diff --git a/src/ed25519.ts b/src/ed25519.ts index a7dce4d..5649401 100644 --- a/src/ed25519.ts +++ b/src/ed25519.ts @@ -104,10 +104,10 @@ const ed25519Defaults = { // d is equal to -121665/121666 over finite field. // Negative number is P - number, and division is invert(number, P) d: BigInt('37095705934669439343138083508754565189542113879843219016388785533085940283555'), - // Finite field 𝔽p over which we'll do calculations; 2n ** 255n - 19n + // Finite field 𝔽p over which we'll do calculations; 2n**255n - 19n Fp, // Subgroup order: how many points curve has - // 2n ** 252n + 27742317777372353535851937790883648493n; + // 2n**252n + 27742317777372353535851937790883648493n; n: BigInt('7237005577332262213973186563042994240857116359379907606001950938285454250989'), // Cofactor h: BigInt(8), @@ -165,13 +165,14 @@ export const x25519 = montgomery({ * @example * const someonesPub = ed25519.getPublicKey(ed25519.utils.randomPrivateKey()); * const aPriv = x25519.utils.randomPrivateKey(); - * x25519.getSharedSecret(aPriv, edwardsToMontgomery(someonesPub)) + * x25519.getSharedSecret(aPriv, edwardsToMontgomeryPub(someonesPub)) */ -export function edwardsToMontgomery(edwardsPub: Hex): Uint8Array { +export function edwardsToMontgomeryPub(edwardsPub: Hex): Uint8Array { const { y } = ed25519.ExtendedPoint.fromHex(edwardsPub); const _1n = BigInt(1); return Fp.toBytes(Fp.create((_1n + y) * Fp.inv(_1n - y))); } +export const edwardsToMontgomery = edwardsToMontgomeryPub; // deprecated /** * Converts ed25519 secret key to x25519 secret key. diff --git a/test/ed25519-addons.test.js b/test/ed25519-addons.test.js index 3c8e052..2eac266 100644 --- a/test/ed25519-addons.test.js +++ b/test/ed25519-addons.test.js @@ -8,7 +8,7 @@ import { ed25519, ed25519ctx, ed25519ph, - edwardsToMontgomery, + edwardsToMontgomeryPub, edwardsToMontgomeryPriv, RistrettoPoint, x25519, @@ -172,7 +172,7 @@ describe('RFC7748 X25519 ECDH', () => { hex(xPrivate), 'a8cd44eb8e93319c0570bc11005c0e0189d34ff02f6c17773411ad191293c94f' ); - const xPublic = edwardsToMontgomery(edPublic); + const xPublic = edwardsToMontgomeryPub(edPublic); deepStrictEqual( hex(xPublic), 'ed7749b4d989f6957f3bfde6c56767e988e21c9f8784d91d610011cd553f9b06' @@ -182,10 +182,9 @@ describe('RFC7748 X25519 ECDH', () => { should('edwardsToMontgomery should produce correct keyPair', () => { const edSecret = ed25519.utils.randomPrivateKey(); const edPublic = ed25519.getPublicKey(edSecret); - const hashed = ed25519.CURVE.hash(edSecret.subarray(0, 32)); - const xSecret = ed25519.CURVE.adjustScalarBytes(hashed.subarray(0, 32)); + const xSecret = edwardsToMontgomeryPriv(edSecret); const expectedXPublic = x25519.getPublicKey(xSecret); - const xPublic = edwardsToMontgomery(edPublic); + const xPublic = edwardsToMontgomeryPub(edPublic); deepStrictEqual(xPublic, expectedXPublic); }); @@ -195,8 +194,8 @@ describe('RFC7748 X25519 ECDH', () => { const edSecret2 = ed25519.utils.randomPrivateKey(); const edPublic2 = ed25519.getPublicKey(edSecret2); deepStrictEqual( - x25519.getSharedSecret(edwardsToMontgomeryPriv(edSecret1), edwardsToMontgomery(edPublic2)), - x25519.getSharedSecret(edwardsToMontgomeryPriv(edSecret2), edwardsToMontgomery(edPublic1)) + x25519.getSharedSecret(edwardsToMontgomeryPriv(edSecret1), edwardsToMontgomeryPub(edPublic2)), + x25519.getSharedSecret(edwardsToMontgomeryPriv(edSecret2), edwardsToMontgomeryPub(edPublic1)) ); });