Bitmessage
/
eccrypto
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity
eccrypto/index.js

180 lines
5.8 KiB
JavaScript
Raw Normal View History

Implement sign/verify for node implementation
2014-12-23 23:14:28 +00:00
/**
* Node.js eccrypto implementation.
* @module eccrypto
*/
"use strict";
Do not overwrite global variables Also do not use Promise shim in browsers since it's supported natively by new browsers (and we can use only new browsers because of the WebCryptoAPI).
2015-01-06 11:21:46 +00:00
var promise = typeof Promise === "undefined" ?
require("es6-promise").Promise :
Promise;
ECIES (Node)
2015-01-13 23:29:39 +00:00
var crypto = require("crypto");
ECDH (Node)
2015-01-13 19:39:37 +00:00
// TODO(Kagami): We may fallback to pure JS implementation
// (`browser.js`) if this modules are failed to load.
Start to implement node wrapper
2014-12-23 20:28:40 +00:00
var secp256k1 = require("secp256k1");
ECDH (Node)
2015-01-13 19:39:37 +00:00
var ecdh = require("./build/Release/ecdh");
Start to implement node wrapper
2014-12-23 20:28:40 +00:00
ECIES (Node)
2015-01-13 23:29:39 +00:00
function assert(condition, message) {
if (!condition) {
throw new Error(message || "Assertion failed");
}
}
function sha512(msg) {
return crypto.createHash("sha512").update(msg).digest();
}
function aes256CbcEncrypt(iv, key, plaintext) {
var cipher = crypto.createCipheriv("aes-256-cbc", key, iv);
var firstChunk = cipher.update(plaintext);
var secondChunk = cipher.final();
return Buffer.concat([firstChunk, secondChunk]);
}
function aes256CbcDecrypt(iv, key, ciphertext) {
var cipher = crypto.createDecipheriv("aes-256-cbc", key, iv);
var firstChunk = cipher.update(ciphertext);
var secondChunk = cipher.final();
return Buffer.concat([firstChunk, secondChunk]);
}
function hmacSha256(key, msg) {
return crypto.createHmac("sha256", key).update(msg).digest();
}
// Compare two buffers in constant time to prevent timing attacks.
function equalConstTime(b1, b2) {
if (b1.length !== b2.length) {
return false;
}
var res = 0;
for (var i = 0; i < b1.length; i++) {
res |= b1[i] ^ b2[i]; // jshint ignore:line
}
return res === 0;
}
Implement sign/verify for node implementation
2014-12-23 23:14:28 +00:00
/**
* Compute the public key for a given private key.
Fix doc strings
2015-01-02 15:21:24 +00:00
* @param {Buffer} privateKey - A 32-byte private key
* @return {Buffer} A 65-byte public key.
Remove boilerplate
2015-01-02 13:47:09 +00:00
* @function
Implement sign/verify for node implementation
2014-12-23 23:14:28 +00:00
*/
ECIES (Node)
2015-01-13 23:29:39 +00:00
var getPublic = exports.getPublic = secp256k1.createPublicKey;
Implement sign/verify for node implementation
2014-12-23 23:14:28 +00:00
/**
* Create an ECDSA signature.
Fix doc strings
2015-01-02 15:21:24 +00:00
* @param {Buffer} privateKey - A 32-byte private key
* @param {Buffer} msg - The message being signed
* @return {Promise.<Buffer>} A promise that resolves with the
* signature and rejects on bad key or message.
Implement sign/verify for node implementation
2014-12-23 23:14:28 +00:00
*/
exports.sign = function(privateKey, msg) {
Refactoring
2015-01-12 17:50:21 +00:00
return new promise(function(resolve) {
Add more input checkings
2015-01-21 00:04:56 +00:00
assert(msg.length > 0, "Message should not be empty");
assert(msg.length <= 32, "Message is too long");
Update to latest secp256k1-node
2015-01-28 13:14:17 +00:00
resolve(secp256k1.sign(privateKey, msg));
Implement sign/verify for node implementation
2014-12-23 23:14:28 +00:00
});
};
/**
* Verify an ECDSA signature.
Fix API
2015-01-13 12:11:53 +00:00
* @param {Buffer} publicKey - A 65-byte public key
Fix doc strings
2015-01-02 15:21:24 +00:00
* @param {Buffer} msg - The message being verified
* @param {Buffer} sig - The signature
Pass `null` instead of `undefined` on `.verify`
2015-02-10 13:52:38 +00:00
* @return {Promise.<null>} A promise that resolves on correct signature
* and rejects on bad key or signature.
Implement sign/verify for node implementation
2014-12-23 23:14:28 +00:00
*/
Fix API
2015-01-13 12:11:53 +00:00
exports.verify = function(publicKey, msg, sig) {
Do not overwrite global variables Also do not use Promise shim in browsers since it's supported natively by new browsers (and we can use only new browsers because of the WebCryptoAPI).
2015-01-06 11:21:46 +00:00
return new promise(function(resolve, reject) {
Add more input checkings
2015-01-21 00:04:56 +00:00
assert(msg.length > 0, "Message should not be empty");
assert(msg.length <= 32, "Message is too long");
Update to latest secp256k1-node
2015-01-28 13:14:17 +00:00
if (secp256k1.verify(publicKey, msg, sig) === 1) {
Pass `null` instead of `undefined` on `.verify`
2015-02-10 13:52:38 +00:00
resolve(null);
Fix for short messages Zero-pad it for secp256k1
2015-01-20 20:17:25 +00:00
} else {
reject(new Error("Bad signature"));
}
Implement sign/verify for node implementation
2014-12-23 23:14:28 +00:00
});
};
ECDH (Node)
2015-01-13 19:39:37 +00:00
/**
* Derive shared secret for given private and public keys.
ECIES (Node)
2015-01-13 23:29:39 +00:00
* @param {Buffer} privateKeyA - Sender's private key (32 bytes)
* @param {Buffer} publicKeyB - Recipient's public key (65 bytes)
ECDH (Node)
2015-01-13 19:39:37 +00:00
* @return {Promise.<Buffer>} A promise that resolves with the derived
ECIES (Node)
2015-01-13 23:29:39 +00:00
* shared secret (Px, 32 bytes) and rejects on bad key.
ECDH (Node)
2015-01-13 19:39:37 +00:00
*/
ECIES (Node)
2015-01-13 23:29:39 +00:00
var derive = exports.derive = function(privateKeyA, publicKeyB) {
ECDH (Node)
2015-01-13 19:39:37 +00:00
return new promise(function(resolve) {
resolve(ecdh.derive(privateKeyA, publicKeyB));
});
};
ECIES (Node)
2015-01-13 23:29:39 +00:00
/**
* Input/output structure for ECIES operations.
* @typedef {Object} Ecies
* @property {Buffer} iv - Initialization vector (16 bytes)
* @property {Buffer} ephemPublicKey - Ephemeral public key (65 bytes)
* @property {Buffer} ciphertext - The result of encryption (variable size)
* @property {Buffer} mac - Message authentication code (32 bytes)
*/
/**
* Encrypt message for given recepient's public key.
* @param {Buffer} publicKeyTo - Recipient's public key (65 bytes)
* @param {Buffer} msg - The message being encrypted
* @param {?{?iv: Buffer, ?ephemPrivateKey: Buffer}} opts - You may also
* specify initialization vector (16 bytes) and ephemeral private key
* (32 bytes) to get deterministic results.
* @return {Promise.<Ecies>} - A promise that resolves with the ECIES
* structure on successful encryption and rejects on failure.
*/
exports.encrypt = function(publicKeyTo, msg, opts) {
opts = opts || {};
// Tmp variable to save context from flat promises;
var ephemPublicKey;
return new promise(function(resolve) {
var ephemPrivateKey = opts.ephemPrivateKey || crypto.randomBytes(32);
ephemPublicKey = getPublic(ephemPrivateKey);
resolve(derive(ephemPrivateKey, publicKeyTo));
}).then(function(Px) {
var hash = sha512(Px);
var iv = opts.iv || crypto.randomBytes(16);
var encryptionKey = hash.slice(0, 32);
var macKey = hash.slice(32);
var ciphertext = aes256CbcEncrypt(iv, encryptionKey, msg);
var dataToMac = Buffer.concat([iv, ephemPublicKey, ciphertext]);
var mac = hmacSha256(macKey, dataToMac);
return {
iv: iv,
ephemPublicKey: ephemPublicKey,
ciphertext: ciphertext,
mac: mac,
};
});
};
/**
* Decrypt message using given private key.
* @param {Buffer} privateKey - A 32-byte private key of recepient of
* the mesage
* @param {Ecies} opts - ECIES structure (result of ECIES encryption)
* @return {Promise.<Buffer>} - A promise that resolves with the
* plaintext on successful decryption and rejects on failure.
*/
exports.decrypt = function(privateKey, opts) {
return derive(privateKey, opts.ephemPublicKey).then(function(Px) {
var hash = sha512(Px);
var encryptionKey = hash.slice(0, 32);
var macKey = hash.slice(32);
var dataToMac = Buffer.concat([
opts.iv,
opts.ephemPublicKey,
opts.ciphertext
]);
var realMac = hmacSha256(macKey, dataToMac);
assert(equalConstTime(opts.mac, realMac), "Bad MAC");
return aes256CbcDecrypt(opts.iv, encryptionKey, opts.ciphertext);
});
};