diff options
author | Florian Dold <florian@dold.me> | 2021-10-07 12:01:40 +0200 |
---|---|---|
committer | Florian Dold <florian@dold.me> | 2021-10-07 12:01:40 +0200 |
commit | e2fe2d6db16b422ee6d69ef03f1393e1f0f42749 (patch) | |
tree | 7016f657b08b284afd62a55752baeab69d7be946 /packages/taler-util/src/kdf.js | |
parent | 2c3456608e8e87a86a5b2f62301b4ea78a2cb00d (diff) | |
download | wallet-core-e2fe2d6db16b422ee6d69ef03f1393e1f0f42749.tar.xz |
add anastasis skeleton, put crypto in taler-util
Diffstat (limited to 'packages/taler-util/src/kdf.js')
-rw-r--r-- | packages/taler-util/src/kdf.js | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/packages/taler-util/src/kdf.js b/packages/taler-util/src/kdf.js new file mode 100644 index 000000000..32f17beac --- /dev/null +++ b/packages/taler-util/src/kdf.js @@ -0,0 +1,76 @@ +/* + This file is part of GNU Taler + (C) 2019 GNUnet e.V. + + GNU Taler is free software; you can redistribute it and/or modify it under the + terms of the GNU General Public License as published by the Free Software + Foundation; either version 3, or (at your option) any later version. + + GNU Taler is distributed in the hope that it will be useful, but WITHOUT ANY + WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR + A PARTICULAR PURPOSE. See the GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along with + GNU Taler; see the file COPYING. If not, see <http://www.gnu.org/licenses/> + */ +import * as nacl from "./nacl-fast.js"; +import { sha256 } from "./sha256.js"; +export function sha512(data) { + return nacl.hash(data); +} +export function hmac(digest, blockSize, key, message) { + if (key.byteLength > blockSize) { + key = digest(key); + } + if (key.byteLength < blockSize) { + const k = key; + key = new Uint8Array(blockSize); + key.set(k, 0); + } + const okp = new Uint8Array(blockSize); + const ikp = new Uint8Array(blockSize); + for (let i = 0; i < blockSize; i++) { + ikp[i] = key[i] ^ 0x36; + okp[i] = key[i] ^ 0x5c; + } + const b1 = new Uint8Array(blockSize + message.byteLength); + b1.set(ikp, 0); + b1.set(message, blockSize); + const h0 = digest(b1); + const b2 = new Uint8Array(blockSize + h0.length); + b2.set(okp, 0); + b2.set(h0, blockSize); + return digest(b2); +} +export function hmacSha512(key, message) { + return hmac(sha512, 128, key, message); +} +export function hmacSha256(key, message) { + return hmac(sha256, 64, key, message); +} +export function kdf(outputLength, ikm, salt, info) { + // extract + const prk = hmacSha512(salt, ikm); + // expand + const N = Math.ceil(outputLength / 32); + const output = new Uint8Array(N * 32); + for (let i = 0; i < N; i++) { + let buf; + if (i == 0) { + buf = new Uint8Array(info.byteLength + 1); + buf.set(info, 0); + } + else { + buf = new Uint8Array(info.byteLength + 1 + 32); + for (let j = 0; j < 32; j++) { + buf[j] = output[(i - 1) * 32 + j]; + } + buf.set(info, 32); + } + buf[buf.length - 1] = i + 1; + const chunk = hmacSha256(prk, buf); + output.set(chunk, i * 32); + } + return output.slice(0, outputLength); +} +//# sourceMappingURL=kdf.js.map
\ No newline at end of file |