Ryan X. Charles
11 years ago
8 changed files with 464 additions and 28305 deletions
File diff suppressed because one or more lines are too long
@ -0,0 +1,41 @@ |
|||||
|
'use strict'; |
||||
|
var imports = require('soop').imports(); |
||||
|
var sjcl = require('sjcl'); |
||||
|
var ECIES = require('../common/ECIES'); |
||||
|
|
||||
|
ECIES.symmetricEncrypt = function(key, iv, message) { |
||||
|
var skey = sjcl.codec.hex.toBits(key.toString('hex')); |
||||
|
var siv = sjcl.codec.hex.toBits(iv.toString('hex')); |
||||
|
var smessage = sjcl.codec.hex.toBits(message.toString('hex')); |
||||
|
|
||||
|
sjcl.beware["CBC mode is dangerous because it doesn't protect message integrity."](); |
||||
|
var params = {iv: siv, ks: 256, ts: 128, iter: 1000, mode: 'cbc'}; |
||||
|
var encrypted = sjcl.encrypt(skey, smessage, params); |
||||
|
var enchex = sjcl.codec.hex.fromBits(sjcl.codec.base64.toBits(JSON.parse(encrypted).ct)); |
||||
|
|
||||
|
var encbuf = new Buffer(enchex, 'hex'); |
||||
|
|
||||
|
var r = Buffer.concat([iv, encbuf]); |
||||
|
|
||||
|
return r; |
||||
|
}; |
||||
|
|
||||
|
ECIES.symmetricDecrypt = function(key, encrypted) { |
||||
|
var skey = sjcl.codec.hex.toBits(key.toString('hex')); |
||||
|
var iv = encrypted.slice(0, 16); |
||||
|
var todecrypt = encrypted.slice(16, encrypted.length); |
||||
|
|
||||
|
var siv = sjcl.codec.base64.fromBits(sjcl.codec.hex.toBits(iv.toString('hex'))); |
||||
|
var sct = sjcl.codec.base64.fromBits(sjcl.codec.hex.toBits(todecrypt.toString('hex'))); |
||||
|
|
||||
|
sjcl.beware["CBC mode is dangerous because it doesn't protect message integrity."](); |
||||
|
var obj = {iv: siv, v: 1, iter: 1000, ks: 256, ts: 128, mode: 'cbc', adata: '', cipher: 'aes', ct: sct}; |
||||
|
var str = JSON.stringify(obj); |
||||
|
|
||||
|
var decrypted = sjcl.decrypt(skey, str); |
||||
|
var decbuf = new Buffer(decrypted); |
||||
|
|
||||
|
return decbuf; |
||||
|
}; |
||||
|
|
||||
|
module.exports = require('soop')(ECIES); |
||||
@ -0,0 +1,113 @@ |
|||||
|
'use strict'; |
||||
|
var imports = require('soop').imports(); |
||||
|
var coinUtil = imports.coinUtil || require('../../util'); |
||||
|
var Point = imports.Point || require('../Point'); |
||||
|
var SecureRandom = imports.SecureRandom || require('../SecureRandom'); |
||||
|
var Key = imports.Key || require('../Key'); |
||||
|
|
||||
|
// http://en.wikipedia.org/wiki/Integrated_Encryption_Scheme
|
||||
|
var ECIES = function() { |
||||
|
}; |
||||
|
|
||||
|
ECIES.encryptObj = function(pubkey, message, r, iv) { |
||||
|
var ecies = new ECIES(); |
||||
|
ecies.KB = pubkey; |
||||
|
ecies.message = message; |
||||
|
r = ecies.r = ecies.rand(r); |
||||
|
var R = ecies.R; |
||||
|
var S = ecies.S = ecies.getSfromPubkey(); |
||||
|
var buf = ECIES.kdf(S); |
||||
|
var kE = ecies.kE = buf.slice(0, 32); |
||||
|
var kM = ecies.kM = buf.slice(32, 64); |
||||
|
iv = iv || SecureRandom.getRandomBuffer(16); |
||||
|
var c = ecies.c = ECIES.symmetricEncrypt(kE, iv, message); |
||||
|
var d = ecies.d = ECIES.mac(kM, c); |
||||
|
return ecies; |
||||
|
}; |
||||
|
|
||||
|
ECIES.encrypt = function(pubkey, message, r, iv) { |
||||
|
var ecies = ECIES.encryptObj(pubkey, message, r, iv); |
||||
|
var key = new Key(); |
||||
|
key.compressed = false; |
||||
|
key.public = ecies.R.toUncompressedPubKey(); |
||||
|
key.compressed = true; |
||||
|
var Rbuf = key.public; |
||||
|
var buf = Buffer.concat([Rbuf, ecies.c, ecies.d]); |
||||
|
return buf; |
||||
|
}; |
||||
|
|
||||
|
ECIES.decryptObj = function(ecies) { |
||||
|
var kB = ecies.kB; |
||||
|
var R = ecies.R; |
||||
|
var c = ecies.c; |
||||
|
var d = ecies.d; |
||||
|
var P = Point.multiply(R, kB); |
||||
|
var S = P.x.toBuffer({size: 32}); |
||||
|
var buf = ECIES.kdf(S); |
||||
|
var kE = ecies.kE = buf.slice(0, 32); |
||||
|
var kM = ecies.kM = buf.slice(32, 64); |
||||
|
var d2 = ECIES.mac(kM, c); |
||||
|
if (d.toString('hex') !== d2.toString('hex')) |
||||
|
throw new Error('MAC check incorrect. Data is invalid.'); |
||||
|
var decrypted = ECIES.symmetricDecrypt(kE, c); |
||||
|
return decrypted; |
||||
|
}; |
||||
|
|
||||
|
ECIES.decrypt = function(privkey, buf) { |
||||
|
if (buf.length < 33 + 0 + 64) |
||||
|
throw new Error('invalid length of encrypted data'); |
||||
|
var ecies = new ECIES(); |
||||
|
ecies.kB = privkey; |
||||
|
var Rbuf = buf.slice(0, 33); |
||||
|
var key = new Key(); |
||||
|
key.public = Rbuf; |
||||
|
key.compressed = false; |
||||
|
ecies.R = Point.fromUncompressedPubKey(key.public); |
||||
|
ecies.c = buf.slice(33, buf.length - 64); |
||||
|
ecies.d = buf.slice(buf.length - 64, buf.length); |
||||
|
return ECIES.decryptObj(ecies); |
||||
|
}; |
||||
|
|
||||
|
ECIES.kdf = function(S) { |
||||
|
var buf = coinUtil.sha512(S); |
||||
|
return buf; |
||||
|
}; |
||||
|
|
||||
|
ECIES.mac = function(data, key) { |
||||
|
var buf = coinUtil.sha512hmac(data, key); |
||||
|
return buf; |
||||
|
}; |
||||
|
|
||||
|
ECIES.prototype.rand = function(r) { |
||||
|
if (r) { |
||||
|
this.key = new Key(); |
||||
|
this.key.private = r; |
||||
|
this.key.regenerateSync(); |
||||
|
} else { |
||||
|
this.key = Key.generateSync(); |
||||
|
}; |
||||
|
this.r = this.key.private; |
||||
|
this.key.compressed = false; |
||||
|
this.R = Point.fromUncompressedPubKey(this.key.public); |
||||
|
return this.r; |
||||
|
}; |
||||
|
|
||||
|
ECIES.prototype.getSfromPubkey = function() { |
||||
|
var key2 = new Key(); |
||||
|
key2.public = this.KB; |
||||
|
key2.compressed = false; |
||||
|
var KBP = Point.fromUncompressedPubKey(key2.public); |
||||
|
this.P = Point.multiply(KBP, this.r); |
||||
|
this.S = this.P.x.toBuffer({size: 32}); |
||||
|
return this.S; |
||||
|
}; |
||||
|
|
||||
|
ECIES.prototype.getSfromPrivkey = function() { |
||||
|
var R = this.R; |
||||
|
var kB = this.kB; |
||||
|
var SP = Point.multiply(R, kB); |
||||
|
var S = SP.x.toBuffer({size: 32}); |
||||
|
return S; |
||||
|
}; |
||||
|
|
||||
|
module.exports = require('soop')(ECIES); |
||||
Loading…
Reference in new issue