2014-08-09 17:43:24 -07:00
|
|
|
var bn = require('./bn');
|
|
|
|
|
var point = require('./point');
|
|
|
|
|
var Signature = require('./signature');
|
2014-08-09 19:42:25 -07:00
|
|
|
var Key = require('./key');
|
2014-08-09 17:43:24 -07:00
|
|
|
var Privkey = require('./privkey');
|
|
|
|
|
var Pubkey = require('./pubkey');
|
|
|
|
|
var Random = require('./random');
|
|
|
|
|
|
2014-08-13 15:55:33 -07:00
|
|
|
var ECDSA = function ECDSA(hash, key, sig, k) {
|
|
|
|
|
if (!(this instanceof ECDSA))
|
|
|
|
|
return new ECDSA(hash, key, sig, k);
|
2014-08-09 17:43:24 -07:00
|
|
|
this.hash = hash;
|
|
|
|
|
this.key = key;
|
|
|
|
|
this.sig = sig;
|
|
|
|
|
this.k = k;
|
|
|
|
|
};
|
|
|
|
|
|
2014-08-09 19:42:25 -07:00
|
|
|
ECDSA.prototype.fromString = function(str) {
|
|
|
|
|
var obj = JSON.parse(str);
|
|
|
|
|
if (obj.hash)
|
|
|
|
|
this.hash = new Buffer(obj.hash, 'hex');
|
|
|
|
|
if (obj.key)
|
|
|
|
|
this.key = (new Key()).fromString(obj.key);
|
|
|
|
|
if (obj.sig)
|
|
|
|
|
this.sig = (new Signature()).fromString(obj.sig);
|
|
|
|
|
if (obj.k)
|
|
|
|
|
this.k = bn(obj.k, 10);
|
|
|
|
|
return this;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
ECDSA.prototype.randomK = function() {
|
|
|
|
|
var N = point.getN();
|
|
|
|
|
var k;
|
|
|
|
|
do {
|
|
|
|
|
k = bn.fromBuffer(Random.getRandomBuffer(32));
|
|
|
|
|
} while (!(k.lt(N) && k.gt(0)));
|
|
|
|
|
this.k = k;
|
|
|
|
|
return this;
|
|
|
|
|
};
|
|
|
|
|
|
2014-08-09 17:43:24 -07:00
|
|
|
ECDSA.prototype.sigError = function() {
|
|
|
|
|
if (!Buffer.isBuffer(this.hash) || this.hash.length !== 32)
|
|
|
|
|
return 'Invalid hash';
|
|
|
|
|
|
|
|
|
|
try {
|
|
|
|
|
this.key.pubkey.validate();
|
|
|
|
|
} catch (e) {
|
|
|
|
|
return 'Invalid pubkey: ' + e;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
var r = this.sig.r;
|
|
|
|
|
var s = this.sig.s;
|
|
|
|
|
if (!(r.gt(0) && r.lt(point.getN()))
|
|
|
|
|
|| !(s.gt(0) && s.lt(point.getN())))
|
|
|
|
|
return 'r and s not in range';
|
|
|
|
|
|
|
|
|
|
var e = bn.fromBuffer(this.hash);
|
|
|
|
|
var n = point.getN();
|
|
|
|
|
var sinv = s.invm(n);
|
|
|
|
|
var u1 = sinv.mul(e).mod(n);
|
|
|
|
|
var u2 = sinv.mul(r).mod(n);
|
|
|
|
|
|
2014-08-13 12:23:06 -07:00
|
|
|
var p = point.getG().mulAdd(u1, this.key.pubkey.point, u2);
|
2014-08-09 17:43:24 -07:00
|
|
|
if (p.isInfinity())
|
|
|
|
|
return 'p is infinity';
|
|
|
|
|
|
|
|
|
|
if (!(p.getX().mod(n).cmp(r) === 0))
|
|
|
|
|
return 'Invalid signature';
|
|
|
|
|
else
|
|
|
|
|
return false;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
ECDSA.prototype.sign = function() {
|
|
|
|
|
var hash = this.hash;
|
|
|
|
|
var privkey = this.key.privkey;
|
|
|
|
|
var k = this.k;
|
2014-08-13 12:23:06 -07:00
|
|
|
var d = privkey.bn;
|
2014-08-09 17:43:24 -07:00
|
|
|
|
|
|
|
|
if (!hash || !privkey || !k || !d)
|
|
|
|
|
throw new Error('ecdsa: invalid parameters');
|
|
|
|
|
|
|
|
|
|
var N = point.getN();
|
|
|
|
|
var G = point.getG();
|
|
|
|
|
var e = bn(hash);
|
|
|
|
|
|
|
|
|
|
do {
|
|
|
|
|
var Q = G.mul(k);
|
|
|
|
|
var r = Q.x.mod(N);
|
|
|
|
|
var s = k.invm(N).mul(e.add(d.mul(r))).mod(N);
|
|
|
|
|
} while (r.cmp(0) <= 0 || s.cmp(0) <= 0);
|
|
|
|
|
|
|
|
|
|
this.sig = new Signature(r, s);
|
|
|
|
|
return this.sig;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
ECDSA.prototype.signRandomK = function() {
|
|
|
|
|
var k = this.randomK();
|
|
|
|
|
return this.sign();
|
|
|
|
|
};
|
|
|
|
|
|
2014-08-09 19:42:25 -07:00
|
|
|
ECDSA.prototype.toString = function() {
|
|
|
|
|
var obj = {};
|
|
|
|
|
if (this.hash)
|
|
|
|
|
obj.hash = this.hash.toString('hex');
|
|
|
|
|
if (this.key)
|
|
|
|
|
obj.key = this.key.toString();
|
|
|
|
|
if (this.sig)
|
|
|
|
|
obj.sig = this.sig.toString();
|
|
|
|
|
if (this.k)
|
|
|
|
|
obj.k = this.k.toString();
|
|
|
|
|
return JSON.stringify(obj);
|
|
|
|
|
};
|
|
|
|
|
|
2014-08-09 17:43:24 -07:00
|
|
|
ECDSA.prototype.verify = function() {
|
|
|
|
|
if (!this.sigError())
|
|
|
|
|
return true;
|
|
|
|
|
else
|
|
|
|
|
return false;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
module.exports = ECDSA;
|
