77 lines
2.8 KiB
JavaScript
77 lines
2.8 KiB
JavaScript
// OpenPGP.js - An OpenPGP implementation in javascript
|
|
// Copyright (C) 2018 Proton Technologies AG
|
|
//
|
|
// This library is free software; you can redistribute it and/or
|
|
// modify it under the terms of the GNU Lesser General Public
|
|
// License as published by the Free Software Foundation; either
|
|
// version 3.0 of the License, or (at your option) any later version.
|
|
//
|
|
// This library is distributed in the hope that it will be useful,
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
// Lesser General Public License for more details.
|
|
//
|
|
// You should have received a copy of the GNU Lesser General Public
|
|
// License along with this library; if not, write to the Free Software
|
|
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
|
|
|
// Implementation of EdDSA following RFC4880bis-03 for OpenPGP
|
|
|
|
/**
|
|
* @requires bn.js
|
|
* @requires crypto/hash
|
|
* @requires crypto/public_key/elliptic/curves
|
|
* @module crypto/public_key/elliptic/eddsa
|
|
*/
|
|
|
|
'use strict';
|
|
|
|
import BN from 'bn.js';
|
|
import hash from '../../hash';
|
|
import curves from './curves';
|
|
|
|
/**
|
|
* Sign a message using the provided key
|
|
* @param {String} oid Elliptic curve for the key
|
|
* @param {enums.hash} hash_algo Hash algorithm used to sign
|
|
* @param {Uint8Array} m Message to sign
|
|
* @param {BigInteger} d Private key used to sign
|
|
* @return {{R: BN, S: BN}} Signature of the message
|
|
*/
|
|
async function sign(oid, hash_algo, m, d) {
|
|
const curve = curves.get(oid);
|
|
const key = curve.keyFromSecret(d.toByteArray());
|
|
const signature = await key.sign(m, hash_algo);
|
|
// EdDSA signature params are returned in little-endian format
|
|
return {
|
|
R: new BN(Array.from(signature.Rencoded()).reverse()),
|
|
S: new BN(Array.from(signature.Sencoded()).reverse())
|
|
};
|
|
}
|
|
|
|
/**
|
|
* Verifies if a signature is valid for a message
|
|
* @param {String} oid Elliptic curve for the key
|
|
* @param {enums.hash} hash_algo Hash algorithm used in the signature
|
|
* @param {{R: BigInteger, S: BigInteger}} signature Signature to verify
|
|
* @param {Uint8Array} m Message to verify
|
|
* @param {BigInteger} Q Public key used to verify the message
|
|
* @return {Boolean}
|
|
*/
|
|
async function verify(oid, hash_algo, signature, m, Q) {
|
|
const curve = curves.get(oid);
|
|
const key = curve.keyFromPublic(Q.toByteArray());
|
|
// EdDSA signature params are expected in little-endian format
|
|
const R = Array.from(signature.R.toByteArray()).reverse(),
|
|
S = Array.from(signature.S.toByteArray()).reverse();
|
|
return key.verify(
|
|
m, { R: [].concat(R, Array(curve.payloadSize - R.length).fill(0)),
|
|
S: [].concat(S, Array(curve.payloadSize - S.length).fill(0)) }, hash_algo
|
|
);
|
|
}
|
|
|
|
module.exports = {
|
|
sign: sign,
|
|
verify: verify
|
|
};
|