salty-crypto 0.0.1

package/test/tests/blake2.test.ts

@@ -0,0 +1,41 @@
+import { BLAKE2s } from '../../src/blake2';
+import { it, expect } from '../harness';
+
+it('Appendix B of RFC 7693', () => {
+    expect(BLAKE2s.digest(new TextEncoder().encode("abc"))).toEqual(Uint8Array.from([
+        0x50, 0x8C, 0x5E, 0x8C, 0x32, 0x7C, 0x14, 0xE2, 0xE1, 0xA7, 0x2B, 0xA3, 0x4E, 0xEB, 0x45, 0x2F,
+        0x37, 0x45, 0x8B, 0x20, 0x9E, 0xD6, 0x3A, 0x29, 0x4D, 0x99, 0x9B, 0x4C, 0x86, 0x67, 0x59, 0x82,
+    ]));
+});
+
+it('Appendix E of RFC 7693', () => {
+    function seq(len: number, seed: number): Uint8Array {
+        let a = (0xDEAD4BAD * seed) | 0;
+        let b = 1;
+        const out = new Uint8Array(len);
+        for (let i = 0; i < len; i++) {
+            const t = (a + b) | 0;
+            a = b;
+            b = t;
+            out[i] = (t >> 24) & 0xff;
+        }
+        return out;
+    }
+
+    const ctx = new BLAKE2s();
+
+    [16, 20, 28, 32].forEach(outlen => {
+        [0, 3, 64, 65, 255, 1024].forEach(inlen => {
+            const input = seq(inlen, inlen);
+            ctx.update(BLAKE2s.digest(input, outlen));
+            ctx.update(BLAKE2s.digest(input, outlen, seq(outlen, outlen)));
+        });
+    });
+
+    expect(ctx.final()).toEqual(Uint8Array.from([
+        0x6A, 0x41, 0x1F, 0x08, 0xCE, 0x25, 0xAD, 0xCD,
+        0xFB, 0x02, 0xAB, 0xA6, 0x41, 0x45, 0x1C, 0xEC,
+        0x53, 0xC5, 0x98, 0xB2, 0x4F, 0x4F, 0xC7, 0x87,
+        0xFB, 0xDC, 0x88, 0x79, 0x7F, 0x4C, 0x1D, 0xFE,
+    ]));
+});

package/test/tests/chacha20.test.ts

@@ -0,0 +1,81 @@
+import * as ChaCha from '../../src/chacha20';
+import { it, expect } from '../harness';
+
+it('chacha20_quarter_round 1', () => {
+    const s = new Uint32Array(4);
+    s[0] = 0x11111111;
+    s[1] = 0x01020304;
+    s[2] = 0x9b8d6f43;
+    s[3] = 0x01234567;
+    ChaCha.chacha20_quarter_round(s, 0, 1, 2, 3);
+    expect(Array.from(s)).toEqual([0xea2a92f4, 0xcb1cf8ce, 0x4581472e, 0x5881c4bb]);
+});
+
+it('chacha20_quarter_round 2', () => {
+    const s = Uint32Array.from([
+        0x879531e0, 0xc5ecf37d, 0x516461b1, 0xc9a62f8a,
+        0x44c20ef3, 0x3390af7f, 0xd9fc690b, 0x2a5f714c,
+        0x53372767, 0xb00a5631, 0x974c541a, 0x359e9963,
+        0x5c971061, 0x3d631689, 0x2098d9d6, 0x91dbd320,
+    ]);
+    ChaCha.chacha20_quarter_round(s, 2, 7, 8, 13);
+    expect(s).toEqual(Uint32Array.from([
+        0x879531e0, 0xc5ecf37d, 0xbdb886dc, 0xc9a62f8a,
+        0x44c20ef3, 0x3390af7f, 0xd9fc690b, 0xcfacafd2,
+        0xe46bea80, 0xb00a5631, 0x974c541a, 0x359e9963,
+        0x5c971061, 0xccc07c79, 0x2098d9d6, 0x91dbd320,
+    ]));
+});
+
+it('chacha20_block', () => {
+    const key8 = new Uint8Array(ChaCha.CHACHA20_KEYBYTES);
+    for (let i = 0; i < key8.length; i++) key8[i] = i;
+    const key = new DataView(key8.buffer);
+
+    const nonce8 = new Uint8Array(ChaCha.CHACHA20_NONCEBYTES);
+    nonce8[3] = 0x09;
+    nonce8[7] = 0x4a;
+    const nonce = new DataView(nonce8.buffer);
+
+    const block = 1;
+
+    const output = ChaCha.chacha20_block(key, block, nonce);
+    expect(output).toEqual(Uint32Array.from([
+        0xe4e7f110, 0x15593bd1, 0x1fdd0f50, 0xc47120a3,
+        0xc7f4d1c7, 0x0368c033, 0x9aaa2204, 0x4e6cd4c3,
+        0x466482d2, 0x09aa9f07, 0x05d7c214, 0xa2028bd9,
+        0xd19c12b5, 0xb94e16de, 0xe883d0cb, 0x4e3c50a2,
+    ]));
+});
+
+it('chacha20', () => {
+    const key8 = new Uint8Array(ChaCha.CHACHA20_KEYBYTES);
+    for (let i = 0; i < key8.length; i++) key8[i] = i;
+    const key = new DataView(key8.buffer);
+
+    const nonce8 = new Uint8Array(ChaCha.CHACHA20_NONCEBYTES);
+    nonce8[7] = 0x4a;
+    const nonce = new DataView(nonce8.buffer);
+
+    const initial_counter = 1;
+
+    const sunscreen_str = "Ladies and Gentlemen of the class of '99: If I could offer you only one tip for the future, sunscreen would be it.";
+    const sunscreen = new TextEncoder().encode(sunscreen_str);
+    const output = new Uint8Array(sunscreen.byteLength);
+
+    ChaCha.chacha20(key, nonce, sunscreen, output, initial_counter);
+    expect(output).toEqual(Uint8Array.from([
+        0x6e, 0x2e, 0x35, 0x9a, 0x25, 0x68, 0xf9, 0x80, 0x41, 0xba, 0x07, 0x28, 0xdd, 0x0d, 0x69, 0x81,
+        0xe9, 0x7e, 0x7a, 0xec, 0x1d, 0x43, 0x60, 0xc2, 0x0a, 0x27, 0xaf, 0xcc, 0xfd, 0x9f, 0xae, 0x0b,
+        0xf9, 0x1b, 0x65, 0xc5, 0x52, 0x47, 0x33, 0xab, 0x8f, 0x59, 0x3d, 0xab, 0xcd, 0x62, 0xb3, 0x57,
+        0x16, 0x39, 0xd6, 0x24, 0xe6, 0x51, 0x52, 0xab, 0x8f, 0x53, 0x0c, 0x35, 0x9f, 0x08, 0x61, 0xd8,
+        0x07, 0xca, 0x0d, 0xbf, 0x50, 0x0d, 0x6a, 0x61, 0x56, 0xa3, 0x8e, 0x08, 0x8a, 0x22, 0xb6, 0x5e,
+        0x52, 0xbc, 0x51, 0x4d, 0x16, 0xcc, 0xf8, 0x06, 0x81, 0x8c, 0xe9, 0x1a, 0xb7, 0x79, 0x37, 0x36,
+        0x5a, 0xf9, 0x0b, 0xbf, 0x74, 0xa3, 0x5b, 0xe6, 0xb4, 0x0b, 0x8e, 0xed, 0xf2, 0x78, 0x5e, 0x42,
+        0x87, 0x4d,
+    ]));
+
+    // Test in-place encryption
+    ChaCha.chacha20(key, nonce, sunscreen, sunscreen, initial_counter);
+    expect(sunscreen).toEqual(output);
+});

package/test/tests/noise.test.ts

@@ -0,0 +1,144 @@
+import { DHKeyPair, NoiseHandshake, NoiseProtocolAlgorithms, TransportState } from '../../src/noise';
+import { isOneWay, lookupPattern } from '../../src/patterns';
+import { Noise_25519_ChaChaPoly_BLAKE2s } from '../../src/profiles';
+import { scalarMultBase } from '../../src/x25519';
+import { describe, it, expect } from '../harness';
+
+import fs from 'fs';
+import path from 'path';
+
+type OldTest = {
+    name: string,
+
+    init_prologue?: string,
+    init_ephemeral?: string,
+    init_static?: string,
+    init_remote_static?: string,
+    init_psk?: string,
+
+    resp_prologue?: string,
+    resp_ephemeral?: string,
+    resp_static?: string,
+    resp_remote_static?: string,
+    resp_psk?: string,
+
+    messages: Array<{
+        payload: string,
+        ciphertext: string,
+    }>,
+};
+
+type CurrentTest = {
+    protocol_name: string,
+
+    init_prologue?: string,
+    init_ephemeral?: string,
+    init_static?: string,
+    init_remote_static?: string,
+    init_psks?: string[],
+
+    resp_prologue?: string,
+    resp_ephemeral?: string,
+    resp_static?: string,
+    resp_remote_static?: string,
+    resp_psks?: string[],
+
+    messages: Array<{
+        payload: string,
+        ciphertext: string,
+    }>,
+};
+
+type Test = OldTest | CurrentTest;
+
+function unhex(s: string): Uint8Array;
+function unhex(s: undefined): undefined;
+function unhex(s: string | undefined): Uint8Array | undefined;
+function unhex(s: string | undefined): Uint8Array | undefined {
+    if (s === void 0) return void 0;
+    return Uint8Array.from(Buffer.from(s, 'hex'));
+}
+
+function hex(bs: Uint8Array): string {
+    return Buffer.from(bs).toString('hex');
+}
+
+function skToKeypair(sk: Uint8Array | undefined): DHKeyPair | undefined {
+    if (sk === void 0) return void 0;
+    return {
+        public: scalarMultBase(sk),
+        secret: sk,
+    };
+}
+
+const unit = (v: string | undefined): [string] | undefined => v === void 0 ? void 0 : [v];
+
+async function testsuite_test(t: Test, algorithms: NoiseProtocolAlgorithms) {
+    const isOld = 'name' in t;
+    const patternName = algorithms.matchingPattern(isOld ? t.name : t.protocol_name);
+    if (!patternName) return;
+    const pattern = lookupPattern(patternName);
+    if (!pattern) return;
+    const oneWay = isOneWay(pattern);
+
+    await it(pattern.name, async () => {
+        const I = new NoiseHandshake(algorithms, pattern, 'initiator', {
+            prologue: unhex(t.init_prologue),
+            staticKeypair: skToKeypair(unhex(t.init_static)),
+            remoteStaticPublicKey: unhex(t.init_remote_static),
+            pregeneratedEphemeralKeypair: skToKeypair(unhex(t.init_ephemeral)),
+            preSharedKeys: (isOld ? unit(t.init_psk) : t.init_psks)?.map(k => unhex(k)),
+        });
+        const R = new NoiseHandshake(algorithms, pattern, 'responder', {
+            prologue: unhex(t.resp_prologue),
+            staticKeypair: skToKeypair(unhex(t.resp_static)),
+            remoteStaticPublicKey: unhex(t.resp_remote_static),
+            pregeneratedEphemeralKeypair: skToKeypair(unhex(t.resp_ephemeral)),
+            preSharedKeys: (isOld ? unit(t.resp_psk) : t.resp_psks)?.map(k => unhex(k)),
+        });
+        let sender = I;
+        let receiver = R;
+        let senderCss: TransportState | null = null;
+        let receiverCss: TransportState | null = null;
+        function swapRoles() {
+            const t = sender; sender = receiver; receiver = t;
+            const c = senderCss; senderCss = receiverCss; receiverCss = c;
+        }
+        for (let step = 0; step < t.messages.length; step++) {
+            const m = t.messages[step];
+            if (senderCss && receiverCss) {
+                const actualCiphertext = senderCss.send.encrypt(unhex(m.payload));
+                expect(hex(actualCiphertext)).toEqual(m.ciphertext);
+                const actualMessage = receiverCss.recv.decrypt(actualCiphertext);
+                expect(hex(actualMessage)).toEqual(m.payload);
+            } else {
+                const { packet: actualCiphertext, finished: senderFinished } =
+                    sender.writeMessage(unhex(m.payload));
+                expect(hex(actualCiphertext)).toEqual(m.ciphertext);
+                const { message: actualMessage, finished: receiverFinished } =
+                    receiver.readMessage(actualCiphertext);
+                expect(hex(actualMessage)).toEqual(m.payload);
+                expect(senderFinished).toEqual(receiverFinished);
+                senderCss = senderFinished;
+                receiverCss = receiverFinished;
+            }
+            if (!oneWay) swapRoles();
+        };
+    });
+}
+
+(async () => {
+    const algorithms = new Noise_25519_ChaChaPoly_BLAKE2s();
+    const load = (n: string) => JSON.parse(fs.readFileSync(path.join('test-vectors', n), 'utf-8'));
+
+    await describe('https://github.com/mcginty/snow/', async () => {
+        for (const t of load('snow.txt').vectors as Test[]) {
+            await testsuite_test(t, algorithms);
+        }
+    });
+    await describe('https://github.com/rweather/noise-c/', async () => {
+        for (const t of load('noise-c-basic.txt').vectors as Test[]) {
+            await testsuite_test(t, algorithms);
+        }
+    });
+})();

package/test/tests/poly1305.test.ts

@@ -0,0 +1,16 @@
+import { Poly1305 } from '../../src/poly1305';
+import { it, expect } from '../harness';
+
+it('section 2.5.2 from rfc 8439', () => {
+    const key = Uint8Array.from([
+        0x85, 0xd6, 0xbe, 0x78, 0x57, 0x55, 0x6d, 0x33,
+        0x7f, 0x44, 0x52, 0xfe, 0x42, 0xd5, 0x06, 0xa8,
+        0x01, 0x03, 0x80, 0x8a, 0xfb, 0x0d, 0xb2, 0xfd,
+        0x4a, 0xbf, 0xf6, 0xaf, 0x41, 0x49, 0xf5, 0x1b,
+    ]);
+    const message = new TextEncoder().encode("Cryptographic Forum Research Group");
+    expect(Poly1305.digest(key, message)).toEqual(Uint8Array.from([
+        0xa8, 0x06, 0x1d, 0xc1, 0x30, 0x51, 0x36, 0xc6,
+        0xc2, 0x2b, 0x8b, 0xaf, 0x0c, 0x01, 0x27, 0xa9,
+    ]));
+});