diff options
| author | Florian Dold <florian@dold.me> | 2022-12-06 14:53:35 +0100 |
|---|---|---|
| committer | Florian Dold <florian@dold.me> | 2022-12-06 19:45:04 +0100 |
| commit | d040c3b861cb6c7f79606d9d46f79db15c6d2e4c (patch) | |
| tree | 584c3eac8ceb26b01743dd250f8a7bcc084a2956 | |
| parent | 265e7a713753b0b6b8502445200688806fecfbf1 (diff) | |
| download | wallet-core-d040c3b861cb6c7f79606d9d46f79db15c6d2e4c.tar.gz wallet-core-d040c3b861cb6c7f79606d9d46f79db15c6d2e4c.tar.bz2 wallet-core-d040c3b861cb6c7f79606d9d46f79db15c6d2e4c.zip | |
wallet: use native crypto if available
| -rw-r--r-- | packages/taler-util/src/index.ts | 1 | ||||
| -rw-r--r-- | packages/taler-util/src/kdf.ts | 12 | ||||
| -rw-r--r-- | packages/taler-util/src/taler-crypto.ts | 54 | ||||
| -rw-r--r-- | packages/taler-wallet-embedded/src/wallet-qjs.ts | 13 |
4 files changed, 58 insertions, 22 deletions
diff --git a/packages/taler-util/src/index.ts b/packages/taler-util/src/index.ts index 0c0ed25e8..2f674d097 100644 --- a/packages/taler-util/src/index.ts +++ b/packages/taler-util/src/index.ts @@ -29,6 +29,7 @@ export { secretbox, secretbox_open, crypto_sign_keyPair_fromSeed, + setPRNG, } from "./nacl-fast.js"; export { RequestThrottler } from "./RequestThrottler.js"; export * from "./CancellationToken.js"; diff --git a/packages/taler-util/src/kdf.ts b/packages/taler-util/src/kdf.ts index 7710de90c..5fcaa1b4c 100644 --- a/packages/taler-util/src/kdf.ts +++ b/packages/taler-util/src/kdf.ts @@ -59,18 +59,6 @@ export function hmacSha256(key: Uint8Array, message: Uint8Array): Uint8Array { return hmac(sha256, 64, key, message); } -/** - * HMAC-SHA512-SHA256 (see RFC 5869). - */ -export function kdfKw(args: { - outputLength: number; - ikm: Uint8Array; - salt?: Uint8Array; - info?: Uint8Array; -}) { - return kdf(args.outputLength, args.ikm, args.salt, args.info); -} - export function kdf( outputLength: number, ikm: Uint8Array, diff --git a/packages/taler-util/src/taler-crypto.ts b/packages/taler-util/src/taler-crypto.ts index 8762bd8a1..113e4194b 100644 --- a/packages/taler-util/src/taler-crypto.ts +++ b/packages/taler-util/src/taler-crypto.ts @@ -22,7 +22,7 @@ * Imports. */ import * as nacl from "./nacl-fast.js"; -import { kdf, kdfKw } from "./kdf.js"; +import { kdf } from "./kdf.js"; import bigint from "big-integer"; import { CoinEnvelope, @@ -55,6 +55,8 @@ export function getRandomBytesF<T extends number, N extends string>( return nacl.randomBytes(n); } +const useNative = true; + const encTable = "0123456789ABCDEFGHJKMNPQRSTVWXYZ"; class EncodingError extends Error { @@ -99,6 +101,10 @@ function getValue(chr: string): number { } export function encodeCrock(data: ArrayBuffer): string { + if (useNative && "_encodeCrock" in globalThis) { + // @ts-ignore + return globalThis._encodeCrock(data); + } const dataBytes = new Uint8Array(data); let sb = ""; const size = data.byteLength; @@ -123,7 +129,23 @@ export function encodeCrock(data: ArrayBuffer): string { return sb; } +/** + * HMAC-SHA512-SHA256 (see RFC 5869). + */ +export function kdfKw(args: { + outputLength: number; + ikm: Uint8Array; + salt?: Uint8Array; + info?: Uint8Array; +}) { + return kdf(args.outputLength, args.ikm, args.salt, args.info); +} + export function decodeCrock(encoded: string): Uint8Array { + if (useNative && "_decodeCrock" in globalThis) { + // @ts-ignore + return globalThis._decodeCrock(encoded); + } const size = encoded.length; let bitpos = 0; let bitbuf = 0; @@ -152,6 +174,10 @@ export function decodeCrock(encoded: string): Uint8Array { } export function eddsaGetPublic(eddsaPriv: Uint8Array): Uint8Array { + if (useNative && "_eddsaGetPublic" in globalThis) { + // @ts-ignore + return globalThis._eddsaGetPublic(eddsaPriv); + } const pair = nacl.crypto_sign_keyPair_fromSeed(eddsaPriv); return pair.publicKey; } @@ -164,13 +190,13 @@ export function keyExchangeEddsaEcdhe( eddsaPriv: Uint8Array, ecdhePub: Uint8Array, ): Uint8Array { - const ph = nacl.hash(eddsaPriv); + const ph = hash(eddsaPriv); const a = new Uint8Array(32); for (let i = 0; i < 32; i++) { a[i] = ph[i]; } const x = nacl.scalarMult(a, ecdhePub); - return nacl.hash(x); + return hash(x); } export function keyExchangeEcdheEddsa( @@ -179,7 +205,7 @@ export function keyExchangeEcdheEddsa( ): Uint8Array { const curve25519Pub = nacl.sign_ed25519_pk_to_curve25519(eddsaPub); const x = nacl.scalarMult(ecdhePriv, curve25519Pub); - return nacl.hash(x); + return hash(x); } interface RsaPub { @@ -477,7 +503,7 @@ function csFDH( const L = bigint.fromArray(lMod, 256, false); const info = stringToBytes("Curve25519FDH"); - const preshash = nacl.hash(typedArrayConcat([rPub, hm])); + const preshash = hash(typedArrayConcat([rPub, hm])); return csKdfMod(L, preshash, csPub, info).reverse(); } @@ -608,6 +634,10 @@ export function createEcdheKeyPair(): EcdheKeyPair { } export function hash(d: Uint8Array): Uint8Array { + if (useNative && "_hash" in globalThis) { + // @ts-ignore + return globalThis._hash(d); + } return nacl.hash(d); } @@ -616,7 +646,7 @@ export function hash(d: Uint8Array): Uint8Array { * to 32 bytes. */ export function hashTruncate32(d: Uint8Array): Uint8Array { - const sha512HashCode = nacl.hash(d); + const sha512HashCode = hash(d); return sha512HashCode.subarray(0, 32); } @@ -673,7 +703,7 @@ export function hashDenomPub(pub: DenominationPubKey): Uint8Array { dv.setUint32(0, pub.age_mask ?? 0); dv.setUint32(4, DenomKeyType.toIntTag(pub.cipher)); uint8ArrayBuf.set(pubBuf, 8); - return nacl.hash(uint8ArrayBuf); + return hash(uint8ArrayBuf); } else if (pub.cipher === DenomKeyType.ClauseSchnorr) { const pubBuf = decodeCrock(pub.cs_public_key); const hashInputBuf = new ArrayBuffer(pubBuf.length + 4 + 4); @@ -682,7 +712,7 @@ export function hashDenomPub(pub: DenominationPubKey): Uint8Array { dv.setUint32(0, pub.age_mask ?? 0); dv.setUint32(4, DenomKeyType.toIntTag(pub.cipher)); uint8ArrayBuf.set(pubBuf, 8); - return nacl.hash(uint8ArrayBuf); + return hash(uint8ArrayBuf); } else { throw Error( `unsupported cipher (${ @@ -693,6 +723,10 @@ export function hashDenomPub(pub: DenominationPubKey): Uint8Array { } export function eddsaSign(msg: Uint8Array, eddsaPriv: Uint8Array): Uint8Array { + if (useNative && "_eddsaSign" in globalThis) { + // @ts-ignore + return globalThis._eddsaSign(msg, eddsaPriv); + } const pair = nacl.crypto_sign_keyPair_fromSeed(eddsaPriv); return nacl.sign_detached(msg, pair.secretKey); } @@ -702,6 +736,10 @@ export function eddsaVerify( sig: Uint8Array, eddsaPub: Uint8Array, ): boolean { + if (useNative && "_eddsaVerify" in globalThis) { + // @ts-ignore + return globalThis._eddsaVerify(msg, sig, eddsaPub); + } return nacl.sign_detached_verify(msg, sig, eddsaPub); } diff --git a/packages/taler-wallet-embedded/src/wallet-qjs.ts b/packages/taler-wallet-embedded/src/wallet-qjs.ts index 21796870a..cad8b68bf 100644 --- a/packages/taler-wallet-embedded/src/wallet-qjs.ts +++ b/packages/taler-wallet-embedded/src/wallet-qjs.ts @@ -42,6 +42,7 @@ import { j2s, Logger, setGlobalLogLevelFromString, + setPRNG, WalletNotification, } from "@gnu-taler/taler-util"; import { BridgeIDBFactory } from "@gnu-taler/idb-bridge"; @@ -54,6 +55,16 @@ import * as _qjsOsImp from "os"; const textDecoder = new TextDecoder(); const textEncoder = new TextEncoder(); +setGlobalLogLevelFromString("trace"); + +setPRNG(function (x: Uint8Array, n: number) { + // @ts-ignore + const va = globalThis._randomBytes(n); + const v = new Uint8Array(va); + for (let i = 0; i < n; i++) x[i] = v[i]; + for (let i = 0; i < v.length; i++) v[i] = 0; +}); + export interface QjsHttpResp { status: number; data: ArrayBuffer; @@ -126,8 +137,6 @@ export class NativeHttpLib implements HttpRequestLibrary { data = new ArrayBuffer(0); } } - console.log(`data type ${data?.constructor.name}`); - console.log(`data: ${j2s(data)}`); const res = qjsOs.fetchHttp(url, { method, data, |