"use strict"; /** * @fileOverview * Core operations on curve 25519 required for the higher level modules. */ /* * Copyright (c) 2007, 2013, 2014 Michele Bini * Copyright (c) 2014 Mega Limited * under the MIT License. * * Authors: Guy K. Kloss, Michele Bini * * You should have received a copy of the license along with this program. */ var core = require('./core'); var utils = require('./utils'); /** * @exports jodid25519/curve255 * Legacy compatibility module for Michele Bini's previous curve255.js. * * @description * Legacy compatibility module for Michele Bini's previous curve255.js. * *
* This code presents an API with all key formats as previously available * from Michele Bini's curve255.js implementation. *
*/ var ns = {}; function curve25519_raw(f, c) { var a, x_1, q; x_1 = c; a = core.dbl(x_1, core.ONE()); q = [x_1, core.ONE()]; var n = 255; while (core.getbit(f, n) == 0) { n--; // For correct constant-time operation, bit 255 should always be // set to 1 so the following 'while' loop is never entered. if (n < 0) { return core.ZERO(); } } n--; var aq = [a, q]; while (n >= 0) { var r, s; var b = core.getbit(f, n); r = core.sum(aq[0][0], aq[0][1], aq[1][0], aq[1][1], x_1); s = core.dbl(aq[1 - b][0], aq[1 - b][1]); aq[1 - b] = s; aq[b] = r; n--; } q = aq[1]; q[1] = core.invmodp(q[1]); q[0] = core.mulmodp(q[0], q[1]); core.reduce(q[0]); return q[0]; } function curve25519b32(a, b) { return _base32encode(curve25519(_base32decode(a), _base32decode(b))); } function curve25519(f, c) { if (!c) { c = core.BASE(); } f[0] &= 0xFFF8; f[15] = (f[15] & 0x7FFF) | 0x4000; return curve25519_raw(f, c); } function _hexEncodeVector(k) { var hexKey = utils.hexEncode(k); // Pad with '0' at the front. hexKey = new Array(64 + 1 - hexKey.length).join('0') + hexKey; // Invert bytes. return hexKey.split(/(..)/).reverse().join(''); } function _hexDecodeVector(v) { // assert(length(x) == 64); // Invert bytes. var hexKey = v.split(/(..)/).reverse().join(''); return utils.hexDecode(hexKey); } // Expose some functions to the outside through this name space. /** * Computes the scalar product of a point on the curve 25519. * * This function is used for the DH key-exchange protocol. * * Before multiplication, some bit operations are applied to the * private key to ensure it is a valid Curve25519 secret key. * It is the user's responsibility to make sure that the private * key is a uniformly random, secret value. * * @function * @param f {array} * Private key. * @param c {array} * Public point on the curve. If not given, the curve's base point is used. * @returns {array} * Key point resulting from scalar product. */ ns.curve25519 = curve25519; /** * Computes the scalar product of a point on the curve 25519. * * This variant does not make sure that the private key is valid. * The user has the responsibility to ensure the private key is * valid or that this results in a safe protocol. Unless you know * exactly what you are doing, you should not use this variant, * please use 'curve25519' instead. * * @function * @param f {array} * Private key. * @param c {array} * Public point on the curve. If not given, the curve's base point is used. * @returns {array} * Key point resulting from scalar product. */ ns.curve25519_raw = curve25519_raw; /** * Encodes the internal representation of a key to a canonical hex * representation. * * This is the format commonly used in other libraries and for * test vectors, and is equivalent to the hex dump of the key in * little-endian binary format. * * @function * @param n {array} * Array representation of key. * @returns {string} * Hexadecimal string representation of key. */ ns.hexEncodeVector = _hexEncodeVector; /** * Decodes a canonical hex representation of a key * to an internally compatible array representation. * * @function * @param n {string} * Hexadecimal string representation of key. * @returns {array} * Array representation of key. */ ns.hexDecodeVector = _hexDecodeVector; /** * Encodes the internal representation of a key into a * hexadecimal representation. * * This is a strict positional notation, most significant digit first. * * @function * @param n {array} * Array representation of key. * @returns {string} * Hexadecimal string representation of key. */ ns.hexencode = utils.hexEncode; /** * Decodes a hex representation of a key to an internally * compatible array representation. * * @function * @param n {string} * Hexadecimal string representation of key. * @returns {array} * Array representation of key. */ ns.hexdecode = utils.hexDecode; /** * Encodes the internal representation of a key to a base32 * representation. * * @function * @param n {array} * Array representation of key. * @returns {string} * Base32 string representation of key. */ ns.base32encode = utils.base32encode; /** * Decodes a base32 representation of a key to an internally * compatible array representation. * * @function * @param n {string} * Base32 string representation of key. * @returns {array} * Array representation of key. */ ns.base32decode = utils.base32decode; module.exports = ns;