Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.

secp256k1.js 4.3KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697
  1. "use strict";
  2. var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
  3. if (k2 === undefined) k2 = k;
  4. var desc = Object.getOwnPropertyDescriptor(m, k);
  5. if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
  6. desc = { enumerable: true, get: function() { return m[k]; } };
  7. }
  8. Object.defineProperty(o, k2, desc);
  9. }) : (function(o, m, k, k2) {
  10. if (k2 === undefined) k2 = k;
  11. o[k2] = m[k];
  12. }));
  13. var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
  14. Object.defineProperty(o, "default", { enumerable: true, value: v });
  15. }) : function(o, v) {
  16. o["default"] = v;
  17. });
  18. var __importStar = (this && this.__importStar) || function (mod) {
  19. if (mod && mod.__esModule) return mod;
  20. var result = {};
  21. if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
  22. __setModuleDefault(result, mod);
  23. return result;
  24. };
  25. var __importDefault = (this && this.__importDefault) || function (mod) {
  26. return (mod && mod.__esModule) ? mod : { "default": mod };
  27. };
  28. Object.defineProperty(exports, "__esModule", { value: true });
  29. exports.accountPublicFromPublicGenerator = exports.derivePrivateKey = void 0;
  30. const elliptic = __importStar(require("elliptic"));
  31. const Sha512_1 = __importDefault(require("./Sha512"));
  32. const secp256k1 = elliptic.ec('secp256k1');
  33. function deriveScalar(bytes, discrim) {
  34. const order = secp256k1.curve.n;
  35. for (let i = 0; i <= 0xffffffff; i++) {
  36. // We hash the bytes to find a 256 bit number, looping until we are sure it
  37. // is less than the order of the curve.
  38. const hasher = new Sha512_1.default().add(bytes);
  39. // If the optional discriminator index was passed in, update the hash.
  40. if (discrim !== undefined) {
  41. hasher.addU32(discrim);
  42. }
  43. hasher.addU32(i);
  44. const key = hasher.first256BN();
  45. /* istanbul ignore else */
  46. if (key.cmpn(0) > 0 && key.cmp(order) < 0) {
  47. return key;
  48. }
  49. }
  50. // This error is practically impossible to reach.
  51. // The order of the curve describes the (finite) amount of points on the curve
  52. // https://github.com/indutny/elliptic/blob/master/lib/elliptic/curves.js#L182
  53. // How often will an (essentially) random number generated by Sha512 be larger than that?
  54. // There's 2^32 chances (the for loop) to get a number smaller than the order,
  55. // and it's rare that you'll even get past the first loop iteration.
  56. // Note that in TypeScript we actually need the throw, otherwise the function signature would be BN | undefined
  57. //
  58. /* istanbul ignore next */
  59. throw new Error('impossible unicorn ;)');
  60. }
  61. /**
  62. * @param seed - Bytes.
  63. * @param [opts] - Object.
  64. * @param [opts.accountIndex=0] - The account number to generate.
  65. * @param [opts.validator=false] - Generate root key-pair,
  66. * as used by validators.
  67. * @returns {bn.js} 256 bit scalar value.
  68. *
  69. */
  70. function derivePrivateKey(seed, opts = {}) {
  71. const root = opts.validator;
  72. const order = secp256k1.curve.n;
  73. // This private generator represents the `root` private key, and is what's
  74. // used by validators for signing when a keypair is generated from a seed.
  75. const privateGen = deriveScalar(seed);
  76. if (root) {
  77. // As returned by validation_create for a given seed
  78. return privateGen;
  79. }
  80. const publicGen = secp256k1.g.mul(privateGen);
  81. // A seed can generate many keypairs as a function of the seed and a uint32.
  82. // Almost everyone just uses the first account, `0`.
  83. const accountIndex = opts.accountIndex || 0;
  84. return deriveScalar(publicGen.encodeCompressed(), accountIndex)
  85. .add(privateGen)
  86. .mod(order);
  87. }
  88. exports.derivePrivateKey = derivePrivateKey;
  89. function accountPublicFromPublicGenerator(publicGenBytes) {
  90. const rootPubPoint = secp256k1.curve.decodePoint(publicGenBytes);
  91. const scalar = deriveScalar(publicGenBytes, 0);
  92. const point = secp256k1.g.mul(scalar);
  93. const offset = rootPubPoint.add(point);
  94. return offset.encodeCompressed();
  95. }
  96. exports.accountPublicFromPublicGenerator = accountPublicFromPublicGenerator;
  97. //# sourceMappingURL=secp256k1.js.map