-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathed25519-mnemonic.js
96 lines (85 loc) · 2.12 KB
/
ed25519-mnemonic.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
function shr256(x, n)
{
var i, carry = 0, mask = (1<<n)-1
for (i = 8; i >= 0; i--) {
var newcarry = (x[i] & mask) << (32 - n)
x[i] = carry | (x[i] >>> n)
carry = newcarry
}
}
function shl256(x, n)
{
var i, carry = 0, mask = ((1<<n)-1) << (32 - n)
for (i = 0; i < 9; i++) {
var newcarry = (x[i] & mask) >>> (32 - n)
x[i] = carry | (x[i] << n)
carry = newcarry
}
}
function parity(sum, v, n)
{
var i
for (i = 0; i < 32; i += n)
sum = (sum ^ (v>>i))
return sum
}
exports.Dict = function (dict)
{
var bits = Math.log2(dict.length)
var mask = dict.length-1
var nword = (Math.floor(256 / bits) + 1)
if ((1<<bits) !== dict.length)
throw new Error("dict must be exactly power of 2 words, got " + dict.length)
this.bits = bits;
this.mask = mask;
this.nword = nword;
this.checkbits = nword*bits - 256
this.checkmask = (1<<this.checkbits)-1
this.words = dict
return this
}
exports.private_to_mnemonic = function(sk, dict)
{
var sk = sk.slice(0, 32)
var i, t = [];
var sum = 0;
// endian
var dv = new DataView(new Uint8Array(sk).buffer)
for (i = 0; i < 8; i++) {
var v = dv.getInt32(i * 4, true)
sum = parity(sum, v, dict.checkbits)
t.push(v);
}
t.push(0)
shl256(t, dict.checkbits)
t[0] |= sum & dict.checkmask
var phrase = []
for (i = 0; i < dict.nword; i++) {
var idx = t[0] & dict.mask
var word = dict.words[idx]
phrase.push(word)
shr256(t, dict.bits);
}
return phrase
}
exports.mnemonic_to_seed = function(phrase, dict)
{
if (phrase.length != dict.nword)
throw new Error("phrase must be exactly " + dict.nword + " words")
var i, t = new Uint32Array(9)
for (i = dict.nword-1; i >= 0; i--) {
var idx = dict.words.indexOf(phrase[i])
if (idx < 0) return null
shl256(t, dict.bits)
t[0] |= idx
}
var sum = 0, sum2 = t[0] & dict.checkmask
shr256(t, dict.checkbits)
var dv = new DataView(t.buffer)
for (i = 0; i < 8; i++) {
sum = parity(sum, t[i], dict.checkbits)
t[i] = dv.getInt32(i * 4, true)
}
if ((sum & dict.checkmask) != sum2) return null
return t.slice(0,8).buffer
}