[js] add share and recover method

3 files changed, 246 insertions, 0 deletions

diff --git a/docs/demo/bls-demo.js b/docs/demo/bls-demo.js
index e656902..6c80a31 100644
--- a/docs/demo/bls-demo.js
+++ b/docs/demo/bls-demo.js
@@ -97,6 +97,12 @@ function benchBls() {
 	bls_free(sec)
 	bls_free(pub)
 	bls_free(sig)
+	sec = new BlsSecretKey()
+	sec.setByCSPRNG()
+	pub = sec.getPublicKey()
+	bench('time_sign_class', 50, () => sec.sign(msg))
+	sig = sec.sign(msg)
+	bench('time_verify_class', 50, () => pub.verify(sig, msg))
 }
 function onClickBenchmark() {
 	benchPairing()
@@ -371,3 +377,115 @@ function onClickTestMisc()
 	var a = sec.serialize()
 	setText('secSerialize', Uint8ArrayToHexString(a))
 }
+
+function onClickTestShareClass()
+{
+	let k = parseInt(getValue('ss_k'))
+	let n = parseInt(getValue('ss_n'))
+	let msg = getValue('msg2')
+	console.log('k = ' + k)
+	console.log('n = ' + n)
+	console.log('msg = ' + msg)
+	if (n < k) {
+		alert('err : n is smaller than k')
+		return
+	}
+	let msk = []
+	let mpk = []
+	let idVec = []
+	let secVec = []
+	let pubVec = []
+	let sigVec = []
+
+	/*
+		setup master secret key
+	*/
+	for (let i = 0; i < k; i++) {
+		let sk = new BlsSecretKey()
+		sk.setByCSPRNG()
+		msk.push(sk)
+
+		let pk = sk.getPublicKey()
+		mpk.push(pk)
+	}
+	setText('msk', Uint8ArrayToHexString(msk[0].serialize()))
+	setText('mpk', Uint8ArrayToHexString(mpk[0].serialize()))
+	{
+		let sig = msk[0].sign(msg)
+		setText('signature2', Uint8ArrayToHexString(sig.serialize()))
+		console.log('mpk[0] verify ' + mpk[0].verify(sig, msg))
+	}
+
+	/*
+		key sharing
+	*/
+	for (let i = 0; i < n; i++) {
+		let id = new BlsId()
+//		blsIdSetInt(id, i + 1)
+		id.setByCSPRNG()
+		idVec.push(id)
+		let sk = new BlsSecretKey()
+		sk.share(msk, idVec[i])
+		secVec.push(sk)
+
+		let pk = new BlsPublicKey()
+		pk.share(mpk, idVec[i])
+		pubVec.push(pk)
+
+		let sig = sk.sign(msg)
+		sigVec.push(sig)
+		console.log(i + ' : verify msg : ' + pk.verify(sig, msg))
+	}
+
+	let o = document.getElementById('idlist')
+	let ol = document.createElement('ol')
+	let t = ''
+	for (let i = 0; i < n; i++) {
+		let id = Uint8ArrayToHexString(idVec[i].serialize())
+		let sk = Uint8ArrayToHexString(secVec[i].serialize())
+		let pk = Uint8ArrayToHexString(pubVec[i].serialize())
+		let sig = Uint8ArrayToHexString(sigVec[i].serialize())
+		t += '<li id="ui"' + i + '"> '
+		t += 'id : <span id="id"' + i + '">' + id + '</span><br>'
+		t += 'pk : <span id="pk"' + i + '">' + pk + '</span><br>'
+		t += 'sk : <span id="sk"' + i + '">' + sk + '</span><br>'
+		t += 'sig: <span id="sig"' + i + '">' + sig + '</span><br>'
+	}
+	ol.innerHTML = t
+	o.firstElementChild.innerHTML = ol.innerHTML
+
+	/*
+		recover
+	*/
+	let idxVec = randSelect(k, n)
+	setText('idxVec', idxVec.toString())
+	let subIdVec = []
+	let subSecVec = []
+	let subPubVec = []
+	let subSigVec = []
+	for (let i = 0; i < idxVec.length; i++) {
+		let idx = idxVec[i]
+		subIdVec.push(idVec[idx])
+		subSecVec.push(secVec[idx])
+		subPubVec.push(pubVec[idx])
+		subSigVec.push(sigVec[idx])
+	}
+	{
+		let sec = new BlsSecretKey()
+		let pub = new BlsPublicKey()
+		let sig = new BlsSignature()
+
+		sec.recover(subSecVec, subIdVec)
+		pub.recover(subPubVec, subIdVec)
+		sig.recover(subSigVec, subIdVec)
+		let s = Uint8ArrayToHexString(sec.serialize())
+		s += s == getText('msk') ? ' :ok' : ' :ng'
+		setText('recoverSec', s)
+		s = Uint8ArrayToHexString(pub.serialize())
+		s += s == getText('mpk') ? ' :ok' : ' :ng'
+		setText('recoverPub', s)
+		s = Uint8ArrayToHexString(sig.serialize())
+		s += s == getText('signature2') ? ' :ok' : ' :ng'
+		setText('recoverSig', s)
+	}
+}
diff --git a/docs/demo/bls.html b/docs/demo/bls.html
index 9c68d62..8c84a2e 100644
--- a/docs/demo/bls.html
+++ b/docs/demo/bls.html
@@ -30,6 +30,9 @@ library status <span name="status">initializing...</span>
 <div>Hash and map to G1 : <span name="time_mapToG1">0</span>msec</div>
 <div>sign : <span name="time_sign">0</span>msec</div>
 <div>verify : <span name="time_verify">0</span>msec</div>
+class<br>
+<div>sign : <span name="time_sign_class">0</span>msec</div>
+<div>verify : <span name="time_verify_class">0</span>msec</div>
 <hr>
 <button type="text" id="testBls" onclick="onClickTestSignature()">test basic signature</button>
 <div>
@@ -40,6 +43,7 @@ signature : <span name="signature"></span><br>
 verify : <span name="verifyResult"></span><br>
 </div>
 <button type="text" id="testBls" onclick="onClickTestShare()">test sharing</button>
+<button type="text" id="testBls" onclick="onClickTestShareClass()">test sharing class</button>
 <div>
 threshold(k)         : <input type="text" name="ss_k" value="3"><br>
 number of players(n) : <input type="text" name="ss_n" value="5"><br>
diff --git a/docs/demo/bls.js b/docs/demo/bls.js
index 20ea3a0..df1942d 100644
--- a/docs/demo/bls.js
+++ b/docs/demo/bls.js
@@ -32,6 +32,12 @@ BlsId = function() {
 BlsSecretKey = function() {
 	this.a_ = new Uint32Array(BLS_SECRETKEY_SIZE / 4)
 }
+BlsPublicKey = function() {
+	this.a_ = new Uint32Array(BLS_PUBLICKEY_SIZE / 4)
+}
+BlsSignature = function() {
+	this.a_ = new Uint32Array(BLS_SIGNATURE_SIZE / 4)
+}
 
 function define_bls_extra_functions(mod) {
 	ptrToStr = function(pos, n) {
@@ -248,6 +254,11 @@ function define_bls_extra_functions(mod) {
 			a[i] = mod.HEAP32[pos / 4 + i]
 		}
 	}
+	let copyFromUint32Array = function(pos, a) {
+		for (let i = 0; i < a.length; i++) {
+			mod.HEAP32[pos / 4 + i] = a[i]
+		}
+	}
 	let callSetter = function(func, a, p1, p2) {
 		let pos = mod._malloc(a.length * 4)
 		func(pos, p1, p2) // p1, p2 may be undefined
@@ -272,6 +283,9 @@ function define_bls_extra_functions(mod) {
 	BlsId.prototype.setInt = function(x) {
 		callSetter(blsIdSetInt, this.a_, x)
 	}
+	BlsId.prototype.setByCSPRNG = function() {
+		callSetter(blsSecretKeySetByCSPRNG, this.a_) // same type of BlsSecretKey
+	}
 	BlsId.prototype.setStr = function(s, base = 10) {
 		switch (base) {
 		case 10:
@@ -322,5 +336,115 @@ function define_bls_extra_functions(mod) {
 		this.setLittleEndian(a)
 //		callSetter(blsSecretKeySetByCSPRNG, this.a_)
 	}
+	// return BlsPublicKey
+	BlsSecretKey.prototype.getPublicKey = function() {
+		let pub = new BlsPublicKey()
+		let stack = mod.Runtime.stackSave()
+		let secPos = mod.Runtime.stackAlloc(this.a_.length * 4)
+		let pubPos = mod.Runtime.stackAlloc(pub.a_.length * 4)
+		mod.HEAP32.set(this.a_, secPos / 4)
+		blsGetPublicKey(pubPos, secPos)
+		copyToUint32Array(pub.a_, pubPos)
+		mod.Runtime.stackRestore(stack)
+		return pub
+	}
+	/*
+		input
+		m : message (string or Uint8Array)
+		return
+		BlsSignature
+	*/
+	BlsSecretKey.prototype.sign = function(m) {
+		let sig = new BlsSignature()
+		let stack = mod.Runtime.stackSave()
+		let secPos = mod.Runtime.stackAlloc(this.a_.length * 4)
+		let sigPos = mod.Runtime.stackAlloc(sig.a_.length * 4)
+		mod.HEAP32.set(this.a_, secPos / 4)
+		blsSign(sigPos, secPos, m)
+		copyToUint32Array(sig.a_, sigPos)
+		mod.Runtime.stackRestore(stack)
+		return sig
+	}
+	let share = function(func, a, size, vec, id) {
+		let stack = mod.Runtime.stackSave()
+		let pos = mod.Runtime.stackAlloc(a.length * 4)
+		let idPos = mod.Runtime.stackAlloc(id.a_.length * 4)
+		mod.HEAP32.set(a, pos / 4)
+		mod.HEAP32.set(id.a_, idPos / 4)
+		let vecPos = mod._malloc(size * vec.length)
+		for (let i = 0; i < vec.length; i++) {
+			copyFromUint32Array(vecPos + size * i, vec[i].a_)
+		}
+		func(pos, vecPos, vec.length, idPos)
+		mod._free(vecPos)
+		copyToUint32Array(a, pos)
+		mod.Runtime.stackRestore(stack)
+	}
+	let recover = function(func, a, size, vec, idVec) {
+		let n = vec.length
+		if (n != idVec.length) throw('recover:bad length')
+		let stack = mod.Runtime.stackSave()
+		let secPos = mod.Runtime.stackAlloc(a.length * 4)
+		let vecPos = mod._malloc(size * n)
+		let idVecPos = mod._malloc(BLS_ID_SIZE * n)
+		for (let i = 0; i < n; i++) {
+			copyFromUint32Array(vecPos + size * i, vec[i].a_)
+			copyFromUint32Array(idVecPos + BLS_ID_SIZE * i, idVec[i].a_)
+		}
+		func(secPos, vecPos, idVecPos, n)
+		mod._free(idVecPos)
+		mod._free(vecPos)
+		copyToUint32Array(a, secPos)
+		mod.Runtime.stackRestore(stack)
+	}
+	/*
+		set shared BlsSecretKey by msk and id
+		input
+		msk : master secret key(array of BlsSecretKey)
+		id : BlsId
+	*/
+	BlsSecretKey.prototype.share = function(msk, id) {
+		share(_blsSecretKeyShare, this.a_, BLS_SECRETKEY_SIZE, msk, id)
+	}
+	BlsPublicKey.prototype.share = function(msk, id) {
+		share(_blsPublicKeyShare, this.a_, BLS_PUBLICKEY_SIZE, msk, id)
+	}
+	/*
+		recover BlsSecretKey from (secVec, idVec)
+		secVec : array of BlsSecretKey
+	*/
+	BlsSecretKey.prototype.recover = function(secVec, idVec) {
+		recover(_blsSecretKeyRecover, this.a_, BLS_SECRETKEY_SIZE, secVec, idVec)
+	}
+	BlsPublicKey.prototype.recover = function(secVec, idVec) {
+		recover(_blsPublicKeyRecover, this.a_, BLS_PUBLICKEY_SIZE, secVec, idVec)
+	}
+	BlsSignature.prototype.recover = function(secVec, idVec) {
+		recover(_blsSignatureRecover, this.a_, BLS_SIGNATURE_SIZE, secVec, idVec)
+	}
+	/// BlsPublicKey
+	BlsPublicKey.prototype.deserialize = function(s) {
+		callSetter(blsPublicKeyDeserialize, this.a_, s)
+	}
+	BlsPublicKey.prototype.serialize = function() {
+		return callGetter(blsPublicKeySerialize, this.a_)
+	}
+	BlsPublicKey.prototype.verify = function(sig, m) {
+		let stack = mod.Runtime.stackSave()
+		let pubPos = mod.Runtime.stackAlloc(this.a_.length * 4)
+		let sigPos = mod.Runtime.stackAlloc(sig.a_.length * 4)
+		mod.HEAP32.set(this.a_, pubPos / 4)
+		mod.HEAP32.set(sig.a_, sigPos / 4)
+		let r = blsVerify(sigPos, pubPos, m)
+		mod.Runtime.stackRestore(stack)
+		return r != 0
+	}
+	/// BlsSignature
+	BlsSignature.prototype.deserialize = function(s) {
+		callSetter(blsSignatureDeserialize, this.a_, s)
+	}
+	BlsSignature.prototype.serialize = function() {
+		return callGetter(blsSignatureSerialize, this.a_)
+	}
 }