
370
|
-
double() {
|
|
371
|
-
return JacobianPoint.fromAffine(this).double().toAffine();
|
|
372
|
-
}
|
|
373
|
-
add(other) {
|
|
374
|
-
return JacobianPoint.fromAffine(this).add(JacobianPoint.fromAffine(other)).toAffine();
|
|
375
|
-
}
|
|
376
|
-
subtract(other) {
|
|
377
|
-
return this.add(other.negate());
|
|
378
|
-
}
|
|
379
|
-
multiply(scalar) {
|
|
380
|
-
return JacobianPoint.fromAffine(this).multiply(scalar, this).toAffine();
|
|
381
|
-
}
|
|
382
|
-
multiplyAndAddUnsafe(Q, a, b) {
|
|
383
|
-
const P = JacobianPoint.fromAffine(this);
|
|
384
|
-
const aP = a === _0n || a === _1n || this !== Point.BASE ? P.multiplyUnsafe(a) : P.multiply(a);
|
|
385
|
-
const bQ = JacobianPoint.fromAffine(Q).multiplyUnsafe(b);
|
|
386
|
-
const sum = aP.add(bQ);
|
|
387
|
-
return sum.equals(JacobianPoint.ZERO) ? undefined : sum.toAffine();
|
|
388
|
-
}
|
|
389
|
-
}
|
|
390
|
-
Point.BASE = new Point(CURVE.Gx, CURVE.Gy);
|
|
391
|
-
Point.ZERO = new Point(_0n, _0n);
|
|
392
|
-
function sliceDER(s) {
|
|
393
|
-
return Number.parseInt(s[0], 16) >= 8 ? '00' + s : s;
|
|
394
|
-
}
|
|
395
|
-
function parseDERInt(data) {
|
|
396
|
-
if (data.length < 2 || data[0] !== 0x02) {
|
|
397
|
-
throw new Error(`Invalid signature integer tag: ${bytesToHex(data)}`);
|
|
398
|
-
}
|
|
399
|
-
const len = data[1];
|
|
400
|
-
const res = data.subarray(2, len + 2);
|
|
401
|
-
if (!len || res.length !== len) {
|
|
402
|
-
throw new Error(`Invalid signature integer: wrong length`);
|
|
403
|
-
}
|
|
404
|
-
if (res[0] === 0x00 && res[1] <= 0x7f) {
|
|
405
|
-
throw new Error('Invalid signature integer: trailing length');
|
|
406
|
-
}
|
|
407
|
-
return { data: bytesToNumber(res), left: data.subarray(len + 2) };
|
|
408
|
-
}
|
|
409
|
-
function parseDERSignature(data) {
|
|
410
|
-
if (data.length < 2 || data[0] != 0x30) {
|
|
411
|
-
throw new Error(`Invalid signature tag: ${bytesToHex(data)}`);
|
|
412
|
-
}
|
|
413
|
-
if (data[1] !== data.length - 2) {
|
|
414
|
-
throw new Error('Invalid signature: incorrect length');
|
|
415
|
-
}
|
|
416
|
-
const { data: r, left: sBytes } = parseDERInt(data.subarray(2));
|
|
417
|
-
const { data: s, left: rBytesLeft } = parseDERInt(sBytes);
|
|
418
|
-
if (rBytesLeft.length) {
|
|
419
|
-
throw new Error(`Invalid signature: left bytes after parsing: ${bytesToHex(rBytesLeft)}`);
|
|
420
|
-
}
|
|
421
|
-
return { r, s };
|
|
422
|
-
}
|
|
423
|
-
class Signature {
|
|
424
|
-
constructor(r, s) {
|
|
425
|
-
this.r = r;
|
|
426
|
-
this.s = s;
|
|
427
|
-
this.assertValidity();
|
|
428
|
-
}
|
|
429
|
-
static fromCompact(hex) {
|
|
430
|
-
const arr = hex instanceof Uint8Array;
|
|
431
|
-
const name = 'Signature.fromCompact';
|
|
432
|
-
if (typeof hex !== 'string' && !arr)
|
|
433
|
-
throw new TypeError(`${name}: Expected string or Uint8Array`);
|
|
434
|
-
const str = arr ? bytesToHex(hex) : hex;
|
|
435
|
-
if (str.length !== 128)
|
|
436
|
-
throw new Error(`${name}: Expected 64-byte hex`);
|
|
437
|
-
return new Signature(hexToNumber(str.slice(0, 64)), hexToNumber(str.slice(64, 128)));
|
|
438
|
-
}
|
|
439
|
-
static fromDER(hex) {
|
|
440
|
-
const arr = hex instanceof Uint8Array;
|
|
441
|
-
if (typeof hex !== 'string' && !arr)
|
|
442
|
-
throw new TypeError(`Signature.fromDER: Expected string or Uint8Array`);
|
|
443
|
-
const { r, s } = parseDERSignature(arr ? hex : hexToBytes(hex));
|
|
444
|
-
return new Signature(r, s);
|
|
445
|
-
}
|
|
446
|
-
static fromHex(hex) {
|
|
447
|
-
return this.fromDER(hex);
|
|
448
|
-
}
|
|
449
|
-
assertValidity() {
|
|
450
|
-
const { r, s } = this;
|
|
451
|
-
if (!isWithinCurveOrder(r))
|
|
452
|
-
throw new Error('Invalid Signature: r must be 0 < r < n');
|
|
453
|
-
if (!isWithinCurveOrder(s))
|
|
454
|
-
throw new Error('Invalid Signature: s must be 0 < s < n');
|
|
455
|
-
}
|
|
456
|
-
hasHighS() {
|
|
457
|
-
const HALF = CURVE.n >> _1n;
|
|
458
|
-
return this.s > HALF;
|
|
459
|
-
}
|
|
460
|
-
normalizeS() {
|
|
461
|
-
return this.hasHighS() ? new Signature(this.r, CURVE.n - this.s) : this;
|
|
462
|
-
}
|
|
463
|
-
toDERRawBytes(isCompressed = false) {
|
|
464
|
-
return hexToBytes(this.toDERHex(isCompressed));
|
|
465
|
-
}
|
|
466
|
-
toDERHex(isCompressed = false) {
|
|
467
|
-
const sHex = sliceDER(numberToHexUnpadded(this.s));
|
|
468
|
-
if (isCompressed)
|
|
469
|
-
return sHex;
|
|
470
|
-
const rHex = sliceDER(numberToHexUnpadded(this.r));
|
|
471
|
-
const rLen = numberToHexUnpadded(rHex.length / 2);
|
|
472
|
-
const sLen = numberToHexUnpadded(sHex.length / 2);
|
|
473
|
-
const length = numberToHexUnpadded(rHex.length / 2 + sHex.length / 2 + 4);
|
|
474
|
-
return `30${length}02${rLen}${rHex}02${sLen}${sHex}`;
|
|
475
|
-
}
|
|
476
|
-
toRawBytes() {
|
|
477
|
-
return this.toDERRawBytes();
|
|
478
|
-
}
|
|
479
|
-
toHex() {
|
|
480
|
-
return this.toDERHex();
|
|
481
|
-
}
|
|
482
|
-
toCompactRawBytes() {
|
|
483
|
-
return hexToBytes(this.toCompactHex());
|
|
484
|
-
}
|
|
485
|
-
toCompactHex() {
|
|
486
|
-
return numTo32bStr(this.r) + numTo32bStr(this.s);
|
|
487
|
-
}
|
|
488
|
-
}
|
|
489
|
-
function concatBytes(...arrays) {
|
|
490
|
-
if (!arrays.every((b) => b instanceof Uint8Array))
|
|
491
|
-
throw new Error('Uint8Array list expected');
|
|
492
|
-
if (arrays.length === 1)
|
|
493
|
-
return arrays[0];
|
|
494
|
-
const length = arrays.reduce((a, arr) => a + arr.length, 0);
|
|
495
|
-
const result = new Uint8Array(length);
|
|
496
|
-
for (let i = 0, pad = 0; i < arrays.length; i++) {
|
|
497
|
-
const arr = arrays[i];
|
|
498
|
-
result.set(arr, pad);
|
|
499
|
-
pad += arr.length;
|
|
500
|
-
}
|
|
501
|
-
return result;
|
|
502
|
-
}
|
|
503
|
-
const hexes = Array.from({ length: 256 }, (v, i) => i.toString(16).padStart(2, '0'));
|
|
504
|
-
function bytesToHex(uint8a) {
|
|
505
|
-
if (!(uint8a instanceof Uint8Array))
|
|
506
|
-
throw new Error('Expected Uint8Array');
|
|
507
|
-
let hex = '';
|
|
508
|
-
for (let i = 0; i < uint8a.length; i++) {
|
|
509
|
-
hex += hexes[uint8a[i]];
|
|
510
|
-
}
|
|
511
|
-
return hex;
|
|
512
|
-
}
|
|
513
|
-
const POW_2_256 = BigInt('0x10000000000000000000000000000000000000000000000000000000000000000');
|
|
514
|
-
function numTo32bStr(num) {
|
|
515
|
-
if (typeof num !== 'bigint')
|
|
516
|
-
throw new Error('Expected bigint');
|
|
517
|
-
if (!(_0n <= num && num < POW_2_256))
|
|
518
|
-
throw new Error('Expected number < 2^256');
|
|
519
|
-
return num.toString(16).padStart(64, '0');
|
|
520
|
-
}
|
|
521
|
-
function numTo32b(num) {
|
|
522
|
-
const b = hexToBytes(numTo32bStr(num));
|
|
523
|
-
if (b.length !== 32)
|
|
524
|
-
throw new Error('Error: expected 32 bytes');
|
|
525
|
-
return b;
|
|
526
|
-
}
|
|
527
|
-
function numberToHexUnpadded(num) {
|
|
528
|
-
const hex = num.toString(16);
|
|
529
|
-
return hex.length & 1 ? `0${hex}` : hex;
|
|
530
|
-
}
|
|
531
|
-
function hexToNumber(hex) {
|
|
532
|
-
if (typeof hex !== 'string') {
|
|
533
|
-
throw new TypeError('hexToNumber: expected string, got ' + typeof hex);
|
|
534
|
-
}
|
|
535
|
-
return BigInt(`0x${hex}`);
|
|
536
|
-
}
|
|
537
|
-
function hexToBytes(hex) {
|
|
538
|
-
if (typeof hex !== 'string') {
|
|
539
|
-
throw new TypeError('hexToBytes: expected string, got ' + typeof hex);
|
|
540
|
-
}
|
|
541
|
-
if (hex.length % 2)
|
|
542
|
-
throw new Error('hexToBytes: received invalid unpadded hex' + hex.length);
|
|
543
|
-
const array = new Uint8Array(hex.length / 2);
|
|
544
|
-
for (let i = 0; i < array.length; i++) {
|
|
545
|
-
const j = i * 2;
|
|
546
|
-
const hexByte = hex.slice(j, j + 2);
|
|
547
|
-
const byte = Number.parseInt(hexByte, 16);
|
|
548
|
-
if (Number.isNaN(byte) || byte < 0)
|
|
549
|
-
throw new Error('Invalid byte sequence');
|
|
550
|
-
array[i] = byte;
|
|
551
|
-
}
|
|
552
|
-
return array;
|
|
553
|
-
}
|
|
554
|
-
function bytesToNumber(bytes) {
|
|
555
|
-
return hexToNumber(bytesToHex(bytes));
|
|
556
|
-
}
|
|
557
|
-
function ensureBytes(hex) {
|
|
558
|
-
return hex instanceof Uint8Array ? Uint8Array.from(hex) : hexToBytes(hex);
|
|
559
|
-
}
|
|
560
|
-
function normalizeScalar(num) {
|
|
561
|
-
if (typeof num === 'number' && Number.isSafeInteger(num) && num > 0)
|
|
562
|
-
return BigInt(num);
|
|
563
|
-
if (typeof num === 'bigint' && isWithinCurveOrder(num))
|
|
564
|
-
return num;
|
|
565
|
-
throw new TypeError('Expected valid private scalar: 0 < scalar < curve.n');
|
|
566
|
-
}
|
|
567
|
-
function mod(a, b = CURVE.P) {
|
|
568
|
-
const result = a % b;
|
|
569
|
-
return result >= _0n ? result : b + result;
|
|
570
|
-
}
|
|
571
|
-
function pow2(x, power) {
|
|
572
|
-
const { P } = CURVE;
|
|
573
|
-
let res = x;
|
|
574
|
-
while (power-- > _0n) {
|
|
575
|
-
res *= res;
|
|
576
|
-
res %= P;
|
|
577
|
-
}
|
|
578
|
-
return res;
|
|
579
|
-
}
|
|
580
|
-
function sqrtMod(x) {
|
|
581
|
-
const { P } = CURVE;
|
|
582
|
-
const _6n = BigInt(6);
|
|
583
|
-
const _11n = BigInt(11);
|
|
584
|
-
const _22n = BigInt(22);
|
|
585
|
-
const _23n = BigInt(23);
|
|
586
|
-
const _44n = BigInt(44);
|
|
587
|
-
const _88n = BigInt(88);
|
|
588
|
-
const b2 = (x * x * x) % P;
|
|
589
|
-
const b3 = (b2 * b2 * x) % P;
|
|
590
|
-
const b6 = (pow2(b3, _3n) * b3) % P;
|
|
591
|
-
const b9 = (pow2(b6, _3n) * b3) % P;
|
|
592
|
-
const b11 = (pow2(b9, _2n) * b2) % P;
|
|
593
|
-
const b22 = (pow2(b11, _11n) * b11) % P;
|
|
594
|
-
const b44 = (pow2(b22, _22n) * b22) % P;
|
|
595
|
-
const b88 = (pow2(b44, _44n) * b44) % P;
|
|
596
|
-
const b176 = (pow2(b88, _88n) * b88) % P;
|
|
597
|
-
const b220 = (pow2(b176, _44n) * b44) % P;
|
|
598
|
-
const b223 = (pow2(b220, _3n) * b3) % P;
|
|
599
|
-
const t1 = (pow2(b223, _23n) * b22) % P;
|
|
600
|
-
const t2 = (pow2(t1, _6n) * b2) % P;
|
|
601
|
-
return pow2(t2, _2n);
|
|
602
|
-
}
|
|
603
|
-
function invert(number, modulo = CURVE.P) {
|
|
604
|
-
if (number === _0n || modulo <= _0n) {
|
|
605
|
-
throw new Error(`invert: expected positive integers, got n=${number} mod=${modulo}`);
|
|
606
|
-
}
|
|
607
|
-
let a = mod(number, modulo);
|
|
608
|
-
let b = modulo;
|
|
609
|
-
let x = _0n, u = _1n;
|
|
610
|
-
while (a !== _0n) {
|
|
611
|
-
const q = b / a;
|
|
612
|
-
const r = b % a;
|
|
613
|
-
const m = x - u * q;
|
|
614
|
-
b = a, a = r, x = u, u = m;
|
|
615
|
-
}
|
|
616
|
-
const gcd = b;
|
|
617
|
-
if (gcd !== _1n)
|
|
618
|
-
throw new Error('invert: does not exist');
|
|
619
|
-
return mod(x, modulo);
|
|
620
|
-
}
|
|
621
|
-
function invertBatch(nums, p = CURVE.P) {
|
|
622
|
-
const scratch = new Array(nums.length);
|
|
623
|
-
const lastMultiplied = nums.reduce((acc, num, i) => {
|
|
624
|
-
if (num === _0n)
|
|
625
|
-
return acc;
|
|
626
|
-
scratch[i] = acc;
|
|
627
|
-
return mod(acc * num, p);
|
|
628
|
-
}, _1n);
|
|
629
|
-
const inverted = invert(lastMultiplied, p);
|
|
630
|
-
nums.reduceRight((acc, num, i) => {
|
|
631
|
-
if (num === _0n)
|
|
632
|
-
return acc;
|
|
633
|
-
scratch[i] = mod(acc * scratch[i], p);
|
|
634
|
-
return mod(acc * num, p);
|
|
635
|
-
}, inverted);
|
|
636
|
-
return scratch;
|
|
637
|
-
}
|
|
638
|
-
const divNearest = (a, b) => (a + b / _2n) / b;
|
|
639
|
-
const ENDO = {
|
|
640
|
-
a1: BigInt('0x3086d221a7d46bcde86c90e49284eb15'),
|
|
641
|
-
b1: -_1n * BigInt('0xe4437ed6010e88286f547fa90abfe4c3'),
|
|
642
|
-
a2: BigInt('0x114ca50f7a8e2f3f657c1108d9d44cfd8'),
|
|
643
|
-
b2: BigInt('0x3086d221a7d46bcde86c90e49284eb15'),
|
|
644
|
-
POW_2_128: BigInt('0x100000000000000000000000000000000'),
|
|
645
|
-
};
|
|
646
|
-
function splitScalarEndo(k) {
|
|
647
|
-
const { n } = CURVE;
|
|
648
|
-
const { a1, b1, a2, b2, POW_2_128 } = ENDO;
|
|
649
|
-
const c1 = divNearest(b2 * k, n);
|
|
650
|
-
const c2 = divNearest(-b1 * k, n);
|
|
651
|
-
let k1 = mod(k - c1 * a1 - c2 * a2, n);
|
|
652
|
-
let k2 = mod(-c1 * b1 - c2 * b2, n);
|
|
653
|
-
const k1neg = k1 > POW_2_128;
|
|
654
|
-
const k2neg = k2 > POW_2_128;
|
|
655
|
-
if (k1neg)
|
|
656
|
-
k1 = n - k1;
|
|
657
|
-
if (k2neg)
|
|
658
|
-
k2 = n - k2;
|
|
659
|
-
if (k1 > POW_2_128 || k2 > POW_2_128) {
|
|
660
|
-
throw new Error('splitScalarEndo: Endomorphism failed, k=' + k);
|
|
661
|
-
}
|
|
662
|
-
return { k1neg, k1, k2neg, k2 };
|
|
663
|
-
}
|
|
664
|
-
function truncateHash(hash) {
|
|
665
|
-
const { n } = CURVE;
|
|
666
|
-
const byteLength = hash.length;
|
|
667
|
-
const delta = byteLength * 8 - 256;
|
|
668
|
-
let h = bytesToNumber(hash);
|
|
669
|
-
if (delta > 0)
|
|
670
|
-
h = h >> BigInt(delta);
|
|
671
|
-
if (h >= n)
|
|
672
|
-
h -= n;
|
|
673
|
-
return h;
|
|
674
|
-
}
|
|
675
|
-
let _sha256Sync;
|
|
676
|
-
let _hmacSha256Sync;
|
|
677
|
-
class HmacDrbg {
|
|
678
|
-
constructor() {
|
|
679
|
-
this.v = new Uint8Array(32).fill(1);
|
|
680
|
-
this.k = new Uint8Array(32).fill(0);
|
|
681
|
-
this.counter = 0;
|
|
682
|
-
}
|
|
683
|
-
hmac(...values) {
|
|
684
|
-
return utils.hmacSha256(this.k, ...values);
|
|
685
|
-
}
|
|
686
|
-
hmacSync(...values) {
|
|
687
|
-
return _hmacSha256Sync(this.k, ...values);
|
|
688
|
-
}
|
|
689
|
-
checkSync() {
|
|
690
|
-
if (typeof _hmacSha256Sync !== 'function')
|
|
691
|
-
throw new ShaError('hmacSha256Sync needs to be set');
|
|
692
|
-
}
|
|
693
|
-
incr() {
|
|
694
|
-
if (this.counter >= 1000)
|
|
695
|
-
throw new Error('Tried 1,000 k values for sign(), all were invalid');
|
|
696
|
-
this.counter += 1;
|
|
697
|
-
}
|
|
698
|
-
async reseed(seed = new Uint8Array()) {
|
|
699
|
-
this.k = await this.hmac(this.v, Uint8Array.from([0x00]), seed);
|
|
700
|
-
this.v = await this.hmac(this.v);
|
|
701
|
-
if (seed.length === 0)
|
|
702
|
-
return;
|
|
703
|
-
this.k = await this.hmac(this.v, Uint8Array.from([0x01]), seed);
|
|
704
|
-
this.v = await this.hmac(this.v);
|
|
705
|
-
}
|
|
706
|
-
reseedSync(seed = new Uint8Array()) {
|
|
707
|
-
this.checkSync();
|
|
708
|
-
this.k = this.hmacSync(this.v, Uint8Array.from([0x00]), seed);
|
|
709
|
-
this.v = this.hmacSync(this.v);
|
|
710
|
-
if (seed.length === 0)
|
|
711
|
-
return;
|
|
712
|
-
this.k = this.hmacSync(this.v, Uint8Array.from([0x01]), seed);
|
|
713
|
-
this.v = this.hmacSync(this.v);
|
|
714
|
-
}
|
|
715
|
-
async generate() {
|
|
716
|
-
this.incr();
|
|
717
|
-
this.v = await this.hmac(this.v);
|
|
718
|
-
return this.v;
|
|
719
|
-
}
|
|
720
|
-
generateSync() {
|
|
721
|
-
this.checkSync();
|
|
722
|
-
this.incr();
|
|
723
|
-
this.v = this.hmacSync(this.v);
|
|
724
|
-
return this.v;
|
|
725
|
-
}
|
|
726
|
-
}
|
|
727
|
-
function isWithinCurveOrder(num) {
|
|
728
|
-
return _0n < num && num < CURVE.n;
|
|
729
|
-
}
|
|
730
|
-
function isValidFieldElement(num) {
|
|
731
|
-
return _0n < num && num < CURVE.P;
|
|
732
|
-
}
|
|
733
|
-
function kmdToSig(kBytes, m, d) {
|
|
734
|
-
const k = bytesToNumber(kBytes);
|
|
735
|
-
if (!isWithinCurveOrder(k))
|
|
736
|
-
return;
|
|
737
|
-
const { n } = CURVE;
|
|
738
|
-
const q = Point.BASE.multiply(k);
|
|
739
|
-
const r = mod(q.x, n);
|
|
740
|
-
if (r === _0n)
|
|
741
|
-
return;
|
|
742
|
-
const s = mod(invert(k, n) * mod(m + d * r, n), n);
|
|
743
|
-
if (s === _0n)
|
|
744
|
-
return;
|
|
745
|
-
const sig = new Signature(r, s);
|
|
746
|
-
const recovery = (q.x === sig.r ? 0 : 2) | Number(q.y & _1n);
|
|
747
|
-
return { sig, recovery };
|
|
748
|
-
}
|
|
749
|
-
function normalizePrivateKey(key) {
|
|
750
|
-
let num;
|
|
751
|
-
if (typeof key === 'bigint') {
|
|
752
|
-
num = key;
|
|
753
|
-
}
|
|
754
|
-
else if (typeof key === 'number' && Number.isSafeInteger(key) && key > 0) {
|
|
755
|
-
num = BigInt(key);
|
|
756
|
-
}
|
|
757
|
-
else if (typeof key === 'string') {
|
|
758
|
-
if (key.length !== 64)
|
|
759
|
-
throw new Error('Expected 32 bytes of private key');
|
|
760
|
-
num = hexToNumber(key);
|
|
761
|
-
}
|
|
762
|
-
else if (key instanceof Uint8Array) {
|
|
763
|
-
if (key.length !== 32)
|
|
764
|
-
throw new Error('Expected 32 bytes of private key');
|
|
765
|
-
num = bytesToNumber(key);
|
|
766
|
-
}
|
|
767
|
-
else {
|
|
768
|
-
throw new TypeError('Expected valid private key');
|
|
769
|
-
}
|
|
770
|
-
if (!isWithinCurveOrder(num))
|
|
771
|
-
throw new Error('Expected private key: 0 < key < n');
|
|
772
|
-
return num;
|
|
773
|
-
}
|
|
774
|
-
function normalizePublicKey(publicKey) {
|
|
775
|
-
if (publicKey instanceof Point) {
|
|
776
|
-
publicKey.assertValidity();
|
|
777
|
-
return publicKey;
|
|
778
|
-
}
|
|
779
|
-
else {
|
|
780
|
-
return Point.fromHex(publicKey);
|
|
781
|
-
}
|
|
782
|
-
}
|
|
783
|
-
function normalizeSignature(signature) {
|
|
784
|
-
if (signature instanceof Signature) {
|
|
785
|
-
signature.assertValidity();
|
|
786
|
-
return signature;
|
|
787
|
-
}
|
|
788
|
-
try {
|
|
789
|
-
return Signature.fromDER(signature);
|
|
790
|
-
}
|
|
791
|
-
catch (error) {
|
|
792
|
-
return Signature.fromCompact(signature);
|
|
793
|
-
}
|
|
794
|
-
}
|
|
795
|
-
function getPublicKey$1(privateKey, isCompressed = false) {
|
|
796
|
-
return Point.fromPrivateKey(privateKey).toRawBytes(isCompressed);
|
|
797
|
-
}
|
|
798
|
-
function recoverPublicKey(msgHash, signature, recovery, isCompressed = false) {
|
|
799
|
-
return Point.fromSignature(msgHash, signature, recovery).toRawBytes(isCompressed);
|
|
800
|
-
}
|
|
801
|
-
function isProbPub(item) {
|
|
802
|
-
const arr = item instanceof Uint8Array;
|
|
803
|
-
const str = typeof item === 'string';
|
|
804
|
-
const len = (arr || str) && item.length;
|
|
805
|
-
if (arr)
|
|
806
|
-
return len === 33 || len === 65;
|
|
807
|
-
if (str)
|
|
808
|
-
return len === 66 || len === 130;
|
|
809
|
-
if (item instanceof Point)
|
|
810
|
-
return true;
|
|
811
|
-
return false;
|
|
812
|
-
}
|
|
813
|
-
function getSharedSecret(privateA, publicB, isCompressed = false) {
|
|
814
|
-
if (isProbPub(privateA))
|
|
815
|
-
throw new TypeError('getSharedSecret: first arg must be private key');
|
|
816
|
-
if (!isProbPub(publicB))
|
|
817
|
-
throw new TypeError('getSharedSecret: second arg must be public key');
|
|
818
|
-
const b = normalizePublicKey(publicB);
|
|
819
|
-
b.assertValidity();
|
|
820
|
-
return b.multiply(normalizePrivateKey(privateA)).toRawBytes(isCompressed);
|
|
821
|
-
}
|
|
822
|
-
function bits2int(bytes) {
|
|
823
|
-
const slice = bytes.length > 32 ? bytes.slice(0, 32) : bytes;
|
|
824
|
-
return bytesToNumber(slice);
|
|
825
|
-
}
|
|
826
|
-
function bits2octets(bytes) {
|
|
827
|
-
const z1 = bits2int(bytes);
|
|
828
|
-
const z2 = mod(z1, CURVE.n);
|
|
829
|
-
return int2octets(z2 < _0n ? z1 : z2);
|
|
830
|
-
}
|
|
831
|
-
function int2octets(num) {
|
|
832
|
-
return numTo32b(num);
|
|
833
|
-
}
|
|
834
|
-
function initSigArgs(msgHash, privateKey, extraEntropy) {
|
|
835
|
-
if (msgHash == null)
|
|
836
|
-
throw new Error(`sign: expected valid message hash, not "${msgHash}"`);
|
|
837
|
-
const h1 = ensureBytes(msgHash);
|
|
838
|
-
const d = normalizePrivateKey(privateKey);
|
|
839
|
-
const seedArgs = [int2octets(d), bits2octets(h1)];
|
|
840
|
-
if (extraEntropy != null) {
|
|
841
|
-
if (extraEntropy === true)
|
|
842
|
-
extraEntropy = utils.randomBytes(32);
|
|
843
|
-
const e = ensureBytes(extraEntropy);
|
|
844
|
-
if (e.length !== 32)
|
|
845
|
-
throw new Error('sign: Expected 32 bytes of extra data');
|
|
846
|
-
seedArgs.push(e);
|
|
847
|
-
}
|
|
848
|
-
const seed = concatBytes(...seedArgs);
|
|
849
|
-
const m = bits2int(h1);
|
|
850
|
-
return { seed, m, d };
|
|
851
|
-
}
|
|
852
|
-
function finalizeSig(recSig, opts) {
|
|
853
|
-
let { sig, recovery } = recSig;
|
|
854
|
-
const { canonical, der, recovered } = Object.assign({ canonical: true, der: true }, opts);
|
|
855
|
-
if (canonical && sig.hasHighS()) {
|
|
856
|
-
sig = sig.normalizeS();
|
|
857
|
-
recovery ^= 1;
|
|
858
|
-
}
|
|
859
|
-
const hashed = der ? sig.toDERRawBytes() : sig.toCompactRawBytes();
|
|
860
|
-
return recovered ? [hashed, recovery] : hashed;
|
|
861
|
-
}
|
|
862
|
-
async function sign$1(msgHash, privKey, opts = {}) {
|
|
863
|
-
const { seed, m, d } = initSigArgs(msgHash, privKey, opts.extraEntropy);
|
|
864
|
-
let sig;
|
|
865
|
-
const drbg = new HmacDrbg();
|
|
866
|
-
await drbg.reseed(seed);
|
|
867
|
-
while (!(sig = kmdToSig(await drbg.generate(), m, d)))
|
|
868
|
-
await drbg.reseed();
|
|
869
|
-
return finalizeSig(sig, opts);
|
|
870
|
-
}
|
|
871
|
-
const vopts = { strict: true };
|
|
872
|
-
function verify(signature, msgHash, publicKey, opts = vopts) {
|
|
873
|
-
let sig;
|
|
874
|
-
try {
|
|
875
|
-
sig = normalizeSignature(signature);
|
|
876
|
-
msgHash = ensureBytes(msgHash);
|
|
877
|
-
}
|
|
878
|
-
catch (error) {
|
|
879
|
-
return false;
|
|
880
|
-
}
|
|
881
|
-
const { r, s } = sig;
|
|
882
|
-
if (opts.strict && sig.hasHighS())
|
|
883
|
-
return false;
|
|
884
|
-
const h = truncateHash(msgHash);
|
|
885
|
-
let P;
|
|
886
|
-
try {
|
|
887
|
-
P = normalizePublicKey(publicKey);
|
|
888
|
-
}
|
|
889
|
-
catch (error) {
|
|
890
|
-
return false;
|
|
891
|
-
}
|
|
892
|
-
const { n } = CURVE;
|
|
893
|
-
const sinv = invert(s, n);
|
|
894
|
-
const u1 = mod(h * sinv, n);
|
|
895
|
-
const u2 = mod(r * sinv, n);
|
|
896
|
-
const R = Point.BASE.multiplyAndAddUnsafe(P, u1, u2);
|
|
897
|
-
if (!R)
|
|
898
|
-
return false;
|
|
899
|
-
const v = mod(R.x, n);
|
|
900
|
-
return v === r;
|
|
901
|
-
}
|
|
902
|
-
Point.BASE._setWindowSize(8);
|
|
903
|
-
const crypto$1 = {
|
|
904
|
-
node: nodeCrypto$1,
|
|
905
|
-
web: typeof self === 'object' && 'crypto' in self ? self.crypto : undefined,
|
|
906
|
-
};
|
|
907
|
-
const TAGGED_HASH_PREFIXES = {};
|
|
908
|
-
const utils = {
|
|
909
|
-
bytesToHex,
|
|
910
|
-
hexToBytes,
|
|
911
|
-
concatBytes,
|
|
912
|
-
mod,
|
|
913
|
-
invert,
|
|
914
|
-
isValidPrivateKey(privateKey) {
|
|
915
|
-
try {
|
|
916
|
-
normalizePrivateKey(privateKey);
|
|
917
|
-
return true;
|
|
918
|
-
}
|
|
919
|
-
catch (error) {
|
|
920
|
-
return false;
|
|
921
|
-
}
|
|
922
|
-
},
|
|
923
|
-
_bigintTo32Bytes: numTo32b,
|
|
924
|
-
_normalizePrivateKey: normalizePrivateKey,
|
|
925
|
-
hashToPrivateKey: (hash) => {
|
|
926
|
-
hash = ensureBytes(hash);
|
|
927
|
-
if (hash.length < 40 || hash.length > 1024)
|
|
928
|
-
throw new Error('Expected 40-1024 bytes of private key as per FIPS 186');
|
|
929
|
-
const num = mod(bytesToNumber(hash), CURVE.n - _1n) + _1n;
|
|
930
|
-
return numTo32b(num);
|
|
931
|
-
},
|
|
932
|
-
randomBytes: (bytesLength = 32) => {
|
|
933
|
-
if (crypto$1.web) {
|
|
934
|
-
return crypto$1.web.getRandomValues(new Uint8Array(bytesLength));
|
|
935
|
-
}
|
|
936
|
-
else if (crypto$1.node) {
|
|
937
|
-
const { randomBytes } = crypto$1.node;
|
|
938
|
-
return Uint8Array.from(randomBytes(bytesLength));
|
|
939
|
-
}
|
|
940
|
-
else {
|
|
941
|
-
throw new Error("The environment doesn't have randomBytes function");
|
|
942
|
-
}
|
|
943
|
-
},
|
|
944
|
-
randomPrivateKey: () => {
|
|
945
|
-
return utils.hashToPrivateKey(utils.randomBytes(40));
|
|
946
|
-
},
|
|
947
|
-
sha256: async (...messages) => {
|
|
948
|
-
if (crypto$1.web) {
|
|
949
|
-
const buffer = await crypto$1.web.subtle.digest('SHA-256', concatBytes(...messages));
|
|
950
|
-
return new Uint8Array(buffer);
|
|
951
|
-
}
|
|
952
|
-
else if (crypto$1.node) {
|
|
953
|
-
const { createHash } = crypto$1.node;
|
|
954
|
-
const hash = createHash('sha256');
|
|
955
|
-
messages.forEach((m) => hash.update(m));
|
|
956
|
-
return Uint8Array.from(hash.digest());
|
|
957
|
-
}
|
|
958
|
-
else {
|
|
959
|
-
throw new Error("The environment doesn't have sha256 function");
|
|
960
|
-
}
|
|
961
|
-
},
|
|
962
|
-
hmacSha256: async (key, ...messages) => {
|
|
963
|
-
if (crypto$1.web) {
|
|
964
|
-
const ckey = await crypto$1.web.subtle.importKey('raw', key, { name: 'HMAC', hash: { name: 'SHA-256' } }, false, ['sign']);
|
|
965
|
-
const message = concatBytes(...messages);
|
|
966
|
-
const buffer = await crypto$1.web.subtle.sign('HMAC', ckey, message);
|
|
967
|
-
return new Uint8Array(buffer);
|
|
968
|
-
}
|
|
969
|
-
else if (crypto$1.node) {
|
|
970
|
-
const { createHmac } = crypto$1.node;
|
|
971
|
-
const hash = createHmac('sha256', key);
|
|
972
|
-
messages.forEach((m) => hash.update(m));
|
|
973
|
-
return Uint8Array.from(hash.digest());
|
|
974
|
-
}
|
|
975
|
-
else {
|
|
976
|
-
throw new Error("The environment doesn't have hmac-sha256 function");
|
|
977
|
-
}
|
|
978
|
-
},
|
|
979
|
-
sha256Sync: undefined,
|
|
980
|
-
hmacSha256Sync: undefined,
|
|
981
|
-
taggedHash: async (tag, ...messages) => {
|
|
982
|
-
let tagP = TAGGED_HASH_PREFIXES[tag];
|
|
983
|
-
if (tagP === undefined) {
|
|
984
|
-
const tagH = await utils.sha256(Uint8Array.from(tag, (c) => c.charCodeAt(0)));
|
|
985
|
-
tagP = concatBytes(tagH, tagH);
|
|
986
|
-
TAGGED_HASH_PREFIXES[tag] = tagP;
|
|
987
|
-
}
|
|
988
|
-
return utils.sha256(tagP, ...messages);
|
|
989
|
-
},
|
|
990
|
-
taggedHashSync: (tag, ...messages) => {
|
|
991
|
-
if (typeof _sha256Sync !== 'function')
|
|
992
|
-
throw new ShaError('sha256Sync is undefined, you need to set it');
|
|
993
|
-
let tagP = TAGGED_HASH_PREFIXES[tag];
|
|
994
|
-
if (tagP === undefined) {
|
|
995
|
-
const tagH = _sha256Sync(Uint8Array.from(tag, (c) => c.charCodeAt(0)));
|
|
996
|
-
tagP = concatBytes(tagH, tagH);
|
|
997
|
-
TAGGED_HASH_PREFIXES[tag] = tagP;
|
|
998
|
-
}
|
|
999
|
-
return _sha256Sync(tagP, ...messages);
|
|
1000
|
-
},
|
|
1001
|
-
precompute(windowSize = 8, point = Point.BASE) {
|
|
1002
|
-
const cached = point === Point.BASE ? point : new Point(point.x, point.y);
|
|
1003
|
-
cached._setWindowSize(windowSize);
|
|
1004
|
-
cached.multiply(_3n);
|
|
1005
|
-
return cached;
|
|
1006
|
-
},
|
|
1007
|
-
};
|
|
1008
|
-
Object.defineProperties(utils, {
|
|
1009
|
-
sha256Sync: {
|
|
1010
|
-
configurable: false,
|
|
1011
|
-
get() {
|
|
1012
|
-
return _sha256Sync;
|
|
1013
|
-
},
|
|
1014
|
-
set(val) {
|
|
1015
|
-
if (!_sha256Sync)
|
|
1016
|
-
_sha256Sync = val;
|
|
1017
|
-
},
|
|
1018
|
-
},
|
|
1019
|
-
hmacSha256Sync: {
|
|
1020
|
-
configurable: false,
|
|
1021
|
-
get() {
|
|
1022
|
-
return _hmacSha256Sync;
|
|
1023
|
-
},
|
|
1024
|
-
set(val) {
|
|
1025
|
-
if (!_hmacSha256Sync)
|
|
1026
|
-
_hmacSha256Sync = val;
|
|
1027
|
-
},
|
|
1028
|
-
},
|
|
1029
|
-
});
|
|
1030
|
-
|
|
1031
|
-
var sha3$1 = {exports: {}};
|
|
1032
|
-
|
|
1033
|
-
/**
|
|
1034
|
-
* [js-sha3]{@link https://github.com/emn178/js-sha3}
|
|
1035
|
-
*
|
|
1036
|
-
* @version 0.8.0
|
|
1037
|
-
* @author Chen, Yi-Cyuan [emn178@gmail.com]
|
|
1038
|
-
* @copyright Chen, Yi-Cyuan 2015-2018
|
|
1039
|
-
* @license MIT
|
|
1040
|
-
*/
|
|
1041
|
-
|
|
1042
|
-
(function (module) {
|
|
1043
|
-
/*jslint bitwise: true */
|
|
1044
|
-
(function () {
|
|
1045
|
-
|
|
1046
|
-
var INPUT_ERROR = 'input is invalid type';
|
|
1047
|
-
var FINALIZE_ERROR = 'finalize already called';
|
|
1048
|
-
var WINDOW = typeof window === 'object';
|
|
1049
|
-
var root = WINDOW ? window : {};
|
|
1050
|
-
if (root.JS_SHA3_NO_WINDOW) {
|
|
1051
|
-
WINDOW = false;
|
|
1052
|
-
}
|
|
1053
|
-
var WEB_WORKER = !WINDOW && typeof self === 'object';
|
|
1054
|
-
var NODE_JS = !root.JS_SHA3_NO_NODE_JS && typeof process === 'object' && process.versions && process.versions.node;
|
|
1055
|
-
if (NODE_JS) {
|
|
1056
|
-
root = commonjsGlobal;
|
|
1057
|
-
} else if (WEB_WORKER) {
|
|
1058
|
-
root = self;
|
|
1059
|
-
}
|
|
1060
|
-
var COMMON_JS = !root.JS_SHA3_NO_COMMON_JS && 'object' === 'object' && module.exports;
|
|
1061
|
-
var ARRAY_BUFFER = !root.JS_SHA3_NO_ARRAY_BUFFER && typeof ArrayBuffer !== 'undefined';
|
|
1062
|
-
var HEX_CHARS = '0123456789abcdef'.split('');
|
|
1063
|
-
var SHAKE_PADDING = [31, 7936, 2031616, 520093696];
|
|
1064
|
-
var CSHAKE_PADDING = [4, 1024, 262144, 67108864];
|
|
1065
|
-
var KECCAK_PADDING = [1, 256, 65536, 16777216];
|
|
1066
|
-
var PADDING = [6, 1536, 393216, 100663296];
|
|
1067
|
-
var SHIFT = [0, 8, 16, 24];
|
|
1068
|
-
var RC = [1, 0, 32898, 0, 32906, 2147483648, 2147516416, 2147483648, 32907, 0, 2147483649,
|
|
1069
|
-
0, 2147516545, 2147483648, 32777, 2147483648, 138, 0, 136, 0, 2147516425, 0,
|
|
1070
|
-
2147483658, 0, 2147516555, 0, 139, 2147483648, 32905, 2147483648, 32771,
|
|
1071
|
-
2147483648, 32770, 2147483648, 128, 2147483648, 32778, 0, 2147483658, 2147483648,
|
|
1072
|
-
2147516545, 2147483648, 32896, 2147483648, 2147483649, 0, 2147516424, 2147483648];
|
|
1073
|
-
var BITS = [224, 256, 384, 512];
|
|
1074
|
-
var SHAKE_BITS = [128, 256];
|
|
1075
|
-
var OUTPUT_TYPES = ['hex', 'buffer', 'arrayBuffer', 'array', 'digest'];
|
|
1076
|
-
var CSHAKE_BYTEPAD = {
|
|
1077
|
-
'128': 168,
|
|
1078
|
-
'256': 136
|
|
1079
|
-
};
|
|
1080
|
-
|
|
1081
|
-
if (root.JS_SHA3_NO_NODE_JS || !Array.isArray) {
|
|
1082
|
-
Array.isArray = function (obj) {
|
|
1083
|
-
return Object.prototype.toString.call(obj) === '[object Array]';
|
|
1084
|
-
};
|
|
1085
|
-
}
|
|
1086
|
-
|
|
1087
|
-
if (ARRAY_BUFFER && (root.JS_SHA3_NO_ARRAY_BUFFER_IS_VIEW || !ArrayBuffer.isView)) {
|
|
1088
|
-
ArrayBuffer.isView = function (obj) {
|
|
1089
|
-
return typeof obj === 'object' && obj.buffer && obj.buffer.constructor === ArrayBuffer;
|
|
1090
|
-
};
|
|
1091
|
-
}
|
|
1092
|
-
|
|
1093
|
-
var createOutputMethod = function (bits, padding, outputType) {
|
|
1094
|
-
return function (message) {
|
|
1095
|
-
return new Keccak(bits, padding, bits).update(message)[outputType]();
|
|
1096
|
-
};
|
|
1097
|
-
};
|
|
1098
|
-
|
|
1099
|
-
var createShakeOutputMethod = function (bits, padding, outputType) {
|
|
1100
|
-
return function (message, outputBits) {
|
|
1101
|
-
return new Keccak(bits, padding, outputBits).update(message)[outputType]();
|
|
1102
|
-
};
|
|
1103
|
-
};
|
|
1104
|
-
|
|
1105
|
-
var createCshakeOutputMethod = function (bits, padding, outputType) {
|
|
1106
|
-
return function (message, outputBits, n, s) {
|
|
1107
|
-
return methods['cshake' + bits].update(message, outputBits, n, s)[outputType]();
|
|
1108
|
-
};
|
|
1109
|
-
};
|
|
1110
|
-
|
|
1111
|
-
var createKmacOutputMethod = function (bits, padding, outputType) {
|
|
1112
|
-
return function (key, message, outputBits, s) {
|
|
1113
|
-
return methods['kmac' + bits].update(key, message, outputBits, s)[outputType]();
|
|
1114
|
-
};
|
|
1115
|
-
};
|
|
1116
|
-
|
|
1117
|
-
var createOutputMethods = function (method, createMethod, bits, padding) {
|
|
1118
|
-
for (var i = 0; i < OUTPUT_TYPES.length; ++i) {
|
|
1119
|
-
var type = OUTPUT_TYPES[i];
|
|
1120
|
-
method[type] = createMethod(bits, padding, type);
|
|
1121
|
-
}
|
|
1122
|
-
return method;
|
|
1123
|
-
};
|
|
1124
|
-
|
|
1125
|
-
var createMethod = function (bits, padding) {
|
|
1126
|
-
var method = createOutputMethod(bits, padding, 'hex');
|
|
1127
|
-
method.create = function () {
|
|
1128
|
-
return new Keccak(bits, padding, bits);
|
|
1129
|
-
};
|
|
1130
|
-
method.update = function (message) {
|
|
1131
|
-
return method.create().update(message);
|
|
1132
|
-
};
|
|
1133
|
-
return createOutputMethods(method, createOutputMethod, bits, padding);
|
|
1134
|
-
};
|
|
1135
|
-
|
|
1136
|
-
var createShakeMethod = function (bits, padding) {
|
|
1137
|
-
var method = createShakeOutputMethod(bits, padding, 'hex');
|
|
1138
|
-
method.create = function (outputBits) {
|
|
1139
|
-
return new Keccak(bits, padding, outputBits);
|
|
1140
|
-
};
|
|
1141
|
-
method.update = function (message, outputBits) {
|
|
1142
|
-
return method.create(outputBits).update(message);
|
|
1143
|
-
};
|
|
1144
|
-
return createOutputMethods(method, createShakeOutputMethod, bits, padding);
|
|
1145
|
-
};
|
|
1146
|
-
|
|
1147
|
-
var createCshakeMethod = function (bits, padding) {
|
|
1148
|
-
var w = CSHAKE_BYTEPAD[bits];
|
|
1149
|
-
var method = createCshakeOutputMethod(bits, padding, 'hex');
|
|
1150
|
-
method.create = function (outputBits, n, s) {
|
|
1151
|
-
if (!n && !s) {
|
|
1152
|
-
return methods['shake' + bits].create(outputBits);
|
|
1153
|
-
} else {
|
|
1154
|
-
return new Keccak(bits, padding, outputBits).bytepad([n, s], w);
|
|
1155
|
-
}
|
|
1156
|
-
};
|
|
1157
|
-
method.update = function (message, outputBits, n, s) {
|
|
1158
|
-
return method.create(outputBits, n, s).update(message);
|
|
1159
|
-
};
|
|
1160
|
-
return createOutputMethods(method, createCshakeOutputMethod, bits, padding);
|
|
1161
|
-
};
|
|
1162
|
-
|
|
1163
|
-
var createKmacMethod = function (bits, padding) {
|
|
1164
|
-
var w = CSHAKE_BYTEPAD[bits];
|
|
1165
|
-
var method = createKmacOutputMethod(bits, padding, 'hex');
|
|
1166
|
-
method.create = function (key, outputBits, s) {
|
|
1167
|
-
return new Kmac(bits, padding, outputBits).bytepad(['KMAC', s], w).bytepad([key], w);
|
|
1168
|
-
};
|
|
1169
|
-
method.update = function (key, message, outputBits, s) {
|
|
1170
|
-
return method.create(key, outputBits, s).update(message);
|
|
1171
|
-
};
|
|
1172
|
-
return createOutputMethods(method, createKmacOutputMethod, bits, padding);
|
|
1173
|
-
};
|
|
1174
|
-
|
|
1175
|
-
var algorithms = [
|
|
1176
|
-
{ name: 'keccak', padding: KECCAK_PADDING, bits: BITS, createMethod: createMethod },
|
|
1177
|
-
{ name: 'sha3', padding: PADDING, bits: BITS, createMethod: createMethod },
|
|
1178
|
-
{ name: 'shake', padding: SHAKE_PADDING, bits: SHAKE_BITS, createMethod: createShakeMethod },
|
|
1179
|
-
{ name: 'cshake', padding: CSHAKE_PADDING, bits: SHAKE_BITS, createMethod: createCshakeMethod },
|
|
1180
|
-
{ name: 'kmac', padding: CSHAKE_PADDING, bits: SHAKE_BITS, createMethod: createKmacMethod }
|
|
1181
|
-
];
|
|
1182
|
-
|
|
1183
|
-
var methods = {}, methodNames = [];
|
|
1184
|
-
|
|
1185
|
-
for (var i = 0; i < algorithms.length; ++i) {
|
|
1186
|
-
var algorithm = algorithms[i];
|
|
1187
|
-
var bits = algorithm.bits;
|
|
1188
|
-
for (var j = 0; j < bits.length; ++j) {
|
|
1189
|
-
var methodName = algorithm.name + '_' + bits[j];
|
|
1190
|
-
methodNames.push(methodName);
|
|
1191
|
-
methods[methodName] = algorithm.createMethod(bits[j], algorithm.padding);
|
|
1192
|
-
if (algorithm.name !== 'sha3') {
|
|
1193
|
-
var newMethodName = algorithm.name + bits[j];
|
|
1194
|
-
methodNames.push(newMethodName);
|
|
1195
|
-
methods[newMethodName] = methods[methodName];
|
|
1196
|
-
}
|
|
1197
|
-
}
|
|
1198
|
-
}
|
|
1199
|
-
|
|
1200
|
-
function Keccak(bits, padding, outputBits) {
|
|
1201
|
-
this.blocks = [];
|
|
1202
|
-
this.s = [];
|
|
1203
|
-
this.padding = padding;
|
|
1204
|
-
this.outputBits = outputBits;
|
|
1205
|
-
this.reset = true;
|
|
1206
|
-
this.finalized = false;
|
|
1207
|
-
this.block = 0;
|
|
1208
|
-
this.start = 0;
|
|
1209
|
-
this.blockCount = (1600 - (bits << 1)) >> 5;
|
|
1210
|
-
this.byteCount = this.blockCount << 2;
|
|
1211
|
-
this.outputBlocks = outputBits >> 5;
|
|
1212
|
-
this.extraBytes = (outputBits & 31) >> 3;
|
|
1213
|
-
|
|
1214
|
-
for (var i = 0; i < 50; ++i) {
|
|
1215
|
-
this.s[i] = 0;
|
|
1216
|
-
}
|
|
1217
|
-
}
|
|
1218
|
-
|
|
1219
|
-
Keccak.prototype.update = function (message) {
|
|
1220
|
-
if (this.finalized) {
|
|
1221
|
-
throw new Error(FINALIZE_ERROR);
|
|
1222
|
-
}
|
|
1223
|
-
var notString, type = typeof message;
|
|
1224
|
-
if (type !== 'string') {
|
|
1225
|
-
if (type === 'object') {
|
|
1226
|
-
if (message === null) {
|
|
1227
|
-
throw new Error(INPUT_ERROR);
|
|
1228
|
-
} else if (ARRAY_BUFFER && message.constructor === ArrayBuffer) {
|
|
1229
|
-
message = new Uint8Array(message);
|
|
1230
|
-
} else if (!Array.isArray(message)) {
|
|
1231
|
-
if (!ARRAY_BUFFER || !ArrayBuffer.isView(message)) {
|
|
1232
|
-
throw new Error(INPUT_ERROR);
|
|
1233
|
-
}
|
|
1234
|
-
}
|
|
1235
|
-
} else {
|
|
1236
|
-
throw new Error(INPUT_ERROR);
|
|
1237
|
-
}
|
|
1238
|
-
notString = true;
|
|
1239
|
-
}
|
|
1240
|
-
var blocks = this.blocks, byteCount = this.byteCount, length = message.length,
|
|
1241
|
-
blockCount = this.blockCount, index = 0, s = this.s, i, code;
|
|
1242
|
-
|
|
1243
|
-
while (index < length) {
|
|
1244
|
-
if (this.reset) {
|
|
1245
|
-
this.reset = false;
|
|
1246
|
-
blocks[0] = this.block;
|
|
1247
|
-
for (i = 1; i < blockCount + 1; ++i) {
|
|
1248
|
-
blocks[i] = 0;
|
|
1249
|
-
}
|
|
1250
|
-
}
|
|
1251
|
-
if (notString) {
|
|
1252
|
-
for (i = this.start; index < length && i < byteCount; ++index) {
|
|
1253
|
-
blocks[i >> 2] |= message[index] << SHIFT[i++ & 3];
|
|
1254
|
-
}
|
|
1255
|
-
} else {
|
|
1256
|
-
for (i = this.start; index < length && i < byteCount; ++index) {
|
|
1257
|
-
code = message.charCodeAt(index);
|
|
1258
|
-
if (code < 0x80) {
|
|
1259
|
-
blocks[i >> 2] |= code << SHIFT[i++ & 3];
|
|
1260
|
-
} else if (code < 0x800) {
|
|
1261
|
-
blocks[i >> 2] |= (0xc0 | (code >> 6)) << SHIFT[i++ & 3];
|
|
1262
|
-
blocks[i >> 2] |= (0x80 | (code & 0x3f)) << SHIFT[i++ & 3];
|
|
1263
|
-
} else if (code < 0xd800 || code >= 0xe000) {
|
|
1264
|
-
blocks[i >> 2] |= (0xe0 | (code >> 12)) << SHIFT[i++ & 3];
|
|
1265
|
-
blocks[i >> 2] |= (0x80 | ((code >> 6) & 0x3f)) << SHIFT[i++ & 3];
|
|
1266
|
-
blocks[i >> 2] |= (0x80 | (code & 0x3f)) << SHIFT[i++ & 3];
|
|
1267
|
-
} else {
|
|
1268
|
-
code = 0x10000 + (((code & 0x3ff) << 10) | (message.charCodeAt(++index) & 0x3ff));
|
|
1269
|
-
blocks[i >> 2] |= (0xf0 | (code >> 18)) << SHIFT[i++ & 3];
|
|
1270
|
-
blocks[i >> 2] |= (0x80 | ((code >> 12) & 0x3f)) << SHIFT[i++ & 3];
|
|
1271
|
-
blocks[i >> 2] |= (0x80 | ((code >> 6) & 0x3f)) << SHIFT[i++ & 3];
|
|
1272
|
-
blocks[i >> 2] |= (0x80 | (code & 0x3f)) << SHIFT[i++ & 3];
|
|
1273
|
-
}
|
|
1274
|
-
}
|
|
1275
|
-
}
|
|
1276
|
-
this.lastByteIndex = i;
|
|
1277
|
-
if (i >= byteCount) {
|
|
1278
|
-
this.start = i - byteCount;
|
|
1279
|
-
this.block = blocks[blockCount];
|
|
1280
|
-
for (i = 0; i < blockCount; ++i) {
|
|
1281
|
-
s[i] ^= blocks[i];
|
|
1282
|
-
}
|
|
1283
|
-
f(s);
|
|
1284
|
-
this.reset = true;
|
|
1285
|
-
} else {
|
|
1286
|
-
this.start = i;
|
|
1287
|
-
}
|
|
1288
|
-
}
|
|
1289
|
-
return this;
|
|
1290
|
-
};
|
|
1291
|
-
|
|
1292
|
-
Keccak.prototype.encode = function (x, right) {
|
|
1293
|
-
var o = x & 255, n = 1;
|
|
1294
|
-
var bytes = [o];
|
|
1295
|
-
x = x >> 8;
|
|
1296
|
-
o = x & 255;
|
|
1297
|
-
while (o > 0) {
|
|
1298
|
-
bytes.unshift(o);
|
|
1299
|
-
x = x >> 8;
|
|
1300
|
-
o = x & 255;
|
|
1301
|
-
++n;
|
|
1302
|
-
}
|
|
1303
|
-
if (right) {
|
|
1304
|
-
bytes.push(n);
|
|
1305
|
-
} else {
|
|
1306
|
-
bytes.unshift(n);
|
|
1307
|
-
}
|
|
1308
|
-
this.update(bytes);
|
|
1309
|
-
return bytes.length;
|
|
1310
|
-
};
|
|
1311
|
-
|
|
1312
|
-
Keccak.prototype.encodeString = function (str) {
|
|
1313
|
-
var notString, type = typeof str;
|
|
1314
|
-
if (type !== 'string') {
|
|
1315
|
-
if (type === 'object') {
|
|
1316
|
-
if (str === null) {
|
|
1317
|
-
throw new Error(INPUT_ERROR);
|
|
1318
|
-
} else if (ARRAY_BUFFER && str.constructor === ArrayBuffer) {
|
|
1319
|
-
str = new Uint8Array(str);
|
|
1320
|
-
} else if (!Array.isArray(str)) {
|
|
1321
|
-
if (!ARRAY_BUFFER || !ArrayBuffer.isView(str)) {
|
|
1322
|
-
throw new Error(INPUT_ERROR);
|
|
1323
|
-
}
|
|
1324
|
-
}
|
|
1325
|
-
} else {
|
|
1326
|
-
throw new Error(INPUT_ERROR);
|
|
1327
|
-
}
|
|
1328
|
-
notString = true;
|
|
1329
|
-
}
|
|
1330
|
-
var bytes = 0, length = str.length;
|
|
1331
|
-
if (notString) {
|
|
1332
|
-
bytes = length;
|
|
1333
|
-
} else {
|
|
1334
|
-
for (var i = 0; i < str.length; ++i) {
|
|
1335
|
-
var code = str.charCodeAt(i);
|
|
1336
|
-
if (code < 0x80) {
|
|
1337
|
-
bytes += 1;
|
|
1338
|
-
} else if (code < 0x800) {
|
|
1339
|
-
bytes += 2;
|
|
1340
|
-
} else if (code < 0xd800 || code >= 0xe000) {
|
|
1341
|
-
bytes += 3;
|
|
1342
|
-
} else {
|
|
1343
|
-
code = 0x10000 + (((code & 0x3ff) << 10) | (str.charCodeAt(++i) & 0x3ff));
|
|
1344
|
-
bytes += 4;
|
|
1345
|
-
}
|
|
1346
|
-
}
|
|
1347
|
-
}
|
|
1348
|
-
bytes += this.encode(bytes * 8);
|
|
1349
|
-
this.update(str);
|
|
1350
|
-
return bytes;
|
|
1351
|
-
};
|
|
1352
|
-
|
|
1353
|
-
Keccak.prototype.bytepad = function (strs, w) {
|
|
1354
|
-
var bytes = this.encode(w);
|
|
1355
|
-
for (var i = 0; i < strs.length; ++i) {
|
|
1356
|
-
bytes += this.encodeString(strs[i]);
|
|
1357
|
-
}
|
|
1358
|
-
var paddingBytes = w - bytes % w;
|
|
1359
|
-
var zeros = [];
|
|
1360
|
-
zeros.length = paddingBytes;
|
|
1361
|
-
this.update(zeros);
|
|
1362
|
-
return this;
|
|
1363
|
-
};
|
|
1364
|
-
|
|
1365
|
-
Keccak.prototype.finalize = function () {
|
|
1366
|
-
if (this.finalized) {
|
|
1367
|
-
return;
|
|
1368
|
-
}
|
|
1369
|
-
this.finalized = true;
|
|
1370
|
-
var blocks = this.blocks, i = this.lastByteIndex, blockCount = this.blockCount, s = this.s;
|
|
1371
|
-
blocks[i >> 2] |= this.padding[i & 3];
|
|
1372
|
-
if (this.lastByteIndex === this.byteCount) {
|
|
1373
|
-
blocks[0] = blocks[blockCount];
|
|
1374
|
-
for (i = 1; i < blockCount + 1; ++i) {
|
|
1375
|
-
blocks[i] = 0;
|
|
1376
|
-
}
|
|
1377
|
-
}
|
|
1378
|
-
blocks[blockCount - 1] |= 0x80000000;
|
|
1379
|
-
for (i = 0; i < blockCount; ++i) {
|
|
1380
|
-
s[i] ^= blocks[i];
|
|
1381
|
-
}
|
|
1382
|
-
f(s);
|
|
1383
|
-
};
|
|
1384
|
-
|
|
1385
|
-
Keccak.prototype.toString = Keccak.prototype.hex = function () {
|
|
1386
|
-
this.finalize();
|
|
1387
|
-
|
|
1388
|
-
var blockCount = this.blockCount, s = this.s, outputBlocks = this.outputBlocks,
|
|
1389
|
-
extraBytes = this.extraBytes, i = 0, j = 0;
|
|
1390
|
-
var hex = '', block;
|
|
1391
|
-
while (j < outputBlocks) {
|
|
1392
|
-
for (i = 0; i < blockCount && j < outputBlocks; ++i, ++j) {
|
|
1393
|
-
block = s[i];
|
|
1394
|
-
hex += HEX_CHARS[(block >> 4) & 0x0F] + HEX_CHARS[block & 0x0F] +
|
|
1395
|
-
HEX_CHARS[(block >> 12) & 0x0F] + HEX_CHARS[(block >> 8) & 0x0F] +
|
|
1396
|
-
HEX_CHARS[(block >> 20) & 0x0F] + HEX_CHARS[(block >> 16) & 0x0F] +
|
|
1397
|
-
HEX_CHARS[(block >> 28) & 0x0F] + HEX_CHARS[(block >> 24) & 0x0F];
|
|
1398
|
-
}
|
|
1399
|
-
if (j % blockCount === 0) {
|
|
1400
|
-
f(s);
|
|
1401
|
-
i = 0;
|
|
1402
|
-
}
|
|
1403
|
-
}
|
|
1404
|
-
if (extraBytes) {
|
|
1405
|
-
block = s[i];
|
|
1406
|
-
hex += HEX_CHARS[(block >> 4) & 0x0F] + HEX_CHARS[block & 0x0F];
|
|
1407
|
-
if (extraBytes > 1) {
|
|
1408
|
-
hex += HEX_CHARS[(block >> 12) & 0x0F] + HEX_CHARS[(block >> 8) & 0x0F];
|
|
1409
|
-
}
|
|
1410
|
-
if (extraBytes > 2) {
|
|
1411
|
-
hex += HEX_CHARS[(block >> 20) & 0x0F] + HEX_CHARS[(block >> 16) & 0x0F];
|
|
1412
|
-
}
|
|
1413
|
-
}
|
|
1414
|
-
return hex;
|
|
1415
|
-
};
|
|
1416
|
-
|
|
1417
|
-
Keccak.prototype.arrayBuffer = function () {
|
|
1418
|
-
this.finalize();
|
|
1419
|
-
|
|
1420
|
-
var blockCount = this.blockCount, s = this.s, outputBlocks = this.outputBlocks,
|
|
1421
|
-
extraBytes = this.extraBytes, i = 0, j = 0;
|
|
1422
|
-
var bytes = this.outputBits >> 3;
|
|
1423
|
-
var buffer;
|
|
1424
|
-
if (extraBytes) {
|
|
1425
|
-
buffer = new ArrayBuffer((outputBlocks + 1) << 2);
|
|
1426
|
-
} else {
|
|
1427
|
-
buffer = new ArrayBuffer(bytes);
|
|
1428
|
-
}
|
|
1429
|
-
var array = new Uint32Array(buffer);
|
|
1430
|
-
while (j < outputBlocks) {
|
|
1431
|
-
for (i = 0; i < blockCount && j < outputBlocks; ++i, ++j) {
|
|
1432
|
-
array[j] = s[i];
|
|
1433
|
-
}
|
|
1434
|
-
if (j % blockCount === 0) {
|
|
1435
|
-
f(s);
|
|
1436
|
-
}
|
|
1437
|
-
}
|
|
1438
|
-
if (extraBytes) {
|
|
1439
|
-
array[i] = s[i];
|
|
1440
|
-
buffer = buffer.slice(0, bytes);
|
|
1441
|
-
}
|
|
1442
|
-
return buffer;
|
|
1443
|
-
};
|
|
1444
|
-
|
|
1445
|
-
Keccak.prototype.buffer = Keccak.prototype.arrayBuffer;
|
|
1446
|
-
|
|
1447
|
-
Keccak.prototype.digest = Keccak.prototype.array = function () {
|
|
1448
|
-
this.finalize();
|
|
1449
|
-
|
|
1450
|
-
var blockCount = this.blockCount, s = this.s, outputBlocks = this.outputBlocks,
|
|
1451
|
-
extraBytes = this.extraBytes, i = 0, j = 0;
|
|
1452
|
-
var array = [], offset, block;
|
|
1453
|
-
while (j < outputBlocks) {
|
|
1454
|
-
for (i = 0; i < blockCount && j < outputBlocks; ++i, ++j) {
|
|
1455
|
-
offset = j << 2;
|
|
1456
|
-
block = s[i];
|
|
1457
|
-
array[offset] = block & 0xFF;
|
|
1458
|
-
array[offset + 1] = (block >> 8) & 0xFF;
|
|
1459
|
-
array[offset + 2] = (block >> 16) & 0xFF;
|
|
1460
|
-
array[offset + 3] = (block >> 24) & 0xFF;
|
|
1461
|
-
}
|
|
1462
|
-
if (j % blockCount === 0) {
|
|
1463
|
-
f(s);
|
|
1464
|
-
}
|
|
1465
|
-
}
|
|
1466
|
-
if (extraBytes) {
|
|
1467
|
-
offset = j << 2;
|
|
1468
|
-
block = s[i];
|
|
1469
|
-
array[offset] = block & 0xFF;
|
|
1470
|
-
if (extraBytes > 1) {
|
|
1471
|
-
array[offset + 1] = (block >> 8) & 0xFF;
|
|
1472
|
-
}
|
|
1473
|
-
if (extraBytes > 2) {
|
|
1474
|
-
array[offset + 2] = (block >> 16) & 0xFF;
|
|
1475
|
-
}
|
|
1476
|
-
}
|
|
1477
|
-
return array;
|
|
1478
|
-
};
|
|
1479
|
-
|
|
1480
|
-
function Kmac(bits, padding, outputBits) {
|
|
1481
|
-
Keccak.call(this, bits, padding, outputBits);
|
|
1482
|
-
}
|
|
1483
|
-
|
|
1484
|
-
Kmac.prototype = new Keccak();
|
|
1485
|
-
|
|
1486
|
-
Kmac.prototype.finalize = function () {
|
|
1487
|
-
this.encode(this.outputBits, true);
|
|
1488
|
-
return Keccak.prototype.finalize.call(this);
|
|
1489
|
-
};
|
|
1490
|
-
|
|
1491
|
-
var f = function (s) {
|
|
1492
|
-
var h, l, n, c0, c1, c2, c3, c4, c5, c6, c7, c8, c9,
|
|
1493
|
-
b0, b1, b2, b3, b4, b5, b6, b7, b8, b9, b10, b11, b12, b13, b14, b15, b16, b17,
|
|
1494
|
-
b18, b19, b20, b21, b22, b23, b24, b25, b26, b27, b28, b29, b30, b31, b32, b33,
|
|
1495
|
-
b34, b35, b36, b37, b38, b39, b40, b41, b42, b43, b44, b45, b46, b47, b48, b49;
|
|
1496
|
-
for (n = 0; n < 48; n += 2) {
|
|
1497
|
-
c0 = s[0] ^ s[10] ^ s[20] ^ s[30] ^ s[40];
|
|
1498
|
-
c1 = s[1] ^ s[11] ^ s[21] ^ s[31] ^ s[41];
|
|
1499
|
-
c2 = s[2] ^ s[12] ^ s[22] ^ s[32] ^ s[42];
|
|
1500
|
-
c3 = s[3] ^ s[13] ^ s[23] ^ s[33] ^ s[43];
|
|
1501
|
-
c4 = s[4] ^ s[14] ^ s[24] ^ s[34] ^ s[44];
|
|
1502
|
-
c5 = s[5] ^ s[15] ^ s[25] ^ s[35] ^ s[45];
|
|
1503
|
-
c6 = s[6] ^ s[16] ^ s[26] ^ s[36] ^ s[46];
|
|
1504
|
-
c7 = s[7] ^ s[17] ^ s[27] ^ s[37] ^ s[47];
|
|
1505
|
-
c8 = s[8] ^ s[18] ^ s[28] ^ s[38] ^ s[48];
|
|
1506
|
-
c9 = s[9] ^ s[19] ^ s[29] ^ s[39] ^ s[49];
|
|
1507
|
-
|
|
1508
|
-
h = c8 ^ ((c2 << 1) | (c3 >>> 31));
|
|
1509
|
-
l = c9 ^ ((c3 << 1) | (c2 >>> 31));
|
|
1510
|
-
s[0] ^= h;
|
|
1511
|
-
s[1] ^= l;
|
|
1512
|
-
s[10] ^= h;
|
|
1513
|
-
s[11] ^= l;
|
|
1514
|
-
s[20] ^= h;
|
|
1515
|
-
s[21] ^= l;
|
|
1516
|
-
s[30] ^= h;
|
|
1517
|
-
s[31] ^= l;
|
|
1518
|
-
s[40] ^= h;
|
|
1519
|
-
s[41] ^= l;
|
|
1520
|
-
h = c0 ^ ((c4 << 1) | (c5 >>> 31));
|
|
1521
|
-
l = c1 ^ ((c5 << 1) | (c4 >>> 31));
|
|
1522
|
-
s[2] ^= h;
|
|
1523
|
-
s[3] ^= l;
|
|
1524
|
-
s[12] ^= h;
|
|
1525
|
-
s[13] ^= l;
|
|
1526
|
-
s[22] ^= h;
|
|
1527
|
-
s[23] ^= l;
|
|
1528
|
-
s[32] ^= h;
|
|
1529
|
-
s[33] ^= l;
|
|
1530
|
-
s[42] ^= h;
|
|
1531
|
-
s[43] ^= l;
|
|
1532
|
-
h = c2 ^ ((c6 << 1) | (c7 >>> 31));
|
|
1533
|
-
l = c3 ^ ((c7 << 1) | (c6 >>> 31));
|
|
1534
|
-
s[4] ^= h;
|
|
1535
|
-
s[5] ^= l;
|
|
1536
|
-
s[14] ^= h;
|
|
1537
|
-
s[15] ^= l;
|
|
1538
|
-
s[24] ^= h;
|
|
1539
|
-
s[25] ^= l;
|
|
1540
|
-
s[34] ^= h;
|
|
1541
|
-
s[35] ^= l;
|
|
1542
|
-
s[44] ^= h;
|
|
1543
|
-
s[45] ^= l;
|
|
1544
|
-
h = c4 ^ ((c8 << 1) | (c9 >>> 31));
|
|
1545
|
-
l = c5 ^ ((c9 << 1) | (c8 >>> 31));
|
|
1546
|
-
s[6] ^= h;
|
|
1547
|
-
s[7] ^= l;
|
|
1548
|
-
s[16] ^= h;
|
|
1549
|
-
s[17] ^= l;
|
|
1550
|
-
s[26] ^= h;
|
|
1551
|
-
s[27] ^= l;
|
|
1552
|
-
s[36] ^= h;
|
|
1553
|
-
s[37] ^= l;
|
|
1554
|
-
s[46] ^= h;
|
|
1555
|
-
s[47] ^= l;
|
|
1556
|
-
h = c6 ^ ((c0 << 1) | (c1 >>> 31));
|
|
1557
|
-
l = c7 ^ ((c1 << 1) | (c0 >>> 31));
|
|
1558
|
-
s[8] ^= h;
|
|
1559
|
-
s[9] ^= l;
|
|
1560
|
-
s[18] ^= h;
|
|
1561
|
-
s[19] ^= l;
|
|
1562
|
-
s[28] ^= h;
|
|
1563
|
-
s[29] ^= l;
|
|
1564
|
-
s[38] ^= h;
|
|
1565
|
-
s[39] ^= l;
|
|
1566
|
-
s[48] ^= h;
|
|
1567
|
-
s[49] ^= l;
|
|
1568
|
-
|
|
1569
|
-
b0 = s[0];
|
|
1570
|
-
b1 = s[1];
|
|
1571
|
-
b32 = (s[11] << 4) | (s[10] >>> 28);
|
|
1572
|
-
b33 = (s[10] << 4) | (s[11] >>> 28);
|
|
1573
|
-
b14 = (s[20] << 3) | (s[21] >>> 29);
|
|
1574
|
-
b15 = (s[21] << 3) | (s[20] >>> 29);
|
|
1575
|
-
b46 = (s[31] << 9) | (s[30] >>> 23);
|
|
1576
|
-
b47 = (s[30] << 9) | (s[31] >>> 23);
|
|
1577
|
-
b28 = (s[40] << 18) | (s[41] >>> 14);
|
|
1578
|
-
b29 = (s[41] << 18) | (s[40] >>> 14);
|
|
1579
|
-
b20 = (s[2] << 1) | (s[3] >>> 31);
|
|
1580
|
-
b21 = (s[3] << 1) | (s[2] >>> 31);
|
|
1581
|
-
b2 = (s[13] << 12) | (s[12] >>> 20);
|
|
1582
|
-
b3 = (s[12] << 12) | (s[13] >>> 20);
|
|
1583
|
-
b34 = (s[22] << 10) | (s[23] >>> 22);
|
|
1584
|
-
b35 = (s[23] << 10) | (s[22] >>> 22);
|
|
1585
|
-
b16 = (s[33] << 13) | (s[32] >>> 19);
|
|
1586
|
-
b17 = (s[32] << 13) | (s[33] >>> 19);
|
|
1587
|
-
b48 = (s[42] << 2) | (s[43] >>> 30);
|
|
1588
|
-
b49 = (s[43] << 2) | (s[42] >>> 30);
|
|
1589
|
-
b40 = (s[5] << 30) | (s[4] >>> 2);
|
|
1590
|
-
b41 = (s[4] << 30) | (s[5] >>> 2);
|
|
1591
|
-
b22 = (s[14] << 6) | (s[15] >>> 26);
|
|
1592
|
-
b23 = (s[15] << 6) | (s[14] >>> 26);
|
|
1593
|
-
b4 = (s[25] << 11) | (s[24] >>> 21);
|
|
1594
|
-
b5 = (s[24] << 11) | (s[25] >>> 21);
|
|
1595
|
-
b36 = (s[34] << 15) | (s[35] >>> 17);
|
|
1596
|
-
b37 = (s[35] << 15) | (s[34] >>> 17);
|
|
1597
|
-
b18 = (s[45] << 29) | (s[44] >>> 3);
|
|
1598
|
-
b19 = (s[44] << 29) | (s[45] >>> 3);
|
|
1599
|
-
b10 = (s[6] << 28) | (s[7] >>> 4);
|
|
1600
|
-
b11 = (s[7] << 28) | (s[6] >>> 4);
|
|
1601
|
-
b42 = (s[17] << 23) | (s[16] >>> 9);
|
|
1602
|
-
b43 = (s[16] << 23) | (s[17] >>> 9);
|
|
1603
|
-
b24 = (s[26] << 25) | (s[27] >>> 7);
|
|
1604
|
-
b25 = (s[27] << 25) | (s[26] >>> 7);
|
|
1605
|
-
b6 = (s[36] << 21) | (s[37] >>> 11);
|
|
1606
|
-
b7 = (s[37] << 21) | (s[36] >>> 11);
|
|
1607
|
-
b38 = (s[47] << 24) | (s[46] >>> 8);
|
|
1608
|
-
b39 = (s[46] << 24) | (s[47] >>> 8);
|
|
1609
|
-
b30 = (s[8] << 27) | (s[9] >>> 5);
|
|
1610
|
-
b31 = (s[9] << 27) | (s[8] >>> 5);
|
|
1611
|
-
b12 = (s[18] << 20) | (s[19] >>> 12);
|
|
1612
|
-
b13 = (s[19] << 20) | (s[18] >>> 12);
|
|
1613
|
-
b44 = (s[29] << 7) | (s[28] >>> 25);
|
|
1614
|
-
b45 = (s[28] << 7) | (s[29] >>> 25);
|
|
1615
|
-
b26 = (s[38] << 8) | (s[39] >>> 24);
|
|
1616
|
-
b27 = (s[39] << 8) | (s[38] >>> 24);
|
|
1617
|
-
b8 = (s[48] << 14) | (s[49] >>> 18);
|
|
1618
|
-
b9 = (s[49] << 14) | (s[48] >>> 18);
|
|
1619
|
-
|
|
1620
|
-
s[0] = b0 ^ (~b2 & b4);
|
|
1621
|
-
s[1] = b1 ^ (~b3 & b5);
|
|
1622
|
-
s[10] = b10 ^ (~b12 & b14);
|
|
1623
|
-
s[11] = b11 ^ (~b13 & b15);
|
|
1624
|
-
s[20] = b20 ^ (~b22 & b24);
|
|
1625
|
-
s[21] = b21 ^ (~b23 & b25);
|
|
1626
|
-
s[30] = b30 ^ (~b32 & b34);
|
|
1627
|
-
s[31] = b31 ^ (~b33 & b35);
|
|
1628
|
-
s[40] = b40 ^ (~b42 & b44);
|
|
1629
|
-
s[41] = b41 ^ (~b43 & b45);
|
|
1630
|
-
s[2] = b2 ^ (~b4 & b6);
|
|
1631
|
-
s[3] = b3 ^ (~b5 & b7);
|
|
1632
|
-
s[12] = b12 ^ (~b14 & b16);
|
|
1633
|
-
s[13] = b13 ^ (~b15 & b17);
|
|
1634
|
-
s[22] = b22 ^ (~b24 & b26);
|
|
1635
|
-
s[23] = b23 ^ (~b25 & b27);
|
|
1636
|
-
s[32] = b32 ^ (~b34 & b36);
|
|
1637
|
-
s[33] = b33 ^ (~b35 & b37);
|
|
1638
|
-
s[42] = b42 ^ (~b44 & b46);
|
|
1639
|
-
s[43] = b43 ^ (~b45 & b47);
|
|
1640
|
-
s[4] = b4 ^ (~b6 & b8);
|
|
1641
|
-
s[5] = b5 ^ (~b7 & b9);
|
|
1642
|
-
s[14] = b14 ^ (~b16 & b18);
|
|
1643
|
-
s[15] = b15 ^ (~b17 & b19);
|
|
1644
|
-
s[24] = b24 ^ (~b26 & b28);
|
|
1645
|
-
s[25] = b25 ^ (~b27 & b29);
|
|
1646
|
-
s[34] = b34 ^ (~b36 & b38);
|
|
1647
|
-
s[35] = b35 ^ (~b37 & b39);
|
|
1648
|
-
s[44] = b44 ^ (~b46 & b48);
|
|
1649
|
-
s[45] = b45 ^ (~b47 & b49);
|
|
1650
|
-
s[6] = b6 ^ (~b8 & b0);
|
|
1651
|
-
s[7] = b7 ^ (~b9 & b1);
|
|
1652
|
-
s[16] = b16 ^ (~b18 & b10);
|
|
1653
|
-
s[17] = b17 ^ (~b19 & b11);
|
|
1654
|
-
s[26] = b26 ^ (~b28 & b20);
|
|
1655
|
-
s[27] = b27 ^ (~b29 & b21);
|
|
1656
|
-
s[36] = b36 ^ (~b38 & b30);
|
|
1657
|
-
s[37] = b37 ^ (~b39 & b31);
|
|
1658
|
-
s[46] = b46 ^ (~b48 & b40);
|
|
1659
|
-
s[47] = b47 ^ (~b49 & b41);
|
|
1660
|
-
s[8] = b8 ^ (~b0 & b2);
|
|
1661
|
-
s[9] = b9 ^ (~b1 & b3);
|
|
1662
|
-
s[18] = b18 ^ (~b10 & b12);
|
|
1663
|
-
s[19] = b19 ^ (~b11 & b13);
|
|
1664
|
-
s[28] = b28 ^ (~b20 & b22);
|
|
1665
|
-
s[29] = b29 ^ (~b21 & b23);
|
|
1666
|
-
s[38] = b38 ^ (~b30 & b32);
|
|
1667
|
-
s[39] = b39 ^ (~b31 & b33);
|
|
1668
|
-
s[48] = b48 ^ (~b40 & b42);
|
|
1669
|
-
s[49] = b49 ^ (~b41 & b43);
|
|
1670
|
-
|
|
1671
|
-
s[0] ^= RC[n];
|
|
1672
|
-
s[1] ^= RC[n + 1];
|
|
1673
|
-
}
|
|
1674
|
-
};
|
|
1675
|
-
|
|
1676
|
-
if (COMMON_JS) {
|
|
1677
|
-
module.exports = methods;
|
|
1678
|
-
} else {
|
|
1679
|
-
for (i = 0; i < methodNames.length; ++i) {
|
|
1680
|
-
root[methodNames[i]] = methods[methodNames[i]];
|
|
1681
|
-
}
|
|
1682
|
-
}
|
|
1683
|
-
})();
|
|
1684
|
-
} (sha3$1));
|
|
1685
|
-
|
|
1686
|
-
var sha3 = sha3$1.exports;
|
|
1687
|
-
|
|
1688
|
-
const Symmetric = {
|
|
1689
|
-
keySize: 32,
|
|
1690
|
-
ivSize: 12,
|
|
1691
|
-
tagSize: 16,
|
|
1692
|
-
algorithm: { name: "AES-GCM", length: 128 },
|
|
1693
|
-
};
|
|
1694
|
-
const Asymmetric = {
|
|
1695
|
-
keySize: 32,
|
|
1696
|
-
};
|
|
1697
|
-
|
|
1698
|
-
const crypto = {
|
|
1699
|
-
node: nodeCrypto,
|
|
1700
|
-
web: typeof self === "object" && "crypto" in self ? self.crypto : undefined,
|
|
1701
|
-
};
|
|
1702
|
-
function getSubtle() {
|
|
1703
|
-
if (crypto.web) {
|
|
1704
|
-
return crypto.web.subtle;
|
|
1705
|
-
}
|
|
1706
|
-
else if (crypto.node) {
|
|
1707
|
-
return crypto.node.webcrypto.subtle;
|
|
1708
|
-
}
|
|
1709
|
-
else {
|
|
1710
|
-
throw new Error("The environment doesn't have Crypto Subtle API (if in the browser, be sure to use to be in a secure context, ie, https)");
|
|
1711
|
-
}
|
|
1712
|
-
}
|
|
1713
|
-
const randomBytes = utils.randomBytes;
|
|
1714
|
-
const sha256 = utils.sha256;
|
|
1715
|
-
/**
|
|
1716
|
-
* Generate a new private key to be used for asymmetric encryption.
|
|
1717
|
-
*
|
|
1718
|
-
* Use {@link getPublicKey} to get the corresponding Public Key.
|
|
1719
|
-
*/
|
|
1720
|
-
function generatePrivateKey() {
|
|
1721
|
-
return randomBytes(Asymmetric.keySize);
|
|
1722
|
-
}
|
|
1723
|
-
/**
|
|
1724
|
-
* Generate a new symmetric key to be used for symmetric encryption.
|
|
1725
|
-
*/
|
|
1726
|
-
function generateSymmetricKey() {
|
|
1727
|
-
return randomBytes(Symmetric.keySize);
|
|
1728
|
-
}
|
|
1729
|
-
/**
|
|
1730
|
-
* Return the public key for the given private key, to be used for asymmetric
|
|
1731
|
-
* encryption.
|
|
1732
|
-
*/
|
|
1733
|
-
const getPublicKey = getPublicKey$1;
|
|
1734
|
-
/**
|
|
1735
|
-
* ECDSA Sign a message with the given private key.
|
|
1736
|
-
*
|
|
1737
|
-
* @param message The message to sign, usually a hash.
|
|
1738
|
-
* @param privateKey The ECDSA private key to use to sign the message.
|
|
1739
|
-
*
|
|
1740
|
-
* @returns The signature and the recovery id concatenated.
|
|
1741
|
-
*/
|
|
1742
|
-
async function sign(message, privateKey) {
|
|
1743
|
-
const [signature, recoveryId] = await sign$1(message, privateKey, {
|
|
1744
|
-
recovered: true,
|
|
1745
|
-
der: false,
|
|
1746
|
-
});
|
|
1747
|
-
return concat([signature, new Uint8Array([recoveryId])], signature.length + 1);
|
|
1748
|
-
}
|
|
1749
|
-
function keccak256(input) {
|
|
1750
|
-
return new Uint8Array(sha3.keccak256.arrayBuffer(input));
|
|
1751
|
-
}
|
|
1752
|
-
function compressPublicKey(publicKey) {
|
|
1753
|
-
if (publicKey.length === 64) {
|
|
1754
|
-
publicKey = concat([new Uint8Array([4]), publicKey], 65);
|
|
1755
|
-
}
|
|
1756
|
-
const point = Point.fromHex(publicKey);
|
|
1757
|
-
return point.toRawBytes(true);
|
|
1758
|
-
}
|
|
1759
|
-
/**
|
|
1760
|
-
* Verify an ECDSA signature.
|
|
1761
|
-
*/
|
|
1762
|
-
function verifySignature(signature, message, publicKey) {
|
|
1763
|
-
try {
|
|
1764
|
-
const _signature = Signature.fromCompact(signature.slice(0, 64));
|
|
1765
|
-
return verify(_signature, message, publicKey);
|
|
1766
|
-
}
|
|
1767
|
-
catch {
|
|
1768
|
-
return false;
|
|
1769
|
-
}
|
|
1770
|
-
}
|
|
1771
|
-
|
|
1772
|
-
export { Point as P, Symmetric as S, generateSymmetricKey as a, getPublicKey as b, getPublicKey$1 as c, compressPublicKey as d, verifySignature as e, sha256 as f, generatePrivateKey as g, getSubtle as h, getSharedSecret as i, sign as j, keccak256 as k, Signature as l, recoverPublicKey as m, nodeCrypto$1 as n, randomBytes as r, sign$1 as s, utils as u, verify as v };
|