|
|
|
var AESCBC = require('./aescbc');
|
|
|
|
var Keypair = require('../keypair');
|
|
|
|
var Point = require('../point');
|
|
|
|
var Hash = require('../hash');
|
|
|
|
var Pubkey = require('../pubkey');
|
|
|
|
var Privkey = require('../privkey');
|
|
|
|
|
|
|
|
// http://en.wikipedia.org/wiki/Integrated_Encryption_Scheme
|
|
|
|
var ECIES = function ECIES() {
|
|
|
|
if (!(this instanceof ECIES))
|
|
|
|
return new ECIES();
|
|
|
|
};
|
|
|
|
|
|
|
|
ECIES.encrypt = function(messagebuf, topubkey, fromkeypair, ivbuf) {
|
|
|
|
if (!fromkeypair)
|
|
|
|
fromkeypair = Keypair().fromRandom();
|
|
|
|
var r = fromkeypair.privkey.bn;
|
|
|
|
var R = fromkeypair.pubkey.point;
|
|
|
|
var Rpubkey = fromkeypair.pubkey;
|
|
|
|
var Rbuf = Rpubkey.toDER(true);
|
|
|
|
var KB = topubkey.point;
|
|
|
|
var P = KB.mul(r);
|
|
|
|
var S = P.getX();
|
|
|
|
var Sbuf = S.toBuffer({size: 32});
|
|
|
|
var kEkM = Hash.sha512(Sbuf);
|
|
|
|
var kE = kEkM.slice(0, 32);
|
|
|
|
var kM = kEkM.slice(32, 64);
|
|
|
|
var c = AESCBC.encryptCipherkey(messagebuf, kE, ivbuf);
|
|
|
|
var d = Hash.sha256hmac(c, kM);
|
|
|
|
var encbuf = Buffer.concat([Rbuf, c, d]);
|
|
|
|
return encbuf;
|
|
|
|
};
|
|
|
|
|
|
|
|
ECIES.decrypt = function(encbuf, toprivkey) {
|
|
|
|
var kB = toprivkey.bn;
|
|
|
|
var frompubkey = Pubkey().fromDER(encbuf.slice(0, 33));
|
|
|
|
var R = frompubkey.point;
|
|
|
|
var P = R.mul(kB);
|
|
|
|
if (P.eq(new Point()))
|
|
|
|
throw new Error('P equals 0');
|
|
|
|
var S = P.getX();
|
|
|
|
var Sbuf = S.toBuffer({size: 32});
|
|
|
|
var kEkM = Hash.sha512(Sbuf);
|
|
|
|
var kE = kEkM.slice(0, 32);
|
|
|
|
var kM = kEkM.slice(32, 64);
|
|
|
|
var c = encbuf.slice(33, encbuf.length - 32);
|
|
|
|
var d = encbuf.slice(encbuf.length - 32, encbuf.length);
|
|
|
|
var d2 = Hash.sha256hmac(c, kM);
|
|
|
|
if (d.toString('hex') !== d2.toString('hex'))
|
|
|
|
throw new Error('Invalid checksum');
|
|
|
|
var messagebuf = AESCBC.decryptCipherkey(c, kE);
|
|
|
|
return messagebuf;
|
|
|
|
};
|
|
|
|
|
|
|
|
module.exports = ECIES;
|