"use strict"; var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { if (k2 === undefined) k2 = k; var desc = Object.getOwnPropertyDescriptor(m, k); if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) { desc = { enumerable: true, get: function() { return m[k]; } }; } Object.defineProperty(o, k2, desc); }) : (function(o, m, k, k2) { if (k2 === undefined) k2 = k; o[k2] = m[k]; })); var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { Object.defineProperty(o, "default", { enumerable: true, value: v }); }) : function(o, v) { o["default"] = v; }); var __importStar = (this && this.__importStar) || function (mod) { if (mod && mod.__esModule) return mod; var result = {}; if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k); __setModuleDefault(result, mod); return result; }; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); exports.accountPublicFromPublicGenerator = exports.derivePrivateKey = void 0; const elliptic = __importStar(require("elliptic")); const Sha512_1 = __importDefault(require("./Sha512")); const secp256k1 = elliptic.ec('secp256k1'); function deriveScalar(bytes, discrim) { const order = secp256k1.curve.n; for (let i = 0; i <= 0xffffffff; i++) { // We hash the bytes to find a 256 bit number, looping until we are sure it // is less than the order of the curve. const hasher = new Sha512_1.default().add(bytes); // If the optional discriminator index was passed in, update the hash. if (discrim !== undefined) { hasher.addU32(discrim); } hasher.addU32(i); const key = hasher.first256BN(); /* istanbul ignore else */ if (key.cmpn(0) > 0 && key.cmp(order) < 0) { return key; } } // This error is practically impossible to reach. // The order of the curve describes the (finite) amount of points on the curve // https://github.com/indutny/elliptic/blob/master/lib/elliptic/curves.js#L182 // How often will an (essentially) random number generated by Sha512 be larger than that? // There's 2^32 chances (the for loop) to get a number smaller than the order, // and it's rare that you'll even get past the first loop iteration. // Note that in TypeScript we actually need the throw, otherwise the function signature would be BN | undefined // /* istanbul ignore next */ throw new Error('impossible unicorn ;)'); } /** * @param seed - Bytes. * @param [opts] - Object. * @param [opts.accountIndex=0] - The account number to generate. * @param [opts.validator=false] - Generate root key-pair, * as used by validators. * @returns {bn.js} 256 bit scalar value. * */ function derivePrivateKey(seed, opts = {}) { const root = opts.validator; const order = secp256k1.curve.n; // This private generator represents the `root` private key, and is what's // used by validators for signing when a keypair is generated from a seed. const privateGen = deriveScalar(seed); if (root) { // As returned by validation_create for a given seed return privateGen; } const publicGen = secp256k1.g.mul(privateGen); // A seed can generate many keypairs as a function of the seed and a uint32. // Almost everyone just uses the first account, `0`. const accountIndex = opts.accountIndex || 0; return deriveScalar(publicGen.encodeCompressed(), accountIndex) .add(privateGen) .mod(order); } exports.derivePrivateKey = derivePrivateKey; function accountPublicFromPublicGenerator(publicGenBytes) { const rootPubPoint = secp256k1.curve.decodePoint(publicGenBytes); const scalar = deriveScalar(publicGenBytes, 0); const point = secp256k1.g.mul(scalar); const offset = rootPubPoint.add(point); return offset.encodeCompressed(); } exports.accountPublicFromPublicGenerator = accountPublicFromPublicGenerator; //# sourceMappingURL=secp256k1.js.map