@noble/post-quantum 0.3.0 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +72 -30
- package/_crystals.d.ts +2 -1
- package/_crystals.d.ts.map +1 -1
- package/_crystals.js +1 -1
- package/_crystals.js.map +1 -1
- package/esm/_crystals.d.ts +2 -1
- package/esm/_crystals.d.ts.map +1 -1
- package/esm/_crystals.js +1 -1
- package/esm/_crystals.js.map +1 -1
- package/esm/index.js +13 -0
- package/esm/index.js.map +1 -1
- package/esm/ml-dsa.d.ts +4 -4
- package/esm/ml-dsa.d.ts.map +1 -1
- package/esm/ml-dsa.js +25 -19
- package/esm/ml-dsa.js.map +1 -1
- package/esm/ml-kem.d.ts +3 -3
- package/esm/ml-kem.js +6 -6
- package/esm/ml-kem.js.map +1 -1
- package/esm/slh-dsa.d.ts +4 -1
- package/esm/slh-dsa.d.ts.map +1 -1
- package/esm/slh-dsa.js +61 -23
- package/esm/slh-dsa.js.map +1 -1
- package/esm/utils.d.ts +5 -1
- package/esm/utils.d.ts.map +1 -1
- package/esm/utils.js +45 -1
- package/esm/utils.js.map +1 -1
- package/index.js +13 -0
- package/index.js.map +1 -1
- package/ml-dsa.d.ts +4 -4
- package/ml-dsa.d.ts.map +1 -1
- package/ml-dsa.js +28 -22
- package/ml-dsa.js.map +1 -1
- package/ml-kem.d.ts +3 -3
- package/ml-kem.js +5 -5
- package/ml-kem.js.map +1 -1
- package/package.json +11 -10
- package/slh-dsa.d.ts +4 -1
- package/slh-dsa.d.ts.map +1 -1
- package/slh-dsa.js +59 -21
- package/slh-dsa.js.map +1 -1
- package/src/_crystals.ts +3 -2
- package/src/index.ts +13 -0
- package/src/ml-dsa.ts +30 -22
- package/src/ml-kem.ts +7 -7
- package/src/slh-dsa.ts +53 -18
- package/src/utils.ts +57 -1
- package/utils.d.ts +5 -1
- package/utils.d.ts.map +1 -1
- package/utils.js +47 -1
- package/utils.js.map +1 -1
package/src/slh-dsa.ts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
/**
|
|
2
|
-
* StateLess Hash-based Digital Signature Standard
|
|
3
|
-
* FIPS-205
|
|
2
|
+
* SLH-DSA: StateLess Hash-based Digital Signature Standard from
|
|
3
|
+
* [FIPS-205](https://csrc.nist.gov/pubs/fips/205/ipd). A.k.a. Sphincs+ v3.1.
|
|
4
4
|
*
|
|
5
5
|
* There are many different kinds of SLH, but basically `sha2` / `shake` indicate internal hash,
|
|
6
6
|
* `128` / `192` / `256` indicate security level, and `s` /`f` indicate trade-off (Small / Fast).
|
|
@@ -27,16 +27,20 @@
|
|
|
27
27
|
* @module
|
|
28
28
|
*/
|
|
29
29
|
/*! noble-post-quantum - MIT License (c) 2024 Paul Miller (paulmillr.com) */
|
|
30
|
+
import { setBigUint64 } from '@noble/hashes/_md';
|
|
30
31
|
import { HMAC } from '@noble/hashes/hmac';
|
|
31
32
|
import { sha256, sha512 } from '@noble/hashes/sha2';
|
|
32
33
|
import { shake256 } from '@noble/hashes/sha3';
|
|
33
|
-
import { bytesToHex,
|
|
34
|
+
import { bytesToHex, concatBytes, createView, hexToBytes } from '@noble/hashes/utils';
|
|
34
35
|
import {
|
|
35
|
-
|
|
36
|
+
EMPTY,
|
|
37
|
+
type Signer,
|
|
36
38
|
cleanBytes,
|
|
37
39
|
ensureBytes,
|
|
38
40
|
equalBytes,
|
|
39
41
|
getMask,
|
|
42
|
+
getMessage,
|
|
43
|
+
getMessagePrehash,
|
|
40
44
|
randomBytes,
|
|
41
45
|
splitCoder,
|
|
42
46
|
vecCoder,
|
|
@@ -71,15 +75,15 @@ export const PARAMS: Record<string, SphincsOpts> = {
|
|
|
71
75
|
'256s': { W: 16, N: 32, H: 64, D: 8, K: 22, A: 14 },
|
|
72
76
|
} as const;
|
|
73
77
|
|
|
74
|
-
const
|
|
75
|
-
WOTS,
|
|
76
|
-
WOTSPK,
|
|
77
|
-
HASHTREE,
|
|
78
|
-
FORSTREE,
|
|
79
|
-
FORSPK,
|
|
80
|
-
WOTSPRF,
|
|
81
|
-
FORSPRF,
|
|
82
|
-
}
|
|
78
|
+
const AddressType = {
|
|
79
|
+
WOTS: 0,
|
|
80
|
+
WOTSPK: 1,
|
|
81
|
+
HASHTREE: 2,
|
|
82
|
+
FORSTREE: 3,
|
|
83
|
+
FORSPK: 4,
|
|
84
|
+
WOTSPRF: 5,
|
|
85
|
+
FORSPRF: 6,
|
|
86
|
+
} as const;
|
|
83
87
|
|
|
84
88
|
/** Address, byte array of size ADDR_BYTES */
|
|
85
89
|
export type ADRS = Uint8Array;
|
|
@@ -131,7 +135,10 @@ function getMaskBig(bits: number) {
|
|
|
131
135
|
return (1n << BigInt(bits)) - 1n; // 4 -> 0b1111
|
|
132
136
|
}
|
|
133
137
|
|
|
134
|
-
export type SphincsSigner = Signer & { seedLen: number }
|
|
138
|
+
export type SphincsSigner = Signer & { seedLen: number } & {
|
|
139
|
+
internal: Signer;
|
|
140
|
+
prehash: (hashName: string) => Signer;
|
|
141
|
+
};
|
|
135
142
|
|
|
136
143
|
function gen(opts: SphincsOpts, hashOpts: SphincsHashOpts): SphincsSigner {
|
|
137
144
|
const { N, W, H, D, K, A } = opts;
|
|
@@ -166,7 +173,7 @@ function gen(opts: SphincsOpts, hashOpts: SphincsHashOpts): SphincsSigner {
|
|
|
166
173
|
|
|
167
174
|
const setAddr = (
|
|
168
175
|
opts: {
|
|
169
|
-
type?: AddressType;
|
|
176
|
+
type?: (typeof AddressType)[keyof typeof AddressType];
|
|
170
177
|
height?: number;
|
|
171
178
|
tree?: bigint;
|
|
172
179
|
index?: number;
|
|
@@ -190,7 +197,7 @@ function gen(opts: SphincsOpts, hashOpts: SphincsHashOpts): SphincsSigner {
|
|
|
190
197
|
if (hash !== undefined) addr[OFFSET_HASH_ADDR] = hash;
|
|
191
198
|
if (index !== undefined) v.setUint32(OFFSET_TREE_INDEX, index, false);
|
|
192
199
|
if (subtreeAddr) addr.set(subtreeAddr.subarray(0, OFFSET_TREE + 8));
|
|
193
|
-
if (tree !== undefined)
|
|
200
|
+
if (tree !== undefined) setBigUint64(v, OFFSET_TREE, tree, false);
|
|
194
201
|
if (keypair !== undefined) {
|
|
195
202
|
addr[OFFSET_KP_ADDR1] = keypair;
|
|
196
203
|
if (TREE_HEIGHT > 8) addr[OFFSET_KP_ADDR2] = keypair >>> 8;
|
|
@@ -373,8 +380,7 @@ function gen(opts: SphincsOpts, hashOpts: SphincsHashOpts): SphincsSigner {
|
|
|
373
380
|
const forsCoder = vecCoder(splitCoder(N, N * A), K);
|
|
374
381
|
const wotsCoder = vecCoder(splitCoder(WOTS_LEN * N, TREE_HEIGHT * N), D);
|
|
375
382
|
const sigCoder = splitCoder(N, forsCoder, wotsCoder); // random || fors || wots
|
|
376
|
-
|
|
377
|
-
seedLen: seedCoder.bytesLen,
|
|
383
|
+
const internal: Signer = {
|
|
378
384
|
signRandBytes: N,
|
|
379
385
|
keygen(seed = randomBytes(seedCoder.bytesLen)) {
|
|
380
386
|
// Set SK.seed, SK.prf, and PK.seed to random n-byte
|
|
@@ -520,6 +526,35 @@ function gen(opts: SphincsOpts, hashOpts: SphincsHashOpts): SphincsSigner {
|
|
|
520
526
|
return equalBytes(root, pubRoot);
|
|
521
527
|
},
|
|
522
528
|
};
|
|
529
|
+
return {
|
|
530
|
+
internal,
|
|
531
|
+
seedLen: seedCoder.bytesLen,
|
|
532
|
+
keygen: internal.keygen,
|
|
533
|
+
signRandBytes: internal.signRandBytes,
|
|
534
|
+
sign: (secretKey: Uint8Array, msg: Uint8Array, ctx = EMPTY, random?: Uint8Array) => {
|
|
535
|
+
const M = getMessage(msg, ctx);
|
|
536
|
+
const res = internal.sign(secretKey, M, random);
|
|
537
|
+
M.fill(0);
|
|
538
|
+
return res;
|
|
539
|
+
},
|
|
540
|
+
verify: (publicKey: Uint8Array, msg: Uint8Array, sig: Uint8Array, ctx = EMPTY) => {
|
|
541
|
+
return internal.verify(publicKey, getMessage(msg, ctx), sig);
|
|
542
|
+
},
|
|
543
|
+
prehash: (hashName: string) => ({
|
|
544
|
+
seedLen: seedCoder.bytesLen,
|
|
545
|
+
keygen: internal.keygen,
|
|
546
|
+
signRandBytes: internal.signRandBytes,
|
|
547
|
+
sign: (secretKey: Uint8Array, msg: Uint8Array, ctx = EMPTY, random?: Uint8Array) => {
|
|
548
|
+
const M = getMessagePrehash(hashName, msg, ctx);
|
|
549
|
+
const res = internal.sign(secretKey, M, random);
|
|
550
|
+
M.fill(0);
|
|
551
|
+
return res;
|
|
552
|
+
},
|
|
553
|
+
verify: (publicKey: Uint8Array, msg: Uint8Array, sig: Uint8Array, ctx = EMPTY) => {
|
|
554
|
+
return internal.verify(publicKey, getMessagePrehash(hashName, msg, ctx), sig);
|
|
555
|
+
},
|
|
556
|
+
}),
|
|
557
|
+
};
|
|
523
558
|
}
|
|
524
559
|
|
|
525
560
|
const genShake =
|
package/src/utils.ts
CHANGED
|
@@ -4,7 +4,16 @@
|
|
|
4
4
|
*/
|
|
5
5
|
/*! noble-post-quantum - MIT License (c) 2024 Paul Miller (paulmillr.com) */
|
|
6
6
|
import { abytes } from '@noble/hashes/_assert';
|
|
7
|
-
import {
|
|
7
|
+
import { sha224, sha256 } from '@noble/hashes/sha256';
|
|
8
|
+
import { sha3_224, sha3_256, sha3_384, sha3_512, shake128, shake256 } from '@noble/hashes/sha3';
|
|
9
|
+
import { sha384, sha512, sha512_224, sha512_256 } from '@noble/hashes/sha512';
|
|
10
|
+
import {
|
|
11
|
+
type TypedArray,
|
|
12
|
+
concatBytes,
|
|
13
|
+
hexToBytes,
|
|
14
|
+
randomBytes as randb,
|
|
15
|
+
utf8ToBytes,
|
|
16
|
+
} from '@noble/hashes/utils';
|
|
8
17
|
|
|
9
18
|
export const ensureBytes: typeof abytes = abytes;
|
|
10
19
|
export const randomBytes: typeof randb = randb;
|
|
@@ -18,6 +27,7 @@ export function equalBytes(a: Uint8Array, b: Uint8Array): boolean {
|
|
|
18
27
|
return diff === 0;
|
|
19
28
|
}
|
|
20
29
|
|
|
30
|
+
/** Generic interface for signatures. Has keygen, sign and verify. */
|
|
21
31
|
export type Signer = {
|
|
22
32
|
signRandBytes: number;
|
|
23
33
|
keygen: (seed: Uint8Array) => {
|
|
@@ -116,3 +126,49 @@ export function cleanBytes(...list: (TypedArray | TypedArray[])[]): void {
|
|
|
116
126
|
export function getMask(bits: number): number {
|
|
117
127
|
return (1 << bits) - 1; // 4 -> 0b1111
|
|
118
128
|
}
|
|
129
|
+
|
|
130
|
+
export const EMPTY: Uint8Array = new Uint8Array(0);
|
|
131
|
+
|
|
132
|
+
export function getMessage(msg: Uint8Array, ctx: Uint8Array = EMPTY): Uint8Array {
|
|
133
|
+
ensureBytes(msg);
|
|
134
|
+
ensureBytes(ctx);
|
|
135
|
+
if (ctx.length > 255) throw new Error('context should be less than 255 bytes');
|
|
136
|
+
return concatBytes(new Uint8Array([0, ctx.length]), ctx, msg);
|
|
137
|
+
}
|
|
138
|
+
|
|
139
|
+
// OIDS from https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration
|
|
140
|
+
// TODO: maybe add 'OID' property to hashes themselves to improve tree-shaking?
|
|
141
|
+
const HASHES: Record<string, { oid: Uint8Array; hash: (msg: Uint8Array) => Uint8Array }> = {
|
|
142
|
+
'SHA2-256': { oid: hexToBytes('0609608648016503040201'), hash: sha256 },
|
|
143
|
+
'SHA2-384': { oid: hexToBytes('0609608648016503040202'), hash: sha384 },
|
|
144
|
+
'SHA2-512': { oid: hexToBytes('0609608648016503040203'), hash: sha512 },
|
|
145
|
+
'SHA2-224': { oid: hexToBytes('0609608648016503040204'), hash: sha224 },
|
|
146
|
+
'SHA2-512/224': { oid: hexToBytes('0609608648016503040205'), hash: sha512_224 },
|
|
147
|
+
'SHA2-512/256': { oid: hexToBytes('0609608648016503040206'), hash: sha512_256 },
|
|
148
|
+
'SHA3-224': { oid: hexToBytes('0609608648016503040207'), hash: sha3_224 },
|
|
149
|
+
'SHA3-256': { oid: hexToBytes('0609608648016503040208'), hash: sha3_256 },
|
|
150
|
+
'SHA3-384': { oid: hexToBytes('0609608648016503040209'), hash: sha3_384 },
|
|
151
|
+
'SHA3-512': { oid: hexToBytes('060960864801650304020A'), hash: sha3_512 },
|
|
152
|
+
'SHAKE-128': {
|
|
153
|
+
oid: hexToBytes('060960864801650304020B'),
|
|
154
|
+
hash: (msg) => shake128(msg, { dkLen: 32 }),
|
|
155
|
+
},
|
|
156
|
+
'SHAKE-256': {
|
|
157
|
+
oid: hexToBytes('060960864801650304020C'),
|
|
158
|
+
hash: (msg) => shake256(msg, { dkLen: 64 }),
|
|
159
|
+
},
|
|
160
|
+
};
|
|
161
|
+
|
|
162
|
+
export function getMessagePrehash(
|
|
163
|
+
hashName: string,
|
|
164
|
+
msg: Uint8Array,
|
|
165
|
+
ctx: Uint8Array = EMPTY
|
|
166
|
+
): Uint8Array {
|
|
167
|
+
ensureBytes(msg);
|
|
168
|
+
ensureBytes(ctx);
|
|
169
|
+
if (ctx.length > 255) throw new Error('context should be less than 255 bytes');
|
|
170
|
+
if (!HASHES[hashName]) throw new Error('unknown hash: ' + hashName);
|
|
171
|
+
const { oid, hash } = HASHES[hashName];
|
|
172
|
+
const hashed = hash(msg);
|
|
173
|
+
return concatBytes(new Uint8Array([1, ctx.length]), ctx, oid, hashed);
|
|
174
|
+
}
|
package/utils.d.ts
CHANGED
|
@@ -4,11 +4,12 @@
|
|
|
4
4
|
*/
|
|
5
5
|
/*! noble-post-quantum - MIT License (c) 2024 Paul Miller (paulmillr.com) */
|
|
6
6
|
import { abytes } from '@noble/hashes/_assert';
|
|
7
|
-
import { TypedArray, concatBytes,
|
|
7
|
+
import { type TypedArray, concatBytes, randomBytes as randb, utf8ToBytes } from '@noble/hashes/utils';
|
|
8
8
|
export declare const ensureBytes: typeof abytes;
|
|
9
9
|
export declare const randomBytes: typeof randb;
|
|
10
10
|
export { concatBytes, utf8ToBytes };
|
|
11
11
|
export declare function equalBytes(a: Uint8Array, b: Uint8Array): boolean;
|
|
12
|
+
/** Generic interface for signatures. Has keygen, sign and verify. */
|
|
12
13
|
export type Signer = {
|
|
13
14
|
signRandBytes: number;
|
|
14
15
|
keygen: (seed: Uint8Array) => {
|
|
@@ -39,4 +40,7 @@ export declare function splitCoder<T extends (number | BytesCoderLen<any>)[]>(..
|
|
|
39
40
|
export declare function vecCoder<T>(c: BytesCoderLen<T>, vecLen: number): BytesCoderLen<T[]>;
|
|
40
41
|
export declare function cleanBytes(...list: (TypedArray | TypedArray[])[]): void;
|
|
41
42
|
export declare function getMask(bits: number): number;
|
|
43
|
+
export declare const EMPTY: Uint8Array;
|
|
44
|
+
export declare function getMessage(msg: Uint8Array, ctx?: Uint8Array): Uint8Array;
|
|
45
|
+
export declare function getMessagePrehash(hashName: string, msg: Uint8Array, ctx?: Uint8Array): Uint8Array;
|
|
42
46
|
//# sourceMappingURL=utils.d.ts.map
|
package/utils.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["src/utils.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,4EAA4E;AAC5E,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;
|
|
1
|
+
{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["src/utils.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,4EAA4E;AAC5E,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAI/C,OAAO,EACL,KAAK,UAAU,EACf,WAAW,EAEX,WAAW,IAAI,KAAK,EACpB,WAAW,EACZ,MAAM,qBAAqB,CAAC;AAE7B,eAAO,MAAM,WAAW,EAAE,OAAO,MAAe,CAAC;AACjD,eAAO,MAAM,WAAW,EAAE,OAAO,KAAa,CAAC;AAC/C,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,CAAC;AAGpC,wBAAgB,UAAU,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,UAAU,GAAG,OAAO,CAKhE;AAED,qEAAqE;AACrE,MAAM,MAAM,MAAM,GAAG;IACnB,aAAa,EAAE,MAAM,CAAC;IACtB,MAAM,EAAE,CAAC,IAAI,EAAE,UAAU,KAAK;QAC5B,SAAS,EAAE,UAAU,CAAC;QACtB,SAAS,EAAE,UAAU,CAAC;KACvB,CAAC;IACF,IAAI,EAAE,CAAC,SAAS,EAAE,UAAU,EAAE,GAAG,EAAE,UAAU,EAAE,MAAM,CAAC,EAAE,UAAU,KAAK,UAAU,CAAC;IAClF,MAAM,EAAE,CAAC,SAAS,EAAE,UAAU,EAAE,GAAG,EAAE,UAAU,EAAE,GAAG,EAAE,UAAU,KAAK,OAAO,CAAC;CAC9E,CAAC;AAEF,MAAM,WAAW,KAAK,CAAC,CAAC,EAAE,CAAC;IACzB,MAAM,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,CAAC;IACnB,MAAM,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC;CAClB;AAED,MAAM,WAAW,UAAU,CAAC,CAAC,CAAE,SAAQ,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC;IACzD,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,KAAK,UAAU,CAAC;IAChC,MAAM,EAAE,CAAC,KAAK,EAAE,UAAU,KAAK,CAAC,CAAC;CAClC;AAED,MAAM,MAAM,aAAa,CAAC,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,GAAG;IAAE,QAAQ,EAAE,MAAM,CAAA;CAAE,CAAC;AAGpE,KAAK,OAAO,CAAC,CAAC,IAAI,CAAC,SAAS,UAAU,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;AAC5D,KAAK,QAAQ,CAAC,CAAC,SAAS,CAAC,MAAM,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI;KACxD,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,MAAM,GAAG,UAAU,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;CACjE,CAAC;AACF,wBAAgB,UAAU,CAAC,CAAC,SAAS,CAAC,MAAM,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,EAAE,EAClE,GAAG,OAAO,EAAE,CAAC,GACZ,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,GAAG;IAAE,QAAQ,EAAE,MAAM,CAAA;CAAE,CA8BhD;AAED,wBAAgB,QAAQ,CAAC,CAAC,EAAE,CAAC,EAAE,aAAa,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,MAAM,GAAG,aAAa,CAAC,CAAC,EAAE,CAAC,CAwBnF;AAGD,wBAAgB,UAAU,CAAC,GAAG,IAAI,EAAE,CAAC,UAAU,GAAG,UAAU,EAAE,CAAC,EAAE,GAAG,IAAI,CAKvE;AAED,wBAAgB,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAE5C;AAED,eAAO,MAAM,KAAK,EAAE,UAA8B,CAAC;AAEnD,wBAAgB,UAAU,CAAC,GAAG,EAAE,UAAU,EAAE,GAAG,GAAE,UAAkB,GAAG,UAAU,CAK/E;AAyBD,wBAAgB,iBAAiB,CAC/B,QAAQ,EAAE,MAAM,EAChB,GAAG,EAAE,UAAU,EACf,GAAG,GAAE,UAAkB,GACtB,UAAU,CAQZ"}
|
package/utils.js
CHANGED
|
@@ -1,17 +1,22 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.utf8ToBytes = exports.concatBytes = exports.randomBytes = exports.ensureBytes = void 0;
|
|
3
|
+
exports.EMPTY = exports.utf8ToBytes = exports.concatBytes = exports.randomBytes = exports.ensureBytes = void 0;
|
|
4
4
|
exports.equalBytes = equalBytes;
|
|
5
5
|
exports.splitCoder = splitCoder;
|
|
6
6
|
exports.vecCoder = vecCoder;
|
|
7
7
|
exports.cleanBytes = cleanBytes;
|
|
8
8
|
exports.getMask = getMask;
|
|
9
|
+
exports.getMessage = getMessage;
|
|
10
|
+
exports.getMessagePrehash = getMessagePrehash;
|
|
9
11
|
/**
|
|
10
12
|
* Utilities for hex, bytearray and number handling.
|
|
11
13
|
* @module
|
|
12
14
|
*/
|
|
13
15
|
/*! noble-post-quantum - MIT License (c) 2024 Paul Miller (paulmillr.com) */
|
|
14
16
|
const _assert_1 = require("@noble/hashes/_assert");
|
|
17
|
+
const sha256_1 = require("@noble/hashes/sha256");
|
|
18
|
+
const sha3_1 = require("@noble/hashes/sha3");
|
|
19
|
+
const sha512_1 = require("@noble/hashes/sha512");
|
|
15
20
|
const utils_1 = require("@noble/hashes/utils");
|
|
16
21
|
Object.defineProperty(exports, "concatBytes", { enumerable: true, get: function () { return utils_1.concatBytes; } });
|
|
17
22
|
Object.defineProperty(exports, "utf8ToBytes", { enumerable: true, get: function () { return utils_1.utf8ToBytes; } });
|
|
@@ -97,4 +102,45 @@ function cleanBytes(...list) {
|
|
|
97
102
|
function getMask(bits) {
|
|
98
103
|
return (1 << bits) - 1; // 4 -> 0b1111
|
|
99
104
|
}
|
|
105
|
+
exports.EMPTY = new Uint8Array(0);
|
|
106
|
+
function getMessage(msg, ctx = exports.EMPTY) {
|
|
107
|
+
(0, exports.ensureBytes)(msg);
|
|
108
|
+
(0, exports.ensureBytes)(ctx);
|
|
109
|
+
if (ctx.length > 255)
|
|
110
|
+
throw new Error('context should be less than 255 bytes');
|
|
111
|
+
return (0, utils_1.concatBytes)(new Uint8Array([0, ctx.length]), ctx, msg);
|
|
112
|
+
}
|
|
113
|
+
// OIDS from https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration
|
|
114
|
+
// TODO: maybe add 'OID' property to hashes themselves to improve tree-shaking?
|
|
115
|
+
const HASHES = {
|
|
116
|
+
'SHA2-256': { oid: (0, utils_1.hexToBytes)('0609608648016503040201'), hash: sha256_1.sha256 },
|
|
117
|
+
'SHA2-384': { oid: (0, utils_1.hexToBytes)('0609608648016503040202'), hash: sha512_1.sha384 },
|
|
118
|
+
'SHA2-512': { oid: (0, utils_1.hexToBytes)('0609608648016503040203'), hash: sha512_1.sha512 },
|
|
119
|
+
'SHA2-224': { oid: (0, utils_1.hexToBytes)('0609608648016503040204'), hash: sha256_1.sha224 },
|
|
120
|
+
'SHA2-512/224': { oid: (0, utils_1.hexToBytes)('0609608648016503040205'), hash: sha512_1.sha512_224 },
|
|
121
|
+
'SHA2-512/256': { oid: (0, utils_1.hexToBytes)('0609608648016503040206'), hash: sha512_1.sha512_256 },
|
|
122
|
+
'SHA3-224': { oid: (0, utils_1.hexToBytes)('0609608648016503040207'), hash: sha3_1.sha3_224 },
|
|
123
|
+
'SHA3-256': { oid: (0, utils_1.hexToBytes)('0609608648016503040208'), hash: sha3_1.sha3_256 },
|
|
124
|
+
'SHA3-384': { oid: (0, utils_1.hexToBytes)('0609608648016503040209'), hash: sha3_1.sha3_384 },
|
|
125
|
+
'SHA3-512': { oid: (0, utils_1.hexToBytes)('060960864801650304020A'), hash: sha3_1.sha3_512 },
|
|
126
|
+
'SHAKE-128': {
|
|
127
|
+
oid: (0, utils_1.hexToBytes)('060960864801650304020B'),
|
|
128
|
+
hash: (msg) => (0, sha3_1.shake128)(msg, { dkLen: 32 }),
|
|
129
|
+
},
|
|
130
|
+
'SHAKE-256': {
|
|
131
|
+
oid: (0, utils_1.hexToBytes)('060960864801650304020C'),
|
|
132
|
+
hash: (msg) => (0, sha3_1.shake256)(msg, { dkLen: 64 }),
|
|
133
|
+
},
|
|
134
|
+
};
|
|
135
|
+
function getMessagePrehash(hashName, msg, ctx = exports.EMPTY) {
|
|
136
|
+
(0, exports.ensureBytes)(msg);
|
|
137
|
+
(0, exports.ensureBytes)(ctx);
|
|
138
|
+
if (ctx.length > 255)
|
|
139
|
+
throw new Error('context should be less than 255 bytes');
|
|
140
|
+
if (!HASHES[hashName])
|
|
141
|
+
throw new Error('unknown hash: ' + hashName);
|
|
142
|
+
const { oid, hash } = HASHES[hashName];
|
|
143
|
+
const hashed = hash(msg);
|
|
144
|
+
return (0, utils_1.concatBytes)(new Uint8Array([1, ctx.length]), ctx, oid, hashed);
|
|
145
|
+
}
|
|
100
146
|
//# sourceMappingURL=utils.js.map
|
package/utils.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"utils.js","sourceRoot":"","sources":["src/utils.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"utils.js","sourceRoot":"","sources":["src/utils.ts"],"names":[],"mappings":";;;AAsBA,gCAKC;AA8BD,gCAgCC;AAED,4BAwBC;AAGD,gCAKC;AAED,0BAEC;AAID,gCAKC;AAyBD,8CAYC;AA7KD;;;GAGG;AACH,4EAA4E;AAC5E,mDAA+C;AAC/C,iDAAsD;AACtD,6CAAgG;AAChG,iDAA8E;AAC9E,+CAM6B;AAIpB,4FARP,mBAAW,OAQO;AAAE,4FALpB,mBAAW,OAKoB;AAFpB,QAAA,WAAW,GAAkB,gBAAM,CAAC;AACpC,QAAA,WAAW,GAAiB,mBAAK,CAAC;AAG/C,0CAA0C;AAC1C,SAAgB,UAAU,CAAC,CAAa,EAAE,CAAa;IACrD,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IACxC,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACvD,OAAO,IAAI,KAAK,CAAC,CAAC;AACpB,CAAC;AA8BD,SAAgB,UAAU,CACxB,GAAG,OAAU;IAEb,MAAM,SAAS,GAAG,CAAC,CAA8B,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;IAC/F,MAAM,QAAQ,GAAW,OAAO,CAAC,MAAM,CAAC,CAAC,GAAW,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACnF,OAAO;QACL,QAAQ;QACR,MAAM,EAAE,CAAC,IAAO,EAAE,EAAE;YAClB,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,QAAQ,CAAC,CAAC;YACrC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,GAAG,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACjD,MAAM,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;gBACrB,MAAM,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;gBACvB,MAAM,CAAC,GAAe,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAE,IAAI,CAAC,CAAC,CAAS,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;gBACnF,IAAA,mBAAW,EAAC,CAAC,EAAE,CAAC,CAAC,CAAC;gBAClB,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;gBAChB,IAAI,OAAO,CAAC,KAAK,QAAQ;oBAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ;gBAC9C,GAAG,IAAI,CAAC,CAAC;YACX,CAAC;YACD,OAAO,GAAG,CAAC;QACb,CAAC;QACD,MAAM,EAAE,CAAC,GAAe,EAAE,EAAE;YAC1B,IAAA,mBAAW,EAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;YAC3B,MAAM,GAAG,GAAG,EAAE,CAAC;YACf,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;gBACxB,MAAM,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;gBACvB,MAAM,CAAC,GAAG,GAAG,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;gBAC7B,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;gBAClD,GAAG,GAAG,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;YACxB,CAAC;YACD,OAAO,GAAkB,CAAC;QAC5B,CAAC;KACK,CAAC;AACX,CAAC;AACD,iCAAiC;AACjC,SAAgB,QAAQ,CAAI,CAAmB,EAAE,MAAc;IAC7D,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,CAAC,QAAQ,CAAC;IACrC,OAAO;QACL,QAAQ;QACR,MAAM,EAAE,CAAC,CAAM,EAAc,EAAE;YAC7B,IAAI,CAAC,CAAC,MAAM,KAAK,MAAM;gBACrB,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC,MAAM,eAAe,MAAM,EAAE,CAAC,CAAC;YACpF,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,QAAQ,CAAC,CAAC;YACrC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,GAAG,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC3C,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBACzB,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;gBAChB,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ;gBACnB,GAAG,IAAI,CAAC,CAAC,MAAM,CAAC;YAClB,CAAC;YACD,OAAO,GAAG,CAAC;QACb,CAAC;QACD,MAAM,EAAE,CAAC,CAAa,EAAO,EAAE;YAC7B,IAAA,mBAAW,EAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;YACzB,MAAM,CAAC,GAAQ,EAAE,CAAC;YAClB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,CAAC,QAAQ;gBAC3C,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;YAClD,OAAO,CAAC,CAAC;QACX,CAAC;KACF,CAAC;AACJ,CAAC;AAED,uEAAuE;AACvE,SAAgB,UAAU,CAAC,GAAG,IAAmC;IAC/D,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;QACrB,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;YAAE,KAAK,MAAM,CAAC,IAAI,CAAC;gBAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;;YAC9C,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACjB,CAAC;AACH,CAAC;AAED,SAAgB,OAAO,CAAC,IAAY;IAClC,OAAO,CAAC,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,cAAc;AACxC,CAAC;AAEY,QAAA,KAAK,GAAe,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;AAEnD,SAAgB,UAAU,CAAC,GAAe,EAAE,MAAkB,aAAK;IACjE,IAAA,mBAAW,EAAC,GAAG,CAAC,CAAC;IACjB,IAAA,mBAAW,EAAC,GAAG,CAAC,CAAC;IACjB,IAAI,GAAG,CAAC,MAAM,GAAG,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;IAC/E,OAAO,IAAA,mBAAW,EAAC,IAAI,UAAU,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;AAChE,CAAC;AAED,qGAAqG;AACrG,+EAA+E;AAC/E,MAAM,MAAM,GAA+E;IACzF,UAAU,EAAE,EAAE,GAAG,EAAE,IAAA,kBAAU,EAAC,wBAAwB,CAAC,EAAE,IAAI,EAAE,eAAM,EAAE;IACvE,UAAU,EAAE,EAAE,GAAG,EAAE,IAAA,kBAAU,EAAC,wBAAwB,CAAC,EAAE,IAAI,EAAE,eAAM,EAAE;IACvE,UAAU,EAAE,EAAE,GAAG,EAAE,IAAA,kBAAU,EAAC,wBAAwB,CAAC,EAAE,IAAI,EAAE,eAAM,EAAE;IACvE,UAAU,EAAE,EAAE,GAAG,EAAE,IAAA,kBAAU,EAAC,wBAAwB,CAAC,EAAE,IAAI,EAAE,eAAM,EAAE;IACvE,cAAc,EAAE,EAAE,GAAG,EAAE,IAAA,kBAAU,EAAC,wBAAwB,CAAC,EAAE,IAAI,EAAE,mBAAU,EAAE;IAC/E,cAAc,EAAE,EAAE,GAAG,EAAE,IAAA,kBAAU,EAAC,wBAAwB,CAAC,EAAE,IAAI,EAAE,mBAAU,EAAE;IAC/E,UAAU,EAAE,EAAE,GAAG,EAAE,IAAA,kBAAU,EAAC,wBAAwB,CAAC,EAAE,IAAI,EAAE,eAAQ,EAAE;IACzE,UAAU,EAAE,EAAE,GAAG,EAAE,IAAA,kBAAU,EAAC,wBAAwB,CAAC,EAAE,IAAI,EAAE,eAAQ,EAAE;IACzE,UAAU,EAAE,EAAE,GAAG,EAAE,IAAA,kBAAU,EAAC,wBAAwB,CAAC,EAAE,IAAI,EAAE,eAAQ,EAAE;IACzE,UAAU,EAAE,EAAE,GAAG,EAAE,IAAA,kBAAU,EAAC,wBAAwB,CAAC,EAAE,IAAI,EAAE,eAAQ,EAAE;IACzE,WAAW,EAAE;QACX,GAAG,EAAE,IAAA,kBAAU,EAAC,wBAAwB,CAAC;QACzC,IAAI,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,IAAA,eAAQ,EAAC,GAAG,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;KAC5C;IACD,WAAW,EAAE;QACX,GAAG,EAAE,IAAA,kBAAU,EAAC,wBAAwB,CAAC;QACzC,IAAI,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,IAAA,eAAQ,EAAC,GAAG,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;KAC5C;CACF,CAAC;AAEF,SAAgB,iBAAiB,CAC/B,QAAgB,EAChB,GAAe,EACf,MAAkB,aAAK;IAEvB,IAAA,mBAAW,EAAC,GAAG,CAAC,CAAC;IACjB,IAAA,mBAAW,EAAC,GAAG,CAAC,CAAC;IACjB,IAAI,GAAG,CAAC,MAAM,GAAG,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;IAC/E,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,gBAAgB,GAAG,QAAQ,CAAC,CAAC;IACpE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC;IACvC,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC;IACzB,OAAO,IAAA,mBAAW,EAAC,IAAI,UAAU,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,MAAM,CAAC,CAAC;AACxE,CAAC"}
|