1 files changed, 59 insertions, 4 deletions

diff --git a/packages/taler-util/src/taler-crypto.ts b/packages/taler-util/src/taler-crypto.ts
index 0f8d2d950..66ad478d3 100644
--- a/packages/taler-util/src/taler-crypto.ts
+++ b/packages/taler-util/src/taler-crypto.ts
@@ -22,7 +22,7 @@
  * Imports.
  */
 import * as nacl from "./nacl-fast.js";
-import { kdf } from "./kdf.js";
+import { hmacSha256, hmacSha512 } from "./kdf.js";
 import bigint from "big-integer";
 import {
   CoinEnvelope,
@@ -76,7 +76,10 @@ interface NativeTartLib {
   keyExchangeEddsaEcdh(eddsaPriv: Uint8Array, ecdhPub: Uint8Array): Uint8Array;
   rsaBlind(hmsg: Uint8Array, bks: Uint8Array, rsaPub: Uint8Array): Uint8Array;
   rsaUnblind(blindSig: Uint8Array, rsaPub: Uint8Array, bks: Uint8Array): Uint8Array;
-  rsaVerify(hmsg: Uint8Array, rsaSig: Uint8Array, rsaPub: Uint8Array): boolean
+  rsaVerify(hmsg: Uint8Array, rsaSig: Uint8Array, rsaPub: Uint8Array): boolean;
+  hashStateInit(): any;
+  hashStateUpdate(st: any, data: Uint8Array): any;
+  hashStateFinish(st: any): Uint8Array;
 }
 
 // @ts-ignore
@@ -158,6 +161,45 @@ export function encodeCrock(data: ArrayBuffer): string {
   return sb;
 }
 
+export function kdf(
+  outputLength: number,
+  ikm: Uint8Array,
+  salt?: Uint8Array,
+  info?: Uint8Array,
+): Uint8Array {
+  if (tart) {
+    return tart.kdf(outputLength, ikm, salt, info)
+  }
+  salt = salt ?? new Uint8Array(64);
+  // extract
+  const prk = hmacSha512(salt, ikm);
+
+  info = info ?? new Uint8Array(0);
+
+  // expand
+  const N = Math.ceil(outputLength / 32);
+  const output = new Uint8Array(N * 32);
+  for (let i = 0; i < N; i++) {
+    let buf;
+    if (i == 0) {
+      buf = new Uint8Array(info.byteLength + 1);
+      buf.set(info, 0);
+    } else {
+      buf = new Uint8Array(info.byteLength + 1 + 32);
+      for (let j = 0; j < 32; j++) {
+        buf[j] = output[(i - 1) * 32 + j];
+      }
+      buf.set(info, 32);
+    }
+    buf[buf.length - 1] = i + 1;
+    const chunk = hmacSha256(prk, buf);
+    output.set(chunk, i * 32);
+  }
+
+  return output.slice(0, outputLength);
+}
+
+
 /**
  * HMAC-SHA512-SHA256 (see RFC 5869).
  */
@@ -708,7 +750,7 @@ const logger = new Logger("talerCrypto.ts");
 
 export function hashCoinEvInner(
   coinEv: CoinEnvelope,
-  hashState: nacl.HashState,
+  hashState: TalerHashState,
 ): void {
   const hashInputBuf = new ArrayBuffer(4);
   const uint8ArrayBuf = new Uint8Array(hashInputBuf);
@@ -785,7 +827,20 @@ export function eddsaVerify(
   return nacl.sign_detached_verify(msg, sig, eddsaPub);
 }
 
-export function createHashContext(): nacl.HashState {
+export interface TalerHashState {
+  update(data: Uint8Array): void;
+  finish(): Uint8Array;
+}
+
+export function createHashContext(): TalerHashState {
+  if (tart) {
+    const t = tart;
+    const st = tart.hashStateInit();
+    return {
+      finish: () => t.hashStateFinish(st),
+      update: (d) => t.hashStateUpdate(st, d),
+    }
+  }
   return new nacl.HashState();
 }