diff options
author | Florian Dold <florian@dold.me> | 2022-12-23 12:58:26 +0100 |
---|---|---|
committer | Florian Dold <florian@dold.me> | 2022-12-23 13:19:41 +0100 |
commit | d98711cb51d13bb2da3682014c7c6e75d7fbb4f0 (patch) | |
tree | 827847cbb1c2d80c9f6b8241c46593a9a1da16f7 /packages/taler-util/src/taler-crypto.ts | |
parent | dc002f99a96752d3f0a10efe44a8a4d0503e8529 (diff) | |
download | wallet-core-d98711cb51d13bb2da3682014c7c6e75d7fbb4f0.tar.xz |
use native KDF / hash state if available
Diffstat (limited to 'packages/taler-util/src/taler-crypto.ts')
-rw-r--r-- | packages/taler-util/src/taler-crypto.ts | 63 |
1 files changed, 59 insertions, 4 deletions
diff --git a/packages/taler-util/src/taler-crypto.ts b/packages/taler-util/src/taler-crypto.ts index 0f8d2d950..66ad478d3 100644 --- a/packages/taler-util/src/taler-crypto.ts +++ b/packages/taler-util/src/taler-crypto.ts @@ -22,7 +22,7 @@ * Imports. */ import * as nacl from "./nacl-fast.js"; -import { kdf } from "./kdf.js"; +import { hmacSha256, hmacSha512 } from "./kdf.js"; import bigint from "big-integer"; import { CoinEnvelope, @@ -76,7 +76,10 @@ interface NativeTartLib { keyExchangeEddsaEcdh(eddsaPriv: Uint8Array, ecdhPub: Uint8Array): Uint8Array; rsaBlind(hmsg: Uint8Array, bks: Uint8Array, rsaPub: Uint8Array): Uint8Array; rsaUnblind(blindSig: Uint8Array, rsaPub: Uint8Array, bks: Uint8Array): Uint8Array; - rsaVerify(hmsg: Uint8Array, rsaSig: Uint8Array, rsaPub: Uint8Array): boolean + rsaVerify(hmsg: Uint8Array, rsaSig: Uint8Array, rsaPub: Uint8Array): boolean; + hashStateInit(): any; + hashStateUpdate(st: any, data: Uint8Array): any; + hashStateFinish(st: any): Uint8Array; } // @ts-ignore @@ -158,6 +161,45 @@ export function encodeCrock(data: ArrayBuffer): string { return sb; } +export function kdf( + outputLength: number, + ikm: Uint8Array, + salt?: Uint8Array, + info?: Uint8Array, +): Uint8Array { + if (tart) { + return tart.kdf(outputLength, ikm, salt, info) + } + salt = salt ?? new Uint8Array(64); + // extract + const prk = hmacSha512(salt, ikm); + + info = info ?? new Uint8Array(0); + + // expand + const N = Math.ceil(outputLength / 32); + const output = new Uint8Array(N * 32); + for (let i = 0; i < N; i++) { + let buf; + if (i == 0) { + buf = new Uint8Array(info.byteLength + 1); + buf.set(info, 0); + } else { + buf = new Uint8Array(info.byteLength + 1 + 32); + for (let j = 0; j < 32; j++) { + buf[j] = output[(i - 1) * 32 + j]; + } + buf.set(info, 32); + } + buf[buf.length - 1] = i + 1; + const chunk = hmacSha256(prk, buf); + output.set(chunk, i * 32); + } + + return output.slice(0, outputLength); +} + + /** * HMAC-SHA512-SHA256 (see RFC 5869). */ @@ -708,7 +750,7 @@ const logger = new Logger("talerCrypto.ts"); export function hashCoinEvInner( coinEv: CoinEnvelope, - hashState: nacl.HashState, + hashState: TalerHashState, ): void { const hashInputBuf = new ArrayBuffer(4); const uint8ArrayBuf = new Uint8Array(hashInputBuf); @@ -785,7 +827,20 @@ export function eddsaVerify( return nacl.sign_detached_verify(msg, sig, eddsaPub); } -export function createHashContext(): nacl.HashState { +export interface TalerHashState { + update(data: Uint8Array): void; + finish(): Uint8Array; +} + +export function createHashContext(): TalerHashState { + if (tart) { + const t = tart; + const st = tart.hashStateInit(); + return { + finish: () => t.hashStateFinish(st), + update: (d) => t.hashStateUpdate(st, d), + } + } return new nacl.HashState(); } |