1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
|
/*
This file is part of GNU Taler
(C) 2019 GNUnet e.V.
GNU Taler is free software; you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software
Foundation; either version 3, or (at your option) any later version.
GNU Taler is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with
GNU Taler; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
*/
import nacl = require("./nacl-fast");
import { sha256 } from "./sha256";
let createHmac: any;
export function sha512(data: Uint8Array): Uint8Array {
return nacl.hash(data);
}
export function hmac(
digest: (d: Uint8Array) => Uint8Array,
blockSize: number,
key: Uint8Array,
message: Uint8Array,
): Uint8Array {
if (key.byteLength > blockSize) {
key = digest(key);
}
console.log("message", message);
if (key.byteLength < blockSize) {
const k = key;
key = new Uint8Array(blockSize);
key.set(k, 0);
}
const okp = new Uint8Array(blockSize);
const ikp = new Uint8Array(blockSize);
for (let i = 0; i < blockSize; i++) {
ikp[i] = key[i] ^ 0x36;
okp[i] = key[i] ^ 0x5c;
}
const b1 = new Uint8Array(blockSize + message.byteLength);
b1.set(ikp, 0);
b1.set(message, blockSize);
const h0 = digest(b1);
const b2 = new Uint8Array(blockSize + h0.length);
b2.set(okp, 0);
b2.set(h0, blockSize);
return digest(b2);
}
export function hmacSha512(key: Uint8Array, message: Uint8Array) {
return hmac(sha512, 128, key, message);
}
export function hmacSha256(key: Uint8Array, message: Uint8Array) {
return hmac(sha256, 64, key, message);
}
/*
function expand(prfAlgo: string, prk: Uint8Array, length: number, info: Uint8Array) {
let hashLength;
if (prfAlgo == "sha512") {
hashLength = 64;
} else if (prfAlgo == "sha256") {
hashLength = 32;
} else {
throw Error("unsupported hash");
}
info = info || Buffer.alloc(0);
var N = Math.ceil(length / hashLength);
var memo: Buffer[] = [];
for (var i = 0; i < N; i++) {
memo[i] = createHmac(prfAlgo, prk)
.update(memo[i - 1] || Buffer.alloc(0))
.update(info)
.update(Buffer.alloc(1, i + 1))
.digest();
}
return Buffer.concat(memo, length);
}
*/
export function kdf(ikm: Uint8Array, salt: Uint8Array, info: Uint8Array) {
// extract
const prk = hmacSha512(salt, ikm);
// expand
var N = Math.ceil(length / 256);
//return expand(prfAlgo, prk, length, info);
return prk;
}
|
