UNPKG

gm-sm

Version:

sm2

893 lines (772 loc) • 29.9 kB

JavaScript

var KJUR = {}; const {ECFieldElementFp, ECCurveFp, ECPointFp} = require('./ec'); const { SecureRandom } = require('./rng'); const {BigInteger} = require('./jsbn'); // require('./ecdsa-modified-1.0'); // require('./ecparam-1.0'); //----------------------ecdsa-modified-1.0.js---------------------------- /*! ecdsa-modified-1.0.4.js (c) Stephan Thomas, Kenji Urushima | github.com/bitcoinjs/bitcoinjs-lib/blob/master/LICENSE */ /* * ecdsa-modified.js - modified Bitcoin.ECDSA class * * Copyright (c) 2013 Stefan Thomas (github.com/justmoon) * Kenji Urushima (kenji.urushima@gmail.com) * LICENSE * https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/LICENSE */ /** * @fileOverview * @name ecdsa-modified-1.0.js * @author Stefan Thomas (github.com/justmoon) and Kenji Urushima (kenji.urushima@gmail.com) * @version 1.0.4 (2013-Oct-06) * @since jsrsasign 4.0 * @license <a href="https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/LICENSE">MIT License</a> */ if (typeof KJUR == "undefined" || !KJUR) KJUR = {}; if (typeof KJUR.crypto == "undefined" || !KJUR.crypto) KJUR.crypto = {}; /** * class for EC key generation, ECDSA signing and verifcation * @name KJUR.crypto.ECDSA * @class class for EC key generation, ECDSA signing and verifcation * @description * <p> * CAUTION: Most of the case, you don't need to use this class except * for generating an EC key pair. Please use {@link KJUR.crypto.Signature} class instead. * </p> * <p> * This class was originally developped by Stefan Thomas for Bitcoin JavaScript library. * (See {@link https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/src/ecdsa.js}) * Currently this class supports following named curves and their aliases. * <ul> * <li>secp256r1, NIST P-256, P-256, prime256v1 (*)</li> * <li>secp256k1 (*)</li> * <li>secp384r1, NIST P-384, P-384 (*)</li> * </ul> * </p> */ KJUR.crypto.ECDSA = function(params) { var curveName = "secp256r1"; // curve name default var ecparams = null; var prvKeyHex = null; var pubKeyHex = null; var rng = new SecureRandom(); var P_OVER_FOUR = null; this.type = "EC"; function implShamirsTrick(P, k, Q, l) { var m = Math.max(k.bitLength(), l.bitLength()); var Z = P.add2D(Q); var R = P.curve.getInfinity(); for (var i = m - 1; i >= 0; --i) { R = R.twice2D(); R.z = BigInteger.ONE; if (k.testBit(i)) { if (l.testBit(i)) { R = R.add2D(Z); } else { R = R.add2D(P); } } else { if (l.testBit(i)) { R = R.add2D(Q); } } } return R; }; //=========================== // PUBLIC METHODS //=========================== this.getBigRandom = function (limit) { return new BigInteger(limit.bitLength(), rng) .mod(limit.subtract(BigInteger.ONE)) .add(BigInteger.ONE) ; }; this.setNamedCurve = function(curveName) { this.ecparams = KJUR.crypto.ECParameterDB.getByName(curveName); this.prvKeyHex = null; this.pubKeyHex = null; this.curveName = curveName; } this.setPrivateKeyHex = function(prvKeyHex) { this.isPrivate = true; this.prvKeyHex = prvKeyHex; } this.setPublicKeyHex = function(pubKeyHex) { this.isPublic = true; this.pubKeyHex = pubKeyHex; } /** * generate a EC key pair * @name generateKeyPairHex * @memberOf KJUR.crypto.ECDSA * @function * @return {Array} associative array of hexadecimal string of private and public key * @since ecdsa-modified 1.0.1 * @example * var ec = KJUR.crypto.ECDSA({'curve': 'secp256r1'}); * var keypair = ec.generateKeyPairHex(); * var pubhex = keypair.ecpubhex; // hexadecimal string of EC private key (=d) * var prvhex = keypair.ecprvhex; // hexadecimal string of EC public key */ this.generateKeyPairHex = function() { var biN = this.ecparams['n']; var biPrv = this.getBigRandom(biN); var epPub = this.ecparams['G'].multiply(biPrv); var biX = epPub.getX().toBigInteger(); var biY = epPub.getY().toBigInteger(); var charlen = this.ecparams['keylen'] / 4; var hPrv = ("0000000000" + biPrv.toString(16)).slice(- charlen); var hX = ("0000000000" + biX.toString(16)).slice(- charlen); var hY = ("0000000000" + biY.toString(16)).slice(- charlen); var hPub = "04" + hX + hY; this.setPrivateKeyHex(hPrv); this.setPublicKeyHex(hPub); return {'ecprvhex': hPrv, 'ecpubhex': hPub}; }; this.signWithMessageHash = function(hashHex) { return this.signHex(hashHex, this.prvKeyHex); }; /** * signing to message hash * @name signHex * @memberOf KJUR.crypto.ECDSA * @function * @param {String} hashHex hexadecimal string of hash value of signing message * @param {String} privHex hexadecimal string of EC private key * @return {String} hexadecimal string of ECDSA signature * @since ecdsa-modified 1.0.1 * @example * var ec = KJUR.crypto.ECDSA({'curve': 'secp256r1'}); * var sigValue = ec.signHex(hash, prvKey); */ this.signHex = function (hashHex, privHex) { var d = new BigInteger(privHex, 16); var n = this.ecparams['n']; var e = new BigInteger(hashHex, 16); do { var k = this.getBigRandom(n); var G = this.ecparams['G']; var Q = G.multiply(k); var r = Q.getX().toBigInteger().mod(n); } while (r.compareTo(BigInteger.ZERO) <= 0); var s = k.modInverse(n).multiply(e.add(d.multiply(r))).mod(n); return KJUR.crypto.ECDSA.biRSSigToASN1Sig(r, s); }; this.sign = function (hash, priv) { var d = priv; var n = this.ecparams['n']; var e = BigInteger.fromByteArrayUnsigned(hash); do { var k = this.getBigRandom(n); var G = this.ecparams['G']; var Q = G.multiply(k); var r = Q.getX().toBigInteger().mod(n); } while (r.compareTo(BigInteger.ZERO) <= 0); var s = k.modInverse(n).multiply(e.add(d.multiply(r))).mod(n); return this.serializeSig(r, s); }; this.verifyWithMessageHash = function(hashHex, sigHex) { return this.verifyHex(hashHex, sigHex, this.pubKeyHex); }; /** * verifying signature with message hash and public key * @name verifyHex * @memberOf KJUR.crypto.ECDSA * @function * @param {String} hashHex hexadecimal string of hash value of signing message * @param {String} sigHex hexadecimal string of signature value * @param {String} pubkeyHex hexadecimal string of public key * @return {Boolean} true if the signature is valid, otherwise false * @since ecdsa-modified 1.0.1 * @example * var ec = KJUR.crypto.ECDSA({'curve': 'secp256r1'}); * var result = ec.verifyHex(msgHashHex, sigHex, pubkeyHex); */ this.verifyHex = function(hashHex, sigHex, pubkeyHex) { var r,s; var obj = KJUR.crypto.ECDSA.parseSigHex(sigHex); r = obj.r; s = obj.s; var Q; Q = ECPointFp.decodeFromHex(this.ecparams['curve'], pubkeyHex); var e = new BigInteger(hashHex, 16); return this.verifyRaw(e, r, s, Q); }; this.verify = function (hash, sig, pubkey) { var r,s; if (Bitcoin.Util.isArray(sig)) { var obj = this.parseSig(sig); r = obj.r; s = obj.s; } else if ("object" === typeof sig && sig.r && sig.s) { r = sig.r; s = sig.s; } else { throw "Invalid value for signature"; } var Q; if (pubkey instanceof ECPointFp) { Q = pubkey; } else if (Bitcoin.Util.isArray(pubkey)) { Q = ECPointFp.decodeFrom(this.ecparams['curve'], pubkey); } else { throw "Invalid format for pubkey value, must be byte array or ECPointFp"; } var e = BigInteger.fromByteArrayUnsigned(hash); return this.verifyRaw(e, r, s, Q); }; this.verifyRaw = function (e, r, s, Q) { var n = this.ecparams['n']; var G = this.ecparams['G']; if (r.compareTo(BigInteger.ONE) < 0 || r.compareTo(n) >= 0) return false; if (s.compareTo(BigInteger.ONE) < 0 || s.compareTo(n) >= 0) return false; var c = s.modInverse(n); var u1 = e.multiply(c).mod(n); var u2 = r.multiply(c).mod(n); // TODO(!!!): For some reason Shamir's trick isn't working with // signed message verification!? Probably an implementation // error! //var point = implShamirsTrick(G, u1, Q, u2); var point = G.multiply(u1).add(Q.multiply(u2)); var v = point.getX().toBigInteger().mod(n); return v.equals(r); }; /** * Serialize a signature into DER format. * * Takes two BigIntegers representing r and s and returns a byte array. */ this.serializeSig = function (r, s) { var rBa = r.toByteArraySigned(); var sBa = s.toByteArraySigned(); var sequence = []; sequence.push(0x02); // INTEGER sequence.push(rBa.length); sequence = sequence.concat(rBa); sequence.push(0x02); // INTEGER sequence.push(sBa.length); sequence = sequence.concat(sBa); sequence.unshift(sequence.length); sequence.unshift(0x30); // SEQUENCE return sequence; }; /** * Parses a byte array containing a DER-encoded signature. * * This function will return an object of the form: * * { * r: BigInteger, * s: BigInteger * } */ this.parseSig = function (sig) { var cursor; if (sig[0] != 0x30) throw new Error("Signature not a valid DERSequence"); cursor = 2; if (sig[cursor] != 0x02) throw new Error("First element in signature must be a DERInteger");; var rBa = sig.slice(cursor+2, cursor+2+sig[cursor+1]); cursor += 2+sig[cursor+1]; if (sig[cursor] != 0x02) throw new Error("Second element in signature must be a DERInteger"); var sBa = sig.slice(cursor+2, cursor+2+sig[cursor+1]); cursor += 2+sig[cursor+1]; //if (cursor != sig.length) // throw new Error("Extra bytes in signature"); var r = BigInteger.fromByteArrayUnsigned(rBa); var s = BigInteger.fromByteArrayUnsigned(sBa); return {r: r, s: s}; }; this.parseSigCompact = function (sig) { if (sig.length !== 65) { throw "Signature has the wrong length"; } // Signature is prefixed with a type byte storing three bits of // information. var i = sig[0] - 27; if (i < 0 || i > 7) { throw "Invalid signature type"; } var n = this.ecparams['n']; var r = BigInteger.fromByteArrayUnsigned(sig.slice(1, 33)).mod(n); var s = BigInteger.fromByteArrayUnsigned(sig.slice(33, 65)).mod(n); return {r: r, s: s, i: i}; }; /* * Recover a public key from a signature. * * See SEC 1: Elliptic Curve Cryptography, section 4.1.6, "Public * Key Recovery Operation". * * http://www.secg.org/download/aid-780/sec1-v2.pdf */ /* recoverPubKey: function (r, s, hash, i) { // The recovery parameter i has two bits. i = i & 3; // The less significant bit specifies whether the y coordinate // of the compressed point is even or not. var isYEven = i & 1; // The more significant bit specifies whether we should use the // first or second candidate key. var isSecondKey = i >> 1; var n = this.ecparams['n']; var G = this.ecparams['G']; var curve = this.ecparams['curve']; var p = curve.getQ(); var a = curve.getA().toBigInteger(); var b = curve.getB().toBigInteger(); // We precalculate (p + 1) / 4 where p is if the field order if (!P_OVER_FOUR) { P_OVER_FOUR = p.add(BigInteger.ONE).divide(BigInteger.valueOf(4)); } // 1.1 Compute x var x = isSecondKey ? r.add(n) : r; // 1.3 Convert x to point var alpha = x.multiply(x).multiply(x).add(a.multiply(x)).add(b).mod(p); var beta = alpha.modPow(P_OVER_FOUR, p); var xorOdd = beta.isEven() ? (i % 2) : ((i+1) % 2); // If beta is even, but y isn't or vice versa, then convert it, // otherwise we're done and y == beta. var y = (beta.isEven() ? !isYEven : isYEven) ? beta : p.subtract(beta); // 1.4 Check that nR is at infinity var R = new ECPointFp(curve, curve.fromBigInteger(x), curve.fromBigInteger(y)); R.validate(); // 1.5 Compute e from M var e = BigInteger.fromByteArrayUnsigned(hash); var eNeg = BigInteger.ZERO.subtract(e).mod(n); // 1.6 Compute Q = r^-1 (sR - eG) var rInv = r.modInverse(n); var Q = implShamirsTrick(R, s, G, eNeg).multiply(rInv); Q.validate(); if (!this.verifyRaw(e, r, s, Q)) { throw "Pubkey recovery unsuccessful"; } var pubKey = new Bitcoin.ECKey(); pubKey.pub = Q; return pubKey; }, */ /* * Calculate pubkey extraction parameter. * * When extracting a pubkey from a signature, we have to * distinguish four different cases. Rather than putting this * burden on the verifier, Bitcoin includes a 2-bit value with the * signature. * * This function simply tries all four cases and returns the value * that resulted in a successful pubkey recovery. */ /* calcPubkeyRecoveryParam: function (address, r, s, hash) { for (var i = 0; i < 4; i++) { try { var pubkey = Bitcoin.ECDSA.recoverPubKey(r, s, hash, i); if (pubkey.getBitcoinAddress().toString() == address) { return i; } } catch (e) {} } throw "Unable to find valid recovery factor"; } */ if (params !== undefined) { if (params['curve'] !== undefined) { this.curveName = params['curve']; } } if (this.curveName === undefined) this.curveName = curveName; this.setNamedCurve(this.curveName); if (params !== undefined) { if (params['prv'] !== undefined) this.setPrivateKeyHex(params['prv']); if (params['pub'] !== undefined) this.setPublicKeyHex(params['pub']); } }; /** * parse ASN.1 DER encoded ECDSA signature * @name parseSigHex * @memberOf KJUR.crypto.ECDSA * @function * @static * @param {String} sigHex hexadecimal string of ECDSA signature value * @return {Array} associative array of signature field r and s of BigInteger * @since ecdsa-modified 1.0.1 * @example * var ec = KJUR.crypto.ECDSA({'curve': 'secp256r1'}); * var sig = ec.parseSigHex('30...'); * var biR = sig.r; // BigInteger object for 'r' field of signature. * var biS = sig.s; // BigInteger object for 's' field of signature. */ KJUR.crypto.ECDSA.parseSigHex = function(sigHex) { var p = KJUR.crypto.ECDSA.parseSigHexInHexRS(sigHex); var biR = new BigInteger(p.r, 16); var biS = new BigInteger(p.s, 16); return {'r': biR, 's': biS}; }; /** * parse ASN.1 DER encoded ECDSA signature * @name parseSigHexInHexRS * @memberOf KJUR.crypto.ECDSA * @function * @static * @param {String} sigHex hexadecimal string of ECDSA signature value * @return {Array} associative array of signature field r and s in hexadecimal * @since ecdsa-modified 1.0.3 * @example * var ec = KJUR.crypto.ECDSA({'curve': 'secp256r1'}); * var sig = ec.parseSigHexInHexRS('30...'); * var hR = sig.r; // hexadecimal string for 'r' field of signature. * var hS = sig.s; // hexadecimal string for 's' field of signature. */ KJUR.crypto.ECDSA.parseSigHexInHexRS = function(sigHex) { // 1. ASN.1 Sequence Check if (sigHex.substr(0, 2) != "30") throw "signature is not a ASN.1 sequence"; // 2. Items of ASN.1 Sequence Check var a = ASN1HEX.getPosArrayOfChildren_AtObj(sigHex, 0); if (a.length != 2) throw "number of signature ASN.1 sequence elements seem wrong"; // 3. Integer check var iTLV1 = a[0]; var iTLV2 = a[1]; if (sigHex.substr(iTLV1, 2) != "02") throw "1st item of sequene of signature is not ASN.1 integer"; if (sigHex.substr(iTLV2, 2) != "02") throw "2nd item of sequene of signature is not ASN.1 integer"; // 4. getting value var hR = ASN1HEX.getHexOfV_AtObj(sigHex, iTLV1); var hS = ASN1HEX.getHexOfV_AtObj(sigHex, iTLV2); return {'r': hR, 's': hS}; }; /** * convert hexadecimal ASN.1 encoded signature to concatinated signature * @name asn1SigToConcatSig * @memberOf KJUR.crypto.ECDSA * @function * @static * @param {String} asn1Hex hexadecimal string of ASN.1 encoded ECDSA signature value * @return {String} r-s concatinated format of ECDSA signature value * @since ecdsa-modified 1.0.3 */ KJUR.crypto.ECDSA.asn1SigToConcatSig = function(asn1Sig) { var pSig = KJUR.crypto.ECDSA.parseSigHexInHexRS(asn1Sig); var hR = pSig.r; var hS = pSig.s; if (hR.substr(0, 2) == "00" && (((hR.length / 2) * 8) % (16 * 8)) == 8) hR = hR.substr(2); if (hS.substr(0, 2) == "00" && (((hS.length / 2) * 8) % (16 * 8)) == 8) hS = hS.substr(2); if ((((hR.length / 2) * 8) % (16 * 8)) != 0) throw "unknown ECDSA sig r length error"; if ((((hS.length / 2) * 8) % (16 * 8)) != 0) throw "unknown ECDSA sig s length error"; return hR + hS; }; /** * convert hexadecimal concatinated signature to ASN.1 encoded signature * @name concatSigToASN1Sig * @memberOf KJUR.crypto.ECDSA * @function * @static * @param {String} concatSig r-s concatinated format of ECDSA signature value * @return {String} hexadecimal string of ASN.1 encoded ECDSA signature value * @since ecdsa-modified 1.0.3 */ KJUR.crypto.ECDSA.concatSigToASN1Sig = function(concatSig) { if ((((concatSig.length / 2) * 8) % (16 * 8)) != 0) throw "unknown ECDSA concatinated r-s sig length error"; var hR = concatSig.substr(0, concatSig.length / 2); var hS = concatSig.substr(concatSig.length / 2); return KJUR.crypto.ECDSA.hexRSSigToASN1Sig(hR, hS); }; /** * convert hexadecimal R and S value of signature to ASN.1 encoded signature * @name hexRSSigToASN1Sig * @memberOf KJUR.crypto.ECDSA * @function * @static * @param {String} hR hexadecimal string of R field of ECDSA signature value * @param {String} hS hexadecimal string of S field of ECDSA signature value * @return {String} hexadecimal string of ASN.1 encoded ECDSA signature value * @since ecdsa-modified 1.0.3 */ KJUR.crypto.ECDSA.hexRSSigToASN1Sig = function(hR, hS) { var biR = new BigInteger(hR, 16); var biS = new BigInteger(hS, 16); return KJUR.crypto.ECDSA.biRSSigToASN1Sig(biR, biS); }; /** * convert R and S BigInteger object of signature to ASN.1 encoded signature * @name biRSSigToASN1Sig * @memberOf KJUR.crypto.ECDSA * @function * @static * @param {BigInteger} biR BigInteger object of R field of ECDSA signature value * @param {BigInteger} biS BIgInteger object of S field of ECDSA signature value * @return {String} hexadecimal string of ASN.1 encoded ECDSA signature value * @since ecdsa-modified 1.0.3 */ KJUR.crypto.ECDSA.biRSSigToASN1Sig = function(biR, biS) { var derR = new KJUR.asn1.DERInteger({'bigint': biR}); var derS = new KJUR.asn1.DERInteger({'bigint': biS}); var derSeq = new KJUR.asn1.DERSequence({'array': [derR, derS]}); return derSeq.getEncodedHex(); }; //----------------------ecdsa-modified-1.0结束------------------------ //----------------------------ecparam-1.0.js开始------------------------ /*! ecparam-1.0.0.js (c) 2013 Kenji Urushima | kjur.github.com/jsrsasign/license */ /* * ecparam.js - Elliptic Curve Cryptography Curve Parameter Definition class * * Copyright (c) 2013 Kenji Urushima (kenji.urushima@gmail.com) * * This software is licensed under the terms of the MIT License. * http://kjur.github.com/jsrsasign/license * * The above copyright and license notice shall be * included in all copies or substantial portions of the Software. */ /** * @fileOverview * @name ecparam-1.1.js * @author Kenji Urushima kenji.urushima@gmail.com * @version 1.0.0 (2013-Jul-17) * @since jsrsasign 4.0 * @license <a href="http://kjur.github.io/jsrsasign/license/">MIT License</a> */ if (typeof KJUR == "undefined" || !KJUR) KJUR = {}; if (typeof KJUR.crypto == "undefined" || !KJUR.crypto) KJUR.crypto = {}; /** * static object for elliptic curve names and parameters * @name KJUR.crypto.ECParameterDB * @class static object for elliptic curve names and parameters * @description * This class provides parameters for named elliptic curves. * Currently it supoprts following curve names and aliases however * the name marked (*) are available for {@link KJUR.crypto.ECDSA} and * {@link KJUR.crypto.Signature} classes. * <ul> * <li>secp128r1</li> * <li>secp160r1</li> * <li>secp160k1</li> * <li>secp192r1</li> * <li>secp192k1</li> * <li>secp224r1</li> * <li>secp256r1, NIST P-256, P-256, prime256v1 (*)</li> * <li>secp256k1 (*)</li> * <li>secp384r1, NIST P-384, P-384 (*)</li> * <li>secp521r1, NIST P-521, P-521</li> * </ul> * You can register new curves by using 'register' method. */ KJUR.crypto.ECParameterDB = new function() { var db = {}; var aliasDB = {}; function hex2bi(hex) { return new BigInteger(hex, 16); } /** * get curve inforamtion associative array for curve name or alias * @name getByName * @memberOf KJUR.crypto.ECParameterDB * @function * @param {String} nameOrAlias curve name or alias name * @return {Array} associative array of curve parameters * @example * var param = KJUR.crypto.ECParameterDB.getByName('prime256v1'); * var keylen = param['keylen']; * var n = param['n']; */ this.getByName = function(nameOrAlias) { var name = nameOrAlias; if (typeof aliasDB[name] != "undefined") { name = aliasDB[nameOrAlias]; } if (typeof db[name] != "undefined") { return db[name]; } throw "unregistered EC curve name: " + name; }; /** * register new curve * @name regist * @memberOf KJUR.crypto.ECParameterDB * @function * @param {String} name name of curve * @param {Integer} keylen key length * @param {String} pHex hexadecimal value of p * @param {String} aHex hexadecimal value of a * @param {String} bHex hexadecimal value of b * @param {String} nHex hexadecimal value of n * @param {String} hHex hexadecimal value of h * @param {String} gxHex hexadecimal value of Gx * @param {String} gyHex hexadecimal value of Gy * @param {Array} aliasList array of string for curve names aliases * @param {String} oid Object Identifier for the curve * @param {String} info information string for the curve */ this.regist = function(name, keylen, pHex, aHex, bHex, nHex, hHex, gxHex, gyHex, aliasList, oid, info) { db[name] = {}; var p = hex2bi(pHex); var a = hex2bi(aHex); var b = hex2bi(bHex); var n = hex2bi(nHex); var h = hex2bi(hHex); var curve = new ECCurveFp(p, a, b); var G = curve.decodePointHex("04" + gxHex + gyHex); db[name]['name'] = name; db[name]['keylen'] = keylen; db[name]['curve'] = curve; db[name]['G'] = G; db[name]['n'] = n; db[name]['h'] = h; db[name]['oid'] = oid; db[name]['info'] = info; for (var i = 0; i < aliasList.length; i++) { aliasDB[aliasList[i]] = name; } }; }; KJUR.crypto.ECParameterDB.regist( "secp128r1", // name / p = 2^128 - 2^97 - 1 128, "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF", // p "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC", // a "E87579C11079F43DD824993C2CEE5ED3", // b "FFFFFFFE0000000075A30D1B9038A115", // n "1", // h "161FF7528B899B2D0C28607CA52C5B86", // gx "CF5AC8395BAFEB13C02DA292DDED7A83", // gy [], // alias "", // oid (underconstruction) "secp128r1 : SECG curve over a 128 bit prime field"); // info KJUR.crypto.ECParameterDB.regist( "secp160k1", // name / p = 2^160 - 2^32 - 2^14 - 2^12 - 2^9 - 2^8 - 2^7 - 2^3 - 2^2 - 1 160, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", // p "0", // a "7", // b "0100000000000000000001B8FA16DFAB9ACA16B6B3", // n "1", // h "3B4C382CE37AA192A4019E763036F4F5DD4D7EBB", // gx "938CF935318FDCED6BC28286531733C3F03C4FEE", // gy [], // alias "", // oid "secp160k1 : SECG curve over a 160 bit prime field"); // info KJUR.crypto.ECParameterDB.regist( "secp160r1", // name / p = 2^160 - 2^31 - 1 160, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF", // p "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC", // a "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45", // b "0100000000000000000001F4C8F927AED3CA752257", // n "1", // h "4A96B5688EF573284664698968C38BB913CBFC82", // gx "23A628553168947D59DCC912042351377AC5FB32", // gy [], // alias "", // oid "secp160r1 : SECG curve over a 160 bit prime field"); // info KJUR.crypto.ECParameterDB.regist( "secp192k1", // name / p = 2^192 - 2^32 - 2^12 - 2^8 - 2^7 - 2^6 - 2^3 - 1 192, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37", // p "0", // a "3", // b "FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D", // n "1", // h "DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D", // gx "9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D", // gy []); // alias KJUR.crypto.ECParameterDB.regist( "secp192r1", // name / p = 2^192 - 2^64 - 1 192, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", // p "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", // a "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1", // b "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831", // n "1", // h "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012", // gx "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811", // gy []); // alias KJUR.crypto.ECParameterDB.regist( "secp224r1", // name / p = 2^224 - 2^96 + 1 224, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", // p "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE", // a "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", // b "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", // n "1", // h "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21", // gx "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34", // gy []); // alias KJUR.crypto.ECParameterDB.regist( "secp256k1", // name / p = 2^256 - 2^32 - 2^9 - 2^8 - 2^7 - 2^6 - 2^4 - 1 256, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F", // p "0", // a "7", // b "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141", // n "1", // h "79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798", // gx "483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8", // gy []); // alias KJUR.crypto.ECParameterDB.regist( "secp256r1", // name / p = 2^224 (2^32 - 1) + 2^192 + 2^96 - 1 256, "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF", // p "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC", // a "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B", // b "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551", // n "1", // h "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296", // gx "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5", // gy ["NIST P-256", "P-256", "prime256v1"]); // alias KJUR.crypto.ECParameterDB.regist( "secp384r1", // name 384, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF", // p "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC", // a "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF", // b "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973", // n "1", // h "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7", // gx "3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f", // gy ["NIST P-384", "P-384"]); // alias KJUR.crypto.ECParameterDB.regist( "secp521r1", // name 521, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", // p "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC", // a "051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00", // b "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409", // n "1", // h "C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66", // gx "011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650", // gy ["NIST P-521", "P-521"]); // alias KJUR.crypto.ECParameterDB.regist( "sm2", // name 256, "FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFF", // p "FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFC", // a "28E9FA9E9D9F5E344D5A9E4BCF6509A7F39789F515AB8F92DDBCBD414D940E93", // b "FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFF7203DF6B21C6052B53BBF40939D54123", // n "1", // h "32C4AE2C1F1981195F9904466A39C9948FE30BBFF2660BE1715A4589334C74C7", // gx "BC3736A2F4F6779C59BDCEE36B692153D0A9877CC62A474002DF32E52139F0A0", // gy ["sm2", "SM2"]); // alias //----------------------------ecparam-1.0结束----------------------------- module.exports = { KJUR };