2022-09-05 23:57:11 +03:00
|
|
|
"use strict";
|
2023-02-13 06:14:26 +03:00
|
|
|
/**
|
|
|
|
|
* Add details about signing here.
|
|
|
|
|
*
|
|
|
|
|
* @_subsection: api/crypto:Signing [about-signing]
|
|
|
|
|
*/
|
2022-09-05 23:57:11 +03:00
|
|
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
|
|
exports.SigningKey = void 0;
|
2023-04-25 14:04:48 +03:00
|
|
|
const tslib_1 = require("tslib");
|
|
|
|
|
const secp256k1 = tslib_1.__importStar(require("@noble/secp256k1"));
|
2022-09-05 23:57:11 +03:00
|
|
|
const index_js_1 = require("../utils/index.js");
|
|
|
|
|
const hmac_js_1 = require("./hmac.js");
|
|
|
|
|
const signature_js_1 = require("./signature.js");
|
|
|
|
|
//const N = BigInt("0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141");
|
|
|
|
|
// Make noble-secp256k1 sync
|
|
|
|
|
secp256k1.utils.hmacSha256Sync = function (key, ...messages) {
|
2022-09-16 05:58:45 +03:00
|
|
|
return (0, index_js_1.getBytes)((0, hmac_js_1.computeHmac)("sha256", key, (0, index_js_1.concat)(messages)));
|
2022-09-05 23:57:11 +03:00
|
|
|
};
|
2022-12-03 05:27:06 +03:00
|
|
|
/**
|
|
|
|
|
* A **SigningKey** provides high-level access to the elliptic curve
|
|
|
|
|
* cryptography (ECC) operations and key management.
|
|
|
|
|
*/
|
2022-09-05 23:57:11 +03:00
|
|
|
class SigningKey {
|
|
|
|
|
#privateKey;
|
2022-12-03 05:27:06 +03:00
|
|
|
/**
|
|
|
|
|
* Creates a new **SigningKey** for %%privateKey%%.
|
|
|
|
|
*/
|
2022-09-05 23:57:11 +03:00
|
|
|
constructor(privateKey) {
|
2022-11-30 23:44:23 +03:00
|
|
|
(0, index_js_1.assertArgument)((0, index_js_1.dataLength)(privateKey) === 32, "invalid private key", "privateKey", "[REDACTED]");
|
2022-09-05 23:57:11 +03:00
|
|
|
this.#privateKey = (0, index_js_1.hexlify)(privateKey);
|
|
|
|
|
}
|
2022-12-03 05:27:06 +03:00
|
|
|
/**
|
|
|
|
|
* The private key.
|
|
|
|
|
*/
|
2022-09-05 23:57:11 +03:00
|
|
|
get privateKey() { return this.#privateKey; }
|
2022-12-03 05:27:06 +03:00
|
|
|
/**
|
|
|
|
|
* The uncompressed public key.
|
|
|
|
|
*
|
|
|
|
|
* This will always begin with the prefix ``0x04`` and be 132
|
|
|
|
|
* characters long (the ``0x`` prefix and 130 hexadecimal nibbles).
|
|
|
|
|
*/
|
2022-09-05 23:57:11 +03:00
|
|
|
get publicKey() { return SigningKey.computePublicKey(this.#privateKey); }
|
2022-12-03 05:27:06 +03:00
|
|
|
/**
|
|
|
|
|
* The compressed public key.
|
|
|
|
|
*
|
|
|
|
|
* This will always begin with either the prefix ``0x02`` or ``0x03``
|
|
|
|
|
* and be 68 characters long (the ``0x`` prefix and 33 hexadecimal
|
|
|
|
|
* nibbles)
|
|
|
|
|
*/
|
2022-09-05 23:57:11 +03:00
|
|
|
get compressedPublicKey() { return SigningKey.computePublicKey(this.#privateKey, true); }
|
2022-12-03 05:27:06 +03:00
|
|
|
/**
|
|
|
|
|
* Return the signature of the signed %%digest%%.
|
|
|
|
|
*/
|
2022-09-05 23:57:11 +03:00
|
|
|
sign(digest) {
|
2022-10-20 12:03:32 +03:00
|
|
|
(0, index_js_1.assertArgument)((0, index_js_1.dataLength)(digest) === 32, "invalid digest length", "digest", digest);
|
2022-09-16 05:58:45 +03:00
|
|
|
const [sigDer, recid] = secp256k1.signSync((0, index_js_1.getBytesCopy)(digest), (0, index_js_1.getBytesCopy)(this.#privateKey), {
|
2022-09-05 23:57:11 +03:00
|
|
|
recovered: true,
|
|
|
|
|
canonical: true
|
|
|
|
|
});
|
|
|
|
|
const sig = secp256k1.Signature.fromHex(sigDer);
|
|
|
|
|
return signature_js_1.Signature.from({
|
2022-12-10 02:24:58 +03:00
|
|
|
r: (0, index_js_1.toBeHex)("0x" + sig.r.toString(16), 32),
|
|
|
|
|
s: (0, index_js_1.toBeHex)("0x" + sig.s.toString(16), 32),
|
2022-09-05 23:57:11 +03:00
|
|
|
v: (recid ? 0x1c : 0x1b)
|
2022-11-30 23:44:23 +03:00
|
|
|
});
|
2022-09-05 23:57:11 +03:00
|
|
|
}
|
2022-12-03 05:27:06 +03:00
|
|
|
/**
|
|
|
|
|
* Returns the [[link-wiki-ecdh]] shared secret between this
|
|
|
|
|
* private key and the %%other%% key.
|
|
|
|
|
*
|
|
|
|
|
* The %%other%% key may be any type of key, a raw public key,
|
|
|
|
|
* a compressed/uncompressed pubic key or aprivate key.
|
|
|
|
|
*
|
|
|
|
|
* Best practice is usually to use a cryptographic hash on the
|
|
|
|
|
* returned value before using it as a symetric secret.
|
2022-12-10 02:24:58 +03:00
|
|
|
*
|
|
|
|
|
* @example:
|
|
|
|
|
* sign1 = new SigningKey(id("some-secret-1"))
|
|
|
|
|
* sign2 = new SigningKey(id("some-secret-2"))
|
|
|
|
|
*
|
|
|
|
|
* // Notice that privA.computeSharedSecret(pubB)...
|
|
|
|
|
* sign1.computeSharedSecret(sign2.publicKey)
|
|
|
|
|
* //_result:
|
|
|
|
|
*
|
|
|
|
|
* // ...is equal to privB.computeSharedSecret(pubA).
|
|
|
|
|
* sign2.computeSharedSecret(sign1.publicKey)
|
|
|
|
|
* //_result:
|
2022-12-03 05:27:06 +03:00
|
|
|
*/
|
2022-12-10 02:24:58 +03:00
|
|
|
computeSharedSecret(other) {
|
2022-09-05 23:57:11 +03:00
|
|
|
const pubKey = SigningKey.computePublicKey(other);
|
2022-12-10 02:24:58 +03:00
|
|
|
return (0, index_js_1.hexlify)(secp256k1.getSharedSecret((0, index_js_1.getBytesCopy)(this.#privateKey), (0, index_js_1.getBytes)(pubKey)));
|
2022-09-05 23:57:11 +03:00
|
|
|
}
|
2022-12-03 05:27:06 +03:00
|
|
|
/**
|
|
|
|
|
* Compute the public key for %%key%%, optionally %%compressed%%.
|
|
|
|
|
*
|
|
|
|
|
* The %%key%% may be any type of key, a raw public key, a
|
|
|
|
|
* compressed/uncompressed public key or private key.
|
2022-12-10 02:24:58 +03:00
|
|
|
*
|
|
|
|
|
* @example:
|
|
|
|
|
* sign = new SigningKey(id("some-secret"));
|
|
|
|
|
*
|
|
|
|
|
* // Compute the uncompressed public key for a private key
|
|
|
|
|
* SigningKey.computePublicKey(sign.privateKey)
|
|
|
|
|
* //_result:
|
|
|
|
|
*
|
|
|
|
|
* // Compute the compressed public key for a private key
|
|
|
|
|
* SigningKey.computePublicKey(sign.privateKey, true)
|
|
|
|
|
* //_result:
|
|
|
|
|
*
|
|
|
|
|
* // Compute the uncompressed public key
|
|
|
|
|
* SigningKey.computePublicKey(sign.publicKey, false);
|
|
|
|
|
* //_result:
|
|
|
|
|
*
|
|
|
|
|
* // Compute the Compressed a public key
|
|
|
|
|
* SigningKey.computePublicKey(sign.publicKey, true);
|
|
|
|
|
* //_result:
|
2022-12-03 05:27:06 +03:00
|
|
|
*/
|
2022-09-05 23:57:11 +03:00
|
|
|
static computePublicKey(key, compressed) {
|
2022-09-16 05:58:45 +03:00
|
|
|
let bytes = (0, index_js_1.getBytes)(key, "key");
|
2023-01-23 00:47:02 +03:00
|
|
|
// private key
|
2022-09-05 23:57:11 +03:00
|
|
|
if (bytes.length === 32) {
|
|
|
|
|
const pubKey = secp256k1.getPublicKey(bytes, !!compressed);
|
|
|
|
|
return (0, index_js_1.hexlify)(pubKey);
|
|
|
|
|
}
|
2023-01-23 00:47:02 +03:00
|
|
|
// raw public key; use uncompressed key with 0x04 prefix
|
2022-09-05 23:57:11 +03:00
|
|
|
if (bytes.length === 64) {
|
|
|
|
|
const pub = new Uint8Array(65);
|
|
|
|
|
pub[0] = 0x04;
|
|
|
|
|
pub.set(bytes, 1);
|
|
|
|
|
bytes = pub;
|
|
|
|
|
}
|
|
|
|
|
const point = secp256k1.Point.fromHex(bytes);
|
|
|
|
|
return (0, index_js_1.hexlify)(point.toRawBytes(compressed));
|
|
|
|
|
}
|
2022-12-03 05:27:06 +03:00
|
|
|
/**
|
|
|
|
|
* Returns the public key for the private key which produced the
|
|
|
|
|
* %%signature%% for the given %%digest%%.
|
2022-12-10 02:24:58 +03:00
|
|
|
*
|
|
|
|
|
* @example:
|
|
|
|
|
* key = new SigningKey(id("some-secret"))
|
|
|
|
|
* digest = id("hello world")
|
|
|
|
|
* sig = key.sign(digest)
|
|
|
|
|
*
|
|
|
|
|
* // Notice the signer public key...
|
|
|
|
|
* key.publicKey
|
|
|
|
|
* //_result:
|
|
|
|
|
*
|
|
|
|
|
* // ...is equal to the recovered public key
|
|
|
|
|
* SigningKey.recoverPublicKey(digest, sig)
|
|
|
|
|
* //_result:
|
|
|
|
|
*
|
2022-12-03 05:27:06 +03:00
|
|
|
*/
|
2022-09-05 23:57:11 +03:00
|
|
|
static recoverPublicKey(digest, signature) {
|
2022-10-20 12:03:32 +03:00
|
|
|
(0, index_js_1.assertArgument)((0, index_js_1.dataLength)(digest) === 32, "invalid digest length", "digest", digest);
|
2022-09-05 23:57:11 +03:00
|
|
|
const sig = signature_js_1.Signature.from(signature);
|
2022-09-16 05:58:45 +03:00
|
|
|
const der = secp256k1.Signature.fromCompact((0, index_js_1.getBytesCopy)((0, index_js_1.concat)([sig.r, sig.s]))).toDERRawBytes();
|
|
|
|
|
const pubKey = secp256k1.recoverPublicKey((0, index_js_1.getBytesCopy)(digest), der, sig.yParity);
|
2023-03-20 19:53:37 +03:00
|
|
|
(0, index_js_1.assertArgument)(pubKey != null, "invalid signautre for digest", "signature", signature);
|
|
|
|
|
return (0, index_js_1.hexlify)(pubKey);
|
2022-09-05 23:57:11 +03:00
|
|
|
}
|
2022-12-03 05:27:06 +03:00
|
|
|
/**
|
|
|
|
|
* Returns the point resulting from adding the ellipic curve points
|
|
|
|
|
* %%p0%% and %%p1%%.
|
|
|
|
|
*
|
|
|
|
|
* This is not a common function most developers should require, but
|
|
|
|
|
* can be useful for certain privacy-specific techniques.
|
|
|
|
|
*
|
|
|
|
|
* For example, it is used by [[HDNodeWallet]] to compute child
|
|
|
|
|
* addresses from parent public keys and chain codes.
|
|
|
|
|
*/
|
|
|
|
|
static addPoints(p0, p1, compressed) {
|
2022-09-05 23:57:11 +03:00
|
|
|
const pub0 = secp256k1.Point.fromHex(SigningKey.computePublicKey(p0).substring(2));
|
|
|
|
|
const pub1 = secp256k1.Point.fromHex(SigningKey.computePublicKey(p1).substring(2));
|
|
|
|
|
return "0x" + pub0.add(pub1).toHex(!!compressed);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
exports.SigningKey = SigningKey;
|
|
|
|
|
//# sourceMappingURL=signing-key.js.map
|
