334 lines
8.7 KiB
JavaScript
334 lines
8.7 KiB
JavaScript
const ec = require('./fe25519_25.js')
|
|
const sodium = require('./')
|
|
const invert = require('./fe25519_25/fe25519_invert')({
|
|
imports: {
|
|
debug: {
|
|
log (...args) {
|
|
console.log(...args.map(int => (int >>> 0).toString(16).padStart(8, '0')))
|
|
},
|
|
log_tee (arg) {
|
|
console.log((arg >>> 0).toString(16).padStart(8, '0'))
|
|
return arg
|
|
}
|
|
}
|
|
}
|
|
})
|
|
const pow = require('./fe25519_25/fe25519_pow22523')({
|
|
imports: {
|
|
debug: {
|
|
log (...args) {
|
|
console.log(...args.map(int => (int >>> 0).toString(16).padStart(8, '0')))
|
|
},
|
|
log_tee (arg) {
|
|
console.log((arg >>> 0).toString(16).padStart(8, '0'))
|
|
return arg
|
|
}
|
|
}
|
|
}
|
|
})
|
|
|
|
// const crypto = require('crypto')
|
|
|
|
var f = new Int32Array(10)
|
|
var g = new Int32Array(10)
|
|
var h = new Int32Array(10)
|
|
|
|
var a = ec.ge3()
|
|
var r = ec.ge3()
|
|
|
|
function wasm_inv (h, f) {
|
|
var buf = Buffer.from(f.buffer)
|
|
|
|
invert.memory.set(buf)
|
|
invert.exports.fe25519_invert(40, 0)
|
|
|
|
buf = Buffer.from(invert.memory.slice(40, 80))
|
|
for (let i = 0; i < 10; i++) {
|
|
h[i] = buf.readUInt32LE(4 * i)
|
|
}
|
|
}
|
|
|
|
function wasm_pow (h, f) {
|
|
var buf = Buffer.from(f.buffer)
|
|
|
|
pow.memory.set(buf)
|
|
pow.exports.fe25519_pow22523(40, 0)
|
|
|
|
buf = Buffer.from(pow.memory.slice(40, 80))
|
|
for (let i = 0; i < 10; i++) {
|
|
h[i] = buf.readUInt32LE(4 * i)
|
|
}
|
|
}
|
|
|
|
f[0] = 23983080
|
|
a[2][0] = 1
|
|
|
|
// ec.fe25519_neg(g, f)
|
|
// ec.fe25519_reduce(g, g)
|
|
// ec.fe25519_add(h, f, g)
|
|
// ec.fe25519_reduce(h, h)
|
|
|
|
// ec.fe25519_sub(h, f, g)
|
|
// ec.fe25519_reduce(h, h)
|
|
// console.log(h)
|
|
|
|
// ec.fe25519_add(h, f, f)
|
|
// ec.fe25519_reduce(h, h)
|
|
// console.log(h)
|
|
|
|
// g[0] = 2
|
|
// for (let i = 1; i < 10; i++) g[i] = 0
|
|
// ec.fe25519_mul(h, f, g)
|
|
// console.log(h)
|
|
// ec.fe25519_reduce(h, h)
|
|
// console.log(h)
|
|
|
|
var an = Buffer.from([
|
|
171, 69, 129, 47, 90, 82, 223, 134,
|
|
6, 147, 54, 76, 55, 148, 252, 37,
|
|
234, 216, 113, 62, 223, 49, 33, 36,
|
|
172, 246, 18, 226, 50, 249, 198, 231
|
|
])
|
|
|
|
var bn = Buffer.from([
|
|
226, 38, 16, 80, 186, 183, 134, 239,
|
|
190, 24, 150, 125, 14, 254, 19, 44,
|
|
55, 112, 156, 5, 141, 230, 91, 84,
|
|
110, 130, 213, 39, 249, 107, 145, 140
|
|
])
|
|
|
|
var cn = Buffer.from([
|
|
190, 24, 150, 125, 14, 254, 19, 44,
|
|
55, 112, 156, 5, 141, 230, 91, 84,
|
|
110, 130, 213, 39, 249, 107, 145, 140,
|
|
226, 38, 16, 80, 186, 183, 134, 239
|
|
])
|
|
|
|
var s = Buffer.from([
|
|
190, 24, 150, 125, 14, 254, 19, 44,
|
|
55, 112, 156, 5, 141, 230, 91, 84,
|
|
110, 130, 213, 39, 249, 107, 145, 140,
|
|
226, 38, 16, 80, 186, 183, 134, 239,
|
|
190, 24, 150, 125, 14, 254, 19, 44,
|
|
55, 112, 156, 5, 141, 230, 91, 84,
|
|
110, 130, 213, 39, 249, 107, 145, 140,
|
|
226, 38, 16, 80, 186, 183, 134, 239
|
|
])
|
|
|
|
const p = Buffer.from([
|
|
0x38, 0xf4, 0x69, 0x6f, 0xcf, 0x62, 0xa0, 0xfd,
|
|
0x5a, 0xb7, 0x6e, 0x9f, 0xcb, 0xcd, 0x95, 0x3f,
|
|
0xed, 0xba, 0x30, 0xb2, 0x64, 0x42, 0xa4, 0x52,
|
|
0x27, 0xa6, 0x3e, 0xd2, 0xc8, 0xac, 0xa4, 0xed
|
|
])
|
|
|
|
const pk_test = Buffer.from('d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a', 'hex')
|
|
|
|
function signedInt (i) {
|
|
return i < 0 ? 2 ** 32 + i : i
|
|
}
|
|
|
|
// console.log(Uint8Array.from(an))
|
|
// console.log(Uint8Array.from(bn))
|
|
|
|
// console.log(an.toString('hex'))
|
|
// console.log(bn.toString('hex'))
|
|
|
|
// for (let i = 0; i < 25; i++) an[i] = bn[i] = i
|
|
// var correct = true
|
|
|
|
// var dn = Buffer.alloc(32)
|
|
|
|
const mod = 2n ** 252n + 27742317777372353535851937790883648493n
|
|
const res = Buffer.alloc(32)
|
|
const res1 = Buffer.alloc(32)
|
|
|
|
var a = new Int32Array(10)
|
|
var b = new Int32Array(10)
|
|
var c = new Int32Array(10)
|
|
var g = new Int32Array(10)
|
|
const ge = ec.ge3()
|
|
const gf = ec.ge3()
|
|
|
|
///////////////////////////////////////////
|
|
ec.fe25519_frombytes(a, an)
|
|
ec.fe25519_frombytes(b, bn)
|
|
|
|
ec.fe25519_mul(c, b, a)
|
|
// // console.log('\na __________')
|
|
// // for (let i = 0; i < 10; i++) console.log(`a${i}:`, signedInt(a[i]).toString(16).padStart(8, '0'))
|
|
// // console.log('\nb __________')
|
|
// // for (let i = 0; i < 10; i++) console.log(`b${i}:`, signedInt(b[i]).toString(16).padStart(8, '0'))
|
|
// ec.fe25519_frombytes(c, bn)
|
|
ec.fe25519_tobytes(res, c)
|
|
console.log('tess :', res.toString('hex'))
|
|
|
|
|
|
console.time('standard')
|
|
for (let i = 0; i < 10000; i++) ec.fe25519_pow22523(b, a)
|
|
console.timeEnd('standard')
|
|
|
|
ec.fe25519_tobytes(res, b)
|
|
console.log('tess :', res.toString('hex'))
|
|
|
|
console.time('pure invert')
|
|
for (let i = 0; i < 10000; i++) wasm_pow(b, a)
|
|
console.timeEnd('pure invert')
|
|
ec.fe25519_tobytes(res, b)
|
|
console.log('tess :', res.toString('hex'))
|
|
|
|
ec.fe25519_pow22523(a, a)
|
|
ec.fe25519_tobytes(res, a)
|
|
console.log('fe_p25:', res.toString('hex'))
|
|
|
|
ec.fe25519_cneg(a, a, 1)
|
|
ec.fe25519_tobytes(res, a)
|
|
console.log('fe_cng:', res.toString('hex'))
|
|
|
|
ec.sc25519_mul(res, an, bn)
|
|
console.log('sc_mul:', res.toString('hex'))
|
|
|
|
ec.sc25519_muladd(res, an, bn, cn)
|
|
console.log('sc_mad:', res.toString('hex'))
|
|
|
|
ec.sc25519_reduce(s)
|
|
console.log('sc_red:', s.subarray(0, 32).toString('hex'))
|
|
|
|
ec.sc25519_invert(res, cn)
|
|
console.log('sc_inv:', res.toString('hex'))
|
|
|
|
ec.ge25519_mont_to_ed(g, c, a, b)
|
|
ec.fe25519_tobytes(res, g)
|
|
console.log('g_m2ex:', res.toString('hex'))
|
|
ec.fe25519_tobytes(res, c)
|
|
console.log('g_m2ey:', res.toString('hex'))
|
|
|
|
ec.ge25519_frombytes(ge, p)
|
|
ec.ge25519_p3_tobytes(res, ge)
|
|
console.log("p :", res.toString('hex'))
|
|
|
|
ec.ge25519_mul_l(gf, ge)
|
|
ec.ge25519_p3_tobytes(res, gf)
|
|
console.log("mul_l :", res.toString('hex'))
|
|
|
|
ec.ge25519_scalarmult_base(gf, cn)
|
|
ec.ge25519_p3_tobytes(res, gf)
|
|
console.log("smultb:", res.toString('hex'))
|
|
|
|
ec.ge25519_scalarmult(ge, bn, gf)
|
|
ec.ge25519_p3_tobytes(res, ge)
|
|
console.log("smult :", res.toString('hex'))
|
|
|
|
ec.ge25519_double_scalarmult_vartime(gf, an, ge, bn)
|
|
ec.ge25519_p3_tobytes(res, gf)
|
|
console.log("smdbl :", res.toString('hex'))
|
|
|
|
ec.ge25519_frombytes_negate_vartime(gf, pk_test)
|
|
ec.ge25519_p3_tobytes(res, gf)
|
|
console.log("smdbl :", res.toString('hex'))
|
|
|
|
console.log('canon :', ec.sc25519_is_canonical(bn))
|
|
|
|
/////////////////////////////////////////////////////
|
|
|
|
// console.log(((BigInt(ahex) * BigInt(ahex)) % mod).toString(16))
|
|
// console.log(res1.toString('hex'))
|
|
|
|
// const b = new Float64Array(16)
|
|
// const bi = new Float64Array(16)
|
|
// sodium.unpack25519(b, an)
|
|
// console.log(b)
|
|
// sodium.inv25519(bi, b)
|
|
// console.log(b)
|
|
// sodium.pack(res1, bi)
|
|
|
|
|
|
// console.log(res.toString('hex'))
|
|
// console.log(res1.toString('hex'))
|
|
|
|
|
|
// for (let j = 0; j < 10000; j++) {
|
|
// var an = crypto.randomBytes(32)
|
|
// var bn = crypto.randomBytes(32)
|
|
// var cn = crypto.randomBytes(32)
|
|
// dn.fill(0)
|
|
|
|
// ec.fe25519_invert(dn, an, bn, cn)
|
|
// var res = reverseEndian(dn)
|
|
|
|
// var bi = (((BigInt('0x' + reverseEndian(an)) * BigInt('0x' + reverseEndian(bn))) + BigInt('0x' + reverseEndian(cn))) % mod).toString(16).padStart(res.length, '0')
|
|
|
|
// correct &= res === bi
|
|
// }
|
|
|
|
// console.log(correct === 1)
|
|
|
|
// function reverseEndian (buf) {
|
|
// var str = ''
|
|
// let i = buf.length - 1
|
|
|
|
// while (buf[i] === 0) i--
|
|
// if (i === -1) return '0'
|
|
|
|
// for (; i >= 0; i--) {
|
|
// str += buf[i].toString(16).padStart(2, '0')
|
|
// }
|
|
|
|
// return str
|
|
// }
|
|
|
|
// const a237 = new Array(
|
|
// 0x0003e6b1n,
|
|
// 0x001d0353n,
|
|
// 0x00033a5dn,
|
|
// 0x000fcd68n,
|
|
// 0x000cd8c5n,
|
|
// 0x00172cd9n,
|
|
// 0x000dcf66n,
|
|
// 0x0014afffn,
|
|
// 0x0009f453n,
|
|
// 0x0006399cn,
|
|
// 0x000e9672n,
|
|
// 0x000ee4een
|
|
// )
|
|
// var a237 = []
|
|
// a237 = Array.from(a237).map(BigInt)
|
|
|
|
// var s = Buffer.alloc(32)
|
|
|
|
// s[0] = Number(a237[0] >> 0n)
|
|
// s[1] = Number(a237[0] >> 8n)
|
|
// s[2] = Number((a237[0] >> 16n) | (a237[1] * (1n << 5n)))
|
|
// s[3] = Number(a237[1] >> 3n)
|
|
// s[4] = Number(a237[1] >> 11n)
|
|
// s[5] = Number((a237[1] >> 19n) | (a237[2] * (1n << 2n)))
|
|
// s[6] = Number(a237[2] >> 6n)
|
|
// s[7] = Number((a237[2] >> 14n) | (a237[3] * (1n << 7n)))
|
|
// s[8] = Number(a237[3] >> 1n)
|
|
// s[9] = Number(a237[3] >> 9n)
|
|
// s[10] = Number((a237[3] >> 17n) | (a237[4] * (1n << 4n)))
|
|
// s[11] = Number(a237[4] >> 4n)
|
|
// s[12] = Number(a237[4] >> 12n)
|
|
// s[13] = Number((a237[4] >> 20n) | (a237[5] * (1n << 1n)))
|
|
// s[14] = Number(a237[5] >> 7n)
|
|
// s[15] = Number((a237[5] >> 15n) | (a237[6] * (1n << 6n)))
|
|
// s[16] = Number(a237[6] >> 2n)
|
|
// s[17] = Number(a237[6] >> 10n)
|
|
// s[18] = Number((a237[6] >> 18n) | (a237[7] * (1n << 3n)))
|
|
// s[19] = Number(a237[7] >> 5n)
|
|
// s[20] = Number(a237[7] >> 13n)
|
|
// s[21] = Number(a237[8] >> 0n)
|
|
// s[22] = Number(a237[8] >> 8n)
|
|
// s[23] = Number((a237[8] >> 16n) | (a237[9] * (1n << 5n)))
|
|
// s[24] = Number(a237[9] >> 3n)
|
|
// s[25] = Number(a237[9] >> 11n)
|
|
// s[26] = Number((a237[9] >> 19n) | (a237[10] * (1n << 2n)))
|
|
// s[27] = Number(a237[10] >> 6n)
|
|
// s[28] = Number((a237[10] >> 14n) | (a237[11] * (1n << 7n)))
|
|
// s[29] = Number(a237[11] >> 1n)
|
|
// s[30] = Number(a237[11] >> 9n)
|
|
// s[31] = Number(a237[11] >> 17n)
|
|
|
|
// console.log(reverseEndian(s))
|
|
// // console.log(a237.reduce((acc, a, i) => acc + a * 1n << (20n * BigInt(i))).toString(16))
|