diff options
author | Florian Dold <florian@dold.me> | 2021-10-18 21:48:22 +0200 |
---|---|---|
committer | Florian Dold <florian@dold.me> | 2021-10-18 21:48:45 +0200 |
commit | 269022a526b670d602ca146f4df02850983bb72e (patch) | |
tree | e0a66e8b15ef305c99274c76964a119d0d9512ba /packages/taler-util | |
parent | 3a69f27412782872c1264e8a4dd1be13d57a8a80 (diff) | |
download | wallet-core-269022a526b670d602ca146f4df02850983bb72e.tar.xz |
move some more crypto to taler-util package
Diffstat (limited to 'packages/taler-util')
-rw-r--r-- | packages/taler-util/src/index.ts | 7 | ||||
-rw-r--r-- | packages/taler-util/src/kdf.ts | 19 | ||||
-rw-r--r-- | packages/taler-util/src/nacl-fast.ts | 5 | ||||
-rw-r--r-- | packages/taler-util/src/talerCrypto.test.ts | 2 | ||||
-rw-r--r-- | packages/taler-util/src/talerCrypto.ts | 57 |
5 files changed, 81 insertions, 9 deletions
diff --git a/packages/taler-util/src/index.ts b/packages/taler-util/src/index.ts index ccb917f6e..4ad752954 100644 --- a/packages/taler-util/src/index.ts +++ b/packages/taler-util/src/index.ts @@ -22,4 +22,9 @@ export * from "./url.js"; export { fnutil } from "./fnutils.js"; export * from "./kdf.js"; export * from "./talerCrypto.js"; -export { randomBytes, secretbox, secretbox_open } from "./nacl-fast.js"; +export { + randomBytes, + secretbox, + secretbox_open, + crypto_sign_keyPair_fromSeed, +} from "./nacl-fast.js"; diff --git a/packages/taler-util/src/kdf.ts b/packages/taler-util/src/kdf.ts index af4d05035..7710de90c 100644 --- a/packages/taler-util/src/kdf.ts +++ b/packages/taler-util/src/kdf.ts @@ -59,15 +59,30 @@ export function hmacSha256(key: Uint8Array, message: Uint8Array): Uint8Array { return hmac(sha256, 64, key, message); } +/** + * HMAC-SHA512-SHA256 (see RFC 5869). + */ +export function kdfKw(args: { + outputLength: number; + ikm: Uint8Array; + salt?: Uint8Array; + info?: Uint8Array; +}) { + return kdf(args.outputLength, args.ikm, args.salt, args.info); +} + export function kdf( outputLength: number, ikm: Uint8Array, - salt: Uint8Array, - info: Uint8Array, + salt?: Uint8Array, + info?: Uint8Array, ): Uint8Array { + salt = salt ?? new Uint8Array(64); // extract const prk = hmacSha512(salt, ikm); + info = info ?? new Uint8Array(0); + // expand const N = Math.ceil(outputLength / 32); const output = new Uint8Array(N * 32); diff --git a/packages/taler-util/src/nacl-fast.ts b/packages/taler-util/src/nacl-fast.ts index 909c6a60a..6e721f32c 100644 --- a/packages/taler-util/src/nacl-fast.ts +++ b/packages/taler-util/src/nacl-fast.ts @@ -2894,7 +2894,6 @@ export function x25519_edwards_keyPair_fromSecretKey( throw new Error("bad secret key size"); } d.set(secretKey, 0); - //crypto_hash(d, secretKey, 32); d[0] &= 248; d[31] &= 127; @@ -2906,7 +2905,7 @@ export function x25519_edwards_keyPair_fromSecretKey( return pk; } -export function sign_keyPair_fromSecretKey( +export function crypto_sign_keyPair_fromSecretKey( secretKey: Uint8Array, ): { publicKey: Uint8Array; @@ -2920,7 +2919,7 @@ export function sign_keyPair_fromSecretKey( return { publicKey: pk, secretKey: new Uint8Array(secretKey) }; } -export function sign_keyPair_fromSeed( +export function crypto_sign_keyPair_fromSeed( seed: Uint8Array, ): { publicKey: Uint8Array; diff --git a/packages/taler-util/src/talerCrypto.test.ts b/packages/taler-util/src/talerCrypto.test.ts index ffd1d25cd..1e3ceef61 100644 --- a/packages/taler-util/src/talerCrypto.test.ts +++ b/packages/taler-util/src/talerCrypto.test.ts @@ -69,7 +69,7 @@ test("taler-exchange-tvg eddsa key", (t) => { const priv = "9TM70AKDTS57AWY9JK2J4TMBTMW6K62WHHGZWYDG0VM5ABPZKD40"; const pub = "8GSJZ649T2PXMKZC01Y4ANNBE7MF14QVK9SQEC4E46ZHKCVG8AS0"; - const pair = nacl.sign_keyPair_fromSeed(decodeCrock(priv)); + const pair = nacl.crypto_sign_keyPair_fromSeed(decodeCrock(priv)); t.deepEqual(encodeCrock(pair.publicKey), pub); }); diff --git a/packages/taler-util/src/talerCrypto.ts b/packages/taler-util/src/talerCrypto.ts index efa92a953..536c4dc48 100644 --- a/packages/taler-util/src/talerCrypto.ts +++ b/packages/taler-util/src/talerCrypto.ts @@ -126,7 +126,7 @@ export function decodeCrock(encoded: string): Uint8Array { } export function eddsaGetPublic(eddsaPriv: Uint8Array): Uint8Array { - const pair = nacl.sign_keyPair_fromSeed(eddsaPriv); + const pair = nacl.crypto_sign_keyPair_fromSeed(eddsaPriv); return pair.publicKey; } @@ -353,7 +353,7 @@ export function hash(d: Uint8Array): Uint8Array { } export function eddsaSign(msg: Uint8Array, eddsaPriv: Uint8Array): Uint8Array { - const pair = nacl.sign_keyPair_fromSeed(eddsaPriv); + const pair = nacl.crypto_sign_keyPair_fromSeed(eddsaPriv); return nacl.sign_detached(msg, pair.secretKey); } @@ -447,3 +447,56 @@ export function setupRefreshTransferPub( ecdhePub: ecdheGetPublic(out), }; } + +export enum TalerSignaturePurpose { + MERCHANT_TRACK_TRANSACTION = 1103, + WALLET_RESERVE_WITHDRAW = 1200, + WALLET_COIN_DEPOSIT = 1201, + MASTER_DENOMINATION_KEY_VALIDITY = 1025, + MASTER_WIRE_FEES = 1028, + MASTER_WIRE_DETAILS = 1030, + WALLET_COIN_MELT = 1202, + TEST = 4242, + MERCHANT_PAYMENT_OK = 1104, + MERCHANT_CONTRACT = 1101, + WALLET_COIN_RECOUP = 1203, + WALLET_COIN_LINK = 1204, + EXCHANGE_CONFIRM_RECOUP = 1039, + EXCHANGE_CONFIRM_RECOUP_REFRESH = 1041, + ANASTASIS_POLICY_UPLOAD = 1400, + ANASTASIS_POLICY_DOWNLOAD = 1401, + SYNC_BACKUP_UPLOAD = 1450, +} + +export class SignaturePurposeBuilder { + private chunks: Uint8Array[] = []; + + constructor(private purposeNum: number) {} + + put(bytes: Uint8Array): SignaturePurposeBuilder { + this.chunks.push(Uint8Array.from(bytes)); + return this; + } + + build(): Uint8Array { + let payloadLen = 0; + for (const c of this.chunks) { + payloadLen += c.byteLength; + } + const buf = new ArrayBuffer(4 + 4 + payloadLen); + const u8buf = new Uint8Array(buf); + let p = 8; + for (const c of this.chunks) { + u8buf.set(c, p); + p += c.byteLength; + } + const dvbuf = new DataView(buf); + dvbuf.setUint32(0, payloadLen + 4 + 4); + dvbuf.setUint32(4, this.purposeNum); + return u8buf; + } +} + +export function buildSigPS(purposeNum: number): SignaturePurposeBuilder { + return new SignaturePurposeBuilder(purposeNum); +} |