		/// <reference types="node" />
		import BN from 'bn.js';
		import DRBG from 'hmac-drbg';
		import { Signature } from './signature';
		@@ -19,19 +18,17 @@ /**
		* @param {Buffer} pubkey
		* @param {Buffer} pubNonce?
		*
		* @returns {Signature}
		*/
		export declare const sign: (msg: Buffer, key: Buffer, pubkey: Buffer) => Signature;
		export declare const sign: (msg: Buffer, privKey: Buffer, pubKey: Buffer) => Signature;
		/**
		* trySign
		*
		* @param {Buffer} msg
		* @param {BN} prv - private key
		* @param {BN} k - DRBG-generated random number
		* @param {Buffer} pn - optional
		* @param {Buffer)} pubKey - public key
		* @param {Buffer} msg - the message to sign over
		* @param {BN} k - output of the HMAC-DRBG
		* @param {BN} privateKey - the private key
		* @param {Buffer} pubKey - the public key
		*
		* @returns {Signature \| null =>}
		*/
		export declare const trySign: (msg: Buffer, prv: BN, k: BN, pubKey: Buffer) => Signature \| null;
		export declare const trySign: (msg: Buffer, k: BN, privKey: BN, pubKey: Buffer) => Signature \| null;
		/**
		@@ -54,27 +51,2 @@ * Verify signature.
		export declare const toSignature: (serialised: string) => Signature;
		/**
		* Schnorr personalization string.
		* @const {Buffer}
		*/
		export declare const alg: Buffer;
		/**
		* Instantiate an HMAC-DRBG.
		*
		* @param {Buffer} msg
		* @param {Buffer} priv - used as entropy input
		* @param {Buffer} data - used as nonce
		*
		* @returns {DRBG}
		*/
		export declare const getDRBG: (msg: Buffer, priv: Buffer, data?: Buffer \| undefined) => DRBG;
		/**
		* Generate pub+priv nonce pair.
		*
		* @param {Buffer} msg
		* @param {Buffer} priv
		* @param {Buffer} data
		*
		* @returns {Buffer}
		*/
		export declare const generateNoncePair: (msg: Buffer, priv: Buffer, data: Buffer) => Buffer;
		//# sourceMappingURL=schnorr.d.ts.map

dist/schnorr.js

		"use strict";
		Object.defineProperty(exports, "__esModule", { value: true });
		var tslib_1 = require("tslib");
		var bsert_1 = tslib_1.__importDefault(require("bsert"));
		var elliptic_1 = tslib_1.__importDefault(require("elliptic"));
		@@ -9,2 +8,3 @@ var bn_js_1 = tslib_1.__importDefault(require("bn.js"));
		var hmac_drbg_1 = tslib_1.__importDefault(require("hmac-drbg"));
		var random_1 = require("./random");
		var signature_1 = require("./signature");
		@@ -18,2 +18,8 @@ var curve = elliptic_1.default.ec('secp256k1').curve;
		var PUBKEY_COMPRESSED_SIZE_BYTES = 33;
		// Personalization string used for HMAC-DRBG instantiation.
		var ALG = Buffer.from('Schnorr+SHA256 ', 'ascii');
		// The length in bytes of the string above.
		var ALG_LEN = 16;
		// The length in bytes of entropy inputs to HMAC-DRBG
		var ENT_LEN = 32;
		/**
		@@ -42,9 +48,8 @@ * Hash (r \| M).
		* @param {Buffer} pubkey
		* @param {Buffer} pubNonce?
		*
		* @returns {Signature}
		*/
		exports.sign = function (msg, key, pubkey) {
		var prv = new bn_js_1.default(key);
		var drbg = exports.getDRBG(msg, key);
		exports.sign = function (msg, privKey, pubKey) {
		var prv = new bn_js_1.default(privKey);
		var drbg = getDRBG();
		var len = curve.n.byteLength();
		@@ -54,3 +59,3 @@ var sig;
		var k = new bn_js_1.default(drbg.generate(len));
		sig = exports.trySign(msg, prv, k, pubkey);
		sig = exports.trySign(msg, k, prv, pubKey);
		}
		@@ -62,15 +67,14 @@ return sig;
		*
		* @param {Buffer} msg
		* @param {BN} prv - private key
		* @param {BN} k - DRBG-generated random number
		* @param {Buffer} pn - optional
		* @param {Buffer)} pubKey - public key
		* @param {Buffer} msg - the message to sign over
		* @param {BN} k - output of the HMAC-DRBG
		* @param {BN} privateKey - the private key
		* @param {Buffer} pubKey - the public key
		*
		* @returns {Signature \| null =>}
		*/
		exports.trySign = function (msg, prv, k, pubKey) {
		if (prv.isZero()) {
		exports.trySign = function (msg, k, privKey, pubKey) {
		if (privKey.isZero()) {
		throw new Error('Bad private key.');
		}
		if (prv.gte(curve.n)) {
		if (privKey.gte(curve.n)) {
		throw new Error('Bad private key.');
		@@ -91,3 +95,4 @@ }
		// 3. Compute the challenge r = H(Q \|\| pubKey \|\| msg)
		var r = exports.hash(compressedQ, pubKey, msg);
		// mod reduce the r value by the order of secp256k1, n
		var r = exports.hash(compressedQ, pubKey, msg).umod(curve.n);
		var h = r.clone();
		@@ -102,3 +107,3 @@ if (h.isZero()) {
		// 4a. Compute r * prv
		var s = h.imul(prv);
		var s = h.imul(privKey);
		// 4b. Compute s = k - r * prv mod n
		@@ -136,2 +141,5 @@ s = k.isub(s);
		var kpub = curve.decodePoint(key);
		if (!curve.validate(kpub)) {
		throw new Error('Invalid public key');
		}
		var l = kpub.mul(sig.r);
		@@ -141,3 +149,3 @@ var r = curve.g.mul(sig.s);
		var compressedQ = new bn_js_1.default(Q.encodeCompressed());
		var r1 = exports.hash(compressedQ, key, msg);
		var r1 = exports.hash(compressedQ, key, msg).umod(curve.n);
		if (r1.gte(curve.n)) {
		@@ -157,48 +165,21 @@ throw new Error('Invalid hash.');
		/**
		* Schnorr personalization string.
		* @const {Buffer}
		*/
		exports.alg = Buffer.from('Schnorr+SHA256 ', 'ascii');
		/**
		* Instantiate an HMAC-DRBG.
		*
		* @param {Buffer} msg
		* @param {Buffer} priv - used as entropy input
		* @param {Buffer} data - used as nonce
		* @param {Buffer} entropy
		*
		* @returns {DRBG}
		*/
		exports.getDRBG = function (msg, priv, data) {
		var pers = Buffer.allocUnsafe(48);
		pers.fill(0);
		if (data) {
		bsert_1.default(data.length === 32);
		data.copy(pers, 0);
		}
		exports.alg.copy(pers, 32);
		var getDRBG = function () {
		var entropy = random_1.randomBytes(ENT_LEN);
		var nonce = random_1.randomBytes(ENT_LEN);
		var pers = Buffer.allocUnsafe(ALG_LEN + ENT_LEN);
		Buffer.from(random_1.randomBytes(ENT_LEN)).copy(pers, 0);
		ALG.copy(pers, ENT_LEN);
		return new hmac_drbg_1.default({
		hash: hash_js_1.default.sha256,
		entropy: priv,
		nonce: msg,
		entropy: entropy,
		nonce: nonce,
		pers: pers,
		});
		};
		/**
		* Generate pub+priv nonce pair.
		*
		* @param {Buffer} msg
		* @param {Buffer} priv
		* @param {Buffer} data
		*
		* @returns {Buffer}
		*/
		exports.generateNoncePair = function (msg, priv, data) {
		var drbg = exports.getDRBG(msg, priv, data);
		var len = curve.n.byteLength();
		var k = new bn_js_1.default(drbg.generate(len));
		while (k.isZero() && k.gte(curve.n)) {
		k = new bn_js_1.default(drbg.generate(len));
		}
		return Buffer.from(curve.g.mul(k).encode('array', true));
		};
		//# sourceMappingURL=schnorr.js.map

dist/signature.d.ts

@@ -0,0 +0,0 @@ import BN from 'bn.js';

dist/types.d.ts

@@ -0,0 +0,0 @@ export declare type KDF = 'pbkdf2' | 'scrypt';

dist/util.d.ts

		@@ -39,2 +39,20 @@ /**
		/**
		* toChecksumAddress
		*
		* takes hex-encoded string and returns the corresponding address
		*
		* @param {string} address
		* @returns {string}
		*/
		export declare const toChecksumAddress: (address: string) => string;
		/**
		* isValidChecksumAddress
		*
		* takes hex-encoded string and returns boolean if address is checksumed
		*
		* @param {string} address
		* @returns {boolean}
		*/
		export declare const isValidChecksumAddress: (address: string) => boolean;
		/**
		* verifyPrivateKey
		@@ -41,0 +59,0 @@ *

dist/util.js

		@@ -6,2 +6,3 @@ "use strict";
		var hash_js_1 = tslib_1.__importDefault(require("hash.js"));
		var util_1 = require("@zilliqa-js/util");
		var secp256k1 = elliptic_1.default.ec('secp256k1');
		@@ -65,2 +66,39 @@ /**
		/**
		* toChecksumAddress
		*
		* takes hex-encoded string and returns the corresponding address
		*
		* @param {string} address
		* @returns {string}
		*/
		exports.toChecksumAddress = function (address) {
		address = address.toLowerCase().replace('0x', '');
		var hash = hash_js_1.default
		.sha256()
		.update(address, 'hex')
		.digest('hex');
		var ret = '0x';
		for (var i = 0; i < address.length; i++) {
		if (parseInt(hash[i], 16) >= 8) {
		ret += address[i].toUpperCase();
		}
		else {
		ret += address[i];
		}
		}
		return ret;
		};
		/**
		* isValidChecksumAddress
		*
		* takes hex-encoded string and returns boolean if address is checksumed
		*
		* @param {string} address
		* @returns {boolean}
		*/
		exports.isValidChecksumAddress = function (address) {
		return (util_1.validation.isAddress(address.replace('0x', '')) &&
		exports.toChecksumAddress(address) === address);
		};
		/**
		* verifyPrivateKey
		@@ -67,0 +105,0 @@ *

package.json

		{
		"name": "@zilliqa-js/crypto",
		"version": "0.2.1",
		"version": "0.2.2",
		"description": "Core crypto utilities for signing/verification/hashing Zilliqa transactions.",
		@@ -21,3 +21,4 @@ "main": "dist/index.umd.js",
		"dependencies": {
		"@zilliqa-js/util": "^0.2.1",
		"@types/bn.js": "^4.11.3",
		"@zilliqa-js/util": "^0.2.2",
		"aes-js": "^3.1.1",
		@@ -34,3 +35,3 @@ "bn.js": "^4.11.8",
		},
		"gitHead": "fda77bac379ed24d8666f3c77b3c8bf6a48b69bd"
		"gitHead": "ea51300f228b8685fd87c2b6e180f957bab97b54"
		}

100

src/schnorr.ts

		@@ -1,2 +0,1 @@
		import assert from 'bsert';
		import elliptic from 'elliptic';
		@@ -6,2 +5,4 @@ import BN from 'bn.js';
		import DRBG from 'hmac-drbg';

		import { randomBytes } from './random';
		import { Signature } from './signature';
		@@ -16,2 +17,8 @@
		const PUBKEY_COMPRESSED_SIZE_BYTES = 33;
		// Personalization string used for HMAC-DRBG instantiation.
		const ALG = Buffer.from('Schnorr+SHA256 ', 'ascii');
		// The length in bytes of the string above.
		const ALG_LEN = 16;
		// The length in bytes of entropy inputs to HMAC-DRBG
		const ENT_LEN = 32;

		@@ -45,9 +52,12 @@ /**
		* @param {Buffer} pubkey
		* @param {Buffer} pubNonce?
		*
		* @returns {Signature}
		*/
		export const sign = (msg: Buffer, key: Buffer, pubkey: Buffer): Signature => {
		const prv = new BN(key);
		const drbg = getDRBG(msg, key);
		export const sign = (
		msg: Buffer,
		privKey: Buffer,
		pubKey: Buffer,
		): Signature => {
		const prv = new BN(privKey);
		const drbg = getDRBG();
		const len = curve.n.byteLength();
		@@ -58,3 +68,3 @@
		const k = new BN(drbg.generate(len));
		sig = trySign(msg, prv, k, pubkey);
		sig = trySign(msg, k, prv, pubKey);
		}
		@@ -68,7 +78,6 @@
		*
		* @param {Buffer} msg
		* @param {BN} prv - private key
		* @param {BN} k - DRBG-generated random number
		* @param {Buffer} pn - optional
		* @param {Buffer)} pubKey - public key
		* @param {Buffer} msg - the message to sign over
		* @param {BN} k - output of the HMAC-DRBG
		* @param {BN} privateKey - the private key
		* @param {Buffer} pubKey - the public key
		*
		@@ -79,11 +88,11 @@ * @returns {Signature \| null =>}
		msg: Buffer,
		prv: BN,
		k: BN,
		privKey: BN,
		pubKey: Buffer,
		): Signature \| null => {
		if (prv.isZero()) {
		if (privKey.isZero()) {
		throw new Error('Bad private key.');
		}

		if (prv.gte(curve.n)) {
		if (privKey.gte(curve.n)) {
		throw new Error('Bad private key.');
		@@ -107,3 +116,4 @@ }
		// 3. Compute the challenge r = H(Q \|\| pubKey \|\| msg)
		const r = hash(compressedQ, pubKey, msg);
		// mod reduce the r value by the order of secp256k1, n
		const r = hash(compressedQ, pubKey, msg).umod(curve.n);
		const h = r.clone();
		@@ -121,3 +131,3 @@
		// 4a. Compute r * prv
		let s = h.imul(prv);
		let s = h.imul(privKey);
		// 4b. Compute s = k - r * prv mod n
		@@ -161,2 +171,6 @@ s = k.isub(s);
		const kpub = curve.decodePoint(key);
		if (!curve.validate(kpub)) {
		throw new Error('Invalid public key');
		}

		const l = kpub.mul(sig.r);
		@@ -168,3 +182,3 @@ const r = curve.g.mul(sig.s);

		const r1 = hash(compressedQ, key, msg);
		const r1 = hash(compressedQ, key, msg).umod(curve.n);

		@@ -190,56 +204,22 @@ if (r1.gte(curve.n)) {
		/**
		* Schnorr personalization string.
		* @const {Buffer}
		*/
		export const alg = Buffer.from('Schnorr+SHA256 ', 'ascii');

		/**
		* Instantiate an HMAC-DRBG.
		*
		* @param {Buffer} msg
		* @param {Buffer} priv - used as entropy input
		* @param {Buffer} data - used as nonce
		* @param {Buffer} entropy
		*
		* @returns {DRBG}
		*/
		export const getDRBG = (msg: Buffer, priv: Buffer, data?: Buffer) => {
		const pers = Buffer.allocUnsafe(48);
		const getDRBG = () => {
		const entropy = randomBytes(ENT_LEN);
		const nonce = randomBytes(ENT_LEN);
		const pers = Buffer.allocUnsafe(ALG_LEN + ENT_LEN);

		pers.fill(0);
		Buffer.from(randomBytes(ENT_LEN)).copy(pers, 0);
		ALG.copy(pers, ENT_LEN);

		if (data) {
		assert(data.length === 32);
		data.copy(pers, 0);
		}

		alg.copy(pers, 32);

		return new DRBG({
		hash: hashjs.sha256,
		entropy: priv,
		nonce: msg,
		entropy,
		nonce,
		pers,
		});
		};

		/**
		* Generate pub+priv nonce pair.
		*
		* @param {Buffer} msg
		* @param {Buffer} priv
		* @param {Buffer} data
		*
		* @returns {Buffer}
		*/
		export const generateNoncePair = (msg: Buffer, priv: Buffer, data: Buffer) => {
		const drbg = getDRBG(msg, priv, data);
		const len = curve.n.byteLength();

		let k = new BN(drbg.generate(len));

		while (k.isZero() && k.gte(curve.n)) {
		k = new BN(drbg.generate(len));
		}

		return Buffer.from(curve.g.mul(k).encode('array', true));
		};

src/util.ts

		import elliptic from 'elliptic';
		import hashjs from 'hash.js';

		import { validation } from '@zilliqa-js/util';

		const secp256k1 = elliptic.ec('secp256k1');
		@@ -67,2 +69,42 @@ /**
		/**
		* toChecksumAddress
		*
		* takes hex-encoded string and returns the corresponding address
		*
		* @param {string} address
		* @returns {string}
		*/
		export const toChecksumAddress = (address: string): string => {
		address = address.toLowerCase().replace('0x', '');
		const hash = hashjs
		.sha256()
		.update(address, 'hex')
		.digest('hex');
		let ret = '0x';
		for (let i = 0; i < address.length; i++) {
		if (parseInt(hash[i], 16) >= 8) {
		ret += address[i].toUpperCase();
		} else {
		ret += address[i];
		}
		}
		return ret;
		};

		/**
		* isValidChecksumAddress
		*
		* takes hex-encoded string and returns boolean if address is checksumed
		*
		* @param {string} address
		* @returns {boolean}
		*/
		export const isValidChecksumAddress = (address: string): boolean => {
		return (
		validation.isAddress(address.replace('0x', '')) &&
		toChecksumAddress(address) === address
		);
		};

		/**
		* verifyPrivateKey
		@@ -69,0 +111,0 @@ *

test/address.spec.ts

		import { addresses } from './address.fixtures';
		import { checksummedStore } from './checksum.fixtures';
		import * as crypto from '../src/index';
		@@ -16,2 +17,24 @@
		});

		it('should return a valid 0x prefixed checksummed address', () => {
		checksummedStore.forEach(({ original: address, good: expected }) => {
		const actual = crypto.toChecksumAddress(address);
		expect(actual).toEqual(expected);
		expect(actual.substr(0, 2)).toEqual('0x');
		});
		});

		it('should return true when a valid checksummed address is tested', () => {
		checksummedStore.forEach(({ good: checksummed }) => {
		const actual = crypto.isValidChecksumAddress(checksummed);
		expect(actual).toBeTruthy();
		});
		});

		it('should return false when an invalid checksummed address is tested', () => {
		checksummedStore.forEach(({ bad: badlychecksummed }) => {
		const actual = crypto.isValidChecksumAddress(badlychecksummed);
		expect(actual).toBeFalsy();
		});
		});
		});

test/schnorr.spec.ts

		@@ -25,4 +25,4 @@ import BN from 'bn.js';
		msg,
		new BN(k),
		new BN(Buffer.from(badPrivateKey, 'hex')),
		new BN(k),
		Buffer.from(pub, 'hex'),
		@@ -37,2 +37,27 @@ );

		it('should not verify invalid public keys', () => {
		// invalid point for secp256k1
		const x =
		'c70dc2f79d407ae3800098eea06c50cd80948d15d209a73df6f6c2b31bb247d4';
		const y =
		'07132a5e43e331ac0b4cbec1d7318add7d25533d0dbee5cd5ded9fe9ddb4248a';
		const pubKey = '04' + x + y;

		// signature over the string 'test', for the invalid point (x,y) above
		const r =
		'e5d98c86e8b85e4c41d47c4ed50219adad544c57c1f75408477c475abcc5e7bc';
		const s =
		'de79ea11594f3dd3882fcc69a8413fa626a76df639a01c72dde9dc2d63c6d894';
		const signature = new Signature({ r, s });

		const res = () =>
		schnorr.verify(
		Buffer.from('test'),
		signature,
		Buffer.from(pubKey, 'hex'),
		);

		expect(res).toThrow('Invalid public key');
		});

		it('should match the C++ Schnorr implementation', () => {
		@@ -44,4 +69,4 @@ schnorrVectors.forEach(({ msg, priv, pub, k, r, s }) => {
		Buffer.from(msg, 'hex'),
		new BN(k, 16),
		new BN(Buffer.from(priv, 'hex')),
		new BN(k, 16),
		Buffer.from(pub, 'hex'),
		@@ -48,0 +73,0 @@ );

zilliqa-js-crypto-0.2.1.tgz

dist/index.d.ts.map