UNPKG

fcash-ecies

Version:

ECIES implemented for Fcash.

github.com/fcash-js/fcash-ecies

fcash-js/fcash-ecies

139 lines (115 loc) 3.66 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
'use strict'; var fcashBase = require('fcash-lib'); var PublicKey = fcashBase.PublicKey; var Hash = fcashBase.crypto.Hash; var Random = fcashBase.crypto.Random; var $ = fcashBase.util.preconditions; var AESCBC = require('./aescbc'); // http://en.wikipedia.org/wiki/Integrated_Encryption_Scheme var ECIES = function ECIES(opts) { if (!(this instanceof ECIES)) { return new ECIES(); } this.opts = opts || {}; }; ECIES.prototype.privateKey = function(privateKey) { $.checkArgument(privateKey, 'no private key provided'); this._privateKey = privateKey || null; return this; }; ECIES.prototype.publicKey = function(publicKey) { $.checkArgument(publicKey, 'no public key provided'); this._publicKey = publicKey || null; return this; }; var cachedProperty = function(name, getter) { var cachedName = '_' + name; Object.defineProperty(ECIES.prototype, name, { configurable: false, enumerable: true, get: function() { var value = this[cachedName]; if (!value) { value = this[cachedName] = getter.apply(this); } return value; } }); }; cachedProperty('Rbuf', function() { return this._privateKey.publicKey.toDER(true); }); cachedProperty('kEkM', function() { var r = this._privateKey.bn; var KB = this._publicKey.point; var P = KB.mul(r); var S = P.getX(); var Sbuf = S.toBuffer({size: 32}); return Hash.sha512(Sbuf); }); cachedProperty('kE', function() { return this.kEkM.slice(0, 32); }); cachedProperty('kM', function() { return this.kEkM.slice(32,64); }); // Encrypts the message (String or Buffer). // Optional `ivbuf` contains 16-byte Buffer to be used in AES-CBC. // By default, `ivbuf` is computed deterministically from message and private key using HMAC-SHA256. // Deterministic IV enables end-to-end test vectors for alternative implementations. // Note that identical messages have identical ciphertexts. If your protocol does not include some // kind of a sequence identifier inside the message *and* it is important to not allow attacker to learn // that message is repeated, then you should use custom IV. // For random IV, pass `Random.getRandomBuffer(16)` for the second argument. ECIES.prototype.encrypt = function(message, ivbuf) { if (!Buffer.isBuffer(message)) message = new Buffer(message); if (ivbuf === undefined) { ivbuf = Hash.sha256hmac(message, this._privateKey.toBuffer()).slice(0,16); } var c = AESCBC.encryptCipherkey(message, this.kE, ivbuf); var d = Hash.sha256hmac(c, this.kM); if(this.opts.shortTag) d = d.slice(0,4); if(this.opts.noKey) { var encbuf = Buffer.concat([c, d]); } else { var encbuf = Buffer.concat([this.Rbuf, c, d]); } return encbuf; }; ECIES.prototype.decrypt = function(encbuf) { $.checkArgument(encbuf); var offset = 0; var tagLength = 32; if(this.opts.shortTag) { tagLength = 4; } if(!this.opts.noKey) { var pub; switch(encbuf[0]) { case 4: pub = encbuf.slice(0, 65); break; case 3: case 2: pub = encbuf.slice(0, 33); break; default: throw new Error('Invalid type: ' + encbuf[0]); } this._publicKey = PublicKey.fromDER(pub); offset += pub.length; } var c = encbuf.slice(offset, encbuf.length - tagLength); var d = encbuf.slice(encbuf.length - tagLength, encbuf.length); var d2 = Hash.sha256hmac(c, this.kM); if(this.opts.shortTag) d2 = d2.slice(0,4); var equal = true; for (var i = 0; i < d.length; i++) { equal &= (d[i] === d2[i]); } if (!equal) { throw new Error('Invalid checksum'); } return AESCBC.decryptCipherkey(c, this.kE); }; module.exports = ECIES;