wallet-core/src/crypto/kdf.ts

/*
 This file is part of GNU Taler
 (C) 2019 GNUnet e.V.

 GNU Taler is free software; you can redistribute it and/or modify it under the
 terms of the GNU General Public License as published by the Free Software
 Foundation; either version 3, or (at your option) any later version.

 GNU Taler is distributed in the hope that it will be useful, but WITHOUT ANY
 WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
 A PARTICULAR PURPOSE.  See the GNU General Public License for more details.

 You should have received a copy of the GNU General Public License along with
 GNU Taler; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
 */

import nacl = require("./nacl-fast");
import { sha256 } from "./sha256";

let createHmac: any;

export function sha512(data: Uint8Array): Uint8Array {
  return nacl.hash(data);
}

export function hmac(
  digest: (d: Uint8Array) => Uint8Array,
  blockSize: number,
  key: Uint8Array,
  message: Uint8Array,
): Uint8Array {
  if (key.byteLength > blockSize) {
    key = digest(key);
  }
  console.log("message", message);
  if (key.byteLength < blockSize) {
    const k = key;
    key = new Uint8Array(blockSize);
    key.set(k, 0);
  }
  const okp = new Uint8Array(blockSize);
  const ikp = new Uint8Array(blockSize);
  for (let i = 0; i < blockSize; i++) {
    ikp[i] = key[i] ^ 0x36;
    okp[i] = key[i] ^ 0x5c;
  }
  const b1 = new Uint8Array(blockSize + message.byteLength);
  b1.set(ikp, 0);
  b1.set(message, blockSize);
  const h0 = digest(b1);
  const b2 = new Uint8Array(blockSize + h0.length);
  b2.set(okp, 0);
  b2.set(h0, blockSize);
  return digest(b2);
}

export function hmacSha512(key: Uint8Array, message: Uint8Array) {
  return hmac(sha512, 128, key, message);
}

export function hmacSha256(key: Uint8Array, message: Uint8Array) {
  return hmac(sha256, 64, key, message);
}

/*
function expand(prfAlgo: string, prk: Uint8Array, length: number, info: Uint8Array) {
  let hashLength;
  if (prfAlgo == "sha512") {
    hashLength = 64;
  } else if (prfAlgo == "sha256") {
    hashLength = 32;
  } else {
    throw Error("unsupported hash");
  }
  info = info || Buffer.alloc(0);
  var N = Math.ceil(length / hashLength);
  var memo: Buffer[] = [];

  for (var i = 0; i < N; i++) {
    memo[i] = createHmac(prfAlgo, prk)
      .update(memo[i - 1] || Buffer.alloc(0))
      .update(info)
      .update(Buffer.alloc(1, i + 1))
      .digest();
  }
  return Buffer.concat(memo, length);
}
*/

export function kdf(ikm: Uint8Array, salt: Uint8Array, info: Uint8Array) {
  // extract
  const prk = hmacSha512(salt, ikm);

  // expand

  var N = Math.ceil(length / 256);

  //return expand(prfAlgo, prk, length, info);
  return prk;
}
crypto porting WIP 2019-11-25 19:06:05 +01:00			`/*`
			`This file is part of GNU Taler`
			`(C) 2019 GNUnet e.V.`

			`GNU Taler is free software; you can redistribute it and/or modify it under the`
			`terms of the GNU General Public License as published by the Free Software`
			`Foundation; either version 3, or (at your option) any later version.`

			`GNU Taler is distributed in the hope that it will be useful, but WITHOUT ANY`
			`WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR`
			`A PARTICULAR PURPOSE. See the GNU General Public License for more details.`

			`You should have received a copy of the GNU General Public License along with`
			`GNU Taler; see the file COPYING. If not, see <http://www.gnu.org/licenses/>`
			`*/`

			`import nacl = require("./nacl-fast");`
			`import { sha256 } from "./sha256";`

			`let createHmac: any;`

			`export function sha512(data: Uint8Array): Uint8Array {`
			`return nacl.hash(data);`
			`}`

			`export function hmac(`
			`digest: (d: Uint8Array) => Uint8Array,`
			`blockSize: number,`
			`key: Uint8Array,`
			`message: Uint8Array,`
			`): Uint8Array {`
			`if (key.byteLength > blockSize) {`
			`key = digest(key);`
			`}`
			`console.log("message", message);`
			`if (key.byteLength < blockSize) {`
			`const k = key;`
			`key = new Uint8Array(blockSize);`
			`key.set(k, 0);`
			`}`
			`const okp = new Uint8Array(blockSize);`
			`const ikp = new Uint8Array(blockSize);`
			`for (let i = 0; i < blockSize; i++) {`
			`ikp[i] = key[i] ^ 0x36;`
			`okp[i] = key[i] ^ 0x5c;`
			`}`
			`const b1 = new Uint8Array(blockSize + message.byteLength);`
			`b1.set(ikp, 0);`
			`b1.set(message, blockSize);`
			`const h0 = digest(b1);`
			`const b2 = new Uint8Array(blockSize + h0.length);`
			`b2.set(okp, 0);`
			`b2.set(h0, blockSize);`
			`return digest(b2);`
			`}`

			`export function hmacSha512(key: Uint8Array, message: Uint8Array) {`
			`return hmac(sha512, 128, key, message);`
			`}`

			`export function hmacSha256(key: Uint8Array, message: Uint8Array) {`
			`return hmac(sha256, 64, key, message);`
			`}`

			`/*`
			`function expand(prfAlgo: string, prk: Uint8Array, length: number, info: Uint8Array) {`
			`let hashLength;`
			`if (prfAlgo == "sha512") {`
			`hashLength = 64;`
			`} else if (prfAlgo == "sha256") {`
			`hashLength = 32;`
			`} else {`
			`throw Error("unsupported hash");`
			`}`
			`info = info \|\| Buffer.alloc(0);`
			`var N = Math.ceil(length / hashLength);`
			`var memo: Buffer[] = [];`

			`for (var i = 0; i < N; i++) {`
			`memo[i] = createHmac(prfAlgo, prk)`
			`.update(memo[i - 1] \|\| Buffer.alloc(0))`
			`.update(info)`
			`.update(Buffer.alloc(1, i + 1))`
			`.digest();`
			`}`
			`return Buffer.concat(memo, length);`
			`}`
			`*/`

			`export function kdf(ikm: Uint8Array, salt: Uint8Array, info: Uint8Array) {`
			`// extract`
			`const prk = hmacSha512(salt, ikm);`

			`// expand`

			`var N = Math.ceil(length / 256);`

			`//return expand(prfAlgo, prk, length, info);`
			`return prk;`
			`}`