|
@ -2,6 +2,7 @@ |
|
|
// Ported loosely from BouncyCastle's Java EC code
|
|
|
// Ported loosely from BouncyCastle's Java EC code
|
|
|
// Only Fp curves implemented for now
|
|
|
// Only Fp curves implemented for now
|
|
|
|
|
|
|
|
|
|
|
|
var assert = require('assert') |
|
|
var BigInteger = require('bigi') |
|
|
var BigInteger = require('bigi') |
|
|
|
|
|
|
|
|
function ECFieldElementFp(q,x) { |
|
|
function ECFieldElementFp(q,x) { |
|
@ -326,35 +327,44 @@ ECPointFp.prototype.getEncoded = function(compressed) { |
|
|
return buffer |
|
|
return buffer |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
ECPointFp.decodeFrom = function (curve, enc) { |
|
|
var SEVEN = BigInteger.valueOf(7) |
|
|
var type = enc[0]; |
|
|
|
|
|
var dataLen = enc.length-1; |
|
|
|
|
|
|
|
|
|
|
|
// Extract x and y as byte arrays
|
|
|
ECPointFp.decodeFrom = function (curve, buffer) { |
|
|
if (type == 4) { |
|
|
var type = buffer.readUInt8(0) |
|
|
var xBa = enc.slice(1, 1 + dataLen/2), |
|
|
var compressed = type !== 0x04 |
|
|
yBa = enc.slice(1 + dataLen/2, 1 + dataLen), |
|
|
var x = BigInteger.fromBuffer(buffer.slice(1, 33)) |
|
|
x = BigInteger.fromBuffer(xBa), |
|
|
var y |
|
|
y = BigInteger.fromBuffer(yBa); |
|
|
|
|
|
|
|
|
if (compressed) { |
|
|
|
|
|
assert.equal(buffer.length, 33, 'Invalid sequence length') |
|
|
|
|
|
assert(type === 0x02 || type === 0x03, 'Invalid sequence tag') |
|
|
|
|
|
|
|
|
|
|
|
var isYEven = type === 0x03 |
|
|
|
|
|
var p = curve.getQ() |
|
|
|
|
|
|
|
|
|
|
|
// We precalculate (p + 1) / 4 where p is the field order
|
|
|
|
|
|
var P_OVER_FOUR = p.add(BigInteger.ONE).shiftRight(2) |
|
|
|
|
|
|
|
|
|
|
|
// Convert x to point
|
|
|
|
|
|
var alpha = x.square().multiply(x).add(SEVEN).mod(p) |
|
|
|
|
|
var beta = alpha.modPow(P_OVER_FOUR, p) |
|
|
|
|
|
|
|
|
|
|
|
y = (beta.isEven() ? !isYEven : isYEven) ? beta : p.subtract(beta) |
|
|
|
|
|
|
|
|
|
|
|
} else { |
|
|
|
|
|
assert.equal(buffer.length, 65, 'Invalid sequence length') |
|
|
|
|
|
|
|
|
|
|
|
y = BigInteger.fromBuffer(buffer.slice(33)) |
|
|
} |
|
|
} |
|
|
else { |
|
|
|
|
|
var xBa = enc.slice(1), |
|
|
var Q = new ECPointFp(curve, curve.fromBigInteger(x), curve.fromBigInteger(y)) |
|
|
x = BigInteger.fromBuffer(xBa), |
|
|
|
|
|
p = curve.getQ(), |
|
|
return { |
|
|
xCubedPlus7 = x.multiply(x).multiply(x).add(new BigInteger('7')).mod(p), |
|
|
Q: Q, |
|
|
pPlus1Over4 = p.add(new BigInteger('1')) |
|
|
compressed: compressed |
|
|
.divide(new BigInteger('4')), |
|
|
|
|
|
y = xCubedPlus7.modPow(pPlus1Over4,p); |
|
|
|
|
|
if (y.mod(new BigInteger('2')).toString() != ''+(type % 2)) { |
|
|
|
|
|
y = p.subtract(y) |
|
|
|
|
|
} |
|
|
} |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
return new ECPointFp(curve, |
|
|
|
|
|
curve.fromBigInteger(x), |
|
|
|
|
|
curve.fromBigInteger(y)); |
|
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
|
|
ECPointFp.prototype.add2D = function (b) { |
|
|
ECPointFp.prototype.add2D = function (b) { |
|
|
if(this.isInfinity()) return b; |
|
|
if(this.isInfinity()) return b; |
|
|
if(b.isInfinity()) return this; |
|
|
if(b.isInfinity()) return this; |
|
|