diff options
Diffstat (limited to 'packages/taler-util/src/kdf.js')
| -rw-r--r-- | packages/taler-util/src/kdf.js | 95 |
1 files changed, 47 insertions, 48 deletions
diff --git a/packages/taler-util/src/kdf.js b/packages/taler-util/src/kdf.js index 32f17beac..6cd3d1ddf 100644 --- a/packages/taler-util/src/kdf.js +++ b/packages/taler-util/src/kdf.js @@ -16,61 +16,60 @@ import * as nacl from "./nacl-fast.js"; import { sha256 } from "./sha256.js"; export function sha512(data) { - return nacl.hash(data); + return nacl.hash(data); } export function hmac(digest, blockSize, key, message) { - if (key.byteLength > blockSize) { - key = digest(key); - } - if (key.byteLength < blockSize) { - const k = key; - key = new Uint8Array(blockSize); - key.set(k, 0); - } - const okp = new Uint8Array(blockSize); - const ikp = new Uint8Array(blockSize); - for (let i = 0; i < blockSize; i++) { - ikp[i] = key[i] ^ 0x36; - okp[i] = key[i] ^ 0x5c; - } - const b1 = new Uint8Array(blockSize + message.byteLength); - b1.set(ikp, 0); - b1.set(message, blockSize); - const h0 = digest(b1); - const b2 = new Uint8Array(blockSize + h0.length); - b2.set(okp, 0); - b2.set(h0, blockSize); - return digest(b2); + if (key.byteLength > blockSize) { + key = digest(key); + } + if (key.byteLength < blockSize) { + const k = key; + key = new Uint8Array(blockSize); + key.set(k, 0); + } + const okp = new Uint8Array(blockSize); + const ikp = new Uint8Array(blockSize); + for (let i = 0; i < blockSize; i++) { + ikp[i] = key[i] ^ 0x36; + okp[i] = key[i] ^ 0x5c; + } + const b1 = new Uint8Array(blockSize + message.byteLength); + b1.set(ikp, 0); + b1.set(message, blockSize); + const h0 = digest(b1); + const b2 = new Uint8Array(blockSize + h0.length); + b2.set(okp, 0); + b2.set(h0, blockSize); + return digest(b2); } export function hmacSha512(key, message) { - return hmac(sha512, 128, key, message); + return hmac(sha512, 128, key, message); } export function hmacSha256(key, message) { - return hmac(sha256, 64, key, message); + return hmac(sha256, 64, key, message); } export function kdf(outputLength, ikm, salt, info) { - // extract - const prk = hmacSha512(salt, ikm); - // expand - const N = Math.ceil(outputLength / 32); - const output = new Uint8Array(N * 32); - for (let i = 0; i < N; i++) { - let buf; - if (i == 0) { - buf = new Uint8Array(info.byteLength + 1); - buf.set(info, 0); - } - else { - buf = new Uint8Array(info.byteLength + 1 + 32); - for (let j = 0; j < 32; j++) { - buf[j] = output[(i - 1) * 32 + j]; - } - buf.set(info, 32); - } - buf[buf.length - 1] = i + 1; - const chunk = hmacSha256(prk, buf); - output.set(chunk, i * 32); + // extract + const prk = hmacSha512(salt, ikm); + // expand + const N = Math.ceil(outputLength / 32); + const output = new Uint8Array(N * 32); + for (let i = 0; i < N; i++) { + let buf; + if (i == 0) { + buf = new Uint8Array(info.byteLength + 1); + buf.set(info, 0); + } else { + buf = new Uint8Array(info.byteLength + 1 + 32); + for (let j = 0; j < 32; j++) { + buf[j] = output[(i - 1) * 32 + j]; + } + buf.set(info, 32); } - return output.slice(0, outputLength); + buf[buf.length - 1] = i + 1; + const chunk = hmacSha256(prk, buf); + output.set(chunk, i * 32); + } + return output.slice(0, outputLength); } -//# sourceMappingURL=kdf.js.map
\ No newline at end of file +//# sourceMappingURL=kdf.js.map |