sm-crypto-v2 0.3.13 → 1.2.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "sm-crypto-v2",
-  "version": "0.3.13",
+  "version": "1.2.0",
   "description": "sm-crypto-v2",
   "main": "dist/index.js",
   "module": "dist/index.mjs",
@@ -8,10 +8,10 @@
   "scripts": {
     "prepublish": "npm run build",
     "lint": "eslint \"src/**/*.js\" --fix",
-    "build": "tsup",
+    "build": "vitest run && tsup",
     "watch": "tsup --watch",
     "test": "vitest",
-    "release": "vitest run && standard-version && git push --follow-tags origin master",
+    "release": "npm run build && standard-version && git push --follow-tags origin master",
     "coverage": "vitest run --coverage"
   },
   "repository": {
@@ -30,8 +30,8 @@
   "author": "june_01",
   "license": "MIT",
   "dependencies": {
-    "@types/jsbn": "^1.2.30",
-    "jsbn": "^1.1.0"
+    "@noble/curves": "^1.1.0",
+    "@types/jsbn": "^1.2.30"
   },
   "devDependencies": {
     "@swc/core": "^1.3.62",

package/pnpm-lock.yaml

@@ -1,12 +1,12 @@
 lockfileVersion: '6.0'
 
 dependencies:
+  '@noble/curves':
+    specifier: ^1.1.0
+    version: 1.1.0
   '@types/jsbn':
     specifier: ^1.2.30
     version: 1.2.30
-  jsbn:
-    specifier: ^1.1.0
-    version: 1.1.0
 
 devDependencies:
   '@swc/core':
@@ -581,6 +581,17 @@ packages:
       '@jridgewell/sourcemap-codec': 1.4.14
     dev: true
 
+  /@noble/curves@1.1.0:
+    resolution: {integrity: sha512-091oBExgENk/kGj3AZmtBDMpxQPDtxQABR2B9lb1JbVTs6ytdzZNwvhxQ4MWasRNEzlbEH8jCWFCwhF/Obj5AA==}
+    dependencies:
+      '@noble/hashes': 1.3.1
+    dev: false
+
+  /@noble/hashes@1.3.1:
+    resolution: {integrity: sha512-EbqwksQwz9xDRGfDST86whPBgM65E0OH/pCgqW0GBVzO22bNE+NuIbeTb714+IfSjU3aRk47EUvXIb5bTsenKA==}
+    engines: {node: '>= 16'}
+    dev: false
+
   /@nodelib/fs.scandir@2.1.5:
     resolution: {integrity: sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==}
     engines: {node: '>= 8'}
@@ -2480,10 +2491,6 @@ packages:
       argparse: 2.0.1
     dev: true
 
-  /jsbn@1.1.0:
-    resolution: {integrity: sha512-4bYVV3aAMtDTTu4+xsDYa6sy9GyJ69/amsu9sYF2zqjiEoZA5xJi3BrfX3uY+/IekIu7MwdObdbDWpoZdBv3/A==}
-    dev: false
-
   /jsesc@2.5.2:
     resolution: {integrity: sha512-OYu7XEzjkCQ3C5Ps3QIZsQfNpqoJyZZA99wd9aWd05NCtC5pWOkShK2mkL6HXQR6/Cy2lbNdPlZBpuQHXE63gA==}
     engines: {node: '>=4'}

package/src/sm2/asn1.ts

@@ -1,8 +1,9 @@
 /* eslint-disable class-methods-use-this */
 
-import { BigInteger } from 'jsbn'
+import * as utils from '@noble/curves/abstract/utils';
+import { ONE } from './bn';
 
-export function bigintToValue(bigint: BigInteger) {
+export function bigintToValue(bigint: bigint) {
   let h = bigint.toString(16)
   if (h[0] !== '-') {
     // 正数
@@ -10,18 +11,18 @@ export function bigintToValue(bigint: BigInteger) {
     else if (!h.match(/^[0-7]/)) h = '00' + h // 非0开头，则补一个全0字节
   } else {
     // 负数
-    h = h.substr(1)
-
+    h = h.substring(1)
     let len = h.length
     if (len % 2 === 1) len += 1 // 补齐到整字节
     else if (!h.match(/^[0-7]/)) len += 2 // 非0开头，则补一个全0字节
 
     let maskString = ''
     for (let i = 0; i < len; i++) maskString += 'f'
-    let mask = new BigInteger(maskString, 16)
+    let mask = utils.hexToNumber(maskString)
 
     // 对绝对值取反，加1
-    let output = mask.xor(bigint).add(BigInteger.ONE)
+    
+    let output = (mask ^ bigint) + ONE
     h = output.toString(16).replace(/^-/, '')
   }
   return h
@@ -68,7 +69,7 @@ class ASN1Object {
 }
 
 class DERInteger extends ASN1Object {
-  constructor(bigint: BigInteger) {
+  constructor(bigint: bigint) {
     super()
 
     this.t = '02' // 整型标签说明
@@ -109,9 +110,9 @@ function getL(str: string, start: number) {
   const l = str.substring(start + 2, start + 2 + len * 2)
 
   if (!l) return -1
-  const bigint = +l[0] < 8 ? new BigInteger(l, 16) : new BigInteger(l.substring(2), 16)
+  const bigint = +l[0] < 8 ? utils.hexToNumber(l): utils.hexToNumber(l.substring(2))
 
-  return bigint.intValue()
+  return +bigint.toString()
 }
 
 /**
@@ -125,7 +126,7 @@ function getStartOfV(str: string, start: number) {
 /**
  * ASN.1 der 编码，针对 sm2 签名
  */
-export function encodeDer(r: BigInteger, s: BigInteger) {
+export function encodeDer(r: bigint, s: bigint) {
   const derR = new DERInteger(r)
   const derS = new DERInteger(s)
   const derSeq = new DERSequence([derR, derS])
@@ -151,8 +152,10 @@ export function decodeDer(input: string) {
   const lS = getL(input, nextStart)
   const vS = input.substring(vIndexS, vIndexS + lS * 2)
 
-  const r = new BigInteger(vR, 16)
-  const s = new BigInteger(vS, 16)
+  // const r = new BigInteger(vR, 16)
+  // const s = new BigInteger(vS, 16)
+  const r = utils.hexToNumber(vR)
+  const s = utils.hexToNumber(vS)
 
   return { r, s }
 }

package/src/sm2/bn.ts

@@ -0,0 +1,4 @@
+export const ZERO = BigInt(0);
+export const ONE = BigInt(1);
+export const TWO = BigInt(2);
+export const THREE = BigInt(3);

package/src/sm2/ec.ts

@@ -1,333 +1,95 @@
-/* eslint-disable no-case-declarations, max-len */
-
-import { BigInteger } from 'jsbn'
-
-/**
- * thanks for Tom Wu : http://www-cs-students.stanford.edu/~tjw/jsbn/
- *
- * Basic Javascript Elliptic Curve implementation
- * Ported loosely from BouncyCastle's Java EC code
- * Only Fp curves implemented for now
- */
-
-const TWO = new BigInteger('2')
-const THREE = new BigInteger('3')
+import { weierstrass } from '@noble/curves/abstract/weierstrass';
+import { Field } from '@noble/curves/abstract/modular'; // finite field for mod arithmetics
+import { hmac, sm3 } from './sm3'
+import { utf8ToArray } from '@/sm3';
+import { concatArray } from './utils';
+import { ONE } from './bn';
 
 /**
- * 椭圆曲线域元素
+ * 安全随机数发生器
+ * 如果有原生同步接口，直接使用。否则维护一个随机数池，使用异步接口实现。
+ * Web: webcrypto 原生同步接口
+ * Node: Node v18 之前需要引入 crypto 模块，这里使用异步 import
+ * 小程序：异步接口
  */
-class ECFieldElementFp {
-  constructor(public q: BigInteger, public x: BigInteger) {
-    // TODO if (x.compareTo(q) >= 0) error
-  }
-
-  /**
-   * 判断相等
-   */
-  equals(other: ECFieldElementFp) {
-    if (other === this) return true
-    return (this.q.equals(other.q) && this.x.equals(other.x))
-  }
-
-  /**
-   * 返回具体数值
-   */
-  toBigInteger() {
-    return this.x
-  }
-
-  /**
-   * 取反
-   */
-  negate() {
-    return new ECFieldElementFp(this.q, this.x.negate().mod(this.q))
-  }
-
-  /**
-   * 相加
-   */
-  add(b) {
-    return new ECFieldElementFp(this.q, this.x.add(b.toBigInteger()).mod(this.q))
-  }
-
-  /**
-   * 相减
-   */
-  subtract(b) {
-    return new ECFieldElementFp(this.q, this.x.subtract(b.toBigInteger()).mod(this.q))
-  }
-
-  /**
-   * 相乘
-   */
-  multiply(b) {
-    return new ECFieldElementFp(this.q, this.x.multiply(b.toBigInteger()).mod(this.q))
-  }
-
-  /**
-   * 相除
-   */
-  divide(b) {
-    return new ECFieldElementFp(this.q, this.x.multiply(b.toBigInteger().modInverse(this.q)).mod(this.q))
-  }
-
-  /**
-   * 平方
-   */
-  square() {
-    return new ECFieldElementFp(this.q, this.x.square().mod(this.q))
-  }
+declare module wx {
+  function getRandomValues(options: {
+    length: number;
+    success: (res: { randomValues: ArrayBuffer }) => void;
+  }): void;
 }
 
-class ECPointFp {
-  zinv: BigInteger | null
-  z: BigInteger
-  constructor(public curve: ECCurveFp, public x: ECFieldElementFp | null, public y: ECFieldElementFp | null, z?: BigInteger) {
-    // 标准射影坐标系：zinv == null 或 z * zinv == 1
-    this.z = z == null ? BigInteger.ONE : z
-    this.zinv = null
-    // TODO: compression flag
-  }
-
-  getX() {
-    if (this.zinv === null) this.zinv = this.z.modInverse(this.curve.q)
-
-    return this.curve.fromBigInteger(this.x!.toBigInteger().multiply(this.zinv).mod(this.curve.q))
-  }
-
-  getY() {
-    if (this.zinv === null) this.zinv = this.z.modInverse(this.curve.q)
-
-    return this.curve.fromBigInteger(this.y!.toBigInteger().multiply(this.zinv).mod(this.curve.q))
-  }
-
-  /**
-   * 判断相等
-   */
-  equals(other: ECPointFp) {
-    if (other === this) return true
-    if (this.isInfinity()) return other.isInfinity()
-    if (other.isInfinity()) return this.isInfinity()
-
-    // u = y2 * z1 - y1 * z2
-    const u = other.y!.toBigInteger().multiply(this.z).subtract(this.y!.toBigInteger().multiply(other.z)).mod(this.curve.q)
-    if (!u.equals(BigInteger.ZERO)) return false
-
-    // v = x2 * z1 - x1 * z2
-    const v = other.x!.toBigInteger().multiply(this.z).subtract(this.x!.toBigInteger().multiply(other.z)).mod(this.curve.q)
-    return v.equals(BigInteger.ZERO)
-  }
-
-  /**
-   * 是否是无穷远点
-   */
-  isInfinity() {
-    if ((this.x === null) && (this.y === null)) return true
-    return this.z.equals(BigInteger.ZERO) && !this.y!.toBigInteger().equals(BigInteger.ZERO)
-  }
-
-  /**
-   * 取反，x 轴对称点
-   */
-  negate() {
-    return new ECPointFp(this.curve, this.x, this.y!.negate(), this.z)
-  }
-
-  /**
-   * 相加
-   *
-   * 标准射影坐标系：
-   *
-   * λ1 = x1 * z2
-   * λ2 = x2 * z1
-   * λ3 = λ1 − λ2
-   * λ4 = y1 * z2
-   * λ5 = y2 * z1
-   * λ6 = λ4 − λ5
-   * λ7 = λ1 + λ2
-   * λ8 = z1 * z2
-   * λ9 = λ3^2
-   * λ10 = λ3 * λ9
-   * λ11 = λ8 * λ6^2 − λ7 * λ9
-   * x3 = λ3 * λ11
-   * y3 = λ6 * (λ9 * λ1 − λ11) − λ4 * λ10
-   * z3 = λ10 * λ8
-   */
-  add(b: ECPointFp) {
-    if (this.isInfinity()) return b
-    if (b.isInfinity()) return this
-
-    const x1 = this.x!.toBigInteger()
-    const y1 = this.y!.toBigInteger()
-    const z1 = this.z
-    const x2 = b.x!.toBigInteger()
-    const y2 = b.y!.toBigInteger()
-    const z2 = b.z
-    const q = this.curve.q
-
-    const w1 = x1.multiply(z2).mod(q)
-    const w2 = x2.multiply(z1).mod(q)
-    const w3 = w1.subtract(w2)
-    const w4 = y1.multiply(z2).mod(q)
-    const w5 = y2.multiply(z1).mod(q)
-    const w6 = w4.subtract(w5)
-
-    if (BigInteger.ZERO.equals(w3)) {
-      if (BigInteger.ZERO.equals(w6)) {
-        return this.twice() // this == b，计算自加
-      }
-      return this.curve.infinity // this == -b，则返回无穷远点
-    }
-
-    const w7 = w1.add(w2)
-    const w8 = z1.multiply(z2).mod(q)
-    const w9 = w3.square().mod(q)
-    const w10 = w3.multiply(w9).mod(q)
-    const w11 = w8.multiply(w6.square()).subtract(w7.multiply(w9)).mod(q)
-
-    const x3 = w3.multiply(w11).mod(q)
-    const y3 = w6.multiply(w9.multiply(w1).subtract(w11)).subtract(w4.multiply(w10)).mod(q)
-    const z3 = w10.multiply(w8).mod(q)
-
-    return new ECPointFp(this.curve, this.curve.fromBigInteger(x3), this.curve.fromBigInteger(y3), z3)
-  }
-
-  /**
-   * 自加
-   *
-   * 标准射影坐标系：
-   *
-   * λ1 = 3 * x1^2 + a * z1^2
-   * λ2 = 2 * y1 * z1
-   * λ3 = y1^2
-   * λ4 = λ3 * x1 * z1
-   * λ5 = λ2^2
-   * λ6 = λ1^2 − 8 * λ4
-   * x3 = λ2 * λ6
-   * y3 = λ1 * (4 * λ4 − λ6) − 2 * λ5 * λ3
-   * z3 = λ2 * λ5
-   */
-  twice() {
-    if (this.isInfinity()) return this
-    if (!this.y!.toBigInteger().signum()) return this.curve.infinity
-
-    const x1 = this.x!.toBigInteger()
-    const y1 = this.y!.toBigInteger()
-    const z1 = this.z
-    const q = this.curve.q
-    const a = this.curve.a.toBigInteger()
-
-    const w1 = x1.square().multiply(THREE).add(a.multiply(z1.square())).mod(q)
-    const w2 = y1.shiftLeft(1).multiply(z1).mod(q)
-    const w3 = y1.square().mod(q)
-    const w4 = w3.multiply(x1).multiply(z1).mod(q)
-    const w5 = w2.square().mod(q)
-    const w6 = w1.square().subtract(w4.shiftLeft(3)).mod(q)
-
-    const x3 = w2.multiply(w6).mod(q)
-    const y3 = w1.multiply(w4.shiftLeft(2).subtract(w6)).subtract(w5.shiftLeft(1).multiply(w3)).mod(q)
-    const z3 = w2.multiply(w5).mod(q)
-
-    return new ECPointFp(this.curve, this.curve.fromBigInteger(x3), this.curve.fromBigInteger(y3), z3)
-  }
-
-  /**
-   * 倍点计算
-   */
-  multiply(k: BigInteger) {
-    if (this.isInfinity()) return this
-    if (!k.signum()) return this.curve.infinity
-
-    // 使用加减法
-    const k3 = k.multiply(THREE)
-    const neg = this.negate()
-    let Q: ECPointFp = this
-
-    for (let i = k3.bitLength() - 2; i > 0; i--) {
-      Q = Q.twice()
-
-      const k3Bit = k3.testBit(i)
-      const kBit = k.testBit(i)
-
-      if (k3Bit !== kBit) {
-        Q = Q.add(k3Bit ? this : neg)
-      }
+const DEFAULT_PRNG_POOL_SIZE = 4096
+let prngPool = new Uint8Array(DEFAULT_PRNG_POOL_SIZE)
+
+async function FillPRNGPoolIfNeeded() {
+  if ('crypto' in globalThis) return // no need to use pooling
+  if (prngPool.length > DEFAULT_PRNG_POOL_SIZE / 2) return // there is sufficient number
+  // we always populate full pool size
+  // since numbers may be consumed during micro tasks.
+  if ('wx' in globalThis) {
+    prngPool = await new Promise(r => {
+      wx.getRandomValues({
+        length: DEFAULT_PRNG_POOL_SIZE,
+        success(res) {
+          r(new Uint8Array(res.randomValues));
+        }
+      });
+    });
+  } else {
+    // check if node, use webcrypto if available
+    try {
+      const crypto = await import(/* webpackIgnore: true */ 'crypto');
+      const array = new Uint8Array(DEFAULT_PRNG_POOL_SIZE);
+      crypto.webcrypto.getRandomValues(array);
+      prngPool = array;
+    } catch (error) {
+      throw new Error('no available csprng, abort.');
     }
-
-    return Q
   }
 }
 
-/**
- * 椭圆曲线 y^2 = x^3 + ax + b
- */
-export class ECCurveFp {
-  infinity: ECPointFp
-  a: ECFieldElementFp
-  b: ECFieldElementFp
-  constructor(public q: BigInteger, a: BigInteger, b: BigInteger) {
-    this.q = q
-    this.a = this.fromBigInteger(a)
-    this.b = this.fromBigInteger(b)
-    this.infinity = new ECPointFp(this, null, null) // 无穷远点
-  }
-
-  /**
-   * 判断两个椭圆曲线是否相等
-   */
-  equals(other: ECCurveFp) {
-    if (other === this) return true
-    return (this.q.equals(other.q) && this.a.equals(other.a) && this.b.equals(other.b))
-  }
+FillPRNGPoolIfNeeded()
 
-  /**
-   * 生成椭圆曲线域元素
-   */
-  fromBigInteger(x: BigInteger) {
-    return new ECFieldElementFp(this.q, x)
+function consumePool(length: number): Uint8Array {
+  if (prngPool.length > length) {
+    const prng = prngPool.slice(0, length)
+    prngPool = prngPool.slice(length)
+    FillPRNGPoolIfNeeded()
+    return prng
+  } else {
+    throw new Error('random number pool is insufficient, prevent getting too long random values or too often.')
   }
+}
 
-  /**
-   * 解析 16 进制串为椭圆曲线点
-   */
-  decodePointHex(s: string) {
-    switch (parseInt(s.substring(0, 2), 16)) {
-      // 第一个字节
-      case 0:
-        return this.infinity
-      case 2:
-      case 3:
-        // 压缩
-        const x = this.fromBigInteger(new BigInteger(s.substring(2), 16))
-        // 对 p ≡ 3 (mod4)，即存在正整数 u，使得 p = 4u + 3
-        // 计算 y = (√ (x^3 + ax + b) % p)^(u + 1) modp
-        let y = this.fromBigInteger(x.multiply(x.square()).add(
-          x.multiply(this.a)
-        ).add(this.b).toBigInteger()
-          .modPow(
-            this.q.divide(new BigInteger('4')).add(BigInteger.ONE), this.q
-          ))
-        // 算出结果 2 进制最后 1 位不等于第 1 个字节减 2 则取反
-        if (!y.toBigInteger().mod(TWO).equals(new BigInteger(s.substring(0, 2), 16).subtract(TWO))) {
-          y = y.negate()
-        }
-        return new ECPointFp(this, x, y)
-      case 4:
-      case 6:
-      case 7:
-        const len = (s.length - 2) / 2
-        const xHex = s.substring(2, 2 + len)
-        const yHex = s.substring(len + 2, len + 2 + len)
-
-        return new ECPointFp(this, this.fromBigInteger(new BigInteger(xHex, 16)), this.fromBigInteger(new BigInteger(yHex, 16)))
-      default:
-        // 不支持
-        return null
-    }
+export function randomBytes(length = 0): Uint8Array {
+  const array = new Uint8Array(length);
+  if ('crypto' in globalThis) {
+    return globalThis.crypto.getRandomValues(array);
+  } else {
+    return consumePool(length)
   }
 }
 
-export const ec = {
-  ECPointFp,
-  ECCurveFp,
+export function createHash() {
+  const hashC = (msg: Uint8Array | string): Uint8Array => sm3(typeof msg === 'string' ? utf8ToArray(msg) : msg)
+  hashC.outputLen = 256;
+  hashC.blockLen = 512;
+  hashC.create = () => sm3(Uint8Array.from([]));
+  return hashC;
 }
+
+export const sm2Fp = Field(BigInt('115792089210356248756420345214020892766250353991924191454421193933289684991999'))
+export const sm2Curve = weierstrass({
+  // sm2: short weierstrass.
+  a: BigInt('115792089210356248756420345214020892766250353991924191454421193933289684991996'),
+  b: BigInt('18505919022281880113072981827955639221458448578012075254857346196103069175443'),
+  Fp: sm2Fp,
+  h: ONE,
+  n: BigInt('115792089210356248756420345214020892766061623724957744567843809356293439045923'),
+  Gx: BigInt('22963146547237050559479531362550074578802567295341616970375194840604139615431'),
+  Gy: BigInt('85132369209828568825618990617112496413088388631904505083283536607588877201568'),
+  hash: createHash(),
+  hmac: (key: Uint8Array, ...msgs: Uint8Array[]) => hmac(concatArray(...msgs), key),
+  randomBytes,
+});