{"ast":null,"code":"'use strict';\n\nvar hash = require('hash.js');\n\nvar curves = require('../curves');\n\nvar utils = require('../utils');\n\nvar assert = utils.assert;\nvar parseBytes = utils.parseBytes;\n\nvar KeyPair = require('./key');\n\nvar Signature = require('./signature');\n\nfunction EDDSA(curve) {\n  assert(curve === 'ed25519', 'only tested with ed25519 so far');\n  if (!(this instanceof EDDSA)) return new EDDSA(curve);\n  curve = curves[curve].curve;\n  this.curve = curve;\n  this.g = curve.g;\n  this.g.precompute(curve.n.bitLength() + 1);\n  this.pointClass = curve.point().constructor;\n  this.encodingLength = Math.ceil(curve.n.bitLength() / 8);\n  this.hash = hash.sha512;\n}\n\nmodule.exports = EDDSA;\n/**\n* @param {Array|String} message - message bytes\n* @param {Array|String|KeyPair} secret - secret bytes or a keypair\n* @returns {Signature} - signature\n*/\n\nEDDSA.prototype.sign = function sign(message, secret) {\n  message = parseBytes(message);\n  var key = this.keyFromSecret(secret);\n  var r = this.hashInt(key.messagePrefix(), message);\n  var R = this.g.mul(r);\n  var Rencoded = this.encodePoint(R);\n  var s_ = this.hashInt(Rencoded, key.pubBytes(), message).mul(key.priv());\n  var S = r.add(s_).umod(this.curve.n);\n  return this.makeSignature({\n    R: R,\n    S: S,\n    Rencoded: Rencoded\n  });\n};\n/**\n* @param {Array} message - message bytes\n* @param {Array|String|Signature} sig - sig bytes\n* @param {Array|String|Point|KeyPair} pub - public key\n* @returns {Boolean} - true if public key matches sig of message\n*/\n\n\nEDDSA.prototype.verify = function verify(message, sig, pub) {\n  message = parseBytes(message);\n  sig = this.makeSignature(sig);\n  var key = this.keyFromPublic(pub);\n  var h = this.hashInt(sig.Rencoded(), key.pubBytes(), message);\n  var SG = this.g.mul(sig.S());\n  var RplusAh = sig.R().add(key.pub().mul(h));\n  return RplusAh.eq(SG);\n};\n\nEDDSA.prototype.hashInt = function hashInt() {\n  var hash = this.hash();\n\n  for (var i = 0; i < arguments.length; i++) hash.update(arguments[i]);\n\n  return utils.intFromLE(hash.digest()).umod(this.curve.n);\n};\n\nEDDSA.prototype.keyFromPublic = function keyFromPublic(pub) {\n  return KeyPair.fromPublic(this, pub);\n};\n\nEDDSA.prototype.keyFromSecret = function keyFromSecret(secret) {\n  return KeyPair.fromSecret(this, secret);\n};\n\nEDDSA.prototype.makeSignature = function makeSignature(sig) {\n  if (sig instanceof Signature) return sig;\n  return new Signature(this, sig);\n};\n/**\n* * https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-03#section-5.2\n*\n* EDDSA defines methods for encoding and decoding points and integers. These are\n* helper convenience methods, that pass along to utility functions implied\n* parameters.\n*\n*/\n\n\nEDDSA.prototype.encodePoint = function encodePoint(point) {\n  var enc = point.getY().toArray('le', this.encodingLength);\n  enc[this.encodingLength - 1] |= point.getX().isOdd() ? 0x80 : 0;\n  return enc;\n};\n\nEDDSA.prototype.decodePoint = function decodePoint(bytes) {\n  bytes = utils.parseBytes(bytes);\n  var lastIx = bytes.length - 1;\n  var normed = bytes.slice(0, lastIx).concat(bytes[lastIx] & ~0x80);\n  var xIsOdd = (bytes[lastIx] & 0x80) !== 0;\n  var y = utils.intFromLE(normed);\n  return this.curve.pointFromY(y, xIsOdd);\n};\n\nEDDSA.prototype.encodeInt = function encodeInt(num) {\n  return num.toArray('le', this.encodingLength);\n};\n\nEDDSA.prototype.decodeInt = function decodeInt(bytes) {\n  return utils.intFromLE(bytes);\n};\n\nEDDSA.prototype.isPoint = function isPoint(val) {\n  return val instanceof this.pointClass;\n};","map":{"version":3,"sources":["/Users/tylerkoenig/Code/personal/react-scss2/node_modules/elliptic/lib/elliptic/eddsa/index.js"],"names":["hash","require","curves","utils","assert","parseBytes","KeyPair","Signature","EDDSA","curve","g","precompute","n","bitLength","pointClass","point","constructor","encodingLength","Math","ceil","sha512","module","exports","prototype","sign","message","secret","key","keyFromSecret","r","hashInt","messagePrefix","R","mul","Rencoded","encodePoint","s_","pubBytes","priv","S","add","umod","makeSignature","verify","sig","pub","keyFromPublic","h","SG","RplusAh","eq","i","arguments","length","update","intFromLE","digest","fromPublic","fromSecret","enc","getY","toArray","getX","isOdd","decodePoint","bytes","lastIx","normed","slice","concat","xIsOdd","y","pointFromY","encodeInt","num","decodeInt","isPoint","val"],"mappings":"AAAA;;AAEA,IAAIA,IAAI,GAAGC,OAAO,CAAC,SAAD,CAAlB;;AACA,IAAIC,MAAM,GAAGD,OAAO,CAAC,WAAD,CAApB;;AACA,IAAIE,KAAK,GAAGF,OAAO,CAAC,UAAD,CAAnB;;AACA,IAAIG,MAAM,GAAGD,KAAK,CAACC,MAAnB;AACA,IAAIC,UAAU,GAAGF,KAAK,CAACE,UAAvB;;AACA,IAAIC,OAAO,GAAGL,OAAO,CAAC,OAAD,CAArB;;AACA,IAAIM,SAAS,GAAGN,OAAO,CAAC,aAAD,CAAvB;;AAEA,SAASO,KAAT,CAAeC,KAAf,EAAsB;AACpBL,EAAAA,MAAM,CAACK,KAAK,KAAK,SAAX,EAAsB,iCAAtB,CAAN;AAEA,MAAI,EAAE,gBAAgBD,KAAlB,CAAJ,EACE,OAAO,IAAIA,KAAJ,CAAUC,KAAV,CAAP;AAEFA,EAAAA,KAAK,GAAGP,MAAM,CAACO,KAAD,CAAN,CAAcA,KAAtB;AACA,OAAKA,KAAL,GAAaA,KAAb;AACA,OAAKC,CAAL,GAASD,KAAK,CAACC,CAAf;AACA,OAAKA,CAAL,CAAOC,UAAP,CAAkBF,KAAK,CAACG,CAAN,CAAQC,SAAR,KAAsB,CAAxC;AAEA,OAAKC,UAAL,GAAkBL,KAAK,CAACM,KAAN,GAAcC,WAAhC;AACA,OAAKC,cAAL,GAAsBC,IAAI,CAACC,IAAL,CAAUV,KAAK,CAACG,CAAN,CAAQC,SAAR,KAAsB,CAAhC,CAAtB;AACA,OAAKb,IAAL,GAAYA,IAAI,CAACoB,MAAjB;AACD;;AAEDC,MAAM,CAACC,OAAP,GAAiBd,KAAjB;AAEA;AACA;AACA;AACA;AACA;;AACAA,KAAK,CAACe,SAAN,CAAgBC,IAAhB,GAAuB,SAASA,IAAT,CAAcC,OAAd,EAAuBC,MAAvB,EAA+B;AACpDD,EAAAA,OAAO,GAAGpB,UAAU,CAACoB,OAAD,CAApB;AACA,MAAIE,GAAG,GAAG,KAAKC,aAAL,CAAmBF,MAAnB,CAAV;AACA,MAAIG,CAAC,GAAG,KAAKC,OAAL,CAAaH,GAAG,CAACI,aAAJ,EAAb,EAAkCN,OAAlC,CAAR;AACA,MAAIO,CAAC,GAAG,KAAKtB,CAAL,CAAOuB,GAAP,CAAWJ,CAAX,CAAR;AACA,MAAIK,QAAQ,GAAG,KAAKC,WAAL,CAAiBH,CAAjB,CAAf;AACA,MAAII,EAAE,GAAG,KAAKN,OAAL,CAAaI,QAAb,EAAuBP,GAAG,CAACU,QAAJ,EAAvB,EAAuCZ,OAAvC,EACNQ,GADM,CACFN,GAAG,CAACW,IAAJ,EADE,CAAT;AAEA,MAAIC,CAAC,GAAGV,CAAC,CAACW,GAAF,CAAMJ,EAAN,EAAUK,IAAV,CAAe,KAAKhC,KAAL,CAAWG,CAA1B,CAAR;AACA,SAAO,KAAK8B,aAAL,CAAmB;AAAEV,IAAAA,CAAC,EAAEA,CAAL;AAAQO,IAAAA,CAAC,EAAEA,CAAX;AAAcL,IAAAA,QAAQ,EAAEA;AAAxB,GAAnB,CAAP;AACD,CAVD;AAYA;AACA;AACA;AACA;AACA;AACA;;;AACA1B,KAAK,CAACe,SAAN,CAAgBoB,MAAhB,GAAyB,SAASA,MAAT,CAAgBlB,OAAhB,EAAyBmB,GAAzB,EAA8BC,GAA9B,EAAmC;AAC1DpB,EAAAA,OAAO,GAAGpB,UAAU,CAACoB,OAAD,CAApB;AACAmB,EAAAA,GAAG,GAAG,KAAKF,aAAL,CAAmBE,GAAnB,CAAN;AACA,MAAIjB,GAAG,GAAG,KAAKmB,aAAL,CAAmBD,GAAnB,CAAV;AACA,MAAIE,CAAC,GAAG,KAAKjB,OAAL,CAAac,GAAG,CAACV,QAAJ,EAAb,EAA6BP,GAAG,CAACU,QAAJ,EAA7B,EAA6CZ,OAA7C,CAAR;AACA,MAAIuB,EAAE,GAAG,KAAKtC,CAAL,CAAOuB,GAAP,CAAWW,GAAG,CAACL,CAAJ,EAAX,CAAT;AACA,MAAIU,OAAO,GAAGL,GAAG,CAACZ,CAAJ,GAAQQ,GAAR,CAAYb,GAAG,CAACkB,GAAJ,GAAUZ,GAAV,CAAcc,CAAd,CAAZ,CAAd;AACA,SAAOE,OAAO,CAACC,EAAR,CAAWF,EAAX,CAAP;AACD,CARD;;AAUAxC,KAAK,CAACe,SAAN,CAAgBO,OAAhB,GAA0B,SAASA,OAAT,GAAmB;AAC3C,MAAI9B,IAAI,GAAG,KAAKA,IAAL,EAAX;;AACA,OAAK,IAAImD,CAAC,GAAG,CAAb,EAAgBA,CAAC,GAAGC,SAAS,CAACC,MAA9B,EAAsCF,CAAC,EAAvC,EACEnD,IAAI,CAACsD,MAAL,CAAYF,SAAS,CAACD,CAAD,CAArB;;AACF,SAAOhD,KAAK,CAACoD,SAAN,CAAgBvD,IAAI,CAACwD,MAAL,EAAhB,EAA+Bf,IAA/B,CAAoC,KAAKhC,KAAL,CAAWG,CAA/C,CAAP;AACD,CALD;;AAOAJ,KAAK,CAACe,SAAN,CAAgBuB,aAAhB,GAAgC,SAASA,aAAT,CAAuBD,GAAvB,EAA4B;AAC1D,SAAOvC,OAAO,CAACmD,UAAR,CAAmB,IAAnB,EAAyBZ,GAAzB,CAAP;AACD,CAFD;;AAIArC,KAAK,CAACe,SAAN,CAAgBK,aAAhB,GAAgC,SAASA,aAAT,CAAuBF,MAAvB,EAA+B;AAC7D,SAAOpB,OAAO,CAACoD,UAAR,CAAmB,IAAnB,EAAyBhC,MAAzB,CAAP;AACD,CAFD;;AAIAlB,KAAK,CAACe,SAAN,CAAgBmB,aAAhB,GAAgC,SAASA,aAAT,CAAuBE,GAAvB,EAA4B;AAC1D,MAAIA,GAAG,YAAYrC,SAAnB,EACE,OAAOqC,GAAP;AACF,SAAO,IAAIrC,SAAJ,CAAc,IAAd,EAAoBqC,GAApB,CAAP;AACD,CAJD;AAMA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;AACApC,KAAK,CAACe,SAAN,CAAgBY,WAAhB,GAA8B,SAASA,WAAT,CAAqBpB,KAArB,EAA4B;AACxD,MAAI4C,GAAG,GAAG5C,KAAK,CAAC6C,IAAN,GAAaC,OAAb,CAAqB,IAArB,EAA2B,KAAK5C,cAAhC,CAAV;AACA0C,EAAAA,GAAG,CAAC,KAAK1C,cAAL,GAAsB,CAAvB,CAAH,IAAgCF,KAAK,CAAC+C,IAAN,GAAaC,KAAb,KAAuB,IAAvB,GAA8B,CAA9D;AACA,SAAOJ,GAAP;AACD,CAJD;;AAMAnD,KAAK,CAACe,SAAN,CAAgByC,WAAhB,GAA8B,SAASA,WAAT,CAAqBC,KAArB,EAA4B;AACxDA,EAAAA,KAAK,GAAG9D,KAAK,CAACE,UAAN,CAAiB4D,KAAjB,CAAR;AAEA,MAAIC,MAAM,GAAGD,KAAK,CAACZ,MAAN,GAAe,CAA5B;AACA,MAAIc,MAAM,GAAGF,KAAK,CAACG,KAAN,CAAY,CAAZ,EAAeF,MAAf,EAAuBG,MAAvB,CAA8BJ,KAAK,CAACC,MAAD,CAAL,GAAgB,CAAC,IAA/C,CAAb;AACA,MAAII,MAAM,GAAG,CAACL,KAAK,CAACC,MAAD,CAAL,GAAgB,IAAjB,MAA2B,CAAxC;AAEA,MAAIK,CAAC,GAAGpE,KAAK,CAACoD,SAAN,CAAgBY,MAAhB,CAAR;AACA,SAAO,KAAK1D,KAAL,CAAW+D,UAAX,CAAsBD,CAAtB,EAAyBD,MAAzB,CAAP;AACD,CATD;;AAWA9D,KAAK,CAACe,SAAN,CAAgBkD,SAAhB,GAA4B,SAASA,SAAT,CAAmBC,GAAnB,EAAwB;AAClD,SAAOA,GAAG,CAACb,OAAJ,CAAY,IAAZ,EAAkB,KAAK5C,cAAvB,CAAP;AACD,CAFD;;AAIAT,KAAK,CAACe,SAAN,CAAgBoD,SAAhB,GAA4B,SAASA,SAAT,CAAmBV,KAAnB,EAA0B;AACpD,SAAO9D,KAAK,CAACoD,SAAN,CAAgBU,KAAhB,CAAP;AACD,CAFD;;AAIAzD,KAAK,CAACe,SAAN,CAAgBqD,OAAhB,GAA0B,SAASA,OAAT,CAAiBC,GAAjB,EAAsB;AAC9C,SAAOA,GAAG,YAAY,KAAK/D,UAA3B;AACD,CAFD","sourcesContent":["'use strict';\n\nvar hash = require('hash.js');\nvar curves = require('../curves');\nvar utils = require('../utils');\nvar assert = utils.assert;\nvar parseBytes = utils.parseBytes;\nvar KeyPair = require('./key');\nvar Signature = require('./signature');\n\nfunction EDDSA(curve) {\n  assert(curve === 'ed25519', 'only tested with ed25519 so far');\n\n  if (!(this instanceof EDDSA))\n    return new EDDSA(curve);\n\n  curve = curves[curve].curve;\n  this.curve = curve;\n  this.g = curve.g;\n  this.g.precompute(curve.n.bitLength() + 1);\n\n  this.pointClass = curve.point().constructor;\n  this.encodingLength = Math.ceil(curve.n.bitLength() / 8);\n  this.hash = hash.sha512;\n}\n\nmodule.exports = EDDSA;\n\n/**\n* @param {Array|String} message - message bytes\n* @param {Array|String|KeyPair} secret - secret bytes or a keypair\n* @returns {Signature} - signature\n*/\nEDDSA.prototype.sign = function sign(message, secret) {\n  message = parseBytes(message);\n  var key = this.keyFromSecret(secret);\n  var r = this.hashInt(key.messagePrefix(), message);\n  var R = this.g.mul(r);\n  var Rencoded = this.encodePoint(R);\n  var s_ = this.hashInt(Rencoded, key.pubBytes(), message)\n    .mul(key.priv());\n  var S = r.add(s_).umod(this.curve.n);\n  return this.makeSignature({ R: R, S: S, Rencoded: Rencoded });\n};\n\n/**\n* @param {Array} message - message bytes\n* @param {Array|String|Signature} sig - sig bytes\n* @param {Array|String|Point|KeyPair} pub - public key\n* @returns {Boolean} - true if public key matches sig of message\n*/\nEDDSA.prototype.verify = function verify(message, sig, pub) {\n  message = parseBytes(message);\n  sig = this.makeSignature(sig);\n  var key = this.keyFromPublic(pub);\n  var h = this.hashInt(sig.Rencoded(), key.pubBytes(), message);\n  var SG = this.g.mul(sig.S());\n  var RplusAh = sig.R().add(key.pub().mul(h));\n  return RplusAh.eq(SG);\n};\n\nEDDSA.prototype.hashInt = function hashInt() {\n  var hash = this.hash();\n  for (var i = 0; i < arguments.length; i++)\n    hash.update(arguments[i]);\n  return utils.intFromLE(hash.digest()).umod(this.curve.n);\n};\n\nEDDSA.prototype.keyFromPublic = function keyFromPublic(pub) {\n  return KeyPair.fromPublic(this, pub);\n};\n\nEDDSA.prototype.keyFromSecret = function keyFromSecret(secret) {\n  return KeyPair.fromSecret(this, secret);\n};\n\nEDDSA.prototype.makeSignature = function makeSignature(sig) {\n  if (sig instanceof Signature)\n    return sig;\n  return new Signature(this, sig);\n};\n\n/**\n* * https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-03#section-5.2\n*\n* EDDSA defines methods for encoding and decoding points and integers. These are\n* helper convenience methods, that pass along to utility functions implied\n* parameters.\n*\n*/\nEDDSA.prototype.encodePoint = function encodePoint(point) {\n  var enc = point.getY().toArray('le', this.encodingLength);\n  enc[this.encodingLength - 1] |= point.getX().isOdd() ? 0x80 : 0;\n  return enc;\n};\n\nEDDSA.prototype.decodePoint = function decodePoint(bytes) {\n  bytes = utils.parseBytes(bytes);\n\n  var lastIx = bytes.length - 1;\n  var normed = bytes.slice(0, lastIx).concat(bytes[lastIx] & ~0x80);\n  var xIsOdd = (bytes[lastIx] & 0x80) !== 0;\n\n  var y = utils.intFromLE(normed);\n  return this.curve.pointFromY(y, xIsOdd);\n};\n\nEDDSA.prototype.encodeInt = function encodeInt(num) {\n  return num.toArray('le', this.encodingLength);\n};\n\nEDDSA.prototype.decodeInt = function decodeInt(bytes) {\n  return utils.intFromLE(bytes);\n};\n\nEDDSA.prototype.isPoint = function isPoint(val) {\n  return val instanceof this.pointClass;\n};\n"]},"metadata":{},"sourceType":"script"}