bif-sm
Version:
An implementation of GM/T industry standards
2 lines (1 loc) • 16.4 kB
JavaScript
import t from"to-arraybuffer";import{Buffer as e}from"buffer";import{BigInteger as r,SecureRandom as n}from"jsbn";var i=r.prototype.Barrett;function o(t,e){this.x=e,this.q=t}function u(t,e,n,i){this.curve=t,this.x=e,this.y=n,this.z=null==i?r.ONE:i,this.zinv=null}function s(t,e,r){this.q=t,this.a=this.fromBigInteger(e),this.b=this.fromBigInteger(r),this.infinity=new u(this,null,null),this.reducer=new i(this.q)}o.prototype.equals=function(t){return t==this||this.q.equals(t.q)&&this.x.equals(t.x)},o.prototype.toBigInteger=function(){return this.x},o.prototype.negate=function(){return new o(this.q,this.x.negate().mod(this.q))},o.prototype.add=function(t){return new o(this.q,this.x.add(t.toBigInteger()).mod(this.q))},o.prototype.subtract=function(t){return new o(this.q,this.x.subtract(t.toBigInteger()).mod(this.q))},o.prototype.multiply=function(t){return new o(this.q,this.x.multiply(t.toBigInteger()).mod(this.q))},o.prototype.square=function(){return new o(this.q,this.x.square().mod(this.q))},o.prototype.divide=function(t){return new o(this.q,this.x.multiply(t.toBigInteger().modInverse(this.q)).mod(this.q))},u.prototype.getX=function(){null==this.zinv&&(this.zinv=this.z.modInverse(this.curve.q));var t=this.x.toBigInteger().multiply(this.zinv);return this.curve.reduce(t),this.curve.fromBigInteger(t)},u.prototype.getY=function(){null==this.zinv&&(this.zinv=this.z.modInverse(this.curve.q));var t=this.y.toBigInteger().multiply(this.zinv);return this.curve.reduce(t),this.curve.fromBigInteger(t)},u.prototype.equals=function(t){return t==this||(this.isInfinity()?t.isInfinity():t.isInfinity()?this.isInfinity():!!t.y.toBigInteger().multiply(this.z).subtract(this.y.toBigInteger().multiply(t.z)).mod(this.curve.q).equals(r.ZERO)&&t.x.toBigInteger().multiply(this.z).subtract(this.x.toBigInteger().multiply(t.z)).mod(this.curve.q).equals(r.ZERO))},u.prototype.isInfinity=function(){return null==this.x&&null==this.y||this.z.equals(r.ZERO)&&!this.y.toBigInteger().equals(r.ZERO)},u.prototype.negate=function(){return new u(this.curve,this.x,this.y.negate(),this.z)},u.prototype.add=function(t){if(this.isInfinity())return t;if(t.isInfinity())return this;var e=t.y.toBigInteger().multiply(this.z).subtract(this.y.toBigInteger().multiply(t.z)).mod(this.curve.q),n=t.x.toBigInteger().multiply(this.z).subtract(this.x.toBigInteger().multiply(t.z)).mod(this.curve.q);if(r.ZERO.equals(n))return r.ZERO.equals(e)?this.twice():this.curve.getInfinity();var i=new r("3"),o=this.x.toBigInteger(),s=this.y.toBigInteger(),a=(t.x.toBigInteger(),t.y.toBigInteger(),n.square()),f=a.multiply(n),l=o.multiply(a),g=e.square().multiply(this.z),c=g.subtract(l.shiftLeft(1)).multiply(t.z).subtract(f).multiply(n).mod(this.curve.q),h=l.multiply(i).multiply(e).subtract(s.multiply(f)).subtract(g.multiply(e)).multiply(t.z).add(e.multiply(f)).mod(this.curve.q),p=f.multiply(this.z).multiply(t.z).mod(this.curve.q);return new u(this.curve,this.curve.fromBigInteger(c),this.curve.fromBigInteger(h),p)},u.prototype.twice=function(){if(this.isInfinity())return this;if(0==this.y.toBigInteger().signum())return this.curve.getInfinity();var t=new r("3"),e=this.x.toBigInteger(),n=this.y.toBigInteger(),i=n.multiply(this.z),o=i.multiply(n).mod(this.curve.q),s=this.curve.a.toBigInteger(),a=e.square().multiply(t);r.ZERO.equals(s)||(a=a.add(this.z.square().multiply(s)));var f=(a=a.mod(this.curve.q)).square().subtract(e.shiftLeft(3).multiply(o)).shiftLeft(1).multiply(i).mod(this.curve.q),l=a.multiply(t).multiply(e).subtract(o.shiftLeft(1)).shiftLeft(2).multiply(o).subtract(a.square().multiply(a)).mod(this.curve.q),g=i.square().multiply(i).shiftLeft(3).mod(this.curve.q);return new u(this.curve,this.curve.fromBigInteger(f),this.curve.fromBigInteger(l),g)},u.prototype.multiply=function(t){if(this.isInfinity())return this;if(0==t.signum())return this.curve.getInfinity();var e,n=t,i=n.multiply(new r("3")),o=this.negate(),u=this;for(e=i.bitLength()-2;e>0;--e){u=u.twice();var s=i.testBit(e);s!=n.testBit(e)&&(u=u.add(s?this:o))}return u},u.prototype.multiplyTwo=function(t,e,r){var n;n=t.bitLength()>r.bitLength()?t.bitLength()-1:r.bitLength()-1;for(var i=this.curve.getInfinity(),o=this.add(e);n>=0;)i=i.twice(),t.testBit(n)?i=r.testBit(n)?i.add(o):i.add(this):r.testBit(n)&&(i=i.add(e)),--n;return i},s.prototype.getQ=function(){return this.q},s.prototype.getA=function(){return this.a},s.prototype.getB=function(){return this.b},s.prototype.equals=function(t){return t==this||this.q.equals(t.q)&&this.a.equals(t.a)&&this.b.equals(t.b)},s.prototype.getInfinity=function(){return this.infinity},s.prototype.fromBigInteger=function(t){return new o(this.q,t)},s.prototype.reduce=function(t){this.reducer.reduce(t)},s.prototype.decodePointHex=function(t){switch(parseInt(t.substr(0,2),16)){case 0:return this.infinity;case 2:case 3:return null;case 4:case 6:case 7:var e=(t.length-2)/2,n=t.substr(2,e),i=t.substr(e+2,e);return new u(this,this.fromBigInteger(new r(n,16)),this.fromBigInteger(new r(i,16)));default:return null}},s.prototype.encodePointHex=function(t){if(t.isInfinity())return"00";var e=t.getX().toBigInteger().toString(16),r=t.getY().toBigInteger().toString(16),n=this.getQ().toString(16).length;for(n%2!=0&&n++;e.length<n;)e="0"+e;for(;r.length<n;)r="0"+r;return"04"+e+r};var a="04",f=function(t,e){return t<<(e%=32)|t>>>32-e},l=function(t,e){var r=e-t.length;return(r>0?"0".repeat(r):"")+t},g=function(t){var r=e.alloc(1,128),n=t.length%64,i=e.alloc(n=n>=56?64-n%56-1:56-n-1,0),o=e.alloc(8),u=8*t.length;return o.writeUInt32BE(Math.floor(u/Math.pow(2,32)),0),o.writeUInt32BE(u%Math.pow(2,32),4),e.concat([t,r,i,o],t.length+1+n+8)},c=function(t){return t<16?2043430169:2055708042},h=function(t,e,r,n){return n<16?t^e^r:t&e|t&r|e&r},p=function(t,e,r,n){return n<16?t^e^r:t&e|~t&r},y=function(t,e,r){for(var n,i,o,u,s,a=function(t){var e,r=new Array(132);t.forEach(function(t,e){r[e]=t});for(var n=16;n<68;n++)r[n]=(e=r[n-16]^r[n-9]^f(r[n-3],15))^f(e,15)^f(e,23)^f(r[n-13],7)^r[n-6];for(var i=0;i<64;i++)r[i+68]=r[i]^r[i+4];return r}(e),l=t[0],g=t[1],y=t[2],d=t[3],F=t[4],v=t[5],m=t[6],B=t[7],I=0;I<64;I++)i=(n=f(f(l,12)+F+f(c(I),I),7))^f(l,12),o=h(l,g,y,I)+d+i+a[I+68],u=p(F,v,m,I)+B+n+a[I],d=y,y=f(g,9),g=l,l=o,B=m,m=f(v,19),v=F,F=(s=u)^f(s,9)^f(s,17);return[l^t[0],g^t[1],y^t[2],d^t[3],F^t[4],v^t[5],m^t[6],B^t[7]]},d=function(r,n,i){if("string"==typeof r?r=e.from(r,n||"utf8"):r instanceof ArrayBuffer&&(r=e.from(r)),!e.isBuffer(r))throw new TypeError('Expected "string" | "Buffer" | "ArrayBuffer" but received "'+Object.prototype.toString.call(r)+'"');for(var o=(r=g(r)).length/64,u=new Array(o),s=0;s<o;s++){u[s]=new Array(16);for(var a=0;a<16;a++)u[s][a]=r.readUInt32BE(64*s+4*a)}var f=new Array(o);f[0]=[1937774191,1226093241,388252375,3666478592,2842636476,372324522,3817729613,2969243214];for(var l=0;l<o;l++)f[l+1]=y(f[l],u[l]);var c=e.alloc(32);return f[o].forEach(function(t,e){return c.writeInt32BE(t,4*e)}),i?c.toString(i):t(c)},F={__proto__:null,padding:g,digest:d},v={C1C2C3:0,C1C3C2:1,PC:a},m=new n,B=function(){var t=new r("FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFF",16),e=new r("FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFC",16),n=new r("28E9FA9E9D9F5E344D5A9E4BCF6509A7F39789F515AB8F92DDBCBD414D940E93",16),i=new s(t,e,n),o="32C4AE2C1F1981195F9904466A39C9948FE30BBFF2660BE1715A4589334C74C7",u="BC3736A2F4F6779C59BDCEE36B692153D0A9877CC62A474002DF32E52139F0A0",f=i.decodePointHex(a+o+u);return{a:e,b:n,gx:o,gy:u,curve:i,G:f,n:new r("FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFF7203DF6B21C6052B53BBF40939D54123",16)}}(),I=B.a,E=B.b,w=B.gx,q=B.gy,x=B.curve,b=B.G,S=B.n;function A(t,r){for(var n=[],i=Math.ceil(r/32),o=r%32,u=1;u<=i;u++){var s=e.allocUnsafe(4);s.writeUInt32BE(u);var a=d(e.concat([t,s]));n.push(u===i&&o?e.from(a).slice(0,o):e.from(a))}return e.concat(n,r)}var O=function(){var t=new r(S.bitLength(),m).mod(S.subtract(new r("2"))).add(r.ONE),e=l(t.toString(16),64),n=b.multiply(t),i=l(n.getX().toBigInteger().toString(16),64),o=l(n.getY().toBigInteger().toString(16),64);return{privateKey:e,publicKey:a+i+o}};function z(){var t=[I,E,new r(w,16),new r(q,16)],n=[];return t.forEach(function(t){var e=t.toByteArray();n=n.concat(e.length>32?e.slice(-32):e)}),e.from(d(e.from(n)))}function C(){return z()}function Z(t,n){t instanceof ArrayBuffer?t=e.from(t):"string"==typeof t&&(t.startsWith("0x")&&(t=t.substring(2)),t=e.from(t));try{n="string"==typeof n?n:n.toString("hex")}catch(t){console.error("privateKey转化有问题")}n.startsWith("0x")&&(n=n.substring(2));var i,o,u=C(),s=e.concat([u,t]),a=new r(n,16),f=new r(d(s,"buffer","hex"),16),l=null,g=null,c=null,h=null;do{do{var p=(i=void 0,o=void 0,i=O(),o=x.decodePointHex(i.publicKey),i.k=new r(i.privateKey,16),i.x1=o.getX().toBigInteger(),i.y1=o.getY().toBigInteger(),i);l=p.k,g=f.add(p.x1).mod(S),h=0==p.y1.mod(new r("2",10))?r.ZERO:r.ONE}while(g.equals(r.ZERO)||g.add(l).equals(S));c=a.add(r.ONE).modInverse(S).multiply(l.subtract(g.multiply(a))).mod(S)}while(c.equals(r.ZERO));return{signature:g.toString(16)+c.toString(16)+"0"+h.toString(16),v:h,r:g,s:c}}function L(t,n,i){var o="string"==typeof t?t:t.toString("hex"),u=e.concat([C(),e.from(o)]),s=new r(d(u,"buffer","hex"),16),a=new r(n.substring(0,64),16),f=new r(n.substring(64,128),16),l=x.decodePointHex(i),g=a.add(f).mod(S);if(g.equals(r.ZERO))return!1;var c=b.multiply(f).add(l.multiply(g)),h=s.add(c.getX().toBigInteger()).mod(S);return a.equals(h)}var R={__proto__:null,constants:v,generateKeyPair:O,keyFromPrivate:function(t){var e=b.multiply(new r(t.slice(2),16)),n=l(e.getX().toBigInteger().toString(16),64),i=l(e.getY().toBigInteger().toString(16),64);return{privateKey:t,publicKey:a+n+i}},encrypt:function(n,i,o){var u=o||{},s=u.mode,a=void 0===s?1:s,f=u.outputEncoding;if("string"==typeof n?n=e.from(n,u.inputEncoding||"utf8"):n instanceof ArrayBuffer&&(n=e.from(n)),!e.isBuffer(n))throw new TypeError('Expected "string" | "Buffer" | "ArrayBuffer" but received "'+Object.prototype.toString.call(n)+'"');var g=new r(S.bitLength(),m).mod(S.subtract(r.ONE)).add(r.ONE),c=b.multiply(g),h=l(c.getX().toBigInteger().toString(16),64)+l(c.getY().toBigInteger().toString(16),64),p=x.decodePointHex(i).multiply(g),y=l(p.getX().toBigInteger().toString(16),64),F=l(p.getY().toBigInteger().toString(16),64),v=A(e.from(y+F,"hex"),n.length),B=l(new r(n.toString("hex"),16).xor(new r(v.toString("hex"),16)).toString(16),2*n.length),I=d(y+n.toString("hex")+F,"hex","hex"),E=e.from(0===a?h+B+I:h+I+B,"hex");return f?E.toString(f):t(E)},decrypt:function(n,i,o){var u=o||{},s=u.mode,f=void 0===s?1:s,g=u.outputEncoding;if("string"==typeof n?n=e.from(n,u.inputEncoding):n instanceof ArrayBuffer&&(n=e.from(n)),!e.isBuffer(n))throw new TypeError('Expected "string" | "Buffer" | "ArrayBuffer" but received "'+Object.prototype.toString.call(n)+'"');var c=n.slice(0,32).toString("hex"),h=n.slice(32,64).toString("hex"),p=x.decodePointHex(a+c+h).multiply(new r(i,16)),y=l(p.getX().toBigInteger().toString(16),64),F=l(p.getY().toBigInteger().toString(16),64),v=n.slice(64,96),m=n.slice(96);0===f&&(v=n.slice(n.length-32),m=n.slice(64,n.length-32));var B=A(e.from(y+F,"hex"),m.length),I=new r(m.toString("hex"),16).xor(new r(B.toString("hex"),16)).toString(16),E=d(y+I+F,"hex","hex")===v.toString("hex")?e.from(I,"hex"):e.alloc(0);return g?E.toString(g):t(E)},sm3hashZA:z,smSign:Z,smSignJava:function(t,n){try{n="string"==typeof n?n:n.toString("hex")}catch(t){console.error("privateKey转化有问题")}var i=C(),o=e.concat([i,t]),u=new r(n,16),s=new r(d(o,"buffer","hex"),16),a=null,f=null,l=null,g=null;do{do{a=new r(S.bitLength(),m).mod(S.subtract(r.ONE)).add(r.ONE);var c=b.multiply(a),h=c.getX().toBigInteger(),p=c.getY().toBigInteger();f=s.add(h).mod(S),g=0==p.mod(new r("2",10))?r.ZERO:r.ONE}while(f.equals(r.ZERO)||f.add(a).equals(S));l=u.add(r.ONE).modInverse(S).multiply(a.subtract(f.multiply(u))).mod(S)}while(l.equals(r.ZERO));return{signature:f.toString(16)+l.toString(16)+"0"+g.toString(16),v:g,r:f,s:l}},smVerify:L,sign:Z,verfy:L},_=[[214,144,233,254,204,225,61,183,22,182,20,194,40,251,44,5],[43,103,154,118,42,190,4,195,170,68,19,38,73,134,6,153],[156,66,80,244,145,239,152,122,51,84,11,67,237,207,172,98],[228,179,28,169,201,8,232,149,128,223,148,250,117,143,63,166],[71,7,167,252,243,115,23,186,131,89,60,25,230,133,79,168],[104,107,129,178,113,100,218,139,248,235,15,75,112,86,157,53],[30,36,14,94,99,88,209,162,37,34,124,59,1,33,120,135],[212,0,70,87,159,211,39,82,76,54,2,231,160,196,200,158],[234,191,138,210,64,199,56,181,163,247,242,206,249,97,21,161],[224,174,93,164,155,52,26,85,173,147,50,48,245,140,177,227],[29,246,226,46,130,102,202,96,192,41,35,171,13,83,78,111],[213,219,55,69,222,253,142,47,3,255,106,114,109,108,91,81],[141,27,175,146,187,221,188,127,17,217,92,65,31,16,90,216],[10,193,49,136,165,205,123,189,45,116,208,18,184,229,180,176],[137,105,151,74,12,150,119,126,101,185,241,9,197,110,198,132],[24,240,125,236,58,220,77,32,121,238,95,62,215,203,57,72]],D=[2746333894,1453994832,1736282519,2993693404],N=[462357,472066609,943670861,1415275113,1886879365,2358483617,2830087869,3301692121,3773296373,4228057617,404694573,876298825,1347903077,1819507329,2291111581,2762715833,3234320085,3705924337,4177462797,337322537,808926789,1280531041,1752135293,2223739545,2695343797,3166948049,3638552301,4110090761,269950501,741554753,1213159005,1684763257],P=/^[0-9a-f]{32}$/i,T=function(t){return _[(4026531840&t)>>>28][(251658240&t)>>>24]<<24|_[(15728640&t)>>>20][(983040&t)>>>16]<<16|_[(61440&t)>>>12][(3840&t)>>>8]<<8|_[(240&t)>>>4][(15&t)>>>0]<<0},X=function(t){return(e=T(t))^f(e,2)^f(e,10)^f(e,18)^f(e,24);var e},K=function(t){var e,r=new Array(36);r[0]=t[0]^D[0],r[1]=t[1]^D[1],r[2]=t[2]^D[2],r[3]=t[3]^D[3];for(var n=new Array(32),i=0;i<32;i++)r[i+4]=r[i]^(e=T(r[i+1]^r[i+2]^r[i+3]^N[i]))^f(e,13)^f(e,23),n[i]=r[i+4];return n},Y=function(t,e){for(var r=K(e),n=0;n<32;n++)t[n+4]=t[n]^X(t[n+1]^t[n+2]^t[n+3]^r[n]);return[t[35],t[34],t[33],t[32]]},H=function(t,e){for(var r=K(e).reverse(),n=0;n<32;n++)t[n+4]=t[n]^X(t[n+1]^t[n+2]^t[n+3]^r[n]);return[t[35],t[34],t[33],t[32]]},M=function(t){return[t.readInt32BE(0),t.readInt32BE(4),t.readInt32BE(8),t.readInt32BE(12)]},j=function(t){for(var r=e.alloc(16),n=0;n<4;n++)r.writeInt32BE(t[n],4*n);return r},k={__proto__:null,constants:{ECB:1,CBC:2},encrypt:function(r,n,i){var o=i||{},u=o.mode,s=o.iv,a=o.outputEncoding;if("string"==typeof r?r=e.from(r,o.inputEncoding||"utf8"):r instanceof ArrayBuffer&&(r=e.from(r)),!e.isBuffer(r))throw new TypeError('Expected "string" | "Buffer" | "ArrayBuffer" but received "'+Object.prototype.toString.call(r)+'"');if(!P.test(n))throw new TypeError("Invalid value of cipher `key`");if(n=e.from(n,"hex"),2===u&&!P.test(s))throw new TypeError("Invalid value of `iv` option");return function(r,n,i,o){i&&(i=M(i)),n=M(n);for(var u=[],s=(r=function(t){var r=16-t.length%16,n=e.alloc(r,r);return e.concat([t,n],t.length+r)}(r)).length/16,a=0;a<s;a++)if(i){var f=16*a,l=[i[0]^r.readInt32BE(f),i[1]^r.readInt32BE(f+4),i[2]^r.readInt32BE(f+8),i[3]^r.readInt32BE(f+12)],g=Y(l,n);u.push(j(g)),i=g.slice(0)}else{var c=16*a,h=[r.readInt32BE(c),r.readInt32BE(c+4),r.readInt32BE(c+8),r.readInt32BE(c+12)],p=Y(h,n);u.push(j(p))}var y=e.concat(u,r.length);return o?y.toString(o):t(y)}(r,n,s=2===u?e.from(s,"hex"):null,a)},decrypt:function(r,n,i){var o=i||{},u=o.mode,s=o.iv,a=o.outputEncoding;if("string"==typeof r?r=e.from(r,o.inputEncoding):r instanceof ArrayBuffer&&(r=e.from(r)),!e.isBuffer(r))throw new TypeError('Expected "string" | "Buffer" | "ArrayBuffer" but received "'+Object.prototype.toString.call(r)+'"');if(!P.test(n))throw new TypeError("Invalid value of cipher `key`");if(n=e.from(n,"hex"),2===u&&!P.test(s))throw new TypeError("Invalid value of `iv` option");return function(r,n,i,o){i&&(i=M(i)),n=M(n);var u=[],s=r.length/16;if(i)for(var a=s-1;a>=0;a--){var f,l=16*a;f=a>0?[r.readInt32BE(l-16),r.readInt32BE(l-16+4),r.readInt32BE(l-16+8),r.readInt32BE(l-16+12)]:i;var g=[r.readInt32BE(l),r.readInt32BE(l+4),r.readInt32BE(l+8),r.readInt32BE(l+12)],c=H(g,n);u.unshift(j([c[0]^f[0],c[1]^f[1],c[2]^f[2],c[3]^f[3]]))}else for(var h=0;h<s;h++){var p=16*h,y=[r.readInt32BE(p),r.readInt32BE(p+4),r.readInt32BE(p+8),r.readInt32BE(p+12)],d=H(y,n);u.push(j(d))}var F=e.concat(u,r.length-u[u.length-1][15]);return o?F.toString(o):t(F)}(r,n,s=2===u?e.from(s,"hex"):null,a)}};export{R as SM2,F as SM3,k as SM4};