UNPKG

@instun/sm2-multikey

Version:

A JavaScript library for generating and working with SM2Multikey key pairs and digital signatures. Compatible with both Node.js and fibjs runtimes.

github.com/instun/sm2-multikey

instun/sm2-multikey

339 lines (324 loc) 9.15 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
/*! * Copyright (c) 2024 Instun, Inc. All rights reserved. */ /** * @fileoverview Multicodec and Multibase Key Encoding Utilities * * This module implements the Multicodec and Multibase specifications for * SM2 cryptographic key encoding. It provides a self-describing format * that combines type information with key data, enabling reliable key * identification and handling. * * Key Features: * - Multicodec compliance * - Multibase support * - Zero-copy operations * - Type preservation * - Format validation * * Security Considerations: * - Key type validation * - Format verification * - Memory safety * - Error handling * - Buffer bounds * * Performance Notes: * - Minimal copying * - Early validation * - Efficient encoding * - Buffer reuse * - Type preservation * * Key Format Structure: * ``` * | Multibase | Multicodec | Key Data | * |-----------|------------|------------| * | 'z' | 0x8624 | Public Key | * | 'z' | 0x9026 | Secret Key | * * Example: * Public: z86240123... (Base58BTC('z') + SM2-pub(0x8624) + key) * Private: z90260123... (Base58BTC('z') + SM2-priv(0x9026) + key) * ``` * * Standards Compliance: * - Multicodec v1.0 * - Multibase v1.0 * - IPFS CID v1 * - GM/T 0009-2012 * - GB/T 32918.1-2016 * * Common Applications: * - Key storage * - Key exchange * - IPFS content * - Key identification * - Format conversion * * Usage Example: * ```javascript * import { * encodeKey, * decodeKey, * MULTICODEC_SM2_PUB_HEADER * } from './codec.js'; * * // Encode a public key * const publicKey = new Uint8Array([1, 2, 3, 4]); // Example bytes * const encoded = encodeKey(MULTICODEC_SM2_PUB_HEADER, publicKey); * console.log(encoded); // 'z8624...' * * // Decode and validate * const { key, prefix } = decodeKey(encoded); * if (prefix.equals(MULTICODEC_SM2_PUB_HEADER)) { * console.log('Valid SM2 public key'); * } * ``` * * @module formats/codec * @see {@link https://github.com/multiformats/multicodec|Multicodec} * @see {@link https://github.com/multiformats/multibase|Multibase} * @see {@link https://github.com/multiformats/cid|CID} */ import { base58btc } from 'multiformats/bases/base58'; import { ArgumentError, KeyError, SM2Error, ErrorCodes } from '../core/errors.js'; import { isValidBinaryData, toBuffer, matchBinaryType } from '../utils/binary.js'; /** * Multiformat Constants * * These constants define the prefixes and headers used in the multiformat * encoding scheme. They follow the official multicodec and multibase * specifications for consistent key identification. * * Format Details: * ``` * Multibase: * 'z' - Base58BTC encoding prefix * * Multicodec (varint encoded): * 0x8624 - SM2 public key (0x1206) * 0x9026 - SM2 private key (0x1310) * ``` * * @constant * @readonly */ export const MULTIBASE_BASE58BTC_HEADER = 'z'; /** * SM2 Public Key Multicodec Header * * This constant defines the multicodec prefix for SM2 public keys. * The value 0x8624 is the varint encoding of code 0x1206. * * Header Structure: * ``` * | 1st byte | 2nd byte | * | 0x86 | 0x24 | * | cont.bit | value | * ``` * * @constant {Uint8Array} * @readonly */ export const MULTICODEC_SM2_PUB_HEADER = new Uint8Array([0x86, 0x24]); /** * SM2 Private Key Multicodec Header * * This constant defines the multicodec prefix for SM2 private keys. * The value 0x9026 is the varint encoding of code 0x1310. * * Header Structure: * ``` * | 1st byte | 2nd byte | * | 0x90 | 0x26 | * | cont.bit | value | * ``` * * @constant {Uint8Array} * @readonly */ export const MULTICODEC_SM2_PRIV_HEADER = new Uint8Array([0x90, 0x26]); /** * Encode a cryptographic key with multiformat prefixes * * This function implements the multiformat encoding scheme, combining * multicodec and multibase specifications to create a self-describing * key format. It ensures proper type identification and encoding. * * Processing Steps: * 1. Input validation * 2. Type verification * 3. Prefix assembly * 4. Key concatenation * 5. Base58BTC encoding * * Security Considerations: * - Key validation * - Prefix verification * - Buffer safety * - Memory bounds * - Type checking * * Performance Notes: * - Single allocation * - Early validation * - Efficient encoding * - Buffer reuse * - Type preservation * * Encoding Process: * ``` * Input: prefix=[0x86,0x24] key=[k1,k2,...] * Step 1: Validate inputs * Step 2: Combine [prefix|key] * Step 3: Add multibase prefix * Output: "z" + base58btc([prefix|key]) * ``` * * @param {Uint8Array} prefix - Multicodec prefix for key type * @param {Buffer|Uint8Array} key - Raw key data to encode * @returns {string} Multiformat encoded key string * @throws {ArgumentError} If inputs are invalid * * @example * ```javascript * // Encode a public key * const pubKey = Buffer.from([ * 0x04, // Uncompressed point * ...new Array(63).fill(0) // X and Y coordinates * ]); * const encoded = encodeKey(MULTICODEC_SM2_PUB_HEADER, pubKey); * console.log(encoded); // 'z8624...' * * // Encode a private key * const privKey = Buffer.from(new Array(32).fill(0)); * const encodedPriv = encodeKey(MULTICODEC_SM2_PRIV_HEADER, privKey); * console.log(encodedPriv); // 'z9026...' * ``` */ export function encodeKey(prefix, key) { if (!isValidBinaryData(key)) { throw new ArgumentError('Invalid key', { code: ErrorCodes.ERR_ARGUMENT_INVALID, details: 'Key must be a Buffer or Uint8Array' }); } // Convert key to Buffer for concatenation const keyBuf = toBuffer(key); const data = Buffer.concat([Buffer.from(prefix), keyBuf]); return base58btc.encode(data); } /** * Decode a multiformat encoded key string * * This function implements the multiformat decoding process, handling * both multicodec and multibase aspects. It performs thorough validation * to ensure key integrity and proper format compliance. * * Processing Steps: * 1. Input validation * 2. Multibase verification * 3. Base58BTC decoding * 4. Multicodec extraction * 5. Key separation * * Security Considerations: * - Format validation * - Prefix verification * - Buffer safety * - Error handling * - Type checking * * Performance Notes: * - Minimal copying * - Early validation * - Efficient decoding * - Buffer reuse * - Type preservation * * Decoding Process: * ``` * Input: "z8624k1k2k3..." * Step 1: Validate multibase prefix ('z') * Step 2: Base58BTC decode * Step 3: Extract multicodec prefix * Step 4: Validate prefix * Step 5: Extract key data * Output: { * prefix: [0x86,0x24], * key: [k1,k2,k3,...] * } * ``` * * @param {string} encoded - Multiformat encoded key string * @param {Buffer|Uint8Array} [outputType] - Optional type to match output format * @returns {{key: Buffer|Uint8Array, prefix: Buffer}} Decoded key and prefix * @throws {ArgumentError} If input is invalid * @throws {KeyError} If key format is invalid * * @example * ```javascript * // Decode and validate a public key * try { * const { key, prefix } = decodeKey('z8624...'); * * if (prefix.equals(MULTICODEC_SM2_PUB_HEADER)) { * console.log('Valid SM2 public key'); * console.log('Length:', key.length); // 64 bytes * } * } catch (err) { * if (err instanceof KeyError) { * console.error('Invalid key format'); * } * } * * // Decode with type matching * const uint8 = new Uint8Array(); * const { key } = decodeKey('z8624...', uint8); * console.log(key instanceof Uint8Array); // true * ``` */ export function decodeKey(encoded, outputType) { if (!encoded || typeof encoded !== 'string') { throw new ArgumentError('Invalid encoded key', { code: ErrorCodes.ERR_ARGUMENT_INVALID, details: 'Encoded key must be a non-empty string' }); } if (outputType && !isValidBinaryData(outputType)) { throw new ArgumentError('Invalid output type', { code: ErrorCodes.ERR_ARGUMENT_INVALID, details: 'Output type must be a Buffer or Uint8Array' }); } if (!encoded.startsWith(MULTIBASE_BASE58BTC_HEADER)) { throw new KeyError('Invalid SM2 key prefix', { code: ErrorCodes.ERR_KEY_FORMAT_NEW }); } try { const data = base58btc.decode(encoded); if (data.length < 2) { throw new KeyError('Invalid key length', { code: ErrorCodes.ERR_KEY_FORMAT_NEW }); } const prefix = Buffer.from(data.subarray(0, 2)); const key = Buffer.from(data.subarray(2)); // Verify prefix if (!prefix.equals(MULTICODEC_SM2_PUB_HEADER) && !prefix.equals(MULTICODEC_SM2_PRIV_HEADER)) { throw new KeyError('Invalid SM2 key prefix', { code: ErrorCodes.ERR_KEY_FORMAT_NEW }); } // Match output type if specified return { key: outputType ? matchBinaryType(outputType, key) : key, prefix }; } catch (error) { if (error instanceof SM2Error) { throw error; } throw new KeyError('Invalid SM2 public key prefix', { code: ErrorCodes.ERR_KEY_FORMAT_NEW, cause: error }); } }