ecdsa: remove unused functions
This commit is contained in:
Daniel Cousens
parent
87cb018466
commit
7cdabef954
3 changed files with 0 additions and 206 deletions
src
85
src/ecdsa.js
85
src/ecdsa.js
|
|
@ -154,93 +154,8 @@ function verify (hash, signature, Q) {
|
|||
return v.equals(r)
|
||||
}
|
||||
|
||||
/**
|
||||
* Recover a public key from a signature.
|
||||
*
|
||||
* See SEC 1: Elliptic Curve Cryptography, section 4.1.6, "Public
|
||||
* Key Recovery Operation".
|
||||
*
|
||||
* http://www.secg.org/download/aid-780/sec1-v2.pdf
|
||||
*/
|
||||
function recoverPubKey (e, signature, i) {
|
||||
typeforce(types.tuple(
|
||||
types.BigInt,
|
||||
types.ECSignature,
|
||||
types.UInt2
|
||||
), arguments)
|
||||
|
||||
var n = secp256k1.n
|
||||
var G = secp256k1.G
|
||||
var r = signature.r
|
||||
var s = signature.s
|
||||
|
||||
if (r.signum() <= 0 || r.compareTo(n) >= 0) throw new Error('Invalid r value')
|
||||
if (s.signum() <= 0 || s.compareTo(n) >= 0) throw new Error('Invalid s value')
|
||||
|
||||
// A set LSB signifies that the y-coordinate is odd
|
||||
var isYOdd = i & 1
|
||||
|
||||
// The more significant bit specifies whether we should use the
|
||||
// first or second candidate key.
|
||||
var isSecondKey = i >> 1
|
||||
|
||||
// 1.1 Let x = r + jn
|
||||
var x = isSecondKey ? r.add(n) : r
|
||||
var R = secp256k1.pointFromX(isYOdd, x)
|
||||
|
||||
// 1.4 Check that nR is at infinity
|
||||
var nR = R.multiply(n)
|
||||
if (!secp256k1.isInfinity(nR)) throw new Error('nR is not a valid curve point')
|
||||
|
||||
// Compute r^-1
|
||||
var rInv = r.modInverse(n)
|
||||
|
||||
// Compute -e from e
|
||||
var eNeg = e.negate().mod(n)
|
||||
|
||||
// 1.6.1 Compute Q = r^-1 (sR - eG)
|
||||
// Q = r^-1 (sR + -eG)
|
||||
var Q = R.multiplyTwo(s, G, eNeg).multiply(rInv)
|
||||
|
||||
secp256k1.validate(Q)
|
||||
|
||||
return Q
|
||||
}
|
||||
|
||||
/**
|
||||
* Calculate pubkey extraction parameter.
|
||||
*
|
||||
* When extracting a pubkey from a signature, we have to
|
||||
* distinguish four different cases. Rather than putting this
|
||||
* burden on the verifier, Bitcoin includes a 2-bit value with the
|
||||
* signature.
|
||||
*
|
||||
* This function simply tries all four cases and returns the value
|
||||
* that resulted in a successful pubkey recovery.
|
||||
*/
|
||||
function calcPubKeyRecoveryParam (e, signature, Q) {
|
||||
typeforce(types.tuple(
|
||||
types.BigInt,
|
||||
types.ECSignature,
|
||||
types.ECPoint
|
||||
), arguments)
|
||||
|
||||
for (var i = 0; i < 4; i++) {
|
||||
var Qprime = recoverPubKey(e, signature, i)
|
||||
|
||||
// 1.6.2 Verify Q
|
||||
if (Qprime.equals(Q)) {
|
||||
return i
|
||||
}
|
||||
}
|
||||
|
||||
throw new Error('Unable to find valid recovery factor')
|
||||
}
|
||||
|
||||
module.exports = {
|
||||
calcPubKeyRecoveryParam: calcPubKeyRecoveryParam,
|
||||
deterministicGenerateK: deterministicGenerateK,
|
||||
recoverPubKey: recoverPubKey,
|
||||
sign: sign,
|
||||
verify: verify,
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue