react-native-ble-mesh 1.1.1 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +288 -172
- package/docs/IOS-BACKGROUND-BLE.md +231 -0
- package/docs/OPTIMIZATION.md +70 -0
- package/docs/SPEC-v2.1.md +308 -0
- package/package.json +1 -1
- package/src/MeshNetwork.js +659 -465
- package/src/constants/index.js +1 -0
- package/src/crypto/AutoCrypto.js +79 -0
- package/src/crypto/CryptoProvider.js +99 -0
- package/src/crypto/index.js +15 -63
- package/src/crypto/providers/ExpoCryptoProvider.js +125 -0
- package/src/crypto/providers/QuickCryptoProvider.js +134 -0
- package/src/crypto/providers/TweetNaClProvider.js +124 -0
- package/src/crypto/providers/index.js +11 -0
- package/src/errors/MeshError.js +2 -1
- package/src/expo/withBLEMesh.js +102 -0
- package/src/hooks/useMesh.js +30 -9
- package/src/hooks/useMessages.js +2 -0
- package/src/index.js +23 -8
- package/src/mesh/dedup/DedupManager.js +36 -10
- package/src/mesh/fragment/Assembler.js +5 -0
- package/src/mesh/index.js +1 -1
- package/src/mesh/monitor/ConnectionQuality.js +408 -0
- package/src/mesh/monitor/NetworkMonitor.js +327 -316
- package/src/mesh/monitor/index.js +7 -3
- package/src/mesh/peer/PeerManager.js +6 -1
- package/src/mesh/router/MessageRouter.js +26 -15
- package/src/mesh/router/RouteTable.js +7 -1
- package/src/mesh/store/StoreAndForwardManager.js +295 -297
- package/src/mesh/store/index.js +1 -1
- package/src/service/BatteryOptimizer.js +282 -278
- package/src/service/EmergencyManager.js +224 -214
- package/src/service/HandshakeManager.js +167 -13
- package/src/service/MeshService.js +72 -6
- package/src/service/SessionManager.js +77 -2
- package/src/service/audio/AudioManager.js +8 -2
- package/src/service/file/FileAssembler.js +106 -0
- package/src/service/file/FileChunker.js +79 -0
- package/src/service/file/FileManager.js +307 -0
- package/src/service/file/FileMessage.js +122 -0
- package/src/service/file/index.js +15 -0
- package/src/service/text/broadcast/BroadcastManager.js +16 -0
- package/src/transport/BLETransport.js +131 -9
- package/src/transport/MockTransport.js +1 -1
- package/src/transport/MultiTransport.js +305 -0
- package/src/transport/WiFiDirectTransport.js +295 -0
- package/src/transport/adapters/NodeBLEAdapter.js +34 -0
- package/src/transport/adapters/RNBLEAdapter.js +56 -1
- package/src/transport/index.js +6 -0
- package/src/utils/compression.js +291 -291
- package/src/crypto/aead.js +0 -189
- package/src/crypto/chacha20.js +0 -181
- package/src/crypto/hkdf.js +0 -187
- package/src/crypto/hmac.js +0 -143
- package/src/crypto/keys/KeyManager.js +0 -271
- package/src/crypto/keys/KeyPair.js +0 -216
- package/src/crypto/keys/SecureStorage.js +0 -219
- package/src/crypto/keys/index.js +0 -32
- package/src/crypto/noise/handshake.js +0 -410
- package/src/crypto/noise/index.js +0 -27
- package/src/crypto/noise/session.js +0 -253
- package/src/crypto/noise/state.js +0 -268
- package/src/crypto/poly1305.js +0 -113
- package/src/crypto/sha256.js +0 -240
- package/src/crypto/x25519.js +0 -154
package/src/crypto/sha256.js
DELETED
|
@@ -1,240 +0,0 @@
|
|
|
1
|
-
'use strict';
|
|
2
|
-
|
|
3
|
-
/**
|
|
4
|
-
* SHA-256 Hash Function (FIPS 180-4)
|
|
5
|
-
* Pure JavaScript implementation for BLE Mesh Network
|
|
6
|
-
* @module crypto/sha256
|
|
7
|
-
*/
|
|
8
|
-
|
|
9
|
-
/**
|
|
10
|
-
* SHA-256 round constants K[64]
|
|
11
|
-
* First 32 bits of fractional parts of cube roots of first 64 primes
|
|
12
|
-
* @type {Uint32Array}
|
|
13
|
-
*/
|
|
14
|
-
const K = new Uint32Array([
|
|
15
|
-
0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
|
|
16
|
-
0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
|
|
17
|
-
0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
|
|
18
|
-
0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
|
|
19
|
-
0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
|
|
20
|
-
0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
|
|
21
|
-
0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
|
|
22
|
-
0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
|
|
23
|
-
0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
|
|
24
|
-
0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
|
|
25
|
-
0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
|
|
26
|
-
0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
|
|
27
|
-
0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
|
|
28
|
-
0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
|
|
29
|
-
0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
|
|
30
|
-
0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
|
|
31
|
-
]);
|
|
32
|
-
|
|
33
|
-
/**
|
|
34
|
-
* Initial hash values H[8]
|
|
35
|
-
* First 32 bits of fractional parts of square roots of first 8 primes
|
|
36
|
-
* @type {Uint32Array}
|
|
37
|
-
*/
|
|
38
|
-
const H_INIT = new Uint32Array([
|
|
39
|
-
0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a,
|
|
40
|
-
0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19
|
|
41
|
-
]);
|
|
42
|
-
|
|
43
|
-
/**
|
|
44
|
-
* Right rotate a 32-bit integer
|
|
45
|
-
* @param {number} x - Value to rotate
|
|
46
|
-
* @param {number} n - Bits to rotate
|
|
47
|
-
* @returns {number} Rotated value
|
|
48
|
-
*/
|
|
49
|
-
function rotr(x, n) {
|
|
50
|
-
return ((x >>> n) | (x << (32 - n))) >>> 0;
|
|
51
|
-
}
|
|
52
|
-
|
|
53
|
-
/**
|
|
54
|
-
* SHA-256 compression function
|
|
55
|
-
* Processes a single 512-bit block
|
|
56
|
-
* @param {Uint32Array} H - Current hash state (8 words)
|
|
57
|
-
* @param {Uint32Array} W - Message schedule (64 words)
|
|
58
|
-
*/
|
|
59
|
-
function compress(H, W) {
|
|
60
|
-
// Extend 16 words to 64 words
|
|
61
|
-
for (let i = 16; i < 64; i++) {
|
|
62
|
-
const s0 = rotr(W[i - 15], 7) ^ rotr(W[i - 15], 18) ^ (W[i - 15] >>> 3);
|
|
63
|
-
const s1 = rotr(W[i - 2], 17) ^ rotr(W[i - 2], 19) ^ (W[i - 2] >>> 10);
|
|
64
|
-
W[i] = (W[i - 16] + s0 + W[i - 7] + s1) >>> 0;
|
|
65
|
-
}
|
|
66
|
-
|
|
67
|
-
// Initialize working variables
|
|
68
|
-
let a = H[0], b = H[1], c = H[2], d = H[3];
|
|
69
|
-
let e = H[4], f = H[5], g = H[6], h = H[7];
|
|
70
|
-
|
|
71
|
-
// 64 rounds
|
|
72
|
-
for (let i = 0; i < 64; i++) {
|
|
73
|
-
const S1 = rotr(e, 6) ^ rotr(e, 11) ^ rotr(e, 25);
|
|
74
|
-
const ch = (e & f) ^ (~e & g);
|
|
75
|
-
const temp1 = (h + S1 + ch + K[i] + W[i]) >>> 0;
|
|
76
|
-
const S0 = rotr(a, 2) ^ rotr(a, 13) ^ rotr(a, 22);
|
|
77
|
-
const maj = (a & b) ^ (a & c) ^ (b & c);
|
|
78
|
-
const temp2 = (S0 + maj) >>> 0;
|
|
79
|
-
|
|
80
|
-
h = g; g = f; f = e;
|
|
81
|
-
e = (d + temp1) >>> 0;
|
|
82
|
-
d = c; c = b; b = a;
|
|
83
|
-
a = (temp1 + temp2) >>> 0;
|
|
84
|
-
}
|
|
85
|
-
|
|
86
|
-
// Add compressed chunk to hash
|
|
87
|
-
H[0] = (H[0] + a) >>> 0;
|
|
88
|
-
H[1] = (H[1] + b) >>> 0;
|
|
89
|
-
H[2] = (H[2] + c) >>> 0;
|
|
90
|
-
H[3] = (H[3] + d) >>> 0;
|
|
91
|
-
H[4] = (H[4] + e) >>> 0;
|
|
92
|
-
H[5] = (H[5] + f) >>> 0;
|
|
93
|
-
H[6] = (H[6] + g) >>> 0;
|
|
94
|
-
H[7] = (H[7] + h) >>> 0;
|
|
95
|
-
}
|
|
96
|
-
|
|
97
|
-
/**
|
|
98
|
-
* HashContext for streaming SHA-256 computation
|
|
99
|
-
* @class
|
|
100
|
-
*/
|
|
101
|
-
class HashContext {
|
|
102
|
-
constructor() {
|
|
103
|
-
this._H = new Uint32Array(H_INIT);
|
|
104
|
-
this._buffer = new Uint8Array(64);
|
|
105
|
-
this._bufferLength = 0;
|
|
106
|
-
this._totalLength = 0;
|
|
107
|
-
this._finalized = false;
|
|
108
|
-
}
|
|
109
|
-
|
|
110
|
-
/**
|
|
111
|
-
* Update hash with additional data
|
|
112
|
-
* @param {Uint8Array} data - Data to hash
|
|
113
|
-
* @returns {HashContext} This context for chaining
|
|
114
|
-
*/
|
|
115
|
-
update(data) {
|
|
116
|
-
if (this._finalized) {
|
|
117
|
-
throw new Error('Cannot update finalized hash');
|
|
118
|
-
}
|
|
119
|
-
|
|
120
|
-
const W = new Uint32Array(64);
|
|
121
|
-
let offset = 0;
|
|
122
|
-
|
|
123
|
-
// Process any buffered data first
|
|
124
|
-
if (this._bufferLength > 0) {
|
|
125
|
-
const needed = 64 - this._bufferLength;
|
|
126
|
-
const toCopy = Math.min(needed, data.length);
|
|
127
|
-
this._buffer.set(data.subarray(0, toCopy), this._bufferLength);
|
|
128
|
-
this._bufferLength += toCopy;
|
|
129
|
-
offset = toCopy;
|
|
130
|
-
|
|
131
|
-
if (this._bufferLength === 64) {
|
|
132
|
-
for (let i = 0; i < 16; i++) {
|
|
133
|
-
W[i] = (this._buffer[i * 4] << 24) | (this._buffer[i * 4 + 1] << 16) |
|
|
134
|
-
(this._buffer[i * 4 + 2] << 8) | this._buffer[i * 4 + 3];
|
|
135
|
-
}
|
|
136
|
-
compress(this._H, W);
|
|
137
|
-
this._bufferLength = 0;
|
|
138
|
-
}
|
|
139
|
-
}
|
|
140
|
-
|
|
141
|
-
// Process complete 64-byte blocks
|
|
142
|
-
while (offset + 64 <= data.length) {
|
|
143
|
-
for (let i = 0; i < 16; i++) {
|
|
144
|
-
W[i] = (data[offset + i * 4] << 24) | (data[offset + i * 4 + 1] << 16) |
|
|
145
|
-
(data[offset + i * 4 + 2] << 8) | data[offset + i * 4 + 3];
|
|
146
|
-
}
|
|
147
|
-
compress(this._H, W);
|
|
148
|
-
offset += 64;
|
|
149
|
-
}
|
|
150
|
-
|
|
151
|
-
// Buffer remaining bytes
|
|
152
|
-
if (offset < data.length) {
|
|
153
|
-
this._buffer.set(data.subarray(offset), 0);
|
|
154
|
-
this._bufferLength = data.length - offset;
|
|
155
|
-
}
|
|
156
|
-
|
|
157
|
-
this._totalLength += data.length;
|
|
158
|
-
return this;
|
|
159
|
-
}
|
|
160
|
-
|
|
161
|
-
/**
|
|
162
|
-
* Finalize hash and return digest
|
|
163
|
-
* @returns {Uint8Array} 32-byte hash digest
|
|
164
|
-
*/
|
|
165
|
-
digest() {
|
|
166
|
-
if (this._finalized) {
|
|
167
|
-
throw new Error('Hash already finalized');
|
|
168
|
-
}
|
|
169
|
-
this._finalized = true;
|
|
170
|
-
|
|
171
|
-
const W = new Uint32Array(64);
|
|
172
|
-
const bitLength = this._totalLength * 8;
|
|
173
|
-
|
|
174
|
-
// Append padding bit
|
|
175
|
-
this._buffer[this._bufferLength++] = 0x80;
|
|
176
|
-
|
|
177
|
-
// If not enough room for length, process current block
|
|
178
|
-
if (this._bufferLength > 56) {
|
|
179
|
-
this._buffer.fill(0, this._bufferLength, 64);
|
|
180
|
-
for (let i = 0; i < 16; i++) {
|
|
181
|
-
W[i] = (this._buffer[i * 4] << 24) | (this._buffer[i * 4 + 1] << 16) |
|
|
182
|
-
(this._buffer[i * 4 + 2] << 8) | this._buffer[i * 4 + 3];
|
|
183
|
-
}
|
|
184
|
-
compress(this._H, W);
|
|
185
|
-
this._bufferLength = 0;
|
|
186
|
-
}
|
|
187
|
-
|
|
188
|
-
// Pad with zeros and append 64-bit length (big-endian)
|
|
189
|
-
this._buffer.fill(0, this._bufferLength, 56);
|
|
190
|
-
// Note: JavaScript bitwise ops are 32-bit, handle high bits separately
|
|
191
|
-
const highBits = Math.floor(bitLength / 0x100000000);
|
|
192
|
-
this._buffer[56] = (highBits >>> 24) & 0xff;
|
|
193
|
-
this._buffer[57] = (highBits >>> 16) & 0xff;
|
|
194
|
-
this._buffer[58] = (highBits >>> 8) & 0xff;
|
|
195
|
-
this._buffer[59] = highBits & 0xff;
|
|
196
|
-
this._buffer[60] = (bitLength >>> 24) & 0xff;
|
|
197
|
-
this._buffer[61] = (bitLength >>> 16) & 0xff;
|
|
198
|
-
this._buffer[62] = (bitLength >>> 8) & 0xff;
|
|
199
|
-
this._buffer[63] = bitLength & 0xff;
|
|
200
|
-
|
|
201
|
-
for (let i = 0; i < 16; i++) {
|
|
202
|
-
W[i] = (this._buffer[i * 4] << 24) | (this._buffer[i * 4 + 1] << 16) |
|
|
203
|
-
(this._buffer[i * 4 + 2] << 8) | this._buffer[i * 4 + 3];
|
|
204
|
-
}
|
|
205
|
-
compress(this._H, W);
|
|
206
|
-
|
|
207
|
-
// Convert hash to bytes
|
|
208
|
-
const result = new Uint8Array(32);
|
|
209
|
-
for (let i = 0; i < 8; i++) {
|
|
210
|
-
result[i * 4] = (this._H[i] >>> 24) & 0xff;
|
|
211
|
-
result[i * 4 + 1] = (this._H[i] >>> 16) & 0xff;
|
|
212
|
-
result[i * 4 + 2] = (this._H[i] >>> 8) & 0xff;
|
|
213
|
-
result[i * 4 + 3] = this._H[i] & 0xff;
|
|
214
|
-
}
|
|
215
|
-
return result;
|
|
216
|
-
}
|
|
217
|
-
}
|
|
218
|
-
|
|
219
|
-
/**
|
|
220
|
-
* Create a new streaming hash context
|
|
221
|
-
* @returns {HashContext} New hash context
|
|
222
|
-
*/
|
|
223
|
-
function createHash() {
|
|
224
|
-
return new HashContext();
|
|
225
|
-
}
|
|
226
|
-
|
|
227
|
-
/**
|
|
228
|
-
* Compute SHA-256 hash of data
|
|
229
|
-
* @param {Uint8Array} data - Data to hash
|
|
230
|
-
* @returns {Uint8Array} 32-byte hash digest
|
|
231
|
-
*/
|
|
232
|
-
function hash(data) {
|
|
233
|
-
return createHash().update(data).digest();
|
|
234
|
-
}
|
|
235
|
-
|
|
236
|
-
module.exports = {
|
|
237
|
-
hash,
|
|
238
|
-
createHash,
|
|
239
|
-
HashContext
|
|
240
|
-
};
|
package/src/crypto/x25519.js
DELETED
|
@@ -1,154 +0,0 @@
|
|
|
1
|
-
'use strict';
|
|
2
|
-
|
|
3
|
-
/**
|
|
4
|
-
* @fileoverview X25519 Elliptic Curve Diffie-Hellman (RFC 7748)
|
|
5
|
-
* Pure JavaScript implementation using BigInt for field arithmetic.
|
|
6
|
-
* @module crypto/x25519
|
|
7
|
-
*/
|
|
8
|
-
|
|
9
|
-
const { randomBytes } = require('../utils/bytes');
|
|
10
|
-
|
|
11
|
-
/** Prime field modulus: p = 2^255 - 19 */
|
|
12
|
-
const P = (1n << 255n) - 19n;
|
|
13
|
-
/** a24 = (A - 2) / 4 = 121665 where A = 486662 for Curve25519 */
|
|
14
|
-
const A24 = 121665n;
|
|
15
|
-
/** Base point u-coordinate */
|
|
16
|
-
const BASE_POINT = 9n;
|
|
17
|
-
|
|
18
|
-
/** Converts Uint8Array to BigInt (little-endian). */
|
|
19
|
-
function bytesToBigInt(bytes) {
|
|
20
|
-
let result = 0n;
|
|
21
|
-
for (let i = bytes.length - 1; i >= 0; i--) {
|
|
22
|
-
result = (result << 8n) | BigInt(bytes[i]);
|
|
23
|
-
}
|
|
24
|
-
return result;
|
|
25
|
-
}
|
|
26
|
-
|
|
27
|
-
/** Converts BigInt to Uint8Array (little-endian, 32 bytes). */
|
|
28
|
-
function bigIntToBytes(n) {
|
|
29
|
-
const bytes = new Uint8Array(32);
|
|
30
|
-
let value = n;
|
|
31
|
-
for (let i = 0; i < 32; i++) {
|
|
32
|
-
bytes[i] = Number(value & 0xffn);
|
|
33
|
-
value >>= 8n;
|
|
34
|
-
}
|
|
35
|
-
return bytes;
|
|
36
|
-
}
|
|
37
|
-
|
|
38
|
-
/** Field operations: add, sub, mul, square */
|
|
39
|
-
const fieldAdd = (a, b) => (a + b) % P;
|
|
40
|
-
const fieldSub = (a, b) => ((a - b) % P + P) % P;
|
|
41
|
-
const fieldMul = (a, b) => (a * b) % P;
|
|
42
|
-
const fieldSquare = (a) => (a * a) % P;
|
|
43
|
-
|
|
44
|
-
/** Modular exponentiation using square-and-multiply. */
|
|
45
|
-
function fieldPow(base, exp) {
|
|
46
|
-
let result = 1n;
|
|
47
|
-
base = base % P;
|
|
48
|
-
while (exp > 0n) {
|
|
49
|
-
if (exp & 1n) { result = fieldMul(result, base); }
|
|
50
|
-
exp >>= 1n;
|
|
51
|
-
base = fieldSquare(base);
|
|
52
|
-
}
|
|
53
|
-
return result;
|
|
54
|
-
}
|
|
55
|
-
|
|
56
|
-
/** Modular inverse using Fermat's little theorem: a^(-1) = a^(p-2) mod p. */
|
|
57
|
-
const fieldInvert = (a) => fieldPow(a, P - 2n);
|
|
58
|
-
|
|
59
|
-
/**
|
|
60
|
-
* Conditional swap - swaps a and b if swap is 1, otherwise leaves unchanged.
|
|
61
|
-
* Implemented without branching on secret data.
|
|
62
|
-
*/
|
|
63
|
-
function cswap(swap, a, b) {
|
|
64
|
-
const mask = -swap;
|
|
65
|
-
const diff = (a ^ b) & mask;
|
|
66
|
-
return [a ^ diff, b ^ diff];
|
|
67
|
-
}
|
|
68
|
-
|
|
69
|
-
/**
|
|
70
|
-
* Clamps a scalar per RFC 7748 Section 5.
|
|
71
|
-
* @param {Uint8Array} k - 32-byte scalar
|
|
72
|
-
* @returns {Uint8Array} Clamped scalar
|
|
73
|
-
*/
|
|
74
|
-
function clampScalar(k) {
|
|
75
|
-
const clamped = new Uint8Array(k);
|
|
76
|
-
clamped[0] &= 248; // Clear bits 0, 1, 2
|
|
77
|
-
clamped[31] &= 127; // Clear bit 7 of last byte
|
|
78
|
-
clamped[31] |= 64; // Set bit 6 of last byte
|
|
79
|
-
return clamped;
|
|
80
|
-
}
|
|
81
|
-
|
|
82
|
-
/**
|
|
83
|
-
* Montgomery ladder for X25519 scalar multiplication.
|
|
84
|
-
* Computes scalar * point on Curve25519.
|
|
85
|
-
* @param {Uint8Array} scalar - 32-byte scalar (will be clamped)
|
|
86
|
-
* @param {Uint8Array} point - 32-byte u-coordinate
|
|
87
|
-
* @returns {Uint8Array} 32-byte result u-coordinate
|
|
88
|
-
*/
|
|
89
|
-
function scalarMult(scalar, point) {
|
|
90
|
-
const k = bytesToBigInt(clampScalar(scalar));
|
|
91
|
-
let u = bytesToBigInt(point);
|
|
92
|
-
|
|
93
|
-
// Handle edge case: all-zeros point returns all-zeros
|
|
94
|
-
if (u === 0n) { return new Uint8Array(32); }
|
|
95
|
-
u = u % P;
|
|
96
|
-
|
|
97
|
-
// Montgomery ladder state (RFC 7748 naming convention)
|
|
98
|
-
// eslint-disable-next-line camelcase, prefer-const
|
|
99
|
-
let x_1 = u, x_2 = 1n, z_2 = 0n, x_3 = u, z_3 = 1n, swap = 0n;
|
|
100
|
-
|
|
101
|
-
// Process bits from 254 down to 0
|
|
102
|
-
for (let t = 254; t >= 0; t--) {
|
|
103
|
-
// eslint-disable-next-line camelcase
|
|
104
|
-
const k_t = (k >> BigInt(t)) & 1n;
|
|
105
|
-
swap ^= k_t; // eslint-disable-line camelcase
|
|
106
|
-
[x_2, x_3] = cswap(swap, x_2, x_3); // eslint-disable-line camelcase
|
|
107
|
-
[z_2, z_3] = cswap(swap, z_2, z_3); // eslint-disable-line camelcase
|
|
108
|
-
swap = k_t; // eslint-disable-line camelcase
|
|
109
|
-
|
|
110
|
-
const A = fieldAdd(x_2, z_2); // eslint-disable-line camelcase
|
|
111
|
-
const AA = fieldSquare(A);
|
|
112
|
-
const B = fieldSub(x_2, z_2); // eslint-disable-line camelcase
|
|
113
|
-
const BB = fieldSquare(B);
|
|
114
|
-
const E = fieldSub(AA, BB);
|
|
115
|
-
const C = fieldAdd(x_3, z_3); // eslint-disable-line camelcase
|
|
116
|
-
const D = fieldSub(x_3, z_3); // eslint-disable-line camelcase
|
|
117
|
-
const DA = fieldMul(D, A);
|
|
118
|
-
const CB = fieldMul(C, B);
|
|
119
|
-
x_3 = fieldSquare(fieldAdd(DA, CB)); // eslint-disable-line camelcase
|
|
120
|
-
z_3 = fieldMul(x_1, fieldSquare(fieldSub(DA, CB))); // eslint-disable-line camelcase
|
|
121
|
-
x_2 = fieldMul(AA, BB); // eslint-disable-line camelcase
|
|
122
|
-
z_2 = fieldMul(E, fieldAdd(AA, fieldMul(A24, E))); // eslint-disable-line camelcase
|
|
123
|
-
}
|
|
124
|
-
|
|
125
|
-
[x_2, x_3] = cswap(swap, x_2, x_3); // eslint-disable-line camelcase
|
|
126
|
-
[z_2, z_3] = cswap(swap, z_2, z_3); // eslint-disable-line camelcase
|
|
127
|
-
|
|
128
|
-
return bigIntToBytes(fieldMul(x_2, fieldInvert(z_2))); // eslint-disable-line camelcase
|
|
129
|
-
}
|
|
130
|
-
|
|
131
|
-
/**
|
|
132
|
-
* Computes scalar multiplication with the base point (u = 9).
|
|
133
|
-
* @param {Uint8Array} scalar - 32-byte scalar (will be clamped)
|
|
134
|
-
* @returns {Uint8Array} 32-byte public key
|
|
135
|
-
*/
|
|
136
|
-
function scalarMultBase(scalar) {
|
|
137
|
-
return scalarMult(scalar, bigIntToBytes(BASE_POINT));
|
|
138
|
-
}
|
|
139
|
-
|
|
140
|
-
/**
|
|
141
|
-
* Generates a new X25519 key pair.
|
|
142
|
-
* @returns {{publicKey: Uint8Array, secretKey: Uint8Array}} Key pair
|
|
143
|
-
*/
|
|
144
|
-
function generateKeyPair() {
|
|
145
|
-
const secretKey = randomBytes(32);
|
|
146
|
-
const publicKey = scalarMultBase(secretKey);
|
|
147
|
-
return { publicKey, secretKey };
|
|
148
|
-
}
|
|
149
|
-
|
|
150
|
-
module.exports = {
|
|
151
|
-
generateKeyPair,
|
|
152
|
-
scalarMult,
|
|
153
|
-
scalarMultBase
|
|
154
|
-
};
|