ACTONE完成！

ついにactoneを作れた。
長かったが、通常のcrypto moduleを拡張したbcrypto moduleが非常に便利で、一気に速度が上がった。ここからはnoiseを一気に作れると思う。

const secp256k1 = require('bcrypto/lib/secp256k1');  
const sha256 = require('bcrypto/lib/sha256');  
const hkdf = require('bcrypto/lib/hkdf');  
const aead = require('bcrypto/lib/aead');

static = Buffer.from('11111111111111111111111111111111' +  
'11111111111111111111111111111111', 'hex');

remoteStaticPub = Buffer.from('028d7500dd4c12685d1f568b4c2b5048'+  
'e8534b873319f3a8daa612b469132ec7f7', 'hex');

// Handshake State Initialization
// h = SHA-256(protocolName)
h = sha256.digest(Buffer.from(`Noise_XK_secp256k1_ChaChaPoly_SHA256`, 'ascii'));

// ck = h
ck = h;

// h = SHA-256(h || prologue)
h = sha256.multi(h, Buffer.from(`lightning`, 'ascii'));

// h = SHA-256(h || rs.pub.serializeCompressed())
h = sha256.multi(h, remoteStaticPub);

// act one -> e, es
// e = generateKey()
e = Buffer.from('121212121212121212121212121212'+  
'1212121212121212121212121212121212', 'hex');

// h = SHA-256(h || e.pub.serializeCompressed())
// The newly generated ephemeral key is accumulated
// into the running handshake digest.
ePub = secp256k1.publicKeyCreate(e, true);  
h = sha256.multi(h, ePub);

// es = ECDH(e.priv, rs)
derived = secp256k1.derive(remoteStaticPub, e, true);  
es = sha256.digest(derived);

// ck, temp_k1 = HKDF(ck, es)
prk = hkdf.extract(sha256, es, ck);  
out = hkdf.expand(sha256, prk, Buffer.alloc(0), 64);  
ck = out.slice(0, 32);  
tempK1 = out.slice(32, 64);

// c = encryptWithAD(temp_k1, 0, h, zero)
c = aead.encrypt(tempK1, Buffer.alloc(12, 0x00), Buffer.alloc(0), h);

// h = SHA-256(h || c)
h = sha256.multi(h, c);

// Send m = 0 || e.pub.serializeCompressed() || c
// to the responder over the network buffer.
actone = Buffer.allocUnsafe(50);  
actone[0] = 0;  
ePub.copy(actone, 1);  
c.copy(actone, 34);

// '00036360e856310ce5d294e8be33fc807077dc56ac80d95d9'
// 'cd4ddbd21325eff73f70df6086551151f58b8afe6c195782c6a'
console.log(actone);